Open Source: Freedom from Anti-features

It’s good to remember that a benefit of open source software is freedom from anti-features. The wiki (the second link) has examples of anti-features. E.g. I wasn’t aware of the Vista anti-feature where it slows down network connections when it detects any sound playing.

* [http://lwn.net/Articles/370615/](http://lwn.net/Articles/370615/)
* [http://wiki.mako.cc/Antifeatures](http://wiki.mako.cc/Antifeatures)

f-spot and sqlite

I recently tried using Linux [f-spot](http://f-spot.org/), with the intent to make it easier to browse, manipulate, manage and publish my photos. I wanted f-spot to manage my photo screen saver as well. f-spot seems to be good at importing photos, but getting photos removed is a bit more difficult.

I organize my photos by date an a directory structure such as “2010/2010.01.01 New Years Day”. The “2010” directory contains several sub directories. Each sub directory consists of a date and a description. If, for some reason, I import photos into f-spot that I don’t want in its database, I know what directory the photos pertain to. Unfortunately, F-spot doesn’t allow me to remove photos from its catalog by filename or file path. That’s okay though, because it stores its database using sqlite.

I figured this out by running lsof -p pid-of-f-spot, and noticed a file descriptor opened to “/home/jared/.config/f-spot/photos.db”. Then I ran file ~/.config/f-spot/photos.db and it helpfully told me that it is a “[SQLite](http://www.sqlite.org/) 3.x database”.

After a bit of google research, I figured out I could install a SQLite manager on my Fedora system: yum install -y sqliteman, followed by running sqliteman ~/.config/f-spot/photos.db. I was expecting to see a command-line client, but to my surprise, I found a pleasant graphical interface. It was simple to browse the table schema and to run queries to update and morph the f-spot photo database. Note: I’d recommend making a backup copy of the database before altering it.

F-spot may not be everything I want it to be, but I managed to work past its limitations due to the fact that it used a well known, open data storage format.

Persuasion and Manipulation

As I was reading about techniques of scamming and of social engineering, I realized that urgency is a tool that is both nefariously and legitimately used — having a sense of urgency motivates us to stop procrastinating and to act. Salesmen get people to buy products by instilling a sense of urgency. Religious and political leaders get people to act using urgency. Urgency is a persuasive tool.

Persuasion is the act of inducing action or belief in others.

I asked myself the question, “what’s the difference between honest and dishonest persuasion?”. Someone who honestly persuades builds trust, and is trustworthy. They love others, have integrity, and seek to empower others — to build them up, to strengthen them. It is selfless, although it doesn’t preclude deriving joy from helping others.

Someone who dishonestly persuades (manipulates) destroys trust through deception and intimidation. They may withhold information, utilize evasion, character attacks, and impersonation. They attempt to impede critical thinking. Manipulation is selfish. The object of manipulation is power or possessions.

[Laws of persuasion](http://www.bible-teaching-about.com/persuasion.html) include

* Reciprocation
* Commitment & Consistency
* Social Proof (aka conformity)
* Likability (trust, friends, I’m like you, image)
* Authority
* Scarcity (urgency)

I’d add:

* Diffusion of responsibility

That last one can help an individual stand up to pressure from peers. At one point during my [LDS mission](http://newsroom.lds.org/ldsnewsroom/v/index.jsp?vgnextoid=37bc12fccd78f010VgnVCM100000176f620aRCRD&vgnextchannel=3e0511154963d010VgnVCM1000004e94610aRCRD), I had a companion that was a challenge to work with. My mission president told me that if I felt pressured to do something I knew was wrong, to call him and ask permission. His answer would be “no”, and I could put the responsibility of the decision on his shoulders. Normally, I like to take the responsibility of decisions, but in one case, I felt more pressure from my companion than I wanted to stand up to myself. Making that phone call diffused the responsibility somewhat. I appreciated being able to lean on a trusted authority.

Minimizing tracing/instrumentation overhead, injectso

Reading these articles from lwn.net: [Minimizing instrumentation impacts](http://lwn.net/Articles/365833/) and [Debugging the Kernel using Ftrace](http://lwn.net/Articles/365835/), reminded me of [Microsoft detours](http://research.microsoft.com/en-us/projects/detours/) and [Linux injectso](http://c-skills.blogspot.com/) (updated to work with current glibc, kernels).

Global Warming opinions

There are many smart, rational people (and scientists) who believe in a dire future as a result of human-caused global warming, and that billions should be spent to reverse that trend. And there are many smart, rational people (and scientists) who see through the furor of faulty assumptions, faulty claims, and faulty conclusions. Here are several opinion pieces on Global Warming climate change.

[Time for a Smarter Approach to Global Warming: Investing in energy R&D might work. Mandated emissions cuts won’t](http://online.wsj.com/article/SB10001424052748704517504574589952331068322.html) by Bjorn Lomborg (who believes in global warming)

Mr. Lomborg says that spending money on reducing Malaria, HIV, etc. will help people, but spending money on lowering CO2 won’t help people.

[Inconvenient truth for Al Gore as his North Pole sums don’t add up](http://www.timesonline.co.uk/tol/news/environment/copenhagen/article6956783.ece), Dec 15, 2009

[The Climate Science Isn’t Settled](http://online.wsj.com/article/SB10001424052748703939404574567423917025400.html) by Richard S. Lindzen, Nov 30, 2009

Mr. Lindzen is a meteoroligist at MIT, and is one of the chief critics of the climate “catastrophe” claims being made by Al Gore and others.

