"Parlamentary Evening" about software patents
Yesterday I was invited to a parlamentary evening organized by
FFII e.V., a non-for-profit organization lobbying against the introduction of software patents in the European Union.
As you may know, they've been quite sucessful during the last year, since the
European Parlament passed a directive that prevents any patent on computer
software. However, due to the strange way the EU works, this directive has to
be approved by the EU council before it gets enacted. The council is composed
by representatives of the executive government, not by directly elected members
of parliament.
The purpose of this event was to raise awareness about the dangers of software
(and pure algorithmic/logic) patents. Among the invited guests were members of
Bundestag (the german parliament), and various Officials of BMWA, BMBF and BMJ
(economy, research and justice ministries).
I received the event as quite well. We were able to make our point and make
them understand why a piece of software is different of somebody making an
invention in the field fo mechanics.
Trying to make 2.6.x IPsec and conntrack/nat work
Spent some time thinking about how to possibly solve the long standing
problem with conntrack/NAT and the 2.6.x in-kernel AH/ESP implementation.
The recent discussion on netfilter-devel was quite productive, although most of my ideas turned out to be without technical possibility :(
For example, iptables cannot attach the same CHAIN to multiple HOOKS. That would be so neat. Would somebody remind me that that has to go into pkttables?
Anyway, I've now written a surprisingly small (but still ugly) patch that
should do about 60% of the solution upon which we agreed on the mailing-list.
Unfortunately, I don't have the time to set up a full IPsec test bed right now, so I have to rely on others to test it..
Ulogd is becoming a flow accounting subsystem
Some nice Russian guy wrote a patch to add BSD like ipacct flow accounting to
ulogd. This is something I
had on my wish list for quite some time.
He has written an OUTPUT plugin that does all the flow accounting and
file-writing itself. However, I have an idea of how this could be implemented
in a more generic way: Implement flow accounting as interpreter, and return a
pointer to a struct flowinfovia a new ulog_iret_t. This way any output
plugin could reference flow information for the current flow.
More work on the fail-over code
Currently Astaro is paying me for my
development on the netfilter conntrack fail-over code. That's what I'm supposed
to be working on, at the least... I should stop reading my email in the
morning, because otherwise my whole day will be filled with other stuff that
just results from reading emails.
Anyway, the fail-over has been progressing, slowly but steadily. I should
expect some working code any day now.
Thanks again to
[ /linux/netfilter |
permanent link ]
Why do people have to make winter holidays?
I tried to get a train reservation on Friday/Saturday between Berlin and Nuernberg. All the trains, even the night trains (sleeper trains) on Friday or Saturday morning are fully booked out.
Apparently winter holidays in Berlin are starting and everybody is heading
south to Bavaria and Austria for winter 'sports'. Kind of annoying that you
cannot even get a single ticket five days in advance.
[ /personal |
permanent link ]
Upcoming software patent / DRM / biometrics events in Berlin
There's a couple of interesting events upcoming in Berlin:
- A meeting of the FFII with members of Bundestag (the German parliament) on the issue of software patents.
- A Symposium on DRM and its alternatives.
- A meeting between CCC and representatives of the German green party on the issue of biometric data in passports
I hope I can make it at least to the former two, despite my time constraints.
[ /linux/conferences |
permanent link ]
Back home
After LWE, I've finally arrived at home again... at least for one week (when
I'll be heading to Karlsruhe). Feels somehow strange to use Euro coins again
;)
Well, I see a week packed full with work, ranging from netfilter fail-over stuff
to dealing with gpl violations, reading all the pending snail mail, paying
bills, visiting important events (see other entry in today's blog).
[ /personal |
permanent link ]
Bought three interesting books
During my stay in NYC went to the NYU computer bookstore, just for browsing, not looking for anything in particular. In the end, I spent more than 150 bucks on three books:
- Telecommunications Technologies Reference (ISBN 1-58705-036-6)
This makes an excellent reading for somebody with an Internet background who
wants to learn about the general architecture of modern telephone systems, SS7,
frame relay, ATM, SONET/SDH, ISDN BRI/PRI protocol layers, encodings,
multiplexing, ...
