Associated Press jumps the shark

Everybody has been saying that the Internet is killing journalism, but I see it as more of a suicide.

The argument for lowercasing Internet is that it has become wholly generic, like electricity and the telephone. It never was trademarked and is not based on any proper noun,” Tom Kent, AP Standards Editor, said in a statement. “The best reason for capitalizing it in the past may have been that the term was new. At one point, we understand, ‘Phonograph’ was capitalized.”

Mr. Kent has become an arbiter of journalistic composition despite being apparently unfamiliar with the concept called “research.” Which explains the death of journalism better than the Internet, or indeed any number of internets.

Don’t be a .local yokel

Wikipedia has a nice technical write up that explains why you should never, ever use the .local suffix the way Microsoft has frequently recommended.

But I like this politically incorrect version better:

Microsoft: “Gee, nobody is using the .local piece of the globally shared Internet namespace, so let’s tell all our customers that it’s best practice to use it for our totally super cool version of Kerberized LDAP service called Active Directory!”

Novell: “Oh noes, Microsoft has made an inferior competitor to our flagship technology! It’ll probably destroy our market advantage just like their inferior networking stack did!”

Linux/Unix: “Oh noes, when somebody attaches the new Microsoft technology to an existing mature standards-based network, Kerberos breaks!”

Microsoft: “HA HA HA HA HA HA HA we are totally following the standard, lusers!”

Linux/Unix: “grumble whine we will patch Kerberos even though we don’t agree.”

Microsoft: “whatevs. Did you notice we broke your DNS too? :)”

Apple: “Hey, IETF, we have this cool new zeroconf technology. We want to reserve the .local namespace for it.”

IETF: “OK, sure, you’ve filled out all the forms and attended all the meetings and there’s two independent implementations so you’ve done everything correctly. We have no valid reason to deny this allocation.”

Novell: “Hey, we were using SLP already, what did you just do?”

Apple: “Oh, whoopsie, did we just eat your lunch? HA HA HA HA HA”

Microsoft: “Hey, what just happened?”

Apple: “HA HA HA HA HA HA HA HA HA HA HA RFC6762, lusers!”

Linux/Unix: “grumble mumble whatevs. We can do mDNS.”

Microsoft customers: “OH NOES WE ARE SCREWZ0RRED”

Microsoft: “Meh, you didn’t really want Apple products on your networks anyway.”


Microsoft customers: “How much would it cost to fix this network?”

Microsoft: “What, were you talking to us? Everything’s fine here. Windows 10 forever!”

Comodo up to more tricks

People occasionally ask me who they should buy security certificates from. I absolutely will not recommend anyone in particular – even the most honest and honorable Certificate Authorities are inherently swindlers, because the trade itself is pretty much a legalized extortion scheme – but I am willing to say who I don’t recommend – Comodo is the worst CA, hands down. Witness their latest hijinks:

When you install Comodo Internet Security, by default a new browser called Chromodo is installed and set as the default browser. Additionally, all shortcuts are replaced with Chromodo links and all settings, cookies, etc are imported from Chrome. They also hijack DNS settings, among other shady practices.
[Link to Chromodo download elided]
Chromodo is described as “highest levels of speed, security and privacy”, but actually disables all web security. Let me repeat that, they ***disable the same origin policy***…. ?!?..

This certainly isn’t the first time Comodo’s been caught doing things they shouldn’t, but somehow they still control around a third of the world’s certificate issuance. People need to stop giving business to known bad actors, even when it’s unclear whether the actions stem from malice or incompetence.

Query all non-subscribed RHEL7 repos at once

The old Red Hat Network was simple and easy to use. The RHN website presented a list of systems in your web browser, with counts of outstanding patches and outdated packages. You could click on a specific system name and do various things like subscribe to specific repositories (channels) etc.

The current Red Hat Network is a glittering javascript tour-de-force that multiplies the number of clicks and the amount of specialized knowledge you will need to manage your systems. You can pay extra for add-on capabilities such as the ability to select groups of systems and apply a set of operations to all of them, which is almost certainly necessary if you have a large number of systems. It’s a sad travesty of the much-maligned system it replaced.

If you’re completely entangled in the new RHN with your Red Hat Enterprise Linux 7 systems (by which I mean that you haven’t managed to exit the Red Hat ecosystem for a more cost-effective infrastructure yet) you might want to do something like figure out which of the various poorly named repos (such as -extras, -optional, and -supplementary) contains some particular package you want.

