Debian

warning: Creating default object from empty value in /home/gwolf/drupal6/modules/taxonomy/taxonomy.pages.inc on line 33.

Internationalizing into your local customs

Submitted by gwolf on Wed, 12/30/2009 - 14:08

It seems strange to me. I don't think I know people as aware of internationalization issues as Bubulle, a.k.a. Christian PERRIER, and I have the feeling his last post regarding how he shall address himself is somewhat short-sighted. That might just mean I am in an even worse position.

First, I recognize Christian's concern, but not only when dealing with people from around the globe – It happens in my everyday life. When you show an ID stating Gunnar Eyal Wolf Iszaevich, the first reaction is a blank stare of disbelief, only to be followed by a question: So, what is your name?

So I understand Christian wants to make it easier for people to guess what his name is in the least obtrusive way possible. I have seen the convention he suggests (uppercasing the family name) AFAICT used by French and Japanese people. But for me, it is intuitively backwards. If I were to emphasize a part of my name, it would be the part by which I expect people to address me with – I would write GUNNAR Wolf. And yes, I usually leave out my second given name and my mother's family name, as it is customary here.

Well, anyway... Reading my name, few people would guess I live in Mexico. Even fewer will believe I was born here. And if somebody calls me by the wrong part of my name, I won't feel at all offended. I strongly prefer my name to be used, as I like to be addressed casually, but quite often I am introduced as Dr. Wolf, in what at most would be an ex-profeso honoris causas doctorate, or at least an ignoratis causas one.

Source format 3.0 (quilt) for teh win!

Submitted by gwolf on Wed, 11/25/2009 - 14:26

My Debian QA page shows what I consider to be a huge amount of packages — I am currently uploader for 207 packages. Why so many? There are many factors — The main one is group maintenance (I'm directly responsible only for 19; of course, this should not mean I disregard the rest of them), the second one is regularity. By far, most of my source packages (177) match lib.*perl, followed by lib.*ruby with 20.

Anyway — A strong factor that allows the pkg-perl group to be successful in maintaining 1411 packages is the regularity of the task: Packaging Perl modules is usually as easy as running dh-make-perl on them (of course, not taking away the merit of packaging the few strange corner cases…

In Ruby-land, the landscape is quite different. The developer community is quite anchored in agile worldviews, which go beyond coding practices and all the way over to confronting the way most Free Software projects distribute their work. I have previously ranted presented informed and opinionated blog posts on this topic — Ruby culture dictates the distribution via Ruby Gems, which are for many reasons not Debian friendly. Besides Gems, most projects have adopted Git for development tracking and are hosted under Github — That's why I came up with Githubredir, which basically presents an uscan-friendly listing of tags for a given project.

But if you develop in Git, you might want to split a project in its constituent parts for easier organization, without meaning that each subproject should be an independent project by itself, right? After all, that's what Git submodules are for. That's what happened with a great PDF generating library for Ruby, Prawn. Thing is, the three parts of the main project are required for the project to be built.

Anyway, that was a great reason to move the package over to the new dpkg 3.0 (quilt) source format. And, yes, it is a straightforward move! If you have not yet done so, take a look at Raphael Hertzog' explanation+FAQ wiki page. It just works, and makes many things way easier.

There are still some wrinkles in my packaging, like where I'm getting the orig tarballs from — As the submodules are not presently tagged in any way, I was only able to download a snapshot of their respective current master branches. This is suboptimal, I know, but I have talked to the upstream author, and he confirms that for the next major version (which should not be long in coming) the tags will be synchronized, and things will be even cleaner.

PS- I love Hpricot. To get the numbers for my QA page, I just had to get three dirty but useful arrays:

  1. require 'hpricot'
  2. require 'open-uri'
  3. url = 'http://qa.debian.org/developer.php?login=gwolf&comaint=yes'
  4. doc = Hpricot(open(url))
  5. tot = ( (doc / 'table' )[1]/'tr').map { |row|
  6. (row%'td' % 'a').inner_html rescue nil}.select {|i| i}
  7. team = ( (doc / 'table' )[1]/'tr').map { |row|
  8. (row%'td' % 'span.uploader' % 'a').inner_html rescue nil}.
  9. select {|i| i}
  10. mine = ( (doc / 'table' )[1]/'tr').map { |row|
  11. (row%'td' % 'span:not(.uploader)' % 'a').inner_html rescue nil}.
  12. select {|i| i}

And work from the three very simple lists there — i.e. tot.select {|pkg| pkg =~ /lib.*perl/}.size gives me 177.

