Posts for September 2007

2007-09-11: kadmin-remctl 1.9

To work around the lack of security in iPass (which is otherwise a nice service), we're giving all users who get to use iPass a separate instance to use for authentication. Windows RADIUS wants to control access to a service via an authorization group, and we don't want people to use their primary accounts, so we need to add iPass instances to a group when they're created. This release adds the code to do that. Not that generally applicable to anything else, but it can't hurt, and it's a good example how to do this sort of thing.

You can get the latest version from the kadmin-remctl distribution page.

2007-09-13: Latest haul

It's been completely nuts around here lately, both in terms of the number of things I have to do and the amount that's going on, so posting here has gotten short shrift. Hopefully that will change a little, since for the next of the month I get to focus mostly on finishing the wallet implementation.

I've finished a bunch of books but haven't been writing reviews. That too I'm hoping to change soon. I have one finished to edit tomorrow and another five to write.

I got another Powell's order in, plus I went to the Friends of the Palo Alto Library book sale last weekend with a friend and picked up a bunch more for cheap. Here's the results:

Greg Bear -- / (Slant) (sff)
Hanne Blank -- Virgin (nonfiction)
Berkeley Breathed -- Politically, Fashionably, and Aerodynamically Incorrect (comic strips)
A.S. Byatt -- Possession (mainstream)
Richard Carlson, Ph.D. -- Don't Sweat the Small Stuff... and It's All Small Stuff (nonfiction)
Juan Cole -- Napoleon's Egypt (nonfiction)
Jerome Groopman, M.D. -- How Doctors Think (nonfiction)
Tony Morrison -- Beloved (mainstream)
Vera Nazarian -- Lords of Rainbow (sff)
Karl Schroeder -- Queen of Candesce (sff)
Jon Stewart -- Naked Pictures of Famous People (nonfiction)
J.R.R. Tolkien -- Unfinished Tales (sff)

I already had a copy of Unfinished Tales, but I found a hardcover copy for very little and didn't want to pass that up. I'm slightly annoyed at the excessively long titles of this batch since I'm going to have to fit them into my review pages. *heh*

The Palo Alto book sale is a great chance to pick up classics I'm not sure I'll enjoy, since there's much less investment of money to get them there. Of course, the real problem is the investment of time.

2007-09-14: The Cognitive Style of PowerPoint

Review: The Cognitive Style of PowerPoint, by Edward R. Tufte

Publisher: Graphics Press
Copyright: September 2003
ISBN: 0-9613921-5-0
Pages: 27

This is more of a pamphlet or an essay than a book, and on the first reading I didn't write a review of it because of that. But the content is so notable and excellent and the quality of the printing (thanks to Tufte's Graphics Press) is so high that I think it warrants a full review. I believe the content of this essay, at least in one form, is present as a chapter in Tufte's latest book, Beautiful Evidence.

Tufte has written a series of exceptional and beautifully produced books on presentation of information: graphs, diagrams, maps, and similar presentations. His normal style in all of these works is to show and critique examples, showing both positive and negative ways of presenting information and sometimes taking a presentation and rewriting it to improve it. The strongest parts of these books are usually his pointed, trenchant, and often funny critiques of the worst examples. This essay, composed almost entirely of the sort of horrible content regularly produced by PowerPoint, is a delight.

Similar to the analysis of presentations about the Challenger o-rings in Visual Explanations, the centerpiece of The Cognitive Style of PowerPoint is an analysis of the horrible presentation of the problems with the shuttle Columbia before its disastrous return. Tufte uses this presentation, done with PowerPoint in the normal bullet outline format that such slide software encourages, as a compelling example of muddled thinking, confusing typography, false summaries, hidden information, and ineffective communication. His analysis is backed up by the final report of the Columbia Accident Investigation Board, which calls out PowerPoint specifically:

The Board views the endemic use of PowerPoint briefing slides instead of technical papers as an illustration of the problematic methods of technical communication at NASA.

