My wife's company would like to transfer her to an office in their Swiss office in Lucerne / Luzern, but she's got baggage -- me.

So, they're willing to sponsor her, take care of her visa & other paperwork, help set her/us up with an apartment, and bring her over for a couple of year, while she learns how the European side of her company works and she gradually makes her way up the management ladder.

Meanwhile, I'll have to leave my job and basically start over; there's basically no chance that her company's Swiss office would have any IT work (it's all either in the US or outsourced to India). But that's alright, it's an opportunity strongly to be considered, right? But I haven't the slightest idea what the IT market is like in this little, seemingly rural part of the country, and there's so much that needs to be sorted out before going and once we get there.

• What skills are in demand in central Switzerland? How does one go about learning such things? Same as here, I guess -- find & browse job listing sites...
• Is there any IT work in a medium sized city, or is it better to commute to Zurich or Bern? How feasible is it to commute that far each day?
• How much of a liability is my weak grasp of the languages? I'm sure I can pick it up once I get there, but at this point my German and French are both very weak, and I only know as much Italian as I can puzzle out from the Latin I took waaaaay back in high school. I've heard it said that most IT work is done in English, but as a practical matter, don't you have to have a grasp on the dominant local language[s] as well?
• Is there any chance of finding full time, salaried employment, or will it all just be consulting gigs? I guess I don't care either way, but a nice predictable job sounds appealing right now...
• Is it better to be paid in Swiss Francs, Euros, or US Dollars? Or will that question even come up? If the dollar keeps plummeting, as it seems like it will, the Euro looks more appealing -- but then when the IRS comes knocking it could become painful, fast.
• What happens back home? We bought a car before this opportunity came up -- a Subaru Forester -- a nice, reasonable car for snows and mountains. Is it insanity to ship it over with us? Is it insanity to sell a three month old car with less than 4000 miles on it? And what happens with our mortgage back home -- does it make more sense to rent or sell?
• Will it make sense to talk to someone at a Swiss consulate before going, or getting in touch with some kind of relocation agency? I suppose it would make more sense than babbling about it on Slashdot, but oh well, the timing of this article caught me right as I was starting to consider all these questions...

Maybe it would be easier to just bus tables at a ski resort and take a few years off from IT...

I need to start working on my resume, or CV I guess. European CVs don't bear much resemblance to American resumes, do they? It seems like they're a lot chattier & biographical than the dry list of titles & skills & credentials that is expected over here. Just one more thing to do in the next handful of months....

So Google has finally offered a form of desktop search, but it only works on localhost. This seems reasonable for the average home user, but an obstacle to setting up something even cooler: a slick Google powered local LAN search engine. Think about it: even on a mostly Mac / Linux network, you can set up one Windows box that has Samba mounted your main network shares with the Google software, and through the magic of HTTP reverse proxying, your whole LAN can have a nice Google search interface into your local documentation.

So. The obvious thing to try then is to set up Apache (or Squid, or similar software) running as a reverse proxy on that machine.

The first thing I did when finding out about this tool was to install it on a spare Windows machine with a couple of Samba mounted network drives (I'm hoping that it will index the content of these drives, but I can't tell yet), then set up Apache as a reverse proxy to provide the indexed material as a URL that would be widely accessible on the local LAN.

So far I can't quite get it to work -- I can connect from another computer (a Mac running Safari), but first I get complaints about running the wrong browser, and then I get errors about invalid URLs that apparently aren't being passed through. Still though, it seems certain that this should be doable, and if it can be done, this would beat the living snot out of the current ht://Dig based search engine we're using.

Google is right to make this tool inaccessible from non-localhost access -- the average home user does not need to have the contents of their hard drive set up with an easy to browse, globally accessible search interface. And I can see where Google wouldn't want this to work on LANs either -- it would cut into their business of selling search appliances. But come on, this is right on the cusp of working as it is, and it's only in beta. If Google doesn't provide a way to turn on access for local (e.g. 192.168.x.x) addresses, I'm sure that Apache or something like it can be configured to do this.

I think I've found a bug. I'm not sure if it's an ARD bug, a Fink bug,
or something else, but I definitely triggered some unwanted results.

I used ARD2 to install Fink (the 0.6.2 installer package) on two remote
machines, neither of which had a currently logged in user.

When installing Fink locally, one of the last steps is to invoke a shell
script that sets up basic environment information for your account -- it
adds /sw/bin to your path, etc. If Terminal isn't already running, it
will launch for this. I'm not sure how or why Terminal gets launched
when it seems like it should just be able to run silently & detached,
but no matter; suffice to say that the Fink installer launches Terminal.

