Celebrate SFD 2014 on Saturday, September 20th
   
Text Size
Login
Canonical
Google
Linode
FSF
Linux Magazine
Ubuntu User
Linux Journal
Admin Network & Security Magazine
Smart Developer
Creative Commons
FreeBSD
Joomla!
Open Clipart Library
FSFE
Fundația Ceata
Atom 0.3 RSS 1.0 RSS 2.0 OPML FOAF

December 18, 2014

EU to fund Free Software code review

EU to fund Free Software code review

The European Parliament has approved funding for several projects related to Free Software and privacy. In the EU budget for 2015, which the European Parliament adopted on December 17, the Parliamentarians have allocated up to one million Euro for a project to audit Free Software programs in use at the Commission and the Parliament in order to identify and fix security vulnerabilities.

Even though these institutions are tightly locked into non-free file formats, much of their infrastructure is based on Free Software.

“This is a very welcome decision,” says FSFE's president Karsten Gerloff. “Like most public bodies, the European institutions rely heavily on Free Software for their daily operations. It is good to see that the Parliament and the Commission will invest at least a little in improving the quality and the programs they use.”

The European Commission's Directorate General for Informatics (DIGIT) will be in charge of implementing the pilot. FSFE urges the Commission to work closely with upstream developers. The EC should make the audit results public as soon as possible, and contribute any improvements it makes to the upstream projects.

The budget further lists a project to encrypt communications among the EU institutions, funded with EUR 500,000; and a pilot that uses Free Software and Open Standards to help civil society actors participate in lawmaking, by improving AT4AM, the software that MEPs use for drafting legislation, which the Parliament published as Free Software in 2013. Another project is intended to enable the European Commission to make unclassified documents publicly available by default.

“Taken together, these projects are a first step towards more transparent policy making in Europe,” says Gerloff. “We will continue to work with the Commission and the Parliament to help them along the path of engaging more consistently and effectively with the Free Software community.”

Media contact: Karsten Gerloff Mail: This e-mail address is being protected from spambots. You need JavaScript enabled to view it tel.: +49 176 9690 4298

Support FSFE, join the Fellowship
Make a one time donation

December 17, 2014

FSFE's work in 2014

FSFE's work in 2014

We shape tomorrow's world by what we do today. FSFE helps people to understand how technology affects their rights and freedoms, and empowers them to determine their own path in the digital world. See what we achieved in 2014, and where we're going next!

Free Software has never been more necessary to journalists and activists throughout the world. FSFE helps shape a world where technology empowers us, instead of oppressing us.

– Amaelle Guiton, journalist on hacker culture and privacy

I would like to share with you an overview of the work we did during the year of 2014. The support of FSFE's Fellows and donors has let us reach more people than ever before, and has allowed us to make an important impact. It has also allowed us to invest time and effort into making FSFE more effective. Importantly in a time of countless industry front groups, their contributions have helped to keep FSFE the way we like it: Fiercely independent and oriented towards the long term.

Please enjoy our annual overview. Thank you for helping us make the world a better place!

Telling the world about Free Software Changing the rules Our Free Software legal work Making FSFE better FSFE's finances Where FSFE's funds come from How we spend the money What's ahead in 2015 Telling the world about Free Software

Getting the Free Software message to as many people as possible is one of the main things we do at FSFE. Working with FSFE's Fellows, friends, and allies, we help people understand how software freedom lets them take charge of the technology in their lives.

FSFE's Fellows are great ambassadors for software freedom. The Zurich Fellowship group really came alive this year. The group published a detailed position paper on the ability of Swiss public bodies to distribute Free Software, and set up a version of the Free Software pact campaign for local elections. These volunteers established a country team in Switzerland that on their own Free Software Pact and outreaches into the public for the OpenJustitia case.

Another team of Fellows got together to form a country team in the Netherlands which runs privacy cafes, booths at events, and boosts local Fellowship engagement.

For this year's Document Freedom Day campaign, we worked with volunteers around the world to explain and promote Open Standards at 51 events in 21 countries.

Document Freedom Day in El Tigre, Venezuela

In Munich, Germany, the local Fellowship group had a big media impact during the local elections in Munich this year, working to secure the city's use of Free Software amid political change. The group continues to closely follow the political process, and to build resistance in the city administration to the aggressive lobbying of some proprietary vendors.

Events and conferences are still the single best venue to establish personal links with people who might be interested in Free Software. We explained Free Software in talks, workshops, panel discussions, radio shows and several times on TV. For many of these events, FSFE's Fellows took charge of organising our participation and staffing the booth. In addition to the usual IT conferences and events, we expanded our reach to cover street festivals in Munich and Düsseldorf (Germany), as well as festivals and game conferences in Vienna. This new outreach angle worked well, and we want to be present at many other such events next year.

Quite frequently, these events are also an opportunity for people to seek FSFE's help and support with moving their own organisations along the path to Free Software. In this way, we helped the protestant church in the German Rhineland to build Free Software into its IT strategy, and are currently engaged in a similar conversation with the European Commission and the European Parliament.

Turkish DFD volunteer Nermin Canik and Karsten Gerloff in Istanbul

Of course, we don't just rely on campaigns and events. We spread the word about Free Software every day, and help others do the same. Often, our wonderful team of translators helps us do this in local languages. During 2014, our monthly newsletter was translated into six languages on average. The same volunteers help us make FSFE's website available in up to 30 languages.

People who want to talk about Free Software to their friends and neighbours can order information packs through our website. We are currently sending out ten packs per month on average. People can order these free of charge through our website, though of course we appreciate donations to cover printing and shipping costs. Both our introductory Free Software leaflet and our F-Droid leaflet are available in five languages. We recently added a flyer on “email self defence” in German and English (more languages will be available soon); demand for this has been so great that we have already done three print runs of this. Volunteers distributed this flyer at the premiere screenings of the movie “Citizenfour”.

Changing the rules

Governments make the rules. By working with politicians and administrators, FSFE makes sure that laws and institutions put human rights and freedoms first.

For the European elections in May 2014, we helped the French Free Software association April with the Free Software Pact. We invited candidates in those elections to sign the pact, asking them to commit to using their European Parliament mandate to promote Free Software. Many of FSFE's Fellows got in touch with the candidates in their area to ask them. 33 of the pact's signatories are currently serving as Members of the European Parliament. We will repeat this effort for other elections. Preparations are currently under way for Switzerland's 2015 elections. With more resources available, we could put more time into following up with signatories, and using the contact we've built through the campaign to let them know what they should do in order to improve the situation for Free Software.

Taking Free Software to street - Berlin

In order to put users in charge of their devices, we kept pushing on “trusted computing” and “SecureBoot”. We brought this issue with Germany's Federal Information Security Office, and to the ministries of economics and interior. At the EU level, we initiated conversations about alternatives such as CoreBoot. We are pushing to ensure that consumers have the possibility to install alternative operating systems on the devices they buy and own. Our goal is to use the progress we have made in Germany to create progress in other European countries, and finally put device owners in full control of their hard- and software.

On public procurement, we pushed hard for the European Commission to improve the way it acquires software, in order to open up opportunities for Free Software and Open Standards. Using the EU's “freedom of information” mechanism, as well as parliamentary questions, we got the Commission to release documents about the way its contracts with Microsoft and other providers of non-free software are structured. We also obtained a document outlining the EC's [desktop software strategy] [pdf] for the coming years. This effort has opened the doors to several meetings with high-level IT decision makers in the Commission and the Parliament, and has enabled us to start a constructive conversation with them about what steps to take next. For example, the Commission has asked us to provide input to the next version of its “open source strategy”.

The router that connects your home to the Internet should be under your control. That's why we have followed developments on the issue of compulsory routers. We have published position papers, and documented both the arguments and the process in German, English, and Dutch. We supported other organisations with arguments and technical expertise, such as the Federation of German Consumer Organisations. Germany's ministry of economics is currently working on a draft law to enable free router choice for consumers, and prohibit compulsory routers.

Our Free Software legal work

Freedom faces many challenges. FSFE builds networks among the people who can do most to break down the barriers on the way to a free society.

We facilitate the world's largest network of legal experts on Free Software, with currently more than 360 members (up from 320 last year). Participating experts come from a wide range of backgrounds, from corporate legal departments to lawyers in private practice, and engineers with legal skills. The network serves to develop and spread best practices around Free Software, and increase acceptance. Several participants have called the network's annual meeting, the Free Software Legal & Licensing Workshop, the best event of its kind in the world.

Our favourite sticker this year.

This year, we also launched the Asian Legal Network as a discussion forum specifically targeted at the companies in that region, which make most of the world's computing hardware and embedded devices. Run jointly with the Open Invention Network and the Linux Foundation, this group is intended to help those companies join the global conversation on Free Software best practices, and assist them in improving license compliance.

FSFE's legal team again handled several dozen inquiries from developers and companies about copyright, licensing, trademarks, patents, and many other aspects of Free Software. Our legal coordinator Matija Šuklje also answered lots of in-person questions at conferences and events, as well as at Ljubljana's CyberPipe hackerspace, where he works one day a week.

Making FSFE better

This year, we set aside some time to review FSFE's goals, and the ways in which we pursue them. We conducted a stakeholder survey to learn more about the people who take an interest in FSFE, talked to many of our friends and allies in person about FSFE's work and direction, and reviewed our activities.

With a small group of internal and external experts, we hammered out a better way to explain FSFE's purpose that concisely reflects the direction we want the organisation to take for the coming years. This was an intense and highly productive internal process. The results will become visible over time, as FSFE's edge grows sharper, and we become more effective than we already are.

FSFE's finances

This section is based on our financial results at the end of Q3 2014. FSFE's information for previous financial years is available online. We will post the final numbers for 2014 as soon as they become available.

Where FSFE's funds come from

FSFE has an annual budget of roughly 400,000 Euro. 35% of this is covered by Fellowship contributions. 25% is covered by sponsoring for specific activities (mostly the annual Free Software Legal & Licensing Workshop, and Document Freedom Day). 20% comes from three big donors (Google, Linuxhotel and Red Hat), and 15% from smaller corporate or private donations (see our list of donors. The rest comes from sources such as merchandise sales, speaker fees and so on.

75% of FSFE's income is unrestricted, while 25% are tied to specific purposes -- mostly the sponsoring mentioned above.

FSFE's booth at RMLL 2014.

In sum, roughly half of FSFE's funds come from a limited number of large donors and sponsors (and let's not forget our hardware donors). The other half comes from countless small contributions from individuals and companies, in particular through the Fellowship. Fellowship contributions have shown reliable and constant growth, increasing by 164% since 2010. This is great, since they are the bedrock of FSFE's financial independence. In effect, they put us in the wonderful position to pursue our work for freedom without being worrying whether our initiatives might annoy our large donors.

How we spend the money

This section is based on our financial results for 2013. We will publish the figures for 2014 as soon as they become available; the distribution of costs across different categories is going to be similar to the 2013 results.

