Archive for the ‘lang:en’ Category

WideOpenId – woid.cryptobitch.de

Friday, December 5th, 2014

Uh, I meant to blog about this a while ago, but somehow, it got lost… Anyway, I was inspired by http://openid.aliz.es and intrigued by OpenID I set out to find an implementation that comes with an acceptable level of required effort to set up and run.

While the idea of federated authentication sounds nice, the concepts gets a bit flawed if everybody uses Google or Stackexchange as their identity provider. Also, you might not really want to provide your very own OpenID for good reasons. Pretty much as with email, which is why you could make use of mailinator, yopmail, or others.

There is a list of server software on the OpenID page, but none of them really looked like low effort. I wouldn’t want to install Django or any other web framework. But I’d go with a bad Python solution before even looking at PHP.

There is an “official” OpenID example server which is not WSGI aware and thus requires more effort than I am willing to invest. Anyway, I took an existing OpenID server and adapted it such that anyone could log in. Always. When developing and deploying, I noticed that mod_wsgi‘s support for virtualenv is really bad. For example, the PYTHONPATH cannot be inside Apache’s VirtualHosts declaration and you thus need a custom WSGI file which hard codes the Python version. It appears that there is also no helper on the Python level to “load” a virtual env. Weird.

woid server in action

Anyway, you can now enjoy OpenID by providing http://woid.cryptobitch.de/your-id-here as your identity provider. The service will happily tell anyone that any ID is valid. So you can log in as any name you one. A bit like mailinator for OpenID.

To test whether the OpenID provider actually works, you can download the example consumer and start it.
Screenshot from 2014-01-06 16:49:43

Bahn Bonus Points Saemmeln

Monday, November 17th, 2014

mdb_166803_saemmel_bc_4zu1_734x183_hq

The Bahn currently has a Web-based game for you to win some of their loyalty points. It’s not a very exciting game, but you get up to 500 points which is half a free ride across the country. (You get the other half when signing up for their program.)

In order to get these 500 points you need to play for an hour or so. Or you observe the Web traffic your browser generates and look closely. You’ll see that the Flash applet fetches a token from the server and sends your result, along with the token and some hash, to the server. How to get the correct hash you ask? Worry not, you will get the correct hash from the server if you don’t send the correct one. You can resend your request with the hash the server sent you and your POST will be accepted. Neat.

I don’t know why they send the “correct_hash”, but it’s obviously a bad idea.

PS: It seems that Kazam has troubles recording my mouse pointer position correctly.

On GNOME and Groupon

Thursday, November 13th, 2014

You may have noticed that we ran a campaign calling for support regarding the Groupon trademark issue. Fortunately, everything was over much quicker than everybody expected.

It is fair to say that we were surprised by our campaign and the amount of support we had. And so were they (GroupOn). As Bradley said, the campaign could have failed miserably. It was a pure gamble. And I was everything but excited and full of expectations when we launched the campaign. We didn’t know how it would go and our preparation was.. simple, at best. I don’t mean to discredit any of the great work the volunteers around us (and we, ourselves) did. But it’s true that we’re not experts and that we didn’t have all the things in place you could have expected us to have. For example, we didn’t really have a bar of the money raised on the web page. In fact, that information was only available to a limited extent. It’s mainly my fault, but I also blame the fact that we only had mockups of the page, and not real code just until hours before the launch. Personally, my thinking was that we’d have days, if not weeks, to slowly fix things up.

Fortunately, things went differently. The coverage was amazing. I didn’t expect that our very simple page generated so much traffic. It’s hard to come up with an exact timeline of events as everything happened quickly and, in fairness, a bit chaotically. It may have been OMGUbuntu or Reddit who have reported first on our fundraiser. Other sites, such as Phoronix or Hackernews followed quickly. I was told that the latter was exceptional, because it ranked very high for rather long time.

We also had International coverage, i.e. on Heise (with somewhat interesting discussions), Golem (with two more articles!), Computerbase, and others… The usual suspects such as Slashdot, or, of course, LWN had an article as well. Even Arstechnica and Reuters covered our case. And that although we missed sending press releases to most of those sites. Sorry for that :-/

By quickly checking Google News, I know I haven’t found all the articles on the subject, but so far I’ve only found this article which was not in favour of our move. I think this was surprising to most, if not all of us.

