... und dadurch 2 Minuten vor dem Anpfiff angekommen!

Mit dem Fahrrad ist man einfach schneller. Gestern habe ich mit dem Auto für die Strecke (16 km) eine Stunde gebraucht.

Das heisst aber insbesondere dass ich eine Durchschnittsgeschwindigkeit von 20 kmh gefahren bin. Inklusive Ampeln, einmal Kette rausgesprungen und total verrückten Autofahrern, die durch die Straßen rasen um noch schnell vor dem Anpfiff irgendwo hin zu kommen.

... sounds like a joke, but the "certificate in technology management" I got yesterday for completing a two year extracurricular program is supported by eight professors from two of germanys best universities. It's an additional degree to my regular studies, and included courses like "Business Planning", taught by top managers from major communication companies here.

I've definitely learned some thing there that will help me later when founding my own company or taking up a job with some management responsibilities.

Another very easy dish that looks and tastes delicious, while it's really easy to make. Just cook some noodles, and make a cheese sauce. But the cooked noodles into a casserole, add the cheese sauce, some tomatos, some oregano or basilicum or spring onions or some other green herbs, and add a topping of cheese and cream. Bake until you can't await to taste it.

Neulich in meinem Backofen... ;-) Lecker, und einfach.

Noodle casserole / Nudelauflauf

... if only people would use SIP instead.

But the new skype beta at least doesn't crash on startup anymore. The previous version needed a wrapper to work with my GNOME:

#!/bin/sh
unset SESSION_MANAGER
exec /usr/bin/skype

If you want to try internet telephony, I'd suggest getting a SIP software instead, for example Ekiga. (Windows users might want to try Gizmo). In fact, most DSL modems sold in germany include SIP internet telephony, and you can just hook up your regular analog or ISDN telephone to your DSL modem and use internet telephony. You could call me for free over the internet, and it will ring my regular phone.

You can get a german phone number (01212/01213) for free at freephone.web.de among others, or 100 minutes for free to german landlines at iphone.freenet.de. Other providers (e.g. GMX, 1&1) offer telephony flatrates etc.

I just tried to see if I could order a laptop with Dell without Windows. So I went to the Dell Linux page. Which totally sucked. I'm using flashblock (since flash usually sucks), and the Dell Linux page has huge flash movies on them - the regular Dell site doesn't.

Why for heavens sake does Dell use Flash on their Linux page? It's not as if Linux users care about their fancy animations. On contrary, some will probably not have Flash installed, or filtered (like me). And some will be annoyed by not being able to copy and paste the product description from that pointless flash. Even more so: all one flash does is display a table. You know, that has been possible in HTML for like ever, absolutely no reason to use flash here. Oh, and their "large text" button doesn't work either. Nor will screenreaders. Nor does google see the text in the flash.

The reason you choose Linux is the reason you not choose Dell.

To me this is Dell displaying that they have no clue about Linux admins.

I still haven't found, what I'm looking for - a lightweight notebook, with a high resolution display, and good battery life (i.e. no nvidia or ATI graphics, preferrably no built-in CD to save weight and size) - best candidates so far: Fujitsu Siemens P7120 and Samsung X11-T2300 Culesa. Sony Vaio VGN-TX2HP/B is interesting, but I still have some reservations against Sony (they try too hard to do tech lockin, e.g. memory stick; and a friend had bad service experiences, their Rootkit, GPL violations with InstantOn...) and it's a bit too tiny for me.

[Update: Thinkpad X series is not an option for me, too low screen resolution and according to the specs low battery life; Apple MacBook isn't an option because of their heat and battery issues, and I don't like the hype around it and any other Apple product]

I passed my second diploma exam today, again with 1.7. Mostly theoretical computer science: logics, computer assisted proving and proof verification systems, automata theory (buechi, muller, ... so mostly on trees and infinite words, not just undergrad DFAs) and coding theory.

The professor told me I could easily have done better if I had had learned the formal definitions and that better (just as the professor did in the previous exam on databases, index structures, dataminig and knowledge discovery in databases).

