Content-type: matter-transport/sentient-life-form

Oracle Cluster File System 2 for Linux

The Oracle Cluster File System could already be a nice alternative to GFS and Coda - at least if this really happens:

The Linux developer responsible for the Linux Kernel 2.6, Andrew Morton, wants to include the Oracle Cluster File System version 2 in the official Linux Kernel as soon as possible. Linux 2.6.14 could already contain OCFS 2 and would then be the first cluster component in the official Linux Kernel.

The previous cluster file systems suffer from the lack of integration - most of the time you can't use them in every kernel version. What is interesting to me is how independent the nodes really are and whether there is also a single point of failure in the Oracle Cluster File System, as there is e.g. the Locking daemon in OpenGFS. So far, we have not been very successful in evaluating cluster file systems in the company, actually they were all somehow stupid ...

The Hidden Boot Code of the Xbox

In The Hidden Boot Code of the Xbox the X-Box-Linux programmers explain how the security code of the X-Box is structured and how Microsoft built in 3 errors in 512 bytes of code. Lots of kindergarten security mistakes. - as Bruce Schneier calls it.

Also nice is the conclusion of the article:

So with the first version of the MCPX, Microsoft was too naive and apparently did not understand basic security concepts. After they had learnt their lesson, they designed a pretty good system with the second version of the MCPX - but the implementation still contained at least three security holes (Visor, MIST, TEA). They were too fast releasing a new version of the MCPX, spending a lot of money in trashing tons of already manufactured MCPX chips and manufacturing updated ones, apparently without any further code audit which should have revealed the security holes.

512 bytes is a very small amount of code (it fits on a single sheet of paper!), compared to the megabytes of code contained in software like Windows, Internet Explorer or Internet Information Server. Three bugs within these 512 bytes compromised the security completely - a bunch of hackers found them within days after first looking at the code. Why hasn't Microsoft Corp. been able to do the same? Why?

Exactly. Why doesn't Microsoft get this right? Why does Microsoft repeatedly fail so badly at security? And don't give me the silly excuse that the bugs at Microsoft are found so quickly because it has so many users - this is basic knowledge that would be required. This is just sloppy.

And now, Mr. McBride?

Shit hits Fan for SCO:

A: There was a release of SCO LinuxWare release 7.1.2 that included the Linux kernel personality and SCO Linux-release 7.1.3 included the Linux kernel personality. At first when it first shipped it did include the Linux kernel packages which were subsequently removed.

I find this somehow fitting when SCO is caught using the Linux kernel - which is under GPL - in their products at least temporarily and delivered with them. Could be one reason why they are now trying to denounce the GPL as un-American and unconstitutional.

Yep. Makes sense.

Not Intelligent Design, but rather the Google-Bombing of the expression naturally.

EU Commission acting alone again

This time with a direct attack on common sense and the bio-system: EU Commission approves import of genetically modified corn:

Controversial genetically modified corn may now be imported into EU countries as animal feed. The EU Commission made this decision unilaterally.

I'll repeat: I am actually pro-EU and see only a functioning European Union as a viable long-term path for our region. But not with an EU Commission that makes arbitrary decisions that go against common sense. And all of this only for the financial benefit of a non-European company whose sole aim is to crack the European market and dominate it just like other markets.

Hand Darl McBride the Frog Pills

Here's the translated Markdown body:

now he's really going off the deep end:

In detail, McBride lists ten points that speak for SCO and against Linux. Thus, OpenServer is supposedly much cheaper than Linux systems that work with hidden annual licenses, has a superior kernel, and offers significantly higher security than Linux systems where security gaps remain open for weeks. McBride repeatedly emphasizes that his company owns Unix and, for this reason, enjoys greater trust among customers. Furthermore, SCO, as the owner, ensures that there are no splinter groups of incompatible system variants.

Rarely seen such a compact block of bullshit

Mathematical Ignorance

It's almost modern to talk about how bad you were at math (I wasn't, I was very good at math - and yes, I really enjoyed math), but when you read James Gosling asking questions about sine/cosine and the meaning of the period definition with 2*Pi, you really scratch your head. Slava Prestov at least sees in this the explanation why most programmers ask really stupid questions about the simplest mathematical problems, when even the big shots in the industry don't understand basic trigonometry ...

International Components for Unicode

International Components for Unicode is a library of reference implementations of all Unicode standards, specifically concerning character transformation, normalization, and sorting, but also many other localization issues such as date formatting, etc.

PyICU

PyICU is an integration of the ICU C++ interface into Python. Seems quite comprehensive in terms of scope. Integration with Python string data types is also provided.

