Planet Fellowship (en)

DanielPocock.com: Wrong cloud: Victorian schools and NEC Ultranet

Thu, 20 Jun 2013 11:26:16 +0000

"The blood, sweat and tears that has gone into the Ultranet and the work teachers put in – it's soul destroying. I have to face parents who took me on face value when I said: 'This is the best thing since sliced bread – every school is going to be using it in the future."

Those are the words of a school principal at Alkira Secondary College in Victoria, Australia. His school is receiving a real-life lesson in the the risks of cloud computing.

Ultranet, the state-wide private cloud project for schools is at risk of being cancelled due to budget cuts. It is not clear whether the vendor, NEC, is obliged to release data back to the users if the original four year contract is not extended.

Commercial, confidential discussions

It appears that the possibility of ending the contract was not supposed to be public knowledge. If the finance department had kept their intentions secret then it is possible that users would not even have had the opportunity to try and manually extract some of their data, as they are rushing to do now.

Instead of getting on with the business of education itself, teachers and students are having to waste time trying to individually download student projects, photos, feedback and other meta data from the system in an ad-hoc manner.

An opportunity for free and open source software

This debacle may well be a huge opportunity for the free and open source software community to remind people that the value of retaining control over user data can not be forgotton when evaluating outsourced, private cloud solutions that claim to be "free" or offer low costs to get started.

There were apparently 18 schools who initially trialed the program and many more have gradually joined up. This would be the perfect opportunity for advocates of genuinely free software solutions to contact them and let them know they are not alone and that many of us have anticipated these problems for years. While central government administrators tend to be hooked on the idea of administering big contracts with `trusted' vendors, these local school administrators and the communities around them are probably more receptive to the free software message than at any other time.

List of schools using Ultranet

Many of the schools using Ultranet can be found with Google, as it appears to be integrated in their web sites. Click here for a Google search that finds many of the schools and related technical pages, support documents and other material

A message to schools everywhere

For schools facing this crisis or considering adopting such services in other countries, I would share this very simple advice: if you are offered a solution that doesn't give you complete control to conveniently extract all of your data in bulk whenever you want and use it in your own software on any computer, then it is not a good foundation to build on.

The free software community has been actively working to provide truly free solutions for schools and I would strongly encourage schools to look at projects like Skolelinux/Debian-Edu and k12Linux that have been built by educators who also have a deep understanding of software and data freedom issues.

DanielPocock.com: Australia's war on brains (and immigration)

Wed, 19 Jun 2013 11:48:01 +0000

Some weeks ago, our Prime Minister was slashdotted when she suspended her usual racist attacks on refugees to attack foreign IT workers and the companies that employ them with absurd accusations of "rorts" and "stealing" jobs.

Today, she's introduced new laws in the parliament aiming to further bastardization of intelligent, skilled and educated workers and anybody who associates with them, including Australian employers.

Unwarranted attention on a minority of IT workers

This is not just some random bill before the parliament. There are just two weeks left before the parliament concludes and an election campaign begins. It is clear that what we are seeing now is the Real Julia coming though, choosing to make the small minority of foreign workers in our country at the center of people's thoughts as they go to vote in September.

A debt of gratitude to foreign workers

These verses from our national anthem, Advance Australia Fair say a lot about how Australia became what it is today:

For those who've come across the seas

We've boundless plains to share;

With courage let us all combine

To Advance Australia Fair.

The last 200 years of Australia's history has been a story of immigration. It is not something to be afraid of: our forefathers celebrated it.

Foreign workers: why Australia needs you

Australia has had some appalling flops in IT and engineering:

The OECD has criticised the amount of public infrastructure that hasn't been upgraded since the 1960s as a major risk for Australia's future economic growth
London spent £100 million to build their Oyster card ticket system for public transport. Melbourne's attempts to replicate it were delivered 10 years late and with a budget of nearly $1.5 billion.
Major technology problems have repeatedly hit companies such as Vodafone trying to do business in Australia while keeping up with fast-moving technology.

There is no doubt in my mind that additional foreign workers would have made a positive contribution to all of these problems or can do so in the future.

The sun never sets on IT

Every day, I collaborate with dozens of IT specialists all over the world through the virtual workplace that is the Internet, particularly in the free and open source software community. Many of these people, I've never even met and in most cases I don't even know where they are, where they were born or what is the colour of their skin. Those details wouldn't make any difference to the way that we work in IT today.

How many IT managers have time to waste dealing with more real world bureaucracy when they've experienced online, global productivity? How many IT workers feel demotivated by having to explain trivial details about their personal life to a Government bureaucrat who doesn't understand their skills and just looks at their colour?

If you think about it, any immigration officer who really understands IT wouldn't be an immigration officer. They would be working in IT themselves. Immigration officers, who don't understand IT, are now going to be further empowered to bully companies away from employing some talented workers on the basis of race or nationality. Hiring managers will be intimidated into these prejudiced and biased decisions by delays, processing fees and invasive demands for sensitive documents about business planning and recruitment strategies.

Australia's immigration system already has a horrendous reputation. Any visa application seems to take more than a year: no small company can keep a job position vacant that long. Families can't plan their children's schooling. Other life events come and go. There are exhorbitant fees, 1000% higher than in other western countries. Fewer and fewer self-respecting skilled workers are willing to put their spouses and children through the degrading medical examinations.

Judging the impact of poor immigration policy

While the economic impact of this immigration mess on industry is hard to quantify with an exact figure, we can take some insight from the education system. As the visa system has been hijacked by racists over the last 10 years, there has been a dramatic fall in participation (and revenues) from foreign students. In one year, enrolments (and revenue) fell 30%. This is not just bad for the balance sheets of the universities, it also means that in a future where commerce is global, Australians are more and more isolated and inexperienced culturally.

IT workers and their employers have plenty of choices: Australia's close neighbor, Singapore, is one of them. Visas are granted in 2 weeks, no degrading medical exam required, low taxes and tropical sunshine all year round. Many companies that find it impractical to deal with Australia's bureaucracy end up moving their best Australian workers to places like Singapore to be part of a global team. This can't be good for the workforce that is left behind without jobs.

The training delusion

Government officials continue to rant and rave about companies failing to train Australian workers. The new laws supposedly force companies to "fix" this problem and train Australian workers.

This, too, is a delusion: employers are not to blame. Some of the best Australian workers are already long gone to places like Singapore, London and the US. With talented foreign workers denied the opportunity to come and fill the void, there is less opportunity for skills to be acquired by more junior workers in Australian workplaces.

It is also extremely difficult for more junior workers to get a foot in the door in the international job market and the primary reason for this is the Australian Government's failure to fund university programs beyond a bachelor's degree. Compare this to Europe and the US where all competent graduates are funded through to a Masters or PhD program.

The bottom line is that more junior workers are denied the opportunity to get the best training either at home or abroad and in both cases it's not the foreign workers that can be blamed: it's the Government's own fault.

Why do we need skilled foreign workers when Australians can win Nobel Prizes?

The Australian press recently went into a frenzy when an Australian won the Nobel Prize for physics.

There was a catch though: he's a migrant from the United States (just don't tell the Prime Minister).

Dr. Schmidt migrated to Australia 20 years ago when the immigration system was not the same as today. Today, future Nobel Prize winners are being shown a brick wall - maybe we even have one of them rotting away in our death camps or left in the sea for sharks to eat.

The BBC recently revealed that Britain's successor to Stephen Hawking may be a young girl who migrated from India - it is chilling to imagine where a child like this may be hidden away under Australia's immigration system.

Bureaucracy leads to fraud and exploitation

It's been clearly demonstrated that wherever you have elaborate, artificial systems of bureaucracy it leads to inefficiency, it suppresses innovation and in the worst cases it enables fraud and exploitation.

The typical examples usually involve police in some third-world African nation setting up road blocks and collecting fees from travellers who want to pass the queues. This type of opportunism has also been found in Australia's immigration system, with one Federal politician already directly implicated and jailed for his role in a visa racket.

Gillard's own bullet man

A Queensland pensioner made international headlines recently when he was caught sending bullets in the mail to the Prime Minister. His demands were clear: stop immigration.

While most world leaders refuse to let nutcases like this dictate their actions, Gillard appears to have been transcribing his racist letters directly into these newest immigration laws. It is a sad reality that Australian politics regularly seeks to appeal to the worst instincts in people like bullet man.

The ultimate political failure

When politicians stoop to the level of demonizing immigrants it is usually a clue that the politicians themselves are past their use-by dates and out of fresh policy ideas.

When former French president Sarkozy tried to play the racist card in his campaign for re-election, it bit him in the bum and he was swept from power by the socialists.

As always in politics, there is an element of hypocrisy at work: neither our Head of Government (the Prime Minister) nor our Head of State (the Queen) was born in Australia. Gillard was born in Wales and migrated to Australia as a child. If Australians don't vote for her in September, will she be given 28 days notice to pack her bags and go back `home'?

From the frying pan and into the fire

The scariest thing is that if Australians see through this racist charade and refuse to vote for it, we could end up with something equally obnoxious: the other major political party is now gaining worldwide attention for their campaign linking gay marriage and homosexuals to bestiality.

Which prejudice is the lesser evil: racism or homophobia?

Don't Panic: About ownership, remote control and privacy

Tue, 18 Jun 2013 10:00:05 +0000

Recently, I made a blogpost about the ownership of your own device and how control of technology is directly linked with the freedom of society – as well as with the freedom of each individual. The argument made in that post was, that remote control of technology in the hands of manufacturers put users out of their own control and makes censorship, supervision and control of society more and more easy and – therefore – likely to happen.

Just some weeks later, Edward Snowden leaked documents that show how the NSA was granted access to users data from US internet giants like Facebook, Apple, Microsoft and many more. These documents show that remote storage of private data puts users out of control of their privacy. As we will see, the worst still is to come: remote private data storage by a machine that is under remote control.

I assume that the vast majority already read a lot or at least the most important information about a surveillance program by the National Security Agency (NSA) which is called #prism. All of you who know the background can easily skip to the next paragraph as – for reasons of completeness – this paragraph just continues with a brief summary of Snowden’s leak about the Prism program:

In recent years, so-called ‘cloud-services’ count more and more users. These are services that offer you to store your data, emails, calender, social communication and more or less everything that users would like to have an online access to it. These services tend to be structured in a hierarchic and closed way. As Tim Berners-Lee points out, especially their communication channels tend to break the internet into fragmented islands. Most of them are available for no cost. Instead, users pay by signing highly questionable terms of service that allow the service providers to collect, reuse and sell as much data of each user as possible. Now we have knowledge that this is not just done for business operations but that the NSA was also granted access to users information. Because Edward Snowden leaked detailed information about the supervision by the NSA and, according to Bloomberg, thousands of firms are cooperating with the NSA.

As this wouldn’t be worse enough – to supervise all citizens by having access to private life and private data -, it still becomes worse: The combination of centrally stored private information of every citizen with remote control of their very own Hardware. Xbox One is a new video game console from Microsoft and it works best as an example to shed some light on the ongoing loss of privacy and transparency of citizens towards the state.

First, Xbox One will have an integrated webcam and microphone. Of course, this is not evil per se – integration of a microphone, camera and other periphals can be used to enable new modes of gaming, for example. But, when I have a machine in my living room that includes a microphone and a camera, I must have control of this machine! This is not just missing in the Xbox – the Xbox and its integrated Kinect is the opposite of having control: the machine will be connected to the internet all the time, transmitting data to servers from Microsoft [1]. Officially, this is done for offering personalized adds, voice control and monitoring of media usage, about what Microsoft also filed a patent [2]. In addition, the camera also includes the technology to see WHO (face recognition) is sitting in front of the camera and how he feels. So, to sum up, Microsoft sells a machine that has the ability to hear and see everything in front of it, can identify persons and their feelings, record everything and then stores all data on Microsoft servers.
As this fact alone is already bad for your privacy, now combine these functions with the ability for the NSA to have access to it. Feels like the NSA is directly sitting in your living room and records everything you are doing, who you meet, when you are at home, how you feel and so on. This is very close to the Orwellian Television in his novel 1984. Shouldn’t such a technology be forebidden? Shouldn’t we stop economy and state from spying at us?

You might say no, there is no need for a law because there is no need to buy this machine, so customers can decide for themselves if they like to buy it or not. Hence, if you do not feel comfortable with it – just let it be. But, that’s too easy and the assumption of ‘no need to buy it’ comes to short in practice. I tell you why: First, some people need protection because they don’t care about privacy or just don’t know about the implemented spy technologies in Xbox.
These people should be protected by us, who care about these aspects of privacy. They should be protected before giving up all their citizen rights that former generations fought for us to have it – and by protecting them we protect the general idea for us, too. Just imagine, once the mainstream does not care about issues of privacy anymore and privacy disrespecting machines will become beststellers – privacy for everyone will be gone.
Why? Because of the spread-effect: Imagine, that you might be concerned about your privacy but your neighbor is not, or your friend is not. Your neighbor, for example, buys a surveillance machine like the Xbox – then you cannot feel safe anymore to enter his flat, if you do not like your privacy to be exposed to the NSA. Or every time you will walk into a house for the first time you first have to check if there is a supervision-machine inside or not. To protect us from such behavior, we have to make sure that such sort of supervision is generally forbidden.
Finally, please take a look at the big picture: In this very moment, we are talking about one product of one company that is mainly used for video gaming. This is very specific and the product might be something you do not have to buy. But if we let them sell this video machine without resistance, then next will be maybe a windows phone that comes with these integrated features and permanent upload to Microsoft servers (including the spread-effect). Other smartphones might do the same to keep competitive. In short, phones that we carry around all the time might be able to record everything we are doing, what we say, what we see, how we feel, who our friends are and upload this information to hidden servers. And they will not just spy on their owners. Because of the spread-effect they will be able to spy on everybody surrounding them. Now, if we come back to the initial counter-argument, you can say there is no need to buy an Xbox, but it is very hard to say that there is no need to buy a phone.

That is why we have to call now on consumer protection to take action. There should be the general right of an owner of a device, to use the device for whatever he likes what includes the full control of his very own IT. This also includes the freedom of not being supervised, to be able to turn off his IT, to stop remote control and to give back control over personal data and IT to the only one who should be really in possesion of it: the user.
Again: It is not about to forebid to integrate a microphone or a camera into any device. It is about to forebid that these machines cannot be turned off and that users cannot decide on their own what they would like to transfer to non-personal servers and what not! That’s why it is time for us to call on the state or – better – the European Union to protect us from such a behavior and to keep our private life and the right to own our property.

And, as long as we do not have sufficient consumer protection given by the state, I have an idea how to protect ourselves and to stop this behavior: In Germany, there is a law that if you video-monitor a public place, than this has to be publicly announced. Now, if we think about the spread-effect that was mentioned above, you can transform this idea to the Xbox. Because if you have an Xbox at home and you invite friends, you should warn them that they are monitored. Hence, every customer who buys a Xbox One, should be given a sticker along with the hardware, that he has to stick on his front-door. The sticker than should say something like: “This flat is under 24h surveillance by Microsoft and the NSA”

Getting people to have to stick their doors with such a sticker, I assume this will very soon decrease Xbox’ selling numbers – and by this – hopefully stop such practices.

[1] as a sidenote: Microsoft was the first major company that was cooperating with Prism
[2] needless to say that software patents are a harm for society. For more information see here: https://fsfe.org/campaigns/swpat/swpat.en.html

DanielPocock.com: RSA Key Sizes: 2048 or 4096 bits?

Tue, 18 Jun 2013 09:01:20 +0000

Many people are taking a fresh look at IT security strategies in the wake of the NSA revelations. One of the issues that comes up is the need for stronger encryption, using public key cryptography instead of just passwords. This is sometimes referred to as certificate authentication, but certificates are just one of many ways to use public key technology.

One of the core decisions in this field is the key size. Most people have heard that 1024 bit RSA keys have been cracked and are not used any more for web sites or PGP. The next most fashionable number after 1024 appears to be 2048, but a lot of people have also been skipping that and moving to 4096 bit keys. This has lead to some confusion as people try to make decisions about which smartcards to use, which type of CA certificate to use, etc. The discussion here is exclusively about RSA key pairs, although the concepts are similar for other algorithms (although key lengths are not equivalent)

The case for using 2048 bits instead of 4096 bits

Some hardware (many smart cards, some card readers, and some other devices such as Polycom phones) don't support anything bigger than 2048 bits.
Uses less CPU than a longer key during encryption and authentication
Using less CPU means using less battery power (important for mobile devices)
Uses less storage space: while not an issue on disk, this can be an issue in small devices like smart cards that measure their RAM in kilobytes rather than gigabytes

So there are some clear benefits of using 2048 bit keys and not just jumping on the 4096 bit key bandwagon

The case for using 4096 bits

For some types of attack, security is not just double, it is exponential. 4096 is significantly more secure in this scenario. If an attack is found that allows a 2048 bit key to be hacked in 100 hours, that does not imply that a 4096 bit key can be hacked in 200 hours. The hack that breaks a 2048 bit key in 100 hours may still need many years to crack a single 4096 bit key
Some types of key (e.g. an OpenPGP primary key which is signed by many other people) are desirable to keep for an extended period of time, perhaps 10 years or more. In this context, the hassle of replacing all those signatures may be quite high and it is more desirable to have a long-term future-proof key length.

