Articles
A new reason for leaving Ubuntu
So, if you’re wondering yourself: “Why, Ubuntu is in the process of making everything quite a bit more annoying and fucking things up”, yet still think “that might just be misjudged opinion”, then fret no more. There’s an easy way to now know that Canonical has officially gone bonkers.
After installing an annoying App Market-like “Software center” by default, switching users over to a IM client that’s only remotely usable, trying to sell you a cloud-based storage solution and switching to Yahoo as the default search engine, you really have to wonder what the guys responsible are up to.
So.
In short, Canonical is on the verge of going Apple. Just bail boat while you still can.
D&D item: Martyr’s Collar
Seeing how everyone else is currently creating interesting items, I thought that I should throw one of my ideas into the mix. And after a bit of tinkering with how it should work, I present:
Martyr’s Collar Level 5
Resting tight against the throat, the wearer is always reminded of the price of sacrifice.
Lv 5 1.000 gp
- Item slot:
- Neck
- Property:
- This item can mean instant death for the character. To wield it, the character must succeed at a hard willpower check. After three failures, the character needs to take an extended rest before trying again.
- Power (At-Will ♦ Necrotic):
- Standard action. A conscious and willing character may activate the collar while it is around their throat. The collar magically constricts, severing the user’s head from their body. The user’s life energy serves as a power source for the collar and sends every attuned ally in range (burst 10) to the point defined by the attuning process.
Being able to survive the decapitation does not save the user, as all of their life energy is used up to power the collar’s magic.
The allies do not need to be willing, conscious, or even alive. If, for whatever reason, the destination is not reachable, the collar will not activate. After the teleportation, the collar expands to its normal proportions and loses any attunement. - Power (Daily):
- Standard action. Every willing ally in a burst 5 are attuned to the collar, and the item itself is attuned to the location. When the at-will power is used, all allies attuned and in range are transported back to the current location. The collar does not need to be worn to be attuned; any character touching the item can initiate the process. When passing between owners, the item does not lose connection to any attuned user or the attuned location.
Nobody really knows how these devices ever came to be, but they seem to have been used by devout and loyal warriors throughout time to save comrades from certain death by using their own life to shield them. The ultimate heroic sacrifice, most souls sacrificing their bodies this way ascend to the Astral Sea.
Trusting self-signed certificates with Google Chrome on Linux
Update: added the “C” flag to SSL attributes which I accidentally forgot to include.
Also changed $HOST to $host, as $HOST is the shell parameter for the current hostname…
If you’re not really sure about how you can stop Chrome from permanently reminding you that the server you’re connecting to is a bad boy (read: using a self-signed certificate), you’ll probably end up looking at CACert’s Browser Client page by way of Google. With a bit of reading documentation, you can probably find out how to import a self-signed certificate and mark it as trusted, but since you’re probably lazy, you’d rather just copy and paste a few instructions.
First, I have to stress is that blindly trusting a certificate you download off the internet is a Bad Idea. But expressing a certain laissez-faire attitude: if you’re stupid enough to copy and paste blindly, you deserve it.
Second, simple copy and paste instructions:
openssl s_client -connect $host:443 -showcerts > temporary_file certutil -d sql:$HOME/.pki/nssdb -A -t CP,,C -n "$host" -i temporary_file
Third, explanations:
- s_client just connects to the given hostname, 443 being, as you should know, the (default) HTTP SSL port.
- –showcerts shows all kinds of information about the certificate, including the certificate itself. You will probably have to hit ^C/^D to stop s_client.
- If you get multiple (and different) certificates, first one will be the server certificate, and second one the CA certificate.
- certutil (package hint: libnss3-tools can be used to manage your local «Network Security Services» SQLite database.
- The specified argument for certutil are:
- The database to use (in this case, the user-specific NSS database).
- The flag to add something to the database (-A).
- The “trust types” for the certificate, in “SSL, S/MIME, CA” notification: “P” for a trusted peer, and “C” for a certificate authority that may issue server certificates.
- A shortname to identify the certificate in the database. The hostname works well and is fairly obvious.
