I am going to DebConf12!

Submitted by gwolf on Fri, 03/09/2012 - 17:10

I have just bought our plane tickets to Managua, so I can finally say this:


Yes, many of you will ask what happened, I was bragging everywhere I wanted to go by land, driving from Mexico City to Managua. I'd love to, and I'm sure it's completely doable... But we have family issues to attend on July 21, in Argentina. So we will have a beautiful flight schedule (and carbon footprint) for this July:

June 30
Mexico→San Salvador→Managua, 17:35-20:30. Yes, this means I will not be in Mexico to cast my vote on July 1st. Well, I had already accepted this would happen... And the price difference was quite sensible.
July 15
Managua→San José→Mexico, 16:25-22:20
July 16
Mexico→Santiago→Buenos Aires (AEP), 20:30-09:55
July 23
Buenos Aires (EZE)→Lima→Mexico, 08:35-19:00

Several people have asked me on the best airline options for this trip. In our case, to Managua, it was with TACA, US$518 total. You can get tickets for ~US$30 less, but the flight goes through Panama instead of San Salvador, for an extra 1000Km – And instead of ~3hr it makes slightly over 6. Yes, on our way back we will be routed a bit South to San José, but it's not as bad, and it's for a very short layover.

For Argentina? Well, we have always found LAN to be the cheapest and most convenient. This time, TACA/Avianca was a very close second, which lost due to almost doubling the flight+layover time

Why aren't we taking a Mexico→Managua→Buenos Aires flight instead? Because it's ~US$150 more expensive per person. Not *that* much, but still some money. And by returning to Mexico and having a night at home, we will save us the hassle of carrying Winter clothes to Nicaragua and Summer clothes to Argentina.

Oh, and if you are planning on dropping by home while we are away and robbing all of our stuff: There's not that much to take from there, and we have already arranged for somebody to be there while we are away. But thanks for thinking about us, anyway!

[update] And what about DebConf12 registration? When is the system opening for us all to register? Soon, dear friends, we are talking about some related issues, and you will have your registrationi open soon.

Left Google Reader for rssLounge

Submitted by gwolf on Mon, 02/20/2012 - 01:48

Ben mentions he left Google Reader and went back to Liferea, but mentions a series of bugs that keep him from being happy. After pondering it a bit, a couple of months ago I also left Google Reader, but I turned to a free webapp: rssLounge aggregator. Although it does not fully cover Ben's wishlist (I'll get to it now), I am happy using it as it covers my main need: Being able to read my stuff from just about everywhere, without installing even a ssh client (that would make public Windows machines a liability for me, as they could sniff my keystrokes while authenticating to my ssh server). So, for me, a webapp is basically a must.

Well, as for Ben's list:

  1. MAY be a desktop or web application.
    Check. Well, I don't know what would fail this :)
  2. If it's a web application, it MUST be reasonably secure, e.g. it must not be written in PHP.
    Fail. It's PHP. And that's my main reason for not uploading it to Debian — I use and enjoy this app every day, but it has some bugs I don't really feel like looking into. And yes, maintaining PHP code is ugly.
  3. If it's a web application, it MUST allow for multiple independent users on the same server.
    Don't really remember, I set it up just for myself. But in any case, you could install a different instance per user?
  4. If it's a desktop application, it MUST embed a browser engine (presumably Gecko or WebKit) so I can follow links without having to switch windows.
  5. MUST support organisation of feeds by folders or tags, including combined item lists.
  6. MUST keep track of which items have been read.
  7. MUST support a global 'unread items' list. SHOULD only remove items from this list when I refresh it, not as soon as I move away from an item.
    Pass. In fact, given that storage is cheap, I have set it to never expire old entries. I don't know if it will ever be useful, but as long as it does not hurt me...
  8. SHOULD support a three-pane (folder/list/item) view or something similar. Google Reader's list view with expanding items is perhaps even better, though it means links must be opened in a separate tab.
    It's more like Google Reader's
  9. SHOULD support folder and item navigation by keyboard.
  10. SHOULD have some way to flag/bookmark items for later attention.
  11. If it's a desktop application, it SHOULD have some sort of download manager to support podcasts.

So, Ben, with only one (big) fail, it might be a good candidate for you.

PS- And hard as it might seem, I am leading an almost-Google-free life now! :) But don't let them hear this, as we want them to keep sponsoring Summer of Code and DebConf.

