Talking at GUADEC about defending against USB-borne attacks

Ouf, long time no blog. Sorry about that. Life is.. busy these days. One of my occupations has been to defend against USB-borne attacks, as mentioned before. Probably the most known is the BadUSB attack which masquerades as a mass storage device but also is a keyboard. Then, the device would inject keystrokes which hack your machine. This class of attacks is difficult to defend against, because the operating system can hardly determine whether the user did indeed want to plug a device with those capabilities in. There is another class of attacks, though, which is a bit easier to defend against, I think. That other class is based on buggy drivers which the malicious USB device pulls in. So once you attach your device, the host’s kernel will look for the appropriate driver and let it speak with the device. That’s very convenient because it makes devices just work. However, certain drivers might not be of the same quality than others and there have indeed been cases which allow a malicious USB device to interact with a bit-rotten driver which in turn led to fatal consequences.

I have been thinking a lot about how to defend against either class of attacks. You can easily come up with various solutions based on pop-ups interrupting the user and authoring the device before it will be ready for use. Or with a policy-based solution that requires you to generate a firewall-like description of what the machine is allowed to do. Or a mixture of those two attempts. And that’s what has been done, already. Arguably, none of these solutions has been successful, as I am not aware of any built-in protection scheme for any major operating system. The reason, I believe, is that users expect things to just work and once you make it not work, users get grumpy. So the challenge is to unfold protection capabilities without changing the users’ experience.

The short version of our approach is that we are trying to be smart about the user’s intent. That is, if the screen is locked, then we block the device. If a new keyboard is present and it tries to perform “dangerous” actions, we block them. Of course, you may very well expect that device to work when the screen is locked or the new keyboard to perform actions deems dangerous. This is why is make sure you have a way to opt out of the mechanism and continue to enjoy your GNOME experience. Almost all credits go to Ludovico for coming up with a set of patches as well as following up to make sure we can get it merged. Our slides are here and the video of our presentation is here:

But I wanted to write more about GUADEC… This year’s GUADEC was in Thessaloniki, Greece, and I had the pleasure to be talking about the above mentioned protection. It was the end of the summer so the city was nicely warm and comfy. The coffee, juices, pastries, and other food and drinks in small shops on the streets were amazingly fresh and yummie. Arriving in Thessaloniki was okay. I’ve had better airport transfers in my life, but since there were only two buses it was hard to get lost. I needed to pay attention to the GPS, though, to find my right stop. It’s been long since I’ve slept in a bunk bed, but because we’re all GNOME people we had a good time.

The conference had a few interesting talks which can be followed on the recordings page. I enjoyed watching Daiki presenting about plans and ideas for managing credentials in a sandboxed world, Benzo talking about user sessions with systemd, and the (not recorded) one by Giannis on the impact of the GDPR. Of course, the 45 minutes or so we had for discussing all the facets of the GDPR were too short and I think that I would have focussed on other aspects such as choosing an appropriate legitimate ground, transfer to non-member states, or dealing with requests from data subjects. But it’s been a good introduction and I am happy to see non-technical topics at the conference.

Meeting friends, old and new, is really good and I have had a fantastically efficient time talking to people. It’s so much better to meet in-person and talk directly rather than via email or bug tracker.

Sponsored by the GNOME Foundation

Talking at GUADEC 2018 in Almería, Spain

I’ve more or less just returned from this year’s GUADEC in Almeria, Spain where I got to talk about assessing and improving the security of our apps. My main point was to make people use ASan, which I think Michael liked ;) Secondarily, I wanted to raise awareness for the security sensitivity of some seemingly minor bugs and how the importance of getting fixes out to the user should outweigh blame shifting games.

I presented a three-staged approach to assess and improve the security of your app: Compilation time, Runtime, and Fuzzing. First, you use some hardening flags to compile your app. Then you can use amazing tools such as ASan or Valgrind. Finally, you can combine this with afl to find bugs in your code. Bonus points if you do that as part of your CI.