Across nearly all categories, our largest cost factor are staff salaries. We have a great team of experienced and dedicated people, and by paying them a living wage, we make it possible for them to dedicate their working time to Free Software.

The largest cost center is public awareness, where we spent 30% of our funds in 2013. Most of this went into staff salaries for campaigns and general public awareness work. The rest paid for FSFE's participation in events (mostly travel-related costs) and informationation materials.

About 22% of our spending went to FSFE's legal work. We used this to pay the salary of our legal coordinator, and travel to legal-related events. A large chunk of our spending in this category went towards organising the annual conference of the Legal Network; we cover the cost of these events through sponsoring and ticket sales.

Roughly 13% of our 2013 spending went towards the Fellowship. Again, most of this was for the salaries of our staff that support the Fellows in being effective ambassadors for Free Software. We also organised a meeting of European coordinators that year (to be repeated in 2015), and made money available for local activities by Fellowship groups.

Pretty much exactly the same share of spending went to FSFE's policy work. Here, the cost structure is very simple. Nearly all of the funds we spend on policy work go towards staff salaries. Most of the rest serves to cover travel costs for policy work, with Brussels as the most frequent destination.

About two percent of our costs in 2013 were for merchandise, covering mostly production (buying) costs and staff time. Of course, these costs were more than covered by the money we made selling said merchandise.

About 20% of our costs (19.2% in 2013, to be exact) are overhead spending, covering personnel costs for management and administration, team meetings (we are a pretty distributed organisation), rent for office space, phone bills, and so forth. We're trying hard to keep the overhead rate low; but there's no escaping the fact that an organisation like FSFE needs some level of management and coordination in order to remain effective.

What's ahead in 2015

During the coming months, the new European Commission will set the direction of its work for the next five years. During the past year, we have built a number of high-level connections in the Commission and the Parliament, and we are itching to leverage these. In addition, we are currently receiving numerous inquiries from Commission staff with whom we have built long-standing relationships, and who currently see open doors for Free Software in Brussels.

It is important that we can intensify our work as soon as possible, and take advantage of this opportunity to improve the situation for Free Software and Open Standards at the EU level. Software procurement, standardisation, patents, and device sovereignty are core topics for our policy work.

We want to reach more people, and go to more places where people do not yet know about Free Software. This is why we will further strengthen FSFE's network of local volunteers and Fellowship groups. In 2015, we plan to be present at street festivals and other events where until now, nobody has been promoting Free Software. We have greatly improved our leaflets, stickers, and other printed information materials over the past year. Now we will translate it into more languages, and expand its distribution libraries, cinemas, shops, and other places.

In the long run, we want to make sure that anyone who hears about Free Software in Europe can easily find a knowledgeable person close to them to help them along their path. That's why we will focus on supporting local activities in various ways. We're preparing a workshop for the European coordinators of FSFE's volunteer teams, in order to help them and their teams become more effective activists. We will enable activists to visit Fellowship groups in other places, teach their skills, and share their experiences. And we will make our promotion materials available in even more languages.

As we prepare to take on these challenges, we are grateful for the huge support we are experiencing, and for our Fellows' unrelenting passion for freedom!

Sincerely, Karsten Gerloff President, Free Software Foundation Europe

Support FSFE, join the Fellowship
Make a one time donation

December 15, 2014

Google Summer of Code Meetup in Kuala Lumpur, Malaysia

Earlier this year, Hu Yuhuang participated as a student in Google Summer of Code (GSoC) 2014. He recently hosted a meetup at University of Malaya to share his experiences and encourage other students to participate in GSoC 2015. (Student applications will open on March 16th, 2015.) Below, he discusses the local community meetup.

GSoCmeetup2.jpg

About two weeks after I officially finished my GSoC 2014 journey, I received an email announcing Google Summer of Code in 2015. I immediately forwarded this email to two friends of mine, Dr. Chee Sun Liew and fellow student Chin Poh Leong, and told them I would like to host a meetup for spreading this news. After a discussion, we decided the date (November the 28th, the last Friday of the month) and got support from our school.

We started to promote this meetup about three weeks before the event date. We used a Google Form for taking registration. By the eve of the meetup, we had received 140 online registrations among 9 local universities. The students’ enthusiasm exceeded our expectations.

On November 28th, 2014, Puzzles (a programming community that my friends and I founded) hosted the meetup at University of Malaya in Kuala Lumpur, Malaysia. We ultimately had 76 attendees from 4 local universities. We were pleasantly surprised that UTM, a local university, sent over 30 students to join this meetup. They travelled 6 hours from Johor, the very south end of Malaysia.

The meetup kicked off with Dr. Liew’s greeting speech. Afterward, I followed up with a briefing about GSoC 2015. I shared my previous experience of writing an application, getting in touch with organizations, and many details from my work over the previous summer. They asked me many practical questions about how and why they should join this program. The meetup was wrapped up with a lot of smiling and photos. Many students left us their contact information so they can stay tuned for further news and ask more questions in the future.

GSoCmeetup1.jpg

I’d like to thank everyone who helped me with this meetup; I couldn’t have done it without their help. Google Summer of Code is one of the best things to happen during my undergraduate life and I hope to see many talented Malaysian students participate in GSoC 2015.


By Hu Yuhuang, with photos by Yap Yee King

December 12, 2014

Google Summer of Code Wrap up: OpenKeychain

Today’s Google Summer of Code wrap up comes from Dominik Schürmann at OpenKeychain, a project helping Android users communicate securely.
ic_launcher.png
OpenKeychain helps you communicate more privately and securely. It uses high-quality modern encryption to ensure that your messages can be read only by the people you send them to, others can send you messages that only you can read, and these messages can be digitally signed so the people getting them are sure who sent them. OpenKeychain is based on the well established OpenPGP standard making encryption compatible across your devices and operating systems.

This was OpenKeychain’s first year participating in the Google Summer of Code program. We received two student slots, which we gratefully assigned to the best applicants. Their work was released as part of OpenKeychain 2.8.
Vincent Breitmoser worked on the cryptographic backend of OpenKeychain which is based on the low-level library Bouncy Castle. He rewrote almost all methods related to key operations and changed the way results are handled to allow a user-readable log of what actually has been processed. He also made the methods testable by dividing the backend into methods requiring Android and Java-only methods. Java-only crypto operations are now tested automatically using Travis CI.

mar-v-in worked on better integration of OpenKeychain into the Android OS, including better support for file encryption/decryption using Android 4.4 features. Now encrypting multiple files is possible using the Storage Access Framework. He also worked on an integration with Android's contact application by connecting contacts to keys in OpenKeychain by using email addresses as identifiers.

By Dominik Schürmann, Organization Administrator, OpenKeychain

More From Your Newest Board Member: An Interview with Cheryl R. Blain

Recently, The FreeBSD Foundation announced the addition of Cheryl R. Blain to the Board of Directors. We sat down with Cheryl to find out more about her background and what brought her to the Foundation. Take a look at what she has to say:

Tell us a little about yourself, and how you got involved with FreeBSD?
I was bit by the entrepreneur bug in 1999 when working for a non-profit. I’ve worked with high-tech, venture-backed, small-cap companies ever since.  My typical engagement finds
Cheryl R. Blain
me streamlining operations and sales teams to prepare companies for their next step forward, which most often involves financing.  


I have a master’s degree in business administration with a dual emphasis in finance and sustainable enterprise, from Saint Mary’s College and as a visiting student at UNC Kenan-Flagler.

Xinuos is the latest high-tech, venture-backed company to which I’ve plied my wares.  While working for Xinuos, I was exposed to FreeBSD for the first time in 2013.  During my first week on the job, I was asked if I was willing to go to Ottawa, Canada to learn more about FreeBSD and the community of developers.  The head of engineering and I felt the conference was very important to Xinuos’ future, so we decided it was an opportunity not to be missed.  Since the trip was so unexpected, I actually had to have my passport over-night shipped to me in our New Jersey office so I could leave the following day!  My colleague and I attended BSDCan and it was everything we had hoped it would be.  We were welcomed by the development community and pleasantly inundated with inquiries about our interest in FreeBSD.  David Chisnall was an especially helpful evangelist of FreeBSD, and made sure my colleague and I had the information we needed.

Why are you passionate about serving on the FreeBSD Foundation Board?
The FreeBSD community (including the board) is in no small part the reason I chose to learn more about the project as a commercial offering two years ago.  My passion is in building businesses, and I wanted to work on a project that was technologically sound, well supported and attractive to people who I like and respect.  The FreeBSD community quickly forgave me for being the least technical person in the room, and was wonderful in embracing the value I can bring to the community from a business perspective.

I look forward to doing my part to ensure that the FreeBSD project has a vibrant future.

What excited you about our work?
There are many things that make FreeBSD interesting...but the first time I think I got really excited was in Ottawa in 2013, when Matt Ahrens gave his talk on ZFS.  Every developer in the room was abuzz with excitement.  In Matt’s presentation he listed logos of the other open source operating systems using ZFS, but I connected with how the room full of BSD developers really embraced Matt as their own.  His bold move to pack his box at Oracle to continue his open source work, helped me realize the people associated with FreeBSD are not status quo...they are pushing the envelope. Then I met Peter Grehan and Neel Natu and was introduced to their work on bhyve, and Justin and George as Foundation board members and FreeBSD committers and knew that even though the FreeBSD project has been around since 1993, new excitement and innovation is happening right now.  And I haven’t even mentioned Capsicum or Clang! Oh and I can’t forget, I was there for the naming of Groff with all the rowdy laughter and good spirited banter, and it was then that I felt like I was among friends.   

 What are you hoping to bring to the organization and the community through your new leadership role?
I hope that my participation in the planning discussions will encourage other business leaders to join in the discussions as well.   

I also hope to encourage those who use FreeBSD commercially to become more vocal about their experiences and use cases, to encourage others to develop with FreeBSD as well.  In doing so, there is a great opportunity to build an endowment among alum to ensure a vibrant future for FreeBSD.

How do you see your background and experience complementing the current board? 
I will be delighted if I am successful in bringing a business lens to the board discussions.  I would like to help elevate FreeBSD in the minds of technology companies worldwide and see a broader acceptance of the OS as a commercially desirable alternative.

December 11, 2014

Super Computing Trip Report: Michael Dexter

Michael Dexter has also provided his trip report for Super Computing:

In case you have not heard of the Supercomputing.org conference, it is a meeting of 10,000 researchers, computer scientists, engineers, students, managers, sales engineers and three-letter agency representatives that takes place in a different US city every year. I have hosted a booth at the event since 2009 when it passed through Portland and this year showcased the bhyve Hypervisor and explained all things BSD to brilliant attendees from around the world. I was joined by Patrick Masson, General Manager of the Open Source Initiative, who helped shed light on the pervasive yet unrecognized use of open source software by the universities, organizations and companies at the event. Literally 90% or more of the exhibitors rely on open source but few give it any recognition. For years, GNU/Linux has dominated the Top500 list of supercomputers that is announced at the event each year and I set out to help change that by highlighting bhyve, OpenZFS and other great technologies in FreeBSD.

