Once in a time, I get to travel to places that make me worry about the data on my laptop. This time, it is not the US, but another openly democratic country where they kill you for a joint, let alone nude pictures. Enough politics, though.

I have a laptop with the /boot in a separate partition, followed by a /root partition and a /swap. Having a separate /boot is mandatory, as the BIOS has to load an unencrypted kernel and its initrd before being able to access the encrypted partition. Another option is to keep /boot on a USB stick, but its setup can take a whole other post.

First things first, let us install software for managing encrypted disks and updating the initrd image:

aptitude install cryptsetup initramfs-tools

We have to make sure that the encryption modules are present on the initrd, so I add the following three modules to the initrd config:

echo aes-i586 >>/etc/initramfs-tools/modules
echo dm-crypt >>/etc/initramfs-tools/modules
echo dm-mod >>/etc/initramfs-tools/modules

Next step is to inform cryptsetup and inittab of the partition mapping between /dev/hda2 (the physical device) and /dev/mapper/root (its encryption interface).

echo "root /dev/hda2 none luks" >>/etc/crypttab
sed -i 's#/dev/hda2#/dev/mapper/root#' /etc/fstab

We also have to change the root device for grub the same way we did it for inittab:

sed -i 's#/dev/hda2#/dev/mapper/root#' /boot/grub/menu.lst

Now, recreate the initrd image by issuing

 update-initramfs -k all -u

We are now ready to shutdown and to boot from a LiveCD in order to make a backup, create an encrypted partition and copy back the root filesystem contents on an already encrypted partition. I leave the reader at the exercise of choosing available backup options. A simple cp -ax /mnt/root/* /mnt/backup command will be enough to backup, though.

Once the backup is ready, erase the data on the partition by issuing

shred -n1 /dev/hda2

and then create the encrypted partition with

cryptsetup luksFormat /dev/hda2
cryptsetup luksOpen /dev/hda2 root

After the encrypted device is set up and open, create a filesystem, mount it and copy the backup of the root partition to the encrypted device.

mkfs.ext3 /dev/mapper/root
mount /dev/mapper/root /mnt/root
cp -ax /mnt/backup/* /mnt/root

You are now ready to boot into the encrypted root partition.

Once the root encryption works, addding swap encryption is a piece of cake. Just add it to crypttab and modify the fstab accordingly:

echo "swap /dev/hda3 /dev/random swap" >>/etc/crypttab
sed -i 's#/dev/hda3#/dev/mapper/swap#' /etc/fstab

Отсталая всё-таки страна Россия. Там всё ещё озабочены проблемами коррупции и взяточничества в то время, как весь цивилизованный мир уже *дцать лет использует создание бизнес-ниш из воздуха как основной приём для повышения благосостояния власть придержащих.

Давайте я расскажу про бельгийский опыт на примере titres-services. Очень простая модель. Кое-какие силы в бельгийских органах власти протолкнули проект по прикрытию чёрного рынка работ по уборке дома, глажке, покупке продуктов и создали вид лицензированной деятельности под названием titres-services, что можно перевести на русский скажем как "талоны на уборку".

Самый простой способ задавить конкурента -- бешено демпинговать, что государство и сделало, выделив полмиллиарда евро в 1-й год на финансирование отрасли. Была выбрана компания дле печати талонов (первый откат), которые продавались населению по 6,70 €. Население могло продолжать оплачивать домработниц по-чёрному, тратя в среднем 8 евро в час, либо по талонам, тратя 4,69 € (2,01 € возвращалось путём уменьшения налогов). Конторам, получившим лицензию на работу по талонам, за каждый талон государство выплачивало 21 € через компанию, занимающуюся приёмом талонов (второй откат). На следующий год сумма эта уменьшилась до 20 €, ещё через пару лет составила 18 €.

Поскольку деятельность лицензируемая, те, кто были в курсе происходящего и смогли быстро организовать бизнес в новой нише, сорвали бабки и заняли рынок. Со временем субсидии уменьшились, разгорелись скандалы, вскрывшие огромные прибыли контор, занимающихся titres-services, и ниша titres-services стал напоминать цивилизованную конкурентную среду. Вот только все места там оказались поделенными а баблó налогоплательщиков потраченным.

Наихудший менеджер — это тот, кто считает себя технарём, но уже им не является.

© я

Nowadays, conferences are being run using a century-old approach that puts a lot of trust into the reviewers and the program committee.

