October 02, 2014

Git by a bus.

The post Git by a bus. appeared first on The Grand Fallacy.

David Gay pointed me to an interesting project called Git by a Bus. Git by a Bus analyzes your git repository and attempts to quantify risk of having lots of code knowledge tied up in only a few people. Git by a Bus does its analysis by going through the repo history and making an estimate of what it calls unique knowledge.

This project blog page describes the analysis and metrics used. Perhaps this is a useful way to show how Fedora is doing as a project, across repositories like our web applications and infrastructure. It might show where we need to encourage further community development and participation so we avoid the “eaten by raptors” problem.

You might recall that “eaten by raptors” is Fedora shorthand for “hit by a bus” (violent idiom) or “going to work for another company” (not always applicable to Fedora, although certainly to Red Hat as a major contributor). We try to solve this problem by spreading project knowledge and documenting our processes. That way, if someone was eaten by velociraptors, the project can keep going without too much of a disturbance. This problem is common to any team or enterprise, not just open source. But I like to think our velociraptor spin is unique.

Here’s an example output I prepared for the MirrorManager project, which we use to provide content to Fedora mirrors worldwide. This is a potential example of high risk. One developer (the inimitable and awesome Matt Domsch) has unique knowledge of this project that is at risk if velociraptors manage to track and eat him. No doubt Matt would put up a good fight, but as you probably know they are clever girls.

Thankfully, there is a MirrorManager related Fedora Activity Day happening later this year. During that time the Fedora infrastructure, release engineering, and applications teams hope to accumulate and document more MM-related knowledge. At the same time they’ll be using this knowledge to architect, plan, and further develop the next revision of MirrorManager.

If you’re a principal in an FOSS project using git for your code, you might find Git by a Bus useful.

October 01, 2014

Samsung ATIV 9+ loves Fedora 21 Alpha.

The post Samsung ATIV 9+ loves Fedora 21 Alpha. appeared first on The Grand Fallacy.

Today I received my brand new laptop, a Samsung ATIV 9+ (model 940X3G-K04), and of course my first exercise was to boot it on Fedora 21 Alpha. This model has the QHD+ 3200×1800 text display with a touchscreen, and a solid state 256 GB storage device.

First steps with Samsung ATIV 9+

I downloaded the manual on another system, which I read to discover I should hold down the F2 key at power-up to get into the BIOS setup.

I inserted a USB stick with Fedora 21 Alpha installed, before starting the laptop. By the way, I published a screencast on how to make that Live stick. Then I got into BIOS setup, and used the Boot options to enable booting from the USB stick.

I decide to make a full disk image of the pristine hard disk, compress it, and send it to backup just in case. I don’t feel like keeping 20 GB of the disk reserved for a Windows operating system I’m unlikely to use. So:

dd if=/dev/sda bs=1M | gzip -c | ssh paul@192.168.0.X 'cat - > samsung-ativ-full-disk.img.gz'

I’m pretty sure this is going to tie up the laptop for longer than I’d like. On the plus side, it will give the CPU a bit of a burn-in as well. I ran through an installation after the disk copy was finished.

Booting after installation

The first hurdle was that the GRUB text screen is so small as to make it almost impossible to see for anyone over the age of 18. With the aid of a microscope I was able to find the right option to boot without testing. ;-)

Note #1: If the screen is also very dim, you can visit the BIOS setting to turn off the automatic screen dimming at boot time.

The actual boot from the Live USB stick was completely uneventful. Of course systemd was super-fast. In no time at all I was in the Live session.

Applications and interface

GNOME 3.14 did an excellent job detecting the HiDPI type display. The GNOME top bar and dock were sharp and readable. The display is gorgeous, quite comparable to a Retina-model MacBook Pro.

Some apps are still suffering a bit on HiDPI, though. LibreOffice and Firefox UI elements are far too small by default. Epiphany a.k.a. GNOME Web, on the other hand, works great. This is probably because GNOME Web responds to the overall GNOME display settings for HiDPI.

Note #2: To make the Firefox interface more HiDPI-friendly, visit the about:config URL page, and change the setting for layout.css.devPixelsPerPx to 2.

The Ctrl and Fn keys are reversed from my Lenovo x220 I’ve used for the last 3.5 years. Sigh, muscle memory. But the function keys mostly seem to work (other than the Windows specific ones).

Samsung ATIV 9+ touchpad issues

After hitting Fn+F5 to test the touchpad enable/disable function on the keyboard, I found the touchpad worked erratically. It sometimes didn’t work at all, even after a cold restart of the laptop. The pointer would disappear when the Terminal application or other text entries came to the foreground. The GNOME on-screen keyboard would emerge at these times, even if I didn’t need it and wasn’t touching the screen.

GNOME hacker and Fedora buddy Ray Strode, in his usual generous style, kindly entertained my questions and found some help for me. This seemed to do the trick:

sudo modprobe -r samsung_laptop
gsettings set org.gnome.settings-daemon.plugins.peripherals.touchpad touchpad-enabled true

Ray opined that the routine that was catching the function key to disable touchpad was, for some reason, no longer catching it to re-enable. This might have something to do with the kernel module. I plan to investigate further next time I reboot the system.


This is where the enabling work in GNOME shines. A lot more systems these days have touch screens available. I love the fact that I can drag my apps around the screen with a finger as opposed to the touchpad. The standard auto-sizing targets at top, left and right all work well, so I can quickly maximize or half-size windows.

Unfortunately, the resizing handles on window sides and corners are difficult to grab accurately, which is frustrating. On HiDPI touchscreens, perhaps there’s a way to increase the size of these targets. Overall though, far more goodness than badness.

Other issues

The keyboard backlight does not work if you install in EFI mode. Presumably, I should be able to reinstall the system after turning off Secure Boot in the BIOS, and then regain this capability. I’ll probably try that over the weekend so I don’t take more time away from productive work during the week.

Overall impression

The laptop itself seems to have sturdy build quality. It’s an attractive slate/charcoal color. The shell definitely shows oil from even clean, dry hands. The glossy touchscreen of course shows even more smudging. It would be nice if Samsung included a cleaning cloth.

I already love the touchscreen and find myself using it to quickly select the Activities overview, the GNOME settings at the upper right, and to swipe the notifications area into or out of view. The display is gorgeous and very bright even at half brightness.

One of the Samsung’s primary draws is its very slim profile. Besides the power adapter port and one USB 3.0 port on each side and the ubiquitous Kensington port, there is a mini-DisplayPort, a small port for the included gig-Ethernet dongle, a mini-HDMI port, and a TRRS-compatible 3.5mm headset port.

I wish the power adapter, whose jack is very slim and concerns me as potentially fragile, was something more like Apple’s “MagSafe” power connector. I’m sure that’s patented up and down to prevent anyone having such a feature. But for klutzes like me it’s definitely a huge help.

The 8GB of RAM seem well-suited, even generous, for a productivity user like myself who occasionally dabbles in virtual machine guests or other memory-intensive applications. It might be sub par for someone who has to run a lot of such apps often. But the ATIV 9+ seems weird to buy an ultralight laptop if that’s your use case, so I think 8GB is about right.

The 256GB solid state drive is incredibly fast. It’s my first SSD and I was shocked at the difference for doing not just the installation, but post-installation updates and software additions, as well as migrating my data over GbE from my older Lenovo x220 to the Samsung. It remains to be seen how the SSD stamina works out based on my routine style of use. However, I suspect if SSD is moving into the general marketplace it’s a good match for me since I’m usually more like a general productivity or creative content user.

I would say the ATIV 9+ is the best rival for the MacBook Air or Pro that I’ve seen.

September 26, 2014

CVE-2014-7169 updates on Fedora.

The post CVE-2014-7169 updates on Fedora. appeared first on The Grand Fallacy.

CVE-2014-7169 is an additional security issue in the GNU bash shell that emerged after researchers discovered the fixes for CVE-2014-6271 did not completely solve the vulnerabilities they had identified. Fedora Magazine has a very useful story that tells you why these issues are important.

Since I already published a story on how to deal with CVE-2014-6271, I might as well do a quick followup here for my readers on how to deal with the additional vulnerability.

These instructions will allow you to quickly get packages from the Fedora Koji package build system to address both CVEs, without having to wait for them to propagate to Fedora’s worldwide mirror system.

Fedora 21 Alpha

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.3.25-2.fc21
su -c "yum localinstall bash-4.3.25-2.fc21.$(uname -m).rpm"   # provide root password again...

Fedora 20

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc20
su -c "yum localinstall bash-4.2.48-2.fc20.$(uname -m).rpm"   # provide root password again...

Fedora 19

Run these commands:

su -c "yum -y install koji"   # provide root password...
koji download-build --arch=$(uname -m) bash-4.2.48-2.fc19
su -c "yum localinstall bash-4.2.48-2.fc19.$(uname -m).rpm"   # provide root password again...

Hope this helps!

September 23, 2014

Fedora 21 Alpha released.

The post Fedora 21 Alpha released. appeared first on The Grand Fallacy.

I know there are a ton of posts about Fedora 21 Alpha hitting the Fedora Planet, and hopefully elsewhere on the web. But I couldn’t resist saying congratulations to the Fedora community on getting this release out.

We’ve had a long release cycle for Fedora 20 to accommodate a lot of thought and planning. How do we get three products out in place of one? How will we build them? What needs to change? How do we get the bits into place for releases? It’s a lot of work, and we’re not done yet. I suspect that we’ll see further change in the Fedora 22 cycle — although I’d also bet we won’t want to extend another cycle for it.

For my part as manager of the Fedora Engineering team, I am proud of the work all the folks on the team have done to support Fedora 21 Alpha. From changes to infrastructure, to work on new web applications to support multiple products, to notifying Fedora Project members of activity and contribution, to making things generally more beautiful, the team is tireless in their effort to serve the community. As always, my hat is off to them with awe and inspiration.

And of course it’s also off to you, the many, many members of the Fedora Project overall. From Ambassadors to Marketing to Docs to Translation to Websites to… whew. I ran out of breath there. But all of you folks rock!

Let’s take a moment (but just a moment!) :-) to be happy about Fedora 21 Alpha. It’s the first step down the road to the final release of Fedora 21 in December. Congratulations, everyone!

If you want to pick a copy of any of the new Fedora products — Fedora Server, Fedora Cloud, or Fedora Workstation — just visit the prerelease download page featuring Fedora 21 Alpha, and take your pick.

August 25, 2014

MeetBot makes for better meetings.

The post MeetBot makes for better meetings. appeared first on The Grand Fallacy.

One of the aspects of Fedora is holding public meetings on IRC. We use Meetbot (courtesy of Debian, thanks!) to help administer meetings. Common commands allow Meetbot to do all the hard work of recording proceedings. The automatic minutes make it possible for people who couldn’t attend to follow what happened in the meeting. These minutes are key for maintaining transparency and information flow around the project.

But the minutes still depend on the people who chair the meetings to use the command set to record important data.

  • #startmeeting – Sets the overall group for the meeting
  • #endmeeting - Cleans up when done, and gives you the URLs for the minutes
  • #topic <Topic name> – Sets a topic heading for the next portion of the meeting
  • #info – Record some information that’s useful for anyone reading the minutes
  • #action <nick> <thing to do> – Clarifies who’s got the ball to complete something before the next meeting; it’s usually a good idea to set a due date*
  • #agreed – Documents something the attendees agreed on, also important to make decisions transparent
  • #idea – Helps give visibility to something no one is doing yet, but could be useful (also see #help in the MeetBot page)
  • #chair <person>… - Add someone(s) to the list of people MeetBot will listen to for commands

* A good friend of mine pointed out that unless you set a due date for an action item, you’re not writing actions, you’re writing a wish list. It should not only be clear who’s got the ball, but when they’re expected to give it back.

