I've just discovered this song: Koop Islands [amazon.de, with video] by Koop.

The amazon page has a flash video of the song "Come to me" - check it out. "'Cause my love just has left me, and I need someone new."

It has some smooth swing in it, it flows and somehow makes me happy. I love the bass line and the singers voice. I need to get this album and dance some swing to it.

Dear Lazyweb, do you know of an automatic "image tank" software?

When doing a larger social event, say, like a dancing seminar or a conference or just about anything where people are eager to take photos, it would be nice to have an easy way of collecting all the photos. Also giving people the option to store the image from their camera somewhere without having to bring along a larger memory card or their own laptop.

It should be fairly easy to setup a computer which just

• waits for an USB device to be plugged in, and download all images from the device
• waits for an empty CD or DVD to put in, to store the most recent images on it (so people can plug in their camera, then put in a CD to get them written to CD
• when idle, just show random recent photos

Does anyone know of an application already doing that? I don't want to go through all the UI that you have in Gnome, it should be automatic.

So google has finally changed their algorithm somehow to remove Googlebombs. I wonder which approach they chose. Maybe they require the search term to actually occur on the destination page?

Anyway, I wonder if we could now do the opposite - rank down pages by Googlebombing them. I wonder if we could e.g. all setup links to Windows (microsoft.com) and maybe even mention the word "Googlebomb", and Google will think we're trying to Googlebomb Microsoft this way? So at the end maybe the Wikipedia article becomes hit #1? That would be cool.

P.S. Ever noticed that Google blocks lynx and wget by their user-agent string? (well, I get error 400 with lynx, which might be different, but I can use the --user-agent option of wget to bypass their filter, so at least that filter exists and is kind of pointless...)

So Mandriva apparently is including a new 3D desktop named "Metisse" in their next release. It seems to be a real 3D thing, not like Compiz and Beryl which are just about some fancy effects for your 2D desktop.

However, I'm not convinced that this is a good idea.

First of all, many people have problems with thinking in 3D. "Engineers" like us are used to thinking in 3D, but many people are not. They might be better off with a 2D thing. Also supposedly 2D perception is easier for the mind, and should better allow us to focus on other things.

Secondly, optimizing display for 2D is much better. Many people won't want to miss the crisp and sharp fonts we have today. Subpixel Antialiasing together with hinting does a good job at optimizing fonts for readability. Don't exepct a 3D desktop to be able to offer this, as soon as you turn perspective you'll end up with blurred fonts.

Instead I'd consider doing mostly away with the concept of resizable and moveable windows. Most of my applications (except my terminal windows) are running full-screen. If I'd be working a next generation Desktop thing, I'd be investigating application switching (Expose for example seems to be good), some intuitive way of automatically tiling windows (ion sucks, sorry) and making the concept of multiple desktops easier for users. IMHO that is one of the most powerful (and yet often unused) functions on our systems.

Note that metisse does seem to enable people to use multiple desktop a bit easier; I like their overview screen. I also like the "folding away" concept when temporarily marking text in a different window, but how is it supposed to know I'm going back to the previous window again afterwards? Most of what they show off is totally useless and has bad usability. Where is the actual use of being able to 3D-turn two windows? I can barely read the location bar of the browser afterwards! Just like Compiz and Beryl, they're just showing off fancy effects, but I don't see the usability benefit.

(I havn't tried metisse, this opinion is solely from watching their demo videos.)

For example, I never need to move my windows around on a pixel-level. If I ever resize my windows away from their default size, it's about having two windows visible at the same time. I could imagine having a window chooser such as Expose, and by selecting multiple windows with the right mouse button I can get a tiled view of them, as opposed to selecting a single window with the left mouse button.

I was recently asked to help someone understand the OpenSource movement, and the effects it might have on companies such as Oracle or SAP.

I talked a bit that these companies can benefit from being independant of big vendors like Microsoft, while still not having to do everything themselves. But also on how opensource alternatives to their products will threaten their business in the long run and force them to be more innovative and constantly improve their product.

I then talked about the 'viral' aspects in OpenSource; not about that GPL licensing bullshit (just read the licenses of stuff you want to use, and don't use them if you don't like the license...; this virality is highly overrated due to Microsofts FUD), but a very different kind of virality:

Let's say you are supposed to evaluate different CMS solutions. So you install one or another that sounds promising. Most likely you'll install an opensource database like MySQL or Postgresql. And when you've decided upon a solution, you are quite likely to go with this database, and say to yourself: "if MySQL doesn't scale up well enough for our needs, we can still but an Oracle license".

This would be probably different if you had had installed Oracle in the first place. Say a demo or so. But the demo versions of the CMS you tried already made you comfortable in using MySQL; it's easy to install (most likely included with your system anyway), and it just works. But would you have tried a CMS in first place that actuall required you to setup Oracle?

Anyway, this "social" virality brought me to another point: developers and administrators.

When you see numbers on the market share of Microsoft, they're still huge. Some 95% of users are using Microsoft as their primary operation system (I'm discounting the fact that a huge share of DSL modems here is running Linux, so actually many people are Linux users, and I'm also discounting the use of www.google.com, which would make 99.9% of people Linux users...).

But these are the average users. But they aren't on their own. The software choice of the "average user" is influenced by a couple of factors, including:

• if anything goes wrong, whom can I call for help?
• company (administrative, security) policies
• word of mouth and (software) recommendations

When I look at the sofware my mom has installed on her Windows system (which also dual-boots Linux, and interestingly is the primary choice for watching a movie - Windows doesn't playback sound with some videos...): half of it is opensource. There is OpenOffice.org, Gimp, Gaim, Firefox, Thunderbird, Inkscape, LyX, Mplayer and a couple others. He favourite game? PySol. My dad already has switched to Linux as his main operating system.

