Personal assessment about myself: Being slow everywhere…

Submitted by gwolf on Mon, 11/16/2009 - 10:40


I am starting to fill up my annual report for my real-life work. You know, that chore you must do every year where you score little bullets next to each completed project and talk well about yourself. For my workplace, fortunately, I do not have to lie and convince people I am worth rehiring - As this year I achieved definitividad as a Técnico Académico Asociado C de Tiempo Completo at my University, I can say for sure I have long-term job safety. UNAM is the best place for me to work, and I am most grateful — Even if I do want to advance for the future, even though I would strongly like at some point to start working in a real academic position — My job is mostly operative, limited to keeping things running smoothly in our network and servers. I work in a social sciences (Economics) research institute, and even though I have taken on an interesting project that is viewed from the social sciences I do expect to finish with a very interesting product in the near future, my interest lies in computing as a science.

Anyway, back on track… This is the time of year to start evaluating many things, many factors, from many different sides. And yes, for me that involves measuring how am I faring in my involvement in the projects I most care about — Specifically, Debian, but also several other Free Software projects, even if my involvement in them is mostly organizational.

I am once again going through a tough period in my personal life, and the impact it carries is obviously deep. However, I am not fond of finding excuses for my underachievement or underperformance. And that's what I feel now. Even more when I see posts such as Zack's and Tim's status updates, and when I see that we continue to be on a history-high streak of RC bugs.

Regarding the several teams I am (at least formally) involved with in Debian, I have been away from the pkg-perl group for far too long... It is still my first group when it comes to identifying myself with - Both as on a personal level, as I consider them as good friends and great people to work with, and I do feel the responsability to share the load with them, as maintaining >1300 packages (even if they are so highly regular) is just not an easy task. But for over a year, my involvement has been basically zero. I have been a bit more active on pkg-ruby-extras, maybe paradoxically as it is a smaller team and with less packages (as I know it is much less probable for somebody to keep my packages in adequate shape if I don't do it)... and also because I am working more with Ruby than Perl nowadays. And finally, about Cherokee, I decided during DebConf9 to redo the packaging to fully use DH7 instead of our old-style quasimanual style. I have had several bursts of activity, and am almost-almost-ready to do the first newstyle upload... But so far, have been unable to do so.

Of course, keyring-maint: With Jonathan's help, I have come to terms with most of the processes. Both Jonathan and I have been swamped lately, but at least I think I am finally helping speed up the process instead of holding it down. We do, yes, have several pending updates - but are working our way up the queue, and I hope not to leave people waiting for too long. And yes, we have discussed several ways of documenting and automating several of the tasks we currently sustain, and that should come soon

I have been also leaving maybe a bit too much responsability aside on EDUSOL, for which today we are entering the second week of activity, and I'm very sorry to see our server is just too overloaded to even reply to even answer to me — And even lacking admin powers myself, I should have worked earlier on setting up redundancy on a more automatic way (as we have an off-site backup we can promote to live and redirect to, but I am unable to do this... Given that I am the techie person on board/the only "professional" sysadmin).

This year I also –quietly– finished the bulk of the Comas rewrite. What? Comas? Still alive? Yes, and you can expect me to show it off to more people soon, and get it used for more conferences. I will talk more about it (and its motivation, and its current status) later on — But basically, the only two things that Comas shares in common with the mod_perl-based system most of you got to know (mainly at CONSOL 2004-2008 or at Debconf 5 and 6, although I know of several other conferences which used it) and the current incarnation are… The (most) basic database structure and the name. The project underwent a full rewrite, and is now a far more flexible, far easier to install, Ruby-on-Rails based application. And most important, it does no longer involve your name being Gunnar Wolf as a prerequisite for successfully setting it up ;-)

Regarding DebConf, I have promoted a Central American MiniDebConf, and we are right on track for holding it in late March in Panamá City. Everybody's invited, and we will have (surprise, surprise!) the very professional involvement of Mr. Anto Recio as local team, as it seems he didn't have enough with last year's DebConf9 and wants to suffer further. What am I lacking here? Motivation. I have been quite pessimistic, possibly turning some people away, even though we have a good first sampling of interested people's profiles and expectations. If you want to get involved, tomorrow (Tuesday 17-nov) we will have a meeting at Freenode's #sl-centroamerica, 17:00 GMT-6. Please note we do need involvement from the Central American communities, it is more than just a motivational issue. Last meeting it seemed Anto and I were the only people pushing the MiniDebConf - and frankly, that would be a basis for not even holding it. We need motivation from the very people involved in it!

Anyway… You can see I have (and it seems to be a constant in my life) a series of contradictions going on. However, the excercise of putting it all into writing helps me understand better where I am standing. When I started writing this post I felt much heavier, much more at a loss… Right now I feel I want to refocus my energy on the same projects and teams I have been involved with, yes, but feel it at least more plausible. Hope so.

( categories: )

PieSpy: Modelling IRC interactions

Submitted by gwolf on Tue, 11/10/2009 - 18:41

As some of you know, yesterday we started the two weeks of activities for the Fifth On-line Encounter of Free Education, Culture and Software. This year, the main topic for the conference is social networks, but not in the twitter-facebook sense — Social networks as ways of understanding and modelling human-to-human interactions. Of course, there is interest from many attendees in using and taking advantage of said social network systems (and others), but the topic is far broader.