I encountered a few problems, when going that route with Flatpak. For example, the libasan.so is not in the Platform image, so you have to use an extension to have it loaded. It’s better than it used to be, though. I tried to compile loads of apps with ASan in the past and I needed to compile a custom GCC. And then mind the circular dependencies, e.g. libmfpr is needed by GCC. If I then compile a libmfpr with ASan, then GCC would stop working, because gcc itself is not linked against ASan. It seems silly to have those annoyances in the stack. And it is. I hope that by making people play around with these technologies a bit more, we can get to a point where we do not have to catch those time consuming bugs.

Panorama in Frigiliana

The organisation around the presentation was a bit confusing as the projector didn’t work for the first ten minutes. And it was a bit unclear who was responsible for making it work. In that room the audio also used to be wonky. I hope it went well alright after all.

GUADEC 2017

It’s summer and it’s GUADEC time! This year’s GUADEC took place in Manchester, England. It was surprisingly less bad for that location ;-) The organisers deserve a big round of applause for having pulled the event off. After having organised last year’s GUADEC I have first hands experience running such an event. So a big “thank you” to the team from England :)

The venue was a big and modern university and the accommodation was neatly located a few footsteps from the lecture hall. That’s especially nice for the typical English weather ;-) We got to live in the student dorms and I’m a bit jealous of today’s student to be able to live in such a comfortable place.

I attended a few talks from the list, among them was Christian Hergert reporting on The State of Builder which was a bit scattered and not very well structured for beginners like me. I guess was meant to be more of a showing off new features instead of a structured walk through the design and thoughts behind the project. I knew the project existed but I never really got around to work with it so I was a bit put off. But I took that for a good opportunity for installing the latest Flatpaked application :)

I liked Simon’s talk on enabling users to modify the software they are running. Essentially, you can click a button in the application and it’ll fire up an IDE where you can change code and hit “play” to run the new version. Amazing. Software Freedom at its best. He demoed a prototype and I think it’s got potential. I really like the idea of the user being able to tinker around easily. Especially given that the status quo is jhbuild. That’s a nice tool, but it proves to be hard for people to make good use of it. I hope we will see something like this being used in the future.

Federico was telling us about the efforts to make use of the Rust language for GNOME. The gist is, essentially, that you better start with leaf functions of your app or library rather than a central function in your architecture. I then tried to find leaf functions with the help of the compiler, but I failed. I tried Egypt but I wasn’t patient enough to make proper use of the generated dot file in order to identify leaf functions. Maybe I should give cflow a try next time.

I used the BoF days to dip a little bit into Rust. It’s always helpful to have a bunch of smart hackers around. That’s what I like about these kind of events. You get to know and talk to very smart people. I also tried to catch up with my very talented student and discuss the changes we’d like to see.

Thanks to the GNOME Foundation for sponsoring my travel and to the local team for having organised a successful event!

GUADEC 2017 group photo

Pressemitteilung: GUADEC startet ab morgen in Karlsruhe

(cross posting from http://www.guadec.org which you should follow!)

Am 21.09.2016 wird das nächste GNOME Release (3.22) unter dem Namen “Karlsruhe” erscheinen. Genannt wird ein GNOME Release nach dem letzten Austrageort der GUADEC (GNOME Users And Developers European Conference). Während dieser Konferenz treffen sich jährlich zirka 200 Freie-Software-Enthusiasten zu Workshops, Vorträgen und Arbeitsgruppentreffen und arbeiten an GNOME, der Software-Lösung für alle. Dieses Jahr findet das Treffen vom 11.08. bis zum 17.08. am KIT in Karlsruhe statt.

