Planet Debian

Joerg Jaspert: Tssk.

Joerg Jaspert — 2009-11-24T10:30:48+00:00

The conclusion of this discussion is that systems like cmucl are no longer possible under this new system.

You are wrong.

If there is a good reason, there can be exceptions. As we mentioned. One of those is for new architectures. Another can be for such packages. But not for “I am too lazy to do that”, only for “it is impossible”. Whatever it might be in the cmucl case.

Anyone else up for a useless discussion via blog posts?

Russell Coker: Car Drivers vs Mechanics and Free Software

etbe — 2009-11-24T08:37:40+00:00

In a comment on my post about Designing Unsafe Cars [1] Noel said “If you don’t know how to make a surgery, you don’t do it. If you don’t know how to drive, don’t drive. And if you don’t know how to use a computer, don’t expect anybody fix your disasters, trojans and viruses.” Later he advocates using a taxi.

Now I agree about surgery – apart from corner cases such as medical emergencies in remote places and large-scale disasters. I also agree that it’s good to avoid driving if you aren’t very good at it (that would be much better than the current fad of sub-standard drivers buying large 4WD vehicles).

But I don’t think that people who lack computer skills should avoid using computers.

When cars were first invented everyone who owned one was either a mechanic or employed one. Driving a car often involved being well out of range of anyone else who might know how to fix it, so either the car owner or their chauffeur had to be able to fix almost any problem. As the car industry evolved the level of mechanical knowledge required to own and operate a car has steadily decreased. I expect that a significant portion of drivers don’t know how to top up the oil or radiator water in their car and probably don’t know what is the correct pressure for air in their tires. To a large extent I don’t think this is a problem, owning a car involves regularly taking it to be serviced where professionals will (or at least should) check every aspect of the car that is likely to fail. If I used my windscreen-washer less frequently I could probably avoid opening the bonnet of the car between scheduled services!

When budgeting for car ownership you just have to include regularly spending a few hundred dollars to pay for an expert to find problems and fix them – with of course the occasional large expense for when something big breaks.

When the computer industry matures I expect that the same practice will occur. Most people will buy computers and plan to spend small amounts of money regularly to pay people to maintain it. Currently most older people seem to plan to have a young relative take care of their PC for them – essentially free mechanic services. The quality of such work will vary of course, and poorly designed OSs that are vulnerable to attack may require more support than can be provided for free.

Due to deficiencies in city design it is almost essential to drive a car in most parts of the US and Australia – as opposed to countries such as the Netherlands where you can survive quite well without ever driving. When a service is essential it has to be usable by people who have little skill in that area. It would be good if driving wasn’t necessary, I would be happy if I never drove a car again.

The need to use computers however will continue to increase. So we need to make them more available to users and to support users who can’t disinfect computers etc. The only skill requirements for using a computer should be the ability to use a keyboard and a mouse!

This requires a new industry in supporting PCs. Geek Squad in the US [2] seems to be the organisation that is most known for this. I expect that there will be multiple companies competing for such work in every region in the near future, just as there are currently many companies competing for the business of servicing cars.

We need support for free software from such companies. Maybe existing free software companies such as Red Hat and Canonical can get into this business. One advantage of having such companies supporting software is that they would have a strong commercial incentive to avoid having it break – unlike proprietary software vendors who have little incentive to do things right.

The next issue is the taxi analogy. Will software as a service with Google subsidising our use of their systems [3] take over any significant part of the market?

Of course the car analogy breaks down when it comes to privacy, no-one does anything remotely private in a taxi while lots of secret data is stored on a typical home computer. Google is already doing some impressive security development work which will lead towards low maintenance systems [4] as well as protecting the privacy of the users – to the extent that you can trust whoever runs the servers.

My parents use their computer for reading email, browsing the web, and some basic wordprocessing and spreadsheet work. The mail is on my IMAP server so all I need is to have some way to store their office documents on a server and they will pretty much have a dataless workstation. Moving their collection of photos and videos of their friends and relatives to a server will be a problem, transferring multiple gigabytes of data on a cheap Australian Internet access plan is a problem.

[1] http://etbe.coker.com.au/2009/11/24/designing-unsafe-cars/

[2] http://www.geeksquad.com/

[3] http://abovethecrowd.com/2009/10/29/google-redefines-disruption-the-“less-than-free”-business-model/

[4] http://www.chromium.org/chromium-os/chromiumos-design-docs/security-overview

Lucas Nussbaum: UDS Lucid

lucas — 2009-11-24T07:27:58+00:00

I’m back from Dallas, where I was invited at the Ubuntu Developer Summit for Lucid. I spent a great week there ; the event was extremely well organized (by organizing them every 6 months, you are probably able to gather a lot of experience!). Of course, after all I had heard about people hugging each other all the time in the Ubuntu community, I was a bit worried, especially with the flu spreading! But there are lots of fantastic people around Ubuntu, and it was a very nice opportunity to be able to meet them all.

Since it was my first UDS (I was at FOSSCAMP in Prague a few years ago, but didn’t stay for UDS back then), I was not really sure of what to expect. I was very pleasantly surprised.

UDS vs Debconf

UDS is very different from Debconf. In Debconf, we do three different kind of things:

we hack, mostly on our own, in the hacklabs
during talks, we report on what we have done recently
during some talks or BOFs, we discuss future (possible) changes

In UDS, the main focus is on the third point: most of the sessions are about discussing what will be implemented for the next release. All of the relevant developers are in the same room to discuss possible problems, and the outcome of each session is usually a detailed plan, with a list of action items. It’s a very nice way to ensure that changes are well thought, and allows making large-scale changes in Ubuntu very easily (you don’t spend weeks arguing about them on mailing lists). Of course, it’s probably also helped by the fact that there’s a company behind Ubuntu, with a set of large teams (kernel, foundations, desktop, etc), which helps transfering trust (not everybody feel like they have to participate in each discussion, even when they affect the whole distribution: the team in charge is trusted by the rest of the project).

On the other hand (yeah, let’s be negative for a while) it doesn’t really help spreading information between Ubuntu developers: it’s often a bit difficult to get the global view of what is happening inside Ubuntu, especially since lots of things are discussed on IRC.

Collaboration between Debian and Ubuntu

During the week, I mainly was interested on collaboration between Debian and Ubuntu. There’s a strong focus on doing the right thing wrt Debian (and also other upstreams). Then, of course, Ubuntu also has an agenda, which sometimes requires moving very fast on some things, or making compromises between technical purity and pragmatism. But the willingness to have common foundations between Debian Squeeze and Ubuntu Lucid will surely benefit both distros.

Quality Assurance

On the QA front, I am planning to do archive rebuilds for Ubuntu as well (fixing FTBFS is an easy way to start contributing to Ubuntu or Debian, and having those bugs fixed in Lucid would benefit Debian as well, by having patches already prepared). I also had a session with the QA team, where I gave an overview of what we are doing in the Debian QA group, to discuss opportunities for collaboration. The Ubuntu QA team focuses more on testing (with automated or manual testing) and bug triaging than archive quality — that part is left to the MOTUs and the release managers. (About MOTUs, I liked how what they do was described as long-tail maintenance, landscape gardening or terraforming. That gives a good idea of what it’s about).

Ultimate Debian Database

On the Ultimate Debian Database front, I did a plenary talk to try to demonstrate how UDD could be useful to Ubuntu as well, and, with Jorge Castro, we examined some metrics of Ubuntu’s giving back to Debian. I also talked with the Launchpad team to try to resolve my long standing “pretty please provide an export of Ubuntu bugs, so I can easily import them in UDD!” issue.

Ubuntu and ARM

ARM netbooks and smartbooks (mix between netbooks and smartphones) are coming, and Ubuntu is clearly very well positioned to play an important role on that market. There was a whole track about ARM support, with lots of changes that will be done for Lucid. Let’s all hope that Ubuntu-powered ARM netbooks win that market, so we don’t reproduce the failures of the non-ARM netbooks.

Distributed Development

James Westby has been working on a set of tools to be able to work on Ubuntu packaging using bzr. The point is not to store the canonical source for Ubuntu packages in bzr (well, at least it’s not the plan yet), but to provide a set of branches to make it easier to merge or cherry-pick from Debian. The resulting workflow looks extremely nice, with lots of syntaxic sugar. And even better, he assured me that his code is portable to Git ;)
Using his work, merging Ubuntu-specific changes in a new version of a Debian package basically means pulling from lp:ubuntu/foopkg, merging from lp:debian/sid/foopkg, and you are done!
As a bonus, we (Debian) would get bzr branches with the history of packages (kind of bzr-powered snapshots.debian.org).
James’ project is not completely ready yet, but should be very soon. It’s already basically usable, apparently.

Conclusion

Ubuntu has clearly gone a very long way since 2004. Everything looks very well organized and polished, and gives the impression of a big machine that nothing can stop. With Cloud Computing and now ARM netbooks, Ubuntu has proven to be able to adapt to the current trends and attract a lot of visibility. It is great news for Free Software, but also proposes an interesting challenge to Debian: of course, it’s nice that a Debian-based distro is in that position, but will Debian manage to stay relevant, or are we just going to be the technically-pure distro without many users that serves as a package supermarket for Ubuntu?

Peter Van Eynde: on the lack of future for cmucl in Debian

Peter Van Eynde — 2009-11-24T05:56:37+00:00

Following the announcement of the source+throw away binaries route for uploading packages I've had a brief discussion with our FTP team.

The implications of the new method would be that if you upload a package it will automatically be recompiled from source by using the packages already in the system.

For cmucl which needs cmucl to recompile itself it means that we can only use the previous version of cmucl in the archive, not the one we are just uploading. This won't work as the compiling cmucl needs to be hand-patched to be more 'like' the new version, otherwise you cannot rebuild it.

The conclusion of this discussion is that systems like cmucl are no longer possible under this new system.

The FTP team suggested to change cmucl to be able to do this. Needless to say we already have this, after several years of hard effort by multiple people, it's just called sbcl.

So in the end the 'everybody uses C' camp won and cmucl on Debian will die a quiet death. It's a sad end for a system hand-patched from PDP10's to modern CPU's over the coarse of almost 30 years...

Jaldhar Vyas: The Mind of Mnencia

Jaldhar Vyas — 2009-11-24T02:03:41+00:00

I am pleased to announce that Marco Nenciarini has joined the Dovecot maintainer team. One of his first contributions was converting the package to the 3.0 (quilt) source format which all the cool kids are doing these days.

One ongoing problem we have is that Dovecot does not (yet) have a stable ABI for plugins. This affects dovecot-antispam as described in bug #544588 The short term solution is binNMUs but obviously a better long term solution is needed. One idea I've had is to include dovecot-antispam as an additional tarball within the dovecot source package now that 3.0 (quilt) gives us that capability. This way, dovecot-antispam will be rebuilt (with the right dependencies) whenever dovecot is. I have previously experimented with multiple tarballs and it works although at the moment all the debian build tools (devscripts, *-buildpackage etc.) don't fully support it. I expect that will be rectified soon enough but there is a philosophical issue as well. dovecot and dovecot-antispam though related, are two seperate upstream projects with seperate versioning, maintainers etc. Does it make sense to lump them together? I say yes; conceptually they belong together. (dovecot-antispam is useless except as a dovecot plugin.) In fact we have many source packages like this, that only exist as workarounds for a flaw—the lack of source dependencies in the packaging system. However when I brought this up on IRC, there was some disagreement.