You never stop learning

I thought I knew most of the tricks of ssh. But I stumbled upon one that is banal and simple, but was not known to me: the ProxyCommand option. With this option, you can define a tunnel for a specified host that is established before the actual connection is made. With the program nc (Netcat) on the computer one before the target system, you can tunnel through a chain of firewalls wonderfully, especially when working with Auth-Forwarding. Simply build a section similar to this into the .ssh/config:


 Host safe
 Protocol 2
 User me
 HostName 192.168.0.42
 ProxyCommand ssh door nc -q 0 safe 22

Here, when ssh safe is used, a connection to the computer door is established internally via ssh door, and then a Netcat connection to the ssh daemon on the actual target computer safe is created there. This can also be used wonderfully over several ssh hops to transport files directly between two systems through a chain of firewalls. Ssh is just genius, if it didn't exist, you would have to invent it.

(in my case, I needed this for darcs - it can only push repositories over ssh)

on the way to media monoculture

Springer is taking over ProSiebenSat.1 - and will likely soon launch their neoliberal opinion campaign multimedially and then send their trash on all channels. A democracy needs an independent, strong press - but one that does not pursue its own political agenda. Therefore, we can probably say goodnight to another piece of democracy when a corporation like Springer will soon bridge the media gap.

Connecting databases to Python with SQLObject

Connecting databases to Python with SQLObject is a quite nice introduction to SQLObject - one of the nicer Object-Relation-Mappers for Python.

Environmental Clearance Sale in D-Village

It was to be expected, the state government presents environmental policy goals - and what does that bring:

Environmental protection will also have "high priority" in the new NRW state government - promises Environment Minister Eckhard Uhlenberg. But he wants to reduce the influence of nature conservation associations.

And then there are various other niceties, in principle a dismantling of what has always distinguished NRW's environmental policy from the rather weak stance of the federal government (and probably a merit of Mrs. Höhn - not that anyone believes the SPD in NRW has been particularly environmentally conscious).

Unicode HOWTO

Unicode HOWTO for Python. Python programmers should read.

Crypt::PasswdMD5

Crypt::PasswdMD5 is a Perl module that hashes MD5 passwords the same way Linux and Solaris do.

md5crypt.py

md5crypt.py is the same algorithm for MD5 passwords, this time in Python.

Store passwords as hashes - safe?

Not quite new (it was new last summer, but I somehow missed it, the underlying paper is even two years old), but still interesting: Project RainbowCrack is a project aimed at creating tools for faster cracking of hashes. Hashes can normally only be resolved through brute force - supported by algorithmic weaknesses (as recently found in MD5 and SHA1). However, there is an approach to create the more complex calculations that arise during the brute-force process (i.e. essentially algorithmic sub-steps) in advance - for example, if you only intend to crack passwords with a maximum number of characters.

Of course, this does not come for free: you trade computing time for storage space. Tables for cracking up to 14-digit Windows passwords occupy a casual 64 GiB of memory. The practical relevance of the approach and the tools may become obvious from this quote:

Some ready to work lanmanager and md5 tables are demonstrated in Rainbow Table section. One interesting stuff among them is the lm #6 table, with which we can break any windows password up to 14 characters in a few minutes.

There is also a web interface to a distributed computing cluster for Project RainbowCrack, through which you can send MD5 hashes to an MD5 cracker, which then - if it is a string with a maximum of 8 characters - spits out the plain text. And this thing is constantly building more Rainbow Tables, making cracking faster and faster.

Just as a warning for those who think that a simple MD5 hash (or ultimately almost any hash) on the password would be sufficient. Unix systems typically use salted hashes - the password is extended by a plain text and then the hash is formed together with it. This extends the password in principle, even if the extension is of course not secret - for the computing time or the table size it doesn't matter, the passwords are simply longer and thus harder to crack. But it is also only a matter of space until they are not secure.

Better are passphrases instead of passwords - just simply normally long sentences. On the one hand, you can often remember these better (many people cannot remember a phone number, but can quote lines from poems) and on the other hand, they are simply longer (and especially flexibly long), so that Rainbow Tables as an attack method are out of the question. The algorithmic weaknesses of MD5 and SHA1 remain, of course.

Shoot-to-Kill Directives - and the World Becomes a First-Person Shooter

Bruce Schneier on Shoot-to-Kill and specifically a proposal by the International Association of Chiefs of Police. Translated from the proposal:

... such a person exhibits "various unusual behaviors" such as wearing a heavy coat or thick jacket in warm weather, carrying a suitcase, shoulder bag, or backpack with bulges or visible wires. The person shows nervousness, avoids eye contact, or sweats profusely. There may be chemical residues on the clothing or hands. The person may be mumbling prayers or rocking back and forth.

Note what is to be done with such persons is clear to the Chiefs of Police: shoot them in the head. Final killing shot. And of course, no further reason is needed for this:

... the threat to the officer does not need to be immediate, as taught in normal procedure. Officers do not need to wait until a person suspected of being an attacker makes a move, as would be necessary in the normal use of firearms. An officer only needs to have a reasonable suspicion that the suspect could detonate a bomb.