The myth of certificate expiration

Many types of public key cryptography, such as X.509, offer an expiry feature. This is not just a scheme to force you to go back to the certificate authority and pay more money every 12 months. It provides a kind of weak safety net in the case where somebody is secretly using an unauthorised copy of the key or a certificate that the CA issued to an imposter.

However, the expiry doesn't eliminate future algorithmic compromises. If, in the future, an attacker succeeds in finding a shortcut to break 2048 bit keys, then they would presumably crack the root certificate as easily as they crack the server certificates and then, using their shiny new root key, they would be in a position to issue new server certificates with extended expiry dates.

Therefore, the expiry feature alone doesn't protect against abuse of the key in the distant future. It does provide some value though: forcing people to renew certificates periodically allows the industry to bring in new minimum key length standards from time to time.

In practical terms, content signed with a 2048 bit key today will not be valid indefinitely. Imagine in the year 2040 you want to try out a copy of some code you released with a digital signature in 2013. In 2040, that signature may not be trustworthy: most software in that era would probably see the key and tell you there is no way you can trust it. The NIST speculates that 2048 bit keys will be valid up to about the year 2030, so that implies that any code you sign with a 2048 bit key today will have to be resigned with a longer key in the year 2029. You would do that re-signing in the 2048 bit twilight period while you still trust the old signature. Fortunately, there are likely to be few projects where such old code will be in demand.

4096 in practice

One of the reasons I decided to write this blog is the fact that some organisations have made the 4096 bit keys very prominent (although nobody has made them mandatory as far as I am aware).

Debian's guide to key creation currently recommends 4096 bit keys (although it doesn't explicitly mandate their use)

Fedora's archive keys are all 4096 bit keys.

The CACert.org project has developed a 4096 bit root

These developments may leave people feeling a little bit naked if they have to use a shorter 2048 bit key for any of the reasons suggested above (e.g. for wider choice of smart cards and compatibility with readers). It has also resulted in some people spending time looking for 4096 bit smart cards and compatible readers when they may be better off just using 2048 bits and investing their time in other security improvements.

In fact, the "risk" of using only 2048 rather than 4096 bits in the smartcard may well be far outweighed by the benefits of hardware security (especially if a smartcard reader with pin-pad is used)

My own conclusion is that 2048 is not a dead duck and using this key length remains a valid decision and is very likely to remain so for the next 5 years at least. The US NIST makes a similar recommendation and suggests it will be safe until 2030, although it is the minimum key length they have recommended.

My feeling is that the Debian preference for 4096 bit PGP keys is not based solely on security, rather, it is also influenced by the fact that Debian is a project run by volunteers. Given this background, there is a perception that if everybody migrates from 1024 to 2048, then there would be another big migration effort to move all users from 2048 to 4096 and that those two migrations could be combined into a single effort going directly from 1024 to 4096, reducing the future workload of the volunteers who maintain the keyrings. This is a completely rational decision for administrative reasons, but it is not a decision that questions the security of using 2048 bit keys today. Therefore, people should not see Debian's preference to use 4096 bit keys as a hint that 2048 bit keys are fundamentally flawed.

Unlike the Debian keys (which are user keys), the CACert.org roots and Fedora archive signing keys are centrally managed keys with a long lifetime and none of the benefits of using 2048 bit keys is a compelling factor in those use cases.

Practical issues to consider when choosing key-length

Therefore, the choice of using 2048 or 4096 is not pre-determined, and it can be balanced with a range of other decisions:

Key lifetime: is it a long life key, such as an X.509 root for an in-house CA or an OpenPGP primary key? Or is it just for a HTTPS web server or some other TLS server that can be replaced every two years?
Is it for a dedicated application (e.g. a closed user group all using the same software supporting 4096 bit) or is it for a widespread user base where some users need to use 2048 bit due to old software/hardware?
Is it necessary to use the key(s) in a wide variety of smartcard readers?
Is it a mobile application (where battery must be conserved) or a server that is likely to experience heavy load?

emergency exit: A Good way to publish Photos copyleft

Mon, 17 Jun 2013 21:29:36 +0000

I am looking for a good way to publish images as copyleft. The current state of the art in licensing non-software seems to be creative commons, but its copyleft is so weak, that I don’t see how it protects the end users’ freedom. To be more precise, here is how I perceive the legal effects (please correct me if I am wrong):

· I publish a digital picture in high resolution, with intermediate files under CC-by-sa
· Magazine XY takes the picture, touches it up and prints it as part of some article in a small size
· user Z sees the picture in the article and doesn’t even know the associated rights, unless she looks in the table of figures; and even if she does she can only demand the ready-to-print down-scaled version of the photo, possibly with text covering it, in a non editable format

→ what’s the point? Where is the freedom? What do I gain as an author, if I let commercial magazines use my photos, that in turn, don’t share with my fellow citizens?

Why do we not treat pictures like software? Obviously there is a preferred way of making changes, which might be a format with layer and effects information, or even a non-destrucitve instruction set, like with darktable. This is != to the preferred form of distribution, which is some form of bitmap, so it makes sense to speak of source and non source in my opinion.

I want to release my photos in a way that forces people to make the source of my photos as well as the source of their changes available to all third parties. So I thought about just stuffing the original image, with intermediate formats and/or instructions in a tarball, add a GPLv3 file and a note, on how I define that the GPL applies. Does that make sense? Or have you come over other, easier ways to achieve a similar effect?

DanielPocock.com: Monitoring with Ganglia: an O'Reilly community book project

Sun, 16 Jun 2013 21:31:36 +0000

I recently had the opportunity to contribute to an O'Reilly community book project, developing the book Monitoring with Ganglia in collaboration with other members of the Ganglia team

The project itself, as a community book, pays no royalties back to the contributors, as we have chosen to donate all proceeds to charity. People who contributed to the book include
Robert Alexander, Jeff Buchbinder, Frederiko Costa, Alex Dean, Dave Josephsen, Bernard Li, Matt Massie, Brad Nicholes, Peter Phaal and Vladimir Vuksan and we also had generous assistance from various members of the open source community who assisted in the review process.

Ganglia itself started at University of California, Berkeley as an initiative of Matt Massie, for monitoring HPC cloud infrastructure

My own contact with Ganglia only began in 2008 when I was offered the opportunity to work full-time on the enterprise-wide monitoring systems for a large investment bank. Ganglia had been chosen for this huge project due to it's small footprint, support for many platforms and it's ability to work on a heterogeneous network as well as providing dedicated features for the bank's HPC grid.

This brings me to one important point about Ganglia: it's not just about HPC any more. While it is extremely useful for clusters, grids and clouds, it is also quite suitable for a mixed network of web servers, mail servers, databases and all the other applications you may find in a small business, education or ISP environment.

Instantly up and running with packages

One of the most compelling features, even for small sites with less than 10 nodes, is the ease of installation: install the packages on Debian, Ubuntu, Fedora, OpenCSW and some other platforms, and it just works. Ganglia nodes will find each other over multicast, instantly, no manual configuration changes necessary. On one of the nodes, the web interface must be installed for viewing the statistics. Dare I say it: it is so easy, you hardly even need the book for a small installation.

Where the book is really compelling is if you have hundreds or thousands of nodes, if you want custom charts or custom metrics or anything else beyond just installing the package. If monitoring is more than 10% of your job, the book is probably a must-have.

Excellent open source architecture

Ganglia's simplicity is largely thanks to the way it leverages other open source projects such as Tobi Oetiker's RRDtool and PHP

Anybody familiar with these tools will find Ganglia is particularly easy to work with and customise.

Custom metrics: IO service times

One of my own contributions to the project has been the creation of ganglia-modules-linux, some plugins for Linux-specific metrics and ganglia-modules-solaris providing some similar metrics for Solaris.

These projects on github provide an excellent base for people to fork and implement their own custom metrics in C or C++

The book provides a more detailed account of how to work with the various APIs for Python, C/C++, gmetric (command line/shell scripts) and Java.

The new web interface

For people who had tried earlier versions of Ganglia (and for those people who installed versions < 3.3.0 and still haven't updated), the new web interface is a major improvement and well worth the effort to install.

It is available on the most recent packages (for example, it is in Debian 7 (wheezy) but not in Debian 6.)

It was originally promoted as a standalone project (code-named gweb2) but was adopted as the official Ganglia web interface around the release of Ganglia 3.3.0. This web page provides a useful overview of what has changed and here is the original release announcement.

DanielPocock.com: Girls Around Me and the NSA

Sat, 15 Jun 2013 18:58:58 +0000

When the Girls Around Me app was released in 2012, it received massive criticism on the basis that it could enable stalking and undermine privacy.

Nonetheless, the existence of this app may well be an even bigger problem for the NSA right now than it is for single women. US Government officials in damage control mode over the NSA surveillance leaks have sought to deny that it is even possible to monitor people in the way that The Guardian reported the matter. Leaders of Internet giants such as Google and Facebook have also tried to deny and downplay the possibilities of PRISM.

In my view, a company like Google is no more likely to admit hiving off customer data than a bank is likely to admit a liquidity crisis, for fear of starting a self-fulfulling bank run. User trust is as existential with data as it is with bank deposits.

So my question is, if the NSA with an $8 billion annual budget can't track people in real-time, how come a small team of app developers could do much the same thing so easily in Girls Around Me?

One possibility is that some companies may be accurate in what they have reported: they are not letting data out the back door. The scary thing is, they are letting it out the front door and it is just as possible for third-party commercial operators and foreign powers to harvest a lot of this data in the same way as Girls Around Me

In one of the most remarkable cases, the chief of British MI6 (the team that James Bond plays for) may have been compromised by his wife's Facebook posts - if Facebook really is an outsourced NSA operation, then that is a remarkable case of friendly fire

Both the scandals around Girls Around Me and the NSA spying leaks only serve to confirm one thing: that people need to think twice every time they fill in some form or submit some data that could be used to identify or track them.

DanielPocock.com: Skype Scandal and the Jedi Council

Thu, 13 Jun 2013 22:10:32 +0000

Normally Skype isn't mentioned by name on this blog, but today I'm making an exception.

When a new scandal broke out in the Australian Army today, one of the first questions asked was how does it compare to the Skype Scandal which had everybody talking (and blushing) in 2011. A concise military reply direct from the General:

"I'd say it's worse than the Skype matter"

(the original Skype Scandal cadets are going on trial in six weeks)

Jedi Council brings cultural change in the Army: from Skype to email

Since the original scandal, there have been plenty of PR-orchestrated headlines about cultural change in the Army. Sadly, it seems that several ranking officers believed that was a cue to simply start using email instead of live feeds

Operating under the operational code name Jedi Council, they've apparently been swapping annotated images of female colleagues and members of the public service.

A more detailed account summarises it:

"They were calling themselves the Jedi Council but they were doing the exact opposite of what Jedis are supposed to do"

While the Skype scandal involved cadets behaving much like college kids elsewhere, this latest scandal involves the officer corp, the most senior officer implicated is allegedly a Lieutenant Colonel. Senior ranking officers like this have given many years of dedicated service to the country. They are widely respected and the vast majority of officers in these positions are unlikely to ever be implicated in such a scandal.

Officers are in leadership roles, it should be no surprise if they have top secret security clearances.

After the revelation that Australia has a direct and high-volume data sharing arrangement with the US Government (and in turn Facebook, Google, etc), there are all kinds of questions about whether a couple of rogue officers have access to pursue their private Jedi Council project using tools like PRISM and Boundless Informant. It's already been confirmed that they were keeping their own Jedi database of their victim's names, phone numbers, home addresses and various clothing measurements and if they are already emailing these photos about on Defence computers, does it seem improbable that they would be using PRISM or other sources to cross-reference their data?

Behavior described as systematic and predatory

It can't be ruled out that some defence computer systems may have direct access to NSA copies of images from those invasive airport body scanners - like these pictures that were not supposed to exist. Just like the British undercover cops stealing the identities of dead children and fully engaging with impressionable young women from environment campaign groups, there are a long list of possible abuses when the security state is over-empowered.

While this latest Army example involves private pursuits, it is not hard to imagine many other permutations: perhaps a couple of rogue Government employees making unauthorised use of PRISM data for a commercial objective and gaining the upper hand on private sector competitors who have no such data feed.

100% trust?

In every organisation there will always be a few people bending the rules. It's human nature, if it wasn't that way, we'd all be robots (or drones). The Army and the Catholic Church tend to be hammered a lot more in the public eye when these transgressions are discovered although statistically their crime rates are no higher than average. The bottom line is that no organisation is perfect and people have to take some responisbility to object to the excessive growth of the security state and keep our data to ourselves as you just never know who you can trust.

Paul Boddie's Free Software-related blog: Evaluating Free Software Groupware: Kolab

Thu, 13 Jun 2013 14:48:36 +0000

I have recently had the inclination to evaluate Free Software groupware solutions in more detail, and perhaps the first that came to mind was Kolab: a long-running project that provides a range of groupware functions including e-mail, calendaring, address books, task management, and various other functions for a fairly wide range of organisation sizes. Of course, there are plenty of Free Software groupware projects offering complete and integrated solutions as well as individual components for use with existing infrastructure; the Debian Wiki page on groupware provides a fair (but probably incomplete) overview of the more interesting projects.

Installing and Configuring Kolab

Intrigued by accounts that Kolab is fairly easy to install on Debian Wheezy – the latest stable release of the Debian GNU/Linux software distribution – I set out to investigate, making use of my own tools to set up a User Mode Linux environment in which I could install the software. Initially, I tried to re-use an existing virtual environment, but a quick attempt to configure the software using the setup-kolab program was not successful, and a brief excursion via the #kolab IRC channel (on freenode), indicated that I might be better off starting with a completely fresh installation of Wheezy. Although I imagine it is possible to deal with the problems I encountered – setup-kolab did not like the presence of an existing LDAP server – the easiest way to troubleshoot is to start with a known configuration and see if things can be made to work from there.

Installation of Kolab 3.0 on Debian is fairly straightforward, as described both in the manual and more concisely in the blog article mentioned above (and also in older reports). The Kolab packages in Debian are set up to prefer the postfix packages to the apparent default of the exim4 packages and thus want to replace the latter. This might be a problem in some environments, and it may be possible to retain Exim for use with Kolab, but I haven’t investigated this. A somewhat undesirable feature of the currently available packages is that they are unsigned: Debian makes extensive use of package signatures to prevent tampering, and although it can be an annoyance to sign and publish packages and to publish the necessary keys for verification, hopefully Kolab will make its way into Debian as a collection of official packages once again.

Some Current Pitfalls

With a fresh system, setup-kolab seems fairly happy, and with the initial configuration performed it is possible to log into the administration interface, although it seems to be necessary to explicitly start the Apache server first. One strange problem with the Debian packages seems to be in the absence of a library file in the correct location, and this manifests itself in the administration interface as the absence of any way to add users. I fixed this for my system as follows:

ln -s /usr/lib/i386-linux-gnu/nss/libsoftokn3.so /usr/lib/libsoftokn3.so

(Unlike the message linked above describing this fix, I still use a machine with the i386 architecture, not the x86_64 architecture, and the underlying problem seems to be related to the way that libraries are now stored to permit support multiple architectures on the same computer.)

I also noticed that some Kolab component, at least after some administrative tasks have been performed, tries to communicate with the IMAP server unsuccessfully but persistently. To reset their relationship, the following seemed to be required:

service cyrus-imapd restart

Some other complaints emerged on the console about mailbox creation, perhaps due to some resources I created, but it is possible to verify the state of the mailboxes as follows:

kolab list-mailboxes

I noticed that no matter which resource type I specified, the type of created resources would always be “Beamer”.

But it's a Porsche!

This probably doesn’t matter so much for actual resource booking, but I imagine that there’s a problem here needing to be fixed. It is possible that the Debian packages suffer from the above problems but that these problems have since been fixed in the project’s repository and in subsequent non-Debian package or distribution releases; I haven’t verified this, however.

