Blog

Saving your back and hands from RSI and similar pain

Submitted by gwolf on Tue, 04/05/2011 - 11:13

I took part in a occupational-health-related thread recently, and wrote a bit of my experience which might be helpful for my readers, many of them avid keyboard users, with usually ≥8hr of typing per day.

(…) I suffered not from RSI but from painful back aches. I started using standard keyboards in a different fashion, not putting so much stress on my wrists (and on the muscles connecting them to the rest of the body, of course): I exclusively use US keymaps (with some modifications to allow for proper Spanish input and ffŭₙṅý characters), but instead of making the middle row my fingers' home row, I type with the base position of my fingers in a V shape — Fingers resting on (approx.) w-e-f-v-spacebar and spacebar-m-l-;-]; the fingers doing most of the travelling are the index and middle, and with no straining for the little fingers to reach ` or backspace. On the other side, the most straining keys become Control and Shift, which requires closing the hands a bit too much, but are not that bad. My way does induce some new kind of stress, as my arms also have to move to reach 6 and 7, but it... Works for me™.

It looks weird and is somewhat strange to get used to, but I must say it has worked great for me. I work this way on regular and laptop keyboards, even on my netbook's noticeably smaller one.

( categories: )

Lets go to Nicaragua, 2012!

Submitted by gwolf on Tue, 03/22/2011 - 17:55

Ok, so finally it is official!

We just had the DebConf 12 decision meeting. We saw two great proposals, from the cities of Belo Horizonte, Brazil and Managua, Nicaragua.

If you are curious on the decision process: We held it over two IRC channels — The moderated #debconf-team channel, where only the five members of the decision committee (Marga Manterola, Andrew McMillan, Jeremiah Foster, Holger Levsen, Moray Allan) and two members from each of the bids (Marco Túlio Gontijo e Silva and Rafael Cunha de Almeida from Brazil; Leonardo Gómez and Eduardo Rosales from Nicaragua) had voices, and the open #dc12-discuss channel where we had an open discussion. Of course, you can get the full conversation logs in those links.

I have to thank and congratulate the Brazilian team as they did a great work... The decision was very tight. It was so tight, in fact, that towards the end of the winning all of the committee members were too shy to state the results - so I kidnapped the process by announcing the winner ;-) (I hope that does not cast a shadow of illegitimacy over it)

And, very much worth noting, both teams were also very professional: In previous years, we have seen such decisions degenerate into personal attacks and very ugly situations. That has always been painful and unfortunate. And although the Brazilians will not be able to go celebrate tonight, the decision was received with civility, knowing it was a decision among equals, and a decision well carried out.

Well, that's it — I am very much looking forward for that peculiar two weeks when the whole Debian family meets, this year to be held in Banja Luka, Bosnia-Herzegovina, and I am very eager towards meeting in 2012 in Managua, Nicaragua!

Yay!

( categories: )

Writing limits blues v2

Submitted by gwolf on Mon, 03/21/2011 - 20:26

Some years ago, I faced a 900 word limit for the first time. My question to the editor: Can I write the column in German?

( categories: )

Writing limits blues

Submitted by gwolf on Mon, 03/21/2011 - 20:24

People enjoy writing with Twitter's arbitrary 140 character limit. I suffer when I have to write a column with a 900 word limit. Limits suck.

( categories: )

Responsible biking: We are not exempt from the traffic rules!

Submitted by gwolf on Tue, 02/15/2011 - 21:03

As you know, I very often advocate using the bycicle as the main means of transportation in Mexico City. The city is very apt for biking through it, and contrary to the fears of mostly everybody, the city is neither aggressive nor as dangerous as people say.

However, I have seen cyclists which seem to be looking for the best ways to be hit by a car, or to hit a pedestrian.

Yesterday, I read this note in La Jornada: The local Environment Secretary calls cyclists to respect vial regulations.

Many cyclists assume they are a special case of pedestrians, and zig-zag as they please between the road and the walkway, or just stay in the walkway. That is dangerous, both to pedestrians and to themselves. You might find children, elderly or motion-challenged people on your way. Also, not only will pedestrians only expect other people in the walkway, moving at their pace or slightly more, but cars will also not expect somebody moving at 10-20Km/h. A car driver pulling out of his garage, or crossing a street, will not have enough warning when he sees you, and you are very likely to end up in an accident.

Since ~5 years ago, Mexico City is growing a grid of Metrobús and confined trolebús cero emisiones (trolleybus) lanes. Many cyclists use those lanes — That is VERY dangerous. Public transport vehicles are large, have a lot of inertia, and will take longer to react to finding you ahead of them. Besides, they can go way faster than a regular bike (~60Km/h for metrobús, ~40Km/h for trolebús), and have to stop every couple of blocks. So, you will be uncomfortable if trailing them, and you will be a liability to ~100 people if you go ahead of them. Besides, it is illegal to drive in the confined lanes if you are not a public, semimassive transport vehicle!

