Yes, I've been quite unfair to Ubuntu forums. While I'd still prefer if they (= not Canonical; Ubuntu forums is just affiliated) would enable some searching for non-registered users, I have to accept that they only have limited hardware resources. And of course I'd like to see them using Opensource Software for their forum.

When they enabled searching apparently they were flooded with requests. This goes so far that there are even rumors about a DDoS launched against their search functionality (the mails I received from UbuntuForum admins did not contain this claim).

UbuntuForums definitely is a huge forum. The front page says "Threads: 243,764, Posts: 1,440,895, Members: 160,228, Active Members: 121,548".

Well, 1.4 million posts definitely is a load of data to search in. I don't know if phpBB and similar opensource forums can handle these numbers (I have very little trust in any PHP solution, as you might now, and I dislike phpBB a lot). However I believe they're more likely to receive support by their developers for modifying the forum to handle such numbers. If they actually perform worse (which I don't know. Has anyone resources on the performance of different forum solutions with huge user and post numbers?)

Maybe they're just hidding limitations of vBulletin now, too. I could imagine they need to replace the built-in search functionality (which I guess is MySQL-based) with e.g. a lucene based search. This should also allow better distribution of the system onto multiple computers.

Anyway, I didn't mean to flame the Ubuntu community that much. It's just that the forum lost the one essential function for me this way - searching if the answer to my question is somewhere in there. (And yes, I know that registering isn't hard, and that they don't even verify the email address.)

I'm trying to get compiz working on Debian.

The xorg packages in experimental include AIGLX, so I hoped this would be rather easy... and indeed, just a small tweak to xorg.conf ("Composite" "enable") and I seem to have everything I need:

> glxinfo
[...]
direct rendering: Yes
 [...] GLX_EXT_texture_from_pixmap, [...]
OpenGL renderer string: Mesa DRI Radeon 20060327 AGP 8x TCL
OpenGL version string: 1.3 Mesa 6.5.1
[...]

So I build a recent compiz (post 0.0.13, from git), and also grab a patch which supposedly adds AIGLX support.

After restarting my Xserver and logging into gnome I see this:

Quite disappointing. Some window borders are drawn, some background, then all drawing is stopped. Looks to me as if the driver freezes. CPU load is 0%, I can switch to the text console, but when I switch back the screen completely freezes. I still see my text console contents, but can neither switch back to text console or to the X server.

The only way to get my system into a usable state again is to login via ssh and killall -9 Xorg.

It's very plausible, that this is an issue with my graphics card. It's an Radeon Mobility FireGL 7800 M7 (RV200 series). Apparently not the best of their products: the official ATI Linux driver doesn't support it. But the opensource driver works fine, I have 3D acceleration at 1600x1200.

Anyway, if someone has more success with compiz without using Xgl or proprietary drivers, I'd welcome pointers.

[Update: if I recall correctly, the results with Xgl on this machine were the same, some window borders were drawn, but it was otherwise unusable]

I don't care about wobbly windows and similar gimmicks - but I'd like to benefit from off-screen rendering for faster desktop switching.

Today I was trying to find some information in the Ubuntu forums.

I'm seriously annoyed. There was one thread that seemed relevant, but it has some 310 pages. Yes, thats over 3000 posts.

Unfortunately, Ubuntu (and I consider this arrogant behaviour) doesn't allow you to search the forum or access attached images if you are not registered.

I can understand things like spam protection. But WTF do you require registration for searching? I mean... I was trying to find out if the Ubuntu community could help, and all I get is "register first"!? Thats pure harrasment of non-registered users.

I don't think I'll bother to remember another username and password just for their crappy forums. I hate forums anyway. And the size of that thread just shows that forums don't scale well. Especially if you can't search.

[Update: yes, I've been a bit harsh here. The front page says that they're experiencing speed issues, and thus have disabled search within the forum. Actually I can't believe that search requests make such a huge load (especially compared to me browsing a 30-page thread...) - but maybe their search function is just implemented badly? I wouldn't be surprised if they do some huge SELECT to search, and don't have an index optimized for text searching.

Maybe they shouldn't be using a closed source software for running their forum. I guess they could just fix the search functionality then. If opensource software doesn't meet their requirements, they're bound to get some support by the community to make the software meet them, if vBulletin actually is better in some points. IMHO vBulletin sucks. And given the speed issues "it is what the admin prefers" might miss some important point - that at some point you can't just keep getting a larger CPU]

Heise meldet, dass auf den kanadischen Microsoft-Seiten Preise für Windows Vista aufgetaucht sein sollen.

