The "rise" of udev, hal, dbus, networkmanager, powermanager applet and such has caused an increase of groups on the typical debian system.

Groups provide a reliable way of granting access rights, so this is a good thing. The drawbacks are that you need to add users to these new groups and users need to logout and login again to get these new group rights.

Groups you might want to assign to typical desktop users include: audio, video, plugdev, netdev, powerdev, dip, scanner, cdrom, floppy

You can assign these groups using the gnome user manager, or by the following shell script as root:

for user in USERNAME1 USERNAME2; do \
for group in audio video plugdev netdev powerdev \
dip scanner cdtom floppy; do adduser $user $group; done; done

We're lacking a way to handle such changes on upgrade, though. This definitely is something we should handle with etch, that on upgrade the user is offered an easy way to update his group permissions.

Anyone knows how to put winbind-users into unix groups? I have some machines where user accounts are actually loaded from ActiveDesaster, authenticated using kerberos. Winbind works fine for the single-host username to uid mapping, but it doesn't give me an option to assign e.g. the plugdev group to all users. Which I really need.

Up to now, if you had a working modular reference policy, you actually had had luck. There were some bugs in the toolchain that prevented this from working as intended.

• optionals in base were not enabled. So if you built "mta" into base (or, lets say, "init") the parts of the policy to deal with outside modules (e.g. postfix) were just dropped. So you basically had to build a monolithic policy if you want all the connecting rules between base and modules to work. This was fixed recently in refpolicy, but turned up some new bugs:
• One thing turned up was type attributes being broken. When you loaded a certain combination (a couple of modules in base) suddenly tons of key rules would be missing (e.g. for relabeling files, basically any rule that applied to "file_type", i.e. all files) This was fixed by Stephen Smalley in libsepol 1.12.3
• When certain policy files "required" that your policy has certain permissions (e.g. "execute") defined, this could cause checkpolicy to duplicate this permission, so you ended up having two execute permissions, which obviously didn't work right all the time either. Fixed by Stephen Smalley in checkpolicy 1.30.2/1.30.3 (soon on your favourite anon CVS at sourceforge)

Thanks to all who helped tracking this down.

Looks like modular reference policy is now actually working as intended for me. ;-)

Google blogsearch would be nice (allowing you to sort results by date), if it weren't full of spam. It seems that spammers copy random content fragments from other webpages and put them into "blogs" to increase their pagerank.

This makes you wonder if pagerank issn't something really really evil...

Basically, by using pagerank, google makes spammers do ugly stuff like this linkfarming, guestbookspam and blogspam we've all come to hate the last few years.

And rel="nofollow" doesn't really help much either. Spammers are too lazy to test for that attribute, they just spam. It would maybe be different if all links were "nofollow" by default, and web page authors actually needed to mark links as "good".

Google updated it's famous Google Earth software (which is a really nice toy, actually) with new data. There are now high-res shots available for most (or maybe all?) of Germany.

However in regions like eastern Munich, where Google Earth already had high-quality shots, these have been replaced with older imagery. I believe that these "updated" images are one to two years older, judging by some missing construction sites. I'd date the previous shots to October 2004, the new ones to October 2003.

Given that Google just added satellite imagery for germany, I guess they'll add map/street data to google maps for germany soon, too.

And did you know that you can run Google Earth using Wine on Linux, too? The 3D display is working okay, just the menus don't render correctly.

Oh, and some fun: type "Frankfurt, Germany" into Google earth. It won't take you to the well known financial city in germany, with the international airport, but instead to the "less important" "Frankfurt an der Oder" close to the border to poland. If you want the other Frankfurt, you have to type "Frankfurt am Main, Germany".

Oh, and "Torino, Italy" is the only continental european region with street maps available on Google maps.

Listening to music with CDs is a pain. Because every CD gets boring quickly. Radio stations are fun for some time, but they also play the same bad songs over and over again. So I still have a collection of MP3 songs (albeit all CDs I converted recently are now ogg vorbis, since this offers a better compression, and my portable player can play ogg, too).

So if you try to maintain a collection of your favourite MP3s, you'll sooner or later end up having some duplicates. Or many of them.

The cleanest approach would of course be to just delete your whole collection and start converting your CDs again (this time paying more attention to tagging and such). But this would take a lot of time again...

I've written a small tool which uses the musicbrainz library to generate audio fingerprints of songs; these are then stored in a small database, and another tool can list duplicates from that database. This of course still doesn't catch all duplicates (well, some songs are slightly different among different albums, and sometimes they result in the same TRM id, sometimes they do not) but does a fairly good job. Beware of (rare) false positives, however.

It should work on Windows, too. But I really have no clue on how to setup musicbrainz, pyogg and pymad on Windows. Debian users can just apt-get them. Don't ask me about how to install on windows: I don't use windows.

Grab it from it's temp home for the TRM-dupefinder (grab all .py files, trmdb.py is the main lib, the others are the applications).

Calculating all the audio fingerprints takes a long time; but the gen tool will only process each file once and continue where it left off. So you can do it in multiple runs. Then run the dupe tool at the end.

Tunepimp is probably a smarter way to do this (and maybe verify tags in the same run), especially since it apparently can store the TRM id in the ID3 tag, to avoid recalculation even better.

However, I didn't get the python-tunepimp bindings to work properly.