Die Veranstaltung richtet sich sowohl an Entwickler als auch an Nutzer, und soll dazu dienen, Wissen zu erzeugen und weiter zu leiten. Wir freuen uns, die diesjährige GUADEC in Karlsruhe zu veranstalten. Karlsruhe steht für uns für einen starken wissenschaftlichen und technischen Hintergrund verbunden mit dem gewissen Etwas an Kreativität und Design. Diese Verbindung zwischen Technik und Design passt sehr gut zu dem GNOME Projekt, welches nicht nur auf technischer Seite seit Jahren neue Standards fördert, sondern auch im Bereich des User-Experience-Design innovative Wege geht.

GNOME, die Stiftung mit dem Fuß als Logo, steht für 3 Kernpunkte:

Menschlichkeit

GNOME vereint nicht nur freiwillige und bezahlte Programmierer, sondern auch Firmen und wohltätige Organisationen. Wir machen GNOME 3, ein Computersystem das einfach zu benutzen ist, in über 190 Sprachen übersetzt wurde und großen Wert auf Behindertengerechtigkeit legt. Wir entwickeln in der Öffentlichkeit und jeder kann bei GNOME mitmachen. Unsere Kommunikationskanäle stehen allen offen, der Quellcode kann frei heruntergeladen, modifiziert und weitergegeben werden.

Technologien

GNOME ist eine flexible und mächtige Plattform für Desktop- und mobile Anwendungen. Wir entwickeln Toolkits wie GTK+ oder Clutter, die Webbrowser Engine WebKitGTK+, TMMultimedia-Bibliotheken wie GStreamer, das D-Bus messaging system, oder die Pango Textrendering-Bibliothek. GNOME Entwickler gehen auch weiter und modifizieren essentielle Kern-Infrastruktur wie den Linux Kernel, systemd oder Wayland.

Popularität

GNOME 3 kann über viele bekannte GNU/Linux-Distributionen wie Debian, Fedora, OpenSuSE oder Ubuntu bezogen werden. GNOME Technologien sind der Treiber vieler Firmen wie Endless Mobile, Amazon, TiVo, Nokia, TouchTune, Garmin oder TomTom. Viele andere Firmen benutzen GNOME Komponenten kostenfrei im Rahmen der Freien Lizenz unserer Software.

Wir laden gerne zu einem Treffen oder Interview während unserer Konferenz ein. Bei Fragen steht Tobias Mueller (tobi@guadec.org oder +4915153778790) gerne zur Verfügung.

Mehr Informationen über die GUADEC und GNOME gibt es unter: http://2016.guadec.org

GUADEC 2015 in Gothenburg, Sweden

This summer, GUADEC, the GNOME Users and Developers Conference took place in Gothenburg, Sweden. It’s a lovely city, especially in summer, with nice people, excellent beers, and good infrastructure. Fun fact: Unisex toilet seem to be very popular in Gothenburg. The conference was hosted in sort of a convention centre and was well equipped to serve our needs. I guess we’ve been around 150 people to come together in order to discuss and celebrate our favourite Free Software project: GNOME.

One of the remarkable talks I attended was given by Matthias Kirschner from the FSFE presented on software freedom and how is concerned about the computer as a general purpose machine. So his talk was title “The computer as a Universal Machine”. He was afraid that the computing machines we are using become more and more special purpose devices rather than a general purpose machine. He gave examples of how he thinks that has happened, like corporations hiding the source code or otherwise limit access to change the behaviour of the computing machines we are using. Other examples were media with Digital Restrictions Management. Essentially it is about removing features instead of widening the functionality. As such, SIM locks also served an example. With SIM locks, you cannot change your SIM card when, say, you are on holidays. More examples he gave were the region code of DVDs or copy restrictions on CD-ROMs. He was also referring to the Sony CD story from a couple of years ago when they infected buyers of their CD-ROMs or the Amazon fiasco where they deleted books on their reader devices. Essentially, these companies are trying to put the user into the back-seat when it comes to take control over your devices.

