Pranking and the horrors of VBA

Various years ago I thought it would be a fun way to brighten someones start of the day by having the browser go to a Youtube clip of “Hey DJ”; a nice reference to his nickname (DJ). One way of doing this in Windows is by adding a shortcut to the “Startup” folder, making it pretty obvious and easy to remove. Further, it avoids any resets of the homepage (group policy and/or login scripts). Many months after this I noticed that he quickly closed his browser after he had to restart his pc. Despite him raising various tickets with the helpdesk; his browser kept going to Youtube whenever he logged in. The helpdesk couldn’t figure it out; not even after looking at it various times over the course of a few weeks. It was just easier to keep closing the browser than to try and get it fixed. My attempt to make him laugh had some unexpected results! After that I decided better not to do anything even if not meant in a bad way.

Though in previous example I didn’t have any bad intentions, some people think it is funny to prank you by changing things on your computer. I don’t particularly like people touching my computer, even if I forgot to lock it. One person changed my chat status. I wanted to get  a bit overboard in my response to avoid having to deal with it ever again. This requires delving into Windows, MS Office, etc.

In my example I was trying to be obvious. This time the goal is to make it difficult enough to detect. Knowing the knowledge of the helpdesk, my concern was more with the ability of the person than the helpdesk. It should still be kept simple as that’s often overlooked. As such I thought of the following:

  • Run a script as a scheduled task (to avoid being able a running process)
  • Execute actions randomly to avoid figuring out that the script is scheduled:
    • Only once every random X minutes
    • Only after a delay of a random seconds (Windows task scheduler can do this automatically)
  • Only starts at least 1 day after being installed (to avoid noticing any link between “infection” method and results)

Above is actually really easy to do from VBA (the horrid language used in MS Office). Though VBA is terrible the automation options within Windows are endless and way better than Linux. Almost anything on the system is exposed as an object so you don’t need to mess around with starting commands and checking either exit codes or parsing command output. You can easily control the scheduler as an object for instance.

On to the pranking itself: What to do was fairly easy thanks to Google. Not only can you quickly find nice suggestions, there’s often some code included as well. In the end I created a script which randomly selects from the following pranks:

  • Say something via the speaker (using text to speech engine)
  • Mute/unmute sound
  • Send enter key to running application
  • Send backspace key to running application
  • Increase the volume 3 steps
  • Decrease the volume 1 step
  • Press capslock key
  • Press alt-tab (switches applications)
  • Change mouse to a left handed mouse
  • Show Google in the browser
  • Minimize all windows
  • Tile all windows horizontally
  • Show taskbar properties
  • Show the window switcher mode (win+tab)
  • Send users name to the running application
  • Open some internal website

Some actions are only executed based on the idle state. E.g. not idle, idle for 2 min, etc. This helps in ensuring the person gets really annoyed.

Outcome: Infection was fairly easy. However, I made a very stupid error, resulting in the person being really suspicious and eventually figuring out that I put a script on his pc. Fortunately the person is still unable to find the script (yay hidden files!), nor is aware that something like a task scheduler exists (simplicity is good). Even if he’d know about the task scheduler, you can even hide tasks in there (which I obviously did). To be clear: the person is still suffering from all pranks listed above. :-P

Initially I wanted to post the source code as well, but I’ll spare you. There’s nothing like try/except, etc.

GUADEC 2015

GUADEC:

  • GUADEC often conflicts with things. This year I could only attend until Sunday.
  • At least one talk is a rehash of previous year talk. Lots of ideas, but to be honest the diff vs last year is small. This while the room is quite packed and willing to act.
  • Flew back while arriving at airport 19min before departure. Still made it. Don’t try this!
  • I attended way more talks than I thought I would. Sometimes realized too late I should’ve gone to the other talk
  • Number of attendees is damn low (140 IIRC)
  • I can be more aggressive in real life than on the internet and did that twice unfortunately.
  • I prefer standing tables for better mingling
  • For many years I’ve stopped bringing anything devices to a conference aside from a phone. We rely way too much on things that won’t work on a phone. E.g. usage of IRC and mailing lists. Where are my notifications?