Or more precisely: not at all.

I wanted to find out what the performance difference between the opensource radeon drivers and the proprietary fglrx drivers from ATI is.

But it seems that the drivers from ATI do not support my former top-notch ATI mobile chipset I have...

ATI Technologies Inc Radeon RV200 LX [Mobility FireGL 7800 M7]

The opensource driver works fine, with 3D acceleration. The proprietary driver returns the error message "[fglrx:firegl_init] *ERROR* Device not found!", from deep within the binary blob provided by ATI. No way for me to get that working. The docs at ATI suggest that they don't intend to support that video card.

I want opensource drivers (because they just work a lot better), so please stay away from me with that non-working proprietary stuff, and open up your software interfaces, please. Thank you.

And please stop requesting interfaces to load your binary stuff into the kernel... I doubt that there is any real trade secrets involved in the software interface... but maybe, as suggested before, "competing hardware manufacturers are violating each others patents so much that they cannot publish specifications of their hardware without showing which patents they are violating"?

... or more precisely: how to be left alone on ICQ.

I've been receiving lots of messages by people I don't know at all on ICQ. This has become really annoying the last weeks, I had almost stopped using ICQ because of that.

I think I now know why random girls have been IMing me recently: they search for people in my age from Germany that talk German or English.

So the workaround (to gaim's privacy setting "only allow messages by people on my buddy list" not working correctly) is to just remove any information from that stupid ICQ profile.

Hopefully I will now no longer turn up in that stupid ICQ search function, and be left alone by people I don't know. ICQ is not a friggin dating site!

I mean, I spend much of my time talking to my friends, and of course I enjoy chatting with strangers. But ICQ disrupts me while working, so I really can't stand it being abused this way.

Im Heise Forum (das sonst nur für Trolle bekannt ist) gab es neulich folgende Perle zu bewundern:

Zwei Jahre später

Du bist sechzehn Jahre alt
Man muss dich schützen vor Gewalt,
Vor allem vor unglaublich vielen
Unsäglich bösen Killerspielen.

Doch zwei Jahre später dann,
Statt rumzuhängen stehst du stramm,
Statt weit geschnitten und lasziv
Trägst du braun gefleckt oliv.

Man zeigt dir, wie du richtig zielst
Mit Spitzentechnik und du spielst
Nicht mit Joystick, Maus und Browser
Doch mit Hi-Tech Marke Mauser.

Man ballert rum und schießt und rennt,
Beim Unreal-Balkan-Tournament.
Und dann spielst du, Dank Herrn Bush,
Counterstrike am Hindukusch.

Es ging (mal wieder) um das unsinnige Verbot von "Killerspielen". Die Leute, die am Computer sich abreagieren schlagen nach meinen Erfahrungen weniger in der Realität zu.

Gibt es irgend einen wissenschaftlichen Nachweiss, dass sie negative Auswirkungen haben, insbesondere im Vergleich zu anderen "Wettkampf"-Spielen? Oder Sport?

Mal davon abgesehen wären die Verbote nicht durchsetzbar. Genau wie Jugendliche an Raubkopien kommen, kommen sie auch an Raubkopien von verbotenen Spielen. Es wird sogar noch interessanter. Was wir wirklich brauchen ist eine von den Jugendlichen akzeptierbare öffentliche Meinung - die im Wesentlichen so etwas als krank darstellen sollte. Das muss aber von den Vorbildern der Jugendlichen ausgehen, und darf nicht "erzwungen" wirken... ich denke wenn irgend ein Pop Star in nem Interview sagen würde, dass er das total eklig und krank fand, als sie mal das Kettensägenmassakker angeschaut haben oder sowas - das würde viel mehr helfen.

My personal hero of the day is Gustavo Franco, for this email to debian-devel. He writes how to get your Gnome/Pango/Glib applications that don't work since yesterday's upgrade like evolution (#358071) working again:

$ G_SLICE=always-malloc evolution

Josh, Martin F. Krafft and Wouter talked about how to explain Debian with a few sentences.

You mustn't feel awkward about explaining that, instead you should be prepared. If it helps you, think you are selling a product, not showing how "nerdy" you are. You are doing great stuff, you can earn your living with it quite well and you like it. That is perfect, so be proud about it.

You need to have what is called an "elevator pitch". That is a short preso you could give while going up a few floors with an elevator on your way to a meeting, back, at a conference, at a party...

That format seems most appropriate to me, and there are good guides on how to do elevator speeches. Rehearsing makes sense, too. You'll however likely want some variants, depending on the audience.

My first stab at writing such a speech:

Debian is a Linux-based operating system [software for computers] made by volunteers, of which I am one. It is in fact one of the most widely used operating systems worldwide, and usually picked because of its reliability and security, while being entirely customizable to fit your needs. And it's development community really makes the difference, there are so many bright people there, doing amazing new software.

and optionally, depending on the audience:

There are also variants suiteable for novice users, such as schools. You can run it on laptops and desktop computer as well as on mainframes or embedded devices. You can do everything with it.

or:

The city of munich is just switching to it for their computers. This saves the city a lot of money, while becoming independant from Microsoft.

or:

Our computer science department has almost only Linux on its computers. And many other universities do the same. Can you think how cool it is to have millions around the world use your software?

and of course:

That is so cool, I can do stuff I really like to do, meet really cool and bright people and earn my living doing so. That's heaven on earth.