So why did they switch to so much opensource software? Because it's what I recommended them, and where I can help them. My mom needed a software to record something for her blog (yes, she's "podcasting" now) - of course I recommended her an opensource application, audacity.

My mom is giving private lessons in math and physics; she's very successful at that. When one of her students got herself a laptop, she of course was given all kinds of (opensource!) software. For her highschool thesis she needed a vector graphics program - she ended up with inkscape.

Now if my parents have some problem with Windows, who are they going to ask? I didn't manage to solve the video playback issues, my mom by herself switched to Linux for watching movies. It didn't work with Windows, I couldn't help her - she switched to something where she knews she'd get more support (and where the problem by chance didn't occur).

Now let's have a look at the university. Our computer pool for the students is all Linux. There are a few windows systems for legacy purposes, I never found out if they are accessible to regular students; I only know they're supposed to exist. When doing some assignment, you're very often required to use some opensource software. For a thesis, you'll very likely be building upon some opensource system. The mathematics institute is still on solaris, but recently Gnome was installed there. Physics and electrical engineering also have mostly Linux systems, I've heard.

For software development, it's pretty much a "develop on Linux, run anywhere", whereas Windows-only developers usually need to port their applications (or trust on Wine being able to run them good enough on Linux). So more and more people start developing on Linux, and get to love it's great development environment (after all, Linux was pretty much completely done by software developers...).

And that is how Microsoft might already have lost the desktop war: developers, technical students and administrators (who usually also love their Linux boxes). They're only a small share of the userbase, but they're influential. In fact, other users rely on them being able to eventually fix their systems for them. But since these are using Windows much less already, they will be less capable of assisting others with Windows. They'll be putting Linux systems everywhere, and keep on encouraging them to make the switch. Of course it will still take some years, but you can expect more and more companies (and cities) to switch over, like the city of Munich.

Windows support staff on the other hand might even become more expensive. I don't know of any numbers on the MCSE programme (Minesweeper Consultant, Solitaire Expert) - does anyone have numbers on "graduates" for that?

I've extended and cleaned up DBus inspector some more.

It will now show the signature of methods and signals (I didn't see any properties, I guess that none of my DBus enabled apps uses them yet?)

So by now (with just a few hours of development, Python rocks!) it's already a really useful tool if you want to use DBus to listen to or trigger all kind of system events. I could listen for song changes, disconnect or connect my wireless network, log in and out of instant messaging...

Download from people.debian.org for now. Needs only "apt-get install python-glade2 python-dbus", no installation required. Just unpack and run "dbus-inspector".

... for being stupid spammers.

Obviously they polled some blog search engine (maybe Google's blogsearch) for some keywords like Java, tried to guess the name from that and grabbed email addresses they could find.

I just received this stupid "job application offer":

Good Afternoon Planet,

I represent a major Airline in Dallas, TX. We have 3 openings for C Developers with Java, Unix, Sybase and Oracle skills. Basically our client is doing a 2 year migration from C to Java and needs C language Guru's.

This "major Airline in Dallas" (Southwest? Amerian Airways? I don't know.) should maybe be looking for a different company to do their development.

The company they are using right now, Adea Solution, obviously:

• is a spammer (no previous contact, obviously an automatic email)
• thinks my name is "Planet"
• does random capitalization
• can't spell (the plural of "guru" is "gurus", without apostrophe), and I can only imagine the errors a native speaker would find in their mail
• can't properly format an email (it was a mess); I don't want to know what their sourcecode looks like...

One more quote:

**I apologize if you are not looking. We have a system here that pulls information from the web and does not distingish between those who are current and those who are not.**

If I were looking, I wouldn't put "I'm currently not looking for a job" on my homepage. And I'd probably try to get in touch with someone professional.

[Update: their homepage appears to be unreachable... looks like someone else was even more annoyed than I...]

Ever noticed the following with Skype: Go offline while several of your friends are online. Suspend your computer. A few hours later, resume your computer and go back online with Skype. Notice how it claims all the buddys that were online when you disconnected just came online? And a few seconds later, some of them all go offline? And several minutes later, they even come back?

Skype (well, at least version 1.3.0.53, YMMV) obviously caches which users it has seen and just assumes they are still online. When it then has actually connected to the Skype network, it notice that none of its peers has them and decides that they maybe aren't online after all. Then it actually searches them throughout the network, and when it has found them puts them back online again.

Thats what I call cheating. Other IM services are much more reliable here. And other IM services - at least ICQ and many Jabber servers, though not Google Talk - also have offline messages. I.e. you can write messages that will reach the receipient once he goes online again. Skype again cheats on these: if you send such a message, it will after some time display the notice that sending it failed. The next time both of you are online, it will actually be delivered. This can result in suprisingly old messages, and makes connecting to people much harder: for putting someone onto your list, you also have to be online at the same time.

Assuming that you are using Skype only during work hours and going offline inbetween, this makes communicating with people in different timezones a pain.

File transfers with Skype are also a game of chance: If both of you are somewhat firewalled (e.g. behin a DSL-modem-router combo), it often can't transfer directly. Instead it picks a random "super node" with large bandwith for transferring the files. However, the super nodes bandwidth isn't always as good as expected by Skype, so sometimes file transfers with Skype are awfully slow, even when your line isn't busy. MSN for example (though I do NOT suggest using MSN), is using it's own, well-powered servers to handle such file transfers (or maybe all; thats why I don't really suggest using MSN, since I've only seen it transfer my files through microsofts servers...). But usually file transfers via MSN - especially in firewalled situations - are much faster than with Skype. (A drawback of them is the short timeout)

So consider using XMPP/Jabber (= Google Talk) instead. They are more reliable, and an open, well-defined, extensible standard.

