July 02, 2009

Russell Coker

DomainKeys and OpenSSL have Defeated Me

I have previously written about an error that valgrind reported in the STL when some string operations were performed by the DKIM library [1]. This turned out to be a bug, Jonathan Wakely filed GCC bug report #40518 [2] about it, Jonathan is one of many very skillful people who commented on that post.

deb http://www.coker.com.au lenny gcc

I’m still not sure whether that bug could actually harm my program, Nathan Myers strongly suggested that it would not impact the correct functionality of the program but mentioned a possible performance issue (which will hurt me as the target platform is 8 or 12 core systems). Jaymz Julian seems to believe that the STL code in question can lead to incorrect operation and suggested stlport as an alternative. As I’m not taking any chances I built GCC with a patch from Jonathan’s bug report for my development machines and then built libdkim with that GCC. I created the above APT repository for my patched GCC packages. I also included version 3.4.1 of Valgrind (back-ported from Debian/Unstable) in that repository.

Nathan Myers also wrote: “Any program that calls strtok() even once may be flagged as buggy regardless of any thread safety issues. Use of strtok() (or strtok_r()) is a marker not unlike gets() of ill thought out coding.” I agree, I wrote a program to find such code and have eliminated all such code where it is called from my program [3].

I think it’s unfortunate that I have to rebuild all of GCC for a simple STL patch. My blog post about the issue of the size and time required to rebuild those packages [4] received some interesting comments, probably the most immediately useful one was to use --disable-bootstrap to get a faster GCC build, that was from Jonathan Wakely. Joe Buck noted that the source is available in smaller packages upstream, this is interesting, but unless the Debian developers package it in the same way I will have to work with the large Debian source packages.

I have filed many bug reports against the OpenSSL packages in Debian based on the errors reported by Valgrind [5]. I didn’t report all the issues related to error handling as there were too many. Now my program is often crashing when DomainKeys code is calling those error functions, so one of the many Valgrind/Helgrind issues I didn’t report may be the cause of my problems. But I can’t report too many bugs at once, I need to give people time to work on the current bug list first.

Another problem I have is that sometimes the libdkim code will trigger a libc assertion on malloc() or free() if DomainKeys code has been previously called. So it seems that the DomainKeys code (or maybe the OpenSSL code it calls) is corrupting the heap.

So I have given up on the idea of getting DomainKeys code working in a threaded environment. Whenever I need to validate a DomainKeys message my program will now fork a child process to do that. If it corrupts the heap while doing so it’s no big deal as the child process calls exit(0) after it has returned the result over a pipe. This causes a performance loss, but it appears that it’s less than 3 times slower which isn’t too bad. From a programming perspective this was fairly easy to implement because a thread of the main program prepares all the data and then the child process can operate on it – it would be a lot harder to implement such things on an OS which doesn’t have fork().

DomainKeys has been obsoleted by DKIM for some time, so all new deployments of signed email should be based on DKIM and systems that currently use DomainKeys should be migrating soon. So the performance loss on what is essentially a legacy feature shouldn’t impact the utility of my program.

I am considering uploading my libdomainkeys package to Debian. I’m not sure how useful it would be as DomainKeys is hopefully going away. But as I’ve done a lot of work on it already I’m happy to share if people are interested.

Thanks again for all the people who wrote great comments on my posts.

02 July, 2009 10:54PM by etbe

David Welton

ruby-oci8 and libao

Not of concern to most people reading this via a feed, but it's one of those things I think is nice to write up as a public service, should anyone else encounter the same error. I'm stuck doing some Rails work with Oracle, and so I needed to get ruby-oci8 working:

http://ruby-oci8.rubyforge.org/en/InstallForInstantClient.html

These instructions are pretty good. I followed them, the gem said it had been installed correctly.... and yet:

ERROR: ActiveRecord oracle_enhanced adapter could not load ruby-oci8 library. Please install ruby-oci8 library or gem.
/usr/lib/ruby/gems/1.8/gems/activerecord-2.3.2/lib/active_record/connection_adapters/abstract/connection_specification.rb:76:in
`establish_connection':RuntimeError: Please install the oracle_enhanced adapter:
`gem install activerecord-oracle_enhanced-adapter` (LoadError)

Argh! After some straceing, I finally figured out what was missing: the libaio1 package. You need to have it or things will fail like this. It's very odd that the installation doesn't complain about it.

02 July, 2009 09:38PM by David N. Welton

hackergotchi for Joey Hess

Joey Hess

DebConf9

I'm going to DebConf, and will be giving what I think is the first talk I've ever done about debhelper there. Incidentially, debhelper in experimental has some nice new features.

I have no idea how I'm getting from the Madrid airport to Cáceres, and would rather spend time working on my talk than trying to book tickets internationally, so I hope buying train tickets at the station is not a foolish plan..

02 July, 2009 07:46PM

Debian Sysadmin Team

Martin Zobel-Helas: Howto mess up the Debian Project homepage

I recently blogged about the GeoDNS setup we plan for security.debian.org. Even though all DSA team members agree that the GeoDNS setup for security.debian.org should come alive as soon as possible, we still fear to break an important service like security.d.o.

Yesterday I decided without further ado to float a trial balloon and converted DNS entries for the Debian Project homepage to our GeoDNS setup. While doing so, we found out that some part of our automatic deployment scripts still need to be adjusted to serve more than one subdomain of the project.

That setup is live for about eighteen hours now, and the project homepage now resolves it IPs via GeoDNS. For now, we are using senfl.d.o for Northern America, www.de.debian.org and www.debian.at for Europe and klecker.d.o for the rest of the world. From what I can see from GeoDNS logs, it seems to work fine, and the load stays reasonably low, so after a short test period we might add additional services like security.debian.org to GeoDNS.

02 July, 2009 06:28PM

Cyril Brulebois

Porting is fun

In the next hours or even days, I might be quite verbose so that people can have a tiny idea of what porting looks like. Or eventually what being in a bootstrapping phase looks like.

I love it when a plan comes together!

One important goal was trying to get sbuild installable within sid. Of course it is already installed on the buildds, but having it handy should help developers hack on their own boxes.

The chain of dependencies wasn’t very long, but still:

sbuild → libsbuild-perl           [not installable]
libsbuild-perl → schroot          [not built]
schroot → libboost-dev            [not built]
libboost-dev → libboost1.38-dev   [not built]
libboost1.38-dev → libopenmpi-dev [not installable]

First of all, I filed #535202 so that libibverbs can be built on GNU/kFreeBSD, which was needed because libopenmpi-dev depends on one of its binaries. We weren’t sure it was appropriate, though, since it looked like pretty much Linux-specific. So I filed #535225 to get installability issues of libopenmpi-dev on non-Linux architectures fixed (by excluding libibverbs-dev from the Depends on those architectures, matching what was already done for the build dependencies). A fixed package was uploaded in some hours only!

In the meanwhile, I gave mpi-defaults a shot, using the locally-built libopenmpi-dev package. It could have gone flawlessly if I didn’t stumble upon an FTBFS due to a toolchain change. #535230 got filed accordingly, and fixed some hours later too!

Building boost1.38, then boost-defaults, and finally schroot went smoothly, and all the above-mentioned packages are now installable on the porter box. And thanks to the responsiveness of those maintainers, plus some extra bits of wanna-build magic (give-backs using dep-waits), packages got tried (and built successfully) when their build dependencies became available on the buildds.

In the meanwhile, the maintainer of libibverbs confirmed that it’s not worth building useless binaries on non-Linux architectures, so I closed #535202 and opened a bug against buildd.debian.org instead, requesting the addition of libibverbs to the Packages-arch-specific list (aka. P-a-s): #535360.

Now, there are still some issues when trying to use sbuild, but it’s at least installable and people can try it out.

Working on another package also made me noticed that there was a bug in a FreeBSD kernel header: #535243. The fix is already in the repository, and it looks like I’m going to be added to the Uploaders of the kfreebsd-kernel-headers source package so that it gets uploaded quickly.

I hate impromptu toolchain-related FTBFSes

While I’m all for making tools as strict as possible (especially build-related tools), I really think it would be very nice for toolchain maintainers to deliver advance warnings.

GCC folks do that perfectly: File bugs, provide patches, raise severity when the new version is around, NMU if needed.

Dpkg folks prefer making a parser stricter, without caring at all which packages they might break. The previously-mentioned mpi-defaults was one of them.

The list of FTBFSes triggered by dpkg 1.15.3 (at least, the ones I spotted using 3 basic UNIX commands and spending a few seconds in lintian’s lab on lintian.debian.org, see how difficult that was!) follows: #535230, #535276, #535279, #535283, #535284, #535287, #535292, #535297, #535299, #535301, #535303, #535304, #535306, #535310, #535312 (all of them with tested patches because I didn’t feel like being lazy and shrugging over IRC after being notified).

At least it’s not about trying to sneak *FLAGS handling into a frozen testing this time. But that’s still annoying.

02 July, 2009 09:40AM

hackergotchi for

Stephan Peijnik

update-manager weekly update #5

Firstly I have to apologize again for not providing you with weekly update #4, but again I didn’t have the time to write one, so this post is going to sum up everything that happened since my last update.

Let’s have a look at my previous TODO list:

Documentation

Even though my TODO list entry contained a more detailed entry I have updated the UpdateManager documentation as a whole, leaving only a few blank spots right now.

Ubuntu distribution specific code

I implemented changelog fetching for Ubuntu, which works just as fine as its Debian counterpart now.

More unit tests

There are plenty of unit tests now, but not everything is being tested yet. I am especially proud of my Python interface validation code, that is being used in unit tests to check if handlers implement an interface correctly.

Update list downloading

Checking for updates is what caused me major trouble in the past few days. Basically I had all the code ready, but for some reason the UI froze, with no apparent reason.
However, today I was able to finally identify and fix the problem. As I expected my code was just fine, but python-apt was messing up. I am going to discuss the exact problem and its solution later on, but first: a screenshot. :-)

Update Manager update check

Note: As you probably noticed I replaced the default progressbar with a pulsating one, because we cannot get exact information on how many items/bytes to fetch and would likely get a progress bar moving backwards, which isn’t beautiful.

Further changes

The TODO list was rather short and I did a lot of other work, which I want to elaborate on.

Dynamic selection of frontend, backend and distribution specific modules

Even though this is probably not of any interest to John Doe, it helps a great deal when debugging code as all three components can be selected via separate command line switches now.
Additionally some magic has been put in place that automatically detects the system’s distribution and loads the corresponding distribution specific module. This is done via lsb_release and the newly introduced code in UpdateManager.Util.lsb.

Pylint cleanup

Just out of curiosity I decided to start a pylint run on the codebase and quite a few problems were detected, which I then fixed. To be honest though I added quite some code afterwards that probably needs pylint checking and fixes again.

update-manager IPC

My original plan and IPC design involved using callback functions and passing them between the different modules. Even though this worked out fine I had the feeling this wasn’t clean enough and decided to ditch this approach and replace it with handler classes.
The handler base classes now provide an interface of methods that are called on certain events and their implementations act accordingly. The main benefit was that I could easily drop a lot of enums and rather have different methods handling different events.

Gtk, threads and python-apt

With the new IPC approach it became easier to use threads that do the actual work in the background, which I had implemented in next to no time, but a few problems showed up.
Whilst cache reloading from within a thread worked just fine checking for updates did not, and until today I didn’t know why. I spent a good amount of time debugging this issue, even using python profiling, but nothing obvious showed up. The background process was running, whilst the UI froze.
Today I finally found the root of the problem: python-apt. Even though I assumed that the python-apt worker threads must be stealing CPU time from the thread running gtk.main I wasn’t sure how this could be happening, having two completely independent threads.

Now, the cause of all this mess was that Python has a global threading lock and it seems as if this one is *LOCKED* when running C-code, such as the one python-apt comes with. The solution lies in calling Py_BEGIN_THREADS_ALLOW and Py_END_THREADS_ALLOW from within the C code, to release the global lock and let the Python interpreter do some work every now and then.