Over the course of the day, this image was floating around, showing Brian’s LinkedIn profile which some people found hilarious. Some other pictures were floating around and comments were made. Some of them not in a not acceptable language but most of them were just expressing their concerns regarding Groupon’s behaviour. Some people cancelled all their accounts with Groupon while others started a petition.

We had close to one retweet per second and money was pouring in. The average amount donated was about 20 USD and the rate at which people donated was about 75 USD per minute. Every single minute. This can indeed be considered success. I think I noticed that this is going to be big when Freenode sent a message to all its 80000 connected users asking for supporting our case. “This is bigger than GNOME“, they said. Very correctly so. And it’s a shame, too. Not only for Groupon, because they needed to use the emergency break here, but for the system at large. It shouldn’t be the case that you need money in order to defend yourself against someone misusing your name.

timeline

Dear Internet, thanks. I am overwhelmed. We did not expect that amount of feedback to our recent trademark campaign, let alone the financial contributions. Our campaign was very successful. It was too successful, at least from a technical point of view. We are using a self made, very rudimentary Makefile for the business logic. We are still busy verifying the incoming transactions with Paypal… During the campaign, our servers were very busy handling the incoming requests.

I didn’t expect Groupon to be that cooperative given the behaviour I have observed over the last few months. It might have been Engagdet which were the first to report that Groupon backed up. Other news sites followed suit. All of that happened so quickly, that some news sites couldn’t even report on the case and could only report on Groupon abandoning their marks. That was probably Groupon’s strategy and, I guess, it was a wise choice. They retired their marks, but the app and their page are still online. They also still have a Gnome job posted. But I have no doubt that this will cease to exist.

Again: Thanks to everyone involved. This could as well have been the end to the GNOME Foundation, given that defending the GNOME marks is one of their main reasons for existing. A special thanks to all of you who have spread the word and made this campaign successful. Let’s hope we do not need such a campaign in the future.

For those of you who are interested in some pretty graphs (thanks benzo!), here is another one showing the transaction sizes and their volume. You can see, that we had many many small contributions. This is so amazing. I am very grateful and happy to see our community standing together so closely.

hist_10

GNOME at FSCONS14 in Gothenburg, Sweden

Wednesday, November 5th, 2014

I was glad to be invited to FSONCS 2014 in Gothenburg, Sweden. Remember that this is also the place for next year’s GUADEC! This year’s FSCONS was attended by around 150 people or so. I guess it was a bit less. That might not sound like a lot, but it’s a very cool event with many interesting people and talks.

We, GNOME, had a presence at the event due to me bringing the EventsBox and T-Shirts to Gothenburg. It was quite a trip, especially with those heavy boxes…

The first keynote of the conference was given by Karl Fogel. He declared the end of copyright in 1993. He imagined copyright as a tree whose bottom has been chopped off, but the, the top hasn’t noticed that just yet. He put copyright on a timeline and drew a strong relation to the printing press. He claimed that in the United Kingdom, a monopoly used to control who prints and distributes books and it then transferred to a differently shaped monopoly which involved the actual authors. These could then transfer their rights to printers. He went on with ranting about the fact that nowadays you cannot tip the author for their (free) work. He appealed to the authors of f-droid or the firefox mobile app market to integrate such a functionality. Overall it was an interesting talk with many aspects. He is a talented speaker.

The second keynote was given by Leigh Honeywell. She talked about communities and community building. She said that she got most of the ideas presented in her talk from Sumana Harihareswara‘s “Models we use to change the world”. During her talk she referred to her experiences when founded the HackLabTO Hackerspace after having attended the CCCamp 2007. She basically shared models of understanding the community and their behaviour. The Q&A session was inspiring and informative. Many questions about managing a community were asked and answered.

