GR vote: init systems

Submitted by gwolf on Mon, 12/09/2019 - 20:17

For Debian followers, it should not be a surprise: a new General Resolution regarding the init systems is underway, trying to finally settle the set of issues that stem from the way our project works, following the 2014-003 vote, init system coupling.
Back in 2014, I find it quite understandable the project was not in a collective mental state that would have allowed for closure after the infamously long and flamey bug #727708.

As others have shared theirs, and given this is a non-secret vote (choices will be spelt out once the vote is done), I am doing so as well.

But before that — Given the complexity of this vote, please read and follow Ian's recommendations regarding ballot formatting.

[ 1 ] Choice 3: A: Support for multiple init systems is Important
[ 2 ] Choice 2: B: Systemd but we support exploring alternatives
[ 3 ] Choice 4: D: Support non-systemd systems, without blocking progress
[ 4 ] Choice 5: H: Support portability, without blocking progress
[ 5 ] Choice 8: Further Discussion
[ 6 ] Choice 1: F: Focus on systemd
[ 7 ] Choice 7: G: Support portability and multiple implementations
[ 8 ] Choice 6: E: Support for multiple init systems is Required

My ordering might be odd given the discussions and recommendations we have seen in the past month. I agree with Charles,

I am crushed under the number of options. Their texts are long, sometimes very similar, and do not separate clearly the normative from the preambles

So, I start by describing the options I chose under FD (that is, under my personal agreeability threshold):

  • It will benefit the project having a clear slant towards systemd (so, I ranked E last). The benefits are many and deep.
  • We need guiding and policy, not just good good neighbor guidelines already given by 2014-03, so G follows next-to-last
  • I think it's very important that, even being not the default options and not having tier-one support, Debian remains able to answer to specific user's needs. Option F is too strong for my taste in dropping alternatives.

The four remaining options can be grouped in Sam's original proposals (A&B) and Ian's counter-proposals (D&H). While Ian has great rationales and I have learnt and understood a lot from reading him, they are just too complex. I feel they lead to too many subtleties and details.

I am not absolutely behind A and B's words to the last comma, but they both illustrate a point I do find agreeable to adopt as a norm. Of course, I do believe the epilogue in D&H (Being excellent to each other) should apply to all of our work in Debian, no matter what option wins... And that should solve the potential ambiguities regarding the strength of shoulds in A&B.

( categories: )

My greedy hands are full of books! (Made With Creative Commons) @ccmx @creativecommons @xattack @scannopolis

Submitted by gwolf on Thu, 12/05/2019 - 19:44

FINALLY!

Made with Creative Commons is translated to Spanish, printed, and available!

Over two years after starting the project, 976 commits, getting involved in long processes (besides the scope we originally envisioned, such as waiting for the translation to be refereed or going over two quite long rounds of copyediting), after leading a team of five translators to Spanish and working closely with a similar team that's quite close to publishing the equivalent translation in Norwegian... Behold!

I won't get again in details on the contents of this book, as I have repeatedly talked about it in the blog. The photo above is of the pages where the CC licensing schemes are presented. And the following is a page I like including in all of my (so far, three) published books:

I have made a point of requiring my university's editorial department to use the legal page to be very explicit regarding the expected usage of this book, by inviting every person that comes across it to copy this book.

So... Where can you get your paws on one of them? Well, of course, you are welcome to come to our institute's bookstore and buy one. For people in general, MX$280 (≈US$15), for UNAM-community, MX$140 (≈US$7.50).

Of course, that's quite inconvenient for people living over 15Km from me, right? What about those living in other countries?

The book can also be downloaded from the Institute's repository. And I will soon upload it to an online, on-demand printing site (probably lulu.com or something like that. Can you suggest one?).

Key migration: rsa4096/0x673A03E4C1DB921F → ed25519/0x2404C9546E145360

Submitted by gwolf on Fri, 11/22/2019 - 20:08

Oh, the joys of life... I see myself forced to do a key migration.

No, no — Don't worry! My key didn't land in any hostile party's hands. And I still kinda-sorta-have access to it.

