Not a Gamer, Part 2

by Miguel de Icaza

As I discussed back in January am not much of a gamer. The only redeeming feature of the Wii was watching Laura and my friends play Wii Sports

Nat recently convinced me to get a Nintendo DS, he said something like, but not necessarily "This stuff is great while waiting for your next flight, and going through all those security checkpoints". He strongly recommended the brain training games for the Nintendo DS.

So I went and purchased a DS and just like in January, I asked the sales guy to give me a bunch of the best games for the DS he had on store. I figured, maybe am the kind of gamer that could get used to the DS.

Like January, I did not really get into any of the games.

A few observations:

  • The Internet Destroyed the Fun in Puzzle/Adventure Games: I still fondly remember playing Space Quest: one hour every day, then discussing with friends the possible solutions and eventually solving it.
    The Internet makes it so easy to get solutions to most of the problems that it has taken the fun out of it.
  • Stories: The stories for the games I have tried so far (on the DS and the Wii) seem incredibly dull and there is a linearity and lack of interesting challenges.
  • Game Play is Not That Different: Until this year, I had spent about 15 years not playing games (with a short stint for about nine-twelve months playing Quake) and the games are not significantly different.
    But at least the graphics are superb (uh oh, hope Slashdot does not come after me), the animations are very gracious and some of the details are incredibly well taken care of.

I got some mistery game (Hotel something or other), a remake of SimCity, some cooking game, some Lego point-and-shoot and some others that were not worth remembering.

The only game that I liked was the brain games. I like the practice exercises and most importantly, the Sudoku which I play every night before going to sleep.

So I spent about 300 dollars in hardware and games to end up playing Sudoku. A better investment would have been to buy a 5 dollar Sudoku book.

So all of the above was just an excuse to blog about my good friend Jordi Mas' brain games for Gnome.

He has been working on a set of pretty cool games for the desktop. He wrote GBrainy which comes with an assorted collection of mind games that are quite fun in the same way that the Brain Games for the DS is:

Anyways what are good games for the Wii and the DS for aging software developers? (And am not really a fan of Quake derivatives; I got Metroid, and its passable).

Posted on 12 Sep 2007

Mono Bugzilla Migration

by Miguel de Icaza

This Saturday morning (September 15th) at 8am MDT we will be doing our final migration to the Novell Bugzilla system. Although we expect this migration to take much less time, we have planned a outage until Monday (September 17th) at 8am. During the outage, will not be accessible.

Once the migration is complete, will be the official Mono Bugzilla. In preparation for the switch, please create a Novell.Com account by going to the following URL.

Novell Login Creation Page.

It is important that you use the same e-mail address for this account that you use on

Posted on 12 Sep 2007

Jon Galloway Introduces New Acronyms

by Miguel de Icaza

From Twitter today:

Posted on 10 Sep 2007

Short Internet Case Studies: Creating Mortal Enemies

by Miguel de Icaza

Jeff Artwood uses Twitter to quick-blog (as opposed to his usual larger treaties).

From today's twitterness, how to go from "Flickr, good but not for me" to "Flickr, mortal enemy" in 10 seconds:

Posted on 09 Sep 2007

Moonlight Follow-Up

by Miguel de Icaza

After my last post, Matt Asay and myself exchanged a few emails regarding Novell and open source. And Matt posted a very nice follow up: "80% on Novell" on his blog about Novell and our involvement in open source, so some good came out of this:

Net net: I'm going to work on seeing Novell with less bite and more neutrality. It's admittedly very hard for me.

His post is difficult to quote without removing too much context and doing justice to it, so you should read it yourself.

Simon engadged in a lengthy discussion on my blog's comments on Google Group here and here.

We exchanged platitudes and concluded that patents are bad (shocking, I know) and that the "system" is far from optimal (second shock). We both agreed that Sticking it to the Man was a worthy goal.

Posted on 09 Sep 2007

ReMix 07 in Boston

by Miguel de Icaza

Brad Abrams (one of the authors of the .NET Framework Design Guidelines, which PVanhoof really likes) invited me to share the stage at his keynote for ReMix 07 in Boston.

