xPG.dk

As most of you know, I have been playing around heavily with IPv6 flow labels under Linux lately due to my master thesis. My newest finding is that performance of sendmsg() is really bad when one specifies the sin6_flowinfo field of the sockaddr_in6 structure. My test application is a modified version of D-ITG from the University of Napels. The application normally uses a connect()/send() scheme, even when sending UDP packets. However, as I just wanted to hack in QoS-support, I modified the scheme to use sendmsg() rather than send() and specify the destination address on each call. This seemed to work fine up to the point where I enabled flow labels for the socket and filled in the sin6_flowinfo field. Suddenly I could send no more than 90 packets a second, as apposed to the 2000 packets I was toying around with. I feared that I had some hidden overhead somewhere in my QoS system. Luckily I found out that the problem was with the sendmsg() call. It seems that specifying a destination address with flow labels triggers some awful slow operation in the kernel. My, rather unqualified, guess is that the kernel copies hop-by-hop headers and destination headers from the flow label into the packet on every sendmsg() call. If one instead uses the connect()/send() scheme, this data copy is only performed once. Wether this is true or not I can't say, but using connect() first and specifying the flow label there and using send() to send the messages works beautifully. I can now send thousands of packets a second again :-)

As I promised earlier I have now written a little documentation about the current IPv6 flow label mangement API under Linux. It is a first draft and probably contains incredible amounts of errors, spelling mistakes and misleading directions :-) You can read it at http://xpg.dk/blog/projects/linux-ipv6-flow-label-mangement-api

Lately I've been using KDE rather than GNOME on my Ubuntu workstation at home. I still cannot figure out which of the two I like the most - that probably means that they are equally good :-). However, I have bumped into a most unpleasant bug in KDE 3.5: After working with the system for a while, window switching using alt-tab gets awfully slow. After running KDE for a day it's 5-10 seconds! A quick google search showed that the bug is allready reported as bug 117169. There is a patch to remove the problem, but it seems to be a mere hack and I'm not in the mood of compiling KDE from sources. I would, however, appreciate if the Kubuntu team included this hack. I do really wonder how such a terrible bug has made it into a release. And I'm even more surprised that it has not been corrected yet. The bug is dated back to 27th of November 2005. Come on KDE team you can do better than that! Meanwhile I'm considering going back to Gnome since I really can't be bothered to wait seconds for window switches.

Due to lack of time I have not been able to work on the XMMS Media Library for a long time. I have thus chosen to throw the towel in the ring and abandon development on XMMS Media Library. It was fun developing, but today there are alot of good alternatives to XMMS + Media Library that are more mature and build on more up-to-date codebases. Rythmbox,Quod Libet and amaroK are some of the media players that provide far better handling of music than the XMMS Media Library does. If you have enjoyed the XMMS Media Library in the past I suggest you check them out. If anyone is interessted in taking over the development, do please contact me. Thanks for all the support and feedback regarding XMMS Media Library.

I have (again) changed the focus of my master thesis. It's still about contolling quality of service within IP networks. But rather than providing a comparison of QoS architectures based on simulations, I have chosen to implement a single QoS architecture under Linux. The architecture in question is known as TIA-1039 and basically adds a quality of service structure to the per-hop-option header of IPv6 packets. As "TIA-1039" is the reference name of the standard adopted by The Telecommunications Industry Association (TIA) and the standard has not yet been given an proper name (nor has it been officially adopted by the IETF), I have chosen to call it "Quality of service Option Header", or QOH for short. Thanks to Netfilter it should be possible to provide an implementation of TIA-1039/QOH completely in userspace. This should allow faster development than if I had to add hacks to the kernel. I'll keep updating this page as my work continues. When I get time I'll write a bit about IPv6 flowlabels in Linux. Currently there doesn't seem to be any documentation about it, so it would be nice to have something about it on the Net.

A couple of months ago I decided on my master thesis topic. The thesis is going to be about quality of service architecture in IPv6 Internetworks. What I am going to do is to evaluate current architectures with regards to the following requirements:

• End-to-end QoS
• Global QoS specifications
• Scalable
• Deployable in IPv6 networks

Architectures fullfilling these requirements will be simulated in order to pinpoint weak areas. I am still looking at simulations tools, but I'll probably end up using either ns2 or omninet++. Currently, I am considering the following architectures:

• Integrated Services
• Differentiated Services
• Integrated Service using IPv6 per-hop-header information
• In-band flow-state QoS (on top of DiffServ)

I'm open to suggestions regarding other architectures :-).

