Gunnar Wolf

Every now and then, I want to understand a bit better English. Today, when Joeyh mentioned nettle soup, I had to ask Wikipedia what a nettle is. And Joey, no wonder it itches... It refers to around 45 species of genus Urtica in the family Urticaceae - In Spanish, of course, urtica is known as ortiga, or as blind person's herb, as even a blind person will quickly recognize it to touch - Touching it will cause the apt-named urticaria, which Joey seems to have discovered and learnt to fear. At least in Spanish, urticaria is generalized and used to call all kinds of skin diseases.
It happens to be a very common plant in the area I live and dwell in (the ecological reserve REPSA spans a good portion of the University, and limits my neighbourhood), a large extension of Southern Mexico City where the lava of the small Xitle volcano covered everything, rendering a good portion of the Mexico City valley unfertile, known as malpaís (badland, literally).
Anyway... I don't think I'll rush to cut some ortigas and make them into soup, as both Joeyh and Wikipedia (Spanish and English versions) suggest. But it is always an option, having so many fine specimens around.
This posting serves no other purpose than to show my appreciation to the Mexico City Area

One week ago, I went to a branch office of Servicio de Administración Tributaria, the government office in charge of processing taxes. This year, I plan on doing something quite bold, as my Mexican friends will acknowledge: I will prepare my (quite simple, I hope) tax declaration by myself. I do not want to be held hostage of the accountant guild - So I might end doing some fuckup which in the end costs me money or time. I hope it is not the case.
Anyway... Last week I went to this office, as I needed either a CIECF (Clave de Identificación Electrónica Confidencial Fortalecida - Strengthened Confidential Electronic Identification Key) or a FIEL (Firma Electrónica Avanzada - Advanced Electronic Signature). No, please don't believe it is a security token, a card with printed numbers, a one-time-pad or the sort - The CIECF is... A password. Why is it strengthened? Because it has the feature of including a question, in case you forget the key, to allow you to change it. I guess the FIEL is a more reliable device, but I prefer not to even request it.
And as far as the questions go, the emergency questions for CIECF suck. First, I was not even asked the meta-question - I was not told why this information was needed. So imagine the clerk saying: Full name? ... Date of birth? ... RFC (Tax ID)? ... Favorite color? I was there just... Stunned. Why do you need it? Oh, just in case you forget your password. Ok... Don't you have any other questions which I am not prone to answer a different thing, and that are not dead obvious for a casual passer-by? (I guess that at least 1/4 of the public will say blue. Feel like brute-forcing SAT to its knees?) Other questions include your fathers' second family name, your favorite soccer team, your pet's name... It seems they took the first "security dos and don'ts" book off the wall, and started reading backwards.
But anyway, that's the system, and I must play nice with it. So I get back home, and decide to start hacking up my declaration. No, Mr. Policeman, I'm not saying I would try to break into the SAT - I just say it is a complex and non-obvious task to do. Now please release me. Thanks.
And I enter the system. Of course, I tried first with Iceweasel, knowing it would fail (it is documented: MSIE 5.5 recommended). I tried again with Konqueror. I tried, sigh, with MSIE from inside Wine. No luck. Well, even from within qemu's Windows 2000. Wrong password. WTF?! Stranger: It worked with SAT's My portal, although it didn't with the declaration, which is what matters now.
I cannot take the time every day to come to the SAT and move my data - It was a full week until I came back again. I insisted on fully logging in to the system, to be sure the password I entered this time was right. As well as my über-secret safety question, of course.
And it failed.
Twice.
Until the clerk noticed something strange in the way I typed...
Sir, excuse me..., he muttered, why are you typing such a long password? Well, basically because I value my tax declaration, and I know brute force is a powerful force. (explain it, of course, in simple terms) Oh... No, the password must be eight characters long.
No wonder.
So I entered the first eight characters of my password, which was a true work of prose for their standards, at around 20 characters. And it worked.
Now, for bonus points: What do we gather from the fact that the long password works fine in one system, but in another system it only the short version? Why, but of course! I guess the passwords for every economically active Mexican is stored in their master database in plain text. Isn't it just beautiful?
Anyway, it seems I have a lot of work to do. If all goes as planned, maybe next year I will be for hire as a public accountant? Hmh, does not sound too much like fun, does it?

Rhonda,

The webinterface for it doesn't require any authentication at all, leading technically to anonymous translations all over the place. The so-called "review" process consists of the same not-existing authentication, leading to a situation where unknown people can put in whatever they like and have other (or potentially the same) unknown people acknowledge that.
The language team has actively chosen that way because it was said that bad translations simply won't happen and that the review (three people opening the page and clicking onto a button) will not let that happen. Well, it happened. And is happening all over the place.

