jhead -n%Y%m%d-%H%M%S -ft *.JPG

This would rename all the photos dumped in the current directory using the YYYYMMDD-HHMMSS format. And even if some app you have doesn’t sort by the file name, this command would change the modification time of all the photos to the time the photo was taken.

And yes, it is a good idea of using this time format and not the default MMDD-HHSS format, else trips on the year end (like ours, this time) would get messed up while sorting.

The problem – command line programs like fetchmail use the system wide openssl CA certificates to verify the authenticity of the server certificates they are provided when they connect to an SSL server like POP3 or IMAP.

Sometimes, you will have providers like Dreamhost, who will get smart and ditch the atrocious certificate issuing set up we have right now, and give you a self-signed certificate to verify their servers.

So fetchmail will, for example, belch out this error message every time they connect to Dreamhost’s mail servers:


$ fetchmail -v --nosyslog
fetchmail: 6.3.9-rc2 querying homie.mail.dreamhost.com (protocol POP3) at Saturday 08 August 2009 02:12:28 AM IST: poll started
Trying to connect to 208.97.132.208/995...connected.
fetchmail: Issuer Organization: New Dream Network, LLC
fetchmail: Issuer CommonName: New Dream Network Certificate Authority
fetchmail: Server CommonName: *.mail.dreamhost.com
fetchmail: homie.mail.dreamhost.com key fingerprint: 17:F7:F2:FF:4A:9D:C3:D3:2B:8A:E9:12:47:C4:A4:28
fetchmail: Server certificate verification error: unable to get local issuer certificate
fetchmail: Server certificate verification error: certificate not trusted
fetchmail: Server certificate verification error: unable to verify the first certificate


While you can mostly ignore this (Dreamhost itself says they don’t care much about the “chain of trust” – all they care about is the encryption), you might want to be a little more careful and use the “sslcertck” keyword while connecting to your mail servers. This keyword will force fetchmail to only attempt fetching the mail if the issuer of the server certificate strictly matches a CA in your local CA certificates.

Note that this strict certificate check is going to be the default setting in fetchmail any day now. So you might want to pay more attention to these fetchmail warnings right now before they bite you later.

Dreamhost provides the CA certificate which issues their server SSL certificates here.

Installing this in Ubuntu was pretty simple once you know the program involved. So while this example is about Dreamhost, you can similarly install any CA certificates (even your own).

Steps are:

1. Create a directory for the issuer under /usr/share/ca-certificates/.
   mkdir /usr/share/ca-certificates/dreamhost
2. Copy the CA certificate file into this directory. Use this directory to consolidate all the CA certificates of the common entity.
   sudo cp ~/ndn.ca.crt /usr/share/ca-certificates/dreamhost
3. Update the CA certificate hash symlinks used by openssl. This will open a text dialog asking you to confirm the CA certificates to be marked as trusted. Out of the box, a typical modern Linux distro would have a long list of certificates which would already be marked as trusted. You have to search for the authority you just copied (it would be unmarked), mark it and select OK.
   sudo dpkg-reconfigure ca-certificates

That is it! Next time your run fetchmail, the CA warnings should have gone.

Note that GUI programs like Firefox and Thunderbird have their own CA storages and therefore their own process of adding CA certificates. Modern versions of these programs make it pretty easy to add them using a just a few clicks. This post was about installing them for mostly CLI based programs like fetchmail.

Another note, it seems that on Ubuntu, Postfix needs the config parameters smtp_tls_CApath and smtpd_tls_CApath to be set to /etc/ssl/certs to verify server and client certificates respectively.

So I decided to do the next best thing – I have started using the latest official Flickr Uploadr for Windows in Ubuntu using Wine. No, it doesn’t work out of the box. It just takes an additional step.

1. Install wine. (apt-get install wine)
2. Download winetricks from http://wiki.winehq.org/winetricks. This is a small script which automates installation of common wine program dependencies.
3. Install MS Visual C++ 2005 libraries. (sh winetricks vcrun2005). Some messages which look like errors come on screen. Ignore these.
4. Download Flickr Uploadr Windows executable from http://www.flickr.com/tools/uploadr/.
5. Install it! (wine FlickrUploadr-3.2.1-2009.06.02.01-en.exe)

That is it! Find Flickr Uploadr installed in your menu at Applications->Wine->Programs.

My IP address.

sandipb@pluto:~$ wget -O - -q http://www.whatismyip.com/automation/n09230945.asp;echo
122.167.0.79
sandipb@pluto:~$ host 122.167.0.79
79.0.167.122.in-addr.arpa domain name pointer ABTS-KK-Dynamic-079.0.167.122.airtelbroadband.in.