So I put it to this august assembly, should source packages combine related but distinct upstream sources or not?

Martín Ferrari: Media center

Martín Ferrari — 2009-11-23T23:28:39+00:00

Dear Lazyweb,

I'm tempted to buy one of this neat boxes with embedded hard drive, network interface, sound card and TV output to use as a media center for the house. I've seen some of them in an ample range of prices, but all of them lack any detailed description of what's running inside. I'll bet that most of them are running Linux, but I'd like to be able to modify it to my heart's content. For example to use MPD as a music server, be able to mount filesystems with sshfs, and whatnot.

I'm also tempted to take the 'Neuf box' that was given by the internet company, add a USB sound card and external hard drive; but already some people jumped to warn me about the dreaded terms of use contract, and all that jazz. Plus, having everything in a compact box seems more convenient for a not so big price. Does anybody have a recommendation on this? Being able to buy it in France is a plus :)

Tags: Planet Lugfi, Planet Debian

Uwe Hermann: Note to self: Missing lvm2 and cryptsetup packages lead to non-working initrd very, very soon

Uwe Hermann — 2009-11-23T23:00:14+00:00

I recently almost died from a heart attack because after a really horrible crash (don't ask), Debian unstable on my laptop wouldn't boot anymore. The system hung at "Waiting for root filesystem...", and I was in panic mode as I feared I lost all my data (and as usual my backups were waaay too old).

At first I was suspecting that something actually got erased or mangled due to the crash, either at the dm-crypt layer, or the LVM layer, or the ext3 filesystem on top of those. After various hours of messing with live CDs, cryptsetup, lvm commands (such as pvscan, pvs, vgchange, vgs, vgck) and finally fsck I still had not managed to successfully boot my laptop.

I finally was able to boot by changing the initrd from initrd.img-2.6.30-2-686 to initrd.img-2.6.30-2-686.bak in the GRUB2 menu (at boot-time), at which point it was clear that something was wrong with my current initrd. A bit of debugging and some initrd comparisons revealed the cause:

Both, the cryptsetup and lvm2 packages were no longer installed on my laptop, which made all update-initramfs invokations (e.g. upon kernel package updates) create initrds which did not contain the proper dm-crypt and lvm functionality support. Hence, no booting for me. I only noticed because of the crash, as I usually do not reboot the laptop very often (two or three times per year maybe).

Now, as to why those packages were removed I have absolutely no idea. I did not remove them knowingly, so I suspect some dist-upgrade did it and I didn't notice (but I do carefully check which packages dist-upgrade tries to remove, usually)...

Sune Vuorela: Subclassing QMutex considered harmful

sune — 2009-11-23T21:49:06+00:00

If you are using QMutex, you are probably writing threaded applications, and thus want to use helgrind (part of valgrind).

helgrind has some support for threading and mutexes in Qt, but not fully.

If you try to run a app using a QMutex subclass in helgrind, it fails with

<appname>: hg_intercepts.c:2124: _vgwZU_libQtCoreZdsoZa__ZN6QMutexC2ENS_13RecursionModeE: Assertion `0' failed.

Basically, it is the handler for the _ZN6QMutexC2ENS_13RecursionModeE symbol that is implemented as assert(0);. The demangled symbol is QMutex::QMutex(QMutex::RecursionMode), which looks very much like the constructor for QMutex:

$ objdump -T /usr/lib/libQtCore.so | grep _ZN6QMutexC 00068840 g DF .text 0000005b Base _ZN6QMutexC2ENS_13RecursionModeE 000687e0 g DF .text 0000005b Base _ZN6QMutexC1ENS_13RecursionModeE

which both demangles into the same QMutex::QMutex(QMutex::RecursionMode)

The important difference is the C1 vs C2 in the mangled symbol name. The C1 symbol is used for creating QMutex objects (complete object constructor), wheras the C2 symbol is used for creating subclasses of QMutex (base object constructor).

And the C2 handler in helgrind is as said implemented as assert(0);.
So until helgrind is fixed here, please be careful to not subclass QMutex. (the destructor handler for subclasses is also implemented the same way)

QMutex has no virtual base class, so even in case of subclassing, I think the helgrind handlers should be implemented the same way in the base object constructor as in the base complete object constructor.

I guess I should file a bug against helgrind.

A test app if anyone is curious:

#include <QtCore>
class mymutex : public QMutex { public: mymutex(QMutex::RecursionMode=QMutex::NonRecursive); }; mymutex::mymutex(QMutex::RecursionMode mode) : QMutex(mode) { }
int main(int, char**) { mymutex m; QMutexLocker lock(&m); return 0; }

Update 1: Bug filed.
Update 2: Better understanding of virtual base classes. Thanks Thiago

Russell Coker: Designing Unsafe Cars

etbe — 2009-11-23T21:00:14+00:00

The LA Times has an interesting article about problems with Toyota and Lexus cars [1]. Basically there are problems where the cars have uncontrolled acceleration (there seems to be some dispute about whether it is due to engine management or the floor mat catching the accelerator pedal). When that happens the brakes don’t work (due to the vacuum power-assistance for brakes going away when the engine is at full power) and a terrible crash seems inevitable.

There are suggestions that the driver should shift the car to neutral and discussion about how the Toyota gear selection makes that difficult. Some years ago I was driving an automatic car on a freeway at 100Km/h and the engine stalled (due to a problem with the LPG system). I had become used to never touching the gear lever while driving so the possibility of moving the gear lever one notch to neutral didn’t occur to me. With a dead engine in gear the car slowed rapidly which is quite dangerous when surrounded by 100Km/h traffic. Fortunately I was able to swerve into the emergency lane (across one lane of active traffic) before the car slowed much. That was in a relatively controlled environment with a gear shift mechanism that is a lot simpler than that which is common in some of the more expensive cars.

According to Wikipedia the maximum speed limit in the US is 80M/h [2]. It seems to me that Toyota is being irresponsible by selling cars that can sustain 120M/h, while the probability of surviving a crash at 80M/h is quite low, it seems likely to be a lot greater than the probability of surviving a crash at 120M/h. Also if a car is out of control at 80M/h then the driver will have a lot more time to work out how to put the engine in neutral or turn it off – the lower speed will extend the time available by more than 50% because bends in the road can be better handled at 80M/h.

It seems to me that it would be a feature for the car owner to have the car limited to a speed that is not much greater than the speed limit. According to Wikipedia the highest speed limit in Australia is 130Km/h (in NT), but it’s 110Km/h in all places where I have driven. If my car had a governor to limit the speed to 115Km/h and a switch to change the limit to 135Km/h in case I ever drive to the NT then it would not affect my driving patterns (I rarely drive on roads with a 100Km/h limit and almost never drive on roads with a 110Km/h limit) – but it could reduce the probability of things going horribly wrong. Also one thing to note is that last time I checked car tyres sold in Australia were only required to operate safely at speeds below 190Km/h (118M/h), so a Lexus that went out of control at 120M/h in Australia might risk a tyre blow-out – which admittedly would only make things marginally worse.

A governor for the reverse gear would also be a good feature. Some time ago a granny got her foot stuck on the accelerator in a car park and caused serious damage to her car and a parked car – after passing close by where I was standing. I don’t think that there is a real need to do more than 5Km/h in reverse, limiting the speed would give pedestrians a better chance of escaping parking accidents.

One serious problem with some of the Toyota and Lexus vehicles is that it apparently takes 3 seconds to turn the engine off in an emergency! I’ve been driving for almost 20 years and experienced a number of dangerous situations, all of which were essentially resolved (for better or worse) in significantly less than 3 seconds. A 3 second delay is as good as a 1 hour delay for safety critical systems.

Also if the accelerator and brake pedals are pressed at the same time then the brake should take precedence. It seems quite obvious that whenever both pedals are pressed hard then the driver would probably prefer hard braking to hard acceleration.

If you look at industrial machinery (robots, lathes, etc) you will always see big red buttons (or whatever color is used for emergency stop in your region) that are clearly marked and obvious – to the workers and to bystanders. Escalators have less obvious red buttons but they can still be shut down in an emergency. It seems to me that there are potential benefits to having an emergency shutdown button in a car, maybe in a position that is accessible to the front-seat passenger in case the driver is incapacitated. Such a shutdown button wouldn’t do anything extreme such as fully activating the brakes (which would be very bad on a road that has high-speed traffic), but would prevent acceleration (with some sort of hardware control to avoid software problems) and maintain power to the brakes and the steering.

One thing that needs to be considered is that people tend not to do the most logical things when in an emergency situation. It needs to be possible to do whatever is necessary to save your life without any great deal of thought. Pushing a big red button is easy, holding down the “on” button for 3 seconds or even navigating a gear shift to an uncommon setting is a lot more difficult.

It seems to me that there is also an issue of driver training. If putting an automatic car into neutral and cruising to a stop was part of the test for new drivers then the results of such car problems might not always be so bad.

But I don’t expect there to be any serious changes to driver training or car design. People are too accepting of road deaths.

Don Marti has expressed a plan to never buy a vehicle with an automatic transmission because of this issue [3]. But the number of new vehicles being sold with a manual transmission is steadily reducing. An automatic transmission allows better performance (F1 cars have used them for ages), better fuel efficiency (you could never make a manual Prius), a more comfortable ride (the Hybrid Lexus keeps winning the Australian Luxury Car of the Year award), and allows less skillful drivers. Unless Don wants to ride a moped or drive an old car then I expect that he will be forced to get an automatic transmission. Then of course he will still be at risk of other people having car problems (the LA Times article mentions a third party being killed after an out of control car hit them).

Also I expect that the extra safety features that are implemented in luxury vehicles such as the Lexus would save a few lives, they should save enough to outweigh the number that are lost on the rare occasions when the car goes out of control. Other luxury cars such as the Mercedes S class have great safety features and don’t have a history of going wrong in a newsworthy way. A second-hand S Class Mercedes was surprisingly cheap in the UK last time I checked, cheap enough to make it worth considering the importation of one to Australia.

But my solution to these problems is to try and minimise my driving. A 1.5 ton Lexus driving out of control at the maximum speed possible in urban streets won’t do much damage to a 20 ton tram.

[1] http://www.latimes.com/business/la-fi-toyota-recall18-2009oct18,0,2352642,full.story

[2] http://en.wikipedia.org/wiki/Speed_limits_by_country

[3] http://zgp.org/~dmarti/wiki/mlp/chromium/

Vincent Sanders: Fitting Everything In

Vincent Sanders — 2009-11-23T20:10:55+00:00

Recently I have been having issues fitting everything I want to do into the time available.

As my kids grow up they always seem to need to be taken someplace or picked up from an activity and that is on top of the daily school run. I recently worked out I spend over eight hours a week, a whole five hundred minutes, taking them to and fro.

Now do not get me wrong, I actually enjoy spending time with my children and we do talk and interact during these occasions but it is hardly a stimulating activity walking to school or being driven to a club.

Add to that my job and its traveling requirements and assuming I want to sleep, eat etc. and all of a sudden I discover I have about forty hours left in a week to share between my family and hobbies.

