Deciding when to upgrade svn.gnome.org

The server behind svn.gnome.org still runs the previous Ubuntu LTS (Dapper / 6.06). I want to upgrade this to the latest Ubuntu LTS, this being Hardy / 8.04. The upgrade itself should not take more than 30min, but the downtime will be longer than that (rsync’ing everything to another machine). I’ll setup another machine to handle SVN in case the distro upgrade the distro upgrade fails in unexpected ways.

I’m currently thinking of Sat 7 or Sun 8 Jun 2008. I prefer Sunday mornings (CEST / UTC +2) as hopefully not too many people are online. Further, the most important users of svn.gnome.org are developers and I expect less usage in the weekend. The weekend is more popular for translators though. It also isn’t just before an important release.

Above date is not fixed, I still have to check if there is someone standing by with physical access.

Anyone think above is a bad idea? Better suggestions regarding when to schedule this? Note: During the week it has to be in the evening (UTC +2).

Note: After the upgrade, the repository format has to be changed, but I’ll do that later. It shouldn’t be more than a few minutes per repository (due to converting it twice, first the whole repository, then disallowing commits, then doing the commits that have been made when the conversion was running). The repository format should allow things like svnsync, plus repository size should be smaller. See http://subversion.tigris.org/svn_1.4_releasenotes.html.

Page loading problems

An answer regarding page loading problems:

Gave up on hoping that Gnome would serve my blog sanely – apparently asking for it is a denial of service attack. Duplicated it at http://www.go-oo.org/~michael/blog/index.atom.

This is not what I said or meant on IRC. There is a DDoS going on. Nothing too heavy. However, it really slows down the database, slowing down Bugzilla until a crawl. Due to the type of DDoS it is almost impossible to block (too many IPs, etc), resulting in unintended side-effects. Initially I thought I could add the workaround pretty quickly. However, was too difficult to do at UDS. I noted the delay in #sysadmin, so if you’ve asked there someone hopefully would’ve repeated in case I wasn’t around. I did inform the sysadmins regarding the config change (mailing list and IRC) causing these page load issues. Due to abuse avoidance (often if you make it known, seems others see a need to repeat/join) I did not inform anyone else. I do hope the DDoS doesn’t morph into something I cannot block.

Ubuntu Developer Summit

Canonical invited various people to attend FOSS Camp, others just for the Ubuntu Developer Summit. Some even had an invitation for both. I received an invite to attend the Ubuntu Developer Summit, which was held 19-23 May in Prague, Czech Repulic. I’ve been to Prague twice before, but it was way too long ago for me to remember any specifics, apart from the Clock tower in the old city centre.
Apart from me, also Vincent Untz, Andre Klapper, Christian Kellner, Ryan Lorty, Pedro Villavicencio Garrido, Sebastien Bacher, Murray Cumming (only a few days), David Zeuthen, Lennart Poettering and others attended the Summit. During lunch we usually sat at the GNOME table. I really liked the food in Czech, my only complaint that sometimes it was way too much (which on one hand doesn’t matter, but on the other hand makes it hard to stop if it is really good). Plus they could ease up on the sauce (too much). My roommate was Reed Loden, known for firstly being another Bugzilla developer, but he is also a Mozilla sysadmin. We weren’t the only Bugzilla developers who attended as Christian Reis was also there. Unfortunately I did not meet him (although he should’ve put in some effort and also worn his Bugzilla tshirt ;) ).

Aside from Ubuntu things, also talked to various people regarding distributed version control systems. This included a few Bazaar developers, Reed (mostly regarding usage of hg at Mozilla) and a few Git users such as Christian Kellner. This to prepare for the BoF at GUADEC.
Vincent discussed some (private) release team things, first with Andre, then with me. It hasn’t been discussed yet with the rest of the r-t. Face-to-face is so much faster than IRC/mailing lists. Fortunately the lack of openness (like e.g. public r-t archives + meetings) did not matter in this case.