Command line to the rescue! Ignore all RHN’s useless beauty and use ugly, reliable Gnu awk. This, for example, finds the repo where the git-daemon package has been hidden away.

subscription-manager repos --list | gawk '/^Repo ID/{print "yum --showduplicates list available --disablerepo=\"*\" --enablerepo=" $3}' | bash | grep -i git-daemon

After several minutes (there’s a lot of network traffic involved) you’ll find that versions of git-daemon are in five different repos.

git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-eus-rpms
git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-eus-rpms
git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-eus-rpms
git-daemon.x86_64 rhel-7-server-optional-fastrack-rpms
git-daemon.x86_64 rhel-7-server-optional-rpms
git-daemon.x86_64 rhel-7-server-optional-rpms
git-daemon.x86_64 rhel-7-server-optional-rpms
git19-git-daemon.x86_64 1.9.4-2.el7 rhel-server-rhscl-7-rpms
git19-git-daemon.x86_64 1.9.4-3.el7 rhel-server-rhscl-7-rpms
git19-git-daemon.x86_64 1.9.4-3.el7.1 rhel-server-rhscl-7-rpms
git-daemon.x86_64 rhel-7-server-optional-beta-rpms

So, you query the Red Hat Package Manager, rpm, to find out what version of git you have.

rpm -q git

Since matches the latest version of git-daemon available from the rhel-7-server-optional-rpms repository, that’s the one you need to add in order to load git-daemon.

subscription-manager repos --enable rhel-6-server-optional-rpms
yum install git-daemon

This process is much easier than using the Red Hat Network web gui, and requires less specialized knowledge. Which is pretty sad, considering how arcane these incantations are.

Firefox annoyance #5: redirect caching

Firefox Annoyances:

1) Sync
2) pocket
3) hello
4) everything else, other than the plug-in API itself, that isn’t a paper-thin shell around gecko
5) 301 redirect caching

To clear the 301 redirect cache for a single page, go to the “View” menu and light up the “History” sidebar (yeah, of course you forgot about that, nobody uses it), find the site you’re working on, right-click and select “forget about this site”.

annoying git

I’ve been installing git on some corporate servers with the idea of converting existing CVS and ad-hoc code management systems into something reasonably fast and modern.

It’s been somewhat tedious and painful, but supposedly once I’m done the installation will be stable and maintainable. For an enterprise SCM that’s a lot more important than ease of installation, at least in theory. (I ran OpenLDAP for a decade or more, so I can appreciate the value of putting all the pain up front.)

Today’s annoyance is that the gitolite documentation and web site refer to a “hosting user” but the toolset and other web sites describing gitolite installation talk about an “admin user”. After wasting several hours with Google trying to find out exactly what the difference was, I created a new user account for the admin user and executed the commands – at which point it became immediately obvious that THOSE ARE THE SAME DAMN THING.

Curse you, gitolite. I WANTED US TO BE FRIENDS.

British Museum Iron Age virtual exhibit

Heather writes:

One of my web design e-newsletters had a link to the indoors Google Street View of the British Museum. So I wandered around a bit and found this… Celtic Life in Iron Age Britain: A British Museum exhibition of Iron Age objects from collections across the UK.

ISP hacked, blog savaged

Our ISP,, was hacked and an amateurish attempt was made to plant various forms of malware on this site. Fortunately for my non-existent readers, the hackers weren’t particularly competent. Unfortunately for me, the same might be said of my ISP…

User registrations are disabled, for the nonce, which again will be a trial for my non-existent audience.

James Mickens in Norway

“In this bleak, relentlessly morbid talk, James Mickens will describe why making computers secure is an intrinsically impossible task. He will explain why no programming language makes it easy to write secure code. He will then discuss why cloud computing is a black hole for privacy, and only useful for people who want to fill your machine with ads, viruses, or viruses that masquerade as ads. At this point in the talk, an audience member may suggest that Bitcoins can make things better. Mickens will laugh at this audience member and then explain why trusting the Bitcoin infrastructure is like asking Dracula to become a vegan. Mickens will conclude by describing why true love is a joke and why we are all destined to die alone and tormented. The first ten attendees will get balloon animals, and/or an unconvincing explanation about why Mickens intended to (but did not) bring balloon animals. Mickens will then flee on horseback while shouting ‘The Prince of Lies escapes again!'”

