Talking at GUADEC 2018 in Almería, Spain

I’ve more or less just returned from this year’s GUADEC in Almeria, Spain where I got to talk about assessing and improving the security of our apps. My main point was to make people use ASan, which I think Michael liked ;) Secondarily, I wanted to raise awareness for the security sensitivity of some seemingly minor bugs and how the importance of getting fixes out to the user should outweigh blame shifting games.

I presented a three-staged approach to assess and improve the security of your app: Compilation time, Runtime, and Fuzzing. First, you use some hardening flags to compile your app. Then you can use amazing tools such as ASan or Valgrind. Finally, you can combine this with afl to find bugs in your code. Bonus points if you do that as part of your CI.

I encountered a few problems, when going that route with Flatpak. For example, the is not in the Platform image, so you have to use an extension to have it loaded. It’s better than it used to be, though. I tried to compile loads of apps with ASan in the past and I needed to compile a custom GCC. And then mind the circular dependencies, e.g. libmfpr is needed by GCC. If I then compile a libmfpr with ASan, then GCC would stop working, because gcc itself is not linked against ASan. It seems silly to have those annoyances in the stack. And it is. I hope that by making people play around with these technologies a bit more, we can get to a point where we do not have to catch those time consuming bugs.

Panorama in Frigiliana

The organisation around the presentation was a bit confusing as the projector didn’t work for the first ten minutes. And it was a bit unclear who was responsible for making it work. In that room the audio also used to be wonky. I hope it went well alright after all.


It’s summer and it’s GUADEC time! This year’s GUADEC took place in Manchester, England. It was surprisingly less bad for that location ;-) The organisers deserve a big round of applause for having pulled the event off. After having organised last year’s GUADEC I have first hands experience running such an event. So a big “thank you” to the team from England :)

The venue was a big and modern university and the accommodation was neatly located a few footsteps from the lecture hall. That’s especially nice for the typical English weather ;-) We got to live in the student dorms and I’m a bit jealous of today’s student to be able to live in such a comfortable place.

I attended a few talks from the list, among them was Christian Hergert reporting on The State of Builder which was a bit scattered and not very well structured for beginners like me. I guess was meant to be more of a showing off new features instead of a structured walk through the design and thoughts behind the project. I knew the project existed but I never really got around to work with it so I was a bit put off. But I took that for a good opportunity for installing the latest Flatpaked application :)

I liked Simon’s talk on enabling users to modify the software they are running. Essentially, you can click a button in the application and it’ll fire up an IDE where you can change code and hit “play” to run the new version. Amazing. Software Freedom at its best. He demoed a prototype and I think it’s got potential. I really like the idea of the user being able to tinker around easily. Especially given that the status quo is jhbuild. That’s a nice tool, but it proves to be hard for people to make good use of it. I hope we will see something like this being used in the future.

Federico was telling us about the efforts to make use of the Rust language for GNOME. The gist is, essentially, that you better start with leaf functions of your app or library rather than a central function in your architecture. I then tried to find leaf functions with the help of the compiler, but I failed. I tried Egypt but I wasn’t patient enough to make proper use of the generated dot file in order to identify leaf functions. Maybe I should give cflow a try next time.

I used the BoF days to dip a little bit into Rust. It’s always helpful to have a bunch of smart hackers around. That’s what I like about these kind of events. You get to know and talk to very smart people. I also tried to catch up with my very talented student and discuss the changes we’d like to see.

Thanks to the GNOME Foundation for sponsoring my travel and to the local team for having organised a successful event!

GUADEC 2017 group photo

Pressemitteilung: GUADEC startet ab morgen in Karlsruhe

(cross posting from which you should follow!)

Am 21.09.2016 wird das nächste GNOME Release (3.22) unter dem Namen “Karlsruhe” erscheinen. Genannt wird ein GNOME Release nach dem letzten Austrageort der GUADEC (GNOME Users And Developers European Conference). Während dieser Konferenz treffen sich jährlich zirka 200 Freie-Software-Enthusiasten zu Workshops, Vorträgen und Arbeitsgruppentreffen und arbeiten an GNOME, der Software-Lösung für alle. Dieses Jahr findet das Treffen vom 11.08. bis zum 17.08. am KIT in Karlsruhe statt.