( categories: )

Mexico City Metro project

Submitted by gwolf on Mon, 02/13/2012 - 00:13

Some days ago, reading my local Couchsurfing groups, I stumbled across an announcement by Australian Peter Davies to go to each of the 148 stations in the Mexico City Metro system, take some photos of the environment, and document on his impressions.

I have followed and enjoyed the Mexico City Metro blog since I learnt of it, and have grown used to looking forward to the daily post-or-two. Peter writes each of his entries both in English and Spanish (you can tell it's not a native Spanish, but it's a good effort). He has been doing the stations in a very well distributed order (I cannot say it's completely random, but it's surely not lineal or methodical).

I connected wiht his project as I love discovering the city more or less the same way, but with a different system: I try to have at least one long bike ride every two weeks (being "long" something over 40Km). I usually go either to the North or to downtown and to the East by the good old route I always take, and on my way back, at some point I decide just to turn right or left and discover yet another village slurped by the city. I don't usually take pictures, as I'm too much into the cycling thrill, left-right-left-right... But cycling has led me to appropriate my city (I don't know if that's proper English), to make my city really mine, to get to know parts of it I'd never otherwise go to.

Anyway, Peter's is a great way to document urban life. I'm in love with my city, and with expressions of urban appropriation. I loved his project, and if you are interested by what I say, go take a look at his wanderings in the city. I have suggested him two bits to check, but the work is very much an artist's — He accepts my input, but quite probably he will do whatever he pleases ;-) In case any of you is interested in contacting him, I can tell you for a fact he replies :-)

[*] And what is CouchSurfing? Oh, a great community where you can offer a space to crash at your house for unknown people from all around the world. I have never requested a couch, as the Free Software community is much more tightly knit, but I have offered it to several interesting people.

( categories: )

BugCon friends, are you trying to scare away 50%+ of the target audience?

Submitted by gwolf on Tue, 01/24/2012 - 10:11

You are scaring away much more than that.

I just came across an invitation for BugCon 2012.

BugCon is a Mexican conference devoted to computer security — I cannot comment on its level or value because, although it's a topic that has long interested me, I must recognize each day I feel less of an expert, nowadays finding myself at the level of a "sysadmin who tries not to be too dumb for his own job security". Oh, and also because it would be completely off-topic for this post.

If you look at Vendetta's (the main organizer) blog post, it will probably give you the impression that the conference is just an excuse for the afterparty: Lets go see some b00bs! Do you think your fellow female hackers will have any interest in joining a bunch of sex-starved, hormone-infested teenagers who only want to pwn a website and grab more pr0n? Do you think females will feel welcome (or even mildly safe) between you? I would not think so. And I also think you are alienating any professional who might have any interest in joining your community, be it as a member, as a mentor, or whatnot.

I cannot right now do a coherent post on this topic, but I can reference you to what I have seen (and read) over the last almost 10 years, when the issue was first brought up to our attention. I am very glad to see that, at least in the Free Software area, there has been a real change of mindset. I hope you are in time to think about it and rectify.

  • Timeline of incidents in Geekfeminism. Note that while it seems we see more as time passes, I am almost sure it's because we are more aware of the problem, not because it occurs more often. I hope I'm not mistaken.
  • Debconf ftp-masters talk. Myself a Debian person, my first contact with this problematic was being at the DebConf3 ftp-masters talk — And the discussion and action that followed. This led to the creation of the Debian Women group, one of the most (socially, not technically) influent parts of Debian. Great thanks and admiration to their members, as well as to the (male and female alike) people who have worked to form it and make it heard.
    I think Debian Women sparked other similar projects such as GnomeWomen (and there is a list with further projects in there), but I cannot authoritatively say who was there first.
  • Planet Fedora up-skirting photo (the original post is still available) showed the communit does no longer tolerate this behaviour. Good!
  • The Open Source Boob Project. One of the most childlike attempts at humor that surely alienated many would-be female geeks.
  • Another conference season, another dumb sexist, a post by Piers Cawley addressing this issue after attending the CouchDB + Ruby: Perform like a Pr0n star talk. Quoting him, Apparently, the difference between 80s truck salesmen and Matt’s audience is that at least 80s salesmen had the grace to look embarrassed.
  • Liz Keogh: "I am not a pr0n star: Avoiding unavoidable associations", a hacker woman that clearly felt offense by the CouchDB Pr0n Star joke, and did a thorough and interesting analysis, extending the effects to your work environment.
  • Just Say You're Sorry Already (regarding the same incident on CouchDB+Ruby)
  • Richard Stallman's EMACS virgins joke incident. It's sad how it's impossible to get Stallman to acknowledge he can also make mistakes and make feel people insulted.
  • [update] And of course, MadameZou mentions the very important 2002 HOWTO: HOWTO encourage women in Linux?