As with the python-apt acquire code I was able to allow other threads to work as soon as the fetching code starts working and only disallow threads when actually modifying Python objects or calling methods and/or functions. Surprisingly python-apt already made use of this in its cache loading code, but not the fetch progress code.
Fixing this problem took me less than half an hour and you probably can’t believe how glad I was to finally get things working again.

UI updates & other changes

Some details in the UI were anything but optimal, like horizontal scrollbars in a few places, which I removed. Additionally I saw the need to move some code out of the Gtk frontend’s __init__.py file and to a separate ui.py file.
A full list of all changes I made is available from the bzr changelog at bzr.debian.org.

A few more screenshots

Finally, I would like to provide you with two more screenshots (don’t worry about my system being insecure because of not applied updates – this is a testing machine that is  not up-to-date on purpose):

Update Manager main screen

Update Manager main screen with details & changelog

TODO list

My TODO list for next week:

  • Downloading and installing of updates
  • Checking that everything is documented
  • Even more unit tests
  • Pylint checking
  • If time permits and everything else works correctly: working on an aptdaemon backend

02 July, 2009 09:29AM by stephan

hackergotchi for Colin Watson

Colin Watson

Python SIGPIPE handling

Enrico writes about creating pipelines with Python's subprocess module, and notes that you need to take care to close stdout in non-final subprocesses so that subprocesses get SIGPIPE correctly. This is correct as far as it goes (and true in any language, although there's a Python bug report requesting that subprocess be able to do this itself), but there's an additional gotcha with Python that you missed.

Python ignores SIGPIPE on startup, because it prefers to check every write and raise an IOError exception rather than taking the signal. This is all well and good for Python itself, but most Unix subprocesses don't expect to work this way. Thus, when you are creating subprocesses from Python, it is very important to set SIGPIPE back to the default action. Before I realised this was necessary, I wrote code that caused serious data loss due to a child process carrying on out of control after its parent process died!

import signal
import subprocess

def subprocess_setup():
    # Python installs a SIGPIPE handler by default. This is usually not what
    # non-Python subprocesses expect.
    signal.signal(signal.SIGPIPE, signal.SIG_DFL)

subprocess.Popen(command, preexec_fn=subprocess_setup)

I filed a patch a while back to add a restore_sigpipe option to subprocess.Popen, which would take care of this. As I say in that bug report, in a future release I think this ought to be made the default, as it's very easy to get things dangerously wrong right now.

02 July, 2009 09:15AM

hackergotchi for Evan Prodromou

Evan Prodromou

14 Messidor CCXVII

It's been one year since the public launch of identi.ca on July 2, 2008.

At the time, I'd been working on the software for a few months, and after some friendly beta testing by Montreal tech folks and autonomo.us members, I felt that it was time to Release Early, Release Often. So on vacation in Lake Tahoe with my pregnant wife and in-laws, and jetlagged and unable to sleep, I sent out an announcement email to beta users at 5:30AM PDT. You can see my status update on the subject, which in turn links to our press release and my personal blog post of Journal/14 Messidor CCXVI. We had 10K users within 30 hours; I switched hosting providers and did a new release of the software within 72. It was a busy time.

I had no idea that identi.ca and Laconica would become such an important part of my life and of the Internet landscape. In the intervening year, we've received seed funding from Montreal Start Up, done 4 major point releases of the software (from last year's 0.4.x to this week's 0.8.x), and become the indisputably most important Open Source microblogging platform on the planet.

I'd like to take moment to give my personal thanks to folks who've helped make this project such a success:

  • My wife @majnoona and children @amitajune and @stavro who've been so patient with my work and travel schedule over the last 12 months.
  • My innumerable friends and colleagues who've set up accounts on identi.ca and used them. You learn who your friends are when you start a new project like this.
  • The thousands and thousands of people who've become new friends through the site. I've been awed by how many folks have caught onto the dream of Open Source, distributed microblogging and made it their own.
  • The dozens of developers who've written code for Laconica, or plugins, or API clients that use the software.
  • The team of developers and admins at Control Yourself: @zach, @csarven, @millette, @nate, @foucault and @cvollick. They've put in long hours and done some really impressive technical feats to keep us going in the face of growth and technology changes.

I'm looking forward to another big year.

tags:

02 July, 2009 08:48AM

hackergotchi for Daniel Silverstone

Daniel Silverstone

Dear Lazyweb…

I am currently stuck taking four times the suggested daily dose of two anti-histamines in order to combat my body and its reaction to plants having sex all around me.

I am taking two 10mg Loratadine tablets, and two 10mg Cetirizine Hydrochloride tablets, twice daily. This is effectively four times the recommended dose of twice as many anti-histamines as I should need.

I wasn’t this bad last year, but the year before was similar. Irritatingly, once the drugs kick in (45 minutes to an hour after taking) my runny nose, itchy/burny eyes, slight dopeyness induced by feeling crap, etc. all fade away. Yesterday I needed my second dose a mere 8 hours after the first, but I didn’t need to re-dose until this morning after that.

I guess what I’m asking is—what is the expected side-effects of taking such a high dose of antihistamines. Do any of you out there have to take such high doses, have you seen a doctor about this? All I expect a doctor to do is to either supply me more loratadine on prescription (which is of dubious value unless I get a lot given prescription charges in the UK), or to try me on a nasal spray, which tend to induce nosebleeds for me. If you’ve found other ways to cope, I’m interested. Otherwise I guess I’ll make an appointment to see the doctor in the next week or so.

02 July, 2009 08:45AM

Russell Coker

Web Hosting After Death

Steve Kemp writes about his concerns for what happens to his data after death [1]. Basically everything will go away when bills stop being paid. If you have hosting on a monthly basis (IE a Xen DomU) then when the bank account used for the bill payment is locked (maybe a week after death) the count-down to hosting expiry starts. As noted in Steve’s post it is possible to pay for things in advance, but everything will run out eventually.

One option is to have relatives keep the data online. With hard drives getting bigger all the time it wouldn’t be difficult to backup the web sites for everyone in your family to a USB flash device and then put it online at a suitable place. Of course that relies on having relatives with the skill and interest necessary.

The difficult part is links, if the domain expires then links will be broken. One way of alleviating this would be to host content with Blogger, Livejournal, or other similar services. But then instead of the risk of a domain being lost you have the risk of a hosting company going bankrupt.

It seems to me that the ideal solution would be to have a hosting company take over the web sites of deceased people and put adverts on them to cover the hosting costs. As the amount of money being spent on Internet advertising will only increase while the costs of hosting steadily go down it seems that collecting a lot of content for advertising purposes would be a good business model. If the web sites of dead people are profitable then they will remain online.

It wouldn’t be technically difficult to extract the data from a blog server such as Wordpress (either from a database dump or crawling the web site), change the intra-site links to point to a different domain name, and then put it online as static content with adverts. If a single company (such as Google) had a large portion of the market of hosting the web sites of dead people then when someone died and had their web site transferred the links on the other sites maintained by the same company could be automatically adjusted to match. A premium service from such a company could be to manage the domain. If they were in the domain registrar business it would be easy to allow someone to pay for 10 or 20 years after their death. Possibly with a portion of the advertising revenue going towards extending the domain registration. I think that this idea has some business potential, I don’t have the time or energy to implement it myself and my clients are busy on other things so I’m offering it to the world.

Cory Doctorow has written an article for the Guardian about a related issue – how to allow the next of kin to access encrypted data when someone is dead [2]. One obvious point that he missed is the possibility that he might forget his own password, a small injury from a car accident could cause that problem.

It seems strange to me that someone would have a great deal of secret data that needs strong encryption but yet has some value after they are dead. Archives of past correspondence to/from someone who is dead is one category of secret data that is really of little use to anyone unless the deceased was particularly famous. Probably the majority of encrypted data from a dead person would be best wiped.

For the contents of personal computers the best strategy would probably be to start by dividing the data into categories according to the secrecy requirements. Publish the things that aren’t secret, store a lot of data unencrypted (things that are not really secret but you merely don’t want to share them with the world), have a large encrypted partition that will have it’s contents lost when you die, and have a very small encrypted device that has bank passwords and other data that is actually useful for the executors of the will.

One thing that we really need is to have law firms that have greater technical skills. It would be good if the law firms that help people draw up wills could advise them on such issues and act as a repository for such data. It seems to me that the technical skills that are common within law firms are not adequate for the task of guarding secret electronic data for clients.

02 July, 2009 06:03AM by etbe

July 01, 2009

Cyril Brulebois

ikiwiki dates

Some time ago, the box on which my blog is hosted went dramatically down, and I had to restore the blog by populating the git repository again, from my local copy.

Unfortunately, that means that the wiki had to be rebuilt from scratch, and all creation dates were messed up, leading some planet-like sites to show all of my posts again.

To ensure that this won’t happen again (even if I switch branches in the git repositories, move some files around, trash the ikiwiki cache, etc.), it looks like using meta dates is the way to go, for example:

 [[meta date="2009-07-02"]]

(One can use 2009-07-02 00:00:00 and 2009-07-02 01:00:00 to sort several entries on the same day, too.)

This way, all pages are rendered identically on every system.

To help maintaining those extra dates (kind of a burden, to be honest), I’ve written a tiny Perl script to automate it, and specified an alias in .git/config for that repository:

 [alias]
 ikiwiki-check = "!blog/2009/07/02/ikiwiki-dates.pl"

Inline replacement (in case of conflicts: same date without time, or with same time) or additions are then performed, and git status will show what needs tweaking.

More work that I initially imagined, but robustness should follow.

01 July, 2009 11:00PM

David Welton

Custom Twitter Sites, BikeChatter.com Updates

I've been hacking away at http://www.bikechatter.com, adding a few things like votes and tags so that you can choose which broad categories you want to follow. The first will let people vote for the most interesting tidbits that come through twitter, whereas the second will let me add more people without overloading those who are, say, not interested in reading what coaches have to say, or are only interested in professional women racers, etc... I don't think I'll bother with individuals - if you want that, just add them to twitter yourself! At most I might see about putting in an 'exclude list'... but we'll see; I'd prefer to keep things simple.

Since I love cycling so much, adding stuff to this site has always just been kind of a fun side project, something to relax with in the evenings, rather than something I thought about in monetary terms. However, the basic idea seems to be popular, and as luck would have it, I've been approached by someone looking to buy the code behind BikeChatter to drive their own custom twitter site. If someone has gone to the trouble of writing me, there must be other people interested too, so I thought I'd publicly state that I'd be willing to do similar deals with people interested in having their own custom twitter site. Interested? Write me at davidw@dedasys.com . I'd be happy to tell you what the code can and cannot do, and discuss any ideas you may have, in order to let you know if it's a good fit, or if you'd have to do a lot of work.

The code is pretty straightforward Ruby on Rails. I use Postgres as a database, but others should work fine too. As is obvious, I'm not much of a design guy, but it shouldn't be too hard to plug in your own look and feel.

01 July, 2009 10:37PM by David N. Welton

hackergotchi for

Adam Rosi-Kessel

MBTA Blocking TPM

I’ve been happy to see WiFi appearing on nearly every MBTA commuter rail car recently. I was less happy to see this:

No TPM on MBTA

No TPM on MBTA

I guess I’ll have to wait until I get home to find out why this bothered Steve so much.

Oddly, the MBTA’s web filter also blocked access to my WordPress editor, but unlike the TPM block, I could select “yes, I really want to do this” to get here.

I’ve never understood why web filters so often block these sorts of sites on apparently generic settings. “General News/Blogs/Wikis” are dangerous? Reputation “neutral”? I’d be surprised if anyone at the T actually did this on purpose, but I suppose it would fit the general pattern of operational incompetence.

01 July, 2009 09:51PM by adam

Eugene V. Lyubimkin

cupt: time to feedback

Cupt, the re-implementation of APT suite, continues growing.

Since the previous post a lot of bugs were fixed, several versions were uploaded to Debian. As always, many bugs were hunted out, and now, last 0.2.3 version hasn't any open bugs in BTS.

I claim this is a good time for anyone who experienced bugs with APT to at least try typing one's favorite package manager command (update, full-upgrade, install, remove etc.) with cupt. Not being Swiss knife, Cupt already works for many known cases. If it doesn't, file a bug.

I claim this is a good time for anyone who feels that Perl is bad programming language to show practical objective statistics (speed, memory footprint etc.).

