I'm just digging through OFTC's nickserv database to do some cleaning. We have a bit over 20k nicknames in the database on 18k accounts which means about 10% of registered nicks are linked to other master nicks.

By the power of sql, here's some statistics on the domain names of the email addresses our users:

com  9144
net  2241
org  1778
de   1016
uk    392
nl    288
fr    223
edu   217
au    203
it    193
br    190
ru    174
ca    165
se     88
dk     74
at     70
fi     62
cx     59
info   58

gmail.com             3997
hotmail.com           1405
yahoo.com              843
gmx.de                 221
gmx.net                201
web.de                 156
debian.org             148
free.fr                 94
aol.com                 90
msn.com                 73
comcast.net             72
gentoo.org              71
mail.ru                 65
xs4all.nl               59
linuxmail.org           58
verizon.net             57
yahoo.co.uk             54
yahoo.com.br            45
googlemail.com          45
student.uq.edu.au       44
sbcglobal.net           36
earthlink.net           33
users.sourceforge.net   32

The numbers could use some aggregation as some providers use zillions of TLDs (yahoo, gmx).

My personal favorite in there is root@localhorst :-)

I've given the idea of centrally configuring my hosts another go. Previously I had some meta packages that would pull in packages, but that's not very interesting. Furthermore the archive I set up didn't scale, dpkg-scanpackages plus makefiles aren't really fun to use.

Now, I have a set of cfengine scripts that gets distributed as .deb. That sounds messy, but connecting reprepro with the right .dput.cf makes updating a breeze.

cfengine itself is a beast not easily tamed. It has some weird ideas about timeouts and when (not) to execute scripts. So far I'm only using "editfiles" in this setup to do tweaks like comment HashKnownHosts in ssh_config, add some sources.list entries, add %adm to sudoers, etc. Next step will be to also automatically push config into chroots, and to pull passwd.db and friends for use with libnss-db.

When using a <limit> in mutt's message index, I always try to hit 'q' to get back to the index view, but of course there's nothing to quit. The macro below changes 'l' such that 'q' will unlimit, and a subsequent 'q' will then quit mutt:

macro index l '<enter-command>macro index q "<limit\>.<enter\><enter-command\>bind index q quit<enter\>"<enter><limit>' 'limit with quit enabled'

(The weird &gt; quotes trick the parser into not parsing <fct> in the outer <enter-command> layer.)

0-$ bash 1$ bash 2*$ bash

If screen's default ^A w status line isn't really useful, put this in your bash prompt:

PS1='\[\033k\u@\h\033\\\] ...'

In other words, ESCk ESC\ sets the screen window title. This is independent from the xterm title. Thanks to formorer for the pointer.

Update: fixed quoting in PS1

Why being a Debian Developer is good:

These are all the rows of your personal log.
Date                    Log Entry                                               *
2007-08-31 20:31:39     Credit update: free credits for Debian developers!      50

Thanks to sixxs.net I'm now connected to the web 6.0. Setting up the tunnel on the server machine was easy thanks to aiccu, only the openvpn routes for my other machines was a bit more tricky. (Openvpn doesn't support "mode server" for ipv6 yet.)

On a sidenote, freewrt is much nicer to use on my Asus WL500gp than openwrt - feels much more like Linux (even Debian) than the nvram stuff on openwrt.

Still my favourite l.d.o posting: Re: plain language disclaimer.

Note to self: the "-v" in 'pkill -v $pid' does not mean --verbose.

I haven't said anything in the DM threads yet because I still don't know which actual problem the introduction of DMs is trying to solve.

IMHO the current process with sponsors reviewing and uploading packages has proven to work nicely, i.e. the amount of broken packages uploaded is not too high. Most of the perceived problems with this process stem from the fact that most of the packages offered on debian-mentors or #debian-mentors are initially crap and need lots of review cycles. Once people produce good packages asking the last sponsor for another upload should work. (And at that point NM will be a breeze.)

