Planet Debian

Russell Coker: DomainKeys and OpenSSL have Defeated Me

Thu, 02 Jul 2009 22:54:53 +0000

I have previously written about an error that valgrind reported in the STL when some string operations were performed by the DKIM library [1]. This turned out to be a bug, Jonathan Wakely filed GCC bug report #40518 [2] about it, Jonathan is one of many very skillful people who commented on that post.

deb http://www.coker.com.au lenny gcc

I’m still not sure whether that bug could actually harm my program, Nathan Myers strongly suggested that it would not impact the correct functionality of the program but mentioned a possible performance issue (which will hurt me as the target platform is 8 or 12 core systems). Jaymz Julian seems to believe that the STL code in question can lead to incorrect operation and suggested stlport as an alternative. As I’m not taking any chances I built GCC with a patch from Jonathan’s bug report for my development machines and then built libdkim with that GCC. I created the above APT repository for my patched GCC packages. I also included version 3.4.1 of Valgrind (back-ported from Debian/Unstable) in that repository.

Nathan Myers also wrote: “Any program that calls strtok() even once may be flagged as buggy regardless of any thread safety issues. Use of strtok() (or strtok_r()) is a marker not unlike gets() of ill thought out coding.” I agree, I wrote a program to find such code and have eliminated all such code where it is called from my program [3].

I think it’s unfortunate that I have to rebuild all of GCC for a simple STL patch. My blog post about the issue of the size and time required to rebuild those packages [4] received some interesting comments, probably the most immediately useful one was to use --disable-bootstrap to get a faster GCC build, that was from Jonathan Wakely. Joe Buck noted that the source is available in smaller packages upstream, this is interesting, but unless the Debian developers package it in the same way I will have to work with the large Debian source packages.

I have filed many bug reports against the OpenSSL packages in Debian based on the errors reported by Valgrind [5]. I didn’t report all the issues related to error handling as there were too many. Now my program is often crashing when DomainKeys code is calling those error functions, so one of the many Valgrind/Helgrind issues I didn’t report may be the cause of my problems. But I can’t report too many bugs at once, I need to give people time to work on the current bug list first.

Another problem I have is that sometimes the libdkim code will trigger a libc assertion on malloc() or free() if DomainKeys code has been previously called. So it seems that the DomainKeys code (or maybe the OpenSSL code it calls) is corrupting the heap.

So I have given up on the idea of getting DomainKeys code working in a threaded environment. Whenever I need to validate a DomainKeys message my program will now fork a child process to do that. If it corrupts the heap while doing so it’s no big deal as the child process calls exit(0) after it has returned the result over a pipe. This causes a performance loss, but it appears that it’s less than 3 times slower which isn’t too bad. From a programming perspective this was fairly easy to implement because a thread of the main program prepares all the data and then the child process can operate on it – it would be a lot harder to implement such things on an OS which doesn’t have fork().

DomainKeys has been obsoleted by DKIM for some time, so all new deployments of signed email should be based on DKIM and systems that currently use DomainKeys should be migrating soon. So the performance loss on what is essentially a legacy feature shouldn’t impact the utility of my program.

I am considering uploading my libdomainkeys package to Debian. I’m not sure how useful it would be as DomainKeys is hopefully going away. But as I’ve done a lot of work on it already I’m happy to share if people are interested.

Thanks again for all the people who wrote great comments on my posts.

[1] http://etbe.coker.com.au/2009/06/22/valgrindhelgrind-and-stl-string/

[2] http://gcc.gnu.org/bugzilla/show_bug.cgi?id=40518

[3] http://etbe.coker.com.au/2009/06/14/finding-thread-unsafe-code/

[4] http://etbe.coker.com.au/2009/06/24/unreasonably-large-source-packages/

[5] http://etbe.coker.com.au/2009/06/28/valgrind-and-openssl/

David Welton: ruby-oci8 and libao

Thu, 02 Jul 2009 21:38:13 +0000

Not of concern to most people reading this via a feed, but it's one of those things I think is nice to write up as a public service, should anyone else encounter the same error. I'm stuck doing some Rails work with Oracle, and so I needed to get ruby-oci8 working:

http://ruby-oci8.rubyforge.org/en/InstallForInstantClient.html

These instructions are pretty good. I followed them, the gem said it had been installed correctly.... and yet:

ERROR: ActiveRecord oracle_enhanced adapter could not load ruby-oci8 library. Please install ruby-oci8 library or gem.
/usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/connection_adapters/abstract/connection_specification.rb:76:in
`establish_connection':RuntimeError: Please install the oracle_enhanced adapter:
`gem install activerecord-oracle_enhanced-adapter` (LoadError)

Argh! After some straceing, I finally figured out what was missing: the libaio1 package. You need to have it or things will fail like this. It's very odd that the installation doesn't complain about it.

Joey Hess: DebConf9

Thu, 02 Jul 2009 19:46:46 +0000

I'm going to DebConf, and will be giving what I think is the first talk I've ever done about debhelper there. Incidentially, debhelper in experimental has some nice new features.

I have no idea how I'm getting from the Madrid airport to Cáceres, and would rather spend time working on my talk than trying to book tickets internationally, so I hope buying train tickets at the station is not a foolish plan..

Debian Sysadmin Team: Martin Zobel-Helas: Howto mess up the Debian Project homepage

Thu, 02 Jul 2009 18:28:30 +0000

I recently blogged about the GeoDNS setup we plan for security.debian.org. Even though all DSA team members agree that the GeoDNS setup for security.debian.org should come alive as soon as possible, we still fear to break an important service like security.d.o.

Yesterday I decided without further ado to float a trial balloon and converted DNS entries for the Debian Project homepage to our GeoDNS setup. While doing so, we found out that some part of our automatic deployment scripts still need to be adjusted to serve more than one subdomain of the project.

That setup is live for about eighteen hours now, and the project homepage now resolves it IPs via GeoDNS. For now, we are using senfl.d.o for Northern America, www.de.debian.org and www.debian.at for Europe and klecker.d.o for the rest of the world. From what I can see from GeoDNS logs, it seems to work fine, and the load stays reasonably low, so after a short test period we might add additional services like security.debian.org to GeoDNS.

Cyril Brulebois: Porting is fun

Thu, 02 Jul 2009 09:40:00 +0000

In the next hours or even days, I might be quite verbose so that people can have a tiny idea of what porting looks like. Or eventually what being in a bootstrapping phase looks like.

I love it when a plan comes together!

One important goal was trying to get sbuild installable within sid. Of course it is already installed on the buildds, but having it handy should help developers hack on their own boxes.

The chain of dependencies wasn’t very long, but still:

sbuild → libsbuild-perl           [not installable]
libsbuild-perl → schroot          [not built]
schroot → libboost-dev            [not built]
libboost-dev → libboost1.38-dev   [not built]
libboost1.38-dev → libopenmpi-dev [not installable]

First of all, I filed #535202 so that libibverbs can be built on GNU/kFreeBSD, which was needed because libopenmpi-dev depends on one of its binaries. We weren’t sure it was appropriate, though, since it looked like pretty much Linux-specific. So I filed #535225 to get installability issues of libopenmpi-dev on non-Linux architectures fixed (by excluding libibverbs-dev from the Depends on those architectures, matching what was already done for the build dependencies). A fixed package was uploaded in some hours only!

In the meanwhile, I gave mpi-defaults a shot, using the locally-built libopenmpi-dev package. It could have gone flawlessly if I didn’t stumble upon an FTBFS due to a toolchain change. #535230 got filed accordingly, and fixed some hours later too!

Building boost1.38, then boost-defaults, and finally schroot went smoothly, and all the above-mentioned packages are now installable on the porter box. And thanks to the responsiveness of those maintainers, plus some extra bits of wanna-build magic (give-backs using dep-waits), packages got tried (and built successfully) when their build dependencies became available on the buildds.