- 802.11 Wireless LAN Fundamentals (ISBN 1-58705-077-3)
A comprehensive guide on the 802.11 standards, ranging from MAC to PHY layer,
advancing to encoding and modulation techniques used. It also covers roaming,
Mobile IP, WPA, WEP, 802.1x. A good read for those who want to learn more
about the 802.11 family.
- Practical VoIP
A book about the VOCAL implementation of SIP/SDP user agent/proxy/gateway functionality, with solutions to interconnect with H.323 and MGCP. Also includes introductions to the respective protocols, however after having read the SIP relevant RFC's I had skipped that part.
[ /linux/netfilter |
permanent link ]
First day at Linux World Expo
This is the first day of LWE
2004. It's much smaller than I expected it. The exhibition area is
definitely not as large as at Linuxtag in Germany. As you'd expect at an event
organized commercially, everything is perfectly organized. Too perfect for me,
I'd rather like a more chaotic community-organized event.
At least I've met two people I know: Mats Wichmann and James Bottomley.
Anyway, going to give my presentation tomorrow. Let's see how many people will
attend the programming tutorial.
[ /linux/conferences |
permanent link ]
Guggenheim Museum, Chinatown and Aquarium
The weather remains incredibly cold, which means that any activity outdoors
becomes a challenge. Apart from the Guggenheim Museum and the Aquarium, we've
spent a couple of hours exploring various shops in Chinatown.
[ /personal |
permanent link ]
A day of shopping
Since NYC seems to be the capital of the capitalistic world, it offers a paradise for shoppers. Unfortunately we're not really in the mood of shopping, but we decided to ignore that and make the best out of it. So we ended up bring numerous books, from Hindi grammar to historical sewing techniques.
[ /personal |
permanent link ]
Wireless Internet access in NYC
Staying in the 36th floor of a hotel in midtown Manhattan has the advantage of receiving about
35 wireless networks, many of them unencrypted and with pre-configured IP
address range ;)
So the hotel doesn't even have to bother offering Internet access to their
customers, I guess.
The real problem is to stick with one AP, since everybody seems to use the
pre-configured 'Linksys' ESSID, and the client thus thinks it can roam between
them... which obviously doesn't work.
[ /personal |
permanent link ]
Second day in NYC: Metropolitan Museum of Art
The second day was fully spent at the Metropolitan Museum of Art, which seems
to be a universe of it's own. Quite impressive Museum, just a bit odd for us
old-world European that the paintings are organized/sorted by collector
instead of by artist or age. I guess that is what happens if
even art in museums is commercialized.
One of the main reasons why we went to the museum is it's "costume institute".
According to what we've read, they have tens of thousands of historical
costumes. Unfortunately, the exhibition area is only large enough for hardly
one hundred of them, and currently this space is occupied by some stupid "men
in skirts" exhibition. Hey, I own more skirts than trousers... what's so
special about that subject? Am I now worth exhibiting? And what happened to
the interesting historical costumes? They are hidden away :(
[ /personal |
permanent link ]
Arrival in NYC
After a quite decent flight with Singapore airlines, Eli and I have arrived in
New York City. I'm here for LWE, and we thought It'd be a good idea to add a
couple of days for sightseeing. I've been in NYC the last time 9 years ago. Jeez,
I feel like I'm getting old.
It seems like we're visiting NYC at it's coldest time ever. The ground staff
at the airport was fighting with a snow storm, and temperatures are at about
-12 Celsius. But this isn't all, we also have extremely cold arctic winds.
On our first half day (arrived at about 1:30pm at the hotel), we didn't do much
but getting over our jet lag and having some fast-food.
[ /personal |
permanent link ]
Infrequentness of weblog entries
Shortly after starting the weblog, entries become less frequent :( I'll try to improve over the next couple of days. Heading off to New York for LWE 2004 where I'll be giving a netfilter programming tutorial on behalf of my sponsor Astaro.
Four hours left for sleep, I'd rather use the time and write some stuff here tomorrow.
[ |
permanent link ]
Final work on new netfilter homepage
The last section of the homepage (security advisories) has now been converted.
The security advisories in their text form are just placed into a certain
directory, and some makefile, perl-script and docbook-xml magic takes care of
the rest.
With some luck, the new homepage will be online tomorrow
[ /linux/netfilter |
permanent link ]
Sorry for all the pending email replies
Meanwhile, there's way too much pending email I need to take care of, both
netfilter-related and private email. Sorry to everybody out there who is still
watiting for a reply.