( categories: )

Personal assessment about myself: Being slow everywhere…

Submitted by gwolf on Mon, 11/16/2009 - 10:40

Sigh…

I am starting to fill up my annual report for my real-life work. You know, that chore you must do every year where you score little bullets next to each completed project and talk well about yourself. For my workplace, fortunately, I do not have to lie and convince people I am worth rehiring - As this year I achieved definitividad as a Técnico Académico Asociado C de Tiempo Completo at my University, I can say for sure I have long-term job safety. UNAM is the best place for me to work, and I am most grateful — Even if I do want to advance for the future, even though I would strongly like at some point to start working in a real academic position — My job is mostly operative, limited to keeping things running smoothly in our network and servers. I work in a social sciences (Economics) research institute, and even though I have taken on an interesting project that is viewed from the social sciences I do expect to finish with a very interesting product in the near future, my interest lies in computing as a science.

Anyway, back on track… This is the time of year to start evaluating many things, many factors, from many different sides. And yes, for me that involves measuring how am I faring in my involvement in the projects I most care about — Specifically, Debian, but also several other Free Software projects, even if my involvement in them is mostly organizational.

I am once again going through a tough period in my personal life, and the impact it carries is obviously deep. However, I am not fond of finding excuses for my underachievement or underperformance. And that's what I feel now. Even more when I see posts such as Zack's and Tim's status updates, and when I see that we continue to be on a history-high streak of RC bugs.

Regarding the several teams I am (at least formally) involved with in Debian, I have been away from the pkg-perl group for far too long... It is still my first group when it comes to identifying myself with - Both as on a personal level, as I consider them as good friends and great people to work with, and I do feel the responsability to share the load with them, as maintaining >1300 packages (even if they are so highly regular) is just not an easy task. But for over a year, my involvement has been basically zero. I have been a bit more active on pkg-ruby-extras, maybe paradoxically as it is a smaller team and with less packages (as I know it is much less probable for somebody to keep my packages in adequate shape if I don't do it)... and also because I am working more with Ruby than Perl nowadays. And finally, about Cherokee, I decided during DebConf9 to redo the packaging to fully use DH7 instead of our old-style quasimanual style. I have had several bursts of activity, and am almost-almost-ready to do the first newstyle upload... But so far, have been unable to do so.

Of course, keyring-maint: With Jonathan's help, I have come to terms with most of the processes. Both Jonathan and I have been swamped lately, but at least I think I am finally helping speed up the process instead of holding it down. We do, yes, have several pending updates - but are working our way up the queue, and I hope not to leave people waiting for too long. And yes, we have discussed several ways of documenting and automating several of the tasks we currently sustain, and that should come soon

I have been also leaving maybe a bit too much responsability aside on EDUSOL, for which today we are entering the second week of activity, and I'm very sorry to see our server is just too overloaded to even reply to even answer to me — And even lacking admin powers myself, I should have worked earlier on setting up redundancy on a more automatic way (as we have an off-site backup we can promote to live and redirect to, but I am unable to do this... Given that I am the techie person on board/the only "professional" sysadmin).

This year I also –quietly– finished the bulk of the Comas rewrite. What? Comas? Still alive? Yes, and you can expect me to show it off to more people soon, and get it used for more conferences. I will talk more about it (and its motivation, and its current status) later on — But basically, the only two things that Comas shares in common with the mod_perl-based system most of you got to know (mainly at CONSOL 2004-2008 or at Debconf 5 and 6, although I know of several other conferences which used it) and the current incarnation are… The (most) basic database structure and the name. The project underwent a full rewrite, and is now a far more flexible, far easier to install, Ruby-on-Rails based application. And most important, it does no longer involve your name being Gunnar Wolf as a prerequisite for successfully setting it up ;-)

Regarding DebConf, I have promoted a Central American MiniDebConf, and we are right on track for holding it in late March in Panamá City. Everybody's invited, and we will have (surprise, surprise!) the very professional involvement of Mr. Anto Recio as local team, as it seems he didn't have enough with last year's DebConf9 and wants to suffer further. What am I lacking here? Motivation. I have been quite pessimistic, possibly turning some people away, even though we have a good first sampling of interested people's profiles and expectations. If you want to get involved, tomorrow (Tuesday 17-nov) we will have a meeting at Freenode's #sl-centroamerica, 17:00 GMT-6. Please note we do need involvement from the Central American communities, it is more than just a motivational issue. Last meeting it seemed Anto and I were the only people pushing the MiniDebConf - and frankly, that would be a basis for not even holding it. We need motivation from the very people involved in it!