Für die einfachste Vista-Version ist demnach mit einem Preis von nicht unter 150 Euro zu rechnen, "ernsthafte" Versionen dann eher 200 Euro (und die teuersten 300 Euro).

Wenn ich mir anschaue, dass der PC den ich neulich für meinen Vater gekauft habe 400 Euro gekostet hat (ohne Monitor), dann bin ich froh dass mein Linux da nur mit 0 Euro zu buche schlug, und die Kosten nicht mal kurz um 50% in die Höhe getrieben hat.

Mal ganz davon abgesehen, dass das 64-bit Linux den Rechner viel besser ausnützt als Windows. Insbesondere wenn mehr als einer dran arbeitet, so kann ich z.B. den Computer "nebenbei" als Rechenknecht für meine KI-Experimente oder zum compilieren von irgendwelchen Programmen nutzen, und mein Vater merkt beim surfen davon gar nichts.

/etc/init.d/cryptmount: 16: source: not found
/etc/init.d/cryptmount: 19: Syntax error: "(" unexpected

Another bashism. Policy violation in section 10.4. Severity "serious", but trival to fix.

I thought we had managed to get rid of all unnecessary bashisms.

Any Debian Developer should use e.g. dash as /bin/sh to avoid these bugs. It's faster, and bugs triggered by that are rare.

Speaking of cryptmount:

Dear Lazyweb, how do I get pmount/gnome ask for the luks passphrase using a graphical prompt? Right now, if Gnome tries to automount the encrypted drive, the password will be asked on some /dev/null device and pmount will hang.

Ajax isn't progress, it's actually a step back.

Most people have been happy to actually use some sane advanced language for doing web sites. There is Java, JSP, PHP, Ruby, Python, Perl, ...

And then there is Ajax. One of the main components is JavaScript. That language most of us would have loved to forget. Forever.

Ajax brings you back into the dark ages of internet development, with browser incompatibilities, it features memory leaks, and many Ajax apps (such as live.com) will run unbearably slow on older computers. Such as my 1.8 GHz P4M laptop. If they work at all - live.com just shows "Loading..." for me right now.

Have you ever looked at some of the actual Ajax code?

This isn't the future, this is the dark ages coming back!

[MJ Ray replies that I didn't mention accessibility issues with Ajax. That's true; I'm aware of them, but this post focuses on Ajax doing away with all the advances in programming languages and software engineering... The in-accessibility of Ajax stuff is worth an own blog post sometime]

Talking about logic, and where people fail at understanding it...

Fun with stupid Google queries - Is there any page about Google and not Google?

Wonder how big the Google index is? Google OR -Google.

(I'm aware that the count is imprecise, it's just funny that this query is actually processed.)

Now let's look at MSN. google 64741016
-google 4669973284
okay. that should make "4734714300"... google OR -google 5156927770 - oops, magic new hits.
-google OR google 68735504
So where are the 5 billion pages that have "google or -google" but not "-google or google"?

And how about MSN OR -MSN - there can be only one.

askdjfhsakdf OR -askdjfhsakdf - top result for this garbage word: Google!

askdjfhsakdf OR -askdjfhsakdf Google results are consistent. I wonder what their sorting is in this case... random? hash function? age?

Remember Googlestossen? Like Googlewhack, but with scoring. There must be only one hit with both words; score = # of hits with word 1 * # of hits with word 2

A typical web page will consist of dozens of files - images, javascript, CSS.

Web browsers usually load 2 files in parallel (recommended by the HTTP/1.1 spec to use max 2 keep-alive connections). If you are including many javascript files in your <head /> element, these will probably be loaded first, the images second. This is the effect of images appearing "late" over slow connections.

However, if your page can be displayed without the javascript (which is very recommendable because of accessibility issues), you might want the browser to load the images first. If your page totally relies on JavaScript - bad luck for you.

In order to improve your load times, you can use some simple techniques. For example by putting images on a separate server (e.g. images-amazon.com, yahoos yimg.com, static.flickr.com, photos1.blogger.com).

[Update: I'm not suggesting you (ab-)use one of these sites for hosting your images, but these are examples of big services using this technique. Blogger, btw, has a referrer filter, so it won't work. And it breaks "planets", so I actually recommend you to use a different blogging service.]

This is a common practise for large sites, for several reasons:

• A web server serving exclusively static images can use a more lightweight, more performant web server software
• It can benefit from different caching strategies
• It can benefit from different hardware choice (e.g. slower CPU but more memory; raid not really needed, better to have two servers etc. pp.)
• Images usually make up a large chunk of the traffic - but they're easy to replicate to a worldwide mirror network
• Authentication, cookies etc. don't need to be sent
• Might be outsourced, since it doesn't contain business data
• Images can be loaded via separate http connections

The last point is the inspiration for this posting - while your web server is still busy building some dynamic web page or serving some Ajax requests, your image server could already be sending out the images.