Anyone with kids knows they are a wonderful time sink :-) and of course the family home often needs something doing. All of a sudden I realize why I feel like I often end up having to trade sleep for my hobbies!

As I get older I find I still have the same number of ideas for projects but the realization that even if I find the time to start something I am unlikely to be able to devote the resources to finishing it. Being one of life's boring people who like to finish a project they start (ok at least make something useful) this means I tend not to start new things too often.

All of this has lead me to become very careful about how I spend my free time and on what. It means my personal involvement in software projects like Debian and the Linux kernel is nowhere near the level I might like. Similarly my music practice (or absolute lack thereof) causes my teacher to get snippy with me.

As you can imagine starting something like a blog when I do not have enough time for what I am already doing is something of a challenge for me and may indeed falter. However I shall give it a chance as I feel a need for public place to share all those small things which I would probably put on my personal website if I had time to work on it ;-)

Mike Hommey: Announcing vmfs-tools version 0.2.0

glandium — 2009-11-23T17:49:05+00:00

This release should have occurred much earlier, but I wanted to work on a test suite before. Seeing how that was not going to happen any soon, I decided to defer the test suite to 0.3.0 and released 0.2.0 today.

It adds a basic support for MBR-style partition tables as they are usually found on VMFS containing LUNs (i.e. a single 0xfb typed partition), a basic fsck tool which only does a few checks and no corrections, and a better debugvmfs shell (but still with the same commands, which ought to change in 0.3.0). It also supports loading a multiple extents VMFS with missing ones (except the first one, which contains everything).

This new release has also been tested to build and work on FreeBSD 7.2, Opensolaris 2009.06 and Cygwin 1.5.25.

Benjamin Mako Hill: Wikireaders

Benjamin Mako Hill — 2009-11-23T15:57:27+00:00

My friend Sean from OpenMoko recently gave me one of OM's new WikiReaders. It's essentially a touchscreen-based device dedicated to displaying Wikipedia articles offline.

And while I'll never forgive the thing for not having an Edit button, I've got to admit the device is pretty cool. Not only does it make it possible to bring WP to a bunch of places that are otherwise impossible or impractical, the thing is built entirely with free software. One of my colleagues at the Center for Future Civic Media suggested we should put one in every bar to help settle drunken arguments. Think of the lives we might save!

I hope the device becomes successful but I'm worried about what success will mean for the already indefensibly large gap between the number of readers and editors on Wikipedia. After all, the ability to change and contribute is the thing that makes Wikipedia interesting, empowering, and successful; cutting this functionality out kind of misses much of the point.

I think it is important to start implementing a simple method to allow users of these types of devices to contribute back. Over the last few years, Sj and I have talked repeatedly about a simple method for contributing back from offline devices that would even be possible from devices like the Om Wikireader where editing the articles is probably impractical. Perhaps the device could be extended so that people could write short comments about articles from their reader --- there's an on screen keyboard after all --- which could be saved to a log on the SD card. When the data on the card is updated, messages from this log could be uploaded somewhere --- perhaps the talk pages of the articles in question or some dedicated page or ticketing queue. Editors could help merge these changes back into the articles.

Joachim Breitner: arbtt now in Debian

nomeata — 2009-11-23T15:18:58+00:00

The Automatic Rule Based Time Tracker that I have created some weeks ago is now available in Debian unstable, so if if you were reluctant to use it because you did not want to figure out how to compile the Haskell code, you can just do apt-get install arbtt.

Although it’s such a young project, it already has a fork: Andreas Klöckner was very impatient with a feature request (sensible merging of logs from different hosts), so we went ahead and re-implemented arbtt in python, named whatup. Although I prefer contributions to arbtt, it shows that the principle of arbtt is useful. And I won’t be shy to copy nice ideas from him, as well :-)

Holger Levsen: munin 1.4.0 in experimental

Holger Levsen — 2009-11-23T14:34:32+00:00

Saturday I have uploaded munin 1.4.0~beta-1 to experimental, though it is currently awaiting NEW processing, as it introduces new binary packages. This upload is due to the awesome work of Tom Feiner who joined the munin maintainers team following up on the RFH bug I filed in July 2009. At first, Tom helped out with some bug triaging and worked on some patches. So he then got commit access (to the svn repo which hosts both upstream code as well as the debian packaging), which quite soon he also used to fix issues in upstreams trunk too and finally prepared this release mostly on his own, with me just doing some mentoring work. Overall, I'm totally impressed and happy with his work on the package. Tom, kudos & thanks a lot!

Munin 1.4.0 comes with a lot of new features (the most important ones being SSL and multigraph support) and new plugins, and of course, lots of bugfixes too. If you're curious, read the upstream changelog. Also noteworthy, the number of (Debian) patches has gone down from 64 to 8!

Please report bugs and experiences to munin-users@lists.sourceforge.net unless they are specific to the Debian package, in that case, please use the BTS as usual. The final 1.4.0 release is scheduled for this friday, unless real blockers are dicovered :-) Expect it to hit unstable on friday or saturday too, unless real life or other blockers prevent it :-)

If this post has made you curious and you cannot wait for the package to leave NEW, svn-buildpackage it yourself from the debian experimental branch.

Jon Dowland: sid fail

Jon Dowland — 2009-11-23T13:55:24+00:00

Every now and then I have a demoralising experience with the quality of Debian packages in sid. That's to be expected, sid is a development distribution, but it still sometimes gets on my nerves. I've decided to write about some of my experiences.

Some rules: I may not rant without

Earlier in the week I was interested in doing some very simple video editing. A bit of searching and I come across the name of a potentially useful program: 'pitivi'. As luck would have it, there's a Debian package! However, the program within won't run. I also discovered more or less immediately that the package (provided a useless, whitespace only README file)[http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=556850].

Today I was looking at tracing stuffs, and I discovered etrace. The very first action I tried after installing it was to look in /usr/share/doc/etrace -- which was devoid of documentation. (http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=514083)

Jon Dowland: shell scripts

Jon Dowland — 2009-11-23T13:54:39+00:00

Russell Coker writes about shellscripts. I have a different suggestion. Whenever you think that a shellscript is the right solution to a problem, you are mistaken: do it in a proper scripting language instead. Having access to proper data structures will mean you don't have to contort your code to fit values into scalar strings, or write loads of temporary files, or call cut/awk/sed/grep etc. repeatedly on the same inputs to get at different fields, etc. etc. etc.

I reckon nine times out of ten it's the right decision. But when you just have to use a shellscript, use set -e (as Andrew Pollock points out, this is safer than putting it on the hashbang line and set -u too.

Patrick Schoenfeld: Curiosity of code

Patrick Schoenfeld — 2009-11-23T13:36:40+00:00

Just some random curiosities, I've recently seen in PHP code.

if (TRUE) {
...
}

or maybe:

if (...) {
...
}
else {
// see Code below
}

An evergreen:

function _copy (...) {
...
}

/* Workaround function */
function copy (...) {
...
}

Simon McVittie: RC Bugs of W47

Simon McVittie — 2009-11-23T12:35:47+00:00

I've been intermittently prodding at the Debian release-critical bug list for some time, but inspired by Zack and Tim I've decided to start keeping track, if only for my own interest.

Monday: openipmi Debian bug #474087 + patch (not uploaded since I have no way to test IPMI libraries, not having the appropriate hardware...)
Monday: potential candidates for removal:
- skyutils (RC bug, library with no reverse dependencies since smssend was removed in 2008)
- libhid (RC bug, RFA since August 2008, mainly exists to support libphidgets)
- libphidgets (RC bug, RFA since 2007)
- libnoise (RC bug, library with no reverse dependencies or popcon votes)
Thursday: hercules Debian bug #553110 uploaded to DELAYED/7, with various bonus changes including making the copyright file sufficient to satisfy Policy §12.5
Friday: spider Debian bug #537631 fixed by a QA upload, fast-forwarding through 8 years of Debian policy and upgrading from debhelper 3 (!) to 7 in the process

In general I've been trying to avoid resurrecting packages that I don't think should be in the archive, even if the fix is trivial. I'm not sure whether that applies to spider; according to popcon, it still has a substantial number of users, so it may be worth keeping even if there are no upstream releases (also, it amused me to convert such an old package to Debhelper 7 and dpkg source format v3).

In the process I've discovered that git-buildpackage makes a great NMU tool. I'll probably be putting all future NMU diffs in my users/smcv directory on git.debian.org (at least until the maintainer acknowledges or rejects the NMU), just because it's a convenient way to give the maintainer a nice queue of individual changes rather than a monolithic diff; if any maintainers decide they'll use git as a result, that's a bonus :-)

Jorge Salamero Sanz: New ebox-radius module available

bencer — 2009-11-23T10:46:22+00:00

Since I came back from Dublin I had pending to release the new ebox-radius module. This new module for eBox Platform 1.2 brings integration of eBox LDAP users with FreeRADIUS allowing the deployment of WPA/WPA2 EAP wireless authentication using eBox. In fact is very simple as seen on the screenshot, you can choose whether all the users are able authenticate or just a group of them and the NAS clients that can query the RADIUS server.

ebox-radius

This module is still in beta, but packages for Hardy are available from my PPA so you can try it in your eBox 1.2, a version for eBox 1.3 will be released very soon. FreeRADIUS packages where self builded because of #266299, I hope this can be fixed very soon, see Debian, EAP, and the OpenSSL and GPL incompatibility.

If you give it a try, please give us feedback on the forum or the mailing lists.

Bastian Venthur: My eyes! The goggles, they do nothing!

Bastian — 2009-11-23T09:26:43+00:00

Dear Lazyweb,

do you know how to theme Tk apps? In the default setting, Tk apps running on my KDE4 desktop, cause spontanous eye cancer:

there must be a way to theme them to look like the Qt or at least GTK apps, or not?

MJ Ray: US Defense or Sirsi-Dynix – which is more credible?

MJ Ray — 2009-11-23T07:23:06+00:00

Most librarians probably already know this, but maybe the programmers don’t yet.

A SirsiDynix Corp lobby paper against Open Source technologies escaped onto the internet. SirsiDynix is a competitor of our co-op with products that compete with Koha. They’re also interesting because Sirsi bought another competitor (Dynix), essentially stopped its product line (something near impossible with Free and Open Source Software like Koha) to replace it with its own and has ended up a messy lawsuit with Queens Borough Public Library as a consequence of that – all as I understand it.

Late last month, someone leaked SirsiDynix’s criticism of Free and Open Source Software which is missing references for key evidence and described on WikiLeaks as containing “possible libel per se against certain competitors”. The comments and links at thesecretmirror and code4lib wiki seem interesting dissections.

I feel that this document is taking advantage of an opportunity presented by the biggest promoters of FOSS library management systems not speaking about freedom. As you can see from some comments on thesecretmirror, it’s all about freedom. reflections » Missing the point: It’s time to talk about software freedom develops that point a bit more and gives a few links back to other statements of freedom which I’d not seen before.

Anyway, one of the points in the leaked document was that the US Department of Defense (DoD) restricts use of FOSS. Unluckily for SirsiDynix, on 16 October, a memo was published by the DoD CIO saying Defense: Open source software is more secure than commercial code. There’s some analysis by David Wheeler discussed on LWN.

