Planet Larry

A Glimpse Into cave: Mask and Use Flag Overriding for Resolves

For a long time, Paludis has been able to work out suggestions for what unmaskings you might want to do when installing a particular package that is either masked or has masked dependencies. This functionality is also present in the shiny new cave client, which uses the much more powerful new resolver. Now this functionality is also available for unmet use dependencies.

For example, rather than getting pages and pages of errors when attempting to install gnome:

You’ll now get:

Note how you are told all the suggested changes up-front. You aren’t just given a single error, which you can fix and then re-run the command to get another error and so on. Nor are you just given all the errors in the initial resolution; the resolver carries on with its suggested changes and accumulates any additional errors that will occur if you take those suggestions. In the first example, parted isn’t mentioned at all in the initial set of errors, because it is only brought in to the resolution by udisks, which is only brought in via gnome-disk-utility, which is only brought in via gvfs if the gdu use flag is enabled, which we don’t have enabled by our config but that is required by gnome. The resolver is smart enough to work all of this out upfront, sparing you from an eternity of running things over and over.

We’re still experimenting with the UI for errors — it’s probably possible to make it even easier for the user to see what changes need to be made. There have also been requests to make cave able to add the necessary lines to your configuration files automatically (after confirmation, of course). However, I’m not convinced that this is a good idea in practice — for example, cave would suggest turning a particular use flag on for a half dozen packages, but would not realise that turning it on globally may be a better option.

As always, if you find that all these shiny new features save you from horrible torment, books or pens (pens being a vital part of the high tech design process) are much appreciated.

Paludis 0.52.1 Released

Paludis 0.52.1 has been released:

• glibc 2.12 changes the OS ABI used by its libraries. ‘cave fix-linkage’ and ‘reconcilio’ have been updated to ignore OS ABI mismatches to avoid marking every package that uses libc as being broken.

The Airtunes 2 Protocol

Over the last year, a brave team has intermittently been hard at work openly describing the protocol used by Apple’s Airport Express, RAOP. It turns out there are two protocols — Airtunes 1 and Airtunes 2. Airtunes 1 was described by Jon Lech Johansen, of DeCSS fame, but the Airtunes 1 protocol lacks crucial timing information needed for reliable and video-synced audio. This in particular has posed a problem for PulseAudio. Airtunes 2, to this date, has only been known by Apple and the proprietary third party software Airfoil. For the purpose of interoperability and education,

Today we open up the beginning of our Airtunes 2 specification to the community.

A member of the team is hard at work on the PulseAudio module, but if you’d like to help, don’t hesitate to contact us. And of course, implementing this in other places too would be more than welcome. Finally, we still need to finish the specification, so if you can offer any assistance, please do let us know. We’re on #airtunes2 on freenode.

Review: What Do You Care What Other People Think?

I recently reviewed Surely You're Joking, Mr. Feynman!. It was good enough that I had to get the sequel.

What Do You Care What Other People Think? is another collection of stories and anecdotes written by and/or about Richard Feynman. A bit in contrast to the first book, rather than a chronological series of anecdotes, this book focuses on a couple of main topics.

Feynman discusses his first wife in some detail. Of particular interest, he describes his and his wife's brutal devotion to honesty in their relationship, even in the face of highly unpleasant truths (terminal disease, in this case). It's the honesty of a scientist, carried into "everyday" life. This was bittersweet for me to read, because the story has a sad ending.

There is also a short series of letters from Feynman to others, where he discusses the silliness of pomp and circumstance, e.g. his foibles and breaches of protocol when meeting some king or other. As someone who hates ceremony, I got a huge kick out of these.

A large part of the book is devoted to discussing the Presidential Commission which investigated the cause of the Challenger shuttle disaster. Feynman's full report is included in the book as well.

As someone interested in astronomy and space flight (and who isn't interested in those?) I found this fascinating. There's a lot of behind-the-scenes stuff. Engineers are painted in a good light, managers and politicians not so much. (Software engineers come out looking especially good, which made me feel (unjustifiably) good about myself by proxy.) There are some diagrams and a lot of technical discussion of the shuttle. Not so much that it drowns the narrative, but enough that I'm probably going to spend the next week reading Wikipedia on the subject now.

Feynman explains his simple methods at getting to the truth in the investigation. Go talk to the guys who put things together. Get your hands on some O-ring rubber and test its resistance to temperature yourself in a glass of ice water. Cut to the heart of the matter. It's good stuff.

Ultimately, as you know if you've read the report, Feynman rips NASA apart, showing that they were fooling themselves into believing the shuttle was safer than it really was. The last sentence of the report says everything: "Nature cannot be fooled."

The last section of the book discusses the value of science. More specifically, Feynman discusses the value of doubt. I very much liked how the chapter ends:

It is our responsibility as scientists , knowing the great progress which comes from a satisfactory philosophy of ignorance, the great progress which is the fruit of freedom of thought, to proclaim the value of this freedom; to teach how doubt is not to be feared but welcomed and discussed; and to demand this freedom as our duty to all coming generations.

If there's one trait I had to pick to separate good people from bad, it would be the ability to admit being wrong. And if I had to separate the good from the excellent, it would be not just the ability to admit being wrong, but the eagerness to be proved wrong.

There's a certain kind of devotion to the truth that not many people achieve, and maybe not many people even want to achieve. There's comfort in thinking that you know things. It's very tempting. I think it's probably partly why most people are religious. I suspect it's a big reason why so many people are so stubbornly wrong about so many things in general. I suspect this comfort is an enormous source of suffering in the world.

But there's another kind of comfort that people miss out on. It's the comfort of knowing that although you're probably wrong about a lot of things, you're trying your hardest to be right. You pay the price of being aware of your own state of ignorance, but you can rest a bit easier knowing that you're maybe, hopefully, inching towards the truth. I never heard the word "freedom" used to describe this feeling before, as Feynman does above, but it fits.

That's why I like reading about Feynman and reading Feynman's words. He seemed to live this philosophy as well as anyone could hope to.

X automation with xte

I learned today (via a great blog post) about xte. This program lets you simulate X Windows mouse and keyboard events from the commandline. How much more awesome can you get?

Hans illustrates how to integrate xbindkeys and xte to make KDE4 effects activate. I wanted the KDE4 "Desktop Grid" to appear when I press a mouse button (because my new mouse has a lot of buttons to spare), so this is exactly what I was looking for.

xte is the kind of glue that makes Linux awesome. KDE lets you set global keyboard shortcuts for lots of things. xbindkeys lets you assign shell commands to mouse buttons. And xte ties the two together. Possibly none of the programmers on these three tools knew about the others, but they interact perfectly to let you do anything you want.

You may be thinking, "If you want to work with KDE from the commandline, why not use DBUS?" That's what I tried to do first. But I can't for the life of me figure it out. There's some indication that we might be able to do this somday, like so:

qdbus org.kde.kglobalaccel /component/kwin org.kde.kglobalaccel.Component.invokeShortcut ShowDesktopGrid

Or maybe it's already in the latest version of KDE and I haven't upgraded yet. Either way.

By the way: could DBUS possibly have a more verbose or cryptic interface? I was hunting through the available DBUS commands looking for something that would show the Desktop Grid, and I ended up having to scan through lists of crap like this:

~ % qdbus org.kde.kwin /KWin                         
method Q_NOREPLY void org.kde.KWin.cascadeDesktop()
method void org.kde.KWin.circulateDesktopApplications()
method bool org.kde.KWin.compositingActive()
signal void org.kde.KWin.compositingToggled(bool active)
method int org.kde.KWin.currentDesktop()
method QList<int> org.kde.KWin.decorationSupportedColors()
method void org.kde.KWin.doNotManage(QString name)
method Q_NOREPLY void org.kde.KWin.killWindow()
method QStringList org.kde.KWin.listOfEffects()
method void org.kde.KWin.loadEffect(QString name)
method QStringList org.kde.KWin.loadedEffects()
method void org.kde.KWin.nextDesktop()
method void org.kde.KWin.previousDesktop()
method Q_NOREPLY void org.kde.KWin.reconfigure()
method void org.kde.KWin.reconfigureEffect(QString name)
method void org.kde.KWin.refresh()
signal void org.kde.KWin.reinitCompositing()
signal void org.kde.KWin.reloadConfig()
method bool org.kde.KWin.setCurrentDesktop(int desktop)
method void org.kde.KWin.showWindowMenuAt(qlonglong winId, int x, int y)
method Q_NOREPLY void org.kde.KWin.toggleCompositing()
method void org.kde.KWin.toggleEffect(QString name)
method Q_NOREPLY void org.kde.KWin.unclutterDesktop()
method void org.kde.KWin.unloadEffect(QString name)
method bool org.kde.KWin.waitForCompositingSetup()
method QDBusVariant org.freedesktop.DBus.Properties.Get(QString interface_name, QString property_name)
method QVariantMap org.freedesktop.DBus.Properties.GetAll(QString interface_name)
method void org.freedesktop.DBus.Properties.Set(QString interface_name, QString property_name, QDBusVariant value)
method QString org.freedesktop.DBus.Introspectable.Introspect()

This is line noise to me.