However, examples of successful social networks like Slashdot, Digg and Reddit show that it is possible to implement an system that trusts none but well enough to push up the most insightful texts.

The modification of the evaluation processes shall evolve over at least three stages.

First, an existing system shall introduce the ability to review the reviewers, that is, vote for the quality of reviews and thus -- for the quality of the work done by a particular reviewer. This will allow to rebuild trust in the reviewers in a transparent way.

Once the reviewers are less of a problem, the major attack should be done on the selection itself. The only reason that only a handful of submissions are published among the others is the limited amount of space in the printed journal. It is time to allow everyone to publish their papers on the conference website, ranked by the reviews, so that the selection is gradual, instead of binary. Until paper publications naturally die out, a cutoff ratio or number can be kept.

The last and the most difficult stage is to abandon the reviews by dedicated reviewers all together and move onto the review by peers where everyone who publishes can review peers in the same conferences openly. A fair share of meta-reviewing is expected for this system to keep up against abuse.

We will thus be able to come to a system that combines the advantages of the selection that provide traditional conferences with the openness of arXiv.

Here is a fictitious story of a business client that orders software for a mobile phone to an embedded developer.

Take such a trivial feature of a mobile phone as a the possibility to store last calls. What do you know about it besides that it allows to view last incoming and outgoing calls? This is the level of knowledge that a typical client has and he will express it as a requirement the same way:

— I want that my mobile phone software to store last incoming and outgoing calls.

The developer has two choices: either assault the client with question based on unconfirmed assumptions or tacitly do exactly what was asked. He writes code that keeps two lists ordered by the call time, one list for incoming calls, another one — for outgoing calls.

Soon after, the client finds out that a competing company uses a different design and demands the software to display:

• all calls together with their destination (incoming or outgoing)
• missed calls
• received calls
• outgoing calls
• rejected calls

Unfortunately, the previous code has already been written and is linked tightly to the UI code and to the rest of the mobile phone's OS.

So, instead of scapping the previous design and starting from scratch, the developer is now bound to implement new data structures that consists of one new list that combines incoming and outgoing calls in the right order to satisfy the first additional requirement, and three more lists for each of the 2nd, 3rd and 5th additional requirements.

This seems like nothing, but coupled to the synchronization code and error handling code, the result is likely to look cryptic for everyone, including its own developer.

If the requirements were completely thought of from the start or if there was an opportunity to rewrite the code, the developer would have probably chosen one list with 5 attributes, avoiding synchronization code and cutting the error handling code half.

Я — авторитарный демократ. Верю в здоровую конкуренцию автократий за человеческий капитал.

А вот так слэшдот решил поощрять пользователей с высокой кармой. Приятно, что во времена повальной монетизации не все контент-провайдеры видят в пользователе одну лишь дойную корову.

Splix driver

I tried first using the Splix printer driver as it looked a bit more clean than the foo2qpdl recommended by the Open Printing Database.

The printer requires the libjbig library that is not available on Debian due to unclear licensing. However, Markus Kuhn distributes the jbig-kit package that can be compiled easily. The only strange annoyance being that its makefile has no install target, so I just copied the library and its header files to /usr/lib and /usr/include. After that, Splix compiled flawlessly and afer running make install, and restarting cups, the printer was available for configuration in the cups web interface

Samsung unified driver

The printer has a USB interface for scanning on a USB key, but I decided to install the Samsung unified driver, anyway. It is now intelligent enough to suggest adding existing users to the lp groups and after that, xsane is able to scan under non-root users.

The official printer driver does not print well (see image on the right), all text appears bold and blurred, but I use the Splix driver am very satisfied with the results.

In light of the recent accusation of Richard Biefnot (PS), echevin of Housing and Urbanism in Mons, I was trying to figure out what kinds of images he actually possessed and on the basis of what laws he is being prosecuted.

Seems like this simple question is being deliberately obscured by media.

That is, there shall be a difference between possession of e.g. Hentai and of videos of children making sex because the whole point of prosecuting the buyers is to keep the children out of the danger of being abused by reducing the demand. Obviously, no child has been abused in the production of Hentai, or other purely fictional artwork, so this argument does not apply for Hentai.

Unfortunately, it is very hard to find the relevant legislation in order to check whether this distinction is maintained in the legislation, but I would not be surprised if it is not.

Update: Thanks to a fellow lawyer friend, I got a pointer to the relevant legislation, and, I as expected, there is no such distinction, indeed:

Code penal Chapitre VII. Des outrages publics aux bonnes mœurs

Art. 383bis

§ 1er.

