Nardol

I first read about Y Combinator while browsing Paul Graham’s website. I am a huge fan of his and have tried many times to bring him to Brazil for FISL (unsuccessfully so far). By that time I was updating a lecture of mine where I quote something from his Hackers and Painters essay and sudenly I noted an “YC” link on the left, and decided to click to learn what was that.

Y Combinator is a venture capital firm to help start-ups. It was built on the concept that not much money is needed for “first-stage” start-ups (“from idea to company”, as they call it). Quite a concept! I lost track of it until yesterday, when I read this blog post summarizing one of its events for start-ups. I found it amazing how far it came in such little time. They’ve already funded about 100 start-ups, some of them really interesting.

Of those presented in that post, Posterous is one I found most interesting. They create instant blogs just by sending emails to some address. There’s no sign-up procedure… Just send the email with any attachments and voilà. There you have: a new blog.

Many others are really interesting (PollEveryWhere, IDidWork, Frogmetrics, just to name a few), so I really suggest reading that post.

I think Y Combinator is another great idea from Paul Graham, and I will be following it more closely, as a way to keep myself updated… Who knows… maybe I can get them to come to FISL to present that! ;-)

It’s certainly funny to read articles about the future, but it’s even funnier to read past articles about now. I’ve just found an article written in 1968 about how thing would be 40 years in the future (or today).

Of all the foreseen things, I would really like to see domed cities. Although I don’t think any real goal would be achieved by it, surely it’s quite a sight.

Also more free time for leisure wouldn’t hurt…

Although far from winning the war against Azeredo’s bill, we finally won a battle. Chamber-of-Deputies IT Committee approved the request [pt-BR] for a public hearing [pt-BR]. Although a small step forward, all people involved with entities and NGOs interested in blocking this bill will have a chance to speak their minds.

This comes in a very special timing. A pool was published early this week [pt-BR] run by Vox Populi revealing that more than a half of the Brazilian voters distrust e-voting and about 20% think it’s possible to spy on their choices. This is a election year in Brazil, and all this setting can end up helping our case.

More than 106-thousand already signed the petition and I think with all those signatures adding to this setting this is going to be a very interesting hearing. At least people supporting this bill will have to stand up and say they are for it… And who knows what damage this can cause to them in a election year.

Some public hearings are broadcast through Internet. I’ll let you know if this one will be.

Of course, trying to block the Brazilian Internet Surveillance Bill is something we are really focused on doing. But as more people with political skills join us on convincing the Deputies this bill is just plain wrong, the rest of us, geek guys, are investigating Tor deployment.

I’d have to study the bill deeper than I have already, and probably ask some lawyer about it, but I think that the bill effectively makes unlawful to deploy Tor in Brazil as an end router. Via article 22 of the bill, providing an end-point Tor router can be considered “providing access to a worldwide computer network”, thus would require to keep three years of logs, what would render pointless having a Tor router in the first place.

What can “save” an end-point Tor router is the wording of this very article. It states that just commercial or public sector providers are entangled by it. What if I make a free (as in free beer) end-point Tor router available? It is not “public sector”, since it’s not tied to the government… It’s not commercial, since I am not selling access to it. But then, someone can argue that it’s commercial activity with zero-price… Brazilian law is just so confuse…

Anyway… if we can get it straight with the lawyers, I think we’ll watch a proliferation of end-point Tor routers in Brazil. This would assure that, even if this bill passes, it will not be easy for the government to peek on the citizens traffic. Geeks always having to fix what politicians break so easily…

For those of you wondering how is the battle against the Brazilian Internet Surveillance Bill, I have to report we already got more than 100-thousand people to sign the petition. You can check the current count in the image on the right. I am updating it every 15 minutes, so you can even use its URL in another place (as are some people doing already).

The bill will be voted by the Chamber-of-Deputies any time now… We heard it would be on yesterday, but apparently it was not even enlisted for this week. This doesn’t mean much, since the Deputies can hold an “out-of-list” voting… we’ll be watching.

