In two weeks there are elections in germany for the state parliament.

I'm a member of the green party in Germany, and they again reflect my views very much. They focus a lot on privacy, freedom, equality and peace.

It is very unlikely that they will be part of the upcoming government (but they have been for the last seven years; unlike to the US where it's basically an either-or voting, we have more realistic choice here). It's 99% sure that the conservatives will be leading government, either with the german socialists (who have nothing to do with socialism) or the liberals. Their campaign is focussed around unemployment, and basically they promise that unemployment will decrease by cutting social security. They also want to increase security a lot (not that we have a high terror risk anyway...) and don't really care about privacy, freedom, equality or peace. They would sacrifice any of them to increase economical growth (because they expect that this would decrease unemployment, although there is serious doubt about that... it's not like we wouldn't produce enough. We produce more than we can sell, basically...)

Anyway, it's been very disappointing watching their campaigns. People don't care about their privacy, they want somebody to tell them "we're going to do everything different (but don't yet know what exactly), and it will be better afterwards". Or - the new left-wing party - "we're going to do everything dfferent, and it will be better afterwards (when we find out how it actually works)". While a party like the greens, who have actively been pushing e.g. regenerative energies (it is expected that in a few years wind power will be the cheapest energy source) - and germany is very strong at that, and there have been thousands of new jobs in this field - is not being credited for that. People want promises, not real solutions. :-(

Gestern abend war das TV-Duell. Da unser lokaler Elektromeister es nicht geschafft hat, innerhalb von einem Monat uns ein Angebot über DVB-T und DVB-S zu machen (unser Fernseher steht im Keller, aber wir sind eh nicht mehr in dem Bereich, wo eine "Zimmerantenne" reichen würde), haben wir das Fernsehduell bei Verwandten angeschaut. Ansonsten sind wir derzeit ohne TV, was auch kein großer Verlust ist.

Zum TV-Duell muss ich sagen, dass mich Schröder mit seinen Pointen gegen Merkel ("wir reden hier über Bruttolohn, ja?") das ganze wenigstens witzig gemacht hat. Oftmals steckt da auch viel wahres drin ("Mehr Schuhputzer für Computerspezialisten" - Arbeitsplätze kann man nicht herzaubern, sondern es fehlt bei uns immernoch an der Ausbildung. Manche Leute können halt nur "Niedriglohnjobs" machen, wenn man nicht Milliarden, die auch wir nicht mehr haben, in Fortbildungsmaßnahmen steckt. Das besagen auch aktuelle Umfragen, und daran kann die Union auch nichts ändern. Merkel würde es nicht schaden, mal eine längere Zeit in den USA zu verbringen, dann wüsste sie wirklich, was echte Niedriglohn-jobs sind... Maut an Brücken kassieren, den ganzen Tag im Autodreck und den Abgasen...)

Merkel wirkte ihm gegenüber etwas hilflos, insbesondere da ihre Partei ja eben genau keine Maßnahmen nennen kann, mit denen sie die Binnennachfrage (wir sind ja inzwischen wieder Exportweltmeister) ankurbeln könnten, aber gleichzeitig die Mehrwertsteuer erhöhen. Wenn man ausser der "Wachstumslüge" nichts zu bieten hat, ist es natürlich schwer gegen den "Medienkanzler" anzukommen...

Naja, meine Meinung habe ich ja schon zuvor dagelegt. Ich wähle Grün, weil ich eine starke Opposition will. Die Regierung wird entweder Schwarz-Gelb oder Schwarz-Rot werden. Grün wird sicher in der Opposition sein - und das können sie eh von allen Parteien am besten - und da wir eine starke Opposition brauchen, brauchen wir viel Grün (und auf jeden Fall mehr als die prognostizierten 7%. 10% Grün wären toll, sind aber illusorisch!)

Die Union hat eigentlich alle Themen vernachlässigt ausser "Arbeit". Die Themen Privatsphäre und Verbraucherschutz (zugegeben, klassische Grüne und FDP-Themen) z.B. kommen doch gar nicht vor. Beim Thema geistiges Eigentum geht es der Union auch nur um maximale industrielle Ausbeutbarkeit, die Probleme die z.B. Softwarepatente für den Mittelstand darstellen, oder wie sehr unsere Kultur (!) von der Privatkopie lebt ignoriert sie komplett. Beim Thema Internet ist sie sowieso noch 7 Jahre zurückgeblieben. Die Grünen nutzen es schon lange intensiv zur Kommunikation mit der "Basis" (auch ausserhalb der Partei).

Die FDP ist da schon sympathischer: diese Vertritt zu vielen der oben genannten Themen sehr ähnliche Punkte wie die Grünen. Wie da eine Koalition mit der Union gutgehen soll ist mir schleierhaft...

Am 13. September kommt übrigens Joschka Fischer nach München auf seiner Wahlkampftour. Als Aussenminister hat er einen exzellenten Job gemacht - Deutschland ist ein angesehenes Land, das wie kaum ein anderes für Frieden geradesteht! Das reduziert vermutlich unsere "Terror-Gefahr" mehr als alle Maßnahmen von Schili und Beckstein zusammen!

Neue Arbeitsplätze entstehen hier: in den regenerativen Energien und der ökologischen Landwirtschaft ist der deutsche Mittelstand führend!