Particularly I don't like the fact that the "initial policy for an individual to be included in the keyring" does not include any check of any technical or non-technical skills besides having a gpg key and be able to tick 3 checkboxes. I fear this will lead to people blacklisting "DM" packages because they don't want low-quality packages on their machines.

At the same time, the rest of the GR text is micro-managing every other detail of the process in a way that doesn't leave much room for practical implementation decisions.

It appears to me that the DM concept as sketched in the GR is mainly meant to let NMs upload earlier, i.e. it tries to fix the fact that front-desk or DAM approval take too long. I think the fix for that is just to find someone besides Joerg to also read the AM reports. DMs as in the GR are a workaround, not a solution.

On a sidenote, I'm still wondering why front-desk (and afaict the DAMs) were never asked about their opinion while/after the GR was drafted. I had some chats with Anthony on IRC on the topic, but that was shortly after Debconf 6 (there was a related BoF), nothing in the past months.

(not with the front-desk hat on, but having it within reach)

PS: I voted "-1".

Setting up X.org on a Sony PCG C1VE on Debian/etch:

• dpkg-reconfigure xserver-xorg
• ati
• rest default
• edit xorg.conf:
• Section "Monitor": ModeLine "1024x480" 65.00 1024 1032 1176 1344 480 488 494 560 -hsync -vsync
• Section "Screen", SubSection "Display": Modes "1024x480" ...

I had been using fvwm2 for some 10 years when around the beginning of this year, I thought it might be time for a change. My config was originally copied from some SuSE templates and then heavily tweaked over the years, but recently broke more and more in subtle way with new fvwm upstream versions, e.g. moving windows suddenly required a different mouse button. Probably the config was just slightly out of spec and fvwm got "fixed", but it was annoying.

The "tiled" window managers I had seen on others' desktops made me curious, so I gave ion3 a try some months ago. The overall appearance was all cool, but it tried a bit too hard to squeeze all windows into tiled windows - of course there's the floating workspace, but creating one was weird, and moving windows even weirder. And if only the (default) key bindings were more vi-like... I admit I never really bothered to read the documentation - probably everything would have been much nicer otherwise.

Then there was the big license "wtf" with ion, at which point I started looking around further. dwm looks clearly too l33t to be serious, so wmii was the next choice, 3.1 to be exact. vi key bindings, a nicely configurable status bar, easy workspace switching and window moving. wmii doesn't have horizontally split windows (windows are always in columns), and no "tabbed" windows, though. It didn't warp the pointer to the currently active window (something I got used to with fvwm), but some config tweaks mostly fixed that. This time, I read the documentation, but there's only a 10 page pdf beginners document, but there's not much to configure anyway.

Then came lenny. Testing and unstable currently feature version 3.6 which is a big disappointment. It is broken (the default config is unusable), and even after fixing that, it looks like they removed all the little details that I liked. The status bar is still there (though with a new location in the virtual filesystem), the color cannot be changed anymore (unless changing some other color as well). The windows used to have slim 1-pixel (configurable) borders. Now they still have, but the border will be expanded if the window chooses a different size - xterm always rounds down to the next character size, so all my terminals have fat surroundings now. The last-active window in a inactive column still had some markup so I knew which window Alt-Left/Right wound return to, now I have to guess. I wouldn't mind fixing my 3.1 config for 3.6, but I don't think I will, given these issues look unfixable. The 3.1 wmiirc file looked like a sh script, the 3.6 uses eval and a bunch of functions that frighten me. On a positive note, it is now possible to create new workspaces by just selecting them, which is much handier than start-program, wait, move-window-over, move-workspace.

I guess I will give ion (2, 3?) another try...

I'm finally home again.

Thanks to all the people who make DebConf such a great experience.

You know you have left the continent when you see this:

I've arrived all well, only that I made the same mistake as always - leaving the house without writing down (or even looking up) the precise address where to go. Luckily the information centre at the EDI airport had a web browser. (And they didn't get scared away by repeated "This page contains insecure media" warnings on debconf.org.)