Here’s an example of a meeting I ran recently where I used the MeetBot commands to record useful minutes. If you were to look at these minutes later you’d get a pretty good idea of what was covered. You’d also know who was supposed to do tasks before the next meeting. There are a couple action items without clear dates, which is sub-optimal. But overall the meeting minutes are pretty clear.

In some cases, I ended up repeating things people said, using the #info command at the front to tell MeetBot to record in the minutes. If you’re running a meeting you should be prepared to do this. I also like to add everyone in the meeting to the #chair list, to help increase information flow when needed. (It’s also not a bad idea to reduce the chance that a single chairperson will be knocked offline and unable to #endmeeting.)

Are you reading your minutes when done to see if they’re effective? If not, you should. Use what you find to make your meetings better and more transparent for the community. I thought about showing some recent examples of poor minutes usage, but I didn’t want to embarrass anyone.

If your minutes only serve to show a link or two, and an attendance roster, that’s pretty much useless for most community members. Sure, logs are useful, and good for transparency too. But it takes a long time to read logs and extract necessary points from the dialogue. That dialogue can also sometimes be confusing after the fact due to the way IRC works.

Use the facilities we have available to us in Fedora to provide more information and transparency on what you’re doing. The couple of extra minutes per meeting spent using MeetBot will save each reader many more in return!

August 15, 2014

A going away present

For those who haven’t heard through Flock or the rumor mill, today is my last day at Red Hat and also the beginning of a hiatus from working on Fedora. Since I’ve been asked this many times in the past few weeks, this is because I’ve become a bit burnt out having worked on Fedora as both my day job and my hobby for the past seven years. It’s time for me to pull back, let fresh faces fill the roles I held, and do something else for a while to add some spice and variety. I may come back to Fedora or to Red Hat in the future but at the moment I’m only looking far enough ahead to see that I need to go forth and have some new experiences.

I do want to say thank you to all the wonderful people who have worked not just to make the Fedora distribution a solid piece of software but also filled Fedora with friendly faces and kind words. Truly, although I’m physically far removed from the rest of you, you are my neighbors, my community, and my friends. Even though I’m stepping away from working on Fedora, I hope to keep in touch with you via IRC for many many years.

I’d also like to announce that I woke up this morning to find that I’d been made the gatekeeper for a new Fedora Badge. As the badge submitter describes it:

Dancing with ToshioI dream of a future where Toshio could fully express his techniques with the complicity and trust of many dance partners, responding to his moves and being pushed forward by him in the arts of dancing; exchanging, learning, growing as a vibrant community.

-Aurelien Bompard

Taking away the specifics of dancing and myself, this is my hope for everyone who participates in Fedora: to be able to grow in sympathy with a larger community.

With that in mind, if we’ve danced together and you would like this badge, please contact me (abadger1999 on IRC, toshio.fedoraproject.org via email). I can’t remember everyone’s FAS usernames but I’m extremely happy to award you the badge if you remind me what of what it is :-)

August 12, 2014

Trip report from Flock 2014

I recently returned home from Prague, where I attended the Flock conference.  In it’s second year, the Flock conference is a gathering of free software developers, most of whom work in the Fedora community.  Rather than give a blow-by-blow account of every talk I attended and every conversation I had (which would be exhausting), I’ll instead focus on the highlights of the conference.

Location, Venue, and Accommodations

I was very impressed with the location of the conference.  The university was within a five minute walk of the hotel, and close to several convenient tram and metro stops.  The classrooms were well furnished with power connections and comfortable seats, and the larger auditoriums were big enough to handle a big crowd.  The hotel was very nice as well — the lobby was spacious, which made for lots of impromptu meetings and hanging out.  Getting from the airport to the hotel was super-easy as well, as was the return trip.  Also, the cafeteria where we had lunch was was exceptional — the food was delicious, and the location couldn’t have been more perfect.


There were several themes that resonated with me as I attended the conference.  The first was around the changes to the Fedora release products (collectively referred to as Fedora.Next) in Fedora 21 and future releases.  Whereas at last year’s Flock conference there was a lot of apprehension and negativity some of the proposed changes, this year I noticed a remarkably more upbeat attitude toward the changes.  There was a lot of great discussion round how to get the technical work done that’s needed in order to make Fedora 21 (and 22, and so on) a success.

The next theme that resonated with me was documentation.  Maybe it’s because I was giving a talk on documentation, but I felt there was a lot more interest and cohesion around doing a better job of documenting Fedora than I saw at last year’s conference.  Both my talk (on Docbook and Publican) and Jaromir’s talk on Mallard were packed, and the two documentation workshops were very well attended as well.  At one point during Friday’s workshops, I counted 22 people (besides myself) in the room working on Docs.  We also had several new people dive right in and start working on writing documentation, so that was great to see as well.

The third theme that I focused on was ARM processors.  The support in Fedora for ARM has grown tremendously over the past couple of years.  Peter Robinson’s “ARM State of the Union” talk showed just how far support for ARM has come — both in 32-bit ARM as a primary architecture and with 64-bit ARM as a secondary arch.  The ARM workshop on Saturday was great too — I was able to confirm that as of the 3.16 kernel, we now support the Plat’home OpenBlocks AX3 and Mirabox as two more Marvell Armada-based devices that will work great in Fedora 21.  (They both require appending the .dtb to the kernel, but other than that, they seem to be working great.)

Last but not least, it was great to have a lot of hallway discussions with friends and colleagues.  I had too many discussions to be able to remember them all, let alone discuss them here on my blog, but I thoroughly enjoyed catching up with many old friends and making some new ones as well.  I always look forward to opportunities to rub shoulders with so many of the fantastic people that make the Fedora community great.


Thanks to Ruth and Spot and Josh and Miro and all the other folks who worked hard to organize the conference.  Thanks to Red Hat for sponsoring my flight, and thanks to my employer, Bluehost, for sponsoring the conference and allowing me the opportunity to be in Prague for the conference.  Also, thanks to each one of the presenters for making Flock 2014 a great conference.

August 10, 2014

Flock Day 4.

The post Flock Day 4. appeared first on The Grand Fallacy.

Here’s a summary of Saturday’s activity at Flock 2014 where I participated or attended. I also have blog entries for Day 1, Day 2, and Day 3.

  • The constant stream of late nights was really getting to me. Didn’t arrive at the venue until about 9:15am. I skipped the first session and had some coffee, courtesy of Smooge.
  • Caught up on email sent overnight from people in the USA, and did final preparation for my talk.
  • I gave my session on the connection between RHEL and Fedora. I also discussed how well things went for RHEL 7 due to work in the Fedora community. I feel like it went very well. You can watch the complete video here.
  • I had an excellent conversation with Alberto Ruiz, who manages Red Hat’s desktop applications team.
  • Went with Alberto and Patrick Uiterwijk to lunch at the cafeteria. Got to know Patrick a little better, since he will soon be joining us on the Fedora Engineering team.
  • Sat in the hall with Patrick and got a Taskwarrior server running on one of my boxes.
  • Joined the session on revamping governance in Fedora, which was run by Toshio Kuratomi and Haïkel Guémar. This was hands down the best accomplishment of Flock. There will be a proposal for Board revamp coming from this session (finally!). I’m looking forward to the ensuing discussion and resulting improvements.

At this point I was finally exhausted. I headed back to the hotel early to do a little more reading and writing. I met up with some of the Anaconda team for a late dinner. Then I packed so I’d be ready in the morning to catch my flights back to the USA.

The Flock conference was excellent this year. It was nice getting back into the swing of community things. I enjoyed meeting up with everyone I saw. If I didn’t get a chance to see and talk with you personally, I’m still glad you were there. I hope you had a great time at Flock in Prague. Let’s do it again next year in the USA!

Flock Day 3.

The post Flock Day 3. appeared first on The Grand Fallacy.

Here’s a summary of Friday’s activity at Flock 2014 where I participated or attended. I also have blog entries for Day 1 and Day 2.

  • Didn’t make it up quite so early today, due to not turning in until about 2:30am the previous night. I got to the school basically on time, but worked on email and day job stuff for a little while.
  • Attended Matthew Miller’s joint session on Fedora.next.
  • Got lunch late, ending up at a table with Stephen Tweedie and a few others. We talked about containers and strategy.
  • Touched up my slides for Saturday, getting straight in my head how I wanted the presentation to go. Reveal.js is cool.
  • Attended Richard Hughes’ session on building an application installer. GNOME Software is a huge step in usability, and it was enlightening seeing the huge amount of work that went into this tool. I wrote an article on Fedora Magazine covering this presentation.
  • Attended Ralph Bean’s excellent workshop on making tools with fedmsg, the Fedora messaging bus built on Zeromq. We learned how to use just a few simple lines of Python to build a Twitter feed from Fedora Badges. Amazing!
  • Attended the workshop on DevAssistant. I talked with the developers to learn about their future plans and to discuss desktop integration.
  • Met up with Garrett LeSage, Chris Roberts, Matthew Miller, Haïkel Guémar, and others for a great dinner at an Italian pizzeria. It was delicious.
  • Late hangout with friends kept me up yet again too late!

August 06, 2014

Flock Day 1.

The post Flock Day 1. appeared first on The Grand Fallacy.

Here’s a summary of today’s activity where I participated or attended:

  • Up at 5:45am so Matthew and I could meet up with Josh Boyer, Tom Callaway, Ruth Suehle, and Joe Brockmeier for breakfast. Then we arrived at the Flock venue early.
  • Helped set up rooms with wifi information for attendees. Discovered the rooms feature electronically controlled windows. Once opened, these made the venue much more comfortable.
  • Missed keynotes myself while ushing people around to them. :-)
  • Worked on my slides for Saturday’s talk, in the great Fedora tradition of iterating until the last minute.
  • Sat in on Tim Flink‘s Taskotron talk, and took notes for a Fedora Magazine article.
  • Went to a lunch meeting with Ludek Smid, Jaroslav Reznik, Joe Brockmeier, and Matthew Miller. We discussed some project management assistance for our Atomic/OStree work in Fedora. Very productive and we also had a good time.
  • Sat in on Christian Schaller’s Fedora Workstation talk. It was very well attended, so I think the idea that the Linux desktop is dead might be a tad premature. ;-)
  • Sat in on Marina Zhurakhinskaya’s talk on the Outreach Program for Women. I’m happy to say Fedora is an active player in this space. I look forward to our doing even more.
  • Sat in on a talk on Waartaa by Ratnadeep Debnath and Sayan Chowdhury. This is an interesting take on a Web IRC client as a basis for other collaboration tools.
  • Sat in on Chris Roberts’ and Marie ‘riecatnor’ Nordin’s talk on Fedora Badges and badge design. (If you’re looking for the resources shown in the talk, look here.)
  • Headed back to the hotel to finish a Fedora Magazine article. Then I met up with friends to head over to our event at The Pub.

August 03, 2014

Getting ready for Flock 2014.

The post Getting ready for Flock 2014. appeared first on The Grand Fallacy.

If you’ve been reading the Planet Fedora feed lately, you probably know that we’re coming up to time for Flock 2014, a major Fedora conference for Fedora users and contributors from North America and EMEA (Europe/Middle East/Africa). Along with most of the Fedora Engineering team, I’m headed to Prague, Czech Republic for the event.

First, we’ll spend a couple days in the Red Hat Czech office in Brno. We are meeting with a number of colleagues from the office, both to brief them on work we’re doing, and to hear about their current projects and plans. This should help us have a more productive Flock as well.

It’s possible team members may be a little harder to instantaneously reach on Monday and Tuesday while we crunch on these meetups in Brno. At Flock, obviously things will be busy as well. But seeing many community members in one place will probably be quite helpful in getting things done. We’ll do our best as always to stay on top of community requests and input throughout.