I claim this is a good time for anyone who has some words to say about Cupt (good or bad) to say them. Using private e-mail or via #cupt channel on OFTC IRC network.

Several people asked me before, do I want to replace APT by Cupt in some future. Well, if APT will stay unmaintained as it is now, then the answer is probably 'yes'.


In the meantime, a half-pilot implementation of source packages is ready. It's possible the next uploaded version of Cupt will strike out the 'experimental' word from the tool's description.

01 July, 2009 03:58PM

Cyril Brulebois

Best questions ever

Would someone guess the link between:

  • What mail client are you using?

  • Are you around during the next two weeks?

GNU/kFreeBSD logo

After answering those, I’ve been offered to take care of the GNU/kFreeBSD buildds, which is yet another experience. \o/

Quite a good timing since I’ve recently tried to get involved with the GNU/kFreeBSD ports again, prodding maintainers, uploading fixed packages (usually thanks to Petr Salinger’s patches), or providing patches myself.

01 July, 2009 03:47PM

hackergotchi for

Robert Millan

Mono is not a patent threat for Debian


I read Richard Stallman’s post in which he expresses his concern about a serious danger with reliing on .NET for free software development. I think Richard makes very good points here, and I do agree that there’s a serious danger, but I don’t think Microsoft would ever bring all .NET implementations underground. If you think that, my opinion is you’re underestimating them.

Microsoft is smarter than that. They are a sworn enemy of free software, they’re ruthless, and they know all the anti-competitive tactics in the IT world. There’s no doubt they want to make our community divided and helpless. And when they look at the free software development ecosystem, they see two big groups:

A- Highly profitable vendors like Red Hat or Sun/Oracle.
B- Non-profit communities like Debian or Ubuntu (technically, Canonical is a for-profit venture, but they operate at loss).

There’s also 3rd parties that sell hardware or services and contribute “collateral” improvements to our codebase. I’ll ignore those for the sake of simplicity.

It would be silly to try harm group B with their patents, since it’s composed of grass-root efforts which can’t be unrepairably injured just by bringing a company out of bussiness. Besides, group B actually helps them promote their patent-encumbered standards. Why attack those who are helping you?

Ah, but as for group A, maybe they could use patents to shut it down? Perhaps, but I think they’re even smarter than that. Sun Tzu said: “When you surround an army, leave an outlet free. Do not press a desperate foe too hard.” If Mono-based applications become a significant competitive advantage (and it is in their agenda that they do), and their competitors are forbidden from using them, they will put all their effort in pushing for alternatives, even at great expense. I really think they know better.

I recently came across this very interesting article, written in 1999, which details the tactics used by Microsoft to fight IBM. They obviously saw OS/2 as a threat. Back then, Windows 95 was the trading token. They could have caused IBM a great deal of harm shall they refused to license it to them, but it seems the idea of subjugating IBM was more appealing. This is how Garry Norris (IBM) put it:

Microsoft repeatedly said we would suffer in terms of prices, terms, conditions and support programs, as long as we were offering competing products.

[Microsoft] insisted that IBM sell 300,000 copies of Windows 95 in the first five months or face a 20 percent price increase

Nice deal, eh? Make your dependancy on Windows 95 stronger, or else we’ll use your existing dependancy on Windows 95 against you. No surprise IBM abandoned the PC market. Are Red Hat and Sun/Oracle set on the same direction?

Draw your own conclussions. In my point of view, projects like Debian and Ubuntu are completely safe from direct patent threat. Should we care if Red Hat or Sun/Oracle succumb? Perhaps not, after all, what are they doing for us?

01 July, 2009 03:31PM by robertmh

hackergotchi for

Junichi Uekawa

mecab package for Debian.

mecab package for Debian. In Japanese, words in sentence are not split by spaces, and are written continuously. Thismakesparsingofsentencesverydifficultformachines. Luckily people have done much research, and probabilistically split words in sentences. That science is apparently called morphology. There are some packages in Debian; ones I know include chasen, kakasi, and mecab. I looked at mecab today. mecab has different dictionaries, and there are 4 dictionaries in Debian lenny. One free one (mecab-juman) and non-free one (mecab-ipadic). This looks confusing for first-timers.

01 July, 2009 02:53PM by Junichi Uekawa

hackergotchi for

Gustavo Noronha Silva

Firefox 3.5 lançado!

O Firefox 3.5 foi lançado, e essa é uma boa notícia. Significa que os navegadores livres e/ou que respeitam padrões abertos continuam deixando comendo poeira os navegadores legados com o Internet Explorer (especialmente o 6, que ninguém merece, né?).

Entre outras coisas, o Firefox 3.5 tem performance de javascript muito melhor, parecida com a do Epiphany 2.27.3, e suporta bastante coisa de HTML5, incluindo as tags de audio e vídeo. Muito importante com relação a isso, é que ele suporta por padrão os formatos abertos (assim como a WebKitGTK+, que usa GStreamer, mas o suporte às tags ainda não funciona 100%). Tem algumas páginas muito interessantes para acompanhar a ‘adoção’ da nova release: http://downloadstats.mozilla.com/.

As pessoas devem saber da minha relação de amor é ódio com a Mozilla - mesmo hoje o navegador não se integra bem com meu GNOME, a API de embedding deixa muito a desejar, mas ninguém pode negar que o Firefox foi o que trouxe um clima de abertura para a Web, e exigiu que todos começassem a se preocupar com padrões, desempenho e qualidade. Se você usa um sistema operacional proprietário, largue logo os navegadores proprietários e use uma coisa que presta! =)

01 July, 2009 02:13PM by kov

hackergotchi for

Gunnar Wolf

Carlos Bueso, from the Honduras Free Software community, detained

I met Carlos Bueso two weeks ago, at the Central American Free Software Encounter. I am translating this mail writen by another member of the group (from Costa Rica) explaining his situation.

Excuse me for a broken, possibly wrong English - I find more important to make this message available than to get proper wording for it. If you cannot understand something and can read Spanish, or if you wish to further distribute this text, please refer to the original mail.

Hello everybody,

I wrote this some hours ago, and am circulating it because I don't know what else to do... I imagine all of us are in similar terms with our frustration and our willingness to do something.

Somebody answered to me with an update, and I reelaborated the note, and am reproducing it here so everybody shares it with our communities, via our blogs and whatever ways we find. We must do something, right? At least this! And I don't know what more... Can somebody think of anything? Meanwhile, please redistribute this.

I am writing to other organizations to see what we can do.

Our friend Carlos Bueso has been detained in El Progreso. He is a communicator, acused of sedition.
Carlos Bueso

This morning, our friend Carlos Bueso was detained. Carlos is a member of the Comunicación Comunitaria (COMUN) organization, as well as of the Central American Free Software community. COMUN promoves and defends laboral and human rights by advancing alternative communication means. Their offices are located in El Progreso, 250 Km north of Tegucigalpa, the national capital, in the Atlantic coast of Honduras, and 26 Km from San Pedro Sula, the country's second city in importance.

Carlos Bueso is an 18 year old informatics technician. In COMUN, he works performing computer-related teaching and Free Software promotion. He also is an editor for the Vida Laboral magazine, and maintains the http://wwww.honduraslaboral.org website.

In the June 30 morning, Carlos took part of a demonstration in El Progreso, Yoro, against the coup perpetrated on June 28. This demonstration was repressed at 10 AM, the army shot at the air and used several tear gas bombs. Carlos was detained, as well as Marcelino Martinez, Jorge Cordon, Junior Antunez, Joel Martinez, Martha Ileana Hernandez and Jose Erazo. The complete news note is available (in Spanish) in http://honduraslaboral.org/leer.php/1878 and a video of this repression can be seen at http://www.youtube.com/watch?v=wC4LQU_UeTs

Carlos and other people are detained in the El Progreso police cells, and will be presented to the tribunals next July 1st, accused of sedition.

The detainees have been interviewed, and they are OK, waiting to be put at the Public Prosecutor's (Ministerio Público) authority. The Prosecutor can decide to set them free, or refer them to the Tribunals. If they are sent to the Tribunals, they will be probably sent to the local presidium for six days to be interrogated.

Send your demands to https://twitter.com/R_Micheleti

[update] Carlos has been set free! While he is still facing charges for rebellion, he has been allowed to face them from freedom. He is still subject to investigation and might be jailed again if the de-facto powers so decide, but he is free and well now. Good!

AttachmentSize
Carlos Bueso5.25 KB
Original mail (in Spanish)4.45 KB

01 July, 2009 01:33PM by gwolf

Peter Eisentraut

10+5 Things (Not Yet) Rendered Obsolete By My Mobile Phone

I don't have an iPhone, but I figured when reading about the 15 Apps Rendered Obsolete By The New iPhone 3GS that while my mobile phones have over time obsoleted several gadgets, tools, and other non-phone items, there are still a lot of things they don't do for me, but conceivably should. At the moment, I have a Nokia E71, which is a pretty good phone. But here are a few things it could do better:
  1. Calendar. I still carry a separate small pocket calendar for my personal and business appointments. Mostly because I haven't bothered to figure out how to synchronize the phone calendar with the calendar at the office. And then, I don't think it's easily possible to sync my work appointments with the calendar system at work but back up my personal appointments to MyNokia Backup (or is it Ovi now), without sending the somewhat confidential work appointments to Nokia and the somewhat confidential private appointments to the office. I think you can exclude certain events from being synced at all, but not sync certain events only to certain servers. And as a minor point, the phone calendar doesn't know the local holidays. The calendar issue is obviously a core competency of the mobile phone, so it might just be matter of time before it's solved. Best guess: End of the year, when I need to decide whether to buy another calendar book.
  2. Notes. The phone has a Notes application (and an Active Notes application, whatever). But there's the synchronization issue again; how do I get the notes from the phone into my action and project lists (which I don't keep on the phone). I do use the phone to take notes on the train and during meetings, say, but then I transfer them manually to a more trusted container.
  3. GPS receiver. I keep a separate GPS receiver from Garmin for geocaching. The E71 has a GPS receiver and a maps application, and I do use it for navigation in the car, and I have recently discovered the SportsTracker application. But the simple interface of entering coordinates and having an arrow point there that the Garmin provides does not appear to be available on the phone. I do know that some people go geocaching with only their phones, so this must be possible, but I haven't had time to figure it out yet. But this gadget might become the next one to go.
  4. Flashlight. This one ties in with a recent geocaching experience. Many people have tried to use their mobile phone as a light source in a bind and noticed that it doesn't work so well. Perhaps they could put in a few LEDs and a battery that is two millimeters thicker. That would help a lot.
  5. Laser pointer. If they can do flashlight, they can surely do laser pointer. Useful for presentations, when you don't want to carry around an extra gadget.
  6. Bluetooth mouse. Also for presentations, how about just using the phone as a next-slide clicky thing. This is likely already possible with some custom software on both the phone and the laptop, but it could be easier.
  7. Camera. I'm not an expert photographer by any means, and I haven't done any great analysis of the picture quality of the built-in camera, but it just feels better to take a separate digital camera when you actual go out with the purpose of taking pictures.
  8. USB drive. Yeah, you can do this with the cable and then taking care to copy things into the right directory on the phone's memory card or something. Could be easier and clearer, though. And separate from the phone's internal file system. Putting a full-size USB plug into the phone is probably going to be difficult, but for larger models like the Nokia E90 it could be possible.
  9. Debian. Nothing like being able to hack up your own operating system and applications as you choose. It's sad that the Openmoko/FreeRunner initiative has had setbacks. And while Android is an open platform, there is something to be said for having the same operating system on all devices.
  10. Desktop computer. Yeah right. Most of the "productivity" applications on the phone still suck and are at best stopgaps until you get home to the big screen. More on that in a later post.
OK, those weren't 15 things, as with the iPhone. For completeness, how about 5 things that the phone does appear to have replaced permanently:
  1. Address book. I used to have one, but all the current addresses of relevance are in the phone, backed up to somewhere on the Internet. In fact, I could probably find most people I know either via public mailing list archives or something like Facebook anyway.
  2. Land line phone. The stationary phones are gone for good. There is now only this one phone, which is the home phone, the work phone (also no more desk phones at the office), and the VoIP phone. I found this review of Google Voice an interesting contrast in this context. I only have one phone number anyway. (The VoIP line has a different number, but there you want the separate number to make sure you are using the cost-saving path to call.)
  3. Car satnav system. For the few times I have needed it, the satellite navigation system in the phone has done fine. It's not quite the same as having one built into the car, in terms of ease of use, GPS reception, and integration with the other audio equipment, but it works. And you can use the same system to also navigate on walks, as opposed to drives, which is a surprisingly useful feature.
  4. MP3 player. I have never really listened much to MP3s anyway, and now on the phone I have podcasts, video podcasts, internet and broadcast radio, as well as MP3s, which is much better altogether.
  5. iPhone. :-) Don't have one, don't want one. I recommend the Hacking the iPhone session from 25C3 (video page) for further enlightenment.

