All posts by Olav Vitters

Storing passwords safely on Linux

I wanted an easy way to store the different logins and passwords for various sites. I prefer something which is really secure and is not automatically accessible/unlocks when I login. Tried using Seahorse (eventhough it will unlock the keyring on login), but it seemed to lack a userid field. Storing such info in the comments feels not right to me. Plus, sometimes I want to store a bit of extra information (stuff like secret question + answers.. I find them insecure and prefer to just put another password there).

Initially I looked at Console Password Manager, but unfortunately Mandriva didn’t have a package for it. Further, development seemed to have stalled a bit.

I’ve settled now on a GnuPG plugin for Vim. Really easy to use, plus I can access it easily via SSH. Only drawback is that it will show all the passwords when I unlock/edit the textfile, ideally Vim should fold everything and so I can unfold the password I need at that time.

Mageia — Fork of Mandriva

I was pretty unhappy with what was going on at Mandriva. Many (all?) employees were fired, etc. At GUADEC I was told to wait a bit before switching distributions (assume they were planning the fork). I still investigated other distributions, but didn’t switch yet.

Anyway, noticed today that a lot of people from the distribution and former employees are forking Mandriva as Mageia. The name will again will take me a few years to get used to, but happy to see the independence. Loads of people are already offering their help. Pretty awesome to see this happen.

Fun with Inkscape

August 2010 using Inkscape calendar extension
August 2010 using Inkscape calendar extension and a patch I wrote to optionally show week numbers

The calendar extension is written in Python :) Most difficult part was trying to find out what the minimum Python version Inkscape supports. Eventually I had to ask the devs and seems there isn’t anything written down (not even configure.ac). Relying on 2.5 was acceptable though.

Upstream

I think it is interesting to take GNOME and experiment with it. It might result in some really nice new insights. Still, calling such changes ‘upstream’ is completely wrong. That is not what has been done. Just be honest about what you are doing. I don’t think everyone has to work upstream, even if such experiments are not ideal as seen from a upstream/release-team perspective (as in: the more people working on GNOME, the better :) ). I just hope that with this misrepresentation they’re not forgetting the maintenance costs (if you create something new, very likely you’ll have a big share of the maintenance for a long time or in short: no codedumps please). Anyway, let’s see what a different view will bring!

Changing distributions: openSUSE?

Due to everything that has happened at Mandriva, I guess it is time to switch distributions. I have no idea when I made the switch to Mandriva, but I know for certain I’ve used it for the last 5 years. This means I am very used to my distribution. I’m currently investigating what distribution to switch to. At the moment I’m considering Fedora and openSUSE.

I appreciate a distribution which appreciates a non-active person. In all these years I mainly enjoyed the work that others put into Mandriva. Still, I did triage in the Mandriva Bugzilla for a while, contributed the occasional package, submitted some bugreports and occasionally (more like very rarely) joined the development discussion. Whenever I did help, it always resulted in a positive impression.

Things I look for are:

  • Minimal amount of patches applied to GNOME
    So Ubuntu is out
  • Good binary packages for x86_64 (no source distribution)
  • Ideally libraries should be packaged as lib64 / lib. So not part of the main package. Makes it cleaner to compile using jhbuild
  • Ideally a good split between x86_64 and ‘i386′, making it easy to have mix and match.
  • Ideally rpm based
    This as I’ve used rpm for a long time.
  • Ability to run latest unstable GNOME version preferably within hours of the tarball release using packages (so no jhbuild/GARNOME solution)
  • Ideally able to run the development version of the distribution
  • Ideally packages are available quickly after the upstream release
    I like to have the package within hours after the packager uploaded it. Requires a quick mirror, enough packagers and continuous release of new packages (not e.g. synced 1-2 times/week). Distribution/development freezes are fine if limited to 2 times a year.
  • External but nicely supported repository which has the more difficult (patented, etc)software (mp3, x264, etc)
    PLF handles this perfectly for Mandriva.
  • I need the nvidia binary driver
    Mandriva uses DKSM for this. It automatically (re)compiles the driver, sets up something using alternatives, etc. Totally painless, even with kernel upgrades, etc.