I've been working a bit more on DBus inspector. Python is so much fun and PyGTK just rocks. I love you, guys. :-)

Ok, not everything is working right yet. I tried making the app multithreaded, and putting the DBus handling into a second thread, but failed at that so far. Getting threading work right with Python and GTK and DBus is just too much, I guess. :-)

Here's a screenshot:

You can grab the code temporarily from this location.

It's rather crude, undocumented (fortunately Python code is quite easy to read) and still lacks some interesting parts (e.g. icons to differentiate between services, interfaces, methods, signals, ... and of course actually displaying method signatures or even allowing you to invoke them...) - but it's a start.

Note that DBus using applications support introspection at varying levels - NetworkManager doesn't have a useful introspection description, and gaim goes the other way by apparently exposing every single method during DBus, so you can do the craziest stuff (but it's hard to find the method you are actually looking for).

... is far from trivial: you are not on the senders side, and not every protocol (in fact very few) allow rate limiting. Not to speak of limiting the total of multiple connections. Basically you'll have to accept that the sender is sending the data at it's own pace.

However, the TCP part of "TCP/IP" is designed in a way that it does a fairly good job at detecting bottlenecks. The basic principle is this: when a packet is received at the destination, a confirmation will be sent back. By adjusting the rate of packets going out to match the rate of incoming "received" message (and to minimize the number of lost packets that need to be resent), TCP/IP connection can adopt to the slowest link in the chain.

This is how incoming traffic shaping works: incoming packets are held back (or even dropped; however holding back packets might also lead to dropped packets somewhere up the stream), which in turn will limit the speed "ACKs" go out, and thus (hopefully) the speed data is pushed down to us.

It's not perfectly reliable, and by design won't work well with short-lived connections and non-TCP-traffic. But it can still come in handy.

We have a shared internet connection with 2 mBit. That usually is fine, but our router isn't very smart. When I'm using up all bandwidth for a longer timeframe (say, apt-get upgrade with new openoffice and tetex), the other users will suffer from a serious performance impact. One of them is often playing games online, and eventually gets kicked out of a game server because of his bad roundtrip times. By limiting my incoming traffic rate, I can hopefully keep the connection useful enough for him. In my tests, it worked pretty good at keeping my bandwidth useage down. The remaining unused bandwidth should allow his game data to pass through without larger extra delays.

Here's the short script I'm using:

tc qdisc replace dev ethWIFI handle ffff: ingress
tc filter replace dev ethWIFI parent ffff: protocol ip prio 50 \
  u32 match ip src 0.0.0.0/0 police rate 1500kbit \
  burst 10k drop flowid :1
tc qdisc replace dev ethWIFI root tbf \
  rate 1500kbit latency 25ms burst 10k

Hi folks, I've been hacking up a DBus inspector, since dbus-viewer was removed from the Debian package (to get rid of the QT dependency).

Using python, it's not too hard. Enumeration of methods and similar already works, the basic UI also is in place (Glade rocks!) but I still need to feed the data into a TreeModel for GTK and do all the difficult parts of the UI.

I'll post an update when I have some screenshot and code ready for you.

I'm convinced the Web 2.0 bubble will impact soon. Granted, some will survive, some will struggle - but some will just blow up. Time to sell for these. There are several reasons why I believe this will happen "soon":

• Too many clones. How many facebook/linkedin/xing/studivz/... clones can you name? We could make a "Memory" (aka: Concentration, Pairs) type of game from them...
• Too little benefit - did you actually have some benefit from these services except being able to show off how many people you know?
• Many of the web2.0ish stuff is just pretty graphics with no real use. How many of the tag clouds you see are actually useful? On the contrary, how many of these new sites have accessibility issues?
• Privacy issues - you've probably seen the bad press MySpace has recently been getting because of stalking and even paedophiles.
• Content issues - I've heard of child pornography been uploaded to e.g. MyVideo (a YouTube clone popular in Germany, since it's doing huge advertising and is on TV), and them taking multiple days to remove it. I wouldn't be suprised if that happens with YouTube as well, but they probably are faster in reviewing and deleting such contents.
• Licensing issues - there was a lawsuit started agains RapidShare, and they probably are bigger than the P2P filesharing networks by now. They're proud of having 80 GBit bandwidth, and I assume 95% of their traffic is actually violating copyright. They try to get out by claiming of having no control over their users content, but that is bullshit. They make a living of having people download this stuff from them.
  Also when I recently browsed MyVideo a bit, it seemed to have like 95% of videos that either come from some TV or have been on the net somewhere else for years; most definitely violate someones copyright. But so far, noone has been caring enough, apparently.
• Security issues - Javascript and webbrowsers aren't well-suited for writing reliable and secure programs. Face it. We're already seeing the first attacks on the Google API, expect much more of these attacks to surface. I wouldn't be surprised if spammers already make heavy use of such APIs to harvest email addresses.

Many people have been keeping an hungry eye on YouTube, Rapidshare and others. It's just a matter of time until some of these predators goes for the kill.