Paludis 0.52.0 Released

Paludis 0.52.0 has been released:

• format=”exheres” and format=”ebuild” are now deprecated in favour of format=”e”.
• Specifying ‘root’ in a repository config file now overrides the environment-supplied default.
• ‘cave resolve’ will now select packages even if [use] dependencies are unmet, and will display the necessary changes needed to user configuration.
• ‘cave resolve –without’ will now allow nothing at all to be installed.
• ‘cave resolve’ now has options for chroot handling.
• ‘cave execute-resolution’ now writes resume data after every job completion, rather than just upon normal exit.
• ‘cave import’ now has ‘–strip –preserve-work’ options, and the default for build_options: preserve_work is now disabled.
• ‘cave print-ids’ now has short options.
• ‘cave display-resolution’ now displays better job count information, and more compact at displaying circular dependencies.

Qt Git Mirror

I frequently find myself wanting to look through the Qt source or look through a couple of commits. I could keep a copy of Qt checked out on all the computers I use, and flick through the repository using git command-line or qgit or even git instaweb, but this is usually less convenient than simply heading over to gitorious. Unfortunately, gitorious is notoriously sluggish and I find their site design a bit hindering as well.

So I’ve decided to mirror Qt’s repository on my personal server running cgit, which is much much faster than Gitorious. It’s synced once an hour by cron. And if nobody abuses this, I’ll keep it open for the community.

Head on over to git.zx2c4.com/qt.

Next up, I might attempt to mirror KDE’s subversion repository on my CGit. I’m not a very big fan of websvn, and I know KDE is moving to git, but the main tree won’t be moved for quite some time. Anyone an expert at git-svn and can provide some tips for a mirroring script to a bare repository? As we speak, I’m running git svn fetch on a repository made with git svn init --stdlayout svn://anonsvn...., and then manually adjusted to be bare. The import is taking a long time…

Update update update: Holy cow. After leaving git svn fetch running overnight, I’m on revision 41671 of 1159974… which is only 3.5% done (and by the way, I’m running this out of a data center’s über-bandwidth connection). KDE has a huge history; this is obscene. Any pointers here? Should I stop this? Have I done something silly that will render the eventual result unusable?

Media's response to the Hacker != Cracker open letter

A few days ago FSFE Fellowship group Slovenia sent an open letter concerning the misuse of the term "hacker". There is an English translation (with the Slovenian original) available on my page as well.

Today I am happy to report that this action had a bigger impact that we hoped for!

• Delo — probably the most serious Slovenian daily newspaper was very keen on publishing our open letter in the readers' letters section in the printed edition.
• Dnevnik — the other major daily newspaper has also published the open letter under readers' letters in both the printed form and online.
• Večer — another rather popular Slovenian newspaper seems like it will publish it tomorrow (according to its archive) has published it in its readers' letters section.
• Moj Mikro — one of the most prominent computer magazines in Slovenia, has published the open letter under news (although without mentioning any authorship or signatures).
• RTV Slovenia — from the national broadcast the lector wrote back to thank for the "extraordinarily well written and useful explanation" and stated she will try to follow it as much as possible.
• the aforementioned translation on my blog got already 2500+ hits until today.

I know we haven't changed the world with this action ...but maybe we just made it a tiny bit better nontheless and perhaps even inspired others around the world to try the same ;)

hook out >> rainy day, home improvement to help with and hopefully soon time to study :P
<!--break-->

ansicolor: because the view is better in colors

If you’re a coder you probably try to modularize everything to death on a daily basis. If not, your practices are a little suspicious. Alas, it’s not so easy to knock out something that I can say with confidence will be reusable in the future. One piece of functionality I keep reimplementing is output in colors, because it’s hugely helpful to making things look more distinct. The first time I wrote this module I knew I would be using it again and I wished to make it nice and reusable, but I didn’t know what the future uses would be. So I put that off until “later”. In the meantime I copy/pasted it a couple of times into other projects. Shameful, but effective.

I finally got around to organizing these types of bits that have no specific place of their own into a new github repository, appropriately named “pybits”. It holds the pretty printer and this rewritten ansicolor module, and it’ll probably grow with the ages.

But to business. Anyone spitting out ansi escapes who has figured out the system knows it’s trivial to make a color chart. So to keep the tradition going, here’s proof that ansicolor is able to enumerate the colors:

Notice that section at the bottom about highlighting colors. As you might be able to deduce by sheer logic, black and white are not great colors for highlighting something in a terminal, because they are typically used respectively as the background and foreground of the term (or vice versa). (The colors of a term can actually be anything, but black and white are the common ones. Ideally, code should detect this at runtime, but I don’t know of a way to check for this. Besides, lots of programs [eg. portage] do make this assumption also.) So the highlighting colors are supposed to be useful for when you want to output a wall of text and mark something in the middle of it, so the user can spot it.

Suppose you are (as I have been in the past) developing a regular expression and you can’t get it right on the first try (yeah, unbelievable, I know). Well, what you do is highlight the string so you can see how the matching worked out:

Regular expressions tend to get hairy (yes way) so it helps to compare their results when you’re trying to unify two half-working variants into one. Adding a second regex will show the matches from both. Where they overlap the styling is bold:

Think of the green highlighting as a layer of paint on the wall. You then paint a layer of yellow on top, but you don’t cover exactly the same area. So where the green wasn’t painted over it’s still green. Where the yellow covered it, the paint is thicker. And where the yellow didn’t overlap the green it’s just plain yellow.

Adding a third regex potentially produces segments highlighted three layers thick, so there the color becomes reverse.

And then bold and reverse.

ansicolor doesn’t support background colors, but that’s a product of my use so far, I’ve never needed it. I don’t think they improve readability.

You will find this cutting edge technology in the repo:

• pybits

ALIX 2D13: 2.6.35, LEDs, lighttpd, lmsensors

It’s a good thing I waited a few days before releasing my next ALIX-post. I was gonna talk about the leds-alix module and where to download it, but in the meantime 2.6.35 was released and already contains all the necessary code. So, besides this post there is a new config: Linux 2.6.35 vanilla for ALIX 2D13. A few changes to the 2.6.34-config I posted last time:

• I didn’t choose the Geode GL/GX last time, doh!
• The kernel is no longer tickless (performs better)
• Threw out some modular crypto-stuff (which I missed the last time)

There are three front-LEDs on the ALIX board, so nothing fancy. The interesting is that there are predefined triggers for these LEDs in /sys/class/leds/ which will make the LEDs display one of the following: heartbeat = load average (blinking speed), ide-disk (write access to the cf-card), timer, etc. Just try cat trigger to see the possible values. There is also the possibility to trigger on matches from iptables (think: traffic on port 22 ;). However my iptables userland seems to be outdated, so I will have to report about this another time.

Furthermore I tried using lighttpd instead of gatling on my fat external drive, and it performed even better, using slightly less CPU. In the kernel I activated the deadline IO-scheduler as default (while keeping CFQ and NOOP as an option), let’s see how that plays out. I’m still not getting more than 9MB/s using Samba, while the CPU is mostly idle and lighty completely saturates the 100MBit link, really annoying.

lm_sensors on the ALIX are no problem either. Just try my kernel-config or make sure to activate the basic I2C-stuff and CONFIG_SCx200_ACB. My ALIX runs at comfy 42°C when not under load.

I already talked about using tmpfs for some of the directories written to frequently (/tmp, /var/tmp, /var/run, /var/log, /var/lock). I don’t care about logs right now, so I don’t mind losing them on reboot. Some daemons however complain or won’t start if their log-directories aren’t set up, so you should do that with an init-script. I uploaded my script here, which will work with Debian and also sets up two LEDs and the deadline scheduler in case it isn’t the default.

CGit and Wiki-Markup: restructuredText, Mark Down, Whatever-You-Want

I wrote in a previous post about hacking restructuredText support into cgit by way of some nasty .htaccess and cgi scripts. Well, now I’ve built support into CGit properly.