[Sans préjudice de l'application des articles 379 et 380, quiconque aura exposé, vendu, loué, distribué, diffusé ou remis des emblèmes, objets, films, photos, diapositives ou autres supports visuels qui représentent des positions ou des actes sexuels à caractère pornographique, impliquant ou présentant des mineurs ou les aura, en vue du commerce ou de la distribution, fabriqués ou détenus, importés ou fait importer, remis à un agent de transport ou de distribution, sera puni de la réclusion de cinq ans à dix ans et d'une amende de cinq cents [euros] à dix mille [euros].]

§ 2.
Quiconque aura sciemment possédé les emblèmes, objets, films, photos, diapositives ou autres supports visuels visés sous le § 1er, sera puni d'un emprisonnement d'un mois à un an et d'une amende de cent [euros] à mille [euros].

After struggling for a few minutes with the audible.com website to download a free audio book, I resorted to Demonoid.com.

How can these guys compete with the amateurs if they can not even ofer a quality service, let alone the better price.

Сегодня на Слэшдоте написали, что в Штатах больше не осталось никого, кто мог бы сделать боеголовку к ракете Трайдент.

И сегодня же я прочитал, что европейские космонавты и астронавты чехвостят проект ATV, потому что его стыковка и тем более расстыковка — сложнейший процесс, требующий чёткой и и слаженной работы двух человек экипажа на протяжении нескольких часов. Почему чехвостят? Да потому, что предыдущий грузовой корабль Прогресс хотя и не имел в названии слова автоматический, тем не менее отстыковывался сам по команде с Земли, причём обычно это происходило в то время, когда космонавты спали.

Как всегда, самое полезное — маленьким шрифтом в сносках ;-)

В последнее время все только и говорят об флуктуациях биржевых котировок, спаде ВВП, кризисе, банках. Мало кто представляет, о чём говорит. Не пора ли обратиться к истокам?

A few days ago, I lived through a DDOS attack at one of the sites I run. It started with the general unavialability of Apache, although the system was idle and the ssh access functioned perfectly. As I already had some experience with DDOS attacks, I immediately looked at the network connections using netstat and saw over 300 IPs sending SYN_REC packets in mass. The attack was much more powerful than I ever experienced.

~# netstat -n -p | grep SYN_REC | awk '{print $5}' | awk -F: '{print $1}'| sort |uniq |wc -l
310

I immediately started the APF firewall with RAB enabled and a script to block the offending IPs in iptables, as I had these at hand from the previous DDOS attack:

BEGIN {
 pipe = "netstat -n|gawk '{print $5}'|gawk 'BEGIN{FS=\":\"}{print $1}'|sort|uniq -c |sort -n"
 while (( pipe| getline) > 0 )  {
   if ($1 > 29 && $2 != "") {
     command="/sbin/iptables -I INPUT -s " $2 " -j DROP"
     date="date"
     command | getline result
     date | getline dateresult
     print dateresult " - command: " command ", result: " result >>"/var/log/firewall.log"
     }
   }
   close(pipe)
}

After a few hours it became clear that the IPs are rotating too often and the size of the botnet is well over 10.000, so I was left with a choice of either dying under DDOS or dying due to the performance hit of the large pool of IP addresses in iptables. The SYN_REC part was being filtered easily by syncookies, APF activated them on launch. The real problem was the HTTP flood.

I found out about ipset quite soon, but could not use it because my hosting plan did not allow me to recompile the kernel to enable ipset support. Fortunately, 50% of my traffic is very limited geographically, so I enabled the Apache geoip module to filter all but one country's IPs. After that, I just had to whitelist the main search engines

               # google
               allow from 66.249.64.0/19
               allow from 72.14.192.0/18
               allow from 74.125.0.0/16
               # Rambler
               allow from 81.19.64.0/19
               # Yandex
               allow from 213.180.192.0/19
               allow from 87.250.224.0/19
               allow from 77.88.0.0/18
               Deny from 81.82.151.173

and to blacklist the botnet members originating from that country. This way, I could survive the DDOS with some Apache tweaking that consisted in allowing more Apache instances live shorter periods of time in order to handle bots efficiently and decline to serve them while allowing legitimate users to connect. Here's how my Apache config looked like:

ServerLimit 1024
Timeout 5
MaxKeepAliveRequests 0
KeepAliveTimeout 15
StartServers         512
MaxClients           1024

I survived this way for 36 hours until I joined an experimental project of some good guys doing DDOS mitigation professionnally, but this is another story.