Surprisingly many people have argued they prefer riding their bicycles against the traffic — I think they prefer staring at Death into its blue, glowing eyes (or into its long, thin whiskers)... By far, most cars that hit a bicycle do so from the side, when crossing a road. And if you arrive at a crossing from the wrong way, the way a driver does not expect you, don't expect the driver to be aware of you. Also, in the much less likely event of a car running into you, would it be better to be hit at 80Km/h (60Km/h of the car plus 20Km/h of your own speed on a full frontal crash), or at 40Km/h (substracting instead of adding)? Yes, some people say that looking at the car will allow you to maneuver – How far in advance would you know a car coming from the front will hit you? One second? That's 22 meters at 80Km/h (again, if you realize the 60Km/h car is heading straight to you, at 20Km/h). Too short notice for you to do anything — Any maneuver will most likely end in an accident. And the driver would not be so much to blame, as he would not be anticipating you riding against the traffic.

Make sure you get seen. By night, always use proper lights (red on the back, white on the front, and reflective material to the sides). Day or night, wear bright, reflective clothes (or over-clothes material). Act in a predictable fashion. Remember you are riding a vehicle and are subject to the same rules any driver is — A cyclist is not exempt from driving correctly! Do not jump red lights. Never ride on the walkway. Do your best to enjoy the ride.

And ride. Yes, ride, take the streets, enjoy the streets. But don't attempt to drive the traffic out of it — The streets belong to us all, and we can all share them.

PS — I also saw this note in the same paper: Sunday Rides in "Campo Militar Número Uno". The main military field was open as a park this weekend! I have to make sure it is regularly open — I am definitively going there!

( categories: )

Subsidizing private education?

Submitted by gwolf on Mon, 02/14/2011 - 17:35

Hrmh... I am listening to a local news radio station. Of course, what I am about to write lacks information and insight — but it follows a conversation I have had with several groups of friends.

Our de-facto president has decreed that the tuition for private schools will be deducted from the Impuesto sobre la renta (revenue/profit tax) up to a given tuition level (IIRC up to MX$2000 a month per child per school). The interviewed subsecretary said they expect this deduction will reach MX$13,000 million, around US$1,000 million. This is, about a third of what is assigned to the National University (UNAM).

At a first sight, this sounds good. However, I just thought about a discussion I have had with many friends. This money the government will hand back to the taxpayers has to be cut from somewhere (after all, we are not in a country with huge superavit or anything like that).

Why does this sound unfair ot me? Because it benefits the few in perjudice of the many. I did a quick search, and found this work based on numbers published by INEGI ten years ago: According to the last table, the money spent on private education was between 5% and 10% of that spent on public education — Of course, it is almost impossible to infer the number of students from this alone. I know I could find authoritative data on this regard by searching a bit more, but after all I don't want to spend all (work!) evening on a blog post unless it creates some discussion. Lets say, just for the sake of the exercise, that this means that ~3% of the country's students learn in a private school.

In Mexico, the quality of the basic public education (primary/secondary, ages 6 to 18) has fallen hugely in the last decades. Even when I was to school (but not when my parents), the first subjective sign that a family had broken the low-income barrier is that they were finally able to send their children to private schools. Because, no matter how bad they are, public schools are perceived to be worse. Of course, I was among the "lucky" ones to be in a private school. Higher education (universitary level) is still way better ranged.

Anyway... I want to get this post over with. Why do I oppose this subsidies/tax devolution? Because it will lead to widen the difference between private and public education. And because it will be benefical only for medium-high and high classes — People who are formaly employed (as I am) do not present a tax declaration, so we won't get any deductions. Between ⅓ and ½ of the country's economically active population work informally (from selling in the street to covering up huge transactions in large locals). Most of the population don't (directly) pay "impuesto sobre la renta", and will not get the benefit of this subsidy.

This money has to be taken from other sources in order to be given to private education. If the government wants to improve the education for everybody, why not assign it to the public sector? To specific areas in the public sector, if they don't want to hand it over to the (yes, very, incredibly) corrupt SNTE (National Union of Education Workers)?

( categories: )

Echoing Mohammed

Submitted by gwolf on Fri, 01/28/2011 - 01:16

For those of you who follow me through anything other than Planet Debian (who will surely tolerate this repetition):

Interesting but frightful things are happening in North African countries. We saw what happened in Tunisia some days ago. Now, Egypt is a way larger, way more populous... And, dare I say, way more important country. Also, it is a country which borders Israel, where I lived in for ~18 months, and to which –although I am today unaffiliated– is very important for me. And what happens in Egypt will surely shape the whole mid-East.

So, here goes a copy of Mohammed Sameer's post — Not just a link to it, as he might have to take it down. Of course, Mohammed, if you in any way think I should delete this, please please tell me, and I will comply immediately.

Egypt has been fighting for freedom already for 3 days now.

The whole country has experienced a large number of street demonstrations and protests within the last 3 days to be continued also on Friday, the 28th of January and afterwards.

The protests' main goal is to oust dictator Hosni Mubarak's regime, which has been in power for almost 30 years.

We want him out.

A massacre has happened in Suez. Police used live ammunition and tear gas. There are unconfirmed rumors that the army might interfere.

Even a bigger protest is supposed to take place a few hours from now. After the Prayer on Friday.

The internet has been shutdown completely. Egypt is no longer online since Friday, the 28th of January 00:45 AM.