I have in my cgitrc:

repo.readme=master:docs/readme.rst
repo.about-filter=/home/gitcode/web/rst2html/rst2html

about-filter is a feature cgit has always had which pipes the readme file through that command before displaying it. In this case, it’s just the standard docutils restructuredText python script. The killer new feature here is the ability to specify that the readme file tree comes from a specific git head. This says to pull it from the master repository. I could specify any branch or even a sha1 id of a specific commit.

So now, http://git.mywebpage.com/about will display the restructuredText of doc/readme.rst converted to its nice HTML display. Best of all, I can go to http://git.mywebpage.com/about/otherfile.rst, and this will translate to master:docs/otherfile.rst. I could replace the about-filter with something for markdown or even a script that chooses which filter based on file name, and get something identical to Github’s readme feature. Now it’s in cgit. Hopefully Lars will pull this soon, as he did my other patches.

CGit and restructuredText

A project of mine (which I’ll announce in a few days) uses restructuredText and git. So, showing an html-ified version of the restructuredText was the logical thing to do. CGit dumps the plain text of a file at http://git.website.com/ProjectName/plain/path/to/myfile. I wanted to add onto this a restructuredText dump at http://git.website.com/ProjectName/rst/path/to/myfile. One solution would be to patch cgit, but instead I chose to build around it and use the handy docutils to do the conversion.

The tool rst2html takes rst on stdin and pushes html on stdout. The first thing we need to do is make an rst2html wrapper and push certain URLs to it. My cgit installation already has a pretty advanced .htaccess for rewriting cgit urls, and here we’ll augment the one in that post with:

RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule (.*)/rst/(.*) /rst.cgi/$1/plain/$2 [L,PT,NS]

This internally rewrites all traffic at http://git.website.com/ProjectName/rst/path/to/myfile to http://git.website.com/rst.cgi/ProjectName/plain/path/to/myfile. This means that the CGI environment variable PATH_INFO is set to http://git.website.com/ProjectName/plain/path/to/myfile. CGit looks at PATH_INFO to determine which page to show, so all we have to do is call cgit.cgi and pipe it to rst2html:

#!/bin/sh
echo "Content-Type: text/html"
echo
./cgit.cgi | ../rst2html/rst2html

However, cgit spits out HTTP headers of its own, which we need to strip:

#!/bin/sh
echo "Content-Type: text/html"
echo
./cgit.cgi | sed -n '/^$/,$p' | ../rst2html/rst2html

The sed command prints all lines after the first empty line.

This is all fine, but cgit nicely caches output, and so should our rst script. To do this we need to look at the Last-Modified and Expires headers that cgit spits out and compare them to a cache file if it already exists. If the cache is dirty, we call rst2html on cgit’s output and tee it to the cache file to update it for the next call. If it’s clean, we just cat the cache. Along the way, we make sure to copy cgit’s HTTP cache headers for the rst file.

#!/bin/sh
plain=$(./cgit.cgi)
expiration=$(echo "$plain" | sed -n 's/^Expires: \(.*\)$/\1/p')
lastmodified=$(echo "$plain" | sed -n 's/^Last-Modified: \(.*\)$/\1/p')
echo "Content-Type: text/html"
echo "Expires: $expiration"
echo "Last-Modified: $lastmodified"
echo
expiration=$(date -d "$expiration" +%s)
lastmodified=$(date -d "$lastmodified" +%s)
cache="../rst2html/cache/$(echo $PATH_INFO | md5sum | cut -d ' ' -f 1)"
cachetime=0
if [ -f "$cache" ]; then
        cachetime=$(stat -c %Y "$cache")
fi
if [ $cachetime -ne 0 -a $cachetime -lt $expiration -a $cachetime -ge $lastmodified ]; then
        cat "$cache"
else
        echo "$plain" | sed -n '/^$/,$p' | ../rst2html/rst2html | tee "$cache"
fi

Open letter to the media about the misuse of the term "hacker"

In the past few days/weeks in Slovenian media there was a big boom about three Slovenian citisens who allegedly cooperated in the Mariposa botnet. If you don't know what this is about read this press release from the FBI. The media has repeatedly called these alleged cybercriminals "hackers".

Since this is a wrong use of this term and a lot of us refer to ourselves and others amongst our midst as "hackers", in the Fellowship group Slovenia we felt that something had to be done.

So we wrote and sent an open letter to the media explaining the difference between "hackers" and "crackers" and kindly asking the media to use this words correctly in the future. This action was backed up by several other groups and institutions.

The whole text of the open letter and its translation follow bellow.
<!--break-->

Dear Sir/Madam,

in the past weeks, especially in connection with the story about FBI's action against a cybercrime which led to the arrest of a suspect in Slovenia, the word "hacker" has been used several times in the media in the wrong context and the wrong way. Since this term is differently understood by the experts than by the lay public, we feel it appropriate to warn about it in this open letter^[1].

"Hacker" comes from the verb "to hack", which is an expression that originated in the 50's of the previous century at MIT^[2] and means solving a technical problem in an unique way. In the computer jargon it is still used to label inventive and original modifications of a program or system, based on a deep understanding and in a way that was originally not intended.

Many authorities in the field of computers and security understand the term hacking as a state of mind, thinking outside of boundaries, established ways and methods and trying to overcome these obstacles. In many examples hackers are putting their skills and inventiveness into good causes and the public good by making their programm available to everybody to use and modify. Examples of such free software^[3] are: GNU/Linux, Mozilla Firefox, Mozilla Thunderbird, Google Chromium, OpenOffice.org, SpamAssassin, GIMP, Scribus etc.

It was the media and movie industry which later (falsely) used the word hacker to describe cybercriminals; which of course caused confusion. This mess is increased by the still evolving terminology and translations in the Slovene language.

A more appropriate term for a person, who with criminal intent breaks into computer systems is "cracker". People who abuse security systems without authorization and/or use ICT (usually computers, telephones or networks) for breaking into systems and performing illegal or criminal activities — vandalism, credit card abuse, identity theft, piracy and other types of illegal activities^[4].

Also, the Slovene dictionary of informatics^[5] distinguishes between "hacker" as "technically versed computer enthusiast" and "cracker" as "who breaks into computer systems with intent to use data or programs without authorization".

This is why we should call the current suspects of computer-based crimes, "crackers."

In the past decades many technological advances were also a result of the hacker phenomenon — personal computers, the Internet, free software — therefore it would be wrong to equate hackers with criminals. An analogy to this could be if chemists or pharmacists were all called poisoners and murderers.

We understand that the current confusion has been in existence for quite some time and this is exactly why we think it is high time that we clarify it together. So we ask of you to, please, in the future use the right term.

best regards,

Matija Šuklje
coordinator
FSFE Fellowship group Slovenia^[6]

co-signatories:

Andrej Kositer,
president
[COKS] Center odprte kode Slovenije^[7]

mag. Simon Delakorda,
direktor
[INePA] Inštitut za elektronsko participacijo^[8]

Andrej Vernekar,
predsednik
[LUGOS] Linux user group of Slovenia^[9]

Klemen Robnik,
vodja
Kiberpipa/Cyberpipe^[10]

Ljudmila^[11]

[1] This open letter is available also on the website: https://wiki.fsfe.org/FellowshipSloveniaOdprtoPismoHeker
[2] Massachusetts Institute of Technology
[3] Definition of free software on the Free Software Foundation Europe's website:
http://fsfe.org/about/basics/freesoftware.en.html
[4] http://en.wikipedia.org/wiki/Hacker_(computer_security)#Black_hat
[5] http://www.islovar.org/
[6] FSFE Fellowship Group Slovenija — http://wiki.fsfe.org/groups/Slovenia — is a group of supporers of Free Software Foundation Europe and free and open source software in general, organised in a civil initiative. We stand for free software, open standards and open formats.
[7] Open Source Center Slovenia [COKS] — http://www.coks.si — is Slovene national supporter of development, usage and knowledge of open source technologies and OS solutions. We provide aid and support to OS users in public and private sector and cooperation with EU bodies concerning open source and e-governance policy.
[8] Institute for Electronic Participation [INePA] — http://www.inepa.si — is a non-profit NGO on the field of e-democracy. INePA carries out applicative and development projects as well as advocative and connecting activites for NGO's, institutions and individuals who are standing for strenghtening of the democracy and political participation using ICT. The institute is a member of the Pan-European eParticipation Network and the Central and Eastern European Citizens Network.
[9] LUGOS — http://www.lugos.si — is an association of users of the free and open source operating system GNU/Linux. Amongst other activities, it offers user support and translates free software. Other activities are also the open wireless network of Ljubljana (wlan-lj) and weekly lectures Pipe's Open Terms (in cooperation with Cyberpipe).
[10] Kiberpipa/Cyberpipe — http://kiberpipa.org — is a collective of open source and digital freedom advocates. In the centre of Ljubljana it creates digital culture, educates expert and lay public by means of presentations, lectures and workshops.
[11] Ljudmila — http://www.ljudmila.org — Ljubljana lab for digital media and culture (1994) is the first non-profit laboratory in Slovenia which supports inventive and creative research through project work in the field of internet, digital video, electronic art, digital radio, communication, open source software development and connects all of these in an interdisciplinary way. It also enables autonomous as well as workshop-based group education and is the founder of the network of multimedia centres of Slovenia "M3C".