P.S. The attack peaked at 4Mbps of incoming traffic with a steady 1Mbps for 5 days. Some would probably classify this attack as light, but my overloaded server and myself had great pains in dealing with it.

Anyone working at least part-time as an employee in Belgium can opt for his own part-time business. This is even mandatory if you have a constant revenue stream coming from the side projects.

At first sight, this option looks very competitive. You pay lower social charges and retain all the benefits of the employee position while being able to exercise the secondary activity in your spare time.

On the taxation side, things look much dimmer. Let's assume that you are a full-time employee in IT and want to do some consulting on the side. You probably have a rather high salary, that attains already, although barely, the highest 53.50% tax level. This is realistic for many IT professionals.

You do your first project and charge your client 1000 €, including VAT. How much will you have left after the taxes?

Well, that's easy. You pay subsequently 21% of VAT, 22% in social charges, and then 53.50% of the income tax, which amounts to

1000*0.79*0.78*0.4650=286.53 €

286.53 € out of that nifty pay-check of 1000 € that you just thought will go into your pocket.

You were expecting to get more, and you start to look for ways to avoid taxation. Fortunately, this is possible by going to the natural economy instead of the monetary one. That is, you try to increase your expenses and reduce the monetary profits.

You worked on that project at home and burned electricity, so you deduce the electricity charges. You used your personal computer, and you amortize its usage. You called the client over phone so the phone bill shall be added to the expenses. You ate while working, so here we join the restaurant bill. The incentive to go to the smallest detail in inflating the expenses is proportional to the tax burden, and the current legislation encourages this behaviour.

I am probably the last webmaster in the world to ban Yahoo! Slurp from indexing my sites. Now, I am resolved. Bye-bye, Yahoo! You were just behaving too badly.

iptables -A INPUT -s 66.196.64.0/18 -j DROP
iptables -A INPUT -s 68.142.192.0/18 -j DROP
iptables -A INPUT -s 72.30.0.0/16 -j DROP
iptables -A INPUT -s 74.6.0.0/16 -j DROP

A new parameter has been added to the vmstat and sar utilities a couple of years ago, the CPU steal time. As explained by Rik van Riel, it is

1. the time that (1) the CPU had something runnable, but
2. the hypervisor chose to run something else instead.

Les tirages des quotidiens francophones en Belgique ont diminué de 19% sur la période de dix ans, de 1997 à 2007. C'est la conclusion que je tire des statistiques du CIM, publiée sur leur site et complétés par les chiffres de 1997 venant d'un dossier thématique de la Revue Nouvelle. Malheureusement, je n'ai pas sû trouver les chiffres des tirages des quotidiens flamands en 1997. D'après les statistiques des années 2003-2007 disponibles sur le site de CIM, les quotidiens flamands doivent se porter mieux que les francophones.

Traditionellement, j'inclus ci-dessous les chiffres crus, ainsi que le script gnuplot

données:

"Journal" 1997 2007
"L'Echo" 27449 24696
"Vers l'avenir" 131155 110559
"La Derniere Heure" 101327 110124
"La Libre Belgique" 73103 56808
"Le Soir" 178569 112265

script:

set terminal png enhanced
set output "evaluation.png"
set boxwidth 1 absolute
set style fill  solid 1.00 border -1
set style histogram clustered gap 2 title

set style data histograms
set xtics rotate
set yrange [ 0 : 200000]

plot 'graph.dat' u 2:xtic(1) ti col, '' u 3 ti col

Сегодня я зашёл в блог известного в узких кругах автора Struts Framework и Java Server Faces Крэйга Мак-Кланагана.

Своим некачественным кодом этот человек портил жизнь сотням тысячам программистов, а если учесть, что он ещё и автор Catalina, то миллионам.

Недавно он заинтересовался Ruby on Rails. Берегитесь, рубероиды!

I did this a few times in my life, and every time it was painful to reconstruct the necessary toolset and configuration options. So, here it goes. First, enable the proxy support.

