Swing dancing (i.e. Lindy Hop, Balboa, Boogie Woogie) is my big hobby these days. It started with Rock'n'Roll dancing some years ago, and when I was in Berkeley I picked up some Lindy. Since February I've been going to social lindy dancing every couple of weeks.

This month I've become a member of Boogie Bären (yes, that is "boogie bears"), a Munich dance club, and started taking classes in Lindy Hop, Boogie and Balboa every week, in addition to my usual lindy social dancing on sunday.

Right now I'm right in an "extreme dancing" phase. It started tuesday with the Lindy classes (yes, both of them, over 3 hours), followed by the boogie beginners class on wednesday and the balboa beginners class on thursday. Friday there was a great balboa and swing party in a bar, with top attendees: the teachers of the workshops on saturday and sunday (which I have attended and will continue to attend tomorrow), Andy & Christelle from Lyon and Marty & Valerie from Cleveland. They've been great teachers so far, and their skills are very impressive. And they showed us some really cute moves.

After the second half of the workshop on sunday, there will be social lindy dancing in the evening again, monday evening there is swing dancing in another bar in Munich [Update: with live music, Route 66, in addition to the usual singing DJ], tuesday will likely feature a liveband and boogie dancing (it's a holiday, so no regular lindy classes that day), followed again by boogie beginners course on wednesday, balboa class on thursday, maybe balboa and swing dancing in a bar on friday. Maybe I'll then watch the German championships in Boogie Woogie and Rock'n'Roll on saturday, social dancing on sunday and monday again, and so on.

It's getting somewhat out of hand, as you can see. I should focus more on my diploma thesis instead... so I'll skip saturday. ;-)

[Update: did I mention that Munich has a fantastic Lindy/Balboa scene? Upcoming events include a big balboa weekend 11./12. november, the new years swing ball and the Rock that swing festival in February.]

Folding tag clouds of Debian software packages.

I'm trying to make tag clounds workable with a large number of tags (unfolded tag cloud for comparison) by folding them into subtopics.

Yay, when we're done with tagging the Debian packages, we'll have a great new way of browsing available Linux software. Linux doesn't lack software anymore, it has so much software, you just don't find what you need.

The next version of this will probably allow you to select multiple tags, and update the tag cloud upon selection. So if you choose "GTK" ui toolkit, the "QT" toolkit tag will become quite small, etc.

Heute kam Spam von Freenet.

Genauer gesagt von freenetBusiness.

Tja, wenn wir DSL wechseln wird es jetzt wohl nicht freenet werden, sondern vielleicht 1&1. Die bieten auch fastpath an. Jetzt muss ich sie nurnoch ¨berreden, dass die Einrichtungsgebühren für Fastpath ungerechtfertigt sind, wenn sie sowieso unseren DSL-Anschluss neu einrichten müssen fü die höheren Geschwindigkeit...

Just seen on Google Mail ads:

What is Ubuntu Missing?
Need your desktop Linux to legally play mp3, Windows Media, DVD, etc.?
freespire.org

Apart from the obvious spelling error ("Missing") and the content errors "legally play mp3" - there is a difference between being legal to use and legal to distribute - I think that this is a pretty lame ad.

Apparently, the firefox logo and name have to be considered "non-free" by Debian. The mozilla foundation only allows use of the firefox brand for "official" builds, and Debian tends to add patches to applications to fix bugs without waiting for upstream to do this. So Debian packages aren't an unmodified firefox build.

(Mozilla Foundation trademark policy)

Of course the Mozilla foundation won't object to the kind of modifications Debian did, probably not consider them "serious"; but Debian is meant to be used by others (e.g. Ubuntu) to build their own distributions. These in turn will probably not be tolerated in the same way (and might want to do "serious" modifications).

Anyway, Debian has been using a plain "world" icon for firefox for some time, now it seems we'll have to change the name, too.

A couple of names has been proposed, including "iceweasel", "firechicken" and "freefox". I definitely like the last one best, since it's very clear about being related to firefox, but more free.

I wonder if we can use "Firefox" at least in the User-Agent string. Other browsers have been using "Mozilla" there for a long time, too.

Diese "kontextsensitive" Werbung (auf das Wort "Email") ist so dumm, es ist schon fast wieder intelligent...

Ich hoffe, meine E-Mails sind alle "rar" und "selten", ja geradezu einzigartig... ;-) An den gebrauchten E-Mails bin ich sicher nicht interessiert, aber wäre natürlich schön, wenn ich mir ein paar neue E-Mails da ersteigern könnte, und sie nicht selbst schreiben müsste...