Anyway… You can see I have (and it seems to be a constant in my life) a series of contradictions going on. However, the excercise of putting it all into writing helps me understand better where I am standing. When I started writing this post I felt much heavier, much more at a loss… Right now I feel I want to refocus my energy on the same projects and teams I have been involved with, yes, but feel it at least more plausible. Hope so.

( categories: )

PieSpy: Modelling IRC interactions

Submitted by gwolf on Tue, 11/10/2009 - 18:41

As some of you know, yesterday we started the two weeks of activities for the Fifth On-line Encounter of Free Education, Culture and Software. This year, the main topic for the conference is social networks, but not in the twitter-facebook sense — Social networks as ways of understanding and modelling human-to-human interactions. Of course, there is interest from many attendees in using and taking advantage of said social network systems (and others), but the topic is far broader.

One of the core tools of EDUSOL, and the only tool that is constantly active through our two weeks of activity, is IRC — Which is somewhat of a challenge, as we receive some not-tech-savvy users from all over the world. The first year or two we asked everybody to connect via an IRC client (and we had even decided that it would be a technological filter — We thought we would not cater for people without the technical skills to install and use IRC). Life proved us wrong, and we ended up using two web-to-IRC gateways: One of them, via an instance of CGI:IRC, and the other one via a third-party service, Mibbit.

Now, the core mind behind EDUSOL is Alejandro Miranda, Pooka; I am not really into education (it is a very interesting topic but far from what I am good at). Pooka has been invovled in on-line communities analysis for several years already, since we worked together at FES Iztacala. For a long time he wanted to graph the interactions at EDUSOL, which was obviously possible given it was all centered on three tools (IRC for live chat, Drupal for generic information and Moodle for the talks and workshops' material — This has changed this year, as we are giving much more weight to Drupal and taking it off Moodle), and so last year he was finally able to generate a «EDUSOL 2008 conference photo (warning: 2MB image, 4311x3352px), where each person's avatar appears where most of his interactions were. This photo was (unfortunately) achieved using non-free software, but is very much looking at!

Now, this year Pooka stumbled upon a great tool, PieSpy (available in Debian — package piespy). Piespy generates very interesting interaction graph for IRC channels, as you can see here:

Piespy is a bot that sits in the IRC channel logging everything that any given user "says" directly to another one, and graphs it. Not much to say here, only that it generates a very good (and practically real-time) view of what happens on the channel. For this particular channel, and during EDUSOL, you can see here the latest IRC snapshots.

Very fun to see - and somewhat addictive how it morphs across time :)

( categories: )

Among the reasons that brought me to Debian...

Submitted by gwolf on Mon, 10/19/2009 - 23:42

Every now and then, people ask me why Debian? Why, among so many projects to choose from, I first liked, then got into, and finally I got committed into Debian, and not anything else?

Of course, one of the main points —back in 2000-2001 when I started using it, and still to this very day— is a strong identification with the ideological side. Yes, I am a strong Free Software believer, and Debian is what best suites my ideology.

Still, I did not only get into Debian because of this — And I was reminded about this by an article in this month's Usenix ;login: magazine: An anecdotal piece by Thomas A. Limoncelli titled Hey! I have to install and maintain this crap too, ya know! (article requires ;login: subscription, but I'll be glad to share it with whoever requests it to me — I have of course no permission to openly put it here in whole online. Yes, I am expressly sending a copy of this text to the author, I will update this if/when I hear from him) [update] The author has kindly allowed me to redistribute his article's PDF — Download it here.

Before anything else… I'll go on a short digression: I am writing a bit regarding the Free Software participants' culture, and this is a trait I love about it: The lack of formality. Even though ;login: (and Usenix as a whole) is not exactly Free Software, it runs quite close to it), it is a well regarded magazine (and association) with an academic format and good (not deep or highly theoretical, but good) contents. Still, it is quite usual to see titles as informal and inviting as this one. And it happens not only here — I have been fearing having to explain at work, over and over, why I have requesting permissions to go to Yet Another Perl Conference, Festival de Software Libre or DebCamp, tagging them as academic settings. Or why I am wasting our library's resources on buying cookbooks, recipes and similar material on the most strange-sounding subjects.

