Posts for February 2009

2009-02-02: Native habitat

Moss in bark

One of the things I love about moss is that it seems so at home in its habitat, making use of little cracks and crevices to flourish.

I'm home again, hopefully to stay for some time. Tomorrow is the first day of getting back on a more normal schedule. I'm quite looking forward to that. It's been a good first month of this year for my focus and general mood, all things considered and despite some external trouble, but it's also been a chaotic one. Right now, I want a couple of months of normalcy so that I can work on my day-to-day mood, focus, and attention.

2009-02-03: First chain picture

Links in sunshine

The main reason why I take pictures is to teach myself to look at the world in a different way, and one of the games that's fun to play to help with that is to study a particular common object. And I like the look of chain. See the new gallery introduction for more of the explanation. I finally got up to one of those pictures. There are several more coming.

I think I realized something interesting about my concentration today. I've known for a while that I tend towards multitasking too much. I turn on the TV or turn on music, start too many things at the same time, or flip between windows rather than focusing on what I'm doing, but I have a hard time not turning on the extra inputs. Yesterday, though, I noticed that while I was at the computer and working, I wasn't thinking about the TV or considering turning it on. But as soon as I got up to get something to eat, I immediately thought "hm, it would be nice to have the TV on in the background."

I've been reading Mihaly Csikszentmihalyi's Flow (about which quite a bit more later), and one of his basic points is that the brain can only process a certain number of inputs. One enters a state of flow when all or nearly all of that processing is focused on what one is doing rather than on other distractions. When I was sitting at the computer working, I was focused and using all of my brain's inputs. As soon as I got up to do something much less demanding (make food), I think my brain suddenly felt bored and started seeking additional inputs.

If I'm right about this, it's a very useful discovery. It means that I can adjust for this effect and decide to turn on other inputs only when I'm feeling bored or restless while engaged in whatever my primary task is at the moment. If I take momentary breaks, my desire for extra inputs during the breaks shouldn't count; I should just wait until I can get back to what I'm doing.

I experimented with this some today and it seems to work. It's rare that a discovery about time or attention management is quite this straightforward and practical. I'm quite pleased.

2009-02-04: git-pbuilder 1.6

Tim Skirvin sent me some enhancements to this script, so I took a moment to write documentation and put it up on my miscellaneous scripts page. This is my version of the integration script between git-buildpackage and pdebuild with cowbuilder. There isn't very much to it, but it does handle automatically adding the etch workaround option where needed and supports selecting the chroot in which to build via an environment variable.

As usual for these sorts of little scripts, it hard-codes some of my preferences and will probably require modification to work smoothly in your environment. Unlike the larger packages I maintain, these random scripts are little things I use to speed daily tasks or obscure scripts for specific needs I have. I make them public on the outside chance that they'll solve some problem someone else is having or will serve as a useful example. Further updates generally won't be announced in my blog.

2009-02-07: Lintian 2.2.3

Time for the weekly Lintian release.

I wasn't sure if I was going to have time to commit another substantial bunch of work, but I got on a roll last night and found some more time today. The main infrastructure changes in this release are the beginnings of a rewrite of the handling of relationship fields and support for generating indices of source packages (needed for several other checks). The latter is sadly going to make Lintian a bit slower.

Among the more minor changes are a few new checks, some of them pedantic. One of particular note is a new info-level tag recommending +dfsg instead of .dfsg in version numbers. 1.0.dfsg1 > 1.0.1, which usually isn't what's desired, but 1.0 < 1.0+dfsg1 < 1.0.1. Thanks to Paul Wise for the bug report. I've been bitten by this one in the past.

Hopefully for the next release I'll get a chance to convert all of the check scripts over to using the new relation interface of Lintian::Collect, which will also mean more caching of data and less duplicate work for each package.

I'm working on the bits from the Lintian maintainers post. Raphael Geissert had some good ideas for additional information, so I need to find some more time to expand it.

2009-02-11: pam-krb5 3.13

This is a security release fixing privilege escalation and local file overwrite vulnerabilities in all previous versions. All users of my pam-krb5 module should upgrade as soon as possible.

Derek Chan discovered and Steven Luo reported a vulnerability that allowed overwrite and chown of arbitrary files via Solaris su. Subsequent investigation revealed another, more general problem that would allow tricking pam-krb5 into thinking that Kerberos authentication succeeded with a password under the control of the attacker. This release fixes both problems (CVE-2009-0360 and CVE-2009-0361). See the security advisory for all the details.