Ich glaube hier hat es ein Programm nicht geschafft, den Unterschied zwischen E-Mail und Email(le) zu vermitteln. ;-)

Sehr amüsant.

... actually isn't that bad. Apparently we are the only distribution shipping a modular policy and doing some smart policy module autoconfiguration and having an upgrade helper tool.

Fedora, having undoubtedly the best SELinux support, only started with Core 5 to actually ship a modular built of the reference policy. Target comes with around 5 policy modules, the other stuff is either in the base module, or more likely, running unconfined. Strict however comes with the extensive set of policy modules in the reference policy. Upon installation of the policy package, all available modules will automatically be installed; judging from the package I downloaded changes in the module selection are not preserved.

Gentoo is still shipping the last officially released toolchain, which can't to modular builds and can't compile the current reference policy. So they are also shipping the old policy (as in the selinux-policy-default package, we might actually remove soon).

Ubuntu is probably waiting for us to do most of the work. ;-) I havn't heard of any SELinux progress with Ubuntu for half a year.

So all in all, SELinux support in Debian is rather good. We just need more people to use it and fine tune it. There are a couple of differences among distributions especially in the init scripts, that require policy changes.

Harald Welte (of gpl-violations.org and netfilter fame) won in court against D-Link. Apparently D-Link had already agreed to fulfill the GPL by offering the source code on their FTP server; the lawsuit was about them having to pay the costs of Harald Welte (buying their product, reverse engineering, legal costs).

Don't emphasize D-Link here much - they did comply with the GPL quickly after being notified of their violation (apparently). They have to pay 3500 Euro for his costs and give him some numbers on sales of the product. It's not a "bad, bad thieves" result, but basically a "comply with the license right away, or pay for the enforcement".

Jörg Schilling, the upstream of cdrecord - which has now been replaced by "wodim", "write optical disc media" - has frequently been claiming that Debians interpretaion of the GPL is incorrect, or even that §2 of the GPL doesn't hold. And he claims that this judgement still didn't verify the GPL. (Just as everybody expected, he trolled in the heise newsticker article on this). Seems he's really trying to make a bad impression with everybody.

To me, the judge did do some pretty clear statements: he said that §2 is an integral part of the license, so while you might be able to debate its validity, it will render the whole license invalid, so you're then infringing on the authors copyright. If you want to use it, you have to obey the full license as is, or obtain a different license. There is no "the license is broken, so I can use it just as I'd like to". And by dsitributing it without having obtained a different license, you are accepting the license as is.

Note: the script posted originally had a bug in sorting, as seen here.

I used history 1|awk '{print $2}'|awk 'BEGIN {FS="|"} {print $1}'|sort|uniq -c|sort -nr|head -10 (this is for zsh history; the fix is the -n flag to sort)

    254 ls
    141 cd
    131 vim
     86 svn
     77 grep
     70 apt
     65 sudo
     60 ssh
     51 rm
     45 dpkg

Followers up:

     45 cat
     43 man
     33 debuild
     28 apt-cache
     18 dch

debuild, dch - yeah, I have been doing some Debian work recently. Mostly SELinux, like a week ago or so.

[Clint, I didn't invent that double-awk pipeline. I just fixed the sort issue. I'm currently more annoyed by awk because it uses isatty() on regular files, which in turn does ioctl, which in turn triggers SELinux audit errors...]

Current #1: Postings like this, Proposals like this ("recall the project leader") and the way the whole situation is handled by certain people, especially joey and Denis.

Not high on the list:
#n-1: That some more people might be paid for their work on Debian, but this time from a DPL-affiliated entity named "Dunc Tank", instead of companies like Credativ, IBM or HP.

So what would be your opinion when AJ steps down from the dunc tank board? Is it then still this evil, volunteer-eating monster?

Sure, you're entitled to your own opinion. I just don't like the way you voice (and try to enforce) your opinion.

With the latest driver "update", ATI removed support for the following graphics cards:

• Radeon 8500/9000/9100/9200/9250
• Mobility Radeon 9000/9100/9200
• Radeon IGP 9000/9100/9200

This is why closed source drivers suck. My Mobility FireGL 7800 is also not supported by the official ATI driver. Well, ATI obviously only cares about new sales, not about users. (Except that users like me will not but ATI anymore, but go for e.g. Intel)

Fortunately, there are some opensource drivers for these cards. They also have 3D acceleration.

