Planet Debian

Philipp Kern: Lazyweb question: How to avoid leaking process info?

Philipp Kern — 2012-05-17T16:07:00+00:00

Dear Lazyweb,

is there a simple way to block some users who login with SSH to read /proc/<pid>/cmdline of processes they don't own? Or better yet: don't see these pids at all?

I know that there are PID namespaces, but they seem to require a special PID 1. Seems hard to get for a simple SSH login. (I wouldn't mind changing a user's shell. But brittle shell startup scripts wouldn't cut it.) systemd-nspawn wants to boot a full Linux distribution in a container and even then I'd be unsure how to wire it up so that it cannot be skipped. I wouldn't mind a read-only bind mount of the outermost Linux installation into a chroot environment, as long as the parent SSH process can get the user jailed into it securely. (No need for someone to be root in the chroot.)

I know that there are RBAC frameworks, but they're cumbersome to use. I don't need file labelling or path-based access control, as I do trust the Linux file permissions for this. I think SMACK wouldn't help here, AppArmor isn't really useable in Debian testing and TOMOYO is a tad crazy to use with its domain transitions through process invocations.

I bet that grsecurity would have something for me up its sleeve. But it's not in a Debian kernel. Even though I know how to compile my own kernel I'd only do that if everything else fails.

Thanks in advance for your help.

UPDATE: That was quick, thanks to everyone who participated! Vasiliy Kulikov came up with a kernel patch to my problem (a hidepid mount option for procfs) that landed in 3.3. I tested it with the kernel in experimental and it works just fine and as expected. With hidepid set to 1, it will still leak the process count and their euids and egids. With hidepid set to 2, you only see your own processes, unless you're root. For ps there's no visible distinction between the two. So to test it you can just invoke this as root on a host running 3.3+:

mount -o remount,hidepid=1 /proc

There's even a backport request in the Debian BTS to get the feature into the wheezy kernel (3.2).

Neil McGovern: Government Open Standards Consultation

Neil McGovern — 2012-05-17T13:05:25+00:00

The government is currently consulting on open standards, and I have responded on behalf of Collabora. We believe that efforts to avoid vendor lock in, and to open up government from the extra expense this occurs is to be applauded. I have previously blogged about my decision to purchase Microsoft Office for Cambridge City Council, and the reasons why there was only one vendor.

The consultation runs until the 4th June due to a potential conflict of interest which was revealed last month, and so everyone has time to influence government and ensure that government is more open to everyone who wants to access it. It's really easy to respond, so doing so is important. Make sure your voice is heard before it's too late.

Ritesh Raj Sarraf: Laptop Mode Tools - 1.61

Ritesh Raj Sarraf — 2012-05-17T12:56:29+00:00

Laptop Mode Tools, version 1.61, has been released and will land up soon for Debian. This is the version that would be targetting Wheezy.
This release includes many bug fixes and should make power savings much better on your machines.

This is mainly a bug fix release. Some parallel module execution approach has been used which could show runtime improvements.

Changelog:

1.61 - Thu May 17 17:44:26 IST 2012
    * Handle devices with persistent device naming. This fixes the issues where
      you don't have a disk referenced by a block name, the commit= value was
      completely skipped
    * Fix issue where hdparm skips SSDs for power management
    * Add parallel execution for the modules. In theory this should speeden up the
      execution. See git commit log comments for details
    * Add support for non-deafult customized settings
    * calculate design_capacity_warning on machines/arches where it is not readily
      available

We have switched the SCM to git. The current code repository is
available at [1] along with the changelog.

The tarball is available here [2].
The md5 checksum for the tarball is 6685af5dbb34c3d51ca27933b58f484e

[1] https://github.com/rickysarraf/laptop-mode-tools
[2]http://samwel.tk/laptop_mode/tools/downloads/laptop-mode-tools_1.61.tar.gz

Categories:

Keywords:

Kees Cook: USB AVR fun

kees — 2012-05-16T22:20:13+00:00

At the recent Ubuntu Developer Summit, I managed to convince a few people (after assurances that there would be no permanent damage) to plug a USB stick into their machines so we could watch Xorg crash and wedge their console. What was this evil thing, you ask? It was an AVR microprocessor connected to USB, acting as a USB HID Keyboard, with the product name set to “%n”.

Recently a Chrome OS developer discovered that renaming his Bluetooth Keyboard to “%n” would crash Xorg. The flaw was in the logging stack, triggering glibc to abort the process due to format string protections. At first glance, it looks like this isn’t a big deal since one would have to have already done a Bluetooth pairing with the keyboard, but it would be a problem for any input device, not just Bluetooth. I wanted to see this in action for a “normal” (USB) keyboard.

I borrowed a “Maximus” USB AVR from a friend, and then ultimately bought a Minimus. It will let you put anything you want on the USB bus.

I added a rule for it to udev:

SUBSYSTEM=="usb", ACTION=="add", ATTR{idVendor}=="03eb", ATTR{idProduct}=="*", GROUP="plugdev"

installed the AVR tools:

sudo apt-get install dfu-programmer gcc-avr avr-libc

and pulled down the excellent LUFA USB tree:

git clone git://github.com/abcminiuser/lufa-lib.git

After applying a patch to the LUFA USB keyboard demo, I had my handy USB-AVR-as-Keyboard stick ready to crash Xorg:

-       .VendorID               = 0x03EB,
-       .ProductID              = 0x2042,
+       .VendorID               = 0x045e,
+       .ProductID              = 0x000b,
...
-       .UnicodeString          = L"LUFA Keyboard Demo"
+       .UnicodeString          = L"Keyboard (%n%n%n%n)"

In fact, it was so successfully that after I got the code right and programmed it, Xorg immediately crashed on my development machine. :)

make dfu

After a reboot, I switched it back to programming mode by pressing and holding the “H” button, press/releasing the “R” button, and releasing “H”.

The fix to Xorg is winding its way through upstream, and should land in your distros soon. In the meantime, you can disable your external USB ports, as Marc Deslauriers demonstrated for me:

echo "0" > /sys/bus/usb/devices/usb1/authorized
echo "0" > /sys/bus/usb/devices/usb1/authorized_default

Be careful of shared internal/external ports, and having two buses on one port, etc.

David Welton: Up for Auction: LinuxSi.com

David Welton — 2012-05-16T21:05:00+00:00

A number of years back, I read yet another complaint about someone having trouble finding a computer with Linux preinstalled.

So I did something about it: I created LinuxSi.com, where it is possible to register computer stores in Italy (this was an Italian Linux mailing list) that are helpful towards people wishing to buy a Linux machine.

Fast forward past getting married, having kids and buying a house, and LinuxSi.com is not something I have much time to run any more. I still think it's a useful service, even if the site itself is a bit creaky.

In any event, I've put it up for auction with Flippa.com, and there's one week left on the auction. Right now, it's going for just $10, which even with the low amounts of adsense income it brings in, you'd make back pretty quickly.

I hope that it goes to someone who cares about promoting Linux in Italy - if nothing else, the domain name is a good one that could be employed for many things.

Dirk Eddelbuettel: RProtoBuf 0.2.4

Dirk Eddelbuettel — 2012-05-16T17:00:00+00:00

A new release 0.2.4 of RProtoBuf is now on CRAN. RProtoBuf provides GNU R bindings for the Google Protobuf data encoding library used and released by Google.

This release once again contains a number of patches kindly contributed by Murray Stokely, as well as an added header file needed to build with the g++ 4.7 version which has become the build standard on CRAN.

The NEWS file entry follows below:

0.2.4   2012-05-15

    o   Applied several patches kindly supplied by Murray Stokely to
         - properly work with repeated strings 
         - correct C++ function naming in a few instances
         - add an example of ascii export/import of messages

    o   Suppport g++-4.7 and stricter #include file checking by adding unistd

    o   Made small improvements to the startup code

CRANberries also provides a diff to the previous release 0.2.3. More information is at the RProtoBuf page which has a draft package vignette, a 'quick' overview vignette and a unit test summary vignette. Questions, comments etc should go to the rprotobuf mailing list off the RProtoBuf page at R-Forge. Updated to show NEWS rather than ChangeLog

Neil McGovern: What if life was subjected to a EULA?

Neil McGovern — 2012-05-16T16:35:45+00:00

Christian Perrier: Bug #1000000 in Launchpad

Christian Perrier — 2012-05-16T06:20:00+00:00

Way before Debian, Launchpad bug tracking system just reached 1 million bugs reported with one "bug" reported against Edubuntu basically mentioning it should invade schools.

What to say about this?

Hard without being harsh towards my friends working in the Ubuntu "world", indeed. Still, I really think that here, too much noise kills signal and the LP BTS is often hardly usable.

I counted up to 217 bugs reported against samba4 (which is, after all, not so widely used yet) just because it apparently has upgrading issues between pre 12.04 versions of Ubuntu and Oneiric. It indeed seems that some automated bug reporting is now active and whenever a user encouters an upgrade issue with a package, a bug is being reported. I guess this is somehow an opt-in system (I hope so..:-)) but the default is very clearly using it.

This feature is apparently what caused the recent bump in number of bugs reported in LP, making them even less useful, particularly to Debian package maintainers. I'm sure there are tools to help dealing with that and I was already answered that work is in progress to change this (and use a dedicated website for such reports or something like this). But, still, that seems to be the scary side of popularity...the very same popularity that is slowly but constantly hiding the work we're doing in Debian to indirectly make Ubuntu popular.

(moving to more general concerns)

I know that things are not all black or all white, but it always saddens me to feel that slowly....but, again, constantly, more and more people tend to forget that Debian is behind Ubuntu, is the ground on which it is built and Ubuntu wouldn't exist without it. When doing work, a human need is to get reward for it...and we are getting less of it...slowly, but constantly.

Don't take me wrong. I have many friends working directly for Ubuntu. Some paid by Canonical for this. Some really involved up to "top level" (yes, including the very very top level even if I killed him once). I don't want to throw offense on them. I don't even know if they can do something about what I'm expressing below. I would just have them (and others) know.

Let's take an example. I recently activated a few languages in D-I (Burmese, Tibetan, Uyghur). I'm happy with that, this is something I'm doing for 8 years now. But all these new translators were indeed only interested in one thing : "have Ubuntu translated in their language". No offense intended, but they didn't really care about *Debian* being translated in their language. I think that some didn't even know what Debian is.

In the same field, I am more and more "fighting" to keep the level of translation completeness in Debian (see my regular spa^W reports). In some way, I still succeed, but the price to pay is more and more and more personal investment and work. That's still working for the strong set of languages we support. That works much less for most others. When someone "disappears" (or just switches to some other priorities), it's more and more difficult to find someone else popping up.

And, for the "strong set", something else is happening : work duplication. There are "strong" French, German, Italian, whatever, l10n teams in Debian.....and there are similar teams for Ubuntu. And, mostly, those do not really work together.

And sometimes, this is kinda discouraging. So, seeing the explosion happening on what is, whatever we think or write, the "other side", is not somethnig that can make one entirely happy. And this is why I won't celebrate Launchpad's millionth bug report.

Particularly when I see that millionth bug report not even ack'ing that this Edubuntu marvel is based on the grounds set by some pionneers many years ago in a few schools in Norway (hello, Petter and others).

Yeah, sometimes sad. To balance this, let's release wheezy and have millions of people benefit from it without even knowing.

Christian Perrier: tar taf

Christian Perrier — 2012-05-16T03:09:00+00:00

Hey, thanks, Peter for the hint!

Never heard of that option until you blogged about it. So, now I'm also ready to "tar taf", "tar xaf", "tar caf"..:-). Harder for me than you because I was used to "tar tfz" or "tar tfj"..:-)

And I suspect that "tar taf" is prone to typos...we'll see.

John Goerzen: Suspicious Blog Activity – any advice?

John Goerzen — 2012-05-15T20:42:27+00:00

I’ve been noticing a number of odd things happening surrounding my blog lately, and I thought it’s about time to figure out what’s going on and how to stop it.

The first problem is that people are illegally copying my posts, probably using RSS scraping, and putting them up on their own ad-infested sites. It is trivial to find them using Google for any somewhat unique word or phrase in one of my posts. Lately one of them, linux-support.com, actually sends me pingbacks announcing the fact that they’ve scraped me! Most of these sites seem to be nothing but content farms for selling ad impressions, and almost none of them have any identifiable names for the owners.

(There is an exception: I have specifically set up sites like Planet Debian and Goodreads to copy my blog posts.)

I’m obviously an advocate of open content, but I do not feel it right that others should be profiting by putting photos and stories about Free Software, or photos of my family, on their ad farms. While I release a great deal of content under GPL or Creative Commons licenses, I have never done so with my blog – an intentional decision.

What should I do about this? Is it worth fighting a battle over, or is it about as useless as trying to block every spam follower on my twitter account?

So that’s the first weird thing. The second weird thing just started within the last few weeks. I have been getting a surprising amount (a few a week) of email addressed to me. It does not bear the appearance of being 100% automated spam, though it is possible that it is. It’s taken a few forms:

Someone wanting to buy an ad on my blog
Someone wanting to send me a story hyping their product (and intending me to pretend that I wrote the story)
Someone wanting me to write a story about their website and link to it

The profit motive in all of these is high, and in at least the second and third, so is the sleaze factor.

I’ve gotten two emails lately of this form:

Hi John,

I am curious if you are the administrator for this site: changelog.complete.org/archives/174-house-outlaws-fast-forwarding-senate-pres-next

I am a researcher / writer involved with a new project whose mission it is to provide accurate and useful information for those interested in the practice of law, whether as a lawyer or paralegal. I recently produced an article detailing the complex relationship between law and technology and the legal implications on personal privacy and free speech. I would love to share this resource with those who might find it useful and am curious of you are the correct person to contact about such a request?

Thank you!

All my best,

The details vary – the URLs appear to be random (the one cited above was little more than a link to an article), the topics the website claims to discuss range from law to schizophrenia (that one actually came with a link to the site, which again seemed to be a content farm). I am slightly tempted to reply to one of these and ask where the heck people are getting my name. It seems as if somebody has put me into a mailing list they sell containing sleazebag bloggers.

Frankly, I am puzzled at this attention. I guess I haven’t checked, but I can’t imagine that my blog has anything even remotely resembling a high PageRank or anything else. It’s not high-traffic, not Slashdot, etc. Either people are desperate, naive, failing to be selective, or maybe working some scam on me that I don’t know yet.

In any case, I’m interested if others have seen this, or any advice you might have.

James Morrison: Testing email receive for appengine

James A. Morrison — 2012-05-15T18:29:36+00:00

It's not too obvious how to test email receive handlers in Appengine. The important observation is that the handlers take HTTP POSTs with multipart/form-data encoded data. In python you can build an email to be handled with the following code:

from email.message import Message 

def test_email(self):
  body = Message()
  body.add_header('to', 'test-unknown@other-app.com')
  body.add_header('from', 'test@app.com')
  body.add_header('Content-Type', 'multipart/alternative', boundary=self.boundary)
  text = Message()
  text['content-type'] = 'text/plain'
  text.set_payload('I am I! Don Quixote!  The man of La Mancha!')
  body.attach(text)

  post(payload=body.as_string())

Christian Perrier: Trip to Nicaragua post-Debconf

Christian Perrier — 2012-05-15T15:04:00+00:00

This year, the annual Debian conference will be held in Managua, Nicaragua. And I'll be lucky enough to spend two weeks visiting the country after Debconf, along with Elisabeth.