Let me explain. I was quite a happy user of a Yubikey, kindly given to me in mid-2018. As the recommendation goes, I backed up my master key's secret material to an offline media, and kept the relevant subkeys in the Yubikey; I love knowing my computer does not have access to the private keys although it can use them — The Yubikey provides just the needed interfaces for them. And here they are:

$ gpg --list-secret-keys 
/home/gwolf/.gnupg/pubring.gpg
------------------------------
sec#  rsa4096/0x673A03E4C1DB921F 2009-07-09 [SC] [expires: 2020-12-19]
      Key fingerprint = AB41 C1C6 8AFD 668C A045  EBF8 673A 03E4 C1DB 921F
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) 
ssb>  rsa4096/0x92853D8CF7F6543F 2009-07-09 [E] [expires: 2020-12-19]
ssb>  rsa4096/0x80382A731F474556 2018-07-31 [E] [expires: 2020-12-19]
ssb>  rsa4096/0xA5F64FDEB981CD8C 2018-07-31 [S] [expires: 2020-12-19]
ssb>  rsa4096/0x49DD2A4E4979619C 2018-07-31 [S] [expires: 2020-12-19]
$ gpg --card-status 
(...)
Signature key ....: FA42 3AA0 6D8F E9ED 5D6C  5E42 A5F6 4FDE B981 CD8C
      created ....: 2018-07-31 03:29:09
Encryption key....: 0DE6 49DF 2778 E904 94B6  7952 9285 3D8C F7F6 543F
      created ....: 2009-07-09 23:20:40
Authentication key: 7C79 5E53 9968 8DDF 66F7  D620 49DD 2A4E 4979 619C
      created ....: 2018-07-31 03:31:16
General key info..: sub  rsa4096/0xA5F64FDEB981CD8C 2018-07-31 Gunnar Eyal Wolf Iszaevich 
sec#  rsa4096/0x673A03E4C1DB921F  created: 2009-07-09  expires: 2020-12-19
ssb>  rsa4096/0x92853D8CF7F6543F  created: 2009-07-09  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0x80382A731F474556  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0xA5F64FDEB981CD8C  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847
ssb>  rsa4096/0x49DD2A4E4979619C  created: 2018-07-31  expires: 2020-12-19
                                  card-no: 0006 05009847

Until... One sad day, I discovered I could not decrypt documents sent to me anymore. While signing and encrypting do work:

$ date | gpg --encrypt --recipient 0x673A03E4C1DB921F --armor
-----BEGIN PGP MESSAGE-----

hQIMA4A4KnMfR0VWAQ/+J/Onblw3M/PwZ6ekhz3Ojnzf3pxlObLcNNNZMOlvUApK
uOAAMQ/YF/cueUbxSZT8+Yt4HV8iijVvI1Y4AK7ELvcjxdBhvmfc5QBG22lEaKPh
XNK+MUMv0xN4eIJh+uksZc6mdM6IZfvx1Io5RWiD6hABfQF7XyRwxF584PCqHMeq
oiYg1VY6epIWtunSfVa+CpF7MZ3KSTcs2VJdsutVuGxeS+NS7JVCApiXig4qk4yk
/Y/57RAy689vMNxu78noIP/mOnd7zV4DgRQ/l1iNaZnAMFgEeh1FtSJLH5odD7T0
KyfVTwdRHTJetedDjCIN+5bboNj4hIjjW4+l8KJP3aP/f8ppZuycHQ9mEf/YCuPn
KPeo7YKLGYKlerPylfENokaG7SkNyvd6UV1TdZ5eilTGBiSZpNAdlaHP0uaICbPA
Mpbn4COy52H2VTg/J/Wle1IyLPFJpGe87o/UEkylSoARMnhhtq5+Mm5mrL8k1Y5m
GvKqd8q7y7Bche+l5o2QRTZpLSfwZZ28r9qTX8S0vh+NvBD14iVNReR+RRZuf9FU
Qhgz3TzfSEwFngced24LmIXQNgtN/QBynRGJDgR0Kq9Su4/uv8VVt4N4I8wlU3qG
NwpK44FBlHPSZ6UQga/Y3Pckbrn8+RoOuIyMC0ExtDpB6qawfbssR+2EfNmPeWjS
WwHGJQ8PJ2fadWMJewhfXDVdio7LVZHqIUdJIasKB9Z3PCWoJUtrsEw0EHQxG3CZ
SN2QlLPBwveFtK0HQW6ZS29gGq6Z9Kj2la64NCJMtnYSq4RDV2wGaRr027E=
=bWqr
-----END PGP MESSAGE-----
$ date | gpg --clearsign 
gpg: using "C1DB921F" as default secret key for signing
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