Die Veranstaltung richtet sich sowohl an Entwickler als auch an Nutzer, und soll dazu dienen, Wissen zu erzeugen und weiter zu leiten. Wir freuen uns, die diesjährige GUADEC in Karlsruhe zu veranstalten. Karlsruhe steht für uns für einen starken wissenschaftlichen und technischen Hintergrund verbunden mit dem gewissen Etwas an Kreativität und Design. Diese Verbindung zwischen Technik und Design passt sehr gut zu dem GNOME Projekt, welches nicht nur auf technischer Seite seit Jahren neue Standards fördert, sondern auch im Bereich des User-Experience-Design innovative Wege geht.

GNOME, die Stiftung mit dem Fuß als Logo, steht für 3 Kernpunkte:


GNOME vereint nicht nur freiwillige und bezahlte Programmierer, sondern auch Firmen und wohltätige Organisationen. Wir machen GNOME 3, ein Computersystem das einfach zu benutzen ist, in über 190 Sprachen übersetzt wurde und großen Wert auf Behindertengerechtigkeit legt. Wir entwickeln in der Öffentlichkeit und jeder kann bei GNOME mitmachen. Unsere Kommunikationskanäle stehen allen offen, der Quellcode kann frei heruntergeladen, modifiziert und weitergegeben werden.


GNOME ist eine flexible und mächtige Plattform für Desktop- und mobile Anwendungen. Wir entwickeln Toolkits wie GTK+ oder Clutter, die Webbrowser Engine WebKitGTK+, TMMultimedia-Bibliotheken wie GStreamer, das D-Bus messaging system, oder die Pango Textrendering-Bibliothek. GNOME Entwickler gehen auch weiter und modifizieren essentielle Kern-Infrastruktur wie den Linux Kernel, systemd oder Wayland.


GNOME 3 kann über viele bekannte GNU/Linux-Distributionen wie Debian, Fedora, OpenSuSE oder Ubuntu bezogen werden. GNOME Technologien sind der Treiber vieler Firmen wie Endless Mobile, Amazon, TiVo, Nokia, TouchTune, Garmin oder TomTom. Viele andere Firmen benutzen GNOME Komponenten kostenfrei im Rahmen der Freien Lizenz unserer Software.

Wir laden gerne zu einem Treffen oder Interview während unserer Konferenz ein. Bei Fragen steht Tobias Mueller ( oder +4915153778790) gerne zur Verfügung.

Mehr Informationen über die GUADEC und GNOME gibt es unter:

GUADEC 2015 in Gothenburg, Sweden

This summer, GUADEC, the GNOME Users and Developers Conference took place in Gothenburg, Sweden. It’s a lovely city, especially in summer, with nice people, excellent beers, and good infrastructure. Fun fact: Unisex toilet seem to be very popular in Gothenburg. The conference was hosted in sort of a convention centre and was well equipped to serve our needs. I guess we’ve been around 150 people to come together in order to discuss and celebrate our favourite Free Software project: GNOME.

One of the remarkable talks I attended was given by Matthias Kirschner from the FSFE presented on software freedom and how is concerned about the computer as a general purpose machine. So his talk was title “The computer as a Universal Machine”. He was afraid that the computing machines we are using become more and more special purpose devices rather than a general purpose machine. He gave examples of how he thinks that has happened, like corporations hiding the source code or otherwise limit access to change the behaviour of the computing machines we are using. Other examples were media with Digital Restrictions Management. Essentially it is about removing features instead of widening the functionality. As such, SIM locks also served an example. With SIM locks, you cannot change your SIM card when, say, you are on holidays. More examples he gave were the region code of DVDs or copy restrictions on CD-ROMs. He was also referring to the Sony CD story from a couple of years ago when they infected buyers of their CD-ROMs or the Amazon fiasco where they deleted books on their reader devices. Essentially, these companies are trying to put the user into the back-seat when it comes to take control over your devices.