01 July, 2009 12:05PM by Peter Eisentraut (peter_e@gmx.net)

Biella Coleman

Biella’s Guide to PR: Cafe con Leche



coffee roaster, originally uploaded by the biella.

What would life be without coffee? It frightens me to entertain a life without the stuff as it is one my most favorite things in the world. Some nights I am excited to go to bed just so I can wake up and have my cup of joe (I am not one of the Fortunate Ones who can drink coffee at night).

A few mornings a week I decide I would rather sit at a coffee shop to sip on my morning joe and I am quite lucky in this regard because I live down the street from what I think is the best local coffee shop in the metropolitan area: Hacienda San Pedro, which is also a local plantation, one of the many you can visit for the day.

They roast their coffee on premises (which they are doing right now) in a very cool old fashioned looking roaster, also pictured above, which they seem to do between 7 AM and -8AM when I tend to be here. When you step outside after the roasting you walk through a billowing and light poof of coffee smoke, which is like being blessed by the gods of coffee before starting your day.

The great thing about the coffee aside from its taste is the price. The cup featured below is around $ 1.60 which beats the 3 dollars you would pay at a Starbucks, which have, in the last 3 years, infested and infected the island. Given that so much coffee is grown here, it is great to see these sorts of places sprout and serve the local stuff.

mac with ubuntu and bill!>

They have a good selection of baked goods for b-fest, free wireless (yay!), and great music playing, usually something like Silivio Rodirguez or some reggae. After you are done, you can head to the museum right down the street, which not only has a great collection of local and international art, but a great peaceful garden, and one of my favorite murals.

The coffee shop is located at Avenida De Diego #318 (though there is no number out front, but there is a banner). Basically it is between the highway overpass in Condado, which is right next to the art museum and a large avenue called Ponce de Leon, which resides in the heart of Santurce.

Currently, they are open Mon-Friday from 6:30 to 6, on Sat open from 9 to 3:30 and closed on Sunday.

01 July, 2009 11:51AM by Biella

hackergotchi for Holger Levsen

Holger Levsen

friendly...

How to defeat the KKK with an open mind and laughter. Hillarious and brilliant.

01 July, 2009 10:53AM

hackergotchi for

Runa Sandvik

Can you really be too paranoid?

Cory Doctorow’s latest column, “When I’m dead, how will my loved ones break my password?“, gives a few good solutions to the problem of what to do with those encrypted hard-drives and network passwords, should you (or your loved one) pass away. Some people have commented that these solutions might be a tad paranoid. Is there such a thing as being “too paranoid” when it comes to your private data?

01 July, 2009 10:40AM by runa

Jon Dowland

Debian Developer

I am now a Debian Developer. Yay! Thank you to everyone who helped and supported me through this process, which (depending on exactly how you count) took between 3, 4 and 8 years. I would have given up long ago without the encouragement and well-wishing I have received along the way.

01 July, 2009 10:18AM by Jon Dowland

hackergotchi for

MJ Ray

Digital Britain Report: first glance

The Digital Britain Report was published on 16 June 2009. I only got time to look at it quickly recently because this is one of the co-op AGM seasons.

At first glance, it misses the mark. It doesn’t do anything to unlock Digital Britain and make us a more sharing and social place. From failing to open the 3G mobile networks to the Phone Co-op and other operators completely (they describe it as already being “highly competitive” - haven’t they visited a South West “notspot”?), through the unnecessary increase in protection for Star Wars’s foreign owners, right down to the continued support for Adobe on the report download site instead of third-sector-produced pdfreaders.org, it looks like the report won’t stop us being “Digital Divide Britain”.

I also have my suspicions about the effect of the “DAB-only from the end of 2015″ decision on our community radio companies, but I’ve not been active in that sector for years and there’s a further consultation about that.

Ultimately, “the Government believes piracy of intellectual propert for profit is theft and will be pursued as such through the criminal law” is the killer phrase in this report. The concept of being allowed to file-share without payment doesn’t even appear in the same section. I’ve been warning about these “New Enclosure” attempts for years: I didn’t expect the Digital Britain report to be such a leap towards them.

I think many of these problems could have been avoided if digital production cooperatives had been included in the preparation of this report in any significant way. I feel it has been captured by the private sector and a few trading funds, to the detriment of the nation. Shouldn’t we expect better from a Labour and Co-operative government?

What did you think of the report? What else am I missing? Seen any good reviews of it for free software fans or cooperators?

01 July, 2009 07:12AM by MJ Ray

Enrico Zini

Creating pipelines with subprocess

Creating pipelines with subprocess

It is possible to create process pipelines using subprocess.Popen, by just using stdout=subprocess.PIPE and stdin=otherproc.stdout.

Almost.

In a pipeline created in this way, the stdout of all processes except the last is opened twice: once in the script that has run the subprocess and another time in the standard input of the next process in the pipeline.

This is a problem because if a process closes its stdin, the previous process in the pipeline does not get SIGPIPE when trying to write to its stdout, because that pipe is still open on the caller process. If this happens, a wait on that process will hang forever: the child process waits for the parent to read its stdout, the parent process waits for the child process to exit.

The trick is to close the stdout of each process in the pipeline except the last just after creating them:

#!/usr/bin/python
# coding=utf-8

import subprocess

def pipe(*args):
    '''
    Takes as parameters several dicts, each with the same
    parameters passed to popen.

    Runs the various processes in a pipeline, connecting
    the stdout of every process except the last with the
    stdin of the next process.
    '''
    if len(args) < 2:
        raise ValueError, "pipe needs at least 2 processes"
    # Set stdout=PIPE in every subprocess except the last
    for i in args[:-1]:
        i["stdout"] = subprocess.PIPE

    # Runs all subprocesses connecting stdins and stdouts to create the
    # pipeline. Closes stdouts to avoid deadlocks.
    popens = [subprocess.Popen(**args[0])]
    for i in range(1,len(args)):
        args[i]["stdin"] = popens[i-1].stdout
        popens.append(subprocess.Popen(**args[i]))
        popens[i-1].stdout.close()

    # Returns the array of subprocesses just created
    return popens

At this point, it's nice to write a function that waits for the whole pipeline to terminate and returns an array of result codes:

def pipe_wait(popens):
    '''
    Given an array of Popen objects returned by the
    pipe method, wait for all processes to terminate
    and return the array with their return values.
    '''
    results = [0] * len(popens)
    while popens:
        last = popens.pop(-1)
        results[len(popens)] = last.wait()
    return results

And, look and behold, we can now easily run a pipeline and get the return codes of every single process in it:

process1 = dict(args='sleep 1; grep line2 testfile', shell=True)
process2 = dict(args='awk \'{print $3}\'', shell=True)
process3 = dict(args='true', shell=True)
popens = pipe(process1, process2, process3)
result = pipe_wait(popens)
print result

01 July, 2009 07:08AM

hackergotchi for Raphael

Raphael Geissert

Account Created

Here I am, more than 19 months later, but am finally a DD :)

Many thanks to everyone who contributed to my NM process, especially anibal (my advocate), faw (my AM), and myon (fd/dam).

Timing is perfect, I planned a mass NMU day to fix bashisms :D

01 July, 2009 04:14AM by Raphael

June 30, 2009

hackergotchi for Martin Zobel-Helas

Martin Zobel-Helas

Switched to Movable Type

After a long period of not-blogging, i decided to relaunch my blog using MovableType. Yes, i know ikiwiki does exist... ;-)

30 June, 2009 11:38PM

hackergotchi for Josselin Mouette

Josselin Mouette

Introducing dh_devlibs

Ever noticed how the dependency fields of development library packages are tedious to maintain? They are often:

  • out of sync with the build dependencies,
  • outdated regarding the actual requirements of pkg-config files,
  • and of course incorrect whenever libtool decides to add tons of unneeded dependencies.

In order to improve the situation a bit, I have written a debhelper script to handle development libraries and generate automatically these dependencies in a ${dev:Depends} variable, using the pkg-config information. I have requested its inclusion in debhelper, but in the meantime, I’d appreciate if people could test it against various library packages so that its potential bugs can be fixed; this could surely convince Joey to accept it faster.

Here you go: dh_devlibs.

The next step in this direction is to do some automatic validation of build-dependencies. The first approach I thought of requires some improvements in pkg-config, but given how this package is maintained, I’m afraid it will require some time. There are other possibilities involving diversions, so it is still possible that something good comes out of this.

30 June, 2009 05:19PM

Adeodato Simó

Oposiciones, or working for the Spanish administration

In Spain, in order to work for the public administration, you have to go through this selection process called Oposiciones, which are basically an exam and other tests after which candidates are sorted by their combined grade, and available positions are handed out to them in that order. I assume every country has something to the same effect.

In Spain at least, the position thus obtained is to be held for life, meaning you cannot be fired unless you incur in extremely unacceptable behavior (and then, as far as I know, most of the time you just get barred from work for a number of months, after which you return normally). Because of this, many a mother advices their children to prepare for one of these exams, and many people decide to do so particularly in times like these. The people who occupy such positions are called funcionarios, and there’s this même in Spanish society that they all work very relaxedly, to use an euphemism, particularly those in offices. (It must be very upsetting to be a diligent funcionario, and be made the same snide remarks again and again when revealing yourself as one.)

I really don’t understand why this is done this way, and can’t possibly agree to it. Of course, the State above all should behave responsibly and provide with stable employment, but I can’t see why its employees shouldn’t be held up to the same standards of quality as the citizens employed by private companies. Isn’t just «for-life employment» a recipe for people lowering their standards? If there’s no risk of getting sacked, isn’t that an invitation —at least for many people— to performing a sub-par job? (A person I know who’s preparing Oposiciones to be a teacher in Primary school told me that, in fact, such fact would give her much freedom to implement more modern teaching methods without fear of consequences, for they are regarded as very unconventional by most, but my impression is that she’s the exception rather than the rule.)

Speaking of Education, here in Spain there’s a special degree you have to pursue if you want to be a teacher in Primary school. However, to be a teacher in Secondary school, any degree will do, as long as you attended upon completion to a laughable 4-month course on “how to teach”. Because of this, people with random degrees and no interest in teaching whatsoever decide every year that Secondary school is their best bet to a funcionario position, and go for it. Which, I muse, perhaps plays some kind of role in the state of Education around here — but that is going into muddy waters, and I rather wouldn’t. (I’m told that this laughable 4-month course is being morphed into some kind of 1-year Master with exams and grades and shit. Well, I guess that’s something.)

Oh, and by the way, greetings to all the diligent funcionarios out there, including the teachers that live for their teaching and their students: you rock!

30 June, 2009 04:58PM

hackergotchi for

Julien Blache

Digi AccelePort drivers updated to 1.3-15; now for Lenny

This is yet another “beta” release from Digi from a few months ago.

I had to patch the driver to build with a 2.6.26 kernel, as neither versions of the code would build against that version. Lenny ships with 2.6.26, so that would have meant no dgap drivers on Lenny. I’ve tested the patched driver and haven’t noticed anything obvious while doing so.

The drivers are now built for Lenny; if you need them on Etch, a simple rebuild from source will do. Previous versions are still available in the pool, under the old/ directory.

APT source line, now changed:

deb http://debian.technologeek.org/ lenny non-free

Feedback at the usual address.