Fri 22 Nov 2019 06:31:42 PM CST
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfHleU5lojd9m99YgSd0qTkl5YZwFAl3Yfe4ACgkQSd0qTkl5
YZyTqhAAhToJg5byHBK37S4ixLc8w6mJWLlLOVvmDUmiXD2EbZoHEyCaVXJNCR+O
RveuDjfOpM/I4InrHaypGjzc7aO2yhcPnH+8adE6JBfakNdvk13XMynXggE3kqxL
oe0ZEx7sLiJaw/LzSr70kHBAqN4wnzx14+nKSuWYqZIdjR8eko867edBPWDZZgEn
nM+CSpd6XQbksf4BQR7S+/XmRKoeXuksPbmWC2uOsK9dMqGDhU91YY/j1eh3cMzq
4o/EOdc1grsfl4e8uV9z3nylOQP/PzXEp/fxXhU4lTVjVrjkBkOkDhO0DnGk8QD9
GQzdk3o6xt1gUxAGfthquRS/8ozdeL0lQ8CMaRGLRCiZKxO0kdtNkJ8QJNKxx/3M
CM/qHUnWWzyU078ncx0RkvZdwD1fq8eGM2RsptPjdeBc5Wgz7wAI5MpaUQezMrdA
/7rtJ7EnZL6WN33nwQjAC0MxoKSA073Fo8CqtBiqXkCtfp4x5x9FRpndgi7iKCNt
gQibgCIGYS6R09Q/F6r2uDcX84+SXzRyfftbP56k/4dyByn1ei7EvOM9Yi3ToU0p
qhAqLLqrG1omInTsQFGMgy/iRE7giT64YgKThdFNdT2DSNqoEkG581nabUoac8Hm
EFqGUDPn3rkPEZq6KNRTXKlMEFj7SF5v95iHWuh8OU+nPEWF1sY=
=2RSg
-----END PGP SIGNATURE-----

trying to decrypt the message does not get me very far:

$ date | gpg --encrypt --recipient 0x673A03E4C1DB921F --armor | gpg --decrypt
gpg: encrypted with 4096-bit RSA key, ID 0x80382A731F474556, created 2018-07-31
      "Gunnar Eyal Wolf Iszaevich "
gpg: public key decryption failed: Hardware problem
gpg: decryption failed: No secret key

And although the message is quite clear (public key decryption failed: Hardware problem), I spent far too many attempts at putting things upside down, trying and trying and trying to fix the issue. But no: Hardware problem means hardware problem. My Yubikey is somehow dead.

But it seems that... Even if I was able to bring it back from the dead, I would be doomed anyway: The USB key where I kept the backup for the master key material refuses to be read. Of course, I also gave it several attempts... All failed ☹ And, of course, I had it on just a single media ☹ So even getting the Yubikey decryption back to life would only allow me to use my key until 2020-12-19.

So... What's left for me to do? I just generated a shiny new elliptic-curve key, and will as soon as possible migrate my Debian credentials to use it. Please note, I am not able to sign my new key with the old one, as only the master key has Certification ability. So, the next best thing is a migration statement. I am inlining it here for convenience; if you want to check it, you can either:

$ wget https://gwolf.org/files/transition_statement.asc -O - | gpg --verify

Or just run gpg --verify and paste as its input the following text:

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA256

I am Gunnar Wolf, and I am transitioning away from my
rsa4096/0x673A03E4C1DB921F key, to ed25519/0x2404C9546E145360. The
reason for this transition is two simultaneous cases(!) of broken
hardware.

My old key is still usable until its expiry date, but I am unable to
use it for decryption; please use only my new key.

If you have signed my old key, please consider signing the new one;
this file is signed with both keys as a proof I do have control over
them. Please note my old key is unable to certify the new one, so it
is not yet signed.