I had expected doing much worse in this exam, since I had big trouble concentrating the last months (the heat wave in germany and the worldcup certainly did not help either). I ended up learning just one or two hours a day on average, which is really really little. Way to little. So I'm quite happy with these results (especially since I don't care about the grades too much anyway), given the amount of work I spent.

What I'm really unhappy with is my lack of concentration these days. I used to be able to focus very well. I never was good at learning stuff literally, but I used to be able to sit down and tackle problems for hours at a time until I was really into the topic. I havn't been recently, which made me really wonder if I would be able to continue my studies as is... well, todays result, too, showed that even when not focussing I'm doing quite well.

Two more exams coming up - one on Algebra (starting with galois theory, so the contents of this course are apparently usually taught as "abstract algebra" or "advanced algebra" in the U.S.; no matrices, linear transformations or vector spaces involved), the other on programming, modelling and data languages, so UML/OCL, XML/CSS/XSLT/other markup, logic programming techniques etc.

Then all that remains to do to finish my degree is a six-month thesis, which will hopefully be on generating UIs (this may include a text UI) from schema languages such as XSD.

We replaced most of the grass in our garden with wild flowers. This is actually less work (you have to cut less often) and is way prettier. You can't play golf, though, but I don't care.

Wild flowers

Fixes for the SELinux toolchain were posted to the mailing list today by Joshua Brindle, that should enable proper module linking finally.

If they work as expected, we could finally build the polic into modules and just link those modules needed. Right now, a complete policy is several megabytes big. But only few users will have both postfix, exim and sendmail installed etc.

Thank you.

Nachdem der Spruch bei allen gut ankommt: jetzt in meinem (extra dafür eingerichteten "kostenlosen") Spreadshirt-Shop.

(Wenn jemand einen anderen Dienst für T-Shirts empfehlen kann, nur her damit.)

Ich kann natürlich nicht garantieren dass spreadshirt.net schnell liefert... die schreiben ja selbst nur "Versand innerhalb von 7 Werktagen". Mal hoffen dass die WM für uns nicht morgen vorbei ist.

Und natürlich, dass noch niemand den Spruch als Marke eingetragen hat. Ich hab mal auf nummer sicher beim Patentamt online gesucht, aber man weiss ja wie langsam die Mühlen mahlen...

The german version of the official motto "A time to make friends" is when translated literally "the world for a visit with friends". So far, people have been taking that literally, as far as I can tell. Everybody is a friend here. And there are tons of people at the public viewing places (which are currently being extended, after there were 700.000 people in Berlin's fan mile during the GER-ECU game, and 72.000 in the stadium, not counting all the other viewing places, pubs etc.).

There is a cool pun on this motto: Friends for a visit with the world champion.

So I made some t-shirts with a free (for making, not ordering...) service. I hope they can ship them in reasonable time (especially before germany loses a game, that is):

Now I only have to hope that noone has registered this motto as a trademark. I checked the EU, German and international databases; nothing in there yet.

Apparently, GMail has been filing invalid spam complaints with DFN (the germany-wide university and research network backbone).

This is the second time we were forwarded this complaint all the way down to us. I know exactly which mail it is. The IP is the firewalls "private" IP, so no other service is on that IP (it's not the masquerading IP). The time matches exactly the time of an email delivered to GMail.

Therefore I'm 100% sure which mail they are considering to be spam. However, it is not. It's not in the "spam" folder in GMail either. No SPF violation. Valid reverse lookup in the appropriate domain. Single-hop SMTP delivery. Firewall to gmail mailserver.

It's our daily snort report, that is considered spam every few weeks.

That totally sucks, that a perfectly valid and correctly sent email, that is also delivered correctly, is reported as spam amongst the big ISPs. Unfortunately I don't have any details on who is filing the complaint, but it certainly is somewhere among the big ISPs. And traceroute shows a direct peering of Google with the DFN at DeCIX.

[Update: 2006-06-19 04:25:05 http://cbl.abuseat.org thats all I know of the "complaint" -- but I have no idea how abuseat.org is involved in this. But this again is the valid daily snort email, so I wish they'd just stop reporting this false-positive over and over again...]