Bruce Schneier rightly asks if we would really feel safe if such a directive were implemented. Every pickpocket shows enough characteristics to be shot down at some point if such a dehumanizing directive were actually implemented.

We know how quickly dehumanizing ideas suddenly make it onto the agenda here ...

Treeview

A Treeview in JavaScript that can be used within pages (without frames) and still remembers its state.

Cisco's customer passwords are gone

Cisco customer passwords are gone - this is so embarrassing, it really hurts. Oops. And it's Cisco.

Django, Apache and FCGI

In Django, lighttpd and FCGI, second take I described a method how to run Django with FCGI behind a lighttpd installation. I did run the Django FCGIs as standalone servers so that you can run them under different users than the webserver. This document will give you the needed information to do the same with Apache 1.3.

Update: I maintain my descriptions now in my trac system. See the Apache+FCGI description for Django.

Update: I changed from using unix sockets to using tcp sockets in the description. The reason is that unix sockets need write access from both processes - webserver and FCGI server - and that's a bit hard to setup right, sometimes. tcp sockets are only a tad bit slower but much easier to set up.

First the main question some might ask: why Apache 1.3? The answer is simple: many people still have Apache 1.3 running as their main server and can't easily upgrade to Apache 2.0 - for example if they run large codebases in mod perl or mod python they will run into troubles with migrating because Apache 2.0 will require mod perl2 or mod python2 and both are not fully compatible with older versions. And even though lighttpd is a fantastic webserver, if you already run Apache 1.3 there might just not be the need for another webserver.

So what do you need - besides the python and django stuff - for Apache 1.3 with FastCGI? Just the mod rewrite module and mod fastcgi module installed, that's all. Both should come with your systems distribution. You will still need all the python stuff I listed in the lighttpd article.

mod_fastcgi is a bit quirky in it's installation, I had to play a bit around with it. There are a few pitfalls I can think of:

  • the specification of the socket can't be an absolute path but must be a relative path with respect to the FastCgiIpcDir
  • the specification of the FCGI itself (even though it's purely virtual) must be in a fully qualified form with respect to the document root you want to use. If you use a relative path, it will be relative to the document root of the default virtual host - and that's most surely not the document root you will use if you want to set up a virtual host with the FCGI.
  • the FCGI itself can't be defined within a virtual host - it must be defined in the main server config. That's where the relative addressing problem comes into play.
  • the socket file must be both readable and writeable by the FCGI user and the Apache user. Usually you do this by changing the socket file to group writeable and changing the group of that socket file to a group where both the user and the apache are members of.

Now here is the config snippet you have to add to your httpd.conf. I use the same directories as with the lighttpd sample, you most surely will have to adapt that to your situation.


 FastCgiExternalServer /home/gb/work/myproject/publichtml/admin.fcgi -host 127.0.0.1:8000
FastCgiExternalServer /home/gb/work/myproject/publichtml/main.fcgi -host 127.0.0.1:8001

 <VirtualHost *> ServerAdmin gb@bofh.ms
 Servername www.example.com
 ErrorLog /home/gb/work/myproject/logs/django-error.log
 CustomLog /home/gb/work/myproject/logs/django-access.log combined
 DocumentRoot /home/gb/work/myproject/public_html
 RewriteEngine On
 RewriteRule ^(/admin/.)$ /admin.fcgi$1 [L]
 RewriteRule ^(/main/.)$ /main.fcgi$1 [L]
 </VirtualHost> ```

You have to allow the webserver write access to the logs directory, so you might want to use a different location for them - possibly in `/var/log/apache/ `or whereever your apache puts it's logs. The FastCgiExternalServer directives must be outside of the virtual host definitions, but must point to files within the virtual hosts document root. But those files needn't (and probably shouldn't) exist in the filesystem, they are purely virtual. The given setup reflects the setup I did for the lighttpd scenario.

Now restart your apache, start your django-fcgi.py and you should be able to access your django application. Keep in mind to copy the admin_media files over to the document root, otherwise your admin will look very ugly.

django-fcgi.py --settings=myproject.settings.main --host=127.0.0.1 --port=8000 --daemon django-fcgi.py --settings=myproject.settings.admin --host=127.0.0.1 --port=8001 --daemon


Have fun.

EU Brainless about Copyright Infringements

What nonsense. If the proposal goes through, using open-source software will become risky:

A new draft law by the European Commission aims to allow lawsuits against users in case of suspected copyright infringement in software. In addition to the perpetrator, companies that feel safe due to their licenses would also come under fire. This was reported by the British trade magazine 'ZDNet UK'.