While protecting the owner of the computer sounds useful in a few scenarios, like with ATMs, it can be used against the owner easily, if the owner cannot exercise control over what the machine considers trusted. A way to counter this, he said, is to first simply not accept the fact that someone else is trying to limit the amount of control you can exercise over your machines. Another thing to do, according to him, is to ask for Free Software when you go shopping, like asking for computers with a pre-installed GNU/Linux system. I liked most parts of the talk, especially because of the focus on Free Software. Although I also think that for most parts he was preaching to the choir. But I still think that it’s important to remind ourselves of our Free Software mission.

Impressively enough, you can already watch most of the Videos! It’s quite amazing that they have already been cut and post-process so that we can watch all the things that we missed. I am especially looking forward to Christian’s talk on Builder and the Design session.

I really like going to GUADEC, because it is so much easier and more pleasant to communicate with people in-person rather than on low bandwidth channels such as IRC or eMail. I could connect my students with all these smart people who know much more about the GNOME stack than I do. And I was able to ask so many things I hadn’t understood. Let’s hope there will be GUADEC next year! If you are interested in hosting next year’s edition, you should consider submitting a bid!

On my travel back I realised that the Frankfurt Airport is running Ubuntu:

I want to thank the GNOME Foundation for sponsoring my travel to GUADEC 2015.
Sponsored by GNOME!

GUADEC 2014 in Strasbourg

This year, GUADEC took place in the lovely Strasbourg in France. It was really nice to attend the conference and to hang around with people who care about Free Software. In fact, the venue itself ran Debian which was nice to see :-)

Unfortunately, I wasn’t able to attend many of the great talks as I wasn’t available for all days. And when I was, I was busy meeting people. Although it felt smaller than the last GUADEC, I think I’ve never met so many people who I wanted to talk to.

The conference offered a two-track program. Interestingly many of them looking out for a future of GNOME. John Stowers gave one of the more important talks, I think. He was describing the situation in academia. Python is very popular in the scientific computing space, he said. He was not satisfied with JavaScript being the new “default” language for GNOME applications, because the contestants are numerous and powerful. So we would compete at least against the Web and Qt. The former apparently being nice on other platforms such as Windows. GNOME’s bindings, however, were very good, he said. The technological foundation is excellent and we should leverage that potential and make people use it. However, GNOME’s story on Windows is not all too good, he said. GTK+ is becoming more and more irrelevant and even Wx appears to be as popular as Gtk. I also heard others claiming that the Windows situation is a problem. What I don’t understand is whether there are technical problems blocking easy to use ports. Apparently introspected GNOME libraries for Pyhon on Windows exist, but I don’t understand why that doesn’t do the job.

Another talk related to the future of GNOME was given byAllan Day. In order for GNOME to be successful, amongst other things, a focus on quality must be established, he said. Various ways to improve the current release process were mentioned and the audience engaged in a vivid discussion. I don’t remember the detail so I hope this will be followed up and discussed more broadly in the GNOME community.

“Why do we do desktop”, asked Matthew Garrett in his presentation. When I read that title for the first time I thought the question of the desktop becoming irrelevant was being picked up. But that was not the case. Instead, he wanted GNOME to differentiate from the existing desktops which, as he claimed, are continuing to be simple multiplexors for running several programs (such as clocks) at the same time. In contrast to existing desktop, GNOME should become the secure desktop. Other desktops, he said, would only exist in order to sell more things to the user, i.e. to tie the user to an existing ecosystem. An advantage of GNOME is it being free from corporate control. Decisions are made very transparently which enables it to focus on brining privacy and security to the user. Even if the user is not aligned with our core values and principles. As such, every user deserves as much privacy and security as we can possible provide.

Many thanks to the local team for having organised the conference. I hope next year in Gothenburg will be at least as good.

Sponsored by GNOME!