Fun With Administration

Administration is never really much fun, but the administrative interface seems to provide a reasonable way of adding users and resources, populating the different information stores with user and mailbox details.

The main page of the administrative interface

With the packaging issues mentioned above all sorted out, users can be added in the users section:

Adding a user in the administrative interface

And resources can be added in the resources section:

Adding a resource in the administrative interface

Given that Kolab is based on conventional services like LDAP directories, IMAP mailboxes, and so on, if you needed to integrate with existing infrastructure and accommodate existing user populations, you probably wouldn’t spend much time in the administrative interface, but it is nice to see that an interface exists for quick edits to the system.

What About the Users?

With some users set up, one might be interested in seeing things from their perspective. Out of the box, the Debian packages provide a Roundcube webmail interface:

The Kolab Roundcube login page

On the inside, the interface is much like the Roundcube many people have come to know. For instance, the mail interface is more or less what you would expect. Here, the folders on the left are IMAP folders that are also available to IMAP clients, but to start with there obviously aren’t any mails to look at:

The Kolab Roundcube mail interface

Amongst the usual view buttons at the top of the window, featuring the mail, address book and settings, we find additional buttons for the calendar and tasks. First, the address book:

The address book in Roundcube

Here, it seems to pick up other users added via the administrative interface. Meanwhile, the calendar interface is probably slightly more interesting to look at because it’s something that you don’t usually get in Roundcube:

The calendar in the Kolab version of Roundcube

The calendar widgets seem to be rather familiar and those who do more JavaScript programming than I do will probably be able to identify the project that pioneered them. Nevertheless, they seem to behave mostly as I would expect from having used them elsewhere on other sites and services. One strange thing is the date numbering above the days in the week view (“Mon 6-10” meaning “Monday 10th June”, for example) which I imagine could be customised somewhere, although I didn’t see a setting to do exactly that.

Fun With Events

Given the existence of the calendar in Roundcube, and given that calendaring interests me already, I decided to make an attempt at creating a new event, inviting a participant, and requesting a resource. Dragging an area in the calendar caused the event dialogue to appear:

Adding a new event in Roundcube

The location field appears to be non-autocompleted free text, but it would be nice to have a menu of recognised locations or resources, and perhaps there is some kind of setting or extension to provide that. With the main details filled out, on I went to the participants tab:

Finding participants for an event in Roundcube

Just like the mail interface in Roundcube, the calendar also supports address lookups and offers autocompletion of names. However, I found that autocompletion didn’t take place for resources, so I ended up having to invite resources by using their full e-mail addresses (which were defined previously in the administrative interface). For example, for the “Forest” resource, I had to specify resource--forest@example.com as a participant. Maybe this is also something that should be done another way, but I didn’t manage to figure it out.

Finding the availability of participants seems possible. Kolab does support the retention of free/busy information, so for those people making this information available to Kolab, their status should be visible in the user interface:

Participant availability in the event dialogue

In principle, it should be possible for people to exchange free/busy information via e-mail and for the recipient to record this information and use it to schedule events, but I haven’t looked into whether Kolab or Roundcube support this at their respective levels. I found that in the availability view, it is possible to change the role of each participant by clicking on the icon next to their name, and this made it possible to give a resource the appropriate role. Again, if there were a better way of choosing a resource that I missed, maybe this wouldn’t be necessary.

With an event created and participants invited, Kolab manages to notify those participants, and to make things interesting I decided to configure Kontact in a KDE 4 environment (running in Debian Squeeze) to connect on behalf of the invited participant. Here is what that participant sees when they check their mail:

Kontact showing an event notification message

Although it is rather small in the above screenshot, Kontact shows a collection of links that allow the recipient to act on an incoming event notification. Here is a close-up:

The event invitation actions in a message

For Kontact to be able to do this, it appears that the kdepim-groupware package is required, and indeed this functionality supports the iTIP technology mentioned above (here, in an invitation context instead of the free/busy context discussed above). It is important to understand that the open standards underpinning this workflow do not require that everyone have a login to a common server and manipulate information on that server directly: a critical feature of the iCalendar-related standards is that people are able to schedule events collaboratively without all being part of the same monolithic organisation and/or infrastructure. It is also interesting to see that where a recipient’s e-mail program cannot handle the workflow defined by iTIP, the message includes a link to the Roundcube webmail that can be used to signal a participant’s attendance or absence.

When a participant responds using one of the links provided in the message, the organiser gets a notification. Here, the Roundcube user gets to see a mail message telling them that the participant accepted the invitation:

A received acceptance of an event invitation

Upon pressing the update button provided, the status of the event is updated in the calendar:

The updated event in the calendar

Here, the organiser is shown with a crown next to his name, the participant (using Kontact) has accepted the invitation to the event, and the resource has apparently been secured.

In Conclusion

There are obviously plenty of other experiments that could be performed here, as well as other features that could be explored. For instance, some more evaluation of the free/busy information, how local and remote users interact with it, and how well those with non-iTIP mail clients fare with over-the-Web notification of attendance or absence might be in order. Publishing calendars for over-the-Web consumption is also apparently supported, and it might be interesting to see how well Kolab supports the general “invite people you hardly know” event-planning paradigm that the likes of Doodle have been attempting to popularise.

It seems that Kolab at the very least supports basic calendar functionality in association with standards-compatible clients, and perhaps a brief investigation with Thunderbird (plus Lightning) and even more elementary mail and calendar clients might be informative. Since Kolab is Free Software, of course, the chances of resolving any shortcomings are increased for those willing and able to peruse and modify the code, and maybe I will take a closer look at that, too.

As noted above, calendaring and scheduling systems are already an interest of mine. The only problem now is that there’s just so much to look at and yet so little time to do so!

DanielPocock.com: When conspiracy theories come true

Wed, 12 Jun 2013 21:43:55 +0000

In a blog attempting to join the dots between Australia's intelligence services and the US PRISM program, I speculated that Australia has had extensive access to data harvested by PRISM.

My hunch has just been exposed rather dramatically today: Top secret data center under construction to house all our secrets.

"There has been no discussion of the project in Senate estimates committee hearings, and the public reports of Parliament's joint committee on intelligence and security make no reference to it."

The news story also suggests that the relationship is bi-directional, with data harvested from Australian ISPs cross referenced against US databases from Facebook and Google.

From a human rights perspective, the implications of this data sharing are much more dramatic than the NSA just snooping on US citizens within the US. While Australia often tries to portray the image that it is a safe and happy country, it has a dark side. Police are kept busy investigating politicians and Government officials: Prime Minister and her associates connected to a union slush fund, the central bank's banknote printing agency's chief executive and 8 colleagues on conspiracy charges and even a senator on good old fashioned shoplifting and assault charges

Exporting PRISM data to a human rights backwater

As an Australian, my own rights and those of my family are more heavily protected and respected living in Europe than if I lived in my country of birth. Australia does not have a bill of rights like the US (where PRISM data is harvested) or the European Convention of Human Rights. Once US data is exported to Australia, it can be used to support sinister programs like the indefinite detention of coloured people in sinister desert camps. Just this week, the Government left over 50 bodies of poor refugees for the sharks to eat. For someone with such a lack of a conscience, can you imagine them thinking twice about using PRISM data for unscrupulous purposes?

Is US PRISM data at greater risk?

Despite the stench of corruption and lip service to human rights, is there any hard evidence that PRISM data will be at greater risk if allowed into the hands of Australians?

Death by SMS

One former Australian official (having dual-citizenship with Sri Lanka) is accused of facilitating war crimes in the Sri Lankan civil war. At present he is Sri Lanka's ambassador at the UN, giving him the benefit of diplomatic immunity. When he was working for Australia, how much data did he have access to? Isn't it ludicrous that in the name of stopping terrorism, data may have been collected and handed to war criminals on a silver platter?

Behind enemy lines

Like James Bond in reverse, an Australian official was exposed unofficially engaging in a relationship with a Vietnamese spy colonel. In addition to the $20 million in bribery to win a bank note printing contract, is data being used as a tool to leverage trade negotiations, officially or otherwise? If an Australian official with top-secret clearance ends up under the control of a foreign agent, what is the risk that they would be exploited to obtain PRISM data?

Defence minister resignation in Chinese spy scandal

In 2009 Australia's defence minister was identified having close links to a Chinese-Australian business woman including all the usual little luxuries: first class flights, apartment rental and joint business deals with family members. He subsequently resigned. Little details were made public. How much PRISM data was directly available to political officials like the defence minister?

Disappearing Prime Ministers

The disappearance of a serving Prime Minister, Harold Holt, during the cold war remains an unsolved mystery to this day. People continue to ask was he swept out to sea or voluntarily whisked away in a Chinese or Soviet nuclear submarine. While Australia has traditionally had strong ties to Britain and the US, there have been exceptions to the rule. Fortunately this all happened before PRISM and Harold Holt red submarine rumours are no more well-founded than the UFO theories of his abduction.

Where did all the data go?

As the music industry has found out the hard way, digital data can be copied at will with the originator having no control.

The revelations that Britain and Australia are in on the PRISM shenanigans only confirms that this data is seen as a new form of currency for exchange in geo-political posturing. While used weapons take decades to work their way down the chain, data can spread at the speed of light.

DanielPocock.com: The week that everything changed

Wed, 12 Jun 2013 10:58:01 +0000

Last Wednesday, I felt an urge to carefully write out a list of all the possible characteristics that would make communications technology genuinely free. I felt this was important for a number of reasons: for example, to follow up on my earlier claim that free software does not always provide free communications, it is necessary to be able to measure the shortcomings against a perfect (although possibly unachievable) benchmark.

Then something happened

Just hours after my blog was live, The Guardian, a leading British newspaper (and contributor to open source) started publishing explosive allegations about the extent of US Government monitoring of communications. They kicked off a dramatic four days of coverage of this topic with the story that one of America's largest phone companies, Verizon, is secretly passing details of all customer phone calls and approximate locations (metadata) to the NSA.

I've published further blog entries about this subject in the meantime. One thing I want to make clear: real friends tell each other the truth. There is no need to flatter America with gratitude for inventing the Internet when discussing these fundamental privacy failings. Anybody who has tried to generalise any comments about the NSA scandal as `anti-American' is themselves failing to respect America's own principles of free speech. A doctor doesn't make up fairy tales for a patient diagnosed with cancer, he puts the facts on the table as that is the first step in making progress.

The winds of change

Activity on all my free communications web sites, especially Lumicall and OpenTelecoms.org has doubled. Google Play reports that the rate of Lumicall installations have also doubled - hopefully it is getting closer to the point where Metcalfe's Law kicks in and everybody will have federated SIP on their phone.

What next

One thing is clear: this situation provides a huge opportunity for anybody promoting free software, not just for communications. As I mentioned, web sites on the subject of free and private communications are attracting significant interest and I hope this rubs off on other projects. While I have contended that free software does not always provide free communications, there is a compelling argument for the case that you can't have free communications without having genuinely free software.

Some of the developments that are coming up in the very near future:

An upcoming release of DruCall, initially packaged for Debian and leveraging the libraries API packaging scheme, is going to make it much, much easier for the vast majority of web sites to offer a secure calling facility, without any third-party browser plugins required. Other CMS vendors such as xWiki are also working on WebRTC support.

DebConf13 is aiming to feature a half-day track on Free real-time communications with a focus on the way free operating systems, particularly Debian (and it's derivatives like Ubuntu) are fundamental to rolling out an alternative to the status quo.

Federated VoIP is also a confirmed feature of the upcoming Fedora 19 release and will eventually work it's way into EPEL. This is another great way for people who work in an RPM environment to start getting more active deploying SIP as a standard service in their environment.

The real-time communication (RTC) quick-start guide is currently being updated and will include a convenient web-checker to help people test their federated connectivity.

Can you help? Not sure where to begin?

Come and join us on the Free RTC discussion list that has been sponsored by the FSF Europe or join the discussion list of one of your favourite free RTC applications.

the_unconventional's blog » English: Avoiding the Microsoft tax in 2013: I bought a new laptop

Wed, 12 Jun 2013 10:00:35 +0000

For all free software users out there, trying to find a new laptop without having to pay the Microsoft tax has become harder and harder. Ever since UEFI and especially Resticted Boot came to surface, concerns about hardware compatibility started growing, but neither one really had anything to do with the now complete impossibility to buy any store-bought laptop without being forced to pay for Microsoft Windows 8 as well. It is in fact their new licensing policy that does.
Since their latest release, license keys can no longer be refunded. This essentially means that anyone who refuses to accept the Microsoft EULA and wishes a refund for the operating system has to return their entire machine, by which Microsoft is essentially saying that people who don’t agree with their license terms, may not own laptops.

Due to this development, many companies that used to sell laptops with GNU/Linux preloaded, have gone out of business over the last couple of months. Some examples from my home country are hettes.nl, mingos.nl, and linuxcomputers.nl. They all claimed the same thing: they can no longer stock laptops without Microsoft Windows preloaded, and are unable to refund the licenses that came with them. Therefore, they don’t really add any value over buying a laptop with Microsoft Windows and installing GNU/Linux yourself anymore.

Anyone looking for a general laptop by Dell, HP, Acer, Lenovo, Toshiba, Asus, et cetera, might as well stop looking. At least, people in the Netherlands; and most likely the rest of western Europe as well. Microsoft has killed off yet another field of fair competition, without anyone stopping them.

Barebones

So what if you want a laptop without having to pay Redmond? Well, the only thing you can do is look for one that didn’t have Microsoft Windows installed in the first place. In essence, you’ll need to get a barebone.
Well-known GNU/Linux vendors such as System76 and ZaReason have been doing this for years, but the downside to both companies is that they are U.S.-based, which obviously makes importing them incredibly expensive, but will also be quite challenging when it comes to warranty and such.

BTO

However, I happen to know about a barebone laptop vendor in the Netherlands which sells machines without any mandatory Microsoft Windows pre-installs: BTO Notebooks / N4ALL B.V. in IJsselstein, Utrecht. I recently contacted them, and asked them about the GNU/Linux support of their 15CL13 model, advertised as an entry-level machine. But as we all know, GNU/Linux isn’t nearly the resource hog that Microsoft Windows is, so even the most basic setup will be more than sufficient for everyday use.

They promptly replied and assured me that the machine was tested with Ubuntu 13.04 without any issues. They also answered my other questions, confirming that both UEFI and Restricted Boot could easily be disabled (and were by default). They were also able to tell me the exact barebone type: a Clevo W258EU; to some perhaps better known as the System76 Pangolin Performance.

At the moment of my purchase, BTO had a special action, giving away a 120GB Samsung 840 SSD for free. The price was very alluring, to say the least. For a configuration with an Ivy Bridge Penitum 2020M CPU, 2x 4GB DDR3-1600 SO-DIMMs, and a 120GB Samsung 840 SSD, it was only €537 including VAT, handling, and shipping.

Disabling Big Brother

Due to obvious privacy concerns, I have never really been a fan of built-in cameras and microphones. I never liked the fact that virtually every laptop comes with them even in the most basic models, because I’d just rather not “bug my own home”, as David Petraeus would put it. I want a laptop, not a telescreen.
So with all the laptops I’ve owned, one of the first things I’d usally do would be opening up the screen bezel and physically removing the flatconnectors from both the webcam and the microphone modules. I never make (video) calls anyway, and in case I’d want to record audio, I could always use the 3,5mm jack connector on the side, as built-in microphones are generally rubbish for anything other than spying anyway.

In order to avoid having to do that on a brand new laptop, I asked BTO if they could do it for me during the assembly. At first, my preposal was shot down by the sales manager, but later I received an e-mail from a technical staff member, saying that pulling out the plugs wouldn’t be an issue. I placed my order, wired the money, and my laptop was assembled, tested and shipped by the end of the next day.

Opening the box

Within four days after placing my order, the laptop arrived at my doorstep. The accessories pack was quite impressive: it came with a very decent carrying bag, a wired mini mouse, a mousepad, earplugs, a microfiber cloth, and obviously a 19V power supply.

The laptop itself was very appealing. Generally speaking, barebones tend to be rather ugly, but Clevo has actually done a very decent design job with this one. The screen bezel is very small, the chiclet-style keyboard looks very nice, and the touchpad is well integrated into the palm rest. All in all, the machine has a very solid, ‘non-plasticy’ feel, although most of its body is ironically made out of plastic.