SC14 could not have started on a better note thanks to the announcement on the first day that the FreeBSD Foundation received a million dollar donation from WhatsApp founder Jan Koum. I heard many people say "I used FreeBSD ten years ago" and the news instantly got their attention and set the tone for the rest of the event. By showcasing ZFS, we drew the attention of ex-Sun Microsystems engineers and executives and even had a visit by UC Berkeley CSRG research assistant Clem Cole. The message that "BSD is back" was loud and clear and I canvased the Student Cluster Competition to help inspire a new generation of users who had never heard of the BSDs.

The bhyve booth was in the heart of the ARM pavilion which made for some enlightening conversations. bhyve and the ARM CPU architecture both stand out for operating without emulation, resulting in simplicity and performance for bhyve and significant power savings for ARM. A roadmap exists for bhyve support on ARM and hopefully this will be something to showcase at SC15. Of the exhibiting ARM partners, the SoftIron team stood out as loud and proud users of FreeBSD and I look forward to seeing them at future BSD events.

FreeBSD vendor iXsystems was also at the event demonstrating FreeNAS and TrueNAS, as were the SaltStack team who received a bhyve demo and expressed a sincere desire to include support for bhyve. A handful of other open source vendors like Red Hat were in attendance plus FreeBSD consumers like Spectra Logic, EMC/Isilon, NetApp and Juniper. Many individual open source users came to the booth and my favorite quotation came from a conversation at a Mellanox event: "Our administrators use FreeNAS at home and come work and ask 'why the heck aren't we using ZFS?'" Open source is winning but there is still much work to be done.

Speaking of work, I asked many people, including Navy researchers moving massive uncompressed video streams, what FreeBSD needs to do get back on the Top500 list of supercomputers. The short list of answers I received was: OFED/OpenFabrics Enterprise Distribution support, OpenMPI/Message Passing Interface support and Lustre distributed file system support. Surprisingly, NUMA/Non-Uniform Memory Access did not come up. Interconnect vendor Chelsio Communications stood out as a solid supporter of FreeBSD and dominant player Mellanox expressed interest in expanding their support for FreeBSD given the opportunity it represents. All in all, people were very receptive to giving FreeBSD and other BSDs a try, especially given that it would be a homecoming for so many users.

I wish to thank the FreeBSD Foundation for sponsoring the bhyve booth at SC14 and I am delighted to hear that ARM has just made a generous $50,000 donation to the Foundation. In total I gave out 250 tri-fold brochures and talked to hundreds of people at SC14. Hopefully those seeds will take root and we will start seeing FreeBSD systems in the Student Cluster Competition and on the 2015 Top500 supercomputer list!

December 08, 2014

Committee begins review of High Priority Projects list -- your input is needed

High Priority Projects logo

This announcement was written by the FSF's volunteer High Priority Projects Committee.

Nine and a half years ago the first version of the High Priority Free Software Projects (HPP) list debuted with only four projects, three of them related to Java. Eighteen months later, Sun began to free Java users. The current HPP list includes fourteen categories mentioning over forty distinct projects. Computing is ever more ubiquitous and diverse, multiplying challenges to surmount in order for all computer users to be free.

Undoubtedly there are thousands of free software projects that are high priority, each having potential to displace non-free programs for many users, substantially increasing the freedom of those users. But the potential value of a list of High Priority Free Software Projects maintained by the Free Software Foundation is its ability to bring attention to a relatively small number of projects of great strategic importance to the goal of freedom for all computer users. Over the years the list has received praise and criticism -- frankly not nearly enough, given the importance of its aims -- and been rebooted. As the list approaches its tenth year, we aim to revitalize and rethink it, on an ongoing basis.

The first step has been to assemble a committee which will maintain the list, initially composed of the following free software activists: ginger coons, Máirín Duffy, Matthew Garrett, Benjamin Mako Hill, Mike Linksvayer, Lydia Pintscher, Karen Sandler, Seth Schoen, and Stefano Zacchiroli. The committee has drafted this announcement and the following plan.

We need your input! Send your suggestions of projects to This e-mail address is being protected from spambots. You need JavaScript enabled to view it . Remember, we're looking for projects of great strategic importance to the goal of freedom for all computer users. If you wish, we encourage you to publish your thoughts independently (e.g., on your blog) and send a us a link. Keep in mind that not every project of great strategic importance to the goal of freedom for all computer users will be a software development project. If you believe other forms of activism, internal or external (e.g., making free software communities safe for diverse participants, mandating use of free software in the public sector), are most crucial, please make the case and suggest such a project!

Based on the received input, the current content of the list, and our own contributions, we will publish a substantially revised list and an analysis before LibrePlanet 2015 and expect a lively discussion at that event. If we are successful, we will have the immediate impact of bringing widespread coverage of free software movement strategy and the ongoing impact of garnering substantial attention and new effort for listed projects. (Note that we're also interested in outreach and measurement suggestions. A revised and maintained list is necessary but not sufficient for success.)

Finally, we've already made a few minor changes to the HPP list in order to fix long-standing issues that have been reported in the past. We are looking forward to your feedback at This e-mail address is being protected from spambots. You need JavaScript enabled to view it as we work on more substantial improvements!

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

Media Contacts

John Sullivan
Executive Director
Free Software Foundation
+1 (617) 542 5942
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

December 02, 2014

More Single Line Art

I am a better line processor than any algorithm we currently have access to. Behold what I turned into a SINGLE LINE by hand:

Look upon my works, ye mighty, and despair!

Look upon my works, ye mighty, and despair!

Many people think we’re using Mathematica to do the drawings of our Quilt Money. We’re not! I am drawing all this stuff by hand. Theo uses Mathematica to route my drawings that contain T-intersections, but I’m learning to make my drawings single lines without T-intersections by hand, because they route much better that way. Everything below was drawn by me, by hand:

$100_new_19_all

Only a few bits (the seals and part of the border) need to be routed in Mathematica. Everything else I drew as single paths. Which is quite a brain-hurter, lemme tell ya. Here’s a screen capture of me working on this same project last week:

I could do this much more efficiently now, using what I’ve learned since then. Which is good, because the better I get at this, the more I can help someone else create algorithms to automate this kind of work.

And yes, at some point we hope to offer an affordable $100 Quilt. But first I have to get the design right, and then our potential partner has to be able actually produce it without losing money. We’re working on it.

Our quilted money is one of the few things I don’t share source (in this case, vector) files for, because currency isn’t exactly like other culture, as I explain here.

Share/Bookmark

flattr this!

November 27, 2014

New stickers and leaflets: No cloud and e-mail self-defense

This week we received new additions for our information materials in the Berlin office.

First of all, the English version of the “e-mail self-defense” leaflet. In September Erik layouted and printed a German version of that leaflet to distribute at the “freedom not fear demonstration“ in Berlin. We received a lot of positive feedback about the leaflet, and had to order the German version three times already. Now we also have the English version, and our translators are working on Dutch, Italian, French, Spanish, Greek, and Chinese.

gnupg-leaflet.en FSFE CC BY-SA

Getting Ready for Fedora 21

I’ve been using Fedora 21 on my home computer since alpha, so it’s really nothing new for me, but I’m really excited about the release. In my opinion, it will be the most significant release since Fedora 7 when Core and Extras got merged. It’s also been the most stable release of Fedora I’ve used.

While Fedora QA guys are working on the final polishing as that F21 can meet the final criteria, ambassadors are getting ready for the release. Last week, the vendor finally delivered stickers of new products and case badges for the EMEA region:

DVDs are also on their way. In EMEA, we decided that we would only produce Workstation DVDs, we won’t need any special image from the release engineering which will speed up the process. The vendor promised me that if we provided them with ISO by Friday afternoon they would deliver the DVDs on Wednesday December 9th which is the release day! So if everything goes well, physical media won’t be behind the images for the first time in the history. And it should go well because if Fedora 21 is declared gold at the go/no-go meeting on Thursday we can take the latest image that has been declared gold and send it to the vendor right away.

Artworks for DVD sleeves and disks are also ready (thanks to inkscaper):

And where to get them? At release parties! You can even organize one and ask for support in form of media and swag.


Lollipopp’d

I successfully updated my Nexus devices with Android 5.0 aka Lollipop earlier this week. Finally. After 3 tries with the download failing the first time, the install failing the next time and then it finally going through. Here is what I’m impressed with: * Look and feel polish – the visual change using new material […]

November 24, 2014

DevConf.cz 2015: Last Call for Papers!

The deadline of the CfP of DevConf.cz 2015 is really close (Dec 1st). So if you’re still thinking about submitting a talk, stop thinking and proceed to an action: CfP online form ;-)

Talks on Fedora or on stuff related to Fedora are especially welcome because the third day of the conference will be Fedora Day where all such talks may find their home.

DevConf.cz is the largest developer conference devoted to Red Hat technologies (Linux, Fedora, JBoss, cloud, virtualization,…). The last edition had almost 100 talks and workshops and around 1000 visitors. The 2015 edition will take place in Brno, Czech Republic on Feb 6-8.

devconf-logo


November 22, 2014

Release party in Barcelona

15794067981_0d173ce352_z

Another time, and there has been 16, ubuntaires celebrated the release party of the next Ubuntu version, in this case, 14.10 Utopic Unicorn.

This time, we went to Barcelona, at Raval, at the very centre, thanks to our friends of the TEB.

As always, we started with explaining what Ubuntu is and how our Catalan LoCo Team works and later Núria Alonso from the TEB explained the Ubuntu migration done at the Xarxa Òmnia.

15797518182_0a05d96fde_z

The installations room was plenty from the very first moment.

15611105340_1de89d36b4_z

There also was a very profitable auto-learning workshop on how to do an Ubuntu metadistribution.

15772275826_99d1a77d8b_z

 

And in another room, there were two Arduino workshops.

15610528118_927a8d7cc2_z15794076701_cc538bf9ba_z

 

And, of course, ubuntaires love to eat well.

 

15615259540_76daed408b_z 15614277959_c98bda1d33_z

 

Pictures by Martina Mayrhofer and Walter García, all rights reserved.

 
 

November 14, 2014

FreeBSD 10.1-RELEASE Available

FreeBSD 10.1-RELEASE is now available. Please be sure to check the Release Notes and Release Errata before installation for any late-breaking news and/or issues with 10.1. More information about FreeBSD releases can be found on the Release Information page.

November 13, 2014

Angel O’ Death T-shirts

AngelODeathTSpring

 

Available until December 3 here! There’s a pull-down menu that lets you choose between men’s and women’s crew necks, v-necks, and unisex long sleeved shirts. Teespring worked great for the Passover Satyr shirts – I was pleased with the quality of both the screen printing and the shirt stock. This is a much easier way for me to produce shirts than trying to figure out demand in advance and paying for everything up front.