Flock 2014 should be an exciting and fascinating conference, and I’m very much looking forward to it. I’m hoping to use the conference to jumpstart my knowledge on Docker, OStree, and some of the other awesome technologies going on in Fedora. And of course I’ll be thrilled to see old and new friends from around the community.

I’m writing this from Schiphol Airport in Amsterdam, getting ready for my next leg of travel to Prague. I’ll be catching a bus to Brno there to meet up with the team. On Tuesday night we’ll get back to Prague. We have a team event that night — so we’ll see everyone bright and early on Wednesday morning at the conference!

Stay tuned to the Planet feed for more information about Flock, so you can keep up with the news and proceedings from Prague.

July 30, 2014

Logitech M570 on Fedora.

The post Logitech M570 on Fedora. appeared first on The Grand Fallacy.

I just bought a new Logitech M570 wireless trackball for use with my Fedora workstation. I favor a trackball over a moving mouse, because it’s easier on the joints, not to mention more practical on a crowded desk. My previous trackball device was a wired Logitech, and it developed a few problems recently. I’ve had it eight years, so I decided I got my money’s worth and could spring for a new one.

The Logitech M570 uses the Logitech Unifying Receiver USB wireless dongle, common to many Logitech devices. You can pair up to 6 of them to the current unifying device dongle that ships with the M570. Most Fedora users will want this device to be set with correct permissions for people who login on the console. It’s also helpful to be able to query or display battery status.

So here are the steps I recommend to install the Logitech M570 on Fedora. Do these steps before you plug in the receiver or turn on the trackball device. I’m using GNOME 3.12 on Fedora 20, so your mileage may vary:

  1. You may want to remove your existing pointing device first. Otherwise the new one may not work, at least until you do.
  2. Install solaar (upstream link), a monitoring and control gizmo for your Logitech Unifying Receiver and connected devices. Thank you to Eric Smith for packaging and maintaining this tool for Fedora!
  3. Plug in the receiver to an open USB slot. I recommend a rear slot since you likely won’t move this very often. (If you do, there’s a handy slot inside the trackball’s battery compartment where you can store the receiver without losing it!)
  4. Turn on the Logitech M570, and it should Just Work.
  5. You can launch solaar from the GNOME Shell, and a notification icon appears in the message tray. You can use this tool to see status and pair or unpair devices.
  6. (optional) If you want solaar to start every time you login, open the Terminal and enter these commands:
    $ cd ~/.config/autostart $ ln -s /usr/share/applications/solaar.desktop .


June 10, 2014

Redundant Department of Redundancy, part 12.

The post Redundant Department of Redundancy, part 12. appeared first on The Grand Fallacy.

Or: I Went to Read This Community Member’s Blog. What She Wrote about RHEL and Fedora Blew me Away!

Sorry about the clickbaitism. But seriously, after returning from Red Hat Enterprise Linux 7 release festivities this evening I planned to write a blog to the Fedora community about how RHEL and Fedora are intertwined. How Fedora is the cradle of platform innovation that Red Hat relies on to build RHEL and thus to serve as a foundation for many other products. How the community helps select and cultivate technology and prevent Red Hat from investing a ton of resources to make something no one wants.

Then I saw that Robyn Bergeron has already written everything to be said. Which illustrates several points:

  1. Properly empowered, motivated, and ambitious community is faster than individual effort.
  2. Robyn is awesome.
  3. There is no post about Fedora into which we can’t somehow reference His Meatiness.

Need I say more? No. Go read Robyn’s post if you haven’t already. [Mic drop]

June 09, 2014

On the wing, part 34.

The post On the wing, part 34. appeared first on The Grand Fallacy.

I’m up in Westford at the Red Hat offices for some departmental events this week. It’s always fun traveling to the office and seeing coworkers and friends I normally only hear (or see online in text form). It does, however, eat mightily into my ability to be online in Fedora and interacting with friends, teammates, and contributors there. I’ll be up here through Thursday afternoon and then flying back home. So if you reach out to me but I’m a little slow to answer you in IRC or email, my apologies, and I’ll catch up as soon as I can!

May 20, 2014


The post Transitions. appeared first on The Grand Fallacy.

I just saw Robyn’s post on change and her intention to retire as Fedora Project Leader.

I’m really happy, Robyn, that you’ve been such a big part of Fedora for these years. Whatever comes next, you have huge thanks from me and I know from many others in the Fedora community for your service and spirit. Thanks for including the community in everything you do, and I’m looking forward to working with you in your next role!

May 07, 2014

Sub Hub hubbub.

The post Sub Hub hubbub. appeared first on The Grand Fallacy.

Have you seen Máirín Duffy’s post on the Fedora Design team’s next-generation design for the Fedora Project website? It’s a brilliant design based around the idea of a “sub hub.” These screens help customize the website to fit different sub-communities, initiatives, teams, or projects.

Máirín published this post with the design mockups a few weeks ago and they’re still open for feedback. I love the concept and the mockups, and the way it brings the site a little closer to the functionality people expect for interaction in other communities. The sub hub design offers a sites not just for promotion, but also for bringing people together for communication and information.

I’m sure the Design team will move forward at some point to bring these concepts into reality. But before they do, I know they’d appreciate hearing from community members. Even just offering feedback that “This is awesome!” is useful, so the designers know there is a solid mass of people who like the work. You can visit the site here to offer your constructive comments.

If you don’t, that’s OK too! Just be polite and specific in your comments. Rather than saying how to fix something, talk about why something doesn’t work for you. Designers are good at figuring out how to solve usability problems once they know more about the effects on the user. Those of us without a lot of design and usability experience often suggest solutions that seem like they’d work, but really might cause more problems for other users. So it’s best to concentrate on symptoms.

So if you haven’t checked out the post and offered some constructive feedback, please feel free. I’m really looking forward to seeing how things move forward with these designs and hope you’re excited about them too.

If you’re excited enough about the work to get involved and help, the Design team would love your contributions. There’s also more information about how to contribute here. There are several repositories set up where you can test existing ideas, change them with your own, and contribute changes back to the team using a pull request. Getting involved is easy, and the Design team is famous for their friendliness and willingness to help people get started contributing. So don’t be afraid to jump in!

March 28, 2014

Irssi in Terminal on GNOME 3.12 in Fedora 20.

The post Irssi in Terminal on GNOME 3.12 in Fedora 20. appeared first on The Grand Fallacy.

A lot of people I know like running the Irssi IRC client in a terminal, whether in a terminal multiplexer like tmux or GNU Screen. Me too!

I also love running the latest GNOME releases. So when GNOME 3.12 was released and available for Fedora 20, I followed these simple instructions, courtesy of Fedora Magazine and Ryan Lerch, to install it on my system.

I discovered a new feature in the GNOME Terminal is that keys Alt+1 through Alt+0 are mapped to allow you to quickly navigate to the first ten tabs in Terminal. This is super-useful, but because those keys also happen to map to the shortcuts in Irssi for switching to your first ten IRC windows, I couldn’t use them in Irssi. Since I use that function a lot more often, here’s how I fixed it:

  1. Open a GNOME Terminal, and from the quick menu in GNOME Shell’s top bar, choose Preferences.
  2. Under the Shortcuts tab, locate the Tabs list.
  3. For each shortcut from “Switch to Tab 1″ to “Switch to Tab 10,” click the shortcut to select it. Then click the entry under Shortcut Key. Hit the Backspace key to remove the existing shortcut.

Now you can use your Alt key combinations as before in Irssi. Have fun!


February 23, 2014

Hacking a Wifi Kettle

Here is a quick writeup of the protocol for the iKettle taken from my Google+ post earlier this month. This protocol allows you to write your own software to control your iKettle or get notifications from it, so you can integrate it into your desktop or existing home automation system.

The iKettle is advertised as the first wifi kettle, available in UK since February 2014. I bought mine on pre-order back in October 2013. When you first turn on the kettle it acts as a wifi hotspot and they supply an app for Android and iPhone that reconfigures the kettle to then connect to your local wifi hotspot instead. The app then communicates with the kettle on your local network enabling you to turn it on, set some temperature options, and get notification when it has boiled.

Once connected to your local network the device responds to ping requests and listens on two tcp ports, 23 and 2000. The wifi connectivity is enabled by a third party serial to wifi interface board and it responds similar to a HLK-WIFI-M03. Port 23 is used to configure the wifi board itself (to tell it what network to connect to and so on). Port 2000 is passed through to the processor in the iKettle to handle the main interface to the kettle.

Port 2000, main kettle interface

The iKettle wifi interface listens on tcp port 2000; all devices that connect to port 2000 share the same interface and therefore receive the same messages. The specification for the wifi serial board state that the device can only handle a few connections to this port at a time. The iKettle app also uses this port to do the initial discovery of the kettle on your network.


Sending the string "HELLOKETTLE\n" to port 2000 will return with "HELLOAPP\n". You can use this to check you are talking to a kettle (and if the kettle has moved addresses due to dhcp you could scan the entire local network looking for devices that respond in this way. You might receive other HELLOAPP commands at later points as other apps on the network connect to the kettle.

Initial Status

Once connected you need to figure out if the kettle is currently doing anything as you will have missed any previous status messages. To do this you send the string "get sys status\n". The kettle will respond with the string "sys status key=\n" or "sys status key=X\n" where X is a single character. bitfields in character X tell you what buttons are currently active:

Bit 6Bit 5Bit 4Bit 3Bit 2Bit 1

So, for example if you receive "sys status key=!" then buttons "100C" and "On" are currently active (and the kettle is therefore turned on and heating up to 100C).

Status messages

As the state of the kettle changes, either by someone pushing the physical button on the unit, using an app, or sending the command directly you will get async status messages. Note that although the status messages start with "0x" they are not really hex. Here are all the messages you could see:

sys status 0x100100C selected
sys status 0x9595C selected
sys status 0x8080C selected
sys status 0x10065C selected
sys status 0x11Warm selected
sys status 0x10Warm has ended
sys status 0x5Turned on
sys status 0x0Turned off
sys status 0x8005Warm length is 5 minutes
sys status 0x8010Warm length is 10 minutes
sys status 0x8020Warm length is 20 minutes
sys status 0x3Reached temperature
sys status 0x2Problem (boiled dry?)
sys status 0x1Kettle was removed (whilst on)

You can receive multiple status messages given one action, for example if you turn the kettle on you should get a "sys status 0x5" and a "sys status 0x100" showing the "on" and "100C" buttons are selected. When the kettle boils and turns off you'd get a "sys status 0x3" to notify you it boiled, followed by a "sys status 0x0" to indicate all the buttons are now off.

Sending an action

To send an action to the kettle you send one or more action messages corresponding to the physical keys on the unit. After sending an action you'll get status messages to confirm them.

set sys output 0x80Select 100C button
set sys output 0x2Select 95C button
set sys output 0x4000Select 80C button
set sys output 0x200Select 65C button
set sys output 0x8Select Warm button
set sys output 0x8005Warm option is 5 mins
set sys output 0x8010Warm option is 10 mins
set sys output 0x8020Warm option is 20 mins
set sys output 0x4Select On button
set sys output 0x0Turn off

Port 23, wifi interface

The user manual for this document is available online, so no need to repeat the document here. The iKettle uses the device with the default password of "000000" and disables the web interface.

If you're interested in looking at the web interface you can enable it by connecting to port 23 using telnet or nc, entering the password, then issuing the commands "AT+WEBS=1\n" then "AT+PMTF\n" then "AT+Z\n" and then you can open up a webserver on port 80 of the kettle and change or review the settings. I would not recommend you mess around with this interface, you could easily break the iKettle in a way that you can't easily fix. The interface gives you the option of uploading new firmware, but if you do this you could get into a state where the kettle processor can't correctly configure the interface and you're left with a broken kettle. Also the firmware is just for the wifi serial interface, not for the kettle control (the port 2000 stuff above), so there probably isn't much point.

