Please enjoy jwz mixtape 051.

I just returned from Paris, and the 2008 Netfilter Workshop. Just like last year it was a blast, and there were lots of interesting things discussed as well as inbibed.

On the first day there was a users day where presentations were made aimed at a more user oriented audience. It seems that just about anyone who was aware could attend and hear the talks. I gave one on multiqueue networking. You can find my slides and other info here.

Tuesday and Wednesday were the main workshop days.

Of greatest interest to me were the descriptions given by Patrick McHardy for his new filtering framework, where all the complexity is in userspace and the kernel just runs filtering scripts and lookup datastructures fed to it by the user tools. In short, I think this stuff is great, and unlike some folks I don't think this will decrease netfilter participation by other developers at all.

And frankly, iptables was absolutely too accessible to contributors. Look at how much stinking poo is in the patch-o-matic, oft called "crap-o-matic".

Patrick's work is a wonderful centralized framework, and in fact the scripting is generic that you can build any tool to create these filtering instructions and subsidiary lookup tables.

We also made some headway with the tproxy stuff. All but one of the core networking patches are in the net-next-2.6 GIT tree. Indeed, this is a feature which has been missing for 5 years I have to hand it to the balabit guys for sticking to it and working so hard for so long to get this merged.

Pablo gave some interesting presentations (3 at once!), and he is exploring some ways to perhaps make use of bloom filters. This is something Patrick has devoted some exploratory brian power to in the past, but it is often hard to find a use case for these inexact matches, although they are very cool.

Jozsef Kadlecsik gave his IPSET state of the union, discussing new features such as support for ip-port-ip hashing and set lists (which are unions of the existing set type).

Yasuyuki Kosakai gave a presentation on the road blocks that exist currently for doing proper connection tracking for MIPV6 nodes. The basic problem is that the persistent addresses (ie. the ones we'd want to use for connection tracking) exist in various locations in the IPV6 packet and extension headers.

Jesper talked about all of the userland scalability improvements he made to the iptables utilities. He also described a set of scripts he wrote to build optimized rule table trees.

Stephen Hemminger discussed some of the user visible interface work that Vyatta has been doing. Essentially these are a set of templated bash shell scripts and descriptor files that present a Cisco IOS like interface to administrators. He also talked about the performance issues surrounding the way in which iptables does packet counters, as well as the global conntrack table lock.

Harald Welte gave a talk about the current state of GPL violation enforcement. Things seem to have been going quite well, but it is becoming more and more important to give Harald more facilities by which to make air-tight arguments that he has enforcement rights to code which has been violated. One way for that to happen is for significant contributors to sign over their rights to him so that he can make enforcements on their behalf.

It seems that this is a very common stall tactic by the defence in such cases, to try and bring up some doubt about the code property ownership situation.

Of course, aside from the workshop itself there were plenty of parties. Even for lunch we had quite nice French cuisine and beverages, and the dinners were even nicer.

Tuesday night even included a full 4 hour boat cruise on the Seine, with tons of champaigne, wine, small bite size delicasies of all types, and lots of sweets.

Overall a wonderful time, the netfilter workshop never disappoints. A big thank you to the official organizers this year, INL.

05 October 2008 (HAVA law used to prevent voting)

Robert Kennedy Jr. explains how Republicans, using the HAVA law, plan to stop millions of Americans from voting.

05 October 2008 (Panic)

Bush created panic to get his financial bailout through Congress.

This reminds me of how the anthrax attacks were used to pass the U SAP AT RIOT act.

05 October 2008 (Osama bin Laden)

Bush made no plan to capture Osama bin Laden in Afghanistan — because he was already husbanding forces for the war he really wanted, in Iraq.

05 October 2008 (DAs say tobacco safer than marijuana)

Massachusetts DAs claim that tobacco is safer than marijuana, along with other lies, to try and defeat the decriminalization.

05 October 2008 (80% cuts in CO2 emissions)

Some MPs are pressing the UK to set a target of 80% cuts in CO2 emissions by 2050.

But that is 40 years from now. To achieve such cuts, they need to start soon — and they need a specific, practical plan.

05 October 2008 (Bought support )

Green Party: how congressment's support for the bailout was bought.

