March 12, 2010

Dirk Eddelbuettel

RcppArmadillo 0.1.0

Besides the new RcppExamples, another new package RcppArmadillo got spun out of Rcpp with the recent release 0.7.8 of Rcpp.

Romain and I already had an example of a simple but fast linear model fit using the (very clever) Armadillo C++ library by Conrad Sanderson. In fact, I had used this as a motivational example of why Rcpp rocks in a recent talk to the ACM chapter at U of Chicago which, thanks to David Smith at REvo, got some further exposure.

Now this example is more refined as further glue got added. Given that both Armadillo and Rcpp make use of C++ templates, the actual amount of code in RcppArmadillo is not that large: just over 200 lines in a header file, and a little less for some testing accessor and example functions in a source file. And this makes for some really nice example code: the 'fast regression' example becomes this (where I simply removed two blocks with conditional on the Armadillo version):

#include <RcppArmadillo.h>

extern "C" SEXP fastLm(SEXP ys, SEXP Xs) {

    Rcpp::NumericVector yr(ys);			// creates Rcpp vector from SEXP
    Rcpp::NumericMatrix Xr(Xs);			// creates Rcpp matrix from SEXP
    int n = Xr.nrow(), k = Xr.ncol();

    arma::mat X(Xr.begin(), n, k, false);   	// reuses memory and avoids extra copy
    arma::colvec y(yr.begin(), yr.size(), false);

    arma::colvec coef = solve(X, y);            // fit model y ~ X
    arma::colvec resid = y - X*coef; 		// residuals
    double sig2 = arma::as_scalar( trans(resid)*resid/(n-k) );
    						// std.error of estimate
    arma::colvec stderrest = sqrt( sig2 * diagvec( arma::inv(arma::trans(X)*X)) );

    Rcpp::Pairlist res(Rcpp::Named( "coefficients", coef),
                       Rcpp::Named( "stderr", stderrest));
    return res;
}

No extra copies! Armadillo instantiates directly from the underlying R objects for the vector and matrix, solves the regression equations, computes the standard error of the estimates and returns the two vectors. Leaving us to write about eleven lines of code. Moreover, as Armadillo is well designed and uses template meta-programming to avoid extra copies (see these lecture notes for details), it is about as efficient as it can be (and will use Atlas or other BLAS where available).

And, this is just one example. Rcpp should be suitable for other C++ libraries, and provides an easy to use seamless interface between C++ and R.

However, we should note that (at about the last minute) we found out about some unit test failures in OS X as well as some issues in a Debian chroot -- cran2deb ran into some build issues on i386 and amd64 in the testing chroot even this 'it all works' swimmingly on our Debian, Ubuntu and Fedora build environments. A follow-up with fixes for either Rcpp and/or RcppArmadillo appears likely.

Update: The build issues seems to be with 64-bit systems and everything appears cool in 32-bit.

12 March, 2010 02:16AM

March 11, 2010

Obey Arthur Liu

Going to DebConf10 and more

Hi folks,

I am coming to DebConf10!

In addition to New York, I’ll also be in San Francisco and Seattle.

And here’s my travel plan to go with it:

Day by Day Itinerary

Day 1: Friday, July 9, 2010 (Paris, France)

Depart: Zurich (ZRH), 19:45 CEST, Arrive: Paris (CDG), 21:10 CEST
Air France 5109 – Aircraft Avro RJ85 Avroliner – nonstop 1h, 25m 475 km Class K

Day 3: Sunday, July 11, 2010 (San Francisco, CA)

Depart: Paris (CDG), 10:40 CEST, Arrive: San Francisco (SFO), 12:50 PDT
Air France 84 – Aircraft Boeing 747-400 – nonstop 11h, 10m 8,958 km Class H seat 25A

Day 8: Friday, July 16, 2010 (Seattle, WA)

Depart: San Francisco (SFO), 07:00 PDT, Arrive: Seattle (SEA), 09:00 PDT
Virgin America 740 – Aircraft Airbus A319 – nonstop 2h, 00m 1,090 km

Day 11: Monday, July 19, 2010 (San Francisco, CA)

Depart: Seattle (SEA), 07:00 PDT, Arrive: San Francisco (SFO), 09:15 PDT
Virgin America 751 – Aircraft Airbus A319 – nonstop 2h, 15m 1,090 km

Day 14: Thursday, July 22, 2010 (New York, NY)

Depart: San Francisco (SFO), 23:05 PDT, Arrive: New York (JFK), 07:50 EDT(+1 day)
Virgin America 28 – Aircraft Airbus A320-100/200 – nonstop 5h, 45m 4,150 km

Day 24-30: Sunday, August 1 to Saturday, August 7, 2010 (New York, NY)

DebConf10!

Day 31: Sunday, August 8, 2010 (Paris, France)

Depart: New York (JFK), 19:05 EDT, Arrive: Paris (CDG), 08:35 CEST(+1 day)
Air France 7 – Aircraft 388 – nonstop 7h, 30m 5,829 km Class V seat 86A

To get an up to date version of my travel plans, visit the TripIt page:

http://www.tripit.com/trip/public/id/4CE972068378

I’m looking forward to getting as many of our Google Summer of Code students as possible at the DebConf.

See you in the US!

11 March, 2010 11:25PM by Obey Arthur Liu

Sam Hartman

Kerberos 1.8: Anonymous and the Cloud

The Kerberos team recently released Kerberos 5 1.8. This is the first of a couple of posts talking about features in the new release and how they significantly enhance what you can do with Kerberos. Before I get to that though, I’d like to wax excited for a moment on the development process. There is much more of a community actively involved in the development process. As with the last release, MIT, Painless Security and PADL Software made contributions along with a number of others.. However the biggest change is the number of parties actively working with each other on designs, design reviews, testing and debugging. There was also a lot more real-time collaboration. It was great to see people from Sun, Debian and Redhat all actively bringing their prospectives to the discussion. My thanks to the Kerberos Consortium for pulling everyone together and for livening up the development process.

Kerberos 1.8 testing releases are already available in Debian Squeeze and Ubuntu Lucid. I will be updating Debian to the final release soon, but everything discussed here should already work in both Debian and Ubuntu. I don’t know about the state of other distributions, although given how heavily Redhat was involved in the process, I’m sure they have 1.8 internally.

One of the frustrating problems with previous versions of Kerberos was the need to key hosts before they could run Kerberized services. An administrator needed to set up a keytab and securely get it on the machine. That creates problems for automated installs of services, virtual services in the cloud, and environments where people installing servers are not the same as those running the Kerberos realm. Kerberos 1.8 still requires servers be keyed, but the need for the administrator is removed. Anonymous Kerberos provides a way for a machine to authenticate to Kerberos without an existing account. That page shows how the Kerberos administration server can be configured to permit machines to create their own keytabs. Anonymous Kerberos does require pkinit be configured and that the client know the public key of the KDC. However it is easy to build the KDC public key into an auto installer image or place it onto a USB key.

I think it would be really neat to build a Debian image for Amazon EC2 that would show how easy it is to boot a virtual machine, have it register itself with a Kerberos realm, use something like remctl to request a work load and then begin serving that work load. The work load could include both clients for distributed computation or even services provided to the world, all secured by Kerberos with automatic bootstrapping. I don’t know if I’ll have time to put this together, but if someone were interested in helping or paying for the work it would be much more likely to happen.

I believe the links above are enough that you should be able to get Anonymous Kerberos working and minimally configured. If not, feel free to send questions; I’ll focus more on updating the public instructions than on providing individual help, but I’m definitely interested in making this easy to use.

11 March, 2010 08:25PM by hartmans

Moonshot Bar BOF Thursday March 20 at 9 PM; specs available

At IETF 77, we’re having a get together to discuss federated authentication beyond the web. The meeting will be in the Mahattan room starting at 9 PM US Pacific time. I think audio streaming will be available; I will post a link closer to the meeting time.

In the last entry, I mentioned that a preliminary spec would be available; see the preliminary EAP GSS-API mechanism. A use case paper and slide set are being reviewed internally and should be ready early next week. We may even have preliminary versions of the binding between RADIUS and SAML available before IETF.

There have been a number of great discussions on the moonshot-community list and with others interested in the broader area.

11 March, 2010 07:38PM by hartmans

Carl Chenet

New-York style Pizzas … Yummy!

I’m eager to be there already. Will be my first Debconf’ and NYC just rocks.

11 March, 2010 06:39PM by carlchenet

C.J. Adams-Collier

dlr-languages_20090805+git.e6b28d27+dfsg-1_amd64.changes ACCEPTED

I’m happy to announce that after the filing of an Intent to Package and nearly 2 years of work, IronRuby 0.9, IronPython 2.6b2, and the DLR are now in Debian. To my knowledge, this is the first package in Debian with direct and active upstream support from Microsoft.

Kudos for this release go to Jo Sheilds (package sponsorship & mentoring), Mirco Bauer (package sponsorship & mentoring), Matthias Klose (IronPython package review), Ivan Porto Carrero (IronRuby build/test support), Jim Deville (IronRuby build/test support), Jimmy Schementi (upstream point of contact @ Microsoft), Dino Viehland (IronPython build/test support), Michael Foord (IronPython build/test support), Marek Safar (mono c# compiler support), Ankit Jain (xbuild support), the folks on OFTC’s #debian-cli, Freenode’s #ironruby and GimpNet’s #mono, and the folks on the IronRuby and IronPython mailing lists.

This is my first package in Debian, too. I’m pretty ecstatic ;)

11 March, 2010 02:55PM by C.J. Adams-Collier

Biella Coleman

Libre Planet

There was a plug for an up and coming conference in my last post but it was a bit buried and it deserves a bit more attention: the Libre Planet Conference in Cambridge, MA. It is fast approaching but there are still spots, student rates, and funding for female attendees. Though I can’t go as I will be out of town, this seems like it will be a great event: excellent speakers, lots of interesting folks, and I am sure a fantastic set of discussions.

11 March, 2010 01:05PM by Biella

Steve McIntyre

Flights booked for DebConf

I'll be there, and so will Jo for the first time. Be nice to her, please? :-)

11 March, 2010 11:44AM

Kartik Mistry

Debconf 10

* Unfortunately…

(with apologies to GIMP)

11 March, 2010 07:33AM by Kartik Mistry

Jaldhar Vyas

7DRL Challenge - day 4-5

So I've got combat, I've got basic potions that restore health and I've got items such as weapons or shields which can affect your combat stats. Try as I might, I cannot get ncurses to give me a yellow background for some unfathomable reason. It just comes out brown no matter what. Ironically, in the next Konsole over, I have the alpine ncurses-based mua taunting me with a yellow background. I'll look in its source (yay open source!) to see how its done sometime but for now brown will have to do.

C++ is proving a joy to work with as always. Ok It's probably just me; I use it so infrequently, I keep having to relearn how to do multiple inheritance and abstract base classes each time. I am rather proud of figuring out how to access class members from a signal handler without having to look it up.

Now if I can quickly tie up some loose ends, I can spend the last two days maybe making the dungeon generation more roguelike.

11 March, 2010 07:31AM

Kees Cook

openssl client does not check commonName

I realize the openssl s_client tool tries to be upper-layer protocol agnostic, but doesn’t everything that uses SSL do commonName checking (HTTP, SMTP, IMAP, FTP, POP, XMPP)? Shouldn’t this be something openssl s_client does by default, maybe with an option to turn it off for less common situations?

