Updated: Never — Philip's Blog

It is amazing how patches have a tendency to pile up on laptop disks. While MFC'ing a silly change this afternoon, I accidentally typed svn diff in $HOME/projects/freebsd/head/sys and the output was rather interesting.

In addition to random patches that occur to me while I'm sitting on the train, I have a good chunk of syscons changes that I really should put somewhere safely.

Laptops are dangerous. Not only do they burn your lap -- and other sensitive areas -- they allow you to do work which is very easy to forget about (and then lose).

Time to sort through this mess and send out some patches.

For the last couple of hours, I've been playing with Firefox 3 to make it behave. I have blogged at length about how "userfriendly" basically means looking pretty and not working. The good thing about Mozilla is that "userfriendly" is only its default state. With a bit of fiddling, you can actually make it work.

So, without further ado: "Philip, how do you make Firefox 3 work?"

First, install a couple of mandatory extensions:

• Tiny Menu reduces the space-wasting "menu bar" at the top of the screen into a single button.
• Littlefox halves the screen real-estate hogged by the browser giving webpages a bit more Lebensraum. It also obliterates the ghastly pastel default look.
• Adblock Plus I don't need to explain. Don't forget to whitelist those couple of advertising-run websites which are worth it -- like http://fxr.watson.org/ for instance.
• Download Statusbar turns the preposterous "download window" into a more sensible and less intrusive toolbar.
• FaviconizeTab squashes up the tabs you always leave open.
• oldbar: restores the behaviour of the address bar.

Install the nullflash plugin to stop Firefox whining about that "Flash" plugin you don't have.

When you've done that, move the back/forward/reload/stop/home buttons, the address bar and the search bar next to the "Menu" button and hide the navigation and bookmarks toolbars.

Halfway there.

Now get rid of the nonsense that's been piled on the address bar by wielding the medium hammer in userChrome.css:

/*
 * Remove nonsense from the address bar.
 */
#star-button { display: none !important; }
#go-button { display: none !important; }
#feed-button { display: none !important; }
#urlbar-search-splitter { display: none !important; }

Finally, use about:config to set browser.xul.error_pages.expert_bad_cert to true, so you can visit sites which use self-signed certificates a bit less painfully.

There you go!

Since there was a call for testers on the freebsd-ports@ mailing list about Mozilla Firefox 3, I decided to give it a go. I had to patch the Makefile not to pull in dbus-glib as an unconditional dependency. I don't believe in D-Bus and don't want it on my system. If I allow Firefox to link with it, it would be the only thing sitting on the message bus too, which feels a bit crazy.

So, Firefox 3. The Mozillians have been sniffing way too much of the userfriendly glue. I already blogged about the too much handholding and the way they've confused security and trust when I tested one of the early betas.

Since I last tested, a workaround has been added to reduce the userfriendliness and increase the usability of self-signed certificates: setting the browser.xul.error_pages.expert_bad_cert option to true roughly halves the number of hoops you have to jump through in order to get the certificate recognized. Great.

The idea of bookmarking also seems to have become even more entrenched in the browser since my last test. I have never really used bookmarks. I've recently started vaguely using del.icio.us but bookmarks really aren't my thing. I guess some people must be into the idea though.

Using tinymenu and littlefox and some creative interface reshuffling, it's still possible to hide most of the bookmark nonsense so that it doesn't get in the way. The only thing I haven't been able to get rid of yet, is the new "add bookmark" button that has been added to the address bar. I'm sure a way exists, I just need to find it.

Overall, despite the userfriendliness, Firefox 3 is an improvement. It feels a bit faster and it still renders the stuff I want it to render fine. It's still a webbrowser though. Nothing to get overly excited about. More than 90% of the stuff being delivered over HTTP is worthless and it's only getting worse. Firefox 3 with enough extensions and some creative tweaking to make it less userfriendly and more usable allows you to sift through the crap in relative comfort.

I will try to resist the urge to downgrade again. Maybe if I feel sufficiently bored, I'll cook up a patch to make LANG=C less usefriendly and more useful. Don't hold your breath.

Belgian farmers are unhappy. When Belgian farmers get unhappy, they want everyone else to be unhappy too. Using tractors and with a little help from friendly taxi drivers and truckers, they basically shut down Brussels for a day.