[ |
permanent link ]
More work on the new netfilter.org website and people.netfilter.org
I've finished the scripts for auto-generation of the mirrors.html page from the
DNS zone file, and the HOWTO-link-generation similar to what the current
netfilter homepage has. Also done some final tweaking of the style sheets.
With regard to the people.netfilter.org blosxom configuration: I've now
finished some nice blosxom templates (flavour, how it likes to call these
itself) that resemble the exact layout of the docbook-website generated
netfilter homepage... in fact, it is using the same CSS :)
[ /linux/netfilter |
permanent link ]
Harald arrives back home for a full week
After lots of travelling, I'll finally be at home for a whole week.
After that, I'm going to fly to NYC, heading for LinuxWorldExpo, where I'll be
giving a presentation on behalf of Astaro.
While travelling to lots of conferences can be quite nice, I have actually
concluded that I spent less than half the year 2003 at home in Berlin. This
sucks. I moved to Berlin because there's so much interesting people (lixnke the
CCC), culture and community. 2004 is going to
be way less travelling than the previous years. A hand full of conferences
(LinuxTag, Linux-Kongress, OLS, Kernel Summit) and that's it. Sorry guys.
[ /personal |
permanent link ]
libiptc2 woes
After quite some time, a posting on the netfilter-devel list reminded me of my
unfinished work on libiptc2. The problem with old libiptc is, that it has a
n^2 complexity when adding rules to an in-memory ruleset. This slows down the
time for iptables-restore with large rulesets.
Old libiptc has a so-called chain cache that contains pointers to the start of
each chain within the ruleset blob. This chain cache has to die, and libiptc2
needs a totally separate representation of the ruleset. Every rule as a
malloc()ed chunk of memory, put into a linked list (which builds a chain, which
are in turn linked lists). Only at the iptc_commit() stage this libiptc-internal representation is compiled into the ruleset blob.
Let's hope Andre Uratsuka Manoel will find the time to continue this work,
since I really don't even know to start with my ever-growing TODO list :(
[ /linux/netfilter |
permanent link ]
installed blosxom on gnumonks.org
From previously being just installed on my notebook (debian testing), I've now
managed to install blosxom on gnumonks.org (debian woody). This was quite a
hassle. First, there was no blosxom backport for woody available on the net
(what a shame). Second, rebuilding the blosxom .deb on woody didn't seem to be
as easy as usual due to some strange interaction with fakeroot+gpg. Didn't
solve the problem, but rather built the package as root.
After that, I had to discover that the blosxom 'isp' plugin doesn't work quite
well with debian suEXEC enabled apache. The problem is that ~laforge/weblog
is outside of the documentRoot and thus suEXEC refuses to execute
/usr/lib/cgi-bin/blosxom. The only kludge I could manage to do is to copy
blosxom into somewhere below ~laforge/public_html in order to make suEXEC
happy. As I want to move to static pre-built html files anyway, I didn't
bother to find a real solution to the problem.
Now I'm thinking about the netfilter.org integration. Since the new homepage
is built with docbook-website, a good choice would be something like a
'docbook-xml' flavour for blosxom. Need to think more about this.
[ |
permanent link ]
[ /linux/conferences |
permanent link ]
[ /linux/conferences |
permanent link ]
[ /linux/conferences |
permanent link ]
[ /linux/conferences |
permanent link ]
netfilter developer diaries
I've started to use blosxom as the designated tool for the upcoming
netfilter developer diaries.
If the test phase works out well, every netfilter/iptables developer will have
the possibility to host their own homepage including a blosxom-enable blog on
this server.
[ /linux/netfilter |
permanent link ]
netfilter homepage v3 using docbook-website
Over the last couple of weeks I've converted the netfilter website to
docbook-website. Let's hope this will be the last and final re-design of our
project website.
[ /linux/netfilter |
permanent link ]
Harald got engaged
I've proposed to the wonderful Elisabeth, who has enlightened the last 6+ years
of my live. She accepted my proposal and we became engaged. Now if that isn't good news :)
Though we've first met on IRC in early 1997, she's not a frequent computer user
these days... so there's no homepage (yet) I could point the curious reader to.
[ /personal |
permanent link ]