Share/Bookmark

flattr this!

November 08, 2014

OpenStack on a diet, redux

Subhu writes that OpenStack’s blossoming project list comes at a cost to quality. I’d like to follow up with an even leaner approach based on an outline drafted during the OpenStack Core discussions after ODS Hong Kong, a year ago.

The key ideas in that draft are:

Only call services “core” if the user can detect them.

How the cloud is deployed or operated makes no difference to a user. We want app developers to

Define both “core” and “common” services, but require only “core” services for a cloud that calls itself OpenStack compatible.

Separation of core and common lets us recognise common practice today, while also acknowledging that many ideas we’ve had in the past year or three are just 1.0 iterations, we don’t know which of them will stick any more than one could predict which services on any major public cloud will thrive and which will vanish over time. Signalling that something is “core” means it is something we commit to keeping around a long time. Signalling something is “common” means it’s widespread practice for it to be available in an OpenStack environment, but not a requirement.

Require that “common” services can be self-deployed.

Just as you can install a library or a binary in your home directory, you can run services for yourself in a cloud. Services do not have to be provided by the cloud infrastructure provider, they can usually be run by a user themselves, under their own account, as a series of VMs providing network services. Making it a requirement that users can self-provide a service before designating it common means that users can build on it; if a particular cloud doesn’t offer it, their users can self-provide it. All this means is that the common service itself builds on core services, though it might also depend on other common services which could be self-deployed in advance of it.

Require that “common” services have a public integration test suite that can be run by any user of a cloud to evaluate conformance of a particular implementation of the service.

For example, a user might point the test suite at HP Cloud to verify that the common service there actually conforms to the service test standard. Alternatively, the user who self-provides a common service in a cloud which does not provide it can verify that their self-deployed common service is functioning correctly. This also serves to expand the test suite for the core: we can self-deploy common services and run their test suites to exercise the core more thoroughly than Tempest could.

Keep the whole set as small as possible.

We know that small is beautiful; small is cleaner, leaner, more comprehensible, more secure, easier to test, likely to be more efficiently implemented, easier to attract developer participation. In general, if something can be cut from the core specification it should. “Common” should reflect common practice and can be arbitrarily large, and also arbitrarily changed.

In the light of those ideas, I would designate the following items from Subhu’s list as core OpenStack services:

  • Keystone (without identity, nothing)
  • Nova (the basis for any other service is the ability to run processes somewhere)
    • Glance (hard to use Nova without it)
  • Neutron (where those services run)
    • Designate (DNS is a core aspect of the network)
  • Cinder (where they persist data)

I would consider these to be common OpenStack services:

  • SWIFT (widely deployed, can be self-provisioned with Cinder block backends)
  • Ceph RADOS-GW object storage (widely deployed as an implementation choice, common because it could be self-provided on Cinder block)
  • Horizon (widely deployed, but we want to encourage innovation in the dashboard)

And these I would consider neither core nor common, though some of them are clearly on track there:

  • Barbican (not widely implemented)
  • Ceilometer (internal implementation detail, can’t be common because it requires access to other parts)
  • Juju (not widely implemented)
  • Kite (not widely implemented)
  • HEAT (on track to become common if it can be self-deployed, besides, I eat controversy for breakfast)
  • MAAS (who cares how the cloud was built?)
  • Manila (not widely implemented, possibly core once solid, otherwise common once, err, common)
  • Sahara (not widely implemented, weird that we would want to hardcode one way of doing this in the project)
  • Triple-O (user doesn’t care how the cloud was deployed)
  • Trove (not widely implemented, might make it to “common” if widely deployed)
  • Tuskar (see Ironic)
  • Zaqar (not widely implemented)

In the current DefCore discussions, the “layer” idea has been introduced. My concern is simple: how many layers make sense? End users don’t want to have to figure out what lots of layers mean. If we had “OpenStack HPC” and “OpenStack Scientific” and “OpenStack Genomics” layers, that would just be confusing. Let’s keep it simple – use “common” as a layer, but be explicit that it will change to reflect common practice (of course, anything in common is self-reinforcing in that new players will defer to norms and implement common services, thereby entrenching common unless new ideas make services obsolete).

November 07, 2014

Software Freedom Conservancy and Free Software Foundation announce copyleft.org

BOSTON, Massachusetts, USA -- Friday, November 7, 2014 -- Software Freedom Conservancy and the Free Software Foundation (FSF) today announce an ongoing public project that began in early 2014: Copyleft and the GNU General Public License: A Comprehensive Tutorial and Guide, and the publication of that project in its new home on the Internet at copyleft.org. This new site will not only provide a venue for those who constantly update and improve the Comprehensive Tutorial, but is also now home to a collaborative community to share and improve information about copyleft licenses, especially the GNU General Public License (GPL), and best compliance practices.

Bradley M. Kuhn, President and Distinguished Technologist of Software Freedom Conservancy and member of FSF's Board of Directors, currently serves as editor-in-chief of the project. The text has already grown to 100 pages discussing all aspects of copyleft -- including policy motivations, detailed study of the license texts, and compliance issues. This tutorial was initially constructed from materials that Kuhn developed on a semi-regular basis over the last eleven years. Kuhn merged this material, along with other material regarding the GPL published by the FSF, into a single, coherent volume, and released it publicly for the benefit of all users of free software.

Today, Conservancy announces a specific, new contribution: an additional chapter to the Case Studies in GPL Enforcement section of the tutorial. This new chapter, co-written by Kuhn and Conservancy's compliance engineer, Denver Gingerich, discusses in detail the analysis of a complete, corresponding source (CCS) release for a real-world electronics product, and describes the process that Conservancy and the FSF use to determine whether a CCS candidate complies with the requirements of the GPL. The CCS analyzed is for ThinkPenguin's TPE-NWIFIROUTER wireless router, which the FSF recently awarded Respects Your Freedom (RYF) certification.

The copyleft guide itself is distributed under the terms of a free copyleft license, the Creative Commons Attribution-ShareAlike 4.0 International license. Kuhn, who hopes the initial release and this subsequent announcement will inspire others to contribute to the text, said, "information about copyleft -- such as why it exists, how it works, and how to comply -- should be freely available and modifiable, just as all generally useful technical information should. I am delighted to impart my experience with copyleft freely. I hope, however, that other key thinkers in the field of copyleft will contribute to help produce the best reference documentation on copyleft available."

Particularly useful are the substantial contributions already made to the guide from the FSF itself. As the author, primary interpreter, and ultimate authority on the GPL, the FSF is in a unique position to provide insights into understanding free software licensing. While the guide as a living text will not automatically reflect official FSF positions, the FSF has already approved and published one version for use at its Seminar on GPL Enforcement and Legal Ethics in March 2014. "Participants at our licensing seminar in March commented positively on the high quality of the teaching materials, including the comprehensive guide to GPL compliance. We look forward to collaborating with the copyleft.org community to continually improve this resource, and we will periodically review particular versions for FSF endorsement and publication," said FSF's executive director John Sullivan.

Enthusiastic new contributors can get immediately involved by visiting and editing the main wiki on copyleft.org, or by submitting merge requests on copyleft.org's gitorious site for the guide, or by joining the project mailing list and IRC channel.

copyleft.org welcomes all contributors. The editors have already incorporated other freely licensed documents about GPL and compliance with copyleft licenses -- thus providing a central location for all such works. Furthermore, the project continues to recruit contributors who have knowledge about other copyleft licenses besides the FSF's GPL family. In particular, Mike Linksvayer, member of Conservancy's board of directors, has agreed to lead the drafting on a section about Creative Commons Attribution-ShareAlike licenses to mirror the ample text already available on GPL. "I'm glad to bring my knowledge about the Creative Commons copyleft licenses as a contribution to improve further this excellent tutorial text, and I hope that copyleft.org as a whole can more generally become a central location to collect interesting ideas about copyleft policy," said Linksvayer.

About copyleft.org

copyleft.org is a collaborative project to create and disseminate useful information, tutorial material, and new policy ideas regarding all forms of copyleft licensing. Its primary project is currently a comprehensive tutorial and guide, which describes the policy motivations of copyleft licensing, presents a detailed analysis of the text of various copyleft licenses, and gives examples and case studies of copyleft compliance situations.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

About Software Freedom Conservancy

Software Freedom Conservancy is a not-for-profit organization that promotes, improves, develops and defends Free, Libre and Open Source software projects. Conservancy is home to more than thirty software projects, each supported by a dedicated community of volunteers, developers and users. Conservancy's projects include some of the most widely used software systems in the world across many application areas, including educational software deployed in schools around the globe, embedded software systems deployed in most consumer electronic devices, distributed version control developer tools, integrated library services systems, and widely used graphics and art programs. A full list of Conservancy's member projects is available. Conservancy provides these projects with the necessary infrastructure and not-for-profit support services to enable each project's communities to focus on what they do best: creating innovative software and advancing computing for the public's benefit.

Media Contacts

Joshua Gay
Licensing & Compliance Manager
Free Software Foundation
+1 (617) 542 5942
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

Karen M. Sandler
Executive Director
Software Freedom Conservancy
+1 (212) 461-3245
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

November 05, 2014

Debutsav 2014 Experiences – Day 2

This will be the last post in series on Debutsav 2014 held at Amrita University and consequently will be biggish. As shared in the last blog post as well, the day started with Anup making sure that all of us were awake and had our bed tea. As most (or almost all) of us had […]

November 03, 2014

osquery is neat

Facebook recently made opensource, osquery. It gives you operating system data via SQL queries! Its very neat, and you can test this even on MacOSX (it works on that platform & Linux). It is by far the project with the most advanced functionality, linked here in this post.

I noticed that rather quickly, there was a PostgreSQL project, called pgosquery, based on Foreign Data Wrappers with a similar idea. (apparently it was written in less than 15 minutes; so a much lower learning curve than the regular MySQL storage engine interface)

I immediately thought about an older MySQL project, by Chip Turner (then at Google, now at Facebook), called mysql-filesystem-engine. This idea was kicking around in 2008. I was intrigued by hearing about this at a talk (probably at the MySQL Conference & Expo); it’s a pity no one took this further.

On a similar tangent, did you also know that there is the option to use MySQL as storage via FUSE (see: mysqlfs)? An article by Ben Martin shows some practical examples.

At its heyday, MySQL had many storage engines (maybe around 50). Wikipedia has an incomplete list. I see some engines on that list, and think that some of these folk are also creating MongoDB backends — competition. At MariaDB we are probably shipping the most storage engines of any MySQL-based distribution, however I think we could be doing an even better job at working with upstream vendors, and figuring out how to support & augment business around it.

November 02, 2014

FreeBSD turns 21 today!

FreeBSD 1.0, the first official production-ready release of FreeBSD was announced 21 years ago today, on November 2nd, 1993. See the original announcement here.

