The BFC Computing Weblog

For folks who are running the current development, or soon-to-be-just-released Fedora 11, you might find Firefox to be very crashy. It's not because it's the semi-controversial 3.5b4 version (which is excellent), it's because of a buggy library.

I'm running it with the Tree Style Tab and NoScript extensions, and can get a crash half the time when Session Restore is running, and almost all the time when I allow a site in NoScript.

If you run firefox from the console, so you get the debug messages, you'll see:

cairo-ft-font.c:554: _cairo_ft_unscaled_font_lock_face: Assertion `!unscaled->from_face' failed 

when the crash happens. I tracked this down through the Mozilla and Freedesktop bug systems to a problem with the Cairo graphics engine improperly disposing of fonts which it didn't own, for which a fix was incorporated last December. However, the version of Cairo shipping in Fedora 11 is older than that.

So, I applied the simple patch, fixed up the .spec, and put up some new RPM's for i386 and an SRPM for hackers and x86_64 users to build (rpmbuild --rebuild cairo-1.8.6-3.fc11.src.rpm).

I haven't tried cross-compiling from i386 to x86_64 before, and --target=x86_64 doesn't work, so if anybody can tell me how to do that short of learning mock, please leave a comment and I'll put up RPM's for that too.

The Redhat bug is here. Hopefully it gets accepted soon.

To verify the Fedora 10 package downloads, you need the new key they're signing the Fedora 10 packages with, but it's only included in the -release rpm which you don't want to install on some other machines, say your repository mirror.

This works:

rpm --import 'http://pgp.surfnet.nl:11371/pks/lookup?op=get&search=0xBF226FCC4EBFC273'

I wonder why this is different than the -newkey key. Anyway, don't take my word for it, check the signatures to prove it for yourself.

To get the presidential debates as mp3’s:

• go to the [CSPAN YouTube channel](www.youtube.com/cspan)
• Play the debate (before you go home, e.g.)
• Pull the debate .flv file from your cache (e.g. FlashTmp0)
• run it through ffmpeg to extract the mp3

To get the file from your cache, figure out where the flash cache is and run an rsync job like so (OSX paths here):

          #!/bin/tcsh
          while (1)
          #make this flashcopy directory first
          rsync -av --partial /private/var/tmp/folders.$UID/TemporaryItems/FlashTmp* flashcopy 
          sleep 1
          end
          

To convert with ffmpeg:

ffmpeg -i debate.flv -acodec copy debate.mp3

The file’s sound track is already mp3 so ffmpeg simply extracts and containerizes it for you.

And no doubt you can do something easy like download it from iTunes or PBS instead.

Saw this train car at Clark’s Trading Post:

and it made me think of SSL certificates. I think that qualifies me as certifiably hopeless.

I got a spam today advertising a 'virtual conference' called CISSE 2008. Apparently they compiled at least part of their spam list by harvesting the Mozilla Bugzilla database. Their address harvester had trouble with basic e-mail parsing but got enough of my address there to positively identify the source. It's apparently organized by:

          Tarek Sobh, Ph.D., P.E. 
          CISSE 2008 General Chair 
          Vice President for Graduate Studies and Research
          and Dean of the School of Engineering 
          University of Bridgeport                 
          Bridgeport, CT 06604, U.S.A.                
          

I don't know the school, but it got a .edu and the credentials above look real.

I'm curious if anybody reading here has heard of this. I'm sending an e-mail to find out if the credentials assigned are real and if so what theory of rights they have for harvesting the Mozilla database.

Update: I received a response saying that the e-mail list is built from the advisory committees' members personal contact lists. I replied that my address that was targeted exists only in relation to BMO, I don't use the address anywhere else (the words 'bugzilla' and 'mozilla' are in the address). I'll update again when I hear more.

LEBANON, NH, September 1, 2008 – BFC Computing, a computer consulting firm based in Lebanon, NH, has launched McCainPalin2008.us, a website dedicated to news about the McCain-Palin Presidential Campaign. The site is updated with the latest headlines and videos gathered from thousands of news sources around the globe. McCainPalin2008.us provides a single location for news readers to find updates on the presidential campaign. Rather than having to sift through other news sites to find information that may or may not be relevant, McCainPalin2008.us gathers all of that information into one place.