The BIOS (or well, UEFI) is rather simple, as with most laptops it is. It appears to be a well-known American Megatrends AMIBIOS implementation. Amongst other things, it features the ability to switch between BIOS and UEFI boot modes, to enable/disable Restricted Boot (UEFI-only, of course), and to switch between AHCI and IDE on the SATA controller. Other obvious options are boot priority, supervisor and user passwords, and the enabling/disabling of the boot logo.

Installing Debian

Installing Debian jessie was a breeze. The system can boot up from both the USB 3.0 ports on the left and the USB 2.0 port on the right. Pressing F7 pops up the boot selection menu, and the Debian netinstaller worked without any problems.
I chose to install Debian using the old-fashioned BIOS booting method, as I am yet to see any advantage to using UEFI. To me, all it seems to be is a bloated hypervisor which does not have any source code available, making it a potential privacy risk (as in back door). Good old BIOS is dumb as can be: it has little to no control over the operating system once booted, and it can hardly be modified without explicit user action. UEFI, on the other hand, has its own shell and networking stack, and can be fully accessed through interfaces like efivars. It’s none of my business what other people do, but I’d recommend everyone to avoid that stuff like the plague.

I did, however, use GPT instead of MBR to partition my SSD. I never liked the whole primary/extended partitions thing, and GRUB supports booting from GPT without UEFI very well. All you need to do is create a 1MB BIOS boot partition on /dev/sda1, called “reserved BIOS boot area” by the Debian installer. GRUB will then embed itself into that 1MB partition, and you’ll be good to go.

One small mistake

After the installation was done, nearly everything worked immediately. The wireless LAN, however, did not. I quickly discovered that BTO had placed the wrong module. During the assembly, I specifically chose an Intel Centrino 135, but I was given a Realtek RTL8723AE instead, which has very poor Linux kernel support. Because I wasn’t up for a custom driver compilation hell, I went to the local PC store and picked up an Intel Centrino 2230.
One of the best things about barebone laptops is that they’re very easy to self-service. I only had to remove four screws from a bottom plate and I could access pretty much everything: the CPU, the RAM, the WLAN, the cooling fan, and so on. Only the SSD is positioned under a different plate, which can be accessed by removing two other screws. There were no silly (and moreover, illegal) “warranty void”-stickers to be found, so replacing the WLAN module literally only took me two minutes.

As soon as I contacted BTO about the switch-up, they immediately apologized and offered to send me the Intel Centrino 135 as soon as possible. It came in the mail the next day, and they said I didn’t even have to return the Realtek module. All in all it was an honest mistake, and it was taken care of very quickly. I decided to keep the 2230 in my laptop, as it’s a better chip, but a spare 135 can always come in handy some day.
I also notified BTO about the poor support of the Realtek module, and advised them to always use Intel or Atheros chips for GNU/Linux users, just to be on the safe side.
I’ve been a freelance PC assembler for many years now, so replacing a WLAN module is not an issue for me, but obviously not everyone would be able and/or willing to do so.

The Realtek module (left) next to the Intel Centrino 135 (right) that arrived the next day. Looking at the label, the Realtek module probably came with the barebone by default.

Microcode

The only downside to Intel WLAN modules is that they can’t be used with 100% free software. Technically, the iwlwifi Linux kernel module is free software, but the cards require non-free microcode to be loaded from userspace. On Debian, you’ll need the firmware-iwlwifi package from non-free for this, but most other GNU/Linux distributions will probably have kept this in their default kernels. In my case, the required firmware file is located in /lib/firmware/iwlwifi-2030-6.ucode – which is roughly 700 kilobytes of proprietary code. It may not be perfect, but I can live with it, considering the fact that those 700 kilobytes are the only non-free bytes of data on my entire computer.
The upside is that Intel’s WLAN chips are generally very well supported with the Linux kernel, and, in my opinion, usually perform best.

In case you would really want a 100% free software system, you’d probably be best off buying an Atheros chip supported by the ath9k module. Sadly, those are not available on the European consumer market, so you’d have to look on eBay (or a similar marketplace) and get one from China / Taiwan / Hong Kong, et cetera. They generally cost less than the shipping costs from Asia.
If you’re planning to install a fully free-as-in-freedom GNU/Linux distribution such as gNewSense or Trisquel, you’ll have no other choice (aside from always using ethernet). As far as I’m aware, the BIOS does not contain one of those horrible WLAN whitelists, so you can use any half-size Mini PCI Express module you want.

The bitrate is automagically lowered when the connection is idle. WiFi reception is great: I can find over 15 networks in the vicinity of my house.

Testing the rest

After having solved my wireless woes by replacing the WLAN module, I could start testing all the other parts. And I must say that I’m very satisfied so far. The keyboard is actually quite comfortable, unlike many other laptop keyboards I’ve used in the past. Admittedly though, I’m quite spoiled when it comes to typing, because I use an original Model M keyboard with my PC. That said, this keyboard easily comes in second-best of all my current machines, and is probably the least noisy of them all.

The touchpad is pretty decent. It’s fully integrated into the palm rest, but it does contain two physical buttons. Two finger scrolling and tap-to-click both work perfectly. It may not be the very best touchpad I’ve ever used, but it certainly isn’t bad either. There are far more laptops out there with worse touchpads than there are with better ones.

The most amazing aspect of this machine has to be the fan noise. Or, better said, the absence of it. I can easily say that I’ve never owned a laptop as silent as this one. Most laptop fans have the tedious tendency to switch between ‘off’ and ‘full on’ every 40~80 seconds or so, but this machine features more of a desktop-style fan regulation. It’s always running, but at such a low speed that it’s barely audible. When idle, you really have to put your ear to the unit in order to hear anything. This way, hot air is always being dissipated, so the fan doesn’t have to spin up like a mad man as soon as some sensor limit is reached. It simply revs up a bit as soon as the load requires it. I still don’t understand that it took laptop vendors such a long time before they realized that this was the best way to implement this.

The idle temperatures of the CPU tend to be around 50 degrees Celsius, although the unit itself is probably well-isolated, because it barely feels warm to the touch at all. I’ve only used this machine on relatively warm summer days so far, so it’ll most likely even be cooler in the winter time.

kevin@andalusia:~$ sensors
acpitz-virtual-0
Adapter: Virtual device
temp1: +54.0°C (crit = +120.0°C)

coretemp-isa-0000
Adapter: ISA adapter
Physical id 0:    +55.0°C (high = +72.0°C, crit = +90.0°C)
Core 0:       +55.0°C (high = +72.0°C, crit = +90.0°C)
Core 1:           +54.0°C (high = +72.0°C, crit = +90.0°C)

Both the Ivy Bridge CPU and the on-die HD2500 GPU work great. I can run all kinds of WebGL content in both Chromium and Iceweasel without any problems, and streaming 720p videos from my Raspberry Pi over 802.11g WiFi has been working great without any noticeable strain on the processing units, which is a great improvement over my previous laptop (from ~2007), which used to choke, chuckle, and burn itself up a lot.

Beware of a 3.9 kernel bug (EDIT: fixed as of 3.9.6.)

The sound system worked out of the box with PulseAudio. Plugging in headphones automatically switches off the built-in speakers as one would expect, and pulling them out will reactivate them.

I honestly don’t have a clue on why the digital connections all show up twice.

However, there appeared to be a bug in >3.9 kernels that broke the headphone functionality for this particular chip (VIA VT1802P). Plugging in headphones on >3.9 kernels did in fact still mute the built-in speakers, but the headphone output would be silent as well. A patch for this issue has been released and merged into 3.9.6. Kernels 3.8 and below were unaffected.
The sound quality of the built-in speakers isn’t too great, but that can’t really be said about any laptop anyway. I do feel that laptop speakers have gradually become worse over the years, as my six year old previous laptop does sound a bit better than this one. (A trend I’ve noticed by reviewing many different machines of all ages.)
As I’ve stated before, I requested the built-in microphone to be physically disabled, so I was unable to test it. However, I don’t see any reason why it wouldn’t work if it had been connected.

One potential issue

The only thing that might be a bit tricky is the card reader: a Realtek RTL8411, also known as the Realtek Barossa Plus. If you’re using a stable distribution such as Debian 7, Ubuntu 12.04 LTS or CentOS 6, you’ll likely be running a Linux 3.2.x kernel, which does not support this card reader yet. In that case, you’ll either have to compile the rts_bpp module yourself (as described here), or use the DKMS driver that System76 uses for their Pangolin Performance and Gazelle Professional models.
As of Linux 3.8, support for the RTL8411 has been added to the in-tree rstx_pci kernel module, so if you’re using a more bleeding edge distribution, the card reader will work out of the box. I’m running Debian jessie with the 3.9 kernel from sid, and I can report a fully working card reader without any intervention.

With kernel 3.9, the card reader works entirely as expected.

Power, ACPI, ASPM, suspend, hibernate, and things actually working

Perhaps even more amazing than the incredibly quiet fan, is the incredibly decent battery life. This machine is only packing a relatively small 4800mAh lithium ion battery, but I can easily get around four and a half hours of normal use on a full charge. And by that I mean four and a half hours of constant operation, constant screen on, and constant WiFi on. I do not have any automatic screen blanking enabled, but for those who do want to use it, I can assure that it works perfectly. I’ve also tested suspension and hibernation; both of which work without any issues. Moreover, this is one of the first laptops I’ve ever owned without any ACPI issues. Clevo actually did a good job with the BIOS, and ACPI simply works. There’s no power being wasted on devices that don’t power down properly, ACPI_OSC control is actually granted, and ASPM is properly implemented.

So, in a nutshell, the hardware of this laptop works perfectly, as long as you make sure you have an Intel WLAN module and use a recent kernel. I would advise to use at least 3.8, although 3.9 works perfectly as well.

Detailed information

One of the biggest annoyances in the process of hardware buying is the small amount of technical details most vendors offer. I’d simply like to know exactly which hardware parts my machines consist of, but it can be quite hard to get that information in most cases. Therefore, I decided to make a list of every hardware part in this machine. Please note that some of them are interchangeable, so the specific configuration will depend on the order you place.

Chassis: Clevo W258EU
Chipset: Intel HM76 Express (Panther Point)
BIOS: American Megatrends v4.6.5
CPU: Intel Pentium 2020M @ 2,40GHz (Ivy Bridge)
GPU: Intel GMA HD2500 @ 650MHz
RAM: 2x 4GB Fujitsu Team Elite DDR3-1600 SO-DIMM
SSD: 120GB Samsung 840
LAN: Realtek RTL8411 PCI-E Gigabit Ethernet
WLAN/BT: Intel Centrino Wireless-N 2230
Audio: VIA VT1802P
Card Reader: Realtek RTL8411 (Barossa Plus)
DVD Drive: Lite-On DS8A8SH
Keyboard: 105-key QWERTY with chiclet keys and a numeric keypad
Touchpad: Synaptics PS/2 Touchpad (id: 0x1c0b1)
Display: 15″ 16:9 (1366×768) glare/glossy with LED backlight
Connectors: 2x USB 3.0, 1x USB 2.0, 1x HDMI, 1x VGA, 1x Gigabit Ethernet, 1x 3,5mm audio out, 1x 3,5mm audio in

System configuration:

Debian jessie netinstall
Linux 3.9.4 kernel from sid
X Server 1.12.4
MESA 8.0.5
Intel X driver 2.19
Intel VAAPI driver 1.0.17
GNOME 3.4.2

Daily use, papercuts, and workarounds

Although my usage experience is still fairly limited, I can say that this laptop is extremely well capable of being a daily driver. There aren’t any noteworthy bugs or issues that might decrease its usability. Perhaps a few very little things, but none of which could possibly be a deal breaker for anyone. The machine is compact enough to be carried around, and is much, much lighter than my previous laptop was. I’ve dated girls less heavy than that thing.

Nevertheless, I have made a list of commonly used features, followed by my test results. Please note that all tests were done with kernel 3.9.4 from sid/unstable.

USB: xhci and ehci working out of the box
Ethernet: working out of the box
WiFi: working out of the box (requires firmware-iwlwifi to be installed)
Bluetooth: working out of the box (when enabled in BIOS)
Speakers: working out of the box
Headphones: working out of the box (except for 3.9.1-3.9.5 kernels due to a bug)
Keyboard: working out of the box
Touchpad: working out of the box (two finger scroll + tap-to-click)
Hotkeys: brightness, volume, touchpad, screen switch, and WLAN working out of the box
DVD drive: working out of the box
Card reader: working out of the box (requires kernel 3.8 or above)
HDMI video: working out of the box
HDMI audio: not tested (but it is recognized by PulseAudio)
VGA output: not tested (but it is recognized by X)
Webcam: not tested (disabled)
Microphone: not tested (disabled)
Suspend/resume: working out of the box
Hibernate/resume: working out of the box
ACPI: little to no bugs, power management works well, battery life is very decent, battery percentage appears to be accurate
Sensors: ACPI thermal zone and coretemp working out of the box, fan regulation properly managed by firmware

Bugs and issues

The Bluetooth hotkey (Fn + F12) does not work. Essentially, this means that Bluetooth will always be enabled, and the hotkey can’t turn it off. You can, however, disable Bluetooth by using the panel icon in GNOME Shell or Unity, or some other Bluetooth front-end (such as blueman). Disabling Bluetooth that way is not persistent in case of a reboot.
You can disable Bluetooth permanently by entering the BIOS and setting the Bluetooth power setting to Disabled. This will, however, completely disable it without any way of turning it back on. The system will be unaware of any Bluetooth capabilities, and rfkill will not show the hci0 interface.

The only way to re-enable Bluetooth is by doing a BIOS reset and a complete off/on power cycle (not a soft reboot), after which the interface will be recognized by rfkill again.

The screen will flicker about ~500ms after opening the lid. This is usually already over before you’ve moved the screen into a workable position, so it is hardly an issue. In case you have your system suspend or hibernate when closing the lid, this won’t be an issue at all.

By default, the PC speaker beeps upon shutdown and reboot, and sometimes even as a notification sound. By this I mean the old IBM-style buzzer beep. It can be disabled by blacklisting the pcspkr and snd_pcsp modules. Simply add them to /etc/modprobe.d/blacklist.conf:
blacklist pcspkr
blacklist snd_pcsp
Changes will be applied after a reboot. In case you want to apply them immediately, run sudo modprobe -r pcspkr && sudo modprobe -r snd_pcsp just this once.

Sadly, the unit came with a Windows 8 logo on the super key. I asked BTO whether they could get hold of a keyboard without one (kind of like what System76 does), but they said that would be impossible for them. Luckily I have a whole stash of Tux keyboard stickers laying around. You can order them here.

All in all, if you’re looking for a Microsoft-free laptop within the euro zone, I’d recommend you to give BTO a shot. I’ve already tried to convince them to pick up full GNU/Linux support, but obviously they’d need to find a sustainable market first. They are most likely the only company left in the Netherlands offering such laptops, so their target group could potentially be very large. There are thousands of free software users in the Netherlands alone; let alone in all of western Europe.

Technical details and logs

I’ve collected the output of some useful analytic commands for your information. At this point, I’ve run lshw, lspci, lsusb, dmesg, dmidecode, and glxinfo. If you’d like to see anything else, please let me know.

FSFE Fellowship Vienna » English: Booth at Veganmania in Vienna 2013

Wed, 12 Jun 2013 08:38:14 +0000

On 8^th and 9^th of June 2013 the Vienna fellowship group of the FSFE organised an information booth at the Austrian vegan society’s summer festival. This year’s festival was the 16^th and, as always, welcomed visitors from all over Austria and quite a few guests from other countries too.

On the run up to the festival it looked dangerously like it wasn’t going to work out very well due to the awful weather – In the days before there was heavy rainfall causing floods all over central Europe. Fortunately, the days of the festival, and only those days, saw perfect weather: It was warm and sunny. According to official estimations – about 9000 people visited the festival.

For our booth we ordered new leaflets from the German headquarters and, as before, we prepared free software operating system discs. This time we made more than 200 pieces with five different distributions: Ubuntu 12.04 (for absolute beginners), Debian 7.0, openSUSE 12.3, Fedora 18 and Trisquel 6.0 (for experts).

Our little booth was at the centre of the festival area directly opposite the main beverage stand. At times most areas were too crowded for comfortable walking or standing. Nevertheless, our booth, even at those hectic times, provided a calm little corner, which was obviously inviting for people to stop by. We can say without doubt that our spot was one of the best.

On both days we set up our booth at about 9am and packed up at about 10pm. Starting from about midday it was hard to take a break because there were always people very interested in our subject of independence on computers and mobile phones. On no other of our quite successful booths before have we had so many engaging talks with people who had been unfamiliar with free software before, but who were instantly very interested in giving it a try.