[Update: someone might consider the use of "guys" to be sexistic. Well, of course there are very cool grrrls there, too. I've replaced it with "people" now, so I don't neet to explain grrrls next. ;-)]

Alt, aber immernoch grausam. Der neue Schnappi sozusagen. Shitparade lässt grüßen.

Musste ich jetzt doch mal im Blog posten, nachdem ich heute schon ein Weilchen draussen in der Sonne gesessen bin. Aber ich habs mir nicht nochmal angehört, äh, angetan. Einmal war schon schlimm genug. Viel Spaß!

Wenn sie ein Gewinnspiel sehen - lesen sie die Teilnahmebedingungen!

Ich habe über eine Partnerprogramm-Webseite gerade "oster-glueck.de" gesehen. Neugierig, warum die für jeden Teilnehmer an der Verlosung (über 18) € 0.50 Provision zahlen, hab ich mir die Teilnahmebedingungen mal genauer angeschaut. (Seit wann ist Ostern nur für Erwachsene?) - und welche Firma das veranstaltet.

Ein paar Interessante Zitate aus den Teilnahmebedingungen:

Der Verlosungszeitraum ist jährlich zum 31.12. eines jeden Jahres. Die Gewinner werden spätestens innerhalb von zehn Wochen nach Verlosungsende ermittelt [...]

Alle Teilnehmer erhalten automatisch den monatlichen Oster-Glueck.de Newsletter

... ist verpflichtet, alle Gewinner innerhalb von sechs Monaten nach Verlosungs-Ende zu ermitteln und die Gewinne zur Verfügung zu stellen.

... ist ferner berechtigt, die Bedingungen für die Verlosung zu ändern.

Aufklärung liefert die Webseite des Veranstalters:

Der DZ-Media Verlag ist

[...] als Online Direktmarketing Unternehmen tätig und [...] auf die Bereiche eMail-Marketing, Leadgenerierung/Neukundengewinnung und der Bereitstellung sowie Generierung von Adressen für Telemarketing sowie postalische Direktmailings spezialisiert.

Mit anderen Worten: sie wollen eure Seele.

This year was the first time I think I watched the debate live, and didn't just read the logs. We had some fun in the discussion channel, and one question of mine was actually posted to the candidates. Unfortunately, I didn't manage to get my point across (the "size barrier" question, it wasn't about Debian not growing any more, but about wether we could need some structural changes - e.g. bugmasters, first-level supporters with some privileges, but not the full DD requirements - to use our resources (that is mostly the time of our developers, i.e. us) more effectively. E.g. by preventing flamewars somehow.

I hadn't really made up my mind yet. But some trends are there:

• Krooger. He definitely lost my vote in the debate; I had the impression that all he cared about to bring across was that all those who say he misbehaved are evil. When it came to financing, he seemed very naive; he suggested Debian should pay someone to optimize Debian for the Desktop.
  However, we should have plenty of people interested in optimizing Debian for the Desktop already, so if we were able to spend the money as easily (and I don't want to see anyone fighting over money...) we certainly should spend it on something we don't have sufficient volunteers for. Maybe processing the NM queue, ftp-master or security work. But there is tons of stuff that can go wrong if we pay any developer, anyway.
  So krooger will be below NOTA.
• Bill seems to be a nice guy, but I don't think he's that deeply involved in the project yet; I think the DPL should have been more visible before and maybe more involved with the core tasks. So above NOTA, but not first.
• Andreas seems to know a lot on how stuff works. No wonder: he's been in the DPL team before. Having a wife and children is a plus, this gives Debian a more "mature" representation, good for a DPL IMHO.
  In the debate, he had a realistic approach to running things and also on the financing stuff. He was involved in organizing DebConfs IIRC, and I think I already ranked him high last year, can't remember hearing anything bad about him. I liked his response to the expulsions question best IIRC. He currently is my favourite.
• AJ: above NOTA, but I can't really imagine him as DPL.
• Steve: don't know yet. Above NOTA likely, but no idea where either.
• Ari: although he just fixed my gaim bug, I mostly remember him as being a clown on IRC; but I don't give too much on that. Sometimes you're pushed into a certain role, and this definitely feels like a "running gag" during the DPL elections. Above NOTA likely, but can't really rank him yet either.
• Jeroen: DPL-team is a bonus with me, this means a smoother handover, and also means he probably is used to distributing responsibility in the new DPL team. Probably around 1-3, so above NOTA, too. Can't tell you yet how I'd rank him compared to Andreas, Steven, AJ, Ari yet.

Der Monsanto-Weizen beispielsweise, gelegentlich als "Wunderwaffe gegen den weltweiten Hunger" ist gezielt unfruchtbar gemacht. Sozusagen "kastriert".

Dafür gibt es mehrere Gründe. Einer der selten offen gesagt wird, sind die wirtschaftlichen Interessen der Hersteller. Ist das Saatgut unfruchtbar, so müssen die Bauern jedes Jahr wieder neue Samen einkaufen, beim Hersteller. Das sichert langfristig die Gewinne.