Bought a second hand (but still fairly new) laptop a few weeks before UDS. As I find my desktop way better than some laptop, resulting in me not picking it up until just before UDS. Meant that the first thing I did at UDS was installing Ubuntu. Sound unfortunately did not work, this was fixed later in the week (nothing other than installing new updates). Btw, the ‘system restart required’ should tell me why it wants to restart so I can understand the impact of not doing it right away and it would allow me to work around it.
Having a laptop is pretty good for the downtime (either uninteresting talks or just breaks). Also, only having 1280Xsomething wasn’t as annoying as I assumed beforehand.

Now on to the bits and pieces I remember from UDS. Specifics might be (unintentionally) incorrect, feel free to leave a constructive comment for that. I have a feeling that this might be boring, too long, etc… but perhaps interesting for people who want to know what it is like at UDS.

The talks have been divided into various topics such as qa, community, server, etc. Each topic was usually held in the same room. The room for the desktop topics had been held in a room where the airconditioning was working like mad — it was way too cold in there. One good thing was the availability of two extra rooms. One of which I used for a Bazaar discussion. As noted in the wrapup by someone, it would’ve been better if those rooms showed up in the schedule. This as I almost never looked at the white board. Ok, I did see a KDE group hug for 2 hours, which had me wondering for days.. 2 hour long hug?!? Maybe the KDE attendees were crazier than the GNOME cabal, at least I’ll try and do better ;)

On Monday morning at the ‘OpenChange Exchange integration’ talk, they introduced the concept of bug 0. This in relation to bug 1 in Launchpad, which has as goal to have more marketshare than Microsoft (for free software, not just Ubuntu). The bug 0 concept is about a possible decline in server market share. It was suggested that the reason behind the increase of Microsoft servers was the integration of various Microsoft components such as Active Directory (LDAP), Calendering, Mail, etc. To overcome the increase in Microsoft servers, something has to be delivered which provides an similar experience to what Microsoft currently has. The talk suggested a combination of both Samba, openldap, plus something which deals with Exchange (calendering, etc). With the new protocol (etc) documentation, maybe finally we’ll have some good Exchange replacement available under Linux (finally!). Oh, and I mean something which integrates with both Outlook as well as Evolution.
Don’t recall much more from Monday. Some talks I was only physically around, as I was busy with the manual labour of replacing SSH keys (btw: that SSH key replacement was not just me. Lots of work done by Kjartan Maraas, Kurt von Finck and Christian Rose, way before I had time).

Don’t recall much from Tuesday apart from a Music Experience review. Celeste was commenting on various usability issues in rhythmbox. Oh, and SSH key replacements. At one point (maybe Tue, perhaps some other day) I enhanced Mango to automatically inform users when some sysadmin / accounts person adds a new SSH key to an account. Shows all SSH keys on the account, not just the newly added one. Reed was partly interested in a system like Mango for Mozilla. Hopefully he’ll either base something off Mango, or make something new which is usable for GNOME.

On Wednesday morning I attended automated desktop testing. Automated testing is hard as the there are various tools which generate testing scripts, but they are usually very detailed, breaking too often. Resulting in lots of effort to (re)write such tests/scripts. Errors in such scripts are bad as it lowers the trust of developer as well as qa people have in them. In the talk someone explained a new testing tool which worked by using something like VNC (comparing graphics on the screen). Seems it will not correctly handle changes made to the theme, nor alpha (transparent) window/themes.
Don’t remember, but guessing that on Wednesday afternoon (12.00) Celeste from KDE/openusability.org asked for some meta package which would include all tools needed to test usability, including remotely. This as basically everything is available, just not in one package. I’m interested if remote usability testing is possible. From what I remember, one of the most basic things that you have to do is to make the user comfortable. This aside from the way you ask questions. I wonder if a user can be made comfortable remotely. Hopefully progress can be followed via blogposts (Planet KDE). Note that remotely wasn’t the only thing covered. It was mostly to get friends and family to help hold a usability test, guided by an expert (e.g. Celeste).