Wouter Verhelst complained about the long user-agent string of Konqueror.

User agent strings are used by many web app writers to optimize their broken webpages for what they think your browser is. As I've already said in my previous blog post, most web app writers can't write proper code (nor proper HTML). So they have thousands of broken ways to deal with user agent strings.

Even Microsoft, who is really not a fan of Mozilla, claims to be Mozilla.

Including some information about your browser and OS can in fact be useful. E.g. if you visit the firefox homepage, it will provide a quick download link for your language and operating system. Agreed: Debian users don't need this download link. Still this is a good thing at first.

If you are concerned with privacy, you should probably use privoxy, or override the user agent string. But you aren't anonymous on the web anyway...

Back to user-agent strings. I recommend sticking to the Mozilla User-Agent string specs. They have collected some experience on what you can do to your user-agent string without breaking stuff.

But I do agree with you that the full Debian package revision string is maybe a bit extensive, while the "like Gecko" thing is stupid.

For those interested, here's the Galeon string: Mozilla/5.0 (X11; U; Linux i686; en-US; rv:1.7.10) Gecko/20050802 Galeon/1.3.21 (Debian package 1.3.21-6)

There is few of bogus information here: it is Mozilla/5.0, and the "X11; U; Linux i686; en-US" stuff is pretty much standard since Netscape 3 or so. The mozilla revision 1.7.10 is what I am in fact using, the engine is Gecko while the UI is Galeon (which e.g. means that I can use smart bookmarks).

And I think it's good to include Debian in the version string. This will increase our projects visbility. ;-)

I'm very pessimistic about software quality, as you might have gathered from my previous blog post. Especially when it comes to PHP software. I havn't had any issues, just a bad feeling with lots of software.

It's way too easy to write bad code in PHP. When you write bad code in C, it's likely to just not work at all. So noone will use your software.

When you write bad code in PHP and make it generate a fancy webpage, everybody will rush to use it. I've seen really bad stuff, e.g. a Fancy looking webmail interface which had the bad habit of storing all passwords ever used in a MySQL table - but never removing them. I discovered that only when I was to migrate it to a new server. When I was about to dump the mySQL tables I almost had a heart attack. (Obviously, the web server needs to be able to read the password to access this mysql file, so any slight issue in any PHP script on that box would have allowed the retrieval of dozens of passwords!) Fortunately, only a few different users of that server have been using this webmail, while most used real email programs or the other, older webmail interface.

Then there are the recurring issues with SQL injection vulnerabilities in PHP scripts, authentication bypasses (script.php?authenticated=1) and issues when executing imagemagick.

I was the maintainer of libming for quite some time, but the code of it was pretty much unmaintainable. Every now and then, extensions would be broken. Development was mostly stalled, and I bet the code was never audited. That was when I decided to orphan and have it removed 3 years ago or so. Since then I get like 1 mail every three months asking if I have updated packages somewhere. Granted, ming development has been picked up by others in the meantime. Still I have doubts that anything except the PHP module is working...

On the long run, we would need to audit lots of code in Debian. Right now, we are relying on upstream, commercial linux distributions and external companies to do that. But look closely: Novell released SuSE to become "openSuSE", RedHat has split of Fedora. They are not going to provide much additional security audits.

Maybe we should add a Debtags tag named "quality::audited-by-independent-party".

Hmm... and maybe I should stop toying with Python. It probably is as easy to write bad Python code as it is for bad PHP code... (except that PHP code usually is unreadable, because it's badly intermixed with HTML fragments)

And I also know lots of python code I have a rather bad opinion of... (e.g. mailman, or offlinesync, which has unhandled (!) exceptions when I have accessed my email on the server with mutt, reported a year ago)

[Update: Steve Kemp sent me an email, that he agrees with my view, and points me to the Debian Security Audit project, which could use a lot of help.]

Like Clint Adams, I disagree with the opinion of Philip Kern with respect to not allowing comments on blog postings.

I do not trust random PHP scripts on my webserver. I don't want my blog to have write permissions (especially since badly written PHP scripts is by far the most common intrusion vector). I don't want dozens of plugins from different authors (who may or may not be able write secure code) in my cgis. I want to upload my blog postings with ssh to my server. And no, comments won't work that way, so what?

Of course I do update blog postings with backlinks sent to me by email (you remember email? the thing everybody used before planets were invented, and when mailing lists weren't so high-traffic you need 4h a day to keep up with) when they are really useful. I don't claim my blog is "democratic" and about free speech, but only that it reflects my own opinion.

Yes, we are abusing the blog medium somehow by "talking" this way. And sooner or later (as more people are being added to planet.debian) it will suffer from the same problems as the mailing lists did: Too much volume. Then someone will probably come up with something new. Forums btw. are neither new nor a solution, they are even worse.

Btw, I can't remember that there is a requirement to have a debian account to be listed, you just need some DD to add your blog. Try setting up a Debian category, posting some useful stuff and then ask some DD to add you)

Ah, and yes, planet Debian is broken every now and then. For example it gives out incorrect permalinks for my blog posts (what is so difficult about isPermaLink="no"?). I have the impression planet was written without ever looking at the RSS specs. And without looking at the XML specs either, judging from earlier issues (e.g. breaking whenever anyone uses an ampersand in a posting title)