Meanwhile, I read an article by Sérgio Amadeu that summarizes some of our feeling about that bill. Are we in the Western World (allegedly freedom lovers) turning into control-freaks? A whole lot of people I know are not even offended by this bill! These are the same people that don’t think it’s weird that USA claimed the right to seize any storage device entering their borders, for any time they want, with no warranted privacy. Are we in a middle of a paradigm shift? Are we accepting less freedom? What would George Orwell think of that?

Maybe we got in a wormhole and ended up in 1984…

I am following closely this new DNS mess. In fact, there’s nothing really new in that. DNS has been attacked lots of times over the years – as a result of not being designed with security in mind from the ground up -, just this new one is a combination of known attacks against known security flaws. The “quick fix” is not a real fix, and just incorporate old ideas into the most used DNS software, strengthening it to face the attack. The details leaked, and there’s already at least one public exploit (and who knows how many in the wild).

The new buzzword is DNSSEC.

I don’t like DNSSEC. I never did. The first time I heard of it, around year 2001, it was a centralization of a decentralized database: A proposed company (called Network Solutions) would serve as a central authority, signing every root DNS entry. It was a joke! Come on! DNS is suppose to be decentralized! Having a central company anywhere is just a huge step back in decentralization (not to mention a huge step back in security).

Time passed, and the DNSSEC specs evolved to a more decentralized way of thinking. The state it is now, and the implementations we saw so far are not good. No! I am not talking about security… I am talking about the KISS principle: DNSSEC turns something really simple to deploy into a full-time job, with frequent key roll-overs and re-signing everytime you change the zone – a huge mess! Yes, there are automated tools, but, come on! you still have to wait for TTL to expire before publishing this part or that part of the cryptographic machinery… And, if we are talking about real security, are we going to build some automated tool “fire-and-forget”-style and not follow it? If we are not looking at it as it goes, and it fails, we could end up with a completely wrong set-up or (even worse) a non-validating zone.

And I haven’t yet mentioned the increase in payload… I am not completely convinced that this alone would not lead to DoS attacks just by compromising the responsiveness of the servers (and DoS attacks are already available for quite some time – maybe the DNSSEC-medicine is worse than the disease…). The root (”.”) servers are not even DNSSEC-aware, and there’s a whole class of other stuff to work-around the fact that they may not be DNSSEC-aware for quite some time yet.

There has to be a simpler way!

I can imagine at least three ways to fix the problem until we can fix DNS in a KISS way… And they’re all KISS also:

• Change Transaction ID field. This is the first Achiles heel of this crisis. Let’s increase the length of this field to 2048 bits, or even larger. Better yet, let’s make it variable, so every system administrator can set his servers’ own size. Yes, I know this leads to replacing ALL the DNS infrastructure, but isn’t that what we are doing right now, anyway?

• Deactivate in-bailiwick injection. Over the years, DNS have been expanded to allow a lot of things other than translation of names into numbers (or to ease this translation). The second Achiles heel is the ability to inject the IP address for WWW.VICTIM.COM while consulting for 10294DKGJSDL.VICTIM.COM since both name-addresses are in the same bailiwick (in-bailiwick). Let’s take a step back, and deactivate all this… Before 1995, the same thing could happen with any addresses, including those “out of bailiwick”, and it was fixed to only allow those in-bailiwick… Let’s fix it again to not allow it at all!

• Good, and old iptables. Couldn’t we just use iptables’ LIMITS to stop this attack and blacklist the attacker? We’ve been doing this for a lot of other things (SYN-floods, ICMP attacks, etc). Can’t we just do the same. Again: this is not a new thing… it relies on multiple attacks in a short period of time, just like other attacks we’ve seen and successfully blocked with these techniques…

Maybe some of those three solutions are flawed… Maybe none are flawed and can be deployed together… Maybe I am wrong and DNSSEC is the only way to go… But let’s not panic, let’s cool our minds and begin thinking it through. I still don’t think DNSSEC is the holy grail…

Now… I already spent more time than intended on this… let me go back signing some zones ;-)

Great to hear about “etch and a half”. I’ve just upgraded all my systems and everything went smooth. I dumped my home-compiled Ruby in favor of Debian’s version now, since it fixes the annoying security bug. Thanks for the good work people!