Started Thursday (IIRC) morning off with a QA session. Suggested a few things which would get more triagers to help Ubuntu (by explaining what to my understanding drives triagers). I’ll refrain from being too specific as I don’t want too much competition and influence the strength of the excellent GNOME bugsquad team ;)
Went to a session regarding a common printing dialog for KDE as well as GNOME. I expected some proposal meant for an ISV, to allow non-KDE/GNOME software to show the appropriate dialog depending under which desktop environment the program is running under. However, it rather was regarding replacing the KDE and GNOME dialogs with just one dialog. I’m not sure about the feasibility and usefulness.
After that session I attended the input hotplug. This was about allowing e.g. two mouse pointers and multiple keyboards. Seems that gtk+ wouldn’t deal properly with two mouse enter events (no idea about Qt). It would also still be possible to have the two mouses control just one pointer on the screen. There was some discussion in which I learned that apparently you can have multiple (Wacom) tablet pens, each assigned to a different color. Pretty cool.

Every day after lunch various talks were given in the big room (Plenary). One interesting item was Wubi, which is an Ubuntu installer for Window. on Thursday the Wubi developers started off by apologizing for the Windows machine (IMO nuts), then by having people raise their hands if they knew absolutely nothing about Wubi. From the people who raised their hands someone was picked to do the Wubi installation. According to the developers Wubi should work with all Ubuntu derivatives (Kubuntu, etc), and IIRC even different distributions.
There are some scripts available to increase the size of the Wubi Linux file, and even to transform the Wubi file into a real partition (or perhaps this is still planned, not sure). The nice thing about Wubi is that all the installer questions are already asked in Windows. The entire installation of Ubuntu itself is automatic.
In the afternoon I went to Client Drawn Decorations by Mirco Muller. Basically not for the talk, I just wanted to see bling. There was some discussion regarding the feasibility of this. I didn’t follow the whole discussion as discussion != bling.
Followed PackageKit after that that talk. There was an agreement that all packages requiring stdin would be fixed, plus some discussion regarding the integration of debconf and license agreements. Richard Hughes called in for that talk using sip. Worked pretty well overall, only trouble was during one of his answers (he was breaking up).

On Friday I attended a talk about System-wide preference. Desrt explained the possibilities of gconf (you can have system defaults in gconf, just see gconf-editor). That as well as the plan for dconf (writing requires dbus, reading does not). Readonly dconf has very few deps (could be used for some stage in the bootloader, forget exactly where).

A party had been planned for Friday evening, mostly to continue celebrating the coolness of Daniel Holbach. Claire understood the laziness of the crowd as 3 busses had been arranged. We went to a club called XT3. The party started off with an Ubuntu band. After they played all the numbers they knew (I would’ve enjoyed if they knew more songs), some DJ started. After that DJ stopped, Daniel Holback and someone else took over. From what I noticed, enough videos have been made. Hopefully you can get a good impression by searching for these videos on Youtube and Google.
At 1.00 AM they arranged a bus to bring everyone back to the hotel. Together with Andre Klapper I decided to stay and party on (after the bus left we noticed we had been the almost only ones to make that choice). We stayed until they kicked us out of the club. This might sound awesome, but unfortunately it happened around 1:30 AM. After that we decided to partly walk back to the hotel and take the public transport as soon as we had enough. We eventually arrived at the hotel at around 3:00 AM (long time to get there was on purpose). Learned later that almost everyone was drunk there, according to a study done by the Shuttleworth Research Centre. Did not notice that such research was taking place; must have been all those people filming the party.
In the morning I woke and got up around 9.30, leaving just enough time to get down and eat some breakfast. I even saw Andre there. Walked to the subway station together with Christian Kellner, Pedro Villavicencio Garrido and Andre Klapper.

After landing at Amsterdam (Schiphol), I took a train which passed Amsterdam Arena. This was around the time as the start of some sing-along concert. Meaning: fully packed train. I thought they were all to accompany me :-(

Bad things during UDS:

  • No icecream deathmatch
  • Unsuccessful in making the stewards laugh while explaining the security stuff. My successful laughs still stands at 2. I did hate them for cheating on the way back, as the instructions consisted of a movie.
  • Didn’t always understand what a talk would be about. This seemed to be mostly caused by my non-use of Debian/Ubuntu.
  • Way too much Menthos was available.
  • Vuntz had loads of green tshirts at his home, but brought none to UDS. Evil!
  • Forgot to make time for a GNOME release team interview (video)
  • Seeing clock show 20+ degrees celcius.. but that was the Netherlands, not Prague (rain, cold, etc). Seems that you can only show another weather location in the panel by changing the (system?) timezone, which I didn’t want to do.
  • Something to do with an ambush of out of context quotes, behind the scenes data gathering, etc. Didn’t attend, but consider such behaviour impolite (very difficult to respond to such things without having context or something other than stuff happening months ago). From what I heard it resulted in a very long discussion, instead of being rescheduled to some other time (meaning: not at UDS). Note: I wasn’t there, just my opinion based on hearsay. I’m on Planet GNOME, not Ubuntu, so adding a comment regarding the issue itself is not constructive.
  • Same for some other discussions (appeared to me as bike shed). Thankfully I had my laptop and working wifi.