Akamai CDN for downloading Adobe AIR.

sandipb@pluto:~$ host airdownload.adobe.com
airdownload.adobe.com is an alias for airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com is an alias for airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net is an alias for a1396.g.akamai.net.
a1396.g.akamai.net has address 203.101.62.10
a1396.g.akamai.net has address 203.101.62.11
sandipb@pluto:~$ host 203.101.62.10
10.62.101.203.in-addr.arpa domain name pointer dsl-KK-static-010.62.101.203.airtelbroadband.in.


I am downloading from a server co-located at my ISP. Industry standard in US, but I feel really great for this to be happening in India.

Imagine. Download server in India, three hops, 25 ms away!

sandipb@pluto:~$ mtr -i 10 203.101.62.10
My traceroute [v0.73]
pluto (0.0.0.0) Thu Apr 23 01:41:38 2009
Packets Pings
Host Loss% Snt Last Avg Best Wrst StDev
1. 192.168.1.1 0.0% 1 1.1 1.1 1.1 1.1 0.0
2. ABTS-KK-Dynamic-001.0.167.122.airtelbroadband.in 0.0% 1 25.4 25.4 25.4 25.4 0.0
3. ABTS-KK-Static-173.32.166.122.airtelbroadband.in 0.0% 1 24.9 24.9 24.9 24.9 0.0
4. ABTS-KK-static-008.32.144.59.airtelbroadband.in 0.0% 1 39.0 39.0 39.0 39.0 0.0
5. dsl-KK-static-010.62.101.203.airtelbroadband.in 0.0% 1 25.0 25.0 25.0 25.0 0.0


Lesson learnt: OpenDNS hurts all this goodness

Thank goodness, I moved off opendns today. This is what opendns was giving me all this past year that I was using it.

sandipb@pluto:~$ dig @208.67.222.222 airdownload.adobe.com
...
;; ANSWER SECTION:
airdownload.adobe.com. 85521 IN CNAME airdownload.wip3.adobe.com.
airdownload.wip3.adobe.com. 218 IN CNAME airdownload.adobe.com.edgesuite.net.
airdownload.adobe.com.edgesuite.net. 20721 IN CNAME a1396.g.akamai.net.
a1396.g.akamai.net. 20 IN A 204.2.160.24
a1396.g.akamai.net. 20 IN A 204.2.160.34


sandipb@pluto:~$ host 204.2.160.24
24.160.2.204.in-addr.arpa domain name pointer a204-2-160-24.deploy.akamaitechnologies.com.
sandipb@pluto:~$ ping -c 1 204.2.160.24
PING 204.2.160.24 (204.2.160.24) 56(84) bytes of data.
64 bytes from 204.2.160.24: icmp_seq=1 ttl=54 time=259 ms


A download server 260ms and 11 hops away in US.

Using opendns is breaking anything which uses CDN. Now I have used opendns for a while and it is nice at its work. But believe me, we spend more time downloading videos and text than querying DNS, and if you have a DNS cache at home (like djbdns) or even your ISP’s DNS, it works a lot as well.

However, my pet grouse for a long time was that the PDFs, which look excellent on screen don’t seem to print too well on paper. A close examination and various posts on mailing lists like this made me discover the fact that this is primarily because of the Computer Modern fonts used by default by texinfo.

Interestingly, the GNU Press folks which print FSF manuals customize the PDF by modifying fonts etc. so that they print better. At the very minimum, they replace the Computer Modern font with Palatino which prints better. And in the FSF’s spirit of sharing code, these customizations are available for download at the Savannah Gnupress project cvs repository. A look here and at some brief instructions here let me arrive at these simple steps to generate a texinfo PDF with palatino fonts.

1. Check out the CVS sources of GNU Press from the savannah repository. Here I am checking out in my home directory.
   cvs -z3 -d:pserver:anonymous@cvs.savannah.gnu.org:/sources/gnupress co gnupress
2. Download the texinfo sources that you want to generate PDF from.
3. The first time, generate a pdf the normal way using texi2pdf.
   
texi2pdf --clean gdb.texinfo

   This step is important as sometimes the document is broken and cannot be parsed by texinfo. Trying to use the gnupress’s code will only make it more difficult to troubleshoot and will introduce an unnecessary variable to consider while debugging. I have seen the downloadable libc texinfo sources as broken. So this i a realistic possibility.
4. Modify the texinfo source code by adding just this one line immediately after the line containing \input texinfo at the top of the file.
   
@input palatino


   So effectively, this would the how the top of the document looks after you added the line.
   
\input texinfo @c -*-texinfo-*-
@input palatino
@c Copyright (C) 1988, 1989, 1990, 1991, 1992, 1993, 1994, 1995, 1996, 1998,
@c 1999, 2000, 2001, 2002, 2003, 2004, 2005, 2006
@c Free Software Foundation, Inc.
@c
@c %**start of header
@c makeinfo ignores cmds prev to setfilename, so its arg cannot make use
@c of @set vars. However, you can override filename with makeinfo -o.
@setfilename gdb.info
...


