Category: General

Thoughts and so on regarding FOSDEM:

• Booking the first hotel solely based on price, overall review figure (didn’t read the review themselves), location (city centre) and free wifi availability resulted in a nice hotel and ensured I didn’t spend too much time on that (ignoring the non-hotel things I was investigating before).
• Still don’t understand why many people from Brussels pretend they can’t speak Dutch
• Perhaps better if you’ve gotten used to it, but I can’t easily find my way in that city
• While attending the GNOME stand for a short while I noticed the following things:
  • The people usually attending those stands are amazing. I only attended for 1 or 2 hours (not sure how long it was).
  • We sold loads of t-shirts
  • I got a nice Mandriva t-shirt from Frederic Crozat
  • Not too many men ask for size S
  • A lot of questions on why we had those Nokia devices and how GNOME was involved
  • The GNOME event box is really nice
    It has a beamer, screen, webcam, nokia devices, etc. Although 3 digits is not enough for a padlock (figured out the combination for one of the locks, box itself was unlocked anyway).
  • Someone strongly suggested we should add a pink theme
  • A lot of people asked if the stickers were free
    Really nice compared to the (not software related) stand where everything was taken if not bolted down
  • The t-shirts were only 5 EUR for foundation members. Asking why people weren’t a foundation member resulted in some nice answers (often “not yet”, although 2 seemed to imply they were KDE e.V. members, not sure why they didn’t say so)
• Some electricity problem in Rotterdam meant the train went via Utrecht instead. Including transfer an (estimated) 1.5 hour addition to my travel time. Heard the “I’m never doing this [taking the train] again”. Well, it is far easier to recall one bad experience instead of adding up all the hours standing in traffic. Not implying that I was happy with the extra travel time. Service was good though, they said which track to go to for all the stations they missed, this including departure times.
• While in the train, I had some fun trying to find out stuff about the people traveling with me. Likely a result of watching this video.
• Some people carry around a CD player as well as a MP3 player and use both.
• Regarding FOSDEM 2009:
  • Perfectly organized
  • Loved the cloak room (left my luggage there)
  • Loads of volunteers. Thank you all!
  • Great signs everywhere
  • Bus ride to Brussel-South station was very welcome, especially as the FOSDEM site included an estimated arrival time (made planning easy).

I’ve upgraded the following things:

• SVN server
  Uses version 1.5.4 on the server plus all the repositories have been dumped & loaded to ensure every module uses the latest repository format
• ViewVC has been upgraded to latest trunk (as of today

SVN server upgrade
This features merge tracking. For it to be fully reliable, non merge tracking clients shouldn’t be used anymore. In short: we might need to ban SVN 1.4 and older from committing to the repository (anonsvn is of course ok). Aside from merge tracking (and various other changes), the repository on the server is also a lot smaller, in size is about 66% of what it was before. This is due the old repos format (v3), it was very inefficient with binary files.

Although you can upgrade the repository format by use of svnadmin upgrade, the --help mentions it only does the bare minimum. So I’ve created my own hacky script instead.

ViewVC upgrade
It has been a while since I last upgraded this to upstream trunk. I noticed a problem with unidiffs. There could be other problems as well, please file a bug for those (after checking for known bugs).

ViewVC is a lot nicer in the trunk version, noticed the following niceties:

• Displays file/directory properties (such as svn:externals and svn:executable)
• Different syntax highlighting (Pygments, doesn’t seem to highlight as much as before)
• Upstream email mangling (Bugzilla style). Perhaps I’ll modify this, liked out method better (replacing @ and . by a space)
• Slightly more resistant against strangenesses in query/RSS stuff
• Supports intraline changes (not sure if this is new, but wasn’t enabled before)

I’ve also enabled pagination and set it to 800. It means if something generates over 800 entries, it will show a ‘Next Page’ button. Useful for very long logs. I don’t think anyone is really interested in the full log by default. Unfortunately it works per default also for the main repository view, otherwise I would’ve set the value much lower (e.g. 100).

Since last week the bzr-playground machine has been setup as a syncrepl consumer. This means that all SSH key changes (plus new accounts) will automatically be able to use bzr-playground. Note: I mean to host private branches, of course people SSH is optional if people either commit to svn.gnome.org or just attach the result to a bugreport.

Bzr-playground is usable for anyone with SSH keys set in their GNOME ldap account; it is not restricted to just people with SVN access. Also, the LDAP replication is minimal, the bzr-playground server knows little more than usernames + public SSH keys.