I feel particularly bad about the more general vulnerability since there was a BUGTRAQ discussion about the underlying cause (needing to use krb5_init_secure_context with MIT Kerberos instead of krb5_init_context) back in 2007 around sudo. I should have realized the implications at the time.

Debian, Ubuntu, and Gentoo are affected. I prepared fixed patches for Debian stable, testing, and unstable for both libpam-krb5 and libpam-heimdal, and the Debian security advisories should follow mine shortly.

This release also has some build system and installation path fixes by Peter Breitenlohner and support for another Heimdal error reporting interface, thanks to Chaskiel Grundman.

You can get the latest release from the pam-krb5 distribution page.

2009-02-11: Resynchronizing

Chain on fencepost

Have another chain picture.

I haven't been posting much lately in part because my schedule and focus got a bit overwhelmed. Last weekend was a bit rough in places, but I seem to be on a better track this week.

After getting back into town last week, I was missing playing video games more than anything else, so I dove into that wholeheartedly (easy because I had some new games). I think I overdid it a bit: I didn't get enough sleep, and I think I pushed my concentration and focus too hard with games and exhausted myself for the other things I was doing. This week, I'm taking a week off and working on re-establishing my normal schedule (including reading instead of video games), and then will slowly reintroduce video games this weekend.

Now that I've gotten the pam-krb5 security advisory out, which I've been working on for the past couple of weeks, things should settle down. I'm hoping to have the opportunity to do a few more new software releases and clear some of my backlog. Work is in a bit of a lull at the moment when it comes to projects, although that will heat up somewhat next week.

2009-02-12: reminder 1.8

For the first time today, I happened to run reminder list while I was creating a new reminder and noticed that the stub reminder written by reminder create to give the user something to edit was causing Perl warnings. This release skips reminders without a title or date when listing reminders, thereby ignoring those stub records.

You can get the latest version from the reminder distribution page. A new Debian package will be available from my personal Debian repository just as soon as I finally finish the switch to reprepro.

2009-02-12: Better and better


This shot was one of my early experiments with the macro mode in my camera. I'm still quite happy with it.

Taking a break this week from video games to regather myself and refocus has been an excellent decision. I'm back to working from my to-do list instead of jumping on what just came in and not stressing too much over just what item on my to-do list I need to be working on. That's a mental trick that's part of the Getting Things Done method, but which I have a hard time with: ideally, one should separate analysis from action. The point of having the list is that I've already thought about everything on it and decided that I need to do it, which means that as long as I'm working on something on the list, I don't need to second-guess myself. Everything on the list is important and should be done.

I need more practice at that to make it stick, but today I did a good job with it.

The result is that OpenAFS 1.4.8 packages for Debian unstable are just about ready and include fixes for a huge variety of issues raised in both the Debian bug tracker and in Ubuntu's. I've included DKMS support, although since the DKMS package hasn't yet been uploaded to Debian, I'll probably disable it for the initial upload and re-enable once there's a DKMS package I can depend on. But lots of other things are fixed or improved, and I've pulled up a bunch of changes from OpenAFS CVS.

A couple of my friends are going to be away this weekend for a convention, which means I'll also get the long holiday weekend mentally to myself. While I'll miss our regular interaction, it's good timing. It will be a good weekend for quiet contemplation, working on whatever comes to mind, and staying inwardly focused. Given the first month and a half of this year, I'm rather burned out on other people right now and am still recovering my social energy.

2009-02-13: Good week

Twig and seed

Buds and seeds capture my mood at the moment. This wasn't my most productive week ever, but it was a solid, comfortable week of getting things done. Some of my project work was quiet, so I spent most of two days refreshing the Debian OpenAFS packages and now have 1.4.8 packages ready for upload once the Debian release process is past. I also got the pam-krb5 security update out, stayed current on Lintian, and even pushed Policy forward a bit more. Among other things.

More importantly, I got back in control of my mood, caught up on my sleep, settled my life back down and put it back into a normal schedule, and built a solid structure for the next few weeks.

And now, I have a wonderful three-day weekend, and I'm not even going into it feeling behind.

2009-02-14: Accomplished

Sunlit forest path

Paths look even better in afternoon sunshine.

I woke up this morning feeling like continuing to cross things off my to-do list, so today was an accomplishment day instead of an entertainment day. I mostly worked on my test suite driver program and on my portability and utility library, getting them into shape for initial releases and polishing them so that I can base some future releases on them. I think I'm about ready to get back to working on the next release of lbcd.