While protecting the owner of the computer sounds useful in a few scenarios, like with ATMs, it can be used against the owner easily, if the owner cannot exercise control over what the machine considers trusted. A way to counter this, he said, is to first simply not accept the fact that someone else is trying to limit the amount of control you can exercise over your machines. Another thing to do, according to him, is to ask for Free Software when you go shopping, like asking for computers with a pre-installed GNU/Linux system. I liked most parts of the talk, especially because of the focus on Free Software. Although I also think that for most parts he was preaching to the choir. But I still think that it’s important to remind ourselves of our Free Software mission.

Impressively enough, you can already watch most of the Videos! It’s quite amazing that they have already been cut and post-process so that we can watch all the things that we missed. I am especially looking forward to Christian’s talk on Builder and the Design session.

I really like going to GUADEC, because it is so much easier and more pleasant to communicate with people in-person rather than on low bandwidth channels such as IRC or eMail. I could connect my students with all these smart people who know much more about the GNOME stack than I do. And I was able to ask so many things I hadn’t understood. Let’s hope there will be GUADEC next year! If you are interested in hosting next year’s edition, you should consider submitting a bid!

On my travel back I realised that the Frankfurt Airport is running Ubuntu:

I want to thank the GNOME Foundation for sponsoring my travel to GUADEC 2015.
Sponsored by GNOME!

GUADEC 2014 in Strasbourg

This year, GUADEC took place in the lovely Strasbourg in France. It was really nice to attend the conference and to hang around with people who care about Free Software. In fact, the venue itself ran Debian which was nice to see :-)

Unfortunately, I wasn’t able to attend many of the great talks as I wasn’t available for all days. And when I was, I was busy meeting people. Although it felt smaller than the last GUADEC, I think I’ve never met so many people who I wanted to talk to.

The conference offered a two-track program. Interestingly many of them looking out for a future of GNOME. John Stowers gave one of the more important talks, I think. He was describing the situation in academia. Python is very popular in the scientific computing space, he said. He was not satisfied with JavaScript being the new “default” language for GNOME applications, because the contestants are numerous and powerful. So we would compete at least against the Web and Qt. The former apparently being nice on other platforms such as Windows. GNOME’s bindings, however, were very good, he said. The technological foundation is excellent and we should leverage that potential and make people use it. However, GNOME’s story on Windows is not all too good, he said. GTK+ is becoming more and more irrelevant and even Wx appears to be as popular as Gtk. I also heard others claiming that the Windows situation is a problem. What I don’t understand is whether there are technical problems blocking easy to use ports. Apparently introspected GNOME libraries for Pyhon on Windows exist, but I don’t understand why that doesn’t do the job.

Another talk related to the future of GNOME was given byAllan Day. In order for GNOME to be successful, amongst other things, a focus on quality must be established, he said. Various ways to improve the current release process were mentioned and the audience engaged in a vivid discussion. I don’t remember the detail so I hope this will be followed up and discussed more broadly in the GNOME community.

“Why do we do desktop”, asked Matthew Garrett in his presentation. When I read that title for the first time I thought the question of the desktop becoming irrelevant was being picked up. But that was not the case. Instead, he wanted GNOME to differentiate from the existing desktops which, as he claimed, are continuing to be simple multiplexors for running several programs (such as clocks) at the same time. In contrast to existing desktop, GNOME should become the secure desktop. Other desktops, he said, would only exist in order to sell more things to the user, i.e. to tie the user to an existing ecosystem. An advantage of GNOME is it being free from corporate control. Decisions are made very transparently which enables it to focus on brining privacy and security to the user. Even if the user is not aligned with our core values and principles. As such, every user deserves as much privacy and security as we can possible provide.

Many thanks to the local team for having organised the conference. I hope next year in Gothenburg will be at least as good.

Sponsored by GNOME!