[Fact-based climate debate](http://www2.ljworld.com/news/2009/dec/16/fact-based-climate-debate/) by Lee C. Gerhard, Dec 16, 2009

—-

Mankind does affect the environment. We are stewards over the earth, and we have been since the [time of Adam](http://scriptures.lds.org/en/gen/1/28e). We ought to be good stewards, and there are many ways to do that. Reducing man-caused carbon dioxide emissions on a global level won’t improve our lives. Improving air quality has improved our lives, and it makes sense to pursue cleaner air in the future. Pursuing safe, clean energy is also worthwhile.

Users, Security and Scams

I read Bruce Schneier’s [Crypto-Gram](http://www.schneier.com/crypto-gram.html) monthly. It’s from there that I found most of these links, with the exception of the ones on social engineering. I found the first paper on scam victims to be especially thought provoking (although it’s long). The video clip demonstrating social proof was amusing.

*[Understanding scam victims: seven principles for systems security](http://www.cl.cam.ac.uk/techreports/UCAM-CL-TR-754.pdf)*

Summary: Scammers manipulate people with distraction, deception, herd mentality, greed, time pressure and by impersonating authority. If something sounds too good to be true, it probably is.

—-

*[Social Engineering](http://www.infosectoday.com/Norwich/GI532/Social_Engineering.htm)* [\[2\]](http://www.chips.navy.mil/archives/09_Jan/web_pages/social_engineering.html) [\[3\]](http://packetstormsecurity.nl/docs/social-engineering/aaatalk.html)

*Summary*: Social engineers exploit people’s tendency to trust and to be helpful. They do this with ingratiation, impersonation, diffusion of responsibility, urgency, appeal to conformity (aka “social proof” or herd mentality), intimidation, deception, and authoritative orders.

There’s an entertaining Candid Camera (http://www.social-engineer.org/framework/Influence_Tactics:_Consensus_or_Social_Proof).

—-

*[The Rational Rejection of Security Advice by Users](http://research.microsoft.com/en-us/um/people/cormac/papers/2009/SoLongAndNoThanks.pdf)*

*Summary*: Security practitioners often dole out advice that is perceived by users as too time consuming. So users ignore or reject the security advice. However, “Advice that has compelling cost-benefit tradeoff has real chance of user adoption…. the costs and benefits have to be those the user cares about”. _Time_ is one thing users care about.

Modern bug trackers

Five years ago, I started a new job and encountered the [JIRA](http://www.atlassian.com/software/jira/) bug tracking system, after having been subject to pathetic bug tracking systems at previous companies. JIRA knocked their socks off in terms of ease-of-use and multi-platform support (it runs in a web browser). I’ve been a pleased JIRA user ever since. Recently, I stumbled on this article about what’s new in some of the best quality bug tracking systems on the market.

> Bug (issue) tracking systems have become a standard tool for any organization that develops software and have evolved greatly in the last years. InfoQ has conducted a virtual panel with people from JIRA, FogBugz, Basecamp and MantisBT about this evolution and the future developments in this field.

The virtual panel discusses integration with IDEs, project planning, story-boarding, and social networking integration.

[Read more…](http://www.infoq.com/articles/bug-trackers)

Safety from patent threats via membership in OIN?

Here’s an article that I think is worth reading. It details how the Open Invention Network (OIN) keeps open source software safe from patent threats. It also explains about patent troll companies and their financial motives. It sounds like it’s worthwhile for companies that rely on OSS to become affiliated with OIN.

[http://lwn.net/Articles/353823/](http://lwn.net/Articles/353823/)

> Bergelt described Microsoft’s patent suit against TomTom as being a part of the software giant’s “totem strategy”. By getting various companies to settle patent suits over particular patents, Microsoft can erect (virtual) totem poles in Redmond, creating a “presumption of patent relevance”. According to Bergelt, Microsoft tends to attack those who try to create parity with it in some area, which TomTom did…. But, Microsoft was surprised to find that TomTom had allies in the form of OIN and others. Originally, Microsoft had asked for an “astronomical” sum to settle the suit, but after TomTom joined OIN and countersued Microsoft, the settlement number became much smaller.

OIN was started by six companies: Sony, IBM, NEC, Red Hat, Philips, and Novell.

Best technologies and productivity

I tend to wonder about the “best” technologies for a given problem. Recently, I’ve wondered why Wicket is reportedly better than Java Server Faces (though I’m using neither). Perhaps it’s human nature to look for the Next Big Thing or for silver bullet solutions that supposedly increase productivity while offering robust features.

Here’s a [blog post](http://www.jroller.com/kenwdelong/entry/my_framework_is_more_productive) that ponders whether a new framework or a programming language can really offer better productivity benefits over an ocean full of alternatives. The author asserts that the real time cost on a project is not in writing code, but in the following activities:

– Communication
– Understanding preexisting code
– Debugging
– Refactoring

Tools or languages that make any of those activities easier are to be coveted. Java refactoring tools outshine those available for Grails. Java is easier to read and comprehend than terse bash scripting. Some frameworks/platforms make debugging easier than others.

Using rsync with SELinux

Last week, I needed to move /home from one Fedora computer to another, and I used rsync over ssh move the data.

On the new system, I noticed that procmail didn’t seem to be working, and neither did Dovecot. Nor could apache serve up my files. This had all been working on my previous Fedora system, which was running SELinux, as was my new system. What had happened?

I hadn’t told rsync to bring across the SELinux file contexts, which are stored in extended attributes. Here is the rsync option I should have used:

-X, –xattrs

I could have used ‘tar’ to move my home directory as well. In that case, I would have needed one of the following options: `–selinux` or `–xattrs`

I resolved my SELinux issues using the excellent [SETroubleShoot](https://fedorahosted.org/setroubleshoot/), which explained what commands to run to restore the proper SELinux contexts on various files.

SELinux requires time to tune, and I use it because it enhances the security of my linux system, which serves up content over HTTP (Apache), IMAP (dovecot) and CIFS (Samba).