Text messages to cell phones have been cut off too and all cell phones services will be following. No one knows exactly the intentions of the regime but it doesn't sound good.

Please help us.
Please blog about it in English and in all languages.
Please spread the news everywhere.
Please talk to media.
Please petition your government if that will help.

If there's anything that you can do, please do it and help us save the country and the people.

More news from twitter #jan25.

...From what I read from Israeli sources, what worries them –and many people around the world– is that, although Egypt is formally a democratic country, the ruling party has seen towards having basically no oposition — Besides the stubborn Islamic Brotherhood (very akin to Hamas). Now, the Islamic Brotherhood (as well as Hamas, and as well as most other Islamic regimes I know off, although I might be way mistaken) have got huge popular support because... They are true to their beliefs. In short, they are not corrupt — Something that cannot be said about many political organizations around the globe. They are true to their word. And although many of us shiver at thinking of their word getting more power... It is only the Egyptians who should have a say on who rules Egypt.

I honestly hope the Egyptian people get their long-owed self-determination. Of course, I hope Tunisians also get it, and not just a mirage of it. And every people, including us poor Mexicans who have neither had a chance to rule our destiny. And I hope it is a change for good, for tolerance, for peaceful coexistance with the neighbours, even if they are in many ways the rivals.

[Update] I just found out that, as expected, the news have reached Slashdot: Egypt shuts off all Internet access. I'm sure you will find lots of more information there.

( categories: )

Mandate for what?

Submitted by gwolf on Wed, 01/19/2011 - 12:15

I lived in Israel between 1994 and 1996 — This was just after the signature of the Oslo agreements, the Rabin-Arafat signature. 1994-95 was a beautiful time to be in Israel; there was the excitement of a prospect of real peace with the Palestinians, something that had been just seen as unattainable for the past 50 years.

But we also saw the buildup of a huge tension, of real hatred. And the dream of the end of the conflict, of two people living in peace side by side was heavily shattered on November 4 1995, when prime minister Rabin was assassinated. But for the sake of where I'm trying to get to (this post is meant to be about current Mexico, not of Israel 15 years ago), lets go a couple of months back.

The Israeli society is a deeply democratic one (although I understand many people feel it is losing that trait). Lots of political propaganda of all sorts, many of it very creative, are posted on the streets — And not by the government or by political parties, but by citizen movements. I tried to follow it... I remember a particular sticker that I started seeing very often: «Rabin has no mandate over the Golan». At first, I understod that the Golan residents rejected Rabin's authority (but, why was it posted all over the country? And what specifically was it about?), until a friend explained to me that it meant that it rather meant that the right wing all over the country felt that Rabin had no right to push for negotiations involving in any way the Golan heights return to Syria because that was not his electoral platform.

So, fast-forward in time, and 12500Km to the west.

If you have followed my ramblings for the past ~five years, you are aware of what I think about Mexico's government — It is an illegitimate government, which got the power thanks to a dirty and illegal (as per Mexico's legal system) campaign and to voting fraud. And, according to what I have read, around 30% of the population still believe firmly the elections were stolen.

But even if they were legal, valid and legitimate — What has happened since 2006 should not be seen as valid.

In Mexico, we don't have such a democratic culture. The society is not used to demanding anything from the politicians. We often see, as an example, that when talking about political organs, there is a divide everybody understands although makes no sense: We talk about citizens as people unaffiliated to political parties (v.gr. the 1996 Federal Electoral Institute was very well regarded as it was "el IFE ciudadano", and has since then been overtaken by the parties). Why are the parties' members not seen as citizens? Well, maybe because of the same distortion field that makes us believe our de-facto president when he stated that, from the (then) over 28000 people killed in the war campaign against crime (he oficially declared he never used the term war... Of course, he was proved wrong), only ~10% were civilians. In my book, that would mean that ~25000 soldiers have been killed — But no, he means mostly drug trafficants. So, as they are not innocent bystanders, they somehow stopped being civilians?

But again, I'm straying off the topic. Let us assume for a minute that the 2006 elections were clean legal, and that the campaigns were not diffamatory, and all that. And tha we had a modern government, with the stated separation between the three powers and all that. By today, the Legislative power would have surely called for the government's disolution. Why? Again, we Mexicans are not used to what a democratic system means. We can see over and over examples of people who have been voted to power and forgot/betrayed everything they campaigned for. And we are used to that being... Normal. But, who did we vote for? Given the suposition of this last paragraphs (clean elections led to our current government), did the majority of the population vote for Felipe Calderón, the person? Or did it vote for Partido Acción Nacional, the abstract entity organized as a party? No. The vote was (should have been) for the political campaign, for the things he promised he would work for, the priorities in the direction he would give the nation.

Not too long ago, we took pride of living in a peaceful country. Yes, everybody feared the crime rate in the streets, everybody knew big cities such as the one I live in (and love living in) have deep problems. But the country had good relations and good respect from the international players, and it was mostly safe. And, I don't think any of the few readers that have read this far (regardless of where they live or how much they know me) has that opinion of Mexico anymore. What is now heard inside and outside is that we have a huge organized crime (mostly due to drug traffic), and that it's taking over the country. Why did this happen?