Check out the i-Bar website. Especially the video.

Intelligent surfaces are very cool.

Ein CSU-Politiker hat nichts besseres zu tun (schon alle Panini-Bilder komplett?) und meint wir sollten jetzt Staatsbeflaggung anordnen.

Typisch Politiker, statt etwas wichtiges zu machen (z.B. Föderalismusreform) sorgen sie sich schon wieder um die nächsten Wahlen.

Bisher fand ich es ja noch ganz nett, dass so viele in Schwarz-Rot-Gold rumlaufen, aber wenn jetzt wieder Politiker (mit rechten Hintergedanken?) das Ausnutzen, ist bei mir Schluss mit Lustig. Ausserdem ist es Umweltverschmutzung: "Auf der Autobahn Köln-Aachen liegen die Dinger reihenweise am Fahrbahnrand." (Tipp: nicht schneller als 60 fahren!)

Die Fussball-WM gehört den Menschen, nicht dem Staat!

I've been preparing slides for a small presentation on "Buzzwords of the Dotcom 2.0 area".

It's still a work in progress, so far I've only written some lines on Ajax and P2P, more to come on Web 2.0 and social networking.

The presentation is not intended for a tech audience, and I've been trying hard to avoid too much previous knowledge and such. But I can't really explain the difference between authentication and authorization there...

I'd really appreciate feedback (except: "add a diagram", thats too obvious), especially on other buzzwords I should cover.

I also plan to add some judgements on the benefits of the usefulness of these "technologies" for businesses. For example the release of an API can make you very well known, but you might have a harder time earning money, actually...

... because it keeps on renaming them. Which means they have to review their Sourcecode to replace all the occurences of the product name, and then they have to fix the resulting bugs again.

Latest name changes: WinFX becomes .NIET Framework 3.0, Antigen becomes Forefront.

I wonder what the new name of the Internet Explorer will be, once it's released. Maybe "Windows Live Explorer"? Or is maybe Microsoft introducing it's previous try in setting up a brand - "Microsoft Passport Explorer"? Or will it be "Microsoft Live Passwort.NET Explorer"?

I wonder what Vista will be called once it's released? How about "Duke Nukem Forever"?

The funny thing is that Microsoft lost track of its product names itself - ther are two different products named Microsoft Live Search.

Manoj Srivastava has uploaded reference policy packages to Debian. If you're going to setup a SELinux system with Debian, I'd recommend you to use the new policy packages (which are currently named "selinux-policy-refpolicy-*", but that might be shortened to selinux-policy-* or so sometime, I guess)

This is basically the only SELinux policy tree actively maintained.

The old policy, packages as selinux-policy-default, is discontinued upstream.

To those who missed the move: irc.debian.org is now pointing to OFTC (which is also a SPI project) and not to Freenode anymore.

By now, #debian-devel has more users on OFTC than on Freenode, but is still pretty busy on Freenode. Since many of use are involved with other projects on Freenode, I guess most will continue to hang around there. #debian.de is still larger on Freenode. It will be interesting to see how the channels develop over time. The one on OFTC used to be more of a german-language developers hangout, whereas the Freenode one was frequently visited by "unexperienced end users" searching for help, and trolls pretending to search for help, but actually just trying to start some flamewar. I wonder if that means the "good old times" are over. ;-)

Life: I'm having my final oral exams the next weeks. Starting on Tuesday with the exam on Databases, Index Structures (R-Trees, X-Trees, ...), Knowledge Discovery in Databases and Data Mining. 30 Minutes. Should be okay, though I have been doing way too little reading.

This also implies that I'm missing most of the Worldcup fun. I watched the first game, and it's hard to not read about results. But I won't be going to soccer partys every day. I don't care much about watching sports, and I should spend my time studying for the exams.

Wouter Verhelst wonders why you would use a firewall config tool (apart from a GUI) instead of writing iptables rules directly.