My predictions for the post-web2.0-bubble time:

• User content will be restricted to plain text unless you register and verify your ID, so if you upload copyrighted material, the owners can go right for the user that uploaded.
• Privacy will be a key feature of services, maybe some privacy service providers will surface, that allow you to have a verified ID without exposing it directly to the web service, or having to verify again and again for different services. However phishing will be even more of a threat then.
• More restrictions for unregistered users means lower eyeballs, which in turn means less advertising money and thus less services that can be offered completely for free; however many services do not work as crippleware.
• APIs on the web will largely go away again. A specification for making them safe for scripting will be underway, but only supported in Firefox 3+
• True client applications will come back. Vista with C# and Mono on Linux allow for such applications to be written much easier, and they will not suffer from the browser security restrictions. Why would you write a web-based word processor fighting with HTML limitations, the JavaScript language and browser security when you can do it much easier in C#?

I read today that Ubuntu is working on an "install.exe" for Ubuntu. Which apparently will install an Ubuntu image into C:\UBUNTU so you can boot that. It's not meant to wipe out or replace windows, but live alongside on the existing partition. (I'm curious how well that works with NTFS...)

I'm looking forward to that - and crazy people bringing this Ubuntu.exe along on a CD whenever they go into some computer store and install Ubuntu on all the laptops on display.

If the manufactures don't preinstall Linux, why shouldn't we help them out? We're not installing a virus there or deleting preinstalled software...

Would be fun for a flashmob, too. Go into the shop with a dozen people, a few to distract the employees (asking difficult questions, eventually even buying something; since there is no reason to do any harm to the shop!) and others using CDs to preinstall Ubuntu.

Of course it would be even more fun if the laptop booted Ubuntu the next day... All laptops looking different, but welcoming and friendly and with lots of powerful applications. Maybe one or another will think "whoa, did microsoft upgrade them to vista overnight?" :-)

[Update: Goodbye-Microsoft.com has a similar installer for Debian. It will download and install Grub and an installer image, then allows you to reboot your computer into the installer. I don't know if it's supposed to wipe out the Windows installation (I doubt so) or if its supposed to either shrink the NTFS partition or install into an image file (I assume the last option is what it does).]

This is the first time I can remember, that the university is recommending to not hold lectures and go home early. They are expecting the ministerials to formally close the university, like they did with schools at noon.

This will be the strongest storm we've had in years, apparently (well, others have been similarly strong I think, but not as big).

It's now 15:18, and when I look out of the window it's still surprisingly quiet. The trees are moving, but only slightly. But it's the wind protected side of the building.

The university warning email said that they expect public transport - and Munich has a huge public transport system - to stop service at 18:00 "the latest".

Guess I won't be able to go dancing tonight then. It would start at 19:00, and I need about 30-40 Minutes by subway to go there. I guess they will shut down subway to make sure noone gets stuck in the tunnels if there is a power loss. Such huge storms are a threat to power supply.

[Update: 21:08 you can tell now it's a storm, but it's not bad here. But all train traffic is stopped in bavaria, grounding a few hundred people who didn't make it home in time. They've been taken care of. In Munich, busses and the subway are supposedly still in service.

I went to go dancing, but there was a note on the door it's closed tonight; same for the karate training of a friend. From what I heard in the radio there were only few fatalities so far and limited damage, but we havn't reached the peak of the hurricane yet. Few reports of blackouts in some small towns. Schools remain closed tomorrow.]

[Update: 19. Jan, noon - trains apparently still aren't back to schedule everywhere, but the system is recovering. Not many major damages reported in the media and not many fatalities. It's still windy. IMHO it was "typically german" how we handled the hurricane, urging people to stay at home and not risk much...]

Gunnar, first of all, let me point out that repeating the closing tag makes the format more robust. If the parser encounters a non-matching closing tag it knows that something isn't right. Thats a feature, not a bug.

IIRC SGML had shortened closing tags (</>) and closing tags were partially optional; if the parser encountered a closing tag it would assume all other tags closed up to the previous matching tag.

I guess some people who used SGML and were involved with XML had made the experience that this was a bad idea. It makes parsing harder and the file format more likely to break.

If XML would only be written by perfect tools, we wouldn't need the verbose closing tags. We could probably use some binary syntax like "\1tagname\0\2contents\0". Parsing would be fast and easy. Or something along

tag { "string contents" tag {} }

As for my RSS feed: the links are correct. The tool you are using mishandles the guid tag, which is just a unique identifier; the sole responsibility of my blog is to make them unique. Many tools use a link for the guid, but that is not required by the spec. In fact my blog is quite verbose about not using the full URL there: isPermaLink="false". Instead it provides the "link" element. Look at the source of my RSS, no repeated "en/" in there.

Planet is broken here, and your reader:

• Your reader is broken, because it assumes that the guid tag is a link. It's a unique identifier, a string, which often is a URL, but can be arbitrary. It should use the link element instead (which IS the correct URL)
• Planet is broken, because of the way it constructs the guid field from my blog (granted, it does need a way to do that), especially losing the isPermaLink="false" attribute.

Dear Lazyweb, what is you opinion to having a CV on your homepage?

There are definitely privacy issues associated with this. Even having your birthday there makes abuse easier. On the other hand, many people will write a blog posting on their brithday and thus expose it anyway.

I'd never put a full CV on the homepage (a good CV is adopted to the audience anyway), just with the bare minimum such as the university graduation and such.

Having some project and research information there might get you some interesting job offers; putting a mini CV there as "teaser" along with the offer of a full CV on request could prove beneficial.

On the other hand, such as CV could be a dangerous source material for "social engineering [wikipedia]" attacks. The maiden name of your mother used to be a suggested backup password for many websites, and is found in some CVs; people tend to trust people more that claim to have been on the same school or university (even if they can't remember them; especially if they are made feel embarassed by not remembering...).

Where is your privacy limit? How much of your privacy did you expose on the web already anyway? Do you still avoid having a one-stop download of that data? Do you think there is a way back, with all the indexing, caching and archiving of web pages?

