Natalia Michaella Woods-Quigley

On June 19th, my fiancée and I returned from India.  She was 26 weeks pregnant and we returned to the States to get better health care for the delivery of our baby.  Health care can be a daunting thing to coordinate.  We used the health care broker CBIZ to set us up with a Blue Cross EPO Plan in NJ, with the specific requirement that the pregnancy be fully covered.

The problems started with the plan as soon as we arrived.  Although we had specifically said we needed the plan to be effective the day we arrived, it took 20+ days for the plan to be activated and useful for us.  During her 27th week of the pregnancy, contractions started and we were hospitalized.  We still hadn’t even received health insurance cards yet.

The care we received at the University of Pennsylvania Hospital was excellent. Our daughter, Natalia, pulled through and we were allowed to go home a day earlier than expected.

We finally received our insurance cards.  Then, a couple of weeks later, we got news from the doctor’s office that Blue Cross wouldn’t cover our doctors office visits because we had a pre-existing condition.  We contacted CBIZ immediately and they said they would take care of it.  Two weeks later, we got an email asking for an additional requirement, basically saying if we didn’t meet that requirement they couldn’t take off the pre-existing clause off.  Back in May, they required that my fiancée had proof of coverage from before we got pregnant.  In August, after they’d been paid and coverage began, they changed the requirement to 1 year from date of the beginning of the Blue Cross plan, which we didn’t have.

The best part of this so far is that we tried to be responsible.  We paid Blue Cross 300 dollars a month for this “coverage” on good faith that our pregnancy would be covered because we were advised against getting the free Medicare program by the CBIZ representative.  Nor were we told that you CANNOT apply for Medicare if you have insurance.

About 2 months ago, I went to work like any normal day, unaware that I would be at the hospital with my fiancée for the rest of the week.  Our Natalia hadn’t made it.  (We delivered at Virtua Hospital in Voorhees, which, again, provided great care and as much comfort as they could given the circumstances)

The recovery and grief have been hard enough.  What’s worse, CBIZ has stopped returning our emails and calls.  My fiancée called Blue Cross about 10 times and got different stories every time she called, until she finally got a call with the same story about needing the 1 year prior coverage (this after getting told that the pre-existing clause would be removed).

About 2 weeks after our last hospital visit “Obamacare” as it is referred by pundits took effect.  If only it had kicked in 2 months ago.  He made pre-existing conditions a thing of the past, and we are very grateful that no one will have to go through that much health insurance hell again.  We don’t know why our daughter didn’t make it, but we are sure that the stress of dealing with health “insurance” definitely didn’t help our well-being.

When I was getting ready to be a father one of the biggest things that scared me was that I was bringing a child into this world, with all of its horrific problems.  She didn’t make it, but that feeling has stayed with me.   I will be volunteering with a local Democrat this election season, because the parts of this story that we can help we can’t let happen again.

Our daughter, Natalia Michaella Woods-Quigley, was conceived around January 1st 2010.  She loved to listen to music (WXPN in Philly being her favorite radio station.)  Natalie loved eating all kinds of food (except Indian).  Her favorites were potatoes, pasta, cantaloupe, and burgers.  She was very opinionated, kicking her opinions every moment.  It’s amazing how much (and how little) you can learn about someone when they aren’t even born yet.  It’s amazing how deeply you can fall in love with someone you can’t even see.

We love you Natalie.
Bryan & Erica

>Let’s take security to the next level…

>Current Setup:
An application has to be limited by the most lax permission in order to maintain the functionality.  For an application that will ever have access to the user’s files this means it needs to have access to all of the users files.

Possible Solution:
Have the file browser/chooser application give temporary permissions for the specific chosen files/folder to the application that launched the file chooser.  Care will need to be taken so that “recent files” in applications still work as expected.  This may require a per application recent file list to be stored in the security system.

Example Use Cases / How it does it:
Picture Viewer
1) User clicks on Picture with an active exploit in it (on the desktop)
2) Opens with default photo viewer
3) The exploit now has full control of the photo viewer, but can only access:
    Photo viewers recently opened photos
    The photo with the exploit
    Photo viewer config
    Anything else the photo viewer can access (say uploading to flickr)
    All other photo’s in library (if configured, which in this example it is not)
*) All other documents remain secure…

How it did it. (behind the scenes):
the user opened 4 pictures from the file manager, the application had those 4 pictures added to it’s “per application recent file permission list” thereby enabling the user to open them directly from the photo manager at any point in the future.  That list was customized for the application to limit the list to the 4 most recent due to the application only having 4 option in it’s “recent list”.
This list is used by apparmor/selinux to enable access to the pictures for the application.

Rhythmbox
1) User configures library (using directory chooser)\
    – Called with options to set up a permanent user/application permission for the music folder in question
    – this allows rhythmbox to access all files contained within
2) User listens to internet radio and finds a malicious file
3) The malicious file deletes everything it can touch, the user loses her entire music collection, but has all documents intact.

When configuring the rhythmbox library directory, Rhythmbox used a special call to the directory chooser to ask it to switch it’s permanent directory to whatever the user chooses, thereby adding the necessary rules as well.

Of course, if you can already do this with selinux/apparmor (at about the same complication level) please tell me how 🙂

>Memory is to hard to measure

>Inspired from the comment “It saves zero memory” from here
https://bugs.launchpad.net/ubuntu/+source/upstart/+bug/501241

I’ve been trying to keep my eye on Ubuntu’s memory usage for some time now, but there has never been a great way to measure memory usage.  Here is an alternate memory tracking idea.. Don’t bother trying to observe it directly.  These are the steps I followed to prove that removing tty2-tty6 will save us more than zero memory. 