Given the current impression of the SCO case, it should be clear to everyone that such an idea is complete nonsense - because that's exactly what SCO wanted to do, to extort all Linux users. There are hardly any ideas stupid enough that they couldn't occur to a politician ...

Geocaching in Münsterland

Now that I have a Garmin Geko 201, I naturally have to take a look at the information about Geocaching. Does anyone have a good link to Geocaching activists in Münster and the surrounding area? That would be something for our upcoming vacation. Jutta always complains that she doesn't know the Münsterland well enough, so checking out Geocaches would be the ideal method to explore the area.

As a first starting point, I will take a look at the entries on geocaching.de for Ruhrpott and Emsland - we are neither Ruhrpott nor Emsland, but close enough to be included in both.

In addition, I now have a good reason to tell Jutta why I bought the thing.

And when I look at instructions like those for Vaders Stein, it will even be perfect for Jutta - she loves puzzle games. Hey, it could easily become a new hobby ...

Again something new with Django

There's always news, but this time there's a very interesting feature again: the inspectdb command delivers all the tables and fields from a PostgreSQL database in the format of a Python data model. Additionally, foreign keys are also found if they are stored in the database. Very practical if you need to build an interface for an existing database, you save a lot of typing work.

Social Networking

Well, I've also registered in one of these great social (in this case rather business-social) networks, specifically the O'Reilly Connection. Don't want to be considered bitter and aged.

Anyone who manages to find me there can define a connection to me. And laugh at my silly photo ...

What's happening with SQLObject at the moment

Ian Bicking on what's currently happening with SQLObject - it had become quite quiet around one of the nicest SQL object layers for Python, but now it's moving forward again. The most interesting point for me: Tool support for database upgrades. A point that, for example, is still missing in Django.

But patents are sooo great ...

... but only when your own central bank becomes the target of a patent infringement lawsuit: European Central Bank sued for patent infringement. Will this perhaps wake people up at the EU Council? Oh, forget it, they won't wake up in this life, then they would have to recognize their own corruption ...

Automatically mount dm-crypt encrypted home with pam_mount

The equivalent to Apple FileSafe under Linux: Automatically mount dm-crypt encrypted home with pam_mount. Very useful for laptops, but also for workstations of administrators (due to the many security-relevant files that accumulate in the home directory).

Coroutines for Python

Philip J. Eby has provided a patch for the implementation of PEP 342. This means that the chances of Python having coroutines in the future are very good.

And that, in turn, means that Python will get a - albeit primitive - form of continuations. Now all that's missing is for something like statesaver to be integrated into Python - for multishot continuations (ok, first just copyable coroutines, but that would be a start at least).

All of this, of course, just to finally be able to work with continuations in web frameworks. Ok, it's already possible with CherryFlow, but it would be nice if all of this would make it into mainstream Python.

ejabberd

Whoever wants to deal with larger Erlang software and try out a Jabber server, might find ejabberd interesting - a Jabber server that uses all the nice features of Erlang to offer, for example, simple clustering and good data distribution.

Hell freezes over - a second time

First Intel processors and now more than one mouse button. And even something similar to a scroll wheel. Shocking.

Linux on Mac Story

And another Linux-on-Mac story. This time an iBook and Gentoo. Quite useful for a small and affordable Linux box for on the go.

Linux on an Apple Powerbook HOWTO

The Linux on an Apple Powerbook HOWTO provides exactly what I would need if I wanted to switch my 12" Powerbook to Linux - the author even uses exactly my model. And no, I don't want to switch yet.

The Illusive setdefaultencoding

Ian Bicking mentioned a nice trick in his article about setdefaultencoding: simply reload the sys module with reload(sys) to make setdefaultencoding available.

setdefaultencoding is used to set the default encoding for bytestrings. Normally, this is ASCII, but it can be changed to iso-8859-1 or utf-8 - if you have setdefaultencoding at all. Unfortunately, it is deleted when the Python runtime environment starts - because the Python developers want to patronize the users again.

reload(sys) is of course something that does not necessarily inspire confidence - sys is after all not an unimportant module. But in my experiments it has worked so far and it definitely helps with the whole Unicode problem if you can give your programs a different encoding as standard.

It would be nicer if setdefaultencoding were not deleted in the standard distribution. Of course, this can also be achieved by patching site.py, but that is not better than reloading sys ...

(Un)trusted platform Apple?

Since it's currently fashionable to explain that one switched when Apple uses TPA - or whatever it might be called in the future: first wait and see. See what Apple does and how - there are always rumors beforehand.

If TPA is actually included: Linux can also be a usable system, even if the interfaces are quite sick (although current XFCE versions don't look that bad) and if there is no more PPC in Apple hardware and you put Linux on it: you can also buy your notebook from IBM. They have nice devices that also work very well under Linux.