Yes, I'll arrive in Nicarague on July 2nd, spend nearly the entire Debcamp, then Debconf, then we'll spend 16 days around the western part of Nicaragua, trying to discover the magic of this country.

So, this post is about sharing our plans with my readers. Of course, I do not know the country so we may have made mistakes and bad choices. We'll see.

Immediately after Debconf, Elisabeth will join in Managua. She'll be landing on July 15th. We'll then spend a night in an hotel near the airport and immediately leave the day after for Matagalpa, in North Nicaragua. We rented a car for the entire trip indeed, and will be on our own on wild Nicaragua roads..:-)

We'll spend two nights in Matagalpa. We plan to visit some coffee or cigar plants, probably have a trip to Lake Apanas and Jinotega.

Then, we'll have a short road trip to Esteli where we spend again two nights. We'll be visiting a coffee growing place (beneficio seco de café). A full day visit is planned at Miraflor natural reserve to enjoy te beauties of hundreds orchids and some local natural marvels.

The next move will be to Leon, where we'll spend 4 nights, visiting a cigar factory (tabacaleras de puros?) on the way, as well as San Jacinto, a place with hydrothermal sources and "Hervideros" (geysers).

Four nights in Leon leaves plenty of time for several activities *and* enjoying the colonial city. We'll have a full day at Juan Venado Island reserve with boat trip from Las Penitas (on a fisherman's boat from what the travel agency mentioned), then another full day climbing on the Cerro Negro volcano. Indeed, I was originally considering climbing the Momotombo, but our travel agency warned about the high difficulty. I would have loved that myself but maybe not the two of us...and this is a trip for both of us! So, we played the safe option..:-)

After these 4 nights in Leon, we'll move to Granada for 3 nights, through Leon Viejo (the former site of Leon).

From Granada, one day will there be used for a visit in the Masaya National Park and see the beauties of Masaya volcano (this is indeed something that could be done for Debconf day trip, IMHO, as it doesn't seem that far from Managua). Another day will be spent to Las Isletas on lake Nicaragua and others visiting the colonial city of Granada. Or, of course, whatever things we don't even known about now..:-)

Then we'll move to what I personnally consider the peak of the trip: 3 nights on Ometepe island on lake Nicaragua. Just check Wikipedia to see why Ometepe is, in my opinion, THE place to go in Nicaragua. Here, I'll have my volcano..:-). Indeed, Elizabeth "authorized" me to book a local guide and then climb Concepcion Volcan, if the weather allows for it. 1600m height, that doesn' seem to be a big issue....except when starting from a little bit above sea level and are climbing a volcano that looks like s postcard volcano : nearly a perfect cone shape.

So, let's cross fingers for having good weather that day. I promise myself I'll record the GPS track of that one and, even if I'll probably be walking most of the climbing (except if I have a very trained guide...), I'll add it to my run tracks!

We might also be going to climb Ometepe's other volcano (Maderas) the day after so that Elizabeth also enjoys these beauties. There also seems to be great places around Maderas such as San Ramon Cascade, Finca el Porvenir, etc.

Then, at the end of all this, it will be time to come back to Managua in the final day and fly back to Paris in the early morning of July 31st.

All over, I'll be in Nicaragua from July 2nd until July 31st! Full month away, yay! Hurrah for the crazy number of holidays those lazy French people have..:-)

During this trip, we might find it interesting some local geeks (not too many as Elizabeth is not that deeply interested in beersigning!) and share a few nice things in local places which are only known by locals.

In case you're interested, out (very clever) travel agency is named Nicaragua Adventures and they're definitely worth contacting if you want to travel around .ni, particularly if we prefer booking things in advance as we do. They speak Spanish (of course!), English and French. They're very responsive to e-mail as well.

Dirk Eddelbuettel: RcppSMC 0.1.1

Dirk Eddelbuettel — 2012-05-15T13:10:00+00:00

CRAN now tests packages against g++-4.7 (as this version has become the default on Debian's testing variant. This compiler switch once again triggered a set of build failures, mostly from include files now deemed missing. For RcppSMC, it came down to a five-character patch of explicitly stating one max() call as std::max()

No other changes were made at this point. The NEWS entry is below:

0.1.1   2012-05-14

    o   Version 0.1.1 

    o   Minor g++-4.7 build fix of using std::max() explicitly

Courtesy of CRANberries, there is also a diffstat report for 0.1.1 relative to 0.1.0 As always, more detailed information is on the RcppSMC page,

Martin Pitt: Debian/Ubuntu Packages for PostgreSQL 9.2 Beta 1

pitti — 2012-05-15T12:33:08+00:00

The first Beta of the upcoming PostgreSQL 9.2 was released yesterday (see announcement). Your humble maintainer has now created packages for you to test. Please give them a whirl, and report any problems/regressions that you may see to the PostgreSQL developers, so that we can have a rock solid 9.2 release.

Remember, with the postgresql-common infrastructure you can use pg_upgradecluster to create a 9.2 cluster from your existing 8.4/9.1 cluster and run them both in parallel without endangering your data.

For Debian the package is currently waiting in the NEW queue, I expect them to go into experimental in a day or two. For Ubuntu 12.04 LTS you can get packages from my usual PostgreSQL backports PPA. Note that you need at least postgresql-common version 0.130, which is available in Debian unstable and the PPA now.

I (or rather, the postgresql-common test suite) found one regression: Upgrades do not keep the current value of sequences, but reset them to their default value. I reported this upstream and will provide updated packages as soon as this is fixed.

Vipin Nair: A quick and beautiful hack!

Vipin Nair | swvist — 2012-05-14T22:07:00+00:00

You can get inspired from the most unlikely of places, and this time it was a twitter background image. I came across the twitter profile of @Nitish today, a fellow GSoC student from India. One thing that held my attention, apart from the fact that he tweets crazy, was the background picture in his profile. Yes I had not seen something like that before and I absolutely loved the concept.

The image was large grid and each tile carried the profile picture of one of his twitter followers. It was beautiful. The background image was generated by twilk, a very popular application that I had never heard of. I wanted to try it, but I figured my follower count might be a little too low for the application to work. Twilk works only with twitter and I wanted it for Facebook. Instead of looking for something similar, I decided to write it myself. I had worked with the Python Imaging Library some time back and knew it would not be very difficult task.

The first thing I needed was the profile pic thumbnails of my friends. Facebook API supports a call which returns a small 50x50 pixel profile pic of a user, if we send a valid user ID. I wrote a quick script that returned the user ID’s of my friends on Facebook as JSON data. I grepped the user ID’s from the JSON and wrote a small wget script to download the profile pics of all my friends to a directory.

Once the download was in progress, I started my work with the imaging library. I knew the image count beforehand and after some quick math, I fixed the dimensions of the output image that I wanted. Once the dimensions were fixed, the work was fairly easy. I knew before hand how many images will be there in each row and how many rows will be there in total. All I had to do was to randomly pick one of the images from the directory, and arrange it on the output image canvas. Few lines of code later I get the result that I wanted and it is on my twitter profile. Yay! :)

I have uploaded the python code in here. If you are running it, make sure you change the values according to your requirements. The image below is a cropped out from the output image to fit this div. Click on it to see the actual output.

When I showed this to @Jaseeemabid, he asked me to put this up on Google App Engine and start a service so that even non geeks could use this. I liked the idea but I am slightly busy(lazy) now. I’ll do it when I am free or when I see that there is some demand for this! :)

Update

As few Redditors pointed out, this may not be the best way to do it. This was just a quick hack to get something done. The JSON could be processed in Python itself and files can be downloaded as well. I modified an old PHP script to get the JSON data and since the structure was relatively simple, I grepped the relevant information and fed it to wget as I prefer wget over any other tool for mass downloads.

Update 2

Redditor Bio Lazarus improved upon this and made an end to end version that does all of the above in one single python script and the code is available here.

And if you like this post, you should follow me on twitter :)

Peter Eisentraut: Time to retrain the fingers

Peter Eisentraut — 2012-05-14T20:14:18+00:00

For years, no decades, I've typed tar tzf something, tar xzf something. Except when someone annoying sent an uncompressed tar file and I had to then go and take out the z in the middle.

Then came bzip2, and we learned tar tjf, tar xjf. OK, I could live with that. One emerging problem was that the tab completion now worked the wrong way around conceptually, because you had to pick and type the right letter first in order to see the appropriate set of files to unpack offered for completion.

Then came lzma, which was (quick, guess?), tar tJf, tar xJf. And then there was lzop, which was too boring to get its own letter, so you had to type out tar -x --lzop -f.

But lzma was short-lived, because then came xz, which was also J, because lzma was now too boring as well to get its own letter.

Oh, and there is also the old compress, which is Z, and lzip, which I'd never heard of.

But stop that. Now there is

 -a, --auto-compress
            use archive suffix to determine the compression program

This handles all the above compression programs, and no compression. So from now on, I always use tar taf and tar xaf. Awesome.

The finger movements will be almost the same on QWERTY and AZERTY, and easier than before on QWERTZ.

Actually, this option is already four years old in GNU tar. Funny I'd never heard of it until recently.

Richard Hartmann: Motherland's bosom

Richard 'RichiH' Hartmann — 2012-05-14T14:53:09+00:00

I read a translated poem about Russia being "the Motherland" and its vast bosom years ago. Having driven through a significant part of it, I can agree on the "vast" part...

Also, as I am on a train and without access to the Internet, I will refrain from linking to a lot of pages; sorry. (Turns out I am posting this a week later, but I will still not link to stuff now; no time).

Russia in general

All receipts you receive are torn before you get them; this is most likely due to the old Soviet voucher system, more on that below.
Russia was hot with temperatures ranging from 27 to 32 degrees Celsius between Moscow and Ulan Ude.
There aren't a lot of pedestrians bridges, but a lot of pedestrian tunnels. The sides of those tunnels are packed with tiny shops, often only two meters wide and 50-70 cm deep. Everything from stockings to candy over glasses to flowers and watches is being sold through a tiny window by some poor woman who somehow managed to get in there.
Toilet brushes stand in water. In Germany, that's a sure sign of a really dirty toilet; in Russia, it's the thing to do. If you are lucky, there's blue cleaning stuff added to the water. If not, it will still have color. You are free to guess which.
Queuing is war.

Moscow

Sights

Kreml

Our remaining time in Moscow was spent with touring the usual suspects; the Kreml is a lot less impressive in real life, the Red Square is tiny when compared to the stories I heard about it and the Chapel ofi St. Basil is even more colorful and impressive in real life. Lenin's body was inaccessible because workers built seats for the May 9th parade to the left and the right of it and they apparently thought it would be a good idea to block access to one of the main tourist attractions while doing so. A river tour of Moscow was a nice cool-off and we got to see quite a few things.

We managed to see the weekly military parade within the Kreml grounds, but it was mostly pomp and little substance. The National Treasure which you can access with an extra ticket within the Kreml grounds is nice, but less impressive than the tourist guides would make you believe. That being said... There's another museum within the museum and.... Whoah... Tourists pay extra, visitors go through the only non-security-theater check I encountered in Russia, guards are armed, people can only enter and leave in batches, and the stuff which is presented is mind-boggling. Disregarding the fist-to-calf-sized chunks of gold and platinum which are still in their original form directly from the mine, there is real, actual treasure galore. Little heaps of uncut and cut diamonds, an outline of Russia filled with cut diamonds and other random "we have this stuff" displays can be found as well. Then, you have various tiaras and other jewellery made from various gems. Not incorporating, but largely made of. All that pales in comparison to the crown, royal apple, scepter, etc. It's hard to put the amount of tiny multi-colored light points that shine at you into words. I was just standing there, swaying back and forth to catch the moving pattern of pinpoints. It's said that this collection is equalled only by the ones in the Tower of London and the one Shaw of Iran had and boy do I believe it.

TV Tower

Getting up there was funny.

The old-style Soviet queuing system was used:

Go to a counter to tell an attendant what you want; receive stub
Go to another counter, hand over stub to another attendant, pay for what you want; receive voucher
Go to third counter, hand over voucher; receive ticket for tower The whole thing was made even more absurd by the fact that counter one was in the middle, counter two to the right and counter three to the left. As Russians do not believe in queuing and everybody just tries to get in first, this made for a nice little exercise.

"Security" for approaching the tower was multi-level, the guards see you approach along a long walkway way in advance and the main guard shed had several small cabins separated by thick glass. So good so menacing. But in a twist that would make Bizarro and Garry Larson proud, I was required, by means of metal detector gate, metal detector wand and even an x-ray machine to remove every shred of metal and other hard objects from myself and the camera bag and put them onto a table. Once I was without anything except my clothes and the bag was completely empty, I could pass. Everything I had had to remove was just laying there, not inspected in the least, for me to stuff back into pockets and bag and to take with me. This "everything" included a Spot Messenger 2 with lots of green and red blinky lights. The guard did not even glance and it. Security theater? Security theater.

The view from 364 meters down on Moscow was nice, but there was a lot of Smog so I couldn't see very far. Jumping on the glass floor while looking down was a lot of fun, though.

Subway to Thiefing

I bet Christopher Nolan rode the subway in Moscow at least once. That unnerving sound you hear during several key scenes in "The Dark Knight"? Two thirds of all subways make the same sound while moving.

Also, I had an encounter with a pickpocket down there; very classical, too. Guy approaches quickly, talks loudly and sounds as if it's really important (in Russian... duh... that's sure to keep me interested). His approach made me turn and protect my left leg pocket automatically, most likely marking the target for the tiny woman standing behind me. Now, I have to tell you something about my usual travel layout. As my normal pockets are very deep, it looks as if their content was in the leg pocket. Plus, there's an extra, hidden leg pocket where I keep the passports and train tickets. The outermost leg pocket is protected by a velcro flap, but it contains nothing of value; usually the appropriate phrasebook, local map, maybe a tissue or chewing gum. Due to this layering, the outermost pocket looks as if it's full to the brim with stuff. Also, I took pains to make it a habit to protect said leg pocket with my hand, nothing else. This looks as if that's the target, but what I am actually doing is protect my normal pocket with my forearm. The right side is different, but the most easily accessibly pocket always holds some small change. I pay from that stash but my actual wallet is well out of reach. Anyway, once the guy ran off, talking to several others, most likely marking all them for the actual pickpockets, I wanted to enter the subway. While the Russian-style queuing took place, I felt an unusual tug at the velcro flap. I looked down and saw a tiny woman to the left of me with a jacket held over her right side with the left arm; I look up to check no one is trying to steal from my permanently assigned female, feel another tug, look the woman into the eyes, look up again and around me, look down again and she is gone. All that took maybe three seconds and I had boarded the subway after an additional two.