Anyway, back on track… This article I found refers to the lack of value given to the system administrator's time when selling or purchasing (or more in general, as it happens also in Free Software, when offering or adopting) a product. Quoting Thomas:

A person purchasing a product is focused on the features and benefits and the salesperson is focused on closing the deal. If the topic of installation does come up, a user thinks, “Who cares! My sysadmin will install it for me!” as if such services are free. Ironically, it is the same non-technical executive who dismisses installation and upkeep as if they are “free” who might complain that IT costs are too high and go on a quest to kill IT spending. But I digress.

I can understand why a product might be difficult to install. It is hard enough to write software, and with the shortage of software developers it seems perfectly reasonable that the installation script becomes an afterthought, possibly given to a low-ranking developer. The person purchasing the product usually requires certain features, and ease of installation is not a consideration during the procurement process. However, my ability to install a product affects my willingness to purchase more of the product.

Thomas goes on to explain his experience with Silicon Graphics, how Irix was so great regarding install automation and how they blew it when switching to Windows NT; talks very briefly about IBM AIX's smit, a very nifty sysadmin aid which is basically a point-and-click interface to system administration with the very nice extra that allows you to view the commands smit executes to perform a given action (and then you can copy into a script and send over to your hundreds of AIX machines)… Incidentally, by the time I started digging out of what became the RedHat mess of the late 1990s and passed briefly through OpenBSD on my way to Debian enlightenment, I was temporarily the sysadmin for an AIX machine — And I too loved this Smit approach, having it as the ultimate pedagogical tool you could ever find.

Anyway, I won't comment and paraphrase the full article. I'll just point out to the fact that… this was what ultimately sold me into Debian. The fact that I could just install anything and (by far) most of the times it will be configured and ready to use. Debian made my life so much easier! As a sysadmin, I didn't have to download, browse documentation, scratch head, redo from start until I got a package working — Just apt-get into it, and I'd be set. Of course, one of the bits I learnt back then was that Debian was for lazy people — Everything works in a certain way. Policy is enforced throughout.

So as a sysadmin, I should better get well acquinted with the Debian policy and know it by heart. In order to be able to enjoy my laziness, I should read it and study it. And so I did, and fell in love. And that is where my journey into becoming a Debian Developer started.

Why am I talking so nostalgic here? Because I got this magazine on the mail just last weekend… And coincidentally, I also got bug report #551258 — I packaged and uploaded the Haml Ruby library (Gem, as the Rubyists would call it). Haml is a great, succint markup language which makes HTML generation less of a mess. It is even fun and amazing to write Haml, and the result is always nicely formatted, valid HTML! And well, one of Haml's components is haml-elisp, the Emacs Lisp major mode to do proper syntax highlighting in Haml files.

Of course, I am an Emacs guy (and have been for over 25 years), so I had to package it. But I don't do Emacs Lisp! So I just stuffed the file in its (supposed) place, copying some stuff over from other Emacs packages. During DebConf, I got the very valuable help of Axel Beckert to fix a simple bug which prevented my package from properly being installed, and thought I was basically done with it. I was happy just to add this to my ~/.emacs and get over with it:

  1. (require 'haml-mode)
  2. (add-to-list 'auto-mode-alist '("\\.haml$" . haml-mode))
  3. (require 'sass-mode)
  4. (add-to-list 'auto-mode-alist '("\\.sass$" . sass-mode))

However… As Mike Castleman points out: This requires manual intervention. So it is not the Debian Way!

Reading Mike's bug report, and reading Thomas' article, made me realize I was dilluting something I held so dearly as to commit myself to the best Free Software-based distribution out there. And the solution, of course, was very simple: Debian allows us to be very lazy, not only as sysadmins, but as Debian packagers. Just drop this (simplified version) as $pkgroot/debian/haml-elisp.emacsen.startup and you are set!

  1. (let ((package-dir (concat "/usr/share/"
  2. (symbol-name flavor)
  3. "/site-lisp/haml-elisp")))
  4. ;; If package-dir does not exist, the haml-mode package must have
  5. ;; removed but not purged, and we should skip the setup.
  6. (when (file-directory-p package-dir)
  7. ;; Use debian-pkg-add-load-path-item per §9 of debian emacs subpolicy
  8. (debian-pkg-add-load-path-item package-dir )
  9. (autoload 'haml-mode "haml-mode"
  10. "Major mode for editing haml-mode files." t)
  11. (add-to-list 'auto-mode-alist '("\\.haml\\'" . haml-mode))
  12. ;; The same package provides HAML and SASS modes in the same
  13. ;; directory - So repeat only the last two instructions for sass
  14. (autoload 'sass-mode "sass-mode"
  15. "Major mode for editing sass-mode files." t)
  16. (add-to-list 'auto-mode-alist '("\\.sass\\'" . sass-mode))
  17. ))

This will make the package just work as soon as it is installed, with no manual intervention required from the user. And it does not, contrary to what I feared, bloat up Emacs — Adding it to the auto-mode-alist leaves it as known to Emacs, but is not loaded or compiled unless it is required.