Oh, and not the description of an incident, but a very interesting and thoughtful take on this: [pdf] Interesting analysis by Hannah Wallach on the numbers and motivations of women in Free Software groups. I don't know if Hannah has published this in article form, but many interesting points can be understood by looking at the presentation.

My good friend Vendetta: I don't mean this post (longer than what I originally intended) as a way to say you and the conference you are organizing for the third year (IIRC) already is unprofessional or targetted to pimply teenagers. I know the work you have put in it. I hope you see the points I'm trying to drive — You are of course free to have whatever afterparty you have. But, if as the main organizer, you are giving the images of nice chicks at Hooters more weight and relevance than to the conference itself... you are doing yourself a disservice. I hope you can rectify it, and make BugCon attractive to hacker women as well.

( categories: )

A happy and disconnected new year

Submitted by gwolf on Sun, 01/01/2012 - 14:21

I came to Argentina with my girlfriend to visit her family and friends, and to spend here some disconnected days during my winter^Wsummer vacations. And so it was, we had some very nice, relaxing days, with everything running smooth and with infrequent but enough sessions of mail access to withstand the disconnection without pain.

Of course, I didn't anticipate that the Network Operations Center of my university would break my institute's connectivity while performing their planned maintenance on December 23. After some days, I was able to talk with one person in the university, but connectivity was not restored. Nobody with knowledge to look at the firewall's screen is available.

So, as of today (happy new year 2012!), I have been mail-less for over a week. I will be back in my office soon now, so I'll get mail connectivity within the upcoming week.

Meanwhile, everybody who mailed me for any reason (job, Debian, holiday greetings, whatever)... Well, I'm sad to tell you that the mails were lost. But worry not, I will act as if nothing like that happened and I received all of your best wishes.

( categories: )

On the social-based Web and my reluctance to give it my time

Submitted by gwolf on Wed, 11/09/2011 - 12:55

I recently started getting mails from Usually, a mail from no-reply@whatever is enough to make me believe that the admins of said whatever are clueless regarding what e-mail means and how should it work. And in this case, it really amazes me — If I get an invite to Diaspora*, right, I should not pester a hypothetical to get me off his list, but I should be able to reply to the person mailing me — Maybe requesting extra details on what he is inviting me to, or allowing me to tell him why I'm not interested. But yes, Diaspora* has fallen to the ease of requiring me to join their network to be able to communicate back with the "friend" who invited me.

Some of the (three?) readers of this site might not be familiar with the Diaspora* project. It is a free reimplementation (as far as I know) of something similar to Facebook — Free not only in the sense that it runs free software, but also because it is federated — Your data will not belong to a specific company (that is, you are not the value object they sell and make money with), but you can choose and switch (or become) the provider for your information. A very interesting proposal, socially and technically.

I find that a gross violation of netiquette. I should be able to reply to the mail - Even if in this case it were to (and sorry – As you are spreading my name/mail, you will excuse me if I spread your name ;-) ) Such an (fictional FWIW) address would allow for mail to reach back the submitter by the same medium it was sent, without allowing open spamming into the network.

Now, what prompted me to write this mail (just before adding to my blacklist) is the message I got (in an ugly HTML-only mail which erroneously promised to be text/plain, sigh...) is that Fernando sent me as the inviting message, «So, at least are you going to give Diaspora a chance?»

The answer is: No..

But not because of being a fundamentalist. Right, I am among what many people qualify as Free Software zealots, but many of my choices (as this one is) is in no way related to the software's freeness. I use non-free Web services, as much as many of you do. Yes, I tend to use them less, rather than more (as the tendency goes).

But the main reason I don't use Twitter is the same reason I don't use, its free counterpart — And the reason I'm not interested in Facebook is the same reason I will not join Diaspora* — Because I lack time for yet another stream of activity, of information, of things to do and think about.

Yes, even if I care about you and I want to follow what's going on in your life: The best way to do it is to sit over a cup of coffee, or have some dinner, or to meet once a year in the most amazing conference ever. Or we can be part of distributed projects together, and we will really interact lots. Or you can write a blog! I do follow the blogs of many of my friends (plus several planets), even if they have fallen out of fashion — A blog post pulls me to read it as it is a unit of information, not too much depending on context (a problem when I read somebody's Twitter/Identica lines: You have to hunt a lot of conversations to understand what's going on), gives a true dump of (at least one aspect of) your state of (mind|life|work), and is a referenceable unit I can forward to other people, or quote if needed.