In hindsight, it makes sense to choose the time of entry for attack. It's crowded, you are being pushed around, and once you are in the subway, it will start moving more or less immediately while the thief remains in the station.

In this case, she would only have gotten a grubby map of Moscow's subway and an English-Russian phrasebook, but she got nothing at all.

Moscow-Novosibirsk

Where to begin...

If you think a few hours on a train are a long time, try over fifty hours. Things get so bad, you start getting land-sick while not in a moving train. You even start missing the familiar tunk-cachunk, tunk-cachunk, tunk-cachunk... of driving over rails with gaps in them when you are not moving.

The defining element of the Trans-Siberian Railway are birch trees. And birch trees. And then more birch trees. You would not believe how many birch trees there are. This is made "worse" by the way the Russian Railway protects their rails. Left and right of the track, there's a cleared area of maybe ten to twenty meters, sometimes as little as three. Outside of that, they plant ten to twenty meters of birch trees, presumably to catch snow during winter. Beyond that protective perimeter, there's the normal landscape.As a result, on top of the near endless stretches of birch woods, you see most if not all scenery through a layer of birch trees. You get sick sick of birch trees after a few hours and you see them for days on end.

Bullet points to save myself some typing and you some reading...

More than a thousand kilometers without a single hill. Flat as a pan.
The whole route is powered by electricity. No diesel engines in sight.
Many stations are little more than a heap of smoothed gravel, bordered by some wooden planks. Some stations have obviously been built by locals and are even less well-defined.
You can see people in the middle of nowhere, walking along the railway tracks. At first this seemed counter-intuitive, but most if not all roads out there are dirt tracks. As there seems to be standing water across a third of Russia, this dirt is turned into mud. After walking maybe twenty meters across a parking lot, I had to scrape a heavy, thick cake of black earth from my soles. The railway is the only functioning footpath those people have. Many people even build shoddy bridges towards the tracks from their homes, obviously preferring to walk along the tracks over walking through the village.
Railway crossings along the Trans-Siberian route, no matter how tiny, have a small cabin beside them. While the train passes, there's one guy or gal standing in said cabin, holding a yellow stick vertically out towards the train. Sometimes, you have not seen any living thing, other than birch trees, for twenty minutes and there, in the middle of nowhere right beside a dirt track, there's someone holding a stick out towards the train. Weird.
Railway crossings of paved roads will always have two steel plates coming out of the ground, angled towards oncoming traffic on each side. This may not stop a heavy truck at full speed, but a car will disintegrate on these barriers without touching a passing train.
The railways is important for Russia. Two parallel tracks cut across the whole country, transporting everything back and forth. Where "everything" means mostly coal and birch wood, I guess.
All freight trains are usually 70 tanker waggons or 100 box waggons long, but you see the odd 100 tanker waggons, as well. You have more than enough time and opportunity to count them and then some.
There are supposedly women at every station, selling what they cook at home. Unfortunately, this was only true for two stations. The things we did manage to get were very nice; I do wonder why anyone would offer (or buy) cooked and peeled potatoes, though.
Every waggon has its own hot-water stove. They are powered by coal. Yep, you have a coal fire burning in every single waggon on the Trans-Siberian.

Novosibirsk

The non-existent hostel

We arrived at ~0200 local and made our way to the hostel we had booked a room with. Walking to the correct address, we saw several signs but they all turned out to be for a police station and some other state agency. We walked back, forth, double-checked, triple-checked: no hostel. We then walked around the building through some not-quite-nice back alleys, but other than a few entries to private flats, there was nothing. Thankfully, the booking slip included a number which we called and after at least twenty rings (no kidding), when I had given up and wanted to hang up, it stopped ringing. Dead silence. After maybe ten seconds, someone started talking in Russian. I asked him if he spoke English and told him that we could not find the hostel. He mumbled something about being sorry and that we should wait, he would come down. Fast forward a minute or two and someone walked towards us.

Again, he mumbled about being sorry, that the hostel "did not work" at the moment and that we would need to sleep in his private apartment. He ushered us into some back alley entrance, into his flat, and proceeded to remove the sheets from the couch on which he had slept; after putting on new sheets, we had our "hostel" bed, ready to sleep on. We briefly considered if he would murder us in our sleep, but him and me even got to talking a bit. Over cheese, sausage and rum (at 0300), he admitted that the hostel did not exist and he merely planned to turn his flat into a hostel for the summer while he and his family moved into their summer house (the Russian term of which escapes me, at the moment) in the countryside. He had accepted our reservation as he thought he would be finished by that time. He did not even get started, though. While he sent us an overbooking notice through booking.com two days before, we were on the train at that time, so... booking.com even called him to check what happenend to us as we did not book another place through them. Good customer service/protection, that.

Next morning, he didn't even want to take our money (we paid anyway) and, as a means of compensation, drove us into the city in the morning and to a train museum well outside the city limits, one of the fabled scientist cities, and a large lake which everyone in Novosibirsk claims is an ocean, in the afternoon.

Foreigners, foreigners!

All in all, Novosibirsk was relatively uneventful, safe for one bizarre episode. We took our lunch in a local fast food joint (why do all the good stories happen there, and not at the various truly local places?) and threw the cashier our well-rehearsed "Niet Russkie; anglisky?" with phrasebook in hand and he actually understood a few words of English (beef, chicken, fries). We told him, in our worst Russian, that we are from Germany wished him a nice day and went to sit down. A few minutes later, a girl approached us, literally hopping from one foot to the other and wringing her hands. She told us that the cashier had told her that we spoke English and if it would be OK if she talked to us. We suspected some sort of elaborate ruse, but went with it. Turns out, she had English at school and really wanted someone to practice English on. Two young men passed our table and exchanged a few words with her, sitting down out of sight. When she told us that she had to leave now but if it would be OK if the two boys joined us we suspected a ruse yet again. But those two were law students, one with a minor in English and one with a minor in German; both of them also extremely nervous, asking us if we would talk to them. When they had to leave, they told us that the three of them worked at the burger joint and that their shift was just about to start when the news that foreigners were here spread amongst staff like wildfire. The girl stopped by several times in between cleaning tables, getting in a sentence or two before being cussed at by her supervisor. All in all, this took about twenty minutes and seeing three people so nervous and grateful to talk with us felt beyond absurd.

On the other hand, not a single traveller we met even considered stopping in Novosibirsk during their transit so there really does seem to be a shortage of non-Russians there.

Weird, and memorable.

Novosibirsk-Irkutsk

Birch trees.
Lots of burnt underwood, presumably to prevent larger fires.
Birch trees.
Sticky, stuffy, 30+ degree waggon with windows that could be opened but which were locked (this is why I always carry a Swisstool with me).
Birch trees.

Irkutsk / Listvianka / Lake Baikal

Listvianka

Aah, lake Baikal... the oldest and deepest lake on Earth which holds a fifth of the global non-salt water reserves; a must-see in my book.

Quad tours at break-neck speeds, dry-suit diving with Russian regulators, walking barefoot in between and across drift ice that made its way onto the shorei, and extended hiking around the lake's coast...

All of which I could not do because I was ill and had to spend two solid days in bed.

The draft from the open window in between Novosibirsk and Irkutsk was enough to give me a rather bad cold which peaked at Lake Baikal.

Still, the area was lovely and we were glad to be out of a train and able to unpack our stuff without having to repack immediately for once.

I am not sure where my current losing streak with regards to diving is coming from (Grimsey, diving north of the Arctic circle with birds that plummet into the water and hunt fish: Only guy who does this is on the Icelandic mainland that day; Svalbard, diving north of the Arctic circle in permanent darkness: The few people who do this privately did not reply while I was there; Baikal, oldest, deepest, largest lake on Earth: ill), but I will most likely return to Russia for a week of ice diving in Lake Baikal next winter or the one after that.

As an aside, I saw several people walking to Lake Baikal with buckets to get their water. Other people got it from a well which was still half frozen. If you have running water consider yourself lucky...

Irkutsk

Nice city, largely uneventful. The farther east you get within Russia, the more normal women look. In Moscow, just as in Paris, they are way over-dressed and even service personnel will walk with high heels. Thankfully, I don't have to wear heels, but for the other males out there: Walking and standing in these things hurts and thus most if not all people who stand and walk for a living have flat shoes.

We happened upon preparations for a military parade, complete with cordon, viewing podests, at least half a dozen TV cameras etc, but were not sure if it would start soon enough for us to catch our train.We asked someone who told us it would start at 2100 local, at 1945 local it seemed about to start, and sure enough at 1955 sharp, the whole thing went under way. About a dozen groups of 50-100 people each, all in their own, respective uniforms stood against one side of a cordoned-off street and several higher-ups on the other side. Two highest-ups shouted into microphones and the throng of people on the other side shouted back answers. Then, the two highest-ups stood in the back of a jeep each and drove past said throng, stopping in front of each group, shouting into microphones mounted in the back of the jeeps and the groups shouted back once again. After that, all groups marched around the make-shift plaza once, saluting the higher ups. Once they were done, and they took ages, two trucks drove by with soldiers jumping out of the moving trucks and moving into crouching positions. They ran around in a circle a few times and engaged in pretend hand-to-hand combat. I am sure they are skilled at whatever style they wanted to show, but they were overdoing things so badly, they were funny, not imposing. When they jumped over some barriers, the barriers fell to pieces and everyone scrambled to make it look as if that was part of the show. While carrying off the gear, it fell into further pieces which was even more funny. An armoured personnel carrier ended the show; several tougher looking guys jumped off of that one and their mock combat involved fully automatic fire (of blanks), several flashbangs, smoke grenades and, to top things off, the machine gun mounted on the APC moving down the opposing team with blanks.

I never witnessed a "real" military parade in person but this one was somewhat disappointing. On the one hand, there was a distinct lack of ballistic missile carriers and tanks like you see in movies, documentaries and games, on the other hand, the whole thing had a make-do feeling to it. The cordoning police had designated spots to stand on, yet walked around. They were standing to attention, yet checking their cell phones. Several people in one uniformed group were wearing track suits and jeans. Another uniformed guy had a grocery bag with him; yet another one was carrying a huge water bottle. Bikers zig-zagged through the cordon and when the whole show was just about to wrap up the police finally started putting up barriers around the unmoving pedestrians, not blocking the bikers. One little girl was standing well within the cordoned area, watching with big eyes and after she did not react to the police talking to her, they just built the barriers in a curve around her.

And to top it all off, some guy with a cane walked all through the parade with his personal camcorder, trying to direct the whole show while being ignored by everyone. Still, I am sure he managed to mess up some otherwise perfectly good TV scenes.

Irkutsk-Russian border

Diesel-powered trains.
Single track most of the time with frequent stops to let other trains pass.
Distinctively less developed cities, stations, streets, and other infrastructure along the road.
32+ degrees in our waggon.
The train attendant was extremely unfriendly and just generally miserable even by Russian standards.
- No toilet paper or towels at all on toilets.
- While the other attendants made a point of presenting themselves well, he shuffled around in slacks all the time (not bad per se, but Russia is big on uniforms, so...)
- He took all our tickets and stubs (including the ones not from this part of the journey) and kept them without comment. After we asked for them several times, he barked at us that we would get them back before Ulan Bator. Why? No idea...
- He refused to let us exit the train during the very few stops. We were unable to exit through other waggons as the connecting door was locked. Being stuck in a train sucks.
Border and customs took NINE HOURS!!! Stuck in blistering heat without a breeze, without access to a toilet, just waiting for bureaucracy to go its way. I checked all doors, we were locked into said waggon and there were no 'break glass to leave in emergency' windows. Especially nice as there's a coal fire burning in the hot-water stove and the whole train is plastered with warning signs about fire and what to do. In our case, presumably, burn to death; preferably without disturbing the attendant.
The Russian stamp for entering Russia (by plane) has a plane on it, the departure one a train.
The Russian side of the border is built like a fortress. There are several towers and bridges over the rails so trains can be checked from above, and reinforced holes dug into the ground in which soldiers stand and check the train from below.

Riku Voipio: Mosh - better remote shell

suihkulokki — 2012-05-14T10:03:38+00:00

In this age of 3d accelerated desktops and all that fancy stuff, one does not expect practical innovation happening in the remote terminal emulation area. But it has just happened. It is called Mosh, a shorthand for "Mobile Shell".

What does it do better than ssh we have learned to love?

Less lag! Being UDP based, it is not prone to TCP congestion effects. Considering that voip, games and everything else latency critical has been UDP based, it is (almost) surprising that it wasn't done for interactive terminals before...
Even less lag! Mosh provides local echo and line editing when the other side is not being responsive. To do this, mosh actually becomes a terminal emulator of it's own. This stuff is sweet on unstable 3G and conference wifi networks.
Survives suspending. Resume your laptop and *bam* all your remote mutt and vim editors are still there instead of the "connection reset" you get from ssh.
Roaming. Got another IP? Moved from wifi to ethernet to 3G? your sessions are still open! Another thing a TCP based protocol couldn't do easily...

It doesn't replace ssh, as it still borrows authentication from ssh. But that's cool, as you can keep your ssh authorized keys.

Available in Debian unstable,testing and Backports today, and many other systems as well. Hopefully an Android client comes available soon, as the above mentioned advantages seem really tailored for android like mobile systems.

Caveat: This is new stuff, and thus hasn't quite been proven to be secure.

Benjamin Mako Hill: Date Arithmetic

Benjamin Mako Hill — 2012-05-14T01:37:36+00:00

When I set an alarm, my clock, now running on the computer in my pocket, is smart enough to tell me how much time will pass until the alarm is scheduled to sound. This has eliminated the old problem of sleeping past meetings before being surprised by an alarm precisely half a day after I had originally planned to wake.

The price has been having to know exactly how little I will sleep: a usually depressing fact that had previously been obscured by my difficulty doing time arithmetic in my most somnolent moments.

Benjamin Mako Hill: Diamond Clarity

Benjamin Mako Hill — 2012-05-14T01:17:35+00:00

I3→I2→I1→SI2→SI1→VS2→VS1→VVS2→VVS1→IF→FL

The GIA diamond clarity scale, shown above, is rather opaque.

Jamie McClelland: Sparkleshare

Jamie McClelland — 2012-05-13T22:20:47+00:00

Sparkleshare is a file sharing utility that keeps folders in sync on multiple computers in a similar fashion to the commercial and proprietary Dropbox. Sparkleshare recently released a Windows client, finally allowing me to start switching my co-workers at the Progressive Technology Project away from Dropbox.

Overall, I'm very impressed. In particular, I appreciate the Sparkleshare authors' decision to build on top of existing tools (git for storage and revision control, ssh for transport, and ssh public key infrastructure for authorization and authentication). That means I don't have to learn new tools and protocols to debug and it means Sparkleshare can focus on the file sharing pieces.

Despite my overall enthusiasm, I do have some serious concerns.

Protecting your credentials

A researcher found a startling security flaw in Dropbox - if you can copy a particular file from a user's computer to your own computer, you can impersonate them flawlessly, accessing all their Dropbox files without having to know the user's password. Unfortunately, Sparkleshare suffers from this same vulnerability if you use the default configuration.