This time we made sure that we didn’t just give away random discs to anyone willing to take something for free. We evaluated the knowledge level and explained the basic concepts of free software and even the history of why we insist on the term free instead of open and GNU/Linux instead of Linux. Our visitors listened very carefully to our explanations about why free software can’t always work on any proprietary hardware and why open file formats are the saner way to share digital data.

Like always in such situations, one of the most frequent questions was about, the nowadays unexpected fact, of how something good and reliable can be given out for free. We narrowed the wide field of possibilities down to two main ways that free software emerges: The first route is paying programmers to write something needed, but not yet existing (without the plan to sell the result afterwards). The second explanation refers to all those programmers unsatisfied with writing crippled proprietary software in their jobs, since many of them just want to prove to themselves (and others) how well their programs could work if there was no need to ensure that workflows are profitable for companies.

In numbers we handed out fewer discs than at other occasions such as DFD or SFD, but I’m sure we got a lot more about our core concerns across.

Looking back on both days, I’d like to say, that Veganmania seems to be by far the best kind of event for our booth. At Linux weeks and similar events most of the people are not very interested since they believe they know everything that they need to know about free software already. It makes more sense and reaches more people when we have a booth in a shopping street. As far as Veganmania is concerned, it seems that people there are generally open to thinking critically and therefore, more willing to try out something new in order to limit the control of corporations and governments.

We even got invited to have our booth at the large vegan summer festival in Zagreb in September.

New material

Feel free to use and adapt our information material as you please:

cd-huelle.pdf: DVD/CD cover (for DIN A4 sheets, extended with openSUSE)
cd-label.pdf: DVD/CD label (for printable disc, extended with openSUSE)
frei-schild.pdf: Basic free software introduction (DIN A3 poster)
distro-schild.pdf: Distro information sheet (DIN A3 poster)

Images

You can open images in full size by clicking on it. (Unfortunately the quality of the images is very limited due to a very old digi-cam.)

Sam Tuke's blog: Install Ardour 3.1 on Fedora

Tue, 11 Jun 2013 12:18:19 +0000

Ardour 3 is the most powerful Free Software music software currently available. Although Fedora isn’t a GNU/Linux distribution that’s designed for audio professionals, with a little work it can be configured to process sound with low-latency (without millisecond delays or artefacts like pops and crackles), and get easy access to repositories with many recent pro-audio apps.

We’ll compile Ardour from its source code in this tutorial, because this will get us the very latest version (with features and bug fixes missing from older copies), and because Ardour recently switched to a payment-oriented package distribution model which promotes source compilation as the installation method for people who aren’t Ardour donors.

We’ll also set up the CCRMA package repositories, which contain many audio apps not found in the default Fedora repos, and most importantly will supply us with a real time kernel (which Ardour, and low-latency operation in general, requires). The CCRMA repos are provided by the Stanford Center for Computer Research in Music and Acoustics.

These instructions are designed to work with Fedora 18 and Ardour 3.1.1, though I expect they will work as well with later versions of both. If not, let me know and I’ll try and tweak the guide.

Install package dependencies required by Ardour:
yum install git jack-audio-connection-kit-devel libsndfile-devel liblo-devel aubio-devel cppunit-devel cwiid-devel liblrdf-devel libsamplerate-devel lv2-devel serd-devel sord-devel sratom-devel lilv-devel flac-devel gtkmm-2.4-devel gtkmm24-devel libgnomecanvas-devel libgnomecanvasmm26-devel suil-devel libcurl libcurl-devel uuid uuid-devel libuuid libuuid-devel lib fftw3 fftw3-devel liboggz liboggz-devel
Setup the CCRMA repositories (more detailed info in the Fedora manual):
su -c 'rpm -Uvh http://ccrma.stanford.edu/planetccrma/mirror/fedora/linux/\ planetccrma/13/i386/planetccrma-repo-1.1-2.fc13.ccrma.noarch.rpm
Update existing packages and refresh what’s available:
yum update
Install real-time (low-latency) kernel and drivers from CCRMA:
yum install planetccrma-core
Reboot your machine to use your new real-time kernel.
Download Ardour via Git and compile it by following the simple official instructions (see “Building Ardour 3.x”). I recommend not installing Ardour unless you really need to (installing is the final step in the official instructions that simply creates links within Fedora’s menus etc. and isn’t required for compiling / running / using Ardour).
Start the jack sound server by running qjackctl (either from system menu or CLI), and click on “start”.
Run your newly compiled Ardour (execute this from within the directory you compiled Ardour in):
cd gtk2_ardour ./ardev

Those are all the necessary steps and you should now have a fully functional copy of Ardour! I recommend installing some additional LV2 plugins however to extend the built-in MIDI instruments that are available within Ardour.

(Optional) Install additional synthesisers for Ardour:

sudo yum install lv2-triceratops lv2-synthv1 lv2-calf-plugins lv2-calf-plugins lv2-mdaEPiano

Those synths should appear automatically as available MIDI instruments when you restart Ardour.

I hope that running Ardour in the way I’ve described will whet your appetite to dive more deeply into audio production on GNU/Linux. If so, I recommend using a dedicated GNU/Linux distribution for audio work, because it’ll provide you with many more tools and features, and save you having to manually configure them all yourself. For now KXStudio is my clear favourite.

Good luck, and let me know how you get on in the comments

DanielPocock.com: Interrupt-free computing

Tue, 11 Jun 2013 10:44:51 +0000

On debian-devel, there has been a discussion about the security issues of "spontaneously" appearing popups demanding the root password to make immediate security updates.

There is a much more general issue related to this: computing without interruptions.

Most of us have probably seen some friend or acquaintance with a (usually non-Linux) PC that is constantly beeping and flashing with chat notifications, new email popups, Adobe update this, Java update that, etc. In one recent case I came across somebody who had experienced a dramatic drop in his productivity as a consequence - giving him a laptop with a freshly installed copy of Linux made a dramatic difference to his work.

I can already hear people insisting that security trumps everything (which isn't an original argument either) and that popups can't be avoided.

A search on the web for "computing without interruptions" reveals users have a particular distaste for these things appearing while watching a video. Websites responding to that complaint fill the search results. With many types of interactive real-time content (video, WebRTC phone/video calls and so on) deployed within browsers, it is even more important for UI designers to contemplate when it is not appropriate to interrupt a user and to do everything possible to avoid interrupting the user.

Preparing for disaster

On the other hand, just ignoring security updates and not telling the user their disk is filling until 0 bytes remain available could only shift the problem down the road (from constant annoyance to periodic crisis).

That said, sometimes you can still fill the disk very suddenly (especially with fast SSDs) and rather than relying on popups to keep users away from the precipice, applications (particularly the core desktop and daemon processes) could be tested more regularly to ensure they remain resilient in full disk situations.

Managing information overload

Popups are just part of a wider problem of information overload. There are emails too: some applications, such as Drupal, will send daily or weekly emails to a user if their system is not up to date. For many virtual-hosted sites, this starts to resemble a small flood. There is a flaw in this design: applications are competing for attention by sending more and more emails and popups or making them more annoying (e.g. the security updates in Debian 6 were ignorable popups in the top right-hand corner of the screen, Debian 7's Gnome Classic mode displays a big password prompt in the middle of the screen).

The solution would be to develop a mechanism for unifying, de-duplicating and then prioritising these information/event flows. Some fault alerting systems already do this for their own events - these are niche solutions that aren't always applicable to the average PC-owner, although the principles are well tested. Some email organisation tools have similar features, but only for email. I'm not currently aware of any solution that synthesizes such an experience for all possible information sources.

Setting priorities

One well-read work on this subject in the business world is The 7 Habits of Highly Effective People (Stephen R. Covey, 1989). Of particular interest for the problem at hand is the priority matrix (borrowed from the Eisenhower Method):

The left column, Urgent items, typically must be executed by a certain date (e.g. buying a gift before a birthday or installing a new SSL certificate before the old one expires). A security update or Acrobat reader update does not have this same characteristic. Under this model:

	Urgent	Non-urgent
Important	Replace SSL certificate Buy birthday gift	Security update Run backup job
Not important	Register for conference before deadline for free gift	Non-security update for Acrobat reader

Covey even released an Outlook plugin, Plan Plus to help people organise their tasks (and their lives) using his methodology. Unfortunately it is closed-source software with a terrible set of ratings on Amazon - this review from a customer stands out:

"My take is that Franklin does not consider robust software nor customer support to be either Urgent or Important."

Could this be replicated more successfully with an open-source plugin for Mozilla Lightning or a similar productivity tool, and could the concept be extended across the range of data sources, including email, calendar items, system notifications and more to provide a unified approach to both the computing platform and general productivity (real-life) time management?

Would this help solve the same problem in a more effective manner? In other words, would such an effort to help users integrate the demands of technology with the other demands of life make them more likely to keep their systems up to date?

The wider community experience

Going beyond the desktop/user experience, could this model be extended to automatically integrate external tasks, such as handling bug reports, moderating mailing lists and other slightly tedious things that have to be given regular attention to keep the free-software world moving along smoothly?

Managing down-time

For people who work in computing, there is almost no down-time any more. Even when on holiday, checking in for a flight might involve navigating through a buggy wifi access control system and an annoying set of advertisements from your low-cost airline as you try to print a boarding pass. These things often trigger thoughts about similar issues on client projects. Glancing at your email to find the booking number could awaken thoughts of a whole lot of projects you had tried to put out of your mind for a week.

This is another area where excessive popups and emails can only compound the problem. Who really wants to download and install security updates while on holiday using an intermittent wifi connection?

Managing all these events through a common mechanism may also finally make it possible to have an "ordinary user" experience with your PC. In practice, this might mean being able to view information/events through a time-of-day filter or "holiday mode" - and only on demand.

A worthy design goal?

Would any free software operating system make it a design goal to give their users a 100% interrupt-free experience?

Of course there would still be things like chat notifications - but those would only be possible when a user has signed-in to a chat application. The distinction for the interrupt-free experience would only need to apply to default system behavior and not to every application.

Hook’s Humble Homepage: I’m going to Akademy 2013 and will talk about the FLA

Mon, 10 Jun 2013 22:04:47 +0000

Hello, hello! I’m going to Akademy 2013 in Bilbao, Spain …

… where I will hold one of the lightning talks; namely “Learn more about the FLA — What is FLA good for and why you shoud sign it“:

The Fiduciary License Agreement is a type of a very well balanced copyright assignement that enables KDE e.V. to manage your contribution and if needed protect you in court, while making sure that you get all the freedom you need both for your code and yourself.

After the talk, there will be time to answer any questions you may have about the FLA.

After I finish my talk, I’ll hang around for any and all questions regarding Free Software licensing and other related legal questions … and if all fails, I’ll just practice my debugging-fu and throw hard to find, yet certainly there, bugs in every direction ☺

hook out → extremely looking forward to finally meeting all the nice KDE people in preson

Hook’s Humble Homepage: Join me in Kiberpipa to learn Python from the Mechanical MOOC

Mon, 10 Jun 2013 21:17:26 +0000

I’ve decided to re-take the course “Gentle Introduction to Python” ((I dropped out in week 5 or so out of 8 due to other obligations.)) on MOOC-E, which is starting on the 17^th of June.

But this is not about letting people know of my personal plans: If you’re from Slovenia, or better yet from Ljubljana, I’d like to let you know that I’m thinking of holding (ir)regular meetups with any local participants and the wonderful Python guys and gals from Kiberpipa.

Now, if you haven’t heard about MOOC-E or the Mechanical MOOC yet, a quick glace at their website says it all:

Mechanical MOOC is two things: A massive open online course (MOOC), and an experiment in how to offer these courses.

First, the course: We’re offering an eight-week course called A Gentle Introduction to Python. It is, as it sounds, a course in learning the basics of Python programming.

Second, the approach: Rather than trying to create a platform that structures the end-to-end learning experience, as recent MOOCs have done, we’re taking the best of existing open learning site — content from MIT OpenCourseWare, communities from OpenStudy, exercises by Codecademy — and joining them loosely with a mailing list that will coordinate student activity.

Instead of a professor or university organizing the class, our e-mail scheduler will do it — that’s why it’s mechanical.

As already said, I already experienced this system and can warmly recomend it — at least for me the balance between the freedom not to be bound to a strict deadline and a certain amount of peer pressure, is a exactly the right way to study at the moment.

hook out → sipping Korean Osulloc oolong tea with cocoa splinters and caramel (plus a bit of sugar and a dash of milk)

DanielPocock.com: The Pope saw right through them

Sun, 09 Jun 2013 22:00:13 +0000

Popemobile - is it secure enough for the Pope to make confession without the NSA hearing anything?

In his final days as Pope, Benedict XVI took it upon himself to comment on a political subject that has had the whole world talking for some time: those invasive airport scanners pushed by US securocrats.

"Every action, it is above all essential to protect and value the human person in their integrity."

"Even in this situation, one must never forget that respecting the primacy of the human person and attention to his or her needs does not make the service less efficient nor penalise economic management."

At least, the press thought he was talking about body scanners.

Maybe it was divine intervention, or maybe just a very good understanding of the dark side of human nature, but these comments could be equally applicable to the unfolding scandal engulfing the NSA as they seek to monitor, record and understand every thought and feeling we have at every moment of our lives.

On the issue of those scanners, however, it now appears clear that the reassurances we've been hearing - that invasive airport body scanners don't save copies of the pictures, for example - are about as believable as the ousted Iraqi Information minister Mohammed Saeed al-Sahaf appearing daily on TV to reassure the world that Saddam would be victorious even as the invading forces entered Baghdad.

Saddam's former Information Minister, Mohammed Saeed al-Sahaf

Paul Boddie's Free Software-related blog: Site Licences and Volume Licensing: Locking You Both In… and Out

Sun, 09 Jun 2013 14:01:45 +0000

Once upon a time, back in the microcomputer era, if you were a reputable institution and were looking to acquire software it was likely that you would end up buying proprietary software, mostly because Free Software was not a particularly widely-known concept, and partly because any “public domain” or “freeware” programs probably didn’t give you or your superiors much confidence about the quality or maintenance of those programs, although there were notable exceptions on some platforms (some of which are now Free Software). As computers became more numerous, programs would be used on more and more computers, and producers would take exception to their customers buying a single “copy” and then using it on many computers simultaneously.

In order to avoid arguments about common expectations of reasonable use – if you could copy a program onto many floppy disks and run that program on many computers at once, there was obviously no physical restriction on the use of copies and thus no apparent need to buy “official” copies when your computer could make them for you – and in order to avoid needing to engage in protracted explanations of copyright law to people for whom such law might seem counter-intuitive or nonsensical, the concept of the “site licence” was born: instead of having to pay for one hundred official copies of a product, presumably consisting of one hundred disks in one hundred boxes with one hundred manuals, at one hundred times the list price of the product, an institution would buy a site licence for up to one hundred computers (or perhaps as many as the institution has, betting on the improbability that the institution will grow tenfold, say) and pay somewhat less than one hundred times the original price, although perhaps still a multiple of ten of that price.

Thus, the customer got the vendor off their back, the vendor still got more or less what they thought was a fair price, and everyone was happy. At least that is how it all seemed.

The Physical Discount Store

Now, because of the apparent compromise made by the vendor – that the customer might be paying somewhat less per copy – the notion of the “volume licence” or “bulk discount” arose: suddenly, software licences start to superficially resemble commodities and people start to think of them just like they do when they buy other things in bulk. Indeed, in the retail sector the average person became aware of the concept of bulk purchasing with the introduction of cash and carry stores, discount stores, and so on: the larger the volume of goods passing through those channels, the bigger the discounts on those goods.

Now, economies of scale exist throughout modern commerce and often for good reason: any fixed costs (or costs largely insensitive to the scale of output) in production and distribution can be diluted by an increased number of units produced and shipped, making the total per-unit cost less; commitments to larger purchases, potentially over a longer period of time, can also provide stability to producers and suppliers and encourage mutually-beneficial and lasting relationships throughout the supply chain. A thorough treatment of this topic is clearly beyond a blog post, but it is worthwhile to briefly explore how savings arise and how discounts are made.

Let us consider a producer whose factory can produce at most a million units of a product every year, it may not seek to utilise this capacity if it cannot be sure that all units will be sold: excess inventory may incur warehouse costs and also result in an uncompetitive product going unsold or needing to be heavily discounted in order to empty those warehouses and make room for more competitive stock. Moreover, the producer may need to reconsider their employment levels if the demand varies significantly, which in some places incurs significant costs both in reduction and expansion. Adding manufacturing capability might not be as easy as finding a spare factory, either. All this additional flexibility is expensive for producers.