~# a2enmod proxy # utility functions
~# a2enmod proxy_http # http forwarding
~# a2enmod proxy_html # html rewriting
~# a2enmod headers # http headers rewriting

Then, assuming that your web application runs on port 3031 on the same host as Apache, and you want to make it available at the /demo url in Apache, write the following in the Apache config:

<IfModule mod_proxy.c>
  <IfModule mod_proxy_http.c>
    <IfModule mod_proxy_html.c>
      <IfModule mod_headers.c>
        ProxyRequests Off
        <Proxy *>
                Order deny,allow
                Allow from all
        </Proxy>

        ProxyPass  /demo http://localhost:3301
        ProxyPassReverse /demo http://localhost:3301
        <Location "/demo">
            # ask the localhost to return the uncompressed HTML
            RequestHeader   unset   Accept-Encoding
            # Filter Responses through mod_proxy_html
            SetOutputFilter proxy-html
            # convert URLs in CSS and JavaScript as well
            ProxyHTMLExtended On
            # convert URLs in a.hrefs
            ProxyHTMLURLMap ^/ /demo/ R 
            # convert URLs in CSS and JS
            ProxyHTMLURLMap "'/" "'/demo/" 
            # convert URLs in CSS and JS
            ProxyHTMLURLMap "\"/" "\"/demo/" 
        </Location>
      </IfModule>
    </IfModule>
  </IfModule>
</IfModule>

• Vérifier si le dossier a été reçu.
• Obtenir des informations sur le dossier déjà introduit.
  • introduire le # du dossier
• Obtenir un rendez-vous.
  • Aucune réponse pendant une demi-heure d'attente
• Obtenir les informations générales.
  
  • Un message invitant à visiter le site web du Service.

Вчера зааплоадил окончательнию версию статьи на конференцию. Отправился домой спать, ночью как раз дедлайн для подачи статей закончился. С утра получаю получаю паническое мыло от организаторов -- мол, так и так, срочно пришлите сорцы для статьи. Ну, я посылаю сорцы, потом думаю — в чём дело? В веб-интерфейсе можно аплоадить всего 2 типа документов: Doc и PDF. Я всё сделал по инструкции. Потом понял: все остальные авторы зааплоадили Doc, вот вам и сорцы готовые. Один я послал PDF.

Кстати, на сайте конференции говорится, что стили для статей нужно брать на сайте LNCS, а там доступны только стили для LaTeX. Как другие авторы умудрились написать в Ворде — не понимаю.

Looking back to my last review of different tools used in project management, I figured out that this review is a a recipe for yet another ideal project management tool.

Such a tool should be useable throughout the whole project lifecycle by providing a common interface for editing mind maps, Gantt charts and bug reports. It shall also be possible to link each of the three types of documents to the technical and business documentation contained in the project wiki. Such a wiki, to be really usable, should allow to export an arbitrary collection of pages into one single Word, RTF or ODF document, while keeping the hierarchical structure of the above mentioned collection.

Easy? Yep. Has anybody done this already? Nope.

Продолжаем соревнование с фотосайтом по разработке программы для установки в Gnome фото дня с фотосайта в качестве обоев рабочего стола.

#!/bin/bash
cd /var/photosight && \
FN=`wget -q http://www.photosight.ru/applications/photo1.js -O - \
  | iconv -f cp1251 -t utf-8 \
  | sed 's/.*\(http.*jpeg\).*/\1/' \
  | sed 's/top_of_day/large/'  \
  |xargs echo`
ID=`echo $FN |sed 's/.*\/\([0-9]\+\)_large.jpeg/\1/'`
wget -q -N  $FN -O $ID.jpg && \
gconftool-2 -t str --set /desktop/gnome/background/picture_filename /var/photosight/$ID.jpg && \
gconftool-2 -t str --set /desktop/gnome/background/picture_options "centered"
cd ~-

As a continuation of this topic, here is an idea for cinematographic evening in Brussels:

Watch Arsenic and Old Lace (1944), a beautiful dark comedy with Garry Grant and then visit the Arsenic et Vieilles Dentelles, styled to match the film.

After a few months of using the HP 6910p notebook, I am ready to share my thoughts on it.

This is the first new notebook I bought for myself. For many years, I favoured custom-built desktop PCs and bought only a few second-hand notebooks for family members. One reason of my despise for new notebooks was the inevitable Microsoft tax. This time, I went against my own principles, because this Vista-equipped notebook was selling for half of its market price. So, I am now an owner of an unused Windows license, and you bet I am not proud of it.

Back to the notebook, this is a 14.1" wide-screen machine, which I believe to be the ideal notebook size. The width is just enough to fit a full-sized keyboard, but it is still quite portable and weights just 2 kg.

The case is well-build and feels very solid, although it occasionnally cracks under the right hand while typing. The notebook has four big rubber legs under the case that are supposed to stabilize it, but they elevate the case over the table so much that it resonates with each keystroke when sitting on a wooden table, so I always put a mousepad or a thin magazine under it.