One of the core tools of EDUSOL, and the only tool that is constantly active through our two weeks of activity, is IRC — Which is somewhat of a challenge, as we receive some not-tech-savvy users from all over the world. The first year or two we asked everybody to connect via an IRC client (and we had even decided that it would be a technological filter — We thought we would not cater for people without the technical skills to install and use IRC). Life proved us wrong, and we ended up using two web-to-IRC gateways: One of them, via an instance of CGI:IRC, and the other one via a third-party service, Mibbit.

Now, the core mind behind EDUSOL is Alejandro Miranda, Pooka; I am not really into education (it is a very interesting topic but far from what I am good at). Pooka has been invovled in on-line communities analysis for several years already, since we worked together at FES Iztacala. For a long time he wanted to graph the interactions at EDUSOL, which was obviously possible given it was all centered on three tools (IRC for live chat, Drupal for generic information and Moodle for the talks and workshops' material — This has changed this year, as we are giving much more weight to Drupal and taking it off Moodle), and so last year he was finally able to generate a «EDUSOL 2008 conference photo (warning: 2MB image, 4311x3352px), where each person's avatar appears where most of his interactions were. This photo was (unfortunately) achieved using non-free software, but is very much looking at!

Now, this year Pooka stumbled upon a great tool, PieSpy (available in Debian — package piespy). Piespy generates very interesting interaction graph for IRC channels, as you can see here:

Piespy is a bot that sits in the IRC channel logging everything that any given user "says" directly to another one, and graphs it. Not much to say here, only that it generates a very good (and practically real-time) view of what happens on the channel. For this particular channel, and during EDUSOL, you can see here the latest IRC snapshots.

Very fun to see - and somewhat addictive how it morphs across time :)

( categories: )

Megaofrenda UNAM 2009

Submitted by gwolf on Tue, 11/03/2009 - 15:09

Every year, for Día de Muertos (November 1 and 2) the Mexican tradition is to set colorful, beautiful offerings for our deceased loved ones. The offerings often have the very vivid orange color of the cempalsúchitl flower, and have pictures, food, and whatever our loved ones used to like.

The offerings are traditionally set up at home and at some offices and public buildings. UNAM, Mexico's largest university, where I am very happy and proud to work, has set a yearly offering for many years already. Every year they select a base theme around which the invited groups base their monuments — For 2009, it was Edgar Allan Poe's 200th anniversary.

By early November, the rainy season has usually finished. This year, however, the rain lasted a bit more – And many structures and altars were sadly damaged. Still, it is a very colorful and worthy visit to share.

( categories: )

Lovin' it in Afghanistan

Submitted by gwolf on Thu, 10/29/2009 - 11:00
Lovin' it in Afghanistan

A couple of weeks ago, I was invited to travel to Colombia, where I delivered a talk at III Encuentro Internacional de Seguridad Informática in the city of Manizales (photos available, of course. I travelled with Colombia's nacional airline, Avianca.

On completely unrelated news, today I entered Avianca's website to check my miles. To my biggest amusement… Turns out I am now a resident of Bamiyan, Afghanistan! (I swear I didn't select that)

…Seems they do beard-based georeferentiation?

NP: Hey, mister Taliban, tally me bananas
daylight come and me wanna go home!

( categories: )

How can we advance without a tax increase?

Submitted by gwolf on Thu, 10/22/2009 - 13:33

There has been a lot of buzz recently in Mexico after a tax increase that has been announced for next year. The two main points I have seen criticized are:

Value Added Tax (IVA) increase from 15% to 16%
There was a great improvement regarding the original proposal by our de-facto ruler (why de-facto? Because it is still unclear whether he won the popular vote. He has about the same legitimacy as George Bush during his first term: Legal but illegitimate): In Mexico, there is a category of items regarded as fundamental, which are exempt of IVA (tasa cero). This category includes food and medicines — Of course, this category makes up the bulk of the poorer people's consumptions, so they pay much less IVA than people with higher living standards. For a very long time, there has been a push to remove this exemption. This has been fortunately clearly understood and fought against.

So, the presidential initiative, as I was saying, contemplated a global 2% tax which would not be IVA, and which would be applied universally. This tax would be earmarked to be applied to social programs, and was euphemistically called Impuesto de Combate a la Pobreza (poverty combat tax). Many people applied the concept of duck typing (if it looks like a duck, walks like a duck and quacks like a duck... It is a Value Added Tax). As many analysts, I believe this tax was meant to be the foot in the doorstop, leading to point out in a couple of years that anyway nothing is IVA-exempt anymore and the world has not come to an end, and we should apply universal IVA...

So, the reduction in the increase (2% → 1%) is not the most notable thing here — The notable (and good!) thing is that they didn't succeed into killing the tasa cero.

3% tax on telecommunications
Many friends have started rallying (with the IMHO least effective way of protest you can find on Earth, just by stating their adherence in their Twitter and Facebook profiles. Wow, great deal!) that the original proposal included a 4% tax on telecommunications, and it appears that 3% will be applied. They say, quite fairly, that telephone and Internet access are no longer considerable a luxury, but a need to power the society into becoming better prepared, more competitive.