In the meanwhile, the maintainer of libibverbs confirmed that it’s not worth building useless binaries on non-Linux architectures, so I closed #535202 and opened a bug against buildd.debian.org instead, requesting the addition of libibverbs to the Packages-arch-specific list (aka. P-a-s): #535360.

Now, there are still some issues when trying to use sbuild, but it’s at least installable and people can try it out.

Working on another package also made me noticed that there was a bug in a FreeBSD kernel header: #535243. The fix is already in the repository, and it looks like I’m going to be added to the Uploaders of the kfreebsd-kernel-headers source package so that it gets uploaded quickly.

I hate impromptu toolchain-related FTBFSes

While I’m all for making tools as strict as possible (especially build-related tools), I really think it would be very nice for toolchain maintainers to deliver advance warnings.

GCC folks do that perfectly: File bugs, provide patches, raise severity when the new version is around, NMU if needed.

Dpkg folks prefer making a parser stricter, without caring at all which packages they might break. The previously-mentioned mpi-defaults was one of them.

The list of FTBFSes triggered by dpkg 1.15.3 (at least, the ones I spotted using 3 basic UNIX commands and spending a few seconds in lintian’s lab on lintian.debian.org, see how difficult that was!) follows: #535230, #535276, #535279, #535283, #535284, #535287, #535292, #535297, #535299, #535301, #535303, #535304, #535306, #535310, #535312 (all of them with tested patches because I didn’t feel like being lazy and shrugging over IRC after being notified).

At least it’s not about trying to sneak *FLAGS handling into a frozen testing this time. But that’s still annoying.

Stephan Peijnik: update-manager weekly update #5

Thu, 02 Jul 2009 09:29:01 +0000

Firstly I have to apologize again for not providing you with weekly update #4, but again I didn’t have the time to write one, so this post is going to sum up everything that happened since my last update.

Let’s have a look at my previous TODO list:

Documentation

Even though my TODO list entry contained a more detailed entry I have updated the UpdateManager documentation as a whole, leaving only a few blank spots right now.

Ubuntu distribution specific code

I implemented changelog fetching for Ubuntu, which works just as fine as its Debian counterpart now.

More unit tests

There are plenty of unit tests now, but not everything is being tested yet. I am especially proud of my Python interface validation code, that is being used in unit tests to check if handlers implement an interface correctly.

Update list downloading

Checking for updates is what caused me major trouble in the past few days. Basically I had all the code ready, but for some reason the UI froze, with no apparent reason.
However, today I was able to finally identify and fix the problem. As I expected my code was just fine, but python-apt was messing up. I am going to discuss the exact problem and its solution later on, but first: a screenshot.

Note: As you probably noticed I replaced the default progressbar with a pulsating one, because we cannot get exact information on how many items/bytes to fetch and would likely get a progress bar moving backwards, which isn’t beautiful.

Further changes

The TODO list was rather short and I did a lot of other work, which I want to elaborate on.

Dynamic selection of frontend, backend and distribution specific modules

Even though this is probably not of any interest to John Doe, it helps a great deal when debugging code as all three components can be selected via separate command line switches now.
Additionally some magic has been put in place that automatically detects the system’s distribution and loads the corresponding distribution specific module. This is done via lsb_release and the newly introduced code in UpdateManager.Util.lsb.

Pylint cleanup

Just out of curiosity I decided to start a pylint run on the codebase and quite a few problems were detected, which I then fixed. To be honest though I added quite some code afterwards that probably needs pylint checking and fixes again.

update-manager IPC

My original plan and IPC design involved using callback functions and passing them between the different modules. Even though this worked out fine I had the feeling this wasn’t clean enough and decided to ditch this approach and replace it with handler classes.
The handler base classes now provide an interface of methods that are called on certain events and their implementations act accordingly. The main benefit was that I could easily drop a lot of enums and rather have different methods handling different events.

Gtk, threads and python-apt

With the new IPC approach it became easier to use threads that do the actual work in the background, which I had implemented in next to no time, but a few problems showed up.
Whilst cache reloading from within a thread worked just fine checking for updates did not, and until today I didn’t know why. I spent a good amount of time debugging this issue, even using python profiling, but nothing obvious showed up. The background process was running, whilst the UI froze.
Today I finally found the root of the problem: python-apt. Even though I assumed that the python-apt worker threads must be stealing CPU time from the thread running gtk.main I wasn’t sure how this could be happening, having two completely independent threads.

Now, the cause of all this mess was that Python has a global threading lock and it seems as if this one is *LOCKED* when running C-code, such as the one python-apt comes with. The solution lies in calling Py_BEGIN_THREADS_ALLOW and Py_END_THREADS_ALLOW from within the C code, to release the global lock and let the Python interpreter do some work every now and then.

As with the python-apt acquire code I was able to allow other threads to work as soon as the fetching code starts working and only disallow threads when actually modifying Python objects or calling methods and/or functions. Surprisingly python-apt already made use of this in its cache loading code, but not the fetch progress code.
Fixing this problem took me less than half an hour and you probably can’t believe how glad I was to finally get things working again.

UI updates & other changes

Some details in the UI were anything but optimal, like horizontal scrollbars in a few places, which I removed. Additionally I saw the need to move some code out of the Gtk frontend’s __init__.py file and to a separate ui.py file.
A full list of all changes I made is available from the bzr changelog at bzr.debian.org.

A few more screenshots

Finally, I would like to provide you with two more screenshots (don’t worry about my system being insecure because of not applied updates – this is a testing machine that is not up-to-date on purpose):

TODO list

My TODO list for next week:

Downloading and installing of updates
Checking that everything is documented
Even more unit tests
Pylint checking
If time permits and everything else works correctly: working on an aptdaemon backend

Colin Watson: Python SIGPIPE handling

Thu, 02 Jul 2009 09:15:00 +0000

Enrico writes about creating pipelines with Python's subprocess module, and notes that you need to take care to close stdout in non-final subprocesses so that subprocesses get SIGPIPE correctly. This is correct as far as it goes (and true in any language, although there's a Python bug report requesting that subprocess be able to do this itself), but there's an additional gotcha with Python that you missed.

Python ignores SIGPIPE on startup, because it prefers to check every write and raise an IOError exception rather than taking the signal. This is all well and good for Python itself, but most Unix subprocesses don't expect to work this way. Thus, when you are creating subprocesses from Python, it is very important to set SIGPIPE back to the default action. Before I realised this was necessary, I wrote code that caused serious data loss due to a child process carrying on out of control after its parent process died!

import signal
import subprocess

def subprocess_setup():
    # Python installs a SIGPIPE handler by default. This is usually not what
    # non-Python subprocesses expect.
    signal.signal(signal.SIGPIPE, signal.SIG_DFL)

subprocess.Popen(command, preexec_fn=subprocess_setup)

I filed a patch a while back to add a restore_sigpipe option to subprocess.Popen, which would take care of this. As I say in that bug report, in a future release I think this ought to be made the default, as it's very easy to get things dangerously wrong right now.

Evan Prodromou: 14 Messidor CCXVII

Thu, 02 Jul 2009 08:48:58 +0000

It's been one year since the public launch of identi.ca on July 2, 2008.

At the time, I'd been working on the software for a few months, and after some friendly beta testing by Montreal tech folks and autonomo.us members, I felt that it was time to Release Early, Release Often. So on vacation in Lake Tahoe with my pregnant wife and in-laws, and jetlagged and unable to sleep, I sent out an announcement email to beta users at 5:30AM PDT. You can see my status update on the subject, which in turn links to our press release and my personal blog post of Journal/14 Messidor CCXVI. We had 10K users within 30 hours; I switched hosting providers and did a new release of the software within 72. It was a busy time.

I had no idea that identi.ca and Laconica would become such an important part of my life and of the Internet landscape. In the intervening year, we've received seed funding from Montreal Start Up, done 4 major point releases of the software (from last year's 0.4.x to this week's 0.8.x), and become the indisputably most important Open Source microblogging platform on the planet.