Tufte goes from there to attack the reduction of thinking to bulleted lists, the PowerPoint graph templates and tables, the low resolution of projected slides, and the standard methods used for presentations in businesses and organizations all over the world. He's in fine form here, pulling no punches. Everyone who has sat through interminable meetings where bullet points of meaningless buzzwords are slowly dribbled out via overhead projector will be cheering him on, and he backs up his disgust with specific examples, concrete suggestions for improvement (mostly around using higher-density supporting documents like handouts). He also uses satire quite effectively, including a hilarious rewrite of the Gettysburgh Address as a PowerPoint presentation by Peter Norvig.

As with all Tufte publications, this is a bit spendy for what you get ($7 for a short, although full-sized, pamphlet from Graphics Press), but the paper, printing, layout, color, and production quality are first-rate. This is a dense example of the analysis that Tufte does best, and while it doesn't teach on as broad of a front as his books, I recommend it for anyone who gives presentations or has to listen to them. I don't know if anything can get rid of PowerPoint culture, but I wish this essay were universally read.

Rating: 9 out of 10

Permanent review page

2007-09-18: pam-krb5 3.6

I'm still feeling rather swamped, and fighting off a cold isn't helping with energy levels, but I'm slowly making progress. I'm on target for having a first release of the wallet finished around the first of October, and I'm starting to clear my backlog of pending patches and fixes for the other packages I maintain.

I tracked down some segfaults we were seeing on Red Hat x86_64 systems with unknown users and fixed that bug, fixed the two outstanding Debian bugs in libpam-krb5, and finally added support for prompting the user for a Kerberos principal to authenticate as, separate from the local account. That plus some fixes on Solaris and some other bug fixes are in this release. It's been a long time since the previous release, although the code is stabilizing.

I'd still like to do a major code cleanup pass and then add a test suite, but that's going to be hard, particularly the latter. Not sure when I'm going to have time.

You can get the latest version from the pam-krb5 distribution page.

2007-09-18: spin 1.65

Another spin user reported that spin would output blank lines at the start of the XHTML file if \heading was preceded by other commands that didn't produce output, such as \id, and didn't start its own paragraph. In the process, I fixed another long-standing whitespace bug that had been bothering me and producing empty paragraphs in my book reviews by making spin smarter about ignoring whitespace at the beginning of multiparagraph arguments.

You can get the latest version from my web tools distribution page.

2007-09-19: Undertow

Review: Undertow, by Elizabeth Bear

Publisher: Bantam
Copyright: August 2007
ISBN: 0-553-58905-4
Pages: 332

Greene's World is a colony world far from the Core, a watery, marshy world with a native species with a low level of technology. Humans have mining outposts and a city of ships that can scatter before the periodic hurricanes. They have communication with the Core worlds through connex, a network that can pass information and various objects but not living creatures. There's trade, but the colonists are here to stay unless they're willing to absorb a huge time gap from relativistic travel back to the Core. That makes Greene's World a good place to hide. It also means that the trade company that settled and exploits it can rule with little resistance.

Undertow is a frontier story, featuring a mix of unsavory characters and people with a hidden past and set in a background of colonial exploitation. The ranids are used as slave labor, abused, beaten up, and treated like animals. Several of the main characters are involved with a resistance movement, one that the others discover and are pulled into as the story unfolds. And the mining and drilling the company is doing turns out to be for much higher stakes than is at first apparent.

The two primary twists of this story are the ranid race and a probability-based magic system with some hand-waving explanations in quantum mechanics. The latter isn't hard SF by any stretch: conjurers can modify probabilities and essentially bring good or bad luck to those they chose or cause unlikely accidents to happen. It functions in the book as a sort of native knowledge. But it's not entirely anti-technological and Bear weaves it into the technology that allows universe-spanning communications. Unfortunately, the quantum mechanics link leads to a climax featuring bifurcation of worlds that I found confusing and less than satisfying, but it otherwise is a fun magic system that doesn't overpower the technology. I like powers that are unreliable, subtle, and play with the heads of the characters.