GUADEC 2013 in Brno

I also attended this year’s GUADEC and it was quite good. Especially because the weather was so nice. It was so burning hot that I sometimes wished it wasn’t; especially in the night… My room in the Taufer dormitories, whose service was basic at best, was heating up so heavily over the day that it took until 4 in the morning to be cool enough to be able to sleep. When opening the cold (!) water tap, the water was as warm as a mildly hot shower… But well, GUADEC is not about sleeping anyway, right? ;-)

I was kept busy with various meeting before, while and after the conference and I piled up work lasting for a few months, I guess…

The conference itself was nicely organised. The bar was set quite high last year, so I didn’t expect this year’s team to match the overall quality. And they didn’t, but they were close. The staff was helpful and professional. Issues were dealt with promptly and quite well. I hope, again, that the knowledge gained can be transferred to future GUADEC organisers.

As for the talks, I couldn’t follow many of them. The ones I have seen were mostly great. We had (too?) many keynotes which were generally interesting. Too bad the crowd didn’t notice it was trolled by Ethan Lee. He is a game developer who ported games to Linux. The message was poor and I doubt we, GNOME, profited from this keynote. The next keynote was given by the CEO of Endless Mobile, a company which tries to leverage the potential of the “middle of the pyramid” to get the next billion users and “get 50% of the market share”. The idea is to bring a cheap enough, but also elegant enough device to the people who can afford a 40 inch TV (via loans) but not a PC. As they want to sell ARM devices, he asked us to make GNOME run better on ARM chips. Cathy Malmrose, CEO of computer manufacturing company zareason, was keynoting the last day. The company puts only GNU/Linux systems on their machines before shipping them to customers. The computers they sell range from desktops over laptops to tablets. She told us that we were quite well positioned, because GNOME was so easily usable by people who don’t have much or any experience with computers. That was very refreshing and I am happy that she told us that we were doing very well. She was opening a perspective many of us probably didn’t think about before. She was really enthusiastic about Free Software and my feeling was that she cared more about the Freedoms than many of the participants.

Other talks by members of the GNOME community were lively and one the most enjoying talks was given by the sysadmin team. It was nice to be able to applaud for them in person, because they are doing such a great job.

There were Twitter walls (hehe) in every room (supposedly made with QML) and I found it to be mainly distracting while at the same time not very informative. The news running over it were mostly not worth the electricity they consumed.

Anyway, thanks to the local team and all the sponsors for making such a great event happen! If you have anything to say, leave your feedback on the wiki.

Sponsored by GNOME!

GUADEC 2012 in A Corunha


As so many people did, I attended GUADEC in A Conrunha *yay*. Overall, the conference was well organised. The local team was really committed and helped us a lot with all our matters. Little details like providing fruits, some sweets and chocolate for the hacking areas made everything just nice.

They also were very careful about keeping the news updated and the GUADEC website interesting. So they published interviews, photos and announcements regularly so one had an incentive to browse the website often. Very well and smartly done.

While I didn’t attend that many talks, I do think that the first keynote stood out. Jake Appelbaum gave a really inspiring talk about Tor and GNOME. He explained Tor and why it is important to provide anonymous internet access not only for wrongdoers but more so for regular people! For example, he mentioned that he had to use Tor on the venue because the WiFi would block SSH. So to get uncensored access to the network, he would use Tor. Another example was to not tell Google where you are. You authenticate with your credentials, but not from your IP, so you only share your location if you really want to. He had very clear proposals for GNOME and hope to be able to share the list soon. I, personally, would like to see us communicate very clearly, why we spy on our website users using Piwik.

The second keynote was a bit annoying, as she was referring to “open source” all the time although she really meant Free Software. Anyway, at the end of the day, I think her message was that other people exist that want a Free society and that we should not feel alone.