5. Generate the pdf using texi2pdf and the gnupress code. I checked out their code in my home directory. If you checked out elsewhere, adjust paths accordingly.
   
texi2pdf --clean -I ~/gnupress/texpress/ -I ./ gdb.texinfo


That is it!

So I decided to only archive un-encrypted PDF statements from now on. I consider this as a very legitimate reason to bypass PDF encryption and do not see any legal (or at least moral) reason for doing so. So you corporate lawyers looking for a DMCA victim, get out of my face.

For years, I have been using pdftk on my Ubuntu systems to manipulate PDFs. However, it being written in Java, installing it pulls in, among other things, the gcj runtime, etc. It was a minor irritation all this while. However, things finally came to a head when it refused to decrypt my credit card statement. PDFs have the concept of an owner password and an user password. The person who creates the PDF can set either one or both. Apparently, the ICICI credit card statements come with an owner password apart from an user password., and pdftk refused to decrypt the pdf without the owner password while all I had was the user password.

I searched around the net, and discovered another pdf manipulation gem, lying in the Ubuntu repositories no less, which can do what I want: QPDF.

So here is how I went around decrypting my statement.

$ sudo apt-get install qpdf
$ qpdf --decrypt --password=mypassword input.pdf output.pdf
$ evince output.pdf #to check if it asks for password

That is it!


mutt -f .news/ -e 'set confirmcreate=no; set delete=no; push "T.*<enter>;snews<enter><quit>"'


(Gleaned from this mailing list post )

Most of the technical arguments that FOSS evangelists have, fall apart when you are talking about Apple and Mac Os X. Mac Os X has very less, if not none, of the perceived instability of Windows. Default applications bundled with the OS do quite a decent job for many users. And OS being based on BSD itself makes most of the arguments about unix-better-than-windows moot. On top of this, a significant number of well known FOSS folks use Macs. I have seen several photos of FOSS conferences where a large number of the people were using Macs (I am assuming they use Os X. I could be wrong).

So the only argument left to fight about against Apple is the philosophical angle, one that has always been the toughest to get across.

I see this problem becoming bigger as Apple makes further inroads. According to some market reports, they already are a market leader in $1000+ notebooks, and have increased their share to ~10+% in new PC sales in US.

Accordingly, it is very important that FOSS evangelists make sure that their arguments make as much relevance to Macs as to Windows. Stop talking about BSODs, or Viruses, etc. Talk more about the evils of closed source software.

Now YOU have an incentive to go read the essay to find out whether I make sense.

One thing I do feel pretty certain of is that if you’re against software patents, you’re against patents in general. Gradually our machines consist more and more of software. Things that used to be done with levers and cams and gears are now done with loops and trees and closures. There’s nothing special about physical embodiments of control systems that should make them patentable, and the software equivalent not.

Unfortunately, patent law is inconsistent on this point. Patent law in most countries says that algorithms aren’t patentable. This rule is left over from a time when “algorithm” meant something like the Sieve of Eratosthenes. In 1800, people could not see as readily as we can that a great many patents on mechanical objects were really patents on the algorithms they embodied.

Yes, we believe that the patents system has moved much away from it’s original purpose but we especially believe the problem is in software patents/algorithms. Saying that algorithms nowadays are more complex and therefore is ok to patent is incorrect. Algorithms get built over others and with knowledge of previous algorithms, a lot of people are near about the same distance from the frontier. The chances of different people hitting the same method to solve a problem is much higher now than before. This is especially true in the entrepreneurial culture (startups) of today.

To be patentable, an invention has to be more than new. It also has to be non-obvious.

I have heard this several times. How do you define “obvious”? Leaving such a significant issue to such an ambiguous term itself breaks the system.

Applying for a patent is a negotiation. You generally apply for a broader patent than you think you’ll be granted, and the examiners reply by throwing out some of your claims and granting others. So I don’t really blame Amazon for applying for the one-click patent. The big mistake was the patent office’s, for not insisting on something narrower, with real technical content.

So the system requires applicants to attempt to overreach? And what is the implication of that on public freedom?

Where Amazon went over to the dark side was not in applying for the patent, but in enforcing it. A lot of companies (Microsoft, for example) have been granted large numbers of preposterously over-broad patents, but they keep them mainly for defensive purposes. Like nuclear weapons, the main role of big companies’ patent portfolios is to threaten anyone who attacks them with a counter-suit.

Another example of how patents have moved away from their original intent. They are no longer an incentive to invent. They are more like tactical business weapons. Used as defense by the very people who have caused this situation to come about.

We tell the startups we fund not to worry about infringing patents, because startups rarely get sued for patent infringement. There are only two reasons someone might sue you: for money, or to prevent you from competing with them.