Deepest thanks to both of you! (and of course, thanks also to Manoj, for pointing out at the right spells in emacs-land)

( categories: )

My inner Neo-Zealanders' fallacies

Submitted by gwolf on Sat, 09/12/2009 - 07:59

Funny...

I just woke up. I was having a funny and surprisingly not-abnormal dream. You know, the few occasions where I remember my dreams, I practically always find a really impossible situation going on. Not this time, and that was the first thing that struck my mind.

The dream was staged on a very nice bar, something not very different from the bar on the park by DebConf (in fact, with nice, Spanish-evening-esque light conditions). I was having there some beers with Andrew (NZ), Penny (NZ), Steve (UK), Damog (MX). We were just ordering a nice round of beers; I paid for mine with the €0.50 coin I found yesterday in my kitchen (hey, that's cheap beer! ;-) ). And the conversation was, in fact, quite logical and interesting.

We were comparing the worldviews with which children across our cultures are educated at school. Andrew was sharing how children in New Zealand were taught about the human migrations that led to the population distribution until the 1500s, when Europeans started changing the face of the Earth. Most of the argument was the same one we all know — Early humans leave Africa, their traits specialized for the different weathers, what is widely regarded as the three main racial branches (European white, African black, Eastern yellow - My inner Neo Zealander does not care too much about political correctness, it seems), with Amerindian brown and South-seas black branching off at some point in the process. So far, so good… Debatable but good.

Andrew and Penny continued explaining that the apparent reason, according to New Zealander anthropologists, why the indigenous population in America accepted the culture imposed after the European conquests in the XVI-XVII (contrary to the almost complete annihilation of the Pacific/Indic ocean native cultures) centuries is because the group that crossed Bering ≈50,000BC, and some later groups with whom they inter-mixed came from a semi-developed proto-Christian society, so the new ideas were closer to their own beliefs. Damog, Steve and me gust nodded with interest.

Less than 30 minutes later, awake and after my morning coffee, I'll have to ask you: WTF‽ A proto-Christian society... ≈48,000 years before Christian era? No, no way your argument holds any water!

(on a side note: At least I know that if at some point I develop a multiple personalities disorder, and they are allowed in the same room at once, I will have a good time debating with myself about interesting topics)

( categories: )

Google having gender issues related to old-agers?

Submitted by gwolf on Mon, 09/07/2009 - 13:24

I am updating an old package's packaging style to take advantage of the new DebHelper 7 goodities. So far, I have been quite successful, but I hit a problem… And before bugging on IRC, I decided to check with Joey Hess' presentation at DebConf9, Not your grandpa's debhelper.

Of course, not remembering the URL, it was the most natural thing to ask Google:

Did you mean... Not your grandma's Debhelper‽ WTF!

Of course, putting this thingy aside, the right answer was the first hit. However, what is the first hit for the Grandma version? Quite dangerous: A post in Ubuntuforums for which the Google excrept reads: this tool can obviously eat your cat, poison your grandma, create an earthquake or do any other unexpected harm, so I don't provide any warranty whatsoever.

I sincerely prefer joeyh's version.

( categories: )

$keyring_maint->add($me)

Submitted by gwolf on Thu, 09/03/2009 - 20:55

During DebConf, Noodles discretely approached me and asked whether I'd be interested and willing to join him as Debian's keyring maintainer. Of course, I felt greatly honored and happy about this. Over the past weeks, we have exchanged some mails where he details how it is handled, and I feel I get the general logic — and this last week (which was quite hectic for me — apologies in advance for all the work and mails I have due for different people!) he finally took the big steps: Requested DSA to give me login rights to the needed machine and RT queue and to be listed in the relevant area of the Debian Organization page.

So, even if I still feel afraid of botching Debian and sending the universe swirling away into chaos, I am most happy, and could no longer hide it. Yay! :-D

[BTW] No, it was not on purpose. I did not grow my beard in order to look like St. Peter. But it must have been part of the decision process!

( categories: )

And here I go again: MiniDebConf Central America RFC

Submitted by gwolf on Fri, 08/14/2009 - 19:09

Some people never learn to stay out of trouble. Not only that, some people seem to have a desire to run into trouble at every possible ocassion.

It appears I am one of such people.