The installer was taking a very long time to finish, so I took a walk
around the office to see what was going on with these machines. Here,
roughly, is what I found:

        http://devers.homeip.net:8080/images/ard_bug.jpg (204kb)
        http://home.comcast.net/~teridon73/ard_bug.pdf (mirror of original, 1.2mb)

The screengrab above was a 1.2mb download from my poor little bandwidth starved computer at home, but then someone offered to mirror it -- thanks! -- and someone else pointed out that a JPEG would be much smaller. Which it is. So the bandwidth issue shouldn't be such a big deal now.

What we have here is a system displaying the normal login screen while
in the background a Terminal instance is running with the root user's
priviliges. Because running Terminal means having a normal menu, I can
also click on the menu items, launch things like Software Update and
System Preferences, and open up new Terminal windows -- with root access
no less -- from which I can run just about anything I please.

For laughs, I launched the Finder & Dock so that I would have something
resembling a normal login session, even though the login window was
still sitting there greedily hogging the middle of the screen.

For more laughs, I used the login window to log in as myself. This
seemed to work, kind of, in that now I had GUI programs running at the
same time, some with my access level (according to the "log out cdevers"
item in the Apple menu) and some with root access (according to the "log
out administrator" item).

If I hadn't manually walked by to see what was going on, I might have
ended up leaving these machines on with unattended root access
overnight. If these machines had been at a remote location, I wouldn't
have necessarily realized what was going on at all -- I didn't even know
it was possible for any user to launch GUI programs from the login
screen, so I'm not sure it would have occurred to me to control the
desktop and see what was going on.

As I say, there are several possible sources of this problem -- ARD,
Fink, something else -- and I'm not sure who to blame. I can't imagine
that this was the intended behavior though, was it ?

No one wants other people messing around with their computer when they're away from their desks, but what can you do? It's not practical to log out every time you want to go for a cup of coffee, so many people put a password lock on their screensaver instead.

This is much more convenient, but it has a serious Achilles' heel: if you are in an environment where many people have logins on your computer, such as an office with centralized login (NIS, ActiveDirectory/Kerberos, LDAP, OpenDirectory, NetInfo, etc) where everyone has an account on every computer, then anyone can use their own login to disable your locked session. The only record of this will be an entry in /var/log/secure.log, which is only useful after the fact -- provided that the person who logged in didn't know to cover their tracks.

For a lot of people, this probably defeats the purpose of locking the screen to begin with; until & unless Apple provides a way to change this behavior, it may be wise to avoid the screen saver lock and fully log out of the system whenever you will be away from your computer for a long time (lunch break, overnight, etc).

Addendum:

This may only work for Admin users, which would be a lot less serious than I was thinking at first. I need to test that...

It occurs to me that the recent Safari/Help security issue in OSX could be broader than is being generally portrayed so far.

Consider: the fundamental issue here is that an OSX web browser -- Safari in the original reports, but apparently also Mozilla etc -- is acting as a broker for any URI that the user may come across, delegating the request out to external handler programs. Whether those external programs handle their URIs safely may be an open question.

The problem isn't really that Safari or Help is broken, but that the interaction between them, arising from the URI handling mechanism on OSX, is leading to Unintended Consequences.

OSX can handle many different URI namespaces, some of which seem to be used nowhere other than OSX. I'm having a hard time finding an exhaustive list of the URI protocols that OSX supports, but a partial list includes, in no particular order:

http://
https://
ftp://
mailto://
ssh://
telnet://
aim://
afp://
nfs://
smb://
sherlock://
itms://
daap://
help://

So far, I can think of published vulnerabilities in the telnet:// and now help:// protocols, but is that the end of it, or is the whole framework vulnerable to these sorts of attacks?

I have a hunch that we're just seeing the thin edge of the wedge...

There may be nothing to this, but it seems interesting anyway. I recently bought a PowerMac G5, and when I registered it with Apple, I was offered a free subscription to MacWorld. When signing up for the subscription, one of the questions you're asked is which Apple product you purchased most recently -- and one of the items on the list was "iMac G5". Does the MacWorld marketing department know something that the rest of us don't, yet? Very interesting...

Addendum:
A version of this story was picked up on Slashdot's home page.

GarageBand looks okay and all, but they totally dropped the ball on the name. For one thing, they broke then "clever" iName scheme that the rest of the iLife suite uses. For another thing, they missed a chance to get an oblique 80s punk rock reference, which clearly all software should aim for. How could they have fixed this?

iRock

Or if they wanted to go for that trendy leetspeek "we meant to mis-spell that, thankyouverymuch", they could have used...

iRockz

Is it too late to go put new label stickers on the packaging, and to change out the strings in the software? I hope it's not too late...

