Don’t Attack Your Users

2008-08-12 by mjr

It seems to me like basic business common sense not to attack your software’s users, because they’re people who might fund your future development work, when they want some new feature adding or some adaptation making. We should hope that this audience will become co-promoters, co-developers or co-producers of free and open source software in the future.

Indeed, one of the basic lessons at our webmaster cooperative is to try to direct enquiries about software we’ve co-produced to somewhere useful, even if the question isn’t really much to do with us (because it’s about some part we didn’t produce or it’s something we’re no longer funded to work on), or even if we suspect the questioner has done something very silly. This approach has worked well so far. So, just don’t attack your users. It’s not on. Don’t do it.

This basic lesson of not attacking users doesn’t seem to have been learned in software industries in general. Most software comes with a very restrictive “End User License Agreement” that seems to treat the user as if they are a potential criminal and grabs as many rights as possible for the software producer. I expect that Microsoft’s new post-Windows operating system will continue this approach and that the user-tracking possibilities of internet-centred operation will be exploited as far as legally possible. Hopefully, we’ll continue to see pre-installed Linux growing strongly in UK as Bristol Wireless describe.

However, this pales into insignificance compared to many media companies. One of the worst offenders is Bristol-based TV Licensing who send us a “pay up or else, you potential criminal”-style letter each year. If there’s ever a reform that makes BBC subscription voluntary, they will probably reap the seeds of hatred that TVL have sown by attacking their audience.

I have quite a lot of admiration for people like Martyn Drake who are fighting a noble fight in things like TV Licensing – the war begins! but I wonder whether media companies will learn not to attack their users before they cease to exist.

Posted in Education, Training and Information, GNU/Linux | Tagged , , , , , , | 6 Comments

Is Yahoo Now Even Worse On Spam?

2008-08-08 by mjr

When working on mailservers, I’ve noticed that Yahoo’s mailservers seem to “punish” others by sending code 421 (service not available) for a few minutes for a first report of spam that originated from there, longer for a second report and so on. Yahoo’s help pages suggest they do this if you don’t “comply with our guidelines (described below)” (which aren’t actually described below).

That system seems to completely screw everyone on a server if a user forwards their own email to Yahoo and then flags some as spam, or if a website user who registered with a Yahoo mail address then closes their Yahoo account without updating their registration details. In the worst cases, a server’s mail queue can become clogged with stuff that it can’t forward to Yahoo. I’ve suggested that server owners ban forwarding to Yahoo, but not all have done that yet.

Yahoo’s server-punishing tactics are particularly unfair because of the amount of spam we receive from Yahoo – when I tried rejecting that, the server tested seemed to get more 421 punishment for that. I now usually direct it to a blackhole, which feels a bit dangerous.

Now I’ve just seen this from Indymedia which makes it sound like Yahoo’s getting even worse recently:-

“Yahoo doesn’t make it so easy for us. They do (unintendedly) transport a remarkable amount of spam, often sent by robots which automatically (and wide scale) crack Yahoos’ new account signup CAPTCHAS (those images with the cats + dogs + digits + letters in them) just to relay their spam through Yahoo. So it’s not easy to determine who sends legitimate email through Yahoo and who does not.”

I wrote about some alternative service providers back in 2006, including ippimail, which Yahoo users might like to change to. I’d be interested in comments about any new arrivals in this field.

BT internet customers are probably using Yahoo-hosted email too. I recommend changing to The Phone Co-op, but my company is an agent for them, so I would say that, wouldn’t I?

Posted in ThePhoneCoop | Tagged , , , , | 13 Comments

RFID Security and Stability

2008-08-07 by mjr

While developing an RFID extension for the Koha library catalogue system over the last few months, I’ve learned a lot about I-Code tags and security systems, but I’ve not yet looked into Mifare, which is the other big RFID product line from NXP. I have been seeing several reports of problems with Oyster (which is Mifare-based) and a crack to be published.

I thought Mifare was meant to be a much tougher product than I-Code. I’m surprised and disappointed that NXP’s reaction to a hack was to try to prevent publication. I haven’t heard from any suppliers about vulnerabilities, so I doubt that NXP are passing the message on to all Mifare-operators yet. They should tell Mifare operators so that they can protect themselves. It looks like the head-in-sand approach to security, which is very worrying.

At least one of our RFID systems is Mifare-capable (which is why I think we should have been told about this vulnerability), so I’ll look into that when I get some spare time (March 2012 perhaps?) unless someone points me at a link with juicy details.

Posted in GNU/Linux, Koha | Tagged , , , , , | 4 Comments

Firefox 3 Online Banking List Updates and WordPress 2.6 Upgrades

2008-08-04 by mjr

Software Cooperative News has been upgraded to WordPress 2.6 (and other co-hosted sites too), the “subscribe to comments” plugin has been activated and all comments will be pre-moderated from now on. There’s a few more changes to come, but hopefully nothing as dramatic.