So, yes, I might look old-fashioned, clinging to the tools of the last-decade for my Social Web presence. I will never be a Social Media Expert. I accept it — But please, don't think it is a Stallmanesque posture from me. It is just that of a person who can lose too much time, and needs to get some work done in the meantime.

(oh, of course: Blog posts also don't have to make much sense or be logically complete. But at least they allow me to post a full argument!)

( categories: )

The book: Available for sale

Submitted by gwolf on Fri, 10/28/2011 - 10:41

This is an update to my last post regarding the «Construcción Colaborativa del Conocimiento» book.

The book is, as we have repeatedly stated, available online for download — Both as a full PDF or chapter by chapter. In the website you will also find videos of all of the conferences held.

But holding a printed book in your hands is just a different experience, isn't it? :-) Anyway, I said I would give here an update on how to get your hands on it. The main venue would be through my University's e-store. I recommend it to anybody interested in buying the book in Mexico. The book's list price is MX$300 (around US$27), but it is currently sold at half price — I don't know how long will that price be offered.

On the other hand, we also uploaded it to the self-publishing service. Of course, given I have not seen the printed results, I cannot assure you the resulting product will be of the same quality as the one we got here, but I have a couple of books I have bought at lulu, and their quality is quite acceptable. So, you can also buy it from Note the 20% discount it shows will be permanent — That's what I would get as an author, a payment I decided to forefit given we are 11 authors and it would be unfair to collect it all myself. So, the price at is US$12.64 plus shipping — Very similar to the price at UNAM.


«Construcción Colaborativa del Conocimiento», the book: Finally!

Submitted by gwolf on Tue, 10/25/2011 - 19:25


Last Friday, after two years worth of work, I finally got the first box of books for the Construcción Colaborativa del Conocimiento (Collaborative Knowledge Construction) project I worked on as a coordinator together with Alejandro Miranda (pooka), and together with a large group of 11 authors:

Translating over from the back cover text (and this is just a quick translation from me — It reads better in Spanish ;-) ):

What defines us as humans is our ability, on one side, to
create knowledge, and on the other, to share or communicate it with our neighbors. Both features have worked together over tens of thousands of years, and, working together, have led the knowledge to transcend the individual, avoiding the need to rediscovery or reinvention of is already known. Sharing knowledge is what has taken our species to the dominant role it occupies today.

But knowledge creation and sharing has seen a deep transformation in recent decades, thanks to the quick evolution of telecommunications, specially the massification of Internet and cellular telephony. We are transiting towards the so desired –and at the same time so feared– knowledge society.

In this book, eleven authors from very different disciplinary backgrounds and geographic origins ellaborate on how a hyper-connected world has modified the basic rules of interaction in areas as diverse as artistic creation, social organizations, computer code development, education or the productive sector.

This book is the result of a year worth of work for in the "Collaborative Construction of Knowledge" seminar, during which we
used the same new forms of knowledge production we have studied.

The videos of the sessions, electronic participations and the full contents of this book are available under a permisive license at

We will soon have the book ready in IIEc's e-store (which is mostly meant for national requests). I am also uploading the book to the self-publishing service, and we are working on a epub-like edition. Right now it is still not available, but it should be there in some days. I will keep you posted.

Meanwhile, the full contents can be read online at

e-voting: Something is brewing in Jalisco...

Submitted by gwolf on Mon, 09/26/2011 - 18:14

There's something brewing, moving in Jalisco (a state in Mexico's West, where our second largest city, Guadalajara, is located). And it seems we have an opportunity to participate, hopefully to be taken into account for the future.

Ten days ago, I was contacted by phone by the staff of UDG Noticias, for an interview on the Universidad de Guadalajara radio station. The topic? Electronic voting. If you are interested in what I said there, you can get the interview from my webpage.

I held some e-mail contact with the interviewer, and during the past few days, he sent me some links to notes in the La Jornada de Jalisco newspaper, and asked for my opinion on them: On September 23, a fellow UNAM researcher, César Astudillo, claims the experience in three municipalities in Jalisco prove that e-voting is viable in the state, and today (September 26), third generation of an electronic booth is appearingly invulnerable.