However, if a large, well-known retailer like Wal-Mart or Tesco (to name but two that come to mind immediately) comes along and commits to buying most or all of the production, a producer now has more certainty that the inventory will be sold and that it will not be paying people to do nothing or to suddenly have to change production lines to make new products, and so on. Even things like product variations can be minimised by having a single customer or few customers, and this reduces costs for the producer still further. Naturally, Wal-Mart would expect some of the savings to be passed on to them, and so this relationship benefits both parties. (It also produces a potential discount to be passed on to retail customers who may not be buying in bulk after all, but that is another matter.)

The Software Discount Store?

For software, even though the costs of replication have been driven close to nothing, the production of software certainly has a significant fixed cost: the work required to develop a viable product in the first place. Let us say that an organisation wishes to make and sell a non-niche product but needs to employ fifty people for two years to do so (although this would have been almost biblical levels of manpower for some successful software companies in the era of the microcomputer); thus one hundred person-years are invested in development. To just remain in business while selling “copies” of the software, one might need to sell one hundred thousand individual copies. That is if the company wants to just sell “licences” and not do things like services, consulting, paid support, and so on.

Now, the cost of each copy can be adjusted according to the number of sales. If things go better than expected, the prices could be lowered because the company will cover its costs more quickly than anticipated, but they may also raise the prices to take advantage of the desirability of the product. If things go worse than expected, the prices might be raised to bring in more revenue per sale, but such pricing decisions also have to consider the customer reaction where an increased price turns away customers who can no longer justify the expense. In some cases, however, raising the price might make the product seem more valuable and make it more attractive to potential customers, despite the initial lack of interest from such customers.

So, can one talk about economies of scale with regard to software as if it were a physical product or commodity? Not really. The days of needing to get more disks from the duplicator, more manuals from the printer, and to send more boxes to distributors are over, leaving the bulk of the expense in employing people to get the software written. And all those people developing the product are not producing more units by writing more code or spending more time in the office. One can argue that by adding more features they are generating more sales, but it is doubtful that the relationship between features and sales is so well defined: after a while, a lot of the new features will be superfluous for all but “power users”. One can also argue that by adding more features they are making the product seem more valuable, and so a higher price can be justified. To an extent this may be the case, but the relationship between price and sales is not always so well defined, either (despite attempts to do so). But certainly, you do not need to increase your “production capacity” to fulfil a sales need: whether you make one hundred or one million sales (or generate a tenth of or ten times the anticipated revenue) is probably largely independent of how many people were hired to write the code.

But does it make sense to consider bulk purchasing of software as a way of achieving savings? Not really. Unlike physical production, there is no real limit to how many units are sold to customers, and so beyond a certain threshold demanded by profitability, there is no need for anyone to commit to purchasing a certain number of units. Especially now that a physical component of a software product is unlikely to be provided in any transaction – the software is downloaded, the manual is downloaded, there is no “retail box”, no truck arriving at the customer, no fork-lift offloading pallets of the product – there is also no inventory sitting in a warehouse going unsold. It might be nice if someone paid a large sum of money so that the developers could keep working on the product and not have to be moved to some other project, but the constraints of physical products do not apply so readily here.

Who Benefits from Volume Licensing?

It might be said, then, that the “economies of scale” argument starts to break down when software is considered. Producers can more or less increase supply at will and at a relatively low cost, and they need only consider demand in order to break even. Beyond that point, everything is more or less profit and they deliver units at no risk to themselves. Certainly, a producer could use this to price their products aggressively and to pass on considerable savings to customers, but they have no obligation and arguably little inclination to do so for profitability reasons alone. Indeed, they probably want to finance new products and therefore need the money.

When purchasers of physical goods choose to buy in bulk, they do so to get access to savings passed on by the producer, and for some categories of products the practice of committing larger sums of money to larger purchases carries little risk. For example, an organisation might buy a larger quantity of toilet paper than it normally would – even to the point of some administrator complaining that “this must be more than we really need!” – and as long as the organisation had space to store it, it would surely be used over time with very little money wasted as a result.

But for software, any savings passed on by the producer are more discretionary than genuine products of commerce, and there is a real risk of buying “more than we really need”: a licence for an office application will not get “used up” when someone has “reached the end” of another licence; overspending on such capacity is just throwing money away. It is simply not in the purchaser’s interest to buy too many licences.

Now, software producers have realised that their customers are sensitive to this issue. Presumably, the notion of the site licence or “volume licensing” arose fairly quickly: some customers may have indicated that their needs were not so well-defined that they could say that they needed precisely one hundred copies of a product, and besides, their computer users might not have all been using the software at the same time, and so it might not make sense to provide everyone with a copy of a program when they could pass the disks around (or in later times use “floating licences”). So, producers want customers to feel that they are getting value for money and not spending too much, and thus the site licence was presumably offered as a way of stopping them from just buying exactly what they need, instead getting them to spend a bit more than they might like, but perhaps a bit less than they would need to if money were no object and per-unit pricing was the only thing on offer. (The other way of influencing the customer is, of course, the threat of audits by aggressive proprietary software organisations, but that is another matter.)

Regardless of the theory and the mechanisms involved, do customers benefit from site licences? Well, if they spend less on a site licence than they do on the list price of a product multiplied by the number of active users of that product, then they at least benefit from savings on the licensing fees, certainly. However, there are other factors involved, introducing other broader costs, that we will return to in a moment.

Do producers benefit from site licences? Almost certainly. They allow companies to opportunistically increase revenue by inviting customers to spend a bit more for “peace of mind” and convenience of administration (no more having to track all by yourself who is using which product and whether too many people are doing so because a “helpful” company will take care of it for you). If such a thing did not exist, customers would probably choose to act conservatively and more closely review their purchases. (Or they might just choose to embrace Free Software instead, of course.)

All You Won’t Eat

But it is the matter of what the customer needs that should interest us here. If customers did need to review their purchases more closely, they might find it hard to justify spending large sums on volume licences. After all, not everyone might be in need of some product that can theoretically be rolled out to everyone. Indeed, some people might prefer another product instead: it might be much more appropriate for their kind of work, or it might work better on their platform (or even actually work on their platform where the already-bought product does not).

And where the organisation’s purse strings are loosened when buying a site licence for a product in the first instance, the organisation may not be so forthcoming with finance to acquire other products in the same domain, even if there are genuine reasons for doing so. “You already have an office program you can use; why do you want us to buy another?” Suddenly, instead of creating opportunities, volume licensing eliminates them: if the realm of physical products worked like this, Tesco would offer only one brand of toilet paper and perhaps not even a particularly pleasant one at that!

But it doesn’t stop there. Some vendors bundle products together in volume licensing deals. “Why not indulge yourself with a package of products featuring the ones you want together with some you might like?” This is what customers are made to ask themselves. Suddenly, the justification for acquiring a superior product from a competitor of the volume licensing provider is subject to scrutiny. “You already have access to an intranet solution; why do you want us to spend time and money on another?” And so the supposedly generous site licence becomes a mechanism to rein in spending and even the mere usage of alternatives (which may be Free Software acquired at no cost), all because the acquisition cost of things that people are not already actively using are wrongly perceived as being “free”. “Just take advantage of the site licence!” is what people are told, and even if the alternatives are zero cost, the pressure will still be brought to bear because “we paid for things we could use, so let’s use them!”

And the Winner is…

With such blinkered thinking the customer can no longer sensibly exercise choice: it becomes too easy to constrain an organisation’s strategy based on what else is in the lucky dip of products included in the multiple product volume licensing programme. Once one has bought into such a scheme, there is a disincentive to look elsewhere for other solutions, and soon every need to be satisfied become phrased in terms of the solutions an organisation has already “bought”. Need an e-mail system? The solution now has to be phrased in terms of a single vendor’s product that “we already have”. And when such extra purchases merely add to proprietary infrastructure with proprietary dependencies, that supposedly generous site licence is nothing but bait on the end of the vendor’s fishing line.

We know who the real winner is here. The real loser is anyone having to compete with such schemes, especially anyone using open standards in their products, particularly anyone delivering Free Software using open standards. Because once people have paid good money for something, they will defend that “investment” even when it makes no real sense: this is basic human psychology at work. But the customer is the loser, too: what once seemed like a good deal will just result in them throwing good money after bad, telling themselves that it’s the volume of usage – the chance to sample everything at the “all you can eat” buffet – that makes it a “good investment”, never mind that some of the food at the buffet is unhealthy, poor quality, or may even make people ill.

The customer becomes increasingly “locked in”, unable to consider alternatives. The competition becomes “locked out”, unable to persuade the customer to migrate to open-standards-based solutions or indeed anything else, because even if the customer recognised their dependency on their existing vendor, the cost of undoing the mess might well be less predictable and less palatable than a subscription fee to that “preferred” vendor, appearing as an uncomfortably noticeable entry in the accounts that might indicate strategic ineptitude or wrongdoing – that a mistake has been made – which would be difficult to acknowledge and tempting to conceal. But when the outcome of taking such uncomfortable remedial measures would be lower costs, truly interoperable systems and vastly increased choice, it would be the right thing to do.

One might be tempted to just sit back and watch all this unfold, especially if one has no connection with any of the organisations involved and if the competition consists only of a bunch of proprietary software vendors. But remember this: when the customer is spending your tax money, you are the loser, too. And then you have to wonder who apart from the “preferred” vendor benefits from making you part of the losing team.

DanielPocock.com: Rendition link to PRISM

Sat, 08 Jun 2013 22:39:03 +0000

The Guardian is reporting that Britain's GCHQ first started getting produtive with PRISM early 2012. It was about the same time that their buddies down under, ASIO revised their earlier assessment of a refugee, Ranjini, and scooped her up in Australia's domestic rendition program.

This may be more than a notable co-incidince, because it adds further support to the hypothesis that Ranjini is a victim of Big Data and PRISM. If ASIO first gained access to PRISM at the same time as GCHQ, then they may have used some tenuous PRISM data to form their revised assessment of her suitability for a visa. Making such inferences, and using them as the basis for a cruel program of indefinite detention is a gross violation of human rights and goes far beyond the claim that PRISM is about catching real terrorists.

I've previously mentioned the systematic persecution of coloured people in my own country. Like many honest people, I'm utterly ashamed of it. The Government also has similar programs for indigineous people (they cooked one aboriginal elder alive on our national holiday) and they've also toyed with outlawing homosexuality. Having seen first hand some of the prejudiced, Government-sanctioned evil that exists in Australia, it's not hard to imagine small-minded members of the public service using PRISM data to target these classes of people for an unhealthy dose of bastardisation.

Ranjini was ripped away from her husband by the rendition program and dumped in Sydney's Villawood death camp. Twenty-four hours after the gestapo got their hands on her, it was discovered she was pregnant - her child, an Australian citizen, was recently born and confined to the same concentration camp. Ranjini has racked up more than 12 months in captivity now, most of it while pregnant, and the Government has still not made any official charges against this woman. They say they can't comment on her case for fear of revealing their sources: once again, they don't want to talk about programs like PRISM that they share with the US. Maybe she just had one of the wrong people in her facebook friends list? That is not the sort of evidence that can be used to convict somebody in court, especially if the Government wants to avoid public questioning about their access to a close ally's secret database. Various rapists and murderers have made multiple court appearances in the last 12 months, tried and convicted in accordance with the procedures of justice. Ranjini has not been brought into a court room even once because the spooks don't want to reveal their sinister sources like PRISM.

Australia's close ties with the US

Australia has had particularly close ties with the US for many years and just as the British GCHQ has been linked to PRISM, it seems Australia's ASIO is also in on the act. For those not familiar with the depth of this alliance, it is worth checking up on Pine Gap, the ECHELON program and the recent exposure (by Wikileaks) of one of our senators with unauthorised US spy connections - he quietly resigned for `family reasons'.

Pine Gap, Australia

This is not to say that the US is universally bad or that the strategic alliance is undesirable: rather, it is simply to demonstrate the strength of these links and the real risk that data-sharing is used for inappropriate purposes.

While many of us in a technical field treat large volumes of data from a very theoretical perspective, it is worth remembering that in the wrong hands, data can be very dangerous and there are real human victims.

DanielPocock.com: "Do as we say, not as we do"

Fri, 07 Jun 2013 22:31:32 +0000

When I was preparing my blog entry about the Gold Standard in Free communications, I had absolutely no idea that The Guardian (another Ganglia user) would be hot on my heels with dramatic revelations about US Government surveillance of dangerous terrorists and maybe sucking up a little bit of data about a few hundred million of their own citizens and another 90% of the world's population for good measure.

Some people even thought I've been a bit paranoid with my concerns about excessive surveillance. However, it is just remarkable to see that in the same week that the trial of Bradley Manning is getting under way for inappropriate use of his employer's computer, the US has been exposed plotting cyber attacks and setting a very bad example for all those little script kiddies out there.

Practical questions for every one of us

Is it time to start blocking email to and from sites like gmail and hotmail?

What about the reports that the US Government was engineering back doors in the OpenBSD operating system? Have any open source projects actually been comprised in this way?

Will spammers and other criminals take this as a cue that there is nothing morally wrong with hacking?

Have certificate authorities been infiltrated too? They may well be the elephant in the room - while everybody was joking about the NSA key hidden in the depths of Microsoft Windows, maybe one or more of the well known trusted root certificates, right under our noses, is also a back door?

The danger is real

Anybody wondering about the practical implications of all this data gathering doesn't have to look very far to find out what can go wrong. In the same week as all these things were exposed, there have been more dramatic revelations about law enforcement officers selling private data for their own commercial gain. While the vast majority of police are surely good citizens, every organisation has it's bad apples and as Bradley Manning demonstrated so well, it only takes one person to breach security and enormous volumes of data can end up escaping.

Karsten on Free Software: Friday folly: EP requires proprietary software to register for workshop [Update]

Fri, 07 Jun 2013 15:08:15 +0000

There’s a great workshop coming up at the European Parliament, on “Legal aspects of Free Software”. The official link is rather understated, but the speakers are first class [Update" here's the preliminary agenda]. They include Eben Moglen, economist and Free Software researcher Rishab Ghosh, FSFE’s very own Carlo Piana, and the project lead for Munich’s migration to Free Software, Jutta Kreyss. The workshop will take place on July 9 in Brussels, coinciding with RMLL, so a great many Free Software people will be in town.

So far, so good, and I’m very glad this event is taking place. Of course I want to be there, and registration is required. And to register, you need what? Adobe Acrobat.

*facepalm*

Fortunately, you can also register by mail. I’ve done so, and used the opportunity to raise some concerns about what this choice of procedure means for the EP’s relation to Europe’s citizens. In case you want to come for the workshop, and if you share these concerns, feel free to re-use whatever you see fit of the points below.

UPDATE: I’ve been assured by the people who have been working for about a year to make this workshop happen that they’ve actually tested the sign-up form in a number of Free Software PDF readers, and that they’re going above and beyond their obligations in making sure that people can also register by mail. So the blame for this doesn’t fall with the EP staffers running the sign-up process, who have apparently done the best the can, but rather with the people in charge of the EP’s overall software environment (and those setting their priorities). The problem just becomes more apparent because this particular workshop deals with Free Software.

Dear Madam, Sir,

I would like to register for the

JURI Workshop on LEGAL ASPECTS OF FREE AND OPEN SOURCE
SOFTWARE

taking place in the EP on July 9. Please find my registration data
below.

The workshop program is highly promising, with great speakers who
are leading experts in their field.

However, I would like to express my severe disappointment at your
decision to require would-be participants to sign up using Adobe
Acrobat. This choice means that in order to participate, I would
have to purchase and install non-free software on my computer,
which might not even work on my operating system.

The European Parliament must set itself the highest possible
standards for transparency and citizen participation. In this
instance, it has clearly failed to do so.

If I were to recommend a more suitable procedure for handling
registrations in an efficient manner, I would suggest setting up a
simple web form. This is easy, efficient, and is done frequently
at a wide range of institutions, including the European
Commission. I would expect the EP’s IT department to make
available such a tool available to all parliament staff; if this
is not already the case, I recommend requesting it from them.

As regards PDF files, you might be interested in the website
PDFreaders.org

http://pdfreaders.org/

which lists Free Software [1] PDF readers for the most widely used
operating systems.

Requiring people to use non-free software in order to
participate in the Parliament’s activities erects unnecessary
barriers between European citizens and their institutions. I urge
you to help reduce those barriers, rather than making them
stronger.

My registration data is as follows:
[...]

Best regards,

Karsten

[1] Free as in freedom, not price.