 -={ Old key, which I am transitioning _away_ from }=-

pub   rsa4096/0x673A03E4C1DB921F 2009-07-09 [SC] [expires: 2020-12-19]
      Key fingerprint = AB41 C1C6 8AFD 668C A045  EBF8 673A 03E4 C1DB 921F
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich 
uid                   [ultimate] Gunnar Eyal Wolf Iszaevich (Instituto de Investigaciones Económicas UNAM) 

 -={ New key, which I am transitioning to }=-

pub   ed25519/0x2404C9546E145360 2019-11-22 [SC] [expires: 2022-11-21]
      Key fingerprint = 4D14 0506 53A4 02D7 3687  049D 2404 C954 6E14 5360
uid                   [ unknown] Gunnar Wolf 
uid                   [ unknown] Gunnar Eyal Wolf Iszaevich 
uid                   [ unknown] Gunnar Wolf 

The new key has been uploaded to pool.sks-keyservers.net. If you
decide to sign my new key, I'd prefer if you mail it to me via
(i.e. using caff).

Thank you very much,

      - Gunnar
-----BEGIN PGP SIGNATURE-----

iQIzBAEBCAAdFiEEfHleU5lojd9m99YgSd0qTkl5YZwFAl3YhWkACgkQSd0qTkl5
YZxc1A//fycReXF6pqHl+zsMs4YW5fdMBDDuglIblX3AH5Q+ZtYvUEcEjUqXpTp4
32B725nF3o+chRsMosbJ2wUh6m5zbSl4ET/gjw+9M2XmrmC5HgrKurRh/bDryvZ1
lPPJOD6rfH5JeIBEnyoVrTaAMO5g2UUd3UM27EemNfK0oGZhJwbV8pvhQxLdrHk+
VKXBGPFcX0AttkutuixF7ieS/DjaVIogKPhy7r6UNEFopnMcGZmmTdy8EOnePLNc
ocHSHgVylErywx2zCaumC7nvc5nCeS+iStro2Cwpx1wcgdV0+RfX81Sz5v3g4IQA
Zv9AuAPBEnSFlrAPUggeDVTfA4A7BSoHgYnIo/xcIWnkd7SMwL/XDSgW3v7lNCJy
DvKhP9m0EM0KOOzzV8N3tyhvXNxW9fb0dmc+pUNI7qzXrzu0DVRiwrzRiCTnrOUQ
uV9cM/FdL82IGe5lGO48FgCBEaluocMu3bh9qFOIuQukbEvRsdgknGfcaa1mWRxs
YbBPYafFCTCRR410it2Ck4dRunHRLvYecTcFIvxUJ+lgrYSlRXIe4nfVmQ3lWosM
mUM9DhCanIeeNk/Enzqf8qpKlLzpBnEpJPnRciNvuGfvXzWSeKBdah7t5TNoMfNz
oWmCb2XbYmf8t7XFc9SNxWFaOTzt//w3Foo0DbBa9qtvuo4giRaIdQQBFggAHRYh
BGCzCT2WEI5cuXFC7+L2O0NT9FmJBQJd2IVqAAoJEOL2O0NT9FmJXwMA/j8s6O85
phqdDmOjKcmpKoxBlCKpulkMvpzSpxxcmGMzAP49HE6yVsyxFYoCI50w3nASSqmt
5i/2Cv7TgtzOFXU1AA==
=JxNv
-----END PGP SIGNATURE-----

I will be soon meeting with two DDs, so in any case, this key will be in shape to enter our keyring. Thank you very much for following so far!

(...And yes — This time I made two separate offline media backups for my master key material :-Þ)

Made with Creative Commons ⇒ Hecho con Creative Commons. To the printer!

Submitted by gwolf on Wed, 11/06/2019 - 18:09

I am very happy to tell you that, around 2.5 years after starting the translation project, today we sent to the presses the Spanish translation for Creative Commons' book, Made with Creative Commons!

This has been quite a feat, on many fronts — Social, technical, organizational. Of course, the book is freely redistributable, and you can get it at IIEc-UNAM's repository.