Missing functions

The kettle processor knows the temperature but it doesn't expose that in any status message. I did try brute forcing the port 2000 interface using combinations of words in the dictionary, but I found no hidden features (and the folks behind the kettle confirmed there is no temperature read out). This is a shame since you could combine the temperature reading with time and figure out how full the kettle is whilst it is heating up. Hopefully they'll address this in a future revision.

Security Implications

The iKettle is designed to be contacted only through the local network - you don't want to be port forwarding to it through your firewall for example because the wifi serial interface is easily crashed by too many connections or bad packets. If you have access to a local network on which there is an iKettle you can certainly cause mischief by boiling the kettle, resetting it to factory settings, and probably even bricking it forever. However the cleverly designed segmentation between the kettle control and wifi interface means it's pretty unlikely you can do something more serious like overiding safety (i.e. keeping the kettle element on until something physically breaks).

February 08, 2014

DevConf.cz, days 1 and 2.

The post DevConf.cz, days 1 and 2. appeared first on The Grand Fallacy.

DevConf.cz day 1, Friday.

Friday was the first day of sessions at DevConf.cz, the biggest and best Czech open source event by developers, for developers. The event was packed, with over 900 attendees even before the weekend started!

First up at 9:00 sharp was Tim Burke’s keynote about how Red Hat sees the IT market, specifically Linux and open source technologies. He covered how the various pieces of cloud, applications, storage, and platform fit together. It was pretty breakneck because there wasn’t a lot of time until the sessions started, but well observed and thoughtful. It’s clear the technologies built by people at this conference will set the pace for the future. The market has placed its bets on Linux and open source, and now it’s on us to deliver!

Langdon White followed with a story of startups. He covered how the tradeoffs between agility, stability, and maintenance can be mitigated by Software Collections. Software Collections allow IT groups to add stacks on their platform without affecting the deployment itself, while meeting more needs for developers and users.

Alex Larsson did a talk to a packed room (the biggest at the conference, no less!) on Docker, the open source container engine rapidly sweeping the community with its speed and flexibility. Fedora is rapidly developing a great grasp of Docker, and you can already install it on all supported Fedora releases. Obviously Red Hat has taken a huge interest in Docker too, so it’s no surprise the talk was SRO.

I went to Colin Walters’ session on OStree, a new way of distributing Linux operating systems. I found this session incredibly compelling, and I hope we look seriously at OStree in Fedora because of the problems it solves. There are clearly some issues that still need to be worked out, but Colin is up front about them, and he’s motivated and eager to collaborate with people to solve them. He’s truly one of the good guys of free software and I enjoyed this talk a lot.

I also attended Ondrej Hudlicky’s session on software usability, which was entertaining but also thought-provoking. A lot of what goes into making good software we either take for granted or completely miss. It’s so easy for software to suck when you don’t start by thinking about what the user is trying to do, and making that easy. Although the slides were quite dense, Ondrej did a great job explaining the concepts and why they were important.

I also attended sessions on DNF’s SAT solver, caught a bit on static analysis that went way over my head, and saw Richard Hughes’ session on GNOME Software. DevConf.cz is so packed with content, it’s impossible to see more than about half of what you’d like. There’s so much more content for Java folks, low-level network and hardware hackers, and kernel jockeys that it makes your head spin!

In the evening I went with a bunch of folks to get pizza at the hilariously named Pizzeria Al Capone down the street. The food was quite good, and the beer plentiful as we swapped stories and jokes. We had people from all over the globe at the table so it was a great night. Afterward we retired to the famous bowling bar in the basement of the Hotel Avanti. And of course, more beer and stories. I turned in rather late, around 1:00am, but in good shape for the next morning.

DevConf.cz day 2, Saturday.

Started out the day early again, with a 9:00am session on Cockpit. Cockpit is a new Linux server management user interface that beautifully fits the look and feel of modern desktops. It’s also has already grown a lot of capability including user and storage administration. This is a great way for us to break away from clunky and individually deprecating system-config-* tools. Instead we can move to a tool that’s more flexible, extensible, and network transparent for scalability.

Following was a talk by Russ Doty on security concerns in platform and application development. It was mainly general but made some good points about where threats usually come from (hint: not Igor the evil state-funded hacker).

Of course, no DevConf.cz event would be complete without a rapid-fire presentation from Lennart Poettering, and this year was no exception. Lennart covered kdbus, a new kernel implementation of IPC based on the excellent D-Bus. Kdbus is on its way into the kernel and will make Linux even slicker, starting with early boot and extending all the way to latest shutdown.

I also sat in on Ric Wheeler’s excellent presentation on Persistent Memory, which is next generation storage technology. Ric covered some of the challenges in supporting new types of storage in the Linux kernel, and the relative strengths and weaknesses of each.

Afterward, I went to lunch with Ralph Bean and Pierre-Yves Chibon from the Fedora Engineering team. With us were Patrick Uiterwijk and folks from Red Hat that work on infrastructure and tools for RHEL and JBoss engineers. We discussed some areas of potential collaboration, including a messaging bus for Red Hat Bugzilla. That could be an awesome new input for contributor data.

Then all the smart folks went off to find better broadband at the hotel to pore over some code together. Since I wouldn’t have been much help, I went back to the conference to catch Simo Sorce’s talk on Kerberos.

Following Simo, Dan Walsh talked about secure Linux containers. As always he was tremendously entertaining. Dan joked about how he’s been a big proponent of libvirt-sandbox for secure container support, but recently “got religion” about Docker. I hope this was taped because it was really informative. No wonder Dan’s consistently rated as a top speaker at the Red Hat Summit. (Note, you can still register for the event; I’ll be there in San Francisco too!)

Next Kyle McMartin talked about the pleasure and pitfalls of porting the Linux kernel to new architectures (hello, aarch64!). I admit a lot of this went over my head, but Kyle told some funny stories about stalking weird bugs in test suites exposed by porting. At least I think they were funny. Or rather, I think some people thought they were funny, since they were all laughing. I don’t understand kernel people, but they’re mostly lovable, and many of them have awesome beards.

Finally, I saw a talk on Arduino Yún. This model includes a small, embedded Linux computer that you can make do all sorts of cool things with the built-in sensors and other capabilities. The talk made me wish I had more spare time to spend on learning how to do hardware tinkering. Where’s my time machine?

I bowed out of the lightning talks (even though some of them looked awesome) so I could drop my bag at the hotel before the night party at Klub Fléda, a sort of warehouse-y bar/music club nearby the conference venue. With beer beckoning, it’s time to relax a bit with friends and colleagues!

Tomorrow there will be Fedora focused sessions, so I’m really looking forward to that. More later…

PulseCaster 0.1.10 released!

The post PulseCaster 0.1.10 released! appeared first on The Grand Fallacy.

Today I released PulseCaster 0.1.10 with some under the hood improvements:

  • Switch from GConf to GSettings, and include schema file
  • Providing appdata for GNOME Software
  • Provide hidden “audiorate” key for 44.1/48 kHz selection
  • Complete GObject introspection switchover, eliminating excess dependencies and fixing bugs (RHBZ #1045717)
  • Automatically provide .ogg filename extension in standard mode
  • Additional translations

I’m planning some UI improvements for this little podcasting utility. I’m also hoping to do significant code refactoring for 0.2, tentatively scheduled for late spring/early summer. I’m also thinking about moving the central development repo to GitHub, since that’s where a lot of other Fedora incubated projects have migrated.

Of course, updated packages are coming shortly for Fedora 20.

PulseCaster lets you record interviews with simplicity. It pulls audio from two sources via PulseAudio, then mixes them into an Ogg Vorbis file for you. There’s also an expert mode that allows you to lossless audio in WAV format, and mix the audio yourself with post processing. For example, you could interview someone via a Voice-over-IP (VoIP) application, then include the interview in your podcast.

I used a little time between sessions (and during one session where I was completely in over my head) to push this out. It was nice to work on some free software of my own at a conference for developers! Hope you enjoy the new PulseCaster release.

February 07, 2014

DevConf.cz 2014 begins!

The post DevConf.cz 2014 begins! appeared first on The Grand Fallacy.

I’ve been at Red Hat’s Czech office in beautiful Brno this week. That means lots of meetings, lots of email and conversations, and lots of good beer. :-) But the best part is this weekend’s big event, the Developer Conference event.

This is one of the biggest open source events in the region, and it’s all organized and held by developers and engineers, for developers and engineers. There are hundreds of people here from across the globe, including plenty of folks from Red Hat but also upstream and downstream contributors from many other companies and volunteers as well.

There is so much good content happening at this conference, I’m not sure how I’ll get to see even half of what I’d like to. But as we like to say, it’s a good problem to have. Stay tuned to the DevConf.cz site for proceedings and links to recordings.

January 10, 2014

Rest, my friend, the next five years are ours to pass along your wisdom

Just installed a new system and was having ssh connections timeout. Then I remembered talking about this same issue last year on IRC. The anecdote is amusing so I figured I would post the logs:

[Mon April 22 2013] * abadger1999 wishes he knew why his ssh connections to infra keep on hanging.
[Mon April 22 2013] <abadger1999> it’s a timeout of some sort… I just don’t know what.
[Mon April 22 2013] <skvidal> abadger1999: did you reinstall recently?
[Mon April 22 2013] <abadger1999> skvidal: nope
[Mon April 22 2013] <abadger1999> skvidal: would that help?
[Mon April 22 2013] * abadger1999 still on f17
[Mon April 22 2013] <skvidal> I have found I often need to set
[Mon April 22 2013] <skvidal> net.ipv4.tcp_keepalive_time = 300
[Mon April 22 2013] <skvidal> in /etc/sysctl.conf
[Mon April 22 2013] <skvidal> to not get timeouts
[Mon April 22 2013] <abadger1999> Thanks. I’ll try that .


[Wed April 24 2013] <abadger1999> skvidal: btw, your sysctl recipe seems to have fixd my ssh timeout issues. Thanks!
[Wed April 24 2013] <skvidal> abadger1999: :)
[Wed April 24 2013] <skvidal> abadger1999: last time it happened to me I had to google for the solution
[Wed April 24 2013] <skvidal> abadger1999: and I found a post from myself from 5yrs earlier
[Wed April 24 2013] <skvidal> abadger1999: _that_ is kinda freaky
[Wed April 24 2013] <pingou> isn’t that what blog are for? :)
[Wed April 24 2013] <dwa> nice
[Wed April 24 2013] <abadger1999> Cool :-)
[Wed April 24 2013] <skvidal> “wow, this dude knew what was going on…. but he sure writes like he’s an ass”
[Wed April 24 2013] <skvidal> “oh….. wait”



Picture of Seth from 2005 looking into the distance

Seth, you were more of a teddy bear than an ass.

December 26, 2013

Joyous holidays and peace on earth.

The post Joyous holidays and peace on earth. appeared first on The Grand Fallacy.

Sorry to post this a day late for some Christmas celebrants. Hopefully you will have had such a wonderful holiday that you can forgive the tardy good wishes!

Wherever you are in the Fedora community, and whatever holiday you may or may not celebrate: I wish you a joyous season and the best and most successful possible 2014. May you have peace and help spread goodwill to all, whether through free and open source software or in other ways. Happy holidays!

December 17, 2013

Congratulations, Fedora, on your 20th release!

The post Congratulations, Fedora, on your 20th release! appeared first on The Grand Fallacy.

Today is a big milestone for all my friends in the Fedora ProjectFedora 20 is released!

So to Robyn and all contributors across the entire project — congratulations on a job well done. I can’t wait to see what you come up with next!

What are you waiting for? Christmas is here early, go get it!