This might give the user the impression that your web site is much faster. Most users are broadband - but they still have some latency. In fact, latency has increased for many users with broadband due to interleaving on DSL lines, for example; ping is higher with regular DSL lines in germany than it was with modems or ISDN.

Some relevant pages: HTTP/1.1 Pipelining [w3.org], Mozilla pipelining FAQ [mozilla.org]

Opensource has some scalability limits. A recent blog post shows that e.g. Gentoo is suffering from similar effects as Debian.

I believe this is a matter of size, so I doubt that Ubuntu will be immune to this just by it's Code of Conduct and similar things.

There is this well-known idiom: "too many cooks spoil the broth" - I think this applies to Opensource work, too.

Given that we all want "democratic" work, without having a cabal do the important decisions, I see only one way to resolve this.

Subprojects. Just like a distribution doesn't inherit all the software package communities problems, we should try to avoid "aggregating" all the issues at a distribution level.

And if you take for example Gnome, many developers are involved only in a few applications, and the communities in each application are probably not of the "critical mass".

Examples of such subprojects in Debian include:

• installer work
• architecture porters
• team maintainance of large package sets

Maybe we can find a way to make more use of these effects, that smaller groups usually work together much better. I'm not sure yet how to add extra "sub-communities". Some like team maintainance oranize themselves, which is probably best. Some parts can move to freedesktop, becoming "upstream", and joining efforts with other distributions. Some were created on "alioth". So I think Debian is already on the right track here.

Anyway, I'm not a "key player" in Debian, and I'm probably not going to change this. But I'll personally try to follow some simple guidelines to make life nicer for everyone.

• I try to not participate in flame wars. If a mailing list is frequently ridden by flame wars, it's best to leave it alone. There will just be new flamewars coming up again and again. Instead, I try to use mailinglists with fewer people, that maybe are more on-topic.
• I don't read threads that obviously got out of hand.
• I don't read debian-devel. It's a waste of time.
• I try to keep out of other peoples work. Either I become a "serious" contributor, or I let them do what they think it's best. I'm likely less capable of seeing how it all works together if I'm not closely involved. Pinging or filing "wishlist" bugs is of course okay, but you have to accept the decision of those doing the actual work.
• I try to keep stuff away from the full community. Discussing it within a smaller group (the people who actually do the job) is more productive, and you probably won't get much extra results from asking a larger group - but you'll end up with lots more fighting.

Tag clouds [en.wikipedia.org] are a current must-have for web 2.0 applications.

Examples can be found for bookmarks, blog entries, photos, music or books.

Tag clouds are hip, because they're a dynamic feature and show the "Zeitgeist" [wikipedia]. They given an overview on the users ("California" in flickr) or on current hot topics ("Israel", "Lebanon" in technorati).

However, tag clouds also have severe limitations.

First of all, they're arbitrarily ordered. Usually alphabetic, so there is no content relationship among the entires.

Secondly, they only show an excerpt, since there are usually much more tags than fit on the screen.

Thirdly, they're atomic information, whereas relations as used e.g. in RDF [wikipedia] can convey much more complex information.

I'm trying to push tag clouds to a next level. They're a gimmick right now, but maybe we can make them to a powerful navigation tool?

Together with Enrico Zini I've just created my first tag cloud (I've skipped making a tag cloud for my blog...).

Well, it quickly evolved beyond a tag cloud. You could maybe call it a tag sky. Or tag forest.

I'm not using my blog or something like this for the tag cloud. That would be quite boring, I'm not doing real tagging on it. Instead I'm using software tags. The Debtags project, led by Enrico and I, has been working on software tags for some years now during our spare time. We have about 600 tags in a dozen of facets, and 15000 software packages (I don't have the number ready how many of that are somewhat tagged already). Well, the tagging efforts are still far from complete, thats why we're currently working on an AI to assist tagging efforts, too.

We generated two different renderings of the tag clouds for you: one separated cloud per facet, and all folded into one big cloud. Oh, and actually click on one of the tags, it will take you to a more complex tag-based navigation tool and a tagger.

So what makes these different from the usual tag clouds you see everywhere (apart from the sheer size, sorry about that. Maybe we'll add buttons next to hide/show tags with low occurrence numbers)?

Well, the tags next to each other aren't completely unrelated any more, since they are (in both renderings) grouped by their facet. This makes it easier to locate something - go through the red facets first, then look at the tags in the group.