Of course, I don't agree with the arguments presented (and I'll reproduce the mails I sent to UDG Noticias about it before my second interview just below — They are in Spanish, though). However, what I liked here is that it does feel like a dialogue. Their successive texts seem to answer to my questioning.

So, even though I cannot yet claim this is a real dialogue (it would be much better to be able to sit down face to face and have a fluid conversation), it feels very nice to actually be listened to from the other side!

My answer to the first note:

El tema de las urnas electrónicas sigue dando de qué hablar por acá en Jalisco... nosotros en Medios UDG hemos presentado distintas voces como la del Dr. Gabriel Corona Armenta, que está a favor del voto electrónico, del Dr. Luis Antonio Sobrado, magistrado presidente del tribunal supremo de elecciones de Costa Rica, quien nos habló sobre los 20 MDD que les cuesta implementar el sistema por lo que no lo han logrado hasta el momento, pudimos hablar hasta argentina con Federico Heinz y su rotunda oposición al voto electrónico y por supuesto la entrevista que le realizamos a usted.

Sin embargo este día La Jornada Jalisco publica la siguiente nota

nos gustaría saber cuál es su punto de vista al respecto,

quedo a la espera de su respuesta


Pues... Bueno, sé que el IFE hizo un desarrollo muy interesante y bien hecho hace un par de años, diseñando desde cero las urnas que proponían emplear, pero no se instrumentaron fuera de pilotos (por cuestión de costos, hasta donde entiendo). Se me hace triste y peligroso que el IEPC de Jalisco esté proponiendo, teniendo ese antecedente, la compra de tecnología prefabricada, y confiando en lo que les ofrece un proveedor.

Se me hace bastante iluso, directamente, lo que propone el título: «comicios en tres municipios prueban la viabilidad del voto electrónico en todo el estado». Pongámoslo en estos términos: ¿El que no se caiga una choza de lámina con estructura de madera demuestra que podemos construir rascacielos de lámina con estructura de madera?

Ahora, un par de párrafos que me llaman la atención de lo que publica esta nota de La Jornada:

la propuesta de realizar la elección en todo el estado con urnas electrónicas que desea llevar a cabo el Instituto Electoral y de Participación Ciudadana (IEPC) es viable, pues los comicios realizados en tres municipios son pruebas suficientes para demostrar que la urna es fiable

y algunos párrafos más adelante,

“Cuántas experiencias más se necesitan para saber si es confiable, 20, 30, no lo sé (...) Pero cuando se tiene un diagnóstico real, efectivo y serio de cuándo técnicamente procede, se puede tomar la decisión”

Como lo menciono en mi artículo... No podemos confundir a la ausencia de evidencia con la evidencia de ausencia. Esto es, que en un despliegue menor no haya habido irregulares no significa que no pueda haberlas. Que haya países que operan 100% con urnas electrónicas no significa que sea el camino a seguir. Hay algunas -y no pocas- experiencias de fallas en diversos sentidos de urnas electrónicas, y eso demuestra que no puede haber confianza en las implementaciones. Aunque el equipo nos saliera gratis (que no es el caso), hay que invertir recursos en su resguardo y mantenimiento. Aunque se generara un rastro impreso verificado por el votante (que sólo ha sido el caso en una pequeña fracción de las estacione de votación), nada asegura que los resultados reportados por el equipo sean siempre consistentes con la realidad. El potencial para mal uso que ofrecen es demasiado.


And to September 26th:

Disculpe que lo molestemos otra vez, pero este día fue publicada otra nota más sobre el tema de las Urnas electrónicas en Jalisco donde se asegura que la urna es invulnerable.

¿nos podría conceder unos minutos para hablar con usted, como la vez pasada, vía telefónica sobre el caso específico de Jalisco, en referencia a estas notas publicadas recientemente? si es posible ¿podría llamarle este día a las 2 pm?

Quedo a la espera de su respuesta agradeciéndole su ayuda, apreciamos mucho esta colaboración que está haciendo con nosotros



Respecto a esta nota: Nuevamente, ausencia de evidencia no es evidencia de ausencia. Se le permite a un pequeño segmento de personas jugar con una máquina. ¿Significa eso que fue una prueba completa, exhaustiva? No, sólo que ante un jugueteo casual no pudieron encontrar fallos obvios y graves.

Un verdadero proceso que brindara confianza consistiría en (como lo hicieron en Brasil - Y resultaron vulnerables) convocar a la comunidad de expertos en seguridad en cómputo a hacer las pruebas que juzguen necesarias teniendo un nivel razonable de acceso al equipo.