Let's just hope ATI releases the documentation needed to support the newer cards (9600+, X300+) before they also discontinue support for these. (Or at least allows redistribution of the existant 2D drivers that have already been written for some of the newer ATI cards)

So don't buy any newer radeon, because there is no long-term-support for them. In a few years, you won't be able to use them anymore!

To a certain extend, SELinux is like TPM.

On one hand, it can be used to increase security of your system a lot.

On the other hand, it can be used to lock you out some more. Like from your Linux-running Motorola phone. (Note: this phone is not running SELinux, but some other LSM)

The combination of both of course increases security even more.

I was wondering if I should maybe starting using these on the next server I install. Make a mini boot system with an SSHD and use the TPM module to secure this boot system. Then whenever the system is booted, I connect via SSH to type in the passphrase to unlock the encrypted disks.

So when some police decides to seize a TOR server, they'll not be able to read any of the data, even when they seize the complete hardware. (Also do read the followup post, that there are probably no charges being pressed against the tor operators, but the police had to do investigations because of the law.)

The only attack vector (apart from breaking crypto) I see is that they use the TPM to decrypt the boot systems sshd key, and then setup a modified boot system to capture my passphrase. They'll probably need more time to set that up than me to be informed the server was seized (or wonder why it's down). They're not exactly prepared for such defensive measures, I guess. (And again, what's the use for them, when I'm most likely just running a TOR exit node there, not logging any of the data passing through?)

OTOH, I'm not planning to setup any server anytime soon, and for a laptop using an encrypted harddrive should be enough. Maybe add some extra SELinux policy to defend against software bugs and maybe keyloggers. Uwe Hermann just measured the overhead and to me this doesn't look very bad. I mean... it will still be much faster than my current laptop, and this laptop is fast enough for me 99.9% of the time.

[Update: moved to proper tag. selinux, not XML.
You might want to read Harald Weltes blog (of GPL enforcement fame) for more details on it. Apparently it's based off an years of SELinux branch, and the source code is availableat Motorola. Yay for companies adhering to the GPL!]

From the debian changelogs:

thunderbird (1.5.0.5-2) unstable; urgency=low
  * new package: thunderbird-dbg
    + enable svg

Whoa, when will we start seeing SVG spam?

Wir sind heute abend mal über das Oktoberfest geschlendert. Wie friedlich es doch noch ist, so am Vorabend...

Dennoch: falsch gesetzte Apostrophe allerortens!

Fast der einzige korrekte Apostroph den man sieht ist in "Wies'n". Da macht er noch Sinn, denn da wird gegenüber dem Hochdeutschen wirklich etwas ausgelassen.

Interessant ist auch "Käfer's Wies'n-Schänke" - auf einem Schild ist sie nämlich eher korrekt geschrieben ("Käfers Wies'n-Schänke"), auf dem anderen falsch ("Käfer's Wiesnschänke")...

Und das Fernsehen dumm macht, wird auch mal wieder demonstriert. Sat.1 sendet "Eva's Wiesnwelt". Zumindest korrekte deutsche Zeichensetzung beherrschen sie offenbar nicht. Der Genitiv wird ohne Apostroph gebildet.

Wikipedia: Apostrophitis

Ich bin einfach zu dünn. Gestern war ich mal etwas "shoppen", und es gab beim H&M sogar mal wieder eine Jeans mit etwas mehr Schlag. Nur natürlich nicht in 28-32 oder 29-32, sondern erst ab 30-32... also nur mit Gürtel für mich. Auch sonst war das alles andere als erfreulich. In meinen Größen gibt es nicht so die Riesen-Auswahl. Und den "Gangsta"-Look finde ich auch extrem hässlich. Naja, wenigstens habe ich neue Trainingsschuhe, die ich nacher auch gleich beim Balboa eingeweiht habe. Für richtige Tanzschuhe bin ich gerade noch zu knausrig.

Hemden scheinen momentan total "out" zu sein. Oder liegt das einfach an der Jahreszeit? Ich hätte eigentlich ganz gerne das eine oder andere helle Hemd gekauft, mit irgendwas "witzigem" drauf. Gibt aber momentan nur Sweater.

Jedenfalls: seid froh wenn ihr etwas mehr auf den Knochen habt als ich mit meinen 58 kg. Klar, ich kann essen worauf ich gerade Lust habe (und ich esse auch oft zwei Portionen), aber ich hätte trotzdem gerne so 5-10 kg mehr.