It's christmas time which for some people means useless programs like xsnow. Actually, I think xsnow is quite sweet, but I was dissapointed to find out that it didn't work under Gnome. After a quick google (and a bit logical reasoning) I figured out that the problem is that Nautilus is covering the X root window. Another google search showed that xpenguins has had this problem in the past but that it has been solved. I decided to take 10 minutes to extract the relevant code from xpenguins and patch xsnow with it. I give you: xsnow-1.42-pg-nautilus! And of course a screen shot (boring, I know). Merry Christmas! Update 17. December: I've send the patch upstream to Rich Jansen, who is the author of xsnow. I hope it gets into one of the official releases in the future :-)

Bjarke Sørensen has announced that he will be starting to develop on PapuaWM. This means that PapuaWM again is being actively developed. I was thrilled to find out that someone cares about PapuaWM as I still think it's a wonderfull WM. Unfortunately I have not been able to work on this project (or any other OpenSource project) for quite some time now as my education and work takes up all my time. As always PapuaWM information can be found at http://www.papuaos.org/papuawm/. I'm looking forward to new versions of PapuaWM and hope that I will be able to join in on the development again some time in the future.

I've looked into my problem with SSH connections timing out when connecting through a Cisco 677 ADSL router doing NAT. It seems that it is a known problem and the emailarchive of SSLUG (a danish Linux User Group) contains at least one thread about it. Unfortunately the thread is in danish and I have had a difficult time locating information about the problem in english, so I'll recap the different solutions suggested:

1. Lower the TCP keepalive timer to 1800 seconds (7200 is default), suggested by Mogens Kjaer.
2. Make sure there always is traffic on the line (Peter Makholm suggests running 'xterm -e top' over the connection).
3. Adjust the NAT TIMEOUT to a higher value, suggested by Jens Lauterback
4. Get a global IP address for the server and disable NAT. I've seen this suggested multiple places, but can only seem to locale Jens Lauterback's suggestion

Of these solutions I have tried 2 and 3 and neither of them seem to be doing the trick for me. However I have been able to run an all-night backup session by having netcat poking the SSH port every 5 minutes. I'll keep posting how this solution works for me. Solution 1 seems unlikely to solve my problem as the lowered keepalive value is 30 minutes (1800 secs/60 = 30 mins) and sometimes I can't even sustain a connection for that long. The last solution (4) is a bit overkill as it would require me to purchase a global IP for the server. That was a bit of update on the Cisco 677 NAT problem. If anyone has some input please let me know!

I've been using SSH to secure my online backups for quite a while now. I've been using both rdiff-backup and unison. I'm most fond of the first one, as it does incrementel backups allowing me to roll-back if I do something really stupid. Regardless of which system I use for backup on top of SSH, I have the same problem: The connection tends to time out. The result is that I never complete the backup process and only have partial backups of my system. This is, needless to say, not optimal. I haven't done any extensive testing of how long SSH sessions can be kept alive, but as far as I can tell, there is no connection between how long the sessions last. SSH keep-alive has been activated, but still doesn't help. It should be mentioned, that the upstream bandwidth of the system to backup (is that backupee ? :-) ) is 128kbit, whilst the downstream bandwidth of the system to backup to (backupper ? :-)) is 512kbit. The backup server (backupper) is behind a Cisco 677 ADSL Router, with port 22 forwarded to it. If I just could figure out, which component is causing the timeout... Any suggestions?