Henri Bergius: The mobile-first Web

henri.bergius@iki.fi (Henri Bergius) — Fri, 07 Jun 2013 07:00:00 +0000

The growth of mobile web users is staggering. While some of us have been browsing the web on mobile devices for nearly ten years, most of the world population is only now getting there.

The number of mobile web users is already at 1.5 billion, which happens to be quite close to the total number of Internet users back in 2009.

And it is growing rapidly. In 2015 there will be an estimated 2 billion smartphone users which is quite close to the total number of Internet users currently.

In the developed world, this is likely to be a mixture of tablets, smartphones, and traditional desktop computers, with most users having at least two different web-capable devices. In the developing world, the smartphone is the computer.

Considering these statistics, it is insanity to design websites and services PC-first, with mobile only as an afterthought.

How to prepare

Just some years ago, the mobile web was a slum. Instead of getting full-featured websites, many sent us out to poorly-built and featureless m. sites. Now more and more sites go with responsive web design that makes the site itself adapt to different screen sizes and resolutions.

But even with responsive design, it is easy to go overboard. Tools like WordPress Jetpack and jQuery Mobile oversimplify the site itself by trying to make it look and feel like a native app. In the mobile-first world this is not the right way to go.

In The Rise of the Mobile-Only User content strategist Karen McGrane makes a valid point (emphasis added):

Mobile users should get the same content. It's frustrating and confusing for them if you only give them a little bit of what you offer on your "real" website. If you try to guess which subset of your content the mobile user needs, you're going to guess wrong. Deliver the same content as your desktop user sees. (If you think some of your content doesn't deserve to be on mobile, guess what — it doesn't deserve to be on the desktop either. Get rid of it.)

There is no pixel-perfect

In this new world users will access your content or software using a wildly varying set of devices. And each of them has the reasonable expectation of being able to access the full experience and the full set of features you're providing.

This changes web design substantially. Even in the old world of different PC browsers, pixel perfect web design was rarely that. With responsive design, it is even less so.

Instead:

Think in visual components instead of full pages. The composition of a page out of these components can vary for different screen sizes
Design the compositions always for at three screen form factors: a full-sized desktop or tablet screen, a smartphone screen, and the 7" tablet in between
Make your user interface elements big enough to be used on inaccurate touch screens
Never, ever require a plugin to access some content or functionality

CSS Media Queries make responding to different form factors quite easy. And besides that, they also make it easy to optimize for the different screen densities we now have. This way your images will look sharp on anything the users have, from the "retina-class devices" to the lowest-specced Chinese smartphone, while requiring the user to only download the assets that their device can utilize.

The devices people use to access the services you provide will vary greatly not only in their display capabilities, but also in the ways you can do input. Some will have mice and physical keyboards, but an increasing amount will instead have a touchscreen. For these users, it is a big service to use the correct HTML5 input types so that the on-screen keyboards and widgets can adapt to the content being entered.

The web is not native

The web is its own platform, and as such it is foolish to try and mimic traditional desktop applications. It will never feel quite right whatever you do.

It is a lot better to accept this and fully embrace the unique advantages of the web platform:

The web is an universal runtime that works on 100% of the computing devices your users have
There are no gatekeepers telling what you can publish, and no middlemen taking a cut of whatever you sell online
The web is built out of URLs that users can easily share with each other, and continue using when they switch devices
URLs also allow any application on the web to link to any screen or state of another application
It is just as easy to provide content as it is to provide functional applications on the web

Every major software company on the planet has their own web browser, and the competition between these is fierce. This will ensure that over time, the web will keep on getting better and faster. Compare this to traditional software platforms that can easily stagnate or get abandoned. Thanks to the standard protocols it also allows you to use any technology of your choosing for the server side of your software.

Paul Graham put it well in his The other road ahead from 2001:

And you don't have to know if you bet on Web-based applications. No one can break that without breaking browsing. The Web may not be the only way to deliver software, but it's one that works now and will continue to work for a long time. Web-based applications are cheap to develop, and easy for even the smallest startup to deliver.

Things are getting better

As somebody who has been developing for the web for nearly twenty years the rate the web developer experience keeps improving is sometimes dizzying.

We get used to some limitations in the stack, and then suddenly something comes along and removes that shortcoming. We're still exploring the new kinds of designs and visual experiences technologies like Media Queries and WebGL make possible, just like it took years for the community to find best practices around things like AJAX.

And yet new amazing things keep pouring in. My personal favourite recently has been Web Components which gives a standard way to provide reusable widgets on the web, and to do things like data binding and templating. This alone will make a lot of the popular frameworks and libraries obsolete.

Just watch this video and see how much easier web development is becoming:

The current work on standardizing Web Payments together with more grassroots efforts like BitCoin promise to add better ways to do business on the web. This should remove the last big advantage of native applications in that they're easier (but very expensive) to monetize via app stores and in-app payments.

Linked Data on the web and new features like Yandex Islands make it easier to connect web applications and data on the web together. Tools like my Create.js make the web easier to edit, and Web Intents promise even closer integration between web apps.

Each of these will make the web richer and better. Each of them will allow new startups to be built, and new meaningful connections to happen over the internet, many of these using mobile devices.

It is an exciting time to be a web developer.

hesa's Weblog » Free Software: GNU Xnee 3.16 (‘No Show Jones’) released

Thu, 06 Jun 2013 21:51:36 +0000

We are pleased to announce the availability of GNU Xnee 3.16

GNU Xnee is a suite of programs that can record, replay and distribute
user actions under the X11 environment. Think of it as a robot that can
imitate the job you just did. GNU Xnee can be used to:
    Automate tests
    Demonstrate programs
    Distribute actions
    Record and replay 'macro'
    Retype the content of a file

Getting the Software

   ftp://ftp.gnu.org/gnu/xnee/xnee-3.16.tar.gz
   ftp://ftp.gnu.org/gnu/xnee/xnee-3.16.tar.gz.sig

or one of the mirror sites as found in:

   http://www.gnu.org/prep/ftp.html

Checksums

  md5sum:

d70f26e135ebf5b1a307f1434c451eaf xnee-3.16.tar.gz
  cksum:

368848631 1798348 xnee-3.16.tar.gz

New in this release

New features:

Gnee can record XInput events

* Fixed bugs:

Savannah:

Fedora:

https://bugzilla.redhat.com/show_bug.cgi?id=962456

And the name “No Show Jones”? It’s a tribute to one of my favorite singers of all time, George Jones. He passed away in April earlier this year. George earned his nickname from his habit of not showing up at shows.

Paul Boddie's Free Software-related blog: Horseplay in Public Procurement? “Standards!”

Thu, 06 Jun 2013 16:46:38 +0000

There is a classic XKCD comic strip where the programmer, “slacking off” in the office and taking a break from doing work, clearly engaging in horseplay, issues the retort “Compiling!” to get his supervisor or peers off his back. It is seen as the ultimate excuse for not doing one’s work, immediately curtailing any further investigation of what really is going on in the corridor. Having recently been investigating some strategic public sector purchasing decisions, it occurred to me that something similar is going on in that area as well.

There’s an interesting case that came up a few years ago: Oslo municipality sought to acquire infrastructure for e-mail and related functionality. The scope of the tender covered “at least 30000 accounts” for client and server software, services and assistance, which is a pretty big tender but not unexpected given that the municipality is one of the largest single employers in Norway with almost 50000 employees (more statistics available here). Unfortunately, the additional documents are no longer available (and are generally not publicly available at the state procurement portal – you have to register as an interested party), but they are quoted in various places. Translating one particular requirement…

“Oslo municipality has standardised on Microsoft Office as office productivity software. It is therefore expected that solutions use MS Outlook 2003 and later as client.”

Two places where the offending requirements are reproduced are in complaints to the state procurement panel: 2009/124 and 2009/153. In these very similar complaints, it is pointed out that alternatives to Outlook can be offered as options (this is in the original tender), but that the municipality would only test proposed solutions with Outlook. As justification for insisting on Outlook compatibility, the municipality claimed that they had found “six different large companies of relevant software in connection with the drafting of the requirements”, and thus there was a basis for real competition. As a result, both complaints were rejected.

The Illusion of Compatibility

Now, one might claim that it is perfectly reasonable to want to acquire systems that work with the ones you already have. It is a bit like saying, “I’ve bought all this riding equipment: of course I want a horse!” The deeper issue here is whether anyone should be allowed to specify product compatibility to limit competition. In other words, when you just need transport to get around, why have you made your requirements so specific that you will only ever be getting a horse?

It is all very well demanding compatibility with a specific product, but when the means by which compatibility can be achieved are controlled by the vendor of that product, it is never going to be a fair competition for anyone trying to provide compatibility for their own separate products and solutions, especially when the vendor of the specified product is known to have used compatibility breakage to deliberately undermine the viability of competitors’ products. One response to this pitfall is to insist that those writing procurement tenders specify standards instead of products and that these standards must be genuinely open and not de-facto proprietary standards.

Unfortunately, the regulators of procurement do not seem to go even this far. The Norwegian government states that public sector institutions must support various standards, although the directorate concerned appears to have changed these obligations from the original directive and now insists that the dubious, forcibly- and incompletely-standardised Office Open XML document format must be accepted by the public sector in communications; they have also weakened the Internet publishing requirements for public sector institutions by permitting the use of various encumbered, cartel-controlled audio and video formats. For these changes, entertained in a review process, we can thank the likes of Statistics Norway who wanted “Word format” as well as OOXML to be permitted in the list of acceptable “standards”.

In any case, such directives only cover the surface of public sector activity, and the list of standards do not in general cover anything more than storage and interchange formats plus basic communications standards. This leaves quite a gap where established Internet standards exist but are not mandated, thus allowing proprietary protocols and technologies to insert themselves into infrastructure and pervert the processes of procurement and systems integration.

The Pretense of “Standards!”

But even if open standards were mandated in the public sector – a worthy and necessary measure – that wouldn’t mean that our work to ensure a level playing field – fairness in procurement – would be done. Because vendors can always advertise compliance with standards, they can still insist that their products be considered in any procurement contest, and even if those products do notionally support standards it does not mean that they will end up using them when deployed. For example, from the case of the Oslo municipality e-mail system, the councillor with responsibility for finance and development indicated the following:

“Oslo municipality is a complicated and comprehensive organisation and must take existing integration with specialist/bespoke systems into account. A procurement of other [non-Microsoft] end-user software will therefore result in unnecessary increases in costs for the municipality.”

In other words, even if existing software was acquired under the pretense that it supported standards, in deployment it may actually only function with other software using proprietary mechanisms, and the result of this is that newly-acquired software must also support these proprietary mechanisms. And so, a proprietary infrastructure grows, actively repelling components that employ open standards, with its custodians insisting that it is the fault of standards-compliant software that such an infrastructure would need to be dismantled almost in its entirety and replaced if even one standards-compliant component were to be admitted.

Who benefits the most from this? The vendor peddling the proprietary platforms and technologies that enable this morass of interdependency, of course. Make no mistake: any initial convenience promised by such a vendor fades away when the task of having to pursue an infrastructure strategy not dictated by outside interests is brought to bear on the purchaser. But such tasks are work, of course, and if there’s a way of avoiding it and insisting it doesn’t need attending to, a distraction can always be found.

And so, the horseplay continues under the excuse of “Standards!” when there is no real intent to uphold them or engage in the real work of maintaining a sustainable infrastructure that does not exclude open competition or channel public money to preferred vendors. Unlike the character in the comic strip whose code probably is still compiling, certain public sector institutions would have experienced a compilation error and be found out. It appears, unfortunately, that it is our job to peer around the cubicle partition and see what is happening on screen and perhaps to investigate the noises coming from the corridor. After all, our institutions don’t seem to be particularly concerned about doing so.

anna.morris's blog: How to stay in the HTML5 trail when you clear your cookies

Thu, 06 Jun 2013 13:41:38 +0000

I recently made a video and how-too guide for Documentfreedom.org about how to watch videos on YouTube using HTML5. You can checkout that info here.

The problem with the YouTube “trial” system is that it uses a cookie to record your “in the trial” status. Many of us who wish to join the future by using HTML5 for video and audio also like to clear out cookies regularly, to avoid being “followed” by creepy internet marketing people: however, by doing this we also clear the cookie which keeps them in the HTML5 trial.

Below are two guides for how to keep the HTML5 trial cookie whilst deleting others. The first guide is simple and requires little future action, but less effective at isolating the cookie: the second guide is slightly less simple, requires more regular action in the future, targets the exact cookie for the HTML5 trial. This guide is only for Firefox users for now, but “Method Three” invites people to share there knowledge of how to achieve the same thing in other browsers, and through other methodologies.

Method One: very simple.

This first method is very simple. It assumes we want to remove all cookies when we close Firefox and that all cookies from YouTube will be accepted (or “Whitelisted.” This method is therefore less effective than method two, as there will probably be other cookies relating to advertising etc from YouTube stored as well as the HTML5 trial cookie. However, you won’t need to take any further steps or routines relating to the this topic once you are done. Once you have followed this guide, you will be all set to forget about this issue (or at least until you next upgrade your browser when you may need to await add-on compatibility). For this method we will use Selectivecookiedelete, which is licensed under the GPL compatible Mozilla Public License 1.1.

1. Clear all cookies by going Tools > Clear Recent History, selecting cookies and clicking Clear Now

2.. Download the app here by clicking

After download is finished, you will be prompted to restart your browser. Once you have restarted go to www.youtube.com/html5 …

…and click to join the html5 trial.

Then go to Tools > Selective Cookie Delete > Show Preferences

We want to add our HTML5 cookie into the “whitelist” box, so, we click Edit Site List and we see the following dialogue box:

We need to click on “youtube.com” (not accounts.youtube.com) and then click on the right pointing arrow

And then we should see youtube.com on the list of websites who’s cookies will not be deleted:

If you wish to add other sites to this list, you may do so, for example, I would be happy to permanently keep cookies from my FSFE blog by adding blogs.fsfe.org to my whitelist. I know that these cookies are mostly related to my blog preferences and I know that FSFE is not / unlikely to be using cookies in a way that is unacceptable to me. However, I am less happy with stroring google’s cookies (even though I use their services every day) because Google has a poor privacy record. You will see cookies from most sites appear in the list after you have visited them, so you may want to check back here a few times over the next few days and see who else you wish to whitelist.

Click Update Sites when you are done with this stage.

We have only one more step to take to make our cookie deletion automatic:

We need to check the “Automatically remove cookies ….” box. This means that all cookies, except those on our whitelist, will be deleted when we close our browser.

Note that it may still be worth removing cookies periodically while you are still using your browser, for example, while you are browsing shops on-line. You do this by going Tools > Selective Cookie Delete > Show Preferences > Shave preferences and remove cookies. One reason for clearing cookies mid-session rather than only at the end is that there have been reports in the news of, for example, airline companies using cookies to artificially inflate prices. However, bear in mind that your shopping cart contents and previously viewed products may also be based on cookies so you need to take steps to avoid losing the links to products you want to buy.

Method Two: more effective.

This method is a little more complex, but not by any means difficult for an average computer user. The main difference is that we will specify the exact cookie that we want to keep, rather than keeping all cookies from YouTube. In this method we will use the add-on Cookies Manager+ both for keeping hold of our HTML5 Trial cookie and also, for ease of use, for general cookie deletion (ie, we will use it instead of the Tools > Clear Recent History menu). Cookies Manager+ is licensed under the GPL compatible Mozilla Public License 1.1

1) First we go to Tools > Add-ons and search for “cookie”

We need to look down the list for “Cookies Manager +” and click the install button.

Wait for the download to finish and restart as prompted

Once you have restarted go to Tools > Cookies Manager+ and you will see the Cookies Manager+ Dialogue appear. First of all, you are going to clear all your cookies so you can start afresh. To do this, tick the Select All box on the top left of the list of cookies. Then click on Delete.

Confirm to Delete All.

Now close this Cookie Control+ window.

Now, you need to go to www.youtube.com/html5 to join the html5 trial.

Here you need to click on the Join the HTML5 Trail button. This will change the web page to say “You are currently in the HTML5 Trial”

This action has set a preference cookie on your hard drive: this means that each time you visit YouTube the website will recognise you as a brilliant and forward thinking individual (and you will see videos in HTML5). You can, using Cookie Manager+ see this cookie. Go to Tools > Cookies Manager+ and you will that several new cookies have appeared. One of them is from youtube.com and is labelled PREF. This is the cookie that we want to always keep when we detele our cookies, because this is the cookie that ensures we view YouTube videos in HTML5 when possible.