I'm thinking about a second step, which would involve dynamic expanding details in the tag cloud, or hiding them, finally transforming the tag cloud into a true navigation utility beyond a "single click filter".

In my final diploma thesis, one of the topics to work on suggested by my professor is doing "tag clouds" (i.e. weighted lists) for relations. The prototype will likely be integrated with the IkeWiki semantic wiki. I don't have a clear vision of how the "relation cloud" will work or look like, but I havn't started with my tesis yet anyway. I currently imagine up to three clouds (corresponding to the empty places in the relation) that will dynamically adopt to the choices already made by the user. Some zooming will probably be needed, too.

Another use of tag clouds would be a visualization of the AI - the weights could be chosen by how sure the AI is about this tag; the cloud would then describe the AIs rating of a software package description.

If you have some ideas, good links, relevant papers or other feedback, just send me an email to erich@debian.org. Thank you.

I've been using the maildir format for my mail boxes for some years now. I'm really happy with this solution - no locking issues, and decent support in all applications I use.

(Well, evolution has been crashing with Maildir recently, but switching to using a local IMAP server resolved this just fine.)

But the biggest benefit of maildir is that it's dead easy to write your own tools for it. I've written a small perl script that moves read mails that are not flagged into my archive after 30 days. Over the last few years, this archive (not containing large mailinglists such as debian-devel which are publicly archived) has grown a lot.

Now the benefits of maildir, a separate file for each mail, turn into drawbacks. For my archive, I don't need to care about locking or random access. Actually I rarely access it ever. But since a file always occupies whole blocks, my mailarchive occupies 1.6 GB on my disk, with just 1.2 GB of data. An experience value is a compression ration of around -60% for bz2. So by switching from Maildir to mbox.gz I can probably free up 800 MB on my disk. (And I'll move the older years onto my encrypted backup HD anyway)

Now I'm looking into scripting the conversion from Maildir to mbox.gz. I'm still a bit undecided on which tools to use...

[Update: python2.5 has support for mbox and maildir... Here's maildir2mbox in 5 lines of python:

import sys, mailbox
md = mailbox.Maildir(sys.argv[1], None)
mb = mailbox.mbox(sys.argv[2])
for mail in md:
        mb.add(mailbox.mboxMessage(mail))

... denn woran erkennt man einen Terroristen?

Und wie viele Polizisten braucht man, um die ganzen Kameras "live" zu beobachten? Währen die nicht vielleicht sogar besser "vor Ort"?

Nein, was man mit der Videoüberwachung erreichen kann, haben wir bei den "Kofferbomben" schon erzielt: grieslige Bilder von den Attentätern, nachdem man ihre Bomben gefunden hatte (oder sie explodiert wären) und tagelang (!) das Videomaterial ausgewertet hat.

Mit der Verhinderung von Anschlägen hat das nichts zu tun!

Sehenswerte Parodie bei Youtube... Nazis brauchen unser Verständnis, auch wenn sie Arschgeigen sind. Schließlich sind sie sozial isoliert usw. und brauchen unsere Hilfe, sich wieder als ein vollwertiger Teil unserer Gesellschaft zu fühlen. Anschauen und lachen. Und zur nächsten Demo gegen Rechts gehen.

So where will search engines evolve to?

With Google not doing many improvements to their search results page, I can see a certain group of users actually preferring other search engines.

Live.com - Microsofts new generation - is so slow here, it's unuseable. And it actually doesn't have any benefits over Google. In fact, it looks like an mere ajaxified copy of Google.

More interesting are the contenders Snap.com, Exalead and Clusty.

Snap.com definitely has the prettiest Ajax interface of the three. It has keyword completion like Google Suggest, and will display a screenshot of the currently selected result. However it only displays one screenshot at a time; and since screenshots are most useful for finding again a page you didn't bookmark thats only of limited use.

Clusty offers you the benefit of grouping the results automatically by topics. If you aren't very experienced at searching, this can offer huge benefits for you. Searching e.g. for "sports" with Google is rather pointless. Clusty actually gives you useful ways of refining your search.

Exalead sits inbetween. It has an ajaxish interface (but isn't overdoing it like live.com), it has screenshots (but not as big as snap; you can get an overview with 12 screenshots per page which is IMHO much more useful; however there are still some slight bugs) and it has some clusterin (though not as good as Clusty, but you can select multiple clusters)

Anyway, I'm looking forward to what these search engines become, and what Google will do to draw even with them.

(Yes, I'm aware that some people like Google because of its minimality. But not everyone does. Some users will actually need search assistance such as offered by Clusty and to a lesser extend by Exalead.)