Gothenburg/Sweden:

  • Gothenburg is expensive. Food, drinks (even coffee), public transport, entrance fees to dancing places, etc.
  • You can easily get by without cash. Just relying on a debit/bank card is enough. Almost all places accept cards or flat-out refuse cash.
  • Really friendly atmosphere. I messed around while cycling and every car was really patient.
  • Because English is a foreign language for me as well, I never bother to ask if anyone speaks it. The result is like being in France, but then the opposite.
  • Cycle paths can be found on the left, or maybe on the right or maybe in the middle. Sometimes it might look like the pedestrian path. Really confusing. Some roads lack cycle paths. Really not obvious!
  • Cycling can cost you as little as 25 SEK for 3 days (keep each ride under 30min). Public transport is 26 SEK for one trip.
  • I really wonder about the average salary. Lots of people get really drunk so I assume they make enough money.
  • I’m known for wearing way less clothes than others. 95% of Swedish people wore less than I did. I did not want nor appreciate this reality check.

People:

  • Nuritzi remembered the names of 8 people within a day or so. She gave a talk; thanks to the schedule I was able to lookup her name. Remembering names is difficult.
  • Found at least one person who shares my love to be able to argue intensely without considering it personal
  • Documentation team is a fun group.
  • Apologies to André for making him cycle. Plus when I made him cycle again. And again.
  • My roommate slept happily under a Hello Kitty blanket :-D (not his; apartment had it).
  • André+me held a Vodka vs Whiskey content. I won despite magpie’s rants about it not being real whiskey. Seemed like people felt obliged to talk
  • An surprising amount of people didn’t want stroopwafels. I take these with me sometimes on business trips and they’re usually insanely popular. I demand an inquiry!
  • Three (“four” arrived early) days is not enough to speak to everyone I’d like to talk to
  • Some Czech people are damn tall.

GNOME:

  • We should really be doing usability research/testing. This is long overdue.
  • I don’t get why it’s totally acceptable for one person to only posts almost solely offtopic stuff to foundation-list. This has driven people off foundation-list and has derailed various threads. Wtf. Just because there might be a backlash. Wtf. Either be ontopic, the rest should be in a private message. I really hate this special treatment. Yeah, this is about RMS. Isn’t it our resources?
    FWIW, I wanted to post a warning to the last offtopic msg, but thought to check with board. By the time I got the “decide yourself” (IIRC) it was sort of too late. Don’t even get me started about the “just ignore it”. Apparently he’s a still a foundation member because when GNOME started he helped Miguel. Miguel is not a current member. FWIW, I appreciate that he educates people, my peeve not about this.
  • Code of Conduct should hopefully apply to just everything hosted by GNOME if board agrees. Basically the admin first decides, then board is there for escalation (this reflects how various people have been doing things).
  • Dashboard/KPI for GNOME would be nice. I have gained loads of experience on this but not sure if there’s any free software available for this which works in the way that I think is best.
    Basically: Rough indicators are better than exact filters. Speed and ease of use is way more important than if being able to drill down or analyse every detail of a measure/KPI.
  • Current Red Hat seems a little bit strange and different/changing from the past. Appears to be the result of high growth and success. Hope CEO can do a cross check because really seems like the focus is off in some areas. Need more companies with similar success/influence as Red Hat.
  • GTK+ apparently again lacks Windows love. Every so often we do another call for people and seems like we need to do that again.
  • Wayland probably wont work nicely until next GNOME (I might be wrong here!). Focus is currently on other things than fixing the various paper cuts.
  • Was sort of asked to help out/join with writing documentation. I did help out with various release notes (though often was re-written after my work), but documentation seems a bit out of my comfort zone. Seems interesting to try but not on my own.

FlexGet

If something can be automated, I often want it automated. Doing things once is ok, but if you do the same things over and over it bores me. There is a drawback to automation, in that any change becomes an inconvenience. Leading to wanting to reduce any changes.

Say you download various things via bittorrent. In principle there’s various steps to this. You need to know what you want to download, do the actual download and eventually you need to clean up everything that you’ve downloaded.

First thing that I did is automating the cleanup of what I’ve downloaded. Ideally that should be done somewhat intelligently. Meaning, don’t remove anything that’s still seeding, figure out if I’ve looked at what I’ve downloaded, etc. This keeps my disk space ok and helps to avoid me buying bigger and bigger hard drives.