GUADEC 2013 in Brno

I also attended this year’s GUADEC and it was quite good. Especially because the weather was so nice. It was so burning hot that I sometimes wished it wasn’t; especially in the night… My room in the Taufer dormitories, whose service was basic at best, was heating up so heavily over the day that it took until 4 in the morning to be cool enough to be able to sleep. When opening the cold (!) water tap, the water was as warm as a mildly hot shower… But well, GUADEC is not about sleeping anyway, right? ;-)

I was kept busy with various meeting before, while and after the conference and I piled up work lasting for a few months, I guess…

The conference itself was nicely organised. The bar was set quite high last year, so I didn’t expect this year’s team to match the overall quality. And they didn’t, but they were close. The staff was helpful and professional. Issues were dealt with promptly and quite well. I hope, again, that the knowledge gained can be transferred to future GUADEC organisers.

As for the talks, I couldn’t follow many of them. The ones I have seen were mostly great. We had (too?) many keynotes which were generally interesting. Too bad the crowd didn’t notice it was trolled by Ethan Lee. He is a game developer who ported games to Linux. The message was poor and I doubt we, GNOME, profited from this keynote. The next keynote was given by the CEO of Endless Mobile, a company which tries to leverage the potential of the “middle of the pyramid” to get the next billion users and “get 50% of the market share”. The idea is to bring a cheap enough, but also elegant enough device to the people who can afford a 40 inch TV (via loans) but not a PC. As they want to sell ARM devices, he asked us to make GNOME run better on ARM chips. Cathy Malmrose, CEO of computer manufacturing company zareason, was keynoting the last day. The company puts only GNU/Linux systems on their machines before shipping them to customers. The computers they sell range from desktops over laptops to tablets. She told us that we were quite well positioned, because GNOME was so easily usable by people who don’t have much or any experience with computers. That was very refreshing and I am happy that she told us that we were doing very well. She was opening a perspective many of us probably didn’t think about before. She was really enthusiastic about Free Software and my feeling was that she cared more about the Freedoms than many of the participants.

Other talks by members of the GNOME community were lively and one the most enjoying talks was given by the sysadmin team. It was nice to be able to applaud for them in person, because they are doing such a great job.

There were Twitter walls (hehe) in every room (supposedly made with QML) and I found it to be mainly distracting while at the same time not very informative. The news running over it were mostly not worth the electricity they consumed.

Anyway, thanks to the local team and all the sponsors for making such a great event happen! If you have anything to say, leave your feedback on the wiki.

Sponsored by GNOME!

GUADEC 2012 in A Corunha

As so many people did, I attended GUADEC in A Conrunha *yay*. Overall, the conference was well organised. The local team was really committed and helped us a lot with all our matters. Little details like providing fruits, some sweets and chocolate for the hacking areas made everything just nice.

They also were very careful about keeping the news updated and the GUADEC website interesting. So they published interviews, photos and announcements regularly so one had an incentive to browse the website often. Very well and smartly done.

While I didn’t attend that many talks, I do think that the first keynote stood out. Jake Appelbaum gave a really inspiring talk about Tor and GNOME. He explained Tor and why it is important to provide anonymous internet access not only for wrongdoers but more so for regular people! For example, he mentioned that he had to use Tor on the venue because the WiFi would block SSH. So to get uncensored access to the network, he would use Tor. Another example was to not tell Google where you are. You authenticate with your credentials, but not from your IP, so you only share your location if you really want to. He had very clear proposals for GNOME and hope to be able to share the list soon. I, personally, would like to see us communicate very clearly, why we spy on our website users using Piwik.

The second keynote was a bit annoying, as she was referring to “open source” all the time although she really meant Free Software. Anyway, at the end of the day, I think her message was that other people exist that want a Free society and that we should not feel alone.