Here I am writing today to tell something that might not be known outside Brazil – at least, I haven’t read much in English about it – the attempt to turn the Internet into a government surveillance device.

This story goes back to 2006 (and even back), when we first successfully blocked the approval of a bill that would, in effect, turn the Brazilian Internet into a giant Big Brother. This bill was introduced by Senator Eduardo Azeredo as a replacement to a series of other similar bills that were attempted before and was followed by a strong resistance by civil organizations, one of those being ASL, of which I am proud of being one of the founders. By that time we ended having it postponed for more debate.

It happened that the bill made a come back last weeks, and was pushed into approval by a subcommittee of the Senate (one that was suppose to deal with the constitutionality of bills) and now is heading to the Chamber of Deputies for appreciation. Apart from the first debates back in 2006, nothing happened between then and the approval. The bill have changed a little bit, but not much as to change its effects.

In Brazil, we have two legislative houses, Federal Senate and Chamber of Deputies. If a Law Project is proposed by one, is revised by the other. So we have already lost 50% of the fight. Ronaldo Lemos, professor of Fundação Getúlio Vargas (think about a Brazilian version of “Harvard Law School”) have already stated how dangerous such a Law can be, once approved. In his own words: “The wording of the law is too broad, and can be applied in several cases. The interpretation of what is a crime or not will be done by a criminal judge, who is used to deal with homicides and not with technology”.

Since its approval in Senate, several people have been putting together a resistance. Central to it is a Petition, hosted at Petition Online, that already holds 64-thousand signatures. One of the writers of that petition, André Lemos, a university professor and researcher, have said that the regular user will have the feeling of being watched, and not knowing if what he’s doing in legal or not: “For instance, if I disseminate a virus without knowing, will I be arrested? Can I exchange my files in P2P networks (my pictures, my musics, my text files) without asking for permission? How will the ISPs interpretate these exchanges? Can I copy a part of a text from a blog and paste it into mine? This law creates a feeling of insecurity and generalized fear”.

FGV’s Center for Society and Technology have published an analysis of the Law Project, and have spotted a lot of problems in it. For instance:

• Unlock a cellphone to be used in another carrier or unlock a DVD player, so it reads disks from different regions, can be a crime punished with 1 to 3 years of imprisonment and a fine, as deals article 285-A;
• Copy something from a blog that doesn’t state access restrictions is turned into a crime since a blog is covered by copyright and, if not stated otherwise, those restrictions should apply, and someone that copies can be punished with the same 1 to 3 years of inprisonment and a fine, as deals article 285-B;
• Unlock the iPhone using softwares like “jailbreak” is turned into a crime punished with 2 to 4 years of imprisonment and a fine, as deals article 163-A. Even put a link somewhere in your site pointing to the software “jailbreak” is considered a crime;
• The ISP is turned into a surveillance apparatus, and is mandate to inform the authorities about any of the crimes the Law deals with, as states article 22.

Thinking of how I can help, after sending an email to every Deputy whose email address I was able to get, I decided to translate the law into English (I also uploaded a version with indentation, since it’s pretty hard to understand the whole law without it, if you’re not used to), so the World can be made aware of what’s going on in Brazil. I also just sent an email with it to EFF, asking for their help. Not that I think they can do much, but they surely will know one or two strings to pull in order to put more pressure on the Brazilian government. I also hope that, once this post reaches Planet Debian, even more people become aware of the issue. In a sense, this is an appeal for all the Freedom Culture lovers out there to take any actions they can to help us prevent this Law Project to become a Law.