My friends state as a contrast the Finnish ruling broadband access as a citizen right. What they seem not to realize is that the proportion of taxes in Mexico (collected from the responsible taxpayers, which is not by far the way for the bulk of the money in this country) is close to 30%, taking into account the big taxes (IVA, ISR/IETU) and the host of smaller ones. In Finland, the percentage of taxes payed by every person –and remember that tax evasion is way lower than here!) is over 50%.

So… What is my opinion on this? What would my ideal tax scheme be?

  • Nobody likes taxes. But the country needs far more infrastructure, far wider inverstments. We need higher taxes — But we need those taxes to be collected from people with higher income. And yes, that would mean I would most probably pay more (as I do sit relatively high on the income scale — Qualified work, even if you do not seek money for the sake of it, pays much better than non-qualified work; remember the minimal wage in Mexico is around MX$50 a day - Less than US$4 or €3).
  • The increases should be applied to the income tax (ISR). It is supposed to be around 30% for income levels over MX$5000 a month, with a very slight increase after that point. Income tax is highly deductible now, and most people with high income manage to ellude most of it. Many cases have been documented of companies as small as Walmart paying less than MX$1000 a year due to several (intentional? you bet!) holes in the legislation. That is where the bulk of the extra government income should come from!
  • For a couple of years, since I registered as a taxpayer (people receiving money exclusively as salaries under a given limit don't have to declare taxes) I have decided not to hire an accountant to make the numbers look prettier, and just do the numbers myself over the platform provided by SAT/Hacienda (the tax collecting authority). Yes, that means I am paying more than what I could — But it also means I am paying what I should! And it is an expensive point of view, but I strongly invite others to do the same. If we criticize Walmart for making numbers look prettier, shouldn't each of us do the same? Shouldn't we all care to pay what we are supposed to, so that the government has enough funds to carry out its tasks?

Yes, I am painfully aware that an important portion of what gets into the government disappears due to corruption and ineptitude. Still, the only position from where I can criticize is from being clearly legal. The same point as I do with software: I cannot ask people to comply with my Free Software licensing if I use ilegally propietary software, can I? So no, I don't use any. Even legal propietary software, free-as-in-beer (i.e. Flash player).

So, please think this over before you join the Lemmings into complaining about the tax increase. Yes, this is a bad moment to increase taxes. Yes, Mexico is the worst faring country in all of America in its response to the crisis; the GDP will probably fall between 8% and 10% this year and 2010 will not be much better. Yes, it would be better to increase competitivity. But, yes, we pay ridiculously low amounts of taxes — And those of us who can afford a little reduction in our expenditure should do it. And those who make gross money should just stop it.

Oh, and last point, regarding the #internetnecesario Twitter hashtag: Don't be Lemmings. Internet should be recognized a basic need for a free society. But right now in our country, it completely is a luxury, even if you cannot live without it. If you are Internet-addicted as myself, you most probably will not notice the 3% increase. FFS, We will pay MX$360 instead of MX$350 a month for my Infinitum connection. Will we really notice? In Mexico, middle and upper class are Internet-enabled. Lower classes are not. Things should change, no doubt. But it is not at all comparable to an universal IVA. Things should change and universal connectivity should be a given. But right now, calling Internet a basic good... is just out of touch with reality.

( categories: )

Among the reasons that brought me to Debian...

Submitted by gwolf on Mon, 10/19/2009 - 23:42

Every now and then, people ask me why Debian? Why, among so many projects to choose from, I first liked, then got into, and finally I got committed into Debian, and not anything else?

Of course, one of the main points —back in 2000-2001 when I started using it, and still to this very day— is a strong identification with the ideological side. Yes, I am a strong Free Software believer, and Debian is what best suites my ideology.

Still, I did not only get into Debian because of this — And I was reminded about this by an article in this month's Usenix ;login: magazine: An anecdotal piece by Thomas A. Limoncelli titled Hey! I have to install and maintain this crap too, ya know! (article requires ;login: subscription, but I'll be glad to share it with whoever requests it to me — I have of course no permission to openly put it here in whole online. Yes, I am expressly sending a copy of this text to the author, I will update this if/when I hear from him) [update] The author has kindly allowed me to redistribute his article's PDF — Download it here.

Before anything else… I'll go on a short digression: I am writing a bit regarding the Free Software participants' culture, and this is a trait I love about it: The lack of formality. Even though ;login: (and Usenix as a whole) is not exactly Free Software, it runs quite close to it), it is a well regarded magazine (and association) with an academic format and good (not deep or highly theoretical, but good) contents. Still, it is quite usual to see titles as informal and inviting as this one. And it happens not only here — I have been fearing having to explain at work, over and over, why I have requesting permissions to go to Yet Another Perl Conference, Festival de Software Libre or DebCamp, tagging them as academic settings. Or why I am wasting our library's resources on buying cookbooks, recipes and similar material on the most strange-sounding subjects.