October 31, 2014

Software Freedom Day 2014 Phnom Penh

The Digital Freedom Foundation is organizing our Software Freedom Day event in Phnom Penh together with the National Institute of Posts Telecommunications and ICT and the Ministry of Posts and Telecommunications on November 1st at the NIPTICT Building. There will be 14 talks (9 in Khmer and 5 in English) with topics covering free and open source software ranging from operating system, learning platforms, website development, resource map, servers, to security. Here is the detailed schedule and speakers profiles.

We expect to have more than a hundred people to attend and aim to target both the university audience and the young workforce, on top of presentations and workshops, we (assisted by various communities) will be holding booths (e.g. Moodle, Mozilla, RouterOS, Ubuntu and Blender) to allow for more individuals discussions. All in all it’s been a joy preparing for this event, allowing us to talk and plan resources with people from different local communities such as OpenSourceCambodia and Smallworld Cambodia.

The event will start at 1:30pm tomorrow, if you happen to be in Phnom Penh please do drop by!

web-banner-chat-we-re-organizing-h

October 27, 2014

Debutsav 2014 Experiences – Day 1

This again will be a tell-all from a perspective of an organizer of Debutsav 2014 with some left-over notes of Day 0 as well. Before, we start, couple of things which I should have shared at the beginning. During the journey back and forth, I completed ‘Inheritance’ Book 4 by Christopher Paolini. It’s the culmination […]

October 23, 2014

Ten years of Ubuntu

Today marks 10 years of Ubuntu and the release of the 21st version. That is an incredible milestone and one which is worthy of reflection and celebration. I am fortunate enough to be spending the day at our devices sprint with 200+ of the folks that have helped make this possible. There are of course hundreds of others in Canonical and thousands in the community who have helped as well. The atmosphere here includes a lot of reminiscing about the early days and re-telling of the funny stories, and there is a palpable excitement in the air about the future. That same excitement was present at a Canonical Cloud Summit in Brussels last week.

The team here is closing in on shipping our first phone, marking a new era in Ubuntu’s history. There has been excellent work recently to close bugs and improve quality, and our partner BQ is as pleased with the results as we are. We are on the home stretch to this milestone, and are still on track to have Ubuntu phones in the market this year. Further, there is an impressive array of further announcements and phones lined up for 2015.

But of course that’s not all we do – the Ubuntu team and community continue to put out rock solid, high quality Ubuntu desktop releases like clockwork – the 21st of which will be released today. And with the same precision, our PC OEM team continues to make that great work available on a pre-installed basis on millions of PCs across hundreds of machine configurations. That’s an unparalleled achievement, and we really have changed the landscape of Linux and open source over the last decade. The impact of Ubuntu can be seen in countless ways – from the individuals, schools, and enterprises who now use Ubuntu; to proliferation of Codes of Conduct in open source communities; to the acceptance of faster (and near continuous) release cycles for operating systems; to the unique company/community collaboration that makes Ubuntu possible; to the vast number of developers who have now grown up with Ubuntu and in an open source world; to the many, many, many technical innovations to come out of Ubuntu, from single-CD installation in years past to the more recent work on image-based updates.

Ubuntu Server also sprang from our early desktop roots, and has now grown into the leading solution for scale out computing. Ubuntu and our suite of cloud products and services is the premier choice for any customer or partner looking to operate at scale, and it is indeed a “scale-out” world. From easy to consume Ubuntu images on public clouds; to managed cloud infrastructure via BootStack; to standard on-premise, self-managed clouds via Ubuntu OpenStack; to instant solutions delivered on any substrate via Juju, we are the leaders in a highly competitive, dynamic space. The agility, reliability and superior execution that have brought us to today’s milestone remains a critical competency for our cloud team. And as we release Ubuntu 14.10 today, which includes the latest OpenStack, new versions of our tooling such as MaaS and Juju, and initial versions of scale-out solutions for big data and Cloud Foundry, we build on a ten year history of “firsts”.

All Ubuntu releases seem to have their own personality, and Utopic is a fitting way to commemorate the realisation of a decade of vision, hard work and collaboration. We are poised on the edge of a very different decade in Canonical’s history, one in which we’ll carry forward the applicable successes and patterns, but will also forge a new path in the twin worlds of converged devices and scale-out computing. Thanks to everyone who has contributed to the journey thus far. Now, on to Vivid and the next ten years!

October 16, 2014

Ubuntu Security Update on Poodle (CVE-2014-3566) and SSLv3 Downgrade Attack

The following is an update on Ubuntu’s response to the latest Internet emergency security issue, POODLE (CVE-2014-3566), in combination with an
SSLv3 downgrade vulnerability.

Vulnerability Summary

“SSL 3.0 is an obsolete and insecure protocol. While for most practical purposes it has been replaced by its successors TLS 1.0, TLS 1.1, and TLS 1.2, many TLS implementations remain backwards­ compatible with SSL 3.0 to interoperate with legacy systems in the interest of a smooth user experience. The protocol handshake provides for authenticated version negotiation, so normally the latest protocol version common to the client and the server will be used.” -https://www.openssl.org/~bodo/ssl-poodle.pdf

A vulnerability was discovered that affects the protocol negotiation between browsers and HTTP servers, where a man-in-the-middle (MITM) attacker is able trigger a protocol downgrade (ie, force downgrade to SSLv3, CVE to be assigned).  Additionally, a new attack was discovered against the CBC block cipher used in SSLv3 (POODLE, CVE-2014-3566).  Because of this new weakness in the CBC block cipher and the known weaknesses in the RC4 stream cipher (both used with SSLv3), attackers who successfully downgrade the victim’s connection to SSLv3 can now exploit the weaknesses of these ciphers to ascertain the plaintext of portions of the connection through brute force attacks.  For example, an attacker who is able to manipulate the encrypted connection is able to steal HTTP cookies.  Note, the protocol downgrade vulnerability exists in web browsers and is not implemented in the ssl libraries.  Therefore, the downgrade attack is currently known to exist only for HTTP.

OpenSSL will be updated to guard against illegal protocol negotiation downgrades (TLS_FALLBACK_SCSV).  When the server and client are updated to use TLS_FALLBACK_SCSV, the protocol cannot be downgraded to below the highest protocol that is supported between the two (so if the client and the server both support TLS 1.2, SSLv3 cannot be used even if the server offers SSLv3).

The recommended course of action is ultimately for sites to disable SSLv3 on their servers, and for browsers to disable SSLv3 by default since the SSLv3 protocol is known to be broken.  However, it will take time for sites to disable SSLv3, and some sites will choose not to, in order to support legacy browsers (eg, IE6).  As a result, immediately disabling SSLv3 in Ubuntu in the openssl libraries, in servers or in browsers, will break sites that still rely on SSLv3.

Ubuntu’s Response:

Unfortunately, this issue cannot be addressed in a single USN because this is a vulnerability in a protocol, and the Internet must respond accordingly (ie SSLv3 must be disabled everywhere).  Ubuntu’s response provides a path forward to transition users towards safe defaults:

  • Add TLS_FALLBACK_SCSV to openssl in a USN:  In progress, upstream openssl is bundling this patch with other fixes that we will incorporate
  • Follow Google’s lead regarding chromium and chromium content api (as used in oxide):
    • Add TLS_FALLBACK_SCSV support to chromium and oxide:  Done – Added by Google months ago.
    • Disable fallback to SSLv3 in next major version:  In Progress
    • Disable SSLv3 in future version:  In Progress
  • Follow Mozilla’s lead regarding Mozilla products:
    • Disable SSLv3 by default in Firefox 34:  In Progress – due Nov 25
    • Add TLS_FALLBACK_SCSV support in Firefox 35:  In Progress

Ubuntu currently will not:

  • Disable SSLv3 in the OpenSSL libraries at this time, so as not to break compatibility where it is needed
  • Disable SSLv3 in Apache, nginx, etc, so as not to break compatibility where it is needed
  • Preempt Google’s and Mozilla’s plans.  The timing of their response is critical to giving sites an opportunity to migrate away from SSLv3 to minimize regressions

For more information on Ubuntu security notices that affect the current supported releases of Ubuntu, or to report a security vulnerability in an Ubuntu package, please visit http://www.ubuntu.com/usn/.

 

October 15, 2014

POODLE SSL 3.0 Vulnerability

Yesterday, Google published the discovery of an SSL 3.0 vulnerability named “POODLE.” This vulnerability allows an attacker to decrypt transferred data and successfully read plain text. While many browsers support newer, more secure protocols, an attacker can create connectivity issues, causing the browser to fall-back to the vulnerable SSL 3.0 protocol.

Is Linode Infrastructure Vulnerable?

We have disabled SSL 3.0 on our web servers, NodeBalancers, and the rest of our infrastructure. Quick execution from our Security Team has protected our infrastructure from this vulnerability.

Am I Vulnerable?

If your Internet-facing Linode allows for encrypted connections you will need to make sure that SSL 3.0 is completely disabled. This doesn’t mean that a stronger protocol such as TLS is offered first but rather that SSL 3.0 should not be an option at all. You can check if you’re vulnerable and how to disable SSL 3.0 using our guide: Disabling SSLv3 for POODLE.

October 13, 2014

CloudOpen 2014 – Mixing Your Open Source Cloud Cocktail

Here’s the presentation I gave at the Linux Foundation’s CloudOpen in Dusseldorf on October 13, 2014 titled Mixing Your Open Source Cloud Cocktail

Add two parts virtualization, one part orchestration add a little networking shake and pour. Unfortunately cloud computing isn’t that easy but then again not all clouds are the same and tastes may vary. This talk will discuss how the varying open source technologies like OpenStack, Docker, LXC and others can be mixed together to make something that appeals to the needs of a wide variety of users. There’s also no problem in abstaining from building your own cloud but still benefiting from the open source tooling to maximize the benefits of the public cloud.

 

September 30, 2014

Oracle Linux ships MariaDB

I can’t remember why I was installing Oracle Enterprise Linux 7 on Oracle VirtualBox a while back, but I did notice something interesting. It ships, just like CentOS 7, MariaDB Server 5.5. Presumably, this means that MariaDB is now supported by Oracle, too ;-) [jokes aside, It’s likely because OEL7 is meant to be 100% compatible to RHEL7]

OEL7__Running_

The only reason I mention this now is Vadim Tkachenko, probably got his most retweeted tweet recently, stating just that. If you want to upgrade to MariaDB 10, don’t forget that the repository download tool provides CentOS 7 binaries, which should “just work”.

If you want to switch to MySQL, there is a Public Yum repository that MySQL provides (and also don’t forget to check the Extras directory of the full installation – from OEL7 docs sub-titled: MySQL Community and MariaDB Packages). Be sure to read the MySQL docs about using the Yum repository. I also just noticed that the docs now have information on replacing a third-party distribution of MySQL using the MySQL yum repository.