The fact is, Calderón lacked legitimacy when he reached the presidency in December 2006. And although his campaign was centered on pushing work generation (his slogan was El presidente del empleo, The president of the jobs), lifting restrictions to entreprises, opening borders, getting more money in our economy... He knew he had to please the people that would protect him from any (then, probable) insurrection: Military and police. Our army has always been more a joke than an army... But they still have their guns.

So, contrary to everything he promised, the first things he signed was a salary increase to all order-keeping forces in the country, and an all-out attack against drug traffic cartels. He had to make the order-keeping forces protagonist, useful — and loyal.

Now, fast-forward again to 2011. The country is living the worst violence since the end of the 1910-1920 revolution. Over 30,000 people have been killed. Economy has fallen as it had not for many years (this was the worst-performing country in America in 2009). Work generation was said to be high, but then corrected to indicate it was mediocre (just about the baseline of population growth).

So, the balance so far of four years of... Government? Economic disaster. Social disaster. Promises unachieved. Starting actions he had no mandate to do.

Felipe Calderón has no mandate to get us in this war.

Even if he had been democratically elected, he would have to step down.

( categories: )

Back with Ruby on Debian polemics

Submitted by gwolf on Thu, 01/06/2011 - 09:38

Once again, a polemic regarding how to properly integrate the Ruby language and libraries with the Debian distribution has been ignited. Similar arguments were presented in November and December 2008 and September 2010 — And excuse me for just refering to my own blog, but there are links to some other posts from there... and there will surely be many others I just missed. There were even nice collaboration attempts (such as DebGem, announced in January 2009... But which apparently never stuck on, as it is still listed as in its public Beta period and lists only support for Debian 4.0 and Ubuntu 8.04 and 8.10).

Some days ago, while I was on vacation, I received a mail from Lucas Nussbaum expressing the burnout he had been suffering from this situation. Some days after that, he posted a corresponding blog post - Giving up on Ruby packaging. The comments following his post are most interesting — The one comment I'd like to highlight (noting I skimmed a whole deal of them) is by Paul Brannan, one of the original RubyGems authors. Yes, possibly the design criteria for Gems included some mutually-conflicting goals, and they cover some of Debian's goals. Unfortunately, this conflicting criteria... Was resolved to the opposite way we would have wanted (specifically, that a sysadmin should be able to install software with the same tools he was already familiar with). And of course, there are deeper disagreements, which are rightly stemmed from different priorities: Debian (+derivatives) is meant to make user's and sysadmin's lifes simpler. Gems are meant to make developers' lifes simpler. And while all developers are some sort of users, and sysadminsthe reverse is (obviously) not so.

A developer maintaining several different codebases will surely suffer (well, this particular developer has surely suffered) if he has to maintain them all using coherent versions of system libraries. When a system is programmed, its developers want to use the greatest, latest tools to offer the best experience and functionality. And it's natural for libraries to evolve over time. However, any sysadmin will grind their teeth at the prospect of having many different versions of libraries, as the Gem model proposes. Why? Well, I was bitten by a minor example of it — Bug fixes do not get backported. Of course, if simple bugs are not backported, security and stability of the system as a whole suffers. Often, new software versions will not only add functionality, but improve on how things are done. Not only bugs get corrected, but we get better response times, better memory handling, etc.

It might sound harsh to say this, and even more, as a developer it feels I am talking against myself — But while development time should be minimized during the system design/implementation, once systems are in production, it should be used to allow for friendlier sysadmin relations.

I have to wear both hats at my real-life job. So, what is my take on this? Of course, blaming myself for choosing the wrong version is a no-go. When evaluating a library before using it in my projects, I try to look at its history and API-stability. APIs that change often speak about immature libraries which are still trying to get the right way to implement their functionality; just-started projects might be great and revolutionary, but they do not yet show any kind of long-term committment... And can lead (and have often led me) to painful rewrites when the Next Big Thing is reached.

As for the users: Even if your favorite language has the best and friendliest distribution method, users just do not care about what language was a particular piece of software implemented in. Users want to be able to install and uninstall with their system's usual tools. Directly using Gems, CPAN, PEAR and whatnot is just unnatural for users, however convenient they are for developers. Distributions offer a non-technical advantage in this regard as well: A human filter. As an example, as I write this there are 19392 Ruby Gems and 19092 Perl modules in CPAN (note that CPAN stores some older versions but discourages authors from keeping too many - So no, they are still very different in size). Debian has around 30,000 packages. Why is that? Because all Debian packages _must_ be human-generated, human-reviewed, human-submitted. This means, a person must think each packaged piece of code is worth packaging, is stable enough and provides value to users as it is, and is fit for being part of a stable release. I am not saying with this that 90% of CPAN and Gems are crap — I am saying that they are probably early implementations, to be installed, tested and improved by developers, and still not apt for general public use. Or maybe not interesting enough to be packaged as a service for the non-techie public at large.