I'd like to take moment to give my personal thanks to folks who've helped make this project such a success:

My wife @majnoona and children @amitajune and @stavro who've been so patient with my work and travel schedule over the last 12 months.
My innumerable friends and colleagues who've set up accounts on identi.ca and used them. You learn who your friends are when you start a new project like this.
The thousands and thousands of people who've become new friends through the site. I've been awed by how many folks have caught onto the dream of Open Source, distributed microblogging and made it their own.
The dozens of developers who've written code for Laconica, or plugins, or API clients that use the software.
The team of developers and admins at Control Yourself: @zach, @csarven, @millette, @nate, @foucault and @cvollick. They've put in long hours and done some really impressive technical feats to keep us going in the face of growth and technology changes.

I'm looking forward to another big year.

tags: identica laconica identica1

Daniel Silverstone: Dear Lazyweb…

Thu, 02 Jul 2009 08:45:38 +0000

I am currently stuck taking four times the suggested daily dose of two anti-histamines in order to combat my body and its reaction to plants having sex all around me.

I am taking two 10mg Loratadine tablets, and two 10mg Cetirizine Hydrochloride tablets, twice daily. This is effectively four times the recommended dose of twice as many anti-histamines as I should need.

I wasn’t this bad last year, but the year before was similar. Irritatingly, once the drugs kick in (45 minutes to an hour after taking) my runny nose, itchy/burny eyes, slight dopeyness induced by feeling crap, etc. all fade away. Yesterday I needed my second dose a mere 8 hours after the first, but I didn’t need to re-dose until this morning after that.

I guess what I’m asking is—what is the expected side-effects of taking such a high dose of antihistamines. Do any of you out there have to take such high doses, have you seen a doctor about this? All I expect a doctor to do is to either supply me more loratadine on prescription (which is of dubious value unless I get a lot given prescription charges in the UK), or to try me on a nasal spray, which tend to induce nosebleeds for me. If you’ve found other ways to cope, I’m interested. Otherwise I guess I’ll make an appointment to see the doctor in the next week or so.

Russell Coker: Web Hosting After Death

Thu, 02 Jul 2009 06:03:43 +0000

Steve Kemp writes about his concerns for what happens to his data after death [1]. Basically everything will go away when bills stop being paid. If you have hosting on a monthly basis (IE a Xen DomU) then when the bank account used for the bill payment is locked (maybe a week after death) the count-down to hosting expiry starts. As noted in Steve’s post it is possible to pay for things in advance, but everything will run out eventually.

One option is to have relatives keep the data online. With hard drives getting bigger all the time it wouldn’t be difficult to backup the web sites for everyone in your family to a USB flash device and then put it online at a suitable place. Of course that relies on having relatives with the skill and interest necessary.

The difficult part is links, if the domain expires then links will be broken. One way of alleviating this would be to host content with Blogger, Livejournal, or other similar services. But then instead of the risk of a domain being lost you have the risk of a hosting company going bankrupt.

It seems to me that the ideal solution would be to have a hosting company take over the web sites of deceased people and put adverts on them to cover the hosting costs. As the amount of money being spent on Internet advertising will only increase while the costs of hosting steadily go down it seems that collecting a lot of content for advertising purposes would be a good business model. If the web sites of dead people are profitable then they will remain online.

It wouldn’t be technically difficult to extract the data from a blog server such as Wordpress (either from a database dump or crawling the web site), change the intra-site links to point to a different domain name, and then put it online as static content with adverts. If a single company (such as Google) had a large portion of the market of hosting the web sites of dead people then when someone died and had their web site transferred the links on the other sites maintained by the same company could be automatically adjusted to match. A premium service from such a company could be to manage the domain. If they were in the domain registrar business it would be easy to allow someone to pay for 10 or 20 years after their death. Possibly with a portion of the advertising revenue going towards extending the domain registration. I think that this idea has some business potential, I don’t have the time or energy to implement it myself and my clients are busy on other things so I’m offering it to the world.

Cory Doctorow has written an article for the Guardian about a related issue – how to allow the next of kin to access encrypted data when someone is dead [2]. One obvious point that he missed is the possibility that he might forget his own password, a small injury from a car accident could cause that problem.

It seems strange to me that someone would have a great deal of secret data that needs strong encryption but yet has some value after they are dead. Archives of past correspondence to/from someone who is dead is one category of secret data that is really of little use to anyone unless the deceased was particularly famous. Probably the majority of encrypted data from a dead person would be best wiped.

For the contents of personal computers the best strategy would probably be to start by dividing the data into categories according to the secrecy requirements. Publish the things that aren’t secret, store a lot of data unencrypted (things that are not really secret but you merely don’t want to share them with the world), have a large encrypted partition that will have it’s contents lost when you die, and have a very small encrypted device that has bank passwords and other data that is actually useful for the executors of the will.

One thing that we really need is to have law firms that have greater technical skills. It would be good if the law firms that help people draw up wills could advise them on such issues and act as a repository for such data. It seems to me that the technical skills that are common within law firms are not adequate for the task of guarding secret electronic data for clients.

[1] http://blog.steve.org.uk/there_s_something_out_there_waiting_for_us__and_it_ain_t_no_man_.html

[2] http://www.guardian.co.uk/technology/2009/jun/30/data-protection-internet

Cyril Brulebois: ikiwiki dates

Wed, 01 Jul 2009 23:00:00 +0000

Some time ago, the box on which my blog is hosted went dramatically down, and I had to restore the blog by populating the git repository again, from my local copy.

Unfortunately, that means that the wiki had to be rebuilt from scratch, and all creation dates were messed up, leading some planet-like sites to show all of my posts again.

To ensure that this won’t happen again (even if I switch branches in the git repositories, move some files around, trash the ikiwiki cache, etc.), it looks like using meta dates is the way to go, for example:

 [[meta date="2009-07-02"]]

(One can use 2009-07-02 00:00:00 and 2009-07-02 01:00:00 to sort several entries on the same day, too.)

This way, all pages are rendered identically on every system.

To help maintaining those extra dates (kind of a burden, to be honest), I’ve written a tiny Perl script to automate it, and specified an alias in .git/config for that repository:

 [alias]
 ikiwiki-check = "!blog/2009/07/02/ikiwiki-dates.pl"

Inline replacement (in case of conflicts: same date without time, or with same time) or additions are then performed, and git status will show what needs tweaking.

More work that I initially imagined, but robustness should follow.

David Welton: Custom Twitter Sites, BikeChatter.com Updates

Wed, 01 Jul 2009 22:37:10 +0000

I've been hacking away at http://www.bikechatter.com, adding a few things like votes and tags so that you can choose which broad categories you want to follow. The first will let people vote for the most interesting tidbits that come through twitter, whereas the second will let me add more people without overloading those who are, say, not interested in reading what coaches have to say, or are only interested in professional women racers, etc... I don't think I'll bother with individuals - if you want that, just add them to twitter yourself! At most I might see about putting in an 'exclude list'... but we'll see; I'd prefer to keep things simple.

Since I love cycling so much, adding stuff to this site has always just been kind of a fun side project, something to relax with in the evenings, rather than something I thought about in monetary terms. However, the basic idea seems to be popular, and as luck would have it, I've been approached by someone looking to buy the code behind BikeChatter to drive their own custom twitter site. If someone has gone to the trouble of writing me, there must be other people interested too, so I thought I'd publicly state that I'd be willing to do similar deals with people interested in having their own custom twitter site. Interested? Write me at davidw@dedasys.com . I'd be happy to tell you what the code can and cannot do, and discuss any ideas you may have, in order to let you know if it's a good fit, or if you'd have to do a lot of work.

The code is pretty straightforward Ruby on Rails. I use Postgres as a database, but others should work fine too. As is obvious, I'm not much of a design guy, but it shouldn't be too hard to plug in your own look and feel.