Due to the imminent Debian release, there won't be an upload of Lintian this weekend. I'm planning on releasing Policy 3.8.1 sometime next week or next weekend, with a Lintian release at the same time implementing new checks and updating the recognized standards version.

Tomorrow, I'll probably do some shopping and then spend the day either reading or playing video games, depending on what I feel like when I wake up.

2009-02-15: Video game Sunday

Brown on white

It's been a while since I posted a picture of moss texture, so today you get another one of those. I never get tired of it.

Today disappeared on me remarkably fast, mostly because I spent much of the day playing Fallout 3 (and the rest of it sorting through mail and straightening up the apartment). I still need to do shopping; tomorrow will have to be the day for that.

Fallout 3 is brilliant but also frustrating so far, mostly due to the first-person play controls. I found it obnoxiously difficult to get around Megaton to the point where it occasionally took me fifteen minutes to stumble on the right path to some destination, and one time thought I was going to have to reset the game because it managed to get me stuck behind some buildings. (Thankfully, resetting to third person temporarily got past the glitch and unstuck me.) This is, needless to say, not "fun." I really loathe first person perspective in video games. It feels claustrophobic and confusing to navigate. It's particularly bad in games, sadly like Fallout 3, where the in-game map both isn't available as an overlay and is almost completely worthless in some areas (like Megaton).

All that being said, the story and branching are spectacular, easily the most creative and open that I've ever seen on a console. I care about the story, I'm enjoying the possibilities, and I even rather like the combat (which I was expecting to hate). The combat is actually more fun than the general movement around the screen.

The graphics are... not as impressive as I was hoping for a current generation video game, honestly. They're great in places, but (again because of the damn first person perspective) they break down a lot. As with a lot of first-person games, you spend a lot of your time looking directly at walls, which are just as ugly and horribly pixellated as they were in Wolfenstein 3D. The few times there's a good vista, it's great, but the moment-to-moment graphics experience is only good.

The best part is the sense of humor and the little touches of sarcasm built into the world. This is the first RPG I've played in a long time that I can remember making me laugh out-loud. The whole post-apocalpytic setting isn't my cup of tea — I actually prefer the mystical SF of Japanese RPGs — but it's so well done that I'm loving it anyway.

I think once I get more used to the controls and more used to navigating around Megaton in particular (bad idea to make the first town built on multiple levels that aren't shown on the map and full of "you can't get there from here" catwalks), I'll be less frustrated and more engrossed. I'm trying to turn off my "I wonder if I'm doing it right" sensors and just play without looking at a walkthrough, although I did skim a few just in case there was anything that I would have been spectacularly annoyed to miss. I think I'm satisfied now that there isn't and I'm trying to just do whatever occurs to me and not worry too much about it. The goal is to enjoy a free-form first playthrough and then go back a second time armed with a walkthrough and see more of the neat stuff that I missed the first time because I didn't minimax my skills or know exactly the right dialogue branches to take.

2009-02-16: End of weekend

Native mural

Chemainus, British Columbia is full of beautiful murals. I find it difficult to photograph a mural and do it justice, although I tried. This is one of the few pictures that I was relatively happy with.

It's now the end of the weekend. That came a bit faster than I would have wished, but at least several of the things I want to work on are things that also fit into my day job. And it's a short week, so the next weekend isn't too far off.

Today was mostly a day of cleaning up the house, doing chores (dishes, shopping), and then catching up on some magazine reading while getting mentally back into a normal weekly rhythm. I was hoping to do more Debian post-release tasks, but I didn't make it; I have to settle for doing a few pending uploads. More of those will happen tomorrow.

I really thought I was going to work more on Policy and on Lintian this weekend and it just didn't happen. It's unclear to me right now whether I'll have time during the week or whether it will need to wait until next weekend.

2009-02-17: Working day

Chemainus sawmill

Here's another picture taken last year in Chemainus. I also put up another mural photograph.

Apparently I was ready to dive into work even though I didn't think I was. I woke up a bit early, didn't feel like going to back to sleep, and hence dove into work, and ended up working 13 hours today and getting a ton of work done, particularly on the virtualization project. Nice. That will free up some time that I can use for other projects later in the week.

I'm starting the post-lenny uploads, refreshing all the software I maintain in unstable. The new Shibboleth packages will start trickling in over the next few days.

2009-02-20: First 2009 haul

It's been a long time since I've posted one of these, but I did finally place another book order. I've been cutting back a bit since I already own so many books I've not read, but we're coming up on Hugo season, so I'll probably place at least one more order in a few days.