Oh, and one last point: Ruby is not a new language anymore. It is a mature, powerful language with different implementations, every time more stable... But it is a language deeply affected by the (not so new anymore either) the appearance of Rails. Why do I say this? Because although the language is in no way tied to Web development, many of its strongest uses are Web-oriented. How does this affect the current discussion? Well, because many people argue that users are no longer needed to install the software. Web systems are installed by sysadmins and used via a Web browser, and sysadmins are expected be more skilled than casual users. Still, in Debian (and in other distributions, surely) we try to make sysadmin's lives simpler — I have (again, talking out of personal experience) installed several webapps (and system tools, and whatnot) for which I never followed any instructions besides aptitude install foo — Using different languages, frameworks, and so on. Can I troubleshoot their installs? Probably, as there is a common logic for how the distribution I have chosen and specialized in works. Can I find causes for bugs in them? Possibly, although there are some languages and frameworks I dare not touch. Can I get help on getting them out of a tight spot? Surely, as there is a central bug tracking system for my distribution — And one of the maintainer's tasks is to separate the problems related to the distribution (packaging, installing, simple user questions and misconceptions) to those derived from real bugs upstream.

Anyway — I am not saying that our way is the best way. No, by a long shot. Again, developers should have an easy, convenient way for installing whatever they want to play with. And to publish it without jumping through hoops. With this post, I'm only trying to express –again– why Debian works the way it does. And hope for better cooperation in the future.

And as for several comments of what I read in Lucas' post, I think that there is interest for this synergy among some of the most committed Ruby people.

( categories: )

Copyright: Protecting who from whom?

Submitted by gwolf on Tue, 12/14/2010 - 13:58

As I'm not currently working on any suitable paper, I'll just post this to my blog so it does not completely slip off my radar ;-) Also, it might be interesting to my reader. Readers? Oh, there are two of you now? Good!

Yesterday, I learnt thanks to Beatriz Busaniche that a group of South American Free Culture activists launched number zero of a magazine that promises to be very interesting: Cultura RWX, cultura en modo lectura, escritura y acción (culture in reading, writing and action mode). Guys, best luck with this new project!

Anyway, reading it, I found this asseveration I want to keep at hand:

(…)cuando surge la industria musical aparecen los derechos de autor como forma de defensa de los productores musicales, específicamente los músicos. No tanto frente a los usuarios, porque hasta el “cassette” no existió posibilidad de copiar una obra musical. Era una defensa frente a las discográficas, que buscaban cerrar contratos muchas veces abusivos con los artistas.

— Música en Libertad: La industria musical frente al cambio de paradigma; Matías Lennie, adaptación: Sebastián Vazquez

Yes, yes, translating to English:

(…)when the musical industry was born, copyright appeared as a means of defense of the musical producers, specifically of the musicians. Not so much against the users, because up until the invention of the “cassette” there was no possibility to copy a musical creation. It was a defense against the discographic companies, which tried to close often abusive contracts with the artists.

Music in Freedom: Musical industry and the paradigm shift; Matías Lennie, adaptation: Sebastián Vázquez

I have argued (i.e. in here) in this same line regarding the birth of copyright itself — It was an arrangement that had to be made between writers and printers, back in the XVI/XVII centuries. Simple individuals were just unable to get anything of value out of the copying technology they had at hand.

Copyright was born in a time where reproduction required specialized equipment. Today, massive reproduction technology is a given for a good portion of the planet's population. Copyright now only defends big corporations — And will inevitably fade away as anachronic. Of course, it refuses to go without a fight... But it cannot win long-term. We cannot afford to allow it!

Back to... Normality?

Submitted by gwolf on Wed, 12/01/2010 - 14:20

For the past month, I got disconnected from basically all of my usual activities. Not only from Debian work (well, yes, I followed up on a couple of important bugs and releases, but I was in a very low power consumption mode of sorts), DebConf organization/following (some people have contacted me regarding the DebConf 12 venue decision, for which we should start working and have a presentation soon) — Even the always-so-important Real Life got pushed aside. I barely participated in this year's EDUSOL (On-line Encounter of Education and Free Software). Even work suffered — I asked my boss to hold any incoming requests for me (save, of course, for urgent stuff).

I am now shyly coming up from the hole I dug myself in for this time.

Why did I do such a thing?

I do not have a formal education beyond high school. Due to several personal issues, I was accepted to the best university in my country, and to the first generation of the study program I would definitively love to have followed, but didn't attend.

Of course, I had a fair bit of computing background, enough to be competitive and start working. After amazingly few years, I didn't only get a decent job, but I got a job precisely at the very university I wanted to study at (and where my father has worked for the past 40 years). And, even with some changes along the years, here I am with 10 years of laboral history in this university, with an academic position (although the smallest academic position, but still). It is one of my life's achievements, one of the things that makes me proudest of.

Still, I don't want to stay at this level for the rest of my life. And an institution such as this one has rules – Yes, flexible enough to allow me in, but rules whose importance I cannot deny. I aspire to become a professor/researcher at some point, and that is just not possible without filling in the prerequisites. Besides, I want to try my hand at teaching at a universitary level.