...and the Slovene original, which was sent to the media:

Spoštovani,

v zadnjih tednih se je predvsem v povezavi z novico o akciji FBI proti spletnemu kriminalu, ki je privedla do aretacije osumljenca v Sloveniji, v medijih večkrat pojavila beseda „heker“ in sicer v napačnem kontekstu ter uporabljena na napačen način. Ker se v strokovnem jeziku ta termin povsem drugače uporablja kot ga razume laična javnost, se nam zdi primerno na to opozoriti v tem odprtem pismu^[1].

Heker (ang. „hacker“) izvira iz glagola „hekanje“ (ang. „to hack“), kar je izraz, ki se je sprva prijel v 50ih letih prejšnjega stoletja na MIT^[2] in pomeni reševanje tehničnega problema na samosvoj način. V računalniškem žargonu se še vedno uporablja za na poglobljenem znanju temelječe, inovativne in izvirne modifikacije programa ali sistema na način, ki sprva ni bil predviden.

Mnoge avtoritete na področju računalništva ter varnosti pojmujejo hekerstvo kot stanje duha, razmišljanje zunaj okovov, ustaljenih pristopov in načinov ter poskušanje premostiti te ovire. V veliko primerih hekerji svoje veščine in inovativnost uporabijo v dobre namene in v dobro vseh, dajo program na voljo vsem v uporabo in nadaljnjo modifikacijo. Primeri takih prostih programov^[3] so GNU/Linux, Mozilla Firefox, Mozilla Thunderbird, Google Chromium, OpenOffice.org, SpamAssassin, GIMP, Scribus idr.

Za poimenovanje kiberkriminalcev so besedo heker kasneje (napačno) popularizirali mediji ter filmska industrija, zaradi česar je seveda prišlo do zmešnjave. To zmešnjavo dodatno povečuje nedorečenost prevodov in prevzemanje terminologije v slovenskem jeziku.

Pravilnejši termin za osebo, ki kriminalno vdira v računalniške sisteme je „vdiralec“ ali „kreker“ (poslovenjeno iz ang. „cracker“). Osebe, ki izrabijo varnostne sistem brez pooblastil in/ali uporabljajo informacijsko komunikacijsko tehnologijo (običajno računalnike, telefone ali omrežja) za vlamljanje in izvajanje nelegalnih ali kriminalnih dejavnosti – vandalizma, zlorab kreditnih kartic, kraje identitete, piratstva ali drugih tipov ilegalnih dejavnosti^[4].

Takšno razliko pozna tudi slovenski slovar informatike^[5], ki navaja pojem „heker“ kot „tehnično dobro podkovan računalniški zanesenjak“ in pojem „kreker“ kot „kdor vdira v tuje računalniške sisteme z namenom nepooblaščeno uporabljati podatke ali programe“.

Zato je potrebno imenovati trenutno aktualne osumljence računalniškega kaznivega dejanja kot vdiralce oz. krekerje.

V zadnjih desetletjih je mnogo tehnoloških pridobitev tudi rezultat fenomena hekerstva — osebni računalniki, internet, prosta programska oprema — zato je napačno, da se hekerja enači s kriminalci. Podobno, kot bi kemika ali farmacevta enačili z zastrupljevalci in morilci.

Zavedamo se, da terminološka zmešnjava obstaja že dlje časa in ravno zato menimo, da je skrajni čas, da jo skupaj odpravimo. Zato vas lepo prosimo, da vsaj v prihodnje uporabljate pravilni izraz.

lep pozdrav,

Matija Šuklje,
koordinator
FSFE Fellowship skupina Slovenija^[6]

sopodpisnice:

Andrej Kositer,
predsednik
[COKS] Center odprte kode Slovenije[7]

mag. Simon Delakorda,
direktor
[INePA] Inštitut za elektronsko participacijo[8]

Andrej Vernekar,
predsednik
[LUGOS] Linux user group of Slovenia[9]

Klemen Robnik,
vodja
Kiberpipa[10]

Ljudmila[11]

-.-.-
[1] Odprto pismo je na volju tudi na strani https://wiki.fsfe.org/FellowshipSloveniaOdprtoPismoHeker
[2] Massachusetts Institute of Technology
[3] Definicija prostega programja na strani Free Software Foundation Europe:
http://fsfe.org/about/basics/freesoftware.en.html
[4] http://en.wikipedia.org/wiki/Hacker_(computer_security)#Black_hat
[5] http://www.islovar.org/
[6] FSFE Fellowship skupina Slovenija — http://wiki.fsfe.org/groups/Slovenia — je skupina podpornikov Free Software Foundation Europe[] ter prostega in odprto-kodnega programja nasploh, organizirano v civilno iniciativo. Zavzemamo se za prosto programje, odprte standarde in odprte formate.
[7] Center odprte kode Slovenije [COKS] — http://www.coks.si — je nacionalni spodbujevalec razvoja, uporabe in znanja o odprtokodnih tehnologijah in rešitvah. Razvojno podporni Center Odprte Kode Slovenije nudi uporabnikom centraliziran sistem storitve pomoči in podpore ter zagotavlja rešitve za potrebe javnega in zasebnega sektorja.
[8] Inštitut za elektronsko participacijo [INePA] — http://www.inepa.si — je nepridobitna nevladna organizacija na področju e-demokracije. INePA izvaja aplikativne in razvojne projekte ter strokovne, zagovorniške in povezovalne dejavnosti za nevladne organizacije, institucije in posameznike, ki si prizadevajo za krepitev demokracije in politične participacije s pomočjo informacijsko-komunikacijskih tehnologij. Inštitut je član Evropske mreže za elektronsko participacijo in Državljanske mreže za srednjo in vzhodno Evropo.
[9] LUGOS — http://www.lugos.si — je društvo, ki združuje uporabnike prostega in odprto-kodnega operacijskega sistema GNU/Linux. Pod okriljem društva med drugim poteka pomoč uporabnikom operacijskega sistema in prevajanje proste programske opreme. Med projekti sta tudi odprto brezžično omrežje Ljubljane (wlan-lj) in tedenska predavanja Pipini odprti termini (v sodelovanju s Kiberpipo).
[10] Kiberpipa — http://kiberpipa.org je kolektiv zagovornikov odprte kode in digitalnih svoboščin. V središču Ljubljane stvarja digitalno kulturo, osvešča strokovno ter laično javnost s pomočjo predstavitev, predavanj in delavnic.
[11] Ljudmila — http://www.ljudmila.org — Ljubljanski laboratorij za digitalne medije in kulturo (1994) je prvi nepridobitni laboratorij na Slovenskem, ki podpira inovativno in ustvarjalno raziskovanje skozi projektno delo na področjih interneta, digitalnega videa, elektronskih umetnosti, digitalnega radia, komunikacij, razvoja odprtokodne programske računalniške opreme ter interdisciplinarno združevanje vseh naštetih. Omogoča tudi samostojno in v okviru delavnic skupinsko izobraževanje in je ustanoviteljica mreže multimedijskih centrov Slovenije „M3C“

hook out >> now that that's done, finally sipping some milk tea and studying :3

Definable Trigger Word on Dictionary KRunner

I announced in a previous post that I’ve created a dictionary runner for KDE SC 4.6. One requested feature in the comments was the ability to define a custom trigger word. I have added it.

Here you see it uses definir instead of define.

It’s configurable through the KCM popup in the krunner settings.

If you set the trigger word to nothing, then it will add dictionary entries for every query, which could be neat:

Hoping to move this out of kdereview soon and into kdebase.

More do, less talk.

I’ve been a busy little bee these few days – you didn’t think WIPUP’s beta release would slow me down eh? Unfortunately for you folks, I like to strike a balance between doing and talking – sure, more talking and doing doesn’t see any results soon, but more do and less talk is just plain selfish. As such, here’s what’s new in Moult county.