Oh the excitement!

Posted on 09 Sep 2007

Servers Storing Passwords in Plain Text

by Miguel de Icaza

Turns out that one of my favorite sites (Reddit) stored plain text passwords on a database. The reddit database recently was stolen, and now whoever stole it has all the passwords to reddit. The rationale for this was:

Personally, I prefer the convenience of being having my passwords emailed to me when I forget, which happens from time to time since I use difference passwords everywhere.

Not hashing was a design decision we made in the beginning, and it didn't stem from irresponsibility-- it stemmed from a decision to provide functionality that I liked.

It bit us in the ass this time, and we are truly sorry for it. The irresponsibility (and there is some) was allowing our data to get nabbed.

So the convenience of emailing a password when you forget it is what caused the developers to keep the passwords in the open.

Now, I do not particularly care if my reddit password is stolen. I have a policy of using a different password for every site that wants me to create an account with them. I use wildly different passwords for each site that I register with, so I manage to limit my exposure by limiting the damage to that particular site.

But many of my friends use combinations of "the same password everywhere" (specially the non-technical), "the password with the site name" (slightly more technical), "three tiers of passwords: weak, normal and high-security".

Everyone in those groups is vulnerable to have their password cracked open on other sites. Not good.

But the second realization that I had is that this practice is incredibly common. In the last month I have probably requested to "recover my password" from six or seven sites and at least two of them sent me back my original password. I remember thinkin "Oh, that is handy, am glad I did not have to go through a reset password process". Only now I realize that these sites are basically exposing my password to the world. This is not a phenomenon limited to reddit, it is incredibly common.

Here is a tutorial on how to implement this correctly on your web site: Don't let password recovery keep you from protecting your users. If you are using ASP.NET, the Membership infrastructure will take care of this for you.

Server folks also need to use stronger encryption mechanisms. As Jeff points out on his Rainbow Hash Cracking

You should use a differnet password for each site that you visit. Even if you knew the site you visit will not store the password in plain text (and there is no way of finding out) these days tools to crack passwords take advantage of available memory and disk space to crack stuff rapidly. See Jeff Artwood's Rainbow Hash Cracking post where he installs Ophcrack (open source software, available for most platforms) and cracks most "strong" passwords in a matter of minutes.

For dealing with one-password-per-site I keep a GPG encrypted file and use a script that Gonzalo wrote. Maybe its too simple, but it works (source is here).

Windows has a couple of tools that can keep your passwords encrypted. It would be nice if someone wrote a nice UI for this for Unix. The gnome-keyring is a step in the right direction, but the UI (gnome-keyring-manager) is not really designed for end users to use. It is more of a front-end to the password backend for the desktop.

We need to make this kind of tool pervasive on all of the desktop systems (and Mozilla remembering passwords is not enough to be practical).

Update: Jensen Somers in the comments points us to Revelation a tool for the Gnome desktop that does this.

Posted on 09 Sep 2007

Naomi Klein's Shock Doctrine

by Miguel de Icaza

Always loved Naomi Klein and today I found on reddit that Alfonso Cuaron did a short based on her latest book The Shock Doctrine. Am a fan of both.

The short-film is six minutes, and you can watch it here.

Posted on 08 Sep 2007

Reading Comprehension and the English Language

by Miguel de Icaza

Last night Simon Phipps blogged about the Moonlight announcement.

It is funny to be lectured about software freedom from people that use MacOS computers as their main desktops instead of Linux. And to be lectured about whether implementing Moonlight for Linux or not is a good idea. If you smell an inconsistency here, is because its their trademark.

Simon is usually a sensible person, I met him at GUADEC a few years ago and I consider him a good friend and has a great reputation in the open source world for helping Sun open source Java. I have fond memories of hanging out at FooCamp and FOSDEM with him, so I was surprised about his post.

As I pointed out on his blog entry comments he made a number of mistakes on his analysis of the license.