WP-2.6 has a few more SALTs and KEYs in the config file, but it was a local change to the wp-settings.php to make virtual hosting work across many domains which took us off-line for a few minutes this morning. Sorry if you missed us. There seem to have been a few changes to the rich text editor (the Icon to add align-left etc has disappeared from blog text editor and some users can’t word wrap) which I need to check, too.

In other website news, updates from three people have gone onto the list about Online Banking with GNU/Linux, Firefox-based browsers or Free Software – Firefox-3-related breakages at NatWest and Norwich and Peterborough and a report that Nationwide works with FF3. Thanks to those contributors – as usual, I won’t say who told me what, in order to avoid telling people who banks where, but I’ve added more names to the credits.

Posted in GNU/Linux, Web Development, Wordpress and Blogs | Tagged , , , | 2 Comments

Debian 4.0-updated (“etch and a half”)

2008-07-31 by mjr

“The Debian project is pleased to announce the fourth update of its stable distribution Debian GNU/Linux 4.0 (codename etch). In addition to correcting several security problems and a few serious defects in the stable release, for the first time in Debian’s history an update for a stable distrubtion also adds support for newer hardware by giving users the option to install newer drivers.”

Read the full announcement for full information, links to release notes and upgrade instructions and so on. All of our debian servers are already running this. It’s worth upgrading.

(My contribution was just suggesting a few minor changes to the draft announcement, as far as I know. Hopefully it’s an easy enough read!)

Posted in GNU/Linux | Tagged , , , , , | Leave a comment

SPI Election Result and Apology

2008-07-30 by mjr

Regular readers may remember that I stood in the board election of Software in the Public Interest, the main democratic free software corporation, a few weeks ago. Well, the result is posted with David Graham and Jimmy Kaplowitz are re-elected. Well done and good luck to both.

Thanks to the other board members for running the election and restarting the voting machine as necessary. The postponed July meeting might happen in irc.oftc.net #spi today (Wednesday) at 1900UTC, but I expect they’ll announce it in the usual place before it happens.

Naturally, I’m disappointed that more news, members’ panels and the annual report weren’t attractive enough to get more votes, and that old untruths were being reposted to some forums, but I can’t get too upset about this year’s result because both elected candidates had fine manifestos. I’m glad that Jimmy Kaplowitz’s platform includes posting more news and look forward to seeing that.

Slightly worrying are the low turnout (down for the third year) and that over 80% of those few voters were from debian (my estimate). I’ve my suspicions why, but I’d love any non-voters to leave me a comment telling me why you think it is.

The apology: the summary of responses to my questions about SPI membership will appear next week because I made a mistake on one site, set the closing date a week late and I don’t see any way to edit surveys after they’ve opened. Oops. Sorry. (Now, if that site was running free software, I’d see if I could fix the user interface to allow previews.)

(Aside: I was going to include a bar chart of the voting, like last year, but WordPress’s stupid post editor strips style attributes from li tags. I’ll go looking for that with a hack-axe Real Soon Now, before it causes me serious trouble.)

Posted in Drupal, GNU/Linux, SPI | Tagged | Leave a comment

How to Install Koha 3.0.0 on MacOS X 10.5

2008-07-29 by mjr

This is a pretty technical note, which I’m posting here for review and hopefully to help other people. The reinstall I mentioned last week was a MacOS X 10.5 server, so this time I installed Koha more simply and took more notes. I don’t want to put this in the distribution as INSTALL.osx, for reasons mentioned below. Also, I’d be very happy if people replaced all osx servers with debian ones, or at least some sort of tidy GNU/Linux.

The sysadmin installed XCode and fink for me and I ran

fink install apache2 apache2-dev mysql mysql15-dev

without any great event. I also re-used an old, imperfect, local finkinfo/idzebra.info to

fink install idzebra idzebra-shlibs

Next, I used the extremely horrible command

fink list $(sed -n -e “/PREREQ_PM =/,/}/{;s/^[ ‘]*//;s/::/-/g;s/’.*$/-pm588/;/-.*-pm588/p;}” Makefile.PL | tr A-Z a-z)

inside an unpacked koha-3.00.00.094 folder to find out which modules fink had packaged already. Something similar can be done for debian and ubuntu, using apt-search or dpkg instead of fink and a libperl- prefix instead of a -pm588 suffix. (I think all systems should do something like that. Then we could merge the INSTALL.*s into the main INSTALL because they lag behind.)