Anyway, who would you believe about FOSS? An under-fire legacy private software competitor, or the Department of Defense? I don’t like either that much, but there’s not really a contest. DoD are willing to bet lives on it.

Russell Coker: Laptop Reliability

etbe — 2009-11-23T02:00:44+00:00

Square Trade did a survey of laptop reliability and wrote an interesting article about the results [1]. One thing to keep in mind when reading them is that the usage patterns vary greatly by type of product (netbook vs laptop) and probably by brand.

Their statistics indicate that netbooks are less reliable than laptops, but I think that my actions in taking my EeePC to places such as the beach are probably not uncommon – a netbook is ideal when you might need access to a computer at a moment’s notice. I expect that the reliability of my laptop has increased because I bought a netbook!

Their statistics show that Lenovo is far from the most reliable brand, I wonder what the usage scenarios for such machines are. I’ve been using Thinkpads happily for over 11 years. I have had many warranty repair jobs, I lost count long ago. But I don’t think that this indicates a problem with Thinkpads, my use is very demanding, I have done a lot of traveling, and done coding in planes, trains, trams, and taxis in many countries. So instead of criticising IBM/Lenovo for having their machines break, I praise them for repeatedly repairing them no matter how they wear out in my use. The speed and quality of the repair work is very impressive. Based on this I have been strongly recommending Thinkpads to everyone I know who seems likely to wear laptops out through basically doing everything that a laptop is designed to do all day every day! Among people I know the incidence of laptop warranty repairs is probably about 100% as the number of systems that are never repaired are outweighed by the systems that are repaired multiple times.

Generally Thinkpads seem fairly well built to me, I’ve been surprised at how many times they didn’t break when I expected them to.

When articles like the one from Square Trade are discussed people usually cite personal anecdotes. My above anecdote covers just over 11 years of intensive use of four different Thinkpads. Of course it doesn’t prove much about the inherent reliability of Thinkpads (I could have received through random selection either four Thinkpads that were significantly more or less reliable than average). But having dealt with the IBM/Lenovo service in a few countries I can confirm the quality of their repair work. Every time they have returned my machine rapidly, they never complained about my policy of giving them a system with the hard drive removed, and in all but one case they completely solved the problem on the first try. One time they forgot to replace a broken rubber foot and to make up for this they sent me a complete set of spare parts by courier – they had repaired the other two faults without problem.

Now comparing the reliability of rack-mount servers would be a lot easier. The vast majority of such systems are stored safely in racks all the time and tend not to be mishandled. My experience with servers from Dell, HP, IBM, and Sun is that apart from routine hard drive failures they all run well if you keep them cool enough. But of course as I haven’t run more than a few dozen of any of those brands at one time I don’t have anything near a statistically significant sample.

[1] http://www.squaretrade.com/pages/laptop-reliability-1109/

Martín Ferrari: Movies

Martín Ferrari — 2009-11-23T01:50:09+00:00

Just wanted to share comments on some movies I've watched recently.

The hurt locker: about the days of a bomb disposal team in the war of Iraq; well done, entertaining, and it didn't trigger my oh-again-the-yanks-saving-the-day response.
Gran Torino: cannot say much about this one, I loved each minute of it. Clint Eastwood is getting better every day; must see.
The union: the business behind getting high: a documentary on cannabis, nice but not that interesting.
Bienvenue chez les Ch'tis: a simple French comedy, nothing deep here. Nevertheless, I found the characters lovable, and now I'd like to visit Nord-pas-de-Calais.
La môme: another French film, which I really enjoyed. Marion Cotillard is really impressive in her rendition of Edith Piaf.
Death proof: ah, Tarantino, can't help enjoying, even though there was not much plot here.
Les poupees russes: more French cinema. The sequel of "L'auberge espagnole" —which wasn't that great— is quite dull. The director doesn't get tired of trying to show off all these fancy edition effects, and instead of being clever, it looks silly.
Der Untergang: disturbing, well done, enjoyed.
Cidade de Deus: quite a surprise this one; dynamic, thrilling, great edition. Based on a real story, but goriest than Tarantino.
Blade runner: I got a high quality copy, which was enough of an excuse to watch and enjoy it once again. A beautiful film in every sense.
This is England: didn't know anything about This is England, and surprised me to see a film that touches on the war of the Malvinas (Falklands) from an English perspective, although that is not central to the plot. It revolves around a boy who joins a gang of skinheads, which was another surprise, as I didn't even know that the non-racist skinheads existed.
Zack and Miri make a porno: funny, edgy, but they had to ruin everything with romance, bleargh.
Happy together (春光乍洩): I think I liked it, but I'll need to see it again with readable subtitles!
School of rock: I think I will never enjoy north-American comedies...

Tags: Planet Lugfi, Planet Debian

Benjamin Mako Hill: All-In-One

Benjamin Mako Hill — 2009-11-23T01:37:27+00:00

I know it's old news but I couldn't resist pointing out this item from the "all the things my software freedom advocacy and activism has been based around recently" department:

Apparently, Apple filed for an software patent on an antifeature that uses a DRM-like system and a proprietary network services to lock down people's mobile phones.

If someone can figure out how to work in a revealing error, I think I can make it a sweep.

Benjamin Mako Hill: The Computer (Still) in My Pocket

Benjamin Mako Hill — 2009-11-23T01:17:29+00:00

The Computer in My Pocket -- which I intended mostly as a one-off blog-post -- ended up having some legs. First, Carolina Flores Hine translated the essay into Spanish. More recently the FSF published a slightly patched-up version in the Fall 2009 bulletin, sent to all members, along with a bunch of more interesting writing by other free software folks. Certainly, there is growing recognition in our communities that phones are a critical battleground in the fight for software freedom.

More exciting for me though, my post elicited a bunch of comments from folks pointing to promising projects (Replicant was just one often cited example) making real progress toward freedom for all the computers in our pockets. I knew about most of them, but growing knowledge and excitement about problems and potential solutions was striking. There is an enormous amount to do, but there are reasons to believe that all is not lost.

Adam Rosi-Kessel: China Masks

adam — 2009-11-23T01:00:00+00:00

Among many of Jonah’s recent striking photographs from China and elsewhere in Asia, this series on Swine Flu masks is particularly eye-grabbing:

Jonah's Swine Flu Photographs

Julien Valroff: Switched to GIT

Julien — 2009-11-22T19:45:37+00:00

After having converted my packages to the new 3.0 (quilt) source format, I have decided to move everything to GIT.

rkhunter was moved to Alioth’s collab-maint project, and I have set up a personal GIT repository for the other packages.

This page on the wiki has helped a lot.

I now need to learn how to use this tool, but my first tests are very encouraging.
I haven’t had to change my packaging workflow, switching from svn-buildpackage to git-buildpackage.

I am even able to build i386 packages on my amd64 machine as before without the need to change anything in my ~/.pbuilderrc.

Tiago Bortoletto Vaz: Who needs a wifi switch?

tiagovaz — 2009-11-22T19:41:48+00:00

Wifi stop working. Thinkpad x60. Debian GNU/Linux. Intel(R) PRO/Wireless 3945ABG/BG. Logs below:
Nov 22 12:54:43 thinkpad kernel: [ 5373.816386] iwl3945 0000:03:00.0: Radio Frequency Kill Switch is On: Nov 22 12:54:43 thinkpad kernel: [ 5373.816388] Kill switch must be turned off for wireless networking to work. Nov 22 16:11:16 thinkpad kernel: [17168.714311] iwl3945 0000:03:00.0: Radio disabled by HW RF Kill switch Nov 22 16:11:16 thinkpad kernel: [17168.714487] iwl3945 0000:03:00.0: Radio disabled by HW RF Kill switch Nov 22 16:13:55 thinkpad kernel: [17328.018434] iwl3945 0000:03:00.0: Radio disabled by HW RF Kill switch Nov 22 16:13:55 thinkpad kernel: [17328.018603] iwl3945 0000:03:00.0: Radio disabled by HW RF Kill switch

…about 1 hour trying to solve that annoying issue, and then I realize there was a f** wifi switch turned off right in front of my face. #FAIL

Gerfried Fuchs: stable RC Bug Squashing

Gerfried Fuchs — 2009-11-22T19:36:00+00:00

Others are doing it, so I thought I'd join in, too. Though, from a different perspective. Often enough people claim that package maintainers don't seem to care about their packages anymore once they did hit stable because they say it isn't as easy to update packages in stable. While this is partly true it still doesn't send a too good impression to have a high and increasing release-critical bug count for stable.

UDD makes it easy. It has a field affects_stable in its bugs table, and the view bugs_rt_affects_stable is even yet better. I fiddled together two short statements that help me to find release-critical bugs for stable:

SELECT b.id FROM bugs_rt_affects_stable bas
   LEFT JOIN bugs b ON bas.id=b.id
   WHERE b.severity IN ('serious', 'critical', 'grave')
   AND b.id NOT IN (select bau.id from bugs_rt_affects_unstable bau)
   ORDER BY b.id;

The second statement is without the AND clause to see all open release-critical bugs. Going through this list isn't too complicated, and I already found a good rush of bugs to mark as not affecting stable because the reason for the bug only appeared after the lenny release. I could list their bugnumbers, but it's currently up to 39 such bugs since yesterday and I don't want to bore you with it, actually it didn't involve any touching of the package—but it will definitely make it easier to find the real release-critical bugs that do affect stable and should get addressed in an update to it.

Still lots to do, 39 bugs down isn't the world when the barrier is set to about 1500. Though, it's still more than 2% and this is something that makes me a bit happy.

Julien Valroff: Converted my packages to 3.0 (quilt) source format

Julien — 2009-11-22T19:33:26+00:00

I have now finished converted most of the packages I maintain (part of the official archive or not) to the new 3.0 (quilt) source format.

I first had to switch from dpatch or cdbs’ simple-patchsys to quilt, which was easy thanks to Romain Francoise’s old blog post.

Also note this quick adaptation for cdbs:

for i in $(ls debian/patches/*.patch); do \
    I=$(basename $i | sed 's/.patch$//'); \
    quilt import -P $I.diff $i; \
done

The rest was much easier than what I thought, thanks to the related page on the wiki.

I have already tried uploading a package to my personal repository, and reprepro just worked as expected.

Stefano Zacchiroli: RC bugs of the week - week 11

Stefano Zacchiroli — 2009-11-22T16:10:19+00:00

RCBW - week #11

Here is this week squashes, by yours truly:

16/11/2009 ~~bug #553120~~ - db4.2 - add missing ldconfig invocation (3 at once, YAY!)
17/11/2009 ~~bug #553120~~ - db4.2 - idem
18/11/2009 ~~bug #553120~~ - db4.2 - idem
19/11/2009 ~~bug #553107~~ - libsigc++0c2 - move dh_installdeb to fix lack of ldconfig in postinst
20/11/2009 ~~bug #553106~~ - db4.6 - mark as closed an already fixed ldconfig bug
21/11/2009 ~~bug #533888~~ - ddclient - fix debconf failure w/ non-interactive frontend (patch by Jonathan Niehof)
22/11/2009 ~~bug #553125~~ - libvdkxdb2-2c2 - move dh_installdeb to fix lack of ldconfig in postinst

This week I've been both lazy and lucky, with a single NMU of db4.2 3 RC bugs were gone (well, truth to be said, I've discovered later on that db4.2 is not meant to be released with Squeeze, but well, stuff happens ...) and with some triaging a few more were gone too. The rest is nothing special.