I'm giving up on backporting SELinux to sarge. Too many changes are needed in too many apps to make them really compatible with SELinux. Nothing serious, but just lots and lots of small things.

For example, the amavisd-new package will need a cronjob modification. This has already been resolved (somewhat) for unstable, but it means I would need to provide a modified amavisd-new package or a backport.

I hope that when etch gets released end of the year (and I actually believe this will happen), many issues will already be resolved. But it depends of course on many people using SELinux in different settings.

My most-annoying-issue with SELinux on Debian: cron bug #333837, open for some 300 days now.

The debian cron package will backup e.g. /etc/shadow, which actually sounds like a quite inappropriate place for this task. And of course it's all in one file named /etc/cron.d/standard, instead of e.g. /etc/cron.d/backup-key-system-files or so, which I could then label backup_exec_t or something else to assign the special privilege of reading shadow files...

It's bugs like these, unhandled for 300 days, together with having the impression of being the only one trying to get SELinux running and receiving basically no support by the SELinux upstream "community" (which is almost exclusively "enterprise", it seems). It's pretty much like everybody wants you to not use SELinux. Or in my case, not enable people to use SELinux on Debian, since I'm not just "joe average user", but actually trying to add SELinux support to the Debian distribution (which would help Ubuntu to get SELinux, too. The Ubuntu people seem to have given up on SELinux already).

Debian has a small app named "savelog" which can rotate logfiles, compressing the old versions and rotating filenames. It's used in a couple of startup scripts and cron jobs.

The script is labeled logrotate_exec_t in SELinux, giving it the appropriate permissions to modify logfiles.

However, it's also used to rotate backup files of e.g. /var/lib/dpkg/status; which is not a log file; the backups are kept in /var/backups, which is somewhat appropriate.

However, the files in the backup dir are labeled backup_store_t, and I'm not sure if I want all logrotate apps to be able to write there...

It would be nice if we wouldn't have

• multiple apps for log rotation (e.g. logrotate, savelog, built-in functionality of some services like metalog)
• Cleaner separation of config files and shell scripts, so SELinux domain transitions could be inserted easier. If you stuff a whole shell script into /etc/cron.d/foobar, you're doing something really bad...

This is a very interesting read on using liquids to bomb an airplane. It seems to be very well informed about the chemistry you'd need.

It boils down to: yes, you could make explosive liquids, but it would take too long, too much cooling and too much space. Oh and every average airport staffer can tell it apart from shampoo, because shampoo just doesn't smell of nail polish or highly concentrated sulfuric acid.

So they're just doing security theatre (Wikipedia). I believe that they arrested people who planned to do some attacks. I can't tell if they had workable plans. But the new "security measures" are bullshit.

If you need weapons on an airplane, just buy some duty-free whiskey, smash the glass and there you go. And while you think about that, stop the paranoia, please.

Neues Logo der Fakultät für Anarchie, äh, Architektur and der TU München... Ohne Worte.

Das der Fakultät für Informatik erinnert dafür an den "Knopf mit der russischen Beschriftung" - Poweronoff. Ob das Absicht war?

Tja, bei Informatik denen die "Mediengestalter" halt an Nullen und Einsen. Dabei würde ich demjenigen, der diese Logos entworfen hat keine Eins geben, sondern ihn dafür eine Null nennen...

P.S. Die LMU ist natürlich auch vom Corporate Design-Virus infiziert... positiv dabei: aus Gründen der Barrierefreiheit (Wikipedia) "möglichst kompletter Verzicht auf Flash und andere multimediale Webtechniken" sowie "Größtmögliche W3C-Konformität".

Mal sehen, wann die Fakultäten dieses neue "CD adaptieren", wenn überhaupt...

Tons of videos on YouTube use background music. Usually its some well-known song, in full length. So the authors are violating the song artists copyright, aren't they?

I wonder when RIAA will target youtube users because of the background music used in their videos.

For example the Israel attacks, Lebanon burns pathetic "video". Isn't that U2 in the background and thus most likely a copyright violation (apart from all the photos which most likely are just copied off some web site).

And there a tons of examples. I bet you'll find people dancing to all kind of copyrighted music on YouTube...

Debian GNU/Linux is now thirteen years old. My favourite Linux distribution. Congrats, everyone who contributed! I'll be going to the Munich Debian birthday party tonight. (Aka: Stammtisch)

Yeah, I know that many people think it's a feature that we don't have everything Debian-branded - some people might like to.

Recent blog posting with Fedora Core 6 artwork. They also have a larger section in their Wiki dedicated to artwork.