Romain, dput supports scp and rsync. (Though without progress indicator.)

Although I missed the deadline for the DC7 KSP, I just imported the keyring. First I ran gpgsigs -r ksp-dc7.txt, and then gpg --import ksp-dc7.asc. The result is scary:

gpg: Total number processed: 182
gpg:               imported: 44  (RSA: 3)
gpg:              unchanged: 117
gpg:           new user IDs: 18
gpg:            new subkeys: 1
gpg:         new signatures: 64

In other words, there are about 18 people who have added a a UID, but not sent it to a keyserver. One key wasn't even there. This includes a fair number of people whom I usually trust to handle such things more carefully. Please consider running gpg --send :)

Update: On a closer look, at least one of the "new user IDs" was already present on subkeys.pgp.net. Maybe my gpg was just to stupid to handle its own keyrings. (The missing key was really not there, I've uploaded it in the meantime.)

10:51 -!- Irssi: Topic: -: So: Myon
10:51 -!- Irssi: Topic: +: Transit: Myon

Given the steady stream of "are you here yet?" questions in my irc client, it looks like I will meet a lot of old and new friends in EDI.

My flight will leave from DTM at 17:30 today, arriving at 18:15 in EDI. Still pondering if going by train or car, probably the former.

I just finished implementing postpone, a wrapper that is intended to take an arbitrary command, fork into the background, wait until some lockfile is freed, and then run the command. Of course the idea is that the lockfile is /var/lib/dpkg/lock, and that postpone is used in maintainer scripts. (Update-menus already does that, and I've basically grabbed that code and generalized it as a separate program.)

As a test implementation, I modified the post{inst,rm} templates in the tex-common package and rebuilt texlive-lang- using that. dpkg -i texlive-lang-.deb takes over 4 minutes in the old version, but only a total of 60s with postpone used (35s for dpkg -i plus 25s for the background jobs).

A Debian package is currently sitting in NEW, let's hope it will actually get used in maintainer scripts.

Note to myself: fcntl() locks vanish after a fork(). flock() works, but doesn't work over NFS. Not that I care about the later, but sometimes I wonder why Unix is so weird.

Sven Luther, you suck.

I desperately hope Debian will recover from these months.

PS: Please go see a psychologist. Really.

I just booked my Debconf flights. Airline websites are a major PITA. Germanwings wasn't even available, "maintenance today from 23 to 2h" - sorry, no happy customer.

Ryanair's appearance was the worst. I don't mind crappy html as long as it works, but why do I have to choice between "Herr" (Mr), "Frau" (Mrs), "Mrs" (!), and "Miss"? When I said I lived in "Mönchengladbach" they replied with the equivalent of "Please do not use special characters like { } | < > [ ]." Apparently I'm allowed some amount ("20kg 15kg for travel past November 2006") of luggage (except if I'm below the age of 2), but later they charge for it. Then there's a drop-down menu asking me in I which country live, but it doesn't really mention that this is really where I select whether I want travel insurance (I don't). At the end of the page I'm asked to confirm that I accept the travel insurance terms (I still don't), but that's also the checkbox for their general terms of service. That flight would have gone through Prestwick (PIK) which is apparently fairly well connected to Edinburgh, but the flight back would leave at 7.50 am. I don't think I like that.

In parallel, I tried easyjet.com. They fly from Dortmund, and while looking where that airport is, I first tried "airport lounges" which was obviously the wrong place. A bit more hidden was a list of airports, but it didn't include Dortmund. Google for the rescue... Then they tell me "your total amount is 99,71€", only to additionally add 7,50€ on the next page just because I'm using a credit card - who doesn't? Of course I'm willing to fill out personal information like my address etc, but why do they want my phone number and email address? And why do they claim "you haven't entered a phone number" when I put it (rather a fake one) in the "mobile phone" field (below "home")? What really drove me crazy was when they refused to accept the booking when I left the "we like to find out about our customers [...] reason for your trip" field empty. That's a drop-down menu with the choices "Business", "Visiting friends or family and staying with them", "Holiday", and "Visiting friends or family but staying elsewhere". No, I'm not going to tell them. (I randomly selected "Business".) In the end, I booked there, but it wasn't really fun.

