The Gulash Programmier Nacht (GPN) took place in Karlsruhe, Germany. The local subsidiary of the Chaos Computer Club organised that event, which apparently took place for the 14th time. So far, I wasn’t able to attend, but this time I made it.
It’s a 200 to 300 people event, focussed at hacking, making, and talks around that. It’s very cosy and somewhat similar to the mrmcds. Most of the talks were held in German, a few in English, but I think that could easily change if there is a demand.
The conference was keynoted by tante, who talked about the political aspects of code and the responsibility every developer has. It was good to hear someone saying that you do create reality for people with the software you write and that you are indeed responsible for the view on the world the users of your software have. There were a few other interesting thoughts and I think I agree with the results of the analysis conducted to a great extent. But I think a few areas are not well covered. For example, he said that you limit the people with your software. I don’t think that’s necessarily true. If you provide your users with enough freedoms, i.e. by choosing a Free Software license, than I don’t think his argument is valid anymore.
On the more funny side, a chemist taught us about chemistry based on the stories of Walter White. It was a funny talk with many interludes of the TV series. She explained what the people in the episodes were doing and how close that is to reality. Turns out, it is quite close and at least stupid mistakes were not done.
We also learned about Perl 6. If you think Perl is ugly, he said, it’s not modern Perl. The new and shiny Perl 6 allows you to write short code while looking nice, he said. He showed some features that make it easy to write command line tools. You can simply declare an argument to your main function and Perl would expose that to the user, e.g. by presenting a help screen. It would also detect the types provided and do some magic fancy stuff like checking whether the provided argument is an existing (or empty) file.
A very interesting talk was given on the Enigma, the German crypto machine. He showed the machine that broke the crypto and now stands in Bletchley Park. He told stories about the development and operation of that machine. Very interesting indeed. Also well done on a technical level, the slides were really well done.
I was invited to give talk on GNOME. As you can see in the video, my battery didn’t even last the full 90 minutes slot I was assigned. Something is certainly wrong, either this Linux thing or my battery. Anyway, the talk itself went very well, and it was particularly well attended for that early slot. I was also positively surprised by the audience asking many questions and while I specifically asked for flames, I didn’t get that many.
It was co-hosted with FUDCon, the Fedora Users and Developers Conference. We had many attendees and the venue provided good facilities to talk about Free Software and the Free Desktop.
The venue was the Beihai University somewhat north of Beijing. Being Chinese, the building was massive in size. So we had loads of space, anyway The first day was reserved for trainings and attendees could get their feet wet with thinks like developing a GNOME application. I took part myself and was happy to learn new GNOME APIs. I think the audience was interested and I hope we could inspire a few attendees to create their next application using GNOME technologies.
I was invited to keynote the conference. It was my first time to do such a thing and I chose to give a talk that I would expect from a keynote, namely something that leads the conference and gives a vision and ideas about what to discuss during the conference. I talked on GNOME, GNOME 3, and GNOME 3.12. I tried to promote the ideas of GNOME and of Free Software. Unfortunately, I prepared for 60 minutes rather than 45, so I needed to cut off a good chunk of my talk Anyway, I am happy with how it went and especially happy with the fact that I wasn’t preaching to the choir only, as we had e.g. Fedora people in the audience, too.
We had RMS explaining Free Software to the audience and I think the people enjoyed his talking. I certainly did, although I think it doesn’t address problems we face nowadays. People have needs, as the discussion with the audience revealed. Apparently, people do want to have the functionality Facebook or Skype offers. I think that addressing these needs with the warning “you must not fall for the convenience trap” is too short sighted. We, the Free Software community, need to find better answers.
The event was full of talks and workshops from a diverse range of topics, which is a good thing for this conference. Of course, co-hosting with FUDCon helped that. The event is probably less technical than GUADEC and attendees can learn a lot from listening and talking to other people. I hope we can attract more Asian people to Free Software this way. I am not entirely sure we need to have the same setup as with GUADEC though. With GUADEC, we change the country every year. But Asia is about ten times larger than Europe. In fact, China alone is larger than all of Europe. It makes it somewhat hard for me to justify the moving around. We do need more presence in Asia, so trying to cover as much as possible might be an approach to attract more people. But I think we should investigate other approaches, such as focussing on an annual event in one location to actually create a strong Free Software location in Asia, before moving on. I wouldn’t know how to define “strong” right now, but we have absolutely no measure of success right now, anyway. That makes it a bit frustrating for me to pour money over Asia without actually seeing anything in return.