The AMD64 system I installed these days welcomed me with an unobtrusive Debian wallpaper and Gnome splash. Thats not bad, but not really different from other distributions. Actually blue is kind of Fedora-ish, IMHO. Ubuntu has this yellowish-coffe-chocolate-look some like and some hate. SuSE has this green of the chameleon. But what does Debian look like?

A long time ago I modified the color schemes of some of the GTK engines. I just noticed that these color schemes (e.g. CleanIce-Debian) still exist, however the "light" color still strikes me as odd. I still like the dark highlight color, although readability isn't too good with dark fonts. DebianRed also still exists, and doesn't use these rose "background" highlights, but white or grey. That is a bit better IMHO.

Anyway, maybe someone could pick one of the nicer GTK themes and update or fine-tune the color palettes. Or maybe come up with something completely new. "I miss the chicken" ;-)

As mentioned here (referenced by SlashDot), Google doesn't want you to use the term "to google".

You're supposed to "search using Google" instead, apparently.

Actually I think Google owes much of it's current brand value to it being - in contrast to e.g. MSN search - (ab-)usable as a verb.

My experimental SELinux for Debian sarge backports have been updated. The core libraries and utilities are updated to the versions just uploaded to unstable.

Therefore, they may of course contain the same bugs as the unstable versions and since I redid the packaging of libselinux and libsemanage - I didn't understand Manojs packaging system, and these packages needed larger modifications for sarge python support - they may also contain extra bugs.

But even users of unstable might be interested in grabbing the "refpolicy" packages from this repository. These packages are now a modular policy. This is possible since the just uploaded toolchain finally has working policy module linking and results in a significantly smaller policy, since you don't have to add rules for software not installed.

To support this, I've written a tool to resolve inter-module dependencies and to automatically install modules matching the software packages you have installed. Expect to see this in the unstable refpolicy packages sometime, too. Maybe someone else will contribute a ncurses frontend to select policy modules.

Please note that bug reports should be directed to the Debian SELinux Mailing Lists. Please use the mailing lists, instead of just contacting me directly.

On a side note, I don't know if I'll be continuing these efforts.

Daniel Burrows writes "and the built-in graphics card (usually Intel) on the motherboard is just fine for that."

I would agree with you, if I had an built-in graphics card with Intel.

That is in fact what I'm aiming for for my next laptop. But actually none of the PCs I have in my house has Intel graphics, unfortunately. Intel graphics is pretty much restricted to Core CPUs and Laptops. Which sucks.

I wish there would be more "budget" systems with Intel graphics. As you mentioned I don't need high end graphics anyway. I actually don't need high end CPU anyway (power consumption is more interesting, and the value/price ratio). I wish I could have bought a system with Intel graphics, but that would have been twice the price.

I wish we had some standard like VESA, just a bit more modern. Like having sane refresh rates for non-TFT screens and maybe some extra acceleration.

Oh, and I actually doubt that ATI would give away much secrets if it would allow distributing the existing opensource X drivers. It's not as if the specs of their CPU would be a huge surprise to Nvidia. Some actually say nvidia builds the better graphics cards. And Intel does even give away source code. We're not talking about chip design here, or driver optimizations. Just the plain registers and ports. heck, ATI, Nvidia and Intel could probably even agree on a standard here, except it would mean they'd need to change their drivers and hardware for the next generation with really no visible benefit to them (only to us, we could maybe run the basics with the same driver).

ATI is reported to not plan to release their drivers into OpenSource. Too bad. And I don't plan to buy any more ATI graphics. I'll go with Intel.

Actually it would be sufficient if they would release the specifications. We don't really want to see their "patented optimizations" (which probably are just for cheating in known 3D benchmarks anyway, so what would we gain from that?).

We'd be happy if we were allowed to distribute the already written independent driver. Which is blocked by an NDA, not by some "patented optimizations".

Anyway, I'll buy a new laptop end of this year, and guess what - it will have Intel graphics. They've already released drivers for their next chip to be released.

My current laptop, an IBM Thinkpad A31p, has an ATI graphics board. Which is not supported by the ATI driver. Fortunately there is an opensource driver which works fine, with 3D acceleration. Another reason I'm not going to buy any ATI, you never know when they decide to no longer support your board.

I'm going to join madduck, Gunnar Wolf and Julien with their negative experiences with XFS.

The celeron 412 I mentioned before had an XFS filesystem since a few years. It replaced a raisswolffs.

