Planet HantsLUG

I wasn't going to comment on the recent openssl security update, because too many people have already done so.

Personally I thought that Aigars Mahinovs made the best writeup I've seen so far.

However I would like to say that having 20+ people all mailing security[at]debian.org to say the webpage we referenced in the security advisory is currently blank is not useful, or ask for details already released in the advisory they replied to, or ask for even more details is not so much fun.

Having people immediately start mailing questions like "Huh? What can I do" is only natural, but you can't expect a response when things are as hectic as they have been recently. Ideally people would sit on their hands and bite their tongues. Realistically that isn't going to happen, and realistically this post will make no difference either...

Had the issue not leaked to unstable so quickly (and inappropriately IMHO) then we'd have had a little more time. But once an issue is reported you need to coordinate with other distributions, and etc. Handling something as severe as this is not fun, and random mails from users are a distraction, and a resource-hog.

I should say I was not in any way involved in the discovery, the reporting, the preparation of the fix(es), or the releasing of the update. I knew it was coming, but everybody else seemed to have it well in hand. When there are mails going back and forth for 5+ days with ever-growing Cc: lists, and mailing lists being involved I figure one more cook wouldn't be useful.

So in conclusion:

a. Bad hole.

b. Fixing this will take years, probably.

c. 50+ mails to the security team within an hour of the advisory going public complaining of missing information is not helpful, not useful, and quite irritating. (Albeit understandable).

d. People who don't know the details of an attack, or issue, shouldn't speculate and start panic, fear, and confusion. Esp. when details are a little vague.

e. I still like pies.

Once again thanks to everybody who was involved and put in an insane amount of work. Yes this is only the start - our users have to suffer the pain of regenerating everything - but we did good.

Really. Debian did good.

It might not look like it right now, but it could have been so much worse, and Debian did do good.

ObQuote: X-Men: The Last Stand

I’ve not long got back from colo’ing the new server, obstler. Tonight was the only night I could do it before next week, and Graham very kindly offered to give me a lift from home at 6pm, aiming to be there by 8pm.

I left dayjob early and rushed home but unfortunately Graham got held up in bad traffic coming across London and it was more like 7pm when he got to me. The M25 anticlockwise was pretty clear though so despite my mere presence breaking the satnav and making the indicator relay go into overdrive (*click*click*click*click*click*click*click*click*click* …. *click*click*click* … *click*click*click*click* ………… *click*click*click*click* ……………. *click*click*!), we made good time and arrived at about 8.30pm.

As it happened, Andy Millar who was also colo’ing his server today had had some technical difficulties and so things were running late anyway. In fact we had some time to wait around while that was finished off. It turns out that his HP power supply was drawing 1.1A, which went down to less than half that when replaced with a Sea Sonic one. I shall have to investigate that for myself, as it looks like it would save me about £20/month per server!

obstler was pretty quick to colo, then we headed off to some Chinese restaurant near Canary Wharf Pier. As usual I became totally disoriented by the twisty turns around that place.

I couldn’t remember exactly when my last direct train from Waterloo was, but thought it might be 23:50. It was actually 23:58 so I made it with plenty of time, got home about 00:45.

A good night’s work; won’t be able to finish configuring obstler or doing much of anything useful with it for a couple of days, but really glad it’s finally in.

Thanks again to Graham for giving me a lift with the server!

Or “Oh bugger”.

In short, Debian made a slight change to openssl which means that all keys (SSH user and host keys, X509 keys and certs, OpenVPN passwords) have not been sufficiently random for the last few years.

This is a _lot_ of effort to correct:

• remove all bad ssh keys and regenerate them (the former being potentially harder than the latter)
  
  • fortunately in some environments we keep them all in LDAP which makes it really easy
• remove all bad openvpn passwords (not a problem, we don’t use those anywhere)
• replace all X.509 (used in SSL)
  
  • this is the biggie - it affects secure website, and anything else SSL secured
  • such as LDAP for us
  • and even worse, we’ll have to regenerate the “root of trust” CA key which is a royal pain
    
    • realistically we’ll turn off SSL validation, push all the changes out, then turn validation back on
      

I _would_ also like to back Kurt. It was a mistake - not malicious (far from it). Just looking at some of the comments at http://www.links.org/?p=327, you can see that some just lay blame with _no_ validation. However, let’s look at this a bit more (salt required as I’ve _not_ verified all of this and so I might be back later to update/correct):

• it was trying to remove use of uninitialised memory (which is normally a bug)
  
  • why is it treating uninitialised memory as a good random source anyway?
    
    • Update: it mixes in good entropy into this memory - if it is random to begin with it is merely a bonus
      
  • there was apparently no comment explaining the use of the uninitialised memory
  • unfortunately the patch actually removed _all_ random sources
    
    • Update: or rather commented out a similar line which was rather important
      
• Kurt actually _asked_ on the openssl mailing list if this was sane
  
  • and was told “yes” by what appear to be well know openssl people
    
• I don’t know if his patch was pushed back upstream for inclusion
  

One person (hi Jonathan!) started to blame it on Debian’s policy of “backports” (as opposed to using the latest upstream). Backports are generally a _far_ safer way to fix security problems. That’s why they do it! On the _rare_ occasions that a backport isn’t feasible (or difficult to do as so _many_ changes need to be made), a new upstream release _is_ used. I believe firefox often falls into this category.