A records on top level domains
After I stumbled upon the wonderful URL shortener http://to/ today and immediately began posting it on IRC, I received a comment that someone didn’t even know that is was possible to do so. I, of course, could only comment “of course it’s possible”. But in the same train of thought, I just had to have a look at who else has a valid A record on their top level domain. So I fetched the IANA TLD list and, after being baffled by the punycode TLDs, threw some sh at the problem:
(for domain in $(grep -v '^#' tlds-alpha-by-domain.txt); do host -t A "${domain}."; done) | grep -v 'has no A record'
For the sake of enjoyability, I thus offer the results in table form, along with what kind of site is running on port 80. Data timestamp is 2010–01-08T16:05:00+0100, location for routing is DTAG-DIAL26 / AS3320.
| TLD | IP | content (port 80) |
|---|---|---|
| AC | 193.223.78.210 | “Always connected” (NIC.AC) |
| AI | 209.59.119.34 | “Offshore Information Services” |
| BI | 196.2.8.205 | “It works!” |
| CM | 195.24.205.60 | cm [195.24.205.60] 80 (www) : Connection refused |
| DK | 193.163.102.23 | “DK Hostmaster” (NIC.DK) |
| GG | 87.117.196.80 | Channel Isles Domain Registration |
| HK | 203.119.2.28 | hk [203.119.2.28] 80 (www) : No route to host |
| IO | 193.223.78.212 | NIC.IO |
| JE | 87.117.196.80 | Channel Isles Domain Registration |
| PH | 203.119.4.7 | HTTP 500.100 via broken Microsoft IIS |
| PN | 80.68.93.100 | Apache default home page |
| PW | 203.199.114.33 | pw [203.199.114.33] 80 (www) : No route to host |
| SH | 64.251.31.234 | sh [64.251.31.234] 80 (www) : No route to host |
| TK | 217.119.57.22 | “TK your long URL”, free .tk domain name registry |
| TM | 193.223.78.213 | NIC.TM |
| TO | 216.74.32.107 | TO./ URL shortener |
| UZ | 91.212.89.8 | some WAP page I can’d decipher |
| WS | 63.101.245.10 | ws [63.101.245.10] 80 (www) : Connection timed out |
So, in short, 5 of 18 (27%) are downright broken, one is being autistic, and a further 2 (11%) are not configured to do anything meaningful, leading to a total of 8 — or 44% — of TLD A records being useless. Bonus: none of the sites have AAAA records and, thus, no IPv6 availability.
Discordian iCal calendar
Since I was playing around with Date modules a bit, I decided to conjure up some iCal files for the Discordian calendar, which chronicles the Year of Our Lady Discord, as described in the Principia Discordia.
With the goal eliminating any kind of dependency on actions by me to generate the calendar files, I just pregenerated them for the whole 21st century.
The files are stored at /discordian/$year.ical, with $year ranging from 2001 (which was the real start of the century and the millenium) to 2100.
For the sake of easy access — and as an experiment to see what Google’ll make of it — I’ve compiled a handy table so you can just click for the file you want.
Feel free to include this on your Google calendar (will make for an interesting traffic study) or redistribute it with a kudos to me, linking to this page (http://ydal.de/discordian-ical/). Copyright shouldn’t be an issue since this compilation does not exceed the Schöpfungshöhe, but I’ll declare them to be CC-BY-DE 3.0 just in case.
Ubuntu — why it sucks
Earlier this year, I switched from Debian to Ubuntu on both my netbook and my desktop machine, because it quite pleased me how well it worked. For the netbook, this was sort of appropriate, when ignoring the fact that a netbook is slow by principle, but with my desktop, my choice might have been less than wise.
Jaunty, 9.04, left me with occasional random crashing of my X server, and applications sometimes only starting at the second try, if at all. You’d get situations like banshee firing up, drawing the window on the desktop, and then locking up — which my compiz duly acknowledged by shading the window after about fifteen seconds. You kill it, you restart it, everything works.
Add to this some other applications (like Evolution, Nautilus and Tomboy), along with the fact that GNOME Do just seems to randomly evaporate into digital nothingness in the course of my uptime, and voila, you have a system that works mostly well, but just sometimes annoys the hell out of you, especially when the X server crashed the system because you did something like Alt-Tabbing while you had two applications running fullscreen on different monitors. Yep, it happened.