(In time, I’d like to thank Alexandre Oliva, who revised the translation).

Update (2008-07-23 11:50): Steve Langasek also revised the translation of the Law Project and I’ve made a “cherry-pick merge”, which resulted in the version currently linked in the text above. Older version of the plain and the indented documents are still available. Thanks Steve!

I’ve just tested the improvements in the performance of Javascript in Firefox 3 and WOW! Javascript in FF3 is really fast. While googling about it I just ran across a recent interview with Brendan Eich about the future of Javascript and I got excited about two things about this future.

First was what we already have, still in the beginning, but with a lot of potential: HotRuby. Really interesting to script a webpage in Ruby (which is my favorite language) and, while it’s not embedded the way Javascript is, it gets “compiled” in the server side with YARV (the new bytecode compiler for the next version of Ruby, 1.9), and then served to the browser in the form of JSON objects, so it can be interpreted by the Javascript engine in it. All this is transparent and work with XMLHttpRequest. It’s not a coincidence that Eich mentions it as being a form of ARAX (changing the J in AJAX for R – from Ruby).

I already do a lot of coding in Ruby… not having to deal with Javascript anymore is surely a plus. ITOH, Eich is talking about improvements in Javascript that would render it as a real programming language… Maybe coding in it would not be so painful anymore by then ;-)

The whole interview have to do with this Project Tamarin, a “high-performance, open source implementation of the ECMAScript 4th edition (ES4) language specification” [ ECMAScript 4 is the same thing as Javascript 2 ] by the Mozilla developers. And this is the second thing I got excited for: they’ve planned to glue IronRuby (Ruby compiler for argh! .NET) to it via IronMonkey.

So… exciting news! Either via Tamarin or via HotRuby, we’ll get Ruby browser scripting. My “free mind” tends to favor HotRuby instead of IronRuby/IronMonkey/Tamarin… But in the end what matters is that all those people now cursed by Javascript will finally have a taste of what a real programming language feels like.. Who knows! They might even like it ;-D

Debian 4.0 version of Ruby is open to the, now widely known, Ruby security vulnerabilities. The bug is reported as 487238 in Debian’s BTS, and is closed, since the version now in sid (version 1.8.7.22-1) is already fixed. Users of stable can apply the patch provided by Daniel Franke (it doesn’t seem to fix all, but goes a long way).

Apparently, this brought up (again) the rants over full disclosure. Indeed, what is vulnerable is not that hard to find, as Zed Shaw showed us, so, why not talk about it in a plain and bold form? Why just provide the CVE numbers and ask for everybody to upgrade? Zed goes more deep about the quality of C code, but that is not the issue I want to talk about…

As a Free and Open Source Software supporter (and developer), I can see the benefits of full disclosure. As a not-full-time webmaster, I can see the benefits of not having a “proof-of-concept” piece of code attached to the vulnerability report. Of course, there’s a lot of things a webmaster can do to prevent having a machine completely compromised in case a security advisory is published with a proof-of-concept code in it (think about chrooting, randomized memory protection, security libraries, grsecurity, SELinux, etc) – and my machines, although vulnerable to the bug, would not be fully compromised if exploited.

I guess one should be prepared to whatever comes from the Internet… Full disclosure, in this sense, have more pros than cons, IMHO. For instance it was not clear if Debian 4.0 were vulnerable… There were no security advisory coming from Debian (and there’s still not), and it is not promptly obvious if the version packaged is affected. I know that at least I wanted to run a proof-of-concept to check if my server is vulnerable or not before going all the way into packaging a fix (or backporting the sid version), and it was not until I read Matasano Chargen Blog that I could test older versions. But different people have different ideas…

Officially known as ISO/IEC DIS 29500, Microsoft’s office document standards (or OOXML format) was put on hold by ISO on account of the four appeals that emerged from national bodies (including Brazil), against it.