For automatically downloading there’s multiple parts. You need to have a list of things you want. This can be as easy as writing this in a text file. Then there’s the site you want to download from. Lastly, the bittorrent software you use. Over the years the various parts changed unfortunately.

Enter FlexGet. Instead of a script that does exactly what is needed, it has loads of plugins and a Yaml based configuration. Its plugins are divided into input, filters, site integration and output plugins. So it supports multiple different sites as well as rss, html, etc. It supports various download programs (rtorrent, transmission) and way more than just bittorrent related ones. Instead of explaining everything, I’ll just give a few examples:

  • Download every movie released since 2014 rated 7.5 or higher on IMDB.
  • Download every tv series première in 720p, but only once.
  • Download some tv serie as the episodes become available in at least 720p quality and wait a few hours to see if 1080p shows up.
  • Remember the tv series and episodes downloaded to avoid downloading the same thing twice. But make exceptions in case there really was a problem with the initial version.

The possibilities are quite extensive. Then it also has extra options like being able to reuse the cookies from your browser, notify your phone, etc. All very flexible. Though that’s also a slight drawback (e.g. it doesn’t automatically use the cookies from your browser).

I’m quite happy with FlexGet. Because it does so much more than what I appreciate that I could tinker with it and maybe do more. Further, it is written in Python, seems actively maintained and I’ve seen that they’ve integrated various contributions.

FlexGet has existed for a while and never heard about it. Probably because of what it is mostly used for. Anyway, if you’re a distribution packager, please package it.

Moderating and Code of Conduct

Background: Ubuntu Community Council’s decision (linking to awesome LWN) to remove Jonathan Riddell as the leader of the Kubuntu project.

To me there seems to be a lot of similarities between above and personal experience with moderating. Basically: don’t moderate in threads you’ve participated in because you’re biased. If you think you’re unbiased, guess again and have fun dealing with the fallout if you still take a decision. I thought a few times that I really could be unbiased and was proven wrong each time.

One thing I really like from the GNOME Code of Conduct is:

Assume people mean well

I really like this one because even if you think the person is the worst ever, easily the biggest troll around, no good for anything and basically is just nothing more than a poisonous person who should be kicked out of the project for the good of the project: think again.
I’ve read some of the email communication, and I think there’s something missing in the communication between the various people involved. It would be nice if at least someone would state that the objections they have are not personal. There might be heavy disagreement, but that’s because both want the overall project to succeed and grow.

Something else that would help is expressing the feeling directly to the other person. There’s an anonymous email and the person who wrote it comes across as someone who is trying to do everything the person can and getting frustrated because it feels like the persons work is being considered as bad and nowhere good enough. I’m guessing if people would directly express their frustrations, the other person would quickly apologize for making them feel that way. This can be done while still keeping everyone opinion the same (started with some legal stuff; it’s not about this though).

Not liking some outcome is separate from being able to appreciate the person or persons. I really hope the focus can be on expressing that everyone has the best intentions. Best intentions might’ve lead to frustrations and whatever not, but hopefully once the intention is clear people can apologize and move on.

Ubuntu project is for human beings / humanity to others. I really like this. You can pretty easily recommend Ubuntu and it has pretty heavy brand recognition; so much that people automatically use Ubuntu. For a tv show technical linux is showing some terminal with dmesg; anywhere an easy Linux is needed people suddenly seem to somehow found www.ubuntu.com. That said, I contribute to Mageia and everyone (users+contributors) should switch to it :P

I don’t think the current path is good for the Ubuntu project so hope above can be taken into consideration.

GNOME Asia, day 2

This will be a short overview as I underestimated how much travel time I’d need to the airport.

image
Keynote speech by Tobias
image
Second keynote was a question and answer session with 2 board members
image
Volunteered to hit the gong for the lightning talks
image
Understanding the release cycle by Alexandre Franke

Alexandre explaining the release process. Meaning, the various freezes, the various releases, etc.

I’m partly sponsored by the GNOME foundation.
image

GNOME asia, day 1

I’ll continue from the previous blog post and update as I can (depends on Wi-Fi, 3G).

image
Entrance to the big building Balairung
image
Conference stands. I'm guessing openSUSE will be big in Indonesia
image
Keynote by Mohammad Anwari - The architecture of BlankOn Linux (and how GNOME fits in the picture)

The keynote it’s quite interesting. Mohammad talks about many people still having very old hardware. My system is 7 years old. However, that’s still pretty new compared to what some people are using. GNOME 3 making use of hardware acceleration created a pretty big problem. BlankOn is an Indonesian distribution and latest versions are based on Debian. So my assumption about openSUSE usage might be a bit off ;-) Learned during a break that Fedora is also used quite heavily in Indonesia.