Anyway, Beijing is fun. We went to see the Great Wall and enjoyed the subway
I would like to thank the organisers for having provided a great place us, the Free Software community, to spread the word about the benefits of free computing. I would also like to thank the GNOME Foundation for enabling people like me to attend the event.
The initial boot took a while. Apparently it changed something on the pendrive itself to expand to its full size, or so. The installation was a bit painful and, at the end of the day, not successful. The first error I received was about my username being wrong. It told me that I must only contain letters, digits, and other things. It did not tell me what was actually wrong; and I doubt it could, because my username was very legit. I clicked away the dialogue and tried again. Then it worked…
When I was asked about my partitioning scheme I was moderately confused. The window didn’t present any “next” button. I clicked the three only available buttons to no avail until it occurred to me that the machine has a wide screen so the vertical space was not sufficient to display everything. And yeah, after moving the window up, I could proceed.
Anyway, I found my way to proceed, but when attempting to install, YaST received “system error code -1014” and failed to partition the disk. The disk could be at fault, but I have reasons to believe it was not the disks fault:
Apparently something ate all the memory so that I couldn’t even start a terminal. I guess GNOME’s system requirements are higher than I expected.
I attended LinuxTag 2014 in Berlin. The event reinvented itself again, after it lost attraction is the recent years. We, GNOME, couldn’t even get enough volunteers to have a presence there. In Berlin. In perfect spring time. Other projects were struggling, too. For this year, they teamed up with re:publica and AndroidCon. The venue changed and the new format of the event made it more attractive and made a good number of people attend.
The venue was “Die Station“, apparently used by those Web people for their Web conference for a couple of years now. It has much more character than the expo in the west where LinuxTag used to be located. But it’s also a bit too unpolished to have a proper conference there. It’s very nice for the fair or expo part of LinuxTag, but not so nice for the conference part. The problem is the rooms. The infrastructure does not really allow for a nice conferency feeling. E.g. many plastic chair made the seats for the audience, the rooms were right next to each other and not sound proof so that you could hear the other talk from the other room. Some lecture halls were actually not really separated from the corridor, so people were walking by and making noise. As for the noise: Except for two big stages, the audio was really bad. I can’t really tell why, but I guess nobody actually tested whether the microphones would sound alright…
While I was grateful to be invited to give a talk on GNOME, I think someone in the organisation team didn’t like me The conference party started at 18:00 that day and my talk was scheduled for the last slot at 21:30. So I had to compete with the beer outside and other talks in the slot that I wanted to see myself. At least I only had very motivated people in the audience
The LinuxTag deserves its name as it’s unusually kernel focussed for a “normal user” event. As in depth kernel session do not necessarily make sense for the every day computer user, teaming up with DroidCon seemed promising. But the two events were too separated. I actually have not seen any schedule for the DroidCon. And I couldn’t find a joint schedule anywhere on the Internet nor in the venue itself. I don’t think it’s bad intentions, though. It’s probably due to lacking resources to pull it off. A big thank thank you to the organisers. I think it’s an important event that connects many people, especially those from the Industry with the Community. Keep rocking, guys.
The first thing that impressed me was Dubrovik. A lovely city with a walled old town. Even a (rather high) watch tower is still there. The city manages to create an inspiring atmosphere despite all the crowds moving through the narrow streets. It’s clean and controlled, yet busy and wild. There are so many small cafés, pubs, and restaurants, so many walls and corners, and so many friendly people. It’s an amazing place for an amazing conference.