Just a quick update for SELinux in etch. With Manoj picking up work on it again (you might have noticed the large influx of new SELinux related packages these days, bringing our toolchain up to date again), and rjc having setup a SELinux development box for me, we're actually making some progress on SELinux for etch now. Uwe Hermann also blogged about SELinux on Debian recently.

There are tons of small nuisances with SELinux on Debian left. I've started filing bugs and tagging them with the "selinux" usertag. It's in the details. For example mawk and gawk both try to ioctl any file they read as if it were a serial terminal. Which of course causes SELinux to log an audit error, since the init script or whichever was calling awk didn't have the permissions to ioctl a config file.

Then there is /dev/xconsole - it's created by the syslogd init script (shouldn't maybe this be handled by udev), it's barely used by anyone, and SELinux policy upstream wants to keep it in the xserver policy, and claims its main use is to be able to feed it the output from programs started by the window manager (instead of .xsession-errors). Which is a seriously broken design, since it's not multiuser capable. Anyway, our current options are to

• diverge from upstream in policy, putting xconsole into logging policy
• make xserver an mandatory policy module
• convince the syslogd maintainer to disable xconsole by default
• convince upstream to at least split it out from the xserver module into a separate xconsole module and make that mandatory

Of course I was quickly flamed for filing a bug against exim stating that there currently is no SELinux policy for it, and people thus will have to use postfix or sendmail instead. But heck: people trying out SELinux on Debian will run into this problem, you know. I'd certainly prefer people to use exim instead of sendmail (I'm more of a postfix guy), but unless someone writes a policy for exim, people can't use it with SELinux. I have no idea how exim works (where its queues live, expected behaviour and so on), so I can't write a policy.

Now to start a real flamewar - how about making postfix the new default MTA for Debian with etch? /me runs and hides.

Windows Small Business Server 2003 kann sie teuer zu stehen kommen...

Mit dem "PDS Basisorganisation Eschenlohe-Spam" (hinter dem vermutlich nur eine Person steht, wie aus dem vorne angegebenen Artikel ergeht, wurden die letzten Wochen schon öffentliche und gemeinnützige Organisationen sowie lokale Firmen aus halb Bayern belästigt.

Diesmal ist aber etwas schief gegangen, und zwar genau genommen nicht für Herrn "Christian Georg H.", der nicht zur Bürgermeisterwahl zugelassen wurde. Denn genau das selbe passierte auch mit der Mail eines Anwalts, der die anderen Empfänger über seine Klage informieren wollte.

Zwei der Empfänger auf der Liste, die auch mich abdeckt, setzen offenbar Microsoft Windows Small Business Server 2003 ein, um ihre EMail zu verarbeiten. Das sind die Engpass Marketing- und Services GmbH und das Lechner Holzbau.

Anscheinend haben sie sich dabei überschätzt, "dank" Microsoft klingt es ja immer so einfach, einen eigenen Mailserver zu betreiben...

Während ich das hier schreibe, empfängt unser Mailserver immernoch jede Stunde dutzende Kopien der ursprünglichen Mails. Die werden natürlich verworfen. Insgesamt etwa 3300 Kopien, an drei Empfängeradressen auf unserem Server. Jede dieser Mails ist an über 900 Empfänger addressiert (wobei da sicher auch falsche Adressen dabei sind), und hat etwa 400 Kilobyte. Nach Adam Riese sind das dann 1100*900*400 = 377 GB. Jetzt werden die aber nicht nur ein mal übertragen, sondern laufen über den Mailserver eines großen Providers; die beiden genannten Microsoft-Server sind vermutlich nur über DSL angeschlossen. Zum Glück! Insgesamt sind das also irgendwo zwischen 400 GB und 1 TB an Datenmüll, die da immer und immer wieder übertragen wurden.

So, wer ist aber jetzt Schuld daran? Eigentlich müsste ich auch meine Arbeitszeit, den Müll bei uns herauszufiltern, in Rechnung stellen.

Sind also jetzt diese beiden kleinen Firmen Schuld, weil sie ihren Microsoft Server nicht im Griff haben? Oder ist eher Microsoft Schuld, weil es die Lösung für das Problem in diesem unverständlich beschriebenen Patch versteckt. Der angeblich auch nicht als wichtiges Update angepriesen wird.

Es besteht ein Problem beim Verarbeiten bestimmter von einem POP3-Server gedownloadeter Nachrichten durch den POP3-Connector. Das Problem könnte zur Folge haben, dass bestimmte Nachrichten versehentlich durch den POP3-Connector an Empfänger zurückgesendet werden, die nicht Teil der E-Mail-Domäne des Servers mit SBS sind.

