Really everything related to technology
Anthony Bryan seems to have worked hard lately and we’ve seen him submitting his Internet Draft for Metalink XML Download Description Format on the http-wg mailing list, and now the 02 (zero two) version is up for public browsing and commenting at
http://tools.ietf.org/html/draft-bryan-metalink-02
… and his interim versions are also browsable here.
As the primary curl author, I’m finding the comments here interesting. That blog entry “Teaching wget About Root Certificates” is about how you can get cacerts for wget by downloading them from curl’s web site, and people quickly point out how getting cacerts from an untrusted third party place of course is an ideal situation for an MITM “attack”.
Of course you can’t trust any files off a HTTP site or a HTTPS site without a “trusted” certificate, but thinking that the curl project would run one of those just to let random people load PEM files from our site seems a bit weird. Thus, we also provide the scripts we do all this with so that you can run them yourself with whatever input data you need, preferably something you trust. The more paranoid you are, the harder that gets of course.
On Fedora, curl does come with ca certs (at least I’m told recent Fedoras do) and even if it doesn’t, you can actually point curl to use whatever cacert you like and since most default installs of curl uses OpenSSL like wget does, you could tell curl to use the same cacert your wget install uses.
This last thing gets a little more complicated when one of the two gets compiled with a SSL library that doesn’t easily support PEM (read: NSS), but in the case of curl in recent Fedora they build it with NSS but with an additional patch that allows it to still be able to read PEM files.
Anthony Bryan and I had a talk the other day regarding FTP vs HTTP etc, and the outcome is available as this podcast.
Since I’m doing my share of both FTP and HTTP hacking in the curl project, I quite often see and sometimes get the questions about what the actual differences are between FTP and HTTP, which is the “best” and isn’t it so that … is the faster one?
FTP vs HTTP is my attempt at a write-up covering most differences to users of the protocols without going into too technical details. If you find flaws or have additional info you think should be included, please let me know!
The document includes comparisons between the protocols in these areas:
With your help it could become a good resource to point curious minds to in the future…
When I got to work this morning I immediately noticed that one of the servers that host a lot of services for open source projects I tend to play around with (curl, Rockbox and more), had died. It responded to pings but didn’t allow my usual login via ssh. It also hosts this blog.
I called our sysadmin guy who works next to the server and he reported that the screen mentioned inode problems on an ext3 filesystem on sda1. Powercycling the machine did nothing good but the machine simply didn’t even see the hard drive…
I did change our slave DNS for rockbox.org and made it point to a backup web server in the mean time, just to make people aware of the situation.
Some 12 hours after the discovery of the situation, Linus Nielsen Feltzing had the system back up again and it’s looking more or less identical to how it was yesterday. The backup procedure proved itself to be working flawlessly. Linus inserted a new disk, partitioned similar like the previous one, restored the whole backup, fixed the boot (lilo) and wham (ignoring some minor additional fiddling) the server was again up and running.
Thanks Linus!
I previously mentioned on the libcurl mailing list, that Mark Nottingham in the IETF HTTP Working Group has initiated the work on putting together an overview of all (interesting) existing HTTP implementations
Of course curl is included in the bunch, or rather libcurl, but I would also urge you all to step forward and provide further details on other implementations you worked on or know of!
Maurus Cuelenaere has been very busy lately with his work on porting Rockbox to the Onda VX747 player. This 3″ LCD 4GB/8GB flash player isn’t just touch screen and very ipod touch-looking, it is also equipped with the Ingenic Jz4732 chipset. This is particularly interesting because this baby boasts an XBurst processor, which has a MIPS core clocked at 240 to 400MHz.
In other words: this is the first MIPS-based target Rockbox is being made for. Maurus has custom code running on it, we have rockboxdev.sh adjusted to build a MIPS toolchain and there seem to be a handful of other Chinese PMP players using this chip family so this is a good chance to get a whole bunch of new targets at once. Just join the fun!
Get all the latests news on development for this target and chipset family in this forum thread.
Normally I would link to the company’s official page about a player but this image will take you to a gadget blog site, simply because I cannot find any official site or page for this device!
In just a few hours I’ll take off to Berlin to go visit The Rockbox International European Developers Conference 2008. This year is hopefully going to become the biggest devcon so far. If you’re in Berlin this weekend, show up and say hello!
For you people living on a continent more to the west, keep your eyes open for DevconWest2008, probably taking place August 22nd to the 23rd somewhere in the US.
There have been so many open source initiatives for mobile phones in recent years it’s not even funny (limo, openmoko, Android to name some of the possibly biggest ones). The amount of actual phones on the market using one of them have been very very limited. Apparently there are some Motorola phones running Linux and you can get the Linux-based Nokia N800 tablets but they’re not even phones!
Obviously something has happened in the market though. Perhaps all those initiatives have pushed the big ones into thinking in more open source ways. The most interesting part of today’s news about Nokia buying the entire Symbian is their stated intension to open source it. (they’ve even already chosen the Eclipse Public License for it). It’ll be intereseting to see if there’s any interesting synergies coming up from Nokia’s previous purchase of Trolltech.
Of course, even Symbian has but a small fraction of the entire phone market as they sold 18.5 millions units in Q1 2008. IDC says 291 million phones were sold in the world during Q1 2008, which thus should position Symbian on roughly 6% of the phones that are sold today in the world!
I’m also curious if this will mean that Nokia will use Symbian on a larger scale on their own phones, as currently they seem to use Symbian only on a very small portion of their high-end phones. With Nokia owning the whole thing, they might see a bigger motivation to consolidate their own use of operating systems.
I’ve already before mentioned my antispam setup, but today I just ran a little check on my “hispam” mailbox (the spams with so high spam points that I never even bother to check them for false positives), 43MB of 7900+ spams (received during ~40 hours), to see which ones of my own handicrafted rules that get triggered the most. I use a set of 40+ custom spamassassin rules to help it trigger more mails as spam, since some of the very short mails seem to be hard to catch otherwise, and some of the mails are in many ways looking like mail I would normally get.
Anyway, my top-10 rules are:
The first number is number of hits. The second is the “spam points” I assign a match. Then there’s the name of the rule and my description for it. The “spam points” can best be seen relative to the other rules, as what makes a single mail a spam in the end involves multiple factors that aren’t shown here.