When you first install Sparkleshare, it creates a password-less ssh private/public key pair and then makes the public part easily accessible to you so you can add it to your server (or gitorious account, etc). Very convenient. But it also means that all an attacker needs to do is copy your private key (and your Sparkleshare configuration file) and they get complete control over your files.

This problem is easily avoided. If you are running Linux or Mac OS X and you have your own key loaded in your ssh agent, Sparkleshare will happily use that key. So - simply by using your existing (presumably password-protected key) on your remote Sparkleshare servers, you can mitigate this problem. Sparkleshare will still load your Sparkleshare generated key, but if you don't provide that key with access to anything, no harm is done.

Confirming each use of your key

However... that leads to a new problem. If you are like me, your ssh agent is configured to ask for a confirmation every time your key is used. And, Sparkleshare regularly polls the remote git repository for changes. At best repeatedly clicking to confirm is tedious. At worst, it prevents you from intelligently rejecting malicious requests, thus defeating the whole purpose of the check.

It is possible to launch Sparkleshare via ssh-agent in an environment in which you are not requiring the confirmation when Sparkleshare uses your key, but still requiring it for all other uses. However, given the trade offs, I've decided to add a password to my Sparkleshare provided ssh key rather than using my existing key:

ssh-keygen -p -f ~/.config/sparkleshare/sparkleshare.jamie@progressivetech.org.key

Now, I am prompted to enter my passphrase when I start Sparkleshare and don't have to confirm every use of the key. And, I continue to confirm each use of my main key.

git was designed to store code, not documents

Just because something is designed for one purpose doesn't mean it can't be used for another. However, there are a few limitations.

Large files are one. git can handle files over 100MB, but may run into memory problems. I had to alter the git windowMemory setting, raising it higher than the size of the largest file.

Another problem is disk space. Since git keeps full revision history on every machine, you have to download more data than just the files that are checked out. The more edits you make to a repository, the more disk space beyond what is checked out is needed (and deleting files won't help).

Lastly, you can't use file modification times. With git, the file modification time will depend on when you checkout the files. With some fancy hook writing, you could tweak things so that the file modification date is the same as the commit date, but that still won't help you if you add an existing directory to Sparkleshare because all the files will have the same commit time.

This "bug" has been reported to git and it has been rejected because mucking with the modification time of files can have bad results when you are using make to compile code. As Linus colorfully put it:

I'm sorry. If you don't see how it's WRONG to set a datestamp back to something that will make a simple "make" miscompile your source tree, 
I don't know what definition of "wrong" you are talking about.
It's WRONG.
It's STUPID.
And it's totally INFEASIBLE to implement.

Well, did I mention that git was designed for source code?

No server validation

Of all the problems I encountered, this one is by far the most serious.

Perusing ~/.config/sparkleshare/debug.log is very informative. On a default installation, after you have added a project, you'll see:

19:32:27 [Fetcher][/home/jamie/SparkleShare/.tmp/bar] Fetching folder: ssh://foo@bar.org/foo/bar
19:32:27 [Fetcher] Disabled host key checking for bar.org

Wah.

Once the project is added, whatever key fingerprint is given is stuffed into your ~/.ssh/known_hosts file. Host key checking is only disabled when you initially create the project, so if you connect to the proper server the first time, you are protected from subsequent man-in-the-middle attacks. However... if the initial fingerprint is wrong, your personal ssh configuration is now poisoned. This seems like a very bad idea. I've opened a debian bug to address it.

Jamie McClelland: Creating virtual machines

Jamie McClelland — 2012-05-13T22:20:47+00:00

I recently setup an Alix board from PC Engines. I installed Debian onto a Compact Flash card using grml for the first time.

After using parted to create a single partition, I ran:

grml-debootstrap --arch i386 --filesystem ext4 --grub /dev/sdb --hostname yaqeen --mirror http://http.us.debian.org/debian \ 
--nopassword  --release squeeze --target /dev/sdb1

I had to manually mount the partition and add console redirection for grub (and /etc/inittab).

And then, when booting, I had to manually edit the grub configuration because it was trying to find the root filesystem on /dev/sdb instead of /dev/sda. I'm sure there is some tweaking I can do via /etc/deboostrap/scripts to fix those needs.

Overall, I was very happy with the results. Thanks grml developers!

Jamie McClelland: Key Mapping for console redirection

Jamie McClelland — 2012-05-13T22:20:47+00:00

This always flashes by too quickly for me to read...

I'm preserving it here for next time.

Press the spacebar to pause...

KEY MAPPING FOR CONSOLE REDIRECTION:

Use the <ESC><0> key sequence for <F10>
Use the <ESC><!> key sequence for <F11>
Use the <ESC><@> key sequence for <F12>

Use the <ESC><Ctrl><M> key sequence for <Ctrl><M>
Use the <ESC><Ctrl><H> key sequence for <Ctrl><H>
Use the <ESC><Ctrl><I> key sequence for <Ctrl><I>
Use the <ESC><Ctrl><J> key sequence for <Ctrl><J>

Use the <ESC><X><X> key sequence for <Alt><x>, where x is any letter
key, and X is the upper case of that key

Use the <ESC><R><ESC><r><ESC><R> key sequence for <Ctrl><Alt><Del>

Petter Reinholdtsen: Debian Edu interview: Jürgen Leibner

Petter Reinholdtsen — 2012-05-13T18:30:00+00:00

It has been a few busy weeks for me, but I am finally back to publish another interview with the people behind Debian Edu and Skolelinux. This time it is one of our German developers, who have helped out over the years to make sure both a lot of major but also a lot of the minor details get right before release.

Who are you, and how do you spend your days?

My name is Jürgen Leibner, I'm 49 years old and living in Bielefeld, a town in northern Germany. I worked nearly 20 years as certified engineer in the department for plant design and layout of an international company for machinery and equipment. Since 2011 I'm a certified technical writer (tekom e.V.) and doing technical documentations for a steam turbine manufacturer. From April this year I will manage the department of technical documentation at a manufacturer of automation and assembly line engineering.

My first contact with linux was around 1993. Since that time I used it at work and at home repeatedly but not exclusively as I do now at home since 2006.

How did you get in contact with the Skolelinux/Debian Edu project?

Once a day in the early year of 2001 when I wanted to fetch my daughter from primary school, there was a teacher sitting in the middle of 20 old computers trying to boot them and he failed. I helped him to get them booting. That was seen by the school director and she asked me if I would like to manage that the school gets all that old computers in use. I answered: "Yes".

Some weeks later every of the 10 classrooms had one computer running Windows98. I began to collect old computers and equipment as gifts and installed the first computer room with a peer-to-peer network. I did my work at school without being payed in my spare time and with a lot of fun. About one year later the school was connected to Internet and a local area network was installed in the school building. That was the time to have a server and I knew it must be a Linux server to be able to fulfil all the wishes of the teachers and being able to do this in a transparent and economic way, without extra costs for things like licence and software. So I searched for a school server system running under Linux and I found a couple of people nearby who founded 'skolelinux.de'. It was the Skolelinux prerelease 32 I first tried out for being used at the school. I managed the IT of that school until the municipal authority took over the IT management and centralised the services for all schools in Bielefeld in December of 2006.

What do you see as the advantages of Skolelinux/Debian Edu?

When I'm looking back to the beginning, there were other advantages for me as today.

In the past there were advantages like:

I don't need to buy it so it generates no costs to the school as they had little money to spent for computers and software.
It has a licence which grands all rights to use it without cost.
It was more able to fit all requirements of a server system for schools than a Microsoft server system, even if there are only Windows clients because of it's preconfigured overall concept of being a infrastructure solution and community for schools, not only a server
I was able to configure the server to the needs of the school.

Today some of the advantages has been lost, changed or new ones came up in this way:

Most schools here do have money to buy hardware and software now.
They are today mostly managed from central IT departments which have own concepts which often do not fit to Debian Edu concepts because they are to close to Microsoft ideology.
With the Squeeze version of Debian Edu which now uses GOsa² for management I feel more able to manage the daily tasks than with the interfaces used in the past.
It is more modular than in the past and fits even better to the different needs.
The documentation is usable and gets better every day.
More people than ever before are using Debian Edu all over the world and so the community, which is an very important part I think, is sharing knowledge and minds.
Most, maybe all, of the technical requirements for schools are solved today by Debian Edu.

What do you see as the disadvantages of Skolelinux/Debian Edu?

There are too few IT companies able to integrate Debian Edu into their product portfolio for serving schools with concepts or even whole municipality areas.
Debian Edu has beside other free and open software projects not enough lobbyists which promote free and open software to politicians.
Technically there are no disadvantages I'm aware of.

Which free software do you use daily?

I use Debian stable on my home server and on my little desktop computer. On my laptop I use Debian testing/sid. The applications I use on my laptop and my desktop are Open/Libre-office, Iceweasel, KMail, DigiKam, Amarok, Dolphin, okular and all the other programs I need from the KDE environment. On console I use newsbeuter, mutt, screen, irssi and all the other famous and useful tools.

My home server provides mail services with exim, dovecot, roundcube and mutt over ssh on the console, file services with samba, NFS, rsync, web services with apache, moinmoin-wiki, multimedia services with gallery2 and mediatomb and database services with MySQL for me and the whole family. I probably forgot something.

Which strategy do you believe is the right one to use to get schools to use free software?

I believe, we should provide concepts for IT companies to integrate Debian Edu into their product portfolio with use cases for different countries and areas all over the world.

Gregor Herrmann: RC bugs 2012/19

gregoa — 2012-05-13T17:42:20+00:00

like in the last two weeks, this week's bug squashing was mostly related to the gcc 4.7 FTBFS bugs:

#667139 – coin3: "coin3: ftbfs with GCC-4.7"
send debdiff to the BTS
~~#667238~~ – lfhex: "lfhex: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/5
~~#667263~~ – linamc: "linamc: ftbfs with GCC-4.7"
patch to enable missing include, upload to DELAYED/5
~~#667272~~ – mcmcpack: "mcmcpack: ftbfs with GCC-4.7"
add patch to add this-> qualifiers, upload to DELAYED/5
~~#667277~~ – milkytracker: "milkytracker: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/5
~~#667281~~ – minitube: "minitube: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/5
~~#667284~~ – mm3d: "mm3d: ftbfs with GCC-4.7"
patch to add include and this-> qualifiers, upload to DELAYED/5
~~#667289~~ – mswatch: "mswatch: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667292~~ – musique: "musique: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667295~~ – netperfmeter: "netperfmeter: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667298~~ – nmapsi4: "nmapsi4: ftbfs with GCC-4.7"
add patch from Francesco Cecconi (add missing includes), upload to DELAYED/2, then solved with a maintainer upload
~~#667302~~ – numptyphysics: "numptyphysics: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667303~~ – nxcl: "nxcl: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667318~~ – owx: "owx: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667337~~ – qbankmanager: "qbankmanager: ftbfs with GCC-4.7"
add patch to use class name, upload to DELAYED/2
~~#667343~~ – qterm: "qterm: ftbfs with GCC-4.7"
add patch from Paul Tagliamonte (missing include), upload to DELAYED/2
~~#667347~~ – rafkill: "rafkill: ftbfs with GCC-4.7"
add patch to add missing include, upload to DELAYED/2
~~#667348~~ – ragel: "ragel: ftbfs with GCC-4.7"
patch to this-> qualifiers, upload to DELAYED/2
~~#667373~~ – simgear: "simgear: ftbfs with GCC-4.7"
apply patch from Matthias Klose, upload to DELAYED/2
~~#667428~~ – zoneminder: "zoneminder: ftbfs with GCC-4.7"
add patch from Cyril Brulebois, upload to DELAYED/2
~~#669432~~ – src:milkytracker: "milkytracker: FTBFS: ./zzip_file.h:34:18: fatal error: zlib.h: No such file or directory"
add missing build dependency, upload to DELAYED/5

Cyril Brulebois: D-I Wheezy Alpha1

Cyril Brulebois — 2012-05-13T15:20:00+00:00

Get it while it’s hot: Debian Installer 7.0 Alpha1 release.

See how yummy it is:

Russell Coker: What I REALLY Want from the NBN

etbe — 2012-05-13T08:13:22+00:00

Generally I haven’t had a positive attitude towards the NBN. It doesn’t seem likely to fulfill the claims of commercial success and would be a really bad thing to privatise anyway. Also it hasn’t seemed to offer any great benefits either. The claim that it will enable lots of new technical developments which we can’t even imagine yet that aren’t possible with 25Mb/s ADSL but which also don’t require more than the 100Mb/s speed of the NBN never convinced me.

But one thing it could really do well is to give better Internet access in remote areas. Ideally with static or near-static IPv6 addresses (because we have already run out of IPv4 addresses). Currently 3G networks do all sorts of nasty NAT things to deal with the lack of IPv4 addresses which causes a lot of needless pain if you have a server connected via 3G. One of the NBN plans is for wireless net access to remote homes, with some sanity among the people designing the network such NBN connections would all have static IPv6 subnets as long as they don’t move.

I’m currently working on a project that involves servers on 3G links. I don’t have a lot of options on implementation due to hardware and software constraints. So if the ISPs using the NBN and the NBN itself (for the wireless part) could just give us all IPv6 static ranges then lots of problems would be solved.

Of course I don’t have high hopes for this. One of the many ways that the NBN has been messed up is in allowing the provision of lower speed connections. As having an ADSL2+ speed NBN connection is the cheapest option a lot of people will choose it. Therefore the organisations providing services will have to do so with the expectation that most NBN customers have ADSL2+ speed and thus they won’t provide services to take advantage of higher speeds.

RPC and SE Linux One ongoing problem with TCP networking is the combination of...
A New Strategy for Xen MAC Allocation When installing Xen servers one issue that arises is how...
New Net Connections On Thursday my new InterNode ADSL2+ service was connected [1]....

Matthew Palmer: vmdksync helps you escape from VMware

Matt Palmer — 2012-05-13T05:00:00+00:00

When I wrote lvmsync late last year, I didn’t realise I was being typecast. Before too long, I realised that the logic that I’d implemented for lvmsync would also help me with a separate migration project I’d been dreading – getting the day job off VMware.

Back in the early days of virtualisation, management made the decision to run VMware, for all the usual reasons (“commercially supported!”, “industry standard!”, and so on). Unsurprisingly (to me, anyway) it didn’t take too long for management to realise that it wasn’t the best choice for us. When you’ve got umpty-billion dollars to spend on hardware, software, and support, VMware might be the right option (although Amazon doesn’t seem to think so). Anchor’s company culture, on the other hand, is build around “smart staff, simple systems” over “dumb staff, smart vendors”, because no vendor is ever going to care about our customers as much as we do. So VMware was never going to work for us.

Unfortunately, as happens all too often, once VMware was in place, there was very little motivation to get rid of it and move those customers onto the chosen replacement (that we were deploying all new customers on). I happen to think this is a terrible attitude in general – one that makes life so much harder in the long term. I believe strongly in retrofitting old systems to keep them up-to-date with the current state of the art, and keeping technical debt under control. But, I wasn’t running the show back when we stopped putting new customers on VMware, so the few VMware servers we had stayed around far longer than they should have.