Between the talks, one could have a great time talking to people, especially during lunch. For not talking so much, the WiFi worked pretty well all the time. Quite amazing actually. I am also amazed by the effort people put in to things for GNOME. The locals did, i.e. put some GNOME feet stickers on the ground or hung a daily sheet on the wall to indicate today’s timetable. Daniel created an awesome Yearbook for the GSoC and OPW students and Andreas created an annual report. Thanks for working so hard on cool GNOME things!

It also happened that we had our first in person board meeting and I was very excited about that. We were quite productive during the rather long meeting. But afterwards I was quite exhausted. I guess it was the same for everyone involved. I am also quite happy to see two strong proposals for a GUADEC next year. It will be great.

Also thanks to the GNOME Foundation for sponsoring my travel to this year’s GUADEC!

I realised again, though, that I don’t like the Madrid airport and Iberia all too much. It’s a huge airport with no clear way indications, too few benches and power, and annoyingly loud and pointless passenger announcements. But well, it seems to be the cheapest in Spain…

Another huge round of “thank-yous” must be given to the i18n team. It is just incredible how they manage to cater for so many languages in usually close to no time. I have met many people at conferences or exhibitions that mentioned that if there was a success story to GNOME, it would be the translations. And the very fact that we get mails and bugreports in non english languages shows the success of the team, namely giving a very native feel to the users. To show our appreciation, we went for dinner and had a very good evening with discussions, food and wine. Again: Thanks!

PS: Here the whishlist:

Empathy should support OTR and it should be enabled by default (like adium)
I heard this so many times, I nearly stopped asking for feedback at all!
ZRTP/SRTP/TLS for all VoIP services (forward secrecy and strong crypto)
Tor controller extension for gnome-shell – why settle for only having
Vidalia?
What if we could contextually launch applications anonymously? A 'Launch
Torified' context for applications (perhaps with torsocks?)-
 NAT? Who cares? How about 'single-click file sharing over hidden services?
 Decentralized instant messaging – resist traffic analysis (Federated
XMPP HS? For extra fun add decentralized and anonymous offline message
queuing.)
 network-manager improvements:
Ability to configure wireless networks before connecting to them
VPN 'automatically connect' checkbox should work and no traffic should
leak before the VPN comes up.
 VPN connections must fail closed.	
Ability to override DNS settings for all connections.
macchanger support in network-manager
Random MAC addresses per connection or per if-up
Ability to use a Tor DNS resolver on unpriviliged port
Normal modem support
Full Tor support in NetworkManager
Think of it as a free VPN
Full Guest mode in Gnome/GDM that uses Tor by default for all network
traffic – don't just refuse to write data to the disk, refuse to write
information to the bare network too

Keysigning BoF at GUADEC

For this year’s GUADEC I like to have a place and time to do some keysigning. I think the last official Keysigning Party was held during the GUADEC in Gran Canaria. So I reserved something on the official BoF wiki, we’ll meet on 30.07 at 16:00 in Room 2.7.

To strengthen the Web of Trust we will have a small Keysigning Party. While we are unfortunately not very good at using OpenPGP, we luckily don’t need to prepare much. So there is no need to send your key to anyone or do anything else, really. We just meet up, exchange key material and convince ourselves about our identities.

Desktop Summit 2011 in Berlin

This years GUADEC^W DesktopSummit took place in Berlin. Sure thing that I attended :-) Due to loads of stuff happening meanwhile, I didn’t come around to actually write about it. But I still want to mention a few things.

It was, like always, pretty nice to see all the faces again and catch up. The venue was almost excellent and provided good lecture halls and infrastructure, although the wireless was a bit flaky and spots to sit down and get together were sparse. Anyway, I have never seen so many actual users or wannabe users. Being in the heart of Germany’s capital definitely helped to make ourselves visible. Funnily enough, I met some folks who I chatted up during LinuxTag while I was presenting GNOME. I invited them to come to the DesktopSummit and so they did \o/

There were many talks and I didn’t see most of them. In fact, I was volunteering and meeting people so I couldn’t attend many lectures. But there was nothing I regret not having seen. The ones I did see were interesting enough, but not ground breaking. There’s a good summary over here.