Here it doesn’t complain about connecting to “outflux.net” when the cert has a CN for “www.outflux.net”:

echo QUIT | openssl s_client -CApath /etc/ssl/certs \
  -connect outflux.net:443 2>/dev/null | egrep "subject=|Verify"

subject=/CN=www.outflux.net
    Verify return code: 0 (ok)

11 March, 2010 06:47AM by kees

Gunnar Wolf

Boogie el Aceitoso — Oily Boogie

Today I took a break before my usual lunchtime to go to the movies — Boogie el Aceitoso was on at 13:00 (and not at the more usual, late screenings).

Oily Boogie is a great antihero drawn by the much beloved Roberto El Negro Fontanarrosa, a very widely known Argentinian humorist/cartoonist. I got acquinted with Boogie as during the 80s-90s my parents were asiduous readers of Proceso, a weekly political analysis magazine which included one of his cartoons at the last page.

Boogie is a pathological ex-Vietnam, ex-Laos ex-El Salvador, ex-Gulf War, ex-(whatever comes next) USA soldier, who deals with the local mafias whenever he is not active. Brutal, often seen as inhuman.

I remember reading it without really understanding its nonsensical violence at first. And, as I said, Fontanarrosa is a very loved cartoonist - In Mexico I think we were much more acquinted with Boogie than with Inodoro Pereyra, and still, Fontanarrosa's death in 2007 was very heartfelt here.

About the movie: I found it to be very good, of course, knowing what to expect. Most lines are short, screen adequations of various cartoons along Boogie's long life as a thug. I specially liked the animation technique — I know very little about the subject, but it mixed quite naturally and constantly obvious still, cartoony characters with vivid, photo-based items. It creates a completely believable atmosphere inside the absolute amoral, selfish and (fortunately!) grossly exagerated and impossible world of Boogie.

I sometimes feel somewhat stupid when writing in English for a mostly Spanish-speaking audience — Still, if you see Boogie in a movie theater, don't hesitate and go. As always, with non-top-selling, non-Hollywood movies, it is quite probable it will not be showing for long.

11 March, 2010 05:23AM by gwolf

Dirk Eddelbuettel

RcppExamples 0.1.0

Version 0.1.0 of RcppExamples, a simple demo package for Rcpp should appear on CRAN some time tomorrow.

As mentioned in the post about release 0.7.8 of Rcpp, Romain and I carved this out of Rcpp itself to provide a cleaner separation of code that implements our R / C++ interfaces (which remain in Rcpp) and code that illustrates how to use it --- which is now in RcppExamples. This also provides an easier template for people wanting to use Rcpp in their packages as it will be easier to wrap one's head around the much smaller RcppExamples package.

A simple example (using the newer API) may illustrate this:

#include <Rcpp.h>

RcppExport SEXP newRcppVectorExample(SEXP vector) {

    Rcpp::NumericVector orig(vector);			// keep a copy (as the classic version does)
    Rcpp::NumericVector vec(orig.size());		// create a target vector of the same size

    // we could query size via
    //   int n = vec.size();
    // and loop over the vector, but using the STL is so much nicer
    // so we use a STL transform() algorithm on each element
    std::transform(orig.begin(), orig.end(), vec.begin(), sqrt);

    Rcpp::Pairlist res(Rcpp::Named( "result", vec),
                       Rcpp::Named( "original", orig));

    return res;
}

With essentially five lines of code, we provide a function that takes any numeric vector and returns both the original vector and a tranformed version---here by applying a square root operation. Even the looping along the vector is implicit thanks to the generic programming idioms of the Standard Template Library.

Nicer still, even on misuse, exceptions get caught cleanly and we get returned to the R prompt without any explicit coding on the part of the user:

R> library(RcppExamples)
Loading required package: Rcpp
R> print(RcppVectorExample( 1:5, "new" )) # select new API
$result
[1] 1.000 1.414 1.732 2.000 2.236

$original
[1] 1 2 3 4 5

R> RcppVectorExample( c("foo", "bar"), "new" )
Error in RcppVectorExample(c("foo", "bar"), "new") :
  not compatible with INTSXP
R>

There is also analogous code for the older API in the package, but it is about three times as long, has to loop over the vector and needs to set up the execption handling explicitly.

As of right now, RcppExamples does not document every class but it should already provide a fairly decent start for using Rcpp. And many more actual usage examples are ... in the over two-hundred unit tests in Rcpp.

Update: Now actually showing new rather than classic API.

11 March, 2010 02:46AM

March 10, 2010

Kees Cook

Clearing /tmp on boot

I don’t like unconditionally clearing /tmp on boot, since I’m invariably working on something in there when my system locks up. But I do like /tmp getting cleaned up from time to time. As a compromise, I’ve set TMPTIME=7 in /etc/default/rcS so that only stuff older than 7 days is deleted when I reboot.

10 March, 2010 11:48PM by kees

Peter Eisentraut

Looking for Free Hosting

I'm looking for a way to do free hosting. But I mean free as in freedom, not free as in beer. Let me explain.

When I'm using a piece of free and open-source software such as OpenOffice.org, Evolution, or anything else, I have certain possibilities, freedoms if you will, of interacting with the software beyond just consuming it. I can look at the source code to study how it works. I can rebuild it to have a higher degree of confidence that I'm actually running that code. I can fix a bug or create an enhancement. I can send the patch upstream and wait for the next release, or in important cases I can create a local build. With the emerge of new project hosting sites such as GitHub, it's getting even easier to share one's modifications so others can use them. And so on.

As a lot of software moves to the web, how will this work in the future? There are those that say that it won't, and that it will be a big problem, and that's why you shouldn't use such services. Which is what probably a lot of free-software conscious users are doing right now. But I think that in the longer run, resisting isn't going to win over the masses to free software.

First of all, of course, the software would need to be written. So a free web office suite, a free web mail suite that matches the capabilities of the leading nonfree provider, and so on. We have good starts with Identi.ca and OpenStreetMap, for example, but we'd need a lot more. Then you throw it on a machine, and people can use it. Now as a user of this service, how do I get the source code? Of course you could offer a tarball for download, and that is the approach that the AGPL license takes. One problem with that is, if you are used to apt-get source or something similar for getting the source, everyone putting a tarball on their web site in a different place isn't going to make you happy. A standardized packaging-type thing ought to be wrapped around that. Another problem is that even if you trust the site's operator that that's the source code that's actually running on your site (even without malice, it could for example be outdated against the deployed version), it probably won't contain the local configuration files and setup scripts that would allow me to duplicate the service. And if I just want to study how the program is running in actuality, there is not much I can do.

Giving everyone SSH access to the box is probably not a good idea, and won't really solve all the issues anyway. In the future, when virtualization is standardized, ubiquitous, and awesome, one might imagine that a packaging of a web service won't be "put these files on the file system and reload a daemon" but instead "put these files and this configuration on that machine and activate it". This might give rise to a new generation of Linux "distributors". Getting the source tarball or "source package" might then involve getting a snapshot of that image, which you can examine, modify, and redeploy elsewhere. That could work for OpenStreetMap, for example, modulo the space and time required for their massive database. (But you might chose to fork only the code, not the data.) But it won't be easy to do the right thing in many cases, because with a web service, there is usually other people's data on the machine as well, which would need to be masked out or something. Maybe this really can't be done correctly, and the future will be more distributed, like in the way Jabber attempted to supplant centralized services such as ICQ. Distributed web mail makes sense, distributed OpenStreetMap perhaps less so.

Ideas anyone? Does anyone perhaps have experiences with running a web service that attempts to give users the freedoms and practical benefits that are usually associated with locally installed software?

10 March, 2010 11:05PM by Peter Eisentraut (peter@eisentraut.org)

Chris Butler

Flights: booked.

I've just booked my flights to New York, which I guess means I'm definitely off to DebConf this year.

And, since it'll be my first trip to the US, I'm going to be hanging around in NYC for an extra week after the conference. So, does anyone have any recommendations for a nice (and not too pricey) hotel that I can stay in after the conference (and the accompanying accomodation) is finished? Also - any suggestions for stuff I should try to see/visit whilst I'm there?

10 March, 2010 10:00PM

Jan Hauke Rahm

Re: Patience, my young padawan

Thanks!

PS: Things like that shouldn’t be a problem… :-)

10 March, 2010 08:50PM by jhr

Filippo Giunchedi

welcome to ikiwiki

This was long due, I switched from pyblosxom to the marvelous ikiwiki and gave a general revamp to my website by tweaking ikiwiki's default templates. note: the template still needs a general cleanup, don't look at it as it is not pretty (nor are the CSSes)

With some luck and mod_rewrite karma nobody's feed readers nor planets will be flooded.

Comments are powered by disqus.

10 March, 2010 08:15PM

Biella Coleman

A Cultural Alibi of Sorts

There is an interesting conversation over at about the “nature” of peer production, and “crowd” based production over at PBS. Thankfully folks right off the bat noted that the types of activities they are addressing—that range from 4chan to open source—are so freaken distinct that perhaps it is not all that useful to use one moniker for them.

The comments I am most fascinated by are danah’s who notes:

“”We” assume that the collective voice will be populist and, more importantly, that it will reflect the diversity of the populous. Yet, as we’ve seen time and time again, certain values and attitudes and voices are over-represented in crowd-sourced activities. Who is looking out for those who aren’t represented? In what ways are we reinforcing structural inequalities? What are the implications of this?”

And then Clay’s response:

So, to re-ask your question in a non-rhetorical way, under what
circumstances would we want to make the population of Deviant Art,
say, less white, or Linux less male, and if we wanted to do so, what
would need to happen?

What I find interesting about this discussion (and will be talking about this topic here, next week) is there not enough recognition of two related things: 1) the efforts are there (more on this soon) 2) that perhaps hacking and F/OSS in particular are not fully accessible to all and everyone because they are full-fledged, full-bodied, cultural worlds —and all cultural worlds—are to some degree not fully accessible and transparent for there are built on particularities, often invisible and unarticulated, forms of value. That is, just as some norms and values of Indo-Guyanese to take one random example, are not of my world, so too is hacking partially inaccessible for the fact that it is culturally configured.

But I am starting to suspect that the “culture-ness” of these domains are often overlooked because they are overwhelmingly ~~white,~~ male, and chock full of computers (and so economically lucrative). All three, I suspect are (incorrectly) seen as lacking culture, as domains of rationality. (I stand rightly corrected and also forget this very fact, though I know it well from all the Brazil/Latin America Debconfs, as this diversity gets a bit lost from a pure US-European perspective, which I was assuming).

Other historical factors have also produced certain distortions that don’t allow us to see (easily at least) these worlds as culture-full. First is the fact that so many folks—outside of this world—lobbed onto F/OSS for being radical (and this is partially right in so far as its challenge to intellectual property can be seen as radical). But the portrayal or mere suggestion of these worlds as uber-democratic and populist, made people expect these groups to behave as radical egalitarian collectives. For the most part, they don’t and yet never portrayed their own politics and forms of organization as such (openness comes in the form of code and technical merit).

But this vision stuck and when some folks realized that larger projects, for example are very organized (which many people addressed only very late), have hierarchies (which are flexible and also allow them to function, which is I think is a good thing), and are not as diverse, there was deep disappointment that they did not conform to the sense that there was something extremely radical going on as opposed to a cultural group really into producing free software.