December 12, 2013

حمایت از یک کار فرهنگی ارزشمند در لینوکس ایران

بهنام توکلی را کسانی که در دنیای گنو-لینوکس ایران به خوبی می شناسند. او مدیر مرکز گنو/لینوکس  سی‌تو است که در تهیه و توزیع انواع گنو-لینوکس ها دستی به کار دارد. او مدتی است با راه انداختن یک کمپین برای تولید مجله‌ای به نام لینوکس‌مگ خیز بلندی برای گسترش فرهنگ گنو برداشته است.

بنده به نوبه خودم از زحمات این عزیز برای کارهایی که تا به حال انجام داده سپاسگزاری می کنم. از همه دوستانی که این نوشته را می خوانند خواهش می کنم با کمک با این مجله شروع خوبی را برای آن رقم بزنند.

لینوکس مگ

لینوکس مگ

شما می توانند با واریز مبلغ حداقل ۲۴هزار تومان به این جریان کمک کنید. اگر هم شرکتی دارید یا وسع مالی بیشتر پس درنگ نکنید.

برای کمک به لینوکس مگ به این لینک مراجعه فرمایید.

اگر هم سوالی در این باره دارید می توانید به لیست سوالات متداول مربوط به آن مراجعه کنید.

با تشکر

مصطفی دانشور – فدورا

November 04, 2013

git commit doesn’t commit? (GitPython bug)

Mostly posting this to remind myself of the fix the next time I run into this but htis might help some other people as well.

Every once in a while I’ll be working on a git repo in the fedora packages repository and when I git commit -a it, I’ll end up with an empty commit and the files with changes aren’t actually committed. Other intuitive variations of this like git add FILE && git commit have the same buggy behaviour.

The reason this is occurring has something to do with the GitPython library which is used by fedpkg to add some changes to your clone of the git repo when you add new source files. It’s somehow changing the index in a way that causes this behaviour. To get out of this there’s a few simple but non-intuitive things you can try:

git reset FILE && git add FILE

git stash && git stash pop

After running one of those pairs of commands you should once more be able to git commit -a.

Details in this GitPython bug report

August 07, 2013

rsync unbundles zlib!

Over a year ago I mentioned that the code that rsync needed in order to start using vanilla zlib was finally on its way to being merged.  And today, we’ve finally built an rsync package that completes that saga.

July 14, 2013

Have you been half asleep? And have you heard voices?

The post Have you been half asleep? And have you heard voices? appeared first on The Grand Fallacy.

It was an emotionally draining day. Today I had to face, head-on, saying goodbye to a friend. Now that I’m home, done driving, done working, done talking and listening, I can sit quietly and let some tears come, and yes, be a little maudlin on my own time. I’ve gathered enough gray hairs to know that it’s important to share perspective to work through a loss. Especially if the empty space is left by a person of Seth’s quality. There simply can’t be enough words. So indulge me.


Seth, you were truly one of a kind — one of the most invigoratingly, maddeningly brilliant people I ever met. You were blessed with the most wicked sense of humor and, much to the amusement and sometimes surprise of those around you, one of the least effective “mental governor switches.” You always let us know what you thought, even if it wasn’t popular or gracious. And usually you were right.

I’m reminded of the many ways you could completely flip the world on its head with a new perspective. Usually this involved the introductory phrase: “Hey, I have this crazy idea….”And then you’d proceed to explain, top to bottom, a totally genius approach to a problem others of us weren’t even sure how to sum up. And when you did it, your brow was never furrowed. You were always smiling. If we were on the phone, I could even hear that. I could hear the smile in your voice because you knew it wasn’t that crazy. You’d worked it all out, the logic was right, and that was beautiful to you. So of course you would smile.

And you knew how to treat bad ideas too. I always thought you had a gift for not confusing the problem of bad ideas with the problem of bad people. Certainly there are both; you just never mixed them up. When I had a bad idea, I never felt like your dismissal of it was dismissing or belittling me. You’d just explain why the idea was wrong.

You’d cock your head to the side, just so. But your eyes would stay on mine; you were still regarding me while already gutting the idea with the razor of your intellect. “Hmm, are you sure that’s what you want to do?” you’d ask. “Because I’m pretty sure it’s not.

And of course you’d smile that impish, wickedly infectious smile.

Almost invariably, you’d follow that with a better counter-idea.

Of course, it was always about more than being right to you. It was about doing the right thing. So how can I argue? And thus, back to the drawing board.

Look, you weren’t a saint. Of course you weren’t. OK, yes, we’ve all said wonderful things about you. All of them were true, within, I think, an acceptable margin of error attributable to the terrible proximity of loss. But you were more than that. You were a flawed, complicated human being, like everyone. There’s lots of things about you I still don’t know and never will. (Damn this unforgiving world for ensuring that. ) There were a special few who knew you better than anyone else, and the cost of your loss is higher for them; I don’t envy them for it.

But I think they’ll back me up when I say you were sometimes annoying. Grouchy. Impatient. You didn’t make it easy on someone who was busy, or wearing rose-tinted glasses, or couldn’t catch up to your thought processes, which, by the way, ran at the speed of a runaway ICBM. Honestly, I’m not completely sure you slept; you might have been part bionic.

But I always knew those sometimes irksome qualities showed how much passion you had for what you did. And that passion made it easy to get past my own issues and see the big picture you were looking at. You inculcated everyone around you with that passion. Because it was always about the big picture for you. That was reflected in how much you cared about everything. About our work, about the world, about life. You wanted things to be better. Not just for us, for everyone, everywhere. You wanted to make the world a better place. And you did.

Even over the past few years, as you and I were working on different things, and not in touch as often, I still had your voice in my head. Infuriatingly often, in fact. I’ve realized this week how often, when I’m trying to devise a solution, whether technical or social, to some difficulty, I picture you and ask myself, “What would Seth think about this?”

And that Little Seth in my head, more often than not — which I’m sad to admit will give an idea of the quality of my ideas versus yours — would cock his head to the side, while looking at me, and shoot me down. But always with a smile.

Oh, Seth, you left so big a mark on the world, none of us can see all of it yet. We can’t comprehend it.

I think trying to understand the web of our myriad connections to the world is like standing in the incomprehensibly large footprint of a behemoth. From our vantage point now, we look at that web as if we’re navigating a canyon. All we see are cliffs, mesas, pools. We climb our way around them, looking for meaning, looking for design or form, and we don’t find it. We can’t see it because we’re enmeshed in it daily. We don’t understand all the ways that each of us touches so many others. Only those around us will know, when each of us is gone.

But one day we’ll have better perspective. Perhaps, as some believe, it happens when we die. Personally, I think it happens when we live truly thoughtfully and fully, with wisdom and peace. And maybe it’s not in a flash of light or dark. Perhaps it’s subtle, gradual, and we don’t know when we reach that point, only that somehow it ended up in our rear view mirror. Like when you’re driving — or biking! — and realize that, while in complete command of your vehicle, you somehow got lost in the sound of the wheels and the wind in your hair, and blissfully passed right by the turn you meant to make.

Then, on that day, when we have that perspective, that enlightenment: Then, I like to think, we’ll look down at the swoop and curve of the land. We’ll survey the mesas and arroyos that represent our own lives, and those who have touched us. The curve of the river. The strata of the soil. And then I think that footprint reveals itself. And also revealed will be the intricate and immense footprints left by all those who have touched us.

Looking down at that landscape of our lives, I think, will be like waking from a dream. We’ll say, Ah, now I see, and cock our heads just so, and smile.

July 09, 2013

یک خبر بد برای جامعه فدورا

امروز خبری بسیار بدی به من رسید. لیدر تیم فدورا رابین در لیست فوت یکی از اعضای کلیدی جامعه فدورا و متن باز خبر می داد. سث ویدال توسعه دهنده اصلی یام (yum) برنامه نصاب سیستم‌هایی مانند فدورا و ردهت در یک سانحه از دنیا رفت. خبر را با یکی از دوستان ایرانی در ردهت چک کردم متاسفانه خبر درست بود.



سث ویدال وقتی که سوار بر دوچرخه خود بود در یک برخورد از پشت سر توسط یک ماشین سواری به شدت آسیب می بیند. راننده ماشین بعد از این تصادف از محل حادثه می گریزد. بنابر اخبار تاکنون راننده هنوز دستگیر نشده است.

سث از افراد بسیار فعال در زمینه جامعه کاربری و توسعه دهنده نرم‌افزارهای متن باز و آزاد بود. زمانی که به دلایلی با شرکت ردهت مشکلاتی داشتیم او با تمام توان از ما و دوستان ایرانی فدورا حمایت می کرد. این مقدمه بر دوستی چند ساله‌ی مان بود. در این مدت همیشه از طریق دوست مشترک ایرانی مان در ردهت دورا دورا جویای اخبار وی بودم.

از دست دادن این نیروی ارزشمند را به جامعه فدورا تسلیت می گویم.

June 27, 2013

GNU GPLvX or any later version
When it comes to releasing your software's source code, it's extremely important to choose very carefully the best license available, in order to make sure your source code will be taken care of, used, distributed and modified in the way you expect it to be. Most free softwares are released under a GNU license, a large number of them licensed under the GNU General Public License (about 68% of the projects listed on SourceForge.net, as of January 2006)...
Why Fedora Project Contributor Agreement (FPCA) does no harm
The main reason for this post is to prepare Fedora Ambassadors and Contributors for attempts of others to say FPCA is as bad as Canonical's CLA and that our legal document can do harm as much as theirs. Recently, many posts around the web have spoken of the possible trap Canonical may be setting up. They released Mir, a computer display server for GNU/Linux, under the terms of a copyleft license, the GNU GPLv3, which was supposed to be very well seen by the community. Choosing the GNU GPLv3 as the license of your software makes it clear tha you really care about freedom, since GNU GPLv3 is a very effective license against DRM, software patents and attempts to close the source code of the software...
Free Software is about USERS
Since the Free Software Movement was created by the hands of software developers, people nowadays tend to think it's a movement from developers to developers, or from technical people to technical people. Unfortunately, it's a common misconception that has spread all over the community and leads people to believe the four essential freedoms are aimed only at software developers...

June 24, 2013

Restoring pretty Grub screen in Fedora 19.

The post Restoring pretty Grub screen in Fedora 19. appeared first on The Grand Fallacy.

If, like me, you were an early adopter of Fedora 19, you may have upgraded from Fedora 18. If so, you might be seeing a black text screen for the grub 2 boot loader. It’s actually quite easy to get the pretty themed screen back if you want it. Just run this command:

yum install grub2-starfield-theme

This will restore the theme and you’ll see it at the next reboot. There is a bug that addresses this issue, but if you’re an early upgrader, you may have to bring in the fix manually.

June 20, 2013

MirrorManager 1.4 now in production in Fedora Infrastructure

After nearly 3 years in on-again/off-again development, MirrorManager 1.4 is now live in the Fedora Infrastructure, happily serving mirrorlists to yum, and directing Fedora users to their favorite ISOs – just in time for the Fedora 19 freeze.

Kudos go out to Kevin Fenzi, Seth Vidal, Stephen Smoogen, Toshio Kuratomi, Pierre-Yves Chivon, Patrick Uiterwijk, Adrian Reber, and Johan Cwiklinski for their assistance in making this happen.  Special thanks to Seth for moving the mirrorlist-serving processes to their own servers where they can’t harm other FI applications, and to Smooge, Kevin and Patrick, who gave up a lot of their Father’s Day weekend (both days and nights) to help find and fix latent bugs uncovered in production.

What does this bring the average Fedora user?  Not a lot…  More stability – fewer failures with yum retrieving the mirror lists, not that there were many, but it was nonzero.  A list of public mirrors where the versions are sorted in numerical order.

