Gunnar Wolf

I came to Argentina with my girlfriend to visit her family and friends, and to spend here some disconnected days during my winter^Wsummer vacations. And so it was, we had some very nice, relaxing days, with everything running smooth and with infrequent but enough sessions of mail access to withstand the disconnection without pain.

Of course, I didn't anticipate that the Network Operations Center of my university would break my institute's connectivity while performing their planned maintenance on December 23. After some days, I was able to talk with one person in the university, but connectivity was not restored. Nobody with knowledge to look at the firewall's screen is available.

So, as of today (happy new year 2012!), I have been mail-less for over a week. I will be back in my office soon now, so I'll get mail connectivity within the upcoming week.

Meanwhile, everybody who mailed me for any reason (job, Debian, holiday greetings, whatever)... Well, I'm sad to tell you that the mails were lost. But worry not, I will act as if nothing like that happened and I received all of your best wishes.

My friend Al shows his joy at Goran Bregović's concert, Mexico City, April 2009

Meeting a good friend after a very long time, at Goran Bregović's concert, Mexico DF April 2009

Before Goran Bregović's concert, Mexico DF, April 2009

I recently started getting mails from no-reply@joindiaspora.com. Usually, a mail from no-reply@whatever is enough to make me believe that the admins of said whatever are clueless regarding what e-mail means and how should it work. And in this case, it really amazes me — If I get an invite to Diaspora*, right, I should not pester a hypothetical sysadmin@joindiaspora.com to get me off his list, but I should be able to reply to the person mailing me — Maybe requesting extra details on what he is inviting me to, or allowing me to tell him why I'm not interested. But yes, Diaspora* has fallen to the ease of requiring me to join their network to be able to communicate back with the "friend" who invited me.

Some of the (three?) readers of this site might not be familiar with the Diaspora* project. It is a free reimplementation (as far as I know) of something similar to Facebook — Free not only in the sense that it runs free software, but also because it is federated — Your data will not belong to a specific company (that is, you are not the value object they sell and make money with), but you can choose and switch (or become) the provider for your information. A very interesting proposal, socially and technically.

I find that a gross violation of netiquette. I should be able to reply to the mail - Even if in this case it were to (and sorry – As you are spreading my name/mail, you will excuse me if I spread your name ;-) ) fernando.estrada.invite1501335@joindiaspora.com. Such an (fictional FWIW) address would allow for mail to reach back the submitter by the same medium it was sent, without allowing open spamming into the network.

Now, what prompted me to write this mail (just before adding no-reply@joindiaspora.com to my blacklist) is the message I got (in an ugly HTML-only mail which erroneously promised to be text/plain, sigh...) is that Fernando sent me as the inviting message, «So, at least are you going to give Diaspora a chance?»

The answer is: No..

But not because of being a fundamentalist. Right, I am among what many people qualify as Free Software zealots, but many of my choices (as this one is) is in no way related to the software's freeness. I use non-free Web services, as much as many of you do. Yes, I tend to use them less, rather than more (as the tendency goes).

But the main reason I don't use Twitter is the same reason I don't use Identi.ca, its free counterpart — And the reason I'm not interested in Facebook is the same reason I will not join Diaspora* — Because I lack time for yet another stream of activity, of information, of things to do and think about.

Yes, even if I care about you and I want to follow what's going on in your life: The best way to do it is to sit over a cup of coffee, or have some dinner, or to meet once a year in the most amazing conference ever. Or we can be part of distributed projects together, and we will really interact lots. Or you can write a blog! I do follow the blogs of many of my friends (plus several planets), even if they have fallen out of fashion — A blog post pulls me to read it as it is a unit of information, not too much depending on context (a problem when I read somebody's Twitter/Identica lines: You have to hunt a lot of conversations to understand what's going on), gives a true dump of (at least one aspect of) your state of (mind|life|work), and is a referenceable unit I can forward to other people, or quote if needed.

So, yes, I might look old-fashioned, clinging to the tools of the last-decade for my Social Web presence. I will never be a Social Media Expert. I accept it — But please, don't think it is a Stallmanesque posture from me. It is just that of a person who can lose too much time, and needs to get some work done in the meantime.

(oh, of course: Blog posts also don't have to make much sense or be logically complete. But at least they allow me to post a full argument!)

I took part in a occupational-health-related thread recently, and wrote a bit of my experience which might be helpful for my readers, many of them avid keyboard users, with usually ≥8hr of typing per day.