Adam Rosi-Kessel: MBTA Blocking TPM

Wed, 01 Jul 2009 21:51:33 +0000

I’ve been happy to see WiFi appearing on nearly every MBTA commuter rail car recently. I was less happy to see this:

No TPM on MBTA

I guess I’ll have to wait until I get home to find out why this bothered Steve so much.

Oddly, the MBTA’s web filter also blocked access to my WordPress editor, but unlike the TPM block, I could select “yes, I really want to do this” to get here.

I’ve never understood why web filters so often block these sorts of sites on apparently generic settings. “General News/Blogs/Wikis” are dangerous? Reputation “neutral”? I’d be surprised if anyone at the T actually did this on purpose, but I suppose it would fit the general pattern of operational incompetence.

Eugene V. Lyubimkin: cupt: time to feedback

Wed, 01 Jul 2009 15:58:19 +0000

Cupt, the re-implementation of APT suite, continues growing.

Since the previous post a lot of bugs were fixed, several versions were uploaded to Debian. As always, many bugs were hunted out, and now, last 0.2.3 version hasn't any open bugs in BTS.

I claim this is a good time for anyone who experienced bugs with APT to at least try typing one's favorite package manager command (update, full-upgrade, install, remove etc.) with cupt. Not being Swiss knife, Cupt already works for many known cases. If it doesn't, file a bug.

I claim this is a good time for anyone who feels that Perl is bad programming language to show practical objective statistics (speed, memory footprint etc.).

I claim this is a good time for anyone who has some words to say about Cupt (good or bad) to say them. Using private e-mail or via #cupt channel on OFTC IRC network.

Several people asked me before, do I want to replace APT by Cupt in some future. Well, if APT will stay unmaintained as it is now, then the answer is probably 'yes'.

In the meantime, a half-pilot implementation of source packages is ready. It's possible the next uploaded version of Cupt will strike out the 'experimental' word from the tool's description.

Cyril Brulebois: Best questions ever

Wed, 01 Jul 2009 15:47:00 +0000

Would someone guess the link between:

What mail client are you using?
Are you around during the next two weeks?

After answering those, I’ve been offered to take care of the GNU/kFreeBSD buildds, which is yet another experience. \o/

Quite a good timing since I’ve recently tried to get involved with the GNU/kFreeBSD ports again, prodding maintainers, uploading fixed packages (usually thanks to Petr Salinger’s patches), or providing patches myself.

Robert Millan: Mono is not a patent threat for Debian

Wed, 01 Jul 2009 15:31:41 +0000

I read Richard Stallman’s post in which he expresses his concern about a serious danger with reliing on .NET for free software development. I think Richard makes very good points here, and I do agree that there’s a serious danger, but I don’t think Microsoft would ever bring all .NET implementations underground. If you think that, my opinion is you’re underestimating them.

Microsoft is smarter than that. They are a sworn enemy of free software, they’re ruthless, and they know all the anti-competitive tactics in the IT world. There’s no doubt they want to make our community divided and helpless. And when they look at the free software development ecosystem, they see two big groups:

A- Highly profitable vendors like Red Hat or Sun/Oracle.
B- Non-profit communities like Debian or Ubuntu (technically, Canonical is a for-profit venture, but they operate at loss).

There’s also 3rd parties that sell hardware or services and contribute “collateral” improvements to our codebase. I’ll ignore those for the sake of simplicity.

It would be silly to try harm group B with their patents, since it’s composed of grass-root efforts which can’t be unrepairably injured just by bringing a company out of bussiness. Besides, group B actually helps them promote their patent-encumbered standards. Why attack those who are helping you?

Ah, but as for group A, maybe they could use patents to shut it down? Perhaps, but I think they’re even smarter than that. Sun Tzu said: “When you surround an army, leave an outlet free. Do not press a desperate foe too hard.” If Mono-based applications become a significant competitive advantage (and it is in their agenda that they do), and their competitors are forbidden from using them, they will put all their effort in pushing for alternatives, even at great expense. I really think they know better.

I recently came across this very interesting article, written in 1999, which details the tactics used by Microsoft to fight IBM. They obviously saw OS/2 as a threat. Back then, Windows 95 was the trading token. They could have caused IBM a great deal of harm shall they refused to license it to them, but it seems the idea of subjugating IBM was more appealing. This is how Garry Norris (IBM) put it:

“Microsoft repeatedly said we would suffer in terms of prices, terms, conditions and support programs, as long as we were offering competing products.“

“[Microsoft] insisted that IBM sell 300,000 copies of Windows 95 in the first five months or face a 20 percent price increase“

Nice deal, eh? Make your dependancy on Windows 95 stronger, or else we’ll use your existing dependancy on Windows 95 against you. No surprise IBM abandoned the PC market. Are Red Hat and Sun/Oracle set on the same direction?

Draw your own conclussions. In my point of view, projects like Debian and Ubuntu are completely safe from direct patent threat. Should we care if Red Hat or Sun/Oracle succumb? Perhaps not, after all, what are they doing for us?

Junichi Uekawa: mecab package for Debian.

Wed, 01 Jul 2009 14:53:19 +0000

mecab package for Debian. In Japanese, words in sentence are not split by spaces, and are written continuously. Thismakesparsingofsentencesverydifficultformachines. Luckily people have done much research, and probabilistically split words in sentences. That science is apparently called morphology. There are some packages in Debian; ones I know include chasen, kakasi, and mecab. I looked at mecab today. mecab has different dictionaries, and there are 4 dictionaries in Debian lenny. One free one (mecab-juman) and non-free one (mecab-ipadic). This looks confusing for first-timers.

Gustavo Noronha Silva: Firefox 3.5 lançado!

Wed, 01 Jul 2009 14:13:55 +0000

O Firefox 3.5 foi lançado, e essa é uma boa notícia. Significa que os navegadores livres e/ou que respeitam padrões abertos continuam deixando comendo poeira os navegadores legados com o Internet Explorer (especialmente o 6, que ninguém merece, né?).

Entre outras coisas, o Firefox 3.5 tem performance de javascript muito melhor, parecida com a do Epiphany 2.27.3, e suporta bastante coisa de HTML5, incluindo as tags de audio e vídeo. Muito importante com relação a isso, é que ele suporta por padrão os formatos abertos (assim como a WebKitGTK+, que usa GStreamer, mas o suporte às tags ainda não funciona 100%). Tem algumas páginas muito interessantes para acompanhar a ‘adoção’ da nova release: http://downloadstats.mozilla.com/.

As pessoas devem saber da minha relação de amor é ódio com a Mozilla - mesmo hoje o navegador não se integra bem com meu GNOME, a API de embedding deixa muito a desejar, mas ninguém pode negar que o Firefox foi o que trouxe um clima de abertura para a Web, e exigiu que todos começassem a se preocupar com padrões, desempenho e qualidade. Se você usa um sistema operacional proprietário, largue logo os navegadores proprietários e use uma coisa que presta! =)

Gunnar Wolf: Carlos Bueso, from the Honduras Free Software community, detained

Wed, 01 Jul 2009 13:33:49 +0000

I met Carlos Bueso two weeks ago, at the Central American Free Software Encounter. I am translating this mail writen by another member of the group (from Costa Rica) explaining his situation.

Excuse me for a broken, possibly wrong English - I find more important to make this message available than to get proper wording for it. If you cannot understand something and can read Spanish, or if you wish to further distribute this text, please refer to the original mail.

Hello everybody,

I wrote this some hours ago, and am circulating it because I don't know what else to do... I imagine all of us are in similar terms with our frustration and our willingness to do something.

Somebody answered to me with an update, and I reelaborated the note, and am reproducing it here so everybody shares it with our communities, via our blogs and whatever ways we find. We must do something, right? At least this! And I don't know what more... Can somebody think of anything? Meanwhile, please redistribute this.

I am writing to other organizations to see what we can do.

