I collided yester-day with Brouwer's Fixed-Point Theorem while writing a program that aids artists in creating on-line web galleries.

There's a notion in art of complementary color. The lighter a color is, the darker is its complement, and v.v.. And, if one locates a color on a color wheel, this complement is its diametrical opposite on the wheel. Complementary colors are used, well, to complement things. So, for example, a dark red object is thought to look best against a light green background (if one uses the classic red-yellow-blue color system) or against a light turquoise background (if one uses the red-green-blue system).

I thought (and think) that it would be a fine thing if an image should be automatically displayed on a page whose background color were the complement of the average color of the image. In keeping with this complementarity, it might seem to be a good idea for the page text to be the complement of the background, which is to say that original average color. Well, here is where Brouwer pokes his head in the room and suggests a problem.

Brouwer's Fixed-Point Theorem tells us that every continuous function f from a closed ball onto itself has a point x such that f(x) = x. A color wheel is a closed ball in two dimensions. Grey-scale is a closed ball in one dimension. Half-way between black and white is a shade of grey which is its own complement. The color dead-center on a color wheel is its own complement. So the center of the cylinder formed by the Cartesian product of light-and-dark with the color wheel is its own complement. And any colors near this center have their complements also near this center, which means that there isn't enough contrast for real usability. Color schemes such as medium grey text on a medium grey background just don't cut it.

I don't know what the best adjustment is; I'm not even sure that there is a unique best to be found. But I believe that the proper adjustment would be to alter the lightness — and only the lightness — of the foreground text, making sure that it were different from that of the background by increasing any existing relative difference. (In cases were the brightness is dead-center, a movement in either direction should be fine.)

If you’re actually trying to install another version of Firefox, then click on the Firefox tag, as there may be an entry on that other version.

Once again, I was distracted as Mozilla released a new version of Firefox; this time, version 8.0.x. The installation method that worked for Firefox 7.0.1 under Scientific Linux 6.0 and 6.1 works, mutatis mutandis, for Firefox 8.0.1 under Scientific Linux 6.1, and therefore ought to work for Firefox 8.0.x under RHEL 6.x and under CentOS 6.x.

So here are the steps that I recommend:

1. Download the archive, firefox-8.0[.n].tar.bz2.
2. The tarball contains a directory, firefox, which should be dropped-in as a sub-directory of something. If you want to ponder where, then study the FHS. As for me, as root, I put it in /opt:
   

   tar -xjvf firefox-8.0[.n].tar.bz2 -C /opt/

   (Omit that [.n] if it isn’t in the name of the archive that you downloaded. Replace it with the actual number from the name of the archive if such a number was included.)

3. You’ll need a .desktop file for Firefox (though you may already have one). As root, edit/create /usr/share/applications/firefox.desktop, ensuring that it reads
   

   [Desktop Entry]
   Categories=Application;Network;X-Red-Hat-Base;
   Type=Application
   Encoding=UTF-8
   Name=Firefox
   Comment='WWW browser'
   Exec='/opt/firefox/firefox'
   Icon='/opt/firefox/icons/mozicon128.png'
   Terminal=false

   (If you didn't install in /opt, or changed the name of the firefox directory, then you'll need to change the above accordingly.)

4. Restart the GUI, by logging out and back in or by restarting the system.

[This post was delayed from yester-day, as my hosting service had a technical failure, and it took me rather a long time to persuade them of such.]

I read

This past week it was reported that the hacktivist collective known as Anonymous claimed credit for taking offline over 40 websites used for sharing pedophilia — and for exposing the names and identifying information of more than 1500 alleged pedophiles that had been using the sites.

But the actual list is of user aliases, not of personal names.

Not only are pædophiles not being exposed here, but non-pædophiles who've had the misfortune of pædophiles' using the same aliases (by chance or from malice) are going to come under suspicion by those who think that they recognize them on this list.

Further, if agents of law enforcement were themselves working to track-down the actual legal identities of the pædophiles, their investigation has now been severely compromised, possibly fatally so.

Once again, Anonymous has done less good than they have led the gullible to believe, and have caused more damage than they have acknowledged.

Fred Flare, Inc, has received the not-so-coveted rating of F from the Better Business Bureau.

Readers may recall my entry of 12 August on how Flare had allowed some of the information that I'd provided to them to be used by spammers. (I had creäted an e.mail address exactly for business with Fred Flare and provided it uniquely to them.) Not long after I'd posted that entry, I contacted the BBB; Flare should have been responding to the issue of a hacked customer dB with a sense of urgency, but there was no evidence of such a sense.

On 6 September, a representative from Flare commented to the 'blog, and also sent e.mail:

Please forgive our late response to customer complaint #8703538 from Daniel Kian M cKiernan.
We are investigating whether our email service provider iContact might have been hacked.
We haven't found any evidence confirming this as of yet but are being extra thorough.
Rest assured, no credit card information has been compromised. We DO NOT save cc details for that very reason.
I will update you as I learn more. Thank you for your patience.