I won't rewrite this whole proposal in English — Its focus is after all a Spanish-speaking community. Anyway, the Central American Free Software-related lists have been reshuffled/resetup, and I cannot yet find the public archives (which will exist, I am sure).

I talked about this idea with several Central American friends during ECSL and shortly afterwards. Later, at DebConf, I talked it over with fellow attendees. And I think it is the right time to start pushing for this. I really hope we can achieve something worthy this time around!

So, please, take a look at my proposal. If you are not a Spanish-speaker (or -reader), you might want to laugh at Google translate's version of it, and even make some sense out of it. If you have anything to comment, the best way will be by mailing the comunidad@softwarelibre.ca list.

[update] You can now refer to the message to the mailing list and the thread under it.

( categories: )

Otvaranje očiju uz dobru kavicu

Submitted by gwolf on Wed, 08/05/2009 - 08:31

Safir, Adnan: If you want to push the Bosnian bid, please mention the pleasure it is to drink a good cup of good coffee in the morning. And Bosnian coffee really qualifies as good coffee!

Fino mljevena Jubilarna kava dobivena je izhorom najkvalitetnijih vrsta sirove kave kao rezultat dugogodišnjeg iskustva tvornice Franck.

Hvala ti, brate!

( categories: )

Back home, keys signed and all

Submitted by gwolf on Mon, 08/03/2009 - 13:02

After leaving DebConf on the much uncomfortable 06:45 train last Friday (uncomfortable not because of the seats but because of the timing — It basically meant not sleeping at all in order to spend a last full night of socialization+Mao), I stopped by two dear friends' houses near Madrid (Adriano+Nuria at Alcobendas, María+Borja at Alovera) and came back to Mexico. I must say I was... Really, really, really tired most of the time. On Friday, I met my friends slightly past 5PM, and all the time in between was spent walking to get some things done in Madrid. I would not call this sight-seeing as I was mostly in places I had already been before, but crossing out to-do items from my checklist (i.e. getting a much needed second suitcase, getting some music for Nadezhda's brother, finding good cheap food and so on). Every now and then, when I was not walking (i.e. while on the Cercanías trains), I would doze out - And it was common, for this couple-of-seconds dozing-out, that I would hear or even see any random person of DebConf speaking about any random topic. Quite close to a hallucinative thing! Anyway, my brain has finally understood it does not have to carry you guys around at all times, and I'm just back to (jetlagged and tired) normality.

I got home at ~21:30, unpacked a couple of things, and fell asleep right away. Woke up at around 6AM. That is great, if I can sustain the trend, I will have defeated jetlag!

Today, I got to work, only to find an unresponsive computer — During some update I did from .es, dbus was left on a semi-installed state. No dbus means no HAL, and no HAL means X won't know which input devices to use. Of course, easy to fix, but as I didn't have any other computer handy, instead of ssh'ing my way in, I had to do a couple of reboot cycles until I found the culprit (bah…)

First thing I did upon getting my machine in a workable state is to sign the keys I had left, and to fix those that were probably not signed with SHA256. Some people asked me what was BDale's post about, so I'll summarize, hoping that more explanations might not be better, but contain the same information worded differently, and gets best in everybody's brain. One of the instructions at Ana's great post regarding what to do to get a SHA256 key mentions setting up the following lines in your .gnupg/gpg.conf file:

  1. personal-digest-preferences SHA256
  2. cert-digest-algo SHA256
  3. default-preference-list SHA512 SHA384 SHA256 SHA224 AES256 AES192 AES CAST5 ZLIB BZIP2 ZIP Uncompressed

Thing is, those lines are not added to .caff/gnupghome/gpg.conf, which is an independent copy. I was missing such file, and I don't really know the defaults, so I am not sure this was really needed, but followed BDale's instructions: Delete my signatures on all the affected keys, and run them again through caff (in signing-party). Of course, hand-processing a handful of keys is not exactly fun — But given that signatures are stored in .caff/keys/ ordered by date, it was quite easy to get them all. Yes, some manual shuffling was required, but quite minor all in all. First of all, edit each of the keys, removing your signature from each of the UIDs. This is the user-interaction-heavy part, as gnupg does not like to be driven by piping commands to it (understandably). I wanted to do this on all the keys I had signed during July 2009, so:
  1. $ for i in $(find .caff/keys/2009-07* -type f|cut -f 2 -d .|cut -f 4 -d / |sort|uniq)
  2. do
  3. gpg --homedir=~/.caff/gnupghome/ --secret-keyring=~/.gnupg/secring.gpg \
  4. --no-auto-check-trustdb --trust-model=always --edit-key $i
  5. done