Our friend Carlos Bueso has been detained in El Progreso. He is a communicator, acused of sedition.

This morning, our friend Carlos Bueso was detained. Carlos is a member of the Comunicación Comunitaria (COMUN) organization, as well as of the Central American Free Software community. COMUN promoves and defends laboral and human rights by advancing alternative communication means. Their offices are located in El Progreso, 250 Km north of Tegucigalpa, the national capital, in the Atlantic coast of Honduras, and 26 Km from San Pedro Sula, the country's second city in importance.

Carlos Bueso is an 18 year old informatics technician. In COMUN, he works performing computer-related teaching and Free Software promotion. He also is an editor for the Vida Laboral magazine, and maintains the http://wwww.honduraslaboral.org website.

In the June 30 morning, Carlos took part of a demonstration in El Progreso, Yoro, against the coup perpetrated on June 28. This demonstration was repressed at 10 AM, the army shot at the air and used several tear gas bombs. Carlos was detained, as well as Marcelino Martinez, Jorge Cordon, Junior Antunez, Joel Martinez, Martha Ileana Hernandez and Jose Erazo. The complete news note is available (in Spanish) in http://honduraslaboral.org/leer.php/1878 and a video of this repression can be seen at http://www.youtube.com/watch?v=wC4LQU_UeTs

Carlos and other people are detained in the El Progreso police cells, and will be presented to the tribunals next July 1st, accused of sedition.

The detainees have been interviewed, and they are OK, waiting to be put at the Public Prosecutor's (Ministerio Público) authority. The Prosecutor can decide to set them free, or refer them to the Tribunals. If they are sent to the Tribunals, they will be probably sent to the local presidium for six days to be interrogated.

Send your demands to https://twitter.com/R_Micheleti

[update] Carlos has been set free! While he is still facing charges for rebellion, he has been allowed to face them from freedom. He is still subject to investigation and might be jailed again if the de-facto powers so decide, but he is free and well now. Good!

Attachment	Size
Carlos Bueso	5.25 KB
Original mail (in Spanish)	4.45 KB

Peter Eisentraut: 10+5 Things (Not Yet) Rendered Obsolete By My Mobile Phone

peter_e@gmx.net (Peter Eisentraut) — Wed, 01 Jul 2009 12:05:55 +0000

I don't have an iPhone, but I figured when reading about the 15 Apps Rendered Obsolete By The New iPhone 3GS that while my mobile phones have over time obsoleted several gadgets, tools, and other non-phone items, there are still a lot of things they don't do for me, but conceivably should. At the moment, I have a Nokia E71, which is a pretty good phone. But here are a few things it could do better:

Calendar. I still carry a separate small pocket calendar for my personal and business appointments. Mostly because I haven't bothered to figure out how to synchronize the phone calendar with the calendar at the office. And then, I don't think it's easily possible to sync my work appointments with the calendar system at work but back up my personal appointments to MyNokia Backup (or is it Ovi now), without sending the somewhat confidential work appointments to Nokia and the somewhat confidential private appointments to the office. I think you can exclude certain events from being synced at all, but not sync certain events only to certain servers. And as a minor point, the phone calendar doesn't know the local holidays. The calendar issue is obviously a core competency of the mobile phone, so it might just be matter of time before it's solved. Best guess: End of the year, when I need to decide whether to buy another calendar book.
Notes. The phone has a Notes application (and an Active Notes application, whatever). But there's the synchronization issue again; how do I get the notes from the phone into my action and project lists (which I don't keep on the phone). I do use the phone to take notes on the train and during meetings, say, but then I transfer them manually to a more trusted container.
GPS receiver. I keep a separate GPS receiver from Garmin for geocaching. The E71 has a GPS receiver and a maps application, and I do use it for navigation in the car, and I have recently discovered the SportsTracker application. But the simple interface of entering coordinates and having an arrow point there that the Garmin provides does not appear to be available on the phone. I do know that some people go geocaching with only their phones, so this must be possible, but I haven't had time to figure it out yet. But this gadget might become the next one to go.
Flashlight. This one ties in with a recent geocaching experience. Many people have tried to use their mobile phone as a light source in a bind and noticed that it doesn't work so well. Perhaps they could put in a few LEDs and a battery that is two millimeters thicker. That would help a lot.
Laser pointer. If they can do flashlight, they can surely do laser pointer. Useful for presentations, when you don't want to carry around an extra gadget.
Bluetooth mouse. Also for presentations, how about just using the phone as a next-slide clicky thing. This is likely already possible with some custom software on both the phone and the laptop, but it could be easier.
Camera. I'm not an expert photographer by any means, and I haven't done any great analysis of the picture quality of the built-in camera, but it just feels better to take a separate digital camera when you actual go out with the purpose of taking pictures.
USB drive. Yeah, you can do this with the cable and then taking care to copy things into the right directory on the phone's memory card or something. Could be easier and clearer, though. And separate from the phone's internal file system. Putting a full-size USB plug into the phone is probably going to be difficult, but for larger models like the Nokia E90 it could be possible.
Debian. Nothing like being able to hack up your own operating system and applications as you choose. It's sad that the Openmoko/FreeRunner initiative has had setbacks. And while Android is an open platform, there is something to be said for having the same operating system on all devices.
Desktop computer. Yeah right. Most of the "productivity" applications on the phone still suck and are at best stopgaps until you get home to the big screen. More on that in a later post.

OK, those weren't 15 things, as with the iPhone. For completeness, how about 5 things that the phone does appear to have replaced permanently:

Address book. I used to have one, but all the current addresses of relevance are in the phone, backed up to somewhere on the Internet. In fact, I could probably find most people I know either via public mailing list archives or something like Facebook anyway.
Land line phone. The stationary phones are gone for good. There is now only this one phone, which is the home phone, the work phone (also no more desk phones at the office), and the VoIP phone. I found this review of Google Voice an interesting contrast in this context. I only have one phone number anyway. (The VoIP line has a different number, but there you want the separate number to make sure you are using the cost-saving path to call.)
Car satnav system. For the few times I have needed it, the satellite navigation system in the phone has done fine. It's not quite the same as having one built into the car, in terms of ease of use, GPS reception, and integration with the other audio equipment, but it works. And you can use the same system to also navigate on walks, as opposed to drives, which is a surprisingly useful feature.
MP3 player. I have never really listened much to MP3s anyway, and now on the phone I have podcasts, video podcasts, internet and broadcast radio, as well as MP3s, which is much better altogether.
iPhone. :-) Don't have one, don't want one. I recommend the Hacking the iPhone session from 25C3 (video page) for further enlightenment.

Biella Coleman: Biella’s Guide to PR: Cafe con Leche

Wed, 01 Jul 2009 11:51:53 +0000

coffee roaster, originally uploaded by the biella.

What would life be without coffee? It frightens me to entertain a life without the stuff as it is one my most favorite things in the world. Some nights I am excited to go to bed just so I can wake up and have my cup of joe (I am not one of the Fortunate Ones who can drink coffee at night).

A few mornings a week I decide I would rather sit at a coffee shop to sip on my morning joe and I am quite lucky in this regard because I live down the street from what I think is the best local coffee shop in the metropolitan area: Hacienda San Pedro, which is also a local plantation, one of the many you can visit for the day.

They roast their coffee on premises (which they are doing right now) in a very cool old fashioned looking roaster, also pictured above, which they seem to do between 7 AM and -8AM when I tend to be here. When you step outside after the roasting you walk through a billowing and light poof of coffee smoke, which is like being blessed by the gods of coffee before starting your day.

The great thing about the coffee aside from its taste is the price. The cup featured below is around $ 1.60 which beats the 3 dollars you would pay at a Starbucks, which have, in the last 3 years, infested and infected the island. Given that so much coffee is grown here, it is great to see these sorts of places sprout and serve the local stuff.