Firstly – the the WIPUP beta aftermath. Could’ve hoped for more users, but I’m happy with how people are picking up on it. So far all feedback has been positive, and we’ve picked up a good few members along the way, some of which have become users. Now that I’ve signed WIPUP up on Google Analytics, we’ve got shorter, sweeter reults:

Because I like looking at the results in percentage increases, I’ll let you make your own conclusions this time.

Meanwhile, a few noticed that this release’s splash was not made by me – rather it was contributed by Nathan from Cetan.ca. This means that if anybody wants to contribute splash artwork, I’d be more than willing to use it – provided that it’s abstract, and that it passes as aesthetically pleasing – and of course credits will be duly given.

The ThoughtScore Project has resumed production – and surprisngly to some – not in any graphical area, but rather in the script. I’ve submitted what I’ve started on it as a WIP available here, and once I implement the “paste revisions” idea for WIPUP suggested here, I’ll allow you to actually write parts of it (well, if you really want to – but no promises on accepting them).

I’ve also been, despite sans internet for 2 days in a wonderful place called Bandung (reaaally beautiful if you go to the right places) I’ve also been busy giving back to the community in KDE. We now have a lovely release counter image (demo’ed below), my submission to their KPresenter template contest, and a little progress on the upcoming release announcement for 4.5. Not to mention I’ve also been in the middle of setting up KDE’s site for development on my localhost to tackle “polish” issues, of which you may see some of my critique here.

Of course I’ve still been doing part/fulltime work doing webdevelopment (on my 3rd project now wheyhey), and so if you need any webdevelopering done you know who to poke. Also, being in Indonesia also means I’ve been rockin’ with my relatives.

Come on, a post like this with loads of links definitely means I’ve been busy. Excuse the insightful-informative post tradeoff.

Related posts:

1. WIPUP 19.03.10a released!
2. live.WIPUP now available.
3. Holiday plans.

Back from Canada, Archcon

I'm back from Canada/Archcon, and it was great. I've been in Toronto for 11 days, and visited Montreal for 3 days.

Archcon

Archcon was small (20-ish people). (That's what you get for doing it in Canada ;), but very nice.
Interesting talks, informal, good vibe, decent logistics and catering.
This year it happened because Dusty and Ricardo actually just wanted to have a conference without worrying too much about the attendance,
next year we should do it again because Arch (conferences) rock(s), and because we need more visitors. More central locations such as Seattle and Europe have been suggested.
Either way, next year both Judd (founder) and Aaron (current overlord) should be there. (this year they both had lame excuses like family reunions and "almost getting married". Congrats btw, Aaron!)

It was an absolute pleasure to meet some more of my fellow devs, and users.
Here is a pic from the group (unfortunately, a few are missing)

People in bold are Arch (ex-) devs

1. Richard (sokuban) from Toronto (linguistics student)
2. Chris (Gallow) from Toronto
3. Alex (alexmat) from Tokyo, Japan (very into NILFS, submitted already some patches)
4. Sander (GogglesGuy) (Dutch guy living in the states now)
5. Eric from Seattle, WA
6. Gregory (gelendir) from Québec city, Canada (aka dude with skirt and fivefingers and funny accent)
7. Kevin (kpiche) from Ottawa (does perl stuff iirc)
8. Loui (louipc) from Toronto, Canada (AUR guy, git lover. metalfan. Shook John Petrucci's hand)
9. Tim from Annapolis (uses Arch for servers at work with some fancy mass-install scripts)
10. Dustin (daking) from Stanford, CA (runs most of Stanford university on Arch)
11. me from Belgium (arch-releng/aif, uzbl guy)
12. Walter from Toronto (very into Uzbl, not actually an Arch user... yet)
13. David (davekong) from New York City
14. Dan (toofishes) from Chicago (Pacman dev)
15. Dusty from Shaunavon SK (shwag, archcon organizer)
16. Ricardo (ralvez) from Toronto (archcon organizer)
17. Jason (Xentac) from Victoria, BC (entrepeneur, used to use Arch for the business)

See Archcon thread for more info.

Unfortunately I barely slept the night before my AIF talk, so I feel that one didn't go to well. Although people told me it was OK.
The Uzbl talk was pretty much what I imagined it to be: like the fosdem talk, but a bit more in depth here and there.
My pc was behaving weirdly, but luckily I could use Dan's.

We've been lucky that Walter and Isaac had proper, respectively videotaping and photocamera equipment. So there are plenty of pics, and nearly all talks got videotaped.
(I think the "hacking pacman" one was the only one not being videotaped, because 2 other talks were going on at the same time. Too bad, it was a very interesting talk)

Archcon pictures
Archcon videos
My slides:
AIF (day 1)
Uzbl (day 2)

Other days

Some thoughts and notes of what I did and saw around Toronto/Montreal..

• Cities with streets and subways in a grid layout are awesome. Soo much easier to navigate.
• Red lights with countdown timers (in seconds) are awesome. Although I'm told some places in Europe have them too.
• Toronto was awesome: huge city, many friendly people, low crime rate, many different cultures, very short history. High park was very nice.
• Montreal was like a European city: more history, old buildings, more crime, but of course a grid layout. Some nice views though (ie. from Mont Royal).
• The youth hostels I went too were great: never got to meet so many interesting people in such a short timespan.
• CN tower: I procrastinated visiting until the last day, and when I finally wanted to go in the wheather was perfect, but there was a 2 hour queue, so I skipped it. Anyway there are plenty of pictures online.
• Niagara falls were beautiful. Maid of the myst tour was worth it. I made pictures but those online are better.
• I met Kan Johar (founder of plurk.com, amongst others), good times.
• Dusty introduced me to poutine. I found it disgusting. I guess you need to be a Canadian before you can like it.
  
• Dusty and I have been to the Linux Caffe. The owner is a great guy, he's considering switching to Arch, and he wrote his whole point of sales, accounting and bookkeeping software using shell scripts, perltk and stuff. He's into suckless.org stuff. His version 2.0 will probably be based on Xmonad.
  
  

Dusty and me, somewhere on our way to the Niagara falls.

Hope for the global village

We are in the information age, will we adapt and change or fail and decline?

The rise of anonymity

Anyone who was brought up in a small village will know that it is close to impossible to keep any secrets. People will get to know everything about you and try to help you, whether you want them to or not. Participation is somewhat compulsory.

Rewind 300 years, and the vast majority of people lived in villages. The elite did possess privileged access to information, but this was due to the prohibitive cost of higher education for the majority, and a lack of free time and mobility in a predominantly agricultural society. There was no police state or legal protection of state secrets.

In the medieval times, a stranger entering a village would be watched very carefully, if not questioned and perhaps run out of the village or worse. With the rise of the modern world, people became anonymous for the first time. People who you have never met before can walk down your road unescorted and without suspicion.

A medieval villager would have kept several yards distance from an unfamiliar person. Modern man can enter a theatre or cinema and sit next to a complete stranger without introducing himself to his neighbour barely a few inches from his own body.

The rise of urban anonymity had both good and bad consequences. Anonymity allows our natural innate conscious to be overridden and ignored. How many people had their rights overridden to bring you the computer that you are reading this post on? How many people suffered to bring you the clothes you are wearing. How much damage was done to the environment by the things around you in the home or office you are reading this post in? It is very hard to know, and researching it all thoroughly would take months. I went into this further in my post Archimedes - Why Godwin was wrong.

The rise of anonymity was accompanied by a massive rise of state bureaucracy - institutional anonymity. Many aspects of our lives are now controlled by people we do not know, people who we have never heard of and probably will never bother to find out about. However formidable this bureaucracy may seem, it is as fragile and brittle as any other man made system. What rose up suddenly can fall just as fast, although things that grow quietly often fall loudly and messily.

As I said above, the medieval and early modern age had no police state enforcing state secrets. Great Britain managed to become the world's dominant military power with an empire spanning the globe with territory in every continent, all with no concept of state secret.

Britain started to have state secrets after it was already in steady decline. How did the modern concept of state secret come about?

Yes Minister!

For a long time, Britain has had a large standing army, but it is no match for Britain's civil service, which has always been several times larger than the military. In Britain, civil servants are not politically appointed. Politicians can try to influence long term policy through laws, but they do not have direct executive authority over the civil service in the way some other countries' politicians do.

The first Official Secrets Act in 1889 was primarily motivated to avoid civil servants giving information directly to the press and embarrassing the government. Obviously this was a failure because governments are still routinely shown up by the civil service leaking information.

In the hysteria in the run-up to the First World War, the 1911 Official Secrets Act was enacted without discussion. It aimed to prevent sensitive civil service information being leaked to foreign states. Several other versions of the Official Secrets Act have been passed over the years. None of them have stopped the civil service from leaking politically embarrassing information when it has chosen to.