The conference itself featured three tracks, which is quite busy already. But in addition, an unconference was held as a fourth track. The talks were varying in topic, from community management, to MySQL deployment, and of course, GNOME. I presented the latest and greatest GNOME 3.12. Despite the many tracks, the hallway track was the most interesting one. I didn’t know too many faces and as it’s a GNU/Linux distribution conference which I have never attended before, many of the people I met had an interesting background which I was not familiar with. It was fun meeting new people who do exciting things. I hope to be able to stay in touch with many of them.
The conference was opened by the OpenSuSE Board. I actually don’t really know how OpenSuSE is governed and if there is any legal entity behind it. But the Board seems to be somehow elected by the community and was to announce a few changes to OpenSuSE. The title of the conference was “The Strength to Change” which is indeed inviting to announce radical changes. For better or worse, both the number and severity of the changes announced were limited. First and foremost, handling marketing materials is about to change. A new budget was put in place to allow for new materials to be generated to have a much bigger presence in the world. Also, the materials were created by SuSE’s designers on staff. So they are considered to be rather high quality. To get more contributors, they introduce formalised sponsorship program for people to attend conferences to present OpenSuSE. I don’t know what the difference to their Travel Support Program is, though. They will also reimburse for locally produced marketing materials which cannot be shipped around the world to encourage more people to spread the word about OpenSuSE. A new process will be put in place which will enable local contributors to produce materials up to 200 USD from a budget of 2000 USD per quarter. Something that will change, but not just yet, is the development and release model. Andrew Wafaa said that OpenSuSE was a victim of its own success. He mentioned the number of 7500 packages which should probably indicate that it is a lot for them to handle. The current release cycle of 8 months is to be discussed. There is a strong question of whether something new shall be tried. Maybe annual releases, or even longer to have more time for polish. Or maybe not do regular releases at all, like rolling releases or just take as long as it takes. A decision is expected after the next release which will happen as normal at the end of this year. There was an agreement that OpenSuSE wants to be easy to contribute to. The purpose of this conference is to grow the participants’ knowledge and connections in and about the FLOSS environment.
The next talk was Protect your MySQL Server by Georgi Kodinov. Being with MySQL since 2006 he talked about the security of MySQL in OpenSuSE. The first point he made was how the post-installation situation is on OpenSuSE 13.1. It ships version 5.6.12 which is not too bad because it is only 5 updates behind of what upstream released. Other distros are much further away from that, he said. Version 5.6 introduced cool security related features like expiring passwords, password strength policies, or SHA256 support. He urged the audience to stop using passwords on the command line and look into the 5.6 documentation instead. He didn’t make it any more concrete, though, but mentioned “login paths” later. He also liked that the server was not turned on by default which encourages you to use your self-made configuration instead of a default one. He also liked the fact that there is no pre-packaged database as that does not configure users that are not very well protected. Finally, he pointed out that he is pleased to see that no remote access is configured in the default configuration. However, he did not like that OpenSuSE does not ship the latest version. The newest upstream version 5.6.15 not only fixes around 25 security problems but also adds advanced AES functionalities such as keys being bigger than 128 bits. He also disliked that a mysql_secure_installation script is not run after installation. That script would put random passwords to the root account, would disallow anonymous access, and would do away with empty default passwords. Another regret he had was that mysql_config_editor is not packaged. That tool would help to get rid of passwords in scripts using MySQL by storing credentials in encrypted files. That way you would have to protect only one file, not a lot of scripts. For some reason OpenSuSE activates the “federated plugin” which is disabled upstream.
Another weird plugin is the archive plugin which, he said, is not needed. In fact, it is not even available so that the starting server throws errors… Also, authentication plugins which should only be used for testing are enabled by default which can be a problem as it could allow someone to log in as any user. After he explained how this was a threat, the actual attack seems to be a bit esoteric. Anyway, he concluded that you get a development installation when you install MySQL in OpenSuSE, rather than an installation suited for production use.
He went on to refer about how to harden it after installation. He proposed to run mysql_secure_installation as it wouldn’t cause any harm even if run multiple times. He also recommended to make it listen on specific interfaces only, instead of all interfaces which is does by default. He also wants you to generate SSL keys and certificates to allow for encrypted communication over the network.