Exchange schema are a tumor inside Active Directory

“Microsoft email software is to the global communications industry and the general public as the Boston Strangler is to the woman alone.”
— Jack Valenti, MPAA

OK, it’s pretty clear that rooms, in the real world, have locations. Many of them have room numbers, and some of them have phone numbers. And a very very few of them have email addresses.

So naturally, Microsoft’s Active directory treats email attributes as the defining characteristics of a room. After all, anything to do with email invokes the dreaded Exchange Shadow LDAP schema. And while your rooms almost certainly don’t have email addresses, somebody somewhere does!

The “room” objectclass is part of the old COSINE schema, a true international cross-platform multi-vendor Internet standard at least as early as 1991 (currently enshrined in RFC4524). So you’d expect to be able to do a simple LDAP search on (objectClass=room) in any directory in the world… and you can, except in AD.

In Active Directory you search for (msExchResourceMetaData=ResourceType:Room). Yeah, that’s right, you search for metadata piled on an email transfer agent’s objects. For some room that has no email capability whatsoever. My theory is that this is because Microsoft’s email and calendaring strategy was defined by people with the outlook and mental capacities of a selfish, spoiled ten-year-old.

Traceroute vs Tracert

Van Jacobsen’s traceroute utility is not the same thing as Windows tracert, and the MS-Windows tool is probably more academically correct. The GNU version of traceroute that is included with most linux and BSD operating systems can do both kinds of tracing, but does the Van Jake by default (use traceroute -I to get the windows-style ICMP trace).

People have occasionally given routers silly names to produce amusing traces.

I can have a page named NUL in linux, though.

Excellent article, but he forgot my favorite, CLOCK$. I used to have a web page with a big, shiny red button linked to <A HREF=”c:\clock$\clock$”> and the message “don’t click the button or your computer will be destroyed and all your files deleted”. It didn’t really do that, but it would instantly crash any Microsoft system prior to Win98SE or thereabouts. People did click on it, which still kind of amazes me.

Homeopathy as the least worst choice

Interesting thing about homeopathy, that I learned from visiting the Mary Baker Eddy Museum in the Boston Christian Science Reading Room: less than 200 years ago, the best medical treatment you could get was probably homeopathy. It was unlikely to outright kill you, and would keep you well hydrated. The next best treatment was almost certainly prayer (because it might have psychological benefits and at the very least it didn’t involve bleeding or the administration of poisons) followed by herbalism (which could definitely kill you, but might also heal you) followed by a dog’s breakfast of other therapies which mostly involved greatly increasing your chance of an untimely death in the name of healing.

Over time, the bits and pieces of things that actually worked (such as keeping patients hydrated, and various herbal remedies such as willow bark and etc.) became the basis of modern medicine, mostly through the efforts of snake-oil hucksters and patent medicine companies who found ways to profit from them. The profit-driven system has mostly worked rather well (despite numerous debacles like aspirin, thalidomide, Coley’s cancer cure, etc.) because you couldn’t make profit from dead patients (until the development of mass media campaigns, anyway).

Today the snake oil industry has metastasized into modern corporate medicine, which primarily exists to sell pills. But most of those pills actually do something, so it’s a huge step up from the days of homeopathy, when the last thing any sick person needed was any treatment that actually did something.

Today it’s popular for self-aggrandizing Internet commentators to hold up homeopathy as a “fake science” that they lump in with whatever other targets of opportunity they think will make them look scientific and clever, such as chiropractery if the pundit is left-wing, and “global warming” if s/he’s right-wing. And invariably these critics know almost nothing of the history of medicine, and they’ll usually characterize medicine as a “science” (or possibly a “Science”) rather than the praxis that it is. But to my mind, today’s corporate medicine is very much the same as the homeopathy of Mary Baker Eddy’s time – it’s the least worst choice.

The US Government and You

“If you treat federal law the way the secretary of state does, you go to prison.
If you treat IRS rules the way the IRS treats IRS rules, you go to prison
If you treat immigration controls the way our immigration authorities do, you go to prison.
If you’re as careless in your handling of firearms as the ATF is, you go to prison.
If you cook your business’s books the way the federal government cooks its books, you go to prison.”

Courtesy of some guy at Slashdot.