Anyway, back on track… This article I found refers to the lack of value given to the system administrator's time when selling or purchasing (or more in general, as it happens also in Free Software, when offering or adopting) a product. Quoting Thomas:

A person purchasing a product is focused on the features and benefits and the salesperson is focused on closing the deal. If the topic of installation does come up, a user thinks, “Who cares! My sysadmin will install it for me!” as if such services are free. Ironically, it is the same non-technical executive who dismisses installation and upkeep as if they are “free” who might complain that IT costs are too high and go on a quest to kill IT spending. But I digress.

I can understand why a product might be difficult to install. It is hard enough to write software, and with the shortage of software developers it seems perfectly reasonable that the installation script becomes an afterthought, possibly given to a low-ranking developer. The person purchasing the product usually requires certain features, and ease of installation is not a consideration during the procurement process. However, my ability to install a product affects my willingness to purchase more of the product.

Thomas goes on to explain his experience with Silicon Graphics, how Irix was so great regarding install automation and how they blew it when switching to Windows NT; talks very briefly about IBM AIX's smit, a very nifty sysadmin aid which is basically a point-and-click interface to system administration with the very nice extra that allows you to view the commands smit executes to perform a given action (and then you can copy into a script and send over to your hundreds of AIX machines)… Incidentally, by the time I started digging out of what became the RedHat mess of the late 1990s and passed briefly through OpenBSD on my way to Debian enlightenment, I was temporarily the sysadmin for an AIX machine — And I too loved this Smit approach, having it as the ultimate pedagogical tool you could ever find.

Anyway, I won't comment and paraphrase the full article. I'll just point out to the fact that… this was what ultimately sold me into Debian. The fact that I could just install anything and (by far) most of the times it will be configured and ready to use. Debian made my life so much easier! As a sysadmin, I didn't have to download, browse documentation, scratch head, redo from start until I got a package working — Just apt-get into it, and I'd be set. Of course, one of the bits I learnt back then was that Debian was for lazy people — Everything works in a certain way. Policy is enforced throughout.

So as a sysadmin, I should better get well acquinted with the Debian policy and know it by heart. In order to be able to enjoy my laziness, I should read it and study it. And so I did, and fell in love. And that is where my journey into becoming a Debian Developer started.

Why am I talking so nostalgic here? Because I got this magazine on the mail just last weekend… And coincidentally, I also got bug report #551258 — I packaged and uploaded the Haml Ruby library (Gem, as the Rubyists would call it). Haml is a great, succint markup language which makes HTML generation less of a mess. It is even fun and amazing to write Haml, and the result is always nicely formatted, valid HTML! And well, one of Haml's components is haml-elisp, the Emacs Lisp major mode to do proper syntax highlighting in Haml files.

Of course, I am an Emacs guy (and have been for over 25 years), so I had to package it. But I don't do Emacs Lisp! So I just stuffed the file in its (supposed) place, copying some stuff over from other Emacs packages. During DebConf, I got the very valuable help of Axel Beckert to fix a simple bug which prevented my package from properly being installed, and thought I was basically done with it. I was happy just to add this to my ~/.emacs and get over with it:

  1. (require 'haml-mode)
  2. (add-to-list 'auto-mode-alist '("\\.haml$" . haml-mode))
  3. (require 'sass-mode)
  4. (add-to-list 'auto-mode-alist '("\\.sass$" . sass-mode))

However… As Mike Castleman points out: This requires manual intervention. So it is not the Debian Way!

Reading Mike's bug report, and reading Thomas' article, made me realize I was dilluting something I held so dearly as to commit myself to the best Free Software-based distribution out there. And the solution, of course, was very simple: Debian allows us to be very lazy, not only as sysadmins, but as Debian packagers. Just drop this (simplified version) as $pkgroot/debian/haml-elisp.emacsen.startup and you are set!

  1. (let ((package-dir (concat "/usr/share/"
  2. (symbol-name flavor)
  3. "/site-lisp/haml-elisp")))
  4. ;; If package-dir does not exist, the haml-mode package must have
  5. ;; removed but not purged, and we should skip the setup.
  6. (when (file-directory-p package-dir)
  7. ;; Use debian-pkg-add-load-path-item per §9 of debian emacs subpolicy
  8. (debian-pkg-add-load-path-item package-dir )
  9. (autoload 'haml-mode "haml-mode"
  10. "Major mode for editing haml-mode files." t)
  11. (add-to-list 'auto-mode-alist '("\\.haml\\'" . haml-mode))
  12. ;; The same package provides HAML and SASS modes in the same
  13. ;; directory - So repeat only the last two instructions for sass
  14. (autoload 'sass-mode "sass-mode"
  15. "Major mode for editing sass-mode files." t)
  16. (add-to-list 'auto-mode-alist '("\\.sass\\'" . sass-mode))
  17. ))

This will make the package just work as soon as it is installed, with no manual intervention required from the user. And it does not, contrary to what I feared, bloat up Emacs — Adding it to the auto-mode-alist leaves it as known to Emacs, but is not loaded or compiled unless it is required.