So, what choices did I have besides devoting at least four years to full-time study? Well, there is a government entity that evaluates and regulates formal education given by smaller universities — CENEVAL. For probably around ten years now, they have offered the ACREL (Acuerdo 286 Licenciatura) program to validate professional knowledge acquired through work experience – And I'm writing this detail as several people have asked me for details on it. So, once you are accepted in the program (basic requisites: Having a high school certificate, over 30 year old, and with over 10 years of provable work experience), they can grant a Licenciatura degree (i.e. the equivalent to a four-year study program). So, in order to get it granted, I have to:

  • Present a written exam, covering all of the areas of study. In my case (it varies depending on the program you are presenting), it was a 12 hour exam (over three sessions — IIRC I finished each session in around three hours of the four allowed). Questions are all multiple choice. For the Software Engineering degree, you are allowed to enter each session with up to five reference books. Rules vary depending on the area. The exam was long, although not too hard. And I'm proud to say that I reached outstanding level on each of the areas of the exam ☺
    If this information intersts you, do take a look at the links under the Study guides bullet at CENEVAL's information page. The areas to study, the style of the questions, and the general information on the exams are very close to what you will actually receive.
  • The second phase (oral exam) is split in two sub-phases. The first one, the one I have just finished, is the longest one: I was assigned a practical case to develop. In my case, I was requested to write a document detailing the methodology for writing a request-tracking system for a restaurant. I was given a month for this task — And in part, the reason that kept me so busy is that I subscribe to the idea that the best methodology to write an application is to write it, not just to document what you are about to do (and then fail to recognize you missed so many details). Then, there is yet another period (between one and three months, assigned randomly AFAICT) during which I would have to develop the application and a presentation, and defend it against a jury.
  • Some study areas (mainly those related to health) have a third step: A practical exam. Of course, I cannot go into details on this one.

Anyway... Enough of a blog posting. I hope this is useful for somebody. And I hope it explains why I have disappeared so much lately. If everything goes as planned, I expect to be receiving my "licenciatura" title around March, and afterwards... Well, we shall see!

Now... Back to work. And back to life. And back to my huge backlog of other pending things :)

( categories: )

This side up — Finally

Submitted by gwolf on Sat, 11/20/2010 - 23:38

Can I count myself in a majority of people that feel that, while the USB standard is a great advance regarding the way we used to connect our stuff to the computer some years ago (when we used a different cable for every friggin' device we had, and we had to care about having only one parallel and two seral ports in regular configurations, and don't even get me started on port settings — speed, parity, etc.), every time we hold a USB cable in our hand we feel one of the designer teams decided to play a prank on humanity by making the connector's orientation basically unguessable?

By the frustration this square thingy inflinges on us (being any other decent cable used on a computer either have a visually recognizable shape or just round and thus omnidirectional) I think that the rate by which I get the connector with the correct side up (or front, or right, or whatever) is way lower than 50%.

Anyway, I found that the standard does provide for a (IMO quite dubious but still better than guesswork at the port) way to distinguish which way up - Quoting from Wikipedia's entry on USB connectors:

(…)The side of the connector on a USB cable or other product with the "USB Icon" (trident logo) should be "visible" to the user during the mating process.(…)

Officially, the USB 2.0 specification states that the required USB Icon is to be "embossed" ("engraved" on the accompanying diagram) on the "topside" of the USB plug, which "provides easy user recognition and facilitates alignment during the mating process."

There are several caveats which make this less than ideal, some of which you already thought of, some others are in the referred article and I won't reproduce them. I am just amazed that... USB has been around for almost 15 years (and has been the most popular connection type for ~10 years). And I have never seen anybody apparently knowing this rule.

This was a public service announcement in the hopes you will be happier people armed with its knowledge.

Biking without a set destination: Basílica de Guadalupe

Submitted by gwolf on Mon, 10/25/2010 - 00:23

Sunday. A good day to take some time to myself, and get some much needed excercise. And the pseudo-meditation that comes with it: That's one of the factors I love the most about cycling. It's possibly my favorite way of just idling, of allowing for the time to pass without me noticing, just watching the movie of life, watching the world go around me with very little effort. I just love cycling.

I have posted here several mentions of the Ciclotón: Every month, the last Sunday, our city government closes a ~32Km circuit to make it for cycling (and skating, and walking, and jogging, and other human-powered locomotion) use. Whenever I am in the city and have the possibility, I do the Ciclotón. Two months ago, I even did it twice in a row, for a total of almost 70Km.

But this Sunday was not the last Sunday of the month! So, why am I writing this? Well, because when I left home today at ~10AM, I thought it was. Only when I reached Circuito Interior and had a «this is full of cars» moment, I remembered October has 31 days. And next Sunday I'll very probably be in Oaxaca city (for the Hackmitin 04h4ck4 2010). And I didn't want to miss the fun of a nice Sunday ride!

I don't care if streets are closed just for bikes — I am used to riding in traffic. Of course, this meant I would not take the central lanes in Circuito Interior on the way back, taking the ~10 bridges (which are quite tiring, to be honest!). It also meant I was free to make my own route. So, I thought, a nice small ~20-30Km ride will do. I'll just get to Eje 2 Sur or so, and back by another route (i.e. Plutarco E. Calles or so).