Recently, though, bad things started to happen. The VMware servers were starting to fall apart. The Windows machine we had to keep around to use the VMware management console started crapping out, and when the choice was between doing unspeakable things to Windows, and just ditching VMware… well, it wasn’t much of a choice. The only remaining question was how to do the migration off VMware with the least amount of downtime to our customers.

I was really quite surprised that nobody out in Internet land appeared to have come up with a simple, robust tool to do this. Sure, some vendors had all-singing, all-dancing toolkits that cost ridiculous amounts of money, required you to install their agent on the machine involved, and promised the earth, but it all smelt of snakeoil and bullshit.

In true hacker style, then, I decided to write something myself. The model I came up with mirrored lvmsync’s quite closely – because that one worked, and it turned out to be surprisingly easy to implement once I managed to reverse-engineer the file format (VMware has a PDF spec of a bunch of it’s file formats, but whoever wrote it was enough of an evil genius to make it utterly incomprehensible to anyone who doesn’t already know the file format, whilst making perfect sense to anyone who already does).

The result: vmdksync. It is nothing but 80-odd lines of ruby whose sole purpose is to take a delta.vmdk file and write the changes that are stored in that file to a file or block device that is a copy of the flat.vmdk file that you can copy while the VM is still running (after you’ve made a snapshot, of course). It helped me provide a painless migration path away from VMware, and I’d be really pleased if it helped some other people do the same. Share and enjoy!

DebConf team: Report from our visit to Managua, Nicaragua (Posted by Holger Levsen)

DebConf Organizers — 2012-05-12T23:19:00+00:00

I’ve send a mail today with a summary of some of my experiences in Managua and tiny bits of Nicaragua late April / early May 2012. If you are considering going to DebConf12 (which you obviously should do as you are reading this!) go and read this mail, as it includes a thematically sorted list of impressions and advice written by Gunnar, Norman, Leo, Felix and myself, which should give you some better idea about DebConf12 in Managua!

While I spent 14 days in Nicaragua in total, for the last three days I was joined by Gunnar Wolf, to make sure my impressions about the local team, the status of the preparations and everything were correct. Our visit also seems to have been very motivating to local team members, whom I’ve seen really enthusiastic to welcome a huge Debian crowd for the first DebConf in Central America in just a few weeks!

At the last DebConf12 IRC meeting I summarized it like this: “in very short: my two weeks were great, I had a great vacation, met many members of the localteam, which is way bigger then it seems on irc, saw and liked UCA (Universidad Centroamericana, the DebConf12 venue), had zillions of reunions (meetings, see schedule wiki page) and met many nice people and a very hot & interesting country+capital with great countryside.”

The deadline for sponsored accomodation ends in three days - so if you haven’t registered yet, hurry up, DebCamp starts in 49 days! :-) (After that registration is still possible, but you will need to pay for your costs yourself.)

We’re looking forward to see you there and have a great DebConf together! Hopefully we sweat together while Wheezy is frozen :-D

Joey Hess: popcon graphs for tasks

Joey Hess — 2012-05-12T22:20:08+00:00

Last year I was able to switch tasksel to using metapackages, instead of the weird non-package task things that had been used before Debian supported Recommends fields well.

An unanticipated result of the new task packages is that I have this nice popcon data available for them, so can get graphs like these.

For new installs of testing, KDE and Xfce are neck and neck. With Gnome being the default, it's hard to say which desktop users really prefer. My feeling is that it's probably nearly evenly split now.

(I installed Xfce on my sister's laptop last week, and anticipate moving all my family to it, rather than Gnome 3.)

The above graph also shows a surprisingly large number of ssh server task installs. In fact, it's the most often manually installed task. Probably many of those are server machines, and so I'm considering having tasksel automatically select ssh on systems where it doesn't automatically select a desktop.

Language data is also available. Taskel uses language tasks internally, without exposing an interface, so this will be almost entirely users who did an install of testing localised to their language.

Interesting data can be teased out of this too. For example there seem more installs in Catalan than Chinese ... and at least 10 Esperanto users. (As with any popcon number, this is a lower bound, to be multiplied by the scaling guesstimate of your choice.)

By the way, I've got a new vanity domain for my blog and wiki: http://joeyh.name/

The old http://kitenet.net/~joey/ will continue to work, like it has since 1997. But the new is easier to type. And it let me move my site to Branchable, at last.

Iustin Pop: Rant: webfonts, github, icons

Iustin Pop — 2012-05-12T21:31:46+00:00

Note: this is a rant.

For year, I've browsed the web with Firefox set to “Allow pages to choose their own fonts: no”. It worked everywhere very well, and I had a consistent style across pages, and I wasn't forced to see the (IMHO) very ugly Microsoft-fonts look-alikes.

That all changed until GitHub introduced their “Octicons” font, and represent icons with characters, instead of actual icons. Now I either am forced to:

not be able to use GitHub's web interface, or
allow all sites to use random font of the day, or
start playing with custom style-sheets and overrides and whatnot

Grr… At least they added text labels too, so at least I get a small box with F044 and label “Admin”.

Steinar H. Gunderson: TCP optimization for video streaming

Steinar H. Gunderson — 2012-05-12T21:03:00+00:00

At this year's The Gathering, I was once again head of Tech:Server, and one of our tasks is to get the video stream (showing events, talks, and not the least demo competitions) to the inside and outside.

As I've mentioned earlier, we've been using VLC as our platform, streaming to both an embedded Flash player and people using the standalone VLC client. (We have viewers both internally and externally to the hall; multicast didn't really work properly from day one this year, so we did everything on unicast, from a machine with a 10 Gbit/sec Intel NIC. We had more machines/NICs in case we needed more, but we peaked at “only” about 6 Gbit/sec, so it was fine.)

But once we started streaming demo compos, we started getting reports from external users that the stream would sometimes skip and be broken up. With users far away, like in the US, we could handwave it away; TCP works relatively poorly over long-distance links, mainly since you have no control over the congestion along the path, and the high round-trip time (RTT) causes information about packet loss etc. to come back very slowly. (Also, if you have an ancient TCP stack on either side, you're limited to 64 kB windows, but that wasn't the problem in this case.) We tried alleviating that with an external server hosted in France (for lower RTTs, plus having an alternative packet path), but it could not really explain how a 30/30 user only 30 ms away (even with the same ISP as us!) couldn't watch our 2 Mbit/sec stream.

(At this point, about everybody I've talked to go on some variant of “but you should have used UDP!”. While UDP undoubtedly has no similar problem of stream breakdown on congestion, it's also completely out of the question as the only solution for us, for the simple reason that it's impossible to get it to most of our end users. The best you can do with Flash or VLC as the client is RTSP with RTP over UDP, and only a small amount of NATs will let that pass. It's simply not usable as a general solution.)

To understand what was going on, it's useful to take a slightly deeper dive and look at what the packet stream really looks like. When presented with the concept of “video streaming”, the most natural reaction would be to imagine a pretty smooth, constant packet flow. (Well, that or a YouTube “buffering” spinner.) However, that's really about as far from the truth as you could come. I took the time to visualize a real VLC stream from a gigabit line in Norway to my 20/1 cable line in Switzerland; slowing it down a lot (40x) so you can see what's going on:

(The visualization is inspired by Carlos Bueno's Packet Flight videos, but I used none of his code.)

So, what you can see here is TCP being even burstier than its usual self: The encoder card outputs a frame for encoding every 1/25th second (or 1/50th for the highest-quality streams), and after x264 has chewed on the data, TCP immediately sends out all of it as fast as it possibly can. Getting the packets down to my line's speed of 20 Mbit/sec is regarded as someone else's problem (you can see it really does happen, though, as the packets arrive more spaced out at the other end); and the device doing it has to pretty much buffer up the entire burst. At TG, this was even worse, of course, since we were sending at 10 Gbit/sec speeds, with TSO so that you could get lots of packets out back-to-back at line rates. To top it off, encoded video is inherently highly bursty on the micro scale; a keyframe is easily twenty times the size of a B frame, if not more. (B frames also present the complication that they can't be encoded until the next one has been encoded, but I'll ignore that here.)

Why are high-speed bursts bad? Well, the answer really has to do with router buffering along the way. When you're sending such a huge burst and the router can't send it on right away (ie., it's downconverting to a lower speed, either because the output interface is only e.g. 1 Gbit/sec, or because it's enforcing the customer's maximum speed), you stand a risk of the router running out of buffer space and dropping the packet. If so, you need to wait at least one RTT for the retransmit; let's just hope you have selective ACK in your TCP stack, so the rest of the traffic can flow smoothly in the meantime.

Even worse, maybe your router is not dropping packets when it's overloaded, but instead keeps buffering them up. This is in many ways even worse, because now your RTT increases, and as we already discussed, high RTT is bad for TCP. Packet loss happens whether you want to or not (not just due to congestion—for instance, my iwl3945 card goes on a scan through the available 802.11 channels every 120 seconds to see if there are any better APs on other channels), and when they inevitably happen, you're pretty much hosed and eventually your stream will go south. This is known as bufferbloat, and I was really surprised to see it in play here—I had connected it only to uploading before (in particular, BitTorrent), but modern TCP supports continuous RTT measurement through timestamps, and some of the TCP traces (we took tcpdumps for a few hours during the most intensive period) unmistakably show the RTT increasing by several hundred milliseconds at times.

So, now that we've established that big bursts are at least part of the problem, there are two obvious ways to mitigate the problem: Reduce the size of the bursts, or make them smoother (less bursty). I guess you can look at the two as the macroscopic and microscopic solution, respectively.

As for the first part, we noticed after a while that what really seemed to give people problems, was when we'd shown a static slide for a while and then faded to live action; a lot of people would invariably report problems when that happened. This was a clear sign that we could do something on the macrocopic level; most likely, the encoder had saved up a lot of bits while encoding the simple, static image, and now was ready to blow away its savings all at once in that fade.

And sure enough, tuning the VBV settings so that the bitrate budget was calculated over one second instead of whatever was the default (I still don't know what the default behavior of x264 under VLC is) made an immediate difference. Things were not really good, but it pretty much fixed the issue with fades, and in general people seemed happier.

As for the micro-behavior, this seems to be pretty hard to actually fix; there is something called “paced TCP” with several papers, but nothing in the mainline kernel. (TCP Hybla is supposed to do this, but the mainline kernel doesn't have the pacing part. I haven't tried the external patch yet.) I tried implementing pacing directly within VLC by just sending slowly, and this made the traffic a lot smoother... until we needed to retransmit, in which case the TCP stack doesn't care how smoothly data came in in the first place, it justs bursts like crazy again. So, lose. We even tried replacing one 1x10gigE link with 8x1gigE links, using a Cisco 4948E to at least smooth things down to gigabit rates, but it didn't really seem to help much.

During all of this, I had going a thread on the bufferbloat mailing list (with several helpful people—thanks!), and it was from there the second breakthrough came, more or less in the last hour: Dave Täht suggested that we could reduce the amount of memory given to TCP for write buffering, instead of increasing it like one would normally do for higher throughput. (We did this by changing the global flag in /proc/sys; one could also use the SO_SNDBUF socket option.) Amazingly enough, this helped a lot! We only dared to do it on one of the alternative streaming servers (in hindsight this was the wrong decision, but we were streaming to hundreds of people at the time and we didn't really dare messing it up too much for those it did work for), and it really only caps the maximum burst size, but that seemed to push us just over the edge to working well for most people. It's a suboptimal solution in many ways, though; for instance, if you send a full buffer (say, 150 kB or whatever) and the first packet gets lost, your connection is essentially frozen until the retransmit comes and the ack comes back. Furthermore, it doesn't really solve the problem of the burstiness itself—it solves it more on a macro level again (or maybe mid-level if you really want to).

In any case, it was good enough for us to let it stay as it was, and the rest of the party went pretty smoothly, save for some odd VLC bugs here and there. The story doesn't really end there, though—in fact, it's still being written, and there will be a follow-up piece in not too long about post-TG developments and improvements. For now, though, you can take a look at the following teaser, which is what the packet flow from my VLC looks like today:

Stay tuned. And don't send the packets too fast.

Jonathan McDowell: Going to DebConf 12

Jonathan McDowell — 2012-05-12T15:57:41+00:00

Meant to post this a while ago when I booked the tickets, but life has a habit of being busy at present. I'm pleased to say I'm going to DebConf 12 in Managua. In the off-chance someone else might be on some of the same flights as me, here's what I've booked:

Outbound:

2012-07-07 00:15 SFO -> 08:12 CLT US466
2012-07-07 11:40 CLT -> 13:44 MIA US1831
2012-07-07 16:07 MIA -> 16:45 MGA US4925

Inbound:

2012-07-14 21:15 MGA -> 01:50 MIA US4944
2012-07-15 06:15 MIA -> 08:19 CLT US1800
2012-07-15 09:40 CLT -> 12:08 SFO US1485

There were some single stop options but the timings didn't them any quicker, they weren't any cheaper, and these times worked better for me anyway.

Tanguy Ortolo: Signing-party and crypto conference in Paris

Tanguy — 2012-05-12T13:58:00+00:00

Content: explanations about cryptography, SSL and PGP, then signing-party
Location: EPN la Bourdonnais, 105 avenue de la Bourdonnais, 75007 Paris
Date: 2012-05-21 18:45+02:00
Duration: 02:15

Monday 21st during at 18:45, in Paris, there will be a conference organized by Parinux, where I will explain the principles of cryptography and their application in the SSL and PGP systems. This conference will be followed at 20:30 by a signing-party PGP et CAcert.

For the signing-party, I will ask participants to:

generate a key pair if you do not already have one;
send me you public key and register;
print some copies of your key fingerprint;
print the list of participants I will send you;
come with all that stuff and one or two identity documents.

This is a partial translation of the full article I wrote in French, in case foreigners could attend. Sorry for the very late notice…

Ben Armstrong: Collaborative editing, the missing Vim feature (pentadactyl + etherpad?)

Ben Armstrong — 2012-05-12T13:33:19+00:00

Do you wish, like I do, you could edit collaboratively in Vim? This feature is number 10 on the Vim voting page, so it seems I’m not alone. How about Pentadactyl coupled with any of the existing web-based collaborative editors, such as Etherpad? OK, so it’s not quite Vim, and there are some rough edges to this particular pairing, but I’m finding it’s good enough for my needs. It even gives me a Vim-like editing experience while other participants use the default Etherpad editor.

Yes, I know about whiteboard.debian.net, but for the past three years I have been using a single instance of Etherpad with my family to maintain a shopping list to which we all make contributions. First of all, that’s not a Debian activity, so to make the switch, I’d need to make a personal clone of the service for our personal use. But more importantly, we find Etherpad features such as colours for different participants and the timeline are just too useful to give up on. On the other hand, the less the web editor interferes with your web browser’s default textarea behaviour, the easier time Pentadactyl is going to have. Indeed, I asked on #pentadactyl @ irc.oftc.net about some problems I was having and I was told flat out that Pentadactyl does not work with graphical web editors. So, you may wish to use another web-based collaborative editor for this reason. That being said, I did learn a few things about helping Pentadactyl get along better with Etherpad, so if you would like to try it yourself, read on.

