So, I've been overhauling the infrastructure at the ol' hosting coop, and decided: hey, we're acquiring afs tokens using mod_waklog and a $user/daemon kerberos principle, why not use that same principle for authenticating against postgresql? Bonus features: using a user map, the user's primary principle would authenticate as the same database user, and it eliminates another indirection in the auth process (we're using identd now, probably a terrible idea).

And then reality: mod_waklog grabs tokens, but the tickets used to acquire those tokens are not available to any CGI processes. This is correct behavior afaict: being an apache equivalent to aklog, it has no business dealing with kerberos keys. So, mod_auth_kerb is probably the piece responsible for this, right? Maybe. mod_waklog has two modes for acquiring tokens: one wherein you specify the principle and a keytab for a specific location, and another where it will use any tickets previously acquired by another module. So you can grab tokens using mod_auth_kerb for real users entering passwords or forwarding tickets.

In a moment of insanity I though modify suexec might be a good idea. It was, luckily, just a moment of insanity.

So now I'm left wondering if there's even a solution. Since we're offering generic Internet hosting, requiring that members figure out authentication with kerberos in their cgi programs just to access postgresql (and one day mysql, if it can even use gssapi) isn't going to fly. If there is a solution: where oh where does it belong.

My current thinking is that I should add something like Krb5AcquireTickets $principle $keytab (or Krb5LocationPrinciple, or ... whatever, I'm bad at naming things) to mod_auth_kerb. This promises a slight improvement to mod_waklog: all of the code dealing with acquiring tickets could be removed since it appears to only exist since no other modules exist to acquire tickets from a keytab. But something tells me this might still be wrong.

I'm probably doomed. The life of a volunteer sysadmin!

Can I post this and then delete it? Maybe. Does it exist 10 minutes from now? When is now? Why is Hitler, Who is Spain?

I found an interesting heat-map of the United States of America, showing 56 years of tornado tracks by fujita scale. After being on the front-end of one of the tornadoes going through Dexter, MI, I found it particularly interesting that injury-to-death-toll numbers have dropped off significantly and made me think about some of the early warning signals we get now. For instance the Dexter tornado had warnings coming at least 1 hour before the storm hit the area. It was a general warning, but we had tornado sirens screaming at least two different intervals during the period. Some interesting infographics can be found at http://uxblog.idvsolutions.com/. The data comes from NOAA, but you can never tell if the infographic is correct even though the source is correct, but the graphic is interesting.

Continuing with my quest to write at an abyss...

I ended up getting the mytouch 4G Slide (HTC Doubletouch) from newegg ($130 + 24 months further enslavement to T-Mobile + if-you-cancel-within-six-months-you-owe-us-$400 standard reseller crap). And then the despair began, as the Internet informed me I had to do crap like run an untested binary to exploit the userspace and bootloader instead of a simple unlocking procedure... but then a friend who had done something similar let me know that, *phew*, you only had to do that if you wanted the "easy" way of reflashing from Android (before getting your new image installed, naturally).

I just had to use the HTC bootloader unlocker and flash Clockwork Recovery, fastboot flash the kernel, and then use the recovery image to flash the new /system. I.e. the way it had to be done on the G1... yes, much much more difficult than exploiting Linux and some vulnerability in the bootloader...

With that out of the way, I now have CM9 (Android 4.0.3). So far it's running well... my first day battery life was great, yesterday not so much (suspecting something with wakelocks, the phone refused to suspend to ram after I ran maps...). I'm also trying to use as much Free Software as possible: I installed the Google apps for now because ... I am weak, and I like the calendar and maps. But, otherwise, I'm trying only to use software from F-Droid (or things not in F-Droid that are Free of course, but in an ideal world I'd also be submitting those for inclusion). The bad: the keyboard kind of sucks. There's basically no tactile feedback, they removed the tab button for a stupid "www/com" button (hoping I can remap that, but this is Android and not X11), and it's uncomfortably wide. Dear HTC: Please, please, resurrect the Dream's hinge... I thought the hinge would be the first part to fail on my G1, but it was solid until the end. That extra bit of vertical space was nice (5 rows!), and gave a more natural horizontal spacing between keys (I could reach 3/4 of my G1 keyboard with one thumb, now it's about half for each).