But if I am offering a cultural alibi of sorts—in which barriers to participation are to some degree a function of culture, one of the great things about the norms, values, ideas that compose culture is that there are dynamic and changing. They are alive and historical. They are pushed and pulled upon by insiders and outsiders based on wider social values.

And there is an answer to these questions about diversity for there has been a dramatic, noticeable, and noteworthy push within this world, one that really started to coalesce I would say in the last year or so, to address these issues and it ranges from Python’s mammoth efforts at addressing diversity (and I have been told that there was a great speech on the topic at Pycon recently), the geek feminism wiki, and smaller but increasingly common efforts such as Libre Planet’s women’s caucus and their funding of women to participate.

So while I do think that culture goes at least part of the way to explain why these worlds are not fully open—for culture limits—this very domain has grown dissatisfied with its representational make-up and are leading some efforts for cultural change.

10 March, 2010 07:52PM by Biella

Alexander Reichle-Schmehl

Patience, my young padawan

How to keep the ftp-team motivated: Say Thanks from time to time.

How to ensure, you demotivate them: Complain, that we didn't answer your mail within 24 hours...

10 March, 2010 07:16PM by Alexander Reichle-Schmehl (alexander@schmehl.info)

Enrico Zini

Firefox and automatic proxy configuration

Firefox supports automatic proxy configuration, which means that if you plug your laptop on a network with a properly set up proxy server, it will automatically reconfigure itself to use it.

Oddly enough, however, it requires garbage collection when you then plug it back on a network without proxy, in order not to get "proxy not found" errors.

10 March, 2010 07:03PM

Sylvain Le Gall

LLVM, OCaml and Debian

I hope some people from the OCaml community will enjoy this changelog, extracted from llvm 2.6-7, which has just been uploaded:

  [ Arthur Loiret ]
   
  [...]

  [ Sylvain Le Gall ]
  * Build a libllvm-ocaml-dev package, which contains the OCaml binding:
    Closes: #568556.
    - debian/debhelper.in/libllvm-ocaml-dev.{dirs,doc-base,install,META}: Add.
    - debian/control.in/source: Build-Depends on ocaml-nox (>= 3.11.2),
      ocaml-best-compilers | ocaml-nox, dh-ocaml (>= 0.9.1).
    - debian/packages.d/llvm.mk:
      + (llvm_packages): Add libllvm-ocaml-dev.
      + (libllvm-ocaml-dev_extra_binary): Define, install META file.
    - debian/rules.d/binary.mk: Add dh_installdirs and dh_ocaml.
    - debian/rules.d/vars.mk:
      + include /usr/share/ocaml/ocamlvars.mk.
      + Configure with --with-ocaml-libdir=$(OCAML_STDLIB_DIR)/llvm.
  * debian/rules.d/build.mk: Fix symlinks pointing to the $DESTDIR.

In other words: LLVM is now built with its OCaml bindings and a META file for findlib. It will take some days before reaching every architectures, but hopefully it will be in Squeeze (next Debian stable release).

Thanks to Arthur Loiret for the quick upload.

10 March, 2010 06:07PM by gildor

Biella Coleman

The Statute of Anne (was actually kinda revolutionary)

Last night, in two different instances I read the claim that the England’s first copyright act, the statute of Anne passed in 1710 was never intended to protect authors but to protect the reproducers like printing houses and presses investing in authors implying that printing houses loved the act.

After pouring through hundreds of pages of Adrian John’s history of piracy, that statement is pretty off and in fact I don’t think the Statute was really about printers/booksellers or authors but the public.

While licensing had all together lapsed for a period before this statute was passed, and the printing houses and book sellers were indeed clamoring loudly for an official recognition of property in literary works, they wanted a perpetuall right in literary property rooted in common and natural law. Like I am talking here about forever, not like a measly, paltry 14 years.

They were not exactly thrilled at this statute (in fact, they were downright pissssssssed off) for it severely limited how long they held a property right over books. In fact, so pissed were they, they challenged the statute, went to court in 1769 (Millar v Taylor) and got what they wanted: a perpetual right to literary work.

It took s a fiery Scot and bookseller by the name of Alexander Donaldson (I kind of think of him as the RMS of booksellers; he was quite a rabble rouser) to challenge Millar and he finally got his day in the highest court of the land in 1774 in Donaldson v Beckett and the outcome was that a perpetual right in books was tossed out the window. The court ruled that copyright was a limited statute. One of the lords in the case even stated “”Knowledge has no value or use for the solitary owner: to be enjoyed it must be communicated.” Adrian John’s explains the significance of this case in the following way:

““Copyright, they decided, was not a right of man at all. Indeed, it was almost the very opposite: an artifact, and one that replaced a prior right established by an author’s work of creation. . . In terms of revolution principles, liberty won out over property”

Again the printers booksellers (minus the “pirate” ones) were not happy a bunch. Unfortunately the subsequent history is one we all know well, one in which booksellers and others with vested interests in copyrights pushed to extend property rights in all sorts of ways to get to where we are today (obviously with a lot of different historical developments), a land, time, period where perpetuity may not be forever but it is long enough to nullify the very public domain envisioned by the first copyright act.

However, I think it is nonetheless important to recognize how radical in many respects the first copyright act was: given what the book printers and sellers wanted (and they were a powerful bunch).

For those interested in learning more about Alexander Donaldson, I would check out his Some Thoughts on the State of Literary Property, where he rails against the London booksellers for being monopolistic and calling for a limited property right in books.

10 March, 2010 02:22PM by Biella

John Goerzen

Numerous Updates

It’s been awhile since I’ve posted some family/home updates, so here they are, sorta random-like…

Jacob is 3.5 now, and Oliver is about 8 months old at this point.

Jacob

Jacob has a few trends going on lately: pretending to be a cat, and inventing new games to play. He has one game he likes to play with me called “tunnels and slippers.” He will have me sit on the couch, put my feet up on the footstool, and crawl on top of my legs. He’ll want me to bounce him, then he can crawl underneath the “tunnel.”

The slippers part came because he started to steal my slippers one time during winter. He’d struggle furiously to get it off, then shriek with delight as he ran away, listing to my indignation at having a cold foot now. Then I was supposed to run after him, pick him up in the air, and get the slipper back.

Here he is, trying to steal a slipper while I happened to be holding a camera:

He’s said quite a few memorable quotes this winter:

Dec. 8: Jacob looked outside this morning and yelled, “WOW! Look at that!”, ran across the room and yelled, “MOM! WOW! There is snow outside this window too! WOW! Snow is ALL OVER THE PLACE!”

January: When told his grandparents were going back to Indiana: “The kitty doesn’t like that.” (the pretending to be a cat thing) The next morning when he remembered they were gone: “Oh. My kitty is so very sad now.”

February: My name is kitty. Jacob Cat!”

March: “I didn’t realize the basketball could go so far!”

He’s been starting to make his first attempts at sounding out words. He’s been interested in 2- and 3-digit numbers, trying to figure out how to tell time, and asking me the German words for all sorts of things. (And showing some disappointment with my German vocabulary.)

Jacob talks about Oliver as a “sweet baby,” and is often very caring about him. Jacob wants to make sure Oliver has *plenty* of toys. Though there have been some times when Jacob has pushed Oliver over.

Here’s the Christmas photo of the two of them:

And another:

Jacob has also started to pick up an interest in singing: his favorite song is one that he made up, and it goes “Engine, engine, passenger car…”

I still sing a song to Jacob at bedtime each night, but Home On the Range doesn’t cut it anymore. No, now I have a make up a song on the spot on a topic of Jacob’s choosing each night. Last night he chose “a song about the ceiling light and the smoke detector.” Other nights, it’s been about his toy butterfly, his night light, various smoke detectors (that’s a popular one), or something from his day.

Oliver

Oliver recently has started being able to sit up by himself. He can also scoot all over the room. I think he’s saying “dad”, but Terah disagrees and thinks he’s just babbling. Her case wasn’t helped the day I asked him, “Are you saying Dad?” He got a big smile after the question and laughed at me.

He loves playing peek-a-boo, playing with us — or playing by himself.

Oliver has been eating the mashed-up baby food for awhile. Terah recently gave him a rice puff, and he put it in his mouth but wasn’t sure what to do with it. He has been taking quite an interest in watching the rest of us eat, though, and sits at the table with us in his high chair.

10 March, 2010 11:44AM by John Goerzen

MJ Ray

SPI March 2010

The meeting agenda is already posted for tonight’s (Wednesday’s) SPI board IRC meeting which will be at 2000 UTC.

It’s another pretty lean meeting, with only some minutes to approve, so why not come along and let the board know what you think they should be doing to promote free and open source software?

10 March, 2010 06:50AM by MJ Ray

Andrew Pollock

[life] Walking to work

Sarah's doing her phlebotomy externship at San Francisco General Hospital on Tuesdays and Thursdays, and needs to leave home fairly early to get there by 9am. As a result, I've been walking to work those mornings.

I remembered to record a track this morning:

GPS tracking powered by InstaMapper.com

<iframe frameborder="0" height="490" scrolling="no" src="http://www.instamapper.com/trk?key=18001994905475607884&width=500&height=350&type=roadmap" style="border:1px solid;" width="527"> </iframe>

It's certainly an improvement on the old commute. It's a shame there's a slight back-track involved.

I'll have to try rollerblading in another time.

10 March, 2010 04:47AM

Dirk Eddelbuettel

Rcpp 0.7.8

Version 0.7.8 of the Rcpp R / C++ interface classes is now on CRAN and in Debian. As of right now. Debian has already built packages for eight more architectures; and CRAN has built the Windows binary. Oh, and cran2deb had Debian packages for 'testing' before I was done with the blog entry.

This is a minor feature release based on a over three weeks of changes that are summarised below in the extract from the NEWS file. Some noteworthy highlights are

something that isn't there: we have split most of the example code and their manual pages off into a new package RcppExamples which can now be released given that 0.7.8 is out
another new package RcppArmadillo will also be forthcoming shortly: it shows how to use Rcpp with Conrad Sanderson's excellent Armadillo C++ library for linear algebra; this required some internal code changes to seamlessly pass data from R via Rcpp to Armadillo and back;
there is a new example fastLm using Armadillo for faster (than lm() or lm.fit()) linear model fits
yet more internal improvements to the class hierarchy as detailed below; more support for STL iterators and algorithms;
more build fixes; paths with spaces in the name should now be tolerated
and last but not least a new introduction / overview vignette based on a just-submitted paper on Rcpp.