So, for each key, I would do:

  • uid 1
  • delsig
  • Delete all of my signatures (not that it matters deleting others', but it is easy to set your brain to grep for yourself ;-) ) It is very important to note if any of the keys does not have your signature on — That would mean that, for whatever reason it happened, you would need to remember that key to be skipped in the caff step.
  • If the key has more than one UID, repeat for all others

After this, go through each of those keys again, re-signing them. I could have included this step in the previous block, but I... didn't ;-)

  1. $ for i in $(find .caff/keys/2009-07* -type f|cut -f 2 -d .|cut -f 4 -d / |sort|uniq)
  2. do
  3. caff --no-download $i
  4. done

Note that by specifying --no-download, I am not getting it from the keyserver but using the copy I already had on my directory, without the weak signature. And, as I checked I had already signed each of them, it was no longer necessary to triple-check the signature (as I had discarded several of the paper snippets people had given me). I trust well enough this computer, where I had done the initial signatures (and which is not accessible from teh intarwebs without compromising an intermediate server).

As a last bit of caff goodness: Many people will remember only the last eight bytes of their signature. As an example, my new and shiny key information reads:

  1. pub 4096R/C1DB921F 2009-07-09
  2. Key fingerprint = AB41 C1C6 8AFD 668C A045 EBF8 673A 03E4 C1DB 921F
  3. uid Gunnar Eyal Wolf Iszaevich <gwolf@debian.org>
  4. uid Gunnar Eyal Wolf Iszaevich <gwolf@gwolf.org>
  5. uid Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) <gwolf@iiec.unam.mx>

Speaking informally, I will tell you my key ID is C1DB921F — A short-enough string to be memorized. However, many people do not note this string is just the final part of the fingerprint. And caff allows for keys for it to work on to be specified in several different formats, being C1DB921F only the shortest one. However, you will find way more comfortable (but only after triple-checking the SHA256sum matches!) to ask caff to do the process based on the whole fingerprint. In this case, if I gave caff as its argument AB41C1C68AFD668CA045EBF8673A03E4C1DB921F, I would not have to hand-check the fingerprint matches what I have on the listing, isn't it great? So I did so both for those that were handed out to me as paper snippets (I typed the whole fingerprint as an argument to caff, as I'd have to check it anyway) and for those in Anibal's list. Good thing on Anibal's list is that it is already electronic, and after comparing the SHA256sum to the string I had hand-written in the paper, and weeding out all the people I had not cross-signed with, I just did:

caff $(cat ksp-dc9.txt |grep Key\ fing|cut -f 2 -d =|sed s/\ //g )
And, ta-da, just answer some prompts (I prefer to always answer to them, checking one more time against my list, just to be sure), produce your passphrase a couple dozen times, and off the mails are sent.

As a final note: I felt much, much more in control and at ease with this edition's key signing process. No more horribly long queues, no more stupid and pointless document checking. Many people just agreed to cross-sign based on the fact that we have known each other's face-to-name relation for long enough to trust it more than any government-issued IDs; other people did request an ID, so I always kept my passport handy. There are several people I engaged in interesting conversations as a result of keysigning request. This year, I did not sign any keys of people whose face I cannot remember (of course, that recalling bound to decrease with time, but it is a much stronger policy than previous years... And I might end up following a stricter one, as several other friends do). And, strangely… Well, there are many people I felt strange of not signing. People I spent long amounts of time working or talkin with, and I ultimately trust their identity. However, seems we didn't ask each other for signatures, or I didn't have a pen handy, or something like that… Anyway, that only leaves me with one more excuse to see you all guys next year in New York!

( categories: )

About to leave Cáceres

Submitted by gwolf on Thu, 07/30/2009 - 15:46

Ufff...

This has been a great two weeks. DebCamp was -of course- followed by DebConf. My blog postings were kept silent to an absolute minimum, just as my measurable productivity. Of course, this does not mean I have been scratching my belly or anything. Orga team work is HARD and tiring. But it is great fun. And sitting at the front desk means you get to interact with everybody. For $DEITY's sake, it is the best way to get to know people,

Anyway... The last session of Mao is about to start. I am closing the computer. GREAT TIME!

( categories: )

Smelling dead

Submitted by gwolf on Sun, 07/26/2009 - 08:57

DebConf9. Assassins. Nomeata has been killed. So have I. Now, the rules say the sock that kills you should be clean, and by that, I understand it should be not smelly — I guess I could have complained that I was killed in the presence of very smelly cheese. Does that still count?

