The mouseless side of X //at 00:48 //by abe

Although I like the idea of a tiling and completely keyboard focused window manager, I never fell in love with Ion because the default keybindings weren’t really intuïtive (to me). A few months ago I noticed, that ratpoison is also a tiling and completely keyboard focused window manager, only with much more intuitive usage: If you know screen and it’s keybindings, you also know ratpoison and it’s keybindings: Just exchange Ctrl-A with Ctrl-T. This sounds perfect for usage on my low performance laptops, where I have small screens and usually also no virtual desktops in use.

There’s only one thing which annoys me in ratpoison: If I use a mostly mouse driven application like e.g. a webbrowser with ratpoison, I have no problems to click on links, even if the webbrowser is not in the so called “current frame”. But if e.g. click into an input field, I usually notice much too late that while the mouse works fine in the browser, keyboard focus is still in some other window. Currently they all use flwm, the Fast and Lite Window Manager.

So what I would need is a tiling and keyboard focused window manager but with “focus follows mouse” politics. And since the laptops on which I intend to use such a window manager, all have a touchpad or thumbstick, the mouse there counts as keyboard focused, too somehow, doesn’t it? :-) I wonder, if an ion3 could be configured to use the same keybindings as ratpoison. That would probably fulfil this desire.

On the other hand, there are browsers which are fine without mouse. lynx or links2 for example, so the focus problem I have with ratpoison wouldn’t occur. But what if I need or want a keyboard driven and full blown webbrowser? Ok, Firefox as well as Opera are not that bad in keyboard only use, but they still are focused on the mouse using user.

But Gecko wouldn’t be Gecko, if there wasn’t some Gecko based browser with this features: On the ratpoison website I found a link to a very interesting Firefox plugin which makes Firefox a complete new browser, a keyboard driven webbrowser named Conkeror. It has no toolbars at all, no (visible) tabs, no menus, no nothing — it shows only the website in fullscreen, a status line and a multipurpose command line — exactly like the mini-buffer of GNU Emacs.

But not only the layout, even the keybindings are very emacsish: C-x C-f opens an URL in a new buffer -eh- tab, C-x 5 C-f opens an URL in a new frame (window), C-x C-v opens a new URL in the current tab (buffer) with the current URL as editable default value, C-x b switches to another tab, C-x k kills -eh- closes a tab, C-x C-b lists all open tabs, l goes back (remember the Emacs info reader, eh?), C-g quits accidently requested dialogs or stops loading a web page, Ctrl-s and Ctrl-r give you forward and backward i-search, C-n, C-p, C-f and C-b scroll, etc. Even M-x works, e.g. will M-x revert-buffer reload the web page. (Unfortunately Esc-x doesn’t work. Yet.) And for vi freaks, there is even M-x use-vi-keys. There’s even one lynxish keybinding: \ lets you view the source.

And although it’s one of the strangest webbrowsers I saw yet, I somehow like it and also would like to see it in Debian as package, since it is the perfect companion for ion or ratpoison. Looking through apt’s package cache as well as the wnpp bugs, I haven’t found any hint on somebody already packaging it, so I’ll have a look on it and on how to to package a Firefox extension for Debian.

BTW: While looking through the wnpp bugs, I found bug #335459, which is the ITP flock, an also Gecko based browser with a lot of cool features for blogger who like social network tools.

Another nice thing I found today in Debian was the xfonts-artwiz package whose small fonts are very suitable for small resolution screens, especially if a tiling window manager is used with a e.g. 800×600 resolution. Unfortunately they aren’t available in a charset with German umlauts.

Apropos tiling window managers: Anyone tried pconsole with an automatically tiling and resizing window manager? I wonder if it’s usable. At least on MacOS X with its cascading window positioning algorithm, pconsole is a pain. — But even without cascading windows, MacOS X is a pain for keyboard users. Just think of its default behaviour when using the tab key inside a form mask: It will skip all buttons, all checkboxes, all radio buttons and all select boxes. Argh!