05 October 2008 (Election Fraud)

$100k reward for evidence tying Karl Rove and Michael Connell to computerized election fraud.

05 October 2008 (Anthrax case)

The Anthrax Case Reopens: Why Did the FBI Let the Fort Detrick Scientists Investigate Themselves.

This seems ridiculously cheap.
A number of times in the last week I've ordered stuff from amazon where the shipping has cost more than the item. (I have amazon prime, so get free shipping, but this doesn't work for 3rd party sellers using Amazon as a storefront).

Curiosity got the better of me, and even with the shipping making it ~$10, it still seemed like a great deal for 4GB, so I ordered one. The Fedora livecd-iso-to-disk script makes it pretty simple to create a bootable usb stick preloaded with Fedora. 4GB is a pretty usable amount of space. (It's that same that I had on my first eeepc, which proved more than adequate). Hopefully it's not something substandard with a low number of write-cycles, or slow speed or the like. I guess I'll know in a week. If this works out though, I think I'll never have to bother carrying a rescue CD with me every time I travel.

I loved this LWN article on the changes necessary to make Linux boot in 5 seconds on the Asus EEE PC (a relatively slow computer).

Hopefully all Linux distributions will adopt these changes for custom deployments.

Some of you might remember the famous blinkenlights installations of the CCC in Berlin at Alexanderplatz some years back. Basically they used a matrix of windows on a building for a low-resolution display to play pong and display all kinds of animations and text.

After a long break, they're back, even bigger with blinkenlights stereoscope, a massive installation spanning 960 windows of Toronto City Hall. The entire backend technology has been re-implemented based on OpenBeacon , specifically the WMCU and the WDIM units.

04 October 2008 (Fake polls)

Republicans are using fake polls to spread lies about Obama.

I do not support Obama, because his positions are too close to the Republicans. But if we cannot put an end to this sort of systematic lying, it threatens what little is left of our democracy.

04 October 2008 (Urgent Note: Simultaneous Policy)

US citizens: call on your candates to support the Simultaneous Policy.

A couple of weeks ago we started the work on porting Microsoft's Media Codecs to Linux and we got the C version running.

Popfly in Firefox3/Linux/x86

Geoff, Fernando and Rolf have been hard at work on this, and have also added the infrastructure to download and install the codecs on demand.

The next step was getting all the assembly language supported in Linux, and today Geoff got the assembly optimized SSE1 audio decoder running (the first chunk of the decoders).

Of course, the rest of the team has been busy fixing bugs and improving the performance in preparation for the first public beta of Moonlight.

There are several different products which will scan your computer for malware. Of course, if you produce a widely distributed application you want to not set any of them off. Currently everybody manually checks to see if they're setting off the latest updates to the malware detectors, and the different suppliers of such software have, ummm, widely diverse approaches to dealing with reports of false positives. This is all a huge pain in the ass, and a giant distraction for lots of application companies.

Somebody please set up a service to do such testing false positive reporting for companies which make applications. The world needs such a service badly.

What’s scary about 5 second boot is not that it is possible. What is scary is that Ubuntu, Fedora, Debian, Mandriva, Gentoo and Suse couldn’t do it. Not even close.

And that seems to be a mindset issue: “It’s not about booting faster, it’s about booting in 5 seconds.”

A couple of weeks ago I suggested that developers interested in having their .NET software run in other platforms should avoid Microsoft's Managed Extensibility Framework (MEF) as it was not an open source library.

I had a chance to discuss with Glenn, Sam and Bob the benefits of using the MS-PL for this library first over twitter and then over email.

Representing .NET's loyal competitor, I did not think that we stood a chance of getting Microsoft to change the license, but I was pleasantly surprised. Glenn understood the value of open source, Sam wanted to do the right thing about this library and CodePlex and Bob argued that Mono already had Mono.Addins anyways.

Today Glenn announced that Microsoft has changed the license for MEF to the open source MS-PL license.

Thanks to everyone at Microsoft that helped change the license!

If you are interested in DAISY export, this extension for OpenOffice.org might be your friend. 

Vincent Spiewak and Dominique Archambault won Gold for their work on this extension, as part of the Innovation in Open Source Community Award Program.

Congratulations!