Además, la seguridad va más allá de modificar los resultados guardados. Un par de ejemplos que se me ocurren sin darle muchas vueltas:

  • ¿Qué pasa si meto un chicle a la ranura lectora de tarjeta magnética?
  • ¿Qué pasa si golpeo alguna de las teclas lo suficiente para hacerla un poquito menos sensible sin destruirla por completo? (o, ya entrados en gastos, si la destruyo)

La negación de servicio es otro tipo de ataque con el cual tenemos que estar familiarizados. No sólo es posible modificar el sentido de la votación, sino que es muy fácil impedir que la población ejerza su derecho. ¿Qué harían en este caso? Bueno, podrían caer de vuelta a votación sobre papel - Sobre hojas de un block, probablemente firmadas por cada uno de los funcionarios, por ejemplo. Pero si un atacante bloqueó la lectura de la tarjeta magnética, que es necesaria para que el presidente de casilla la marque como cerrada, despojó de su voto a los usuarios.

Sí, se tienen los votos impresos (que, francamente, me da mucho gusto ver que esta urna los maneja de esta manera). El conteo es posible, aunque un poco más incómodo que en una votación tradicional (porque hay que revisar cuáles son los que están marcados como invalidados - no me queda muy claro cómo es el escenario del elector que votó por una opción, se imprimió otra, y el resultado fue corregido y marcado como tal)... Pero es posible.

Sin embargo, y para cerrar con esta respuesta: Si hacemos una corrida de prueba, en circunstancias controladas, obviamente no se notarán los muchísimos fallos que una urna electrónica puede introducir cuando los "chicos malos" son sus programadores. ¿Podemos estar seguro que este marcador Atlas-Chivas-Cruz Azul tenga el mismo índice de fiabilidad como una elección de candidatos reales, uno de los cuales puede haberle pagado a la empresa desarrolladora para manipular la elección?

Y aún si el proceso fuera perfecto, indican aquí que están _intentando_ licitar estas urnas (y nuevamente, si lo que menciona esta nota es cierto, son de las mejores urnas disponibles, y han atendido a muchos de los señalamientos - ¡Qué bueno!)... ¿Para qué? ¿Qué nos van a dar estas urnas, qué va a ganar la sociedad? ¿Mayor rapidez? Despreciable - Media hora de ganancia. ¿A cambio de cuánto dinero? ¿Mayor confiabilidad? Me queda claro que no, siendo que no sólo somos cuatro trasnochados los que ponemos su sistema en duda, sino que sus mismos proponentes apuntan a la duda generalizada.

La frase con la que cierra la nota se me hace digna para colgar un epílogo: "en ese futuro quizá no tan distante la corrupción también ocurre y ésta se debe siempre al factor humano". Y el factor humano sigue ahí. Las urnas electrónicas son programadas por personas, por personas falibles. Sin importar del lado que estén, recordarán la polémica cuando se hizo público que la agregación de votos en el 2006 fue supervisada por la empresa Hildebrando, propiedad del cuñado del entonces candidato a la presidencia Felipe Calderón. ¿Qué evita que caigamos en un escenario similar, pero ampliamente distribuído? Y aquí hay que referirnos a la sentencia de la Suprema Corte de Alemania: En dicho país, las votaciones electrónicas fueron declaradas anticonstitucionales porque sólo un grupo de especialistas podrían auditarlas. Una caja llena de papeles con la evidencia clara del sentido del voto de cada participante puede ser comprendida por cualquier ciudadano. El código que controla a las urnas electrónicas, sólo por un pequeño porcentaje de la población.

( categories: )

LVM? DM-RAID? Both? None?

Submitted by gwolf on Sat, 09/17/2011 - 13:06

Patrick tells about his experience moving from LVM to RAID.Now, why do this? I have two machines set up with LVM-based mirroring, and they work like a charm - I even think they work with better flexibility than setting it up in a RAID-controlled way, as each of the partitions in a volume group can be easily set to use (or stop using) the mirroring independently, and the requisite of having similar devices (regarding size) also disappears. Of course, this flexibility allows you to do very stupid things (such as setting up a mirror on two areas of the same rotational device - Good for toying around, but of course, never to be considered for production). And the ability to online grow and shrink partitions is just great.

So, Patrick, fellow readers, dear lazyweb, why would you prefer LVM-based mirroring to a RAID alternative? Or the other way around?