So startups, the really innovative side of the business today(Paul says the same thing at the end), don’t need patents to innovate? I find this argument very inconsistent myself. I thought most startups nowadays, who focus on innovation(rather than just providing “solutions”), measure their success by the patents they manage to claim. But again, why have a system when it is not needed by the same people whom it is supposed to help?

If your startup grows big enough, however, you’ll start to get sued, no matter what you do. If you go public, for example, you’ll be sued by multiple patent trolls who hope you’ll pay them off to go away.More on them later.

In other words, no one will sue you for patent infringement till you have money, and once you have money, people will sue you whether they have grounds to or not. So I advise fatalism. Don’t waste your time worrying about patent infringement. You’re probably violating a patent every time you tie your shoelaces.

Well, this is exactly the problem we talk about.

We do advise the companies we fund to apply for patents, but not so they can sue competitors. Successful startups either get bought or grow into big companies. If a startup wants to grow into a big company, they should apply for patents to build up the patent portfolio they’ll need to maintain an armed truce with other big companies. If they want to get bought, they should apply for patents because patents are part of the mating dance with acquirers.

See how a system which was supposed to be a vehicle of invention is now more of a business weapon?

Frankly, it surprises me how small a role patents play in the software business. It’s kind of ironic, considering all the dire things experts say about software patents stifling innovation, but when one looks closely at the software business, the most striking thing is how little patents seem to matter.

I am confused now. What are we talking about here?

I’m not sure what the proportions are of the preceding three ingredients, but the custom among the big companies seems to be not to sue the small ones, and the startups are mostly too busy and too poor to sue one another. So despite the huge number of software patents there’s not a lot of suing going on. With one exception: patent trolls.

Patent trolls are companies consisting mainly of lawyers whose whole business is to accumulate patents and threaten to sue companies who actually make things. Patent trolls, it seems safe to say, are evil.

…

Patent trolls seem to have caught big companies by surprise. In the last couple years they’ve extracted hundreds of millions of dollars from them. Patent trolls are hard to fight precisely because they create nothing. Big companies are safe from being sued by other big companies because they can threaten a counter-suit. But because patent trolls don’t make anything, there’s nothing they can be sued for. I predict this loophole will get closed fairly quickly, at least by legal standards. It’s clearly an abuse of the system, and the victims are powerful. [8]

But evil as patent trolls are, I don’t think they hamper innovation much. They don’t sue till a startup has made money, and by that point the innovation that generated it has already happened. I can’t think of a startup that avoided working on some problem because of patent trolls.

So do startups innovate for the sake of innovation? And it is not about getting big one day? or not about getting rich one day? I consider this as a convoluted logic. Like saying “don’t worry about robbers till you have money they can rob”. It seems to make sense till you realize that most people don’t exactly like to live a life of penury.

One thing I can say is that 99.9% of the people who express opinions on the subject do it not based on such research, but out of a kind of religious conviction. At least, that’s the polite way of putting it; the colloquial version involves speech coming out of organs not designed for that purpose.

Guilty as charged.

Whether they encourage innovation or not, patents were at least intended to. You don’t get a patent for nothing. In return for the exclusive right to use an idea, you have to publish it, and it was largely to encourage such openness that patents were established.

Before patents, people protected ideas by keeping them secret. With patents, central governments said, in effect, if you tell everyone your idea, we’ll protect it for you.

Given a choice between software patents or software trade secrets (encrypted php code, anyone?) what would you prefer? I would much prefer the latter. It is so much more of a level playing field that way – at least for FOSS. It would also give a more relaxed environment for innovators to work in.

In the software business I know from experience whether patents encourage or discourage innovation, and the answer is the type that people who like to argue about public policy least like to hear: they don’t affect innovation much, one way or the other. Most innovation in the software business happens in startups, and startups should simply ignore other companies’ patents. At least, that’s what we advise, and we bet money on that advice.

The only real role of patents, for most startups, is as an element of the mating dance with acquirers. There patents do help a little. And so they do encourage innovation indirectly, in that they give more power to startups, which is where, pound for pound, the most innovation happens. But even in the mating dance, patents are of secondary importance. It matters more to make something great and get a lot of users.

So he ends the essay with a complete contradiction. Why have a system which doesn’t work the way it is intended to?

<rant> What have they done to the language when I was gone? It is no longer the simple language as before. The decorator syntax looks so .. well, Perlish. List comprehensions, in some ways very inappropriately named, took a few moments to sink in. It is great that it is concise, but then .. so was Perl! Look where it got “them” – Concise Perl programs looks not too different from a binary file open in a text editor.
</rant>

There are so many changes to the language since 1.5.2. Does anybody know a place where I can get a list? I am already quite late. They are already discussing about the next major version now.