And last but not least: just because new Apple hardware is different, it doesn't change the already purchased hardware - and Apple-typically, this usually lasts a few years longer. And under Linux, some Macs even run faster than under OS X.

Where Cease and Desist Notices and Anticipatory Obedience Can Lead

Just what the FFII noticed: Nutzwerk shut down FFII.org (a bit more info as usual at Heise).

Although the corresponding IP address was consistently reachable, the DNS provider registered as the technical contact for the domain FFII.org complied with Nutzwerk's request and shut down the domain FFII.org on the previous Friday afternoon. The name resolution of FFII.org and corresponding subdomains did not work temporarily. After an intervention by the FFII, the DNS provider reactivated the domain that same evening and wants to ask Nutzwerk for a clarification of the demand, according to FFII board member Hartmut Pilch to Golem.de.

A real dilemma: service providers want to protect themselves and unfortunately the Telemedia Act makes life difficult for these service providers: if they are notified of content that constitutes a legal violation, they must remove this content immediately. But how can one assess whether content constitutes a legal violation? Especially when it comes to things like at Nutzwerk - where critical reporting by the company is defined as a legal violation?

In the end, this gives companies a means of censorship without giving service providers (and of course the website operators themselves!) reasonable means of defense. How, for example, is a smaller provider supposed to protect itself from cease-and-desist letters with absurd claim amounts - as the music industry particularly likes to use? Legal protection insurance doesn't help here.

No wonder that some providers see preemptive obedience as the right strategy in such cases - they lose at most the customer they shut down, perhaps a bit of negative press, but taking on a fight against a company with exaggerated ideas, they can't win much.

If you then sit on the board of a privately operated provider like me, you start to wonder what the actual goal of these legislative changes in the context of the Telemedia Act really was ...

Effects of Genetically Modified Rapeseed and Co.

At Isotopp I found a pointer to information about the British evaluation project on genetically modified seeds. Shocking, what effects this has, for example, on related wild plants and what this will mean for us in the long run. But of course, it's all sooo safe and sooo important for us - it's really just about the revenue for the genetic engineering companies, not about what consumers really want.

But of course, every critic of genetically modified seeds is dismissed as a crank by the economy and its henchmen (such as Clement and other politicians).

Dave's new OPML editor with blog

I'm currently playing around with Dave Winer's OPML Editor, which he now uses for his blog. It looks quite fun and has a lot of features. My OPML Blog has collected some of the insights I've gained from it. I certainly won't switch over just like that - that would be Quark, which is not necessarily my target software. But it's fun to play with something completely different again.

Unfortunately, the OPML Editor has inherited some of the ailments of Radio Userland and Frontier, especially the handling of umlauts is not really smooth (I would like to have consistent UTF-8 support finally) and the runtime behavior is better than in Radio, but it still occasionally consumes too much CPU.

The concept of rendered outlines does have a certain charm. However, many parts of the rendering are not really accessible to normal users - you can edit the ancient table layout and make something else out of it, but the OPMLs are implemented with the internal OPML renderer and the HTML fragments are not so easy to change - and thus, for example, changing the language is quite cumbersome, as is the complete removal of layout tables.

More will certainly appear on the OPML blog from time to time, here I will write at most a few conclusions.

HEW Cyclassics 2005

A really nice race - it's always amazing how even a nearly quarter-hour lead isn't enough to bring home a victory in this race. It's also always amazing how the commentators every time say that the main field starts too late - by now they should know.

The Quickstep action was great - taking the victory and the podium positions away from the Fassa Bortolo guys after their sprint build-up is really super. Even if I would of course have preferred to see Zabel up front.

Merkelnix is also cramping

Just so no one thinks only the SPD has brainless slogans to shout into the world: "Make work possible in Germany again" is the reason why they want to increase the value-added tax:

Union Chancellor candidate Angela Merkel defended the planned increase in value-added tax by the CDU and CSU. The Union wants to achieve the goal of reducing labor costs with this, she said in an interview with "Bericht aus Berlin". It is about "making work possible in Germany again and thus enabling social security," the CDU chairwoman continued.

Sorry, but how incredibly stupid is that? Social security through an increase in value-added tax, which hits the hardest those who cannot further reduce their consumption because it already only consists of staple foods and other expenses necessary for survival?

Software Patents - Commentary in the NY Times

The NY Times asks why Bill Gates wants 3,000 new patents and finds a massive siege of the patent office with mountains of software patents, which are often just trivial patents (like the cited patent for adding/removing spaces in documents). The commentator makes a demand in the comment (after considering whether Microsoft should not simply have all the patents it already has revoked):

Perhaps that is going too far. Certainly, we should go through the lot and reinstate the occasional invention embodied in hardware. But patent protection for software? No. Not for Microsoft, nor for anyone else.

And this from the country that has had software patents for a long time and that is repeatedly cited by software patent proponents in the EU as a reason for a necessary worldwide harmonization.

