handyfloss

I have been using Subversion for a while (after having it recommended by my colleague Thomas), and I must confess I’m a happy user. Subversion is a revision control system, designed to supersede, and replace, the (maybe) more popular CVS.

Subversion (svn) is good for much more than collaborative development, as a single person can keep track of versions of her own documents/scripts/whatever. Usually you only want the last version of whatever you work with. But whenever you find yourself saving a version somewhere else, to keep it like that even if further changes are made to the “current” version, svn is your friend. Whenever you wish you had saved an earlier version of the stuff you’re working with, you’re missing (know it or not) svn.

I came across a blog post [es] talking about Windows 7, the planned sucessor of the current Windows Vista. The same can be found elsewhere, e.g. in Ars Technica.

The article summarized some features that Windows users would like to see in W7. You can also see a picture with the whole W7 wishlist. What struck me was that, although the Redmond giant tried its best to copy every single innovation from free software, they still missed important points that users value enough to make a wishlist out of them.

Some points in the list are new and exciting. Some others are everyday things for us free software users, and it’s so amazing that Windows still does not include them:

1. Request for an integrated font manager
   One of the problems of proprietary software: the pieces each programs uses (including fonts) are property of the maker, so sharing is largely hindered. In Debian we have things like Defoma, and font management is quite lean in any distro, anyway.
2. Explorer toggle button to quickly show/hide hidden files or system files
   Files starting with a dot are hidden in Linux. All file managers I know of have the hability to show/hide them with a click or a shortcut (Ctrl-H in Thunar and Nautilus, no default but configurable shortcut for Konqueror).
3. Network/Internet bandwidth monitor
   Most, if not all, docks/taskbars in FLOSS desktops (Xfce, GNOME, KDE…) have a widget for that.
4. DirectX update on Windows Update/Microsoft Update
   I use Debian, and it manages the installed software with APT (other distros have other systems). With it, I run “aptitude update” and it searches the online repositories for the last version of all the packages that exist in them. When I do “aptitude safe-upgrade“, it automatically upgrades all the packages for which there are updates, and notifies me if some upgrade requieres to install a new package (without upgrading it until I agree to install that new package). And it’s been like this for years.

5. Infinite desktop, virtual desktop idea
   Although it probably refers to zooming interfaces, Linux has had the idea of virtual desktops for years.
6. Profile data: Move locations of all user folders and data to another location
   This is trivial in Linux since the dawn of its times.

7. Option to “Reopen Closed tabs” in IE
   Firefox has this option through add-ons like Tab Mix plus. Not only that, but many other things are possible, like: periodic reloading of some or all tabs, closing all tabs but the current one, duplicating tabs (along with all their history), freezing tabs (so they can not be accidentally closed or moved away from), change the name of the tab…
8. Auto clean of Temp folders
   Temporary file management in Linux is flawless. I never saw a tmp location full because the system forgot to clean it.
9. Provide Manual Duplex Printing in Windows Pring Dialog
   It is really lame to need to ask the maker of a big, monolithic, OS for stupid changes like that. The printing dialogs should be made by the desktop environment (a small part of the OS), or the application, and it should communicate with the printing server (another smaaaaall part of the OS). Details like that one should be fixed by updates in only one/some small packages related to the desktop environment.
10. IE should have a close button on each tab
    See point 7.
11. Disk Manager needs to have the ability to expand partitions
    Tools like GParted make partition management a breeze. In Windows, you need commercial third party tools for that. Tough luck.
12. Image (ISO, BIN) support in Windows
    What? In Windows you can not mount ISO images as if they were actual filesystems? In Linux, you sure can.
13. Family license
    It must suck to buy a copy of the OS and being able to use it only in one PC. With Linux and free software, you obviously don’t have this problem, and you don’t need to go crying to your dealer for a more mercyfull license
14. No dialog should take keyboard focus away from what you are doing
    With all serious desktop environments, you can configure this behaviour, as well as if focus follows mouse, or if you have to click on a window to make it active and so on.
15. Patch operating system without having to reboot
    With Linux, you only need to reboot if you install a new kernel (you can’t use a different kerner without rebooting). For everything else, you don’t need to.
16. Add folder size to data displayed by Windows Explorer
    Wow, it must suck being stuck with a single choice for a file manager (or any other task), and not being able to configure stupid things like that to your liking. Another con of Windows, I guess.
17. Live CD or DVD to boot from to recover from a crash or virus that would allow to transfer files
    But there is a tool for that task on Windows! It is called “Linux Live CD”, and many distros have it. I have read that it is pretty popular among some Windows users: when their system is utterly destroyed, a Linux Live CD can save the precious data in their disks.
18. Disallow removable (USB/Firewire) drives to default to next available drive letter when the letter is already used by other network drives
    I know the issue of wanting to have permanent names for given devices, no matter what. The solution is called udev.
19. Windows Mail should be minimizable to the system tray
    I use KMail and it is. Probably Thunderbird is, too. By the way… ever guess how similar to the former two Windows Mail is (by the looks in the Wikipedia article)?
20. Command Prompt should be improved
    Hehehe. I have no words.
21. Integrated Anti-Virus
    What is a virus? Please explain, I’m an ignorant Debian user!
22. More desktop themes should be offered in the default installation of the next version of Windows
    I thought Windows users wanted consistency and simplicity, and everything to look the way uncle Microsoft wanted. In Linux, we have soooo much to choose from. You doubt it? Take a look at KDE-look.org, or Xfce-look.org.
23. IE direct download – do not download to temp folder
    With any free browser (e.g. Firefox) you can choose the default dir for the downloads, and you can choose for each download where to put it (if you don’t want it in the default folder). Is it not like that in IE?