30 June, 2009 04:29PM by jblache

hackergotchi for

Alexander Reichle-Schmehl

Dear Richard,

in answer to your open letter Why free software shouldn't depend on Mono or C# I like to explain a small misunderstanding that seems to have been spread pretty wide recently.

Debian has not to include Mono in the default installation, for the sake of Tomboy. The default installation – or to be more precise: The default GNOME installation (there are installation media which install an KDE, Xfce or LXDE desktop by default, too) – hasn't changed. It still installs a more or less minimal Gnome Desktop without tomboy and without mono. As far as I know there haven't been major changes in package selection for the GNOME installation media, nor are there major changes planed.

What really has changed is that one of our meta packages, which are mainly used to install a set of packages. Indeed our meta package to install everything gnome related got a dependency on Tomboy and will indeed pull in mono, too.

That doesn't have any effect on the default installation (which doesn't use that package) nor does it effect a major part of Debian's GNOME users, who prefer to install gnome-desktop (a meta package to pull in a simple GNOME Desktop) or even the gnome-core meta-package (which installs the bare necessities to run GNOME applications). Please see the numbers at our popularity contest system for yourself.

So, Debian didn't change the default installation (whatever that's supposed to be) but the dependency of a package which is used by a minority of our users who explicitly wishes to install everything GNOME related (which is to the best of my knowledge in accordance with upstream developers who added tomboy to the default GNOME installation, too).

Yours truly,
Alexander Reichle-Schmehl
Debian Developer and Spokesperson

30 June, 2009 12:57PM by Alexander Reichle-Schmehl (alexander@schmehl.info)

Biella Coleman

Academic Publishing

Last spring I secured a Creative Commons license for my book, which is under contract with Princeton University Press. It was was a huge relief for me as I want to publish with PUP but knew there was a serious contradiction if I published a book on Free Software under a copyright license (sort of like printing a Hindu prayer book on leather…).

This article in the chronicle Saving Texts From Oblivion, which opens with a fascinating though unsurprising finding, points to other reasons why an open license is a sensible thing to do, that is, if you want students to read your book:

At a focus group in Oxford University Press’s offices in New York last month, we heard that in a recent essay assignment for a Columbia University classics class, 70 percent of the undergraduates had cited a book published in 1900, even though it had not been on any reading list and had long been overlooked in the world of classics scholarship. Why so many of the students had suddenly discovered a 109-year-old work and dragged it out of obscurity in preference to the excellent modern works on their reading lists is simple: The full text of the 1900 work is online, available on Google Book Search; the modern works are not.

The article, written by Oxford’s editor, has an interesting set arguments about why to support the Google book settlement. It does not, however, really address the question of book piracy, which if anyone has taken a minute to explore, will notice that it is a booming underground economy and the quality of the books is utterly fantastic.

Given these conditions: what will the academic publishers do? No one, at least in academia, wants them to go under and yet conditions have made it difficult for them to survive. I do hope that some interesting solutions, with the financial aid of university support (after all, many are calling for open access) are hacked up.

Calling for tighter copyright controls as this famous judge has done in the case of newspapers is not the path that I hope anyone entertains. In fact, releasing books after a year or two under a CC license might be one path to take, along with providing affordable e-books so that those who do want to support authors and books buy them instead of hitting the pirate stands.

30 June, 2009 12:56PM by Biella

Francois Marier

Writing the perfect patch

Other people have written and talked (in Lecture 3) about writing the perfect patch for a Free Software project. The goal there is to increase the likelihood that a patch will be accepted by the project developers.

Integrating and testing patches takes time and so reducing that burden is essential when interacting with busy maintainers. Especially if they're volunteers.

Here's what I try to keep in mind when preparing a patch.

Use the right options to diff

These two options should always be part of your call to the diff command:
  • -u: use the most common patch format, unidiff.
  • -p: include the name of the function that's being changed.
and this one can be useful if the output seems unnecessarily large:
  • -d: try hard to find a smaller set of changes.

Minimize the number of changes

You need to draw attention to the changes that you're proposing and remove all other potential distractions:
  • Follow the coding style of the original file. Your changes must fully blend in or they are likely to be rejected.
  • Do not re-indent existing code. This will make it look like you modified every line.
  • Pay attention to whitespace changes. In particular: end-of-line characters, trailing spaces and tab-versus-space differences. Use the dos2unix or unix2dos commands if you need to.
  • Gratuitous refactoring of existing code. Unless the refactoring makes your change smaller or easier to understand, keep it for another patch.
Of course all of the above would be acceptable patches on their own, just not combined with other types of changes.

Only one logical change at a time

Patches often need to be broken up into a series of logical changes to avoid these two extremes:
  • the gigantic patch which adds a number of features and fixes a couple of bugs but scares everybody
  • a series of interdependent patches which all relate to the same change and must all be applied together
It's a bit of a balancing act, but a good rule of thumb is:
  • to have one patch per feature or bug and
  • to try to find the smallest (yet meaningful) change which can be applied on its own.

It's not just about the patch

Your patch can be really good, but the email (or the bug tracker update) announcing it should also contain:
  • a good description of the problem it solves and how it solves it
  • the output of diffstat to give an idea of the size of the change

30 June, 2009 12:10PM by François (fmarier@gmail.com)

Jeff Bailey

Google Montreal

Heya! I've had people occasionally ask me what the Google office in Montreal is like. Usually pictures aren't allowed in Google offices, so it's nice to have a whole bunch in the Gazette:

http://communities.canada.com/montrealgazette/blogs/tech/archive/2009/06/26/a-visit-to-google-s-montreal-office.aspx

30 June, 2009 11:18AM

Florian Maier

Distributing virtually boxed applications

virtualbox logo

Our DebConf BoF titled "Distributing virtually boxed applications" has been scheduled!

We'll present a system to distribute virtualbox images. The system images are shared by all
users, immutable and updateable, and a small persistent virtual disk for the data is generated on the fly.

The BoF introduces this solution to anyone interested in getting from .vdi to .deb and invites you to join a
discussion about the pros and cons of this approach.

Feel free to ping me with any questions.

read more

30 June, 2009 10:20AM by flo

Fabio Tranchitella

Mobile internet in France and Spain?

Dear Lazyweb,

I'm starting my trip to attend the Debconf. I wonder if there is an internet provider in France and Spain which can provide me a pre-paid mobile internet subscription (all in all, I only need one month) at a reasonable price.

Thanks!

30 June, 2009 08:37AM

Russ Allbery

New desktop

Saturday, I finally built the new desktop system for work, which I also use as my primary home directory and mail server and a build system for Debian packages and other software. Today, I switched over to the new system. It's pretty and much faster, and also has the advantage of being built within the last five years, so I don't have to worry as much about the hard drive dying.

The new system is an HP Firebird 802, bought straight off their web site. The drawback from a Debian perspective is that it uses nVidia motherboard video (nForce 760i SLI), but it's supported by the non-free Linux drivers (despite being missing from the README). I'd prefer ATI or Intel video with free drivers, but not enough to veto the system for it. Otherwise, it's water-cooled, very quiet, and has a four-core Intel processor, 4GB of memory, and two 250GB hard drives.

I kept notes on the build and configuration in case they prove helpful for anyone else.

This is the first time I've built a system with LVM, and I even did an online resize of the root logical volume since the installer used an extremely small 7GB default size and I couldn't figure out the easy way to increase it in the installer. I like the flexibility of allocating space as I need it into separate logical volumes.

30 June, 2009 04:49AM

hackergotchi for

Gunnar Wolf

My strongest rejection to the de-facto government in Honduras

I will here translate the text of a petition a friend is starting, which will be delivered to the Hondurean embassy in Mexico.

Original text in Spanish

In the early hours of Sunday, June 28 2009, the legal Hondurean president Manuel Zelaya was forcibly removed from his position. A coup de etat, perpetrated by the Hondurean army, air force and navy, and with the consent of the Supreme Court. In his place, they imposed Roberto Micheleti, until then the Senate president, a conservative politician (although he is formally part of the Liberal party).

The coup took place because many areas of the government oppose the presidential initiative to start a referendum geared towards starting a Constitutive Congress, among whose ideas were to implement reforms allowing for the immediate presidential reelection for a second term.

Forcibly ousting a democratically elected government is nothing other than anti-democratic. The coup has made the world's eyes to be set on Honduras, unanimously condemning this incident in a strong and immediate way. The people has been left blind and deaf; the communication media -both traditional and Internet-based- has been blocked. Not only freedom of press and freedom of speech have been blocked. People are crying for the reestablishment of the legally elected government. There is a national strike, the unions have protested massively. This coup has been received by a generalized popular rejection; as the only answer to the protestors, Micheletti has set a curfew, and the army is dissolving the demonstrations with tear gas and long weapons; in some hours we might see them using heavy vehicles against the civilians.

Latin American brothers, we must condemn, if at least symbolically, our rejection to the imposed Honduras government, our rejection to the human rights and individual warranties obstruction.

This humble text was written to collect digital signatures from all those who oppose the violence that this Central American country is suffering. Those that passively just want to express the collective feeling, those that feel a social, civil and human empathy towards what is happening beyond our territorial borders.

Every symbolic act, such as this one, does not weigh much by itself. But by making ourselves present by thousands, through different callings, we can generate enough pressure to incede in those sad actions.

Sign the petition

30 June, 2009 02:39AM by gwolf

hackergotchi for Martín Ferrari (Martin.Ferrari@gmail.com)

Martín Ferrari

Community service

While playing with different ways to bypass the stupid firewall that I have at my current home, I found that the Google servers for XMPP/Jabber/Gtalk accept connections on port 443. So, next time you cannot connect with the standard 5222 port, you know what to try.

Tags: Planet Lugfi, Planet Debian

30 June, 2009 02:22AM by Martín Ferrari (Martin.Ferrari@gmail.com)

hackergotchi for Kenshi Muto

Kenshi Muto

Oh my...

Yesterday Debconf provisional schedule was announced. Thanks Debconf team for your hard work!

But I understood I couldn't attend some interesting sessions and keysign party due to my schedule... I have to leave Caceres on 29 July afternoon. I made a big mistake about my travel plan.

OK, so I'll try to exchange keysign personally during the conference and watch the talks later when Debconf video team create them.

30 June, 2009 01:34AM by Kenshi Muto

hackergotchi for

Jonathan Yu

How You Define Yourself


Recently there was a thread on the Google Summer of Code students’ list discussing gender dynamics in open source, but more broadly, interactions between those of different genders (mainly the discussion was simplified to be a discussion of sexes, which I think demonstrates the lack of understanding of the difference between gender and sex. But I suppose that’s a blog post for another day).

It was noted that many of the women on the list have blog addresses and other details that quickly self-identify the authors as female. There was discussion about whether this is a good thing or not, and the possible reasons behind it.

Here is what I wrote:

I think what you mention about yourself shows the world what you think about yourself, and what you consider yourself.

If first and foremost you associate your identity with being female (or male) or straight (or not)… then I guess that’s your prerogative.

But I, for one, am not /just/ an Asian male. I’m not just a Computer Science student. I’m not just a coder. I’m not just an Engineering student. I’m not just 20-years old. I’m not just a blogger. I’m not just an Open Source contributor. I’m not just an advocate of strange and often unpopular ideas.

I am a human being, with many dimensions. And I don’t try to simplify it by putting myself in a box and categorizing myself as anything.

I think that the key is just to understand everyone for who they are, and part of that is being somewhat ambiguous. As Leslie [Hawthorne] somewhat alluded to, it’s about managing people’s preconceptions about you.

I do not actively try to hide that I am male, or that I am Asian (you might guess that from my last name). There are all sorts of preconceptions people might have about things, and there are lots of -isms we should seek to avoid. (I’m Asian – maybe that means I’m a bad driver, and that I can’t pronounce Rs. I’m male – maybe I’m violent. I’m in Computer Science, presumably that means I play Dungeons & Dragons with my classmates on the weekends. I’m in Engineering, maybe that means I’m sexist.)

The reality is: none of these things should matter, nor should they define you.

Just be yourself. You show to the world what you consider relevant about yourself.