As we are producing this book from DocBook sources, we will also be publishing an EPUB version. Only... We need to clear some processes first (i.e. having the right department approve it, get a matching ISBN record, etc.) and will probably only be done by early next year. Of course, you can clone our git repository and build it at home :-]

Of course, I cannot celebrate until the boxes of brand new books land in my greedy hands... But it will happen soon™.

Presenting a webinar: Privacy and anonymity: Requisites for individuals' security online

Submitted by gwolf on Wed, 10/02/2019 - 11:55

I was invited by the Mexican Chapter of the Internet Society (ISOC MX) to present a webinar session addressing the topics that motivated the project I have been involved for the past two years — And presenting some results, what we are doing, where we are heading.

ISOC's webinars are usually held via the Zoom platform. However, I felt it directly adversarial to what we are doing; we don't need to register with a videoconference provider if we can use Jitsi! So, the webinar will be held at https://meet.jit.si/WebinarISOC. Of course, I am aware that if we reach a given threshold, Jitsi will stop giving a quality service — So I will also mirror it to a "YouTube live" thingy. I am not sure if this will be the right URL, but I think it will be here.

Of course, I will later download the video and publish it in a site that tracks users less than YouTube :-]

So, if you are interested — See you there on 2019.10.16, 19:00 (GMT-5).

( categories: )

Goodbye, pgp.gwolf.org

Submitted by gwolf on Thu, 08/01/2019 - 10:25

I started running an SKS keyserver a couple of years ago (don't really remember, but I think it was around 2014). I am, as you probably expect me to be given my lines of work, a believer of the Web-of-Trust model upon which the PGP network is built. I have published a couple of academic papers (Strengthening a Curated Web of Trust in a Geographically Distributed Project, with Gina Gallegos, Cryptologia 2016, and Insights on the large-scale deployment of a curated Web-of-Trust: the Debian project’s cryptographic keyring, with Victor González Quiroga, Journal of Internet Services and Applications, 2018) and presented several conferences regarding some aspects of it, mainly in relation to the Debian project.

Even in light of the recent flooding attacks (more info by dkg, Daniel Lange, Michael Altfield, others available; GnuPG task tracker). I still believe in the model. But I have had enough of the implementation's brittleness. I don't know how much to blame SKS and how much to blame myself, but I cannot devote more time to fiddling around to try to get it to work as it should — I was providing an unstable service. Besides, this year I had to rebuild the database three times already due to it getting corrupted... And yesterday I just could not get past of segfaults when importing.

So, I have taken the unhappy decision to shut down my service. I have contacted both the SKS mailing list and the servers I was peering with. Due to the narrow scope of a single SKS server, possibly this post is not needed... But it won't hurt, so here it goes.

( categories: )

DebConf19 Key Signing Party: Your personalized map is ready!

Submitted by gwolf on Sat, 07/20/2019 - 13:13

When facing a large key signing party in a group, even a group where you are already well socially connected in, you often lose track whom you have cross-signed with already, who is farther away from you (in the interest of better weaving the Web of Trust)...

So, having Samuel announce the DebConf19 KSP fingerprints list, I hacked a bit to improve the scripts I used on previous years, and... Behold!

The DC19 KSP personalized maps!

This time it's even color-coded! People you have not cross-signed with are in light grey. People whose keys have been signed by you are presented with blue text. People that have signed your key are presented with green background. Of course, people you have cross-signed with have blue text and green background :-]

The graph is up to date as of early today, pulling the data from keys.gnupg.net. Sorry for the huge size, but it's the only way I found it to be useful to see both the big picture and the detailed information. Of course — You can zoom in and out at will!

( categories: )

Updates from Raspberrypi-land

Submitted by gwolf on Sat, 06/29/2019 - 00:06

Yay!

I was feeling sad and depressed because it's already late June... And I had not had enough time to get the unofficial Debian Buster Raspberry preview images booting on the entry-level models of the family (Broadcom 2835-based Raspberries 1A, 1B, 0 and 0W). But, this morning I found a very interesting pull request open in our GitHub repository!

Dispatched some piled-up work, and set an image build. Some minutes later, I had a shiny image, raspi0w.tar.gz. Quickly fired up dd to prepare an SD card. Searched for my RPi0w under too many papers until I found it. Connected to my trusty little monitor, and...