( categories: )

Language designers, API designers, PHP and utter fails

Submitted by gwolf on Wed, 09/07/2011 - 13:20

After many years of successfully dodging doing any serious programming in PHP, I had to get my feet wet with PHP for my RL job: I was requested to develop a simple but non-trivial module for our Institute's Drupal-based webpage.

It basically meant two and a half weeks devoted to head-scratching: I had read the very good John van Dyk's Pro Drupal Development book, and knew it would be an important resource were I to face writing a module or work on a theme beyond the most basic stuff… So I checked it out of the library, and started basically writing something similar to my good and trusty Perl code. After all, PHP seems quite similar to Perl, although forcing you to write more for no gain (i.e. requiring an array() declaration whenever you want to store more than one value together) or lacking important and useful constructs (not having a sane way to prepare a SQL statement for multiple executions with different parameters — Yes, there are DB access methods that do provide it, but Drupal 6 does not use them).

Anyway, book in hand, I started understanding while implementing (which is way different than just reading the book, right?) Drupal's notions. I cannot say I like them, but it's… ahem… doable.

Now, I hit a problem twice. I chose to ignore it the first time, as it was a corner case I'd look into later on, but had to devote for hours of my attention later on. When designing the menu (which for Drupal means not only the facility which prepares/displays links to the bits of functionality, but also the access control layer and the action dispatcher — a huge yay! for responsability separation!), I had only two access levels: Public and administrator. So, this seemed like a good fit:

  1. $public = array('first/action', 'second/action',
  2. 'third/action', 'something/else');
  4. foreach (array_keys($items) as $item) {
  5. if (array_search($item, $public)) {
  6. $items[$item]['access callback'] = TRUE
  7. } else {
  8. $items[$item]['access arguments'] = array('diradmin');
  9. }
  10. }

But... No matter what I did, the first element in $public refused to be publicly visible.

It was not until after a severe amount of head-scratching I came across this jewel in the PHP online manual:


This function may return Boolean FALSE, but may also return a non-Boolean value which evaluates to FALSE, such as 0 or "". Please read the section on Booleans for more information. Use the === operator for testing the return value of this function.

GRAH. Using a sane language for some time had made me forget about the problems of true/false sharing space with other meaningful values. So, yes, checking for inclusion of a value in an array in PHP this way should be compared with class-bound identity (that's what === means) to FALSE, or better yet, using a function that exclusively returns a boolean (as in_array()).

Anyway… While arrays (which in PHP are any kind of list, be it keyed as a hash or consecutive as a traditional array) are such an usual construct in any language, please do take a look at PHP's array-handling API. Too long. Too complex. Too many corner cases.

I cannot but wonder what keeps PHP as a popular language. It hurts.

( categories: )

Free Software must migrate to become Free Culture

Submitted by gwolf on Tue, 07/12/2011 - 00:45

Cineast and Free Culture activist Nina Paley wrote some days ago a rantifesto on why the FSF has a double standard: Why are the Freedoms guaranteed for Free Software not guaranteed for Free Culture?, by not following its own very strict rules on software when it comes to culture as a whole. Her post was widely circulated, and got (at least) one reply by fellow Debian Developer Wouter Verhelst, largely agreeing with her, and an anti-rantifesto by Joe Brockmeier — Which was promptly answered again by Wouter with a very fun and inspired post, written from the right angle: From the viewpoint of a person who is both a programmer and a musician, and understands the concepts at hand.

I'd love to write a longer, better thought post — But I'm tired and frankly stressed by many things, so I am just echoing their very interesting discussion to other people who might want to read it.

I have been thinking and writing bits on that subject over the last couple of months. An example of that was the talk I gave at the Senate ~6 weeks ago. Following that talk, I wrote a short article for Revista Zócalo (a widely circulated magazine mainly dealing with Mexican politics and social issues) called simply Software libre, cultura libre (full text available, but in Spanish only — You can try reading an automated translation if it suits you). I wrote the article, mind you, with very limited time, and I'll be the first to recognize the prose was quite poor this time :(

Anyway — My point is that our nature is to share culture, to build it in a collaborative fashion, and having the Internet as a practically zero-cost, zero loss medium with which we can interchange our creativity with other like-minded people will naturally boost creativity. Free Software emerged before other Free Culture groups just because programmers had privileged access to Internet in the 80s and early 90s; as network access –and digital creation tools– have got to more people, it's just natural for all kinds of free culture to grow.