Maybe some slipped through, but I’m too tired to be more throughout.

The following shows why crytograpy methods shoud be public. There is some common misconception, that assumes that the most secure crypto methods are “proprietary” or “secret” ones. This is a terrible error, since only knowing the “recipe” (the algorithms) behind a given method can assure us that it is actually robust.

The question can rise: how can a publicly known crytographic method be secure? By definition, everyone will know how it works! Not quite. The operation method can be known to all, and an eavesdroper could know what method we are using, but if the method is secure, the eavesdroper will not be able to decipher a given message. It might be tempting to think that if an eavesdroper doesn’t even know what encryption we are using, or she knows the “name”, but the method behind is secret, then the security of the message is increased. This is called security through obscurity, and is actually a very dangerous error, because it might lead us to be less exigent in the robustness of the encryption algorithm. A communication can only be considered secure if even knowing the encryption algorithm, an eavesdropper could not decrypt it.

To achieve this, it is vital that the encryption algorithm be publicly known, and rigorous tests applied. This is the case of the crypto standards of the North-American NIST. All the standards “accepted” by them have to be subject to open scrutiny, which happens to be a Good Thing(tm). You’ll see it if you read the following articles in The Register and Wired.

In summary: one of the components of cryptographic methods is random number generation. One of the ones approved this year by the NIST (called Dual_EC_DRBG), relied on a set of initial numbers to generate the “random” result (I’ll call this set P, public). This is normal, and correct. The problem comes from the fact that this set of numbers is apparently related to another (unknown) set of numbers (that I’ll call B, backdoor), knowledge of which could empower someone to break the resulting encryption. The way I understand it, is like having the known set of numbers P = (6,12,18,24,30), but then realizing that they are all built from the set B = (2,3). In the Dual_EC_DRBG method, some experts have realized that the set P is related to another set, but they still haven’t found what are the elements of B.

Now, the scary part is that (life’s full of casualities) the Dual_EC_DRBG was introduced in the standard proposed, and pushed, by the NSA of the USA, aka “the eavesdroppers of the world”. So I’ll invent a little fiction, with no relationship with the reality: imagine that a given government agency N of nation U takes a set of numbers B, and comes up with an encryption method M that produces the apparently innocent set P from it, and then M uses P to perform encryption. If the encryption method M becomes a standard, and people all around the world use it for anything from private e-mail to secure government or militar communications… guess who has a the key to read all these messages? (a backdoor).

Thanks $GOD, this is science fiction, is it not?