I am sorry for the people following this blog who expected to see the last posts of my trip (they are ready, but I just haven’t got the time to upload the pictures yet), and for those reading it in english, but I had to translate Brazil’s appeal so it could be appreciated by our portuguese-speaking fellows (since I couldn’t find an official version). If you want an english version, please refer to Standards Blog.

Here is the pt-BR free translation:

Caros Senhores,

A Associação Brasileira de Normas Técnicas (ABNT), como membro P da ISO/IEC/JTC1/SC34, gostaria de apresentar, à ISO/IEC/JTC1 e à ISO/IEC/JTC1/SC34, este apelo para reconsideração do resultado final da ISO/IEC DIS 29500.

Este apelo é baseado em duas principais considerações:

1. O Brasil considera que a BRM foi inconclusiva.
2. O Brasil considera que a versão final do texto da ISO/IEC DIS 29500 deve ser liberado imediatamente.

1. Sobre a BRM

Na BRM, a delegação Brasileira não teve permissão para apresentar uma proposta importante sobre o mapeamento de binários legados. Essa proposta era uma parte complementar a da delegação dos Estados Unidos sobre a nova organização da ISO/IEC DIS 29500. Ela também complementa a proposta de mudança de escopo aprovada na BRM.

O Brasil tentou apresentar essa proposta durante os debates, no primeiro dia da reunião e, atendendo a pedido feito pelo organizador, o Brasil começou discussões paralelas com os Estados Unidos e outras delegações preparando sua proposta para ser apresentada na sexta-feira, durante a apresentação dos Estados Unidos. Na sexta-feira, quando os Estados Unidos concluiu a sua parte da apresentação e solicitaram ao Brasil que apresentasse a sua, o organizador negou essa oportunidade à delegação Brasileira.

Várias delegações protestaram contra aquela decisão arbitrária, mas os apelos foram em vão e até o final da BRM, a delegação Brasileira não pôde apresentar sua proposta. A principal razão alegada pelo organizador foi “falta de tempo”. A proposta aqui mencionada é aquela disponível no arquivo “Br_Multipart_Proposal.ppt” disponível para todos os membros da BRM no website da ISO/IEC/JTC1/SC34 pelo menos desde o quarto dia da reunião.

O Brasil também notou que a maioria das decisões tomada durante a BRM foi baseada no argumento da “falta de tempo”, e nós acreditamos que isso é completamente incompatível com o tipo de decisões que deveriam ter sido tomadas naquela reunião.

Durante a BRM, algumas decisões também foram tomadas baseadas no argumento de que “nós precisamos dar respostas aos jornalistas”, e nós acreditamos que a cobertura da mídia não era tão importante quanto o resultado da reunião, a ponto de ter sido utilizado como critério para tomada de decisões. Mesmo com a “falta de tempo” alegada, alguns membros da delegação da ECMA, e não membros de quaisquer NB, tiveram permissão para fazer discursos de meia-hora durante os dois primeiros dias da reunião.

As regras de votação daquela reunião não foram seguidas conforme a subcláusula 9.1.4 das diretivas da ISO/IEC/JTC1. O Brasil também notou que a ISO/IEC DIS 29500 foi votada sob a ISO/IEC/JTC1 mas a BRM foi organizada pela ISO/IEC/JTC1/SC34. Mesmo se houvesse intenção de usar a subcláusula 9.1.4 das diretivas, o Brasil não pode entender se o status de membro P considerado deveria ser o da ISO/IEC/JTC1 ou o da ISO/IEC/JTC1/SC34.

O Brasil também considera que se a maior parte das questões eram para ser decididas por votação, sem qualquer tipo de discussão permitida. [essa parte da tradução não fez muito sentido]

Sobre o mesmo assunto, o Brasil considera que o “critério padrão de votação” escolhido somente foi eleito por ser o critério “menos ruim” que poderia ser analisado, e nós não consideramos que essa decisão de votação represente a intenção da vasta maioria dos delegados da BRM. Eles foram lá para discutir as propostas técnicas.