Whatever. Meet you at Debconf :)

[Update] Oh, and I had to confirm I "have read, understood, and accept easyJet's terms and conditions, including the new rules for hold baggage". Thats a minimum of 10kB legal blurb - a simple "accept" checkbox would have been enough...

To also announce it here, I've moved to Mönchengladbach to work at credativ, along with several other DDs, Postgresql, and other open source folks. So far work has been pretty cool, and I'm fairly sure it will stay that way.

I've been mostly inactive lately because I didn't have internet access at home yet. In fact, I officially still don't, but my provider is so "nice" to let me connect to the DSL line, login in, and then tell me via http that username/password were wrong. But, at this point, port 53/udp is open :) Ganneff was so kind to set up an openvpn gateway for me and forward 22/tcp to my server, so I can ssh, and tunnel everything else I like via that.

Sorry to my NMs for any delays lately, I hope to catch up this week.

On a different note, I'm playing with ikiwiki and converting my blog, so please excuse if that causes flooding on planet.debian.org (which I of course hope to avoid by keeping the old timestamps, mmmv).

• Eoin Colfer: Artemis Fowl, Artemis Fowl - Die Verschwörung, Artemis Fowl - Der Geheimcode
• Frank Stewart: Becoming a Bridge Expert
• Dirk Ludigs: Beziehungsweise Sex
• Sir Arthur Conan Doyle: Sherlock Holmes - Der Hund von Baskerville
• Mike Gayle: Turning Thirty
• Maeve Binchy: Insel der Sterne
• Raghu Ramakrishnan, Johannes Gehrke: Database Management Systems

In January I discovered Bo Haglund's double dummy solver, called DDS. I had been looking for an open source solver running on Linux ever since I started playing Bridge, so this was a very nice finding. It is very fast and the API is nicely documented.

Of course, there are Debian packages, one for the (static) library (libdds-dev), for the ddd driver frontend (renamed to dds as there's already some other package called ddd), and for the python extension (python-pydds).

I am working on a GTK2 frontend called tenace. So far it features a basic hand editor, can play cards, and compute double dummy/par scores. The .lin import/export is not yet complete, but basically works.

I finally decided I needed a printer at home. Of course it had to be a laser. When asked about Linux compatibility, the guys at the local store said "uhmmm... Brother... maybe". They pointed me at some printer on special offer, a Brother HL-2030 for 110€. Naturally the box didn't say anything about Linux, but I was promised I could return it if it didn't work (unless I unpacked the toner cartridge, whatever).

Back at home, I just had to install cupsys, cupsys-client, foomatic-db-engine and foomatic-db (using etch), fetch the HL-2060 (sic) ppd from linuxprinting.org, do some clicks in the CUPS web interface and everything worked out of the box. Setting the resolution to 1200x600 gave weird results though, so I'm doing with 600x600 now.

The latest addition to the mutt CVS tree is PKA support via gpgme. While trying to figure out how that works in mutt (I haven't yet...) I configured my DNS server for PKA and CERT records.

PKA

PKA (public key association) puts a pointer where to obtain a key into a TXT record. At the same time that can be used to verify that a key belongs to a mail address. The documentation is at the g10code website (only in German so far). I put the following into the df7cb.de zone:

cb._pka IN TXT "v=pka1;fpr=D224C8B07E63A6946DA32E07C5AF774A58510B5A;uri=finger:cb@df7cb.de"

$ host -t TXT cb._pka.df7cb.de
cb._pka.df7cb.de descriptive text "v=pka1\;fpr=D224C8B07E63A6946DA32E07C5AF774A58510B5A\;uri=finger:cb@df7cb.de"

Now gpg can be told to use PKA to find the key:

$ echo foo | gpg --auto-key-locate pka --recipient cb@df7cb.de --encrypt -a
gpg: no keyserver known (use option --keyserver)
gpg: requesting key 58510B5A from finger:cb@df7cb.de
gpg: key 58510B5A: public key "Christoph Berg " imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: automatically retrieved `cb@df7cb.de' via PKA

CERT

CERT records work similarly. Records are generated by make-dns-cert (from the tools directory in the gnupg source). cb.gpg is a stripped-down gpg keyring (created with pgp-clean -s and converting from .asc to .gpg).