The key to getting started was to enter ‘text edit mode’ within the textarea with <C-t>. For the most part, this behaves like Vim ‘normal mode’. I am still learning, but many basic motion and editing keys behave just as they would in Vim. Fantastic!

However, the moment I tried to :undo I hit my first problem. Using the latest release version of Pentadactyl (1.0rc1 at time of writing), pressing "u" to :undo produced no visible result. I tried the latest daily build as well, and only saw a marginally more helpful "Node not found" error message displayed in the status area. But it turns out you can use ‘passthrough mode’ to use the textarea’s own undo. Just :tmap u <C-v><C-z> and we’re back in business again.

I’m still experimenting with this setup, so the jury’s still out on whether I’ll stick with it, or whether the remaining incompatibilities between Pentadactyl and Etherpad will drive me nuts. But it looks promising. Clearly, judicious use of :autocmd to always start in ‘text edit mode’ and bind that undo key whenever I enter the site will help make the experience even better. If you try it out yourself, I’d love to hear how things went for you. Or if you have found an even better solution that works for you, do share.

Joachim Breitner: 10 years of using Debian

nomeata — 2012-05-12T10:00:00+00:00

Today, it must have been exactly 10 years that I started using Debian. The story of how I came to Debian shows some of its strengths, so I’ll use this occasion to share it.

I spent the first half of 2002 as an high-school exchange student in Wenatchee, USA. I was already a user of Linux at that time: I made my first contact roughly in 1996 and did my first installation at home two years later, but all that time I was dual-booting and my main system was a well-arranged Windows 98. The machine was a regular tower PC, but nevertheless I put the computer into my trunk when I flew to the US. It took away most of the space, and I had to put some of my cloths inside the case.

So I was there, happily using my Windows and my manually set up “Linux From Scratch” until one day the inevitable happened; inevitable at least until you start doing backups: On April 30th, my hard drive crashed, and took the two systems together with 4 years of personal data with it.

Two weeks later I had a new hard drive and was pondering my options. I did plan to install Windows again; at that time Windows XP was just released. But I wanted a German version of Windows, which would be hard to get there. Also, I did not want to use Linux from Scratch any more, and wanted to make a well-founded choice of a distribution. On the other hand, I really wanted to get my machine up and running quickly, to be able to read my mail more comfortably. I had heard that Debian had good support for network installations (downloading a full 700MB CD was something to avoid at that time), so I grabbed some netinst images, burned a CD, and quickly installed Debian.

I was planning to use the system for about two weeks. I did not pay any particular attention to the setup. Heck, I even picked from my Simpsons sidekick machine naming scheme one that I would not miss being used up (“barney”). Nevertheless, I was using this installation for many years (and many upgrades), until I eventually switched to using laptops. In fact, that very installation is still on the machine somewhere and works. I did install Windows XP a few weeks later as well, but hardly used it. So May 12th of 2002 was when I turned into a full-time Linux and Debian user.

I soon became interested in Debian the project and started to contribute. But that is another story for another ten year anniversary blog post, most likely on October 21, 2013...

Flattr this post

Christian Perrier: 2012 update 22 for Debian Installer localization

Christian Perrier — 2012-05-12T09:07:00+00:00

Slovenian is now fully complete. 23rd language to reach full 100%
Danish, Basque and Punjabi complete level 1
Vietnamese and Traditional Chinese complete level 3
Progress for Traditional Chinese, Basque, Vietnamese in level 2

Status for D-I level 1 (core D-I files):

48 languages 100%: ar ast be bg bn bs ca cs da de el eo es et eu fa fr gu he hi id it ja kk km kn ko lo mr nb nl pa pl pt pt_BR ru si sk sl sr sv te th tr uk vi zh_CN zh_TW
1 languages 99%: ta
3 languages 97%: fi ga hu
4 languages 95%: dz is mk ro
1 language 92%: ml
others are 90% or below

Status for D-I level 2 (packages that have localized material that may appear during default installs, such as iso-codes, tasksel, etc.):

30 languages 100%: ast be bg ca cs da de eo es fa fr gu he id is it ja kk km nl pl pt ru si sk sl sv tr uk zh_CN
6 languages 99%: eu hr nb th vi zh_TW
3 languages 98%: dz pt_BR ro
1 language 97%: ta
2 languages 95%: el fi
2 languages 94%: ar gl
7 languages 92%: bn bs hu ko mr ne sr
5 languages 91%: ga ka lt mk te
others are 90% or below

Status for D-I level 3 (packages that have localized material that may appear during non-default installs, such as win32-loader)

38 languages 100%: ast be bg bs ca cs da de el eo es fa fi fr ga gl he hr id is it ja kk km nb nl pl pt ru sk sl sr sv th tr vi zh_CN zh_TW
2 languages 98%: hu uk
others are 90% or below

Full 100% completeness (hall of fame) for 23 languages: Asturian, Belarusian, Bulgarian, Catalan, Czech, German, Esperanto, Spanish, French, Indonesian, Italian, Japanese, Kazakh, Khmer, Dutch, Polish, Portuguese, Russian, Slovak, Slovenian, Swedish, Turkish, Simplified Chinese

Steve Kemp: On working from home

Steve Kemp — 2012-05-12T07:37:40+00:00

Recently an ex-colleague of mine changed jobs and suggested that I write something about the pros and cons of working from home. I've thought about this subject, off and on, for a few years and frustratingly I think most of the pros and the cons are the same:

When you work from home you're working from home.

I live in a two-bedroom flat in Edinburgh. (Having just spent thousands on a new bathroom I don't expect I'll be moving any time soon. A rough budget of £40-50,000 would let me convert my attic into two/three rooms. So there is growth potential!)

In my flat I have made one of the bedrooms an office. The office contains:

A huge desk with two PCs, and two telephones on it.
Several book-cases.
A wall-mounted fan.
Very little else.

One PC is for work. One PC is for me. One phone is for work. One phone is my own.

Every working day I switch on the work router, the work phone, the work PC around 09:30. I then work, taking a lunch-break between either 12:00-13:00 or 13:00-14:00, until 18:00 at which point I switch off the work toys.

I ignore my personal PC during the working day with the exception that it is the source of my music. I can reach across and hit the appropriate multi-media keys to select Play/Pause/Next Track/Previous Track/Volume Up/Volume Down. (When thenever the work-phone rings the first ring is ignored as I scramble to hit "Mute" or "Pause"..!)

So what are some of the advantages/drawbacks? Well I'm at home. So the environment is one that I've made myself, and enjoy. The music is mine. The colour-scheme is mine. The pictures on the walls are mine. I have a Steve-loving chair. There is no soulless air-conditioning, no horrible cubicles, and no noisy people talking.

The downside? No people talking. If I didn't leave my house at lunchtime I'd speak to zero people face to face in an average working day. That took a while for me to notice, but it is not nice.

Since I work from home "the commute" takes seconds. I tend to get out of bed and wander straight to the desk. I'll work non-stop, then get dressed around lunchtime so that I can go out for lunch. Hail, Rain, Snow, or Sunshine I leave the house for lunch every single day (unless waiting for an atypical delivery). Because if I didn't I'd have no human contact. In the afternoon if it is a nice day I'll get undressed again, because I can, so why the hell not?

Providing you're focussed working from home has several advantages that I can think of - I've no qualms about setting the washing machine going before I start work knowing that I can "spare" five minutes to empty it later in the day. Similarly I've no concern about ordering (even large) items, because I know what time the postman comes, and I know I'm never going to be out and miss a delivery.

When I first started working from home I had a laptop instead of a PC and there were mornings when I worked, lazily, from my bed, or from my sofa whilst watching TV. That didn't last for long because I just didn't do a good job. I think I got away with it in the sense that I don't think people noticed, but I expect if it had lasted for longer it would have been quickly apparent. I stopped because the line was blurring between "home life" and "work life".

Having a dedicated working area is essential in keeping me focussed. I don't do "home things" when I'm in "work time" - with very rare exceptions. Yes I wander around and pace if I'm thinking, yes I make more tea and coffee than I would in a real office, and yes I might open windows, phone a friend, read my gas meter, washup dishes, or similar as I'm "making coffee". But on the whole it only works if I work when I'm working.

I could save money by using my work-internet instead of paying for personal-internet, but keeping the two links separate is another way of being focussed. I don't do "dodgy" things on the internet, on the whole (haha), but if I do I'd want to be damn sure that that was via my link and not the work-link - and having two PCs and two network links I know that is the case. There have been times when the work link has broken and I've used my personal link + openvpn to continue working, or at the very least re-join our internal chatroom and say "Internet down, brb".

As a system administrator there are times when I have to do things either early in the morning, late at night, or even during a weekend. I guess a final advantage is that this is not a struggle - providing I don't schedule such operations at times when I'm in the pub, meeting friends, or taking pictures of cute strangers, it isn't a struggle to say "I'll do this after 8pm tonight", or set the alarm early. No long walk to an office, and if I've already got food cooking for my tea I can eat it nearby whilst still configuring things and testing sites/services/machines.

So pros: I'm in my own environment, I don't worry about receiving parcels, meter-readings, and have wonderfully pleasant music all day. Ancillory bonuses are really side-effects of being in my environment: I have my good coffee, my nice cups, I can eat food I enjoy. etc, etc.

Cons: You must be dedicated. You must be focussed lest you give in to temptation and cease working for minutes/hours at a time. You lose part of your home space - I can't turn this room into a childrens bedroom, for example.

Nothing earth-shattering. I've done this for five years now, and although I was a little skeptical initially I thought "Why not?" It has worked out well and I think if I ever did need to leave my current position I'd have no hesitation about working from home in the future.

Finally it has to be said that when I've had partners in my life they've traditionally been the type to wake up later than me. I get significant brownie points for being able to wake them up around 10/11AM with a cup of hot coffee & breakfast in bed every morning. By virtue of having a separate space I can close the door and not be disturbed by them walking around.

I'm sure I've forgotten things - but as an initial pass the benefits and disadvantages of working from home are the same: You're in your own house.

ObQuote: "Explorers in the further regions of experience." - HellRaiser

Andrew Pollock: [life] Zoe at 24 months

Andrew Pollock — 2012-05-11T21:24:00+00:00

Once again, another 3 months have flown by.

Honestly, it's been a total blur. What on earth has happened since February?

Well, heaps more travel of course.

There was the trip to New Orleans, which I already wrote about.

The other big trip we did was to Washington D.C. for a week, which I'm yet to write up. We stayed with friends in Alexandria for the week. Unfortunately, Zoe came down with conjunctivitis before Sarah's very eyes on the flight over (I'd been in North Carolina for work the week before, so they flew without me and I flew up to D.C. to meet them). She also developed an ear infection and a general cough/cold.

Fortunately, we caught it all pretty much as soon as it happened, and spent Easter Sunday at an Urgent Care in Virginia getting antibiotics for her, but her sleep was not so great the whole time we were in D.C.

Other than that, we've just been doing the normal stuff. Swimming classes have continued (she's very confident in the water now). Her speech continues developing well. Toilet training is continuing to go very well. There haven't been very many accidents at all. She's really loving the "new" day care. It was definitely the right thing to do to move her.

Physically, she's in the 80th percentile for height and the 50th percentile for weight, so I guess she's currently tracking to be on the tall and thin side of things.

We had another birthday party in the park behind our home, and this year the weather was much nicer, so we had people hanging around until about 7pm, and a good time was had by all. Zoe even successfully blew out her candle on the first attempt.

Her two-year molars still haven't come through. They seem to go through various stages of giving her a lot of grief, and then they stop messing with her sleep. I was beginning to think we'd never get back to an uninterrupted night's sleep ever again. It's still a bit hit and miss, but she usually settles down again fairly quickly if she does wake up, and doesn't always require intervention from us.

I've arrived at the theory that the "terrible twos" are largely the fault of trying to cut these two year molars. Her tantrums are so much worse when her teeth are actively giving her trouble. If she's had a good night's sleep and her teeth aren't driving her crazy, she's still pretty well behaved. If she's been awake half the night and her teeth are hurting during the day, she can be quite difficult. We seem to be currently at a point where they're not causing too much trouble at night, but she'll chew on her fingers like crazy if given the chance during the day.

I think seasonal allergies are also messing with her a bit. After she got over the cold she came down with in Washington D.C., she's still had a runny nose and a bit of a cough, but I don't think she's actually "sick" I think it's more related to allergies. She passed on whatever she had to me, and since I've recovered from it I'm also not feeling quite right.

I read somewhere that pollen counts are off the charts this year due to the weird weather, and Sarah's having a bit of a hard time as well, so I think we're all going to just have to ride it out with the judicious use of antihistamines.

Speaking of allergies, it's about time to re-test her for her egg allergy. We'll have to try that at a point when she's not regularly taking antihistamines for seasonal allergies, so it might be a while yet before we can do that.

I guess the next big development will be graduating from the crib to a toddler bed. I'm not in any hurry to do that though, so as long as she's not escaping the crib, her sleeping arrangements can stay the way they are. It'd be nice if she can cut her teeth first and then once she's sleeping properly, we can try converting the crib into a toddler bed.

Michal Čihař: Pootle vs. Weblate

Michal Čihař — 2012-05-11T18:20:20+00:00

As Weblate 1.0 is out, it's time to compare it to existing solutions. As first I've chosen Pootle as this is tool which we have been using for quite some time and I used it as an inspiration for Weblate.

First of all, both Weblate and Pootle use same backend for manipulating with translation files - Translate Toolkit. On the way I've learned that I've chosen different way of manipulating with backend files, what seem to lead to much smaller changes (no more reformatting of whole po file as Pootle does). Also Weblate does not suffer from some Pootle issues like not properly handling changes to fuzzy flag, which has bitten us several times at phpMyAdmin.

Another shared thing is web framework Django. For me it was obvious choice as I like writing application with it. The biggest difference here is that Weblate relies on Django admin interface for maintenance, while Pootle has everything in it's interface. Pootle has great advantage here for having consistent interface for everything, what was sacrificed in Weblate for less code to maintain (while having powerful Django admin interface). Also sharing same framework allows quite easy migration of user accounts.

Now let's functional side of things - this is where I've tried to take all good things I've seen in Pootle, while adding features I've missed there. What makes biggest difference here are project/subproject classification in Weblate, which was originally started as way to handle more project branches, but proved to be useful for translating related projects as well. This allows automatic propagation of changes across project, what is really great for translating more branches of same program or different interfaces to same functionality (eg. GUI application and command line tool).

The other big difference (and I would say key feature of Weblate) is Git integration - all changes are commited to Git with correct authorship, it can help in merging po files or automatically pull upstream changes (eg. from GitHub). This all makes integration into (Git based) development process really easy.