We tried to record the talks but for some technical reasons it didn’t work out of the box. The network was too slow and no disks were available. We convinced the guy in charge to make us buy disks which eventually got used but I actually don’t know whether the lectures will be released at all.

A nice surprise was Intel giving away ExoPCs. In return they required you to sit and listen to presentations about their Appstore thingy called “AppUp“. Apparently a technology that tries to resemble OBS (because of distributing software via the web) and .debfiles+Synaptic (because of distributing software with a native GUI) with an additional payment layer in between. But it fails big time to do so. Not only can it not build binaries out of the sources that you give it, but it also can’t track dependencies. Welcome to 2011. Needless to say that it’s heavily targeted for Windows. Double fail that you can’t build Windows software for their store thing without having a Windows platform (and development tools) yourself.

The PC itself is neat. It’s a full tablet with only one soft key. The MeeGo version that came with it was out of date and updating was a major pain in the afternoon. It involved getting a USB keyboard because the OnScreenKeyboard would of course not show up if you open a terminal. And you needed a keyboard, because you can of course not update the software with that MeeGo version. There is no software management application at all. And most certainly, Intel’s new AppUp thing is not included in the latest and greatest release. In fact, it’s not even easily installable as it involves googling for the RPM file to be manually installed. By now I talked to Intel engineers and it seems that an actual vendor is supposed to integrate their version of the AppUp thing in the rest of the OS. So Intel doesn’t see itself in the position to do this. Other weird glitches include the hardware: While the ExoPC has a rotation sensor, it would be way to boring if it worked; so it doesn’t. And the hardware turns itself off after a while. Just like that. It feels like we have at least 3 years of engineering left before we can start dreaming of being able to ship a tablet platform that is ready for a day to day use. I have to note that the content centric UI approach is definitely very handy. Let’s hope it improves by fixing all those tiny things around the actual UI.

The discussion about a joint conference was bubbling up again. Of course. The main argument against a joint conference seems to be that it is considered to slow GNOME’s development down if we meet together, because we have to give time to the other people and cannot do our own program meanwhile. There are probably many variations of that argument, including that we do not collaborate anyway, so let’s rather not invest time in a joint conference.

While I do agree that the current form of the conference is not necessarily optimal, I don’t think that we should stop meeting up together. At the end of day, multiple (desktop) implementations or technologies are just pointless duplications. So let’s rather try to unify and be a unity (haha, pun intended) instead of splitting up further. I am very well aware of the fact that it’s technically unrealistic right now. But that’s the future we endeavour and we should work on making it possible, not work against it. So we don’t necessarily need to have a fully joint conference. After all, our technologies do differ quite substantially, depending on how you look at it. But let’s give each other the opportunity to learn about other technologies and speak to the key people. We might not fully make use of these opportunities yet, but if we design the conferences in a way that the camps have enough time to handle their internal issues and before or afterwards do a joint thing, then no harm is done if opportunities weren’t taken.

Another hot topic were Copyright Assignments. There was a panel made up of interesting people including Mark Shuttleworth. The discussion was alright, but way too short. They barely had 45 minutes which made it less than 15 minutes each. Barely enough to get a point across. And well, I didn’t really understand the arguments *for* giving away any of your rights. It got really weird as Mark tried to make another point: It would be generous if a contributor donated the code to the company and the participants should take into account that generosity would be a strong factor contributors would strive for. I haven’t seen that point being discussed anywhere yet, so let me start by saying that it is quite absurd. What could be more generous than giving your code to the public and ensuring that it stays freely available?! Just to be very clear: The GPL enables you to effectively do exactly that: Release code and ensure that it remains free.

I was delighted to see that the next GUADEC will take place in A Corunha. I’d rather have gone to Prague though. But maybe the Czech team can be motivated to apply again the next time.