Even more security can be achieved when turning off TCP access altogether, so you should do it if the environment allows it. If you do use TCP, he recommended to use SSL even if there is no PKI. An interesting advice was to use external authentication such as PAM or LDAP. He didn’t go into details how to actually do it, though. The most urgent tip he gave was to set secure_file_priv to a certain directory as it will restrict the paths MySQL can write to.
As for new changes that come with MySQL 5.7, which is the current development version accumulating changes over 18 months of development, he mentioned the option to log to syslog. Interestingly,
a --ssl option on the client is basically a no-op (sic!) but will actually enforce SSL in the upcoming version. The new version also adds more crypto functions such as RANDOM_BYTES() which interface with the SSL libraries. He concluded his talk with a quote: “Security is like plastic surgery. the more you invest, the prettier it gets.”.
Michael Meeks talked next on the history of the Document Foundation. He explained how it used to be in the StarOffice days. Apparently, they were very process driven and believed that the more processes with even more steps help the quality of the software they produced. He didn’t really share that view. The mind set was, he said, that people would go into a shop and buy a box with the software. He sees that behaviour declining steeply. So then hackers came and branched StarOffice into OpenOffice which had a much shorter release cycle than the original product and incorporated fixes and features of the future version. Everyone shipped that instead of the original thing. The 18 months of the original product were a bit of a long thing in the free software world, he said. He quoted someone saying “StarDivision a problem for every solution.”
He went on to rant about Contributor License Agreements and showed a graph of Fedora contributions which spiked off when they dropped the requirement of a CLA. The graph was impressive but really showed the number of active accounts in an unspecified system. He claimed that by now they have around the same magnitude of contributions as the kernel does and with set a new record with 3000 commits in February 2014. The dominating body of contributors is volunteers which is quite different when compared to the kernel. He talked about various aspects of the Document Foundation like the governance or the fact that they want to make it as easy to contribute to the project as possible.
The next talk was given on bcache by Oliver Neukum. Bcache is a disk cache which is probably primarily used to cache rotational disks with SSDs. He first talked about the principles of caching, like write-back, write-through, and write-around. That is, the cache is responsible for writing to the backing store, the cache places the data to be written in its buffer, or write to the backing storage, but not the cache, respectively. Subsequently, he explained how to actually use bcache. A demo given later revealed that it’s not fool proof and that you do need to get your commands straight in order to make it work properly. As to when to actually use Bcache, he explained that SSDs are cool as they are fast, but they are small and expensive. Fast, as he continued, can either mean throughput or latency. SSDs are good with regards to latency, but not necessarily with throughput. Other, probably similar options to Bcache are dm-cache, but it does not support safe writes. I guess that you cannot use it if you have the requirement of a write-through or write-around scenario. A different alternative is EnhanceIO, written originally by Facebook, which keeps hash structure of the data to be cached in RAM. Bcache, on the other hand, stores a b-tree on the SSD instead of in the RAM. It works on block devices, so anything goes. Tape drives, RAIDs, … It places a special superblock to indicate the partition is a bcache partition. A second block is created to indicate what the backing store is. Currently, the kernel does not auto detect these caches, hence making it work with the root filesystem is a bit tricky. He did a proper evaluation of the effects of the cache. So his statements were well founded which I liked a lot.
It was announced that the next year’s conference, oSC15, will be in The Hague, Netherlands. The city we had our GUADEC in, once. If you have some time in spring, probably in April, consider to go.
I am at the LGM in Leipzig. The venue, the university of Leipzig, is amazing. Infrastructure is optimal and rooms are spacious enough. The organisers have also made sure that the weather is great
I’ve never attended an LGM and I regret not having visited one earlier. It’s a cosy event with around 200 people from various parts of the world and from various projects. I am glad to have met a few great minds that I could exchange ideas with.
One of the highlights, so far, for me was the open movie night which showed movies which were either created using Free Software or at least licensed freely. Everybody knows tears of steel or big buck bunny. I was surprised by the long list of movies I didn’t know. Many of them were really good! So good that I can’t even select my favourite. My personal top three movies are, however, Mortys, which I consider to be a good mix of drama and comedy:
Mac n Cheese movies are definitely more on the action side of things, well worth watching:
These movies are, as far as I am aware, licensed under CC-BY-NC-ND. So very restrictive. Much more liberally licensed videos are the Caminandes videos.