Still, Android on a device with lots of processor power and RAM is actually pleasant to use, instead of an exercise in seeing how many profanities you can utter at a device.

And now for MORE FUN: at some point I did an apt-get upgrade to get a slightly newer X server and ... where did my network printer go? Oh no, cups was repackaged and I need to install these new driver packages? They rely on GNOME 3 components... no, no, no is this really happening... thus died my gnome-session + sawfish + xfce-panel desktop :(. I gave GNOME 3 a five minute shot and it confirmed my suspicions: gnome-shell sucks. I have yet to futz with getting fallback mode working with sawfish et al, and am just using KDE 4.7 now. Which is a lot nicer than 4.5, and may actually suffice for my needs. We'll see. The big thing is that it seems to handle multiple monitors reasonably well now (before hotplugging never did the right thing; I have a laptop + 24" display for when I'm at my desk, so I plug/unplug on a daily basis).

I got an HTC Dream about ... three years ago? And two days ago I was merrily using the phone when suddenly the touchscreen stopped responding. I rebooted, hoping it was Android 1.6 being lame yet again and ... where did the audio hardware go? dmesg revealed scads of i2c errors and that was that, time to get a new phone against my will. Because, honestly, I think the G1 is the best phone designed, ever. I'd really like to see a new version with an optical trackpad replacing the trackball (it got a bit less responsive after ~18 months, presumably from dirt) and a slightly larger screen... but otherwise untouched. And, since it croaked after a mere three years of being treated very well, a bit better build quality (hey, HTC, sell the design to Nokia and hit them with the cluebat to make them release more maemo devices). It was good enough for me to lay down my desire for an OpenMoko and compromise on a mostly non-free device yet again...

After a bit of searching, I settled upon this mytouch 4G slide thing. The keyboard is lame and only four rows... emacsing over ssh will certainly become more exciting. But, it was the best device under $250 (+ 24 months further enslavement to T-Mobile) hardware wise and is supported by Cyanogenmod so maybe I won't hate it too much. UPDATES TO FOLLOW (not that anyone reads Slashdot journals anymore).

Hello once upon a time people used Slashdot journals and I think that was pretty neat. I was thinking to myself: "I need to upgrade HCoop's Debian install so that I can install some modern weblogging software and do more than post asinine facebook status updates" and then I realized... Slash!

The system says I have no journal entries, but I could have sworn I wrote a few way back when they were new and I was a lame teenager. Oh well, they're probably best left to the abyss if they even existed at all.

Let's start on a sad note then: there's a shortage of Centennial hops until the fall harvest. Kind of sucks, I hope this isn't indicative of a secretly poor aroma hop harvest last fall (discovering stuff like total hop yields doesn't seem too easy).

But, hey, let's make the best of a potential sharp increase in hop prices: No time like the present to knock out a double batch of my homebrewed IPA (and I just upgraded to a converted keg kettle + 60 qt mash tun with a fancy homemade manifold = hello 10 gallon batches). Mmm... a pound of hops (tasty, until the register displays my total bill ... and then tasty again 8 weeks later).

In the off chance anyone is actually reading this... I'm not too keen on experimenting with the hop bill of this since it tastes pretty good, and is probably the hardest and most expensive thing I brew (failure is agonizing). So ... I've stuck with Citra, but I hear that other hops have similar fruity tastes, ... anyone know whether any of the non-proprietary hops varieties might be reasonable as a substitute? I was unaware of the politics of hop genetics until after I made this recipe, and I kind of want to one day grow all of the ingredients in my back yard.

Moo.

An interesting video was passed to a friend of a friend who subsequently passed it on to me about the original intent and virtues of copyright in America. Not surprisingly the video outlines the original intent of copyright to encourage the creators to bring new content and protect them for a period of time. As the video points out one of the largest instigators of the new rules on time privilege for creators was the Disney Company.

The video is done in a light hearted style that makes understanding copyright easy for the less informed. Please share it with others!

Earlier this month, I was at CES, looking at cool gadgets and shooting some video for Slashdot, and last week I did the same in Detroit at the North American International Auto Show. Since shooting video is something I'm (let's be kind) inexperienced at, esp. with camera-attached doodads (mixer, shotgun mic, lav mic, tripod), this got a bit awkward at times.