Analisando o documento “SC 34 N 990 – EDITED NOTES OF THE MEETING”, na página 7, nós encontramos registro da objeção de BR à decisão de divisão multi-part mas analisando o documento “SC 34 N 989 – RESOLUTIONS OF THE MEETING” nós não encontramos aquela objeção registrada.

Durante a BRM, as delegações foram solicitadas a votar em bloco pela rejeição de um conjunto de respostas que foi considerada pelo organizador como “respostas sem quaisquer instruções de edição”. Aquelas respostas listadas no arquivo “dis29500-nochange.txt”, disponível no website da SC34 durante a BRM e, tanto quanto os delegados Brasileiros lembram, esse conjunto de respostas foi “rejeitado em bloco” conforme solicitado.

Quando nós analisamos os documentos N989 e N990 não vimos nenhuma referência àquela decisão e também no documento da ISO/IEC/JTC1/SC34 intitulado “Result of Proposed disposition of comments (SC 34 N 980)”, que apresenta uma tabela com o status de cada resposta, algumas das “respostas rejeitadas em bloco” aparecem como aceitas (por exemplo, respostas 3, 5, 10 e 11, entre outras).

Para finalizar nossas considerações sobre a BRM, analisando o documento N989, nós encontramos que a BRM pode ser resumida por:

• Total de respostas disponíveis para discussão: 1027 – 100 %
• Total de respostas abordadas na BRM: 189 – 18,4 %
• Total de respostas decididas por voto “padrão”: 838 – 81,6 %

Nós usamos o termo “respostas abordadas na BRM” acima porque a maioria daquelas respostas foi decidida por votação em bloco, sem qualquer discussão na BRM.

Pelas razões acima mencionadas, o Brasil considera que a BRM ISO/IEC DIS 29500 foi inconclusiva.

2. Sobre a versão final do texto da ISO/IEC DIS 29500

De acordo com o item 13.12 da diretiva, a versão final do texto da ISO/IEC DIS 29500 deve ser distribuído em não mais de um mês após o final da BRM.

Visto que quase três meses se passaram depois do final da BRM, sem qualquer versão final do texto ser publicada ou distribuída, e baseado na subcláusula 13.12 da diretiva, o Brasil solicita a distribuição do texto final da ISO/IEC DIS 29500.

Por todas as razões apresentadas, o Brasil gentilmente solicita que o resultado da ISO/IEC DIS 29500 seja reconsiderado pelas ISO/IEC/JTC1 e ISO/IEC/JTC1/SC34.

Atenciosamente,

Marcia Cristina de Oliveira

ABNT – Gerente de Processo de Padronização

Here is a story people are bugging me to tell here: Since 2003, every year in fisl’s last day we, Debian Brasil, hold a “party” to celebrate Debian’s anniversary (I know it’s on August, but it’s probably the only opportunity we’ll have to gather all the gang together so we do it in advance anyway). It’s always something that draws everybody’s attention in the conference… I wonder if the pieces of cake we distribute have anything to do with it…

Anyway, this anecdote happened during fisl9.0’s party. I was there, helping by distributing cake and blowing our whistles when Jon ‘Maddog’ Hall got there to check what’s going on. I met Jon around 2001, in OpenBeach, an event that happens in Florianópolis every year (and that Jon likes to attend)... he’s the most pleasant guy, with lots of stories to tell. Since this years’ fisl was so intense, I barely had time to talk to him… in fact, that was the first time we saw each other this year. We hug each other and were asking how’s each other life’s going and so, when Jon got his camera out of his pocket and asked some guy in the crowd to get our picture. I did the same. We exchanged some compliments and he left saying that he still had to work in his talk.