I show many more very great videos, but I’ll just link to them here: Parigot, which I’d say is an action comedy. The Forest, definitely worth watching, also as artsy as the Palmipedarium. Camanchango is also interesting, more dramaesque, well animated. Happy Hour has some interesting effects, more on the humorous side.
There are so many great free movies. Is there any database like web site that lists and ranks free movies?
If you know, or if you just want to talk about GNOME, come and find me at LGM
For our booth at FOSDEM we had some hardware to show off the latest and greatest GNOME. I brought the tablet I got from the Desktop Summit. In order to prepare it I installed Fedora 20 which comes with a nice and shiny installer. I found a few issues and glitches and will present then them in the course of this post.
Some incoherences exist. One of them is that it shows the “Next” button on the bottom right. Which is what I’d expect. But sometimes it also asks the user to press a button on the upper left. I didn’t even remotely expect having to press a button on the “back” side of the screen in order to continue installation.
It was very nice though that it seems to offer installation along an existing operating system *and* full disk encryption. The Ubuntu installer can install you a fully encrypted system nicely, but only if you install Ubuntu on the whole disk. The Fedora installer seems to manage that nicely.
As it seems to be normal nowadays, installation starts even though you haven’t provided all the necessary information yet. That is very convenient and have a much fast installation experience.
Another coherence issue is on the user dialogue. I can actually guess what the thinking was when designing these menus. You have this “overview” screen as seen above and then you “dive” into the sub menus. I expected a more linearly following set of menus. Why would I need return to the overview menu at all? I claim that it is much easier to just continue, not to go forth and back… Anyway, a real bug is visible: Mnemonics are not formatted properly.
The user dialogue, while being at it, seemed to have forced me to enter a strong password. I just wanted to install a system for a demo machine. Probably not the usual usecase, but annoying enough if it doesn’t work smoothly. I think I found out later that I needed to double press the “Next” button (labelled “done” and being placed in the area of the screen where I’d expect “back” buttons to be).
Turns out, that the same thing happened with the root password, which really annoyed me. Especially as the soft keyboard doesn’t really allow for convenient input of complicated characters.
But then I discovered something. On the very bottom there something weirdly coloured. It was a notification for the current menu. Why on earth complain about the password I’ve entered on the very bottom when the widget is on the very top? That was surprising and confusing. Plus, the warning itself was not very visible due to the onscreen keyboard obstructing the view. So I guess it’d be smarter to not have the warnings there.
Anyway, I was pleasantly surprised how smooth the installation experience was. It could, of course, have been better, but all in all it was quite good. I finished in less than half and hour. Too bad that I didn’t know that neither Eye of GNOME nor Epiphany were installed by default.
It is this time of the year again *yay*. The biggest and greatest Free Software conference took place in Brussels, Belgium. It’s good to see all those interested and passionate people care about Free Software. I hope that the (intellectual) gravity of the people gets more people interested and strengthens our communities. In fact, I feel it was one of the better FOSDEMs so far. Maybe even the best. We, GNOME, had a hand full (not kidding) of new members of our communities staffing the booth or just being available. I was very please to see new faces and to identify them as people who were very committed to Free Software and GNOME.
As indicated, we, GNOME, had a booth and a fun time entertaining people stopping by. With the help of many volunteers, we presented our most recent GNOME release, sold some t-shirts, and discussed our future ideas. It’s not necessarily a venue to convince people to use Free Software, or even to use GNOME. But I have the feeling we manage to get both messages across. Bar one case in which an unlucky fellah was angry about everything and especially that this Linux 20 we had installed wouldn’t ship Emacs by default. Other than that we showed people how cool the GNOME Shell extensions are, how to quickly launch applications, or how to access the notification area quickly. Or, yes of course, how to suspend. Or to shutdown…
I also had the pleasure of being interviewed by an Irish dude who produced episodes for Hacker Public Radio. I didn’t know about that but it seems to be a cool project. I don’t know when it will go live or whether it actually has been published already.