Other features like consistency checks or dictionary (terminology) are quite similar, though different. There is more consistency checks in Pootle, but the main reason was that I found some of them too annoying. User dictionaries are still pretty basic in Weblate and that's definitely something what should improve in future versions.

On configuration side, Pootle is much more flexible. The main reason here is that I've never used most of the options there. So there are no per project settings of checks or privileges. There is also no way to add language from Weblate - usually adding translation is not just matter of adding appropriate po file, but also other steps, which anyway had to be done manually. So Weblate leaves this up to user. On the other side as soon as new language pops up in Git repository, it is shown in the interface.

Both projects have quite good documentation - Pootle has most things covered on wiki while Weblate relies on separate documentation. However there are definitely some bits missing on both sides.

PS: If you want to want to have more "facts" in comparison, you can check Ohloh :-).

Filed under: English Weblate | 0 comments | Flattr this!

Alexander Reichle-Schmehl: Release Critical Bug report for Week 19

Alexander Reichle-Schmehl — 2012-05-11T13:17:30+00:00

The bug webinterface of the Ultimate Debian Database currently knows about the following release critical bugs:

In Total:	1609
Affecting Wheezy:	1136
Wheezy only:	206
Remaining to be fixed in Wheezy:	930

Of these 930 bugs, the following tags are set:

Pending in Wheezy:	83
Patched in Wheezy:	208
Duplicates in Wheezy:	46
Can be fixed in a security Update:	27
Contrib or non-free in Wheezy:	12
Claimed in Wheezy:	2
Delayed in Wheezy:	31
Otherwise fixed in Wheezy:	61

Ignoring all the above (multiple tags possible) 556 bugs need to be fixed by Debian Contributors to get Debian 7.0 Wheezy released.

However, with the view of the Release Managers, 1025 need to be dealt with for the release to happen.

Please see Interpreting the release critical bug statistics for an explanation of the different numbers.

Paul Tagliamonte: gcc 4.7 patchathon part V

Paul Tagliamonte — 2012-05-11T00:16:00+00:00

Another day, s’more patches.

667343 (qterm)
672007 (pokerth)
672010 (cryptkeeper)
672052 (qastools)
672071 (pxe-kexec)
672005 (l2tp-ipsec-vpn)
672003 (dibbler)

Consider helping out!

Lars Wirzenius: Obnam 0.28 (backup program)

blog.liw.fi — 2012-05-10T23:32:12+00:00

I've just released version 0.28 of Obnam, my backup application. The relevant part of NEWS:

force-lock should now remove all locks.
Out-of-space errors in the repository now terminate the backup process. Previously, Obnam would continue, ignoring the failure to write. If you make space in the repository and restart Obnam, it will continue from the previous checkpoint.
The convert5to6 black box test now works even if run by other people than liw.
"obnam backup" now uses a single SFTP connection to the backup repository, rather than opening a new one after each checkpoint generation. Thanks to weinzwang for reporting the problem.
"obnam verify" now obeys the --quiet option.
"obnam backup" no longer counts chunks already in the repository in the uploaded amount of data.

Jo Shields: Sleeping with the enemy: my life with Windows Phone

directhex — 2012-05-10T13:12:55+00:00

In my last blog post about smartphones, I urged the universe at large to help maintain a variety of ecosystems, to help foster competition and originality amongst vendors – and the same day I hit publish, WebOS was killed.

Apparently the universe hates me.

Since then, a few things have changed. My main phone since the day of its release was the HP Pre 3, running WebOS – and whilst I still have a soft spot for the OS, the Pre 3 was simply too buggy for me to use full time. The main issue is that I use my phone as an MP3 player in the car – but the Pre 3 would pause playback at the end of a track every half dozen tracks or so – making it impossible to drive the 85 miles to work without needing to root around in the armrest and poke a touchscreen. Not something I really want to do whilst moving – and ultimately too big a papercut to deal with.

So, come the new year, I moved on to my next device, a Nokia N9 running MeeGo Harmattan. Ultimately, this was an even bigger failure for me than the Pre 3 was, and I lasted maybe two weeks with it before giving up and going back to the HP. Beyond massive usability errors in the software (especially the braindead unkillable pop-up demanding Internet access, even when none is available), the worst for me was how it handled the MP3 player task. My usual way of working is to have the phone hooked up to the stereo with a 3.5mm jack, and the car switches to headset Bluetooth profile to handle calls – this is pretty common on cars too old to support A2DP profile (Stereo music-capable headphones). WebOS and Android are fine with this – but not the N9. The N9, instead, will output all audio through the last connected audio device, regardless of how much that might not be helpful. Get in car, start music playing, plug in cable, start engine – and it plays audio for about three seconds before the Bluetooth connects, and it switches to outputting music via the Headset bluetooth profile (not something that my car can do). Unplug and replug the cable, and music works – but incoming calls are silent until I disconnect the 3.5mm jack, as it outputs the headset audio through the headphone socket. I just couldn’t deal with this big a step back from WebOS as far as my workflow goes, and gave up.

So, where next? Well, a funny thing happened – a co-worker with generally very good instincts regarding consumer electronics usability told me that his housemate had just bought a Nokia Lumia 800 Windows phone (the WP7-based cousin to the N9) and loved it. Enough that said co-worker was considering getting one himself. This was a very strange thing to hear, especially from an iPhone owner, about a Microsoft product. I’d been generally interested in WP7 on an academic level for a while, but to hear that degree of praise of the actual product was interesting. Also interesting, and roughly simultaneous, was seeing Sajid Anwar’s reverse engineering of the proprietary Zune file transfer protocol go from theory into an actual set of libmtp patches.

So if the capability to use Banshee to transfer music on is here or near… and it can’t be as braindead as Harmattan when it comes to headphone/bluetooth behaviour, then why not jump ship and squeeze a handset out of Orange?

About a week after my co-worker replaced his iPhone with a Lumia 800, I bought one too.

So where to begin? Well, I’ll begin at the start: WP7 is a joy to use. It really just is. It’s the first mobile OS to try something radically different in the UI department for years. Everyone else these days (especially Android) builds iPhone rip-offs to varying degrees, and even the iPhone interface has a lot in common with the old old OLD interfaces found on the dumb Nokia phones of the 1990s. WP7 has an interface which provides just the right level of passively visible information and interactivity, and manages to do it with an elegance that no Android home screen filled with widgets will ever manage. The uncluttered screens are easy to read, and the Metro usability paradigms are trivial to pick up and learn. Without a doubt I’d recommend WP7 to friends and family from a usability perspective, and the Microsoft engineers and designers responsible for cooking up the WP7 interface are worthy of praise. And I’m not the only one saying this – Apple co-founder Steve “Woz” Wozniak recently came out with a similar line.

That’s the good. There’s also some bad, make no mistake. I’m going to cover all the reasons WP7 sucks over several paragraphs. But overall, a smartphone is a device which I expect to suck – the question is how bad the suck is, and whether it gets in the way of me using the device for what I need at the time. Moreso than MeeGo, moreso than Android, and even WebOS (and I’m still a big WebOS fan), WP7 has more good points than bad points. But there’s still some room for improvement, and some room for caution – and since I know there are a few Microsoft folks following me on Twitter, I’m going to go over my prescription for continued platform success.

Oh, one more thing before I start: I know WP7 isn’t Free Software. As an end user, I really don’t care about that. I just want something that works – something I didn’t get from WebOS and Harmattan, both of which are primarily Free Software stacks. I’m not saying there’s a causal relationship there, or that a mobile OS can’t be both Free Software and good – just that as an end user, my favourite platform right now is non-Free. Take from that whatever you like. It’s also vitally important, as Free Software folks, never to lose sight of what the other players in the market are up to. If you can’t objectively assess why people are using a proprietary option by using it & recognising its good points (i.e. what to steal & what to improve) then you can’t hope to win over users.

So. WP7′s downsides in detail.

In-place updates. Seriously guys, even Apple can manage this now. Why can’t Windows Phone? I understand that making backups is smart – and all updates come with a mandatory backup – but I really shouldn’t be tied to a PC to update a post-PC device. Also, those backups are useless, since they cannot be restored onto replacement devices in the case of failure or theft, so fix that too.

Update all the things. An iPhone sold in June 2009 still has access to the latest iOS releases. Android phones are notorious for shipping with an outdated version of the OS, then getting at most one major update over the phone’s lifetime (usually the device is abandoned by its manufacturer within months of release). Which camp does Microsoft want to align with, there? Every Windows phone 7 device released should receive Windows Phone 8, even with some features disabled. Anything less is punishing every existing customer, in the hope that you’ll attract new ones – not a winning strategy for a fringe platform whose biggest evangelists are its users.

Fix IMAP. IMAP isn’t hard. Yet WP7 never seems to work properly with a subset of my mail, never showing the message body & just saying “Downloading” forever. Fix it.

Bing sucks. Bing’s search results are terrible. Either do something to make them bearable, or allow me to pick which search engine I get when I hit the search button. A Google live tile isn’t the same thing.

Make killing apps easier. I know you stole the WebOS card view for multitasking (hold the back button) – please also steal the WebOS ability to close apps. I don’t want to have to go into an app and bash “back” repeatedly until it quits. This is particularly annoying for Internet Explorer.

Make reinstalling apps easier. If I want to install every app I previously had installed on a new device, without restoring a backup, this should be easy. There are third party apps which try to plug this gap.

Find a way to support copyleft. I’d like to port a few C# apps to WP7, but because they’re LGPL, I can’t. The code’s copyright holders would have no issue with their code being on WP7, as long as end users have a mechanism to replace the libraries, so why not find a way to allow this? e.g. when compiling an app, let me mark a library as “user-replaceable”, then allow for some mechanism where an end user can replace those assemblies with their own version.

Let me use multiple Google calendars. WP7 only lets me add/see appointments on my default Google calendar. I want to add/see things on my wife’s calendar, which is shared with me. WebOS can do this.

MTP-Z is the devil. I do not need or want encrypted end to end communication between my PC and my camera device, to transfer a photo off. I do not need or want encrypted end to end communication between my PC and my MP3 player to transfer a photo on. Let’s be honest, the only reason for MTP-Z is to enforce DRM on Zune-rented music tracks – and honestly, there’s no good reason to require MTP-Z for *all* communications if all you want to do is protect one folder or file extension. Now, since MTP-Z theoretically forces me to use Zune for many tasks better handled by other apps, now I get to write multiple criticisms of Zune’s desktop app – and as long as MTP-Z is enforced, every Zune failing is a Windows Phone failing too.

Zune: Support Windows’ codec infrastructure, and transcode where needed. Windows Media Player can play Ogg Vorbis files. No, not out of the box, but if one installs the required codecs. Zune should support the same files as WMP – if you want to ensure people don’t try to copy files to a portable device which are not supported on that device, then you should have an API in place to allow for pluggable seamless transcoding of files as required – Banshee allows me to do this (e.g. to copy files I have as .flac to devices which do not support it).

Zune: Search my tracks, not the web. Zune’s searching is terrible – it doesn’t do as-you-type searches, and when I hit enter, matches from my collection are given a tiny little space compared to matches from the Zune music store. Let me easily pick the track I feel like listening to, don’t make it a chore

Zune: Let’s solve metadata together. I absolutely love how nicely the Zune app – on desktop and on phone – shifts as appropriate to the currently playing artist (e.g. changing the lock screen to an image of the artist in question). However, Zune doesn’t make it obvious how to set an album’s metadata to support this, and it’s particularly frustrating when it’s a minor difference of spelling causing a track not to get the “nice” treatment – e.g. “UNKLE” versus “U.N.K.L.E.”. Either start making heavy use of audio fingerprinting services like MusicBrainz to fill in metadata, or allow me to search for “fully supported” artists when filling in track metadata

Zune: Random playlists are useless on devices. I like smart playlists. In Banshee, I have one to pick 12GB of random tracks, which I can sync to my phone. I can’t do this with Zune. If I try to just sync all my random music to my phone, it errors out due to lack of space. If I have a random playlist, the random selection changes multiple times during a sync – resetting the sync, wiping out half the tracks that were transferred on, and starting again. As a result, the sync goes on for literally hours, never ending up with more than a gig or so of tracks on the phone. Random playlists should be freezable, so I can transfer them to my device in peace, then get a new random selection when I want.

So, that’s my list of miserable failure – and it’s still a less painful list than any other mobile OS I’ve used. Perhaps one day Android will approach being usable, perhaps Blackberry’s BBX will actually appeal to human beings rather than corporate IT managers, and perhaps Mozilla’s delightfully named “Boot to Gecko” will get some traction. Who knows. All I know is, My Lumia 800 is the best phone I think I’ve ever owned, and it’s important for anyone working in the mobile space to understand why.

Michal Čihař: Weblate 1.0

Michal Čihař — 2012-05-10T10:00:00+00:00

After few weeks of heavy testing, Weblate 1.0 has been released today.

Compared to 0.9 there are just minor changes and bug fixes. The most important thing is that Weblate should be now really ready to use :-).

Full list of changes for 1.0:

Improved validation while adding/saving subproject.
Experimental support for Android resource files (needs patched ttkit).
Updates from hooks are run in background.
Improved installation instructions.
Improved navigation in dictionary.

You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances can be found in SUSE Studio Gallery.

Weblate is also being used https://l10n.cihar.com/ as official translating service for phpMyAdmin, Gammu, Weblate itself and others.

If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you (this will be decided case by case as my hosting space is limited).

Filed under: English Phpmyadmin Suse Weblate | 0 comments | Flattr this!

Raphaël Hertzog: The Debian Administrator’s Handbook is available

Raphaël Hertzog — 2012-05-10T09:29:00+00:00

I am so glad that we managed to complete this project. Roland and I have spent countless hours on this book since December, both for the translation itself and also for all the things that we tend to forget: a nice book cover, a great book layout for the print version, coordinating the work of reviewers, registering as an editor to get an ISBN, etc. I think I will come back to this in a future article because some parts of the story are interesting.

In the mean time, enjoy the DFSG-free Debian Administrator’s Handbook:

get it from unstable with apt-get install debian-handbook;
browse the online version;
get the paperback or the ebook (available as PDF, EPUB, MOBI);
grab the sources with git clone git://anonscm.debian.org/debian-handbook/debian-handbook.git and contribute a translation

Check out the official announce (there’s a discount for early buyers of the paperback).

8 comments | Liked this article? Click here. | My blog is Flattr-enabled.

DebConf team: Submit your greatest ideas as a DebConf12 talk (read: Call for Papers reminder) (Posted by Gunnar Wolf)

DebConf Organizers — 2012-05-10T00:49:00+00:00

DebConf12 is drawing closer and closer! Have you ever been to a DebConf? You will surely agree with us: It’s a life-changing event! It’s one of the greatest geek gatherings in the world! It’s something you can’t afford on missing out! It’s… wait..

Oh, sorry, I had my spam mode set to highest. But still, that does not make it any less true.

And one third of May has already passed. This means that the first deadlines are just around the corner: next Tuesday (15-may), sponsored registration will close, so make sure to register before it’s too late.

But wait… wasn’t this about the call for papers?