The Official Secrets Acts cover civil servants, they are not aimed at the general public. The government can deny or ignore information presented to the press by a member of the general public, but they cannot do much about it. In the UK, a 'gag order', a legal injunction restricting information to the public, can only be made by a court, this can then be appealed through various levels, all the way to the European Court of Human Rights. The idea of the state keeping secrets from the public did not even really work in the pre-information age, no matter how many Official Secrets acts they passed - if you are carrying a water in a sieve, it does not matter if you try to run faster, the water will still come out.

The information age makes us all a global village

As we are already far along the path of moving from the modernistic bureaucratic age to the post-modern information age, it is even harder to keep information secret. In particular, technological change has overwhelmed any prospect of profiting from information hoarding (just look at the legal trolls formerly known as the record industry), in short: code trumps law. With a World-Wide-Web, it does not matter if a British court says that a piece of information must not be published in the British press, it will be online anyway, and there is nothing the British court can do - code trumps law. As John Gilmore said 17 years ago "the Net interprets censorship as damage and routes around it".

The British laws have slowly started to recognise the Information age with the Freedom of Information Act which came into force in 2005, giving us access to any public information we ask for, unless it falls into a small and reducing set of exceptions. This however is just the beginning. It is not only the government that will have to adapt to the free information age, we all will have to adapt, not least to live with or filter out much of the noise to find the real signal, as Michael Arrington's article highlights. We will all have to learn to stop blaming the messenger and get started with the hard work of building a better social and economic system.

Looking at history, we can see that all major social, economic and technical shifts have created winners and losers; the dawn of the information age is no different. To survive, state bodies, companies, charities and other institutions must be able to exist and act within a world of free information. Organisations must regenerate themselves from the ground up so that none of their actions or existence requires keeping secrets from the public. This process of regeneration will mean some institutions from the previous age will not survive, while some new institutions will be required in their place.

Military and security services are not excluded. They need to smarten up and have strategies and actions that do not require secrets to work. In short, relying on secrets to keep you alive is a really bad strategy.

The imprisonment of Private Bradley Manning

In July 2007, US helicopter pilots in Iraq opened fire on a group of civilians who are standing in a housing estate, killing a Reuters photographer among others. You can watch the video online in lots of places, including on YouTube and at the website http://www.collateralmurder.com - be warned it is quite shocking, I would not watch just after dinner.

The civilians are carrying video cameras and mobile phones. Somehow the pilots interpret these as AK-47 rifles and rocket-propelled grenades. The video is tragic, especially how the pilots say the civilians on the ground are shooting at them when there is nothing like that happening. We then hear the pilots gloating as a wounded man crawls around as he bleeds to death.

Then a passing van containing locals including two young children stops at the scene to help the dead and dying, picking up the wounded man to take him to hospital, and the helicopter pilots are chomping at the bit in order to get authorisation to shoot these civilians too. The permission comes through and the helicopter fires, the van disappears under bullets, smoke and dust, all just yards away from a row of houses. Then a US armoured vehicle arrives, driving over a person in the way onto the scene, the pilots laughing as this happens.

Are the US authorities prosecuting the helicopter pilots? No this presumably happens every day, instead they are prosecuting the whistleblower. US Army Private First Class Bradley Manning is being held in a Kuwait jail, alleged to have released the video, if tried and found guilty, the punishment is reported to be 52 years in prison. To maintain the old bureaucracies, the virtuous tellers of truth are prosecuted and the laughing killers of children go free. This is horrible, but it is a key indicator of institutional decline, and the end of dominance by the military-industrial elite.

Private Bradley Manning, son of an English woman and an American solider who was based in Britain, is just 22. Whatever the US military does to the young soldier, it is too late, I have already seen the video as have thousands or millions of other people. Whatever our governments are trying to achieve is undermined by the lack of care over human rights and free speech. Nothing seems to have been learned since Vietnam, however this time it is all on YouTube, this time we cannot just trust the state. They are not ever going to learn, it is we that will have to learn for them, and we will have to pray for Bradley Manning, that he can be back with his family very soon.

Birthing pains of the Information age

The development of smelting iron allowed better tools for agriculture, cooking and construction but also allowed more lethal weapons such as the sword. The invention of the printing press led to the reformation and the end of religious authority over the state. The development of powered flight allowed global co-operation and allowed mass bombing in the Blitz.

No technological revolution is ever tidy. Adapting to the information age will be costly and will even lead to loss of life. Especially when organisations like the military refuse to adapt to the inevitable changes.

Wikileaks now has hundreds of thousands of documents that the US and UK military are trying to keep secret. It is a battle that the army cannot win, the pen is mightier than the sword, the web server is mightier than the battleship. If people die, it is not because of a website, it is because the military is living in an outdated paradigm fighting war in an outdated fashion.

Code is the only weapon that matters

The future will not be won by taking up guns or helicopters, the future will be won or lost through code. The technological 'Pandora's box' has been opened and the only thing left is hope. Hope that we can build a new society based on openness and freedom. Hope that our security does not depend on giving up our human rights but on defending them. Lets inspire the peoples of the world to join us in defending human rights, rather than bombing them into submission and then trying to suppress the video.

Paludis 0.50.3 Released

Paludis 0.50.3 has been released:

• :* dependencies no longer count as matching every slot when testing removal safety.
• When ‘cave resolve’ changes from having made a decision to being unable to make a decision, and where dependencies from the previously made decision have already been tracked, a horrible error is no longer produced.
• ‘cave display-resolution’ now shows download sizes, and no longer displays empty descriptions.
• ‘cave resolve’ now has a ‘–fetch’ option to skip non-fetch jobs.
• ‘cave show’ now has a ‘–no-versions’ option.

Interfacing CGit and Gitolite

As many of you know, the KDE Project is transitioning to using Git with Gitolite and CGit. As such, I thought I’d update my aging Gitweb/posix-permissions installation of git to use CGit and Gitolite, and now my public git repository is kicking away. (If you’d like commit access any place or would like to host your own repo on my server, drop me a line.)

Since Gitolite manages git repositories, it has the option of generating the necessary information for Git’s shipped gitweb. This includes making a static list of repository names that should be included in gitweb as well as optionally adding the gitweb.owner entry inside .git/config and the description file at .git/description. The static list of repository names is boring and standard and easy. The owner and description specifications are standards set by the Git project for this kind of information. Hence, Gitolite supports interfacing with them.

Meanwhile, CGit uses its own configuration format for determining the owner and description and repository path. For interfacing with Gitolite, in the past I have created a hook that writes out a CGit-formated configuration file, which is then included in the main cgitrc with the include directive. Essentially I had to do this:

gitcode@starfox ~ $ cat web/cgit/generaterepos.sh 
#!/bin/sh
 
cd $(dirname "$0")
rm -f repos.tmp
 
cat ~/projects.list | while read gitname; do
        name=${gitname%.*}
        fullpath=/home/gitcode/repositories/$gitname
        owner=$(git --git-dir=$fullpath config --get gitweb.owner)
        desc=$(cat $fullpath/description)
        (
                echo repo.url=$name
                echo repo.name=$name
                echo repo.path=$fullpath
                echo repo.desc=$desc
                echo repo.owner=$owner
                echo repo.enable-log-filecount=1
                echo repo.enable-log-linecount=1
        ) >> repos.tmp
done
 
mv repos.tmp repos
 
gitcode@starfox ~ $ tail -n 1 web/cgit/cgitrc 
include=/home/gitcode/web/cgit/repos
 
gitcode@starfox ~ $ cat repositories/gitolite-admin.git/hooks/post-update.secondary 
#!/bin/sh
exec /home/gitcode/web/cgit/generaterepos.sh

This worked decently, but it was cumbersome and ugly, and was likely not to scale as features in both Gitolite and CGit are added and changed. Luckily, CGit supports the scan-path option, which builds an internal list of repositories automatically by scanning a directory for git folders. One such solution for integrating with Gitolite would be to simply point scan-path at Gitolite’s repository directory. This works fine, but it has three main shortcomings, which I’ve addressed this in a generic non-Gitolite-specific way in three patches. Let’s walk through them one by one.

project-list

We don’t want all Gitolite repositories showing up on CGit, and Gitolite provides a generic mechanism for controlling this: it writes a list of all the repositories selected for Gitweb to a file called projects.list. It’s just a flat file with each repository’s name written on a new line:

CheeseWhiz.git
Geoemail.git
MyCoolThangs.git

So, what about augmenting CGit’s scan-path feature with another setting called “project-list” that points to this file? That’s what this patch does. If project-list is set before scan-path is set, then scan-path only scans the git folders at project-list/${a line in the project-list file}. Problem solved, and this is a pretty generic way of doing it too.