He opens with the following paragraph:

I see Miguel is expecting flak for his initiative to implement Silverlight on GNU/Linux, and I'm sure he'll get it. The thing that caught my eye, however, was what terms I was asked to agree to if I as much as give Silverlight a try on any other platform in the ecosystem Miguel is helping create. Just take a look at the license agreement you're assumed to agree to if you so much as click the "Get Silverlight" button (yes, your acceptance is there in 4-point text in the Get... graphic). You will be agreeing you will not:

He is implying that Moonlight will be covered by Microsoft's EULA. This is not the case. Moonlight is released under a combination of LGPLv2 and MIT X11 licenses. I did bring this up on his comments, and Simon replied with:

Oh, and I didn't intend to imply Moonlight was equally tainted, I didn't think for a moment that you'd license it as anything but Free software and I think I made that clear in my first paragraph. My apologies if you thought otherwise.

I keep re-reading the original paragraph and it is very ambiguous to the point of leading to the confusion. The only point where he addresses this is several paragraphs later: "Miguel is encouraging you to surrender your freedoms if you're using the technology he promotes anywhere but the operating system he is working on. He's the lure for someone else's trap.".

Simon is concerned that using Silverlight on Windows comes with a bunch of requirements that are contrary to software freedom. But Simon, if you care about your software freedom, why are you using MacOS (or Windows) in the first place? If people care about that issue, they should switch to a fully open source system. And correct me if am wrong Simon, but since you link to a Mac license, I can imagine your main desktop is a MacOS machine (I vaguely remember that to be your main desktop; Why not OpenSolaris or Linux?), it seems like you have already surrendered your software freedom rights a long time ago.

And let me add, you can always port Moonlight to Windows. It is free software, remember?

His blog post is confusing, a commenter on Simon's blog points exactly that:

Just to let you know that I skimmed this post after it was linked on Louis' blog and got the impression that the points in the license that you raise are in Moonlight rather than Silverlight.

I didn't realize until I read Miguel's comment that this is not the case.

Of course, it is obvious on a second reading that you are talking about Silverlight. But I hope no-one else makes the same mistake as me, but worse does not realize it.

So one person is already confused. But it gets better. Pundit Matt Asay gets it wrong too (For those not familiar with Matt Asay, he is like the Robert Novak of open source punditry). He opens his own blog entry with:

Simon Phipps takes apart the licensing maze required to start "enjoying" Novell's Moonlight. Novell clearly wants to be popular with someone, and so has settled on Microsoft.

So Simon text is definitely obscure enough that pundits are making the same "mistake" I made when I read Simon's obscure blog post. On the other hand, it was pundits that got the US into the Iraq war, so we must cut the punditry circles some slack, we can not expect them to be scholars.

Now it is time to take exception at Matt's claim that:

Simon [...] takes apart the licensing maze required to start enjoying Novell's Moonlight"

No Matt, Simon did not explain anything about Moonlight, he was talking about Silverlight's EULA license, and while doing so, he managed to botch his analysis on several counts.

I am not in the business of defending Microsoft's EULAs, but in this case Simon tried to imply that we were covered by it. And well, Moonlight is not, as I said above Moonlight is under the LGPL/X11 licenses.

It seems that the EULAs for these proprietary plugins are pretty much all the same. As Stephen Walli pointed out on the comments for Simon, he is throwing rocks in a glasshouse, here are some EULAs that just as bad or worse as the Silverlight one:

Silverlight terms are simpler to read than any of the previous five. This seems like an improvement.

When it comes to damages, a topic that Simon seems to care about as he writes: "that the limit of Microsoft's liability in any matter (including "internet services") is $5", here is the breakdown of the other EULAs:

  • Acrobat: 50 dollars.
  • Helix: 5 dollars.
  • Silverlight: 5 dollars.
  • Java: 0 dollars.
  • Flash: 0 dollars.

And for good measure the GPL, LGPL and MIT X11 licenses put that at zero. So Acrobat, Helix and Silverlight are actually the most generous in this space.