I’ve been looking into Fedora and openSUSE as I am pretty used to rpm. Ubuntu is out of the question due to the big changes it has compared to GNOME. I haven’t completed any analysis yet. I currently have the following impression regarding openSUSE

  • Lots of meaningless discussion in the development mailing lists
    Mandriva development mailing lists almost solely talk about actual development (well, until the latest financial troubles). Compared to this, openSUSE has loads of meaningless posts.
  • Difficult to determine if GNOME is just not the focus (which is fine, hopefully results in less differences compared to upstream) or that the distribution is actively hostile towards GNOME desktop
    Seems a bit hostile when reading various discussions within the mailing lists and when judging previous decisions. Especially amazed to read discussion which is intended to change what people like to work on (e.g. have people switch from GNOME to another desktop) / quantify the amount of help a distribution receives overall. Gives a really bad impression (not appreciative). Mandriva was never seen as a GNOME distribution, but it always worked perfectly and it was well supported.
  • Development version is available. It is called Factory
  • Development packages (Factory) are released when approved by the package maintainer(s)
  • For e.g. GNOME it is possible to run a GNOME:Factory branch and get the upstream packages very quickly
  • Packages always need to be approved by maintainers (even in these branches)
    With Mandriva I got the impression that it was more free-for-all (aside from stuff like the kernel and Mozilla). Sort of how git.gnome.org works (if you know what you’re doing you’re able to do whatever you want).
  • No idea regarding mp3/x264 driver
  • No idea regarding nvidia driver
  • Vuntz helps out here. So hopefully easier to be able to request changes (Mandriva responses towards bugs was overall a very positive experience)

PS: Above is my impression looking into openSUSE for the first time. And when I talk about Mandriva I usually mean the distribution (paid + volunteer contributors+developers), not just Mandriva the company.

Dear Seif

If you want to be a board member, I highly recommend communicating in a different way than what you’ve done now. Anyway, just read the comment by Diegoe, I think it is pretty clear. In addition to that comment, there is no todo-list which guarantees a module will be accepted, though there are things what we look at.

Anyway, you seem to be looking for an argument. I thought we were clear beforehand and afterwards. You seem to be misinterpreting things. Please read the statements carefully and without prejudice. If you have questions after that, ask me privately and I’ll explain my reasoning.

PS: I think you’re being very rude by suggesting that Canonical could be a possible reason.

IPv6

I wasn’t aware before, but it actually is pretty easy to setup IPv6 (using a 6to4 tunnel) on a distribution which uses initscripts (Fedora, Mandriva, probably others). See http://linux.yyz.us/ipv6-fc2-howto.html for the full details.

So if your ISP doesn’t do IPv6:

  1. Add the following to /etc/sysconfig/network:

    NETWORKING_IPV6=yes
    IPV6_DEFAULTDEV=tun6to4
  2. Add the following to /etc/sysconfig/network-scripts/ifcfg-eth0:
    IPV6INIT=yes
    IPV6TO4INIT=yes
  3. /etc/init.d/network restart

Note: If you have a firewall you probably want to review these rules. See above URL in those cases. I still noticed that connections to sites use IPv4 by default (even when IPv6 is available). The reason and solution is described at: http://wahjava.wordpress.com/2007/12/13/unable-to-view-ipv6-site-over-6to4-connection-in-firefox/. Initscripts also has some documentation. On my distribution it is available at /usr/share/doc/initscripts/ipv6-6to4.howto.

Thanks to Tomas Ă–gren (one of the ftp.acc.umu.se/ftp.gnome.org admins) for suggesting this.

For the GNOME infrastructure, most machines are hosted by Red Hat. They’re at least a year away from providing IPv6 (it is also not a high priority unfortunately). Above solution is fine for me, but not something good enough for the GNOME infrastructure (don’t want to rely on an unknown for the IPv6 connectivity of GNOME.org).

Spam from companies who should know better

Had to approve a email message to foundation-list. Noticed a spam message in the queue from WebEx. Already knew that company, but apparently it is (now?) owned by Cisco. Anyway, there is no excuse for sending this to foundation-list.

The email ends with a sad:

This email may be an advertisement or solicitation. If you do not wish to receive marketing messages from WebEx, please select this link for removal.

Wonder what other solutions like WebEx exists. This as the company I work for unfortunately is a customer of WebEx. :(