(…) I suffered not from RSI but from painful back aches. I started using standard keyboards in a different fashion, not putting so much stress on my wrists (and on the muscles connecting them to the rest of the body, of course): I exclusively use US keymaps (with some modifications to allow for proper Spanish input and ffŭₙṅý characters), but instead of making the middle row my fingers' home row, I type with the base position of my fingers in a V shape — Fingers resting on (approx.) w-e-f-v-spacebar and spacebar-m-l-;-]; the fingers doing most of the travelling are the index and middle, and with no straining for the little fingers to reach ` or backspace. On the other side, the most straining keys become Control and Shift, which requires closing the hands a bit too much, but are not that bad. My way does induce some new kind of stress, as my arms also have to move to reach 6 and 7, but it... Works for me™.

It looks weird and is somewhat strange to get used to, but I must say it has worked great for me. I work this way on regular and laptop keyboards, even on my netbook's noticeably smaller one.

Some years ago, I faced a 900 word limit for the first time. My question to the editor: Can I write the column in German?

People enjoy writing with Twitter's arbitrary 140 character limit. I suffer when I have to write a column with a 900 word limit. Limits suck.

For the past month, I got disconnected from basically all of my usual activities. Not only from Debian work (well, yes, I followed up on a couple of important bugs and releases, but I was in a very low power consumption mode of sorts), DebConf organization/following (some people have contacted me regarding the DebConf 12 venue decision, for which we should start working and have a presentation soon) — Even the always-so-important Real Life got pushed aside. I barely participated in this year's EDUSOL (On-line Encounter of Education and Free Software). Even work suffered — I asked my boss to hold any incoming requests for me (save, of course, for urgent stuff).

I am now shyly coming up from the hole I dug myself in for this time.

Why did I do such a thing?

I do not have a formal education beyond high school. Due to several personal issues, I was accepted to the best university in my country, and to the first generation of the study program I would definitively love to have followed, but didn't attend.

Of course, I had a fair bit of computing background, enough to be competitive and start working. After amazingly few years, I didn't only get a decent job, but I got a job precisely at the very university I wanted to study at (and where my father has worked for the past 40 years). And, even with some changes along the years, here I am with 10 years of laboral history in this university, with an academic position (although the smallest academic position, but still). It is one of my life's achievements, one of the things that makes me proudest of.

Still, I don't want to stay at this level for the rest of my life. And an institution such as this one has rules – Yes, flexible enough to allow me in, but rules whose importance I cannot deny. I aspire to become a professor/researcher at some point, and that is just not possible without filling in the prerequisites. Besides, I want to try my hand at teaching at a universitary level.

So, what choices did I have besides devoting at least four years to full-time study? Well, there is a government entity that evaluates and regulates formal education given by smaller universities — CENEVAL. For probably around ten years now, they have offered the ACREL (Acuerdo 286 Licenciatura) program to validate professional knowledge acquired through work experience – And I'm writing this detail as several people have asked me for details on it. So, once you are accepted in the program (basic requisites: Having a high school certificate, over 30 year old, and with over 10 years of provable work experience), they can grant a Licenciatura degree (i.e. the equivalent to a four-year study program). So, in order to get it granted, I have to:

• Present a written exam, covering all of the areas of study. In my case (it varies depending on the program you are presenting), it was a 12 hour exam (over three sessions — IIRC I finished each session in around three hours of the four allowed). Questions are all multiple choice. For the Software Engineering degree, you are allowed to enter each session with up to five reference books. Rules vary depending on the area. The exam was long, although not too hard. And I'm proud to say that I reached outstanding level on each of the areas of the exam ☺
  If this information intersts you, do take a look at the links under the Study guides bullet at CENEVAL's information page. The areas to study, the style of the questions, and the general information on the exams are very close to what you will actually receive.
• The second phase (oral exam) is split in two sub-phases. The first one, the one I have just finished, is the longest one: I was assigned a practical case to develop. In my case, I was requested to write a document detailing the methodology for writing a request-tracking system for a restaurant. I was given a month for this task — And in part, the reason that kept me so busy is that I subscribe to the idea that the best methodology to write an application is to write it, not just to document what you are about to do (and then fail to recognize you missed so many details). Then, there is yet another period (between one and three months, assigned randomly AFAICT) during which I would have to develop the application and a presentation, and defend it against a jury.
• Some study areas (mainly those related to health) have a third step: A practical exam. Of course, I cannot go into details on this one.

Anyway... Enough of a blog posting. I hope this is useful for somebody. And I hope it explains why I have disappeared so much lately. If everything goes as planned, I expect to be receiving my "licenciatura" title around March, and afterwards... Well, we shall see!