I am not going to accuse Simon of double-standards, as he acknowledges in a comment that he would like to see those removed from Sun software as well:

As to glass houses: I expect there are Sun agreements that actually are a threat to software freedom, but it's my (and I believe Sun's) goal to eliminate as many of them as possible. By contrast, the Silverlight agreement is new, and its terms appear intended not just to protect Microsoft but to advantage them. I'm a bit surprised to find you making this apples-to-oranges comparison. I'm an easy target when I'm talking about what concerns me, but do you really believe there's no issue here?

I am not sure to what extend the EULA for Silverlight "its terms appear intended not just to protect Microsoft but to advantage them". Simon botched the analysis on most of his claims (including his statement about video and the MPEG-LA claim, he needs to read the (b) section).

So what we have is a case of exaggerated outrage over a silly license and for good measure a little bit of smearing of Moonlight by association.

Simon also complains that by accepting the license, "* that Microsoft can gather information about your computer and internet connection; * that they can automatically modify the software."

That is incorrect Simon. The license that you accept does not give Microsoft the right to gather the information (unlike the Java license that explicitly states that Sun can gather the information). In addition, Simon conveniently ignores the fact that the the Silverlight EULA states that you can opt-out from automatic-updates (see the license for yourself).

Finally, Simon's take on Mono:

I suppose this is just the same as my issue with Mono; that it's a trailing-edge implementation of an ecosystem that's intended by its architects to take away freedoms. That's what I'm reacting to.

Simon, that was uncalled for. Mono might be trailing behind Microsoft's APIs, but Mono has its own vibrant community and its own stack of open source libraries that are 100% independent of Microsoft's own stack based on the ECMA 335 core. You should know better than that. Mono is able to plot its own destiny and its own ecosystem on his own thank-you-very-much.

Matt Asay Shortsightedness

Matt Asay's bitter blog post misses the point as well, his argument of "position of strength" is a laughable one. Lets play, spot the inconsistencies (post your thoughts):

In other words, if someone is going to be Microsoft's toady, Novell wants to be darned sure it's them. It would be much better to command interoperability from a position of strength, as Red Hat is doing (or as MySQL is doing in databases, JBoss has done in application servers, etc.), rather than between mouthfuls of Microsoft's toejam.

Well Matt, we actually started on Moonlight without any management approval. All my bosses knew about our effort to implement Moonlight was that I requested a trip to Paris on June 21st ("Am going to accept this invitation to ReMix in Paris, the opportunity sounds priceless"). Nobody knew what my engineering group was cooking. And I for one had no expectations at that point to become a "toady", but I guess that is for a psychiatrist to figure out the day I get one.

So we are very excited that we turned our 21-day hackaton into a collaboration to productize Moonlight and to be able to bring Silverlight to Linux users.

To me, Moonlight is of crucial importance because I believe that Microsoft will be successful in getting Silverlight deployed in many sites, and as a Linux desktop user (unlike some outraged open source advocates that stick to OSX :-) I want to make sure that I have access to the Silverlight content from my Linux box.

And speaking of freedom and outrage, Simon you do not seem to mind surrendering your freedoms to Apple when you buy proprietary iPods and proprietary connectors, using the proprietary iTunes. And there are other mp3 players that are purely open source. Why are you using that instead of the purely open source Linux + Banshee?

You have the right to choose to iTunes, and others have the right to choose Silverlight. But of course people like to paint things in apocalyptic terms, more along the lines of "Will someone think of the children?". It may be funny, but only when its part of a Simpsons sketch.

It took real change inside Microsoft and Microsoft's internal organization to push for an agreement with Novell that would officially endorse Moonlight and would provide assistance of a kind that has never been seen between Microsoft and the open source community.