Eher zugegeben wird, dass die Pflanzen deswegen unfruchtbar gemacht werden, damit die Pestizidresistenz nicht auf andere Pflanzen (insbesondere nicht auf "Unkräuter") übertragen wird. Zumindest nicht so leicht - Ausnahmen gibt es immernoch bei der "natürlichen Selektion".

Auf den ersten Blick klingt es toll, dass die Pflanzen gegen bestimmte Gifte resistent sind: so kann man das ganze Feld mit dem Gift besprühen, und nur die Unkräuter sterben ab.

Wäre das Getreide jetzt aber fruchtbar, so könnte es sich z.B. mit einem wilden Gras kreuzen, und so ein ebenso gegen dieses Gift resistentes "Superunkraut" entstehen. Für das man dann wieder ein neues Gift entwickeln müsste, und einen neuen Weizen oder Mais, der dagegen wieder resistent ist usw. - ewig lässt sich dieses Spiel nicht fortsetzen.

Leider funktioniert das aber mit dem "kastrieren" vom Getreide auch nicht so toll wie man sich das erhofft. Man reduziert zwar die Wahrscheinlichkeit einer solchen quer-bestäubung, aber bei genug Weizenpflanzen - und ein Feld hat schon tausende - "funktioniert" Darwin trotzdem, und einzelne "Unkräuter" entwickeln dennoch die nicht erwünschte Pestizidresistenz.

So schrieb z.B. der englische Guardian letzten Sommer unter dem Titel GM crops created superweed ("Genmanipuliertes Getreide schafft Super-Unkraut"), dass nach einem Versuchsanbau von genmanipuliertem Raps in der direkten Umgebung einzelne gegen die verwendeten Unkrautvernichtungsmittel unempfindliche Pflanzen gefunden wurden.

Denn bei dem Einsatz von Pestiziden findet Darwin knallhart statt: die angepassten (resistenten) Unkräuter überleben, die anderen sterben (werden vergiftet). Welche dann besser gedeihen und sich vermehren ist offensichtlich.

Und: wir können auch jetzt schon Unkräuter nicht ausrotten; wenn die Unkräuter auch noch resistent gegen "Unkrautvernichtungsmittel" werden, wird das nicht einfacher.

Am Ende bleibt nur eins übrig: Jäten oder tolerieren.

Letztes Wochenende war in München eine Demonstration der n-a-h-r-u-n-g-s-k-e-t-t-e gegen genmanipulierte Nahrungsmittel; leider hab ich es nicht geschafft, hinzugehen.

Oh, auch genmanipulation mit anderen Zielen hat ihre Tücken:

An der Universität von Nebraska untersuchten Wissenschaftler eine genmanipulierte Sojabohne, der Gentechniker ein Gen der Paranuß eingesetzt hatten, um den Nährwert der Bohne zu erhöhen. Dabei stellten die Wissenschaftler fest, daß der Sojabohne auch die Fähigkeit übertragen wurde, Paranuß-Allergien auszulösen.

Samstag abend war die 18. Geburtstagsfeier von einer Großkusine von mir. Eine nette kleine Familienfeier; ich bin mit meinen Eltern hin gefahren, meine Schwester kam mit Mann und Kind aus Augsburg.

Die kleine Fiona, das 17 Monate alte Kind meiner Schwester, war der wahre Star an diesem Abend, wie immer. ;-) Sie hat eine Art die jeden, auch das Geburtstagskind, sofort um den Finger wickelt.

Wenn man sich die Zeit nimmt, mit ihr zu spielen (und dass kann auch heissen mit ihr 10 Minuten lang den Reissverschluss von ihrer Wickeltasche auf- und wieder zu zu machen; dabei kann man ihr aber auch gut die Wörter für "auf" und "zu" beibringen), wird man dafür belohnt: sie liebt mich innig. ;-)

Ich bin fasziniert, wie viele Wörter sie schon kann (selbst sowas wie "Zwieback" und "Kekse" kann man schon verstehen), wie schnell sie lernt (ich sehe sie ja nur alle zwei Wochen mal), mit welcher Hingabe sie spielt und lernt (zeigt 10 Minuten lang immer wieder auf die selben Gegenstände, damit man ihr die Wörter dafür beibringt und mit ihr übt) usw.

Der Höhepunkt war aber definitiv, als meine Mutter mich fragte, ob wir jetzt heimfahren können (ich war unser Fahrer). Da ist die 17 Monate alte Fiona nämlich aufgestanden, hat jedem "Auf Wiedersehen" gewunken und ist dann zur Tür gegangen. Zum Glück war es auch für meine Schwester Zeit zu gehen. ;-)

Kinder sind nicht blöd, und wir brauchen mit ihnen nicht "Babysprache" zu reden. Sie verstehen uns besser als wir glauben, und zum Sprechen fehlt ihnen einfach nur die Übung. Und Kinder sind etwas ganz wunderbares.

This is probably one of the worst flames I've seen in a long time.

The funny part is that he complains about "AA zealots", while he clearly is a "non-AA-zealot" just as bad as any "AA zealot" can possibly be.

I know a few (definitely a minority) of people who dislike AA fonts. But as far as I can tell, it's really easy to disable them. And from all I the average user will like them better, so it makes for a sane default to enable them.

So, yes, you zealot, I want my fonts blurry, because I find them easier to read. Sorry for having a different personal taste.