Linode Managed is even better than before!

Linode Managed is getting even better. With 24/7/365 incident response, backups, Longview Pro, application tuning and architecture advice, it’s already a great value. Now, three more upgrades, exclusive to Linode Managed customers, make it a better value than before:

  1. Linode Managed now includes free cPanel & WHM.
  2. Linode Managed now includes free site migrations.
  3. Linode Managed now includes a discounted rate on Professional Services.

Free cPanel

cPanel & WHM, the world’s most popular control panel for managing websites, is now free to Linode Managed customers. Our team of experts will even install it for you.

Free Site Migrations

As a Linode Managed customer, you are entitled to free site migrations by Linode’s expert team.

Discounted Rate on Professional Services

This past August, we launched Professional Services: a team of experts that can handle installations, configurations, architectures, deployments, one-off sysadmin jobs, and site migrations — literally dozens of technologies to solve almost any infrastructure problem you may encounter. As a Linode Managed customer, you can engage this team of experts at 20% off the normal rate – should you need such assistance.

For more information, give us a call, send us an email or open a ticket.

As always… Enjoy!

September 20, 2014

Happy Software Freedom Day 2014

Another year and another celebration! It has been eleven years now that we are celebrating Software Freedom worldwide and thanks to the many teams around the world (which not all appear on the map, check the wiki to be sure), our sponsors and partners of which Google, Canonical, Linode, the Free Software Foundation have been supporting us for many years and hopefully many years to come, as well as Lulzbot, our newest supporter.

For those of you not familiar with, or doubtful about Free and Open Source Software, this is the day to go and check at any event nearby what are the latest developments and if your problem could not simply be resolved by using Free and Open Source Software. It is also the day to understand better what Free and Open Source Software is about, and why it has been created. Because beyond solving computational problems Free and Open Source Software is here to put you back in control of your computer, and let you understand what your machine is really doing! So wait no more and head toward a celebration nearby!

Happy Software Freedom Day!

September 18, 2014

TL;DW for Clojure Data Science

Edmund Jackson talked at the 2012 Clojure/Conj, and you can see his talk here.

I took these notes as I watched it:
  1. What is "data science"?
    1. "That realm of endeavor that requires, simultaneously, advanced computational and statistical methods."
    2. Some people aren't sure whether "data science" is a thing, or just data analysis dressed up with a fancy name. That question amuses me.
  2. What's new, such that everybody suddenly cares about data science?
    1. widely available computing resources, open source tools such as R, and large amounts of data available in private companies and in public
    2. Compares to early days of Linux, when there was a bunch of new stuff that everybody could hack on
  3. Interactive tools aren't enough; you're not taking some data, analyzing it, and coming back with the answer. You need platform features like native language speed, data structures, language constructs, connectivity, and QC in order to embed your analysis in business processes.
  4. The tools with better analysis features (e.g., R, Mathematica) lack the platform features, and the tools with better platform features (he focuses primarily on C++ as his example here) lack the analysis features.
  5. Python is in the sweet spot, with platform features and (via numpy, scipy, and pandas) analysis features. But:
    1. It's full of mutable data!
    2. The mode of expression in imperative languages poorly matches the content of expression when you're dealing with maths.
  6. F#, Scala, and Clojure are all functional, and therefore (immutable data, more natural expression of maths) better alternatives than Python.
  7. Clojure yay! points:
    1. Native: Incanter, Storm, Cascalog, Datomic
    2. JVM: Mahout (ML on Hadoop), jBLAS, Weka (Java lib with many ML algorithms)
    3. Interop: Rincanter (call out to R), JNI
  8. From here he goes into calculating the entropy of a distribution, and the relative entropy of different distributions.
  9. Demonstrates using relative entropy fns in Datomic queries

September 11, 2014

Mozilla Webmaker at Olivarez College Tagaytay a success

2014-09-05 09.48.21

The Mozilla webmaker party at Olivarez College Tagaytay is a success last September 5, 2014. Which was attended by different department from Olivarez College Tagaytay at Computer Laboratory 2.  Since they only have 20 system units on their laboratory they created a two batches of participants, one in the morning and the other is in the afternoon. The event discussion is about Introduction Mozilla which was discuss by Me, The second lecturer discussed and demo “Thimble” by Mr. Ian Mark Martin and lastly Mr. Leo Caisip which  discussed  about “Popcorn Maker“, Both  attended the Mozilla PH orientation for web maker mentor last August 16, 2014  at Mozilla Community Space Manila. The event ended at exactly 4:00pm as mostly in afternoon participated by the nursing department.

DSC_2881

2014-09-11 12.59.54

We also distributed some Mozilla Swag (Bollard, Mozilla Sticker, Mozilla Tatoos and Mozilla Pins) for participants after the event. As part of the successfull event, based on their survey they are requesting for another event semilar to this.  but internet on the school is not that stable during that day but still we managed to make the event successfull.

 

DSC_2859

Pictures can be found here:  https://www.flickr.com/photos/83515207@N04/sets/72157646987948838/

September 04, 2014

TL;DW for "How To Design A Good API and Why it Matters"

Josh Bloch's Google Tech Talk video How To Design A Good API and Why it Matters is about an hour long, and well worth your time. It's focused on OOP, but has lots of good principles that can be followed elsewhere.

In case you don't have an hour right now, here's a summary/index kind of thing that points out the bits I thought were most important.
  1. 6:27: Characteristics of a good API:
    1. Easy to learn
    2. Easy to use, even without documentation
    3. Hard to misuse
    4. Easy to read and maintain code that uses it
    5. Sufficiently powerful to satisfy requirements
    6. Easy to evolve
    7. Appropriate to audience
  2. 7:52: Gather requirements, but differentiate between true requirements (which should take the form of use cases) and proposed solutions.
  3. 10:02: Start with a short spec; one page is ideal.
    1. Agility trumps completeness at this point.
    2. Get as many spec reviews from as many audiences as possible, modify according to feedback.
    3. Flesh the spec out as you gain confidence.
  4. 15:10: Write to your API early and often
    1. Start writing to your API before you've implemented it, or even specified it properly.
    2. Continue writing to your API as you flesh it out.
    3. Your code will live on in examples and unit tests.
  5. 17:32: Write to SPI [Service Provider Interface]
    1. Write at least three plugins before your release.
    2. Application in Clojure-land: Not sure...
  6. 19:35: Maintain realistic expectations.
    1. You won't please everyone.
    2. Aim to displease everyone equally.
    3. Expect to make mistakes and evolve the API in the future.
  7. 22:01: API should do one thing and do it well.
    1. Functionality should be easy to explain.
    2. If it's hard to name, that's a bad sign.
      1. Example of bad name that I can't leave out of this summary: OMGVMCID
  8. 24:32: API should be as small as possible but no smaller
    1. "When in doubt, leave it out." You can always add stuff, but you can't ever remove anything you've included. (The speaker calls this out as his most important point.)
  9. 26:27: Implementation should not impact API.
    1. Do not over-specify. For example, nobody needs to know how your hash function works, unless the hashes are persistent.
    2. Don't leak implementation details such as SQL exceptions!
  10. 29:36: Minimize accessibility of everything.
    1. Don't let API callers see stuff you don't want to be public, and that includes anything you might want to change in the future.
  11. 30:39: Names matter: API is a little language.
    1. Make names self-explanatory.
    2. Be consistent.
    3. Strive for symmetry. (If you can GET a monkey-uncle, make sure you can PUT a monkey-uncle, too.)
  12. 32:32: Documentation matters.
    1. Document parameter units! ("Length of banana in centimeters")
  13. 35:41: Consider performance consequences of API design decisions.
    1. Bad decisions can limit performance -- and this is permanent.
    2. Do not warp your API to gain performance -- the slow thing you avoided can be fixed and get faster, but your warped API will be permanent.
    3. Good design usually coincides with good performance.
  14. 40:00: Minimize mutability
    1. Make everything immutable unless there's a reason to do otherwise.
  15. 45:31: Don't make the caller do anything your code should do.
    1. If there are common use cases that require stringing a bunch of your stuff together in a boilerplate way, that's a bad sign.
  16. 48:36: Don't violate the principle of least astonishment
    1. Make sure your API callers are never surprised by what the API does.
  17. 50:03: Report errors as soon as possible after they occur.
  18. 52:00: Provide programmatic access to all data that is available in string form.
    1. Rich Hickey makes a similar point here.
  19. 56:15: Use consistent parameter ordering across methods.
    1. Here's a bad example:
      1. char *strncpy (char *dst, char *src, size_t n);
      2. void bcopy (void *src, void *dst, size_t n);
  20. 57:15: Avoid long parameter lists.
  21. 58:21: Avoid return values that demand exceptional processing.
    1. Example: return an empty list instead of nil/null.

September 03, 2014

Celebrate Software Freedom Day on September 20

200teamsI am very glad to share with you that registration of the eleventh edition of Software Freedom Day has been opened since early August and you can see from our SFD event map, we already have 129 events from more than 50 countries shown in our map. As usual registration happens after you have created your event page on the wiki. We have a detail guide here for newcomers and for the others who need help, the SFD-Discuss mailing would be the best place to get prompt support.

Don’t forget to tell people about SFD! Simply use one of the banners we’ve made if you are organizing, participating, attending or speaking at a SFD event by placing it on your webpages and link it back to your SFD event page or http://www.softwarefreedomday.org. You can also help us to promote SFD by placing our SFD counter with your own language as well!

So get ready to celebrate and happy preparations to all!
Celebrate SFD with us on September 20, 2014!

August 27, 2014

Preso: Things I Learned about Open Source…The Hard Way

My presentation at the Bay Area Open Source Meet-Up – OS in Big Organizations: Failures, Success Stories & Best Practices on August 13, 2014.

Mark Hinkle runs the Citrix Open Source Business Office and has spent 20 years working with open source communities and delivering open source software. Topics covered in this presentation will include the benefit of his mistakes and successes both in evaluating open source ad an end-user and in delivering enterprise solutions based on open source software.

Technorati Tags: ,

August 22, 2014

GNU hackers unmask massive HACIENDA surveillance program and design a countermeasure

After making key discoveries about the details of HACIENDA, Julian Kirsch, Dr. Christian Grothoff, Jacob Appelbaum, and Dr. Holger Kenn designed the TCP Stealth system to protect unadvertised servers from port scanning.

According to Heise Online, the intelligence agencies of the United States, Canada, United Kingdom, Australia and New Zealand are involved in HACIENDA. The agencies share the data they collect. The HACIENDA system also hijacks civilian computers, allowing it to leach computing resources and cover its tracks.

Some of the creators of TCP Stealth are also prominent contributors to the GNU Project, a major facet of the free software community and a hub for political and technological action against bulk surveillance. Free software is safer because it is very hard to hide malicious code in a program anyone can read. In proprietary software, there is no way to guarantee that programs don't hide backdoors and other vulnerabilities. The team revealed their work on August 15, 2014 at the annual GNU Hackers' Meeting in Germany, and Julian Kirsch published about it in his master's degree thesis.