Another interesting talk was given by Guilhem Moulin who went on to talk about Fripost. It is a democratic email service provider from Sweden. He gave a bit of an insight regarding the current Email usage on today’s Internet. He claimed that we have 2.7 billion internet users and that the top three email service providers accumulate roughly a third of this population. His numbers were 425 million for GMail, 420 million for Hotmail, and 280 million for Yahoo. All these companies are part of PRISM, he said, which worried him enough to engage with Fripost. In fact, he became a board member after having been a user and a sysadmin. As someone who operates a mail server for oneself and others with similar needs, I was quite interested in seeing concentrated efforts like this. Fripost’s governance seems to be interesting. It’s a democratic body and I wonder how to thwart malicious subversion. Anyway, the talk was about technical details as to how to create your own fripost.org. So I can only encourage to run your own infrastructure and found structures that care about running ecosystem. A memorable quote he provided to underpin this appeal is attributed to Schneier: “We were safer when our email was at 10,000 ISPs than it was at 10“.

My talk went sufficiently well. I guess I preached to the choir regarding Free Software. I don’t think I needed to convince the people that Free Software is a good thing. As for convincing the audience that GNOME is a good thing, I think I faced a big challenge. Some of the attendees didn’t seem to be very enthusiastic about their desktop which is great. But some others were more in the, what I would call, old school category using lynx, xautoscreenlock, and all that stuff from the 90s. Anyway, we had a great session with many questions from the audience such that I couldn’t even go through my slides.

I had a lightning talk about signing OpenPGP keys using GNOME Keysign. I probably need to write up a separate blog post for that. In short, I mentioned that short key IDs are evil, but that long key IDs are also problematic. Actually, using keyservers is inherently problematic and should be avoided. To do so, I showed how I transfer a key securely and sign it following best practices (thanks to Andrei for an initial version!). Bastian was nice enough to do the demo with me. We needed to cheat a little though, as currently, they key is transferred using the WiFi network you are on. The WiFi, however, didn’t allow us to create a TCP connection to each other. We thus opened a WiFi hotspot and used that. I think this would be a useful feature.

The last talk of the conference was given by Hans Lysglimt from Norway. He is, among other things, a politician, an activist, and an entrepreneur who founded an email service. His runbox has around 1000000 accounts and 30000 paid subscriptions, so it’s fairly big, compared to Fripost at least. Again, running email services myself, I found it interesting to listen to the stories he had to tell. His story was that he received a gag order for running his commercial email service provider. It remained unclear whether it was send because of his interview with Julian Assange or not.

Interestingly, he didn’t seem to have received many correct subpoenas in the sense that they were Norwegian court orders. However, in one case the American authorities went through the Norwegian legal system which he found funny in itself because the two legal system were not very similar. He eventually mentioned that every email service provider has at least one gag order, either an implicit or and explicit one. Ultimately, he concluded that you cannot trust a corporation.

FSCONS is an interesting event. Their manifesto is certainly impressive. I am glad to have visited and I am looking forward to visiting again. It is very atmospheric, very relaxed, and friendly. A very nice place to be.

mrmcd14 in Darmstadt – DOM-based XSS

Sunday, October 5th, 2014

After last year’s fabulous event, I was really looking forward to this year’s mrmcd in Darmstadt, Germany. It outgrew last year’s edition and had probably around 250 to 300 people attending. Maybe even more. In fact, 450 clients generated 423 GB traffic during the conference which lasted 60 hours or so. That’s around 2MB/s. That’s megabytes. Per second. Every second. I find that quite impressive. Especially as the outdoor area was very inviting to just hang around, grab a beer, and chat to your fellow hackers. So some people must have had an amazing demand of … updates…

This year’s theme was construction sites. As IT, and especially security, is a major, never ending, and dangerous construction site. It was well done, with a lot of warning tape, the people wearing helmets, hi-vis vests, some security boots, etc. Although it couldn’t excel last year’s aviation theme, but the watermark was set extremely high. Anyway, the speakers received cool gadgets, like a tool set, a level, and other very well done gadgets. The talks were opened by Unicorn who, as you can see, was wearing proper safety gear. We were given instructions as to how to behave in case of fire, flood, or lack of alcohol. A nifty feature of this event is the availability of carbo hydrates in form of various food stuffs. It’s very cool to always being able to walk up to the buffet and fill up energy reserves.