UPDATE (22. August 2005): I've refined the patch a bit, so that it applies more cleanly. Grab version 0.2. I was in a real hacking mood yesterday, cause besides the Gnome Terminal patch I put together something of a far more hacky nature; A way to suspend Applications through the window menu in Metacity. First question that comes to mind is of course "But why bother at all?!". The reason is quite simple; During the day I start a lot of applications that I use for periods and then let run in the background for hours without ever looking at them. I hardly ever close them as I don't want to wait until they startup when I need them. A typical example is my webbrowser, Firefox: I start it at the beginning of the day, but I certainly won't allow it to eat CPU cycles when I could use them in more appropiate ways (playing Neverwinter Nights for instance). Normally I would be forced to shutdown Firefox, but with this patch I can just suspend it and it will sit there waiting for me needing it again. "How does it work?" I hear you scream. It's actually quite simple, as can be seen on the screenshot there is a new menu item called "Suspend" (which of course can be assigned a keyboard shortcut). When activated it will send the application that owns the window a SIGSTOP, causing the program to stop until it receives a SIGCONT. The window will be minimized, as will all other windows of the application (remember the whole application is suspended, not just a single window). When a window of a suspended application is unminimized (or restored, if you like), Metacity sends the program the SIGCONT signal, and restores all of the application's windows to their previous state. Currently, this feature only works for applications that properly set their _NET_WM_PID property. I havde to admit that I have no clear idea what the consequence of using the SIGSTOP signal is, but I'll try to play around with it for a while and see if there are any evil side effects. For all the brave souls out there, try out the patch or the Ubuntu packages. You'r welcome to drop me comments and/or suggestions.

Ever since I started using Linux I've been very fond of using commandline shells and thus also terminals. However, in the past few months I have grown quite happy with the Gnome desktop and Nautilus (even it's spatial mode). As I am still using terminals heavily, I have missed a feature that allows me to quickly open a Nautilus window for the directory I'm currently working with in the terminal. Yesterday I did a quick 30-minutes hack that adds this feature to the Gnome terminal. It adds two new menu items to the "File" menu:

• "Browse CWD" - Opens the file browser in the current working directory
• "Copy CWD to clipboard" - Copies the current working directory into the clipboard for easy insertion in other applications

The menu items can of course be assigned keyboard shortcuts for optimal usage :-) Today I refined the patch and made the program to launch configurable. The latter took a little longer as I both had to change the Glade file and add the preference to the terminal profile. The result is a little patch for gnome-terminal-2.10.0. I do apologize for the many changes in the gnome-terminal.glade2, but going through that file by hand is something I want to avoid, if possible. I have an Ubuntu package for those who might be interested. Do please try it out and give me some feedback.

As people might have guessed, I have been too busy to post anything new here. Actually, I don't even have much news. Just been busy working and studying. It's not like it's getting any better; Now that the quarter is over I'm going to get busy with preparing for exams (oh joy). Next quarter I will be following a course on real life applications of evolutionary computations (EC). It seems that the major part of the course will be working on a project where you use EC to solve some real life problems. So, once again I'm looking for an idea for a project. Any ideas where EC can be applied? The more creative suggestions the better :-). For those who don't know what EC is, it's basically solving problems by having multiple solutions and combining and/or mutating these to find better, and ultimatively the best solution (or most often, an aproximation thereof). It's really an interesting area of computer science, everyone ought to know at least the basics of it :-).

It has been a while since I've had any news on the MediaLibrary plugin for XMMS, so I thought it was about time. Unfortunately, there is still no new stable release. This is quite sad, as the current 0.3 version is hopelessly outdated compared to the development version. Lately, there have been a number of comments on the MediaLibrary. Frankly, I'm surprised that so many people use it and some even care to comment about it. I will address some of the issues mentioned in those comments, and also tell you a bit about the future for the MediaLibrary. Currently, I'm working on adding skinning, so that the look will be more like XMMS itself. I'm not sure how I'm going to do it, but I hope that I can use the regular XMMS skins and just extract the necesarry colors from them. To be honest, I dislike skinning in general. I don't like that some of my applications look different than the rest, and it's tedious to code. However, as XMMS uses it I will try to make the MediaLibrary use it as well. As I'm quite busy with both my job and studying I can't really say when this skinning stuff is finished, but it will probably take quite a while, so don't hold your breath. As for the future of the MediaLibrary, I do not expect to be working any more on it after finishing the skinning stuff (modulo minor bug fixes). Primary reason for this, is that it's written in the obsoleted GTK+ 1.2. and that XMMS is getting outdated by other players, such as the BeepMediaPlayer and various players build on top of the GStreamer framework. GStreamer really seems interesting, and when I'm done with MediaLibrary skinning, I'm probably going to hack on either GStreamer or some of the players using it. Oh, and before I forget it, I will add track numbers (and thus track number sorting) in the next development cycle :-)

As promised earlier I have now put my report online, in case anyone should care. I have removed some parts about the project schedule as I don't think it will interest anyone. About the source code for the Python smtp proxy, I'll put it online if there is interest for it. But for now I'll keep it, as it's ugly, messy, and doesn't follow the drafted standard very well :-) Now the real question is, if I want to do a proper implementation of Domain Keys in Postfix. Maybe I should find out if there is an need for it amongst the Postfix developers and/or users.