Hmmm... That sounds quite like a definition of Wiki in my book. Just add a version-control layer underneath, and...
Oh, you didn't? Umh... Tough luck! :-(

Cannot help but laugh and share.
I've been triaging and trying to reproduce some oldish bugs on pkg-perl's packages. Some bugs are no longer there, some have to be forwarded upstream, and so on. Usual tasks, yes.
Until I stumbled with #406227. I just have to laugh and share! Hope nobody feels ashamed - The bug is the result of different people coding maybe under pressure and with quite different mindsets :)
For some reason I fail to understand, the submitter's test case (rot13 implemented over a HTTP proxy) is invoked in the report as ./rot13 2>/dev/null. Of course, when trying to debug a bug report, the first thing to do is not to ignore STDERR. So, off goes the 2>/dev/null. What happens next?

0 gwolf@mosca[2]/tmp$ perl ./rot13 &
[1] 4394
0 gwolf@mosca[3]/tmp$  GET -p <a href="http://localhost:8080/" title="http://localhost:8080/">http://localhost:8080/</a> <a href="http://www.debian.org/<br />
Can't" title="http://www.debian.org/<br />
Can't">http://www.debian.org/<br />
Can't</a> locate object method "filter" via package "UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)" (perhaps you forgot to load "UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)"?) at /usr/share/perl5/HTTP/Proxy/FilterStack.pm line 126.
500 EOF when chunk header expected

WTF... Well, at least the program name gives me a clue... Lets try to "decrypt" the error message...

  gwolf@mosca[4]/tmp$ echo 'UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160)' | rot13 
HTTP::Proxy::BodyFilter::simple=HASH(0x604160)

hrm... How comes the filter is filtering its own code and only then refusing to find itself!? Ok, time to open up the manpage - Remember, I'm only group-maintaining this pacakge, I am not yet at all familiar with it! Ok, so the core of the filter is when the submitter states:

my $proxy = new HTTP::Proxy();
$proxy->push_filter(response => new HTTP::Proxy::BodyFilter::simple(sub { tr/a-zA-z/n-za-mN-ZA-M/; }));

While the manpage states it should be invoked as:

my $filter = HTTP::Proxy::BodyFilter::simple->new( sub { ${ $_[1] } =~ s/foo/bar/g; } );
$proxy->push_filter( response => $filter );

Of course, once looking at it, the answer is simple: The submitter left out which element to act on in the anonymous function body - The ${ $_[1] } =~ part. Adding it makes gur svygre jbex nf rkcrpgrq... Err, sorry - makes the filter work as expected.

Now, bonus points: For the non-Perlers out ther: How come we get the namespace translated as well? Oh, that's very simple: In Perl, as in Python (and concievably other languages I'm unaware of), the object is passed to any of its methods as the first argument. Functions in Perl receive their arguments via @_ (read: the default array). And, of course, the tr (regex-based transliteration) takes by default the first thing it sees - the object itself. And what happens when you apply a (string-oriented) regex to an object? Of course, it gets stringified - which, by default, in Perl means converting it to the closest possible description: "a hash reference blessed as an object of the class such-and-such at this memory location". That string gets worked on, and we get UGGC::Cebkl::ObqlSvygre::fvzcyr=UNFU(0k604160). This proxy does not die on very-very-short web pages, where the whole content fits on one iteration of the code (although it does not work correctly - the text remains unaltered, of course, as it was not worked on), but if the request spans several chunks, the second time the filter is called, it will be... just gibberish.

Oh, and what about the extra ${ (...) } around $_[1]? Oh, simple: The string is passed as a scalar reference, so it can be modified in place. Yes, it's the Perl way of pass-by-reference instead of pass-by-value (the default behaviour): Of course the parameter is only passed as a value. Only that the value is incidentally a reference - but who cares? ;-)

Anyway... Many oddities. I would implement the module in a completely different way, and it looks quite backwardish in my book. But then again, TIMTOWTDI.

I just went to our Institute's yearly ceremony of rosca de reyes. What's that? Well, according to the tradition, on January 6 the tres reyes magos (boringly translated to English as three wise men - It should be something like three wizard kings) payed a visit to the newborn baby Jesus. In Mexico, the tradition mandates that every family, group of friends, or whatnot should gather and eat rosca de reyes, a round, sweet bread, usually some 10cm wide. The rosca has some plastic babies hidden in it, remembering how baby Jesus had to be hidden and smuggled out of his birthplace. And, according to the Mexican tradition, if you cut your piece of rosca and get the baby, you are expected to buy tamales for everybody on February 2, día de La Candelaria. (why? Don't ask me!)