My blog does intentionally not have comments; to reply please post in your own blog or email me at erich@debian.org; I read a couple of OSS planets and I'll also notice if you link to this blog entry and ping technorati.

[Update: first interesting replies coming in - let me quote:

If I do get a call from someone who spotted it (rare, once every 3 months), the recruiter is 99/100 an asshole he isn't going to ask you to do something you want. Really!

Gunnar, the apache configuration files for example are a mess, and certainly wouldn't become harder to edit if they were some real XML.

Similar things apply to other applications. And if you reread my first post, I never suggested to use XML for all configuration files, but just for those who need some nesting structures.

If you don't need nesting, some other format with proper character encoding information is fine with me. It should just be standardized e.g. with respect to quote handling, whitespace handling etc.

key = value

key="value"

P.S. I couldn't reach your blog the last few days; today it worked after a long time and with some error message on top: "not well-formed (invalid token)" seems like you're having some problems with the XML for your blog? :-)

I was considering to modify mpd, my favourite music player (using a daemon and multiple frontends, however I usually don't interact much with it anyway except the casual 'skip' button press). I wanted it to support DBus, so I could more easily add e.g. a "love" and a "hate" button, and start collecting data which songs I like.

Seaching for "mpd dbus" quickly turned up a proposed freedesktop.org standard by VideoLan people and some discussion by for example the XMMS2 folks.

I'm looking forward to that. Right now, my "Multimedia buttons" are bound to some shell scripts that try to find out which media player I'm running and trigger the appropriate command there.

Nothing new, but fun:

Sometimes, smoking can be a very bad idea.

Darwin award 2006.

Our top-10 female geek "helix" (congrats!) suggested (jokingly) we could do an Ajax interface for configuration files.

Well, if you want, you can run a tomcat as root, and have it access your configuration files. If you're crazy enough. :-)

No, there are actually secure ways of doing such things, if you want even with Ajax. Just have a secure web server for administration, which will then push the updated configuration file to the actual hosts e.g. via cfengine.

Since people still tend do read "all configuration files should be XML", and "but I hate XML": please get down.

We already have quite some XML-lookalike configuration files (e.g. apache). We have S-Expressions. We have some deeply nested INI files. We have true XML config files (e.g. /etc/fonts/fonts.conf).

All I'm asking is that we should maybe use one single format for all applications that have similar requirements for their configuration.

And no, not every application can be sanely configured with a linear, flat configuration file. Sometimes, a tree-based data model is much cleaner. You know, thats why we're using a tree directory structure, and not flat files.

And face it, if you like it or not: XML is the most widely accepted choice for exchanging (tree structured) data. And if you manage systems, you want to be able to sanely exchange data between e.g. a configuration management tool and the service you're configuring.

I was asked how I found out about the proper DBus signals etc. - well, that was the difficult part. DBus is supposed to allow introspection (I guess the dbus-browser that used to exist was using that), but not all appications provide this information. So often you have to browse some applications source code to find the appropriate values.

For NetworkManager, I read to source of the gnome applet to locate the "wake" and "sleep" calls. For Gaim, I was reading the gaim source code.

If you are lucky, Introspection could do the trick for you. Just fire up Python and do e.g.:

import dbus, dbus.glib
sysbus = dbus.SystemBus()
nm_obj = sysbus.get_object('org.freedesktop.NetworkManager',
                        '/org/freedesktop/NetworkManager')
nm_obj.Introspect()

which result in something like this:

<!DOCTYPE node PUBLIC "-//freedesktop//DTD D-BUS Object Introspection 1.0//EN"
"http://www.freedesktop.org/standards/dbus/1.0/introspect.dtd">
<node>
  <node name="Devices"/>
  <node name="VPNConnections"/>
</node>

Maybe that's why the dbus browser has disappeared?

Has anyone experience with DoSing spammers by deliberately flooding them with incorrect email addresses?

I mean, it should be easily possible to put new (fake) email addreses up on web pages in a huge scale (actually this is an old idea of deterring spammers). Any spammer grabbing them will have his database grow somewhat out of control.

At some point they'll probably notice that you have been providing them with bad data, and maybe drop all of your domains' email addresses harvested?

Or do they just not care?

Gunnar doesn't like the idea of recommending XML for configuration files, why do you need to be able to edit a XML-file with a non-XML-aware editor if you don't like the raw syntax?

If you don't like the raw syntax, use an editor that gives you a different representation. Or use some transformation. Write a tool that converts YAML to XML and back, if you like YAML better. (Btw, this is another reason to use a common library for configuration file handling - let people choose their configuration file formats!)

Writing XML in the raw with a good schema-aware editor with syntax highlighting is actually quite nice. Have you ever edited an XML file with eclipse? You really should do that... I once opened my Openbox (a rather minimalistic window manager) configuration file in eclipse. Guess what, it was giving me useful syntax completion! It had loaded and used the referenced schema file.

It's not as if I think XML is the ultimate thing; (nor is Eclipse an editor I'd use for configuration files; startup takes years and it frequently crashes for me. vim also has some XML support...) IMHO there is a lot in XML that should be stripped (such as attributes); I like JSON syntax better, except it's in turn lacking essential information such as character encoding, namespaces and schema information. I also don't thin JSON allows comments. But when handling information from multiple sources (and multiple schemes), XML is really useful. It removes most of the quessing needed for handling other formats.

And that is what I'm precisely advocating: use standardized formats. Consider for example the apache configuration. Do you know of any tool that can parse the apache configuration files other than apache? Some parts look like SGML/XML, but they don't have much more in common than using < and >. When you are in need of automating something with apache, you'll be annoyed by this. If apache would be using something where you have a reliable parser ready for - that would be nice.