Fedora Legacy useless? //at 15:16 //by abe

For a (much too long) time, we ran our three AMD 64 bit virus scanners and spam filter boxes with Fedora Core 4. Since the the official support ended a few months ago when Fedora Core 6 Test 2 came out, so we decided to switch them over to support through the Fedora Legacy Project.

For testing purposes we first switched over one of the three boxes. But the test failed: Although the changes (as documented on the Fedora Legacy home page) seemed to work fine, not a single update came until the end of last week, even though there were partially remotely exploitable security issues in OpenSSL, OpenSSH, gzip, etc. during that time. There were also no announcements on the list since FC4 switched over to the Fedora Legacy Project, not for FC4 nor for any other distribution maintained by the Fedora Legacy Project.

So what the heck does the Fedora Legacy Project if not security updates?

I would be very happy if I could switch over those boxes to Debian or even Ubuntu, but there’s no BiArch support (running 32 bit applications on 64 bit operating systems transparently) in Debian (and therefore neither in Ubuntu) yet without a lot of manual fiddling and chroots, so we can’t run our 32 bit virus scanners on those 64 bit boxes with a debianesk operating system yet.

Today we’ve upgraded the last of those three boxes to Fedora Core 5.

Mailing lists made my day //at 13:58 //by abe

Today actually two mailing lists made my day:

First Theo de Raadt’s mail to the FreeBSD security mailing list:

Date:       Mon, 02 Oct 2006 14:00:11 -0600
From:       Theo de Raadt <deraadt@cvs.openbsd.org>
To:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh 
Message-ID: <200610022000.k92K0B5P009759@cvs.openbsd.org>

> The OpenSSH project believe that the race condition can lead to a Denial
> of Service or potentially remote code execution
                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^

Bullshit.  Where did anyone say this?

Why don't you put people in charge who can READ CODE, and SEE THAT
THIS IS ABSOLUTE BULLSHIT.

and Colin Percival’s dry reply pointing out who made the “ABSOLUTE BULLSHIT”:

Date:       Mon, 02 Oct 2006 14:25:05 -0700
From:       Colin Percival <cperciva@freebsd.org>
To:         Theo de Raadt <deraadt@cvs.openbsd.org>
Cc:         freebsd-security@freebsd.org
Subject:    Re: FreeBSD Security Advisory FreeBSD-SA-06:22.openssh
Message-ID: <452183B1.7000306@freebsd.org>

Theo de Raadt wrote:
>> The OpenSSH project believe that the race condition can lead to a Denial
>> of Service or potentially remote code execution
>                ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
> Bullshit.  Where did anyone say this?

The OpenSSH 4.4 release announcement says that, actually:

 * Fix an unsafe signal hander reported by Mark Dowd. The signal
   handler was vulnerable to a race condition that could be exploited
   to perform a pre-authentication denial of service. On portable
   OpenSSH, this vulnerability could theoretically lead to
            ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   pre-authentication remote code execution if GSSAPI authentication
   ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^
   is enabled, but the likelihood of successful exploitation appears
   remote.

Colin Percival

Well, looks like an exquisite own goal. (Found by Squeeeez.)

Then, _rene_ cited a mail from the current Debian Project Leader Anthony Towns on debian-devel in #debian.de, who thought that »Switzerland was some foreign word meaning “snowy place”«:

Date:       Tue, 3 Oct 2006 15:52:38 +1000
Subject:    Re: Bits from the DPL: Looking forward
From:	    Anthony Towns <aj@azure.humbug.org.au>
Message-ID: <20061003055238.GA4841@azure.humbug.org.au>

On Tue, Oct 03, 2006 at 03:39:20PM +1000, Anthony Towns wrote:
> BSPs in Vienna (Switzerland) [3], 

I was assuming, of course, that "Switzerland" was some foreign word
meaning "snowy place", but apparently it's actually a country all of
its own, entirely separate to Austria...

On Tue, Oct 03, 2006 at 03:43:52PM +1000, Anthony Towns wrote:
> (b) Firmware vote
> proposal, as amended by Manon Srivastava (Message-id:

And while _Manon des sources_ might've been a neat French film, I don't
think it's actually got all that much to do with Manoj...