Eric Ambler — A Coffin for Dimitrios (thriller)
Ben Goldacre — Bad Science (non-fiction)
Barry Hughart — The Chronicles of Master Li and Number Ten Ox (sff)
Michael Lewis — Liar's Poker (non-fiction)
Barack Obama — Dreams from My Father (non-fiction)
George Orwell — Burmese Days (mainstream)
George Orwell — A Clergyman's Daughter (mainstream)
George Orwell — Coming Up for Air (mainstream)
H.F. Saint — Memoirs of an Invisible Man (sff)
Karen Traviss — Crossing the Line (sff)
Karen Traviss — The World Before (sff)

2009-02-22: Lintian 2.2.6

This release is mostly bug fixes that have accumulated over the past couple of weeks. The most notable is a rewrite of the unpack script for source packages that should do a much better job of analyzing the upstream tar file and determining the common prefix. This is currently important so that the upstream index file is generated properly and other collect scripts that depend on it are happy, but in the future it will also be used to implement some checks that care about how the upstream tarball was packed (when it was repacked for DFSG reasons, for instance).

There are a bunch of other bug fixes and some more work that lays the ground for future tags. This was a "keeping our heads above water" release more than anything else, taking care of new bugs that had come in since the previous release and not making much continued progress on the bug backlog. But I think we have some underlying infrastructure in place to make more progress in the next few releases.

I haven't updated for a while. I may do that with this release, or wait for one more.

2009-02-24: Expectation and obligation

Some necessary background: George R.R. Martin is a science fiction and fantasy author who's been writing (and editing) in the field for quite a while. In 1996, he started a new epic fantasy series entitled The Song of Ice and Fire, a hugely complex and sprawling series telling the story of an entire medieval world, with four volumes published and something on the order of 19 viewpoint characters to date. The fourth and last book to date in the series was published in 2005. It contained only half the viewpoints expected (and in my opinion and that of at least some other readers, the least interesting half). There was an afterword saying basically that the book was cut somewhat artificially in half for length reasons (it was 753 hardcover pages for what was there), the next book would have the other viewpoints, and it was basically done.

Three years and some later, and after a few other optimistic updates, it's not yet done. Some of Martin's fans are increasingly getting antsy and sometimes abusive about this. This has increasingly been getting to Martin, and he's responded in various ways in his personal blog, most recently February 19th. See also John Scalzi and Charlie Stross reacting to his post.

Now, I'm not one of the people who is rabid about this series. I'm a little disappointed that I haven't gotten to read the next bits with the characters I really like in the series, and I didn't much care for A Feast for Crows because of how the book was split. But I have a thousand other books I want to read (literally — I've read less than half the books I own) and if I don't get to see more of the series, oh well. I am, however, very interested in the fan reaction to this delay and Martin's reaction to that, because it has started reminding me of similar things in my own life.

Some of the fans are just batshit insane, which is one of the things that happens to a best-selling author; I feel for Martin there but there isn't much anyone can really do about that. But among the sane people, there are a bunch who say something like "I understand why the constant nagging doesn't help, but on the other hand, when you start a big story with unresolved plots, you have an obligation to your readers to finish it."

I call bullshit on that.

This same effect happens in the free software world. If you write some program, you're perceived to have an obligation to support it, fix it, release new versions, and so forth. I've also had this happen in other volunteer contexts, such as Usenet. Often that obligation is based on some comments that one makes about future plans, things that will go into the next release, e-mail messages where you say that you'll look at something, and so forth. It's not entirely groundless, and it's not groundless with Martin either.


As any software developer knows, time estimates for tasks are horribly difficult and almost always too short. This is clearly what happened to Martin, and bitching about the time estimates doesn't help at all. Some problems turn out to be so much harder than you expect that time estimates fail entirely. With creative work (including some programming) it's particularly hard to know how much work is remaining. You may know roughly how much you have left to write, but you don't know how hard each chunk will be until you start it, and sometimes until you finish it. With some projects, the only thing you can do is say "sorry, my estimates were completely off and I don't know how to estimate this" and then stop promising dates. Which Martin has already done. He was "wrong" in some sense for setting bad expectations, but estimation is insanely hard and the world usually doesn't let you get away with just refusing to estimate anything.

So much for time. What about whether Martin has an obligation to write the next book at all?