Ohne dieses Update kann ihr Windows-Server aber genau so Amok laufen wie oben beschrieben. Deshalb: Finger weg von eigenen Windows-Servern, wenn sie diese nicht professionell warten können!

Analoges gilt natürlich auch für Linux - Finger weg, wenn sie nicht alle Sicherheitsupdates installieren - aber da wird wenigstens nichts so verschleiert wie hier von Microsoft. "bestimme Nachrichten versehentlich [...] an Empfänger zurückgesendet werden"... sehr witzig.

Würde mich mal interessieren, wie teuer diese Sache am Ende - es trudeln immernoch ständig Mails ein - wird, und wer das bezahlen darf.

In Bérangers blog, there was this short notice on my cut-down on SELinux work. There are several comments to it, some of which are seriously inaccurate. Quoting bad information in Wikipedia doesn't make it more true either.

>SELinux is OpenSource. The kernel parts *are* in the regular Linux kernel.
Absolutely not. SELinux is a heavily patched Kernel + some tools.
Read http://en.wikipedia.org/wiki/Security-Enhanced_Linux if in doubt.

Sorry, but Wikipedia has a really old quote in there. SELinux is (use the source, luke!) in the mainstream "vanilla" Kernel by Linus Torvalds. There are some improvements which aren't in there yet, but in order to run a SELinux system, you do not need to patch your kernel. Anymore. The code in the Linux kernel works just fine. No serious bugs, just some new features are "incoming", and will go into the next Linux kernel. The last larger change in SELinux was around kernel 2.6.9 or so I think (depends on your definition of "large" of course. But the last time I patched my kernel with a SELinux patch was around version 2.6.7 or 2.6.8.)

All the SELinux code is opensource, has rather strict coding guidelines and there are no magic patches from NSA being applied. (Well, basically use the coding style used in the Linux kernel...) Have a look at the mailing list archives on how patches in SELinux work. The NSA would have a hard time hiding secret spying backdoors in these patches, that will go through some more reviews before ending up in the Linux kernel. So you can trust them exactly as much as the Linux kernel itself. And definitely a lot more than the nvidia or ATI drivers. If I were the NSA and wanted to get a backdoor to many systems, I'd ask ATI and Nvidia to put the backdoors into their drivers. There is plenty of room in there.

AppArmor is not in the stock Linux kernel. And havn't received a warm welcome so far...

One our mailservers was heavily loaded these days. Some (braindead, but actually it's not their fault) user sent a huge mail to a huge list of recipients, with many incorrect addresses.

Unfortunately, some of the receipients are users of Microsoft (apparently "Win 2003 Server SBS mit Exchange 2003"). Which somehow bounces back the mail to all original receipients. Some of which, well, do the same. My current count is somewhere at 1700 mails. Most were rejected by my mailserver, since I've quickly added a filter.

Search for "IMB Recipient" to find out why you better do not use Microsoft Small Business Server. Unless you want to become really unpopular with your people for flooding their mailboxes.

Microsoft Knowledge-Base description of the problem - now if that isn't a gross understatement for "your mailserver can be abused to mailbomb others".

Todays culprit: Engpass Marketing- und Services GmbH apparently can't configure their Microsoft mailserver properly.

Auch wenn hier die NPD scheinbar nichtexistent ist (und das ist gut so), so ist sie andernorts offenbar mit einer systematischen Unterwanderung [zeit.de] der Gesellschaft beschäftigt.

Ich finde es ironisch, dass die NPD hier klassische linke Taktiken anwendet ("Kommunen"). Während die Linken das heutzutagen offenbar verlernt haben.

Die Linken versuchen doch heutzutagen meistens anzuecken (zu "politisieren"), nur fallen sie den meisten damit unangenehm auf. Und die Rechten spielen den "lieben Nachbarn, der sich sozial engagiert". Die Linken reden von "Fresse polieren", die Rechten von "Nachbarschaftshilfe". Verkehrte Welt.

Welche dieser Vorgehensweisen mehr Erfolg zu haben droht ist offensichtlich.

Wobei - ganz so nichtexistent sind die Rechten bei uns wohl auch gar nicht. So wurden anscheinend neulich bei uns auch Ausgaben vom Hausblatt der DVU verteilt, kostenlos. National-Zeitung oder so ein Mist.