Moonlight will probably help Silverlight get adoption, and advance Microsoft's interest position in this space, but:

  • From a pure technical perspective: Silverlight is the best of breed on this space. I like it, and it matches my opinions. Maybe not everyone's opinions, but mine and some others.
  • As long as I can have my LGPL/X11 licensed code base, am more than happy for Silverlight to become another option on the Internet. Live and let live kind of scenario (Unlike others, I actually love Flash as well, and I love the open source efforts trying to create an open source version even more).
  • Silverlight vs Flash vs JavaFX vs AIR is not a zero-sum game. Those who believe that have a strong scarcity mindset. I for one believe that the ecosystem will become richer by having more options. You know, competition, choice, options, styles.
    Just like on the server space source we have competing frameworks: django, rails, turbogears, and j2ee.

Posted on 07 Sep 2007

Sun and NetApp Lawsuit

by Miguel de Icaza

Am no fan of patents or patents lawsuits, but this lawsuit is going to provide some entertainment value for months to come.

It is quickly moving into "he said, she said" territory. NetApp claims that Sun started this thing when they approached NetApp to monetize some patents:

Like many large technology companies, Sun has been using its patent portfolio as a profit center. About 18 months ago, Sun’s lawyers contacted NetApp with a list of patents they say we infringe, and requested that we pay them lots of money. We responded in two ways. First, we closely examined their list of patents. Second, we identified the patents in our portfolio that we believe Sun infringes. With respect to Sun’s patent claims, our lawsuit explains that we do not infringe, and ---in fact--- that they are not even valid. As a result, we don’t think we should be paying Sun millions of dollars.

If this is true, Sun brought this upon themselves.

Of course, on the other hand, Sun claims that this was not the case:

Many of the claims raised in the lawsuit are factually untrue. For example, it was NetApp who first approached Sun seeking to acquire the Sun patents NetApp is now attempting to invalidate. It is unfortunate that NetApp has now resorted to resolving its business issues in a legal jurisdiction (East Texas) long favored by "patent trolls."


And from Jonathan Schwartz:

NetApps first approached StorageTek behind the cover of a third party intermediary (yes, it sounds weird, doesn't it?) seeking to purchase STK patents. After Sun acquired STK, we were not willing to sell the patents, We've always been willing to license them. But instead of engaging in licensing discussions, NetApp decided to file a suit to invalidate them. To be clear, we never filed a complaint or threatened to do so, nor did anyone, to the best of my knowledge, in the ZFS community.

Sun also positions this as an attack on open source (since ZFS is under some open source license, the one that is incompatible with the Linux kernel GPLv2):

NetApp's legal attack against Sun's open source ZFS solution which is freely available in the marketplace is a clear indication that NetApp considers Sun technology a threat, and is a direct attack on the open source community.

So software patents suck, we all know that.

One one side, if there is any truth to NetApp's claim that Sun tried to monetize their patents by going on the offenseive this seems to be a case of Sun bringing this upon themselves.

NetApp could respond by issuing a patent covenant for users of open source operating systems (which would include Linux and OpenSolaris, but would still allow them to monetize from the Solaris uses).

Someone on Jonathan's blog raises a good point:

I find your comments contradictory.

"First, Sun did not approach NetApps about licensing any of Sun's patents and never filed complaints against NetApps or demanded anything." on the one hand, and "... we were not willing to sell the patents, We've always been willing to license them."

Can you please address the contradiction between "never demanded" and "always willing to license", Since "Willing to license" is usually simply a code word for "demanding payment for licensing."

If Sun's position that NTAP does not in fact violate the patents in question, and Sun does not violate NTAP's patents, why can't Sun affirmatively state that instead of leaving the issue unresolved?

Warmest Regards,

That is one good question.

On the other side, perhaps NetApp has turned into a patent troll. And there are some indications from NetApp's blog. This is worrysome:

On the other hand, I won’t pretend that we would never have sued if Sun hadn’t approached us first. We focus on innovation as a company, and we do intend to defend our intellectual property.


Our interest is on commercial use of ZFS. That is, we are concerned with companies who take our IP and turn it into products that they make money on. For obvious reasons, we are especially concerned about commercial use of our IP that would compete with NetApp.

This seems to undermine NetApp's initial claim.

In the meantime, am buying POPC-orn shares, I predict this drama will have the same ratings as the second season of Lost.

Posted on 06 Sep 2007

« Newer entries | Older entries »