Cheers,
aj

And contrary to the usual biases, this geographic unawareness comes from Australia (which is unequal to Austria ;-) and not from the US. :-)

Guys, you all made my day. Kind regards from a currently not so snowy snowy place. :-)

Dynamic vs Static Network Configuration //at 16:03 //by abe

A guest researcher today called us, because his laptop with Fedora Core 4 didn’t get any working IP address. That problem was solved quite quickly: The “Internet Connection Wizard” didn’t allow him to choose a dynamic configuration via DHCP. It was greyed out and the static configuration was one for a private 192.168.* network.

I quickly found out, that “Network Device Control” allowed us to switch to DHCP. After deleting /etc/resolv.conf, it also got the right DNS servers.

But whatever I restarted, it didn’t set a default route although it did get one by DHCP and had it documented in its lease file.

After about one and a half hour of debugging configurations and network configuration scripts I found out, that if the environment variable $GATEWAY is set, it ignores the one given by DHCP. Then I grepped for GATEWAY in the config file. But I just found the default gateway configured for the old, now greyed out static IP configuration.

Although I told myself “No, it can’t be!” I commented out the default gateway of the now unused static configuration. And yes, I wasn’t mistrustful enough about Fedora: It worked. You really have to change parts of the not selected static IP configuration to make the selected dynamic one to work.

Thanks, Fedora! *bangingtheheadontothetable*

Fixing server bugs on client side //at 15:35 //by abe

On my new job at ETH Zurich I stumbled over a lot of HTTP requests in the web server log file, obviously trying to fetch the automatic proxy configuration file (usually called proxy.pac) but requesting it with the last character missing and therefore requesting the nonexistent file proxy.pa:

195.176.XX.AB - - [16/May/2006:11:12:56 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.YY.CD - - [16/May/2006:11:16:32 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.ZZ.EF - - [16/May/2006:11:18:38 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.YY.CD - - [16/May/2006:11:24:16 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.ZZ.GHI - - [16/May/2006:11:31:44 +0200] "GET /proxy.pa HTTP/1.0" 404 5235 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.XX.J - - [16/May/2006:11:33:35 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"
195.176.ZZ.LMN - - [16/May/2006:11:35:18 +0200] "GET /proxy.pa HTTP/1.1" 404 5261 "-" "Mozilla/4.0 (compatible; MSIE 6.0; Win32)"

WTF happend here? When I found a bunch of those request from a single host last night, I expected a local cut and waste typo on a single box. But during the day I got the same sort of defective requests from over 30 hosts in our network. So we looked at our dhcpd.conf, but all appearances of “proxy.pac” had its “c” at the right place.

WTF is happening here? After googling for a moment I found this mail on the squid users mailing list, stating the following:

WPAD worked reasonably well for WindowsNT and Windows2000; however, there was a problem with the file name in Windows2000 and the initial release of WindowsXP. The Microsoft DHCP Service returned the wrong byte count for the string returned for option 252. The DHCP Client compensated for this by decrementing the string length. This resulted in the file name being truncated when the ISC DHCP daemon was used. The solution was to define a symlink proxy.pa –> proxy.pac.

So in other words: Microsoft worked around a off-by-one bug in their own DHCP server by patching their DHCP client to parse faulty configurations — and obviously only faulty configurations by expecting some length statement to be always off-by-one. *hrrrrng*

Our solution was BTW to insert an appropriate Alias directive into our Apache web server hosting the file.

Parfüm im Kneipenklo //at 15:34 //by abe

Nachdem ich gestern einem Freund beim Umziehen half, lud er mich im Anschluß zum Essen ins Cheyenne in Oerlikon ein. Das “Goat Cheese Foccacia” mit Grillgemüse war extrem lecker und auch sonst schien das Lokal ganz nett. Bis zu dem Moment, an dem ich mir auf der Toilette die Hände waschen wollte…

Wie so üblich in nicht-privaten Toiletten greift man zu dem Behältnis rechts neben dem Waschbecken, drückt daran auf irgendeinen Knopf und bekommt dafür ein wenig Flüssig- oder gemahlene Seife auf die Hand. Aus diesem Spender kam allerdings extrem wenig und sehr dünnflüssige Seife. Also halt noch ein paar Mal draufgedrückt und Hände gewaschen.