Charming people.

Their protest doesn't particularly bother me personally. I don't need to be anywhere near Brussels and I use a bike and public transport to get around.

In other words, if it weren't for one small detail, I would have probably completely ignored this whole nonsense in the newspapers and not wasted any time blogging about it.

What is the small detail, you ask?

The farmers are unhappy about high prices of fuel. They are unhappy about a number of other things too, but they are making a point of complaining about fuel prices.

So who came up with the bright idea of using these fuel-hungry machines to blockade the capital instead of ... well, farming?

This whole macho display of noisy pollutants will accomplish precisely nothing. Remember that we have a government composed entirely of short-sighted right-wing conservative incompetents who are way too busy practising linguistic racism and similar idiocy to spend any time at all on the economic welfare of the country they are supposedly governing.

At best, the politicians will find it's a bit noisy out while they're wasting time and money on fictitious non-issues. Close the windows and crank up the airco. "Where were we again? Oh yes, we were going to try to estrange one half of the population from the other half some more".

In other words, instead of burning expensive fuel to produce stuff which can be eaten and exported, our agricultural friends are basically pointlessly polluting the capital while shutting down much of the economic activity that takes place there.

Very clever.

Haven't those of us who run small companies all been there?

Late payments suck.

More and more websites seem to be showing that funny OpenId logo and more and more people I know appear to be quite lyrical about the stuff.

Still. I'm a skeptical bastard. I wonder if OpenID is not a solution looking for a problem, like so many "Web 2.0" technologies.

Using the same username and password everywhere would of course be unbelievably stupid. If one site is broken (or run by a sneaky and enterprising individual), your identity is effectively owned.

I am still using the good old paranoid method of dealing with the plethora of websites that want me to create "accounts" and would like me to create a username and a password to log in to them.

Ever since the beginning of time, I've been generating different passwords for the sites that want them, and storing them in a file on an encrypted volume. Over time, of course, that list has become rather long:

% grep http /cryptostick/keys/passwords.txt | wc -l
207

Many of the sites in that file, I've probably not visited in the last many years, some of them probably don't exist anymore. Not a problem, the amount of data I'm storing about them is probably on the same order of what I once told them about me: very little.

So back to OpenID: if I understand it correctly, it would replace this simple plain text file I keep on an encrypted volume with a whole infrastructure of XML-communicating "things", any of which could possibly break, any of which would be - like anything XML - hideously difficult to debug and, most importantly, like any "web technology", unbelievably volatile and subject to becoming obsolete at the drop of a hat.

I can think of any number of other things that can and will go wrong.

It's a "web technology". People rely on PHP and other security holes, and we all know what happens to infrastructure built on a foundation of wet tissues. After a couple of months, some bright spark comes up with "2.0", also built on wet tissues but now they're "layered". Or something. Try to follow the metaphor.

In any case: either your identity is completely and utterly up for grabs, or you've invested a lot of time (and possibly money) in a very complicated (though probably very pretty) infrastructure which is now completely obsolete.

At the same time, my trusty text file on its encrypted volume (with its backup on dead tree stored somewhere physically secure) celebrates its tenth birthday and still works as well as the day it started as an empty file.

I'll stick to "Web 0.9", thank you. I don't think I could handle the stressful life of "developing for the web". It's so much more relaxing in the kernel, where standards develop at glacial speeds. bliss.

I was looking for something this morning. The laws of the universe demand that when you're looking for something - anything! - you will find any number of things you didn't remember you ever had. If you're a geek, you'll have so much fun playing with these things that you're very likely to forget what it was you were looking for in the first place.

So I found a stack of floppies.

This made me realize that a significant number of people I see on the train in the morning wouldn't recognize these things. In many ways, the floppy is like the LP. Which is another thing they wouldn't recognize.

It's funny how quickly the USB stick has completely taken over the role of the venerable floppy in the Sneakernet. Not to mention how large the average file has become.

Floppies could store anything from a couple of thousand of bytes to nearly one and a half million bytes. Most of the files on my disk are larger than that now.

These days, you can put millions of floppy-equivalents on a single USB stick.