I have a matte 1280x800 screen, it is ok for programming but the brightness and colours are much worse than those of a 14.1" Dell Vostro 1400 which costs one third of the price of an HP 6910p.

The maximum battery life I could get is 3 hours, which is really a shame for a traveler's notebook. Moreover, HP provides only one battery type for this notebook, so there is no way to improve the battery life by buying a bigger battery.

HP recently introduced the so-called DuraKeys technology, which is essentially a rubberised coating on the keys. It is supposed to protect the keys from wearing off. That is, you are guaranteed that the keys will not look "shiny" and inscriptions will not wear off after a year of intensive use. Unfortunately, the same DuraKeys coating makes for the worst ever tactile impressions I had while using a notebook. The keys are wacky and feel like rubber balls rather than little stones under your hand. Fortunately, there is little flex, and overall, the keyboard would be as good as on ThinkPads, if they just could get rid of this DuraKeys coating.

In a paper entitled "Classes vs. Prototypes: Some Philosophical and Historical Observations" and published in 1996, Antero Taivalsaari draws parallels between the evolution of the philisophy and of the Object-Oriented paradigm in programming.

Indeed, the classification of the world was in the center of interests of philosophers since Plato and Aristote. Taivalsaari argues that the traditional class-based OOP builds upon the principles that have first been described by Plato, while there are more sophisticated approaches to categorization, e.g. the so-called prototype theory, started by Wittgenstein, that lays in the foundations of the prototype-based OOP, like what we find the the modern implementations of the JavaScript language.

I just received a mail from a low-tech customer with an attachment in the ODF format.

As of 1 January 2008, the Belgian government introduced a tax deduction of 80 % with unlimited carry forward under the corporate income tax for income derived from patents licensed by a company based in Belgium.

Now, who said patents are bad? They make you save 80% on taxes. How on earth can it be bad?

The idea is simple. First, watch a quality movie about a place and the next day, go there to see it with your own eyes. The point is to find quality movies that get to the feelings and pass the atmosphere of the place.

Here are a few suggestions:

Start by watching In Bruges. It is a dark comedy telling the story of two Irish hitmen enjoying the beauties of Bruges. Upon arriving in town, walk over the Grote Markt and climb The Belfry. I may assure you that it will feel very different after watching the film.

Watch the story on the birth of the so-called "social catolicism" in an industrial city of Aalst at the turn of XIX in Daens.

Finish by the Girl with a Pearl Earring which depicts the life in a medieval dutch town through the imaginary story of one of the best known painting of Johannes Vermeer. Delft has kept its medieval centre largely intact, and you can still discover beautiful landscapes from the film in Delft's surroundings.

For completeness

Antwerp

Any way the wind blows.

Namur

A camera is following-up a killer as he moves around Wallonia to get his job done in Man bites dog.

Leuven

College freshmen drama Ad Fundum happens in the setting of the medieval city of Leuven.

Belgian coast

The sexual life of Belgians shown in Camping Cosmos and filmed in a camping on the belgian beach.

Brussels

Manneken Pis. A young man having lost his family as a boy in an accident comes to Brussels. There he falls in love with a girl who drives trams.

Liège

La Promesse. The story take place in the quite ugly "all grey" suburbs of a belgian city and is about illegal emigrant workers.

I have been using Ruby for a few months now, doing development of small projects of up to 1000 lines. But I still bite into the naming clashes with ActiveRecord regularily. They appear at random places and it takes a lot of experience to figure out what is happening. Here's an example with the type attribute clash. Of the two code snippets below, the first one does not work (thing.type equals nil, after execution), and the second one works.

thing = Thing.new(:type=> Type.new)

thing = Thing.new
thing.type = Type.new

Another example is having an attribute named transaction.

thing.transaction

Calling .save on a model with such an attribute will produce no output in the logs and leaves the developer in frustration about what happens.

Попалась в руки мне недавно прикольная книжка, ATV RVD for Dummies. Учебник по стыковке космического корабля ATV к МКС, оформленный в жёлто-чёрном стиле книжек For dummies. Так вот, там между прочим говорится, что у космонавтов есть такой инструмент - прозрачная линейка. Они прикладывают её на экран монитора, вдоль диаметра ATV, и получают дистанцию до ATV в метрах.