Also, during past week, Tim got back to my welcome message, adding some interesting considerations. Beside the issue of personal sponsorship, I fully agree that we used to lack pointers to NMU activity in NM. Now it is a bit better, though. As an AM, I pose the "please fix at least 2 RC bugs" question, and the usual outcome is the sponsoring of NMUs prepared by applicants. But surely we lack a more general "culture" of NMU, which is de facto more and more needed to actually deliver our releases.

In fact, my RCBW initiative is not meant to make other people feel bad (hello Gunnar, we all love you and your work, and you should know that ). Rather, it is meant to convince people that fixing RC bugs (at least some of them which are nevertheless a huge slide of the total) is easier than what we might think and help fighting the boredom. Not sure it is being successful in its "marketing" facet, but it has surely been fun for me thus far!

Jérémie Corbier: New Addiction

Jérémie Corbier's Scratchpad — 2009-11-22T14:28:50+00:00

With work taking most of our time lately, my girlfriend and I needed to find as many ways as possible to change our minds once we were back home. This is how we found a real enjoyable online RPG called Nodiatis.

The game has reached quite a high level of maturity. There is a large community of players and the game allows a great deal of different characters' builds ranging from the basic but very efficient warrior to the more difficult to play but, in my opinion, more interesting to play spell caster.

With as many as 26 classes and a whole load of different skills, this is one of the richest web-based online RPG we have ever played.

Patrick Schoenfeld: Rest in Peace, grandma.

Patrick Schoenfeld — 2009-11-22T13:51:55+00:00

A few weeks ago I've visited my grandma, because she and my grandpa had birthday.
We also did it, because we figured that it might be the last chance to see her alive.
It was a hard time for us. Because she wasn't the person I knew, the person with whom I argued so often when I was a young boy, the person who showed me the beauty of cooking. She were lying in her bed, barely realizing us, not really able to do conversation. As soon as we went away from her bed she was calling for one of us, repeating the name of the person she was calling for every few seconds. Most of the time she called for my grandpa, but another time it was me she was calling. I then stood there, next to her bed, not really able to talk, because she wasn't and I didn't know what to say.
And then I had a talk to my grandpa. Although he looked visibly aged, he still seemed to be in a good constitution. But while talking to him I realized that he was tired. He told me that his woman was asking him eight times a day which day it was and such things. He told me and my cousin that he fears the day when she is gone. It was hard. I mean.. I knew it, I knew that it would break his heart when she's gone, but in my memorization he has never been a guy who would have spoken it out. I know that both had good and bad times together. Their was always that joke about them, that they can't do with each other but not without each other either. But now, the very imagination that this might be true, caused frighten in me.
Yesterday I got a call from my mother, telling me, that it seems that she decided that she will go, so she drove to my grandparents. A few hours later she called me again and said to me that it is over. Slept in, in silence. No pulse anymore. But the first thing I replied was: Can you take care for grandpa? Its not that I don't sorrow, but I knew it were better for her. She had a life with ups and downs, she had a man who loved her more then anything else. But she wasn't able to live or enjoy her last days I think. And now I'm afraid about the living, the one whose heart supposedly just broke. I hope he will be able to enjoy his last years anyway. Because he is a good man, has always been and I think he deserves it.

Grandma, we will miss you. Rest in Peace.

Russell Coker: Planning Servers for Failure

etbe — 2009-11-22T10:50:22+00:00

Sometimes computers fail. If you run enough computers then you encounter failures regularly. If the computers are important then you need to plan for the failure.

An ideal situation is to have redundant servers. Misconfigured clusters can cause more downtime than they can prevent and it requires more expensive hardware to properly implement a cluster (you need at least two servers and hardware to allow a good node to kill a bad node) as well as more time (from people who may charge higher rates).

Most companies don’t have redundant servers. So if you have some non-redundant servers there seem to be two reasonable options. The first one is to use more expensive hardware on a support contract. If a server is really important to you then get a 24*7 support contract – it only takes an extra mouse click (and a couple of thousand dollars) when ordering a Dell server. I am not going to debate the relative merits of Dell vs IBM vs HP at this time, but I think that most people will agree that Dell offers significant advantages over a white-box server, both in terms of quality (the low incidence of failure) and support (including 24*7 part replacement).

The second option is to have a cheap server that can be easily replaced. This IS appropriate for some tasks. For example I have installed many cheap desktop systems with two IDE disks in a RAID-1 array that run as Internet gateway systems for small businesses. The requirements were that they be quiet, use little power (due to poorly ventilated server rooms / cupboards), be relatively reliable, and be reasonably cheap. If one of those systems suddenly fails and no replacement hardware is available then someone’s desktop PC can be taken as a replacement, having one person unable to work due to a lack of a PC is better than having everyone’s work impeded by lack of Internet access!

This ability to swap hardware is dependent on the new hardware being reasonably similar. Finding a desktop PC in an office today which can support two IDE disks and which has an Ethernet port on the motherboard and a spare PCI slot is not too difficult. I expect that in the near future such machines will start to disappear which will be an incentive for using systems with SATA disks and USB keyboards as routers.

This evening I had to advise someone who was dealing with a broken server. The system in question is mission critical, was based on white-box hardware, and had four SATA disks in a LVM volume group for the root filesystem. This gave a 600G filesystem with less than 10G in use. If the person who installed it had chosen to use only a single disk (or even better two disks in a RAID-1 array) then there would have been a wide range of systems that could take the disks and be used to keep the company running for business tomorrow. But finding a computer that can handle four SATA disks is a little more tricky.

Of course running a mission critical server that doesn’t use RAID is obviously very wrong. But using four disks in an LVM volume group both increases the probability of a data destroying disk failure and makes it more difficult to replace the computer itself. Some server installations are fractally wrong.

Neil Williams: gpdftext in Debian

Neil Williams — 2009-11-22T09:20:59+00:00

gPDFText is a text editor for GTK+ that opens PDF documents for ebook readers, converts the text contents into plain ASCII text, restores the original paragraphs and removes unwanted line breaks to allow easier zooming on the reader. gPDFText is now in Debian unstable and on a mirror near you. There are no obvious hindrances to a simple, clean migration into Squeeze and Ubuntu, once the necessary time has elapsed.

The current release is v0.0.2 and adds support for undo/redo as well as a few more translations, giving me six in all: Czech, German, Italian, Portuguese, Russian and Swedish, for both the program and the Help Manual. Many many thanks to the translators concerned. (New translations are always welcome - the notable exception to the current list is French IMHO. Both POT files are included in the Debian source package via the upstream tarball. Just do apt-get source gpdftext, you'll find gpdftext-0.0.2/po/gpdftext.pot and gpdftext-0.0.2/help/gpdftext-help.pot. File wishlist bugs against gpdftext in the Debian BTS as normal, once your translation is complete, one bug for each PO file.) There's also the upstream bug tracker if you want to use that - you need to be logged into SourceForge - SF does support OpenID, not sure if you need an SF account or just the OpenID.

Just started adding PDF write support, so that the typical A4 PDF file can be rewritten as an A5 PDF as well as plain text. Initially, I thought I'd use libpoppler-glib directly but that's only for reading PDF. It can work with PS, so I tried that and libgs8 from ghostscript. Turned out that I should have been looking at cairo and pango all along. (Check out the buffer_to_ps function.) That said, I haven't actually got the full interface working yet, so I've yet to see just what kind of PDF I get.

This is part of the roadmap to go into version 0.1.0 along with some other interface additions, so the Manual will be getting some new content and the program a few new translatable strings. I'll make the usual string freeze announcements and call for updates when the time comes. I don't expect to be changing the existing strings much for 0.1.0.

I'm happy to add new translations based on 0.0.2 and then request an update once I know that 0.1.0 actually works.

Raphael Geissert: it's time...

Raphael — 2009-11-22T02:31:42+00:00

Why vote?

World leaders are set to discuss new ways to deal with climate change at the UN Climate Change Conference in Copenhagen, 7-18 December 2009. This new deal will replace the Kyoto Protocol and set new standards for reducing harmful emissions and global warming.

Joey Hess: building a day

Joey Hess — 2009-11-22T02:15:48+00:00

The difficulty with living on the Joey sleep schedule as the year wanes is finding enough daylight to have a satisfying day.

The plan was to hike in the mountains, but my inbox said otherwise. Ugly new debhelper bugs. Looking at the hard one, I felt as if someone from 30 years ago was trying to take my day away. Why does make(1) not provide a way to discover which targets exist in a makefile? My hack to workaround that historical oversight was breaking, and make was nearly fork-bombing the system in the process. This seemed likely to eat my weekend -- I was very glad to find a quick, ugly workaround.

By then it was 2:00. I'd not get to the mountain pass til after 3:00, which was pushing it. Almost stayed home, but it was such a nice sunny day, perfect weather. So I headed out. Spent half an hour along the way talking with an old woman about a well (long story), but reached the Roan with nearly two hours of daylight.

And it was sublime.

I realized I'd never stayed up there for sunset, so I hunkered down on a rock, finished checking my email (left over from the earlier hurry), and then spent half an hour chatting on the phone with my dad, as the sun inched down a finger at a time. When it went behind the other peak, and mist crept up the valleys below, it got cold and I hurried down.

Reached the car in deep dusk, and coasted down the mountian while listening to a BBS nostalgia piece on the radio. On the way home, pulled in at the Ridgewood BBQ, and am sitting on the porch in the cold with about 50 other people, waiting for a seat (hopefully before it closes), and blogging.

I accomplished everything I wanted to today, including getting something significant done, hiking, and spending quiet time on top of the world. Though only just, and feeling I was running late the whole time. Nice thing about the Joey schedule though, is I will have seven more hours of quiet time before sleep.

Sandro Tosi: Goodbye MIA team

Sandro Tosi — 2009-11-21T23:48:09+00:00

I can't simply put up any longer with all the shit thrown on the face being unable to do punish such bad behavior. There are just so many other things that increase my anger (like, for example, "WTH is python2.6 still not in unstable?!") that I don't need another one.

For sure, I don't advocate or encourage anyone to join the MIA team, and I'm speaking with a lot of experience... There is a proposal, from zack, to restructure how MIA works (another bright example of collaboration...): when will it be implemented? nobody knows. will it help? I don't think so (much).

My work (MIA work in general) was almost invisible, like invisible were all the harsh and aggressive replies I got. The nice part is that those replies came from people with the worst situation. Something like:

me: "this package has no uploads since 2005", reply: "this package has no upstream release since 1983" - 1. probably is to remove? 2. what about all the bugs filed against the *Debian* package? 3. what about the gazillion of lintian errors and warnings on that package? 4. MIA doesn't contact about only 1 package (so maybe there's something more?)...
me: "one of your packages has 4 RC bugs", reply: "it's team maintainer!!" - yeah, so let's pretend that since it's team-maintained 'someone else' (that's never you) will work on it.

and several other non-sense replies doesn't leave anything but a huge frustration in you.

And when you got really pissed off, and want to see some sort of reaction on such bad and unmotivated attacks and ask the "People with Powers", what do you got? "sorry, we can't do anything to help you, it's your problem". Something should be done to protect people from fuckheads, make them behave, or else kick them out of the project as far away as we can. But what we got is nothing (and nothing seems to be changing on this side).