Three of those, I copied to /sw/fink/10.5/local/main/finkinfo and edited slightly (usually to increase the version: dbd-mysql-pm, html-template-pm, xml-libxml-common-pm, xml-libxml-pm.info and xml-simple-pm.info… also in my fink-10.5 folder) and then ran

fink install dbd-mysql-pm588 text-iconv-pm588 xml-simple-pm588 data-dumper-pm588 digest-md5-pm588 file-temp-pm588 getopt-long-pm588 html-scrubber-pm588 list-util-pm588 list-moreutils-pm588 mime-base64-pm588 net-ldap-pm588 test-harness-pm588 text-wrap-pm588 time-hires-pm588 unicode-normalize-pm588 xml-dumper-pm588 xml-libxslt-pm588 xml-rss-pm588 yaml-syck-pm588

to install those modules.

For the remaining modules from CPAN, I set PERL5LIB to my new Koha folder (export PERL5LIB=/Library/WebServer/Koha/lib:/Library/WebServer/Koha/System/Library/Perl/5.8.8/:/Library/WebServer/Koha/lib/perl5/site_perl/:$PERL5LIB) and ran perl -MCPAN -e shell, telling the configuration screens to use PREFIX=/Library/WebServer/Koha (so install into the Koha folder instead of splattering across /System/Library). Then the command

install Bundle::KohaSupport

just worked, thanks to excellent work by Mike Mylonas and others.

Finally, all that was left was to run the normal installation in the koha-3.00.00.094 folder, picking the “single” configuration and ignoring “make test” failure (because it’s a work in progress and this is RC1), edit the /Library/WebServer/Koha/etc/zebra/*cfg to point at /sw instead of /usr, symlink koha-httpd.conf into /sw/etc/apache2/sites-available and run the a2ensite commands, copy the service plist files into /Library/LaunchDaemons and load them into launchctl, browse koha and start testing it.

Simple(!)

It only took me a full day of work to figure that out and do the reinstall… compared to under 2 hours from scratch on debian at the moment. Maybe it’s faster if you know the OS better and/or aren’t trying so hard not to splatter stuff across the base system. Did I do anything wrong above?

Posted in GNU/Linux, Koha | Tagged , , , , , , | 4 Comments

WsM Pier Burns Down

2008-07-28 by mjr

The Grade-II-listed Grand Pier Weston-super-Mare has burned down. It was right in the centre of the next bay south from me, facing down the main street between the town centre and seafront, visible all the way around Weston Bay. There’s been a half-mile exclusion zone in the middle of town, but I’ve not been travelling that way today. I go past the pier four or more times a week. It will be very strange for it to be missing. Pictures by a nearby resident really capture the scale of the shock.

The pier is literally an icon, used for the WsM Forum that I help to run for the town. At least those landside towers are still standing. More reaction on WsM Forum.

Posted in Web Development | Tagged , , , | 1 Comment

Why people do and don’t join SPI?

2008-07-28 by mjr

I just asked this question over on another site and thought I’d widen it to here:-

I’m standing for election to the board of Software in the Public Interest this month, so I was wondering how many users who contribute to free and open source software have joined? If so, why? If not, what’s stopping you?

http://www.spi-inc.org is the organisation’s website. Even if I don’t get elected, I’m interested to know why people do and don’t join and would like to summarise the answers to SPI, so please mention if that’s not OK with you.

I’ll summarise some of the other answers I’ve had in a day or two.

Posted in Drupal, GNU/Linux, SPI, Web Development | Tagged | 6 Comments

Good Tour for Software and Cooperatives Enters Final Weekend

2008-07-26 by mjr

This weekend, I will be mostly watching the Tour de France. It’s been a very good tour for software and cooperatives. Look at the current leaderboards:-

Teams
  1. Carlos Sastre Candil (also 2nd in King of Mountains) Team Computer Sciences Corporation – Saxo Bank
  2. Frank Schleck (3rd KoM) Team CSC – Saxo Bank
  3. Bernhard Kohl (1st KoM) Gerolsteiner bottled water – OK, not related
  4. Cadel Evans, Silence anti-snoring product – Lotto Belgium – also unrelated
  5. Denis Menchov, Rabobank cooperative
Points
  1. Oscar Freire Gomez, Rabobank
  2. Erik Zabel, Team Milram, a brand of Nordmilch cooperative
  3. Thor Hushovd, Crédit Agricole cooperative banks
Teams
  1. Team CSC Saxo Bank
  2. AG2R-La Mondiale insurance mutuals
  3. Rabobank
  4. Euskaltel – Euskadi – privately-owned telco and a government
  5. Caisse d’Epargne cooperative bank

So however it finishes, I think it probably will have been a much better race for software and cooperatives than last year’s tour, likely to take 4 of the top 5 team positions and 1-2-3 in the green jersey contest… even the doping scandals have been for other teams this year, I think.

One day, one of my companies will sponsor pro-cycling. I hope. Anyway, if you’d like to cheer on other Software and Cooperative firm teams until then, European TV coverage details are on another site of mine and Saturday’s time trial start times are posted on a sister site.

Posted in Web Development | Tagged , , , | 2 Comments