So, alas and behold, comes the saviour: Ubuntu 9.10, Karmic Koala! It shines, it glitters, and it saves kittens from trees! Everything is so much better with it!
… not.
Karmic, in the vain hope to be so much greater to the common good, tries to optimize and dumb down things for the users. Which, according to others, seems to work splendidly — but absolutely failed on my end.
My woes with the rare animal
odin (the desktop)
For the record: odin’s specs are something along the line of a Core2 Duo, GeForce 260 linked to two screens, a couple of terabytes of hard drive and a SoundBlaster SB Live! 5.1, after the onbound soundcard started acting up and being generally retarded on the gaming OS.
- Boot time has gone way … up. Even though it’s supposed to be optimized for quicker boot and whatnot, my previous “less than ten seconds” boot time somewhat diminished in the face of the optimized bootup, which made my resolvconf (which I haven’t even touched!) for no apparent reason, adding a 30 to 60s timeout on the top.
- It solved the crashing problems … not at all. The only it actually managed is to get bug-buddy to be all “It looks like nautilus crashed” with a nice dialog saying I should report a bug to Ubuntu. Which I won’t, since there’s nothing logworthy to submit, it just dies and that’s it.
- The sound interface has been made super-easy! And, also, bloody hard to configure correctly. The new sound preferences eschew any kind of knowledge about your sound card and just presume to know better than you, which is exactly why it thinks it should fiddle with the Master volume of my Soundblaster when on four way stereo mix up, which controls only two channels, and not the PCM, which then regulates everything. Jaunty allowed me to change the mixer control to one I deemed best — no dice in Karmic. I now need to fire up alsamixer for that, and can’t use my keyboard volume wheel without fiddling.
- Speaking of sound, it has become even more annoying to find a way to turn off the logon sounds with GDM, since gdmsetup has been replaced by something which does quite about nothing at all.
- And, of course, hibernate doesn’t work anymore. As if any distribution would ever get that right.
baldr, the netbook
- Boot time has gone way … up. Yes, even one the famed “we sooo lurv you” Atom notebooks Karmic pretends to like so much, performance pretty much went down the drain.
- Improved external monitor support! Plug in a second screen, get none of the real estate! As soon as I plug in the VGA display while the laptop is still running, screens go irreversibly blank until reboot. Having it plugged in while rebooting allows you to run 800×600 on both displays, cloned, without the ability to change the resolution.
- Hibernate doesn’t work. Even though it did before.
- And myriads of minor nuisances like stutters and all that jazz.
May I note that this even happens when being freshly installed from source on the netbook, so this is no tale of the common upgrade blues.
Conclusion
Well, I’ll probably be changing distribution soonish, yet again. Fedora might be a neat idea for the netbook, not yet sure if I will revert to Debian on odin.
The Karmic Koala is becoming increasingly extinct and fails to reproduce appropriately even with an accepting mindset.
Internet address (IPv6) autodiscovery
At the U23 yesterday, we included a simple practice lesson on how networks work. We have a server on our network called fiep.labor.koeln.ccc.de. fiep only has a single address, 192.168.23.240/25 according to the local DNS server, as opposed to the rest of the network, 172.23.23.0/24.
The router did not announce any route for 192.168.23.128/25, but fiep still had addresses in other networks (172.23.23.23 as well as an address in 2001:6f8:100c:1::/48), but they weren’t announced anywhere.
The task, as given, was “to connect to http://fiep/hacking4pizza/”. In essence, this reduced the task at hand to either just giving yourself an IP in the 192.168.23.128/25 network or just setting a route for said network, and then opening up your browser. Along with other workarounds, of course, that do require knowledge not easily available.
We had an interesting case, though: one single Mac user could connect to the host without problem, just typing in http://fiep/ and everything’s good.
Confusion was amongst us. We couldn’t quite explain how the Mac managed to just access the site. We assumed it was IPv6, blocked it, and voilà, it didn’t work anymore.