Joe - Wow, Pretty good Jim Morrison impersonation there.
Rod - Yeah, I hope those guys have a good sense of humor and don't take us to court.
Joe - Uh, what's the court?
Rod - Never mind that,
Joe - Oh, you mean like the People's Court?
Rod - Well, that's another story; the important thing here is you gotta ask me how I'm gonna get down to the shore.
Joe - Uh, how you gonna get down to the shore?
Rod - Funny you should ask, I've got a car now.
Joe - Oh wow, how'd you get a car?
Rod - Oh my parents drove it up here from the Bahamas.
Joe - You're kidding!
Rod - I must be, the Bahamas are islands, okay, the important thing now, is that you ask me what kind of car I have.
Joe - Uh, what kinda car do ya' got?
Rod - I've got a BITCHIN CAMARO!

++++

Yes, this is a repost, but dammit I think it's funny... :-)

Ooh, good line, must share:

"It's not the voting that's democracy, it's the counting."
--Tom Stoppard

Not that it's cool to whine about moderation, but what exactly was wrong with these two comments?

Someone was complaining in the Boston's Big Dig Finally Open thread about the lack of pedestrian access to the new Zakim Bridge, and seeing as I was lucky enough to have a chance to ask the project's chief engineer that exact question, I thought I might share what I learned. And yet an explanation as given to me straight from the horse's mouth, as it were, is "overrated", while someone complaining that the reason sounds like "bullshit" is left as is.

Moderate however you want, but I'm not a troll, and when I can't be funny, I do try to be constructive in the threads I participate in. This isn't the first time this has happened in the past month or two though -- maybe someone just doesn't like me or something. Oh well...

Seen on the Slashdot footer right now:

Live Free or Live in Massachusettes.

Do I take it that the joke here is that the charming libertarian wackos from New Hampshire are too dumb to spell the name of their next door neighbor? :-)

Dear Aunty Slashdot,

Like many people, my wife and I have digital cameras that can record short mpeg video files in addition to traditional jpeg stills. Like any still camera, taking photos with the camera held vertically is a perfectly conventional thing to do, if the subject matter being photographed would be better framed that way. Caught up in the moment though, we've also got some video files that were shot this way, and fixing these is proving to be much harder to correct. Does anyone know of a good, relatively painless way to rotate video files so that they're right side up? As video-capable digital cameras become more common, this is a feature that I'd assume an increasing number of people will want.

I'd prefer some kind of freeware approach to this, but so far haven't found anything that seems like it will help. It seems like ImageMagick might be the most promising tool, if I can get the mpeg2vidcodec_v12 plugin working on my Mac (lots of make test errors so far...), but even then will it be as simple as a convert -rotate 90 > video.mov ? So far, I can't even get to that point with the IM toolkit. CinePaint (nee FilmGimp) didn't seem to want to open *.MOV files to begin with, which confused me as I thought that was the whole point of CinePaint. I've also looked into mjpegtools, mpgtx, VirtualDub and TMPGenc, but none of them seems able to do rotate the contents of video files. I was able to open a sideways video file as a series of hundreds of separate still images in Adobe ImageReady, but even with that program's automation tools (and my admittedly shaky grasp of how to use them), rotating them all & stitching it back into one file seems like it'll be annoying. I've also tried Apple's iMovie, but it seems to be geared towards stitching together a collection of video clips rather than manipulating the contents of any given clip in any significant way. I don't have any other commercial software available, and am not that interested in shelling out possibly hundreds for the kind of "pro" software that might work but would be overkill for my usual needs.

As an added bonus, it would be nice to be able to convert individual frames to JPEGs for making thumbnails, or ranges of frames into low-resolution GIF/MNG animations. I have a hunch that the ability to do that may fall out of any solution to the bigger problem, so I'm putting off worrying about this for now, but would like to be able to do it eventually.

Does anyone know of a good way to rotate video files? I realize that the proportions of the converted file will be "wrong", but I don't care -- they're low resolution files meant only for viewing on my computer or maybe a web page, and if I ever want to put the files on a television screen then I can just put up with the vertical letterboxing. So far, the only approach that seems to have any traction at all is to find a way to treat the file as individual frames, rotate one by one, then stitch it back together -- but that seems annoying, particularly if the file also has an audio component that has to be kept track of. Still, for lack of tools to do it any other way, that's the best approach I've been able to come up with. Can anyone suggest something better?

Dear aunty Slashdot,

Does anyone here understand how Mozilla / Firebird's current security module system works? In particular, does anyone know what's up with the "software security device"?