Oh, and then there is an explanation why AA fonts can actually be easier to read then black-and-white fonts. Because they grey levels are more consistent (which btw, is one of the tings LaTeX does very well, keeping the grey level) than if you have to make each pixel either black or white.

Let's say we want to make a line 2 pixels to the right and 1 pixel down. In fonts these things happen...

Here are your options: (Sorry, I forgot one: the hole in the middle...)

the right one is obviously using AA and is "blurred". The left one is "too dark in the middle" and the other two are deformed.

Now let's blur them a bit, like the average non-eagle would see them:

The last one clearly is the best representation of the intended shape (a diagonal line of even thinkness). This is of course different if the intended shape was that it becomes slightly "fatter" here, or deformed. The only sane default for vector fonts is to assume that lines should well, not become deformed or thicker.

I agree that a excellently made black-and-white pixel font might be done in a way that these deformations don't hurt. It doesn't apply to your favourite Helvetica font IMHO, because that font was designed for printing quality.

Now go, and play configuring your "window manager", while I get some work done with openbox as my WM of choice. Because it just sits there in the background and allows me to have all my windows maximized on their own desktops except for my terminals which tile nicely without any zealot WM.

<don_armstrong> 30 minutes until the debate starts

Join us in #debian-dpl-debate on irc.freenode.net for the Debian presidential election^W^Wproject leader debates.

In the aftermath of the SELinux Symposium, tons of stuff has been released. (It's only a pity it wasn't released earlier. ;-))

For example MITRE has released polgen 1.3. The web page doesn't tell much yet (as usual documentation is what SELinux is missing most...), but the Slides from the symposium explain what it's about.

I think polgen can probably do at least as much as AppArmors genprof (which I havn't seen a screenshot of in action yet).

There are more SELinux power tools coming up, easier policy languages and so on. Do also visit the Symposium website and check out the other slides and presentations to see what's going on.

The polgen tool might also (like much of the other ways to write a secure policy, instead of learning the policy 100% automatically) be a good way to check applications for intended behaviour. Such things can turn up lots of weird stuff, for example the sshd trying to write to /etc/krb5.conf on a system with kerberos uninstalled, but this config file present.

The ICQ number 264908634 (I have no idea who this is, she claims she is a "lisa", uses tons of annoying and not working smileys and thinks she loves me, but I'm confident she doesn't know me either. She was very eager to give me a probably false email, though.) is causing trouble with ICQ. The ICQ "whitepages" print an error, and when you add this ICQ number to your block list in gaim, it will crash on login to your ICQ account.

Oh, and if you think of chatting up to me on ICQ/whatever, please respect a "I don't know you, please leave me alone", or I might not bother asking you before publishing your broken ICQ# in my blog either. ;-)

I think the fault of gaim is just not having proper error handling when not being able to block ICQ numbers. The ICQ homepage displaying this error (for a week now, that is when I first received and ignored a "Hey" from this ICQ number) however suggests ICQ (read: AOL) sucks seriously at fixing bugs. ;-)

I really like the Tango Desktop project. I have in fact installed a "preliminary" release from art.gnome.org, which is easy when using the Gnome Art package.

One thing that makes Tango stick out, is its styleguide. I also really appreciate it's color palette. However, this palette is rather tied to a particular look - e.g. a white background.

I was wondering whether one can (with reasonable effort) design icons with a flexible palette. And then have a tool to "instanciate" the icons for a particular, probably different palette. So people in a dark mood could easily generate a "dark tango" version out of them.

You can't really do that by just doing a palette replacement. However, if colors were specified as "50% orange, 50% background" it would work out. Or even "50% primary highlight color, 50% background", then people could pick their favourite highlight color.

If an icon is meant to depict e.g. earth, you probably will want to use "green" and "blue", and not highlight colors however; these should not be mapped then, either. Such icons might need a "halo" to look good with certain color schemes however.

I am not an icon designer, this is just my $.02, and I really appreciate the tango project. But maybe we could think of an icon designer application which makes such things easier to do. I havn't designed icons since my Atari ST time, but I can imagine there is a lot of special tools you might want for icon designing, such as "resolution grid snapping" points and lines, line widths which snap to pixels and such. Think of "hinting" in fonts, but applied to icons. (Or maybe not - if you want to scale icons very small, you likely need to simplify them anyway - i.e. make a separate icon for small sizes)

Oh, and of course this might be utopic and overkill.

My top (tango) icon wishlist: LyX (because the icon is ugly) and Enigma (because I maintain the Debian package, and the current icon is somewhat boring, just a black ball... looks okay, though, on white background)

Netter Comic Strip bei Sinfest.

Oh, und dann gibts natürlich immernoch Haddaway.

NP: Don Mclean - American Pie

Die Forderung von unseren allerseits beleibt, äh, beliebten Politikern nach einem "Bundeswehreinsatz im Inneren" zur Fussball-WM ist mal wieder bodenloser Unsinn und reiner Populismus.

Die Bundeswehr kann gut helfen, wenn es z.B. darum geht Sandsäcke zu schaufeln, Schnee zu räumen, oder tote Vögel einzusammeln. Man könnte für so etwas natürlich auch Arbeitslose bezahlen, wäre vielleicht sogar billiger. Und würde zumindest das "Winterloch" im Arbeitsmarkt etwas mildern.