Vague theories were ramped up. Mine was the scariest, and also rather possible:
- The client looks up the hostname, as usual.
- It gets the IP, sees that it has no route to go there.
- Next, an ARP request is pushed out for the IP.
- The switch comes yapping along and says “got it!”, along with the MAC address.
- The client then generates an IPv6 address from the MAC address.
- Voila, connectivity.
There’s just two points where this would have went wrong:
- Usually, the default route catches any stragglers.
- Why generate a v6 address when it gets a connection to the v4 address? Of course, it doesn’t know whether the router will actually forward anything at all.
In the end, though, it was something way more simple: we still had an external DNS server which propagated the public IPv6 address, and the client was using an external DNS server.
But trying to find out what actually happened did prove quite entertaining.
DNS prefetching for spam address verification
Seeing how DNS prefetching is the new fad with browsers, I reckon there’s an easy way to confirm valid addresses of webmail service users:
- Control a DNS to assign unique hashed hostnames.
- Integrate links to hashed hostnames in spam mails.
- If the recipient uses current Chrome, Firefox, etc:
- The DNS prefetcher will resolve the host name,
- Giving you a confirmed hit for the address in your logfiles, since your unique hostname gets resolved.
Kind of reminiscent of the whole “oh, we can have e-Mails with HTML, let’s put in images!” affair. The only thing that might be a bit of a problem for a spammer is getting a domain with DNS server control.
Advanced interaction in FPS
There is always a bit of methological slowness when it comes to the first person shooter genre of computer games: developers are lazy to trying something new, lest they fall flat on their faces. This is sort of true when it comes to advances in level design and graphics, where there’s a bit of tendency to move along, but only on known lines — next to nobody really adopts open levels. If they do, they are either of (next to) no impact at all (I’m looking at you, Frontlines: Fuel of War), or they change the whole game into something that gravitates around certain hot spots, as in S.T.A.L.K.E.R.: Shadows of Chernobyl, for example, or the first actual FPS doing this, Strife. And something so open like Operation Flashpoint, even though sporting quite impressive graphics, was never as successful as a rehash like Crysis which just slapped supreme graphics on old and proven FPS concepts.
Then, there was the other extreme, wer something radically new was tried. Games like Trespasser, which was a game set in the Jurassic Park universe with some rather nice graphics, and a very freaky control system. In this, you directly controlled the arms of your character, moving them around, rotating hands and clenching fists manually to grab levers or push buttons.
It was horrible.
But the thing which hasn’t changed at all for quite some time is how your character interacts with the world at large. The big changes in this category:
- Doom started out with using your keyboard arrows to move you along, and
PgUp and PgDn for aiming up and down. - Quake introduced the mouse into the mix, which still took some time to get adopted, though.
- Then, Half-Life introduced the WASD key layout to accompany its plethora of special keys, which also popularized the “use” button to interact with environment objects, instead of just running into or shooting them.
- Recently, gamepad controllers are often used, and there’s a shift in layout mapping to conform with the limited amounts of button available on a controller.
And that’s very much it. For eons, you run around using your use button to make stuff do other stuff. Besides just activating switches, you have your use key triggering dialogues, opening doors, picking up things, and just about everything you can imagine. If you do anything that borders on complexity, you’d probably get a pop-up dialogue explaining your options to you, totally breaking game immersion and, in a few sorry cases, actually kicking in the fourth wall with a vengeance.
This was the case even with my beloved complex games like System Shock, even if they tried to be somewhat immersive in their interface. But then, there came the least likely candidate for reform ever: Doom III. Nobody expected D3 to be anything but a new “shooting demons” thingy; yet not only did it come along and introduced story to id Software games (which Quake IV continued to flesh out), but it also introduced a revolutionary immersive way of using computer consoles: instead of activating them with your use key and then clicking around on the screen, D3 just changed the crosshair into an arrow when you viewed at the controls of a terminal and allowed you to push and manipulate buttons without ever breaking immersion into the universe.