What does this bring to a Fedora mirror administrator?  A few new tricks:

  • Mirror admins have been able to specify their own Autonomous System Number for several years.  Clients on the same AS get directed to that mirror.  MM 1.4 adds the ability for mirror admins to request additional “peer ASNs” – particularly helpful for mirrors located at a peering point (say, Hawaii), where listing lots of netblocks instead is unwieldy.  As this has the potential to be slightly dangerous (no, you can’t request ALL ASNs be sent your way), ask a Fedora sysadmin if you want to use this new feature – we can help you.
  • Multiple mirrors claiming the same netblock, or overlapping netblocks, were returned to clients in random order.  Now they will be returned in ascending netblock size order.  This lets an organization that has a private mirror, and their upstream ISP, both have a mirror, and most requests will be sent to the private mirror first, falling back to the ISP’s mirror.  This should save some bandwidth for the organization.
  • If you provide rsync URLs, You’ll see reduced load from the MM crawler as it will now use rsync to retrieve your content listing, rather than a ton of HTTP or FTP requests.

What does this bring Fedora Infrastructure (or anyone else running MirrorManager)?

  • reduced memory usage in the mirrorlist servers.  Especially with as bad as python is at memory management on x86_64 (e.g. reading in a 12MB pickle file blows out memory usage from 4MB to 120MB), this is critical.  This directly impacts the number of simultaneous users that can be served, the response latency, and the CPU overhead too – it’s a win-win-win-win.
  • An improved admin interface – getting rid of hand-coded pages that looked like they could have been served by BBS software on my Commodore 64 – for something modern, more usable, and less error prone.
  • Code specifically intended for use by Debian/Ubuntu and CentOS communities, should they decide to use MM in the future.
  • A new method to upgrade database schemas – saner than SQLObject’s method.  This should make me less scared to make schema changes in the future to support new features.  (yes, we’re still using SQLObject – if it’s not completely broken, don’t fix it…)
  • Map generation moved to a separate subpackage, to avoid the dependency on 165MB of  python-basemap and python-basemap-data packages on all servers.

MM 1.4 is a good step forward, and hopefully I’ve laid the groundwork to make it easier to improve in the future.  I’m excited that more of the Fedora Infrastructure team has learned (the hard way) the internals of MM, so I’ll have additional help going forward too.

May 10, 2013

Vienna Calling!

Last weekend I attended Linuxwochen Wien for the first time. I heard a lot about the event, so I totally wanted to go there. Now that I’m back from Vienna, I am a little disappointed – but nevertheless happy I went there.

The Austrian Linuxwochen (Linux Weeks) is a series of events all over the country. It started in Graz, but there is also Eisenstadt, Krems and Vienna. The event in Salzburg is delayed until further notice, Linz was canceled off this year (only the LUG meeting took place) and Klagenfurt seems dead for years. Overall not very encouraging, but we wouldn’t be Fedora if we were not to change that. So we brought 7 people to Vienna which were supported by two locals, Kevin and Volker. Both did an excellent job, even though they are (officially) no ambassadors. Together we submitted 16 talks and workshops. All were accepted, this is roughly one fourth of the 3 day program. I delivered two talks, one on Kolab and one on postscreen. Both went very well and I’m very happy about the feedback I received. Overall the talks and workshops were very interesting and the speakers very competent.

Fedora booth at Linuxwochen Wien

Fedora booth at Linuxwochen Wien

Fedora delivered a good show. We had by far the biggest and most professional stand and lots of goodies. As a special gimmick Miro had brought his 3D printer and as always it attracted a lot of people. The rest of exhibition however was not impressive. That’s a well know problem for events where the focus is on talks, but this one was worse: It was moved to a new building with more space on the hallways, but the number of exhibitors hadn’t really changed. The booths looked quite lost and there were hardly visitors as most people were attending talks. On Friday we had at least some students from the university showing up and hoped for more people over the weekend, but that was wishful thinking. Maybe it was bad promotion, maybe the weather or a combination of both.

Empty hallway at Linuxwochen Wien

Empty hallway at Linuxwochen Wien

The weather in Vienna was bad compared to Berlin, but on Saturday afternoon it changed and the rest of the weekend turned out to be very sunny. As there were not many visitors and we had more than enough people at the booth, later that afternoon I decided to go for some sightseeing. People told me Vienna is beautiful, but I hadn’t seen anything of that beauty. I have been to Vienna before, but usually it was just for transfer at the airport or on my way to Brno. So I went to the historic city center and I have to admit, it really is impressive. There are a lot of buildings from the imperial times of the Austro-Hungarian monarchy and also from the Art Nouveau (or ‘Jugendstil’ as we call it) era. I love Jugendstil.

Subway station 'Karlsplatz'

The subway station ‘Karlsplatz’ in Vienna – an icon of the ‘Art Nouveau’ era.

On Friday we had a social event. It wasn’t really a social event, instead we just went to a Chinese restaurant down the street for an ‘all you can eat’ buffet. We were around 30 people and I was lucky to sit next to Bernhard. We talked about packaging and he asked me if I could help him with continuous integration of rpm build. It turned out Bernhard is a FreeRDP developer and told him I’m the poor bastard maintainer of remmina in Fedora. Remmina is a GTK-based RDP, SSH, NX and Telepathy client, developed by the FreeRDP project. It’s powerful but in bad shape as FreeRDP is still a young project and constantly moving forward. Unfortunately there haven’t been stable releases for quite a while and backporting fixes is cumbersome. So we agreed that FreeRDP will try to maintain a ‘release’ branch in git, even if there are no actual releases, and we will help them with continuous integration. If Mads, our FreeRDP maintainer, agrees we will build and host nightly versions of Fedora’s freerdp and matching remmina packages. An interesting project and I’m looking forward to it.

My flight back to Berlin left very early on Sunday morning. I had to get up at 5 am, but it allowed me to be in Berlin at half past eight and enjoy a sunny Sunday after which I was very tired – but happy.

Not sure I will attend Linuxwochen Wien next year, we have other awesome people to run the event. Personally, I learned some important lessons:

  • Talks are getting more professional and so is the target audience. When you give a talk, be professional – but don’t forget the fun!
  • Exhibitions on the other hand receive lesser attention. We need to think of new way to attract people and how to interacting with them. We need something more playful like the Fedora photo booth.
  • Renting an apartment is a good idea: Not only that it’s cheaper than a hotel, but more fun, too.
  • The people who told me Vienna is beautiful didn’t lie.

Thanks everybody for making Linuxwochen a successful event. A special thanks goes out to Sirko for being a perfect event owner. He took care of everything, not just the booth and apartment and he was a good tourist guide.

March 28, 2013

Moving to Fedora 19 Alpha!

The post Moving to Fedora 19 Alpha! appeared first on The Grand Fallacy.

Usually I wait until later in the pre-release cycle — a few weeks before Beta on average — before I move to the pre-release of the next Fedora operating system. But for Fedora 19, I’m too excited to see GNOME 3.8 and all the other improvements, so I tried out the Fedora 19 Test Candidate 2 (TC2) during lunch yesterday. I burned it to a USB key and was happy with what I saw. I decided it was time to move over now and fit in with the cool kids.


Getting ready to install

Now, I could have just thrown caution to the wind and installed right away. But since I wanted to move over on my main workhorse laptop, a ThinkPad x220, I really needed to back up my user files first. I hadn’t done that in a month or two (I know, I know!) so this was a must. I figured, if I was going to have a little downtime for the backup, I might as well make it worthwhile and install the Fedora 19 Alpha TC2 while I was at it. Thankfully, this afternoon was free of meetings so it was a good time to be offline for a short while.

I keep my backups in several places, but the easiest one to get to right away, with the fastest write speed, is a portable USB 2.0/FireWire enclosure I keep around for my own backups. It has a 500 GB SATA drive inside and plenty of room for my data. I was already running the Fedora 19 Alpha TC2 using the Live USB. I attached the disk, and of course it was mounted up for my convenience. I used the Disks utility to unlock and mount my home volume from the encrypted hard disk, and used the rsync utility to freshen the backup.

Installing Fedora 19 Alpha TC2

I decided to do a network installation rather than just burning a Live image. There were a bunch of other packages I wanted, and I figured I might as well grab them all during installation; plus, I wanted to see how that process was working. I burned the F19 Alpha TC2 boot.iso to a USB key and booted up.

I was hoping to hold on to my current partitioning setup as part of the installation process. I have a /boot partition on /dev/sda1, and an LVM physical volume with a single volume group, subdivided into separate logical volumes. Some are encrypted, including my /home folder. Unfortunately this is where I ran into my first issue — the current F19 Alpha can’t handle custom partitioning in the installer interface. I don’t believe this is required in the release criteria for an Alpha, so it’s not a huge surprise.

Nor was it a huge impediment; fortunately, the installer GUI is not tied that closely to the OS version or package content anymore. That means I was able to boot off a Fedora 18 boot.iso (written to USB), and simply point to a Fedora 19 mirror as the software source. I used the existing (and working) Fedora 18 installer GUI to do my required custom partitioning, so I could retain my current partition setup. Then I was off to the races, while I worked on other things.

Initial thoughts

There are some cool interface changes during login. A finished desktop screen expands nicely from the center rather than having elements appear gradually in sequence. There is some work being done on an initial setup routine, kind of like an orientation for new users of GNOME 3. It’s still a bit rough, and there are bugs, but you can see where things are going: it’s definitely a useful feature.

I love the fact that the screensaver reports notifications gathered while the screen was off. This would be useful for things like chat where you might want to know whether someone was looking for you before you decide to log in. I’m thinking of quickly getting on the console to answer IRC pings, but I suppose, reading back, it might just as easily be used to avoid people. Heh. But again, neat improvement. Another nice notification improvement: the larger bar introduced in GNOME 3.6 also now confirms for you that you have no new notifications, a nice added visual cue.

The control center has a smorgasbord of upgrades, from a privacy control, to per-application notification settings, to easier to read layouts for numerous controls including NetworkManager. And the overview search now is easier to read as well. And of course, none of the changes sacrifice my ability to navigate around by keyboard instead of mouse, which I really like.

Are there bugs? Sure, although I haven’t hit any identifiable ones yet. I’ll keep playing with the pre-release over the weekend and file some bugs as I poke around into the corners. But so far, I really like what I see, and I think Fedora 19 is going to be a great release!

March 10, 2013

Don’t use a programming language for configuration

Dear developers,

please don’t use a programming language for configuration files. Seriously. Don’t. Just don’t. You are only making live hard for people.

Here is what my polkit custom desktop policy looked like in Fedora <= 17:


I think this is pretty straight forward, but some people found it confusing and too complex. So David rewrote it.

If you keep complaining about polkit configuration I'll rewrite it in JavascriptNow let’s see how the same looks in Fedora >=18:

polkit.addRule(function(action, subject) {
    if (subject.isInGroup("wheel") && subject.active) {
        polkit.log("action=" + action);
        polkit.log("subject=" + subject);
        if (action.id.indexOf("org.freedesktop.packagekit.package-install") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("org.freedesktop.packagekit.package-remove") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("org.freedesktop.packagekit.system-rollback") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("org.freedesktop.packagekit.system-sources.") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("org.opensuse.cupspkhelper.mechanism.") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("org.libvirt.unix.") == 0) {
            return polkit.Result.YES;
        if (action.id.indexOf("dk.yumex.backend.pkexec.run") == 0) {
            return polkit.Result.YES;

What do we learn from this?

One doe not simply use JavaScript for config files

February 27, 2013

Enterprise Linux 6.3 to 6.4 risk report
You can read my Enterprise Linux 6.3 to 6.4 risk report on the Red Hat Security Blog.

"for all packages, from release of 6.3 up to and including 6.4, we shipped 108 advisories to address 311 vulnerabilities. 18 advisories were rated critical, 28 were important, and the remaining 62 were moderate and low."

"Updates to correct 77 of the 78 critical vulnerabilities were available via Red Hat Network either the same day or the next calendar day after the issues were public. The other one was in OpenJDK 1.60 where the update took 4 calendar days (over a weekend)."