Have a look at the xchat.conf configuration file. It uses "key = value", but they have these extra spaces there and don't use quoting, this means the file can't be loaded by many parsers, e.g. bash. Now lets use at buttons.conf - compeltely different syntax, "KEY value" blocks, separated by empty lines...

Btw, note that configuration handling with XML to me means also keeping comments somehow... most applications will nuke any comments in their configuration files; which is funny since most configuration syntaxes do have a notion of comments, but did you ever come across an application using sh-style configuration (i.e. that you could source in bash/dash/zsh), that keeps comments?

P.S. The YAML homepage is not YAML. It's valid XHTML. Only if you strip out all the tags and attributes and use only the text content within the /html/body/pre tag, then you have something which probably is YAML. This compatibility with HTML is probably why XML was at all successful.

... sollte man trotzdem nicht einfach mit einem Wörterbuch füttern:

Es geht immer - billiger.de! Hebräisch im Angebot.

Ich nehme dann mal zwei Kilo. Bin doch nicht blöd.

War die Werbung jetzt mit hebräischer Grammatik, oder sollte sich bloeder.de, äh, billiger.de vielleicht erstmal einen Grammatiktrainer Deutsch kaufen statt einen Vokabletrainer Hebräisch anzubieten? (Der übrigens laut Preisvergleich teurer geworden ist, geht wohl manchmal doch nicht billiger...)

... zumindest wenn man der Welt heute glaubt:

Lediglich der TH Karlsruhe sowie der TH München und der Ludwig-Maximilians-Universität-München verlieh die Jury im Oktober 2006 den Titel Eliteuniversität

I wonder if we should do some RDF representation of packages - especially including dependency data.

That way we can maybe use some RDF reasoners to query our data, and maybe extract some interesting information. On the other hand, people with interest in RDF to use our real-world data for their experiments, and maybe we get something back from them.

There is a couple of package metadata we currently are not tracking inside the actual archive, but in different places. Including licensing information (debian/copyright), homepage location (on packages.qa.debian.org), download location (debian/watch) - it would be nice to aggregate these into some RDF store, and export them somehow.

For most of the package information (especially dependency information), we'll have to write our own ontology (I wonder if we can map version numbers to some standard rule language, or if applications will need an external reasoner to process them?); for some things we can reuse the FOAF (Friend-of-a-friend) or DOAP (Description of a project) ontologies. The first is rather common for describing people, people-people and people-thing relationships; the latter was designed for describing opensource projects (but won't be directly applicable to packages of a project).

I've blogged about my RDF export of Debtags data before; the canonical first step would actually have been to export the package data, and enrich it with the Debtags collected data...

Note that RDF is designed in a way that you can have one site provide metadata for another site. For example, the Debtags RDF export contains "category" information for Debian packages, but does not contain e.g. the description of the packages it talks about via an URI. So there is nothing wrong from a RDF point of view of keeping e.g. the licensing, watch or homepage data separate.

For the Google Summer of Code, there was a proposal including "collaborative repository of meta-informations about source packages (CRMI)"; but the first part of the proposal, the "distribution wide tracker tool (DWTT)" showed to be a bigger task than expected.

But maybe we'll still see CRMI at some point, and maybe we can have it provide an RDF export of data (using a semantic wiki might be a good starting point for CRMI maybe?).

[P.S. this blog posting maybe belongs more into the en/linux/debian category. But only the xml category is also syndicated on planet.XMLhack, and I want this post to go there to reach more RDF users. I really need to switch my blog to some software which supports tagging...]

Andreas Schuldei asked how to hook into gnome-power-manager.

I'm assuming you want to do some user hooks, too; the solutions using the low level hooks in /etc won't help you then. Using a small user daemon that listens for DBus events is much nicer (though you won't be able to have the suspend process wait for you to finish...) - because every user can setup his own stuff.

It would be cool to extend the following to a more general solution. I could imagine a combination of a dbus-monitor (logging incoming signals) and a general event handler. You could then either type in the signal you want to hook or choose one of the logged signals, setup some properties (e.g. the SSID you just connected to) and setup reactions (start VPN script etc.).

I havn't hooked gnome power manager yet, but I've been doing this for NetworkManager. Here's a python script:

#!/usr/bin/python
import dbus, dbus.glib
 
def device_now_active(path, ssid=None):
  pass
 
def device_no_longer_active(path):
  pass
 
sysbus = dbus.SystemBus()
nm_obj = sysbus.get_object('org.freedesktop.NetworkManager', '/org/freedesktop/NetworkManager')
nm_if = dbus.Interface(nm_obj, 'org.freedesktop.NetworkManager')
 
nm_if.connect_to_signal('DeviceNowActive', device_now_active)
nm_if.connect_to_signal('DeviceNoLongerActive', device_no_longer_active)
 
mainloop = gobject.MainLoop()
mainloop.run()

To hook to gnome-power-manager, use dbus-monitor to find out the appropriate signals to connect to.

I've been using this to start a VPN client when connecting to some wireless networks, and to have gaim automatically logon when network is available:

sesbus = dbus.SessionBus()
gaim_obj = sesbus.get_object("net.sf.gaim.GaimService", "/net/sf/gaim/GaimObject")
gaim = dbus.Interface(gaim_obj, "net.sf.gaim.GaimInterface")
 
# then use
gaim.GaimConnectionsDisconnectAll()
# or
accounts = gaim.GaimAccountsGetAllActive()
for account in accounts:
  gaim.GaimAccountConnect(account)

Dynamic languages like python can be very sweet to use.