No, software patents are also not popular there and not really useful. Dan Bricklin, known to some as the father of VisiCalc, also thinks so:

Mr. Bricklin, who has started several software companies and defensively acquired a few software patents along the way, says he, too, would cheer the abolition of software patents, which he sees as the bane of small software companies. "The number of patents you can run into with a small product is immense," he said. As for Microsoft's aggressive accumulation in recent years, he asked, "Isn't Microsoft the poster child of success without software patents?"

And why is Microsoft doing this now? The manager responsible gives a reason, as only a business administrator could come up with, it's that stupid:

"We realized we were underpatenting," Mr. Smith explained. The company had seen studies showing that other information technology companies filed about two patents for every $1 million spent on research and development. If Microsoft was spending $6 billion to $7.5 billion annually on its R&D, it would need to file at least 3,000 applications to keep up with the Joneses.

Ok, the idea of patent applications alone being oriented towards numbers from the industry is absurd, but how stupid do you have to be to draw a connection between the number of patents and revenue in the field of research and development?

The NY Times also draws a parallel to the pharmaceutical industry, which - at least according to its own statements - is happy to get a patent for a drug when it invests 20 million in research (which is already critical enough, as can be seen in the fight against AIDS in Africa).

And the fallout is also well summarized in the NY Times:

Last year at a public briefing, Kevin R. Johnson, Microsoft's group vice president for worldwide sales, spoke pointedly of "intellectual property risk" that corporate customers should take into account when comparing software vendors. On the one side, Microsoft has an overflowing war chest and bulging patent portfolio, ready to fight - or cross-license with - any plaintiff who accuses it of patent infringement. On the other are the open-source developers, without war chest, without patents of their own to use as bargaining chips and without the financial means to indemnify their customers.

The question of what Jefferson (the founder of the US patent system) would say about what is now being patented is quite justified. In his sense - which was actually more about protecting real inventive genius from exploitation by corporations - this is definitely not the case.

Election Campaign, Election Agony ...

Münte on the Roll: Linkspartei "politically and legally absurd". I have the impression, however, that he would help the SPD more by giving them a program that appeals to ordinary citizens again, instead of simply stirring up fear of the left and spreading defamation (sorry, but the combination of PDS and WASG in the open list may be strange, but legally flawless - claiming otherwise is simply defamation).

If the SPD cannot achieve more in the election campaign than just to blow the horn of the Union parties against the alleged danger from the left, the SPD will simply put itself out of the political game - with such nonsense, you don't win an election. If the SPD is nothing more than a union with a red tie, it can stay away from me ...

Writing a Simple Filesystem Browser with Django

Dieser Artikel ist mal wieder in Englisch, da er auch für die Leute auf #django interessant sein könnte. This posting will show how to build a very simple filesystem browser with Django. This filesystem browser behaves mostly like a static webserver that allows directory traversal. The only speciality is that you can use the Django admin to define filesystems that are mounted into the namespace of the Django server. This is just to demonstrate how a Django application can make use of different data sources besides the database, it's not really meant to serve static content (although with added authentication it could come in quite handy for restricted static content!).

Even though the application makes very simple security checks on passed in filenames, you shouldn't run this on a public server - I didn't do any security tests and there might be buttloads of bad things in there that might expose your private data to the world. You have been warned. We start as usual by creating the filesystems application with the django-admin.py startapp filesystems command. Just do it like you did with your polls application in the first tutorial. Just as an orientation, this is how the myproject directory does look like on my development machine:


.
|-- apps
| |-- filesystems
| | |-- models
| | |-- urls
| | `-- views
| `-- polls
| |-- models
| |-- urls
| `-- views
|-- public_html
| `-- admin_media
| |-- css
| |-- img
| | `-- admin
| `-- js
| `-- admin
|-- settings
| `-- urls
`-- templates
 `-- filesystems

After creating the infrastructure, we start by building the model. The model for the filesystems is very simple - just a name for the filesystem and a path where the files are actually stored. So here it is, the model:


 from django.core import meta

class Filesystem(meta.Model):

fields = ( meta.CharField('name', 'Name', maxlength=64), meta.CharField('path', 'Path', maxlength=200), )

def repr(self): return self.name

def get_absolute_url(self): return '/files/%s/' % self.name

def isdir(self, path): import os p = os.path.realpath(os.path.join(self.path, path)) if not p.startswith(self.path): raise ValueError(path) return os.path.isdir(p)

def files(self, path=''): import os import mimetypes p = os.path.realpath(os.path.join(self.path, path)) if not p.startswith(self.path): raise ValueError(path) l = os.listdir(p) if path: l.insert(0, '..') return [(f, os.path.isdir(os.path.join(p, f)), mimetypes.guess_type(f)[0] or 'application/octetstream') for f in l]

def file(self, path): import os import mimetypes p = os.path.realpath(os.path.join(self.path, path)) if p.startswith(self.path): (t, e) = mimetypes.guess_type(p) return (p, t or 'application/octetstream') else: raise ValueError(path)

admin = meta.Admin( fields = ( (None, {'fields': ('name', 'path')}), ), list_display = ('name', 'path'), search_fields = ('name', 'path'), ordering = ['name'], )