remove-suffix

Most people store git repositories on disk at MyGitRepository.git. Notice the .git ending. However, most people prefer to see it listed as just “MyGitRepository” and they especially would like to clone it at gituser@domain.com:MyGitRepository, without needing the .git ending. Usually, CGit’s scan-path infers the repository name directly from the folder name. This patch adds a setting called “remove-suffix” that, if set to 1 (default is 0) before scan-path is set, will remove the .git suffix from the repository name and url while still pointing to the correct physical path. This as well is fairly generic and not specific to Gitolite or Gitweb, but rather Git’s usual conventions.

enable-gitweb-owner

CGit’s scan-path infers the owner of the repository from the posix owner’s UID name. But there is an additional Git standard for overriding this for any interface: the “gitweb.owner” configuration key in .git/config, which Gitolite understands and respects, as well as Gitweb. This patch simply calls Git’s internal C functions for fetching this information from the current repository’s config, and prefers this as the owner to the posix owner’s UID name. If gitweb.owner is not set in the configuration, it falls back to the posix owner’s UID name. This is a standard Git behavior. This occurs only for scan-path — cgitrc specified owners are preferred over these former two, obviously. Again, this configuration standard has been determined by the Git project, and both Gitolite and Gitweb respect it. So, this patch adds support inside CGit for it.

it works

Now instead of the include and the ugly set of scripts and hooks, I can just place this at the bottom of my cgitrc:

enable-gitweb-owner=1
remove-suffix=1
project-list=/home/gitcode/projects.list
scan-path=/home/gitcode/repositories

and this integrates perfectly with Gitolite. All is harmonious in the Git universe.

On top of all this, I’ve cooked up a wicked good .htaccess file for CGit that allows me to have anonymous http pull at the same time as it rewrites the CGit urls to be pretty. Check it out:

Options FollowSymlinks ExecCGI
 
DirectoryIndex cgit.cgi
Allow from all
Order allow,deny
 
RewriteEngine on
 
SetEnv GIT_PROJECT_ROOT=/home/gitcode/repositories
 
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d 
RewriteRule "^(.*)/(.*)/(HEAD|info/refs|objects/(info/[^/]+|[0-9a-f]{2}/[0-9a-f]{38}|pack/pack-[0-9a-f]{40}\.(pack|idx))|git-(upload|receive)-pack)$" /git-http-backend.cgi/$1.git/$2 [NS,L,QSA]
 
RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule ^.* /cgit.cgi/$0 [L,PT,NS]

A strange combination of stopping internal redirects and partial rewritings and odd stop conditions has made it so that the request gets forwarded and reformatted to git-http-backend if and only if it is first valid with cgit.cgi. Is this crackable? Can anyone figure out a backdoor to grab a repository that isn’t in projects.list?

I’ve also written a super generic script for uploading new repositories to my gitolite/cgit installation. From a git working directory, I run ~/Projects/uploadNewGit.sh "This is a description of my new git repo.", and wham-shabam, all the permissions get set and everything is uploaded just fine. Here is uploadNewGit, the latest version of which you can always find in my GitTools repository:

#!/bin/sh
 
GITOLITE_ADMIN="$HOME/Projects/gitolite-admin"
 
gitdir=$(readlink -f "$(pwd)")
name=`basename "$gitdir" | cut -d / -f 2 | cut -d ' ' -f 1`
description="$1"
 
if [ ! -d "$gitdir/.git" ]; then
        echo Not a git repo.
        exit 1
fi
if [ -z "$description" ]; then
        echo You need to specify a description argument.
        exit 1
fi
 
pushd "$GITOLITE_ADMIN/conf" > /dev/null
echo "Writing config..."
(echo
echo "  repo    $name"
echo "          RW+CD   =   $(whoami)"
echo "          R       =   @all"
echo "          $name \"$(git config --get user.name)\" = \"$description\"") >> gitolite.conf
git commit -a -m "Adding $name to repository."
git push
popd > /dev/null
 
url=`git --git-dir=$GITOLITE_ADMIN/.git remote -v | grep push | cut -f 2 | cut -d ' ' -f 1 | sed "s/$(basename $GITOLITE_ADMIN)/$name/"`
git remote add origin $url
git push origin master
git push --all
git push --tags
git branch --set-upstream master origin/master

(As a side note, I’m not really sure the best way to quote commands inside of commands with variables that have spaces. something=$(command $(othercommand $argument)) has issues if argument has a space or if othercommand produces something with a space or if command produces something with a space (not totally certain about the latter two — I should check). But I can’t do this: something=”$(command “$(othercommand “$argument”)”)” because of obvious quoting problems. What’s the common solution to this? I’ve been using an awkward combination of the backtick operator `…` and the $(…) syntax but the backtick has some weird rules too. What’s the deal? Can somebody point me in a good place to read about this?)

Anyway, most of what I’ve written about in this post is new to me. Or at the very least, I’m a bit uneasy. So if you have any suggestions, by all means please tell me. I’m looking forward to seeing what the KDE sysadmins do in the end. Hopefully the CGit authors accept my patches.

Update: After some back and forth with Lars, the CGit maintainer, I’ve added a few more patches, including putting the gitweb.owner functionality behind configuration setting and also caching the scan, among various other improvements. You can check out all the commits I’ve made on this at the cgit for my cgit clone.

Update 2: I’ve gotten rid of my branch because my commits have been merged to cgit!

ALIX 2D13: First impressions

I desperately needed a new toy, and found the perfect match with the ALIX 2D13 board from Swiss manufacturer PCEngines. I’ve had good experiences with the WRAP-board more than four years ago, so I knew about the quality of their products. This post should serve as a quick introduction and point out some caveats if you want to setup and use an ALIX 2D13.

Specs
PCEngines has an overview over the ALIX-line as well as the specs of the ALIX 2D13, so this is just a short rundown:

• 500 MHz AMD Geode LX800 (x86)
• 256 MB DDR DRAM
• 3 Ethernet NICs (Via VT6105M 10/100)
• Furthermore: 2x USB ports, MiniPCI-slot, CF-slot, serial port

I chose the 2D13 model since I wanted 3 ethernet NICs and the added battery (for keeping system time after a reboot) seemed like a good idea. The ALIX boards can be bought in many variations, some even providing VGA/sound to be used as a thin client. I ordered my ALIX at the Varia-Store, where they offer a complete bundle of ALIX-2D13-board, enclosure, power supply and CF-card for a mere €145 including shipping in Germany. I ordered on Tuesday at noon and the package arrived Thursday afternoon.

Operating system / prerequisites
You probably want to run Linux on these babies, otherwise you can stop reading ahead. There are some things you really need before you get started:

• CF-card reader on your computer (for installing the OS to the CF-card)
• Serial connection (think USB-to-Serial converter, pl2303) to access the ALIX

I chose to install Debian on the ALIX, since I’m familiar with it and it has little overhead. I found these guides to be helpful, even if not completely up to date or correct: Guide 1, Guide 2. But careful! Don’t mount the ALIX board in its enclosure until you’re sure that your ALIX boots, since removing the CF-card requires taking the board out again ;).
The next thing I did was to build a custom kernel, since Debian only includes 2.6.26 and has everything you’ll never need compiled as modules. I built a next-to-minimal kernel on my workstation (this site helped a lot) and it seems to work just fine so far. The config is here. An important thing if you compile somewhere else is to make sure you useARCH=i386 make menuconfig
ARCH=i386 make -j3 when configuring and compiling your kernel for the ALIX.
People already using CF-cards or small embedded devices probably know to use noatime where possible and mount /tmp, /var/tmp, /var/run, /var/log, /var/lock as tmpfs to go easy on the CF-cards limited write cycles.

Performance / Applications
I bought the ALIX to play around with it but also to evaluate its possible use as a Samba-fileserver and CUPS printserver for my flat, and maybe even a small shellserver in case I’m away from home and my workstation isn’t running. With an energy-consumption of about 5-6W you can have it running 24/7, the fact that it doesn’t have any moving parts only adds to that. Booting takes a few seconds by the way, not that it matters.