While I do just use a couple of iptables statements in a shell script here on my laptop, this is not manageable for larger networks IMHO. In fact, I wrote my Pyroman firewall admin tool for the very reason that it replaced an existing iptables script which was a pain to maintain. I'm talking 300-400 lines here. Four networks, two failover firewalls, a dozen of servers in the DMZ network some of which with extra access rights into the internal network (such as accessing the LDAP directory).

And no full-time admin to take care of them.

So I needed a firewall script that everybody can edit and that won't fail miserably when they make a mistake. A script with extensive error checking and that prevents people from locking themselves out. With an easy syntax.

The first approach was in Perl, and already worked quite good. The rewrite then was in Python, and the users (read: fellow volunteer "admins", that don't know the firewall by heart as I do) liked it a lot. They now could add new hosts and services without depending on me to update the firewall.

This is a configuration file they'll immedeately understand:

# add the web server
add_host(
        name="web",
        ip="10.100.1.2",
        iface="dmz"
)
# offering, well, web service.
allow(
        server="web",
        client="ANY DMZ INT",
        service="www ssh ping"
)

It also helps to require them to commit their changes to a SVN repository (for getting the changes synched to the failover firewall) - that way you have version control and undo.

Apparently, FIFA can't spell Munich right...

Go to the official german FIFA worldcup page on Munich, choose the first Video link (which won't play, but who cares) and have a look at the city menu in the video player... Guess what: Münich

So since FIFA doesn't know how to write München, I guess the opening game won't take place here, since the teams won't find it?

[Update: Screenshot done by a friend]

From the "using unstable on my desktop" department:

Just two things to point out: liferea-mozilla has been superseded by liferea-xulrunner; so if liferea is held back at your upgrade, do an apt-get install liferea-xulrunner.

The old file manager of XFCE has been replaced with "thunar". Just do an apt-get install xfce4 to get the latest xfce4 suite. You might want to install the recommends, too.

And remember, don't just blindly run dist-upgrade. This is meant for upgrading e.g. from woody to sarge. For daily use, upgrade is much better, since it's less aggressive at uninstalling applications you might miss afterwards. Aptitude may also offer you alternatives in conflict situations.

Google Sitemaps isn't just about giving google an easier way to index your whole website.

(There are two reasons you might want to give Google a sitemap: One is that this will result in extra links in the search results, since Google apparently uses the sitemap to give the user some extra navigation links with the search result; the other is that this way Google can avoid any flash or javascript magic you might be using - though it's a bad idea - in your webpage.)

One nice feature they added is that they give you an excerpt of the web searches turning up your web page, and the average placement for this term. This is a very nice tool to find out how Google "sees" your webpage. Google also gives you a list of common terms used to refer to your webpage.

Results for my personal webpage have been very interesting. There are a couple of highly ranked search terms that I would never have expected, that will turn up my page with a high placement.

The funniest result is my #1 ranking for Sportfreunde Stiller Torrent, obviously a file sharers search term (Sportfreunde Stiller are a great German indie rock band; check out their new You have to win Zweikampf soccer album. Consider buying it.).

I'm not a filesharer. I like web radios (especially when they play lots of indie music and have high quality Ogg Vorbis streams like M94.5) and I use last.fm quite frequently.

I have however blogged on Bittorrent technology aspects (as a legal file transfer protocol. Did you know that Debian GNU/Linux considers to use torrent technology for distributing software updates?), and also blogged on young German bands that have made the top of the charts the last few years.

Martin F. Krafft blogged about how to rollback firewall changes in the case you managed to lock yourself out from the box

It's even easier if you use my Pyroman firewall config tool. (apt-get install pyroman). If you run pyroman safe it will execute the new firewall rules - and if you don't type OK within 30 seconds, it will undo all changes. Note that it can also restore to a configuration set by a different firewall app. (It just restores the old iptables state and feeds it back to iptables - it will support anything your iptables version does.)

Oh, and it's much faster than the other firewall scripts I've tested so far, since it doesn't spawn hundreds of iptables processes, but only one iptables-restore for setting the new rules in one transaction.

Check the web page for other benefits; should just work on any Linux distribution with iptables and python (read: every).

