1. There is now a corollary to “do not write your own cryptographic routines”: “do not fix bugs in someone else’s cryptographic routines.” If there is a annotated view of the OpenSSL tree (I don’t know/don’t care), the DD who patched OpenSSL would have been better off contacting the person who wrote the offending line in the original source than trying to find the correct channel.
2. Developers must publish correct information on how to contact them. Incorrect information on the OpenSSL website maintenance is just as much to blame for this as the DD in question, who did ask the suggested channels about his patch.
3. Distros should have peer review of patches in security-critical code—by experienced developers—if they do not already.
4. Rather than all the bitching, remember that the central tenet of F/LOSS is Fix It Yourself. This does not cease to apply simply because the problem exists in something you depend on. If anything, it should emphasize how necessary it is.

As to your real question, the idea of immediate compilation and “unit tests” appeals to me only rarely, when I’m feeling my way in a totally unknown environment and need feedback about what works and what doesn’t…

Hmm, people who are “feeling their way in a totally unknown environment”… Like new contributors to an open-source project or a new employee doing maintenance work on a project after the original team has gone on to other companies.

…otherwise, lots of time is wasted on activities that I simply never need to perform or even think about. Nothing needs to be “mocked up.”

Good for him. Here on Planet Earth, developers are often asked to work on projects they didn’t design and implement themselves, and do so in a way that doesn’t horribly break something that already exists. Or work with others because your desired endstate and timeline are not such that you can do it yourself or work things piecemeal and take it back for a redesign. </snark>

Personally, before I did this test, I was certain that LightTPD would win the race. Obviously, large software which is perceived bloated not necessarily is.
mod_php, LightTPD, FastCGI — What’s Fastest

Put that on a Times Square ticker.

• Forward/reverse entries
• CNAMEs

The command line arguments are –k (privkey) –a (action) –h (hostname) –i (ipaddr) –c (cname) –d (debuglevel) (-t ttl)

Usage:
    setns -k privkey -a set -h hostname (-i ipaddr|-c cname) [-d #] [-t ttl]
    setns -k privkey -a unset -h hostname (-i ipaddr|-c cname) [-d #]

You need to be familiar enough with Bind9/DNS to have created a keypair with dnssec-keygen and added it to your named.conf.

Other ways of simplifying this are a Tcl/Tk GUI tool and a python script. Neither of which have the distinct advantage of my tool: giving me an excuse to do useful/interesting things with bash. Downsides are perennial scripting problems with insufficient input validation, it’s not transactional (i.e. if the second half fails it won’t back out the first half), and it requires FQDNs rather than using your search domain.

The script, available under the GPL.

Also, good to see all the progress we’re making in the illegal, immoral, unjust, but magically winnable war to let Exxon take upwards of 75% profits on all the unexploited oil reserves in the Baghdad in the Midwest Cornfields.

Cool little shot of backing up a DVD in Ubuntu via Thoggen.

This is also why people buy those toys from Linksys, they require little to no effort to use. Of course, their wireless offerings should ship secure by default, with a little plastic window on the bottom of the thing containing a card with the SSID and WEP keys on it—and a stack of pre-labeled cards to write future SSID and WEP keys on.

Aaaaanyways, having setup OpenVPN at work (ethernet bridge over TCP) I needed to punch through the firewall on my box so it was worth a damn. Unfortunately adding the VPN network to the “Hosts allows to connect” list doesn’t work, since it still blocks the output. To fix this, you need to disable the firewall on your tap (or tun, if you’re using OpenVPN in a routed configuration) interface by adding the VPN network to your “allowed hosts” bit, and then adding the following lines to /etc/firestarter/user-pre:

$IPT -A INPUT -i tap+ -j ACCEPT
$IPT -A OUTPUT -o tap+ -j ACCEPT

What that means is: “let anything coming in (INPUT/-i) or going out (OUTPUT/-o) on any tap interface through.” Getting the connection to use the incoming/outgoing policies is the ideal case, but I didn’t really research into how to make it work beyond a little experimentation.

Totem, BZFlag, Rhythmbox,
GNOME Screensaver,
and the User Switcher applet

Upgrading from GNOME 2.12 was roughly the same “wow, speed” rush as installing more RAM or a faster hard drive.

Obviously in poor form.

Mmm, indeed, indeed.

At any rate, I’m going to ride the “fever train” for as long as I can.

For example, I can blame the fever for making me forget that today was tarball-day after work, causing the tarballs for FUSA 2.13.91 to be precisely 82 seconds late. Fortunately, Davyd uploaded the tarballs anyways, so you have something to test.

I can also say that there is only one RC release left before 2.14, and the lack of bugs filed against FUSA is troubling. I know for a fact I’m a mediocre programmer, which means that people simply aren’t testing this crap, which is totally unacceptable. I want to hear about all three crashers that I’ve secretly sneaked into FUSA in the last few months. Of course, such crashes don’t exist… or do they?

Ummmmm, ok. Forget the stream-o-consciousness bizarreness and just test the freakin release, purty please, with sugar and such on top?

I couldn’t help but think “na na na boo boo, you’re going to jail.”

In other, honest-joy news, Richard Stallman has an interview up at Z Magazine describing F/OSS as a social movement. Though upon hearing that Zmag doesn’t run F/OSS as it’s software, I could only think “wow, you guys are clueless on tech, aren’t you—80% of the Internet uses F/OSS.”