Anyway... An image is worth ~10Kb of UTF8 (so it's still better to describe it, as it weighs around 63K, but what the hell):

Two babies?! I was abused by the Three Wizard Kings! (at least it does not sound as sad as "I was abused by three wise men"!) I'll have to buy tamales for everybody on La Candelaria twice, even if they are no longer hungry!

Ok, so two people replied to yesterday's post about triple negations - Dato (by email) and MadCoder. Both, said basically the same thing: || false and && true are silly noops. And yes, knowing this, I added them. Why? Clarity... At least having them at the end of a test shows the statement is of conditional nature (and not just another obscure attempt to do ${DEITY}-knows-what). They at least look cleaner than a one-line-squashed if block in a makefile. To me, at least ;-)

But... If you noticed this post's title, it goes beyond this comment - One of the most benefical effects I noticed when I installed Jaws 0.7 (over 0.6, of course) is that I no longer had the swarms of spambots flooding me - I often had hundreds of comments a day, and nowadays I hardly get any spam. Now, I fail to see what is so strange in my blog's comment forms (it does not even have any obvious Javascript, although it does obfuscate a bit the source of the captcha image). And you are not the first Debian people to complain you cannot post comments to my site. Strangely, few non-Debian people have ever complained.

And yes, the spam has stopped, almost completely.

So, Debian guys: Are you human?

I'm packaging Ruby's PDF::Writer module for Debian - It is a simple module and (almost) ready for upload. But anyway, it carries some issues I had to bring to debian-legal's attention, mainly, five files licensed under Creative Commons licenses (specially two of them, which are under its NonCommercial variant - clearly non-free), so I'm repackaging the .orig.tar.gz into a +dfsg version.

But I know I'm a lazy and sometimes stupid bum. Even more, the package will be group-maintained by the pkg-ruby-extras team, so we must be as careful as possible not to forget to remove the non-free material - To remove two scripts, and to replace three images with free equivalents I just made. But hey, tell me if this does not feel ugly to you. At least to the bits of you who learnt human grammar:

clean::
	# Make sure we strip out non-DFSG demo files from the orig.tar.gz
	[ ! -f demo/qr-library.rb -a ! -f demo/qr-language.rb ] || false 
	[ $$(md5sum images/bluesmoke.jpg | cut -f 1 -d ' ') == 0586eca5af7523ab871609eceb44724a ] || false
	[ $$(md5sum images/chunkybacon.jpg | cut -f 1 -d ' ') == a000b1917142ce332fd3474f0722cd6f ] || false
	[ $$(md5sum images/chunkybacon.png | cut -f 1 -d ' ') == 927feec1cbbf23c4d89a4a5ad88e6d0f ] || false

Triple negations. How nice.

GRUPO DE ASESORES PROFESIONALES
CONVOCA
A académicos, investigadores, intelectuales, economistas y expertos en reformas estructurales para el análisis de las siguientes:

• Economía y finanzas
• Educación y empleo
• Seguridad y desarrollo social
• Política y Energía
• Reforma del estado

Para integrarse a un equipo serio y propositivo de Profesionales en estas áreas que brinde asesoría puntual sobre las antes descritas.
REQUISITOS: Titulados con Maestría y/o Doctorado. Contar con publicaciones especializadas.
Interesados enviar CV al correo electrónico:
juan_zzz@starmedia.com
juan_3zzz@yahoo.com.mx
Bosque de Ciruelos No. 140, piso 12, oficina 1202, col. Bosques de las Lomas

GROUP OF PROFESSIONAL ADVISORS
INVITES
Academics, researchers, intelectuals, economists and structural reform experts for the analysis of the following areas:

• Economics and finances
• Education and employment
• Social security and development
• Politics and Energy
• State reform

To join a serious and propositive team of Professionals in the above areas that gives punctual advice regarding the aforementioned.
REQUIREMENTS: Holders of a title, with M.Sc. or Ph.D. studies. Having specialized publications.
Interested people, send your CV by email to:
juan_zzz@starmedia.com
juan_3zzz@yahoo.com.mx
Bosque de Ciruelos No. 140, piso 12, oficina 1202, col. Bosques de las Lomas

• Spell it with pictures!
• Bumper stickers!
• You like Flash-based content, or you use youtube-dl like I do? Enjoy the forbidden number song - Oh-nine Eff-nine!