Other random bits:

  • Reached a ratio of 32 for the KDE 4.1 alpha movies. Not much higher than before UDS, so I stopped seeding that
  • Have UDS t-shirt.
  • Vuntz is too skilled in kicking people from a channel
  • Liked the wrapup. Basically an honest discussion about things to improve to make the Summit better
  • Seems people believe whatever a channel topic says. This caused some harassment (joking!) towards desrt. I’m so going to love /topic :)

PS: Canonical asked if people would blog about the event. I’m doing this because I think it is a good idea, to remember all the things from last week and to let GNOME people know what I did there.

Bzr mirror of GNOME

John Carr has setup a Bzr mirror of all GNOME repositories. Details are available on the wiki. Most GNOME modules are available via Launchpad, but that one doesn’t allow you to commit to SVN (IIRC). The mirror by John Carr does allow commits. For this all to work you’ll need latest Bzr and bzr-svn.

Copy/pasting the instruction:

Usage:
We’ll create a project folder for your module which can house multiple branches. The branches will share revisions to save disk space.

cd ~/
bzr init-repo --rich-root-pack cheese
cd cheese/
bzr branch http://gnome.unrouted.co.uk/cheese/trunk

If you want to get the latest stuff:

cd ~/cheese/trunk
bzr pull

If you need something that hasn’t made it to the mirror yet, you can pull directly from GNOME SVN:

cd ~/cheese/trunk
bzr pull http://svn.gnome.org/svn/cheese/trunk

When you have some changes that are in your trunk branch, but not in SVN, you can push:

cd ~/cheese/trunk
bzr push svn+ssh://username@svn.gnome.org/svn/cheese/trunk

Note: If someone wants to setup a git mirror, contact me. I can grant rsync access to speed up the conversion. Regarding the Bzr mirror: It is all John Carr. For praises and more, contact him.

Non-working GNOME SSH keys

Read this if you have a GNOME (ssh) account and it isn’t working and you want to know why.

Due to Debian security issue we’ve locked down the machines for public key authentication. See the announcement by Guilherme de S. Pastore to devel-announce-list. Please ensure you’re subscribed to that list (as we expect people to be)! Generally announcements are spread via Planet GNOME as well, but that is more of an extra service.

Please contact accounts@gnome.org if you have either:
* Used a DSA key on a Debian/Ubuntu machine affected by the security issue
* Generated a DSA/RSA key on an affected Debian/Ubuntu machine

Note: If you have a DSA key generated on a non-Debianb/Ubuntu (e.g. Red Hat) distribution (or whatever) and used it on a affected Debian/Ubuntu machine (meaning: ssh’ed from that machine, not to such a machine), you are affected as well. So please replace your key in such cases as well.

Current plan: We’ll (well, Owen) remove all blacklisted SSH keys that we can find and inform affected people. This to avoid greatest security issues. Not sure yet what we’ll do about the DSA keys (they could be compromised now or in future whenever they’re used on an affected Debian/Ubuntu machine).

Closing: I’m unfortunately way too busy to really help the sysadmins working on this.. plus the accounts people replacing the SSH keys. Thanks to everyone who’s helping.

Check if your ssh key is safe

Because not everyone will follow the security announcements of Debian very closely and as I love copy/pasting.

Debian has discovered a serious issue with openssl, that means your ssh key can be less secure than you expect.

Details at: http://wiki.debian.org/SSLkeys

What does it mean for GNOME? If you have a GNOME account, you need to check if you are hit by this bug, read the wiki page carefully and take appropriate action.

If you change your key, send the public part of it to accounts@gnome.org and do not forget to mention your username.