The full NEWS entry for this release follows:

0.7.8   2010-03-09

    o	All vector classes are now generated from the same template class
    	Rcpp::Vector<int rtype="RTYPE"> where RTYPE is one of LGLSXP, RAWSXP, STRSXP,
    	INTSXP, REALSXP, CPLXSXP, VECSXP and EXPRSXP. typedef are still 
    	available : IntegerVector, ... All vector classes gain methods 
    	inspired from the std::vector template : push_back, push_front, 
    	erase, insert
    	
    o	New template class Rcpp::Matrix<rtype> deriving from 
    	Rcpp::Vector<rtype>. These classes have the same functionality
    	as Vector but have a different set of constructors which checks
    	that the input SEXP is a matrix. Matrix<rtype> however does/can not
    	guarantee that the object will allways be a matrix. typedef 
    	are defined for convenience: Matrix<intsxp> is IntegerMatrix, etc...
    	
    o	New class Rcpp::Row<int rtype="RTYPE"> that represents a row of a matrix
    	of the same type. Row contains a reference to the underlying 
    	Vector and exposes a nested iterator type that allows use of 
    	STL algorithms on each element of a matrix row. The Vector class
    	gains a row(int) method that returns a Row instance. Usage 
    	examples are available in the runit.Row.R unit test file
    	
    o	New class Rcpp::Column<int rtype="RTYPE"> that represents a column of a 
    	matrix. (similar to Rcpp::Row<int rtype="RTYPE">). Usage examples are 
    	available in the runit.Column.R unit test file

    o	The Rcpp::as template function has been reworked to be more 
    	generic. It now handles more STL containers, such as deque and 
    	list, and the genericity can be used to implement as for more
    	types. The package RcppArmadillo has examples of this

    o   new template class Rcpp::fixed_call that can be used in STL algorithms
	such as std::generate.

    o	RcppExample et al have been moved to a new package RcppExamples;
        src/Makevars and src/Makevars.win simplified accordingly

    o	New class Rcpp::StringTransformer and helper function 
    	Rcpp::make_string_transformer that can be used to create a function
    	that transforms a string character by character. For example
    	Rcpp::make_string_transformer(tolower) transforms each character
    	using tolower. The RcppExamples package has an example of this.
        
    o	Improved src/Makevars.win thanks to Brian Ripley

    o	New examples for 'fast lm' using compiled code: 
        - using GNU GSL and a C interface
        - using Armadillo (http://arma.sf.net) and a C++ interface
        Armadillo is seen as faster for lack of extra copying

    o	A new package RcppArmadillo (to be released shortly) now serves 
        as a concrete example on how to extend Rcpp to work with a modern 
	C++ library such as the heavily-templated Armadillo library

    o	Added a new vignette 'Rcpp-introduction' based on a just-submitted 
        overview article on Rcpp

As always, even fuller details are in the ChangeLog on the Rcpp page which also leads to the downloads, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page

Update: Two links corrected.

10 March, 2010 02:48AM

March 09, 2010

Steve Kemp

He's so mean he wouldn't light your pipe if his house was on fire.

By the time this blog entry goes live I'll be running upon my new machine. The migration process was mostly straightfoward and followed my plan:

Using my existing desktop system as a PXE server to install Lenny over the network.
Copied over important directories.
Restored backups.
Turned off old machine.

Of course it wasn't that simple in practise, as previously mentioned the whole reason I was looking for a new machine was because the software RAID upon my old desktop was failing - One of the two drives was completely dead.

As I'd feared the second drive failed partway through my migration. But thankfully I'd copied off the important stuff before then, and the backups I have off-site mostly covered everything else. (The things I lost were things I can find again such as ~/Music, ~/Videos. On the one hand they're too large to backup, on the other hand I should probably do it next time as they never change.)

Unfortunately the version of X in Lenny refused to work with the GeForce G210 video card I had. To be more correct using the Vesa driver I could get a picture and a smooth desktop, but when watching videos with xine I got maybe two frames a second. Both the open nv driver and the closed nvidia driver failed to support the card - so I swapped hardware, and I'm now running with the GeForce 7300 GS card from my previous desktop. This allows me to watch videos at full-screen with no issues. (Desktop size is 1600x1200 FWIW).

So now it's just a matter of tweaking the system. I've installed enough to be useful:

miredo - So I have IPv6 connectivity despite Virgion.
squid - So that I have a decent cache for surfing.
pdnsd - So I have a caching nameserver and am not at the whim of Virgin.
kvm - So I can setup scratch machines for play.

I've still got to setup pbuilder, but that'll be done shortly, and I've installed backported packages such that I can watch youtube videos. I'm currently running firefox from lenny but I expect that will change soon enough - not least because that version fails to support "adblockplus", only "adblock".

Two partitions md0 for /boot and md1 used as LVM, from which I've taken /, /home, etc:

Filesystem                      Size    Used    Avail Use% Mounted on
/dev/mapper/birthday--vol-root   9.9G     2.8G   6.6G  30% /
/dev/mapper/birthday--vol-home   22G      4.3G  16G    22% /home
/dev/mapper/birthday--vol-music  127G    43G    78G    36% /mnt/music
/dev/md0                         988M    38M    901M    4% /boot
/dev/mapper/birthday--vol-kvm    22G      8.8G  12G    44% /mnt/kvm
/dev/sdg1                        163G    143G   12G    93% /media/disk
skx@birthday:~/hg/blog/data$

skx@birthday:~/hg/blog/data$ sudo pvs
[sudo] password for skx:
  PV         VG           Fmt  Attr PSize   PFree
  /dev/md1   birthday-vol lvm2 a-   464.82G 274.51G

Update: Three irritations with this machine:

As supplied the BIOS was set with "USB Mouse" and "USB Keyboard" set to "disabled". I had to beg the loan of a keyboard from a neighbour.
As supplied the BIOS had virtualisation set to "disabled". Not a huge shock, but it caught me out regardless.
As supplied the system had only a single SATA power connector. Annoying given that the motherboard is advertised as having "onboard RAID" and I'd purchased it with two hard drives. Happily I had a spare adaptor to hand.

I'd still recommend Novatech, but the last point had me swearing for a few minutes until I realised I did have a spare adaptor in the house.

ObFilm: Chitty Chitty Bang Bang

09 March, 2010 09:22PM

Joey Hess

aloha btrfs

Last month I converted my laptop to btrfs to get some experience using this new, still experimental file system. The bugs tell the story:

#567065: initramfs-tools: avoid mount -t unknown
I provided a patch which has been accepted. The underlying bug in klibc still remains to be fixed (#548047).
#540786: update-grub doesn't work with root fs on btrfs
There are patches, but not acceptably clean ones. (For values of "acceptably clean" that are somehow more important than "it boots", anyway.)

At this point I had a booting, working btrfs system. The bugs seen over the next weeks were strange:

#567135: python-dbus went missing from python-support directory on upgrade
Was the filesystem losing information? Maybe.
#569058: dbus: helper not setuid; breaks gnome-power-manager
Both the package maintainer and I am fairly sure it's not really a bug in the package. And another btrfs user also saw the problem.
#568908: gnome-terminal: uses iceweasel for urls despite gconf being configured to use chromium
Hard to say if btrfs was really involved since I can't point at a file that was wrong.

In the meantime, I did some initial work toward supporting btrfs in d-i, writing a basic partman-btrfs. One of the interesting open questions is how best to use subvolumes to split up a single btrfs filesystem. If the installer defines the right set of subvolumes, upgrades to be rolled back, without also rolling back /home and /srv. The remaining parts needed for d-i to support btrfs are fairly tractable, but are waiting until root on btrfs is bootable, and until the filesystem is not experimental.

I gave up on the current experiement when I ran debsums on my laptop. (So that long thread was good for something!) It didn't find any corrupt files. But it did find a lot of md5sums files that were missing. Some of the packages with missing md5sums were upgraded just this week, and the md5sums files must have gone missing since.

I have not seen anything that I can say with certainty was caused by btrfs, and not by some other cause, but since I can't trust the data on this laptop now (although git tells me everything in my home directory is ok), I'm reinstalling it, and saying aloha to btrfs, for now.

09 March, 2010 07:09PM

Martin-Éric Racine

gThumb: thank you for breaking my workflow!

Just a kind thank you note to the gThumb authors for completely breaking my workflow by re-inventing the paradigm used to save imported pictures. Until now, all my pictures landed in a predictable location, using a predictable filename pattern that was easily searchable. Not anymore. Now, files land into my home directory, according to some recursive folder pattern that further complicates searching for files and requires a few more clicks to accomplish. Dammit! Couldn't you at least make this configurable, so that those of us who prefer to retain the old paradigm can?!

Note: re-inventing an application's paradigms is always a very bad idea. If you're a software developer who is reading this, please keep it in mind and go scratch your itch to change the world somewhere else. Thank you.

Post Scriptum

Many thanks to Damon Lynch for pointing me to his own professional picture importer called Rapid. This is an extremely configurable importing tool and, lo and behold, Damon even offers builds for Ubuntu via his PPA!

Still, the consequence of this mess is that migrating to Rapid means that I'll be loosing gThumb's simple but extremely efficient editing tools. To me, one strength of gTthumb was this unique combination of picture importing with basic editing tools. Now, I'm forced to split these interconnected tasks, simply because someone chose to completely rethink gThumb's paradigms. I'm of course aware of Gimp's existence, but repeated attempts at mastering it made me conclude that it's entirely the wrong software for my needs and essentially overkill. By contrast, gThumb offers just enough tools to enable someone to crop images to useful sizes and to adjust color balances in easy steps; it does the job without hassle, which is not the case with Gimp.

Thinking out loud, it is precisely on days like these that the urge to create my own Linux distribution keeps on coming to mind. Retaining consistent paradigms in the desktop environment and applications that I use, not to mention maintaining the number of duplicate libraries to a bare minimal, has been a constant struggle and, noticing how some developers' urge to re-invent the wheel every other day, using whatever new programming language of the day, persistently takes precedence over keeping system resource consumption to a bare minimum and over preserving user sanity, I'm slowly coming to the conclusion that Free Software has veered way too far into the bazaar and urgently needs a copious amount of cathedral to make it usable for mere mortals again.

Some dpkg-based distribution where the only scripting language allowed is Bourne shell and the only programming languages C or C++ comes to mind. Of course, this would also require porting popular application from e.g. Java, Python, etc. which would be a colossal amount of work. Still, I think that the time has come for this to happen. As an added bonus, this would make applications usable again on embedded devices with spartan CPU, RAM and storage resources, so this project could generate huge benefits to the embedded Linux industry. Based on my experience at my previous jobs, I have a rather clear picture (pun intended) of what needs to be done and of who I would hire to make it happen. What I'm missing are investors. Who's with me?

09 March, 2010 06:00PM by Martin-Éric (noreply@blogger.com)

John Goerzen

Review: The Future of Faith by Harvey Cox

I know I’ve been on something of a religion streak on the blog of late, and this will be the last such post for awhile.

I first hear of Harvey Cox’s book The Future of Faith during an excellent hour-long interview with NPR’s Diane Rehm. It was intriguing enough that I bought the Kindle edition of the book and read it.

The title of the book is both very accurate and rather misleading. A lot of the book — and, to me, the most fascinating parts of it — focus on the history of faith. Cox’s repeated point is that we are only now regaining a notion of faith that the earliest Christians had, and it is a notion that happens to be compatible with modern science and incompatible with fundamentalism and intolerance in all its stripes.

Throughout this post, it should be understood that quotes or passages are from the book. Cox is so quotable that a good chunk of this review will be showing you some of his quotes, with a bit of discussion around them. I very much enjoyed this book, and highly recommend it.

Faith vs. Belief

It is true that for many people “faith” and “belief” are just two words for the same thing. But they are not the same … and it is important to clarify the difference. Faith is about deep-seated confidence. In everyday speech we usually apply it to people we trust or the values we treasure… a matter of what the Hebrews spoke of as the “heart.”

Belief, on the other hand, is more like opinion. We often use the term to express a degree of uncertainty … We can believe something to be true without it making much difference to us, but we place our faith only in something that is vital for the way we live.