The keynote was involuntarily given by dodger who did not miss the opportunity to show us various constructions sites, such as the Utah Data Center. Ultimately, (now I am maybe over interpreting things), it’s also hackers like us who make those possible. We usually decide for ourselves where to go and what to do. It was a good round-up on how we as a community work or should work. Also with some political references which I think is important as I have the feeling that many people lose that focus too easily.

An interesting series of talks was given by Ange Albertini, who first presented the PDF file format. It was interesting to see how the format actually looks like. I knew already a little but I’ve never really cared about the details. This was a very interesting and visually appealing talk. Pretty much like his other presentations which were again on file formats and on crypto.

My own talk was scheduled after the second night. I was positively surprised to see a half-filled room on a Sunday morning, after two nights of demanding partying… Anyway, I had an interested crowd which I think I could entertain. You can find my slides here. I was talking on DOM-based Cross-site Scripting. I presented a modified Chrome browser which is able to stop all identified DOM-based XSSs. I will need a separate post to cover the details. As a brief summary: Both WebKit and V8 were modified to track taint, that is, to annotate strings with the information of the source. Such a source could be the document.URL or the window.name. This taint information is evaluated whenever it is about to be compiled to code. The simple approach of blocking every tainted string to compile is not followed as it breaks the Web. Instead, the compiler will notice which token is about to be generated and only allow generation if and only if the string is untainted or of a data type (String, Boolean, Number). If the tainted token is, for example, function call, assignment or pretty much anything else, then it is replaced with an illegal token in order to abort compilation. There is a video of the talk here:

As we are on videos, the video team is just plainly amazing. It released videos of the event pretty much after they finished. And in a quality that is hard to excel. You check the videos of this conference, but also others. You may find some gems that are well worth watching. Be aware though, some talks are also very much on the vapor-ware side of things… I guess I don’t need to point to specific talks as it should be easy to identify…

I am already looking forward to next year’s event. The watermark has, again, been set high and I expect the next year to be able to raise that bar. But I hope it will be able to stay small enough to not lose the cosy and comfy feeling. Maybe I shouldn’t blog about that fantastic event to not generate too much attention ;-)

LibreOffice Con in Bern, Switzerland

Sunday, September 28th, 2014

I was invited to give a talk in Bern, Switzerland, for the LibreOffice Conference. The LibreOffice people are a nice crowd with diverse backgrounds. I talked to design people, coders doing rather low-level GL things, marketing folks, some being new to Free Software, and to some being old farts. It sounds like a lot of people and one is inclined to think of boat loads of people attending the conference when having the community statistics in mind. But it has been a very cosy event, with less than a hundred people. I found that surprising, but not necessarily in a bad way.

I couldn’t make it to many talks, because the conference took place on week days. But judging from the schedule there were many interesting talks. The only thing I didn’t like about the schedule was the weird formatting. Seriously, who makes the track’s name more visible than the talk’s title..? Also grouping by room and not by time is a bit weird.

Anyway, my talk went well although it was in the first slot after the free beer party ;-) You can find my slides in the collection. I was talking about GNOME in general, but with a twist for those who migrate from proprietary software to Free Software. I hope I could convey that the GNOME desktop might be a viable alternative to proprietary products.

As this was a great, comfortable conference, I’m looking forward to visiting next year’s event.

Attending the DANTE Tagung in Karlsruhe

Sunday, September 21st, 2014

Much to my surprise, the DANTE Tagung took place in Karlsruhe, Germany. It appears to be the main gathering of the LaTeX (and related) community.

Besides pub-based events in the evenings, they also had talks. I knew some people on the program by name and was eager to finally see them IRL. One of those was Markus Kohm, from the KOMAScript fame. He went on to present new or less used features. One of those was scrlayer which is capable of adding layers to a page, i.e. background or foreground layers. So you can add, e.g. a logo or a document version to every page, more or less like this:

DeclareNewLayer[{
    background,
    topmargin,
    contents={\hfill
        \includegraphics[width=3cm, heigth=2cm]
                                  {example-image}
}%
}[{Logo}
\AddLayersToPageStyle{@everystyle@}{Logo}

You could do that with fancyhead, but then you’d only get the logo depending on your page style. The scrlayer solution will be applied always. And it’s more KOMAesque, I guess.