An example (just the first few seconds, really):
Example screenshot, blatantly stolen from the site in my post scriptum:
But it didn’t last. And I wonder: why? Was it too complex? Did it alienate the traditionalist that he had to do more than push ‘e’ to use a computer? It’s just so good, yet nobody seems prepared to adopt it to their games. Bioware’s Mass Effect is quite good at trying to keep immersion high and making the player experience the game, rather than just play it — but they, too, resort to breaking immersion when it comes to computer terminals, using a combined inventory/data storage system on a separate screen.
The question remains: Why? It’s good, it works, it’s not hard to learn — so why avoid it?
P.S.: While searching for good screenshots, I found an article called Through The Looking Glass — Fully Interactive Surfaces In DOOM3 by Bernd Kreimeier, which explains things in a bit greater detail.
Maemo vs. Android
Since I can probably declare my Nokia N810 dead after a rather undeliberate exposure to not really fresh water, I’m on the lookout for a workable replacement. Seeing that Apple, despite all its glossiness, is quite a pile of crap when it comes to software developement and free standards, I thought there was only one choice: Android.
That was, until I found out that the next Maemo device from Nokia, the N900, also dubbed “Rover”. There’s also real pictures available, not mockups.
The N900 would then, of course, be pitted against the HTC Hero.
Now, first, hardware. A quick comparision:
| HTC Hero | Nokia Rover | |
|---|---|---|
| CPU | 528 MHz Qualcomm® MSM7200A™ | 500/600 MHz OMAP 3430 |
| RAM (physical) | 288 MB | 256 MB |
| Dimensions (L⨉W⨉T) | 112mm ⨉ 56.2mm ⨉ 14.35mm | 59.7mm ⨉ 111mm ⨉ 18.20mm |
| Weight | 135g | 180g |
| Display | 3.2″ 320×480 (HVGA) | 3.5″ 800×480 (WVGA) |
| Connectivity |
|
|
| Storage | 512 MB internal (~150 available), SDHC slot (16 GB) | 32 GB internal, SDHC slot (16 GB) |
So in essence, the Rover trumps the Hero in storage capacity and screen resolution, has a slight advantage in CPU, succumbs in RAM and weighs more. But of course nobody has yet been able to touch the Rover from a reviewer’s point of perspective, and if it is anything similar to the N810, the sliding keyboard will wiggle all the time and annoy you.
The main question would probably the choice of operating system: Do you want Google’s shiny Android mobile phone operating system? Or do you want Nokia’s Maemo 5/Fremantle, a Debian port initially designed for mobile devices without phone connectivity?
From a nerd or hacker point of view, maemo is very interesting, since it’s basically an embedded Debian, with all its advantages and disadvantages. But you have to ask yourself: so far, the other Nokia Internet Tablets have been good secondary devices. You have your mobile phone for your RL connectivity, and the NIT, probably connecting to the Internet via your phone, handles the CPU-churning Internet activities. The question arises whether the new generation of smartphones actually requires this kind of distinction.
On the other hand, you have the Android operating system, specifically designed for smart mobile phones. This alone gives it the advantage of being more streamlined to mobile phone needs, which helps quite a bit in usability.
The great advantage of the Maemo system, as opposed to anything around at its time of inception, was it being almost completely open source, and based on Debian. So, with a fair bit of luck, you could just compile a Debian package in the right build environment, and it would probably run on your maemo device. And since you had GTK as your windowing basis, well, developing your own apps was easy, too.
But with Fremantle, Nokia’s changing to Qt to keep up the spliffyness with iPhone OS and Android, which will make all the old GTK applications look a bit out of date. While this may be a ‘good’ move to go towards mobile phoneness, it will probably alienate the fanbase to no end to sudddenly have to do Qt. I’m guessing this will end bad.
On the other hand, people claim about Android being from evil evil Google, and thus not trustworsty. What I’m asking myself, especially after writing down why I’m more inclined towards the Android OS, and, thus, the Hero: is it worth waiting for the Rover, being ‘reduced’ to my S60r3 phone until I can decide whether it is better or not?
Categories
Werbung
Tags
Lifestream
-
Bad Company 2 has quite a few subtle puns on other shooters. They poke fun at Modern Warfare 2, but also homage to Crysis and even Heroes. [towo]
-
Shared Lunner: "Bento Box Combo".