Now... Back to work. And back to life. And back to my huge backlog of other pending things :)

This morning, my laptop was stolen from my parked car while I was jogging. I do not want to make a big deal out of it.

Still, even though I am sure it was not targetted at my data (three other people at least were reporting similar facts in the same area), and the laptop's disk will probably just be reformatted, I am trying to limit the possible impact of my cryptographic identification being in somebody else's hands.

GPG makes it easy: I had on that machine just my old 1024D key, so it is just matter of generating a revocation certificate. I have done that, and uploaded it to the SKS keyservers - Anyway, here is my revocation certificate:

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: GnuPG v1.4.10 (GNU/Linux)
Comment: A revocation certificate should follow

iHIEIBEIADIFAkyaOZwrHQJBIGNvbXB1dGVyIGNvbnRhaW5pbmcgdGhpcyBrZXkg
d2FzIHN0b2xlbgAKCRDYDvNai7UnrzWAAKC34eF76JQjxrZqSjNwcC0dU/5VbACg
gMIMmYg91Sl3y8KsZXdGj/rV7UE=
=rdlT
-----END PGP PUBLIC KEY BLOCK-----

But… What worries me more is access to the computers my ssh key works for. Yes, the ssh key uses a nontrivial passphrase, but still — SSH keys cannot be revoked (and this makes sense, as SSH should not add the delay, or potential impossibility, to check with a remote infrastructure whenever you want to start a session).

So, I generated a new key (and stored it at ~/.ssh/id_rsa.new / ~/.ssh/id_rsa.new.pub) and came up with this snippet:

$ OLDKEY=xyHywJuHD3nsfLh03G1TqUEBKSj6NlzMfB1T759haoAQ
$ for host in $(cat .ssh/known_hosts | cut -f 1 -d \ |cut -f 1 -d , |
                sort | uniq); do 
    echo == $host
    ssh-copy-id -i .ssh/id_rsa.new.pub $host && 
    ssh $host "perl -n -i -e 'next if /$OLDKEY/;print' .ssh/authorized_keys"
done

Points about it you might scratch your head about:

• .ssh/known_hosts' lines start with the server's name (or names, if more than one, comma-separated), followed by the key algorithm and the key fingerprint (space-separated). That's the reason for the double cut – It could probably be better using a regex-enabled thingy understanding /[, ]/, but... I didn't think of that. Besides, the savings would be just for academic purposes ;-)
• I thought about not having the ssh line conditionally depend on ssh-copy-id. But OTOH, this makes sure I only try to remove the old key from the servers it is present on, and that I don't start sending my new key everywhere just for the sake of it.
• my $OLDKEY (declared in Shell, and only literally interpolated in the Perl one-liner below) contains the final bits of my old key. It is long enough for me not to think I'm risking collision with any other key. Why did I choose that particular length? Oh, it was a mouse motion.
• perl -n -i -e is one of my favorite ways to invoke perl. -i means in-line editing, it allows me to modify a file on the fly. This line just skips (removes) any keys containing $OLDKEY; -n tells it to loop all the lines over the provided program (and very similarly, -p would add a print at the end – Which in this particular ocassion, I prefer not to have). It is a sed lookalike, if you wish, but with a full Perl behind.

Caveats:

• This assumes you have set HashKnownHosts: no in your .ssh/config. It is a tradeoff, after all – I use a lot tab-expansion (via bash_completion) for hostnames, so I do have the fully parseable list of hosts I have used on each of my computers.
• I have always requested my account names to be gwolf. If you use more than one username... well, you will have to probably do more than one run of it connecting to foo@$host instead.
• Although most multiuser servers stick to the usual port 22, many people change the ports (me included) either because they perceive concealing them gives extra security, or (as in my case) because they are fed up with random connection attempts. Those hosts are stored as [hostname]:port (i.e. [foo.gwolf.org]:22000). Of course, a little refinement takes care of it all.,/li>
• Oh, I am not storing results... I should, so for successive runs I won't try to connect to a system I already did, or that already denied me access. Why would I want to? Because some computers are not currently turned on. So I'll run this script at least a couple of times.

Oh, by the way: If you noticed me knocking on your SSH ports... please disregard. Possibly at some point I connected to that machine to do something, or it landed in my .ssh/known_hosts for some reason. I currently have 144 hosts registered. I am sure I triggered at least one raised eyebrow.

And I will do it from a couple of different computers, to make it less probable that I miss some I have never connected from while at the particular computer I am sitting at right now.

So... Any ideas on how to make this better?