This year I’ll help out at the World Port Days in Rotterdam. It is an event where the various things related to the port are shown. They’re expecting around 350.000 visitors. I’ll help at the Maersk stand on Sunday afternoon (2 pm onwards). The stand is located next to the Dutch Navy at the Parkkade (right hand side). It should be easy to locate as there will be a ship from Norfolkline alongside which people can visit (stand is about 60m wide).

Stuff at the stand:

• Info about how Maersk brings seawater from the Pacific Ocean to Rotterdam for the Oceanium. Apart from a cinema there will be a few people from Blijdorp to answer questions. The Oceanium is really nice (I went to a ‘behind the scenes’ tour at the Oceanium a while back).
• A working reefer container (not sure which temperature it will be set at)
• Solar boat from TU Delft (Maersk sponsors this). Apart from the boat there will be a flat screen with more info, etc.
• Other stuff like a free ringtone (Bluetooth), APM Terminals stand next door, picture board, etc (there are just too many things to list).

Noticed that I got a bounce message from dict-notifications at fsa-bg org after a commit to SVN. This triggered an email to svn-commits-list which this address was subscribed to. Of course, such bounces are very annoying so I’ve unsubscribed that address. I do wonder why I didn’t see any complaints in a place meant for this (gnome-sysadmin, gnome-infrastructure, support@, mailman@, …).

Up to today LDAP replication was done using slurpd-style replication. In this setup the LDAP master pushes changes to the various slaves. For this to work the slave must be accessible by the master. This was setup using encryption (self signed certificates). This replication method is deprecated as of OpenLDAP 2.3 in favour of ‘syncrepl’. OpenLDAP 2.4 doesn’t even have slurpd-style replication. Changing the replication method is important as I want to be able to upgrade to RHEL6 without being forced to do other changes at the same time.

The biggest drawback about slurpd is that it only replicates the changes. Meaning: If you have a new slave, you first have to stop the master, dump the database, then load this database on the slave, then start the slave and the master. Really annoying and during this time your master LDAP server is down!

With syncrepl-style replication the slaves contact the master. Slaves are now called consumers and the master is the provider. I don’t like consumers contacting the provider as I don’t want a security issue on some external host to cause security problems on the LDAP master db. I’ve tried to minimize the risk by using encryption (self signed certificates, server won’t accept any other certificates), using iptables, restricting the LDAP logon to just one user (to ensure brute forcing userPassword entries by logging in often will not work), not replicating the userPassword attribute, not allowing database modifications from external clients and some ACL restrictions.

There are two things I like about syncrepl.

1. After it connecting with the provider it checks the consistency of the database. At one point the SVN machine missed just one uid entry. That person couldn’t log in. With sycnrepl such a problem is not possible (ignoring possible config errors like ACLs).
2. You can restrict what is replicated to the slave using ACLs on the master.

Syncrepl has two ways of working, using refreshOnly it checks for LDAP changes every x minutes (configurable). This isn’t as nice as slurpd as I want all LDAP changes to be propagated instantly (even if the SSH sync script only runs once an hour). Fortunately it also has a refreshAndPersist, where it first checks and then waits for change notifications from the provider.

Tips to ensure a working syncrepl:

• Make sure the DNS entry points to the right server
• Make sure that DNS entry has not been manually added in /etc/hosts
• Make sure the userid running slapd can actually access the various certificate files
• If you test using ldapsearch, make sure /etc/openldap/ldap.conf has a TLS_CACERT entry
• Make sure the TLS_CACERT file can actually be read by the user running ldapsearch
• slapd (etc) -d 1023 contains the debug messages, you won’t find them anywhere else (by default)
• Kill any running nscd and wipe it off the system
• etc etc etc

Really excited that possibly we’ll have a Akademy and GUADEC at the same place next year. I’m starting to see KDE at this GUADEC already:

Yeah, not entirely the same, but it is still 2008, not 2009.

There will be a Bazaar demo today at 15.30 in the Medium room. This wasn’t on the schedule before. They’ll demonstrate not only how to use Bazaar (using the Bzr mirror), but also show a few new features (o.a. search). Another item is a playground server, allowing GNOME people with SSH keys to store their own branches. If you are interested in DVCS and/or Bazaar, suggest to attend this demo. It will be an open demo, feel free to ask them to demonstrate whatever you’d like to see. I’d love questions about how Bazaar could make your workflow easier (supporting what you do easily).

As preparation for next years combined event, I already noticed one KDE dude at GUADEC:

He said he’d participate in the GNOME release team meeting as well (starting in 20min).