The first measurements I did were with scp from the ALIX to my WS, which maxed out at 3.5MB/s because OpenSSH used up the CPU on the ALIX. Next I tried using Samba (to and from) and got a mere 6.5MB/s throughput reading from the ALIX and an attached USB-drive. This was with the stock kernel however, and using my own 2.6.34-kernel I was able to transmit more than 9MB/s using Samba. I had a stupid line in my smb.conf which might explain the 6.5MB/s I got before. Make sure to remove this line!:socket options = IPTOS_LOWDELAY TCP_NODELAY SO_RCVBUF=16384 SO_SNDBUF=16384I then did another test using fefes gatling web/ftp/samba-server on the ALIX and my USB-drive in HTTP-mode with wget and was able to completely saturate the 100MBit-link, which is why I suspect to be able to do the same thing with Samba as well.
For customers of Aachens Uni-DSL it should be interesting to know that I managed to max out my 8Mbit-DSL-line (about 700kB/s) using vpnc on the ALIX with enough idle CPU left. Using vpnc and doing a git pull on the ALIX resulted in only a slight slowdown since git was busy saving/packing objects it received. Performance using git daemon on the ALIX and pulling from there were acceptable as well.

All of these measurements are highly unscientific and side-effects or misconfigurations could have had negative effects, so one should read these rates as minimal assurances.

Conclusion
After the first full day of using the ALIX I’m impressed. The CPU is powerful enough for most tasks and with a little custom configuration some things can be sped up considerably. I don’t see any problems for the intended use as a file-server, by whichever way the files are served. The next step will be hooking up my printer.

If you intend to use encrypted filesystems on the ALIX you should do some research first. While the AMD Geode does have hardware support for AES, OpenSSL does not seem to use it and I’m not quite sure about any cryptofs. Another common thing the ALIX might be used for is wireless LAN. The MiniPCI-slot can take a variety of wireless NICs, but I don’t need yet another AP at the moment.

gaka 0.2.0

Per many commenters' suggestions and thanks to code from Steve Purcell, you can now use maps for CSS attributes in gaka.

user> (println (gaka/css [:a {:color :red}]))
a {
  color: red;}

This looks more like vanilla CSS thanks to the curlies, which is nice. You just have to keep in mind that your key/value pairs could end up being printed in random order, and order is significant¹ in CSS.

It just so happens that maps are implemented in Clojure right now such that if they only have a few entries (16 key/value pairs), the order will be preserved, because you get a PersistentArrayMap instead of a PersistentHashMap. But it's highly dangerous to rely on such a thing. It could change at any time in the future.

In any case, you can also mix and match maps, lists and "flat" keyvals. They'll all be flattened That can help preserve attribute order in those cases where you need to.

user> (println (gaka/css [:a :color "red" {:padding 0} (list :margin 0)]))
a {
  color: red;
  padding: 0;
  margin: 0;}

I've also enhanced "mixins" a bit further. You can now mixin entire tags as well as attributes. Or a combination of both. Say you want a mixin that means "Make my element have no padding, and make links within the element be red":

user> (println (gaka/css [:div.foo mixin :margin 0]
                         [:div.bar mixin]))
div.foo {
  padding: 0;
  margin: 0;}

  div.foo a {
    color: red;}

div.bar {
  padding: 0;}

  div.bar a {
    color: red;}

You can get gaka from github or Clojars.

Article about EUPL in Linux Magazine

Linux Magazine issue 118 has just been published and in it my article License That! The European Union can show off with its own free, open source license. [PDF].

It is a short article about EUPL. This is an OSI- and FSF-approved license which was written by and for the EU and is equally legally valid in all EU language versions. Not only does it tackle legal problems of FOSS very elegantly and in a short and understandable way^[1], but is the first ever free license to be written by an international government body.

Maybe one day we will be able to agree on a global (or at least WIPO-wide) public license, which would be valid the same in all languages and in all jurisdictions.

This is my 2^nd article for Linux Magazine and I can say that writing for them is quite a treat.

KRunner Dictionary Plugin: Finally

Four months ago I promised to make a dictionary KRunner plugin. I’ve finally started to write it.

It’s currently in kdereview and will hopefully be included with KDE SC 4.6.

It functions as simply as I wanted it to back in March: you hit alt+f2, type “define {your word}”, and presto, the results are there.

Unfortunately, it wasn’t as easy as it ought to have been. I utilize the same data source as the dictionary plasmoid, which is a Plasma::DataEngine, and as it turns out, DataEngine has a few issues with threading, which KRunner relies on. It’s also built around signal/slot async requests, while KRunner uses a blocking thread for computation. I ended up having to invoke a QMetaMethod to shuffle things to the right thread and use a QMutex for synchronization. What a hassle. Nevertheless, the dictionary plugin seems to work pretty well.

Anything I should add to it? Ability to choose alternative trigger words to “define”? Some kind of loading indicator? If you have the time, try out the code and let me know what you think.

Update: Some of you in the comments and on IRC have asked me the best way to try this out immediately. Here are the commands:

svn co svn://anonsvn.kde.org/home/kde/trunk/kdereview/plasma/runners/dictionary dictionary-krunner
cd dictionary-krunner
cmake . -DCMAKE_INSTALL_PREFIX=$(kde4-config --prefix)
make
sudo make install
kbuildsycoca4
kquitapp krunner
krunner

We need a thoughout integration of the desktop and the web - not Tab Candy superfast jellyfish

This video demonstrates a new tab organising feature called 'Tab Candy' that might make it into a future version of Firefox. Lord help us all if it does.

Embedded below is the promo video:

<object height="340" width="560"><param name="movie" value="http://www.youtube-nocookie.com/v/wXWHb6J1Kgg&amp;hl=en_GB&amp;fs=1?rel=0"><param name="allowFullScreen" value="true"><param name="allowscriptaccess" value="always"><embed allowfullscreen="true" allowscriptaccess="always" height="340" src="http://www.youtube-nocookie.com/v/wXWHb6J1Kgg&amp;hl=en_GB&amp;fs=1?rel=0" type="application/x-shockwave-flash" width="560"></embed></object>

Sorry, wrong video, below is the correct one, yank alert. (Aside question about the intro spiel: how can he use his browser more than his operating system since the former requires the latter?)

<object height="265" width="400"><param name="allowfullscreen" value="true"><param name="allowscriptaccess" value="always"><param name="movie" value="http://vimeo.com/moogaloop.swf?clip_id=13560319&amp;server=vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1"><embed allowfullscreen="true" allowscriptaccess="always" height="265" src="http://vimeo.com/moogaloop.swf?clip_id=13560319&amp;server=vimeo.com&amp;show_title=1&amp;show_byline=1&amp;show_portrait=0&amp;color=&amp;fullscreen=1" type="application/x-shockwave-flash" width="400"></embed></object>

Tab Candy allows you to drag web pages (i.e. tabs) and organise them into little piles. The piles can then be saved, named and so on.

Thinking in terms of a Linux distribution, I am not sure how helpful Tab Candy really is. This seems to be the wrong level of the stack.

Tab Candy is just recreating GUI folders, albeit with a nice zoom out and more automatic groups. Tab Candy not only replicating the desktop, but it is dealing with symptoms of a more basic problem, rather than solving the problem itself.

Browsers are crap at saving Web pages

When you view a web page in the browser, it is represented in the navigation by one tab, this is good. However, on the filesystem, a webpage is represented by its composite fragments - the HTML file, Javascript and CSS includes, images and so on, this is really stupid. This difference makes webpages a second class object on the desktop.

A better approach would be to encapsulate a saved webpage into a single file (internally it could be a zip or similar). Then saving and sharing webpages would be much cleaner and would allow operating system graphical interface designers to create a more beautiful desktop.

Ideally the cache would save webpages in the same form, so saving a page is just copying the file from the cache, rather than downloading it again. The cached version of the page can then be in piles implemented at the desktop level rather than at the browser level.

Piles should be in the desktop shell

The piles being a desktop feature would allow the user to put other things into the piles too: pictures, PDFs, songs and so on. At the desktop level, the feature would be implemented in native code rather than an in-browser cross-platform Javascript mess.

Call me old fashioned but I want my GUI to be fast, efficient with resources and to get out of my way. I don't want browser-based bling using up all my RAM. As I moaned about in the last post, Firefox uses quite enough memory as it is; implementing a desktop GUI in Firefox is hardly a recipe for reducing its memory footprint. It is a recipe for more bloat.

What do you think? Should the browser become the desktop? Or should Firefox be faster and slimmer without these desktop-style features?

Paludis 0.50.2 Relased

Paludis 0.50.2 has been released:

• ‘cave resolve –continue-on-failure’ interacted weirdly with background fetching. This is now fixed.
• Support for automatic repository configuration creation via installing a ‘repository/somerepo’ pseudo-package is now available on Gentoo.
• Queries in the form ‘*/*::foo->’ no longer force pointless generation of metadata for ebuilds.

To enable automatic configuration of repositories on Gentoo, you need to set up an unavailable format repository for Layman, and a repository format repository for installs.