Um aber beispielsweise eine Panik einzudämmen, Randalierer in Zaum zu halten oder eben Terroristen zu fangen braucht man eine spezielle Ausbildung. Diese hat die Polizei. Aber nicht die Bundeswehr.

Ein realistischer Plan zur Verstärkung unserer Polizeitruppen zur Fußball-WM wäre beispielsweise, von den Nachbarländern Hilfe anzufordern. Aufgaben des Bundesgrenzschutzes könnten - im Rahmen der EU - auch von anderen Staaten kommisarisch übernommen werden (insbesondere eben in Fällen, wo das Recht schon möglichst EU-weit einheitlich ist, und es vielleicht reicht wenn der "Einsatzleiter" mit allen Details der Rechtslage vertraut ist!), und dafür unser Bundesgrenzschutz unsere Polizei verstärken.

Für den Einsatz bei den Fussballstadien sind auch private Sicherheitsdienste besser geeignet als die Bundeswehr, alleine von der Ausbildung her. Und zum Teil lässt ja die Bundeswehr sogar die eigenen Lagerhallen und Gebäude von solchen Sicherheitsdiensten bewachen!

Ich denke auch ein "durchschnittlicher" Türsteher einer Disko weiss besser, wie er mit Fussballfans umgehen muss (und darf!), und wie er potentielle Störenfriede erkennt als das ein normaler Soldat lernt.

Ich hab mir die Echo-Musikpreise angeschaut. Und war positiv beeindruckt. Nicht nur, weil mich die Auswahl durchaus überzeugte, sondern auch weil ich wieder mal den Eindruck gewonnen habe, dass es momentan sehr viel sehr gute Musik "sogar in den Charts" gibt.

Die Zeit, als es von "Retortenbands" in den Charts nur so wimmelte, hat mir so richtig den Spaß verdorben gehabt. Bands wie "Wir sind Helden" haben dann mein Vertrauen in den "durchschnittlichen Musikgeschmack" wieder etwas wiederhergestellt. Und mit dem derzeitigen "Chartbreaker-Spektrum" mit Christina Stürmer, Seeed, Xavier Naidoo, Ich+Ich, Joana Zimmer, Rosenstolz, Juli, Silbermond, Element of Crime und Wir sind Helden (unter anderem) kann ich mich gut anfreunden.

Jetzt bleibt nur zur Hoffen, dass der Erfolg von Tokio Hotel ("Durch den monsun" war ja jetzt nicht so schlimm...) nicht zu einer neuen Invasion der Klone führt... kreischen tun sie schon wieder fürchterlich. Hat dafür eigentlich schon ein Psychologe eine Erklärung gefunden, was die damit bezwecken, dass sie ihrer Umgebung einen Hörschaden verursachen?

I officially hate CVS now. And I really really love meld.

I had been working on a project for a company. The sourcecode we got from a different company (for a wireless access point) was in a rather bad shape, so I just started hacking on it to get it working for us.

The long-term plan was always to "dismantle" the source into proper upstream tarballs and diffs with the changes, to allow for easier upgrades. But it never got that far.

Sometime after I left the project (for my research stay at Berkeley), the source was checked in into CVS without the -kb flag. So when I now recently wanted to do a diff to the CVS checkout I got, in order to see what was changed in the meantime I got tons of changes, all as boring as changed $Id$ and $Header$ statements. Aaargh.

Fortunately, meld has an option to hide these changes. I love it.

I voted "1243" in the current Debian GFDL vote. If you are a Debian developer who hasn't voted yet, please do so ASAP. Democracy lives from participation, so make up your mind.

Debian should reject the GFDL for the pointed out issues.

From what I've heard from others, this option will likely win.

Accepting documents with no invariant sections (except the copyright part) is a compromise I could live with, changing the social contract is not, so I rated it second. I am aware of the other issues with the GFDL, but I hope that these could be sorted out somehow with the FSF. They aren't unreasonable people, after all. And there is a certain amount of interpretation in any legal document. Probably only the copyright holders can sue, and why should they as long as e.g. the DRM used doesn't really prevent access to the original documents, or the transparent copy restriction is fulfilled since the original documents are still online?

But I'm really close to voting "1342" instead.

But since I'm really expecting people to rank 1 first, I don't think it matters much.

This is another example why I'm proud of Debian.

I sometimes have the impression, that some distributions try to package stuff with as little effort as possible. Debian however has to support tons of different architectures, build daemons and pbuilder that mostly ensure you've got the build dependencies complete, tons of users of unstable and testing that will send you bug reports when you don't have the runtime dependencies right and so on. We have a really good quality assurance.

On the very first day my selinux-basics package entered unstable, I already received feedback about the udev integration.

So you might ask me, why I think this is really different from other distributions. There are of course distributions which have similar properties, but I think Debian has the biggest crowd. And Ubuntu is so closely tied to Debian that these things aren't that separable. Most Ubuntu packages are largely unmodified Debian packages. And changes done by Ubuntu - which for example tracks Gnome closer than Debian - will often be fed back into Debian again.

For example fakeroot, or pbuilder are further examples on Debians best practises to do quality ensurance. Sane software shouldn't require real root privileges for building.

The current Debian Vote on the GFDL is another example. I'm confident it will boil down to "Debian refuses the GFDL, because it contains too many restrictions for our users".