The next talk I attended was given by Uwe Ziegenhagen on new or exciting CTAN packages.
Among the packages he presented was ctable. It can be used to type-set tables and figures. It uses a favourite package of mine, tabularx. The main advantage seems to be to be able to use footnotes which is otherwise hard to achieve.

He also presented easy-todo which provides “to-do notes through­out a doc­u­ment, and will pro­vide an in­dex of things to do”. I usually use todonotes which seems similar enough so I don’t really plan on changing that. The differences seem to be that easy-todo offer more fine grained control over what goes into a list of todos to be printed out.

The flowchart package seems to allow drawing flowcharts with TikZ more easily, especially following “IBM Flowcharting Template”. The flowcharts I drew so far were easy enough and I don’t think this package would have helped me, but it is certain that the whole process of drawing with TikZ needs to be made much easier…

Herbert Voß went on to talk about ConTeXt, which I had already discovered, but was pleased by. From my naïve understanding, it is a “different” macro set for the TeX engine. So it’s not PDFTeX, LuaLaTeX, or XeTeX, but ConTeXt. It is distributed with your favourite TeXLive distribution, so it should be deployed on quite a few installations. However, the best way to get ConTeXt, he said, was to fire up the following command:

rsync -rlpt rsync://contextgarden.net/minimals/setup/.../bin .

wow. rsync. For binary software distribution. Is that the pinnacle of apps? In 2014? Rsync?! What is this? 1997? Quite an effective method, but I doubt it’s the most efficient. Let alone security wise.

Overall, ConTeXt is described as being a bit of an alien in the TeX world. The relationship with TeXLive is complicated, at best, and conventions are not congruent which causes a multitude of complications when trying to install, run, extend, or maintain both LaTeX and ConTeXt.


The next gathering will take place in the very north of Germany. A lovely place, but I doubt that I’ll be attending. The crowd is nice, but it probably won’t be interesting for me, talk-wise. I attribute that party to my inability to enjoy coding TeX or LaTeX, but also to the arrogance I felt from the community. For example, people were mocking use cases people had, disregarding them as being irrelevant. So you might not be able to talk TeX with those people, but they are nice, anyway.

Reverse sshuttle tunnel to connect to separate networks

Tuesday, September 2nd, 2014

I had to solve that the split horizon DNS problem in order to find my way out to the Internet. The complementary problem is how to access the internal network form the Internet. The scenario being, for example, your home network being protected by a very angry firewall that you don’t necessarily control. However, it’d be quite handy to be able to SSH into your machines at home, use the printer, or connect to the internal messaging system.

However, everything is pretty much firewalled such that no incoming connections are possible. Fortunately, outgoing connections to an SSH server are possible. With the RemoteForward option of OpenSSH we can create a reverse tunnel to connect to the separate network. All it requires is a SSH server that you can connect to from both sides, i.e. the internet and the separate network, and some configuration, maybe like this on the machine within the network: ssh -o 'RemoteForward=localhost:23 localhost:22' root@remotehost and this for the internet machine:

Host dialin
    User toor
    HostName my.server
    Port 23

It then looks almost like this:

      
+---------------------------------------+                       
|Internet                               |                       
+---------------------------------------+
|  +-----------+                        |                       
|  |My machine | +------------+         |                       
|  +-----------+              |         |                       
|                             |         |                       
|                  +----------v--+      |                       
|                  |             |      |                       
|                  | SSH Server  |      |                       
|                  |             |      |                       
|                  +----------+--+      |                       
|                         ^   |         |                       
+------------------------ |   | --------+                       
                          |   |                                 
+------------------------ |   | --------+                       
|XXXXXXXX   Firewall  XX  |   | XXXXXXXX|                       
+------------------------ |   | --------+                       
                          |   |                                 
+------------------------ |   | --------+
| ACME.corp  10/8         |   |         |                       
+------------------------ |   | --------+
|                         |   |         |                       
|               +---------+---|------+  |                       
|   XMPP  <-+   |             |      |  |                       
|           |   |             |      |  |                       
|           |   |             v      |  |                       
|   Print <----------+ ssh -R        |  |                       
|           |   |      via corkscrew |  |                       
|           |   |                    |  |                       
|   VCS   <-+   +--------------------+  |                       
|               |  My machine        |  |                       
|               +--------------------+  |                       
|                                       |                       
+---------------------------------------+                       

“But…” I hear you say. What about the firewall? How would we connect in first place? Sure, we can use corkscrew, as we’ve learned. That will then look a bit more convoluted, maybe like this:


ssh -o ProxyCommand="corkscrew proxy.acme.corp 80 ssh.my.server 443" -o 'RemoteForward=localhost:23 localhost:22' root@lolcathost

What? You don’t have corkscrew installed? Gnah, it’s dangerous to go alone, take this:

cd
wget --continue http://www.agroman.net/corkscrew/corkscrew-2.0.tar.gz
tar xvf corkscrew*.tar*
cd corkscrew*
./configure --prefix=~/corkscrew; make; make install

echo -e  'y\n'|ssh-keygen -q -t rsa -N "" -f ~/.ssh/id_rsa

(echo -n 'command="read",no-X11-forwarding,no-agent-forwarding '; cat ~/.ssh/id_rsa.pub ;echo;echo EOF)

As a bonus, you get a SSH public key which you can add on the server side, i.e. cat >> ~root/.ssh/authorized_keys <<EOF. Have you noticed? When logging on with that key, only the read command will be executed.

That’s already quite helpful. But how do you then connect? Via the SSH server, of course. But it’s a bit of a hassle to first connect there and then somehow port forward via SSH and all. Also, in order to resolve internal names, you’d have to first SSH into the separate machine to issue DNS queries. That’s all painful and not fun. How about an automatic pseudo VPN that allows you to use the internal nameserver and transparently connects you to your internal network?

Again, sshuttle to the rescue. With the same patches applied to /etc/NetworkManager/dnsmasq.d/corp-tld, namely

# resolves names both, .corp and .acme
server=/acme.corp/10.2.3.4
server=/corp.acme/10.3.4.5

you can make use of that lovely patch for dns hosts. In the following example, we have a few nameservers defined, just in case: 10.2.3.4, 10.3.4.5, 10.4.5.6, and 10.5.6.7. It also excludes some networks that you may not want to have transparently routed. A few of them are actually standard local networks and should probably never be routed. Finally, the internal network is defined. In the example, the networks are 10.1.2.3/8, 123.1.2.3/8, and 321.456.0.0/16.


sshuttle --dns-hosts 10.2.3.4,10.3.4.5,10.4.5.6,10.5.6.7 -vvr dialin 10.1.2.3/8 123.1.2.3/8 321.456.0.0/16 \
--exclude 10.0.2.1/24 \
--exclude 10.183.252.224/24 \
--exclude 127.0.1.1/8 \
--exclude 224.0.0.1/8 \
--exclude 232.0.0.1/8 \
--exclude 233.252.0.0/14 \
--exclude 234.0.0.0/8

This setup allows you to simply execute that command and enjoy all of your networks. Including name resolution.

GUADEC 2014 in Strasbourg

Sunday, August 3rd, 2014

This year, GUADEC took place in the lovely Strasbourg in France. It was really nice to attend the conference and to hang around with people who care about Free Software. In fact, the venue itself ran Debian which was nice to see :-)

Unfortunately, I wasn’t able to attend many of the great talks as I wasn’t available for all days. And when I was, I was busy meeting people. Although it felt smaller than the last GUADEC, I think I’ve never met so many people who I wanted to talk to.