So, as a spoiler for my DebConf talk... Yes! We have (apparent, maybe still a bit incomplete) true Debian-plus-the-boot-blob, straight-Buster support for the whole Raspberry Pi family all of the raspberries sold until last month (yeah, the RPi4 is probably not yet supported — the kernel does not yet have a Device Tree for it. But it should be fixed soon, hopefully!)

( categories: )

LIDSOL: teaching privacy and anonymity concepts and tools to social scientists

Submitted by gwolf on Sun, 06/23/2019 - 22:46

I have been working on several privacy/anonymity topics in the past couple of years. And I am very happy, as we just achieved one of our most important stated goals.

I am coordinating LIDSOL, Laboratorio de Investigación y Desarrollo de Software Libre, at the Engineering Faculty, UNAM. LIDSOL is a very interesting and very open lab regularly inhabited by ≈7 bright students, most of them from Computer Engineering (but some from other careers in the faculty), and with over twenty years of history. And I have worked with several of them in my PAPIME project for privacy and anonymity. This time, the task was –after working a year on the broad topic– for the students to plan and present a course titled Privacidad y anonimato para un manejo seguro de mi información en redes» — Privacy and anonymity for safely handling my online information, as part of the Political and Social Sciences Faculty's intersemestral courses on technological updating.

The covered program was quite ambitious; I'm not translating it, you can look at it in Spanish in the course's information. The LIDSOL instructors (please, a round of applause for them!) were:

  • Diego Barriga
  • Emilio Cabrera
  • Marco Ruano


My friend Lourdes Reséndiz, who works at FCPyS and got us the space to present the course, also gave a module.

Lourdes, during the famous three envelopes dynamic for explaining onion routing

I felt the course to be a great success, and we were asked to repeat it in the future. As any course presenting anonymization technologies, it was of course not without its controversy and discussion — which was great! I think we got many concepts clarified for the attendees. I will later report on any measurable accounts we got, of course!

Towel Day 2019

Submitted by gwolf on Sat, 05/25/2019 - 22:39

Today we went to celebrate a good friend's birthday. And while most of my social circles are in some way geeky or geekier... This one is definitively geekiest. Not so much in the Free Software alignment scale, but in many, many other ways.

I was (pleasantly!) surprised to find we were four fellow potential hitchhikers (on the photo above, Jesús Wong; Susana and Aaron were also towel-bearers).
Oh, but you are still asking yourself what this is about?
I gather you have not yet read The Hitchhiker's Guide to the Galaxy, by Douglas Adams. The international Towel Day is observed annually on May 25, since 2001. And why? In Adams' words:

A towel, it says, is about the most massively useful thing an interstellar hitchhiker can have. Partly it has great practical value. You can wrap it around you for warmth as you bound across the cold moons of Jaglan Beta; you can lie on it on the brilliant marble-sanded beaches of Santraginus V, inhaling the heady sea vapours; you can sleep under it beneath the stars which shine so redly on the desert world of Kakrafoon; use it to sail a miniraft down the slow heavy River Moth; wet it for use in hand-to-hand-combat; wrap it round your head to ward off noxious fumes or avoid the gaze of the Ravenous Bugblatter Beast of Traal (such a mind-bogglingly stupid animal, it assumes that if you can't see it, it can't see you — daft as a brush, but very very ravenous); you can wave your towel in emergencies as a distress signal, and of course dry yourself off with it if it still seems to be clean enough.

More importantly, a towel has immense psychological value. For some reason, if a strag (strag: non-hitch hiker) discovers that a hitchhiker has his towel with him, he will automatically assume that he is also in possession of a toothbrush, face flannel, soap, tin of biscuits, flask, compass, map, ball of string, gnat spray, wet weather gear, space suit etc., etc. Furthermore, the strag will then happily lend the hitch hiker any of these or a dozen other items that the hitch hiker might accidentally have "lost." What the strag will think is that any man who can hitch the length and breadth of the galaxy, rough it, slum it, struggle against terrible odds, win through, and still knows where his towel is, is clearly a man to be reckoned with.

Thanks to the DC18 organizers for providing such a handy gift, thanks to Andreas Tille for kindly reminding us the observation of this important festivity, and thanks to Felipe Esquivel for providing photographic evidence.