This is an important distinction, and if you stop and think about it, Cox is arguing with a common notion about faith almost from page 1. Faith isn’t about intellectual assent to a set of propositions. It’s about what we hold dear, what we think works for us in life.

Creeds

Creeds are clusters of beliefs. But Christianity is not a history of creeds. It is the story of a people of faith who sometimes cobbled together creeds out of beliefs. It is also the history of equally faithful people who questioned, altered, and discarded those same creeds … But both the doctrinal canons and the architectural constructions are means to an end. Making either the defining element warps the underlying reality of faith.

Cox here reinforces the point that Christianity isn’t about believing certain statements, and it isn’t even about a literal (or not) reading of the Bible. It’s what C. S. Lewis talked about as the inward transformation in onesself. Creeds, such as the Nicene Creed, are rather irrelevant to him.

Cox separates the history of Christianity into three periods: the age of faith, stretching from the time of Jesus only a few centuries until Constantine; the age of belief, stretching from Constantine until the 20th century; and the age of the spirit, now dawning. During the age of faith, “their sharing in the living Spirit of Christ united Christians with each other, and ‘faith’ meant hope and assurance in the dawning of a new era of freedom, healing, and compassion that Jesus had demonstrated.” Cox makes the point that doctrinal questions just weren’t all that important back then, and though differences existed, they weren’t considered to be fundamental to the religion. “Confidence in Christ was their primary orientation, and hope for his [earthly] Kingdom their motivating drive.” Further, he argues that the age of the spirit is a return to this earlier age, albeit with modern twists.

Christianity is growing faster than it ever has before, but mainly outside the West and in movements that accent spiritual experience, discipleship, and hope; pay scant attention to creeds; and flourish without hierarchies. We are now witnessing the beginning of a ‘post-Constantinian era.’”

Cox describes a person that described himself as “a practicing Christian, not always a believing one.” He suggests that the belief/non-believer statement is a disservice to Christianity and to other religions. He then quoted a Catholic bishop as saying: “The line between belief and unbelief runs through the middle of each one of us, including myself, a bishop of the church.” In other words, “The experience of the divine is displacing theories about it.”

Faith and Belief in Bible reading

Creation myths such as … the first chapters of Genesis were not primarily composed to answer the “how” or “when” questions. They are not scientific accounts, even though their poetical language, when read literally (which is always a mistake), may sound that way. Rather, they grapple … with the linked mysteries of both why there is a universe and what our place in it is … They are more like lyrical cantatas, symphonies of symbols through which humans have tried to make sense of their place in the world…

This is where the distinction between faith and belief is vital. These stories are — literally — “not to be believed.” They are, rather, artifacts human beings have crafted to try to wring some meaning from the mystery. They are not themselves the mystery.

I liken this to Michael Crichton’s novel Jurassic Park. If you were to read it 1000 years in the future, it might not have been conveniently shelved above the word “fiction.” Would a reader in the future know that it was not meant to be a literal description of facts? I think sometimes we make this mistake when we read the Bible. Note, though, that although we all understand that Jurassic Park wasn’t meant to be a literal description of facts, it seems to have been valued by quite a large part of society. And it didn’t even address big mysteries.

Cox argues against ridding ourselves of the creation myths, suggesting that they are an important reminder that we are similar to humans who grappled with the same big questions centuries ago as we do today.

The ill-advised transmuting of symbols into a curious kind of “facts” has created an immense obstacle to faith for many thoughtful people. Instead of helping them confront the great mystery, it has effectively prevented them from doing so … the objective knowledge science rightly insists on is not the only kind of knowledge human beings need … Faith, although it is evoked by the mystery that surrounds us, is not the mystery itself.

Constantine and the Age of Belief

One of the most devastating blunders made by the church, especially as the Age of Belief began, was to insist that the Spirit is present only in believers.

Cox spends a lot of time covering the very interesting topic of how and why the church moved to the Age of Belief. His central thesis is that money, power, and prestige were primarily responsible, and that an unrighteous collusion between bishops and Constantine, each using Christianity for their own purposes, finally made it happen. This is very interesting stuff, but this post is too long already, so I will not spend a lot of time on it. I found the Council of Nicea to be particularly interesting, considering that the Nicean Creed came about partially by exile or execution of those Christians that disagreed with it. Cox also points out that “there never was a single ‘early Christianity’; there were many, and the idea of ‘heresy’ was unknown.”

The time is ripe to retrieve the term “Way” for Christianity and “followers of the Way” for Christians. It is at once more accurate, more original, and more contemporary than “believers.”

To the future

Cox describes attending a meeting of the church in Hong Kong in 2003, and uses it as a metaphor for the future of faith:

Their idea of interfaith dialogue was to work with their fellow Asians of whatever religion to advance the Kingdom that Jesus had inspired them, as Christians, to strive for, regardless of what the others called it. They were neither “fundamentalist” nor “modernist.” They seemed more attuned to the element of mystery at the core of Christianity and to its vision of justice. They were also clearly impatient with many of the disputes that preoccupy the different wings of the American churches.”

Conclusion

I found this book to be both enlightening and informative. I highly recommend it, even if you disagree with some of Cox’s conclusions. It is a fascinating view into how the world’s largest religion evolved over the years, and a candid look at the mistakes it has made in that time.

09 March, 2010 05:40PM by John Goerzen

Mohammed Sameer

Got married!

Exactly 1 month ago ;-)

09 March, 2010 10:40AM by msameer

Jaldhar Vyas

7DRL Challenge - day 2-3

I am still being plagued by the burdens of real life so most development is taking place after the kids ("It should have mermaids! And Spiderman!") have gone to sleep. By the time I finished up yesterday, I was too tired to blog so this is is a combined report on the last two days.

I decided not to bother with Javascript as I want to try a different project for the plasmoid competition. So I'm back to C++ and ncurses. At this point my '@' can move across the dungeon which at the moment a very simplistic 10×10 grid where every space is a 'room'. Rooms are populated with monsters, treasure and items though at the moment only the monsters can do anything and by anything I mean fighting. My combat system is based on Solo Dungeon Bash and pretty challenging I think. Hopefully by tomorrow, A Lively Fisting will be playable though I really need to pick up the pace if I want to finish on time.

09 March, 2010 06:25AM

Kees Cook

Cylon Dorkshield

I’ve finally soldered on the LEDs for the Cylon DorkShield I designed and got built in a recent DorkBotPDX PCB run. I’m having trouble with the programmer, but I got the shield mostly working:

Cylon DorkShield

09 March, 2010 04:42AM by kees

March 08, 2010

Romain Beauxis

Liquidsoap-full 0.9.2-2 and ocaml-cry 0.1.2

An issue with the new ocaml-cry module that replaces the shout library has been recently discovered.

This issue was related to the data sent to the icecast server and could result in a higher load and loss of data when sending data to the server.

We have released a new version of ocaml-cry that fixes this issue, numbered 0.1.2.

We have also released a new liquidsoap-full tarball, numbered 0.9.2-2 and now available in the download section on sourceforge.net.

Additionally, our custom stable packages have been rebuild against this new version, both for the i386 and the amd64 architecture.

The package available in Debian sid/unstable is now built against the fixed ocaml-cry as well.

We recommend that any user that uses liquidsoap 0.9.2 updates its liquidsoap to make sure it uses ocaml-cry 0.1.2.

Please note that ocaml modules are not dynamically loaded, so you need to rebuild liquidsoap against the new ocaml-cry if you are building from source.

08 March, 2010 11:13PM by Toots

Jonathan McDowell

Fizz buzz

Inspired by a conversation about interview coding tasks from a list I'm on, I present the following - I considered it too long to email there. It took me longer than I expected to write; my x86 assembly is quite rusty. I'm not claiming it's pretty, but it fits in a single sector and most of the overhead is actually ELF structures.

; nasm -f elf fizzbuzz.asm
; ld -melf_i386 -s -o fizzbuzz fizzbuzz.o
; ./fizzbuzz

section .data

fizz	db	" fizz"
fizzlen	equ	$ - fizz
buzz	db	" buzz"
buzzlen	equ	$ - buzz
num	db	"   "
numend	equ	$ - 1
numlen	equ	$ - num
nl	db	0xa
nllen	equ	$ - nl

curnum	db 1

section .text

	global _start

_start:
	mov ax, [curnum]
	call printnum

	mov ax, [curnum]
	mov cx, 3
	xor dx, dx
	div cx
	cmp dx, 0
	jnz notfizz

	mov edx, fizzlen
	mov ecx, fizz
	call printstr

notfizz:
	mov ax, [curnum]
	mov cx, 5
	xor dx, dx
	div cx
	cmp dx, 0
	jnz notbuzz

	mov edx, buzzlen
	mov ecx, buzz
	call printstr

notbuzz:
	mov edx, nllen
	mov ecx, nl
	call printstr

	inc BYTE [curnum]
	cmp BYTE [curnum], 100
	jle _start

	xor ebx, ebx
	mov eax, 1
	int 0x80

printnum:
	mov edi, numend
	mov cx, 10
p1:
	xor edx, edx
	div cx
	add dx, '0'
	mov [edi], dl
	dec edi
	cmp ax, 0
	jne p1

	mov ecx, num
	mov edx, numlen
printstr:
	mov ebx, 1
	mov eax, 4
	int 0x80
	ret

08 March, 2010 10:27PM

Vincent Sanders

Music hath charms to soothe a savage breast, to soften rocks, or bend a knotted oak.

Since I last mentioned music back in January I have accumulated another ten albums and unlike last time where there were only a couple of stand outs, this time I have he opposite problem.

The unordered list:

Justin Sandercoe - "Small town eyes"

I am learning to play the guitar, I have been using Justins' course, it is very very good, this album? Also very good. If you like melodic guitar lead music with varied influences this is for you. A couple of tracks made me immediately think of some Crowded House riffs (which is not a bad thing). Only minor niggle is the uneven levels on some of the louder pieces, but it really is a minor observation on an otherwise fine first album.

Molly Lewis - "I made you a CD, but I eated it."

Although this is only a short selection of original material from Molly, it is a very promising first album. I really like her voice and although a ukulele is not generally the most well respected of instruments, in her hands, it has an odd charm. This album is available from DFTBA records.

Rhett and Link - "Up to this point"

A pair of talented comedians who use music very effectively to highlight their humour. I originally stumbled across them on youtube and decided to take a punt. The album is 27 short pieces which fit together surprisingly well. Difficult to categorise but think a cross between Flight of the Choncords and Jonathan Coulton with a dash of youtube immediacy.

They Might Be Giants - "Flood", "Apollo 18" and "John Henry"

Strictly a replacement of the old tapes which have completely disintegrated in the intervening couple of decades since first purchased. Flood is still one of my favourite albums ever, certainly in my top 10. If you do not know them TMBG are just ace, please try their music!

Seasick Steve - "Started out with nothin and i still got most of it left"

Well its a kinda fun album primarily based on blues electric "guitar" (some of the instruments are little more than a stick with a nail in and a guitar pickup.) Nothing bad, easy to get along with, definitely worth a listen.

La Roux - "La Roux"

This synth pop album was on remainder in ASDA and I took a gamble. Its OK I guess and for 3quid I cannot really complain.

Red Hot Chili Peppers - "By the way"

Not their best, but competent enough.