I spent the past three weeks away from basically any kind of usual contact. I took a three week vacation in Argentina (Buenos Aires, Entre Ríos, Tucumán, Salta, Jujuy, Córdoba), got my first snow experience and enjoyed a real lot... But got completely disconnected from all of my usual activities... and responsabilities :-}

Anyway, yesterday afternoon I landed in New York. Arrived to Columbia around 2PM, and spent most of the day zombying around with the Debian crew. And today it starts feeling like the real job is starting.

As always, there is a lot of excitement when DebConf starts. I have many items I want to work on, and most are even Debian related ;-) So, lets get work flowing!

With due apologies and thanks to my dear and crazy friend UCH:

Once upon a time

Once, because twice would be a repetitive story

A king

One, because two would mean war

Who was married to a queen

One, because two would be drama

They had a princess daughter

One, because two would be a mess

Who was in love with a knight

One, because two would be a soap opera

He was given the task of killing a dragon

One, because two would be a titanic feat

The hero had an idea

One, because two would be asking too much

Using a unique magic sword

One, because were they two, it would no longer be unique

With which, he took the dragon's life

One, because it was a dragon, not a cat

Then they proceeded with the wedding

One, because two would mean bigamy

And they lived happily forever

One, because two forevers would be like two infinites

The end

One, because two ends would be complicated

The bad translation is completely my fault.

I have been recently approached by several friends, from different countries. Mexico and the violence seems to be a frequent news topic all over the world.

I live in Mexico City, as ~25% of the country's population does. This is not an easy city, of course, and I won't deny it has tons of problems of its own. However, Mexico City (and even more so the approximately ⅓ of it that is politically located in Distrito Federal, the formal country capital) is very lucky in this regard. Still, in most of the country, the violence is mostly in the news, mostly a worrying perception that is every day more insistent.

My parents live in Cuernavaca, Morelos, ~80Km south from us. Morelos has been known for decades for being the druglords' getaway and safe haven, so it remained a mostly peaceful state for most of this time. This has changed, and at some points during this year, militarization feels quite creepy... Fortunately, just for a couple of weeks, and then back to what seems like normal. The real problems in Morelos is the undeniable corruption of its successive governments, the lack of regard for the population, the inexistent urban planning...

However, I know from several friends living in the North of the country (and all along the very long border - The most drug-related violent states nowadays are Chihuahua, Durango, Sinaloa, Tamaulipas and Nuevo León, with only two states in the South — Michoacán and Guerrero) that violence is really felt by local population on the streets. Some friends say they have grown used to hearing shootings (Durango), others say that it is now usual that the cartels openly strangle the city's vial system with the express purpose of showing off their strength (Monterrey, Nuevo León, one of Mexico's most important cities and taken in the past as a token of industrialization and first-world-like life conditions... Just don't look towards the poor areas). About Chihuahua, I'd rather not even talk, as by all accounts (official even) it rivals Iraq in the lack of control the government has of its territory.

Still, with all that as background... I am afraid of what I read today in the news. I know a single declaration is not enough to worry about (as said in El Quijote, «una golondrina sola no hace verano», a single swallow does not mean it's summer), but those things always start small... Until they explode. La Jornada reports that The retired general Luis Garfias Magaña recommends suspending constitutional guarantees in the country to be able to properly fight violence.

The last century we had a sad and long history of cases where the military took over civilian power and suspended the constitutional rights in basically every nation in Latin America — Except for Mexico. Not one of those cases was overall successful. Not one of them went by without raging abuses, without terrible consequences. I don't see imminent we will go over to a military rule nor anything close to it, but the environment is getting each time closer to how it was like before said rights suspension. We should learn that it is just not the way, it leads nowhere.

I am convinced, and will keep insisting on it at every ocassion, that the only possible way to fight violence is by reducing the social distance, and that should be achieved most importantly by reducing poverty, but also by making it harder to become incredibly rich. Mexico's percentage of poor people has grown over the last decades, but at the same time, the amount of wealth concentrated in very few hands has grown much faster. A society with terribly rich and terribly poor people leads to hatred, leads to desperation, leads to violence. A flatter society, even if the overall standard was to be somewhat lower, tends to a better equilibrium. And yes, I know the original problem with drugs is that Mexico is a great transit area for drugs to reach the USA (and I could also rant about drug legalization — I won't, it's late and I must go to work), but the main fuel for young people to leave everything behind and take the risk of starting a life of open ilegality is the lack of future they face all life long. That leads many to risk their lives attempting to cross the border to the USA (Mexico "exports" 500,000 people every year), but also lures them to jobs where they will have easy money... In exchange for their lifes, ultimately.

Anyway... Just to repeat and round off: The answer to this problem is not repression, is not policial or military strength. Our only way out is through social justice.