Between the talks, one could have a great time talking to people, especially during lunch. For not talking so much, the WiFi worked pretty well all the time. Quite amazing actually. I am also amazed by the effort people put in to things for GNOME. The locals did, i.e. put some GNOME feet stickers on the ground or hung a daily sheet on the wall to indicate today’s timetable. Daniel created an awesome Yearbook for the GSoC and OPW students and Andreas created an annual report. Thanks for working so hard on cool GNOME things!

It also happened that we had our first in person board meeting and I was very excited about that. We were quite productive during the rather long meeting. But afterwards I was quite exhausted. I guess it was the same for everyone involved. I am also quite happy to see two strong proposals for a GUADEC next year. It will be great.

Also thanks to the GNOME Foundation for sponsoring my travel to this year’s GUADEC!

I realised again, though, that I don’t like the Madrid airport and Iberia all too much. It’s a huge airport with no clear way indications, too few benches and power, and annoyingly loud and pointless passenger announcements. But well, it seems to be the cheapest in Spain…

Another huge round of “thank-yous” must be given to the i18n team. It is just incredible how they manage to cater for so many languages in usually close to no time. I have met many people at conferences or exhibitions that mentioned that if there was a success story to GNOME, it would be the translations. And the very fact that we get mails and bugreports in non english languages shows the success of the team, namely giving a very native feel to the users. To show our appreciation, we went for dinner and had a very good evening with discussions, food and wine. Again: Thanks!

PS: Here the whishlist:

Empathy should support OTR and it should be enabled by default (like adium)
I heard this so many times, I nearly stopped asking for feedback at all!
ZRTP/SRTP/TLS for all VoIP services (forward secrecy and strong crypto)
Tor controller extension for gnome-shell – why settle for only having
What if we could contextually launch applications anonymously? A 'Launch
Torified' context for applications (perhaps with torsocks?)-
 NAT? Who cares? How about 'single-click file sharing over hidden services?
 Decentralized instant messaging – resist traffic analysis (Federated
XMPP HS? For extra fun add decentralized and anonymous offline message
 network-manager improvements:
Ability to configure wireless networks before connecting to them
VPN 'automatically connect' checkbox should work and no traffic should
leak before the VPN comes up.
 VPN connections must fail closed.	
Ability to override DNS settings for all connections.
macchanger support in network-manager
Random MAC addresses per connection or per if-up
Ability to use a Tor DNS resolver on unpriviliged port
Normal modem support
Full Tor support in NetworkManager
Think of it as a free VPN
Full Guest mode in Gnome/GDM that uses Tor by default for all network
traffic – don't just refuse to write data to the disk, refuse to write
information to the bare network too

Keysigning BoF at GUADEC

For this year’s GUADEC I like to have a place and time to do some keysigning. I think the last official Keysigning Party was held during the GUADEC in Gran Canaria. So I reserved something on the official BoF wiki, we’ll meet on 30.07 at 16:00 in Room 2.7.

To strengthen the Web of Trust we will have a small Keysigning Party. While we are unfortunately not very good at using OpenPGP, we luckily don’t need to prepare much. So there is no need to send your key to anyone or do anything else, really. We just meet up, exchange key material and convince ourselves about our identities.

Desktop Summit 2011 in Berlin

This years GUADEC^W DesktopSummit took place in Berlin. Sure thing that I attended :-) Due to loads of stuff happening meanwhile, I didn’t come around to actually write about it. But I still want to mention a few things.

It was, like always, pretty nice to see all the faces again and catch up. The venue was almost excellent and provided good lecture halls and infrastructure, although the wireless was a bit flaky and spots to sit down and get together were sparse. Anyway, I have never seen so many actual users or wannabe users. Being in the heart of Germany’s capital definitely helped to make ourselves visible. Funnily enough, I met some folks who I chatted up during LinuxTag while I was presenting GNOME. I invited them to come to the DesktopSummit and so they did \o/

There were many talks and I didn’t see most of them. In fact, I was volunteering and meeting people so I couldn’t attend many lectures. But there was nothing I regret not having seen. The ones I did see were interesting enough, but not ground breaking. There’s a good summary over here.