The USB stick fits in your pocket and will even be readable after you take it out of your pocket.

Scary...

I would love to see if any of these floppies are still readable, but I don't seem to have any machines powered on with a drive.

It's the "libintl.so version bumped, time to recompile just about everything" time of the year again. Yes, I know that if I were to use a binary-based package manglement system, I wouldn't need to recompile, but I'm not interested in that. I don't mind the recompiling per sé either. To me, the benefits of source-based package management far outweigh the disaster that I consider binary-based package manglement to be. Your opinion may well differ.

This rant is not about package management methods though. Please save your comments for another day. I promise there will be other things in this post for commenters to get upset about. :-)

When working with computers, I prefer to think in English. I know a number of more interesting languages than English, but when working with computers, English is just the path of least pain. I don't want software to speak any other language to me. I like having a (roughly) direct mapping between garbage spewed on stdout and stderr and calls to printf() and friends in the code. It makes debugging marginally less painful.

Basically: I don't want localization. I don't mind if other people want it, but I want nothing to do with it.

In particular, I don't want to be affected when the people who maintain gettext decide that it's time to bump the version of libintl.so. In fact, I would be a very happy man indeed if I didn't have libintl.so on my system at all.

Most ports I use understand and respect WITHOUT_NLS= and don't link with libintl.so and don't register a gettext dependency. Some ports (like devel/glib20) however, pull in a dependency on gettext unconditionally, and this is where the trouble starts.

The perceptive reader has by now realized that this is another episode in the interminable "autotools is evil" saga.

When autocrap finds libintl.so on the system, it will halucinate madly and decide that since I have this file sitting on my filesystem (in /usr/local/lib, no less!), I obviously want to have random things linked with it.

This presumptious behaviour is stupid and broken.

Ports that understand and respect WITHOUT_NLS= do this by adding flags to configure or patches to inhibit autocrap checks for libintl.so and hope that this continues to work from version to version. Port maintainers can't be expected to check this all the time.

Inevitably, after a certain amount of time, even if you have WITHOUT_NLS= set, there will be a number of things unexpectedly linked with libintl.so on the system. Since they have no dependency on gettext registered, they won't be caught by the portupgrade -rf gettext dance.

Unfortunately, autotools has become so pervasive and ingrained in the open source world, that there is no real solution to the problem. Even if you could somehow fix autocrap not to cause linking with random libraries it finds, people would continue to use old versions which haven't been fixed.

This is not the real reason it will never be fixed though.

The real reason the problem will never be fixed is that a very loud group of people believes that linking with random libraries just because they're there is userfriendly. The fact that many of these people can't tie their shoelaces without ungrammatically asking for help on Usenet doesn't really matter.

It's userfriendly. Clearly, we can't go around fixing bugs that need fixing when the buggy behaviour is userfriendly.

You can't argue with userfriendly.

Whatever happened to "Unix is just picky about its friends"?

I wonder if I'm the only person who has noticed that there is practically no whining or moaning about Subversion by the people who are actually using it.

There is a lot of drama out on the internetwebs about FreeBSD's migration to Subversion, but it's pretty much all from people who don't use FreeBSD let alone commit to src. (And I'm not talking about the comments on my blog - my readers are very mature and civilized, I'm very grateful and feeling lucky.)

Lots of people shouting that "Distributed Version Control Is So Much Better" and "Centralized Development Is So 20th Century, Distributed Is The Only Way". Meanwhile in the repository, all seems to be going quite well. Code is being checked in, code is being merged, the CVS exporter works and the infrastructure is slowly but certainly starting to fall into place.

People even have time for pointless bikeshed-painting.

There is certainly something to be said for distributed development. But there's an expression that goes don't change a winning team. The FreeBSD Project delivers a fully integrated operating environment and prides itself on its high-quality centralized revision control history. Subversion is working out great!

And people complain about my CAPTCHAs... Despite the CAPTCHAs, I'm still getting some comment spam. Strangely, it seems to come in "bursts" and the assholes always target the same entries to spam.

I wonder how they're getting past the CAPTCHAs.

Oh well... I've added a blacklist of words I don't expect to see in comments. If you run into the blacklist (unlikely), try a synonym. Be creative. :-P

Spam sucks.