( categories: )

Made with Creative Commons (Spanish translation): Copyedits done!

Submitted by gwolf on Wed, 05/08/2019 - 18:07

Uff!
Remember almost two years ago I announced on this same blog I would start coordinating a translation effort for the (excellent!) Made with Creative Commons book into Spanish? Having made the vey wise decision to choose Weblate as our translation platform, only four months later and with the collaboration from people all over Latin America, we amazingly reached 100% translated strings only four months later! Not only that — other languages were also started, and Norwegian (coordinated by Petter Reinholdtsen) also reached 100%.

But editting a book is not just a matter of translating it. In my case, as I publish via the National University, the translation had to undergo peer review –as any university-published book would– which took several months (!)
Once we got academic approval for the University to host the edition, resources were approved for our editors to do the style correction reading. And, of course, being us so diverse geographically, our linguistic styles were really not coherent. Some ideological issues appear in the resulting text, which also becomes easily aparent. Plus, not all of us are in the habit of writing — And it also shows.

So, the copyediting process was long and painful for our readers and for me, who incorporated their comments into the source. Oh — Eat your own dogfood: Given we did our translation based on a nice and nifty gettext+DocBook environment... Well, gettext is meant for programming, not for whole texts. I basically did all the copyediting by opening the .po file as plain text. Surprisingly, I broke things very few times!

The process still has many stops in the horizon. But at least I already finished a huge chunk of the pending work. I am happy! ☺

#FLISOL at Facultad de Ingeniería, UNAM - April 25 and 26 @lidsol @comunidadfi @die_fi_unam @FIUNAM_MX #FIUNAM

Submitted by gwolf on Wed, 04/10/2019 - 13:36

After several years of absence, LIDSOL (Laboratorio de Investigación y Desarrollo de Software Libre) is once again organizing a FLISOL!

And what is a FLISOL? It is the Festival Latinoamericano de Investigación y Desarrollo de Software Libre — An activity that started off as an installfest, but went on to become a full set of conferences. Set of conferences? Yes, because FLISOL happens more-or-less simultaneously (the official date is the last Saturday of April, but there is tolerance for it to happen up to a couple of weeks around it) all over Latin America. This year, FLISOL will be held at different cities in Germany, Argentina, Bolivia, Brazil, Chile, Colombia, Costa Rica, Cuba, Ecuador, Spain, El Salvador, Guatemala, Honduras, México, Nicaragua, Panamá, Paraguay, Perú, Rep. Dominicana, Uruguay and Venezuela.

So, besides the install fest that will be continuously happening on tables at the entrance of the auditorium, we will have a very interesting set of talks for Thursday and Friday, April 25 and 26, at the main auditorium of Facultad de Ingeniería (Auditorio Javier Barros Sierra):

A rough translation for the talks (yes, this is aimed at a local audience, but my blog is in English for $reasons ;-) ) follows:

Thursday, April 25
11:00
Hackers and Free Software, the immune system of Internet (Hiram Camarillo)
12:00
The Debian project: Beyond the mother of all distributions (Gunnar Wolf)
13:00
Advantages of communities, and how to contribute (Luis E. Jiménez Robles)
14:00
DeepDream with TensofFlow (Alejandro Hernández)
15:00
Science + Free Software = <3 (Diego Barriga)
16:00
Modbus Protocol: A present risk in Industrial Control Systems (Paulo Contreras Flores)
Friday, April 26
11:00
It's not your friend, it's proprietary software (Paul Aguilar)
12:00
Introduction to Fedora (Efrén A. Robledo)
13:30
Fedora Containers Lab (dockerless containers) (Alex Callejas)
15:00
Programmers sought: How to save the world without dying in the attempt (Irene Soria)
16:00
git + CI + CD = Devops (Andrés Hernández)

Debian @ Internet Freedom Fesitval #internetFF

Submitted by gwolf on Mon, 04/01/2019 - 18:07

Today, we had a little get-together of DDs in València, Spain, with some other DDs.

Most of us were here to attend the Internet Freedom Festival (IFF), plus Héctor and Filippo, who are locals. We missed some DDs (because in a 2500+ people gathering... Well, you cannot ever find everybody you are looking for!) so, sorry guys for not having you attend!