We tried to record the talks but for some technical reasons it didn’t work out of the box. The network was too slow and no disks were available. We convinced the guy in charge to make us buy disks which eventually got used but I actually don’t know whether the lectures will be released at all.

A nice surprise was Intel giving away ExoPCs. In return they required you to sit and listen to presentations about their Appstore thingy called “AppUp“. Apparently a technology that tries to resemble OBS (because of distributing software via the web) and .debfiles+Synaptic (because of distributing software with a native GUI) with an additional payment layer in between. But it fails big time to do so. Not only can it not build binaries out of the sources that you give it, but it also can’t track dependencies. Welcome to 2011. Needless to say that it’s heavily targeted for Windows. Double fail that you can’t build Windows software for their store thing without having a Windows platform (and development tools) yourself.

The PC itself is neat. It’s a full tablet with only one soft key. The MeeGo version that came with it was out of date and updating was a major pain in the afternoon. It involved getting a USB keyboard because the OnScreenKeyboard would of course not show up if you open a terminal. And you needed a keyboard, because you can of course not update the software with that MeeGo version. There is no software management application at all. And most certainly, Intel’s new AppUp thing is not included in the latest and greatest release. In fact, it’s not even easily installable as it involves googling for the RPM file to be manually installed. By now I talked to Intel engineers and it seems that an actual vendor is supposed to integrate their version of the AppUp thing in the rest of the OS. So Intel doesn’t see itself in the position to do this. Other weird glitches include the hardware: While the ExoPC has a rotation sensor, it would be way to boring if it worked; so it doesn’t. And the hardware turns itself off after a while. Just like that. It feels like we have at least 3 years of engineering left before we can start dreaming of being able to ship a tablet platform that is ready for a day to day use. I have to note that the content centric UI approach is definitely very handy. Let’s hope it improves by fixing all those tiny things around the actual UI.

The discussion about a joint conference was bubbling up again. Of course. The main argument against a joint conference seems to be that it is considered to slow GNOME’s development down if we meet together, because we have to give time to the other people and cannot do our own program meanwhile. There are probably many variations of that argument, including that we do not collaborate anyway, so let’s rather not invest time in a joint conference.

While I do agree that the current form of the conference is not necessarily optimal, I don’t think that we should stop meeting up together. At the end of day, multiple (desktop) implementations or technologies are just pointless duplications. So let’s rather try to unify and be a unity (haha, pun intended) instead of splitting up further. I am very well aware of the fact that it’s technically unrealistic right now. But that’s the future we endeavour and we should work on making it possible, not work against it. So we don’t necessarily need to have a fully joint conference. After all, our technologies do differ quite substantially, depending on how you look at it. But let’s give each other the opportunity to learn about other technologies and speak to the key people. We might not fully make use of these opportunities yet, but if we design the conferences in a way that the camps have enough time to handle their internal issues and before or afterwards do a joint thing, then no harm is done if opportunities weren’t taken.

Another hot topic were Copyright Assignments. There was a panel made up of interesting people including Mark Shuttleworth. The discussion was alright, but way too short. They barely had 45 minutes which made it less than 15 minutes each. Barely enough to get a point across. And well, I didn’t really understand the arguments *for* giving away any of your rights. It got really weird as Mark tried to make another point: It would be generous if a contributor donated the code to the company and the participants should take into account that generosity would be a strong factor contributors would strive for. I haven’t seen that point being discussed anywhere yet, so let me start by saying that it is quite absurd. What could be more generous than giving your code to the public and ensuring that it stays freely available?! Just to be very clear: The GPL enables you to effectively do exactly that: Release code and ensure that it remains free.

I was delighted to see that the next GUADEC will take place in A Corunha. I’d rather have gone to Prague though. But maybe the Czech team can be motivated to apply again the next time.