Jon is quite a character. In fisl, every time he wanders around his picture is taken over one hundred times (I actually saw some father taking pictures of him holding his child like he were running for Senate or something, one time). So he left with some people around him and I think he’d not seen what happened next. I turn towards Debian’s booth, to resume the cake delivery when some guy in the crowd asked me to take a picture with him. And then another one… and another. I believe my picture was taken another two or three times before I got to the booth. I can’t believe! I was about to tell people “Hey! I am nobody! Stop taking pictures with me…” What were they thinking? I imagine something like “I don’t know who this guy is, but if Maddog took a picture with him, he must be some one!” was crossing their minds.

When the party was over I went back to the Organization Committee room and told this story… LTSP’s Jim McQuillan (another good friend) told me I was “Important by Association”, and everybody just kept laughing at me because of that. I haven’t got the time to tell Jon about it… I hope he’s reading.

I think I am going to check what pictures people are uploading about fisl, to see if I can find myself on any ;-)

I gave Brenda a Palm TX, so she can better organize her life. As a plus, it is wi-fi aware, so all sorts of interesting things can be done. Sadly, though, it doesn’t ship with a microphone (I still wonder why… it’s large enough to hold an embedded mic, just as Palm smartphones have). Lately, Brenda was talking about recording some sessions or holding her thoughts in one of those tiny memo-recorders, and this promptly stroke me as “another gadget to stuff her purse”... then I remembered having read that Palm TX have all that is required to hold a microphone, but the microphone…

I retrieved the Palm Multi-Connector pinout from Wikipedia and realized that all I had to do was attach an electret microphone to 16 and 17 pins and there we go. I ordered a charging cable just for the connector and here are the pictures I took of the building process:

The tools and pieces I used:

It’s easy to disassemble the connector. Take a close look at the attaching plastic hooks… there are four of them: two outside, near the pins, and two inside near the cable. Last two are harder to detach, but once you’ve detached the first ones, just hold the two pieces of the connector and easily shear them: one side will detach first.

The microphone have two terminals that already hold enough soldering tin. Beware to solder the “blue” cable (the one that goes with pin 16 – AGND) to the marked terminal of the microphone, and the “red” one (the one that goes with pin 17 – MIC_IN) to the unmarked one. (In the picture, my cables are all black, but the wires inside are “red” or “blue”. I could not get a good picture of the terminal markings).

I have dissolded the charging cables from pins 1, 3, 5, and 8, but that is up to you (you can just cut the main cable and leave the pins untouched). Also, while soldering the microphone cables to the connector, beware of using as little tin as possible. It’ll be even easier if you remove the pin from the connector… it’s easy to do if you have small pliers and careful fingers. Try first with one of the other pins that will not be used. Solder the “red” one to pin 17 and the “blue” one to pin 16.

I cut a piece of an old earphone cushion to close the charging cable hole (and to protect the microphone). Here is the final result:

Now, for the recording software, there’s a nice free software that does that perfectly for PalmOS: Better Recorder. Now Brenda can record her mind!

It has been some time since I’ve blogged about Subversion and how I was finding it useful. I’ve been using subversion and svk since about that time and I love it. Svk is really great and although it is more an off-line version control than a distributed one, it goes a long way for a former cvs user like myself. Lately, I’ve been considering git (isn’t everyone?).

It was not until I moved to my own hosting (thus having to maintain two subversion trees: the new one and my company’s old one) that the whole “having a central repository” started bothering me. Merging became complex, since now I have two “central” repositories, and while svk makes it a lot simpler (I just keep a mirror of the two repositories and use svk to merge between them), I began to realize that there should be a better way… I’ve watched (again) Linus’ git lecture at Google Tech Talks and decided I was going to try it.

First thing that called my attention was how easy it is to share a repository: just copy the .git directory somewhere public (an http server, for instance), and there you have it. This is much easier than configuring modules for apache, or configuring svnserve (and I’ve done that a lot in the past 3 years!).

For the subversion-only user (one that has never used svk), the carry-all-the-repository-with-you thing may sound strange, but with svk, I was used to “mirror” the repository, so that’s not an important change to me. I could not compare space utilization (and git is advertised for being more space-efficient) yet, but so far the git repositories seems to be a little smaller.