And if you are interested in how the figures were calculated, here is the working out:

Note that we can't just use a date range because we've pushed some RHSA the weeks before 6.4 that were not included in the 6.4 spin. These issues will get included when we do the 6.4 to 6.5 report (as anyone installing 6.4 will have got them when they first updated).

So just after 6.4 before anything else was pushed that day:

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20130221 (835 days)
** 397 advisories (C=55 I=109 L=47 M=186 )
** 1151 vulnerabilities (C=198 I=185 L=279 M=489 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20130221 (835 days)
** 177 advisories (C=11 I=71 L=19 M=76 )
** 579 vulnerabilities (C=35 I=133 L=159 M=252 )

And we need to exclude errata released before 2013-02-21 but not in 6.4:

RHSA-2013:0273 [critical, default]
RHSA-2013:0275 [important, not default]
RHSA-2013:0272 [critical, not default]
RHSA-2013:0271 [critical, not default]
RHSA-2013:0270 [moderate, not default]
RHSA-2013:0269 [moderate, not default]
RHSA-2013:0250 [moderate, default]
RHSA-2013:0247 [important, not default]
RHSA-2013:0245 [critical, default]
RHSA-2013:0219 [moderate, default]
RHSA-2013:0216 [important, default]

Default vulns from above: critical:12 important:2 moderate:16 low:3
Non-Default vulns from above: critical:4 important:2 moderate:5 low:0

This gives us "Fixed between GA and 6.4 iso":

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20130221 (835 days)
** 386 advisories (C=51 I=106 L=47 M=182 )
** 1107 vulnerabilities (C=182 I=181 L=276 M=468 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20130221 (835 days)
** 172 advisories (C=9 I=70 L=19 M=74 )
** 546 vulnerabilities (C=23 I=131 L=156 M=236 )

And taken from the last report "Fixed between GA and 6.3 iso":

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20101110 - 20120620 (589 days)
** 278 advisories (C=33 I=78 L=31 M=136 )
** 796 vulnerabilities (C=104 I=140 L=196 M=356 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20101110 - 20120620 (589 days)
** 134 advisories (C=6 I=56 L=15 M=57 )
** 438 vulnerabilities (C=16 I=110 L=126 M=186 )

Therefore between 6.3 iso and 6.4 iso:

** Product: Red Hat Enterprise Linux 6 server (all packages)
** Dates: 20120621 - 20130221 (246 days)
** 108 advisories (C=18 I=28 L=16 M=46 )
** 311 vulnerabilities (C=78 I=41 L=80 M=112 )

** Product: Red Hat Enterprise Linux 6 Server (default installation packages)
** Dates: 20120621 - 20130221 (246 days)
** 38 advisories (C=3 I=14 L=4 M=17 )
** 108 vulnerabilities (C=7 I=21 L=30 M=50 )

Note: although we have 3 default criticals, they are in openjdk-1.6.0, but we only call Java issues critical if they can be exploited via a browser, and in RHEL6 the Java browser plugin is in the icedtea-web package, which isn't a default package. So that means on a default install you don't get Java plugins running in your browser, so really these are not default criticals in RHEL6 default at all.

February 24, 2013

DevConf.cz event, day 1 part 2.

The post DevConf.cz event, day 1 part 2. appeared first on The Grand Fallacy.

I’m sure you already saw my post on part 1 of day 1 of DevConf.cz, right? Well, not much time for lunch afterward — this conference is packed with content! It’s also packed with friends from around the world. Here’s a few of mine:

Ludek is a man of charm! (from DevConf.cz 2013)

Radek: I'm too sexy for this conference! (Denise: I'm not listening.) (from DevConf.cz 2013)

There are about 5 minutes between talks, and a quick 15 minute break in between morning and afternoon sessions. So after said break, I attended the following sessions:

  • Ales Kozumplik spoke about DNF, a next generation package management library and utility for Fedora. There’s an explanatory Fedora wiki page here.
  • Michael Schröder presented on the functions of package management in SuSE, including libsolv (which underlies DNF). This included explanations of many of the additional functions in libsolv that can be cherry-picked if appropriate for Fedora.
  • Vratislav Podzimek gave a fantastic presentation on the reasons behind and for the Anaconda NewUI. He showed the many problems and maintainability issues with the Anaconda we’ve had for something like 7-8 years in Fedora. He also demonstrated how the new UI presents a simpler, faster way to install in Fedora and even allows you to quickly craft custom “addon” spokes. devconf-2013-no-more-scary-sm
  • Following this, I attended the Anaconda NewUI discussion in one of the hacklabs. A partial list of discussions that happened there:
    • Confirmed that Anaconda redesign is meant to make it possible for people with little or no Linux experience to use the installer.
    • Someone said that this is perhaps exactly why some experienced people struggle with the new UI. While acknowledging that such users would have to become accustomed to the new UI, apart from two cases (LVM on mdraid and [UPDATE: reserving space in a VG -- see comments below]) at this time the new UI can do everything the old one did. Completing storage configuration is more streamlined for the middle of the bell curve cases, but still can be done for the outlying cases.
    • Quite a bit of discussion about addons and what the vision is for them in Fedora. Chris Lumens expressed this really well; his opinion is that they would only be used in Fedora for things that are really helpful for the Project but in which the Anaconda team has no expertise. In concept, any particular site that wants to use addons would only use one, or maybe two. Throwing lots of addons at a user would be confusing and unhelpful. Anaconda team doesn’t want to set policy about when to use addons, probably this would be a FESCo matter.
    • There are many difficulties with choosing default languages based on simple measurements. Inevitably you end up making the wrong choice for a substantial number of users and it becomes difficult for them to continue or complete their task.
    There was more, but these were some of the major topics I heard while bouncing around trying to publish things to various networks about the conference.
  • I also attended the set of short talks for the core OS. Although they were labeled “lightning,” they were a little slower paced, but still good content. I’d like to see the next DevConf.cz include real lightning talks — perhaps 5 minutes, timed mercilessly, and following each other rapidly with a high energy and entertainment level. But the talks themselves were quite good, and included Tomas Mraz on password quality with libpwquality, and Hans de Goede on the current state and future of the Spice protocol and tools. Hans’ demonstrations were especially high in “wow factor,” and featured splitting a window across two diferent guests’ displays, and drag and drop of files from host to guest.

Following the short talks, it was almost time for the conference event. I went back to the hotel to drop off my bag, and several times I narrowly avoided death by sidewalk ice. Thankfully I was walking with Fabian Affolter who would have been able to call for help if I slipped and broke anything important! (I had met up with Fabian and fellow Fedora luminary Gerrold Kassube earlier in the day.)

I quickly headed back out into the cold and a few blocks later, met up with our hundreds of attendees at Klub Fléda. There was a huge variety of good food and, of course, the omnipresent Starobrno beer. There was also live music on stage, with a power trio doing their best to entertain the sedate geeks customarily grouped together 10 meters away from the stage.

I was able to hang out a bit with some of the hardcore hackers doing great work to solve hard problems in the Linux world, including Kay Sievers, Lennart Poettering, and Harald Hoyer. I haven’t seen Lennart and Harald in a number of years — since I was in Berlin for a LinuxTag event. After a few hours, I accompanied Dan “Strikemaker” Walsh back to the hotel where we had a quiet round or two before retiring. All in all, it was a fine day and I was looking forward to day 2.

Speaking of which, stay tuned for a report for the second day of DevConf.cz!

February 23, 2013

DevConf.cz event, day 1 part 1.

The post DevConf.cz event, day 1 part 1. appeared first on The Grand Fallacy.

I’ve been at the Red Hat Czech Republic office in Brno this week for meetings and RHEL-related work. But I organized the visit around this weekend’s DevConf.cz event, a conference for free and open source software hackers in Europe. The organizers in the Brno office have done a fabulous job of putting this conference together. I arrived a little later than I wanted, just before the start of the first session. That was mostly because we were out far too late the night before, bowling and having Czech pilsner with friends in the hotel basement bar! Anyway, we joined a small queue where we picked up the agenda, a ticket to the Saturday night event, and a cute gift: Red Hat branded gloves. These would come in handy in the cold and snowy, but beautiful, Brno weather this weekend!

Red Hat branded gloves from the 5th annual DevConf.cz event

I headed to the first DevConf.cz talk of interest to me, on color management. This talk mainly covered the current state of color management in Linux. It didn’t give me a lot of new information, but it was well done. The speaker did mention some of Richard Hughes’ work on colord. He also mentioned the ColorHug device for calibrating screen displays to get correct color. I need to pick up one of these! He also covered the OpenICC group’s formation. I have to admit, I was still just waking up, and didn’t have as much attention to give here as the topic deserved. So I apologize for the lame recounting here.

Next I sat in Debarshi Ray’s talk on GNOME Online Accounts (GOA) for users and developers. Debarshi did a great job showing how GOA works in GNOME. He had some videos that show accessing online documents from a local desktop. In the developer section, he also explained some current problems with increasingly popular 2FA schemes, and with specific service integration through GOA. Despite significant issues with some underlying frameworks needed for better GOA support, there are smart people working to solve these issues in GNOME, which was good to hear. This will give the platform a better foothold on the seamless sharing users have learned to expect.

My energy started to flag at this point, so I grabbed a quick cup of caffeinated soda and ran back upstairs to see Tom ‘spot’ Callaway’s talk. His topic was improving the Fedora user experience through design-driven methodology. I saw a version of this talk at FUDCon in Lawrence, Kansas, where it generated excellent audience interaction. I was curious to see how it was received in Brno. I was happy to see a huge turnout for this talk here at DevConf.cz. UPDATE: Spot’s slides are here (ODP format).

Spot talked about focus on user experience as the first step in development process, as opposed to “let’s write code now, and make this pretty later.” This is not a path that many open source development projects take, but it’s one that tends to produce great results for recipients. Spot followed up with some intriguing examples:

  • The new HyperKitty system that allows users and contributors to interact in ways they prefer. HyperKitty also can help raise the signal to noise ratio by allowing forum-like ratings of posts.
  • A mockup of a Fedora Smorgasbord app-store like application to succeed PackageKit, and abstract away confusing details users don’t need when trying to install or update.
  • A mocked up solution to reduce friction when filing bugs, and frustration when dealing with them.
  • A Fedora Badges app to produce better user affinity in Fedora. Badges can also give some insight into what users are doing, from running specific applications to participating in community events.

I stayed in the same room to hear Leslie Hawthorn talk about negotiation theory in FOSS projects. (You can find an excellent summary of the topic in this post on Leslie’s blog.) A fundamental lesson I took away was often we prevent a great result because we care more about a conversation’s outcome than our goals. Leslie is an entertaining and engaging speaker and I really enjoyed this talk. Hopefully I’ll get to hang out with her a bit at DevConf.cz. I feel like we’ve crossed paths often before, but somehow miss each other through happenstance.

And since I just used the word “happenstance,” I think it’s time to end this post and get lunch. Stay tuned for part 2 of DevConf.cz day 1!

January 14, 2013

PHP and Apache Security, SetHandler vs AddHandler

In official PHP packages in Enterprise Linux and Fedora <= 17, the engine was activated by the AddHandler directive. With Fedora 18, or for the users of my repository it is now activated by the SetHandler directive.

Some explanations.

Old version (in the /etc/httpd/conf.d/php.conf file)

AddHandler php5-script .php

As written in Apache documentation, the suffix presence, anywhere in the file name, will activate the engine. This can raise a security problem, in a public upload space, when a lack of control will allow a user to send an image.php.png file and execute it.

New version, recommended (§8) by PHP project documentation:

<FilesMatch \.php$>
    SetHandler application/x-httpd-php

Now, only a final suffix will activate the engine. So security is improved (even if I really think that giving the control on uploaded file name to the user is really a huge design error). I haven't notice any performance change.