Maintainers of Parabola, an FSF-endorsed GNU/Linux distribution, have already implemented TCP Stealth, making Parabola users safer from surveillance. The FSF encourages other operating systems to follow Parabola's lead.

The Free Software Foundation supports and sponsors the GNU Project. FSF campaigns manager Zak Rogoff said, "Every time you use a free software program, you benefit from the work of free software developers inspired by the values of transparency and bottom-up collaboration. But on occassions like these, when our civil liberties are threatened with technological tools, the deep importance of these values becomes obvious. The FSF is proud to support the free software community in its contributions to the resistance against bulk surveillance."

The Free Software Foundation works politically for an end to mass surveillance. Simultaneously, the Foundation advocates for individuals of all technical skill levels to take a variety of actions against bulk surveillance.

About Julian Kirsch, Christian Grothoff, Jacob Appelbaum, and Holger Kenn

Julian Kirsch is the author of "Improved Kernel-Based Port-Knocking in Linux", his Master's Thesis in Informatics at Technische Universitat Munchen.

Dr. Christian Grothoff is the Emmy-Noether research group leader in Computer Science at Technische Universitat Munchen.

Jacob Appelbaum is an American independent computer security researcher and hacker. He was employed by the University of Washington, and is a core member of the Tor project, a free software network designed to provide online anonymity.

Dr. Holger Kenn is a computer scientist specializing in wearable computing, especially software architectures, context sensor systems, human machine interfaces, and wearable-mediated human robot cooperation.

About the Free Software Foundation

The Free Software Foundation, founded in 1985, is dedicated to promoting computer users' right to use, study, copy, modify, and redistribute computer programs. The FSF promotes the development and use of free (as in freedom) software -- particularly the GNU operating system and its GNU/Linux variants -- and free documentation for free software. The FSF also helps to spread awareness of the ethical and political issues of freedom in the use of software, and its Web sites, located at fsf.org and gnu.org, are an important source of information about GNU/Linux. Donations to support the FSF's work can be made at https://donate.fsf.org. Its headquarters are in Boston, MA, USA.

About the GNU Operating System and Linux

Richard Stallman announced in September 1983 the plan to develop a free software Unix-like operating system called GNU. GNU is the only operating system developed specifically for the sake of users' freedom. See https://www.gnu.org/gnu/the-gnu-project.

In 1992, the essential components of GNU were complete, except for one, the kernel. When in 1992 the kernel Linux was re-released under the GNU GPL, making it free software, the combination of GNU and Linux formed a complete free operating system, which made it possible for the first time to run a PC without non-free software. This combination is the GNU/Linux system. For more explanation, see https://www.gnu.org/gnu/gnu-linux-faq.

Media Contacts

Zak Rogoff
Campaigns Manager
Free Software Foundation
+1-617-542-5942
This e-mail address is being protected from spambots. You need JavaScript enabled to view it

"Knocking down the HACIENDA" by Julian Kirsch, produced by GNU, the GNUnet team, and edited on short notice by Carlo von Lynx from #youbroketheinternet is licensed under a Creative Commons Attribution NoDerivatives 3.0 Unported License.

August 13, 2014

SFD Tagaytay 2014 at Olivarez College

I am now again an official organizer for SFD 2014, but this time I will organized the event in Tagaytay City which will be hosted by Olivarez College in Tagaytay. The said event is scheduled on September 27, 2014.

SFD2014

The venue is on their “AMPITHEATER” where it can hold more than 500 participants. Here are some pictures of the exact venue.

cpdc-20140804131542221  cpdc-20140804131124356We also launch the online registration feel free to register using the this URL : https://www.eventbrite.com/e/software-freedom-day-2014-at-olivarez-college-tagaytay-tickets-12455543867

August 12, 2014

websites on this server

SFD 2014 Registration is on!

With a bit of delay, the Digital Freedom Foundation is very happy to announce that registration of the eleventh edition of Software Freedom Day opened early August. This year we are unfortunately unable to ship any goodies for the pre-registered teams: as we have mentioned before, our involvment with the Cambodian system of education required us to relocate. Being happy owners of a few special animals (CITES-II listed species) we would not have moved without them. This took us about 3-4 months to make it happen and we arrived in Phnom Penh end of May. We then had to look for a place to live, get our furnitures out of the customs and a member of our team got hospitalized for ten days in July. With all this, identifying new suppliers for the schwag just could not happen. Nevertheless, SFD teams have been very patient and nice with us and hopefully SFD 2014 will not be too much impacted by this.

So as usual registration happens after you have created your event page on the wiki. We have an exhaustive guide here for newcomers and for the others who need help, the SFD-Discuss mailing is probably the best place to get prompt support. We will come back with more details regarding sponsors, things to do or worth mentioning to bring inspiration and motivation to the celebration.

So get ready to celebrate and happy preparations to all!

July 18, 2014

An invisible part of the Free Software Foundation Europe

In all organisations you have people, who do crucial work which is invisible to the public. But without them, the organisation would not function. In the FSFE, one of this people who takes care of a lot of invisible tasks is Reinhard Müller. After maintaining FSFE’s website, coordinating FSFE’s translation team, and taking care of our Fellowship database for many years, in 2007 he volunteered to be FSFE’s Financial Officer. With this post I want to offer you an insight into the invisible tasks performed by Reinhard.

Karsten and Reinhard working together Karsten, with FSCONS shirt, and Reinhard, with Mach Dich Frei shirt, working Matthias Kirschner CC BY-SA

June 30, 2014

Scancation - Scanning the Standing Stones of the Outer Hebrides

I just came back from a vacation where Kio and I went and visited most of the megalithic monuments on the islands of the Outer Hebrides in Scotland. Stone circles are all over the place on these islands and the biggest one is the Callanish Stone Circle. One of the cool things about these places is that there is very little history known about them and so all you can know about them is from your experience of being around them. Most of them all taller than me and you get the sense that these places were the sacred spaces of 5000 years ago.

One of the things I say a lot at MakerBot is that they really make the most sense when you connect your MakerBot to your passion. Since I'm into rocks. I scanned a few of my favorite stones and ran them through 123D Catch which makes a 3D model from up to 70 photos of the object. It’s pretty cool to think that yesterday I was walking among these stones and today I’m printing them out on the MakerBots in my office. 

It’s interesting to note that this feels a lot like the old days of vacation film photography. The process of processing the photos into a 3D model feels a lot like when I used to develop celluloid film after a vacation.

Someday, printing 3D models will be normal for everyone, for now, it’s just normal for all the MakerBot operators in the world.

If you decide to go on your own scanning vacation, aka scancation, here’s my process and tips for acquiring models. I use a Canon S110 camera and then upload my photos later to the 123D Catch site and then upload all the models and a zip file of all the photos to Thingiverse because the photogrammetry software will get better someday and I want to have an archive of the photos so I can make better models later.

 

  • Lighting conditions matter. A cloudy sky is much better than a sunny one so that you can get all the details of your subject. 
  • Fill the frame, but make sure to leave some area around the object in the picture. 123D Catch uses reference points in the object to make everything fit together. 
  • Use all 70 pictures allowed by the software. The more pictures, the better the scan. 
  • Scan weird things. Sometimes the most iconic stuff of a location isn’t the most obvious. Some friends of mine scanned all of Canal St. in NYC and said the interesting parts were the giant piles of trash bags which are one of the local overlooked pieces of landscape art.
  • Don’t forget the top view. If you are capturing a subject that is tall, do your best to get above it and take a picture. A quadcopter could be handy for that
  • Fix it up with Netfabb. After I upload the photos into the 123D Catch online portal, then I use Netfabb basic to slice off all the weird parts and cut a flat bottom onto the object.
  • Make sure to upload your scans to Thingiverse. We can all make models of your SCANCATION. 

 

Do you have any other scanning tips for those that would like to experiment with vacation scanning? Leave them in the comments!

June 23, 2014

A country list - good for all

If you are a web developer, pc software programmer, app developer, Linux distro packager you have probably heard many complaints from your users about you list of countries and country codes. Most of the complaints come from people not finding their country on the list. For example, Europe has changed a lot in the last two decades. Countries have dissolved and new ones were created. There are changes in Asia, Africa and in South America. The sad fact is that many web sites still list Yugoslavia in their list of countries.

June 22, 2014

the meaning of a word

i learned the word "feminist" at my first job. I was 15 and a trainee engineer in a hydro power scheme. I recall one young man I worked with asking me urgently if i was a feminist. I asked what that was. he said, "women who hate men". oh.. i'm not one of them....

why would i get a job as the only woman deep in a power station if i hated men? It was a long long time before i heard any other definition of feminist.

June 20, 2014

Launceston June Meeting

G'day all

For this month's Launceston meeting, Phil will be giving us an introduction to NAS4Free, a BSD licenced fork/continuation of FreeNAS.

2:00pm
Saturday 28th June
Royal Oak
Launceston


As usual, some of us will be meeting for lunch beforehand at 1:00pm.

Hope to see you there!

Google Maps Link

NAS4Free Website
-----
Gov Hack 2014: June 11-13th (Hobart venue)
OpenStack 4th Birthday: June 17th (RSVP here: http://taslug-openstack.eventbrite.com.au/ )
Next Launceston meeting: 2:00pm July 26th (Topic TBC)

June 11, 2014

Hobart meeting - June 19th - (The aptosid fullstory)

Welcome to June. Yep. short days... stout beers. And source. LOTS OF SOURCE! I'm in the
middle of my exam session at uni so won't have time to prepare the usual slides and news
this month.

When: Thursday, June 19th, 18:00 for an 18:30 start
Where: Upstairs, Hotel Soho, 124 Davey St, Hobart.

Agenda:

18:00 - early mingle, chin wagging, discussion and install issues etc

19:00 - Trevor Walkley - aptosid fullstory


    This months talk will be given by Trevor Walkley, an aptosid
    dev,(bluewater on IRC), on building an iso using aptosid fullstory
    scripts which are currently held on github (and the 'how to do it' is
    not well known).

    A live build will take place (hopefully debian sid will cooperate on the
    night) followed by a live installation of the build to the famous milk
    crate computer belonging Scott, (faulteh on IRC).

20:00 - Meeting end. Dinner and drinks are available at the venue during the meeting.

We will probably get to a discussion on the Hobart LCA 2017 bid, ideas for upcoming
Software Freedom Day in September, Committee nomination and voting,
so our pre-talk discussion should be packed full of jam.