Aqua - "Aquarium" , "Aquarius"

Um...yes, I have a soft spot for 90's cheese OK? Nothing more than a gross self indulgence of my silly side. But they are fun ;-)

So that is my new music since January all 166 tracks of it . Most of it pretty good, certainly no lemons (well aside from the Aqua but that is supposed to be silly!)

Oh and The XX has really grown on me from last time and I am looking forward to their next release.

08 March, 2010 07:23PM by Vincent Sanders (noreply@blogger.com)

Gunnar Wolf

OpenSSH 5.4 and netcat mode

The release of OpenSSH 5.4 was announced today. Its announced features include many small improvements, in usability and in crypto strength.

One of my favorite tricks using ssh is what Ganneff named ssh jumphosts – Many (most?) of my machines are not directly accessible from across the firewall, so the ability to specify in the configuration files where to jump through is most welcome. Well, with this "netcat mode" it will be much clearer to read and less of a hack… Of course, it loses a bit of the hackish æsthetic value, but becomes easier!

(yes, this post is basically a marker so I remember about it — But others might find it interesting)

08 March, 2010 05:32PM by gwolf

Nicolas Valcárcel

Ubuntu awesome tools

Last week I was having a conversation with a friend, and while we were discussing some things I mentioned some Ubuntu tools that were completely natural for me since I use them every day in Ubuntu development and for my work, but he was completely amazed by them, so I decided to blog on the subject so more people can know about them.

I’m going to start with the one that impressed him the most: qa-regression-testing branch

The QA and security team maintain a test suite to check for regressions in packages they are updating. These tests are written with python unittest. Most of this test suite can be a little harmful for a production system, so it’s recommended to run it using a chroot environment or a virtual machine and to help with that there is a make-test-tarball script. From the script:

export HOSTS=”sec-intrepid-amd64 sec-hardy-amd64 sec-dapper-amd64″
export TEST=test-glibc-security
./make-test-tarball $TEST.py
for i in $HOSTS; do
scp /tmp/qrt-$TEST.tar.gz $i.local:
done
for i in $HOSTS; do
ssh -t $i.local “hostname; rm -rf qrt-$TEST; tar zxf qrt-$TEST.tar.gz; cd qrt-$TEST && ./$TEST.py -v”
done

As you can imagine HOSTS are the hostnames of the virtual machines where the tests are going to run.

Writing those test isn’t rocket science, you just need a little knowledge of the package and the functionality you want to test and python unittesting, there is even a skeleton script that can help you start writing your test.

Hope this information is useful for you! And as usual, patches are welcome!

08 March, 2010 04:52PM by nxvl

Steve Kemp

You Greeks take pride in your logic. I suggest you employ it.

Tomorrow, all being well, I'll receive a new computer.

I've always run Debian unstable upon my desktop in the past, partly because I wanted to have "new stuff" and partly because I needed a Debian unstable system for building Debian packages with.

However I'm strongly tempted to just install Lenny. I use that upon my work desktop and it does me just fine for surfing, building tools, and similar.

I can use pbuilder, sbuildd, or similar to build packages for upload to Debian, and if I want to experiment with new-hotness I can use a KVM guest or two.

Providing the hardware works with Lenny (and I have no reason to believe it won't) then there's no obvious downside I can think of.

The only potential complication will be restoring my backups, it is possible that my firefox databases, and similar things, might not work on older version. Still we shall see.

I plan to install software RAID, and run the system on LVM because quite frankly it rocks. Unless my current system fails in the next 24 hours I can use that to do the installation (My current desktop acts as a TFTP/DHCP/NFS server so I can use it to PXE-boot).

Anyway now I need to go eat food, tidy my desk, and decide what to call the machine .. At the moment the choice is between "march.my.flat" and birthday.my.flat, as my 34th birthday is on March 10th.

ObFilm: 300

08 March, 2010 03:11PM

Clint Adams

Why I am not running for DPL, pusling

Every year, at least one person asks me to run for DPL. I don't remember quite when this started, but it was more than five years ago.

I have some standard responses: I don't have time to do a good job, and why commit if you know you can't do a good job? That's just irresponsible. Usually I get some feeble relativism back for that one. Oddly enough, this is the one year that I could actually make the time for it, but it is still not a good idea.

Also I do not wish to self-nominate. I am told that everyone is too autistic to understand why, so I assume that by observing the timing of nominations (in specific, who stands at the beginning of the nomination period and who waits until close to the last minute), no moro-ethical conclusions will be drawn. To belabor this point: if the culture of self-nomination were fixed, I would actually nominate people I think would do a good job. At present, I cannot, and I resent that.

Furthermore, you do not really want me as DPL. There are oodles and oodles of things I think are fundamentally flawed and I would try to fix them. I would not take advice from predecessors because I think that only perpetuates years of flawed DPL behavior. I would not entertain requests in private because there is far, far, far too much backroom discussion right now, and unfortunately it is actively encouraged and promoted by many people in power. Such departures would be extremely unpopular.

I would be pleased if Stefano runs unopposed. I think that there is a good chance he will do a decent job.

08 March, 2010 02:35PM

Vincent Sanders

Squashfs

Well my last post elicited a response from Mr Lougher the squashfs author. Just not one I was expecting. Apparently he did receive one of my emails (I sent five in total) to which he has not replied as I have accidentally come across as critical.

This is absolutely not my intent and I wish to publicly say that, It would have perhaps been more constructive to actually tell me this by email and this misunderstanding could have been avoided.

For reference The final email in the series is reproduced below, if I have been overly unhelpful please let me know in the comments so I can avoid this mistake in future.

Hi, we are using Squashfs and have come across several issues. We

initialy tried to use the Debian source package of the 4.0 release but

then moved to using the the CVS edition which fixed some bugs but had

issues of its own.

Couple of things to start with:

- The commit you made recently titled "Change get_basename() to use

getcwd rather than getting the PWD env var." does not seem to be

what you intended?

http://squashfs.cvs.sourceforge.net/viewvc/squashfs/squashfs/squashfs-tools/mksquashfs.c?r1=1.145&r2=1.146

- I would like to assist in improving these tools so they work better

for our use cases. To aid in this have you considered updating the

revision control system the project is kept in? an SVN or GIT

repository is much easier to work with than CVS.

- I will probably assist with maintainership of the Debian and Ubuntu

packages (I am a Debian Developer <vince> ) and would

like to bring a couple of patches to your attention, one to avoid a

division by zero error and a second to enable building with

alternative libc. These are both attached to this mail.

- The tools currently make a number of assumptions about structure

alignment which are incorrect on some architectures. I am crafting

a patch to address this which should make the tools work correctly

on ARM (they currently simply segfault).

I hope this is seen as constructive and we can work together to

improve this software. If you do not feel you want to interact with me

and choose to take a differnt route, please let me know at your earliest

conveniance.

I do hope that Mr. Lougher will accept that I intended to be helpful and constructive and not cause offence. I have chosen to use the blog format for this as that is the form I made the previous complaint and also email between myself and Mr. Lougher appears somewhat erratic.

It should be noted that some of there points have already been addressed, however there are several more issues which I hope to be able to contribute towards.

08 March, 2010 12:52PM by Vincent Sanders (noreply@blogger.com)

Enrico Zini

Temporarily disabling file caching

Does it happen to you that you cp a big, big file (say, similar in order of magnitude to the amount of RAM) and the system becomes rather unusable?

It looks like Linux is saying "let's cache this", and as you copy it will try to free more and more ram in order to cache the big file you're copying. In the end, all the RAM is full with file data that you are not going to need.

This varies according to how /proc/sys/vm/swappiness is set.

I learnt about posix_fadvise and I tried to play with it. The result is this preloadable library that hooks into open(2) and fadvises everything as POSIX_FADV_DONTNEED.

It is all rather awkward. fadvise in that way will discard existing cache pages if the file is already cached, which is too much. Ideally one would like to say "don't cache this because of me" without stepping on the feet of other system activities.

Also, I found I need to also hook into write(2) and run fadvise after every single write, because you can't fadvise a file to be written in its entirety, unless you pass fadvise the file size in advance. But the size of the output file cannot be known by the preloaded library, so meh.

So, now I can run: nocache cp bigfile someplace/ without trashing the existing caches. I can also run nocache tar zxf foo.tar.gz and so on. I wish, of course, that there were no need to do so in the first place.

Here is the nocache library source code, for reference:

/*
 * nocache - LD_PRELOAD library to fadvise written files to not be cached
 *
 * Copyright (C) 2009--2010 Enrico Zini <enrico@enricozini.org>
 *
 * This program is free software; you can redistribute it and/or modify
 * it under the terms of the GNU General Public License as published by
 * the Free Software Foundation; either version 2 of the License, or
 * (at your option) any later version.
 *
 * This program is distributed in the hope that it will be useful,
 * but WITHOUT ANY WARRANTY; without even the implied warranty of
 * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
 * GNU General Public License for more details.
 *
 * You should have received a copy of the GNU General Public License
 * along with this program; if not, write to the Free Software
 * Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA  02111-1307  USA
 */

#define _XOPEN_SOURCE 600
#include <fcntl.h>
#include <sys/types.h>
#include <sys/stat.h>
#include <fcntl.h>
#include <dlfcn.h>
#include <stdarg.h>
#include <errno.h>
#include <stdio.h>

typedef int (*open_t)(const char*, int, ...);
typedef int (*write_t)(int fd, const void *buf, size_t count);

int open(const char *pathname, int flags, ...)
{
    static open_t func = 0;
    int res;
    if (!func)
        func = (open_t)dlsym(RTLD_NEXT, "open");

    // Note: I wanted to add O_DIRECT, but it imposes restriction on buffer
    // alignment
    if (flags & O_CREAT)
    {
        va_list ap;
        va_start(ap, flags);
        mode_t mode = va_arg(ap, mode_t);
        res = func(pathname, flags, mode);
        va_end(ap);
    } else
        res = func(pathname, flags);

    if (res >= 0)
    {
        int saved_errno = errno;
        int z = posix_fadvise(res, 0, 0, POSIX_FADV_DONTNEED);
        if (z != 0) fprintf(stderr, "Cannot fadvise on %s: %m\n", pathname);
        errno = saved_errno;
    }

    return res;
}

int write(int fd, const void *buf, size_t count)
{
    static write_t func = 0;
    int res;
    if (!func)
        func = (write_t)dlsym(RTLD_NEXT, "write");

    res = func(fd, buf, count);

    if (res > 0)
    {
        int saved_errno = errno;
        int z = posix_fadvise(fd, 0, 0, POSIX_FADV_DONTNEED);
        if (z != 0) fprintf(stderr, "Cannot fadvise during write: %m\n");
        errno = saved_errno;
    }

    return res;
}

08 March, 2010 12:26PM

Russell Coker

Designing a Secure Linux System

The Threat

Bruce Schneier’s blog post about the Mariposa Botnet has an interesting discussion in the comments about how to make a secure system [1]. Note that the threat is considered to be remote attackers, that means viruses and trojan horses – which includes infected files run from USB devices (IE you aren’t safe just because you aren’t on the Internet). The threat we are considering is not people who can replace hardware in the computer (people who have physical access to it which includes people who have access to where it is located or who are employed to repair it). This is the most common case, the risk involved in stealing a typical PC is far greater than the whatever benefit might be obtained from the data on it – a typical computer user is at risk of theft only for the resale value of a second-hand computer.

So the question is, how do can we most effectively use free software to protect against such threats?