Warning, this change may breaks some configurations.

In the case when you want to allow users to upload .php files in a public space, but deactivate the php engine (as on this blog).

With old configuration, you just have to remove the handler (and probably change the mime type):

<Directory /path/to/blog/public>
    RemoveHandler .php
<Files ~ "\.php$">
ForceType text/plain

This configuration will not work anymore, and must be changed.

For example, I use (and also enable the colorized output of sources for this space) :

<Directory /path/to/blog/public>
<FilesMatch \.php$>
    SetHandler None
ForceType text/plain
<FilesMatch \.phps$>
    SetHandler application/x-httpd-php-source

Ex : twit.php ou twit.phps

So, if you upgrade from Fedora 17 to Fedora 18, or if you update from PHP 5.3 to PHP 5.4 using my repository, don't forget to check and fix all your httpd configuration files.

December 14, 2012

PulseCaster 0.1.9 is released!

The post PulseCaster 0.1.9 is released! appeared first on The Grand Fallacy.

Yup, 0.1.9 has finally made it out the door. Here’s the tarball and the git repo. There are also updated packages coming shortly in Fedora 17, 18, and Rawhide. If you want to help test those to get them out sooner, look here for the package for your Fedora release.

Plus, did you know there’s a Facebook page for PulseCaster? Visit it, like it, and feel the love.

PulseCaster 0.1.9: The gruesome details

I have no witty release name attached to any of the releases, so let’s call this “The One Where We Figured Out How to Give People an Expert Option and Translations, Too.” Some of the secret features you’ll find in this release:

  • An expert option
  • Translations

OK, I’m being a bit snarky here. Mainly I’m trying to play all nonchalant about how long it actually took me to get around to working on another release. Here’s a better listing of new stuff in 0.1.9:

  • PulseCaster now uses GTK+ 3.0.
  • PulseCaster also now uses PyGObject and GObject introspection for most stuff. The GStreamer bits are still a bit rough in the gir code. Specifically I found it difficult to get at messages on the bus. I’ll keep working on that, possibly for 0.2.
  • There’s now an expert option that writes the recorded streams to two separate files in lossless FLAC format, so you can mix your own recording later. The default mode still writes a single Ogg Vorbis file, which suffices for most people. (The code here’s more than a bit hacky and needs to be cleaned up in 0.2.)
  • Using the excellent Transifex service, translations are now part of PulseCaster! Many thanks to the wonderful volunteer translators around the world who contributed translations to the release, and to the Transifex folks for their great service.

Future work

Some of the features on the current roadmap:

  • Clean up messy separate-stream code (see above)
  • Provide a recording pause button
  • Do some volume leveling and/or compression to help recordings sound better
  • Provide more helpful information on disk space available/used

As always, you can find the PulseCaster site at http://pulsecaster.org — bugs and enhancement requests are welcome. Input from users helped to drive (eventually!) the work for this release, so a tip of the hat to them for participating!

December 09, 2012

FAD EMEA wrap up

It turns out we have to leave early. Some people need to travel home and others have family duties – or both. Fortunately we worked hard and managed to complete our agenda.

For now, I just put all the results, todo items and open questions into the wiki. It’s still a rough draft, I will clean it up, format and elaborate it later today. Some of the most important decisions include:

  • We’ll make a Fedora Ambassadors Census. In previous years, we used to do this before this FAD: We ask all the local communities to report their state: How many (active) ambassadors are there, how many events did they attend and what is the overall situation for them.
  • We looked for new ways to bring people into the project. We have communities that are not officially part of the project, like local community websites, IRC channels or groups on social networks. We should actively try to recruit new contributors there.
  • Improve the new contributors experience: Once they joined Fedora, we should make sure new ambassadors can attend at least one major event to get to know other contributors. Mentors should have an eye on how people do within the first year and support them better.
  • Run country-wide ambassadors event: All countries should strive for an event that brings all ambassadors to a table at least once a year.

Still, the real work begins after this FAD. We need to implement what we discussed, whether this is in the wiki, in trac or on various events. But we have gotten a new boost for our community and we are very optimistic that it will have a big impact.

Thanks everybody for coming and especially to Gerold for making this event happen.

December 08, 2012


So we are sitting at Beuggen Castle and having some drinks after an awesome social event: A dinner in complete darkness at a restaurant called “Blinde Kuh” (“Blind cow”). If you have not yet had it, give it a try, it’s very interesting experience.

The first day of FAD EMEA turned out to be very productive. We managed to discuss a lot of topics, most importantly:

  • Event planning for 2013. We want to attend 31 events, and for most of them we already have event owners.
  • Budget planning for 2013. Based on the list of events, we’ll spend 11.700 EUR. Sure, this is a lot of money, but we want really to rock at a lot of places and our draft is very conservative.
  • Sponsoring and reimbursements: While FAmSCo has already achieved a lot, we need to do a better job in explaining contributors how to get money easily and how to effectively track all requests.
  • Swag shipping and event box: We think it does not make sense to ship a complete event box within Europe, instead continue shipping what we really need. But this needs improvements: Better tracking of who has what and more ‘bases’ in different countries.
  • Swag production planning: We have a lot of new ideas for awesome swag and need to follow up with getting different quotes and making desisions.

I am going to add all relevant info to the wiki later, because a lot of the topic we discussed needs to be followed up. Tomorrow we’ll have some more discussions, but given that we are already more than half way through the agenda, we should have some time left to document and implement our results. This mainly is wiki gardening an improvements in our trac instance.

Stay tuned for another blog post before I fly home tomorrow.

December 07, 2012

Fedora elections – don’t forget to vote!

Fedora Elections are ongoing. Deadline is December 9th at 23:59:59 UTC - vote now!

Fedora Logo



November 26, 2012

Security FAD

All packed up and waiting for my plane to Raleigh. Going there to work on enabling two-factor authentication for the hosts that give shell access inside of Fedora’s Infrastructure. For the first round, I think we’re planning on going for simple and minimal to show what we can do. Briefly, the simplest and minimalist is:

* Server to verify a one time password (we already have one for yubikeys)
* CGI to take a username, password, and otp to verify in fas and the otp server
* pam module for sudo that verifies the user via the cgi
* database to store the secret keys for the otp generation and associate them with the fas username

We’re hoping to go a little beyond the minimal at the FAD:

* Have a web frontend to configure the secret keys that are stored for an account.
* Presently we’re thinking that this is a FAS frontend but we may end up re-evaluating this depending on what we decide to do for web apps and what to require for changing an auth source.
* Allow both yubikey and google-authenticator as otp

I’m also hoping that since we’ll have most of the sysadmin side of infrastructure present that we’ll get a chance to discuss and write down a few OTP policies for the future:

* Do we want to make two-factor optional for some people and required for others?
* How many auth sources do we require in order to change a separate auth source (email address, password, secret for otp generation, phone number, gpg key, etc)?

If we manage to get through all of that work, there’s a few other things we could work on as well:

* Design and implement OTP for our web apps

November 24, 2012

When is an SRPM not Architecture-neutral?

Source RPM packages -- SRPMs -- have an architecture of "src". In other words, a source RPM is a source RPM, with no architecture associated with it. There's an assumption that the package is architecture-neutral in source form, and only become architecture-specific when built into a binary RPM (unless it builds into a "noarch" RPM, which is the case with scripts, fonts, graphics, and data files).

An SRPM contains source code (typically a tarball, and sometimes patch files) and a spec file which serves as manifest and build-recipe, plus metadata generated from the spec file when the SRPM is built -- including dependencies (which, unlike binary RPMs, are actually the build dependencies).

However, the build dependencies may vary by platform. If package foo is built against bar and baz, and baz exists on some architectures but not others, then the spec file may be written to build without baz (and the accompanying features that baz enables) on some architectures. The corresponding BuildRequires lines will also be made conditional on the architecture -- and this make total sense. However, querying an SRPM on a given platform may give incorrect build dependency information for that platform if the SRPM was built on another platform -- and only rebuilding the SRPM on the target arch will correct the rpm metadata (and possibly render it incorrect for other platforms). Thus, I've come to realize, SRPMs are not truly architecture-neutral -- and I'm not sure if all our tools take this into consideration.

Edit: I know that not all of our tools take this into consideration.

Continue reading "When is an SRPM not Architecture-neutral?"

October 16, 2012

Last call for F19 naming proposals

This is the final reminder that the Fedora 19 naming collection ends today at 23:59 UTC. This means you have 5 hours left to propose a name. Before proposing a name, please make sure to read the guidelines.

October 09, 2012

OpenShift, perl, YouTube API
tracy My wife is part of a competition to be the next face representing her college; with the final number of positive 'likes' on YouTube videos determining the winners. I thought it would be neat to create a scoreboard to track her progress, but also to learn how to use OpenShift all in one. It took me longer to write this blog than to write the code and deploy it live!

After creating an account on Red Hat OpenShift I created a new app based on perl and added a cron container so we can run our script every few minutes (to stop overloading the YouTube API if the site gets popular):

rhc-create-app -a fomc -t perl-5.10
rhc-ctl-app -a fomc -e add-cron-1.4
cd fomc
That was all the configuration needed, the 'fomc' directory is populated with everything you need. OpenShift when you deploy your app, figures out your perl dependencies and grabs and builds them for you, so no messing around needing root or even logging into the host.

By default the file perl/index.pl will get served, but since we're going to cache the output from the script let's make it a html file index. To do this simply add to the existing perl/.htaccess file:

DirectoryIndex index.html
I wrote this quick perl program to query the YouTube API and do a simplistic HTML page of the number of likes for each of the videos in the playlist, and placed it in the main directory as youtube.pl. Now to get it created every ten minutes we use the cron container by creating a file .openshift/cron/minutely/perljob with the contents:
MIN=`date +%M`
if [ $((${MIN#0} % 10)) == 0 ]; then
    perl ${OPENSHIFT_REPO_DIR}/youtube.pl > ${OPENSHIFT_REPO_DIR}/index.html
    mv -f ${OPENSHIFT_REPO_DIR}/index.html ${OPENSHIFT_REPO_DIR}/perl/index.html
The cron job is run every minute, but the "modulus 10" ensures we only run the perl script once every 10 minutes. We use an intermediate file so that anyone visiting the site during the time it takes to create the file doesn't get a blank page. Finally we want to make sure that we don't have to wait ten minutes for the file to be created when we push the app, and give people the ability to see the source, so we create .openshift/action_hooks/post_deploy with the contents:
cp ${OPENSHIFT_REPO_DIR}/youtube.pl ${OPENSHIFT_REPO_DIR}/perl/youtubepl.txt
perl ${OPENSHIFT_REPO_DIR}/youtube.pl > ${OPENSHIFT_REPO_DIR}/perl/index.html
And that's it. Just run
git add .
git commit -a -m 'first app'
git push
And the app is up and running; here it is: http://fomc-esoom.rhcloud.com/. If this blog was useful (blatent plug!) please click on "Tracy Cox", make sure you're logged in, and click "like" ;)

October 03, 2012

Enterprise Linux 6.2 to 6.3 risk report
You can read my Enterprise Linux 6.2 to 6.3 risk report on the Red Hat Security Blog.
"for all packages, from release of 6.2 up to and including 6.3, we shipped 88 advisories to address 233 vulnerabilities. 15 advisories were rated critical, 23 were important, and the remaining 50 were moderate and low."

"Updates to correct 34 of the 36 critical vulnerabilities were available via Red Hat Network either the same day or the next calendar day after the issues were public. The Kerberos telnet flaw was fixed in 2 calendar days as the issue was published on Christmas day. The second PHP flaw took 4 calendar days (over a weekend) as the initial fix released upstream was incomplete."

And if you are interested in how the figures were calculated, as always view the source of this blog entry.