Software is just a form of knowledge. Code is just a notation for a certain kind of ideas, just as the mathematical or musical notations. I believe (and hope) it's just unavoidable for us all to eventually switch to a mainly free cultural creation system.

( categories: )

DebConf13 at home? Why not?

Submitted by gwolf on Sat, 07/02/2011 - 21:30

We are few weeks away from the start of DebConf11. Excitement runs high in Debian-land. The two most worthy weeks of the year, every year, loom close. Our Bosnian friends have done a great job of finding and defending an amazing proposal, and are now facing the hard work and permanent adrenaline levels of being in charge of the closest I have seen to a herd of (well-behaved but wild and untamable) cats.

I have organized DebConf in my country. It was hellish, but at the same time, it's one of my most cherished experiences. And I'm sure the same will be said by the leaders of each successive bid — It is one of the most rewarding experiences you can imagine.

Next year, DebConf will be held in tropical Managua, Nicaragua. But, where will we meet in 2013? Well, that depends on you, my dear reader! Do you want to work your ass off for Debian and have utter fun? Do you want to show and share your country with this huge family of developers? Start thinking about pushing for a DebConf13 bid!

Do you have to be at Banja Luka to propose your bid? No. You can proxy via somebody — I'd suggest to do it via somebody who knows the location you are suggesting, but basically, choose a friend that you trust that trusts you. Of course, you can participate in the presentation session via IRC.

Do you have to be a Debian Developer to propose a bid? No. For DebConf9, none of the Cáceres guys was a DD; for DebConf10, some of the people most involved from the local New Yorkers were not DDs. For DC11, none of our dear and overworked hosts in Bosnia are DDs. And for DC12, the Nicaraguan crew is also made from people interested in getting closer to the Debian project, but not DDs.

Do you have to decide now? No. This is just a call for a first presentation, but the decision regarding DC13 will be taken probably around March 2012. However, giving a nice presentation at DebConf helps a lot, gives you visibility, and will get the ball rolling.

Is there a geographical bias? Slight. So far, and since the second DebConf, we have kept the tradition not to repeat continents on two successive DebConfs. This is not a hard condition, however!

What do you need to start thinking about? Go visit our prospective location checklist at You can also look at what other teams have historically presented. Finally, I just learnt about the existence of — Register there, even if you are just in the early phases of finding data.

We will be holding a DebConf13 bids presentation session, most probably (the schedule is close to being presented officially!) on 30-07-2011, at 17:00.

( categories: )

Yet another flurry of invites‽

Submitted by gwolf on Fri, 07/01/2011 - 10:01

Umh, so Google created yet-another-beta-service with yet-another-invite-only stage. Whee! And this time they choose a name yet more stupid to their previous attempts (Wave, Buzz — now it's simply Google+).

And yes, some of my friends have mailed me invites (or offered them to me by chat) so I can join the fun and love, and lose the few free time I still have.

Guys, I care about you. I even love you all! But no, I don't care the least for so-called-social-network invites. I am quite a mess managing my time as it stands.

And I cannot reply this to you in person, as Google+ sends mails with a very helpful sender ( or variations of it), I have just added this to my .procmailrc:

  1. :0
  2. * ^From:.*noreply.*
  3. /dev/null

What does this mean in human? That instead of manually ignoring your invitations and feeling bad about not answering to you, dear friends, I'll leave that job to my computer. I will not receive any Google+ invites.

Just as I don't receive Twitter and Facebook spam, FWIW.

Thanks for thinking about me!

Wow... IP lawyers are from another planet

Submitted by gwolf on Wed, 06/22/2011 - 19:40

Second speaker at today'sseminar,Vladimir Mojica. He is talking about th legal backing for DRM and TPM as well as laws against circumvention. He quotes USA's DMCA as one of the most complete, advanced and forward-minded laws,inviting the audience to push for such a law here.

I hope he gets to my (written)question, as today is a very important day in this regard: The Senate has requested the presidency to reject signing the ACTA treaty!
[Update] The Senate is sending Resolution agreeing to prompt the Federal Executive Power titular to instruct the State Secretaries and other dependencies involved in the Anti-Counterfeiting Trade Agreement not to sign said agreement, as it would hinder free interchange of legal material. It also mentions the ISPs should not become de-facto authorities to define when an intellectual/intangible properties right violation is in course, and that it would be unacceptable for ISPs to monitor the users' activities in the net, or to analize the content of the IP packets.

Very good news, in a document very well made, in a precise, legal and coherent(!) way.

( categories: )
Syndicate content