And for what it’s worth, I found out the other day that someone I respect and admire in the open source community is a teenager. Somewhere around 15 years old. It’s impressive, really. I look up to him, because he’s a really smart guy. But that wasn’t something he brought up right away; his nickname wasn’t “smartdude15″ or anything
like that. That’s the magic of open source, and the Internet — I judged him purely on his knowledge. And once I did find out, I thought to myself… Wow, would I have thought the same thing of him if I knew his age right away? Would I have even given him a chance, or would I just dismiss everything he said as something an immature teenager might say?

I think along with sexism there are tons of other issues to worry about, like racism (consider how difficult it is in some cultures, and even in Western culture, to be really accepted if you are gay, lesbian, transgender, bisexual, two-spirited, asexual, intersex…) In fact, being gay was considered a disease until relatively recently.

I’m glad for all the progress women have made in the past several decades. Not everyone has reached a point where they are accepted in mainstream society, and not everyone feels comfortable announcing certain details about themselves.

If *all* you are is a woman in a male-dominated world, then I feel sorry for you. I truly, truly do. Because none of the women I respect and admire are that. They are, first, talented Engineers, Scientists and Programmers, who are only incidentally female. Being female isn’t something that really identifies them any more than the colour of their skin, hair or eyes. No, no, they are talented, and that is, in the end, all I care about, and that is one reason I am grateful for Open Source — because you oftentimes don’t meet the people you are working with all the time in real life, so you cannot judge them on anything other than their ability.

Posted in Computer Science, Engineering, Peer Relationships, Relationships Tagged: Community Dynamics, Equity, Gender Discrimination, Google Summer of Code

30 June, 2009 12:05AM by Jonathan Yu

June 29, 2009

Anand Kumria

My last five girlfriends …

Going to see films has been, for me, usually a solitary exercise.

Either no one was interested in seeing what I wanted to, my tastes are somewhat elceltic. Or they wanted to see that right at the beginning or right at the end.

Fortunately there are film festivals where other people with eclectic tastes gather. And even more fortuitously there is one in Edinburgh.

Whilst I would have loved to see some films during working hours -- that was not to be. Instead I saw My Last 5 Girlfriends. It stars Brendan Patricks and, judging by the swooning going on in the audience, he is likely to be the Hugh Grant of his time. The story is a cross between Eternal Sunshine of the Spotless Mind and Being John Malkovich in style.

Most of the girlfriend scenes are what you expect them to be: alternatively predictable, funny and often cringe-worthy. That is not because the script is bad, actually it is the opposite. It is due to the fact that everyone has gone through this exact set of problems and issues with girlfriends. If you get the chance, well worth seeing. ★★★★☆

Oscar Redding wrote and stares in Van Dieman's Land. The movie is graphic, haunting and beautifully shot. In particular I liked the fact that there was little "flinching".

If the guys had to cross the river, the camera was setup and the guys crossed. Buttocks and all.

If the guys had to hit someone, and they were still not dead. You hit them again. And again.

If you want 'popcorn' entertainment, this isn't for you. Why isn't this a 5? Basically — even though I was unaware of the original historical story — I felt that the ending of the film was telegraphed too early. ★★★★☆

29 June, 2009 10:37PM

Mike Hommey

I created a monster

This post has been posted with the following monster:

Mozilla/5.0 (X11; U; Linux x86_64; en-US; rv:1.9.1) Gecko/20090629 Iceweasel/3.0.11 (Debian-3.0.11-1)

For those not following or not very much aware of what it means, this is Iceweasel/Firefox 3.0 using the engine from Iceweasel/Firefox 3.5. And except a few components, it seems to work fine. And the demos for Firefox 3.5 from hack.mozilla.org all work as expected.

The xulrunner 1.9.1 package I’m using still needs more polishing before upload, though.

29 June, 2009 10:26PM by glandium

Jon Dowland

introducing ufo

For the last two years, I have been quietly working on a computer game influenced heavily by the classic UFO: Enemy Unknown.

The game is nowhere near complete and probably of little interest to most people. However, I have recently had the urge to write about things which have come up during development of the game. I've held of doing so since I hadn't actually announced the game.

Consider this an announcement of sorts. The super-early, basically not interesting source and binaries for win32 together with some documentation are available at http://ufo.alcopop.org/. This post serves to get the introduction out of the way so that in future, I can write about interesting things that have come up in the course of development.

29 June, 2009 09:25PM by Jon Dowland

hackergotchi for

Pablo Lorenzzoni

FISL10 day 4

Today I finally went to attend some lectures. I decided that since I was to give one and Arena was over, I was allowed to just sit there and pretend I was just attending FISL10 and not organizing it.

Well, first things first. My lecture was on my fork to implement PubSub in XMPP4R-Simple. Nothing really fancy, just describing what we’re doing in Propus with that fork. I can upload the slides if somebody asks to, but everything there’s to know about it is in the code.

After having had lunch with some friends and talking with others I haven’t seen since last year (and that I still hadn’t seen in FISL), I went to the Key Signing Party we organized. That went fine. We had 114 different keys sent, but just 42 showed up for the party (including my 2). I don’t know what is the average in other parties, but I think it was enough given we had the competition of other 12 other activities, and it was a first-time experience.

Later I attended to High-Speed Cryptography and DNSCurve lecture by DJB, which was a really amazing talk. I was moderator for a panel between him and Frederico Neves on Wednesday (as I told you before), and I was present when they debated about NSEC3 and how prone to enumeration attacks it is. Frederico challenged DJB to enumerate NIC.br’s NSEC3 testing network under sec3.br. In this talk he told the audience that he enumerated 23 of the 26 hosts in that network just using desktop-level computers (and not some fancy Gigaflop crypto-breaker station)... that is until he had to prepare the last talk. (I am guessing, but he described the technique here)...

After I just learned how to Fail Faster and Succeed Sooner with Michael Tiemann, another good lecture in which Tiemann told how Fedora is coming from failure to failure until the successful last releases (and how did that tied up with RHEL strategy).

Then I went to the Panel on Electronic Frontier, one I was most curious to go. Really interesting panel talking about freedom in the Internet and how we, as citizens, have to oppose anything that takes away this freedom. One of the many good ideas I learned from that panel was how to fight against traffic shaping (one of the many things almost all ISP does in Brazil and don’t say a word about): building our own Community ISP. I found it an interesting idea, but have to research on how it fits in Brazilian legislation (it may even be unlawful).

My initial intent was to escape before the end of that panel in order to attend the session were DJB would announce this year’s Programming Arena winner group. But before I could get out, Marcelo Branco called me to join the panel in his place, since he had to take care of the proceedings to FISL10 final session. So that was it. I still have to ask Organization Committee who own the Arena…

The final session was kind of crazy. The usual announcements of numbers and a presentation of a piece of President Lula speech. Jon ‘maddog’ Hall recorded a video of the audience inviting Linus to come. It were also announced that FISL11 will be in Usina do Gasômetro. I am not too excited about this place, and I still doubt it’ll be ready to hold an event such as FISL… I’ll just play “wait and see” ;)

As usual, FISL10 most lasting “side-effect” was to see old friends. I am already missing people I am sure I’ll just see again next FISL

I’d like to thank all the people that came to FISL10. Hope you enjoyed and come back for FISL11.

29 June, 2009 08:04PM by spectra

Stefano Zacchiroli

turbogears 2 packaging - take 6

TurboGears 2 packaging - now all is available (in experimental/NEW)

Still very busy days, I'll end up traveling wednesday, probably. But good news in the mean time: some days ago I've completed the packaging of all needed pieces which are now in experimental/NEW. More detailed news:

  • ToscaWidgets has seen a new upstream release, now packaged
  • tw.forms has been packaged as a ToscaWidgets contrib
  • python-catwalk: has been first ITP-ed + and then uploaded to experimental/NEW
  • sprox: idem, ITP + upload to experimental/NEW

Now all the pieces are there. Unfortunately, my repository is not still usable out of the box, since a couple of packages from the Zope team are in NEW (zope.sqlalchemy and transaction) and I've hit some bug of van.pydeb while trying to rebuild them.

Stay tuned, we're converging ...

29 June, 2009 04:40PM

hackergotchi for Martin-Éric (noreply@blogger.com)

Martin-Éric Racine

Aftermath of the Magma/Helsinki Times survey on Swedish

While searching the blogosphere for responses to the survey on Swedish culture in Finland, I came across this interesting gem [translated and commented in Finnish on Suomi 24] by Vasa Bladet columnist Kenneth Myntti.

After summarizing the findings of the survey that was conducted by Magma and the Helsinki Times, he moved on to describing my efforts for getting access to Swedish language classes and how it lead me to directly contact the Ministry of Employment on this issue.

Myntti then concludes the article by making a rather astute observation (my own translation; apologies for any inaccuracy):

Racine simply would not give up so easily. He took the initiative to approach the Ministry of Labor with a proposal that any foreigner who already passed level 4 of the National Certification in Finnish Proficiency would be admissible to study Swedish via labor training. It was he who approached the Ministry, not the Ministry who approached him.

Is this really how things are supposed to be? Are immigrants really expected to battle the bureaucracy just to become a part of this country's Swedish-speaking community?

Of course not. It should be up to us to have our own "Swedish Finn operatives" inside the bureaucracy and parliament, knocking on doors and driving changes in policy to ensure that immigrants can have the option to integrate with the Swedish-speaking part of the population, if they want to.

The Swedish language has a status that is equal to the Finnish language in this country's constitution and a direct consequence of that ought to be a possibility to take Swedish classes on equal footing with Finnish classes for those who chose to immigrate to our country.

That Swedish is considered easier to learn than Finnish should in fact increase foreigners' interest in choosing Swedish as their primary integration language.

From that perspective, we could even complement Racine's proposal by saying that any foreigner who already achieved a sufficient level of proficiency in Swedish could be offered Finnish classes afterwards.

In my opinion, Myntti is absolutely right. If Swedish's status as an official language of Finland is to have any meaning, then it must be possible to study it via Integration Act measures. However, this country's majority speaks and has always spoken Finnish. As such, I think that it makes perfect sense to put the emphasis on Finnish as the primary integration language.

Still, I'll emphasize that this doesn't dispense this Government from acquitting its constitutional obligations to safeguard the status of both official languages and, as a direct consequence, to ensure that immigrants get equal access to immigrant labor training in both national languages.

Basically, for as long as Swedish retains its official language status, there can be no excuse for preventing immigrants from getting Swedish classes via the Integration Act measures!

On a related matter...

On the issue of whether or not Swedish should be reinstated as a compulsory subject for the matriculation exam, Prime Minister Vanhanen said in Iltasanomat that:

Youths who couldn't give a damn about studying Swedish significantly reduce their opportunities on the job market and they concede a tremendous advantage to others who do speak it.

What's interesting about Vanhanen's opinion is that, while he correctly acknowledges how a Finnish professional who doesn't master Swedish could be seriously disadvantaged on the job market, he clearly doesn't realize how an immigrant who only knows one of the official languages could similarly be affected. I wonder why...

29 June, 2009 04:24PM by Martin-Éric (noreply@blogger.com)

hackergotchi for Holger Levsen

Holger Levsen

email nirvana - i has it!

In August 2007 I saw inbox zero and realised I really need to treat my email like this (basically: no procastrination, do stuff immediatly or put in proper todo lists, don't check mail all the time). Since about a month I manage to deal with my inbox so that I was down to 1-10 mails, which already was a huge improvement and since 10 days I'm finally down to zero - and this feels really good: When checking new mails I'm not constantly (several times a day) reminded of old stuff I still need to do (and constantly mark it 'unread' so that I don't forget, which also takes time) and so it's much faster and also a lot lighter on my brain and multitasking capabilities. It totally rocks my world and I cannot believe I've lived so long with so much email the old way... I get about 500 per day, lots of system mails but more from mailinglists and until a month I'd say I spent more than an hour on it in average, while now it's down to 30min, or less. Which IMO is acceptable for that amount of information and communication :-)

If you are stuck with too many emails, watch that movie and just do it. Or do something else ;-)

29 June, 2009 02:22PM

hackergotchi for

MJ Ray

Possible new word: attendocracy?