The equivalent question in the free software world is whether one can just walk away from a project, or away from a volunteer position, leaving a bunch of stuff undone that some people who were using the software were counting on having finished. It's a bit easier to deal with in free software, since usually just promises are at stake, whereas with Martin he's sold a commercial product and people get weird about money. There is a reasonable expectation that a series of this type will have a conclusion (although I'll point out that the SFF world is filled with unfinished series). Maybe you wouldn't have bought any of the series if you had known that it wouldn't end, so now you're out $100 for the hardcovers that you feel like you bought on false pretenses. Let's examine that.

First, I have a serious problem with people who use the economic transaction as leverage in this sort of argument. This is a really piddly amount of money for each individual person, generally less than I get paid for one hour of work. Writing a new novel is way, way more than one hour of work. Martin's fans are demanding that he do work that's worth many orders of magnitude more than they're conceivably out monetarily. (And the reactions are individual reactions of anger; the level of upsetness of each individual shouldn't change based on the total size of the fan base.) Furthermore, their economic transaction was with the publisher, and they had no control and no say over how Martin got paid. From multiple different directions, they're not his employer, have no contractual control over how he spends his time, and have no legitimate economic basis for asserting any such control. They can make a decision to not buy his future work because they're disappointed, and that's it.

Second, it is absolutely mandatory to give other people room to be wrong or change their mind. Human beings cannot keep every promise that they make. We fail at things that we fully intend to do, particularly around estimates, and particularly around one's dedication to decade-long major life projects. People are wrong about marriages and children, which involve far more serious consequences than a fiction series. I think it's a good reality check here to note that his fans are placing way more restrictions on what he can do with his life than would be legal for any employer.

Third, when someone doesn't meet your expectations, the response should be proportional and rational. This is the one that really gets to me. Choosing not to read the next book in the series because it's been too long is entirely reasonable. Trying to make Martin feel like crap is not. I would go further: nothing that an artist could promise to their general public could warrant intentionally making them feel like crap for failing to do it. That level of emotional consequence should be reserved for things like marriage, parenting, or life-long friendship, not disappointment that you didn't get to hear the end of a story you were enjoying. I speak from personal experience here: this type of punishment by guilt is a nasty, nasty business. It burns people out faster than any other possible reaction, it makes it much less likely that Martin will continue the series at all, and it's probably poisoning his feelings about the entire world. It's burning down the bridge you're standing on. It always hurts and never helps.

People already create feelings of obligation around things they've promised, implicitly or explicitly, to do, and generate plenty of their own guilt. That guilt is one of the major obstacles that one has to overcome to be productive; if you don't believe me, read any good productivity book, such as Allen's Getting Things Done, and notice how much it talks about getting past guilt. Intentionally going out of your way to contact someone you do not know personally and pile on more guilt is vicious, cruel, and tactically counterproductive. Trust me, Martin didn't fail to notice that he missed his own deadlines.

I think Martin's post and the subsequent discussion is a great opportunity for all of us who create or use creative and technical works to think about how we apply the Golden Rule. There's a natural tendency to hold people tightly to promises that we'll get something that we want. There's a natural tendency for all of us to make those promises, since people are grateful for them, and then pile guilt on ourselves for not meeting them. All of the emotion wrapped up in both sides of that tension of expectation and obligation can be exhausting and poisonous. It makes relationships brittle because we don't let people renegotiate. We don't let people say they were wrong. We don't let people change their minds. And we don't let ourselves change our minds.

Here's my promise: the next time someone doesn't meet an expectation I had, I will remember this discussion, give them space to be wrong, and not pile on more guilt. Like all promises, I'll try to keep it, but I might not be able to.

2009-02-28: svnlog 1.15

svnlog now assumes that names from getpwnam() are encoded in UTF-8. It decodes them and encode them using RFC 2047 encoding when needed for e-mail messages. If the name is not in valid UTF-8, continue using it verbatim in the mail message the way prior versions did. This support is based on a patch contributed by Aaron Griffin (which I've been sitting on since last November).

I also updated the URL for diffstat in the documentation.

You can get the latest version from the svnlog distribution page.

2009-02-28: Term::ANSIColor 2.00

This release has been quite some time in the making. It finally includes support for maintaining a stack of attributes and popping back to a previous point in the stack without a complete reset, which was contributed by back in 2007. For all of the details, see the documentation.

This release also cleans up some coding style issues, reworks the test suite to use Test::More, adds spelling checks for the POD documentation (and fixes some spelling errors), and adds faint as a synonym for dark. This is also the first release from Git instead of CVS.

You can get the latest version from the Term::ANSIColor distribution page.

Last modified and spun 2017-03-25