But as I got closer to Reforma, I realized that every Sunday (independent of a Ciclotón), Reforma is closed for the "Paseos Dominicales" - Shorter than a Ciclotón, but still a nice way to share the streets with other cyclists. So I headed for Reforma.

Part of Reforma (from the Ángel roundabout westward) was closed due to a –precisely– cyclist race. But from there eastwards we had the street for us. Good, lets head downtown.

The surprise came when I saw that it was not only towards downtown, but passing Av. Juárez, Reforma continued to be closed just for cyclist use northwards. Great! Lets see how far does it go. The first surprise there: A couple of days ago, it was the "Noche de los Alebrijes". The alebrijes are a beautiful and very elaborated Mexican typical handicraft, depicting psychodelic dragons or dragonic representations of animals. Of course, alebrijes are usually ~30cm long... But here we had huge ones! And verrrry elaborated! How much so? You tell me.

And as I started off... A nice thing about cycling is that you get to meditate. My body continued cycling, taking care not to run over the kids that are not so proficient, stoping at each red light... At some point, my mind entered back the body, and I realized we were passing by Tlatelolco (ok, to be honest, the picture was taken when crossing southwards, on my way back), about to cross Circuito Interior on the North, in that symbolically very strange place where Paseo de la Reforma (a long, beautiful avenue named after the war that marked the complete separation between church and Mexican state, in 1860) becomes two streets... Calzada de los Misterios and Calzada de Guadalupe. And, yes, it is among the greatest peregrination routes in the world. On December 12, the Holiday of the Guadalupe Virgin, up to 7 million people go visit her temple.

And also around here, when my mind was busy inside my body, I noticed a pair from the Un paseo a ciegas (roughly translated, a blind ride) program was riding just by me. I knew about this program, but had never seen them before – So I took the opportunity to get to know this program. Basically: Two people ride a tandem bike. The one in front, as always, drives and steers. The one in the back is a blind person, who gets the amazing sensation of freedom and enjoyment that only a bike gives you. Un paseo a ciegas is held every Sunday at 9AM except for the last Sunday every month. And I definitively want to be part of it! They told me the program has been adopted as well in Puebla, and if I recall correctly, it will soon be started in Querétaro and Guadalajara.

Anyway, by then I realized the ride was probably going to reach the Basílica, a very impressive church I had just visited for the first time ever a couple of weeks ago. And yes — we went all the way up Guadalupe until the place where the street gets impossible to bike on, then left along a small street, and back to the South by Misterios. Then, all the way along Reforma again, saying goodbye to Cuitlahuac, José de San Martín, Simón Bolívar, El Caballito, Cristobal Colón, Cuauhtemoc, La Palmera, El Ángel... And back home. Of course, not without the sight of some bizarre signs we enjoy so much to find, point at and laugh.

Have I ever told you, my nameless reader, that I love this city? I love getting surprised with so many great things. I love the distances I can safely ride on my bike without ever being far from a bike repair shop (which are only needed when they are far away). I love being surrounded by people breathing their freedom to take the streets. I love the safety of our wide, long streets (and no, I'm not joking here – Mexico City is among the safest places for cyclists I have been to). I love its weather, that allows me to go out and enjoy the street at any time of year. And I love biking in it, one of the best ways to get to know so many bits of the city I would have never ventured into otherwise.

( categories: )

Ruby dissonance with Debian, again

Submitted by gwolf on Wed, 09/29/2010 - 11:48

Lucas has written two long, insightful posts on the frustration about the social aspects of integrating Ruby stuff Debian – The first one, on September 12 and the second one, on September 29.

I cannot really blame (thoroughly) the Ruby guys for their position. After all, they have a vibrant community, and they are advancing great pieces of work. And they know who that code is meant for — Fellow programmers. And yes, although it is a pain to follow their API changes (and several of the Gems I regularly use do often get refactorings and functionality enhancements which break compatibility but introduce very nice new features), they say that's solved with one of Gems' main features being the simultaneous installability of different versions.

The key difference in Debian's worldview with Ruby's is they cater to Fellow programmers. Even leaving aside heaps of different positions and worldview/mindset, we have a fundamental difference: Debian cares about its users, whatever that means. So, our users should not even care what language a given application is implemented in – They should only care that it works. We, as packagers, should take care of all the infrastructural stuff.

And yes, that's where we find the conflicting spot: We don't want to ship many versions of a system library (that in this case would be a Gem). Specially if later versions fix known bugs in earlier versions and backports are not available or supported. Specially if upstream authors' only response to a bug in an older release will be "upgrade and rewrite whatever breaks in your application".

As an example of this, I am not currently updating the gems I maintain, as Debian is on a freeze to get out the next stable release. Or if at all, I am targetting those uploads to our Experimental branch, in order not to create a huge backlog for me when the freeze is over (just a series of rebuilds targetted at unstable). And yes, I will have to be responsible for any bugs that will most likely not be supported by most of my upstreams during the next ~2 years.

That's the role of a Linux distribution. And yes, as Lucas writes in the comments he got as responses to the first post – This dissonance comes in no small part because the Ruby developer community is mostly made from non-linuxers. People coming from a background where (mostly propietary) applications bundle up everything they need, where static linking is more popular than dynamic libraries, where there is no coordination between parts of the system are much less likely to understand our work.