The conference offered a two-track program. Interestingly many of them looking out for a future of GNOME. John Stowers gave one of the more important talks, I think. He was describing the situation in academia. Python is very popular in the scientific computing space, he said. He was not satisfied with JavaScript being the new “default” language for GNOME applications, because the contestants are numerous and powerful. So we would compete at least against the Web and Qt. The former apparently being nice on other platforms such as Windows. GNOME’s bindings, however, were very good, he said. The technological foundation is excellent and we should leverage that potential and make people use it. However, GNOME’s story on Windows is not all too good, he said. GTK+ is becoming more and more irrelevant and even Wx appears to be as popular as Gtk. I also heard others claiming that the Windows situation is a problem. What I don’t understand is whether there are technical problems blocking easy to use ports. Apparently introspected GNOME libraries for Pyhon on Windows exist, but I don’t understand why that doesn’t do the job.

Another talk related to the future of GNOME was given byAllan Day. In order for GNOME to be successful, amongst other things, a focus on quality must be established, he said. Various ways to improve the current release process were mentioned and the audience engaged in a vivid discussion. I don’t remember the detail so I hope this will be followed up and discussed more broadly in the GNOME community.

“Why do we do desktop”, asked Matthew Garrett in his presentation. When I read that title for the first time I thought the question of the desktop becoming irrelevant was being picked up. But that was not the case. Instead, he wanted GNOME to differentiate from the existing desktops which, as he claimed, are continuing to be simple multiplexors for running several programs (such as clocks) at the same time. In contrast to existing desktop, GNOME should become the secure desktop. Other desktops, he said, would only exist in order to sell more things to the user, i.e. to tie the user to an existing ecosystem. An advantage of GNOME is it being free from corporate control. Decisions are made very transparently which enables it to focus on brining privacy and security to the user. Even if the user is not aligned with our core values and principles. As such, every user deserves as much privacy and security as we can possible provide.

Many thanks to the local team for having organised the conference. I hope next year in Gothenburg will be at least as good.

Sponsored by GNOME!

Getting cheaper Bahn fares via external services

Thursday, July 17th, 2014

Imagine you want to go from some random place in Germany to the capital. Maybe because it is LinuxTag. We learned that you can try to apply international fares. In the case of Berlin, the Netzplan for Berlin indicates that several candidate train stations exist: Rzepin, Kostrzyn, or Szczecin. However, we’re not going to explore that now.

Instead, we have a look at other (third party) offers. Firstly, you can always get a Veranstaltungsticket. It’s a ticket rated at 99 EUR for a return trip. The flexible ticket costs 139 EUR and allows you to take any train, instead of fixed ones. Is that a good price? Let’s check the regular price for the route Karlsruhe ←→ Berlin.

The regular price is 142 EUR. Per leg. So the return trip would cost a whopping 284 EUR. Let’s assume you have a BahnCard 50. It costs 255 EUR and before you get it, you better do the math whether it’s worth it. Anyway, if you have that card, the price halves and we have to pay 71 EUR for a leg or 142 for the return trip. That ticket is fully flexible, so any train can be taken. The equivalent Veranstaltungsticket costs 139, so a saving of 3 EUR, or 2%.

Where to get that Veranstaltungsticket you ask? Well, turns out, LinuxTag offered it, itself. You call the phone number of the Bahn and state your “code”. In the LinuxTag case it was “STATION Berlin”. It probably restricts your destination options to Berlin. More general codes are easily found on the Web. Try “Finanz Informatik”,
“TMF”, or “DOAG”.

I don’t expect you to be impressed by saving 2%. Another option is to use bus search engines, such as busliniensuche.de, fernbusse.de, or fromatob.de. You need to be a bit lucky though as only a few of those tickets are available. However, it’s worth a shot as they cost 29 EUR only.

That saves you 80% compared to the original 142 EUR, or 60% compared to the 71 EUR with the BC 50. That’s quite nice, already. But we can do better. There is the “Fernweh-Ticket” which is only available from LTUR. It costs 26 EUR and you need to poll their Web Interface every so often to get a chance to find a ticket. I intended to write a crawler, but I have not gotten around to do it yet…

With such a ticket you save almost 82% or 63% compared to the regular price. Sweet! Have I missed any offer that worth mentioning?