Debian cares much for it's users. And the users of our users. And the users of our users of our users. ;-) As a whole, not just the majority which will probably never even consider changing a GFDL-licensed document.

Of course, people are frequently annoyed by e.g. Debian not having the latest X.org betas in unstable, so they could try out Xgl, Aiglx and this other eye candy. Sorry about that, but I do think that the X task force knows how to set its priorities right, and you could probably just get these beta version from Ubuntu and run them on your Debian. Or build your own packages and offer them to others who want to try it, too. Or wait, like I do quite often (for example for ekiga, which is stuck in the NEW queue currently). It doesn't really hurt much to not have the newest, fancies toys. In fact, you are likely to be more productive when you don't care for these things.

There is a, well, very arrogant page in the autopackage wiki, which basically boils down to "everything around Linux is crap, so if you write an app for Linux, do it our way".

They totally have lost the grip of reality, apart from just writing a lot of things on Debian and other Linux distributions which is outright wrong.

But it looks like Debian no longer is on it's own with outright refusing to support autopackage crap. Looks like Python, C++, GTK, GlibC and the GNU toolchain. Oh, and pretty much everybody else.

So, dear autopackage, if everybody except you is stupid, why don't you just leave us alone, and write your own OS according to your rules? I bet you'll find out after some time why they were setup this way... and what breaks with $your_way.

And developers: Ignore autopackage, at least until they've adopted a sane attitude towards cooperating and dropped their arrogance. And they offer a solution which actually solves problems, instead of introducing tons of new ones (especially bringing back fragmentation, and all the dependency hell and incompatibilities a good package mangement tries so hard to avoid)

If you really think you need "average" users to be able to try your latest version without wating for an "experienced" user to build packages for them, maybe have a look at Klik. While I have a low opinion of this approach in total, Klik seems to have a much better design, and especially a much better attitude.

My selinux-basics package just entered unstable. The package will pull in some of the essential SELinux software to easy installation, contains some tweaks for Debian (e.g. disable legacy ttys via udev, despite them still being enabled in Debian stock kernels) and most importantly contain a tool that tests for some configuration changes required for smooth SELinux operation on Debian (e.g. use pam_selinux in ssh and login, disable /dev/xconsole)

It's still a work in progress; especially this testing/fixing should be made into a modular app, and offer optional auto-fixing of these things when possible. The source currently is in the SELinux backport projects subversion repository.

I'd appreciate your feedback, and of course patches.

Pyroman, my firewall tool for multi-network firewalls, is now in Debian unstable. Or will be, on the next mirror push. Thank you, ftp-masters. I thought you were, like, inactive. ;-)

Tjo, wer ko, der ko.

Ein Sessel war kaputt. Komplizierte Konstruktion: als Sitzfläche ein Holzrahmen, in den auf zwei Seiten gegenüberliegend so U-förmige Kerben eingefräst sind. Dazu 30cm Ringe aus einer Metall-Feder, die genau durch die gegenüberliegenden U-Kerben laufen, und so die Sitzfläche federn.

Jetzt soll so ein Sessel, insbesondere wenn nochmal ein Kissen drauf ist, nicht zu weich werden - diese Federn brauchen also einen ganzschönen Zug. Nachdem uns aber der Rahmen kaputt gegangen war, mussten wir den neu leimen, und natürlich dafür diese Federn herausnehmen. Soweit so gut - nur wie bringt man sie wieder rauf?

Man kann jetzt die Federn ganz gut mit ein paar Fingern packen und ziehen, aber wie soll man sie gleichzeitig ziehen und in die Kerben pressen? Zum Ziehen muss man die Finger rumwickeln können...

Tja, mit der richtigen Idee (wir brauchen etwas Rundes, etwa von der Form der Us, in die die Feder rein muss, mit dem wir sie auf die passende Länge ziehen können und dann die Feder direkt in das U herunterschieben können) und etwas Augenmaß (hmm... eine Flasche... zu groß. eine Klopapierrolle - zu weich. Das Rohr vom Staubsauger!) hat man dann kurzerhand mal einen Sessel mit Hilfe eines Staubsaugerrohrs als Werkzeug repariert. ;-) Sah sicher lustig aus, wie wir da mit nem 150cm-Rohr auf der Sitzfläche vom Sessel rumstocherten. Aber jetzt ist er wieder einwandfrei.

The LaySVN project on alioth was approved, and the LaySVN subversion repository is created and populated.

The rewrite came along nicely the last hour, the "status" command is now working on a repository-wide level again. The expected speed gains worked out just fine: on my real-world test repository (3.6 MB of data in it, this is /etc of a server I run) it now takes just below 1.5 seconds as opposed to 21.5 seconds before. I didn't run a profiler yet, obviously.

Today I've rewritten most of my "laySVN" layered subversion tool. Tests had shown that most of the time was spent calling the "status" command of the underlying subversion client. This is probably due to locking, and the workaround is pretty simple: avoid calling it on single files, instead run it on the whole repository at once.

This of course requires major changes to the code, so I've started a rewrite. I've already applied for a alioth project for it, I'll make the source available via svn.debian.org soon.

"Layered subversion" means that you basically checkout multiple subversion repositories on top of each other. A file found or ignored in an "upper" layer will not be checked out in lower layers; ignoring a file in a layer will effectively "hide" it if it were in lower layers.

