A blog about skating and cycling, or vice versa

The Good the Bad and the Ubuntu#

Mon, 18 Feb 2008 01:02:16 +0000

Nothing particularly insightful in this post.

I've had a weekend off. Well, a weekend off doing proper paid work, so I spent Satuday installing IMAP services for the LFNS and moving the marshals forum onto a new machine. And then today I decided would be a good time to install the external USB audio box I bought, er, slightly before Christmas.

Should anyone find this through google, it's a Toshiba 5.1 Audio & USB 2.0 LAN Hub and the chief weapon is CONFIG_USB_EHCI_TT_NEWSCHED in your kernel config, otherwise you get complaints that it can't allocate bandwidth. The two weapons are CONFIG_USB_EHCI_TT_NEWSCHED and a low-latency kernel, otherwise you get really evil distortion and dropouts. Eventually I installed Ubuntu Studio to see what that was like, and found that, really, it's just like Ubuntu ever is: looks very pretty and has completely utterly fucking useless error messages whenever anything is wrong. Since for legal reasons it doesn't support encrypted DVDs out of the box some of these "wrong" situations must be astonishingly common, too.

Look, error reporting is not rocket science. It doesn't matter if the error message is not going to be something that the end-user(sic) can understand, unless the error situation is such that the end-user can fix it without asking for help. But chances are they're screwed anyway and you need to write the error message with their local geek in mind. That means: what the app was actually doing, the full filename involved if there was file access being attempted, and the errno value if a system call was involved. The Ubuntu philosophy of putting up some dumb message along the lines of "could not access the resource" which doesn't even distinguish between "unix permissions on the cdrom device are wrong", "can't open your sound device", "you don't have libdvdcss" or "this disc is mounted and therefore busy, no, you can't play it" is - well, it's like the difference between a sick ten year old and a sick infant: one of them can tell you what's wrong, the other just carries on wailing and lets you run through the options.

Once I'd got it together again and then persuaded vlc to display on the area of the screen which equates to fullscreen on the TV set (laptop display is 1024x768, tv set is 800x600), I watched the Dr Who Christmas special that's been sitting on my disk since it was shown. Made me laugh, which is nice.

Another thing that made me laugh is this . If you can't spot what's so funny, the clue is that HTTP_X_FORWARDED_FOR (which they're using to authenticate the session id's not a stolen one) is taken from an HTTP request header - i.e. it's set by the client. And session ids appear in referrers often enough to make the actual stealing simple too.

In fairness I should point out that more recent versions of phpbb have removed this hole: the only occurence of HTTP_X_FORWARDED_FOR that grep can find in the most recent 2.x is in a comment 

// I'm removing HTTP_X_FORWARDED_FOR ... this may well cause other problems such
 as
// private range IP's appearing instead of the guilty routable IP, tough, don't
// even bother complaining ... go scream and shout at the idiots out there who f
eel
// "clever" is doing harm rather than good ... karma is a great thing ... :)
//

Which, er, I'd say "words fail me" except that it wouldn't be true. I can think of lots of words describing the attitude that must have led to this outburst, but all of them are rude and some of them you probably weren't expecting I knew.

In other news, I dismounted from my bike rather clumsily on Friday afternoon and stabbed my inner thigh with the saddle. Which is something of a step back - it hurts just like it ever used to, so I think that probably confirms the original cause of injury. Though, one assumes, I did it harder the first time.

⟪Jan 2008 Mar 2008⟫