As of today there is only one exam left in this quarter (it's also the worst), wheee!! :-) Yesterday I had my exam in the course "Network Protocols and Internetworking". It was an oral exam, that started with me presenting a project I had done with 2 others during the quarter about IPsec. Actually, I talked a bit about IPsec basics, and then they asked some questions about internet routing. It went quite well, and all three of us in the IPsec group got a 10. Today, the turn had come to my security project course. As you might remember, I have written a report about Domain Keys and related sender verification techniques. The exam was basically just to talk a bit about my report. It was a bit special, as I had chosen both the subject and the litterature myself. But I kinda like that instead of someone telling you what to do :-). As for the result of the exam, I got 11 :-). For a translation of the grades to ECTS look here or here. All those different kinds of grading systems are starting to the annoy me. BTW, how does one calculate the average of letter grades? I mean the average of three A's and one B is... ?

Like many others, I have now also been struck by several spam comments on my blog. As a result, I have added an authentication image system. I am perfectly aware, that this method is not perfect. But I just needed a system that was quick to install and kinda works. I will look into alternatives later. Sorry for the inconvenience. Those spammers are really starting to annoy me bigtime. We ought to introduce some kind of non-spammer certificate, that a browser could use to identify itself as being a legitimate user :-)

For some time I have consideret buying a DVD burner. Mainly because I don't even own a DVD-drive. It would also allow me to make backups to removable medias again. However, it quickly turned out that upgrading such a drives firmware on a Linux-only system is unsupported by all vendors I've checked. Unsupported here means impossible for almost all drives, only exception I have found is NEC, which has an unofficial tool. Firmware upgrades for DVD burners are quite essential, as they often add support for more blank media and sometimes higher speeds. I can understand that companies don't want to spend the extra time in developing tools for a small market (as Linux probably is). But, as we all know, Linux supporters generally don't mind writing their own tools. So it would be nice to see vendors accepting community developed tools as being official, or at least semi-official. It would also be nice, to see vendors helping developers by providing either the Windows source code or exact specifications for the firmware upgrade process. I'm not asking for any source code to be released to the public. I would be perfectly happy with an official binary tool. Heck, I would even sign NDA'as to port the code myself, if it could become an official tool! Public source code would be nice, but it scares companies alot more than binaries do. I don't know what NEC has to say about the necflash tool. But it surely doesn't look as if they support usage of it. So, the conclusion is that I as a Linux user can either not upgrade my firmware (without doing tricks with another OS), or, as in the NEC case, I have to use a binary utility from a third party, which is unsupported by the official vendor. All this being said, I might end up with a NEC drive anyways. Afterall, it is the only product I've found that can be upgraded under Linux.

It's 08:17 in the morning and I have just handed in my project report on the Domain Keys project. I am not completely happy with, and have this strange feeling that it's completely crappy. But let's hope that my teacher likes it nevertheless :-) For those interested in the reading the report, I will put it online later. And now, to something completely different.... Sleep. Though it won't be for more than a couple of hours, there is work to be done :-( Well, just wanted to let the world know.

As I have mentioned before I have chosen to take a closer look at Yahoo!'s domain keys in a security course I'm currently taking. I have previously given a short description of domain keys. I have set myself 3 goals with regards to implementations:

• Implement the verifying side and integrate it with SpamAssassin, so that a valid domain key signature rate the emails in the direction of ham and not spam.
• Implement the signing side, so that I can send emails with proper domain key signature.
• Implement an alternative system, where email servers check for S/MIME signatures, and use this information to score emails as ham with SpamAssassin.