Jedenfalls sollten die Linken versuchen, etwas "hoffähiger" zu werden, und zu versuchen ihre Ideologien nicht mit Gewalt anderen aufzuzwingen, sondern sie einfach subtil überall einfließen zu lassen. Weniger protestieren, mehr Verantwortung übernehmen. Wir brauchen mehr Linke in den Kirchen, Volkshochschulen und Vereinen.

The security incident on alioth resulted in some rather bad press. Much of which isn't very accurate (the server was not cracked, certain applications installed by users were abused, but no privilege escalation happened) and not fair (this is not a "dumb" web server, but a server to be used by "third party users" to run web applications on).

It's also worth noticing, that everybodys favorite Joerg Schilling commented [de] (read: flamed) on these articles in his best troll manner. In fact, he's known to be a frequent troll on heise, often posting "corrected" versions of articles related to Solaris or Linux. If you've read his posts there and his mails you just can't take him seriously. Don't feed the troll, and just ignore anything you hear from him. Including any cdrecord stuff, please switch to cdrkit/wodim!

To avoid this type of problems I see the following choices:

• Disallow users to install their custom PHP scripts
• Require users to send their web applications through a security review process and installation by the admins
• Write and run some security scanner on these applications, that will detect known vulnerable versions of installed applications (but that means someone needs to write lots of detection code, and update it with every related security announcement...)
• Modify PHP to be harder to attack (i.e. remove functionality, that will potentially break stuff we want to have)
• Use SELinux to jail the webapps a bit more. E.g. SELinux could have prevented the attackers from setting up their IRC proxy.

As you can see, the first option is the easiest, but it's contrary to the idea of alioth - being allowed to run custom web apps. Face it: a webserver serving only static pages is much easier to keep secure than one where users are allowed to install custom applications. And a project of Debians size needs to offer a web server where developers can run custom CGI.

The other options mean much more work; especially the SELinux option would increase security a lot, even with PHP, but it means someone will have to spend a lot more time on administrating the system, and especially helping users when their web app doesn't work right because of SELinux security restrictions. For further increases in security PHP would need to be patched with some SELinux support: it shouldn't be allowed to include() or execute files written by the web server and not uploaded via ssh. For this, PHP needs to understand security contexts.

One thing we should go for, however, is to provide more common services on alioth. For example wikis. Maybe we could setup a shared MoinMoin instance for all projects on alioth that want to have a wiki. And maybe offer "security supported" installations of other common webapps as well (e.g. forums, trac). Attacks usually exploit widely used applications such as wikis or forums. And even when 90% of the users on alioth upgrade their software on time, there are still 10% vulnerable.

And maybe we can setup a box for the custom applications that actually is SELinux enabled in one or two years, when enough people are familiar with it and on how to write and maintain an appropriate policy.

I'm still browsing around (Google doesn't want you to google for such things, but "search", remember?) for a laptop to buy next, when my thinkpad finally dies (or I need to be mobile again, which might be in some weeks).

I've found another wishlist candidate: the Panasonic Toughbook T4. It's small and tiny, extremely solid, it needs no fan, has a touchscreen (and you can carry it book-like, since it's light and comes with a hand strap) and extreme battery life. Apparently it does actually run over 9 hours in third party benchmarks.

But it also has some drawbacks:
There are next to no reviews, especially no information on Linux compatibility (which shouldn't be an issue, embedded Intel graphics, and very little hardware in it, but e.g. the touchscreen might or might not work) - and it's not very widely used or known. It's also very expensive (Thinkpad X60 1500 Euro, Toughbook T4: 2500 Euro with the two big plusses for me being better battery life and the touchscreen, thats too much) and said to be quite ugly.

I sent an inquiry if there will be a successor with maybe a Core CPU - I don't know if there is an ultra low voltage core - or if there will be a version without windows (it's expensive enough, I'm going to use Linux, I don't want to pay 200 Euros for Windows). I got a quick reply - that my questions will be answered when a certain colleque is back from vacation...

This probably means that despite me loving the idea of being able to read papers on the laptop just like with a real book (with a pen, and as mobile), another candidate has dropped off my list...

Guess I won't be buying a new laptop until my old one is completely dead and then I'll be going for something used and cheap as "temporary" solution...

I guess I'll browse the web for the HP tc4400 and Toshiba M400 next. I didn't actually intend to go for a tablet PC, but apparently these are more designed for weight and power consumption than regular notebooks with their nvidia and ATI power wasters.

P.S. Yes, I am aware of Thinkpads. But they are either to heavy for my liking, have too bad battery performance or have too low screen resolution (X series).

Simon has a similar view of the situation.