They have a good selection of baked goods for b-fest, free wireless (yay!), and great music playing, usually something like Silivio Rodirguez or some reggae. After you are done, you can head to the museum right down the street, which not only has a great collection of local and international art, but a great peaceful garden, and one of my favorite murals.

The coffee shop is located at Avenida De Diego #318 (though there is no number out front, but there is a banner). Basically it is between the highway overpass in Condado, which is right next to the art museum and a large avenue called Ponce de Leon, which resides in the heart of Santurce.

Currently, they are open Mon-Friday from 6:30 to 6, on Sat open from 9 to 3:30 and closed on Sunday.

Holger Levsen: friendly...

Wed, 01 Jul 2009 10:53:09 +0000

How to defeat the KKK with an open mind and laughter. Hillarious and brilliant.

Runa Sandvik: Can you really be too paranoid?

Wed, 01 Jul 2009 10:40:12 +0000

Cory Doctorow’s latest column, “When I’m dead, how will my loved ones break my password?“, gives a few good solutions to the problem of what to do with those encrypted hard-drives and network passwords, should you (or your loved one) pass away. Some people have commented that these solutions might be a tad paranoid. Is there such a thing as being “too paranoid” when it comes to your private data?

Jon Dowland: Debian Developer

Wed, 01 Jul 2009 10:18:08 +0000

I am now a Debian Developer. Yay! Thank you to everyone who helped and supported me through this process, which (depending on exactly how you count) took between 3, 4 and 8 years. I would have given up long ago without the encouragement and well-wishing I have received along the way.

MJ Ray: Digital Britain Report: first glance

Wed, 01 Jul 2009 07:12:17 +0000

The Digital Britain Report was published on 16 June 2009. I only got time to look at it quickly recently because this is one of the co-op AGM seasons.

At first glance, it misses the mark. It doesn’t do anything to unlock Digital Britain and make us a more sharing and social place. From failing to open the 3G mobile networks to the Phone Co-op and other operators completely (they describe it as already being “highly competitive” - haven’t they visited a South West “notspot”?), through the unnecessary increase in protection for Star Wars’s foreign owners, right down to the continued support for Adobe on the report download site instead of third-sector-produced pdfreaders.org, it looks like the report won’t stop us being “Digital Divide Britain”.

I also have my suspicions about the effect of the “DAB-only from the end of 2015″ decision on our community radio companies, but I’ve not been active in that sector for years and there’s a further consultation about that.

Ultimately, “the Government believes piracy of intellectual propert for profit is theft and will be pursued as such through the criminal law” is the killer phrase in this report. The concept of being allowed to file-share without payment doesn’t even appear in the same section. I’ve been warning about these “New Enclosure” attempts for years: I didn’t expect the Digital Britain report to be such a leap towards them.

I think many of these problems could have been avoided if digital production cooperatives had been included in the preparation of this report in any significant way. I feel it has been captured by the private sector and a few trading funds, to the detriment of the nation. Shouldn’t we expect better from a Labour and Co-operative government?

What did you think of the report? What else am I missing? Seen any good reviews of it for free software fans or cooperators?

Enrico Zini: Creating pipelines with subprocess

Wed, 01 Jul 2009 07:08:06 +0000

Creating pipelines with subprocess

It is possible to create process pipelines using subprocess.Popen, by just using stdout=subprocess.PIPE and stdin=otherproc.stdout.

Almost.

In a pipeline created in this way, the stdout of all processes except the last is opened twice: once in the script that has run the subprocess and another time in the standard input of the next process in the pipeline.

This is a problem because if a process closes its stdin, the previous process in the pipeline does not get SIGPIPE when trying to write to its stdout, because that pipe is still open on the caller process. If this happens, a wait on that process will hang forever: the child process waits for the parent to read its stdout, the parent process waits for the child process to exit.

The trick is to close the stdout of each process in the pipeline except the last just after creating them:

#!/usr/bin/python
# coding=utf-8

import subprocess

def pipe(*args):
    '''
    Takes as parameters several dicts, each with the same
    parameters passed to popen.

    Runs the various processes in a pipeline, connecting
    the stdout of every process except the last with the
    stdin of the next process.
    '''
    if len(args) < 2:
        raise ValueError, "pipe needs at least 2 processes"
    # Set stdout=PIPE in every subprocess except the last
    for i in args[:-1]:
        i["stdout"] = subprocess.PIPE

    # Runs all subprocesses connecting stdins and stdouts to create the
    # pipeline. Closes stdouts to avoid deadlocks.
    popens = [subprocess.Popen(**args[0])]
    for i in range(1,len(args)):
        args[i]["stdin"] = popens[i-1].stdout
        popens.append(subprocess.Popen(**args[i]))
        popens[i-1].stdout.close()

    # Returns the array of subprocesses just created
    return popens

At this point, it's nice to write a function that waits for the whole pipeline to terminate and returns an array of result codes:

def pipe_wait(popens):
    '''
    Given an array of Popen objects returned by the
    pipe method, wait for all processes to terminate
    and return the array with their return values.
    '''
    results = [0] * len(popens)
    while popens:
        last = popens.pop(-1)
        results[len(popens)] = last.wait()
    return results

And, look and behold, we can now easily run a pipeline and get the return codes of every single process in it:

process1 = dict(args='sleep 1; grep line2 testfile', shell=True)
process2 = dict(args='awk \'{print $3}\'', shell=True)
process3 = dict(args='true', shell=True)
popens = pipe(process1, process2, process3)
result = pipe_wait(popens)
print result

Raphael Geissert: Account Created

Wed, 01 Jul 2009 04:14:02 +0000

Here I am, more than 19 months later, but am finally a DD :)

Many thanks to everyone who contributed to my NM process, especially anibal (my advocate), faw (my AM), and myon (fd/dam).

Timing is perfect, I planned a mass NMU day to fix bashisms :D

Martin Zobel-Helas: Switched to Movable Type

Tue, 30 Jun 2009 23:38:15 +0000

After a long period of not-blogging, i decided to relaunch my blog using MovableType. Yes, i know ikiwiki does exist... ;-)

Josselin Mouette: Introducing dh_devlibs

Tue, 30 Jun 2009 17:19:39 +0000

Ever noticed how the dependency fields of development library packages are tedious to maintain? They are often:

out of sync with the build dependencies,
outdated regarding the actual requirements of pkg-config files,
and of course incorrect whenever libtool decides to add tons of unneeded dependencies.

In order to improve the situation a bit, I have written a debhelper script to handle development libraries and generate automatically these dependencies in a ${dev:Depends} variable, using the pkg-config information. I have requested its inclusion in debhelper, but in the meantime, I’d appreciate if people could test it against various library packages so that its potential bugs can be fixed; this could surely convince Joey to accept it faster.

Here you go: dh_devlibs.

The next step in this direction is to do some automatic validation of build-dependencies. The first approach I thought of requires some improvements in pkg-config, but given how this package is maintained, I’m afraid it will require some time. There are other possibilities involving diversions, so it is still possible that something good comes out of this.

Adeodato Simó: Oposiciones, or working for the Spanish administration

Tue, 30 Jun 2009 16:58:27 +0000

In Spain, in order to work for the public administration, you have to go through this selection process called Oposiciones, which are basically an exam and other tests after which candidates are sorted by their combined grade, and available positions are handed out to them in that order. I assume every country has something to the same effect.

In Spain at least, the position thus obtained is to be held for life, meaning you cannot be fired unless you incur in extremely unacceptable behavior (and then, as far as I know, most of the time you just get barred from work for a number of months, after which you return normally). Because of this, many a mother advices their children to prepare for one of these exams, and many people decide to do so particularly in times like these. The people who occupy such positions are called funcionarios, and there’s this même in Spanish society that they all work very relaxedly, to use an euphemism, particularly those in offices. (It must be very upsetting to be a diligent funcionario, and be made the same snide remarks again and again when revealing yourself as one.)