Deepest thanks to both of you! (and of course, thanks also to Manoj, for pointing out at the right spells in emacs-land)

( categories: )

Getting closer to the fifth EDUSOL Encounter

Submitted by gwolf on Thu, 10/15/2009 - 23:54

This is the fifth year we hold an EDUSOL, and we are closing in on it. EDUSOL is an online encounter whose topics are Education and Free Software — Actually, this year we are widening our scope, and we will include Free Culture as well as a base area.

Now, besides those three general areas, each year we have had a base topic around which we invite the speakers to talk about (although it is a lax requirement). This year, the base topic is social networks — No, not in the Twitter/Facebook/blah sense, but as a wider phenomenon, studying interaction between people, the forming of communities. And for our particular areas, the forming of knowledge-based communities.

Anyway – I agreed with the organizers to provide the English translation of the participation invitation. I will skip the call for papers, as we are basically at the proposal deadline (October 17), but if you have anything you want to propose, please tell us so!

Leaving that aside... Please excuse the quality of my translation, it is late and I'm tired. We will work on it :)

Videoconference reception

EDUSOL spans several participation categories. The closest category to a traditional, face to face conference. Each year, we invite a group of speakers to talk about a topic related to our main discoursive line.

Among the speakers that have confirmed so far, we have:

  • Sofía Liberman Shklonikoff, Mexico. Social networks.
  • Dolors Reig. Barcelona, Spain. Open social education.
  • Marko Txopitea. Bilbao, Spain. Politics 2.0
  • Carolina Flores. Costa Rica. Building methodologies for infoinclusion
  • Luis Rodrigo Gallardo Cruz. United States. OpenSocial.
  • Margarita Manterola. Argentina. Debian-Women

We invite you to be active participants in the videoconference cycle. You can invite your social or user group to be part of the Encounter. There are three ways to do it:

  1. Using the videoconference facilities in your University network
  2. Connecting from a personal computer with broadband access, by using Ekiga or any other H.323 client
  3. Following the .ogg stream and participating back via IRC

In any case (specially in the first two, which require more coordination), please contact us. For further information, visit

November 6: Free Education and Free Culture day

We invite social and user groups to host talks regarding Free Education and Free Culture. This is not a call to promote Free Software, as there are many other spaces devoted to it.

We should start with the idea that freedom resides in us, not in the software. Some of the topics our community recommends are:

  • Common goods
  • Free culture: Success stories
  • Be legal: Sharing digital media
  • Free culture at school
  • Collaboration and collectivity
  • Freeing your computer

Further details at

We need some help in this area to generate contents with slides, making it easier for proposed scripts for the talks. If you want to collaborate, please write to our academic support list,

Want to collaborate? Further questions or comments?

We are holding on-line meetings for this group of topics on Thursday 22:00 GMT-5, in the #edusol channel in OFTC (; you can enter the IRC channel using the Web client at or


EDUSOL started as a proposal seeking to provide a space so that people interested in education could discuss and analize the good and bad points about Free Culture and Free Software, with no geographic restrictions. Year after year, freedom-loving educators of all Latin America and Spain gather for our annual party.

EDUSOL's core language is Spanish, although participation in English is allowed and encouraged (although understanding Spanish will be a strong aid).

We invite you to participate and contribute in this collective effort using and commenting on our blogs, or adding your personal blog to our planet:

You can follow us by or RSS:

( categories: )

Linux ranks high on stability — One more time

Submitted by gwolf on Tue, 10/13/2009 - 10:48
Linux ranks high on stability — One more time

Even at the most physical level. This is a cup that won't topple over when you accidentally kick the desk! Gunnar's Viking of Approval certifies it.

I bought this Tux Mug (Mugx) in Colombia, from CeramiGeek. It feels a bit strange to drink penguin brain, but all in all, it is a great geek present ;-) Thanks a lot to Andrés Restrepo and his girlfriend for coming up with this product! :-} I expect to get quite a bit of joy out of it.

[update] CeramiGeek's site says they sell the mug for $20,000 — Of course, that's Colombian pesos. Slightly over US$10. I don't know whether they ship outside Colombia, and am completely unaffiliated to them. But I surely wish them success!

( categories: )

Strange scanning on my server?

Submitted by gwolf on Thu, 10/01/2009 - 18:04

Humm... Has anybody else seen a pattern like this?

I am getting a flurry of root login attempts at my main server at the University since yesterday 7:30AM (GMT-5). Now, from the machines I run in the network (UNAM), only two listen to the world with ssh at port 22 — And yes, it is a very large network, but I am only getting this pattern on one of them (they are on different subnets, quite far apart). They are all attempting to log in as root, with a frequency that varies wildly, but is consistently over three times a minute right now. This is a sample of what I get in my logs:

[update] Logs omitted from blog post, as it is too wide and breaks displays for most users. You can download the log file instead.

Anyway… This comes from all over the world, and all the attempts are made as root (no attempts from unprivileged users). Of course, I have PermitRootLogin to no in /etc/ssh/sshd_config, but… I want to understand this as much as possible.

