On software liability laws

I came across this interesting opinion on software liability.  Just to keep them here for the context, the suggested software liability rules include the following:

  1. Consult criminal code to see if any intentionally caused damage is already covered.
  2. If you deliver software with complete and buildable source code and a license that allows disabling any functionality or code by the licensee, then your liability is limited to a refund.
  3. In any other case, you are liable for whatever damage your software causes when used normally.

Which sounds reasonable from the position of “let’s sort the security issues”.  Even though I’m not a big believer in legal system when it comes to technology issues.  But then, there is this:

The software houses would yell bloody murder if any legislator were to introduce a bill proposing these stipulations

with which I personally disagree.  I think software houses that do quality work wouldn’t mind at all.  The people who would mind are the clients of software houses.  Quality always comes at a cost.  And raising quality of software immediately means rising the cost of software.  And the majority of clients (in my experience) don’t care about quality to the point where they would pay for it.  And there are plenty of examples in other industries – food, automobile, furniture, clothes, etc.

Basically, this all just reiterates my points of security and privacy are mythical and/or dead.  Mostly, because most people don’t care enough.

Vagrant adventures on Fedora 21

I spent a large chunk of yesterday experimenting with Vagrant on my Fedora 21 laptop.  I’ve used it before of course, but a friend asked for help with something I was planning to play with for a long time, so it unexpectedly lead me into a journey.

Let’s start simple.  If you want the least possible amount of hassle with running Vagrant on Fedora, you should use it with Oracle VirtualBox provider (sometimes also called hypervisor).   It works great!  The only troubles with this approach is that VirtualBox relies on a kernel module (kmod-VirtualBox RPM), which has to match your current running kernel version to a digit.  This kernel module is NOT part of the official Fedora repositories, and, instead, can be found in the RPM Fusion yum repository (rpmfusion-free-updates).  This means that sometimes, when Fedora releases a kernel update, it might take a few days for the RPM Fusion repository to catch up with the kmod-VirtualBox updates.  And this, of course, might result in your Vagrant setup being broken.

The easiest way to protect against that is to disable automatic kernel, kernel module and VirtualBox updates.  To do so, add the following line to the [main] section of your /etc/yum.conf file, right after your VirtualBox/vagrant setup started to work:

exclude=kernel* kmod-* VirtualBox*

Now, if you forgot to do that a few times got pissed off with this situation (or don’t like Oracle for some reason), you might consider alternatives.  Which are a few.  Vagrant supports a variety of hypervisors.   One of the common alternatives is to use libvirt, which is shipped with Fedora distribution.

Installing libvirt is simple (thanks to this blog post).  Here’s pretty much all you have to do:

yum install libvirt libvirt-daemon libvirt-daemon-qemu virt-manager
service libvirtd restart

The problem that you might realize now is that libvirt is not the most popular provider for boxes in the Vagrant world.  Most people seem to prefer VirtualBox.  But if your choices are satisfied, I’m glad for you.  If they are not, however, there is a work around that you might go for – vagrant mutate plugin.  This plugin converts vagrant boxes from one hypervisor to another.

In order to install this plugin on Fedora 21 you’ll need a few development tools first (this StackOverflow thread definitely helped with the weird g++ error):

yum install ruby-devel gcc-c++ make

Once you have those, install the vagrant plugin with your regular user (the one who will run vagrant VMs):

vagrant plugin install vagrant-mutate

Now you can mutate Vagrant boxes.  Unfortunately, you might find that mutate plugin doesn’t like boxes with slash in their names (like chef/centos-6.5).  The suggested workaround is to either use box names without slashes, or to provide mutate plugin with the box URLs, rather than names.  The official boxes directory doesn’t give you URLs though, so you might be stack with random GitHub repositories or with an alternative directory, like Vagrantbox.es.

My adventures with this aren’t over yet.   Feel free to send suggestions my way.  From my side, here are a couple of other useful links on this subject:

One last bit of advise from me is that until you are absolutely sure that your Vagrant setup works perfectly, stick to 32-bit box images.  There’s nothing like ripping your hair out for three hours only to learn that your host hardware is 32-bit while you are trying to boot into a 64-bit operating system.

Message from Richard Stallman … not

I nearly had a heart attack … it took me a couple of seconds to realize that this was a prank…

Well played, well played …

P.S.: For those of you who don’t know who Richard Stallman is – shame on you. :)

P.P.S.: Easy for you to spot the “bot” part here, but I saw on this on the mobile app, which was more insisting on the name rather than the handle.

Do Not Use Amazon Linux

I came across “Do Not Use Amazon Linux” opinion on Ex Ratione.  I have to say that I mostly agree with it.  When I initially started using Amazon Web Services, I assumed (due to time constraints mostly) that Amazon Linux was a close derivative of CentOs and I opted for that.  For the majority of things that affect applications in my environment that holds true, however it’s not all as simple as it sounds.

There are in fact differences that have to be taken into account.  Some of the configuration issues can be abstracted with the tools like Puppet (which I do use).  But not all of it.   I’ve been bitten by package names and version differences (hello PHP 5.3, 5.4, and 5.5; and MySQL and MariaDB) between Amazon AMI and CentOS distribution.  It’s an absolute worst when trying to push an application from our testing and development environments into the client’s production environment.  Especially when tight deadlines are involved.

One of the best reasons for CentOS is that developers can easily have their local environments (Vagrant anyone?) setup in an exactly the same way as test and production servers.

Once someone actually gets into Google, Bock said his department also looks at compensation differently. Most HR managers try to keep salaries within a limited range for any given position. But that creates a discrepancy between the productivity of the best workers and their salaries. The best employees are anywhere from 50-200% more productive than the average employee. “It makes no sense to pay them just this much more,” Bock said, holding his fingers an inch apart. “LeBron James is way better than just about anybody playing sports, and he makes a lot more money. And no one looks at that and says it’s unfair.”

Forbes, “Google HR Boss: We Don’t Care Where You Went To College

Paphos court orders Facebook to remove offensive comments

facebook

Cyprus News reports that :

The Paphos District Court has issued an injunction against social media giant Facebook, ordering the company to remove a number of offensive comments posted on a local business profile, aimed at a local man.

The comments, posted on February 4, accuse the man of criminal activities. The original post was still on Facebook on Wednesday morning.  It has over 1,000 shares.

Charalambos Savvides of the Ch. P. Savvides & Associates LLC law firm, which handled the case, told the Cyprus Mail that Facebook was not only required to remove the comments but also take steps to ensure that future related comments were taken down immediately.

In-Cyprus has a few more details:

The case concerns comments on Facebook made against a bar owner from Paphos who became the target of a hate campaign which attracted thousands of users who shared and liked the page. The man in question was, according to those who had got the ball rolling on popular social media site, committing various crimes around the town and especially against competing bars.

He was also accused of being a police informant that was getting special protection in the town despite his ‘known illegal activities’.

The man has denied all the allegations against him.

It’ll be interesting to see how this plays out.

1994 web design from Apple, Microsoft

Jason Kottke links to some examples of the early (circa 1994) web design from both Apple

apple-early-homepage

and Microsoft (still online, by the way)

microsoft-early-homepage

Quite an evolution we went through!  Here are some interesting bits to notice:

  1. “If your browser doesn’t support images” on the Microsoft one.
  2. Painted grey background, even though that was a default browser background color back in a day.
  3. Microsoft server is NOT running on IIS. Yet. But HTTPS is mentioned already!
  4. I still, in 2015, know multiple so called “web developers” who wouldn’t be able to implement these designs in any sensible time frame (within a day). How rusty are you image maps?

The good old days…