I tried a few different bag configurations on the CES show floor. What I finally settled on was this: In my conventional-looking (but Li-Ion battery-equipped!) PowerBag backpack, I carried very little -- basically, my laptop, some food, and whatever paper goods I picked up in the course of the show, like brochures, etc. For almost everything else, I had my Checkpoint Flyer, sans removable laptop case.*

- Mic packs (one receiver, one transmitter), mics (lavalier, handheld, shotgun) and mixer (and a few associated cords) went into the larger outer pocket
- flexible tripod (a Gorillapod knockoff from Vivitar) stuck, with one leg out, in the flexible side pocket
- camera, well padded, in the central portion; I kept its hotshoe mic-mount attached.
- headphone case fit in the smaller of the outer pockets (one of my favorite uses for that pocket!)
- spare batteries, SD card in the flat inner pockets
- notepaper and such in the large (magazine) pocket; gum and pens in the smaller (boarding pass) one.
(This list is not exhaustive; I was carrying wallet and other small things not here accounted for.)

I realized toward the end that the extra attachment points (sorry, custom work -- thanks, Tom! You really should put them on every Flyer ... ) I have on the Checkpoint Flyer mean I could have attached some other things on the outside, in pouches, if I'd thought to bring pouches of the right size.

In Detroit, I did not carry around the backpack, and I switched from the Checkpoint Flyer to my Super Ego. The Super Ego is bigger, but I'm not sure it was actually any better as a video bag, because it lacks the nice top-zipping outer pockets on the Checkpoint Flyer, and it's not quite as easy to swing easily through a crowd. It still worked well for my purpose, though; I could put the camera away quickly in the central storage space when I wanted to have both hands free, and I stashed most cables and mics in the two outer pockets. (No room for the shotgun mic this way, though, so that went in with the camera itself.)

Upshot: Though neither is a specialized video bag (and I felt it at moments), both the Flyer and the Super Ego did a great job as impromptu production assistants ;)

* Why not carry the laptop there? Because I was carrying a laptop too big for the inner case I have. That's why. Why carry the laptop at all? Because I needed it as a middleman to transfer files from my camera to the guy who put them into a watchable form, from the show's press room.

I thought I would mention one of the key activities we have been working on in recent months is our infrastructure. For a long time now, and like many companies, we have been living on older hardware and software. After some solid work by our engineers, esp. PerlJedi we finally got our DB upgraded.

One of the nice things we have now is a set of solid state disks to speed up transaction time. Additionally we will be looking at ways to improve some of the queries and as always check for other technical improvements as we progress.

We're not done yet. There are other things we intend to change in the near future including our web app server. We are also slating a number of features in 2012 that we are very excited about.

We'd love to hear feedback from you our readers. Is the site a little more responsive? Can you feel the raw power of our new servers?

I have been reviewing (again) the responses from our last user poll about what you like/dislike about /.. In summary it looks like there is a concern about commenting and story submission. We have spent the last couple of months working on those items and I think the engineering team has done a good job of fixing some problems that have been plaguing the system for some time (new comment loading, submission form, cleanup layout, etc., see: Vroom). We are in the final stages of working out some other basic system enhancements that we believe will fix the foundation of Slashdot and bring hardware and software up to date. These should provide a faster and more reliable experience. (see: PerlJedi)

We have also had some pro/con responses to the social media interaction and continue to tweak those items to make them more usable without getting in the way of really reading /. Hopefully some of these changes are making the site easier to see/use/interact with. We have also gotten a lot of feedback about abuse on the system and continue to work on that as well as providing a more robust moderation and hand out of mod points.

I have spent some time recently looking over moderation and understanding some of the tweaks around it. Also spent a lot of time looking at comments in live stories and reading emails from site users about modding. Typically the messages range from astroturfing to people with a vendetta.
So my questions to you are:
Is /. moderation broken?
Is /. moderation out of date?
What would you use to help manage signal-to-noise?