The better twist is the ranids. Bear does a good job with alien design, giving us scenes from the ranid viewpoint and scenes where the same actions have very different meanings to the ranids and the humans. The touches of detail — a protective mucous layer, life in lukewarm water, the smell and taste of different regions, and the importance of touch and eye contact — helped me get into their mindset and play with the world as they view it. The ranid link to conjuring and probabilities was a bit less satisfying but it fit well with ranid culture. I liked the culture built around stories and around travel. This is a solid alien portrayal that avoids many standard traps (including some around human/alien communication, which I think Bear dealt with well).

Otherwise, we have the normal Bear cast of people with past damage, people reinventing themselves, and people making mistakes and living with the consequences, stuck a mix of networked living, frontier problems, and some political commentary on colonialism (although the correct side in that fight is mostly taken for granted). There's an eerie (if accidental) similarity to Spin State, but while Moriarty's society reminded me of US coal miners, Bear's reminds me of indigenous Central and South Americans being exploited by European and US mining companies. It's a similar background, but Bear's material deals more with the us versus them edge and sharp differences in technological capability. I liked how the background of injustice didn't overwhelm. It's not unimportant, but it lets a plot run on top, avoids lots of infodumping, and shows a more practical reaction than frothing outrage.

I really liked most of this book. Cricket in particular is a great character. André I didn't warm to as much, but I appreciate a protagonist who isn't a noble hero, or even a likable scoundrel, but really is a self-centered opportunist who still has a streak of peculiar ethics. The climax and ending, though, didn't do as much for me. I felt like the political background was a touch too thin and a little too unexplained to hold the weight of the plot, and I could have done with a bit more explanation of the probability fallout and conclusion.

Bear's books keep almost but not quite reaching exceptional for me. Each new book I open hoping this will be the one that makes that quantum leap, but it hasn't quite happened yet. Undertow is good, solid entertainment, not quite as good as Carnival, but still well worth reading. I'm convinced, though, that Bear's eventually going to write a book I can't stop raving about.

Rating: 7 out of 10

Permanent review page

2007-09-29: pam-krb5 3.7

I'm working way too many hours lately and I'm still not getting done everything I want to get done. It's kind of a problem. And this wasn't even at the top of the priority list; someone just happened to send me a bug report, I fixed it, I decided that fixing another bug report would be easy, and four hours later, I ended up releasing a new version.

This cleans up a lot of random stuff. If a keytab is given for credential verification, it uses the first principal found in that keytab for the verification. I have no idea why the Kerberos library doesn't do this automatically; not doing so is stupid. It also fixes the behavior when stacking the module together multiple times with different realms, uses a saner name for its PAM data, doesn't store PAM data if there's no ticket cache, and should be more thread-safe when running under Linux PAM. I also biffed the configure flags determination in the last release, and this fixes that plus pulls from pam-afs-session the compilation rules for various other platforms.

You can get the latest version from the pam-krb5 distribution page.

2007-09-30: pam-afs-session 1.5

While I'm working on PAM modules, I may as well update both of them.

Just a collection of minor fixes here, including some memory leaks that I tracked down this evening and a NULL pointer dereference after memory allocation that a user reported. This module seems happily quite stable at this point.

You can get the latest version from the pam-afs-session distribution page.

2007-09-30: pam-krb5 3.8

It's always right after I finally do a release that someone reports a major bug that's been there for several releases.

It turns out that the new credential option allocation function introduced with PKINIT doesn't initialize the returned option struct and you're still expected to call _init. Weird. The result was that, when built against a sufficiently new version of Kerberos, users with expired passwords would no longer be prompted to change them and instead just wouldn't be able to log in.

While I was fixing that, I also cranked up the warnings and included some build system fixes that missed the last release.

You can get the latest version from the pam-krb5 distribution page.

Last modified and spun 2017-02-20