I really don’t understand why this is done this way, and can’t possibly agree to it. Of course, the State above all should behave responsibly and provide with stable employment, but I can’t see why its employees shouldn’t be held up to the same standards of quality as the citizens employed by private companies. Isn’t just «for-life employment» a recipe for people lowering their standards? If there’s no risk of getting sacked, isn’t that an invitation —at least for many people— to performing a sub-par job? (A person I know who’s preparing Oposiciones to be a teacher in Primary school told me that, in fact, such fact would give her much freedom to implement more modern teaching methods without fear of consequences, for they are regarded as very unconventional by most, but my impression is that she’s the exception rather than the rule.)

Speaking of Education, here in Spain there’s a special degree you have to pursue if you want to be a teacher in Primary school. However, to be a teacher in Secondary school, any degree will do, as long as you attended upon completion to a laughable 4-month course on “how to teach”. Because of this, people with random degrees and no interest in teaching whatsoever decide every year that Secondary school is their best bet to a funcionario position, and go for it. Which, I muse, perhaps plays some kind of role in the state of Education around here — but that is going into muddy waters, and I rather wouldn’t. (I’m told that this laughable 4-month course is being morphed into some kind of 1-year Master with exams and grades and shit. Well, I guess that’s something.)

Oh, and by the way, greetings to all the diligent funcionarios out there, including the teachers that live for their teaching and their students: you rock!

Julien Blache: Digi AccelePort drivers updated to 1.3-15; now for Lenny

Tue, 30 Jun 2009 16:29:20 +0000

This is yet another “beta” release from Digi from a few months ago.

I had to patch the driver to build with a 2.6.26 kernel, as neither versions of the code would build against that version. Lenny ships with 2.6.26, so that would have meant no dgap drivers on Lenny. I’ve tested the patched driver and haven’t noticed anything obvious while doing so.

The drivers are now built for Lenny; if you need them on Etch, a simple rebuild from source will do. Previous versions are still available in the pool, under the old/ directory.

APT source line, now changed:

deb http://debian.technologeek.org/ lenny non-free

Feedback at the usual address.

Alexander Reichle-Schmehl: Dear Richard,

alexander@schmehl.info (Alexander Reichle-Schmehl) — Tue, 30 Jun 2009 12:57:34 +0000

in answer to your open letter Why free software shouldn't depend on Mono or C# I like to explain a small misunderstanding that seems to have been spread pretty wide recently.

Debian has not to include Mono in the default installation, for the sake of Tomboy. The default installation – or to be more precise: The default GNOME installation (there are installation media which install an KDE, Xfce or LXDE desktop by default, too) – hasn't changed. It still installs a more or less minimal Gnome Desktop without tomboy and without mono. As far as I know there haven't been major changes in package selection for the GNOME installation media, nor are there major changes planed.

What really has changed is that one of our meta packages, which are mainly used to install a set of packages. Indeed our meta package to install everything gnome related got a dependency on Tomboy and will indeed pull in mono, too.

That doesn't have any effect on the default installation (which doesn't use that package) nor does it effect a major part of Debian's GNOME users, who prefer to install gnome-desktop (a meta package to pull in a simple GNOME Desktop) or even the gnome-core meta-package (which installs the bare necessities to run GNOME applications). Please see the numbers at our popularity contest system for yourself.

So, Debian didn't change the default installation (whatever that's supposed to be) but the dependency of a package which is used by a minority of our users who explicitly wishes to install everything GNOME related (which is to the best of my knowledge in accordance with upstream developers who added tomboy to the default GNOME installation, too).

Yours truly,
Alexander Reichle-Schmehl
Debian Developer and Spokesperson

Biella Coleman: Academic Publishing

Tue, 30 Jun 2009 12:56:58 +0000

Last spring I secured a Creative Commons license for my book, which is under contract with Princeton University Press. It was was a huge relief for me as I want to publish with PUP but knew there was a serious contradiction if I published a book on Free Software under a copyright license (sort of like printing a Hindu prayer book on leather…).

This article in the chronicle Saving Texts From Oblivion, which opens with a fascinating though unsurprising finding, points to other reasons why an open license is a sensible thing to do, that is, if you want students to read your book:

At a focus group in Oxford University Press’s offices in New York last month, we heard that in a recent essay assignment for a Columbia University classics class, 70 percent of the undergraduates had cited a book published in 1900, even though it had not been on any reading list and had long been overlooked in the world of classics scholarship. Why so many of the students had suddenly discovered a 109-year-old work and dragged it out of obscurity in preference to the excellent modern works on their reading lists is simple: The full text of the 1900 work is online, available on Google Book Search; the modern works are not.

The article, written by Oxford’s editor, has an interesting set arguments about why to support the Google book settlement. It does not, however, really address the question of book piracy, which if anyone has taken a minute to explore, will notice that it is a booming underground economy and the quality of the books is utterly fantastic.

Given these conditions: what will the academic publishers do? No one, at least in academia, wants them to go under and yet conditions have made it difficult for them to survive. I do hope that some interesting solutions, with the financial aid of university support (after all, many are calling for open access) are hacked up.

Calling for tighter copyright controls as this famous judge has done in the case of newspapers is not the path that I hope anyone entertains. In fact, releasing books after a year or two under a CC license might be one path to take, along with providing affordable e-books so that those who do want to support authors and books buy them instead of hitting the pirate stands.

Francois Marier: Writing the perfect patch

fmarier@gmail.com (François) — Tue, 30 Jun 2009 12:10:54 +0000

Other people have written and talked (in Lecture 3) about writing the perfect patch for a Free Software project. The goal there is to increase the likelihood that a patch will be accepted by the project developers.

Integrating and testing patches takes time and so reducing that burden is essential when interacting with busy maintainers. Especially if they're volunteers.

Here's what I try to keep in mind when preparing a patch.

Use the right options to `diff`

These two options should always be part of your call to the diff command:

-u: use the most common patch format, unidiff.
-p: include the name of the function that's being changed.

and this one can be useful if the output seems unnecessarily large:

-d: try hard to find a smaller set of changes.

Minimize the number of changes

You need to draw attention to the changes that you're proposing and remove all other potential distractions:

Follow the coding style of the original file. Your changes must fully blend in or they are likely to be rejected.
Do not re-indent existing code. This will make it look like you modified every line.
Pay attention to whitespace changes. In particular: end-of-line characters, trailing spaces and tab-versus-space differences. Use the dos2unix or unix2dos commands if you need to.
Gratuitous refactoring of existing code. Unless the refactoring makes your change smaller or easier to understand, keep it for another patch.

Of course all of the above would be acceptable patches on their own, just not combined with other types of changes.

Only one logical change at a time

Patches often need to be broken up into a series of logical changes to avoid these two extremes:

the gigantic patch which adds a number of features and fixes a couple of bugs but scares everybody
a series of interdependent patches which all relate to the same change and must all be applied together

It's a bit of a balancing act, but a good rule of thumb is:

to have one patch per feature or bug and
to try to find the smallest (yet meaningful) change which can be applied on its own.

It's not just about the patch

Your patch can be really good, but the email (or the bug tracker update) announcing it should also contain:

a good description of the problem it solves and how it solves it
the output of diffstat to give an idea of the size of the change

Jeff Bailey: Google Montreal

Tue, 30 Jun 2009 11:18:38 +0000

Heya! I've had people occasionally ask me what the Google office in Montreal is like. Usually pictures aren't allowed in Google offices, so it's nice to have a whole bunch in the Gazette:

http://communities.canada.com/montrealgazette/blogs/tech/archive/2009/06/26/a-visit-to-google-s-montreal-office.aspx

Florian Maier: Distributing virtually boxed applications

Tue, 30 Jun 2009 10:20:43 +0000

Our DebConf BoF titled "Distributing virtually boxed applications" has been scheduled!

We'll present a system to distribute virtualbox images. The system images are shared by all
users, immutable and updateable, and a small persistent virtual disk for the data is generated on the fly.