As you can see, the model and the admin is rather boring. What is interesting, though, are the additional methods isdir , files and file . isdir just checks wether a given path below the filesystem is a directory or not. files returns the files of the given path below the filesystems base path and file returns the real pathname and the mimetype of a given file below the filesystems base path. All three methods check for validity of the passed in path - if the resulting path isn't below the filesystems base path, a ValueError is thrown. This is to make sure that nobody uses .. in the path name to break out of the defined filesystem area. So the model includes special methods you can use to access the filesystems content itself, without caring for how to do that in your views. It's job of the model to know about such stuff.

The next part of your little filesystem browser will be the URL configuration. It's rather simple, it consists of the line in settings/urls/main.py and the myproject.apps.filesystems.urls.filesystems module. Fist the line in the main urls module:


 from django.conf.urls.defaults import *

urlpatterns = patterns('',
 (r'^files/', include('myproject.apps.filesystems.urls.filesystems')),
 )

Next the filesystems own urls module:


 from django.conf.urls.defaults import *

urlpatterns = patterns('myproject.apps.filesystems.views.filesystems',
 (r'^$', 'index'),
 (r'^(?P<filesystem_name>.*?)/(?P<path>.*)$', 'directory'),
 )

You can now add the application to the main settings file so you don't forget to do that later on. Just look for the INSTALLED_APPS setting and add the filebrowser:


 INSTALLED_APPS = (
 'myproject.apps.polls',
 'myproject.apps.filesystems'
 )

One part is still missing: the views. This module defines the externally reachable methods we defined in the urlmapper. So we need two methods, index and directory . The second one actually doesn't work only with directories - if it get's passed a file, it just presents the contents of that file with the right mimetype. The view makes use of the methods defined in the model to access actual filesystem contents. Here is the source for the views module:


 from django.core import template_loader
 from django.core.extensions import DjangoContext as Context
 from django.core.exceptions import Http404
 from django.models.filesystems import filesystems
 from django.utils.httpwrappers import HttpResponse

def index(request):
 fslist = filesystems.getlist(orderby=['name'])
 t = templateloader.gettemplate('filesystems/index')
 c = Context(request, {
 'fslist': fslist,
 })
 return HttpResponse(t.render(c))

def directory(request, filesystem_name, path):
 import os
 try:
 fs = filesystems.getobject(name exact=filesystemname)
 if fs.isdir(path):
 files = fs.files(path)
 tpl = templateloader.gettemplate('filesystems/directory')
 c = Context(request, {
 'dlist': [f for (f, d, t) in files if d],
 'flist': [{'name':f, 'type':t} for (f, d, t) in files if not d],
 'path': path,
 'fs': fs,
 })
 return HttpResponse(tpl.render(c))
 else:
 (f, mimetype) = fs.file(path)
 return HttpResponse(open(f).read(), mimetype=mimetype)
 except ValueError: raise Http404
 except filesystems.FilesystemDoesNotExist: raise Http404
 except IOError: raise Http404

See how the elements of the directory pattern are passed in as parameters to the directory method - the filesystem name is used to find the right filesystem and the path is used to access content below that filesystems base path. Mimetypes are discovered using the mimetypes module from the python distribution, btw.

The last part of our little tutorial are the templates. We need two templates - one for the index of the defined filesystems and one for the content of some path below some filesystem. We don't need a template for the files content - file content is delivered raw. So first the main index template:


{% if fslist %}
<h1>defined filesystems</h1> <ul> {% for fs in fslist %}
<li><a href="{{ fs.get_absolute_url }}">{{ fs.name }}</a></li> {% endfor %}
</ul> {% else %}
<p>Sorry, no filesystems have been defined.</p> {% endif %}

The other template is the directory template that shows contents of a path below the filesystems base path:


 {% if dlist or flist %}
 <h1>Files in //{{ fs.name }}/{{ path }}</h1> <ul> {% for d in dlist %}
 <li> <a href="{{ fs.getabsoluteurl }}{{ path }}{{ d }}/" >{{ d }}</a> </li> {% endfor %}
 {% for f in flist %}
 <li> <a href="{{ fs.getabsoluteurl }}{{ path }}{{ f.name }}" >{{ f.name }}</a> ({{ f.type }})</li> {% endfor %}
 </ul> {% endif %}