Bill McGonigle, owner of BFC Computing, says, “McCainPalin2008.us is based on a technology we’ve been developing called NewsMaker, a tool for rapid deployment of specialized news websites. We recognized the likelihood of this ticket in July and began work on the site then. We realize many folks are political news junkies who want to focus on specific topics, and for them we hope this site is helpful and enjoyable. Expect improvements through Inauguration Day.”

For up-to-the-minute coverage of the McCain-Palin campaign, visit http://McCainPalin2008.us . BFC Computing works with clients to develop computing solutions that exceed their expectations. Open Source allows BFC Computing to deliver solutions that are ideally customized to clients needs, protects against obsolescence, and delivers top-notch security. For more information on BFC Computing and its services, visit http://bfccomputing.com or call (603) 448-4440.

Twittervision is combines Tweets and geo coding to show a realtime display of what people are Twittering. It’s quite a beautiful thing to watch, especially the 3D view.

I guess I wasn’t aware that Twitter fed all updates to third parties, so that’s something important to be aware of - it’s not just your followers who are seeing your updates.

I’m not sure it’s actually useful, but it certainly is neat, so probably it is useful to somebody.

I wonder if Twitter will be coming up with a trademark licensing program to allow apps like this to live peacefully.

The geeks are taking over society, re-making it in their own image.

“How’s this then?” you may ask.

Consider that reality is what you perceive. What you perceive is based on what you know.

So then, what is it that we know? It’s either what we’ve derived ourselves or what we’ve been told or read. Most of us learn far more from others than we figure out on our own.

These days, if an average person wants to know something, where do they turn? Some people go to the library, but most go to Google, or someplace more specific, like Wikipedia.

Now, to add to Wikipedia, you need to learn MediaWiki markup. Most people don’t want to learn this. Geeks have no problem diving in, so they do it. They build an encyclopedia based on their perceptions and biases. Consumers of Wikipedia believe it to be true. Not that Wikipedia is usually incorrect, but perceptions are formed based on what is included or not included.

How about Google? Google tells you what’s out there, and it’s ranked primarily by how many links are pointing to a particular article. Who makes links? The geeks do. Google is a ranking of what geeks think is important, to a large degree.

And, again, users of Google generally accept its rankings to be ‘good enough’ for their needs. They don’t usually ask, “but what else is true that Google hasn’t told me?”

From the blogosphere to major media, to presidential campaigns, much of what “true” is based on what is found online. And what is found online is what the geeks feel like putting there.

If the industrialists shaped the last century, the geeks are going to shape this one. Sit back, enjoy, and go have a look at what’s popular on YouTube today.

There’s some grumbling about that Google is going to start targeting media ads to people based on their search preferences.

There’s only one thing to say about that: bring it on!

Having just sat through a Clairol hair coloring commercial to view a short news clip, I can’t think of any less efficient use of anybody’s resources. I don’t have enough hair to even think about coloring, CNN’s paying for the bandwidth, Clairol is paying per impression - everybody’s time and money just got wasted, and some would say the planet just got a bit warmer.

At least if it were an ad for Just for Men I’d at least be in the target market, but they’d do much better to try to sell me a Netflix Roku box, because I don’t think I can hold out much longer.

Ouch.

Every flash-enabled web browser without a Flash-blocking feature (ala NoScript) is vulnerable to remote compromise.

Having this much exposure completely controlled by one proprietary 3rd-party closed-source vendor is bad for the ecosystem. There’s a Free Flash clone underway, but it’s not good enough to replace Flash for many sites that require Flash, and many sites now require Flash.

Please, website designers: Stop hurting the web. Make sites that can be used without Flash, and add all the glam you want around it. Because Flash isn’t an open standard this problem will always exist. AJAX and SVG can accomplish all or most of what Flash can do, and any talented designer can figure these out.

Update: Adobe has updated their info, and it appears the very latest version (9,0,124,0) is not exploitable, thus this is not zero-day, and I didn’t need to publish this article. Title was: “0-Day Flash Vulnerability In The Wild”.