We also had panel with the governing bodies of GNOME and KDE. The intention was to debunk some myths and to make the work more visible. I was on the Panel (on behalf of GNOME) with Kat (from GNOME…) and Lydia from KDE. She was joined by Cornelius who serves on the KDE board for more than 9 years. We were lamenting about various aspects of our work such as where does money come from, where does it go to, what are the processes of getting rid of the money. But also why we were doing that, why we think it is important and what achievements we are proud of. Our host, Paul, was a nice and fun guy and did his job very well. I think it was a successful event. It could probably have been better in the sense that we could have focussed more on the audience and making them want to step up and take over responsibilities. But the way it went and the participation of the audience makes me happy nonetheless.
I also attended this year’s GUADEC and it was quite good. Especially because the weather was so nice. It was so burning hot that I sometimes wished it wasn’t; especially in the night… My room in the Taufer dormitories, whose service was basic at best, was heating up so heavily over the day that it took until 4 in the morning to be cool enough to be able to sleep. When opening the cold (!) water tap, the water was as warm as a mildly hot shower… But well, GUADEC is not about sleeping anyway, right?
I was kept busy with various meeting before, while and after the conference and I piled up work lasting for a few months, I guess…
The conference itself was nicely organised. The bar was set quite high last year, so I didn’t expect this year’s team to match the overall quality. And they didn’t, but they were close. The staff was helpful and professional. Issues were dealt with promptly and quite well. I hope, again, that the knowledge gained can be transferred to future GUADEC organisers.
As for the talks, I couldn’t follow many of them. The ones I have seen were mostly great. We had (too?) many keynotes which were generally interesting. Too bad the crowd didn’t notice it was trolled by Ethan Lee. He is a game developer who ported games to Linux. The message was poor and I doubt we, GNOME, profited from this keynote. The next keynote was given by the CEO of Endless Mobile, a company which tries to leverage the potential of the “middle of the pyramid” to get the next billion users and “get 50% of the market share”. The idea is to bring a cheap enough, but also elegant enough device to the people who can afford a 40 inch TV (via loans) but not a PC. As they want to sell ARM devices, he asked us to make GNOME run better on ARM chips. Cathy Malmrose, CEO of computer manufacturing company zareason, was keynoting the last day. The company puts only GNU/Linux systems on their machines before shipping them to customers. The computers they sell range from desktops over laptops to tablets. She told us that we were quite well positioned, because GNOME was so easily usable by people who don’t have much or any experience with computers. That was very refreshing and I am happy that she told us that we were doing very well. She was opening a perspective many of us probably didn’t think about before. She was really enthusiastic about Free Software and my feeling was that she cared more about the Freedoms than many of the participants.
Other talks by members of the GNOME community were lively and one the most enjoying talks was given by the sysadmin team. It was nice to be able to applaud for them in person, because they are doing such a great job.
There were Twitter walls (hehe) in every room (supposedly made with QML) and I found it to be mainly distracting while at the same time not very informative. The news running over it were mostly not worth the electricity they consumed.
I’m so excited. I’ve just pushed the last update to the current Friends of GNOME banner. We received donations worth 20000 USD to make GNOME more secure and privacy aware. It’s so awesome to see so many individuals donating to make GNOME better for them and ultimately for all of us.
We got 250 one-off payments and roughly 650 periodic payments from payment plans over the last 7 months. During that period, 52 payment plans were created with the average amount of 10 USD per month (the default setting). However, 51 plans were cancelled The one-off payments were worth 17600 USD and hence the average donation was about 70 USD.
Depending on how you do the math, the cost of taking the one-off donations was between 3.3% and 4.4%. I find that number surprisingly low, probably because I still can’t make sense out of PayPal’s fee structure. But there are probably some hidden fees that turn up once you actually want to do something with the money, i.e. have it wired somewhere.
A very big “Thank You” to all the donors who generously allow us to continue our mission to produce a Free Software desktop for everyone. You guys rock. Seriously.
The newGNOME board, which is already serving since the beginning of this month, will meet during GUADEC and probably call for bids some weeks later.