Both templates need to be stored somewhere in your TEMPLATE PATH. I have set up a path in the TEMPLATE PATH with the name of the application: filesystems . In there I stored the files as index.html and directory.html . Of course you normally would build a base template for the site and extend that in your normal templates. And you would add a 404.html to handle 404 errors. But that's left as an exercise to the reader.After you start up your development server for your admin (don't forget to set DJANGO SETTINGS MODULE accordingly!) you can add a filesystem to your database (you did do django-admin.py install filesystems sometime in between? No? Do it now, before you start your server). Now stop the admin server, change your DJANGO SETTINGS MODULE and start the main settings server. Now you can surf to http://localhost:8000/files/(at least if you did set up your URLs and server like I do) and browse the files in your filesystem. That's it. Wasn't very complicated, right? Django is really simple to use

Zerospan

Zerospan seems to be a P2P software with encryption and Bonjour (ex-Rendevouz, ex-Zeroconf) integration. I'm not quite getting it, as the download contains no documentation and the wiki with the documentation is currently broken, so I'll just blogmark it to check it out later.

Training as a low-wage sector

What lies behind the DIHK's demand for halving the basic apprentice salary and flexibilizing working hours becomes clear when you look at quotes from the DIHK chairman:

"My proposal is to introduce a nationwide basic remuneration of 270 euros," he told the newspaper "Die Welt". He justified his initiative by saying that this would allow more apprenticeships to be financed. "An apprenticeship remuneration of up to 800 euros is simply too high for many businesses."

"Working hours must be better adapted to the needs of the industries." It makes no sense that a 17-year-old restaurant specialist has to leave at 10 p.m. "if all the tables are still occupied."

This is simply about having cheap labor, but not about ensuring proper training. But these demands are not new.

And what the German economy thinks of training can be seen in the fact that the number of training positions has again decreased by 10% compared to the previous year - and thus young people have again been left without training positions, despite all the promises of the economy. Without a non-training fee for larger companies, this will not change either. But complaining that there are no trained skilled workers, the economy can do quite famously ...

Beckstein on the Roll

No idea what the herb is called that he takes, but it leaves severe brain damage: Beckstein wants German Guantanamo. Apart from the fact that he also wants to shoot suspects in the head and pack foreigners into camps because potential terrorists must not be allowed to run around freely (politicians like him, who are completely crazy, are not only allowed to run around freely but also to express their opinions freely), he is also constitutionally hostile:

Beckstein also criticized the ruling of the Federal Constitutional Court, which in a ruling on Lower Saxony legislation had demanded clear limitations on preventive telephone surveillance. The balance between security and freedom of interests must be re-evaluated, said Beckstein: "That the intimate sphere of terrorists should be protected is for me hardly bearable."

I'm sorry, Mr. Beckstein, but you have failed the test. Because the Constitutional Court does not explicitly protect the intimate sphere of terrorists - but the intimate sphere of citizens. And this is listed in the Basic Law as a protected asset.

Why is someone like this not observed by the Federal Office for the Protection of the Constitution? His hostility to the constitution is really documented multiple times ...

Novell will go for SCO's throat

And their considerations on the legal situation would - if they were to hold up in court - really deliver a significant blow to SCO.

The whole SCO-Linux movie is quite exciting, but quite honestly: the lengths between the action scenes are a bit exaggerated.

Pluto out or a new one in?

Astronomers have found a clump of mud outside Pluto's orbit that is at least as large, and likely even significantly larger than Pluto - Planet or Not, Pluto Now Has Far-Out Rival:

Astronomers announced yesterday that they had found a lump of rock and ice that was larger than Pluto and the farthest known object in the solar system. The discovery will probably rekindle debate over the definition of "planet" and whether Pluto still merits the designation.

Now it's about whether Pluto loses its planet status, or the new one also becomes a planet.

PostgreSQL Extension for Frontier

Who wants to work with PostgreSQL and Frontier, simply install the PostgreSQL Extension for Frontier. For Mac and Windows.

On Dealing with Security

Under ISS takes action against publication of Cisco vulnerability talk you can find a description of how Cisco and ISS envision security: massive interference with the freedom of expression of a speaker at the Black-Hat conference. Okay, he was a former ISS employee and probably used information he shouldn't have published - but it's exactly this ridiculous secrecy that undermines security - because attackers will gain this knowledge sooner or later - if security vulnerabilities exist, they will be found sooner or later. If someone reports about it publicly, at least you can defend yourself and take countermeasures. If the publication is suppressed, the end user is ultimately the victim - who has no chance to protect themselves - and even in an emergency by switching to another router manufacturer.

Therefore, it is indeed the case: neither ISS nor Cisco make a good impression in the public eye. On the contrary, their censorship attempts are actually only another argument in future product decisions to decide against Cisco - because you can obviously not trust their security statements.