I think I’ve just made up another new word (to go alongside my pet hate lawyerbomb):

attendocracy
a whole society run mainly by meeting attendees. Usually, the meetings are basically non-discriminatory (all members may attend) and attendance is itself enough to give one power, but those not at the meeting are positively ignored (no postal ballots or elections). Choice of location, price and time of meetings is key to power in an attendocratic society.

Did this word exist? Is there another existing word for this idea? Is it the same as meetingocracy? Is there a better word for it?

I’m broadly in favour of do-ocracy (even when it doesn’t work out as I want), so I think I’ve been handling attendocracies badly. Are they worth the time?

29 June, 2009 01:49PM by MJ Ray

Heatwave!

Well, what passes for a heat wave in England: “an average threshold temperature is 30 °C by day and 15 °C overnight” according to the Met Office: Heat-Health Watch.

So, I’ll be following HOWTO not melt - keeping cool at midsummer again. Anyone got any new tips or tricks for 2009?

Finally, one of TTLLP’s full-timers is away this week, so enquiries may get saved and answered in batches. If it’s urgent, please put “urgent” in the subject line of an email.

29 June, 2009 01:26PM by MJ Ray

Ana Beatriz Guerrero Lopez

DebConf provisional schedule draft and holidays

Good news, the DebConf provisional schedule is finally available. If you see any problem, please, let us to know at schedule@debconf.org

If you are interested in Debian and Free Software and close to Cáceres, you are very welcome to come to the Debian Open Day on 24th July. The schedule for the Open Day is still not closed but you can see some of the planned talks already.

They were 2 long days trying to put it all together. What I was planning to do last weekend was mostly planning my holidays through Iceland, but ended doing this instead. Funnily, what Andreas Tille was mostly planning to do in the weekend was the DebConf scheduling, but he spend some hours in the saturday writing a mail about Iceland that has almost become my planning for the holidays :)
He documented his mail with some of his great pictures. If you were amazed by earlier pictures of Iceland in Planet Debian, check Andreas’ !

29 June, 2009 09:33AM by ana

Jérémie Corbier

One more step toward Intel-based mobile phones?

Intel and Nokia announced yesterday their opensource telephony solution, oFono. In addition to that, it looks like Intel is hiring 3G Software Integration Engineers and 3G System Architects in Sophia-Antipolis, France.

It is quite easy to jump to the conclusion that there is something going on there, isn't it?

Update:

Intel and Nokia Announce Strategic Relationship to Shape Next Era of Mobile
Computing Innovation
[...]
The Intel and Nokia effort includes collaboration in several open source
mobile Linux software projects. Intel will also acquire a Nokia HSPA/3G
modem IP license for use in future products.

Source: Intel News Release

29 June, 2009 07:51AM

hackergotchi for Andrew Pollock

Andrew Pollock

[life] Moon

At some point in the past I read a plot summary for Moon and it immediately tickled my fancy. I added it to our Netflix queue and promptly forgot about it until Nigel was raving about it at work on Friday.

I watched the trailer and was immediately sold on it.

I caught it today with Matt. Absolutely fantastic. I don't want to try and describe it very much because I'll just give too much away. A definite must see if you like Sci Fi of the Kubrick variety. I have no idea why this film is having such a limited release.

29 June, 2009 12:29AM

June 28, 2009

hackergotchi for Bernd Zeimetz

Bernd Zeimetz

looking for a grip replacement

Today was the first day I needed a tool to rip an audio CD after the removal of grip from testing/unstable. Unfortunately I did not find an appropriate replacement yet. At the moment I'm using asunder, which is nice, but missing a lot of the features grip had.

Dear lazyweb, is there a proper replacement for grip out there, or is anybody willing to take over the upstream maintenance for grip?

28 June, 2009 09:58PM

hackergotchi for

Pablo Lorenzzoni

FISL10 day 3 - the day I met the President

I am a little behind on the reports on FISL, but so much has got my attention during it that blogging was just put in second. I will catch up today, hopefully.

So, during the night of day 2, all those measures I mentioned had to be put in place. That was when I learned that I was suppose to be one of the selected lecturers to meet President Lula in private, representing small free software companies (how awesome!). Others include Peter Sunde, Bdale Garbee, Jon ‘maddog’ Hall, Richard Stallman, Marcelo Tosatti, Pau Garcia-Milá, Sérgio Amadeu, Marcos Mazoni, Ana Amorin, Bruno Souza, Marcelo Branco, Sady Jacques and Mário Teza.

I was told to dress accordingly… I asked what “accordingly” meant (we were in a free software event: jeans and t-shirt seemed “accordingly” to me)... but no reasoning was taken: I had to wear a tie.

Next day I went to PUCRS early, in order to prepare some lines and gather some data I could mention to the President. Something like Free Software adoption rate, which is around 26% per year, or the 134 million USD that this market moved just last year. I would also ask the President to enforce the Free Software priority in training programs sponsored by the Federal Government. I knew I would not have time for a speech or the like, and that this would be more an informal meeting… This, though, was even more difficult to prepare (I would prefer a speech!).

So, I got my pin and went to the Arena to wait for the scheduled evacuation, after which, I was told to wait in the private room, for the President arrival. I was there with the rest of the selected lecturers, so I couldn’t see when he arrived. People told me that he went all around the exposition area, and the user group area, shaking hands and being photographed with everybody there. He even entered the Programming Arena and told the contenders they were “genius” (after all, the Programming Arena was his idea, 3 years ago). People in Debian booth told me he entered the booth and wore a Debian hat…

When he finally entered the private room, everybody had about 2-3 minutes with him in the middle of a circle. Presidential photographer took lots of pictures we were told will be sent to us later this week, but of course some of us also took our own pictures. Some of those are below, taken from Sergio Amadeu’s camera:

Marcelo Branco, President Lula and I

Peter Sunde, Sérgio Amadeu, Marcelo Tosatti - in blue, behind Sérgio -, Richard Stallman, I, Bdale Garbee, Dep. Paulo Pimenta, and President Lula

Jon ‘maddog’ Hall gave him a Tux pin and a DVD with a animation produced only with Free Software (I cannot recall the title). Richard Stallman gave him a printed version of his book. Marcos Mazoni gave him a small totem with the stamp celebrating 10 years of FISL (the stamp was an idea I had two years ago but that we couldn’t do by ourselves – Mazoni’s SERPRO had the same idea and actually did it), and all others (including myself) just told him what we where there for. For me, in particular, he asked where I was born and how I went from being a doctor to own a free software company. I had the impression somebody already told him about me beforehand (Mário or Marcelo, for sure). I told him I was doing both right now… he smiled, hugged me and went on to the next of us.

After that, we were told to take our places in the audience room (FISL3 room in the map), where we heard Marcelo Branco, FISL10 coordinator, Dilma Rousseff, minister of Civil House (and appointed to succeed Lula), and President Lula. It’s easy to find this audience in youtube. Most interesting part of Lula speech, IMHO, can be loosely translated into English as:

I remember the first meeting we had at Granja do Torto [which is the presidential country residence – similar to Camp David, but less aristocratic], in which I understood absolutely nothing about what these people were discussing, and there was an enormous tension between those defending the adoption of Free Software by Brazil and those defending we should just do what we always did – remain the same, buying and paying for others’ intelligence. Thanks God, in our country, the decision to adopt Free Software prevailed.

He also said many things that pleased the audience. People raised a banner asking him to block Azeredo’s bill, and he said the bill was equivalent to censorship and that in Brazil it is “forbidden to forbid”.

After those speeches, he went to some other appointments, and the day 3 of FISL10 was over. I just wish that, if any President comes to FISL again, we’d be warned in advance, so we can prepare the map accordingly, and not have to run last-minute preparations. All in all, a great participation. I think all the hassle we had because of his coming were hugely compensated by what he said.

28 June, 2009 07:07PM by spectra

John Goerzen

Review: Google Voice

I got my Google Voice invitation over the weekend, and thought I’d share a bit about what it does and how well it works.

The Basics

The idea about Google Voice (formerly GrandCentral, which Google acquired) is this: lots of us have more than one phone, and it would be nice to have a single number to give out that will reach us on any of these phones.

So, when you sign up for Google Voice (I’ll call it GV for the rest of the article), you pick a new phone number. Then, you tell GV about your other phones. Whenever someone calls your GV number, all the phones you’ve associated with that number will ring. When you pick up at a given phone, you can talk.

As somewhat of a side benefit, you can place long distance calls to anywhere in the continental USA for free via GV, as well as call internationally for rather competitive rates.

This sounded like a great idea to me. I have a continuing problem with this. I have a cell phone, work phone, and home phone. My cell phone gets poor reception both at work and at home. Also, at home, I may leave it in the bedroom but spend most of the day downstairs, and not even hear it.

But a lot of people are confused by this. They call the cell phone only, assuming that it will reach me wherever I am. Sometimes no amount of saying “call work or home first” seems to get through, or if they do call one of those, they only leave a voicemail on the cell, which is just as bad.

So the promise of Google Voice seemed very helpful.

Voicemail

GV, of course, has to centralize your voice mail as well. When someone is transferred to your GV voice mail box, GV will record a message like usual. It has a “transcription” feature which performs speech recognition and thus presents the message in both voice and text form in various places. General word is that the transcription ranges from moderately successful to mostly useless; I haven’t had enough experience yet to weigh in.

In any case, you can get your GV voice mail in a number of places: from any telephone in a standard manner, on the website, or my email. GV will email you the transcription of the message along with a link to the audio file, if you wish. It can also send an SMS to your cellphone when you’ve been left a new voicemail at GV. In this manner, GV voice mail can be almost as tightly integrated with your mobile phone as its built-in voice mail.

Call Screening

If call screening is enabled, the first time someone from a given phone number calls you, GV asks them for their name. Then it rings you, and plays the name when you pick up, giving you the opportunity to accept or reject the call. It also remembers the name given the first time someone calls you, and never asks them for it again as long as they call from the same number.

You can turn call screening on for everyone, off for everyone, or on only for people that don’t present valid caller ID.

There are some big caveats with call screening though; I’ll mention them below.

Call Presentation

By default, when someone calls your GV number, GV presents the original caller ID to each phone. When you answer the call, you aren’t immediately connected to the person. Rather, GV plays their name (if call screening is on), then gives you a menu: press 1 to accept, 2 to send straight to voicemail, 3 to send to voicemail while you listen, and 4 to accept and record the call. (If you pick #4, both parties are informed that the call is being recorded.)

This serves both a practical and a functional purpose. Functionally, it gives you some nice options for picking up a call and restores the old answering machine feature of listening to someone as they leave a message.

Practically, it gives GV affirmation that it was a human that picked up, and not the phone’s voice mail.

You can disable call presentation for all callers, for only certain callers, or for only certain devices. However, if you do so, you run the risk that the voice mail on the device, rather than the GV voice mail, may answer.

Phones and Scheduling

You can associate as many phones as you like with your GV account. You can tell GV when to ring the phones. So, for instance, it won’t bother ringing your home phone when you’re at work. A “simple” schedule just has three options: always ring this phone, ring it only on weekends, or only on weekdays.

You can set up “custom” schedules. This lets you give specific time ranges to accept calls on weekdays or weekends. But you can’t set up, say, one schedule for Mondays, Wednesdays, and Fridays and another for Tuesdays and Thursdays. Overall, it’s fine for me, but I can imagine that it would be rather frustrating for people that work nontraditional schedules.

You can temporarily disable receiving calls on a given device, or add a new device temporarily, but you can’t temporarily override the schedule and force a device to receive calls.

Adding a new device temporarily is done from a phone. It’s useful, for instance, if you’re traveling and want to receive calls at your hotel phone.

All other changes to these settings can only be made over the Internet.

VOIP

This may be their biggest missed opportunity for right now. The only VOIP support in GV is the ability to receive GV calls with a free Gizmo5 account. You can then associate devices to your Gizmo5 VOIP “number” with SIP. So, with GV, you can receive calls on any standard SIP device.

Unfortunately, you can’t call in to GV via SIP, so if you wanted to check your voicemail from Gizmo5, you’d have to pay long-distance to Gizmo to do so.

It seems to me that it would be cheaper for Google to let me dial in to GV via SIP than to have to accept those calls via POTS.