This is an interesting alternative to branching. In branches, you have to "carry forward" changes from one branch to other branches. The base case - merging changes from a "lower" layer into an "upper" layer is usually quite easy. The other direction can get quite messy however. Assuming that multiple files were modified in the checkout, how are you going to commit these changes to the correct branches? Basically you'll have to commit the files to the correct branches, then do the merging magic.

Along comes laySVN, where this common usage pattern is much easier. Changes will automatically be committed to the highest "layer" the file is in. A checkout will update the file to the version of the "highest" layer. The only case which is a bit more complex is when you want to make changes to a file on a different layer. Then you actually have to "add" the file to the appropriate layer. Not really difficult either, is it?

A different name for "layered subversion" would probably be "difference branches", which are very similar.

Google Blogsearch suffers a lot from having old or bad data (including spam) in it. I have the impression that they are waiting for new pings by blogs who have pinged them before - but when deleted, these blogs won't ping them any more.

With pretty much any search term, I've found spam entries in there. :-(

Yesterday, I cooked some filets with a tomato and bell pepper sauce. Very delicious, and not difficult at all.

Gestern hab ich lecker Filets mit einer Tomaten-Paprika-Sauce gekocht. War nicht besonders kompliziert, aber sehr lecker. Einfach das gewürzte Fleisch auf beiden Seiten in Butter oder Schmalz gut durchbraten, dann im Backofen warm halten. In das Fett in der Pfanne die restlichen Zutaten einrühren, d.h. angebratene Zwiebeln, Tomatenmark, Sahne, Paprika. Mit etwas Salz und Pfeffer abrunden. Spätzle oder Eiernudeln passen gut dazu. Karotten als Beilage runden das schön ab.

Tenderloin with tomato and bell pepper sauce / Filets mit einer Tomaten- und Parikasauce

This winter is really odd. I can't remember (and that probably isn't my fault) having had this much snow ever. And it's already the second time this year.

There is no way we can get our car out of the garage (but that doesn't matter much), and public transit is also pretty much broken down. I hope the S-Bahn will be working again soon, so I can go to the Swing on Sunday two-years anniversary.

After getting up to 50 cm of fresh snow overnight, it took me a whole hour to clean like one third of our driveway from snow, just enough to get my bicycle out of the garage and to reach the trash can. And I already spent 45 minutes yesterday. The pile of snow in the front garden is now around two meters; not much space left for me to put more snow from the driveway...

Dieses Jahr ist der Winter ziemlich extrem. Ich kann mich nicht dran erinnern (und das liegt vermutlich nicht an mir), hier schon mal so viel Schnee gehabt zu haben. Und bereits das zweite Mal dieses Jahr.

Keine Chance das Auto aus der Garage zu bekommen (aber das stört auch nicht), nur leider ist der Nahverkehr gerade auch ziemlich zusammengebrochen. Ich hoffe, dass bis heute abend die S-Bahn wieder geht, damit ich noch zum 2-jährigen Bestehen vom Swing on Sunday gehen kann...

Bei bis zu 50 cm frischem Schnee über Nacht hab ich eine volle Stunde geschaufelt und trotzdem nur ein drittel unserer Einfahr freibekommen; genug um mein Fahrrad aus der Garage zu holen, und um zum Mülleimer zu kommen. Dabei habe ich erst gestern 45 Minuten geschaufelt... Der Schneehaufen im Vorgarten ist jetzt etwa 2 Meter hoch; um die ganze Einfahrt freizubekommen müsste ich den Schnee irgendwo anders hinbringen...

Snow scooping progress

I just managed around to learn the very basics of autotools, and as a first execrise, used them on my "SSDDiff" xmldiff application. So you can now build it with the usual "./configure && make" command (if you have C++ STL and libxml2, that is, but these have been really standard for years now)

So there is a new tarball on the Alioth project page which should be a lot easier to install. Get it while it's hot. ;-)

A few words about ssddiff:

SSDDiff is an "diff" application for XML files, which can output into a "merged" format, "xupdate" diffs or "marked" versions of the source files. The algorithm used is very good at dealing with structural changes, but it uses rather much memory and is not the fastest. So it's a good choice when you have a difficult case (one could say it tries to do a "semantic diff"). If you have CVS files or database tables dumped to XML, use other tools.

Hello, Planet SELinux.

The SELinux part of my blog is now syndicated there, too. I really appreciate SELinuxNews and the new planet. This means that some of my recently raised concerns are already being tackled: fight AppArmor by community support, too, not only technical superiority. ;-)

So Microsoft has released a new AJAX toy, currently on preview.local.live.com.

It's not particularly new, though. In one pane it's like Google Maps, overlaid with a car image, in the other pane it's like Amazons local search. I wonder if they actually licensed Amazons imagery for it.

I'm impressed: it works with firefox. But it's rather slow (seems like they are not doing view image preloading, like with the map).

The final version will probably be called Microsoft GTA: Reality, and if they manage to add gore after you've driven over pedestrians (who is this guy, anyway? Did he give the permission to be included in this toy? is there no privacy in the US?) when going down one-way-streets the wrong way, it can probably even become a big seller.

More likely they'll give it away for free, not making any money with it.