Mohammad also explained why there’s yet another distribution. In brief, the Indonesian culture is very different from what’s common currently in GNOME. It’s not ok to say no, so if that would happen to someone who just starts out, they’d leave and never come back. BlankOn guides this, acts like a shell around Indonesian culture and upstream.

image
OpenBSD at GNOME Asia 2015
image
Lightning Talk by Dwi Sasongko Supriuadi - How do I change my sysadmin mindset?

This lightning talk covered making use of configuration management.

image
Anjar Hardiena - Linux in cloud computing era. Talk is in Indonesian so couldn't grasp it
image
Adi and Azharuddin - Mapping the charitable efforts of Muhammadiyah (translated from Indonesian, might be wrong)

After the lightning talks we’ll have lunch. Then talks will be divided across 4 rooms. I’ll probably attend the Open Source software in shoes industry by Iwan S. Tahari.

image
Lunchbox! With Kroepoek
image
The university is beautiful. Various really nice buildings and spacious layout

The university grounds are amazing with really nice buildings. It would be pretty amazing to study here.

image
Open Source software in shoes industry by Iwan S. Tahari

This talk explained how Open Source was being used by a entire company. It covered the various problems that they encountered.

His summary:

  • FOSS is best for business computing
  • FOSS implementation most be top down
  • Start with a small pilot project, probably best to start with the accounting department
  • Purchase hardware which supports FOSS
  • Cooperate with the local Linux community
  • FOSS training is a must for successful migration
  • Contribute to FOSS development for continuous improvement and innovation in FOSS

Problems they had to overcome is dealing with rolling blackouts (electricity) and a major problem is documentation. The company provides a gift to anyone who improves the documentation.

image
Promote FOSS education to remote areas in Thailand and China by Shing Yuan Chen

Chen spoke about travelling across Thailand and China to explain FOSS hardware to children. He was part of a group of 24 people in total. The travel itself was quite intense, moving to cities and small towns. They trained it seems like hundreds of people at each place they went to.

He later explained that as in Thailand there’s just one child per family, there’s a real focus on that child. Parents encourage their children to do something special. This really assisted in having loads of people who helped to train as well as loads of children to be trained.

In a video you could see how the children used hardware to build a small device on wheels which could pick up small plastic bottles. I’m terrible at guessing ages, they seemed to be at most 10 years old, probably much younger.

image
Shobha Tyagi - It is really difficult to move people from Windows to Linux

Shobha talked about the difficulties to encourage people to use Linux within her university in India. The general feedback was that Linux is difficult and for coders. Strangely, this also came from people studying to become developers. They really didn’t want to even investigate or make any effort. This while they should have it easier because of at least knowing English.

One person at the talk commented that instead of switching, what worked for his country is to start at a really young age. Then they don’t really question. This approach worked well enough that it now is affecting decisions made by the government.

image
Typo fix. FreeBSD was at the conference, not OpenBSD

After that there were various lightning talks. Most were in Indonesian, so I’ll skip their pictures.

In the evening André and I bumped into two locals. They took us (wondered later if they wanted that as saying no is not done) to a local food place. They laughed quite a bit as you had to eat with your hands and I guess it was pretty obvious I never did that with this type of food. They also took pictures, wonder where those will end up :-P I did get a copy, but not sharing them!

I’m partly sponsored by the GNOME foundation.
image

GNOME asia, day 0

image

Arrived at GNOME asia! Went here together with André Klapper. We followed the guide created by the locals to get from the airport to Depok. We’re staying quite close to the university, so we followed most of the guide. In the bus an Indonesian sitting next to is was quite amused that we had to pay 50000 IDR instead of the actual price of 40000 IDR. Basically a foreigner tax :-P

Currently we’re following an Indonesian talk about translating GNOME by Andika Triwidada.

image
Lunch box. Delivered to your seat!
image
Speakers get shoes, a t-shirt and more

David King gave a talk about the basics of GNOME development. There wasn’t much feedback, so wondered if we had the right audience.