Mind maps

Mind maps are unstructured, so if your project is unstructured, use it. It is a safe bet to acknowledge the lack of structure altogether than to invent funny names like Inception, Elaboration, Construction to the project stages that do not exist.

The lack of structure brings in a subtle problem. Someone else looking at your mind map will have a hard time reading it. First, because of the lack of the predetermined structure does not allow to grasp the content through the common knowledge of that structure. Second, because mind maps are only half-language, inadvertently using the noun phrases and dropping the predicates and prepositions, together with the grammatical relationships. You may know that the line between "flies" and "arrow" mean "time", but not necessarily your reader.

So, use Mind Maps to acquire new knowledge, but do not pass them onto others.

See Free Mind.

Gantt charts

Gantt charts are only practical to track the deadlines and to keep various participants accountable in case of a high parallelization of work. It may look to the newbie that the length of the bars in those charts represents the actual amount of effort, but this is largely false, in reality.

Remember that: Gantt charts are the tool of choice to organize the work of multiple parties at the beginning of a project.

See Projity.

Issue tracking

Once the project is mature enough to start getting input, be it a series of emails or excel files, it gets organized in some sort of issue tracking system.

See Issue tracking

Conclusion

Everything above looks obvious. What is not obvious though is the understanding that each period in a project has its own best tool. I have seen endless projects run from the beginning to end with Gantt charts or even mind maps. Very few project managers considered switching tools during the project lifetime, even fewer anticipated the switch. Many kept on with their first choice until they felt excluded from the project operations, after which they silently abided to the decisions imposed by the software developers working under them.

Интели не гангстеры, это отчаявшиеся люди, патриоты... У них одна задача - расшевелить это болото. Любыми средствами. Дать этому городу хоть какую-нибудь цель, заставить его оторваться от корыта... Они жертвуют собой, понимаете? Они вызывают огонь на себя, пытаются возбудить в городе хоть одну общую для всех эмоцию, пусть хотя бы ненависть...

There are only three films that impacted my life to the point that they are day and night living around me in speaking and dressing habits, posters, wallpapers, ring tones, logins and passwords, class names and variables. One Russian, one French and one English. One per culture I learned.

• Kin-dza-dza
• Cyrano de Bergerac
• Brazil

Маршрут Ивянец - Валожын - Доды - Іўе - Навагрудак - Мір

Фота тут

mkdir ~/fusesmb
fusesmb ~/fusesmb
sleep 3600 # wait until fusesmb caches the network shares
ls -1R ~/fusesmb > shared-files.lst # -1 is "minus one", not "minus l"

Create a 10G disk image:

qemu-img create -f qcow2 netbsd-4.0-i386.qcow2 10G

Avoid hangup on boot with --no-acpi and the default network card timeout by trying out a different card, e.g. -net nic,model=ne2k_pci:

kvm -hda netbsd-4.0-i386.qcow2 -cdrom i386cd-4.0.iso --no-acpi -net user -net nic,model=ne2k_pci

Walk through the installer.

Install additional packages with pkg_add:

export PKG_PATH=ftp://ftp.netbsd.org/pub/NetBSD/packages/4.0/i386
pkg_add vim ctwm firefox wget

Include them in path:

echo "PATH=$PATH:/usr/pkg/bin" >>/etc/profile
. /etc/profile

Install the latest stable pkgsrc:

wget ftp://ftp.netbsd.org/pub/pkgsrc/pkgsrc-2008Q1/pkgsrc-2008Q1.tar.gz
tar xzf pkgsrc-2008Q1.tar.gz -C /usr

Make sure that pkgsrc fetches binary packages for dependencies, when possible:

echo ".ifdef BSD_PKG_MK
BINPKG_SITES=ftp://ftp.NetBSD.org/pub/NetBSD/packages/4.0/i386
BINPKG_SITES+=/usr/pkgsrc/packages/All
.endif" > /etc/mk.conf

Configure pkg_online to be able to search for packages

cd /usr/pkgsrc
cvs -d:pserver:anonymous@pkgsrc-wip.cvs.sourceforge.net:/cvsroot/pkgsrc-wip login
cvs -z3 -d:pserver:anonymous@pkgsrc-wip.cvs.sourceforge.net:/cvsroot/pkgsrc-wip checkout -P wip
cd /usr/pkgsrc/wip/pkg_online
unset PKG_PATH
make package DEPENDS_TARGET=bin-install

Search for additonal packages

pkg_online_find :s:pptp

P.S. Thanks to Aleksey Cheusov <vle@gmx.net> for implementing and making available pkg_online.