Initially it struck me that most of the attempts appeared to come from Europe (quite atypical for the usual botnet distribution), so I passed my logs through:

  1. #!/usr/bin/perl
  2. use Geo::IP;
  3. use IO::File;
  4. use strict;
  5. my ($geoip, $fh, %by_ip, %by_ctry);
  7. $fh = IO::File->new('/tmp/sshd_log');
  8. $geoip=Geo::IP->new(GEOIP_STANDARD);
  9. while (my $lin = <$fh>) { next unless $lin =~ /rhost=(\S+)/; $by_ip{$1}++};
  11. print " Incidence by IP:\n", "Num Ctry IP\n", ('='x60),"\n";
  13. for my $ip ( sort {$by_ip{$a} <=> $by_ip{$b}} keys %by_ip) {
  14. my $ctry = ($ip =~ /^[\d\.]+$/) ?
  15. $geoip->country_code_by_addr($ip) :
  16. $geoip->country_code_by_name($ip);
  18. $by_ctry{$ctry}++;
  19. printf "%3d %3s %s\n", $by_ip{$ip}, $ctry, $ip;
  20. }
  22. print " Incidence by country:\n", "Num Country\n", "============\n";
  23. map {printf "%3d %s\n", $by_ctry{$_}, $_}
  24. sort {$by_ctry{$b} <=> $by_ctry{$a}}
  25. keys(%by_ctry);

The top countries (where the number of attempts ≥ 5) are:

  1. 104 CN
  2. 78 US
  3. 58 BR
  4. 49 DE
  5. 43 PL
  6. 20 ES
  7. 20 IN
  8. 19 RU
  9. 17 CO
  10. 17 UA
  11. 16 IT
  12. 13 AR
  13. 12 ZA
  14. 10 CA
  15. 10 CH
  16. 8 GB
  17. 8 AT
  18. 8 JP
  19. 8 FR
  20. 7 KR
  21. 7 HK
  22. 7 PE
  23. 7 ID
  24. 6 PT
  25. 5 CZ
  26. 5 AU
  27. 5 BE
  28. 5 SE
  29. 5 RO
  30. 5 MX

I am attaching to this post the relevant log (filtering out all the information I could regarding legitimate users) as well as the full output. In case somebody has seen this kind of wormish botnetish behaviour lately… please comment.

[Update] I have tried getting some data regarding the attacking machines, running a simple nmap -O -vv against a random sample (five machines, I hope I am not being too agressive in anybody's eyes). They all seem to be running some flavor of Linux (according to the OS fingerprinting), but the list of open ports varies wildly — I have seen the following:

  1. Not shown: 979 closed ports
  3. 21/tcp open ftp
  4. 22/tcp open ssh
  5. 23/tcp open telnet
  6. 111/tcp open rpcbind
  7. 135/tcp filtered msrpc
  8. 139/tcp filtered netbios-ssn
  9. 445/tcp filtered microsoft-ds
  10. 593/tcp filtered http-rpc-epmap
  11. 992/tcp open telnets
  12. 1025/tcp filtered NFS-or-IIS
  13. 1080/tcp filtered socks
  14. 1433/tcp filtered ms-sql-s
  15. 1434/tcp filtered ms-sql-m
  16. 2049/tcp open nfs
  17. 4242/tcp filtered unknown
  18. 4444/tcp filtered krb524
  19. 6346/tcp filtered gnutella
  20. 6881/tcp filtered bittorrent-tracker
  21. 8888/tcp filtered sun-answerbook
  22. 10000/tcp open snet-sensor-mgmt
  23. 45100/tcp filtered unknown
  24. Device type: general purpose|WAP|PBX
  25. Running (JUST GUESSING) : Linux 2.6.X|2.4.X (96%), ()
  28. Not shown: 993 filtered ports
  30. 22/tcp open ssh
  31. 25/tcp open smtp
  32. 80/tcp open http
  33. 443/tcp open https
  34. 444/tcp open snpp
  35. 3389/tcp open ms-term-serv
  36. 4125/tcp closed rww
  37. Device type: general purpose|phone|WAP|router
  38. Running (JUST GUESSING) : Linux 2.6.X (91%), ()
  40. Not shown: 994 filtered ports
  42. 22/tcp open ssh
  43. 25/tcp closed smtp
  44. 53/tcp closed domain
  45. 80/tcp open http
  46. 113/tcp closed auth
  47. 443/tcp closed https
  48. Device type: general purpose
  49. Running (JUST GUESSING) : Linux 2.6.X (90%)
  50. OS fingerprint not ideal because: Didn't receive UDP response. Please try again with -sSU
  51. Aggressive OS guesses: Linux 2.6.15 - 2.6.26 (90%), Linux 2.6.23 (89%), (…)
  53. Not shown: 982 closed ports
  55. 21/tcp open ftp
  56. 22/tcp open ssh
  57. 37/tcp open time
  58. 80/tcp open http
  59. 113/tcp open auth
  60. 135/tcp filtered msrpc
  61. 139/tcp filtered netbios-ssn
  62. 445/tcp filtered microsoft-ds
  63. 1025/tcp filtered NFS-or-IIS
  64. 1080/tcp filtered socks
  65. 1433/tcp filtered ms-sql-s
  66. 1434/tcp filtered ms-sql-m
  67. 4242/tcp filtered unknown
  68. 4444/tcp filtered krb524
  69. 6346/tcp filtered gnutella
  70. 6881/tcp filtered bittorrent-tracker
  71. 8888/tcp filtered sun-answerbook
  72. 45100/tcp filtered unknown
  73. Device type: general purpose|WAP|broadband router
  74. Running (JUST GUESSING) : Linux 2.6.X|2.4.X (95%), (…)
  76. Not shown: 994 filtered ports
  78. 22/tcp open ssh
  79. 25/tcp open smtp
  80. 53/tcp open domain
  81. 80/tcp open http
  82. 110/tcp open pop3
  83. 3389/tcp open ms-term-serv
  84. Warning: OSScan results may be unreliable because we could not find at least 1 open and 1 closed port
  85. Device type: firewall|general purpose
  86. Running: Linux 2.6.X
  87. OS details: Smoothwall firewall (Linux, Linux 2.6.13 - 2.6.24, Linux 2.6.16