Ekaterina and Alexandre gave a hands on explanation on how to contribute to GNOME. The asked for interested people in translation and documentation. There was also a person interested in engagement and someone else in testing.

Kat split people up in groups. Each group was paired with a known contributor. I volunteered to help with documentation. It was quite fun to assist with explaining things that you either know way too well yourself or bits that you hardly know (finding documentation bugs). We explained how the process works in practice, Bugzilla, IRC, etc. My group was first to assign patches to the chosen bug, and not because I explained everything very well. E.g. we initially cloned the wrong repository at 150KB/s.

I’m partly sponsored by the GNOME foundation.
image

GNOME.asia 2015

Sponsored by GNOME FoundationOn May 7-9 2015 I’ll attend GNOME asia. It will be held in Depok, West Java, Indonesia (30km below Jakarta). I’m going there because:

  1. I’d like to understand the difference between GUADEC attendees vs GNOME.asia attendees (their interests, why they go there)
  2. I want to represent GNOME Release Team (answer any questions)
  3. I’d like to host a bugsquad session together with Andre Klapper

It will be the first time ever to attend a non-European conference, so I’m quite curious how it’ll be like. I’ve requested partial sponsorship from the GNOME Foundation, which was approved even if I missed some kind of deadline. I guess it helps that I only ask for partial :P

I’ve already bought tickets and I’ll travel for the first time with Emirates. I can checkin 30kg of luggage and carry 7kg. The 30kg is twice what I’ve ever brought on a plane. I dislike having a heavy suitcase and I’m usually amazed that some people are at the airport with massive amount of suitcases. Especially considering that having just one big and good suitcase is not cheap. Bringing loads of stuff with you to me seems like a huge burden (buying suitcases and the impact it has when you travel). If you go to a warm country, you can do without a lot of clothing. I’m still wondering if there really is something heavy I should bring :-P

ConsoleKit in GNOME 3.16 and beyond

Copy pasting from https://wiki.gnome.org/Projects/ConsoleKit. We announced this as well on distributor-list, which we expect any distributor of GNOME to be subscribed to (please do so!). Discussion was held on desktop-devel-list.

ConsoleKit is a framework for registering and enumerating login and user sessions. It is currently deprecated and unmaintained, though the project was recently forked into a backward compatible ConsoleKit2 project. that is getting limited maintenance.

Alternative options

The functionality of ConsoleKit has been superseded by logind which is a systemd component. logind provides nicer APIs and better integration with the system. It supports multiple seats per-machine, and has a mechanism for provisioning devices to unprivileged programs. Although systemd is not available for all systems, there have been a number of initiatives to fill the gap left by ConsoleKit, including:

  • LoginKit (logind compatible api on top of ConsoleKit2);
  • systemd-shim (limited support for some of the systemd apis);
  • systembsd (a reimplementation of the systemd apis portable to BSD distributions).

GNOME 3.16

Some GNOME components still support ConsoleKit in a best-effort, last-ditch-fallback sense, though, the ConsoleKit codepaths aren’t as widely tested. Some components now require logind to function properly. Distributions that wish to ship without logind in GNOME 3.16 need to patch ConsoleKit support back in to those components:

GNOME 3.18 onwards

For GNOME 3.18 we expect anyone not being able to use logind to make use of LoginKit, systemd-shim or systembsd. Likely more modules will remove ConsoleKit codepaths.

Distributing games and applications

Two new games for GNOME 3.16

Within a short period, two people showed up with proposals for games for inclusion with GNOME 3.16. One is a 2048 clone, the other is a revival of Atomix (last maintenance was GNOME 2.14). Both proposals seem to be maintained by just one person.

The 2048 clone might use a not-yet finished library. The usage of that library will help development of the library (easier when you have use cases, etc). Atomix needs to be ported from old technologies to the latest ones. If I’m not mistaken, I think I encouraged the inclusion of Atomix during the 2.x days.

I’m quite looking forward to having both games available on my machine. Being a packager for Mageia means that I can basically decide when that’ll be. Though Mageia currently is gearing up to Mageia 5 and that put limits on what I can do.