Out of these three practical goals the two first have been achieved. My mail server running Postfix currently uses an after-queue Python filter for both signing and verifying. I have setup SpamAssassin to give valid domain key signatures a score of -20.0. This will probably have to be tuned in the future but works fine as a proof of concept (or proof of implementation). I have chosen to use an external filter as it seems quite a bit more difficult to integrate domain keys directly in Postfix, especially if it has to be done properly. The last goal is a bit special, as I haven't found anyone else who has tried to use S/MIME serverside (if anyone knows of related project, please let me know). But the idea is to allow more exact identification of the sender, and don't require control of DNS entries as domain keys does. I'll post more about this alternative approach as I am figuring out how it should work.

Yesterday night (22. November) I was playing around with IPv6 on both my workstation and my server (currently located a couple of kilometers away). I was playing with tunneling IPv6-in-IPv4 to the 6bone network via freenet. I have a couple of user mode linux instances running on my workstation, and use the workstation as an IPv6 router. My goal was to be able to ping the uml instances from my server. I got it working, and as I was about to close the uml instances (which btw. is done by 'shutdown -h now') I suddenly realized that I had type it into the wrong terminal, and accidentally closed down the server instead :-( As it was getting late, I decided to wait till morning to start it again. Leasons learned: Only run as root when necesarry (doh! we all knew that) and never work when you are too tired (hmm, we all knew that as well).

As bbspot's OS test seems quite popular on planetpenguins, I decided to take it too:
Which OS are You? Debian, hurray!! To be honest, I have taken this test before and been both Windows ME and XP. But it seems that I've changed my personality :-)

A couple of weeks ago when I went to a Blue Foundation concert, I ran into a couple of Amnesty International people asking if they could take a pictures of me for their Control Arms campaign. As I generally support Amnesty International and like the control arms campaign, I let them take the picture: I hope it's more effective than the usual collecting of signatures.

As I previously have mentioned, I am currently taking a real close look at Yahoo!'s Domain Keys draft. One of my goals is, to setup Postfix to use the Domain Keys system. Before I go on, I should probably explain the quick details behind Domain Keys. It's a system where a sending email server signs the email (body and headers) with a private key. The public key is stored in a TXT DNS record, so that a receving email server can fetch it, and verify the signature. If the signature is correct, then the email hasn't been modified in transit. It's clear that there are two participating parties in this system; the signing side and the verifying side. Right now I'm trying to implement the verifying party in my Postfix setup. The way I do this is through an filtering smtp proxy (Postfix details). All mails get redirected through it, it checks the signature and appends a header stating that the signature is either good or bad. I started writing this smtp proxy in Perl, but as I couldn't get any of the RSA modules to compile I gave up and rewrote it in Python. The reason I chose Python was that I had seen multiple RSA moduled for it on the net. However, it turned out to be much more complicated than I thought. First off, Python comes with a nice set of digest algorithms like MD5, SHA1, etc.. For more advanced crypto stuff they suggest that you use The Python Cryptography Toolkit (sometimes known as pycrypto). Well, no problem, I installed the beast, found a class called Crypto.PublicKey.RSA, which sounded exactly what I needed. Even better, it has a method called verify(), yay! But this is where things start to get a whee-bit complicated. The public key (stored in a TXT DNS record, as you recall), is in a format specified in the PKCS#1 standard. However, pycrypto (also known as The Python Cryptography Toolkit), can only construct Crypto.PublicKey.RSA objects if you happen to have the two integers that a public key consists of (n and e for those RSA geeks). As I am not in the mood to write a reader that can extract those two integers from the public key, I go looking for alternatives. On the website of The Python Cryptography Toolkit (dare I mention that it's also known as pycrypto), two packages that should ease the use of pycrypto (you know by now) are mentioned; ezPyCrypto and yawPyCrypto. Both can import public keys, but only if they were exported by themselves (I don't even think they can import each others keys). So, 3 crypto packages, two of them wrapping the third, and still no support for reading the most standard representation of public keys, geez. As I don't give up easily I track down another package, pyOpenSSL. This time the documentation actually mentions ASN.1, which is related to the public key format (the details are boring and I ignore them, as this is getting long enough without them). Oh the joy... didn't last long. PyOpenSSL seems to focus on SSL (Secure Socket Layer) and certificates, and it doesn't seem to do simple thing I want it to do; verifying a signature. To be fair, I should add that PyOpenSSL is only in version 0.6, and the website states that alot is missing from it. It still counts as a Crypto package, so that's 4 of them, and none can do what I want. When I was about to give up, the most amazing thing happened. By pure luck I stumbled across POW (aka. Python OpenSSL Wrappers). After fidling with it for half an hour or so (mostly fighting to make it compile), I had written a little script that could verify a signature. POW isn't perfect, it has a strange bug, that only allows it to read one (PEM) of the two formats (the other is ASN.1) public keys are found in. But as PEM is basically ASN.1 base64 encoded, I can easily do the conversion to PEM. Luckily this ended good and I can now finally return to the problem at hand; implementing domain keys. I'm just puzzled by the fact that there are at least 5 packages providing crypto stuff for Python coders. It's a jungle out there, don't get lost!