Sadly, we have no further report than having enjoyed a very nice dinner. No bugs were closed, no policy was discussed, no GRs were drafted, no cabals were hatched.

( categories: )

Many random blurbs on Debian

Submitted by gwolf on Mon, 03/25/2019 - 23:03

I have been busy as hell this year. I might have grabbed a bigger bite than what I can swallow – In many fronts! Anyway, sitting at an airport, at least I have time to spew some random blurbs to The Planet and beyond!

Voting
We all feared when no candidates showed up at the first call for DPL. But things sorted out themselves as they tend to (and as we all knew that would happen ;-) ), and we have four top-notch DPL candidates. It's getting tough to sort through their platforms and their answers in the lists; the old-timers among us have the additional advantage of knowing who they are and probably having worked closely with some of them. I am still drafting my Condorcet ballot. It won't be an easy task to completely rank them!
DebConf 20 and world politics
For personal and selfish reasons, I am very, very happy to have a reason to go back to Israel after over two decades. Of course, as everybody would expect, there is a bothering level of noise that's not going to quiet down until probably late August 2020... DebConf has often taken controversial turns. Israel is not the toughest one, even if it seems so to some readers. And... Well, to those that want to complain about it — Please do understand that the DebConf Committee is not a politically-acting body. Two bid submissions were presented fully, and the Israeli one was chosen because its local team is stronger. That is probably the best, most important criteria for this conference to be successful. No, it's not like we are betraying anything — It's just the objective best bidding we got from completely volunteer teams.
DebConf 19
What are you waiting for? Register! Submit a talk! Pack up and get your ticket for Brazil!

I'd better get moving, the plane might be getting some ideas about taking off.

( categories: )

Mob justice and extreme violence in Copilco Universidad — @Alcaldia_Coy @CopilcoUniv @CopilcoVecinos @manuelnegrete22

Submitted by gwolf on Tue, 03/05/2019 - 01:03

Some days ago I read a piece of news that shocked me at different levels: Three blocks away from my home, and after being "unclearly" denounced for harassing a woman, a guy was beaten to death. Several sources for this: El Diario MX: Por acosar a mujer lo golpean hasta la muerte; El Siglo de Torreón: Asesinan a hombre por presuntamente acosar a mujer en Coyoacán; Zócalo: Matan a hombre en Coyoacán; Milenio: Por presuntamente acosar a mujer, golpean y matan a hombre en CU.

Of course, when anybody cries for help, it should be our natural response (everybody's!) to rush and try to help. However, stopping an aggression is a far cry from taking justice in our own hands and killing a guy.

Mob justice is usually associated with peri-urban or rural areas, with higher socioeconomic margination and less faith in authority. Usually, lynching mobs generate a very bad and persistent name to wherever said acts of brutality happened. While I don't want to say we are better than..., it shocks me even more to have found this kind of brutality in the midst of the Universitary neighbourhood, at a very busy pedestrian street, at all times (this happened somewhat after noon on Thursday) full of teachers and students.

Not only that. The guy who was attacked was allegedly a homeless guy, in his mid 20s. Some reports say that after the beating took place, he was still alive, but when the emergency services arrived (30 minutes later!) he had died. We are literally less than 200m away from Facultad de Medicina, and hundreds of students and teachers walk there. Was nobody able to help? Did nobody feel the urge to help?

If this guy was a homeless person, quite probably he was weak from malnutrition, maybe crossed with some addictions, and that's what precipitated his death. But, again — This raises other suspicions. Maybe he was pointed to by some of the store owners that wanted to drive him away from their premises? (he was attacked inside a commercial passageway, not in the open street)

Also... While there is not much information regarding this attack, I'm quite amazed almost no important local (or even national!) media have picked this up. We are less than 1Km away from the central offices of Grupo Imágen! This is no small issue. Remember the terrible circus raised around the Tláhuac lynches in ~2005 (and how Tláhuac still carries that memory almost 15 years later)? What is the difference here?

No attack on women should be tolerated quietly. But no lynchmob should be given a blind eye to. This deeply worries and saddens me.

( categories: )
Syndicate content