Well, now it's not my problem anymore, it's someone else: in perfect Debian-style.

Eddy Petrișor: Vote at the presidential elections!

eddyp — 2009-11-21T19:40:49+00:00

Yesterday was the last day of presidential campaign, the most poisonous campaign since 1989, when the communist rule has fallen ... or so says history.

This campaign period was one of firsts of all kinds, mostly bad.

This is the first presidential campaign:

when, as a voter, one could clearly see polls were doctored massively as a means to influence the voters
when the internet was crucial and almost the only means of spreading ideas for the campaign of a candidate, Remus Cernea
in which an important internet news site, hotnews.ro, decided not to publish polls anymore
when the public television didn't perform its duty to organise a debate with all the candidates at the same time
when candidates were separated in two groups: "insignificant candidates" and "important candidates"
when some candidates refused to participate in public debates, except on their own terms, as if it was a service done by them to others
when candidates accused each other of being afraid to participate in face to face debates, while it was clear that this was true for many
when a candidate, Remus Cernea, was kicked out of a debate where he was previously invited, without being given a reason
when journalists' investigations found that all major parties had during the last year donations from at least 100 politicians with a declared income lower or identical to the donated sums totalling up to 91 millions of new lei (RON) (approximately 22 million euros)
when we have proof directly from frauders that all major parties prepared to fraud the elections via electoral tourism, electoral bribes and vote purchase
when a referendum was used as a electoral means by one of the candidates
when opponents twisted and re-twisted others' electoral message
when an illegitimate organisation organised a debate with only the first three candidates
when it was announced that special polling stations were made to target people voting away from home, not allowing such voting on special lists in regular polling stations; also the special polling stations will be, for the first time, monitored via webcams which will record the voters when they insert the bulletin
when some candidates clearly stole ideas from others mid-campaign
when I decided I am going to vote out of conviction and cast a positive vote for Remus Cernea

This is the first time I realise how important it is for everybody to go and cast a vote for the candidate they prefer to dilute the effects of the frauds.

Go and vote for the candidate you agree the most!

Don't cast a "useful vote", otherwise you will disservice your prefered candidate in three ways:

you're strentghning one of the adversaries
your prefered candidate will be in a worse position to negotiate with others the implementation of some of the points on his platform in case he doesn't win
you're canceling one of the votes somebody did vote for the one you prefer

Don't forget, tomorrow, the 22nd of November spare some 15-30 minutes and vote for the person that represents you most! Don't follow the flock, vote sincerely!

Vote, because your vote counts! Otherwise why would they bother to convince you to vote for them?

Sandro Tosi: Matplotlib for Python Developers - PUBLISHED!

Sandro Tosi — 2009-11-21T18:13:30+00:00

Some days are passed, but I'm still pleased to announce that

The first book about Matplotlib has been PUBLISHED!!

It was a really nice experience, it offered me the possibility to work on Matplotlib, do some really interesting stuff, and I'm quite proud of it :)

On the other hand, it was not a "straight" way: the effort I put in this was huge, practically I had to stop all other stuffs and projects I was working on (Debian included) and I was getting more and more tired as time passed. Also, sometimes Packt employees and actions were somehow problematic. but anyhow, the important thing is that THE BOOK IS OUT!!

Now I got also a nice box about the book on the sidebar of this blog!

Enjoy it!!

Biella Coleman: How Far Can it Go?

Biella — 2009-11-21T17:47:38+00:00

During the month of October I spent quite a bit of time thinking about the past, present, and future of F/OSS. This was due in part to participation in a Berkman Center event on Free Culture, where we discussed the historical arc of Free Software to Free Culture, the relationships between them (and their differences), and also the content and meaning each. Over the years, what I have found so interesting about Free Software is how it left its enclave to inspire countless groups into rethinking the politics and ethics of production and access and yet, as I raised in this pod-cast interview (due to the prompting of my interviewer, Elizabeth Stark), Free Software and/or Free Culture is still pretty bounded and contained phenomenon especially when compared to something like the existing consciousness over the environmental movement, which many folks “know” about and understand even when and if they are not involved in doing anything for the movement. I always ask my first year students whether they know what Free Software or Free Culture is and 9 out 10 stare at me with those blank eyes that basically speak in silence: “no.”

Now, there are a group of activists, many located in Europe, a number of them with deep roots in the social justice movement who are taking Free Culture down a different path, trying to expand its meaning and conjoin it to social justice issues, build a broad set of coalitions across the political spectrum so as to override the fragmentation that is so characteristic to contemporary political moment, and use FC as an opportunity to critique the market fundamentalism of the last few decades.

If you are interested in these issues, take a look at their charter: they are looking for comments (critical and constructive) as well as endorsements (here is the long version).

I myself have a few comments, for example, I think it is worth noting something like the limits of what FC can do, that even if in many ways it can be activated to do good in the world, it is also best to highlight in the same swoop that FC is not some political panacea and has limits.

For example some groups in the world, notably some indigenous communities abide by a different logic of access and culture, whereby full access is not culturally or ethically desirable, as the work of Kim Christen has illuminated. I also wonder in what ways issues of labor might be addressed more forcefully, and though they briefly raise the question of environmental sustainability, it is worth expanding these more directly and deeplyas this article by Toby Miller and Richard Maxwell make clear.

There is more to say but I will leave it here for now and just say it is really great to see Free Culture taken down another political path that is rooted in coalition building.

Torsten Werner: new arch all handling in Debian: lesson #1

Torsten Werner — 2009-11-21T17:31:23+00:00

Since some days we keep packages of Architecture: all in the archive as long as they are needed. You can find some details about that in my former post:
dak dominate will dodadoda the Debian archive soon.

The package that could currently profit most from that change is rpm! But the package dependencies are actually not strong enough. The source package rpm builds some arch all packages like rpm-common and several arch any packages and some of them (rpm, librpm0) have an unversioned field
Depends: rpm-common.
This dependency can be improved to
Depends: rpm-common (= ${source:Version})
to avoid nasty bugs after upgrading.

I fear that we have more of such packages in Debian.

Roland Mas: GForge/FusionForge update

Roland Mas — 2009-11-21T17:17:26+00:00

I normally don't relay security announces for GForge or FusionForge on this blog, but I will make an exception this time: Alain Peyrat found several places in the code with insufficient input sanitizing, which can cause cross-site scripting vulnerabilities (CVE-2009-3303). It's been fixed in the 4.7 and 4.8 branches as well as the trunk of FusionForge (and in Debian Sid and Squeeze), and updated Debian packages for GForge 4.5 and 4.7rc2 have been released for users of the Etch and Lenny distributions.

The reason I make an exception for announcing this here is to remind people that I appear to be the only one maintaining code for GForge 4.5. I do that for two reasons: first, because I'm the maintainer of the package in Debian, and Debian Etch has GForge 4.5, and Etch is supported for security fixes; second, because I also admin/maintain an instance for a client of mine, so I need to backport the fixes anyway, and making them public is no bother. Both of these reasons are going to vanish sometime in the not too distant future: security support for Etch will end in February, 2010, and I hope to have migrated my client's forge to FusionForge 4.8 by then too. A direct consequence is that I will probably stop maintenance for GForge 4.5 in the coming months (at least I'll stop doing it in my free time).

So if you're still using GForge 4.5, you should really consider upgrading to something supported, either GForge AS (free download from the GForge Group) or FusionForge (free as in Free Software). Both have an upgrade path. Obviously I think FusionForge is a better choice, but my position is probably biased.

Andrew Pollock: [tech] LVM gaining the ability to merge snapshots

Andrew Pollock — 2009-11-21T16:52:00+00:00

I love LWN. It's the best value for money way of keeping abreast of what's going on out there.

I also love LVM. I'm thrilled to learn from a comment on this article about Btrfs, that LVM is soon to gain snapshot merging support.

This is going to be absolutely fantastic for rolling back upgrades that go bad. I can't wait.

Josselin Mouette: GNOME on Debian GNU/kFreeBSD

Josselin Mouette — 2009-11-21T15:36:14+00:00

Since today for kfreebsd-amd64, and probably tomorrow for kfreebsd-i386 too, the gnome metapackage is installable on Debian GNU/kFreeBSD. In the end, this should hopefully give a fully functional desktop for these brand new architectures (to be included in the Squeeze release), with a few notable exceptions:

no power management support (DeviceKit-Power needs porting);
no roaming/wireless support (no support for libiw);
no Bluetooth support (insufficient support in the FreeBSD kernel);
no webcam support (no existing kernel API).

Apart from that, everything is supposed to work. So, if you want this to mean something, what we need now is some people to test the whole thing and find out if it actually does.

Do you feel like helping? Install Debian GNU/kFreeBSD on your favorite virtual machine, upgrade it to the latest sid version, and apt-get install gnome. For everything that’s not as enjoyable as it should be, report bugs.

MJ Ray: ssh with unstable and mobile clients

MJ Ray — 2009-11-21T07:12:35+00:00

Revisiting two old ssh points:-

Smart Tricks with ssh mentioned ServerAliveInterval 3600 and the page I referenced for it mentions ClientAliveInterval on the server-side. Is there any reason not to use that?
ssh security mentioned sslh to put ssh on port 443, but it seems Top J2ME MIDP Application MidpSSH can’t connect to ssh on other ports. The instructions in the manual about port numbers don’t work for me if I put in 443. I get java.lang.SecurityException. Anyone know why?

Clint Adams: Alersim marshwiggle

Xana — 2009-11-20T23:03:51+00:00

If you demand respect, you don't deserve it.

Biella Coleman: Moral Grey Zones: Roller-Hitching

Biella — 2009-11-20T22:04:28+00:00

Many moons ago while doing fieldwork I went to a radical tech activist camp sponsored by The Ruckus Society to give a presentation on Free Software (which I actually still have online in the gaudy orange I so loved. I could only stay 2 days as I had to go to Debconf2 in Toronto for fieldwork but it forever changed my life in pretty significant ways.

One remarkable thing about Ruckus was that for the first time I meet a particular kind of geek I had yet to come across: the crunchy and chewy granola/environmentalist/hippie hacker– a type of hacker that can be found world over but is likely to be (unsurprisingly) living, sometimes in the trees (literally) in the Pacific Northwest. They are one of my favorite kind of people as I can talk endlessly to them about 2 of my great passions: Free Software and environmental justice. Comfrey, pictured above, was one such hacker from Portland who I met at the Ruckus event and now routinely shows up, usually unannounced to our house at least 1-2x a year.

I woke up this morning to find him on our couch, got a bunch of knot-weed to chew on compliments of his foraging, and took the afternoon off to share some food. Among many stories, he told me of a new transportational pursuit of his, Roller-Hitching, which he uses to get around the country. He uses old school roller skates to skate along the road, even highways, until he gets picked up and get where he needs to go.

Naturally, these old school states are not just functional in the sense that they are faster than two feet in motion, but since they signify a particular spirit of the 1970s–you know, the groovy, dynamite, free love spirit of things, they draw positive attention and apparently when he roller-hitches, he gets picked up frequently (and made it from Minneapolis to Portland in 2 hours and 2 days: not shabby).