GUADEC 2010 – The Hague

I’ve been to GUADEC *yay*! I am going to summarize some of the talks I’ve attended and some of the many seriously interesting conversations I’ve during this week. But in short: This was one of the best GUADECs, progress wise. I met many people, brought my teams (bugsquad and membership-committee) forward, had new inspirations and fixed some bugs :-)

But the week started with some work. Apparently, the network was not fully set up yet and we had to use a lot of duct tape to set everything up. After people saw me being “in charge” for the network, they started to complain why the network was not running properly ;-) The problem was, that the Uplink was kind of broken. Basically a big firewall blocked that many connections because it thought it was under attack. The solution then was to claim some of the universities IP addresses and do a big SNAT for the users.

Having said that, the network was up and running perfectly on Wednesday, making it a perfectly networked GUADEC :-) The last GUADECs usually had some troubles with the connection even after the event started (remember the broken uplink on Gran Canaria or the rather bad wireless situation in Birmingham?).

The Hotel’s wireless was ridiculously expensive. They wanted 10 quid for 24 hours. But I realized, that the default gateway is announced as being at and if you visited that with a web browser, you’d find out that it was a Zyxel VSG-1200. Turns out, documentation is very verbose, including a default username and password… The rest is left as an exercise for the reader. If you didn’t want to go that route, you could easily claim an active MAC-Address and IP and reuse the authentification…

The talks were streamed and I hope recordings will be made available soon. Good summaries were already given in the official GUADEC blog and various others so I won’t go into too much detail, because .

I haven’t seen covered that Xan and Fernando mocked about the newly promulgated Speaker Guidelines which they didn’t respect either. It’s an interesting discussion though. It is obviously a shield for attacks from the outside so that we (as GNOME) can point to these guidelines if one of our speakers might have offended anyone. But do we, as GNOME, need such a thing in first place? And what happens if we refer to those guidelines over and over again but nobody complies with those? Probably nothing. But do we need to lie to ourselves then? Can’t we expect the people to have enough common sense? Do we want to be a community where we can’t assume enough common sense?

An issue that I didn’t really understand was that the usual picking on Canonical took place. Apparently, people expected Canoncial to contribute more since 1999 than they actually did. But they have been founded 2004… That comment summarizes that fact well. Also, I don’t really get why people expect a distributor to engineer stuff in, say, GNOME. I don’t hear anybody complaining about, say, Mandriva or Gentoo.

Bred Kuhn told us to save human lives by rolling out more crypto within GNOME. I couldn’t agree more. But sadly, we have a long way to go. For now, you can’t even handle your OpenPGP key in a sane way, i.e. rolling over to a new key. It strikes me that we still don’t have a concept encrypted end to end communication, i.e. with Telepathy (well, email is too broken to be tackled). Apparently XTLS should be used. But no PKI will be used, thus discouraging the enhancement of the OpenPGP Web of Trust. It would be absolutely brilliant if Telepathy used OpenPGP keys (maybe even create one if none existed). If then spoken with another entity via Telepathy, it could ask the user to verify the other persons identity via, say, a Videochat. That chat would use the public key material for encryption. The assumption is that the two parties know each other and that a man-in-the-middle cannot spoof valid data quick enough. The other persons key would then more or less automatically be signed. I talked a lot to Stef Walter and other people around GNOME-Keyring and Seahorse and we had good ideas. Let’s see how much we can get done.
But we’ll have a long way to go, since GNOME doesn’t even provide fundamental encryption for it’s webservices, i.e. or even the RequestTracker :-(

As for the teams I feel responsible for, I met with a few Bugsquad folks and we’ve discussed a few things. I am still in Post-GUADEC mode to get everything off my Todo-List that accumulated over GUADEC. The most immediate action is to get close bugs of deprecated modules and get rid of the products in Bugzilla. Other lower priority issues are to (finally!) organise a bugday and test a JetPack which helps dealing with Bugzilla

I also had a few discussion related to the GNOME Foundation Membership process. We somehow have to think about the people that feel intimidated joining the GNOME Foundation. Also we will discuss our strategy and policy of evaluating non trivial contributions to GNOME.

Having said all that. I want to that the GNOME Foundation for paying my accommodation and making such a productive week possible.