  1. Figure out how much your computer (when booting off of a liveUSB in my case) needs to boot, open a terminal, and run free -m with using almost no swap.

    [make sure the computer has a swap partition, or else this won’t work]

    Do this by booting the kernel with different mem=???M options.  And try getting swap close to zero (see it with free -m), but still in positive territory by a few.  Mine was mem=450M, and swap used was 3 M

  2. Then make your changes, in my case rm /etc/init/tty[2-6]
  3. Reboot with the same kernel option (mem=450M), run the terminal, run free -m and rejoice in the lack of swap used.

Why does this prove my point?
It gets around the memory measuring difficulties and says, “If we don’t do X, will the system decide it doesn’t need to activate swap?”

>Internal LAN, Package Distribution Quick Howto

>This guide simply mashes up two other guides, with just the parts needed to create simple packages and them to your own repository, all on the local network (no PPAs).

First you need to make packages (a more complete guide below [1]). My packages are very simple as I am using them just to distribute files around the local network. Let’s pretend you want to include a simple bash backup script in a package.
Make a package

  1. Make a folder mycompany-backup
  2. Make two new folders in it: DEBIAN and opt
    NOTE:
    pretend mycompany-backup is the / directory of whatever system you install it on, so everything in opt would go to /opt when installed, etc.
  3. Make a new text file under DEBIAN called control
  4. Add Some text to the file:

    Package: mycompany-backup
    Version: 0.1
    Section: mycompany
    Priority: optional
    Architecture: i386 or amd64 or all (however all sadly doesn’t work with the next part of this guide)
    Essential: no
    Installed-Size: 10
    Maintainer: My Name

 

  • Add your content (in my case a backup script) to opt/backup.sh. Mine just backs up Documents to a place on our server. (NOTE: This isn’t a complete backup solution as there is no automation)

    #/bin/sh
    SAMIAM=`whoami`
    sleep 60

 

gvfs-mount mount smb://$SAMIAM@server/$SAMIAM #User must have saved password for share

rsync -rv /home/$SAMIAM/Documents “/home/$SAMIAM/.gvfs/$SAMIAM on server/BACKUP” –log-file=”/home/$SAMIAM/.gvfs/$SAMIAM on server/BACKUP/latest”

  • Go one directory above where mycompany-backup is.
  • Run the command dpkg -b mycompany-backup/ mycompany.deb and you should have a new .deb file.

I got most of this from:
[1] An IBM developerworks page that no longer exists.

Distribute the Package in your own company repository

  1. You need to already be running a simple web server (or not, you could just install apache)
  2. Make a new directory on the server called apt (likely /var/www/apt)
  3. Make two new folders in it: conf and incoming
  4. Make a new file in conf called distributions – like this
    Origin: Your Name
    Label: Something here as well
    Suite: karmic
    Codename: karmic
    Architectures: amd64 source (all would be ideal here but it doesn’t work)
    Components: mycompany
    Description: Your description
  5. Oh right, install reprepro
  6. Add your deb to incoming
  7. Then while in the apt directory, run sudo reprepro includedeb karmic incoming/mycompany.deb

Then just add the line to your other computers:
deb http://mycompanysServerOrIPAddress/apt karmic mycompany

Update apt, and then install the mycompany package like any normal package.

Again this website provided a great starting point for me, and has many more details.
[2] http://www.debian-administration.org/articles/286

Mostly did this for my own documentation, hope it was helpful for you as well.

If anyone wants to figure out why the “all” architecture doesn’t work with reprepro it could be very helpful in making actually correct packages. The one in this example really should be all and not amd64.

Memory Requirements

Mostly kicked off by this post (http://doctormo.wordpress.com/2009/10/22/ubuntus-minimum-requirements/)

OS Required / Realistic
Ubuntu (full Gnome) 384 MB / 512 MB
Xubuntu 192 MB / 256 MB
Windows XP 64 MB / 128 MB
Windows Vista Home Basic 512 MB
Windows Vista (Other) 1 GB
Windows 7 32 bit 1 GB
Windows 7 64 bit 2 GB

Ubuntu is approaching Windows Vista Home’s minimum memory specs, but is still a long way off our biggest competitor, Windows XP (70% market share and our only real competitor in netbooks). With netbooks usually having 512 – 1 GB of memory, it seems like XP would really let the user run many more applications (yes I am ignoring anti-virus and all the other random stuff OEMs load onto Windows to make it slower). So, I just have one question:

How hard would it be to reduce Ubuntu’s memory usage from 9.10 to 10.04 by just 64 MB (oh, and does anyone want to make this an official goal for 10.04)?

I have knowledge of at least one school district where the majority of computers have only 128 MB of RAM. They are running XP and want to switch to Linux, but it was simply not an option due to memory. (And no if they don’t have a big IT budget, read: no budget for LTSP)

Win 7 requirements http://www.microsoft.com/windows/windows-7/get/system-requirements.aspx
Win xp requirements http://support.microsoft.com/kb/314865
Ubuntu requirements https://help.ubuntu.com/community/Installation/SystemRequirements
Win Vista requirements http://www.microsoft.com/windows/windows-vista/get/system-requirements.aspx