Hmmm, irgendetwas stinkt hier bestialisch. Und zwar nach Parfüm. Und besonders viel taugen tut die Seife auch nicht. Und wieso ist links neben dem Becken nochmals ein anderer Seifenspender? Ich schaue mir den Spender rechts vom Becken nochmal genauer an. Vielmehr als ein französisch klingender Firmen- oder Produktname scheint nicht draufzustehen. Doch, da unten, eine URL: www.$firmenname-parfum.ch. Parfüm? Ja, spinnen die denn? Ich rieche an meiner rechten Hand und mir wird fast übel.

Ich habe dort dann mit der richtigen Seife meine Hände mindestens dreimal gewaschen, aber ganz weg wollte der Gestank trotzdem nicht gehen. Zuhause habe ich dann als erstes meine Hände nochmals mit parfümfreier Seife und einer Fingernagelbürste mehrmals gewaschen. So langsam kann ich meine rechte Hand wieder riechen (bzw. nicht mehr riechen, je nach Sichtweise ;-).

Offen bleibt jedoch die Frage: Was in aller Welt treibt einen Kneipenbesitzer dazu, einen Parfümspender, auf dem nicht einmal draufsteht, daß es ein solcher ist, auf der Herrentoilette zu installieren? Und dann auch noch an einer Stelle, die typisch für Seifenspender ist? Am liebsten würde ich ja denjenigen, der das verbrochen hat, solange in Parfüm baden, bis ihm schlecht ist.

Athen plans to ban SUVs from the city //at 00:41 //by abe

According to this Spiegel Online article Athen plans to “ban offroaders” from the centre of the city with the beginning of September 2006. Since the Greek governments argues about the traffic space these cars need, their drivers “only being posers” that have “nothing to do than driving around all the day”, I suspect, they mean SUVs and not offroaders. At least here in Germany, you usually don’t see offroaders in the cities, but a lot of Sport Utiliy Vehicles which usually just pretend to be an offroader (Wired, Guardian) but are perfect for parking with one or two tires on the sidewalk.

As outrageous as this sounds — it may have a real and reasonable reason: SUVs are usually bigger than other cars (especially in Europe), they need more parking space and have bad turning circles. They often have to back just to turn left or right in Athen’s narrow alleyways. Because of this, they are accused to cause most of the traffic jams in the centre of Athen

I’m still not sure, if I should believe this news, although SUVs are some kind of enemy concept for me. Why only SUVs? Why (AFAIK) also small offroaders like the Suzuki LJ or SJ? Why not being consequent and taking the Paris of ’50s (or ’60s? Can’t remember and Google and Wikipedia didn’t help…) as an example and creating a Zone Bleue (“Blue Zone”), in which only cars may enter, which have appropriate dimensions.

“Zone Bleue”? Back in the decades after WWII, Paris had problems with big lorries in the city, so Paris’ introduced the Zone Bleue (AFAIR) in the inner city, which was restricted to vehicles with a floor space less than 5m² or 6m² or so, so even some French car makers started build special “Zone Bleue” versions of their delivery vans with bumpers closer to the van body, tunneled rear lights and rolling shutter instead of outside lying sliding doors. And often high roofs for raising their capacity. (The only “Zone Bleue” van I found pictures of on the net was this Citroën HY Zone Bleue Pickup. You can best see the unusual rear bumper and the tunneled rear lights on the lower left picture.)

But back to Athen: Another reason which makes me sceptical about that news is that neither the Englisch Google News nor the the German Google News (also tried several other search terms…) finds any other news about this except the above mentioned Spiegel article.

Found via Ignoranz.ch.