My fiancee's computer -- a WinXP laptop with no user account passwords (it's just two of us using it, and we trust each other) -- keeps throwing these annoying dialog windows demanding that you "Please enter the master password for the Software Security Device." whenever you take Firebird to a web page with a username & password.

The catch though is that no password I can think of as a likely candidate works. A bit of Googling points to a couple of semi-promising solutions, and while all the ones I've found so far talk about Linux, the general description of the issue seems to be spot on. The workaround -- enter the Linux login account -- doesn't seem to apply here: there is no Windows system login for this account, and leaving the password field blank doesn't work either.

Following on from the Mandrake advice, I tried opening up Firebird's dialog window for the security device settings (go to Tools -> Options, then Advanced -> Certificates -> Manage Security Devices [there's a disclaimer that this is subject to move around in future releases]). This brings up a cryptic dialog window with the "Device Manager" (yay! trusted computing IN OUR TIME), with a hierarchy of cryptically labelled "Security Modules and Devices" on the left (e.g. NSS Internal PKCS #11 Module -> Software Security Device), some cryptic "details" and "values" in the middle panel, and a column of cryptic buttons over on the right. (For a crypto system, they've got being cryptic nailed :-/ ).

With those right-side buttons, three seem to do with managing what appears to be the equivalent of OSX's Keychain ("Login", "Change Password", and "Load"), but again if you click on any of those you get asked for the master password -- the lack thereof being the rabbit I'm chasing down this hole. There's also a button labelled "Enable FIPS", but there seems to be no indication of what happens when you click it or what FIPS stands for (if in fact it's an acronym in the first place).

Hilariously, there's also a "Help" button on the bottom of the dialog, but it doesn't seem to be hooked up to anything. Har har har.

----

So, the QUESTION:

Where did this thing come from, and how can one either fix or disable it? If it's like Keychain, and provides some kind of encrypted safekeeping for sensitive form data, I have no problem with doing it "right" and working logged into the subsystem. As it is now though, it's just getting in the way, and I can't figure out how to reliably get it to go away and stay away.

I say "reliably", because on some sites I get the dialog almost every time I follow a link, while on others it's just at the initial login -- I assume that this has to do with how accounts are being managed on the server, but haven't been ablle to pin down what's going on there. One annoyance per site I could deal with, but repeating it all the time like this is really getting on my nerves...

Any help wins an ice cream cone -- TIA :-)

So, much to the delight of every liberal in America, Rush Limbaugh has been caught in a wonderful pair of fuckups this week -- blatant racism, and abuse of a drug that can cause deafness (which it just so happens he came down with a sudden case of a year or two ago -- curious, eh?).

The drug article ran in my new favorite magazine, the National Enquirer. The online version of the Enquirer article doesn't have all the details, but I was thumbing through the paper version in the supermarket yesterday, and it has a copy of an email he sent to his dealer in Florida.

Apparently, Rushie's email address is <rprivate@eibnet.com>.

Again: Rush Limbaugh's private email address is, according to that bastion of journalistic integrity second only to Slashdot, <rprivate@eibnet.com>.

Not that I'm advocating that anyone abuse that nugget of information or anything -- that would be *wrong*, and only commie pinko liberal traitors would want to get this Great Natural Treasure upset -- but if anyone thinks of anything amusing to do with that nugget of information, this commie pink liberal traitor would be your Friend Forever.

According to Macworld UK, Be, Inc. has settled its antitrust suit against Microsoft for $23 million. Microsoft, typically, admits no wrongdoing in the settlement. Readers may recall that Be, maker of the BeOS operating system, brought their suit against the Microsoft back in February 2002. At the time this suit was brought, it was becoming obvious that the US government's antitrust suit against Microsoft was not going to result in any significant punishment for the convicted monopolist. Some observers felt Be's claims that Microsoft's vendor contracts excluded competitors from the market was a stronger case than the browser bundling aspect that the US department of justice pursued, but in the end it seems that Be no longer had the resources to complete the trial. With this case abandoned, the best hopes for a remedy to the Microsoft monopoly now seem to be in the European courts, or with a possible regime change in the USA in 2005.

It looks like the staff at E-Commerce Times have come up with a wonderful new logo for SCO articles, as scaled down to icon size by Google News (and I've stashed a backup of, just in case).

It shouldn't be a Caldera logo anymore anyway. I think a picture of someone shooting themself in the foot is much more apropos.

...now that I think about it, the better thing to do would be to edit the Monty Python foot used for the humor articles, and add firearms as needed. Thus binding in the whole tragi-comic nature of the situation in one fell swoop.