In California while on the 101 north of Arcata, California, Comfrey got stopped by the highway patrol and basically the cop wanted to kick him off on the grounds the he was a pedestrian (apparently prohibited on this patch of the 101). Comfrey, being a bright fellow, basically noted that roller skating is not really a pedestrian activity, that he was using, much a like a biker, a transportation device of sorts, so that he was in a grey zone between bikes and walking.

At the time, the cop was convinced enough but did tell Comfrey to look up the law in the library cuz the next time he would give him a ticket and the next time after that throw him in jail. Comfrey has yet ’sourced’ the law but soon will. When he does, since I like to report on geeks and the law, I too will report on whether one can roller skate down or up the highway for those that might want to give Roller-Hitching a try.

C.J. Adams-Collier: building unmodified_drivers

C.J. Adams-Collier — 2009-11-20T20:58:32+00:00

This is the gist of it:

$ cd /usr/src/
# $ sudo chmod a+rwx .
$ wget ftp://ftp.suse.com/pub/projects/kernel/kotd/SLE11_BRANCH/src/kernel-source-2.6.27.39-0.0.0.25.15a4c6f.src.rpm
$ alien -tg kernel-source-2.6.27.39-0.0.0.25.15a4c6f.src.rpm
$ cd kernel-source-2.6.27.39
$ tar xfj linux-2.6.27.tar.bz2
$ for f in patches.*.tar.bz2; do
tar xfj $f || break;
done
$ for p in $(./guards x86_64 < series.conf); do
patch -d linux-2.6.27 -p1 < $p || break
done
$ cd linux-2.6.27
$ fakeroot make-kpkg debian
$ fakeroot make-kpkg build
$ sudo make install modules_install
$ cd /usr/src
$ hg clone http://xenbits.xen.org/xen-unstable.hg
$ cd xen-unstable.hg/unmodified_drivers/linux-2.6
$ XEN=/usr/src/xen-unstable.hg/xen XL=/usr/src/kernel-source-2.6.27.39/linux-2.6.27 ./mkbuildtree x86_64
$ make -C /usr/src/kernel-source-2.6.27.39/linux-2.6.27 M=$PWD modules
$ sudo make -C /usr/src/kernel-source-2.6.27.39/linux-2.6.27 M=$PWD modules_install

Steve Kemp: I am not stupid, you know. They cannot make things like that yet.

Steve Kemp — 2009-11-20T20:04:33+00:00

I've really enjoyed reading some of Matthew Garrett's entries about legacy PC hardware features - specifically the cute hack involving A20 and the keyboard controller. Reading things like that really takes me back.

I remember when the z80 was cutting edge, and I discovered you could switch to a whole new set of shadow registers via "exx" and "ex af,af'". I remember using undocumented opcodes, and even now I can assemble and disassemble simple z80 machine code. (Don't get me started on the speedlock protectors and their fiendish use of the R register; that'll stick in your mind if you cracked it. I did.)

I remember being introduced to the PC, seeing subdirectories appear in MS-DOS 2.0, network redirectors appearing in DOS 3.x, and support for big hard drives appearing in MS-DOS 4.0.

I remember the controvosy over the AARD code in the betas of Windows 3, and the focus that was given in the book "Undocumented DOS" which mostly focussed upon the "list of lists". (At that time I'd have been running GEM on an IBM XT with hercules (monochrome) graphics.)

I remember learning about that a .COM file was a flat image, limited to 64k which loaded at offset 100h, to accomodate the PSP (program segement prefix) for compatbility with CP/M (something I've never seen, never used, and known nothing about. I just know you could use the file control blocks to get simple wildcard handling for your programs "for free")

I wrote simple viral code which exploited this layout, appending new code to end of binary, replacing the first three bytes with a jump to the freshly added code. Later you could restore the original bytes back to their original contents and jump back to 100h (I even got the pun in the name of 40Hex magazine.)

I recall when COM files started to go out of fashion and you had to deal with relocation and segment fixups. When MZ was an important figure.

I even remember further back to when switching to protected mode was a hell of tripple-faults, switching back from protected mode to real mode was "impossible" and the delight to be had with the discovery and exploitation of "unreal mode".

All these things I remember .. and yet .. they're meaningless to most now, merely old history. Adults these days might have grown up and reached age 20 having always had Windows 95 - never having seen, used, or enjoyed MS-DOS.

How far have we come since then? In some ways not far at all. In other ways the rise of technology has been exponential.

Back then when I was doing things I'd not have dreamed I could update a webpage from a mobile phone whilst trapped upon a stalled train.

There are now more mobile phones than people in the UK. In some ways that's frightening - People miss the clear seperation between home & work for example - but in other ways .. liberation.

I have no predictions for the future, but it amazing how far we've come just in my lifetime; and largely without people noticing.

The industrial revolution? Did that happen with people mostly not noticing? Or was there more concious awareness? Food for thought.

ObFilm: Terminator

Antti-Juhani Kaijanaho: Socialized vaccination – a narrative

Antti-Juhani Kaijanaho — 2009-11-20T17:39:12+00:00

Such was the scene I arrived at on Wednesday last week at the municipal health center at Kyllö, Jyväskylä, Finland. A queue extended a hundred meters beyond the door. It was not hard to guess what it was about, as it had been announced that the pandemic influenza A/H1N1 vaccine would be administered there to people in specific risk groups from 10 am to 3:30 pm.

I should explain here the Finnish health care setup. There are three parallel systems – a comprehensive public health care system maintained by the municipalities to standards set by the state, a network of private for-profit health care providers, and a national foundation dedicated to university student health care. Employers are required by law to provide a minimal level of health care to their employees, and most of them also provide, free of charge to the employees, access to near-comprehensive general-practice-level care; most employers buy this service from the for-profit providers. The public system suffers from resource starvation at the general-practice level but provides excellent care in the central hospitals that handle the difficult cases.

Anyway, the H1N1 vaccine is only available through the public system and through the foundation – free of charge if you qualify for the vaccine, and no amount of money buys it for you in this country if you don’t. Thus, I and many others, normally cared by the employee services, found ourselves queuing up at a public health care institute. And clearly, the public health care system was overwhelmed on that first day.

When I entered the queue, its tail was a traffic hazard. Fortunately, the queue moved faster than new people arrived thereafter, and the hazard ended. The queue moved surprisingly fast – it took me one hour to advance the 100 meters to the door. Even so, this was a failure in the system – there is no good reason to have people with underlying illnesses (and we all had them, to qualify for the vaccine) stand around in freezing cold weather for an hour!

Once, a nurse came and asked us if any of us was 63 years old or older. Apparently no-one was, since no-one was asked to leave (they will be vaccinated later). Later, another nurse asked everyone in the queue outside to show their KELA cards – KELA is the national health insurance system, and its card carries information about extra coverage one qualifies for due to underlying illnesses.

Eventually, I reached the door. Two guards stopped anyone who tried to enter directly, sidestepping the queue, and let in only those who had legitimate business other than vaccination. The main hall was full of people, and I quickly realized that the queue took a full circle inside the hall to reach the multiplexing point. It took me another hour to slowly advance my way though the hall. At the multiplexing point, I was asked to wait a bit, and then I was assigned a vaccination room and a waiting number.

Some twenty minutes later I was called in. The vaccination room I was assigned to was a nurse’s office. Two nurses were there, one who would administer the vaccine, and another at the computer, to keep a record. I gave them my KELA card, and shed my coat and my outer shirt, and bared my left shoulder. I was quickly given the pandemic vaccine; there was no question I was qualified for it, not with my obesity being obvious.

Then they asked what my diagnosis was. “Prmarily I’m here because of my obesity,” I said. “But I also have paroxysmal atrial fibrillation.”

“That’s not what your KELA card says,” accused the nurse at the computer.

“The diagnosis is so new,” I countered. “There has been no time to do the paperwork for KELA.” (And indeed, I later learned, it would come up in my next checkup in the spring.)

They stared at each other.

“I can show you my prescriptions,” I said, making no move for them.

Stares.

I stared back.

“Do you want the seasonal vaccine or not?” asked the nurse with the injectors.

I lauged briefly. “I might as well.” It had, honestly, never crossed my mind that I might qualify.

She injected me on my right shoulder. “You should stay in out there for ten minutes.”

I picked up my clothes and found the cafeteria with coffee and pastry.

Then the real fun started. Next day, I woke with horrible upper back pain. The thermometer showed mild fever; but since i didn’t have any respiratory symptoms, I decided to go to work. In the evening, turning in bed was excruciatingly painful. It took days for the pain to subside.

I left the building three hours after I arrived at the end of the queue. What? You think that’s excessive? So do I and many others; queuing feels so Soviet Union! But honestly, while it did take time, it worked. I am vaccinated; are you?

Andrew Pollock: [tech] "#!/bin/sh -e" considered harmful

Andrew Pollock — 2009-11-20T17:04:00+00:00

Russell Coker advocates putting -e on the shebang line of shell scripts.

I disagree. From my experience this is extremely unhelpful to people who may be debugging your shell scripts in the future.

Consider this, you've added -e to the shebang of a script, and some poor schmuck down the track is trying to debug why it spontaneously exits. What's the most obvious way to do this? Run the script with sh -x or bash -x.

What happens when you do this? The shebang is completely ignored, and the script is directly run by the shell interpreter. If the person doing the debugging doesn't happen to transpose all of the shell options on the shebang line to the manual shell interpreter invocation, you're going to get different behaviour.

So I advocate an explicit set -e on the second line of shell scripts instead.

As much as making shell scripts set -e is a good practice, it drives me absolutely batty having to deal with scripts that spontaneously exit as soon as something they run exits non-zero. Particularly when you've chained a bunch of shell scripts together, or have one sourcing a bunch of script fragments from a directory. For this reason, I prefer to write in Bash and use an exit handler, to make it very obvious when a shell script has abended due to set -e.

Julian Andres Klode: Back to the ’90s – Bye PC, welcome back thin clients

Julian Andres Klode — 2009-11-20T16:56:54+00:00

In the ’90s, you had a large machine and several thin clients accessing it by using X11 via network. In 2010, you will have large datacenters providing applications to and storing the data of millions of users. As you might have guessed, I am talking about Google Chrome OS.

It seems that the PC era is slowly coming to an end, with devices being increasingly connected ‘to the cloud’ and people being always online; and storing their data on Google’s servers. We do emails online using Google Mail, we do navigation online using Google Maps, we edit and view our documents using Google Docs, our newspaper is Google News; and when we want entertainment we open the browser and type youtube.com into the URL bar. Even if we were formatting the hard disk and reinstalling the system, most people wouldn’t even notice; because all there data is stored online.

There is also the question of freedom. Free software is not very widespread in the SaaS world. You also lose the control over your data. But RMS can tell you more about it.

So it seems that 2010, Google is the new mainframe and netbooks and smartphones are the new terminals. Whether this is good or not cannot be said. The question you have to ask yourself is whether you can trust Google to keep your data secure or not. I trust them enough to host all of my emails, the RSS feeds I read, my searches.

Posted in General

Matthew Garrett: Why SHMConfig is off by default

Matthew Garrett — 2009-11-20T16:56:40+00:00

Bastien mentioned the Chromium OS xorg.conf file, which includes an irritating wart - namely, Option "SHMConfig" "on". This tells the Synaptics touchpad driver to export its configuration data to a shared memory region which is accessible to any user on the system. The reason for this is that in the past, there was no good way for configuration information to be passed to input drivers through the X server at runtime. This got fixed with the advent of X input properties, and synaptics can now be configured sensibly over the X protocol.