[Update: Martin, I was referring to the instructions you gave, to adding an at job and then running atrm to accept the changes. Yeah, what you script does is basically the same what mine does for rollback.]

You might have read that ext2/ext3 has support for so called "directory indexes", which supposedly speed up operations on directories with many files. For example your /usr/share/doc directory, your packages database, or your home directory (use ls -la | wc -l to count the number of files).

However, this feature is not enabled on most machines, since up to now you needed to pass a flag when creating the filesystem. The 1.39 upload of e2fsprogs (in Debian unstable as of May 29) made this default. So you probably didn't enable this when creating your filesystem.

To check, first find out what your filesystem device is (use mount). Mine is /dev/hda5, so my example will use this device. In traditional terms, this is the first extended partition on the IDE primary master drive.

Now use tune2fs -l /dev/hda5 | grep features to get a list of your filesystem features. If you have "dir_index" in there then you're all set. Ignore any "needs_recovery" - that is good for mounted filesystems (it just means "not cleanly unmounted")

To add dir_index, do the following.

• Unmount the filesystem. If this is your primary filesystem, use a bootable CD like Knoppix or some Linux install CD.
• Make sure the filesystem is really not mounted. Just for safety of your data. Run e2fsck /dev/hda5 - this should take less than one second if your filesystem is clean and is needed anyway otherwise...
• Execute tune2fs -O +dir_index /dev/hda5 to enable the feature for your filesystem
• Execute e2fsck -Df /dev/hda5. This will force a filesystem check with directory optimization (!) on your filesystem.
• Mount your system (or reboot, if you were using a live CD)

SELinux is an official release goal for etch.

However, we're currently far from that. So far, very few developers are actually using SELinux (if any), or even testing it. I won't be doing anything on SELinux for the next 6 weeks at least, more likely 6 months.

So currently I don't see how we can manage this goal, unless more DDs (and of course users; you don't need to be allowed to upload packages) help getting SELinux properly integrated.

(You can run SELinux on etch without having to recompile any software I think, but you'll have to do quite a bit of customizing yourself right now.)

For a coordinated effort to get SELinux into shape for etch, there are Debian SELinux mailing lists, but so far they're basically unused.

[Update: yes, one option is to remove SELinux from the etch release goals. I was in fact rather surprised to see SELinux listed there.]

[Update #2: It was pointed out, that the first occurence of "release goals" in that mail is prefixed by "pet". Don't ask me what the difference between a release goal and a pet release goal is, though. I guess something like being in an official wishlist...]

... in case you wondered, even when you've never even visited myspace, or are using lynx via some anonymization service, reject all cookies and so on:

every profile page on myspace has a big banner saying "nickname is in your extended network". Well, if you consider the Internet your extended network that is true. Still that is bullshitting. What a marketing crap.

Ich bin heute wieder über Pläne zur 2. SBahn-Stammstrecke gestoßen... und finde sie immernoch total idiotisch. Das riecht für mich nach gigantischen Planungsfehlern.

Die gesamte Planung der 2. Stammstrecke ist auf die Annahme aufgebaut, dass viele Leute aus dem Umland möglichst schnell zum Hauptbahnhof wollen. Das ist aber völlig unrealistisch!

Die meisten Fahrgäste aus dem Umland steigen irgendwo um. z.B. in die Trambahnen am Stachus oder am Isartor. Diese Umsteigemöglichkeit entfällt aber.

Statt dessen führt die 2. Stammstrecke nach der aktuellen Planung nur zu einer erheblich stärkeren Belastung der Umsteigepunkte Marienplatz (der sowieso schon überlastet ist), Hauptbahnhof, Ostbahnhof und Giesing.

Wobei Marienplatz und Hauptbahnof nicht besonders attraktiv sind, wenn man dort zum Teil 5 Rolltreppen brauchen wird, bis man oben ist...

Eine echte Entlastung des Münchner Nahrverkehrsnetzes ist nur mit einem Ring möglich, der viele neue Umsteigemöglichkeiten bietet!