I must admit that I was wrong in my previous stance over the tax calculation issue. Apparently, The Ministry of Finance has nothing to do with such a strange calculation process. It is prescribed by the law.

Article 134 CIR 92

§ 2. La quotité du revenu exemptée d'impôt est imputée par contribuable 
sur les tranches successives du revenu, en commençant par la première.

What I took for ingenuity was plain stupidity.

I am probably missing some background knowledge, but the salary calculation process in Belgium looks like it has been subverted by Ministry of Finance officials.

This is better seen by example

The so-called key formula for the tax prepayment calculation (précompte professionnel) for the year 2008 (income year 2007) states that the first 5220 EUR are exempt from taxes.

Now, let us work by example. We will do the calculation for someone called Jacques who earned 10000 EUR in 2007. We proceed by subtracting 5220 EUR from his earning and we pay taxes on the rest, that is, the 4780 EUR.

This amount falls entirely within the lowest tax range, that has the tax rate of 26,75 %.

4780*0.2675 = 1278.65

So Jacques supposedly has to pay 1278.65 in taxes. Right? Wrong!

The calculation procedure is defined by the Ministry of Finance as follows

First, Jacques calculates his taxes on the total of his earnings. 10000 EUR are split in two ranges. The first 7550 EUR is taxed at the rate of 26,75%. Everything over 7550 EUR up to 10250 EUR of earnings is taxed at the rate of 32,1%.

7550*0.2675 + 2450*0.3210 = 2806.08

Second, Jacques subtracts from the result the amount that he would have paid if the first 5220 EUR were taxable at the lowest tax rate, that is

2806.08 - (5220*0.2675) = 1409.73

The difference between both calculations is

1409.73 - 1278.65 = 131.08

That is, 131.08 EUR earned by Jacques have fallen in the deep pockets of the state solely because of a particular interpretation of the law that the Ministry of Finance has made. I have no other explanation for this phenomenon.

Кровавая история на тему от тюрьмы и от сумы не зарекайся.

$ find ~ -type f -print0 | xargs -0 file -i -b | sort |uniq -c |sort -nr| head
  41880 text/plain; charset=us-ascii
  23507 text/xml
  12471 image/png
   8990 text/x-c++; charset=us-ascii
   8576 text/x-c; charset=us-ascii
   3743 text/html
   3064 image/gif
   2025 application/octet-stream
   1975 application/x-zip
   1965 application/java

~$  history | awk '{print $2}' | sort | uniq -c | sort -rn | head
    356 cd
    309 vim
    217 mutt
    131 svn
    107 ls
     99 gem
     63 cat
     48 screen
     45 mysql
     39 ssh

An old software project management axiom, otherwise known as Conway's law stated that any piece of software reflects the organizational structure that produced it. Forty years after Melvin Conway formulated it, it has been empirically validated by a team of Harward Business School researchers.

They compared several software products, including open-sourced and closed-sourced ones, and concluded that distributed teams tend to develop more modular products.

Выдали мне не так давно на работе компьютер dualboot: Windows XP и Ubuntu.

И действительно, оказалось полезно, из Ubuntu я пару раз запускал Windows XP через kvm. В первый раз она просила её активировать. Ну дай думаю активирую -- я ведь раньше этого не делал, может положено так. Через несколько месяцев вдруг понадобилось в Windows XP опять зайти. Сделал ребут, запускаю виндовс -- а она говорит, что надо опять активироваться. Ну ладно думаю. Давай. И тут она отвечает, что количество активаций истекло и через 3 дня она типа самоуничтожится.

Так и остался я у разбитого корыта с одним Ubuntu на машине. Windows теперь запускать страшно, вдруг она не дай бог на меня настучит в местный офис Microsoft.

According to ONEM, there's been 53 mln service vouchers sold in Belgium in 2007.

At the price of € 6.70, this makes for € 355.1 mln of expenses for belgian households.

For each service voucher, the state pays € 20 to the serviceing company, which amounts to € 704.9 mln in immediate losses for the state ((20-6.70)*53000000) . The hourly payrate at service vouchers companies is around € 9.50. Which leaves € 10.50 per cheque or € 556.5 mln in total for the serviceing company to cover the overhead of running the business and for profit margins.

Everyone and his friends are afraid of calling the langue and parole concepts of Saussure by their English names.

After giving in some thought and trying different translations in the discussions, I came out with language and discourse and the optimal translations. Feel free to criticize.