Also in June:
28th - Launceston meeting
July:
11-13th - Gov Hack 2014 - There's at least a Hobart venue for this event.
17th - OpenStack 4th Birthday - RSVP here: http://taslug-openstack.eventbrite.com.au/
September:
20th - Software Freedom Day - events in Hobart and Launceston

June 10, 2014

Integrate ToDo.txt into Claws Mail

I use Claws Mail for many years now. I like to call it “the mutt mail client for people who prefer a graphical user interface”. Like Mutt, Claws is really powerful and allows you to adjust it exactly to your needs. During the last year I began to enjoy managing my open tasks with ToDo.txt. A powerful but still simple way to manage your tasks based on text files. This allows me not only to manage my tasks on my computer but also to keep it in sync with my mobile devices. But there is one thing I always missed. Often a task starts with an email conversation and I always wanted to be able to transfer a mail easily to as task in a way, that the task links back to the original mail conversation. Finally I found some time to make it happen and this is the result:

To integrate ToDo.txt into Claws-Mail I wrote the Python program mail2todotxt.py. You need to pass the path to the mail you want to add as parameter. By default the program will create a ToDo.txt task which looks like this:


<task_creation_date> <subject_of_the_mail> <link_to_the_mail>

Additionally you can call the program with the parameter “-i” to switch to the interactive mode. Now the program will ask you for a task description and will use the provided description instead of the mail subject. If you don’t enter a subscription the program will fall back to the mail subject as task description. To use the interactive mode you need to install the Gtk3 Python bindings.

To call this program directly from Claws Mail you need to go to Configuration->Actions and create a action to execute following command:


/path_to_mail2todotxt/mail2todotxt.py -i %f &

Just skip the -i parameter if you always want to use the subject as task description. Now you can execute the program for the selected mail by calling Tools->Actions-><The_name_you_chose_for_the_action>. Additional you can add a short-cut if you wish, e.g. I use “Ctrl-t” to create a new task.

Now that I’m able to transfer a mail to a ToDo.txt item I also want to go back to the mail while looking at my open tasks. Therefore I use the “open” action from Sebastian Heinlein which I extended with an handler to open claws mail links. After you added this action to your ~/.todo.action.d you can start Claws-Mail and jump directly to the referred mail by typing:


t open <task_number_which_referes_to_a_mail>

The original version of the “open” action can be found at Gitorious. The modified version you need to open the Claws-Mail links can be found here.

June 06, 2014

Bodhi 2 FAD

I just came back from the Bodhi 2 FAD in Denver.

I flew from Paris on Saturday 31st morning. Luke, Kevin, Ricky and I started hacking on Sunday morning, the other participants arriving during the day.

The first two days, I started with many small things, as a warm up: packaging in Fedora some of the Bodhi 2 dependencies, escaping raw HTML in forms, adding license headers to all files, fixing some small issues in the update management,...

On Tuesday I implemented the whole release management. This area is particularly lacking in Bodhi 1, but Bodhi 2 should be a big improvement:

  • releng can't create a new release in Bodhi 1 when branching it (i.e when creating it in Git, Koji, PkgDB,...) because we don't use Bodhi right away (we start using it only at Alpha freeze). With Bodhi 2, a release can be created but kept disabled, which fixes this annoyance
  • when a Fedora release reaches end-of-life, we delete it from the Bodhi 1 database, which makes us lose all metrics, and breaks all the URLs to the updates pushed for these old releases. With Bodhi 2, we can now « archive » an old release, so that it doesn't appear in the web UI any more, we can't push updates for it any more, but URLs of old updates will still work.
  • the Release Engineers regularly need to resort to a TurboGears 1 shell to enter some Python code in order to create / modify a release in Bodhi 1. Bodhi 2 now exposes a web API to manage releases, and a command-line tool which uses this API.

Before dinner, I then quickly implemented the file-based creation of updates as needed by « fedpkg update ».

On Wednesday, I started implementing the management of buildroot overrides, tagging the build appropriately in Koji, ... That's not all done though, so I'll try to finish it in the next few days. :-)

We also had some discussions about the mashing process. We haven't decided whether we'd use the koji-mash plugin I wrote, or the more generic « run any command as root » plugin, but now that we have a working staging instance of Koji we should be able to test them and take the decision.

Overall, it was a great event. We made lots of progress, and had tons of fun.

Finally, I'd like to thank Ralph for organizing the event, Kevin for picking me up at the airport on Saturday, Tim for bringing me to the airport on Thursday (at 7am!), and Red Hat for funding my trip.

It was my first FAD, and I loved it. Looking forward to the next one. :-)

May 23, 2014

European Elections: get out and vote!

The European Elections are happening this weekend. In Portugal, they're on Sunday, but my first message goes to all Europeans: go out and vote. You think we're heading in the right direction? Go out and say it. You think we're heading in the wrong direction? Go out and say it. You're not planning to go out and vote because you're fed up with politics and politicians? Well, if you're fed up with the ones you have, go out and vote for others - if you don't, others will choose for yourself, and you'll still be fed up. In summary: there's no reason not to vote.

Vote!

My second message goes towards the Portuguese people. I am not going to tell you how to vote: that's really up to you. You have a life, and your life is deeply impacted by European politics. The countries finances, the money you have on your pocket, even the currency you use, the taxes you pay, the choices you're able to make, the laws you have, the things you do. So, even if you think you're not, you're fully capable of choosing for yourself, and to choose who will better defend your interests. So, with that in mind, I urge you pay attention to the choices that are laid out in front of you. You have sixteen (16!) parties to choose from. Pick one, go out, vote.

These are your options next Sunday:


Aliança Portugal (AP: PSD + CDS-PP)
Bloco de Esquerda (BE)
Coligação Democrática Unitária (CDU: PCP + PEV)
Livre
Movimento Alternativa Socialista (MAS)
Nova Democracia (PND)
Partido Comunista dos Trabalhadores Portugueses (PCTP/MRPP)
Partido da Terra (MPT)
Partido Democrático do Atlântico (PDA)
Partido Nacional Renovador (PNR)
Partido Operário de Unidade Socialista (POUS)
Partido pelos Animais e pela Natureza (PAN)
Partido Popular Monárquico (PPM)
Partido Socialista (PS)
Partido Trabalhista Português (PTP)
Portugal pro Vida (PPV)

I've also made a small summary and comparison text about the position of these parties, if you're interested. I'm sorry it isn't as complete as I wished it to be, but it might be helpful all the same. If you're interested, read it here.

Sunday is a great day: one of those days you can make a difference, where you can speak up and say what do you want in your life, your future. Don't let others decide for you. Vote!

May 07, 2014

gom in Fedora

I've been experimenting with gom, the GObject data mapper recently.

With a lot of help from Bastien Nocera, I eventually managed to get started using it as an experiment for one of my projects.

I have to say I'm quite impressed. Sure, writing GObject code is super verbose, but then managing objects and properties is so much nicer than managing strings full of SQL queries. And I hear the verbosity might be greatly reduced in the near future! :-D

Long story short, I've started building gom packages from Git snapshots in a Copr.

I'll eventually push it to Fedora proper, but I'd rather wait for an actual release. Maybe in time for GNOME 3.14?

In the meantime, if you want to try it out, go grab the packages from the Copr. Gom is under quick development, and now is a great time to test it and ensure it has the features your application needs. For example, I needed boolean properties and columns with a UNIQUE constraint, and both are now possible in master. :-)

Now to play some more with it...

April 23, 2014

U talking to me?

This upstirring undertaking Ubuntu is, as my colleague MPT explains, performance art. Not only must it be art, it must also perform, and that on a deadline. So many thanks and much credit to the teams and individuals who made our most recent release, the Trusty Tahr, into the gem of 14.04 LTS. And after the uproarious ululation and post-release respite, it’s time to open the floodgates to umpteen pent-up changes and begin shaping our next show.

The discipline of an LTS constrains our creativity – our users appreciate the results of a focused effort on performance and stability and maintainability, and we appreciate the spring cleaning that comes with a focus on technical debt. But the point of spring cleaning is to make room for fresh ideas and new art, and our next release has to raise the roof in that regard. And what a spectacular time to be unleashing creativity in Ubuntu. We have the foundations of convergence so beautifully demonstrated by our core apps teams – with examples that shine on phone and tablet and PC. And we have equally interesting innovation landed in the foundational LXC 1.0, the fastest, lightest virtual machines on the planet, born and raised on Ubuntu. With an LTS hot off the press, now is the time to refresh the foundations of the next generation of Linux: faster, smaller, better scaled and better maintained. We’re in a unique position to bring useful change to the ubiquitary Ubuntu developer, that hardy and precise pioneer of frontiers new and potent.

That future Ubuntu developer wants to deliver app updates instantly to users everywhere; we can make that possible. They want to deploy distributed brilliance instantly on all the clouds and all the hardware. We’ll make that possible. They want PAAS and SAAS and an Internet of Things that Don’t Bite, let’s make that possible. If free software is to fulfil its true promise it needs to be useful for people putting precious parts into production, and we’ll stand by our commitment that Ubuntu be the most useful platform for free software developers who carry the responsibilities of Dev and Ops.

It’s a good time to shine a light on umbrageous if understandably imminent undulations in the landscape we love – time to bring systemd to the centre of Ubuntu, time to untwist ourselves from Python 2.x and time to walk a little uphill and, thereby, upstream. Time to purge the ugsome and prune the unusable. We’ve all got our ucky code, and now’s a good time to stand united in favour of the useful over the uncolike and the utile over the uncous. It’s not a time to become unhinged or ultrafidian, just a time for careful review and consideration of business as usual.

So bring your upstanding best to the table – or the forum – or the mailing list – and let’s make something amazing. Something unified and upright, something about which we can be universally proud. And since we’re getting that once-every-two-years chance to make fresh starts and dream unconstrained dreams about what the future should look like, we may as well go all out and give it a dreamlike name. Let’s get going on the utopic unicorn. Give it stick. See you at vUDS.

April 06, 2014

Books and Music in 2013

Another year gone. Just like in years before, here's a recommendation of music and books, from what has been released during the year (in the case of music), and what I've read in 2013 (for books). Note that there are other, great 2013 music releases, that I only got my hands on in 2014, and those aren't on this list. Without further ado:

Books:


* Neal Stephenson - The Mongoliad (Books 2 and 3)
* Iain M. Banks - The Hydrogen Sonata
* Cory Doctorow's fiction - The Rapture of Nerds and Pirate Cinema
* Music - Looking For Europe
* Tech - Videojogos em Portugal

Music:


* Kokori - Release Candid Hate (Vinyl)
* Gvar - Vraii (Cass)
* Charanga - Borda Tu! (CD)
* Dismal - Giostra Di Vapori (CD)
* Mindless Self Indulgence - How I Learned To Stop Giving A Shit And Love Mindless Self Indulgence (CD)

Who's Online

We have 126 guests online
Digital Freedom International (Aka SFI) is the non-profit organization at the origin of SFD and CFD. DFI handles sponsorship contracts, official team registrations, sending out schwags to teams, the annual Best Event Competition and many other things. Hundreds of teams around the world manage the local celebration and help to send out a global message. So do drop by and attend an SFD and CFD event nearby!

Login Form