With the stuff I proposed in my last entry and earlier (e.g. bug masters) - I'm well aware that this means someone needs to write a lot of infrastructure code. But given recent improvements e.g. on our bug tracking (user tags, subscription, version tracking) this seems to be working okay. I've never really used launchpad, so I can't comment on what it offers that we might need and where it sucks. And I've said a dozen of times that I hate bugzilla.

Next I'm usually hard to convince that any "infrastructure improvement" will help solving "social" issues. But here it might, if it "weakens" the formal DDs power (isn't god on how the software is packaged and on how patches come in) and strengthens the "occasional contributor" (pending patches repository, DDs can easily approve patches and trigger an upload without being deeply involved with the package, since NMUs are easier to do).

And I'm also aware that my point of view isn't consequent. On one hand I'm convinced that any big "steering" won't work anyway, and those who do the job (read: write the code, write patches) will largely be those who set the direction. Linus didn't just pick a VCS and decide that everyone will have to use it, but actually wrote his own to suit his needs. And others liked it, picked it up, improved it. On the other hand I'm asking people to use packaging practises that allow others to easily contribute. I almost suggested to make it policy to use debhelper and CDBS...

Well, it's one of the things I've learned myself: make it easy for others to contribute - and you'll enjoy it more, because more people will contribute. If it's hard to contribute, people will complain, will file bugs, will argue. If it's easy to contribute, they are more likely to send patches and enhancements. Read: more fun.

It's also one of the reasons I blame for my SELinux work being not too rewarding: it's hard to get going, it's hard to contribute (well, that has improved with the public readable SVN repository for the policy). Less people, less contributions, less fun.

Anyway, I don't see the need for any steering or "global picture". We're not lacking the big goals, but the low-level fun at development.

That doesn't mean I'm strongly "opposed" to the commitee. I just don't see the benefits (but certain costs for electing it. Do we take group applications and vote among groups? Then we could just have the DPL nominate the steering comitee. Or will we vote on individuals, with the top n becoming the board? Then we'll have lots of platforms to read (=boring, not fun), and we'll probably have the same problems at a different level, different opinions in the board.

And, given that the DPL has no real power, will the board have any?

We also have a technical comittee. Does it have any power (well, it's supposed to, but was it ever enforced)? Did anyone ask it about something recently?

The "Debian board" has been discussed a lot recently. I'm not so convinced it will improve matters that much.

I don't think Debian is lacking a central authority to keep the vision. Most people have some overall vision; these visions might disagree on some points, but a board is bound to have the same disagreements.

What is taking the fun out for me is not that some technical matters don't work out the way I want them too, but usually it's lack of manpower in certain files of particular interest to me. For example SELinux has been rather frustrating for me, since I felt like fighting alone on a lost position. Often applications would change faster than the policy could be updated etc. And trying to support sarge made that even more so. Sometimes bugs were fixed upstream, but the packages in Debian weren't updated yet, etc.

When I was maintaining galeon back then, the must frustrating things were that on one hand, you had lots of people complaining about galeon 2 being different from galeon 1 (and not accepting that galeon 1 was dead upstream, I preferred galeon 2 and so obviously packaged galeon 2) - and on the other hand that there were tons of open bug reports noone even had time to verify. Working on such a package can be very frustrating.

I've been keeping out of flamewars and such for quite some time, so I'm not so much bothered by that. I've blogged about that before.

But I don't see where a "board" or "steering commitee" would come in helpful. Especially not in comparison to DPL-named release managers etc.

IMHO it would be helpful to bring more people in. Our process of becoming a DD is very demotivating, and actually we could use more people - especially - for things like bug verification.

Contributing to Debian can be demotivating for several reasons:

• Packages where the maintainer doesn't respond
• Packages the maintainer doesn't really care about
• Packages where you don't understand the packaging, because it's too different from what most packages use (i.e. please use debhelper and maybe CDBS for your packages, don't build your own 20k makefile buildsystem)
• Often not easy to create proper patches
• Roundtrip times of bugtracking etc.

Stuff I've been enjoing:

• "Thank you"s at the end of bug reports
• Occassional teasing by helix for complaining too much in my blog
• Real life meetings of debian-MUC
• Team-maintained packages

What I'd love to see on the long run is some kind of central package repoistory. Many other distributions use some kind of huge version control system for managing all their packages. Maybe we could have something like this with two "default" branches. With very little effort you can get write access to the "public" branch, and only full developers can pull patches over to the "authorative" branch. Packages should be built from that branch, and use some uniform way for this (e.g. debian/patches/ directories!)