( categories: )

The world is not enough

Submitted by gwolf on Thu, 07/23/2009 - 14:06

As many of you are aware, I am the owner of the universe. Let me correct, the proud owner of the universe. This little bugger has got me a good time in Nicaragua and, although it was a bit sick during the first couple of days, I do expect to use it several times in Cáceres. It is always good to have a bike - a reason _and_ a way to move, faster than walking, getting good views and, basically, drawing bystanders' attention.

But today, thanks to Axel, a permanent impression has entered my mind.

I rode a Brompton. Shortly, for less than a kilometer... But, WOW. And I do mean it. <blink>W-O-W</blink>.

One day, when I grow up, I will get my own Brompton. And the Universe will truly be mine.

( categories: )

Encodings, fonts, PDF and pain

Submitted by gwolf on Sun, 07/19/2009 - 10:37

I volunteered to work on producing the DebConf nametags, and worked on it closely with César (cek) for most of the afternoon. The process clearly shows no database is comprehensive enough to base DebConf on it - All in all, we managed a very good advance percentage, integrating the data on who sleeps where, how each person eats, and so on. And slightly before lunchtime, we had the final listing. Joy!

…Until I asked César what script would we use for turning the data into nice, printable nametags. He plainly replied, «none that I know of». Ok, so on to produce the layout. The first idea was, as it has been done at other DebConfs, to make a LaTeX layout - but both our LaTeX-fu is heavily limited. Well, to the hell with it, that's why I recently packaged and uploaded Prawn, which is currently sitting in the NEW queueFast, Nimble PDF Generation For Ruby. Prawn has two main characteristics which are making me migrate some systems away from PDF::Writer into it:

  • Proper UTF8 support
  • Cool, easy relative positioning in bounding boxes

So, yes, populating the page with the ten nametags each will take is quite simple:

  1. pdf = Prawn::Document.new(:page_size => 'A4')
  2. pdf.font '/usr/share/fonts/truetype/arphic/uming.ttf'
  3. while !people.empty?
  4. 5.times do |row|
  5. 2.times do |col|
  6. person = people.delete(people.keys.sort.first)
  7. next if person.nil?
  8. pdf.bounding_box([pdf.bounds.left + (col) * 8.6.cm,
  9. pdf.bounds.top - (row) * 5.4.cm],
  10. :width => 8.6.cm, :height => 5.4.cm) do
  11. generate_nametag_for(person, pdf)
  12. end
  13. end
  14. end
  15. end

Yay, nice, isn't it? Of course, inside generate_nametag_for() we have all the needed magic to position the text, resize the images and so on. All in all, a cute and nice library, even with Ruby's often strangely idiosincratic culture.

Until we started checking for correctness. First, we hit Eddy Petrişor — The ş was showing as an unknown character. Of course, even though Prawn correctly understands UTF8, the built-in font does not handle Eastern European alphabets. No worries, pdf.font "/usr/share/fonts/truetype/ttf-dejavu/DejaVuSans.ttf" got us out of the predicament. But then, Andrew Lee (李健秋) appeared as a second case of undisplayable characters. And yes, Andrew has all the right in the world to expect his name, a proper UTF8 encoded string, to appear on the nametag!

…The problem is that all the fonts we could find that work for CJK fail for non-US-ASCII Latin characters. Isn't Unicode supposed to solve this? Yes, fonts need to properly implement the correct encoding… Jonas explained that Prawn (as well as any libraries dealing with fonts) should really use Fontconfig so multiple fonts can be specified, falling back in case some codepoints are not specified in them. But Prawn does not support Fontconfig.

To make matters worse, most Asian fonts (the Arphic family) are now shipped as TrueType Collections (TTC) instead of TrueType Fonts (TTF), in order to save space due to the tremendous similarity they have. And, you guessed it, Prawn does not yet understand TTCs (or I couldn't find how to).

All sorts of ideas were brought up. After playing a bit trying to change the font being used when detecting Asian encoding (and failing at it), I threw up my hands and decided I'd just change the font whenever the name contained the "Andrew Lee" string. Dirty and ugly idea, yes, but would work.

Just as I was about to do it, Andrew came back jumping with joy — He gave me an Arphic font which contains TTF files. And, lo, it properly renders Eastern European characters. All set, yay!

Honestly. What a pain. I hope humanity loses alphabets forever and goes back to the stone age. That's the only sane way to leave all the multialphabet, multiencoding, multifont, multipain behind.

Syndicate content