The first restriction is that the hardware in common use is cheap and has little special functionality for security. Systems that have a TPM seem unlikely to provide a useful benefit due to the TPM being designed more for Digital Restrictions Management than for protecting the user – and due to TPM not being widely enough used.

The BIOS and the Bootloader

It seems that the first thing that is needed is a BIOS that is reliable. If an attacker manages to replace the BIOS then it could do exciting things like modifying the code of the kernel at boot time. It seems quite plausible for the real-mode boot loader code to be run in a VM86 session and to then have it’s memory modified before it starts switches to protected mode. Every BIOS update is a potential attack. Coreboot replaces the default PC BIOS, it initialises the basic hardware and then executes an OS kernel or boot loader [2] (the Coreboot Wikipedia page has a good summary). The hardest part of the system startup process is initialising the hardware, Coreboot has that solved for 213 different motherboards.

If engineers were allowed to freely design hardware without interference then probably a significant portion of the computers in the market would have a little switch to disable the write line for the flash BIOS. I heard a rumor that in the days of 286 systems a vendor of a secure OS shipped a scalpel to disable the hardware ability to leave protected mode, cutting a track on the motherboard is probably still an option. Usually once a system is working you don’t want to upgrade the BIOS.

One of the payloads for Coreboot is GRUB. The Grub Feature Requests page has as it’s first entry “Option to check signatures of the bootchain up to the cryptsetup/luksOpen: MBR, grub partition, kernel, initramfs” [3]. Presumably this would allow a GPG signature to be checked so that a kernel and initrd would only be used if they came from a known good source. With this feature we could only boot a known good kernel.

How to run User Space

The next issue is how to run the user-space. There has been no shortage of Linux kernel exploits and I think it’s reasonable to assume that there will continue to be a large number of exploits. Some of the kernel flaws will be known by the bad guys for some time before there are patches, some of them will have patches which don’t get applied as quickly as desired. I think we have to assume that the Linux kernel will be compromised. Therefore the regular user applications can’t be run against a kernel that has direct hardware access.

It seems to me that the best way to go is to have the Linux kernel run in a virtual environment such as Xen or KVM. That means you have a hypervisor (Xen+Linux or Linux+KVM+QEMU) that controls the hardware and creates the environment for the OS image that the user interacts with. The hypervisor could create multiple virtual machines for different levels of data in a similar manner to the NSA NetTop project, not that this is really a required part of solving the general secure Internet terminal problem but as it would be a tiny bit of extra work you might as well do it.

One problem with using a hypervisor is that the video hardware tends to want to use features such as bus-mastering to give best performance. Apparently KVM has IOMMU support so it should be possible to grant a virtual machine enough hardware access to run 3D graphics at full speed without allowing it to break free.

Maintaining the Virtual Machine Image

Google has a good design for the ChromiumOS in terms of security [4]. They are using CGroups [5] to control access to device nodes in jails, RAM, CPU time, and other resources. They also have some intrusion detection which can prompt a user to perform a hardware reset. Some of the features would need to be implemented in a different manner for a full desktop system but most of the Google design features would work well.

For an OS running in a virtual machine when an intrusion is detected it would be best to have the hypervisor receive a message by some defined interface (maybe a line of text printed on the “console”) and then terminate and restart the virtual machine. Dumping the entire address space of the virtual machine would be a good idea too, with typical RAM sizes at around 4G for laptops and desktops and typical storage sizes at around 200G for laptops and 2T for new desktops it should be easy to store a few dumps in case they are needed.

The amount of data received by a typical ADSL link is not that great. Apart from the occasional big thing (like downloading a movie or listening to Internet radio for a long time) most data transfers are from casual web browsing which doesn’t involve that much data. A hypervisor could potentially store the last few gigabytes of data that were received which would then permit forensic analysis if the virtual machine was believed to be compromised. With cheap SATA disks in excess of 1TB it would be conceivable to store the last few years of data transfer (with downloaded movies excluded) – but such long-term storage would probably involve risks that would outweigh the rewards, probably storing no more than 24 hours of data would be best.

Finally in terms of applying updates and installing new software the only way to do this would be via the hypervisor as you don’t want any part of the virtual machine to be able to write to it’s data files or programs. So if the user selects to install a new application then the request “please install application X” would have to be passed to the hypervisor. After the application is installed a reboot of the virtual machine would be needed to apply the change. This is a common experience for mobile phones (where you even have to reboot if the telco changes some of their network settings) and it’s something that MS-Windows users have become used to – but it would get a negative reaction from the more skilled Linux users.

Would this be Accepted?

The question is, if we built this would people want to use it? The NetTop functionality of having two OSs interchangeable on the one desktop would attract some people. But most users don’t desire greater security and would find some reason to avoid this. They would claim that it lowered the performance (even for aspects of performance where benchmarks revealed no difference) and claim that they don’t need it.

At this time it seems that computer security isn’t regarded as a big enough problem for users. It seems that the same people who will avoid catching a train because one mugging made it to the TV news will happily keep using insecure computers in spite of the huge number of cases of fraud that are reported all the time.

08 March, 2010 05:05AM by etbe

Craig Small

dh-make updated to 0.52 and its remaining bugs

I've made a quick release of dh-make, now up to 0.52. Besides a minor dh_make.1 manual page fix this release will put the right value in the debian/source/format file. 0.51 will make it a native source package no matter what flags you use.

If you get weird lintian errors about native source formats and version numbers wrong on your brand-new Debian package you just made, you might of been bitten by this bug.

That leaves a few bugs left, there are two I need help with:

Bug 328692 - If you have a plan ASCII name like me, then your name looks fine in the dh-make generated man pages. This bug requires converting names that aren't plain ASCII (e.g. that use UTF-8) into something groff understands. Someone suggested decomposed unicode but unicode and groff are pretty much a black art to me, let alone combining them.
Bug 533117 - This one is all about making dh-make make your python packages. You'll need to understand the new debhelper v7 rules files. Again, python is not something I use so the bug is stuck here.

08 March, 2010 03:07AM by Craig

Russell Coker

Storage vs RAM Size

In a comment on my post Shared Objects and Big Applications about memlockd [1] mic said that they use memlockd to lock the entire root filesystem in RAM. Here is a table showing my history of desktop computers with the amounts of RAM, disk capacity, and CPU power available. All systems better than a 386-33 are laptops – a laptop has been my primary desktop system for the last 12 years. The columns for the maximum RAM and disk are the amounts that I could reasonably afford if I used a desktop PC instead of a laptop and used the best available technology of the day – I’m basing disk capacity on having four hard drives (the maximum that can be installed in a typical PC without extra power cables and drive controller cards) and running RAID-5. For the machines before 2000 I base the maximum disk capacity on not using RAID as Linux software RAID used to not be that good (lack of online rebuild for starters) and hardware RAID options have always been too expensive or too lame for my use.

Year	CPU	RAM	Disk	Maximum RAM	Maximum Disk
1988	286-12	4M	70M	4M	70M
1993	386-33	16M	200M	16M	200M
1998	Pentium-M 233	96M	3G	128M	6G
1999	Pentium-2 400	256M	6G	512M	40G
2000	Pentium-2 600	384M	10G	512M	150G
2003	Pentium-M 1700	768M	60G	2048M	400G
2009	Pentium-M 1700	1536M	100G	8192M	4500G
2010	Core 2 Duo T7500 2200	5120M	100G	8192M	6000G

The above graph shows how the modern RAM capacities have overtaken older disk capacities. So it seems that a viable option on modern systems is to load everything that you need to run into RAM. Locking it there will save spinning up the hard drive on a laptop. With a modern laptop it should be possible to lock most of the hard drive contents that are regularly used (IE the applications) into RAM and run with /home on a SD flash storage device. Then the hard drive would only need to be used if something uncommon was accessed or if something large (like a movie) was needed. It also shows that there is potential to run diskless workstations that copy the entire contents of their root filesystem when they boot so that they can run independently of the server and only access the server for /home.

Note that the size of the RAM doesn’t need to be larger than the disk capacity of older machines (some of the disk was used for swap, /home, etc). But when it is larger it makes it clear that the disk doesn’t need to be accessed for routine storage needs.

I generated the graph with GnuPlot [2], the configuration files I used are in the directory that contains the images and the command used was “gnuplot command.txt“. I find the GnuPlot documentation to be difficult to use so I hope that this example will be useful for other people who need to produce basic graphs – I’m not using 1% of the GnuPlot functionality.

08 March, 2010 02:58AM by etbe

Andrew Pollock

[tech] Backspacegate

I just updated to the latest beta of Chrome, and the backspace key stopped working as a keyboard shortcut for the Back button.

After a few times of stabbing the backspace key and not getting the result I wanted, I decided to go looking into what was going on here.

It looks like it all started with bug 30699, where someone didn't like the default behaviour. That led to bug 36533, when the people (like me) noticed the functionality they were relying on disappeared.

Now I fully understand that Backspace == Back is not the default behaviour of Firefox (on Linux), but it is a configurable option, and I'd had it enabled there for years. I think it all started with when I migrated from Windows to Linux. It's normal for Backspace == Back with IE and I think Firefox for Windows, and I've just developed the muscle memory for it, and I've never had a problem like what the submitter of bug 30699 was complaining about.

I look forward to it becoming a configurable option in Chrome.

08 March, 2010 01:51AM

Marco Túlio Gontijo e Silva

Micro BSP

I and Rafael Cunha de Almeida got together today with the purpose of closing as much RC-bugs in Debian as we could. I must say it was better than what I’d expect.

We started with #570348 . This bug was introduce with an upload that tried to fix #569586 which, in turn, was related to a change in libc6. It would be easy to introduce an ifdef in the code but, as we tried to read and understand the code, we didn’t see the need of the function that was causing the problem. It seems to make the same thing as alphasort from dirent.h, with the disadavantage that it was not locale-sensitive. So we removed the customized alphasort and made it use the library one.

Then we headed to the strange #504947. As the maintainer didn’t seem satisfied with the new patch system introduced by the last NMU, we simply made a patch that removes the patch system and applies the patch directly in .diff.gz. Hope it helps.

Searching for another thing to work, we noticed that #571791 was not happening in my box, and asked if anyone could reproduce it.

So we found #571748. The first thing about this bug we noticed is that its package causes a division by 0 error in popcon, which made us report a bug about it. We thought that this was a sign that the package was not widely used. Anyway, we decided to fix this bug, which was very fun indeed! After a lot of trials, some succesful, some not, we got to a very simple and nice patch, which was submitted. We also submited other bugs to the same package, that we found while using it. It’s a cool package, you should try it out to avoid that division by 0 in popcon.

08 March, 2010 01:33AM by marcotmarcot

March 07, 2010

Emilio Pozuelo Monfort

RCBW #1 – Me too!

After fixing some bugs this week, I’ve noticed they’ve been one per day (on average) so I think I’m joining Stefano Zacchiroli on this RCBW thingie… let’s see if I can keep up!