When I asked for security projects basher suggested secure backup. I recalled an article about a system called cryptar presented at NordU2004 (which was cancelled, but the paper was in an issue of the DKUUG newsletter). Both paper and code is available at http://www.cs.drexel.edu/~jeffa/cryptar/. Unfortunately I haven't had time to try it out yet or even read the paper in its full length. But it seems to be a nice project. If anyone tries it out, please let me know about it! With regards to the security project, I have decided to take a look at Yahoo!'s domain keys. I'm still working on the final project description, but you can rest assured that I will talk alot about it in the near future.

Next quarter I'm going to follow a security course, which requires me to write a report on something data security related (fuzzy I know). We are allowed to do a practical project, so implementing (parts of) something is okay. As I do not want to waste my time with writing yet another crappy mail client just to demonstrate my knowledge of S/MIME (or GPG for that matter), I was wondering if anyone could come up with a nice project that has a practical purpose for the Linux community. So, suggestions for security related projects that Linux needs are welcome. Best suggestion is awarded with a beer (delivery not included) :-). Fire away!! (Update: Of course BSD suggestions are welcome too :-) )

I cheered quite a bit yesterday, after i stumbled across this. Unfortunately I couldn't find any more about it in my hurry. But through the wonderfull news service at google I found an article from BBC News that states the same, so it seems to be true. However, I really want to see it before I beleive it. Far too many publicity stunts have been made in the past. But if they do it, we can only hope that the others follow Sony's good example.

Got my bachelor degree certificate yesterday. I'm now entitled to call myself "Bachelor of Science, B.Sc". :-) Not that it changes much in my life, but it's kinda nice to know that the last 3 years haven't been totally in vain. I just wish the grades had been a bit better, but it's kinda difficult to blame anyone else but myself for that ;-) I'll try to see if I can get it scanned, just to show off a bit. On a totally unrelated note, I'm looking for a new computer/office chair. It should not be too big, since I haven't got that much room. Actually size is one of the reasons I want to replace the current chair. So if anyone has suggestions do please let me know.

I spend this weekend in Aalborg attending the Aalborg Regatta (page in danish only). Our boat made a 3rd place in the one race we participated in. We were all quite happy with that placement, since we haven't trained very extensive together. Also, it helps that another boat from our club (ASR) won the race :-). Actually our club won quite alot races, so it was all in all a good day, with alot of cheering (still have a sore throat). The evening was quite fun aswell; food, music and lots of wine. I probably had a bit too much of the latter (and some might even say far too much). Later I joined up with Hamselv in Aalborg city. However, I ran into an old classmate, who I didn't even knew had moved to Aalborg, and never really got to talk that much with Hamselv. Sorry about it, Hamselv.

Yesterday I bought two new CDs. One of them had this annoying "Copy Controlled" icon on it, but I bought it anyhow as it seems to be impossible to avoid those these days. I've never liked the idea of using technical means to restrict my usage of a product I have paid for. As many others I own a mp3/ogg hardware player, and I need to rip my CDs to get the music onto the device. Why are they hindering me in doing this?! I am not doing anything illegal with it anyhow. Now one thing is that I don't like it, another thing is that the copy protections are laughable bad. The CD I bought was pressed in 2004 (this very year), so it's probably state-of-the-art protection. Nevertheless it took me less than 2 hours to copy the CD to my harddrive and ogg encode it. Most of the time I spend finding a proper program to do the ripping, as the protection actually confuses some of the rippers out there. This means that next time I have to rip a "Copy Controlled" CD, it will take me no longer (or at least not remarkably longer) than ripping a normal CD. So, all in all, "Copy Controlled" CDs are broken both in concept and implementation. I wonder how much development of these "protections" costs the record industry. If they used the same amount to drop prices a bit and try to experiment a bit more with releasing non-mainstream music, I'd bet they would cut down CD piracy alot more than they are today. But hey, I'm just a consumer, why should they listen!?