Actually it is two applications I want to highlight: Filelight and Baobab. Both are disk usage analyzers, the former for KDE (see Figure 1), and the latter for GNOME (see Figure 2).

Figure 1: Filelight (click to enlarge)

Figure 2: Baobab (click to enlarge)

A disk usage analyzer is a tool to conveniently find out how much hard disk space different directories and files are taking up. It combines the effectiveness of the Unix du (if you never used it, stop here and do a man du in your command line immediately. If you do not know what that “command line” thingie is, whip yourself in the back repeatedly), with the convenience of a visual clue of how large directories are compared to one another.

From the two DUAs I mention, I largely prefer Filelight, for some reasons:

1 – When I want to open a terminal in a location chosen from the DUA window, with Baobab it’s two clicks away: “Open file manager here”, then “Open terminal here” in the file manager. With Filelight, it’s just one click: “open terminal here”. Plus Filelight has a handy locator bar at the top, showing the full path to the current location (useful to copy-and-paste with the mouse to an already open terminal).

2 – Filelight shows directories up to individual files. Baobab just dirs.

3 – With Filelight, navigation up and down (and back and forward) in the dir tree is a breeze (web browser-style). With Baobab, it’s a pain.

4 – The presentation is similar, but the one of Filelight is slightly nicer, with more info when the mouse is hovered over the graph.

Probably Baobab can be easily made to behave like Filelight. I just tried them both, and liked the latter better on first sight. I tried Baobab first, and I found some things lacking. When I tried Filelight, five minutes later, I just thought “These are the details Baobab was missing!”

I read in The Register that a zero-day vulnerability has been reported in Oracle 10g databases. I am by no means an expert in databases (“not an expert”, wow, what an understatement! I’m an ignorant), but I have my small war against people who regard proprietary DBs such as Oracle or IBM DB2 as far above free software alternatives such as MySQL or PostgreSQL. To put an example company with HUGE databases, Google uses MySQL. Actually, I just found in the previous link this post in an ex-Google employee’s blog, and I plan to show it to any half-wit parroting the motto that “big commercial solutions” are by default better than “hobbyist things” like free software (specially for DBs).

So, when I read the Register headline, I immediately thought of writing a post on how “bad” Oracle was. However, after actually reading the (short) article, I decided to change the main point of the post. Actually, what this case shows is how “bad” depending on proprietary software is. Quoting the Register article:

Oracle has reportedly created a fix but is not willing to break its quarterly patch release cycle to issue an update. The database giant’s next update is schedule for 15 January. In the absence of a patch no ready workaround is available, iDefense reports.

Holy crap! Oracle acknowledges that the bug is there, that it is dangerous, and that they do have a fix, but they friggin’ don’t want to release it!. Just because “it doesn’t fit” in their well-laid plans! No need to say that with free software this can not happen: there is no reason to hold on on bugfixes. And even if there was, anyone can write a patch, and release it, so there is no vendor locking the users to it, and deciding what to release and when.

The letter says it all.

The Wikimedia Foundation is raising funds again. You can read an appeal from the Board Chair, Florence Devouard, and the corresponding press release.

To contribute, click the banner below, and follow the instructions you’ll find in the page you’ll arrive to.

A couple of hours ago a new failure from Iberdrola turned the power supply of the whole campus off. So, here goes the updated list of blackouts I have been able to compile, with comments if any:

1. 2007-Oct-16
2. 2007-Aug-27 (at least three short power failures, 5-10 minutes apart)
3. 2007-May-19
4. 2006-Oct-21 (they warned beforehand)
5. 2006-Sep-14 (Orpheus fell, the DNSs fell, the DHCP servers fell)
6. 2006-Jul-04 (Orpheus didn’t fall)
7. 2006-Jun-16
8. 2006-Jun-13
9. 2006-Jun-08
10. 2006-Jun-04
11. 2006-May-26 (The card-based automated access to the Faculty broke down)
12. 2005-Dec-21
13. 2005-Dec-13

Summary: 13 blackouts in 672 days, or 51.7 dpb (days per blackout). 50 days since last blackout. Average dpb went down by 0.05.