$ ./make-dns-cert -f D224C8B07E63A6946DA32E07C5AF774A58510B5A -n cb
cb      TYPE37  \# 26 0006 0000 00 14 D224C8B07E63A6946DA32E07C5AF774A58510B5A
$ ./make-dns-cert -k cb.gpg -n cb
cb      TYPE37  \# 1338 0003 0000 00 9901A20440 [...] 509C96D4BFF17B7

With a new bind and host (backports.org!) the format looks a bit nicer, that's also what I copied into the zone file:

$ host -t CERT cb.df7cb.de
;; Truncated, retrying in TCP mode.
cb.df7cb.de has CERT record PGP 0 0 mQGiBECBGdAR [...] UDlCcltS/8Xtw==
cb.df7cb.de has CERT record 6 0 0 FNIkyLB+Y6aUbaMuB8Wvd0pYUQta

Again, gpg can be told to use that:

$ echo foo | gpg --auto-key-locate cert --recipient cb@df7cb.de --encrypt -a
gpg: key 58510B5A: public key "Christoph Berg " imported
gpg: Total number processed: 1
gpg:               imported: 1
gpg: automatically retrieved `cb@df7cb.de' via DNS CERT

Thanks to weasel for some hints on using CERT.

SSHFP

I'm also mentioning SSHFP records here since it fits in the topic - I have been using them for some months now:

$ host -t SSHFP tesla.df7cb.de
tesla.df7cb.de has SSHFP record 1 1 EE49B803541293656C33B86ECD781BD8F1D78AB5
tesla.df7cb.de has SSHFP record 2 1 3E82FB5EE8AA0205305F0D0186F94D6FB3E0E744
$ ssh -o 'VerifyHostKeyDNS yes' tesla.df7cb.de
The authenticity of host 'tesla.df7cb.de (88.198.227.218)' can't be established.
RSA key fingerprint is 5a:c9:38:ca:c0:2b:11:c1:c8:fb:f1:ad:73:a1:9c:8b.
Matching host key fingerprint found in DNS.
Are you sure you want to continue connecting (yes/no)?

The records are generated with ssh-keygen -r.

• Carlos Luis Zafón: Der Schatten des Windes
• Wolfgang und Heike Hohlbein: Der Greif
• Friedrich Dürrenmatt: Der Richter und sein Henker
• John Irving: Garp und wie er die Welt sah
• Dieter Nuhr: Gibt es intelligentes Leben?

For years, the Xmas contest has virtually been my only ham radio activity. This year, after I had to take down the antenna in my parents' yard, I put up the 40m part of a 80/40m dipole in the attic of my flat in Saarbrücken. The first tests were satisfying so I drove back to Saarbrücken for December 26th.

The contest started nice with a S9+50 signal from DR5S - of course DOK Q10 meant it was just very close. Unfortunately, things turned out much worse. The antenna wasn't as matched as I had hoped and I had to put my small MFJ tuner in. But, whatever I would tune to, the 1:1 would only withstand some second of transmission and I had to retune. The 1:1 there would pop back up, and I had to retune back to the original settings. GOTO 10.

After a bit more than one hour I gave up. The final log is here:

8.33	3.543	DR5S	599 Q02	599 Q10
8.42	7.016	DL0CS	599 Q02	599 M15
8.43	7.016	G4OGD	599 Q02	599 004
8.50	7.013	OK5MM	599 Q02	599 019
9.38	3.545	DK9IP	599 Q02	599 A24

I don't know where the fault was, in the TRX, the tuner, or the antenna. I hope it is not the TRX.