Of course, it strikes me that several among said machines seem to be Linuxes, but (appear to) run Microsoft services. Oh, and they also have P2P clients.

( categories: )

The bad and the worse; Representative democracies' minimums

Submitted by gwolf on Sat, 09/26/2009 - 16:08

Martin rants about the German electoral system. From his rant, I'll pick up only two points — And I'll try to connect with Toxicore's excelent (Spanish) blog post, where he quotes political analist Denise Dresser.

Dresser has made a great point: Our probably-imposed, legitimacy-impaired president Felipe Calderón has requested the society to «talk good» about Mexico, to project a positive image of the country. Dresser says, yes, there is a lot of good to talk about the country, and we should emphasize on its richness and beauty, invite people to come and visit, to know what the country is really like. But at the same time, it is our duty to talk bad about the bad areas and decisions of our government, as that is the best (if not the only) thing many of us can do to really get things to happen — That is what we can do to push our country's good things forward, to make the country sustainable, to pull attention towards what needs (such as the very very deplorable cases of censorship, human rights violation, ecosystem predation we have seen in the last years).

Anyway... What did I want to comment about Martin's post? He criticizes Germany's law requiring a 5% quota for a party to have parliamentary representation.

In Mexico, the minimum is 2%. Most people agree, though, that it is too low, and that we should push to increase it. Why? Because the money that is spent in supporting the party system. In Mexico, when a political party fails to get 2% of the vote, it is basically disbanded and it is very hard for it to regroup, to compete again.

Many people believe we should aim to a political system with as few political parties as possible (such as the semi-democratic system they have in the USA). I strongly prefer the system found in most European (and even many South American) countries where there is a real wealth of ideological positions represented, and where governments have to be formed by agreeing to form coalitions, as it is almost impossible for them to get full majority.

I would much rather see Mexico march towards a parliamentary-based political system, away from the presidential one. Of course, that is almost impossible to expect.

With the current political system, we are bound to have forever few monolithic, meaningless political parties. We will likely converge on three blocks, following the current three major blocks (leftoid PRD, centroid PRI, rightoid PAN). They are different in some important senses, yes, but in general they are much the same. I don't hold any hopes to ever see something like the Pirate Party appearing in our system...

( categories: )

Honduras: .hn NIC attacked/intervened by the de-facto government authorities

Submitted by gwolf on Fri, 09/25/2009 - 12:55

I was requested to forward this information to as wide an audience as possible.

Possibly two months ago the legality/legitimacy of the actions carried out by the Hondurean armed forces, which captured a democratically elected president and without a judicial order or trial process forced him out of the country, starting a de-facto government, was something questionable. Each day, however, it becomes clearer and clearer the Hondureans are suffering a represive military-backed system which cannot be expected to fulfill as a trustable entity to conduct fair, credible elections.

I got this message from a Hondurean friend (of course, whose identity I am not divulging) denouncing the government's invasion of the .hn domain name registry, which is handled by the Sustainable Development Network (Red de Desarrollo Sustentable — RDS-HN). The National Telecomunications Comission (Comisión Nacional de Telecomunicaciones, CONATEL) demands all domain name registration under the .hn top-level domain (TLD) to be suspende, and all the lists and databases regarding said TLDs to be handed over, detailing the IP ranges and the responsibles. They did this under the argument that RDS-HN is an Internet Service Provider (which it is not — Being a registrar means they are responsible for the well-keeping of public information and of handling a public good, the .hn TLD, not that they provide any kind of regulated service to individuals or organizations), with military personnel disguised as civilians (and who refused to identify themselves).

If you are interested, please read further on the text I received straight from my Hondurean contacts (Spanish) (or its unaccurate but often helpful automated translation to English, done through Google Translate)

Even though this information is normally accessible via WHOIS and similar services (this only states clearly nobody in CONATEL was able to do what I just did legally and anonymously from my personal workstation), they did it in such a fashion in order to scare the operators and the society.

Honduras is going through a very hard process. Whatever happens there will likely impact on the future reactions to the most retrograd and powerful sectors of society in the rest of Latin America. We do our best (even if as non-Hondureans living outside Honduras it only means raising our voices) to avoid the risk of our region going back to the sad, cruel and bloody 1970s history.