Aigars Mahinovs mentioned that it would be nice if applications would not clutter the home directory with their config files as much.

I agree a lot. Dotfiles for configuration suck badly.

If you start a new application (or if you are in an early stage and have a small userbase), please follow the Freedesktop.org XDG base directory specification.

I.e. use .config/applicationname instead of .applicationname for configuration files (unless an overriding environment variable is set), and .local/share/applicationname for data files. And for cache files, use .cache/applicationname (anyone writing a patch for firefox?)

What I'd also like to propose is to reduce the number of different configuration file syntaxes. It sucks having to find out which syntax an application uses again and again, because every application is different.

We probably won't be able to convince everybody on one format, but we could maybe cut it down to, like 3 formats, please? There is no reason that one application needs to start comments with "#" and another with ";" while a third application uses "//" but doesn't allow "/* comment */"...

A small set of syntaxes (preferrably with standardized parsers) should be good enough for just about every application:

• key=value pairs, quotations optional, comments match "^\s*#"
• ini-style configuration files with limited nesting
• JSON syntax (nesting, all strings quoted)
• XML files (arbitrary nesting, mixed contents, repeated elements)

If we had just these few syntaxes and an appropriate schema description language, we could write generic configuration file editors. That would be very nice. Also we avoid having config file parser bugs by using libraries, and if someone prefers using e.g. gconf or dconf, this could be handled by the library, transparently for the application.

(Note that many application lack error handling when writing their configuration files, especially when the disc is full... - they really should be using a library. IIRC xchat also has some bugs of this kind, I remember having tried to patch some of them once when we were preparing for the sarge release, just to find out that there might be many more of them...)

I had trouble with tomcat. It started fine, but shutdown took a very long time (enough for eclipse to suggest killing it, for example).

Some people suggested I try the tarball from Apache, instead of using the Debian package, but that didn't help either.

By not running tomcat from eclipse and waiting a long time for the shutdown, I finally managed to get some actual error messages:

This was usually the last message I was seeing:

INFO: Pausing Coyote HTTP/1.1 on http-8080

After some timeout, I now got these messages:

Protocol handler pause failed
java.net.NoRouteToHostException: No route to host

No route to localhost? WTF?

I resolved it by putting all hostnames it might try (localhost.localdomain, although I use that nowhere, as well as the FQDN I'm using) into my /etc/hosts and forcing them to point to 127.0.0.1 - and voila, tomcat actually shuts down instead of pausing and then failing to notice it has successfully paused...

The biggest party in Bavaria and part of the current german government, CSU, has announced that they want to make the "production and distribution of killer-games" illegal in germany. They claim it's because of a recent highschool shooting (no fatalities except the shooter; there was one other highschool shooting in germany a few years ago with 16 fatalities. Yes, that is 17 fatalities in over 40 years, the 42 years old amok runner back then didn't play killer games, I guess, although he used a flame thrower...).

This would make the production and distribution in Germany unlawful, since we include games such as overkill, tremulous and openarena. Other distributions such as SuSE probably include some games that classify as "killer games" as well. Also note that "distribution" is a rather wide term. Does it apply to web sites? ISPs? If there is an online killer game, is the ISP "distributing" it?

Polticians (especially those from CSU/CDU/SPD) are such a bunch of idiots.

Please do NOT ever again vote for CSU. Software patents, killer games, "Problemfrauen & Schadbären", surveillance cameras and other surveillance, military inside germany (note that in desaster cases such as the flooding some years ago we could already deploy soldats without extra laws), shooting down of civilian airplanes, transrapid, reducing math and natural sciences in highschools, "google earth threatens worldcup security", police installing trojans on home PCs (because criminals don't install virus scanners?), kicking "irritating" students out of school, study fees, ...

Often they make George W. Bush look like a genius, don't they?

They don't do any important stuff, but just say whatever a majority people might want to hear. They waste our money (Transrapid). They destroy our biggest resource (changes in school system and university system, which will reduce average knowledge in germany a lot). They do lots of stupid things, which heavily invade privacy or public safety (military, surveillance) with no benefits in safety and many of which even where only stopped because they violated our constitution. Do not vote for them!

[Updates: Daniel, sorry for posting a non-english post to planet. I again put it into the wrong category; I intended to do a longer post (this one) in english later on. For clarification: CSU is the sister party of CDU, these parties have an arrangement not to compete by region and are closely affiliated. On the nation-wide level they have a joint list, which often is called CDUCSU. So they're not just an "affiliate", but a strong part of the ruling party.

Holger Levsen pointed out we are likely going to violate some laws much earlier by distributing ("hacker-") tools such as nmap, ettercap or whireshark.]

Nach aktuellen Plänen der CSU wäre der Vertrieb von Debian GNU/Linux illegal.

Auch zahlreiche andere Distributionen währen wohl davon betroffen: Alle, die sogenannte "Killerspiele" vertreiben...

z.B. Overkill (wobei Debian auch noch z.B. Tremulous und OpenArena enthält, die auf der Quake3 engine basieren und 3D Grafik haben...)

I'm keeping my homepage in a SVN repository; I'm using the $Date$ variable to automatically track the last modification date (though it will also change on minor modifications).