Game development by one person

The number of people on average making a games development by has differed a lot over since 1980s. Initially it was often one person, eventually big teams, then smaller again (flash games), etc. Jeff Wofford wrote a very detailed log of his experiences pursuing game development. According to the blog, one-man game development is done out of interest, but often also to make a (good) living.

Making money from game development in recent times is very short lived. If you make a game, it’ll quickly get cloned. Quite interesting is the number of available applications in the iOS app store.

Number of available apps in the Apple App Store from July 2008 to September 2014

I have no idea how long it takes to create a nice game for a mobile iOS. I do think above graph impresses me: more than 1.2 million apps within 4.5 years. How long have distributions been around? I recall trying either Red Hat 5.0 or 5.2.

How would this work under the distribution model?

With the distribution model and e.g. the 2048 game, say the game was originally made for Linux. Then once the development is over, you’ll have to persuade various distribution packages to include your game. This is easiest if you’re known. So aligning yourself with GNOME makes this process easier for you. To ensure your game is available under as many distributions as possible, you’ll have to search for the various distributions, then per distribution ensure that your game gets packaged.

Packing does have various benefits from a technical standpoint. No duplication of libraries, entire QA process, etc. I package at Mageia and I don’t like anything that’s not packaged. I basically won’t install it unless there’s a package for it.

Say your spend 2 weeks of development on your game until you have the first version that you want to beta test. After that you need to convince distributions to package it. Then these distributions have to ship their stable versions. After which your users have to upgrade their distributions. If you release a new version every 2 weeks (easily possible if your game is under active development): how likely will your users run the latest version? Distributions usually freeze their distribution to increase quality. This can take anywhere from a month to 4 months. Various distributions also require freeze exceptions for new versions of software.

To notice new versions, distributions use various methods. Fedora tries to download a potential higher number than whatever is within the distribution. It uses that to notify the packager. Then for various well known download sites (e.g. download.gnome.org) it checks the directory. At Mageia we check various download sites as well as other distributions. Which gets messy as we sometimes use a slightly different name.

If your developing a game or small application for Linux, the experience is just terrible.

xdg-app: A different trade-off

Various people within GNOME are creating a freedesktop.org additional way to distribute games and applications. Meaning: the intention is that it works not just for GNOME, nor just for one distribution. The details are available on https://wiki.gnome.org/Projects/SandboxedApps, though I’ll just copy/paste the two main goals:

  • We want to make it possible for 3rd parties to create and distribute applications that works on multiple distributions.
  • We want to run the applications with as little access as possible to the host. (For example user files or network access)

On Feb 7 2015 at DevConf.cz, Alexander Larsson gave a talk about application sandboxing:

As the talk is about 45 minutes I’ll just recap a few things from it:

  • Applications/games rely on a runtime
  • Runtime: Something like GNOME 3.16 (or KDE, etc)
    The GNOME 3.16 is around 400MB. The idea is that there aren’t too many runtimes and multiple applications can rely on one runtime. In case you have multiple runtimes and there are duplicate files between the runtime, the space is only used once. Further, when you update a runtime, you only download the differences (thanks to OSTree, see the LWN writeup).
  • Demo: The presentation includes a demo about a recently funded application, Builder.
    This application is still being developed. It requires libraries from GNOME 3.16. That’s still under development so usually (unless you run development versions of distributions), you’re pretty out of luck trying this out.
  • Sandboxing/separation: The sandboxing is not perfect yet
    Requires more work (pulseaudio and more). Further, any X app will always be able to record your keystrokes if they want. Meaning: Wayland. Further, there are some interdependencies between host OS and the runtime (for details see the talk).
  • You can disable access to your network, your own files/homedirectory, etc
    It uses things like pid namespaces, etc (see talk for details)
  • You can install either system-wise or within your homedirectory

Now I didn’t fully watch the entire talk, nor read all of the discussion around it. I know that NVidia will only release their proprietary versions which will work with Wayland beginning of 2016 or so. The talk mentions wanting to use kdbus, which doesn’t have to be systemd-only, but, well…

It’s unfortunate that this talk wasn’t given at FOSDEM. There was one talk about Wayland+systemd application sandboxing, but I found it very lacking (I expected something like what Alexander Larsson spoke about).

Closing points

I skipped over many details in this post. If you want more details, see the various links, post a comment or ask the people who actually know. For that and also if you want to work on something technically interesting: join the gnome-os-list mailing list.