But why was it off by default? Because, as I said, the configuration data is exported to a shared memory region which is accessible to any user on the system. And while it contains a bunch of information that's not terribly interesting (an attacker being able to disable my touchpad or turn on two finger emulation may be a DoS of sorts, but...), it also contains some values that are used to scale the input coordinates. Which means that anyone with access to the SHM region can effectively take control of your mouse. The current position is exported too, so they can also track all of your mouse input.

Now, this isn't stunningly bad. The attacker can only do this while you're touching the pad. You'll see everything that happens as a result. There's no way to fake keyboard input. They need to be running code as another user on the system - if they're running as the logged in user then they can already do all of this. And for a device as single-user as Google seem to be looking at, it's obviously not a concern at all.

But there's still plenty of places on the web suggesting that you enable SHMConfig, and various distributions that ship with it turned on (Ubuntu on the Dell mini used to, but got turned off after I contacted them about it). It's absolutely fine to do this as long as you're aware of the security implications of it, but otherwise please use X input properties instead.

Neil Williams: po4a-build - one step docs translation

Neil Williams — 2009-11-20T14:41:39+00:00

po4a, including the new po4a-build script, has been released and po4a (0.37.0-1) has been uploaded to Debian. This release also includes a fully updated Spanish translation, including the new po4a-build documentation, thanks to Omar Campagne.

po4a-build will be used as a build-dependency by emdebian-rootfs and svn-buildpackage (both due to have updated releases in a couple of days). (po4a-build itself was developed and tested within these packages - as 'genmanpages'.)

po4a-build is intended to make it as easy to produce translated documentation as it can be to produce the current untranslated content.

When po4a prepares the translated content as POD or DocBook XML, the final documentation can then be built using po4a-build. Both the untranslated and translated content is built as a single process, updating the POT files at the same time.

Existing build instructions are replaced by a single call to po4a-build and a simple configuration file is used to tell po4a-build how to build each element and which binary packages will include the translated and untranslated content.

See po4a-build (1) and po4a-build.conf (5) from the installed po4a package.

Feel free to try it out with any package that builds translated documentation, *especially* if it also builds binary gettext translations of program output without using autotools, e.g. perl scripts using $(MAKE) but not ./configure.

This should be a useful step in encouraging more packages to translate their script output and manpages. It is trivial to add translation to packages using the full autotools|intltool setup, now po4a-build brings the same level of ease to packages only using $(MAKE). (If someone wants to investigate how CMake can do the same, let me know.)

http://alioth.debian.org/projects/po4a/

http://alioth.debian.org/frs/download.php/3183/po4a-v0.37.0.tar.gz

http://freshmeat.net/projects/po4a/releases
(0.37.0 announcement pending approval by FM)

Joachim Breitner: Parody Song: „College teacher“

nomeata — 2009-11-20T10:56:09+00:00

Although it does not reflect my experiences at the university, I wrote a song text about teachers that do not care about their students, to the melody of „Private Dancer“ of Tina Turner. My list of parody songs now contains 22 entries!

Russell Coker: Some Tips for Shell Code that Won’t Destroy Your OS

etbe — 2009-11-20T09:57:55+00:00

When writing a shell script you need to take some care to ensure that it won’t run amok. Extra care is needed for shell scripts that run as root, firstly because of the obvious potential for random destruction, and secondly because of the potential for interaction between accounts that can cause problems.

One possible first step towards avoiding random destruction is to start your script with “#/bin/sh -e” instead of “#/bin/sh“, this means that the script will exit on an unexpected error, which is generally better than continuing merrily along to destroy vast swathes of data. Of course sometimes you will expect an error, in which case you can use “/usr/local/bin/command-might-fail || true” to make it not abort on a command that might fail.

#!/bin/sh -e
cd /tmp/whatever
rm -rf *

#!/bin/sh
cd /tmp/whatever || exit 1
rm -rf *

Instead of using the “-e” switch to the shell you can put “|| exit 1” after a command that really should succeed. For example neither of the above scripts is likely to destroy your system, while the following script is very likely to destroy your system:

#!/bin/sh
cd /tmp/whatever
rm -rf *

Also consider using absolute paths. “rm -rf /tmp/whatever/*” is as safe as the above option but also easier to read – avoiding confusion tends to improve the reliability of the system. Relative paths are most useful for humans doing typing, when a program is running there is no real down-side to using long absolute paths.

Shell scripts that cross account boundaries are a potential cause of problems, for example if a script does “cd /home/user1” instead of “cd ~user1” then if someone in the sysadmin team moves the user’s home directory to /home2/user1 (which is not uncommon when disk space runs low) then things can happen that you don’t expect – and we really don’t want unexpected things happening as root! Most shells don’t support “cd ~$1“, but that doesn’t force you to use “cd /home/$1“, instead you can use some shell code such as the following:

#!/bin/sh
HOME=`grep ^$1 /etc/passwd|head -1|cut -f6 -d:`
if [ "$HOME" = "" ]; then
echo "no home for $1"
exit 1
fi
cd ~

I expect that someone can suggest a better way of doing that. My point is not to try and show the best way of solving the problem, merely to show that hard coding assumptions about paths is not necessary. You don’t need to solve a problem in the ideal way, any way that doesn’t have a significant probability of making a server unavailable and denying many people the ability to do their jobs will do. Also consider using different tools, zsh supports commands such as “cd ~$1“.

When using a command such as find make sure that you appropriately limit the results, in the case of find that means using options such as -xdev, -type, and -maxdepth. If you mistakenly believe that permission mode 666 is appropriate for all files in a directory then it won’t do THAT much harm. But if your find command goes wrong and starts applying such permissions to directories and crosses filesystem boundaries then your users are going to be very unhappy.

Finally when multiple scripts use the same data consider using a configuration file. If you feel compelled to do something grossly ugly such as writing a dozen expect scripts which use the root password then at least make it an entry in a configuration file so that it can be changed in one place. It seems that every time I get a job working on some systems that other people have maintained there is at least one database, LDAP directory, or Unix root account for which the password can’t be changed because no-one knows how many scripts have it hard-coded. It’s usually the most important server, database, or directory too.

Please note that nothing in this post is theoretical, it’s all from real observations of real systems that have been broken.

Also note that this is not an attempt at making an exhaustive list of ways that people may write horrible scripts, merely enough to demonstrate the general problem and encourage people to think about ways to solve the general problems. But please submit your best examples of how scripts have broken systems as comments.

MJ Ray: Cookies: Ask Me Every Time – by law?

MJ Ray — 2009-11-20T06:55:48+00:00

SME Web – Internet advertisers: New cookie laws approved: reports that:

“internet users will have to provide consent to cookies being stored on their computers. This could result in them being bombarded with pop-ups seeking their permission to accept the cookies.”

However, the site doesn’t link to a text supporting that interpretation. The only reference is to a directive which doesn’t seem explicit.

Further, the article states

“The current EU telecom law allows the use of cookies if web users are notified of them and are able to opt-out. “

but there are tons of sites which don’t comply with that and are simply broken if they can’t store their cookies. That includes several gov.uk ones – very annoying, but surely there wouldn’t be so many if it was illegal, would there?

Is that article accurate and does anyone have plain English that I can send to gov.uk webmasters to persuade them to fix their sites?

Ingo Juergensmann: Squid v3.1 with IPv6 support in experimental

Ingo Jürgensmann — 2009-11-20T06:12:27+00:00

For about a month or so Squid v3.1 is now in experimental ready to use and ready for getting tested by a wider community base. So I installed it by changing my sources.lists deb-src line to experimental instead of unstable, apt-get update, apt-get build-dep squid3 and apt-get -b source squid3. Compilation went fine and flawlessly on unstable. On stable/lenny you'll need to install squid-langpack as well from unstable.
After installing the resulting *.deb files, there was no need to change or update the configuration for squid3: if a request/domain lookup results in an IPv6 address, squid3 will use it and gives precedence over the IPv4 address. If there's no IPv6 address for that requested domain, nothing changes from the old behaviour. So, when a page is requested by an IPv4 client, squid3 will contact the site via the IPv6 address if possible and deliver the page to the client via IPv4. This is the same (and naturally expected) behavior as in polipo, another IPv4/IPv6 capable proxy. Polipo is a small proxy with less functionality than squid3, but it has some issues from time to time that needs a restart of its service. Additionally I would prefer just one proxy running on my system. So, now I'm able to just use squid3 for all of my proxy tasks again.

Using a IPv4/IPv6 capable proxy is by the way a good method to increase IPv6 visibility, especially when you fear the (amazing small) workload to deploy IPv6 in your own network.

Gunnar Wolf: EDUSOL almost over - Some highlights

gwolf — 2009-11-20T03:16:32+00:00

Whew!

Is it karma or what? What makes me get involved in two horribly complex, two-week-long conferences, year after year? Of course, both (DebConf and EDUSOL) are great fun to be part of, and both have greatly influenced both my skills and interests.

Anyway, this is the fifth year we hold EDUSOL. Tomorrow we will bring the two weeks of activities to an end, hold the last two videoconferences, and —finally— declare it a done deal. I must anticipate the facts and call it a success, as it clearly will be recognized as such.

One of the most visible —although we insist, not the core— activities of the Encounter are the videoconferences. They are certainly among the most complex. And the videoconferences' value is greatly enhanced because, even if they are naturally a synchronous activity (it takes place at a given point in time), they live on after they are held: I do my best effort to publish them as soon as possible (less than one day off), and they are posted to their node, from where comments can continue. This was the reason, i.e., why we decided to move at the last minute tomorrow's conference: Due to a misunderstanding, Beatriz Busaniche (a good friend of ours and a very reknown Argentinian Free Software promotor, from Via Libre) thought her talk would be held today, and we had programmed her for tomorrow. No worries - We held it today, and it is already online for whoever wants to take part :-)

So, I don't want to hold this any longer (I will link to the two conferences that I'm still missing from this same entry). Here is the list of (and links to) videoconferences we have held.

Tuesday 2009-11-17

Wednesday 2009-11-18

Thursday 2009-11-19

Friday 2009-11-20

As two last notes:

Regarding the IRC interaction photos I recently talked about, we did a very kewl thing: Take over 2000 consecutive photos and put them together on a stack. Flip them one at a time. What do you get? But of course — A very fun to view and interesting interaction video! We have to hand-update it and it is a bit old right now, but nevertheless, it is very interesting as it is.

Finally... I must publicly say I can be quite an asshole. And yes, I know I talked this over privately with the affected people and they hold no grudge against me... But still - yesterday we had an IRC talk about NING Latin American Moodlers, by Lucía Osuna (Venezuela) and Maryel Mendiola (Mexico). One of the points they raised was they were working towards (and promoting) a Moodle certification. And... Yes, I recognize I cannot hear the mention of the certification word without jumping and saying certifications are overrated. Well, but being tired, and not being really thoughtful... I should have known where to stop, where it was enough of a point made. I ended up making Maryel and Lucía feel attacked during their own presentation, and that should have never happened. A public and heartfelt apology to them :-(