It certainly worked better than raiser. But as said, that old machine has been crashing, and when I copied over the data for my dad to his new machine, I noticed that his .gconf file was destroyed by XFS. All 0-bytes, typical for XFS. If the file is damaged, just fill it up with zeroes? I've seen 0-bytes a couple of times before in log files on XFS partitions that were open during a crash. It sucks that gconf didn't keep a backup.

Anyway, the .gconf file includes his evolution configuration, amonst other stuff. Thats how we noticed (apart from all other gnome settings being gone, too), since restoring evolution was the top priority item for me.

Fortunately, I picked ext3 when setting up the new system. I never had experiences with ext2 or ext3 as bad as with xfs. Or reiserfs, which just trashed the whole filesystem when I ran "reiserfsck". Thats not what a fsck is supposed to do, is it?

Up to now, my dad was using my old desktop PC, a celeron 412 MHz (366 overclocked) with Linux. Unfortunately, this trusty companion started to freeze within a few minutes after boot (even in BIOS). So after some 7 years, a replacement was needed.

The guys at the computer shop (Computer Gallerie in munich) tried to convince me that nvidia is best for Linux. Basically I followed this recommendation because ATI isn't better, and there are not Intel-based onboard graphics for AMD. And AMD Sempron sounded like the cheapest CPU. And definitely cheaper than an Intel Core... But dudes: Nvidia is NOT included in the kernel. Trust me on that one. Nvidia is non-free, and their drivers most likely violate the GPL.

So I ended up buying an ASRock 939NF4G-VSTA mainboard and an AMD Sempron CPU. 1 GB of RAM, an HDD, an okay housing. Just below 400 Euro, that is what I had expected.

After some fighting with the hardware (the HDD didn't fit into its slot, I had to bend away some metal. No docs on which way to put the power LED plug on etc.), I was finally able to boot the system.

I used todays daily-build of the netinstall CD image for AMD64. I.e. the to-be etch installer. Worked like a charm. After some downloading over my 2 mbit DSL line the system was up and running. Graphics were VESA, as expected. With some fighting with the annoying non-free Nvidia drivers, I had them working, too. Ethernet worked out of the box; I don't know about S-ATA (a driver is loaded though), temperature sensors seem to work, too.

Sound doesn't work yet. The snd_hda_intel driver is loaded, however there is no sound to be heard on any of the 7.1 channels. The mixer only shows "Master" and "Capture" volume controls.

If anyone knows how to get sound out of a

00:10.1 Audio device: nVidia Corporation MCP51 High Definition Audio (rev a2)
Subsystem: ASRock Incorporation Unknown device 0888

[Update: this is a realtek ALC 888, there is a patch for this to come in 2.6.18...]

Anyway, I now have a AMD64 box, and as soon as I've setup some i386 chroot I'll have a useable build-box after all. ;-) And maybe I can do some SELinux testing on it, too. OTOH, I should get myself a diploma thesis topic now, and work on my final thesis.

Dear Lazyweb, where do I best put the following workaround

echo "Initio:WD2000JB-00EVA0:0x4000" >> /proc/scsi/device_info

I have bad luck with external drives. The first I bought is apparently a faulty prolfic PL3507. From all the other reports that happens quite often. And now my replacement housing, bought via ebay, works okay, but only with above workaround (which tells the kernel to ignore certain bad replies from the drive that make the kernel believe its read-only).

I also have a 2.5" housing with the PL3507 chip, that one works fine. But two out of three having issues, that sucks.

Now thats what I'd call good news (URL from #debian-devel)

This infoworld article claims:

AMD is strongly considering open-sourcing at least a functional subset of ATI's graphics drivers

Well, the article has some other facts wrong:

If AMD's graphics cards were the only ones with open device drivers, it might affect a buying decision or two.

Well, you know. There is not only Nvidia. There is Intel. And for both the R200 ATI Radeon series and the Intel video chipsets there are opensource drivers with 3D acceleration. It's not as if AMD/ATI would be the "only ones". Wait. Intel? Isn't that like the main competitor of AMD... AMD should better try to draw even!

But yeah, if AMD would do that, Nvidia would have some issues selling their stuff to Linux users. Manufacturers that try to sell desktop linux computers will prefer AMD if it's better supported out of the box (for servers, neither ATI nor Nvidia is relevant, of course).

For example Lenovo is reported to (plan to?) sell Thinkpads with SuSE Linux preinstalled (I'd actually prefer if they would sell them with FreeDOS preinstalled at a lower price); but if they preinstall the NVidia drivers (and some other things such as Intel wireless), they might violate the GPL or some of the other licenses, apparently. I don't know, just hearsay.

According to technorati, the top tags blogged about are: Israel, Lebanon, Herzbolla, Iraq, War, Bush, youtube, Sex.