Since I have been with the team and interact more closely with /. I have come to the conclusion that this platform is really one of the original and best sites for social interaction and media. One of the key points that I have noticed though is that we have done a poor job of making it easier for people to communicate and create interaction.
First of all the registration on /. helps to create a community and causes us to be accountable for our words and deeds. If you are gonna say it, at least stand behind what you say. Second, those that are not familiar with the concept of Friend & Foe, should look into the friend feature on the site. Registered users can click on any other registered user account and choose to mark those people as friends or foes on the site. The cool part about this is that you can then see your friend's comments on the site as well as any other potential friend relationships. My experience with this is that I get a broader view of opinions from friends and from folks who are not friends too.
What I envision is not something sappy or invasive as Facebook or the many other "social media" sites, but something that allows me to more easily see and create these relationships so I can see and participate better in conversations with my friends and their friends too.
My question to you is, Do you see social ties on /. helping you get a better world view of Nerd News?

I haven't posted a journal here in almost three years, because I couldn't find the button to start a new entry. ...yeah, it turns out that it's at the bottom of the page.

So... hi, Slashdot. I used to be really active here, but now I mostly lurk and read. I've missed you.

While reading through your responses to the reader survey from a couple months ago a couple things were clear. You both love & hate comments. You love the insightfulness of our readers, you hate trolls, and there are a number of things currently getting in the way from you being able to navigate through discussions as easily as you might like to.

Load All Comments

The number one thing that kept coming up in comments was an annoyance at not being able to see all the comments right away when you loaded a page. We'd previously made a design decision to show 50 comments to make for a fast page load, while allowing you the user to load more comments. (It should be noted if you login you can change your default view to 250 comments). The major nuissance many of you noted was that if you wanted to load all comments before reading a discussion you'd have to scroll down to the bottom of the discussion & mash on the button multiple times to load the entire conversation & then scroll up to the top to begin reading the discussion. One change we added a week ago or so was a 'Load All Comments' button at the top of the discussion to get around this annoyance.

Number of Initial Comments Shown

Another thing many of you noted was not liking only seeing 50 comments for your initial view. We bumped that number to 80 for an incremental change, and could be further increasing it as we monitor changes to page speed, and other comment dynamics.

Fix for Mod Point Allocation

About a week ago we corrected a bug with mod point allocation which brought a lot of new people into the moderation pool. The number of people moderating, and number of moderations done has gone up significantly as a result of this.

Comment Preview Speed

As part of our comment posting (and submission) processes we have some security checks that take a lot of time. Unfortunately for users many of you spent more time than you needed to waiting for the comment preview to come back while this check was occurring. We recently made a change to do this processing in the background when you trigger a reply form, as a result you should spend less time waiting to preview or submit a comment. Instead of making you wait to preview a comment we're doing processing in the background while you're typing up your comment. We made similar changes to the submit process. There may be further speed improvements later but this is a start, and should be fairly noticeable to frequent commenters.

Comment Threshold Inconsistencies

Another problem that was fixed recently was that comments above your threshold, that were children of lower rated comments didn't always appear. As a result the numbers on the slider for 'Full', 'Abbreviated', and 'Hidden' didn't necessarily reflect what was in the discussion. As of today that should be corrected, surfacing all the comments that should be surfaced by your selected threshold.

More to Come

We're by no means done with improvements to the comment system. Comments are in many ways one of the things that sets Slashdot apart so we want to continue working to make discussions easier to navigate, make interesting comments easier to find, and surfacing the insights within our community that set our community apart from many other places on the web.

Governor Martin O'Malley
100 State Circle
Annapolis, Maryland
21401-1925

Dear Sir:

Now that both Arizona and Utah have named official state firearms (Colt Single Action, and John Browning's immortal 1911, respectively), I think it's time that the great state of Maryland upstage these upstart also-ran states -- more like territories, really -- by officializing an official firearm as well. After all, Maryland has what is truly the most martial of all state songs. Citizens of what other state are enjoined to "remember Howards warlike thrust," or "avenge the patriotic gore that flecked the streets of Baltimore"?

Further, as a born Marylander, I have a gun in mind that reflects well the government of Maryland's view of citizens' right to carry arms for their own self defense and in the defense of liberty. Please consider any of the options from this entire line of products.

Of course, in light of modern circumstances in the Old Line State, the actual gun chosen should be locked up and behind glass, rather than out endangering the children.

Cordially,

Timothy Lord