These are this week’s bugs:

#561645 – gdesklets – Doesn’t work with python2.6 (thanks to Andrew Starr-Bochicchio)
#571488 – gedit – FTBFS with Python 2.6 as default
#571517 – totem – FTBFS with Python 2.6 as default
#571510 – rhythmbox – FTBFS with Python 2.6 as default
#533836 – spe – FTBFS with Python 2.6 as default
#569378 – gnet – FTBFS
#551215 – gtkmm-documentation – FTBFS

I’ve also sponsored gnome-dvb-daemon for Sebastian Reichel, which fixes two more RC bugs:

#566949 – gnome-dvb-daemon – FTBFS with Python 2.6 as default
#569480 – gnome-dvb-daemon – FTBFS

It’s interesting to note that all of the above bugs except for the spe one are from pkg-gnome packages. We still have a few more, although they are the hard ones so it’s not gonna be that easy for the next week…

07 March, 2010 11:55PM by Emilio Pozuelo Monfort

David Pashley

Mod_fastcgi and external PHP

Has anyone managed to get a standard version of mod_fastcgi work correctly with FastCGIExternalServer? There seems to be a complete lack of documentation on how to get this to work. I have managed to get it working by removing some code which appears to completely break AddHandler. However, people on the FastCGI list told me I was wrong for making it work. So, if anyone has managed to get it to work, please show me some working config.

Read Comments (1)

07 March, 2010 11:02PM by David Pashley

Gunnar Wolf

Authoral rights in the editorial world seminar

I must confess I don't remember who I got this invitation from. Anyway, if you are in the right geographic area, you might be interested. I will try to participate:

This is a year-long seminar that will be held the second Thursday every month at Fonoteca Nacional (a place I have wanted to visit for a long time!), in Barrio de Santa Catarina, Coyoacán. Among the organizers they have Creative Commons Mexico.

Free entrance (but limited space - so they ask interested people to confirm their presence by mail to bvallarta@conaculta.gob.mx).

07 March, 2010 10:58PM by gwolf

Adam Rosi-Kessel

Windows curly quotes, accented characters on Linux Samba Shares and Cygwin XTerm: How to get Windows-1252 (AKA CP1252) from Linux

Before I forget: I have a bunch of files I mirror between Windows/NTFS and Linux/ext4 filesystems that include not only accented characters but curly quotes in the filenames. (I know: the easiest solution would be to just get rid of the extended characters). The curly quotes were created in Windows, so don’t render properly in standard Linux character sets (UTF-8, iso8859-1, iso8859-15, etc.).

This all came up because iTunes under Windows couldn’t find curly-quote files when it was reading from the exported Samba share filesystem rather than an attached NTFS drive. The files showed up as missing because they had different filenames.

The solution was not easily google-able, so for the record, in brief, add this to the [Global] section of /etc/samba/smb.conf:

unix charset = cp1252
display charset = cp1252

And reload Samba.

Also, to make the characters render properly from a terminal on the Linux box, first create the relevant character set:

sudo localedef -f CP1252 -i en_US en_US.CP1252

Now you can use this charset on your Linux box, and, like magic, the curly characters will be back:

export LC_ALL='en_US.cp1252'

07 March, 2010 10:05PM by adam

David Watson

Latest Shots

I took my newly purchased 50mm f1.8 lens to the Chinese New Year celebrations in Liverpool, I have uploaded a few shots to flickr. I'm still getting used to getting my composition right without being able to alter the focal length.

Update: Fixed the white balance on the images to remove the blue tint.

07 March, 2010 10:00PM

Alexander Reichle-Schmehl

[CeBIT] Oh, the irony...

Getting the special permission, that you don't need to wear a suit on the booth, just to wear one nonetheless, as it is to cold in your cool Debian T-Shirts...

07 March, 2010 08:58PM by Alexander Reichle-Schmehl (alexander@schmehl.info)

Evgeni Golov

RFT: hdapsd for Intel MacBooks and Hewlett-Packard laptops

After quite some time (last release 01-04-2009), hdapsd got a bit of love.
Brice Arnould has contributed some code for Hewlett-Packard laptops (those supported by the hp_accel module, see drivers/hwmon/hp_accel.c) and I finally crossed all lines and wrote support for Apple MacBooks (the Intel ones, via applesmc module, see drivers/hwmon/applesmc.c).

The HP code is interesting, as it support a hardware-logic mode, where hdapsd only parks the heads when told so by the HP hardware. As I do not own any compatible hardware, this is only tested by Brice himself.
The Apple SMC code isn't tested at all, as I don't have the hardware either.

That's why I want YOU to test it further (both, on HP and Apple) and report me bugs (mail to evgeni@debian.org preferred) if you find any :)

You can get the latest source either via git from github:

git clone -b new-interfaces git://github.com/evgeni/hdapsd.git

Or from githubs tarball generator: http://github.com/evgeni/hdapsd/tarball/eb711f30395ac9bc682b14c22d8445b7ddf0b4a0

After you got the source, a simple

./autogen.sh

make

should produce a src/hdapsd binary, that you can test.

I can provide Debian and Ubuntu .debs if needed too.

07 March, 2010 06:29PM by Evgeni Golov (sargentd@die-welt.net)

Aurelien Jarno

Squeeze will be released with eglibc 2.11

Contrary to what lucas announced (I don’t know where he got this info), we plan to release Squeeze with eglibc 2.11. It is already packaged in experimental and is ready on all architectures except hppa where there are a few major regressions in the testsuite to fix. This is what prevent us to upload it to unstable.

07 March, 2010 02:32PM by aurel32

Christian Perrier

[life] 1h41'29"

W00t. Again below 1h45 and beating my best time by more than 2 minutes.

Paris half-marathon was great. Freaking cold (-3°C with a strong North-East wind) but great weather with the sun in a blue sky.

I didn't see Ralf (and, Ralf, sorry but I was finally wearing an orange suite..:-)) nor Debian swirls....but, apparently, that wasn't missing for having a great race. Elisabeth cam along with me to Paris and I managed to see her (and she manage to spot me) twice: once in Bastille at km 10 and later on at Charenton at km 14

The interesting challenge now is what to set as goal for the marathon. Of course, I have to run below 4h (which I missed by 49 seconds in Cologne) but I apparently can do better. I think I'll be reasonable and set 3h50 and we'll see.

07 March, 2010 02:26PM

Brice Goglin

Debian/X.org notes - Bug triaging while waiting for DRM 2.6.33

Almost nothing interesting happened recently in X.org in Debian. But interesting things are coming soon.

First, radeon KMS and DRI2 will enter unstable soon. xserver-xorg-video-radeon 1:6.12.191-1 is currently in experimental. People seem to be happy with it so far, and upstream is taking very good care of bug reports as usual.

The next 2.6.32 kernel will contain DRM from 2.6.33. It first means that the radeon KMS driver not in staging anymore. Once this new kernel is uploaded, I'll put the new xserver-xorg-video-radeon in unstable (6.13.0 is expected soon, but 6.12.191 already looks good so far).

DRM from 2.6.33 will also brings nouveau support. It means that we will build libdrm-nouveau and upload a new xserver-xorg-video-nouveau. However, it also means that we need somebody to maintain this. And nobody in the team has a nvidia board to test packages so... If you want nouveau in Debian, please help.

While waiting for all these, we have been triaging the BTS a bit. Kibi is helping a lot by triaging recent intel bugs (many regressions fixed in recent kernels). I spent some time during the week-end triaging some old bugs. I closed more than a hundred of them, and pinged another hundred. We still have more than 1100 bugs open. It is not so bad compared to 1500-2000 when nobody maintains X (aka often), but still way too much.

Some of my bug closing might look a bit rude. But we had so many bug reports a couple years ago that are irrelevant today. Keeping them open would be meaningless. For instance, many input problems are obsolete since a lot of the input code was rewritten, we switched to input-hotplug, and then hal to udev. Another example is intel lockups (we had a lot of them after driver 2.2 arrived). But XAA and EXA were dropped in favor of UXA, DRI1 was dropped for DRI2, and KMS arrived. So it's useless to keep these obsolete and irrelevant bugs that cannot be debugged nowadays.

As usual, the Debian X team needs a lot of help. Again, if you want nouveau in Debian, please help.

(Permanent link)

07 March, 2010 12:00PM

Craig Small

Gjay Updated

After a long time of testing and just plain other non-software writing stuff, I'm happy to announce Gjay 0.3.0 is released. This is my first release of Chuck Groom's code and hopefully it will work for you too.

The Debian packages will be out shortly after some building and testing. If you have a 64-bit computer it now works with 64 bits fine (ie on my amd64).

It still needs some work, I'd like it to interact with more than audacious as the sound player. Also if you know how to in one of the sound libraries stream wav, ogg or mp3 files correctly I'd like to hear from you. Currently gjay just uses the same old fork to mpg321 method, but idealy I'd like it to use the libraries directly.

07 March, 2010 11:09AM by Craig

Lucas Nussbaum

Ruby release blockers for Lucid and Squeeze

For the first time since I got involved in Ruby maintenance in Debian & Ubuntu, we are seriously at risk of not being able to release working Ruby interpreters in both Ubuntu Lucid and Debian Squeeze, because of two pretty serious issues.

Ruby 1.8(.7.249) randomly hangs with eglibc 2.11

That issue was found by Google folks, because Puppet was hanging. After a lot of (quite heated) discussion, it was found that the problem is caused by something in eglibc 2.11: the problem can’t be reproduced in a Debian unstable chroot (with eglibc 2.10), but is reproducible if you just upgrade glibc to 2.11 (which is in Debian experimental).

It is not clear at all whether it is a glibc bug, or a ruby bug: Ruby has shown in the past that it was making some assumptions on the behaviour of pthread. It is possible that a valid change in glibc conflicts with an assumption made by Ruby.

Still, I wonder why Ubuntu chose to release with eglibc 2.11, while Debian still only has 2.10 in unstable, and Ubuntu doesn’t really have a lot of people with deep glibc knowledge. (Update: I assumed we would release squeeze with 2.10, but the eglibc maintainers plan to release 2.11 in squeeze.)

That issue is tracked in Launchpad as bug 520715 (which was reassigned to eglibc), and in Ruby’s redmine as bug 2739. Debian Squeeze isn’t affected by that issue, but we are likely to get bitten as well after Squeeze if a solution isn’t found by then.

As Ruby maintainers in Debian/Ubuntu, we can’t do much about this issue, because it requires either a lot of glibc knowledge, or a lot of understanding of the Ruby threading code.

Ruby 1.9(.1.37{6,8})’s test suite hangs on Sparc

The development branch of Ruby (declared stable by the interpreter developers, but not considered as such by the third-party libraries developers) also has interesting issues. Its test suite hangs on sparc, but only (apparently) on specific CPUs/kernel versions. Here again, it is not clear whether it is a Ruby issue, or a kernel issue, for the same reasons as above. It is also possible that it is fixed in Linux 2.6.32, but the Debian build daemons run the lenny kernel, so we can’t check that. This is tracked as Debian bug 565765, and is not tracked in Ruby’s redmine, because Sparc is not supported by the upstream Ruby developers.

This issue really requires Sparc knowledge (and access), so as Ruby maintainers, again, we can’t do much, besides coordinating and poking the various people that can help.

07 March, 2010 09:58AM by lucas

March 12, 2010

March 11, 2010

Day by Day Itinerary

March 10, 2010

Firefox and automatic proxy configuration

March 09, 2010

Post Scriptum

March 08, 2010

Temporarily disabling file caching

The Threat

The BIOS and the Bootloader

How to run User Space

Maintaining the Virtual Machine Image

Would this be Accepted?

March 07, 2010

Planet Debian

Search

Planetarium

Hidden Feeds

Subscriptions