But people with more experience in team maintainance, e.g. the Gnome team, can hopefully comment more on this.

... zumindest wenn man nach einer Filiale sucht, kommt nur die Fehlermeldung

Diese Seite ist nicht mehr verfügbar
Die von Ihnen aufgerufene Seite gehört nicht mehr zu unserem momentan gültigen Angebot.
Wenn Sie mehr zu unseren aktuellen Produkten und Serviceleistungen erfahren möchten, so finden Sie eine Reihe interessanter Angebote direkt auf unserer Startseite.

Danke, aber genau darüber bin ich auf diese Suchfunktion gekommen.

A pity Debian doesn't have a mascot. It could sit together with my squeaky Linux penguin and a bavarian lion on my speaker.

Anyone up for this challenge? Any maybe even make a Chumby version out of it?

I've started decorating my new room. My new home. Closer to the city.

Using the mirrors of my wardrobe, I can actually take a shot of most of my room.

There is a penguin hidden in above picture. Can you spot it?

The yellow and orange colors give it a warm feeling. The long picture is a seven pages is a 360 degree panorama shot of san francisco (I've also made a 12 page version, but didn't print that one yet.)

Some good new up front:
I'm down to around 10 audit errors on booting my amd64 system in targeted policy. To achieve this I did some small changes to the udev init script, and some larger policy modifications (mostly treating /dev/.static/dev the same way as /dev) (see webSVN changes view).

The bad news:
I'm halting my SELinux development.

I'm moving into a new room today, and the box I've recently been using SELinux on is staying with my dad. After all we bought it for him to surf. So I don't have any computer to run SELinux on (my 4+ years old laptop is way to packed already). And that means I can't seriously work on SELinux much anymore.

Sorry. It sucks to stop tweaking it right before it's done, but I can't do much about it.

[Update: It's not just about the hardware. The hardware is the reason why I can't do much at all, but as you may have seen in one of my previous blog entries, a couple of things in my life are changing right now. I have no idea how much spare time I'll have at my hands. I welcome the offers of sponsorship I've seen, but I can't accept them when I might end up not doing much more anyway. Sorry.]

metros from the world with wildy inaccurate logos I've not used:

Just kidding. I'm not going to participate in this stupid thing. I'll just rant about it and annoy everbody just as much as you did. But I can still claim it's all your fault and feel superior. You lose, I win.

How about if you enjoy a motivational poster on deviantart instead? Thank you.

Today, I've been quite busy with "real life".

First of all, I retrieved keys for my new room (see below), and was busy half of the day with packing stuff.

Around noon, I had to go to a funeral. A friend of mine has died, most likely from cancer (maybe smoking-related, I don't know). He was very active for a NPO helping people with the internet. We'll really miss him there, too.

In the afternoon I packed more of my stuff together, bought some new things; then took a break to go dancing - I started taking a Balboa class today - and finally took most of my stuff to my new room. Until around midnight I was cleaning the room, fighting the "malfunctioning" doors of the huge wardrobe and moving stuff in. Tomorrow I'll probably spend my first night in the new room.

This is a shot of the new room. I don't have a wide angle lense, so that is the best I could do (I have the lens on my Amazon Wishlist, but it's horribly expensive...). It's the plain room, nothing of my stuff in there yet. The first thing I did was putting up some nice yellow curtains, to add some color. The flash makes some funny light effects with the mirrors of the wardrobe on this picture. ;-)

The room isn't huge, but it's well done. The bed fits in behind the door, a desk will fit next to the bed, and there is this huge wardrobe. The mirrors on it make the room appear larger and brighter. Now with some sunny colors this will be a room I can enjoy.

I'll probably post another picture when I've added some more color to the room. I have a couple of nice computer artworks printed out to hang to the walls. Oh, and the linux sourcecode poster. ;-) (No, I probably won't put that one up. It's mostly gray. It wouldn't match the room.

It will be interesting how my life will change the next months. I'll be doing a lot more dancing - I intend to join a Boogie sports club, learn Balboa and Boogie and train Lindy Hop - and since I'll be living closer to the city, I expect to go out more. And I hope the people I'll live with in that house are fun, so we'll be spending some time together. We have a pool table and a dart board in the living room, and a perfect spot for placing a projector.

Also since I've passed my final exams, I'll now focus on my final thesis. My topic is about semantic wikis [wikipedia.org], at my university and a research institute. The last months, I had been rather bored with university life; the thesis will likely set the course for the next few years of my life: research, entrepreneurship or just working at some larger company.