Now, as I implied in reply to the 'blog comment, the theory in that comment casting suspicion on UPS is a poor one. There's no particularly good reason for the spammer to spoof the name of their source (indeed, there is good reason for them not to do this), other spam from this breach spoofs other senders, and UPS (along with FedEx and DHL) has for many years routinely been spoofed by spammers.

The second theory (that in the e.mail) has some plausibility, but was, at that point, just a theory.

The promise (in the 'blog comment) of More soon! went simply unfulfilled. Meanwhile, spam continued to be sent to the address, at least one piece using my full name.

When the BBB dead-line for communication from Flare was imminent, they sent no more than a copy of that original 'blog comment and of that theorizing e.mail. The BBB, following SOP, asked me if this resolved my complaint, and I explained why it didn't.

What that communication did was reset the clock. But this time it just ticked-down to zero with no further communication from Flare, and the BBB regards such silence as unacceptable; hence the F

I don't know how the NYC BBB handles attempts at a ratings change; the San Diego BBB has been known to allow merchants to revive cases after many months (and known then to completely discard the rating if the customer does not respond). (If Fred Flare does not act on this case, it will eventually be considered sufficiently ancient as not to be used in rating.)

For my part, I guess that my next step is to file a complaint with the FTC. I don't know that a lot will come of that, though.

I'm really saddened by this whole course of events. There is no question that Fred Flare offers some cool and whimsical stuff that is difficult or impossible to get elsewhere; I think that they should be rewarded for that much even setting aside whatever desire I might have for any of that stuff, and ceteris paribus I would want such an enterprise to prosper.

But it's imperative, in these days where information once loosed flows so freely, to take responsibility for the databases that we keep of information on other people (including the addressbooks of our e.mail handlers). Mistakes will happen, but we need to own any mistakes that we make, and to off-set their effects.

I had hoped that I'd get a reply within hours after I'd first contacted Flare. I should have been quickly told (as I was eventually told) that no credit-card information had been released. And Flare still needs to do something for those victims who, unlike me, provided addresses that are not easily discarded.

If you’re actually trying to install another version of Firefox, then click on the Firefox tag, as there may be an entry on that other version.

While my back was turned, Mozilla released Firefox 7.0.x. The installation method that worked for Firefox 6.0 under Scientific Linux 6.0 and 6.1 works, mutatis mutandis, for Firefox 7.0.1 under Scientific Linux 6.1, and therefore ought to work for Firefox 7.0.x under RHEL 6.x and under CentOS 6.x.

So here are the steps that I recommend:

1. Download the archive, firefox-7.0[.n].tar.bz2.
2. The tarball contains a directory, firefox, which should be dropped-in as a sub-directory of something. If you want to ponder where, then study the FHS. As for me, as root, I put it in /opt:
   

   tar -xjvf firefox-7.0[.n].tar.bz2 -C /opt/

   (Omit that [.n] if it isn’t in the name of the archive that you downloaded. Replace it with the actual number from the name of the archive if such a number was included.)

3. You’ll need a .desktop file for Firefox (though you may already have one). As root, edit/create /usr/share/applications/firefox.desktop, ensuring that it reads
   

   [Desktop Entry]
   Categories=Application;Network;X-Red-Hat-Base;
   Type=Application
   Encoding=UTF-8
   Name=Firefox
   Comment='WWW browser'
   Exec='/opt/firefox/firefox'
   Icon='/opt/firefox/icons/mozicon128.png'
   Terminal=false

   (If you didn't install in /opt, or changed the name of the firefox directory, then you'll need to change the above accordingly.)

4. Restart the GUI, by logging out and back in or by restarting the system.

If you’re actually trying to install another version of Firefox, then click on the Firefox tag, as there may be an entry on that other version.

Since I am now principally using Fedora, I'd not planned to continue my entries on installing Firefox on RHEL. But people continue to visit this 'blog for help on just that, and since I do also run Scientific Linux (a close clone of RHEL), I can still investigate what procedure will work (though this entry might more cautiously be entitled Installing Firefox 6.0 under Scientific Linux 6.x). (I don't plan to go back and add an entry on installing Firefox 5.x, but since the procedure for Firefox 6.0 proves to be the same, except for the name of the archive, as that for 4.0, I believe that one can infer that it is likewise the same for 5.x.)

In any case, here are the steps that I recommend:

1. Download the archive, firefox-6.0[.n].tar.bz2.
2. The tarball contains a directory, firefox, which should be dropped-in as a sub-directory of something. If you want to ponder where, then study the FHS. As for me, as root, I put it in /opt:
   

   tar -xjvf firefox-6.0[.n].tar.bz2 -C /opt/

   (Omit that [.n] if it isn’t in the name of the archive that you downloaded. Replace it with the actual number from the name of the archive if such a number was included.)

3. You’ll need a .desktop file for Firefox (though you may already have one). As root, edit/create /usr/share/applications/firefox.desktop, ensuring that it reads
   

   [Desktop Entry]
   Categories=Application;Network;X-Red-Hat-Base;
   Type=Application
   Encoding=UTF-8
   Name=Firefox
   Comment='WWW browser'
   Exec='/opt/firefox/firefox'
   Icon='/opt/firefox/icons/mozicon128.png'
   Terminal=false

   (If you didn't install in /opt, or changed the name of the firefox directory, then you'll need to change the above accordingly.)