Says a lot about these stupid wars that they take up 6 of the top 8 spots. (Yes, I'm counting Bush as a war tag, otherwise he'd never beat Sex)

As with youtube, I just wonder when they start running into some serious legal trouble, and how they can pay their traffic bills on the long run. Especially when people put the videos into their blogs, youtube doesn't get a single cent from advertisments. Or my filters are too good.

Kaum ist der Standard verabschiede, schon kann man ihn verabschieden:

E-Passports, die mit einem RFID-Chip versehen sicherer sein sollen, können offenbar ganz einfach kopiert werden.

Wie erwartet erhöhrt RFID also in keiner Weise die Sicherheit - aber macht es leichter, jemanden zu überwachen. Denn während man den alten Passport auf einen scanner legen musste, um die Passportnummer zu lesen, geht das jetzt bequem über Funk. Super...

Artikel auf wired.com, in englisch

Meldung auf heise.de

Fazit - wie erwartet: RFID-Chips im Passport erhöhen nicht die Sicherheit. Wer den Politikern was glaubt wird selig.

As reported on engadget, E-Passports have been hacked less than one month before they are to be deployed.

Apparently "hackers" (well: scientists) were able to copy the electronic passport. So seems like after all, the physical properties of the passport are still the more secure part.

Note that you don't need RFID for making passports fast to read. My passports have been featuring easily machine readable letters for ages. And of course there are bar codes, too. No benefits from wireless here.

It's all about tracking. About cutting into your privacy.

Other related articles: VeriChip VeryEasy to clone

longer article on this "hack", on wired.com

If you have some simple local modifications to your policy (not using many interfaces etc.), you can grab this local module example tarball, and make a proper SELinux module out of your changes. Maybe you can then avoid building your own policy.

Notice that you can't use any macros with this standalone module source, making policy writing there a bit more difficult than necessary. :-(

Based on the Fedora SELinux FAQ.

I still wish we could get rid of the full M4 complexity for building the policy, and instead use something easier to reuse in such situations.

My latest music CDs (of course already ripped to my Ogg Vorbis player... CDs suck usability-wise, actually...):

Sing when you're Swinging

Two CDs - the second is titled "(If you can't sing it) You'll have to swing it" - with recordings of the swing era. Some slow, some better for dancing. Rather cheap, and well worth the money unless you have many songs of that era already.

Pop swings

This CD is a mixed bag. It's swing covers of well-known songs of the 70s-90s. Some work great, others don't. A lot is personal taste, depending on the memories you have of the originals or how you liked them. If you didn't like the original, you might like the swing cover. If you loved the original, you'll likely hate the cover, just like any cover. The funniest thing is that one artist, Paul Anka, is on the CD in both roles, as cover artist (Smells like teen spirit) and as original artist (Diana). This is a CD you can't really listen to on-block (thats why CDs suck) or play on a party. You'll usually pick some specific songs.

Perfect for parties

The full title is

Bear Family
"Perfect for parties
Highlight Album

Note: above amazon.de links will earn me a tiny commission. It would be nice if you'd use them if you plan to order some of these CDs. Thanks. It will certainly never pay off, but when I set links I can as well set some that might allow me to buy myself a CD from it sometime later, too. ;-)

I've recently used bittorrent a bit. For example, I loaded the Ubuntu installer CD with it. For power users, I think rtorrent is a good client.

I tried freeloader, but apart from some obvious bugs (it doesn't save the maximum bandwidth settings value), i'm lacking interesting information such as the number of peers or of distributed copies.

When toying around with rtorrent and it's options I noticed a couple of interesting things.

First of all, if you're firewalled, you'll be much slower. Allowing incoming connetions (and having a port forwarding in your router) makes a huge difference in the number of peers. My estimates are that 70% of peers are firewalled; if both of you are, you can't transfer data!

The other thing is that apparently BitTorrent clients use some kind of "Tit for Tat" strategy. They request a packet, you request a packet. If you don't send them data, they'll stop sending you any. They'll still eventually retry (maybe you were overloaded), but largely your download speed will be related to your upload speed. I don't know how much peers (and seeds) trade information on who has which parts or is sharing how much upload speed. I guess they do somehow to deflect cheaters.

Assuming that the illegal file sharing tools work similarly, this gives some interesting (theoretical?) ways to recude illegal file sharing:

• Give people free routers - which don't have an easy-to-use port forwarding option (especially not UPnP, which software could auto-configure...)
• Tell them that downloading isn't that dangerous for being sued, but uploading is, so they should set their upload speed limit to the minimum.