[update] My friend Mave, who works at NIC Chile, sent as a comment to this post LACTLD's official stand on this regard (Spanish. English version also available). LACTLD (Latin American and the Caribbean ccTLD's Organization) clearly backs RDS-HN and condemns the illegal government's actions.

( categories: )

Toast to Turing

Submitted by gwolf on Sun, 09/20/2009 - 13:13

I was pointed to this Toast to Turing, by Matt Harvey. Very much worth sharing.

Here’s a toast to Alan Turing
born in harsher, darker times
who thought outside the container
and loved outside the lines
and so the code-breaker was broken
and we’re sorry
yes now the s-word has been spoken
the official conscience woken
– very carefully scripted but at least it’s not encrypted –
and the story does suggest
a part 2 to the Turing Test:
1. can machines behave like humans?
2. can we?

What, don't you know who Alan Turing was? Read a bit on him then, one of the core seminal minds for Computer Science. And a scientist vilified for being different from what is regarded as normal.

[update] And answering to some people's doubts: Why this toast? Because the UK Government, in the voice of the Prime Minister Gordon Brown, after over 50 years of leading Alan Turing to commit suicide due to criminally accusing him for gross indecency for being a homosexual and forcing him into a deep body-altering hormonal therapy to cure him, has finally posthumously apologized. Brown said, So on behalf of the British government, and all those who live freely thanks to Alan's work I am very proud to say: we're sorry, you deserved so much better.

( categories: )

My inner Neo-Zealanders' fallacies

Submitted by gwolf on Sat, 09/12/2009 - 07:59


I just woke up. I was having a funny and surprisingly not-abnormal dream. You know, the few occasions where I remember my dreams, I practically always find a really impossible situation going on. Not this time, and that was the first thing that struck my mind.

The dream was staged on a very nice bar, something not very different from the bar on the park by DebConf (in fact, with nice, Spanish-evening-esque light conditions). I was having there some beers with Andrew (NZ), Penny (NZ), Steve (UK), Damog (MX). We were just ordering a nice round of beers; I paid for mine with the €0.50 coin I found yesterday in my kitchen (hey, that's cheap beer! ;-) ). And the conversation was, in fact, quite logical and interesting.

We were comparing the worldviews with which children across our cultures are educated at school. Andrew was sharing how children in New Zealand were taught about the human migrations that led to the population distribution until the 1500s, when Europeans started changing the face of the Earth. Most of the argument was the same one we all know — Early humans leave Africa, their traits specialized for the different weathers, what is widely regarded as the three main racial branches (European white, African black, Eastern yellow - My inner Neo Zealander does not care too much about political correctness, it seems), with Amerindian brown and South-seas black branching off at some point in the process. So far, so good… Debatable but good.

Andrew and Penny continued explaining that the apparent reason, according to New Zealander anthropologists, why the indigenous population in America accepted the culture imposed after the European conquests in the XVI-XVII (contrary to the almost complete annihilation of the Pacific/Indic ocean native cultures) centuries is because the group that crossed Bering ≈50,000BC, and some later groups with whom they inter-mixed came from a semi-developed proto-Christian society, so the new ideas were closer to their own beliefs. Damog, Steve and me gust nodded with interest.

Less than 30 minutes later, awake and after my morning coffee, I'll have to ask you: WTF‽ A proto-Christian society... ≈48,000 years before Christian era? No, no way your argument holds any water!

(on a side note: At least I know that if at some point I develop a multiple personalities disorder, and they are allowed in the same room at once, I will have a good time debating with myself about interesting topics)

( categories: )

Google having gender issues related to old-agers?

Submitted by gwolf on Mon, 09/07/2009 - 13:24

I am updating an old package's packaging style to take advantage of the new DebHelper 7 goodities. So far, I have been quite successful, but I hit a problem… And before bugging on IRC, I decided to check with Joey Hess' presentation at DebConf9, Not your grandpa's debhelper.

Of course, not remembering the URL, it was the most natural thing to ask Google:

Did you mean... Not your grandma's Debhelper‽ WTF!

Of course, putting this thingy aside, the right answer was the first hit. However, what is the first hit for the Grandma version? Quite dangerous: A post in Ubuntuforums for which the Google excrept reads: this tool can obviously eat your cat, poison your grandma, create an earthquake or do any other unexpected harm, so I don't provide any warranty whatsoever.

I sincerely prefer joeyh's version.

( categories: )


Submitted by gwolf on Thu, 09/03/2009 - 20:55

During DebConf, Noodles discretely approached me and asked whether I'd be interested and willing to join him as Debian's keyring maintainer. Of course, I felt greatly honored and happy about this. Over the past weeks, we have exchanged some mails where he details how it is handled, and I feel I get the general logic — and this last week (which was quite hectic for me — apologies in advance for all the work and mails I have due for different people!) he finally took the big steps: Requested DSA to give me login rights to the needed machine and RT queue and to be listed in the relevant area of the Debian Organization page.

So, even if I still feel afraid of botching Debian and sending the universe swirling away into chaos, I am most happy, and could no longer hide it. Yay! :-D

[BTW] No, it was not on purpose. I did not grow my beard in order to look like St. Peter. But it must have been part of the decision process!

( categories: )
Syndicate content