First post in the series: here

The Diputación Foral de Gipuzkoa (local government of the province of Gipuzkoa in Spain) has a series of advertisings on TV for their i-gipuzkoa.net web site, within a campaign to promote the use of the Internet among the citizens.

The ads depict a family learning to use the net for different tasks, such as finding information or purchasing plane tickets. The remarkable thing is that the computer that the family is seen using boasts a GNOME desktop, apparently running under Ubuntu.

Below I show some screenshots of the videos, that are available for download in the “Videos” section of the i-gipuzkoa.net site. Underneath each picture there is a legend with the video it appears in, and the time (in minutes:seconds format) the image appears in the video.

Image 1 clearly shows that the desktop is GNOME, with its default top and bottom taskbars (only the top one can be seen in that pic), and the Ubuntu logo showing in the top-left corner. The windowing theme seems to be the default Ubuntu “Human” look. It is also apparent that the browser they use is Firefox.

1 – Video 2 (00:52)

Images 2 and 3 show that the browser window has been resized horizontally, so that the Ubuntu logo of the default background can be seen. It is hard to believe that the resizing of that window is casual. The resizing of the browser window (to show the Ubuntu logo) can even be seen in more than one video: e.g. video 8 (image 8).

2 – Video 1 (01:01)

3 – Video 1 (01:11)

The second video of the series shows the father and the son creating a web page for the father’s shop. To do so, they use Quanta+, as can be seen in image 4.

4 – Video 2 (00:42.36)

In some clips MS Windows is used (see image 5), but even there they use Firefox (see image 6).

5 – Video 3 (00:39.88)

6 – Video 3 (01:08.64)

Finally image 7 shows that in one clip OpenOffice.org is used to fill in some online document.

7 – Video 4 (00:50.64)

8 – Video 8 (01:05.44)

I find it highly significant that some official ads display such a prominent use of free software, to the extent of the window resizing for showing the Ubuntu logo, as I mention above. The simple fact that someone in the (ignorant) politic class has ever heard about Linux is a great step forward, I believe.

Already out of ideas for blog posts, I will shamelessly copy some material from my web site.

When connecting to a remote machine (called, e.g., Orpheus), we used to do the following to open a remote X client application:

localmachine> xhost +orpheus
localmachine> ssh orpheus
orpheus> setenv DISPLAY localmachine:0.0
orpheus> xeyes

Doing so is insecure, because 1) all the info sent from/to Orpheus through the xeyes process is transported unencripted (maybe not a big concern with xeyes, but what if the remote application is a dialog where we insert some password?) and 2) xhost only checks for the IP we atribute to Orpheus to accept X input. Any user connected to Orpheus, or even any cracker who knows how to fake a different IP address (that of Orpheus) can send us X input that our computer will accept (e.g., move our mouse, close windows, simulate keystrokes, and display unwanted images in our screen).

The solution would be to forward X traffic over SSH. What we do is basically connect to a machine through SSH, and then accept locally only the X input coming from the remote machine that originates from the SSH process we started.

To do so we must insert the following line into the ~/.ssh/config file in our “localmachine” computer (create the file if it doesn’t exist):

ForwardX11 yes

The next step is more complex, since only the administrator of the remote machine can acomplish it. As root, we have to open the /etc/ssh/sshd_config file (notice the “d”) in the remote machine (e.g. Orpheus), and search for the lines:

#X11Forwarding no
#X11DisplayOffset 10

And set them to:

X11Forwarding yes
X11DisplayOffset 10

After that, we have to restart the SSH daemon. On Debian:

% /etc/init.d/ssh restart

On Slackware:

% /etc/rc.d/rc.sshd restart

A couple of final notes:

The environment variable DISPLAY should NOT be set by ~/.login or some other login script, because this would override the above procedure, and make the X client run over regular TCP. To use the SSH tunneling:

localmachine> ssh -X orpheus
orpheus> xeyes

et voilà!

To take advantage of this system, and make our computer more secure, no machine should be allowed to send X input through xhost, that is, issueing the xhost command should output the following:

localmachine> xhost
access control enabled, only authorized clients can connect

with no "INET:Orpheus.sq.ehu.es"-like lines.