I already found it easy to branch using svk (in fact, I used to do that a lot), but git branching is really a plus! You can switch back and forth inside the same ‘working copy’ (actually I don’t think it’s correct to call that a working copy) and merging is rocket-fast! Maybe if svk could easily merge between two distinct users without requiring a subversion repository (think about the defunct svl), I would not have been trying git, but…

One thing that is really missing is the partial checkout. Actually I liked very much that svn/svk “feature”, and the clean and natural way which they treat directories and files. I understand git is designed with other priorities in mind, but, right now, that feels like missing to me. Maybe it’s just a svn/svk habit.

All in all, I found git very interesting… I am not ready to switch from svn/svk yet, but I’ll try git in small new projects and see if I can get used to it.

And fisl9.0 is over. This was a great one… not only because of its size, but there were so many things at stake that I am positively surprised such a few went wrong. We’ve got a lot to think until next one…

To begin with, there’s a major difference between this “inter-fisl” time: we already know where next’s going to be and how much it’ll cost us. The event-center cost, as you can imagine, is the most expensive part of our budget, and knowing that in advance, I believe, will play an important role in our planning. Also, we got more time to plan for the next one: it’ll be in June, not April, as usual.

Moving back to PUCRS (from FIERGS) as fisl’s event-center – now I can say – was scaring me to death. PUCRS is smaller and we were foreseeing a huge event. Guess what! The event was bigger than first imagined, and PUCRS held it without major drawbacks. Sure, lectures were crowded… but they were already crowded at FIERGS anyway… The expo had more people than FIERGS, but I am sure our sponsors did not think that was a problem ;-)

Of course, not everything went OK… I think we had two important problems to solve for next fisl: our network must be born already correctly configured for the streaming, and our wireless infrastructure must be stronger. The first one I already wrote about and I think it had to to with the inexperience of the network people this year: apparently they’ve put everything under a crappy load-balancing and while this might work for web-surfing or sending small amounts of data, it just hurts anything that should be continuously transfered, like real-time videos. Here is a piece of advice: network planning involves the “right” amount of everything (the right amount of cables, the right amount of bandwidth, the right amount of uplinks), including the right amount of configuration! I think our network problems were more a case of overconfiguration than one of lack of skills.

The problem with the wi-fi is deeper. Maybe I don’t completely understand the technology (and people handling it were not very helpful). How do you manage an event like fisl in the wireless front? PUCRS have provided us with enough wi-fi to hold 1500 concurrent connections (so they say), and have reported we never had more than 400 concurrent connections… and yet, as many people have reported, to connect our laptops was a hassle. I don’t have a laptop, but I’ve seem a lot of my friends trying to connect with no luck. During the second day, PUCRS wi-fi technicians told us that the problem was the Access-Points people brought to fisl (according to them there were more than 30) that were, somehow, messing with the channels they were using. So we reserved some channels to PUCRS and asked people to use other ones. I tend to believe that the majority of the people listened to our appeal and reconfigured their Access-Points… but no improvement were reported.

So, either PUCRS cannot hold more than 400 concurrent connections in their wi-fi system, or there’s some other problem we’ve not identified. What is the right thing to do? To forbid people to bring their own Access-Points? No way I am going to see the day fisl organizing committee will disallow people to carry their own communication devices!! There must be a better solution… I think I am going to study wi-fi at least not to be easily fooled around by this “messing the channels” crap (please, comment to this article if you have any ideas).

Finally, people are dreaming of a 10-thousand people fisl next year. I think it’s not more than a dream… but hey! When we made the first fisl, there were only 300 people… it has been a 9-year long dream… Maybe that 10-thousand one will come true, as the previous ones did. I will just add one more problem to our list: the first day long lines to get people’s badges must be addressed in a creative way…

Thanks to all that came to fisl. See you next year!