Right, that’s not the point of my post, I wandered off again. I’m sorry, I just visited Managua last weekend (Holger will soon tell you about our visit), and it’s impossible to keep the mind off the excitement. I wanted to ask you to share your greatest, latest ideas or projects.

DebConf is about many things — But one of its most important features is its rich set of talks, usually with very high and interesting contents in the technical, social, organizational levels — Or several of them at once.

As always, you will be able to submit talks until a day before you present it. However, it’s best for your intended audience to know bits about your proposed topic, possibly even to share some information beforehand, so that the exposition can be as smooth as possible and the interaction during the talk even more — And this is specially true for BoF sessions.

However, we do have one advertised deadline: Talks submitted up to June 1st will be considered to be pre-scheduled. This means, to be part of the officially announced program, and have guaranteed coverage of our (always great) video team.

DebConf Tracks

But maybe you don’t feel comfortable presenting a topic. Or you are, but you think it would be important to have several thematically related talks be grouped together.

And if you are interested in this group of talks, you will probably know who would be more interesting to invite to present the topics - And will be able to prod them to do so.

You can request to coordinate a track. That will ensure you get a contiguous block of timeslots for the talks you schedule, and do a great contribution to DebConf.

To add your track, please mail talks@debconf.org. Please, specially if you do so in the few days following May 9, send me a copy to gwolf@gwolf.org, as it seems the alias is not yet set up.

Tutorials and mentoring

This year, we will have a high number of very motivated attendees from the many countries in the Central American region who want to get started in helping Debian, but have not yet found how to do it. Usually we would see local communities as prime material for DebianDay – However, many of them are more interested in getting hands-on tutorials and be mentored into contributing to Debian.

So, if you are part of a team working on a given aspect of Debian, or want to get people involved into your project, register it in the Tutorials and mentoring track.

See you all soon, very soon, in tropical Managua for the hottest DebConf ever!

(oh — For those who remember days long past in Helsinki: There is even a sauna! ;-) And it’s GREAT)

Gintautas Miliauskas: Haskell online typechecker (2)

Gintautas Miliauskas — 2012-05-09T21:23:39+00:00

haskellonline.org, my recent experiment to make learning Haskell easier, has been doing quite well. More than a thousand people have checked the site out since my last blog post. Yay!

I have since prettied up the interface a little bit. The editor now highlights not just the line, but also the error token itself. Simple code folding is now available too: try clicking in the gutter (near the line numbers) on the first line of a multiline definition.

Kudos to Marijn Haverbeke, author of CodeMirror, the Javascript code editing component, which made it possible to write and deploy haskellonline.org in a weekend rather than a month.

Leandro Gómez: Are you going to DebConf12?

leogg — 2012-05-09T04:08:51+00:00

There’s only a few days left before the sponsored registration for DebConf12 closes.

If you haven’t registered yet, please do it before May 15th and consider submitting a talk. We’re looking forward to see you in Managua in July!

Norman García: Debian tour in Nicaragua

n0rman — 2012-05-09T04:02:58+00:00

In April, the Nicaraguan Debian community started the Debian Tour, a series of talks in different universities around Nicaragua in order to promote Debian GNU/Linux and invite people to join our community.

The Debian Tour kicked off in the city of Masaya and we plan to visit other cities, like León and Chontales. In April we had two events, and we’re planning four more events in May and an additional four in June for a total of 10 events, but hopefully we can do more At this time we have scheduled two visits to UNAN (Universidad Nacional Autónoma de Nicaragua), one in May and one in June, and one visit to UNI (Universidad Nacional de Ingeniería) and one more to UENIC (Universidad Evangelica de Nicaragua) in Masaya.

Besides talks, we had one workshop with the help of the guys from UNI about Debian packaging by gwolf who was visiting Nicaragua last weekend. There are a few other workshops planned about sysadmin and security in Debian.

I want to participate in Debian Tour but I still don’t know how, maybe give a talk about LXDE or collaborating with Debian.

Iustin Pop: pbuilder and binary-arch packages

Iustin Pop — 2012-05-08T20:28:46+00:00

Just got bitten by this, so note to self:

the pbuilder image might have installed iproute automatically, due to isc-dhcp-client dependency, so it's not an entirely clean build environment
if you have a source package which generates both an arch:any and an arch:all package, make sure to test building “all” packages and only the binary one(s), via pbuilder --binary-arch; otherwise you might get surprises due to Build-Depends-Indep being pulled in by default

Yes, I'm talking about Debian bug #671981. Fun!

Tim Retout: Engaged!

Tim Retout — 2012-05-08T19:52:00+00:00

Following on from the weekend of change, I've got engaged to Kate. :)

We now need to organise a combined housewarming/engagement party...

Vincent Sanders: NetSurf at a show

Vincent Sanders — 2012-05-08T18:55:30+00:00

The wakefield RISC OS show is an event the NetSurf project has attended for a long time. in fact since 2005 when the "stand" was a name on an A4 sheet through 2006, 2007, 2008, 2009, 2010 to 2011 we have always been present.

The event has changed in that time from a large affair with many exhibitors to a small specialist interest event with a handful of stands. I took some pictures this year which give a fair impression of the event.

We were seriously considering not attending this year as 2011 had seen us barely break even on donations versus expenses to attend. However we decided that the projects annual Grey Ox Inn post event dinner was probably worth making the effort.

So we all met up in a hotel just off the M1 near Wakefield and set up our table. And although NetSurf as a project now has much more usage on other platforms we still represent the principle browser for the RISC OS platform!

We had a pleasant time, talked to a lot of users and made our expenses back in donations. Overall an amusing Saturday. Based on the size of the event and number and age of the attendees, I fear the RISC OS may be destined for the history books.

Vincent Sanders: Repaying a debt

Vincent Sanders — 2012-05-08T18:10:04+00:00

Some debts are merely financial and some easily repaid but some require repayment in kind . Few debts are more important to me personally than a favour earned by a good friend.

Several years ago, before I started this blog, I replaced the kitchen in my house. Finances were tight at the time and I had to do the entire refit with only limited professional help. Because of this I imposed upon Mark Hymers and Steve Gran to come and assist me. They worked tirelessly for three days over a bank holiday for no immediate reward.

Mark and Steve with a drill

This weekend I had the opportunity to assist Mark with his own kitchen refit and reply my debt.

Although the challenges have been different on this build they were, nonetheless present, including walls which were most definitely not square and affixing cabinets 10mm too high so the doors could not close.

We also got to make a hole for a 125mm extractor which was physically demanding and not a little tiring (Steve actually wielding the drill had a fabulous aim)

I took some photos to document the process which has resulted in an image which is positively threatening, though the two of them are nice people really!

All in all a pleasant weekend with friends, the whole favour thing was really moot, I would have done it for a friend anyway.

James Bromberger: Courier IMAP and FAM

james — 2012-05-08T10:12:04+00:00

Last Friday, while tracking Debian Testing, the courier package was updated, and while authentication could be seen to be successful, actually using IMAP seemed to fail.

Turns out the FAM package was somehow to blame; installing fam and libfam0 was the solution. This uninstalled gamin for me. So if you’re pulling your hair out with a similar courier/imap issue, then perhaps have a look at the courier-imap mailing list.

Vipin Nair: Introduction

Vipin Nair | swvist — 2012-05-07T23:54:00+00:00

Hi, I am Vipin. I am a generalist in the technology field, interested in everything from algorithm design to data visualization. I am a Free software advocate and only use FOSS tools unless absolutely required, one notable exception being Chrome. I run Debian as my primary(only) operating system and will be contributing to Debian this summer as a Google Summer of Code student. I will be developing a web interface to present the data collected by the Team Activity Metrics project. More on this later :)

After a brief stint with tumblr and wordpress I have finally found a good blogging tool where I am in complete control of every minute detail of my blog and which fits in my workflow perfectly. I am not a ruby guy, which is probably one of the reasons why I had not tried Jekyll earlier but when Jaseem started his blog on github, it looked great and I ventured in. The design of this blog is inspired by those of Jaseem Abid and Dustin Curtis and I do recommend that you read them, they have some great articles.

If you are getting started with Jekyll, the best way to do so would be by reading some existing open source code, assuming you have a top level overview of how things work. Read the documentation if you can’t figure it out yourself. Trust me, the hacker in you will love it :)

Blogs are great place to learn new stuff and whenever I am stuck, a quick search does lead me to articles lucidly explaining stuff I am looking for and I do think I can contribute to this learning process by writing articles that could benefit someone. Do share it if you find it good, I certainly do not mind getting slashdotted! Having said that, if you find flaws in my writings please do drop in a line as a comment or reach me on twitter. Do not flame me, educate me. I’ll learn something new and your karma gets a boost :)

Happy Hacking!

Christoph Berg: Andreas

Christoph Berg — 2012-05-07T21:56:12+00:00

May 7th, 2012

Joachim Breitner: Free Groups in Agda

nomeata — 2012-05-07T13:24:33+00:00

I must say that I do like free groups. At least whenever I play around with some theorem provers, I find myself formalizing free groups in them. For Isabelle, my development of free groups is already part of the Archive of Formal Proofs. Now I became interested in the theorem prover/programming language Agda,so I did it there as well. I was curious how well Agda is suited for doing math, and how comfortable with intuitionalistic logic I’d be.

At first I wanted to follow the same path again and tried to define the free group on the set of fully reduced words. This is the natural way in Isabelle, where the existing setup for groups expects you to define the carrier as a subset of an existing type (the type here being lists of generators and their inverses). But I did not get far, and also I had to start using stuff like DecidableEquivalence, an indication that this might not go well with the intuitionalistic logic. So I changed my approach and defined the free group on all words as elements of the group, with a suitable equivalence relation. This allowed me define the free group construction and show its group properties without any smell of classical logic.

The agda files can be found in my darcs repository, and the HTML export can be browsed: Generators.agda defines the sets-of-generators-and-inverses and FreeGroups.agda (parametrized by the Setoid it is defined over) the reduction relation and the group axioms. Here are some observations I (disclaimer: Agda-beginer) made:

Fun fact: Free groups exist not only in classical logic.
Without any automation as in Isabelle, even simple things get quite complicated. A simple substitution of an equality with subst requires me to specify not only the equality and the term I want it to apply, but also to repeat the common part of the terms. Or when using the associativity of list concatenation, I have to pass all three sublists to the lemma. Maybe I am a bit spoiled by Isabelle, but I’d be worried that this would prevent large proofs.
The levels are also annoying. Although my theory stays within one level, I have to annotate it everywhere. I’d expect the type inference to figure this out for me.
Equality reasoning with begin ... ∎ is quite nice and surprisingly well readable.
Besides the additional work, it is nice to be able to do the proof in almost all detail. There is a limitation, though, as some steps are done automatically (if they happen to occur when evaluating/normalizing a term) and the others, even if similar-looking, are not.
It’d be great if one would be free in the choice of editor, but vim users generally have a hard time in the field of theorem provers.

If I were to extend this theory, there are two important facts to be shown: That there is a unique reduced word in every equivalence class (norm_form_uniq), and the universal property of the free group. For the former (started in NormalForm.agda) I’m missing some general lemmas about relations (e.g. that local confluence implies global confluence, and even the reflexive, symmetric, transitive hull is missing in the standard library). For the latter, some general notions such as a group homomorphism need to be developed first.

I planned to compare the two developments, Isabelle and Agda. But as they turned out to show quite things in different orders, this is not really possible any more. One motivation to look at Agda was to see if a dependently typed language frees me from doing lots of set-element-checking (see the “mems” lemma in the Isabelle proof of the Ping-Pong-Lemma). So far I had no such problems, but I did not get far enough yet to actually tell.

Thanks to Helmut Grohne for an educating evening of Agda hacking!

Flattr this post

Lars Wirzenius: Quality of discussion in free software development

blog.liw.fi — 2012-05-07T10:09:11+00:00

The Online Photographer has a meta-article on some discussion in the photography world. Summary: someone wrote an opinion piece on one site, and people on the discussion forum of another site got his name wrong, possibly repeatedly. And the quality of the discussion went down from there.

The quality of the discourse of free software development is frequently of some concern. Debian has a reputation as being a host to, er, particularly vigorous discussions. That reputation is not unwarranted, but, I think, we've improved a lot since 2005. The problem is hardly restricted to Debian, however.

How can we improve this? I don't know. As a community, I'm not even sure we agree what the problems are. Here's my list.

unshakeable, dogmatic opinions; an unwillingness to consider others' points of view or their justifications; willful ignorance of anything that contradicts with the way one wants things to be; an uncompromising, winner-takes-all, last-poster-wins attitude to debates; in short, a lack of respect for anyone who isn't on one's own side
an (unintended?) emphasis on discussion speed, leading to short missives, written quickly, without much thought, and without giving even a glimpse of how the conclusion or opinion was formed; this further leads to discussions that are hard to follow, because there are so many messages to read (the total word count would probably be about the same if everyone only wrote one or two essays)
few good ways of dealing with bad behavior, unless it fits into some clear categories of bad behavior; no clear community consensus of what is acceptable behavior, outside of a small core that is obvious (there's probably several PhD's worth of reasons for this, and it's not just because of "geeks don't understand social interaction" or "everyone is from a different cultural background")

Insults, personal attacks, and other such outrageously bad behavior is uncommon. It crosses the line so clearly it becomes easy to deal with; I don't think handling this needs much attention.

What can we do about this? I'm not sure. I have, for the time being, abandonded Debian mailing lists as a way to influence what goes on in the project, but that's just a way for me to clear some space in my head and time in my day to actually do things.

My pet hypothetical solution of the day is that mailing lists might raise the quality of the debates by limiting the number of messages written by each person per day in each thread. This might, I think, induce people to write with more thought and put more effort into making each message count.

Cyril Brulebois: Debian XSF News #12

Cyril Brulebois — 2012-05-07T02:00:00+00:00

Time for a DXN#11 follow-up.

The recent xserver-xorg-input-synaptics rc4 upload solved a lot of issues, but the 1.6.0 release (just uploaded) should fix some more. Enjoy!
I’ve also uploaded a new xorg-server, merging from upstream server-1.12-branch to get many XI2.2 bug fixes, along with an infinite loop bug fix (also seen with synaptics).
Many drivers can no longer work on ia64 due to the recent changes, so we requested they be removed, which happened promptly!
All XSF-maintained packages build happily against X server 1.12, meaning users can get back to running apt-get dist-upgrade blindly without having to fear the consequences. Pro tip: when you see something like xserver-xorg go away during a dist-upgrade, think twice before confirming!
xf86-input-mtrack was recently fixed; xf86-video-glamo and xf86-video-msm fail to build (#671028, #671806), so they stay uninstallable for now. Thankfully nothing appears to depend on them, so they can be temporarily removed from testing if needs be.
In the meanwhile, xserver-xorg-video-intel 2.19 was released. It will probably land into experimental first, until the new server and its drivers make it into testing.
Andreas Beckmann asked me to mention the status of the binary drivers, so here is my take about them: fglrx still doesn’t support X server 1.12 (LOL!). The other, big fat blobby driver is installable, and supposed to work.