The BoF introduces this solution to anyone interested in getting from .vdi to .deb and invites you to join a
discussion about the pros and cons of this approach.

Feel free to ping me with any questions.

Fabio Tranchitella: Mobile internet in France and Spain?

Tue, 30 Jun 2009 08:37:18 +0000

Dear Lazyweb,

I'm starting my trip to attend the Debconf. I wonder if there is an internet provider in France and Spain which can provide me a pre-paid mobile internet subscription (all in all, I only need one month) at a reasonable price.

Thanks!

Russ Allbery: New desktop

Tue, 30 Jun 2009 04:49:00 +0000

Saturday, I finally built the new desktop system for work, which I also use as my primary home directory and mail server and a build system for Debian packages and other software. Today, I switched over to the new system. It's pretty and much faster, and also has the advantage of being built within the last five years, so I don't have to worry as much about the hard drive dying.

The new system is an HP Firebird 802, bought straight off their web site. The drawback from a Debian perspective is that it uses nVidia motherboard video (nForce 760i SLI), but it's supported by the non-free Linux drivers (despite being missing from the README). I'd prefer ATI or Intel video with free drivers, but not enough to veto the system for it. Otherwise, it's water-cooled, very quiet, and has a four-core Intel processor, 4GB of memory, and two 250GB hard drives.

I kept notes on the build and configuration in case they prove helpful for anyone else.

This is the first time I've built a system with LVM, and I even did an online resize of the root logical volume since the installer used an extremely small 7GB default size and I couldn't figure out the easy way to increase it in the installer. I like the flexibility of allocating space as I need it into separate logical volumes.

Gunnar Wolf: My strongest rejection to the de-facto government in Honduras

Tue, 30 Jun 2009 02:39:47 +0000

I will here translate the text of a petition a friend is starting, which will be delivered to the Hondurean embassy in Mexico.

Original text in Spanish

In the early hours of Sunday, June 28 2009, the legal Hondurean president Manuel Zelaya was forcibly removed from his position. A coup de etat, perpetrated by the Hondurean army, air force and navy, and with the consent of the Supreme Court. In his place, they imposed Roberto Micheleti, until then the Senate president, a conservative politician (although he is formally part of the Liberal party).

The coup took place because many areas of the government oppose the presidential initiative to start a referendum geared towards starting a Constitutive Congress, among whose ideas were to implement reforms allowing for the immediate presidential reelection for a second term.

Forcibly ousting a democratically elected government is nothing other than anti-democratic. The coup has made the world's eyes to be set on Honduras, unanimously condemning this incident in a strong and immediate way. The people has been left blind and deaf; the communication media -both traditional and Internet-based- has been blocked. Not only freedom of press and freedom of speech have been blocked. People are crying for the reestablishment of the legally elected government. There is a national strike, the unions have protested massively. This coup has been received by a generalized popular rejection; as the only answer to the protestors, Micheletti has set a curfew, and the army is dissolving the demonstrations with tear gas and long weapons; in some hours we might see them using heavy vehicles against the civilians.

Latin American brothers, we must condemn, if at least symbolically, our rejection to the imposed Honduras government, our rejection to the human rights and individual warranties obstruction.

This humble text was written to collect digital signatures from all those who oppose the violence that this Central American country is suffering. Those that passively just want to express the collective feeling, those that feel a social, civil and human empathy towards what is happening beyond our territorial borders.

Every symbolic act, such as this one, does not weigh much by itself. But by making ourselves present by thousands, through different callings, we can generate enough pressure to incede in those sad actions.

Sign the petition

Martín Ferrari: Community service

Martin.Ferrari@gmail.com (Martín Ferrari) — Tue, 30 Jun 2009 02:22:09 +0000

While playing with different ways to bypass the stupid firewall that I have at my current home, I found that the Google servers for XMPP/Jabber/Gtalk accept connections on port 443. So, next time you cannot connect with the standard 5222 port, you know what to try.

Tags: Planet Lugfi, Planet Debian

Kenshi Muto: Oh my...

Tue, 30 Jun 2009 01:34:00 +0000

Yesterday Debconf provisional schedule was announced. Thanks Debconf team for your hard work!

But I understood I couldn't attend some interesting sessions and keysign party due to my schedule... I have to leave Caceres on 29 July afternoon. I made a big mistake about my travel plan.

OK, so I'll try to exchange keysign personally during the conference and watch the talks later when Debconf video team create them.

Jonathan Yu: How You Define Yourself

Tue, 30 Jun 2009 00:05:53 +0000

Recently there was a thread on the Google Summer of Code students’ list discussing gender dynamics in open source, but more broadly, interactions between those of different genders (mainly the discussion was simplified to be a discussion of sexes, which I think demonstrates the lack of understanding of the difference between gender and sex. But I suppose that’s a blog post for another day).

It was noted that many of the women on the list have blog addresses and other details that quickly self-identify the authors as female. There was discussion about whether this is a good thing or not, and the possible reasons behind it.

Here is what I wrote:

I think what you mention about yourself shows the world what you think about yourself, and what you consider yourself.

If first and foremost you associate your identity with being female (or male) or straight (or not)… then I guess that’s your prerogative.

But I, for one, am not /just/ an Asian male. I’m not just a Computer Science student. I’m not just a coder. I’m not just an Engineering student. I’m not just 20-years old. I’m not just a blogger. I’m not just an Open Source contributor. I’m not just an advocate of strange and often unpopular ideas.

I am a human being, with many dimensions. And I don’t try to simplify it by putting myself in a box and categorizing myself as anything.

I think that the key is just to understand everyone for who they are, and part of that is being somewhat ambiguous. As Leslie [Hawthorne] somewhat alluded to, it’s about managing people’s preconceptions about you.

I do not actively try to hide that I am male, or that I am Asian (you might guess that from my last name). There are all sorts of preconceptions people might have about things, and there are lots of -isms we should seek to avoid. (I’m Asian – maybe that means I’m a bad driver, and that I can’t pronounce Rs. I’m male – maybe I’m violent. I’m in Computer Science, presumably that means I play Dungeons & Dragons with my classmates on the weekends. I’m in Engineering, maybe that means I’m sexist.)

The reality is: none of these things should matter, nor should they define you.

Just be yourself. You show to the world what you consider relevant about yourself.

And for what it’s worth, I found out the other day that someone I respect and admire in the open source community is a teenager. Somewhere around 15 years old. It’s impressive, really. I look up to him, because he’s a really smart guy. But that wasn’t something he brought up right away; his nickname wasn’t “smartdude15″ or anything
like that. That’s the magic of open source, and the Internet — I judged him purely on his knowledge. And once I did find out, I thought to myself… Wow, would I have thought the same thing of him if I knew his age right away? Would I have even given him a chance, or would I just dismiss everything he said as something an immature teenager might say?

I think along with sexism there are tons of other issues to worry about, like racism (consider how difficult it is in some cultures, and even in Western culture, to be really accepted if you are gay, lesbian, transgender, bisexual, two-spirited, asexual, intersex…) In fact, being gay was considered a disease until relatively recently.

I’m glad for all the progress women have made in the past several decades. Not everyone has reached a point where they are accepted in mainstream society, and not everyone feels comfortable announcing certain details about themselves.

If *all* you are is a woman in a male-dominated world, then I feel sorry for you. I truly, truly do. Because none of the women I respect and admire are that. They are, first, talented Engineers, Scientists and Programmers, who are only incidentally female. Being female isn’t something that really identifies them any more than the colour of their skin, hair or eyes. No, no, they are talented, and that is, in the end, all I care about, and that is one reason I am grateful for Open Source — because you oftentimes don’t meet the people you are working with all the time in real life, so you cannot judge them on anything other than their ability.

Posted in Computer Science, Engineering, Peer Relationships, Relationships Tagged: Community Dynamics, Equity, Gender Discrimination, Google Summer of Code