So now we must ask our Cookies Manager+ add-on to make a back up of this cookie. We select it, just the youtube.com / PREF cookie:

We now go to File > Backup/Restore > Backup Selected and choose a good place to store our cookie. I made a new folder called “cookies_i_like” in my documents folder.

Then, to try out our new backup and restore system, we must delete all our cookies again and restore the html5 cookie using our new backup file.

First of all, tick the Select All box on the top left of the list of cookies and click Delete.

Next go to File > Backup/Restore > Restore All

We then need to find our backup file that we made earlier, select it and click open. Our html5 trial cookie will then be resorted and we will continue see YouTube videos more freely by default.

We can double check this by going back to the www.youtube.com/html5 and checking that we are still “in the HTML5 trial.”

Method Three? You tell me!

If you are an expert, please get in touch!

My ideas for improved methods are:

1) For GUI users this add-on seems better because it can no only isolate the exact cookie, but can automatically restore it (rather than the manual restore you need to use in method two): however, I could not get that feature to work, and still had to manually restore.

2) I found a script to isolate and keep the HTML5 trial cookie, however, I have no idea how to use it. Is this script effective? Could you write a beginners guide in how to use it?

3) Could this be built into Firefox? There was some discussion in the Tor project about building HTML5-trial into the browser: given that Firefox has worked so hard on HTML5 video, could we ask for trial inclusion to be the default?

4) Who can write guides for other browsers? So far I have had little success with HTML5 video in Chrome, however, if you know more, a guide would be great! Also, here is some information about the issue in Seamonkey.

5) What about Vimeo? I have also had very little success watching HTML5 video on Vimeo – what about you? Could you write a guide? Is HTM5 video in Vimeo cookie based too?

Ideas for more cookies to keep:

Which other in/out cookies should we think about keeping?

You may wish to look at locating and keeping the cookie mentioned in this video. This cookie is involved in disabling targeted advertising (but it doesn’t stop the data collection in the first place).

Do you have any more suggestions? Post a comment or email me at anna . morris @ fsfe.org

anna.morris's blog: Cutting out a photo and removing white edges in GIMP

Wed, 05 Jun 2013 19:41:36 +0000

This Blog is taken from my Ethical Pets Wholesale blog for small businesses.

Here is the problem:

When you view this image on a white background it looks fine, but when you view it on a black background (or other dark colour) then there are little white bits around the image. It may be tempting to try and remove these with an eraser effect – but that will take a very long time and won’t look as good. Here is a simple way of removing them using a mask.*

This guide uses GIMP – the Gnu Image Manipulation Program. The GIMP is a Free Software photo and image (raster) editor and you can download it, gratis, here..

Right click on the layer in your layers dialogue and click “Layer to Image Size”

Once you have opened your image, make sure that your image is on a layer which fills the whole screen by right clicking on the layer in your Layers dialogue and clicking Layer to Image Size.

Next You need to duplicate the layer. To do this you right click on the layer again in your Layers dialogue and this time choose Duplicate.

Right click on your layer and select “Duplicate”.

Next turn the duplicate layer into a black and white version. To do this click on the layer, and in the GIMP menus go to Colours > Threshold. When the Threshold dialogue appears drag the arrow all the way to the left. You are aiming to have an image where the background it totally black (or transparent) and the area with your image in is totally white.

Other dialogues, such as the Brightness-Contrast option, also under Colours, may be helpful in this stage of the process.

Use the Select by Colour button to select the BLACK / TRANSPARENT area (not the white)

Select the black / transparent area of your new layer using the Select by Colour tool. Go to the Select menu and click Grow. Choose a small number of pixels, depending on how much white you have. I have chosen 4 pixels. Click OK.

If you zoom in (use the plus / add key) you will see that the selection is now a few pixels closer to the centre of your logo than it was before.

Press your Delete key (depending on your current layers and transparency set up you may or may not see a noticeable change). Go to Select > None.

Right click on your layer in your Layers dialogue again and this time select Add Layer Mask. In the Add Layer Mask dialogue click Greyscale copy of layer. You will see your layer mask appear next to the layer in your Layers Dialogue.

Go to Edit > Select All (or try using Control+A) and the go to Edit > Cut (or use Control+X). Click on your logo layer then right click and Add Layer Mask. This time choose White (full opacity).

You will see a new Layer Mask next to your logo.

Go to Edit > Paste (or Press Control + V). You will see the layer mask you made with your Duplicated layer appear in the layer mask for your original logo layer.

If you now look at your logo with a black background behind it (try Layer > New Layer if you need a dark layer) you will see that the white bits have been cut away (they are actually only hidden at this stage, if you right click on your logo Layer and click Disable Layer Mask you can see your logo is untouched).

If there are any white parts left, right click on your logo layer (not the duplicate) in your Layers dialogue and click Mask to Selection. Go to Select > Grow and chose a small number of pixels again. Press OK. Press your delete key. Notice that more of your logo has been hidden. Repeat this until all of the white parts are hidden. Save your file at this point especially (File > Save or Control+S)

Last of all, you need to apply your layer. It’s probably worth saving the document as something else first to allow you to make changes to your mask in the future if you need to. I saved mine as Logo_Perfect.xcf (xcf is the gimp format. I will export it as a .png or a .jpg later). When you have saved your file right click on your logo layer in your Layers dialogue and choose Apply Layer Mask. You will see the mask has gone and the white parts have now been properly cut away, and not just hidden.

You have done it! Well done!

*You could use this guide to cut out the whole image from scratch. This guide is is useful too (but out of date). Also, there may be other ways to do the task I have described, this is just the way I figured it out first

stargrave's blog: Why I am switching back to *BSD

Wed, 05 Jun 2013 19:13:18 +0000

I was FreeBSD user for six years and worked with it’s versions from 5.0 to 7.0. There appeared to much work with GNU/Linux related subsystems exclusively and it was easier for me to switch yet another UNIX-like operating system temporarily.

I tried several distributions but stayed exactly on Debian. My requirements were:

mature, stable and reliable system without any bleeding edge software. I do not worry that there is no latest version of Firefox for example. Included in stable Debian’s distribution one fully satisfies me. Maybe it is not so fast as can be, but it is mature and working.
less or more permanent distributions overall architecture without any sudden surprises after yet another packages upgrade. Of course sometimes it can not be skipped, but serious changes are always must be in a major software/distribution version that is rather seldom event.
big collection and wide availability of various software. Debian has one of the biggest packages collection. And all of their binary compiled versions can be easily installed using single command. Of course you must trust it’s maintainers. I trust and rely on them.
it’s basic installation should not have anything that I am going to remove as a first step. Just minimal bunch of tools and daemons. Ubuntu for example does not provide that: I have to remove huge piles of GNOME-related things and only then install my preferred ones.

Debian even now is the single distribution that can fit in those requirements. But several weeks ago I was very disappointed hearing that most part of it’s developers support integration with systemd.

You see, modern GNU/Linux-es are not a UNIX-like OS with UNIX-way hackerish concepts anymore. UNIX-es in my opinion always were very beautiful and smart programmers creations with really very elegant tasks solving. Most GNU/Linux-es lost that property.

Several decades there were quite few interprocess communication choices. Most time it is either plain text or, unfortunately, binary data floating between conveyors, pipes, domain or network sockets. Each daemon representing any subsystem can be less or more uniquely determined by socket path of pair of network address and port. In nearly all cases it can satisfy anybody.

Even at the very early days of UNIX systems hackers preferred plain text and similar driven protocols and file formats. Though rather relatively big SMTP responses are not as good as binary ones could be, exceptionally on that time slow links, hackers preferred human readable choices anyway, because they are simple, easy to debug, easy to maintain and easy to use.

But GNU/Linux does not like idea of beauty clever decisions and long time proven software. It’s developers (I can not call them hackers in most cases anymore) have to invent the wheel again and create yet another incompatible solution like several IPCs before and DBus itself. It requires heavy dependencies, it does not use well known socket-like paths and addresses, it uses unreadable binary protocol, it is slow and does neither guarantee any delivery nor has any buffering queue.

Access to various low level hardware devices used simple device node filesystem-like access. Of course many of them dictate standards existence and audio has one: Open Sound System, represented by entries inside /dev. Easy to use, easy to implement proven and mature system. If you want to stream audio data other the network you can easily use UNIX power to connect it for example with either pipe or network socket.

GNU/Linux folks do not understand that elegant solution and invent ALSA, aRts, ESD, NAS and PulseAudio at last. So many reinvented creations for rather simple thing. Of course OSS is not the right solution if you have to mix various sound inputs and outputs of both hardware and software modules. But JACK does this job pretty well. GNU/Linux developers do not think so again.

What about operating system’s initialization part? You have various daemons that should be started and controlled. You have to do various file system related steps, manage process execution somehow. All that tasks are done for a long time using shell interpreter, intended to solve them. As a fact each daemon has small shell script used to control server’s behaviour. Hackers need to glue those daemons together. For me, it seems to be very elegant solution to include trivial plain-text metainformation as script’s comments and to create symbolic links dependent on that metainfo with number included to force sorting done right, as in System V.

UNIX-way is to have many small tools, where each of them does single job, but does it well. Simple separate initialization system, simple separate logging system, simple separate shell interpreters, simple IPC socket-oriented libraries, simple daemons, cron, inetd and so on. Looks simple, clear and nice.

You are wrong! Modern GNU/Linux-es can not accept that, because they are missing written on compiled language (does not depend on already existing software for controlling process flows (shells)) program, with own IPC dependency, with own declarative language bloated combine of initialization, logging, cron/at-ing, inetd-ing and DBus/socket listening systems at once. Wait, systemd is pretty modular: several dozens of separate executable. Hackerish SysV is just a shell interpreter with several shell-scripts. Thirty years ago logs have been written on rather small hard drives in plain text, but today seems that hard drives became much smaller and more expensive and systemd decided to write human unreadable and unprocessable with any kind of sed/awk/shell/perl tools binary logs.

I still do not understand why GNOME and derivative distributions (I am sure that udev, systemd, dbus and GNOME are single aggregate) does not use very simple mailcap-files to decide what to do with various kinds of data. mailcap contains plain text lines with data content type and shell script code saying what program you need to run and apply to data. Just find the line by it’s content type and execute related command line. This can be done with single sed call. Just simple plain text file to rule all user’s software preferences. GNOME has to prerun software that will register itself on DBus (should be already running), then another software must create proper message, send it over DBus hoping that someone with catch it doing probably what user wants. It is awful.

And at last I see in Debian maillists that they are going to remove local sendmail server. I see what is happening: when systems are created by very clever hackers — they are very cool for educated technicians and other hackers. When ordinary labour crowd is falling in this world: it will be ruined. Usenet was destroyed like that. Email etiquette has mostly disappeared and replaced by top-posted huge quoted HTML messages, after user-friendly email clients born.

Security is not compatible with user-friendliness. Simple clever hacks are not compatible with classical user’s world of view. Developers never speaks users on the same language. There is always separation of developer-friendly and user-friendly. They can not coexists together, as like servers are pretty different from desktops.

Current Debian is very developer and server friendly system, while Ubuntu is aimed to be user-friendly. Systemd is great for desktop requirements, so let’s integrate it to desktop system. Why one is going to replace cron/at, SysV/rc, inetd, sockets, syslog, devnodes with single all-in-one bloated monolithic combine and remove sendmail? What will stay from UNIX itself? Arch Linux is going to mess /bin and /sbin with /usr/bin. So I won’t even find /bin/sh in that OS. It is not UNIX-like system anymore. It is yet another unmaintainable crap of compiled monolithic POSIX-compatible (hope so) code.

Of course there are really true hackerish UNIX-like GNU/Linux distributions, but all known ones require much manual work with them. Free software *BSD does not, as it has cool port collections and well maintained high quality overall system’s design (not a pile of absolutely different software pieces).

Colors of Noise - Entries tagged planetfsfe: Calendar synchronisation between Nokia N900 and the Calypso CalDAV server

Wed, 05 Jun 2013 17:50:19 +0000

One of the replies to the post about Debian's last groupware meeting was from Patrick Ohly of syncevolution fame pointing out that syncevolution already implements calendar autodetection for CalDAV calendars as described in draft-daboo-srv-caldav-10.

While looking at the code I noticed that there's a backend for the N900s calendar by Ove Kåven as well.

When I tried Ove's latest package on my N900 it lead to an immediate crash when doing a:

syncevolution --print-items target-config@webdav calendar

According to Patrick the bug was supposed to be fixed in recent versions so I set up scratchbox and built a newer git snapshot for maemo (sources). This wouldn't crash but didn't show up any items either. It turned out to be a minor bug in calypso returning no content type for REPORT queries which resulted in libneon discarding the whole reply (now already fixed in calypso upstream).

With this out of the way setting up synchronisation is quiet simple:

# Configuration
CALDAV_SERVER=192.168.0.10
syncevolution --configure username=<username> password=<password> \
              calendar/backend=caldav calendar/database=https://${CALDAV_SERVER}:5233/private/my_calendar \
              target-config@webdav calendar
syncevolution --configure --template SyncEvolution_Client sync=none syncURL=local://@webdav username= password= webdav
syncevolution --configure sync=two-way backend=calendar webdav calendar

You should then be able to print the items on the local (N900) and from the remote (CalDAV server) end:

# This lists the current calendar items on the server
syncevolution --print-items target-config@webdav calendar
# This lists the current calendar items on the N900
syncevolution --print-items @default calendar

And from there on sync away:

# initial slow sync
syncevolution --sync slow webdav
# from there on
syncevolution webdav

The syncevolution source code has great documentation about debugging problems (e.g. src/backends/webdav/README). So check that in case you run into problems. The tl;dr version is

SYNCEVOLUTION_DEBUG=1 src/syncevolution loglevel=10 --print-items target-config@webdav calendar

to debug CalDAV related problems. In case you need to run syncevoluton from source be sure to set these beforehand:

export SYNCEVOLUTION_TEMPLATE_DIR=$PWD/src/templates/
export SYNCEVOLUTION_XML_CONFIG_DIR=$PWD/src/syncevo/configs/

On the CalDAV side I used current Calypso git which (with some additional minor fixes) now also interoperates nicely with Iceowl/Icowl-Extension aka Sunbird/Lightning on the desktop side. There's also an ITP for it. So it'll hopefully end up in Debian soon.

DanielPocock.com: The Gold Standard in Free Communications Technology

Wed, 05 Jun 2013 16:37:57 +0000

In a previous blog entry, I posed the question whether open source communications software is really free and came to the conclusion that additional principles need to be defined for free communications, above and beyond the normal expectations of free software.

This is a fundamental problem that projects like the FreedomBox, Lumicall and other privacy-enabling free communications solutions must be familiar with. Otherwise there is a risk that development will never end as there is no finish line in sight.

Practical solutions are not so easily defined though: so let's just imagine a perfect solution for a moment. Later, we can contemplate the trade-offs that are necessary to make it practical.

Perfect privacy

Here are some attributes that may exist for a perfect solution:

Privacy must be the default: the user should not have to explicitly request privacy. If there is a risk that an incoming communication will establish a session without full privacy, the user should be able to decline the opportunity to participate.

Only participants to a communication can receive the communication

A third party should not be able to replay, modify or forge any aspect of the communication or the request to initiate a session

Only participants to a communication are aware that a communication occurred

Only participants to the communication are aware of who participated in the communication

A participant may be anonymous: but in this case, all other participants will be aware that there is an anonymous party present in the communication

Participants may not deduce any information about the other participants that is not explicitly shared (e.g. location, type of device, service provider)

In the case of real-time communication, a participant may leave the communication without any other party even realising that they left or why.

Communication is off-the-record: No participant can save and reproduce a copy of the communication in such a way that a third-party will know it was authentic.

Anonymous reception of communications - the perfect post-office box: someone may create an anonymous identifier that allows other people to call them without being able to trace their location or identity

Some consequences of a perfect solution

Just imagine if all communications worked in this manner.

There are many potential consequences. For example, if you call somebody and the call is not connected, you will get no feedback about whether their line is busy, out of service or whether they deliberately chose to reject your call.

Another example is somebody who is driving while talking on a telephone. If they have an accident, there will be no way to prove that they were using the phone. This may already be the case if somebody uses a VoIP app on their phone - the police investigating the accident later will simply find no records of calls through the mobile phone account.

Conclusion

The perfect solution described here is something of a holy grail rather than a recipe that a developer can implement. It is unlikely that such a solution will fall out of the sky in the immediate future. Most software products that offer secure communications only address less than half the issues described above: for example, digital mobile phones prevent eavesdropping with arbitrary radio receivers, but they don't prevent shops detecting the IMEI (serial numbers) of phones that pass through their store and using that information to identify repeat visits to their store.