For the HTML "Date" meta tag, the W3C recommends using ISO8601 date format. This is the (non-XSLT-2, so no regexp) hack I use for conversion:

<xsl:value-of select="concat(substring($string,8,4),'-',substring($string,13,2),'-',substring($string,16,2),'T',substring($string,19,8),substring($string,28,5))" />

Here's how to format the date according to RFC 2616, as used in the last-modified meta tag and HTTP/NNTP/SMTP headers:

<xsl:variable name="day" select="concat(substring($string,8,4),'-',substring($string,13,2),'-',substring($string,16,2))" />
<xsl:variable name="time" select="substring($string,19,8)" />
<xsl:variable name="timezone" select="substring($string,28,5)" />
<xsl:value-of select="date:day-abbreviation($day)" />
<xsl:text>, </xsl:text>
<xsl:value-of select="date:day-in-month($day)" />
<xsl:text> </xsl:text>
<xsl:value-of select="date:month-abbreviation($day)" />
<xsl:text> </xsl:text>
<xsl:value-of select="date:year($day)" />
<xsl:text> </xsl:text>
<xsl:value-of select="date:time($time)" />
<xsl:text> </xsl:text>
<xsl:value-of select="$timezone" />

[Update: Joel Wreed pointed me to his libxslt plugins, a regexp and a exsl.org/dates-and-times plugin. These would help a lot, though IIRC the date-parse exsl.org spec doesn't support the date format I'd need. (So I can't just say date-format(date-parse(...),...)). Also he said that they basically are unmaintained right now. It would be nice if they could be merged into libxslt, though...]

Debians /etc/network/interfaces is a powerful way to setup multiple profiles; NetworkManager is a pretty UI for managing your network. However they don't play well together: NetworkManager will ignore devices managed via network/interfaces.

However, NetworkManager lacks a couple of important options, including static IPs and several wireless options; I can't connect to my universities WAP2 network using NetworkManager because of some missing options.

This is why I wrote this small script:

#!/bin/sh
# disable network manager:
dbus-send --system \
  --dest=org.freedesktop.NetworkManager \
  /org/freedesktop/NetworkManager \
  org.freedesktop.NetworkManager.sleep
sudo ifup eth1=eth1-lrz

My /etc/network/interfaces contains a working setup for my wireless named "eth1-lrz"; since this differs from the real device name, this works fine.

Running this script will tell NetworkManager to disconnect and instead setup the wireless for my university network. When connecting to a different network, I only have to do "ifdown eth1" and then click on the NetworkManager applet to enable it again. (would be "org.freedesktop.NetworkManager.wake")

... wird Stoiber in den Mund gelegt. Ob sie Frau Pauli genauso abschießen wie den Bären?

Die Situation der CSU ist aber auch echt doof: eigentlich mag keiner den Stoiber mehr so richtig behalten (und der Rest Deutschlands lacht eh über ihn...) - aber es gibt halt auch keine Alternative.

Inbesondere gibt es keine Alternative, die der neuen Generation irgendwie passen würde: da träumt doch jeder, der neue Stoiber zu werden. Nur ist derzeit keiner so weit, sondern da wäre erst noch die alte Riege vom Kaliber Seehofers. Nur wenn man Stoiber jetzt durch so einen ersetzt, so wird dieser auch erstmal 10 Jahre regieren. Das bedeutet, dass die potentiellen Nachfolger dann nochmal warten müssten. Nein: alle die in der CSU auf eine eigene Karrieren hoffen (also alle), müssen an Stoiber festhalten. Und hoffen, dass er sie zu seinem Nachfolger aufbaut.

Manchmal tät den Politikern echt eine Regelung gut, nach der sie nur maximal 8 Jahre oder sowas das Amt bekleiden dürfen. Dann stellt sich so eine "Nachwuchsfrage" weniger, und die Korruption ginge auch zurück...

Aber die Politiker leben eh in einer eigenen Welt, und verschlafen alles bis es zu spät ist. Z.B. den Trend zu Bioprodukten. Subventionen für den Wechsel zu biologischer Agrarwirtschaft wurden gestrichen, und jetzt sind Aldi, Lidl & co auf den Bio-Zug aufgesprungen und müssen im Ausland einkaufen, weil unsere Bio-Produktion nicht groß genug ist...

Dafür haben so wir unseren Spaß! :-)

As demonstrated by the gmail contacts list hijack attack, web 2.0 technologies are quite vulnerable for attacks. And while GMail has a rather good security record, cross-site-scripting is the security issue to watch out for. Especially since many web2.0 sites deal with sensitive data (especially data you probably shouldn't have given them in the first place...) this is rather interesting.

It's not new (mind you, the whole web 2.0 thing is not new), but it's being used heavily now, and a lot by people who don't pay enough attention to security. The whole web 2.0 thing is quite naive, mind you.

I expect to see more attacks of this type to surface. And in the long run I think we'll either need to use some web interface specification language (so the browser only allows whitelisted access; think robots.txt) or new security filters in browsers will break most (if not all) mashups.

Maybe it would be best to add some real WSDL/SOAP code to the Javascript core (and in this process add all the stuff the monster javascript libraries around have been adding, effects, event queues, sane callback handling, getElementById shortcuts etc. - it just doesn't make sense to download the same 200k Javascript from a dozen sites. Dojo, Mochikit, Prototype, ...).

I've set up some simple RDF export (gzip only, please add caching yourself!) for the Debtags data.

The export is using the DOAP ("Description of a project") vocabulary, though it isn't optimal (we're not talking about separate projects, but multiple packages may belong to the same). The format of the RDF file may (and will!) still change, for example I'd like to have some explicit URIs for the packages instead of just storing it in the name tag. Suggestions for a matching vocabulary / serialization are welcome.

But if you want to play around with some real-life data, just grab a copy.

There is a couple of interesting things you can do with it, such as my folding tag cloud. So go ahead, and play around with it a bit.

[Update: I've changed the schema a bit, it should be now clearer which package is being described. I'm using a new namespace for the packages that is still undefined (that's why it's called "temp")]