Problems with GV

These mostly fall into the category of “obvious features that aren’t there yet”. GV is still a very new service, so I’ll cut them some slack right now. Anyhow, here are some things I’ve noticed:

Once you’ve signed up for GV, you can’t change your GV number, ever. So if you move and want a local number in your new area, you’re out of luck. You’d have to create a new Google account, which could lead to maddening amounts of logging out and back in if you use other Google services such as Gmail on the account you registered GV to in the first place.

Moreover, you can only assign one GV number to an account. So, in our case, my wife and I would have to have separate Google accounts if we each got a GV number, even though many of our contacts are the same, and we share a home phone number.

Call screening is horribly broken for a common case: callers from a corporate PBX. Many corporations present the same caller ID for any of hundreds or thousands of internal phones. The first person from that company that calls you will record a name, and from then on, you’ll hear that name announced even for the dozens or hundreds of people at that company that may call you. There is no way to override this, tell it to forget the name, or any such thing. Even if you disable call screening for unblocked numbers, it STILL announces the name it first recorded. Jarring and annoying.

You can’t port an existing number to GV, though there is some indication you may be able to do so in the future.

GV won’t attach an audio recording of a message to an email; you just get a link to the audio recording in the email, so you can’t listen to your messages when you’re offline.

Conclusion

Overall, an interesting and useful service — I plan to try it out some more. But it obviously, to me anyhow, isn’t “finished” yet.

28 June, 2009 02:25PM by John Goerzen

hackergotchi for Steve Kemp

Steve Kemp

My hovercraft is full of eels.

Recently I've been seeing an awful lot more bounced mail addressed to my domains, to the extent that I now wonder whether they are deliberate "attacks".

Over the past four or five years I'd expect to receive one joe-job attack every six months. Over the past two that's risen to once every two months. For the past two months its been once a week.

I run several domains on my Xen guest, and most of those domains rarely have mail received, so there are only a few localparts. (A "localpart" is the bit before the @ sign in an email address.)

My main domain is steve.org.uk and unfortunately this was historically setup with "catchall" behaviour. I used that wildcard expansion pretty seriously so I had localparts such as "slashdot.org", "lwn.net", etc. Over time I've stopped making up new addresses and just stuck with "steve".

Still I'd never quite gotten round to enumerating all valid localparts, instead I tried to mitigate against these rare bounce storms with various simple hacks. For example the following procmail recipe to file away bounces:

#  Bounces
#
:0:
*(Return-Path:).*(<>)
.Automated.bounces/

However this doesn't work as well as it used to - too many idiots people are using challenge/response systems so I'll receive a reply to a mail I didn't send which doesn't look like a bounce (ie. There is a real envelope sender.)

In short blocking bounces by detecting an empty envelope sender is not a complete strategy these days. I started down the heuristic path blocking mail to "unlikely" localparts via patterns such as:

[0-9]@        DENY  Localparts never end in digits
,             DENY  Localparts never contain a comma
|             DENY  Localparts never contain PIPES.
^([^a-zA-Z])  DENY  Localparts start with a-z/A-Z
"             DENY  Quotes are never used in accounts on this system:
'             DENY  Quotes are never used in accounts on this system:

That was actually a simple change to make, via the addition of a new QPSMTPD plugin and it managed to block a lot of the bounceback spam - regardless of the envelope sender. For example:

IP:84.45.254.18    sender:<> Recipient:treacherously9@steve.org.uk
IP:203.202.253.252 sender:<> Recipient:envoyz0@steve.org.uk

Blocking "unlikely" localparts wasn't perfect, but without implementing BATV or enumerating valid localparts there wasn't too much else that I could do. In terms of numbers yesterday I blocked just over 18,500 messages with these six rules.

I also wrote a couple of cronjobs to look at the contents of the Automated.bonces folder so that I could add per-user rejections on the specific addresses being received - with some whitelisting.

(For example if I received 20+ bounces to fluffy32qp@steve.org.uk within the space of ten minutes I'd drop further mails to that address automatically.)

Anyway enough is enough. Today I woke up to just over 40,000 replies to mails I didn't send. I've now scanned my mail directories for all the email addresses I've ever used and will now only accept mail destined to those localparts.

Thankfully it turned out that since 1999 (when steve.org.uk was registered) I've only used about 150 distinct localparts, and many of those are now obsolete. So hopefully I'll now have less of a problem.

It seems to be paying off already:

62.193.234.95   wpc0505.host7x24.com  <>  virtual_rcpt_ok
    901     mail to subtotalingxa@steve.org.uk not accepted here (#5.1.1)

65.99.223.234   cobra.compukey.net    <>  virtual_rcpt_ok
     901     mail to suctionsw@steve.org.uk not accepted here (#5.1.1)

207.44.156.81   box19.fuitadnet.com   <>   virtual_rcpt_ok
     901     mail to reappearcum@steve.org.uk not accepted here (#5.1.1)

In the future this means I could still get flooded with bounces, but there will be two outcomes:

  • The bounces will not hit valid localparts and will be dropped easily, quickly, and cheaply.
  • The bounces will hit valid localparts:
    • Real bounces will end up in Automated.bounces/
    • Challenge/Response things will still reach me. Sigh.

Still this is progress and I can steal some ideas from this great spam filtering service (ahem) to improve the handling of those! (I explicitly chose to use a similar but different system for my personal mails. Even though my support system is on another box I want to avoid problems where failures requiring human intervention are swallowed in the same way that the original one was. Those kind of reasons mandate a similar system but different implementation.)

I guess I could publish some of the qpsmtpd plugins I use locally virtual_rcpt_ok, virtual_badusers, rcpt_pattern_test, etc. Then again most people who do funky things with qpsmtpd will have plenty of choice already.

ObFilm: Monty Python's Flying Circus. (OK technically not a film. Sums up my mood though.)

28 June, 2009 12:17PM

Russell Coker

Valgrind and OpenSSL

I’ve just filed Debian bug report #534534 about Valgrind/Helgrind reporting “Possible data race during write” [1]. I included a patch that seems to fix that problem (by checking whether a variable is not zero before setting it to zero). But on further testing with Valgrind 3.4.1 (backported from Debian/Unstable) it seems that my patch is not worth using, I expect that Valgrind related patches won’t be accepted into the Lenny version of OpenSSL.

I would appreciate suggestions on how to fix this, the problem is basically having a single static variable that is initialised to the value 1 but set to 0 the first time one of the malloc functions is called. Using a lock for this is not desirable as it will add overhead to every malloc operation. However without the lock it does seem possible to have a race condition if one thread calls CRYPTO_set_mem_functions() and then before that operation is finished a time slice is given to a thread that is allocating memory. So in spite of the overhead I guess that using a lock is the right thing to do.

deb http://www.coker.com.au lenny gcc

For the convenience of anyone who is testing these things on Debian and wants to use the latest valgrind, the above Debian repository has Valgrind 3.4.1 and a build of GCC to fix the problem I mentioned in my previous blog post about Valgrind [2].

if (default_RSA_meth == NULL)
default_RSA_meth=RSA_PKCS1_SSLeay();

I have also filed bug #534656 about another reported race condition in the OpenSSL libraries [3]. Above is the code in question (with some C preprocessor stuff removed). This seems likely to be a problem on an architecture for which assignment of a pointer is not an atomic operation, I don’t know if we even have any architectures that work in such a way.

static void impl_check(void)   {
        CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA);
        if(!impl)
                impl = &impl_default;
        CRYPTO_w_unlock(CRYPTO_LOCK_EX_DATA);
}
#define IMPL_CHECK if(!impl) impl_check();

A similar issue is my bug report bug #534683 [4] which is due to a similar issue with the above code. If the macro is changed to just call impl_check() then the problem will go away, but at some performance cost.

I filed bug report #534685 about a similar issue with the EX_DATA_CHECK macro [5].

I filed bug report #534687 about some code that has CRYPTO_w_lock(CRYPTO_LOCK_EX_DATA); before it [6], so it seems that the code may be safe and it may be an issue with how Valgrind recognises problems (maybe a Valgrind bug or an issue with how Valgrind interprets what the OpenSSL code is doing). Valgrind 3.3.1 reported many more issues that were similar to this, so it appears that version 3.4.1 improved the analysis of this but didn’t do quite enough.

I filed bug report #534706 about the cleanse_ctr global variable that is used as a source of pseudo-randomness for the OPENSSL_cleanse() function without locking [7]. It seems that they have the idea that memset() is not adequate for clearing memory. Does anyone know of a good research paper about recovering the contents of memory after memset()? I doubt that we need such things.

I filed bug report #534699 about what appears to be a potential race condition in int_new_ex_data() [8]. The def_get_class() function obtains a lock before returning a pointer to a member of a hash table. It seems possible for an item to be deleted from the hash table (and it’s memory freed) after def_get_class() has returned the pointed but before int_new_ex_data() accesses the memory in question.

I filed bug report #534889 about int_free_ex_data() and int_new_ex_data() which call def_get_class() before obtaining a lock and then use the data returned from that function in a locked area[9] (it seems that obtaining the lock earlier would solve this).

I filed bug report #534892 about another piece of code which would have a race condition if pointer assignment isn’t atomic, this time in err_fns_check() [10]. In my first pass I didn’t bother filing bug reports about most of the issues helgrind raised with the error handling code (there were so many that I just hoped that there was some subtle locking involved that eluded helgrind and my brief scan of the source). But a new entry in my core file collection suggests that this may be a problem area for my code.

I think that it is fairly important to get security related libraries to be clean for use with valgrind and other debugging tools – if only to allow better debugging of the code that calls them. I would appreciate any assistance that people can offer in terms of fixing these problems. I know that there are security risks in terms of changing code in such important libraries, but there are also risks in leaving potential race conditions in such code.

As an aside, I’ve filed a wishlist bug report #534695 requesting that valgrind would have a feature to automatically add entries to the suppressions file [11]. As a function that is considered to be unsafe can be called from different contexts, and code that is considered unsafe can be in a macro that is called from multiple functions there can be many different suppressions needed. Pasting them all into the suppressions file is tedious.

28 June, 2009 11:54AM by etbe

Adeodato Simó

Short items (#3)

  • Last week I mentioned Randy Pausch was an Unitarian Universalist. This made me visit briefly the Wikipedia page for this movement, and out of pure curiosity I also peeked at the homepage of the Unitarian church in Dublin (which may just be part of the Unitarian movement, and not the UU one, beware!). Anyway, it has a a reverend, which left me realizing that, whilst I can’t really say whether I’ll ever set foot in a church weekly again, at the moment I can’t really conceive ever going back but to an unconventional one where the speaker would be, each week, a different member of the community, and not an appointed reverend.

  • Throughout the history of Medicine, barbaric methods have been used to cure some illnesses. Bloodletting and electroshock come to mind. In the current times, we’re thankfully past such practices, and the reasonable thing to do is to pity those who had to live back then, when science did not know any better. I’m hopeful one day the people of the future will look back at chemotherapy and radiotherapy in the same way we look at bloodletting and electroshock today.

  • During this VAC from Debian, my amule package was NMUed by the Security Team. I must ashamedly confess that my first reaction was not very positive, for I was annoyed that the procedures hadn’t been really followed (it was not an RC bug and no advance notice of the NMU had been given). Anyway, whether it was right or wrong is not the point: the story goes that I pulled myself together, slapped self a bit, and decided to send a “Thanks!” e-mail instead, which was very much in order. It’s so magical how a couple hours ater sending it, I really felt grateful and no longer annoyed. The thing I learnt is not to despair when desired traits don’t come naturally, for they can become true just by trying.

  • Recently I obtained a copy of the latest album by Corazón, Nuevo futuro. Not having the time to listen to it at home, I transferred it to my iPod, an (old-generation) iPod Shuffle, and hence without a screen. I had read this review of the album that, among other things, said a track named «Vestir santos» was probably the album’s finest. So, when listening to the album in the street, I was hoping I would manage to deduce which track «Vestir santos» was, out of its lyrics. Unfortunately I wasn’t smart enough to deduce it, but when I got home I had the opportunity to get surprised by the fact that track #4, which had become my favourite after a couple listens in the iPod, happened to be «Vestir santos».

28 June, 2009 10:28AM