And yes, the Perl community is a joy to work with in this regard. And that's the same I understand from the Python one. Because of their origins and where their main strength was grown and remains.

PS - And yes, I will join the flock of people saying that... The specific person that attacked your work is a great programmer, but well known as intolerant and obnoxious. Fortunately, even if our respective cultures fail to mix so much, most of our interactions just end with a "sigh" of lack of understanding, and not with the flames you got targetted with :-/

( categories: )

Damage control: Cleaning up compromised SSH keys

Submitted by gwolf on Wed, 09/22/2010 - 13:36

This morning, my laptop was stolen from my parked car while I was jogging. I do not want to make a big deal out of it.

Still, even though I am sure it was not targetted at my data (three other people at least were reporting similar facts in the same area), and the laptop's disk will probably just be reformatted, I am trying to limit the possible impact of my cryptographic identification being in somebody else's hands.

GPG makes it easy: I had on that machine just my old 1024D key, so it is just matter of generating a revocation certificate. I have done that, and uploaded it to the SKS keyservers - Anyway, here is my revocation certificate:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: A revocation certificate should follow

iHIEIBEIADIFAkyaOZwrHQJBIGNvbXB1dGVyIGNvbnRhaW5pbmcgdGhpcyBrZXkg
d2FzIHN0b2xlbgAKCRDYDvNai7UnrzWAAKC34eF76JQjxrZqSjNwcC0dU/5VbACg
gMIMmYg91Sl3y8KsZXdGj/rV7UE=
=rdlT
-----END PGP PUBLIC KEY BLOCK-----

But… What worries me more is access to the computers my ssh key works for. Yes, the ssh key uses a nontrivial passphrase, but still — SSH keys cannot be revoked (and this makes sense, as SSH should not add the delay, or potential impossibility, to check with a remote infrastructure whenever you want to start a session).

So, I generated a new key (and stored it at ~/.ssh/id_rsa.new / ~/.ssh/id_rsa.new.pub) and came up with this snippet:

  1. $ OLDKEY=xyHywJuHD3nsfLh03G1TqUEBKSj6NlzMfB1T759haoAQ
  2. $ for host in $(cat .ssh/known_hosts | cut -f 1 -d \ |cut -f 1 -d , |
  3. sort | uniq); do
  4. echo == $host
  5. ssh-copy-id -i .ssh/id_rsa.new.pub $host &&
  6. ssh $host "perl -n -i -e 'next if /$OLDKEY/;print' .ssh/authorized_keys"
  7. done

Points about it you might scratch your head about:

  • .ssh/known_hosts' lines start with the server's name (or names, if more than one, comma-separated), followed by the key algorithm and the key fingerprint (space-separated). That's the reason for the double cut – It could probably be better using a regex-enabled thingy understanding /[, ]/, but... I didn't think of that. Besides, the savings would be just for academic purposes ;-)
  • I thought about not having the ssh line conditionally depend on ssh-copy-id. But OTOH, this makes sure I only try to remove the old key from the servers it is present on, and that I don't start sending my new key everywhere just for the sake of it.
  • my $OLDKEY (declared in Shell, and only literally interpolated in the Perl one-liner below) contains the final bits of my old key. It is long enough for me not to think I'm risking collision with any other key. Why did I choose that particular length? Oh, it was a mouse motion.
  • perl -n -i -e is one of my favorite ways to invoke perl. -i means in-line editing, it allows me to modify a file on the fly. This line just skips (removes) any keys containing $OLDKEY; -n tells it to loop all the lines over the provided program (and very similarly, -p would add a print at the end – Which in this particular ocassion, I prefer not to have). It is a sed lookalike, if you wish, but with a full Perl behind.

Caveats:

  • This assumes you have set HashKnownHosts: no in your .ssh/config. It is a tradeoff, after all – I use a lot tab-expansion (via bash_completion) for hostnames, so I do have the fully parseable list of hosts I have used on each of my computers.
  • I have always requested my account names to be gwolf. If you use more than one username... well, you will have to probably do more than one run of it connecting to foo@$host instead.
  • Although most multiuser servers stick to the usual port 22, many people change the ports (me included) either because they perceive concealing them gives extra security, or (as in my case) because they are fed up with random connection attempts. Those hosts are stored as [hostname]:port (i.e. [foo.gwolf.org]:22000). Of course, a little refinement takes care of it all.,/li>
  • Oh, I am not storing results... I should, so for successive runs I won't try to connect to a system I already did, or that already denied me access. Why would I want to? Because some computers are not currently turned on. So I'll run this script at least a couple of times.

Oh, by the way: If you noticed me knocking on your SSH ports... please disregard. Possibly at some point I connected to that machine to do something, or it landed in my .ssh/known_hosts for some reason. I currently have 144 hosts registered. I am sure I triggered at least one raised eyebrow.

And I will do it from a couple of different computers, to make it less probable that I miss some I have never connected from while at the particular computer I am sitting at right now.

So... Any ideas on how to make this better?

( categories: )
Syndicate content