I've just rediscovered LUFS today. It's a really nice framework, which allows filesystems to be written to run in userspace instead of kernelspace. The advantage of this, is that it should be farily easy to use other userspace applications. A good example of this is the SSH file system (SSHFS), which simply uses the system installed ssh binary to handle the encryption of data and transferring it over the network. Actually, SSHFS is the reason I found LUFS in the first place. I can now sit at home, and access my files at the university easy and secure. It's far better than using a remote emacs/eclipse/gvim/whatever session over the DSL line (at least if one wants them to use X11, text based emacs/vim works fine, but is not always enough). However, there are at least two other interesting filesystems implemented using LUFS:

• GNETFS: Gnutella Filesystem; search for files on the gnutella network just by creating directories :-) A bit crazy if you ask me, but a nice demonstration of what can be done.
• GnomeVFS: Take advantage of Gnome's VFS modules from any application.

I haven't had time to try either of those two yet, but if I stumble across some spare time, I might just do it.

I am now feeding my blog to Planet Penguins, thanks to Bjarke for that, and also the fine work he has done on the planet until now. Yesterday I decided to try and find some RSS reader, so that I can avoid browsing all those different planets I have gotten used to reading. Since Micke had just released a new version of his Blam!, I took it for a test run. After some headaches with installing gtk-sharp, mainly related due to a missing gtkhtml library in the right version (using Fedora Core 2), I got it up and running. I really like it! However it would be nice with some notificationarea icon, and periodic updates. On the other hand, such a feature might be highly unproductive. Now if I just could find a desktop application to write blog entries, I could avoid using a browser completely :-)

Yesterday the new trimester/quarter started. Seems like the term "trimester" has been obsoleted by "quarter" for some strange reason. Anyhow, this quarter I am following two advanced courses; Pervasive Computing and Topics in Data Security. Besides that I follow a basic course in mathematic programming. Mondays I have two overlapping hours, which means that I will have to skip the first hour of the mathematic programming lecture, to be able to attend the Pervasive Computing lecture fully, which being an advanced course, is both more interesting and important to me. :-) I had almost forgot how expensive it was starting a new quarter. I have allready spend 706 DKK (about 95 €) on books, and for that I only got one book and an article collection. It'll probably get doubled when all the books have been bought. Oh well, knowledge comes at its price :-)

I have been toying with software RAID for a while, and I am currently running a RAID-1 array on my workstation. I started with this setup under Gentoo AFAIR, and have kept it over a Red Hat 9 to a Fedora Core 1 and finally a Fedora Core 2 installation. However, as I am a Debian user of heart, I was disappointed to see that the shiny new Debian-installer did not support software RAID directly (there are always ways around it). So, I started hacking on software RAID support a couple of months ago. Unfortunately, I haven't had much time to work on it lately. But it turns out, that there is quite alot interest for the project, so other people have put efforts into it. Finally last week I tried the daily snapshot, and I did a successfull installation using VMWare, with / and /boot on RAID devices. As far as I know, the RAID support in the RC1 is not yet as complete. So, when I get time for it, I will reinstall my machine with Debian, and finally be back home again. As for the RAID support in the Debian installer, it still needs more work. Currently it only supports RAID-0 and RAID-1, for instance. Let's hope I'll get time to look into it soon.

Abe from #Lemmings on irc.freenode.net pointed me to imgSeek. It really looks cool for managing alot of images, since it can find similar images, and even do image search based on sketches one draws. This kind of program really wants you want a digital camera :-)

Although I usually don't use Windows much, I couldn't help noticing that the new XP Service Pack 2 contains alot of security enhancements. Some of them even seem to break current software. I must say that I am pleased to hear this. Although I realize it will take a while before all problems have been worked out, and everyone has upgraded. Wait, on second thought, that won't happen for a while since people are quite bad at doing upgrades :-(. But, my point is, that this really might tigthen the general security on the Internet. I'm not thinking so much on the concrete service pack, but more the fact that Microsoft pushes out patches that prioriotizes security over compatibility. Good job, but I'll still stick to Linux :-)