4. Restart the GUI, by logging out and back in or by restarting the system.

When I'm required to provide a working e.mail address for a relationship with an institution, I usually creäte a new address, specific to my account with that institution. The address itself is typically that of a forwarder, and that forwarder is almost always to an address whose sole purpose is to receive the e.mails from these various forwarders.

One benefit of this arrangement is that, if I want to disconnect from that institution, I can delete the forwarder. But my real concern has been control of spam. If I receive spam, then from the address of the forwarder I can determine which institution provided my address to the spammers; and I can cut-off the spammers by deleting the forwarder.

This morning, I received three pieces of spam, each with the title UPS notification, each ostensibly from UPS, and each with a body

Dear customer.


The parcel was sent your home address.
And it will arrive within 3 business day.

More information and the tracking number are attached in document below.

Thank you.

Copyright © 1994-2011 United Parcel Service of America, Inc. All rights reserved.

(Anti-spam software on the mail-server removed any attachment.) Many of you will have got e.mail similar or identical to this; it's a trick that has been employed now for years.

But what is of particular interest is that each of these three messages came to the address that I'd provided exactly and only to Fred Flare .com. So Fred Flare has allowed some or all of my account information to be leaked to some party who tried then to hijack my computer.

Upon discovering the first two, I quickly tried to contact Fred Flare. My first attempt failed because their own filters prevent the delivery of attachments, and I'd attached copies of the spam. My second attempt therefore omitted these, which potentially compounds the problem for Flare.

In my case, I can just delete the forwarder once I'm done communicating with Fred Flare, but other, more trusting people provided their principal e.mail addresses. It would be no small task for Fred Flare to make it right for those people, but it is the responsibility of Fred Flare to do so.

Since some time in April, a bug in the software at LiveJournal.com has kept me from logging into it, and from logging into other sites using that same software, with my OpenID. To-day I received an admission that the problem hasn't been worked and is not likely to be worked any time soon. If you're an LJ friend who posts nothing but Friends-only or otherwise filtered entries, then you might as well write me off.

More generally, my experience filing bug reports has not been very happy. I've recently reported my problems with the formula editor of OpenOffice.

Rather longer ago than that, I noted how WordPress, after letting two dead-lines slip, had just un-scheduled a bug-fix by setting a milestone of Future Release. This morning, I discovered that a spurious claim that the bug was not manifest had caused the report to be closed about three weeks ago. After I was compelled to jump through some otherwise superfluous hoops, it was plainly established that WordPress indeed had exactly the bug that I'd reported (on 29 April 2008), and that, from my initial description, the point of failure could have been quickly found and fixed. A patch was filed, and I thought that the fix would be scheduled for the next bug-fixing release (3.1.4 or 3.2.0, whichever came first), but then the milestone was instead re-set for Future Release. It might still be fixed in the next release, but there is simply no assurance of that. (I can hack my own installation, of course.)

Greek seems to be in-fashion these days. First, last night, a friend called me to ask how to say man who touches elephants in Classical Greek. Then, to-day, as I was attempting to comment to a 'blog earlier to-day, I was presented with the following 'bot challenge: That's right, the string was unadresG ψ1,, and that's a psi, not a w nor a u with a slash through it. Entering a ψ worked just fine. (Not that I actually have my keyboard configured to deliver psi, but I keep Greek characters about, for copying-and-pasting.)

My most recently activated license for RHEL expired within the last two or three days. I may have an unused license stashed somewhere, but I've been planning to migrate to some other distribution of Linux when this one expired, because I've been so unhappy with Red Hat's past ill-preparedness for demands upon their servers at times of new releases.

Gaal once suggested that I try a flavor of Linux, such as Ubuntu, that used a more-advanced package-management system, but I've been fairly comfortable with the package-management system (as such) used by RHEL, and I'm inclined to stick closer to familiar forms. (It is not the quality of Red Hat's released code that has alienated me.) I think that my decision will be one between Fedora and Scientific Linux.

Fedora is the source from which RHEL is derived; Fedora is bleeding edge. Scientific Linux and CentOS aim to be very close derivatives of RHEL. Scientific Linux seems to be the most effectively maintained; unfortunately, when last I checked, the developers of CentOS hadn't got a stable clone of RHEL 6.0 out the door yet, and some of the changes from RHEL 5.6 to 6.0 have been meaningful improvements for me. (StarCom Linux, another close derivative of RHEL, lags even further behind.)

I downloaded a live CD of Fedora and a live DVD of Scientific Linux, so that I could try each. There seemed to be no non-trivial difference in either case from the look-and-feel of RHEL.

Anyway, the choice would seem to be one of functionality (Fedora) vs reliability (Scientific Linux).

[Up-Date (2011:05/23): On 11 May, I installed Fedora. I've had a few mishaps with fonts, and the system has been a little flakier, but so far the marginal benefits have seemed to out-weigh the marginal costs. I've also been giving some thought to installing a larger hard-drive, with one or more additional partitions, for other *nixes.]