Debian gets a lot of flak without just cause:

• for highlighting the KDE Qt/GPL issue
  
  • it was _illegal_ - it wasn’t idealism
  • Qt eventually went GPL
    
• for renaming firefox “iceweasel”
  
  • they were not _allowed_ to ship any patches (e.g. security fixes) and still call it firefox
  • eventually firefox dropped this stupid policy
    
• apache2 config is split up (Hi Jonathan again!)
  
  • I’m sorry, but really, McCools 2000 line config is _far_ harder to tweak
  • particularly by automated scripts when compared to /etc/apache2/mods-enabled
  • oh, and don’t you _dare_ suggest redhat is saner:
    
• exactly what goes in /etc/http/conf/ directory compared to /etc/http/conf.d/ ?
  

EDIT: As per https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html , upgrading the package will test the sshd key, amongst other things.

It would appear that the openssl algorithm used to generate the ssh or ssl keys for Ubuntu and Debian isn’t as random as required to be secure, and is therefore vulnerable to brute force attack.

As outlined: http://www.ubuntu.com/usn/usn-612-1

Thankfully Debian security team have written a pretty nifty perl script to help find if your keys are weak!

So ensure you have upgraded to the latest libssl0.9.8 package (as outlined in the USN) then:

To test the public key fingerprint on a server, do the following:

$ wget http://security.debian.org/project/extra/dowkd/dowkd.pl.gz
$ gunzip dowkd.pl.gz
$ chmod +x dowkd.pl
$ ./dowkd.pl file /etc/ssh/ssh_host_{dsa,rsa}_key.pub 2>/dev/null

This will tell you if the public key is weak.  If it is, you should move/remove the key pair, then generate a new pair with:

$ sudo dpkg-reconfigure -plow openssh-server

Authorized keys, that can login using key based authentication.

$ ./dowkd.pl file ~/.ssh/authorized_keys 2>/dev/null

This will return any weak keys that are authorized to login using key based authentication, these entries should be removed and a new one generated and added to the file.

To see if your own user key(s) is vulnerable:

$ ./dowkd.pl file ~/.ssh/id_{rsa,dsa}.pub 2>/dev/null

If it is, you should remove the key - and create a new one using “ssh-keygen”,  and redistribute the public key (including to Launchpad)

NOTE: you should test all user keys on the system.  Might be worth saving any weak key’s, incase you do get locked out of a system.

Please pass this on to anyone using SSH.

EDIT: As per https://lists.ubuntu.com/archives/ubuntu-security-announce/2008-May/000706.html , upgrading the package will test the sshd key, amongst other things.

West Virginia Democrats vote today in a primary that Senator Clinton will win. Not will probably win, she will win it but it hardly matters now. The scorecard of delegates is shaping up to an Obama candidacy now. Senator Obama has more regular delegates and more Super-delegates than the New York senator and there aren't a great deal left to play for.

Now, were I an American, I could personally support either of the two Democratic candidates. Were I an American and a member of the Democratic party, it would have to be Clinton for me. Why? Look at the Electoral College situation based on the latest polls. I've blogged about this before but the difference between a Clinton-McCain race and an Obama-McCain contest is now even more marked. The latest polls show Clinton beating McCain by such a large margin that even if the tied states all went to McCain, Mrs Clinton would still win. On the other hand, the polls show McCain crushing Obama by an even larger margin than Clinton would beat him by.

So, what happens now? It's hard to see Obama not winning the candidacy and that's why I think Clinton is still pushing hard. If she shows the determination not to quit and the resolve that it takes to fight to the last, she can begin her campaign to stand against McCain in 2012 on November 5th, as soon as the votes have been counted. Then, who knows, perhaps a Clinton will unseat an incumbent Republican for the second time, twenty years on...

Jake, absolutely! But there are far too many people with illogical ideas about the sanctity of corpses to stand for it, I fear. As Niven suggested, will we see this first applied to prisoners, and then the death penalty for jaywalking?

Taking the most amount of time get out the door so far it’s episode0.3 of pr0g80X.vid. This episode was a real nightmare to edit, however the end result means not only is it looking sweet, but also that I have a much firmer tool for working on 0.4.

In this episode we have,

• New Look
• News [01:26] - Short news segment
• Pimp My Project [03:28] - Bill Reminder gets the first PMP treatment
• Hugin [06:55] - Learn how to create stunning panoramics
• Beginning Python [15:13] - Book review on this little number
• Keyboard Hacking [19:24] - So just how does our faithful friend work
• Sign Off [26:37] - The usual see ya next time

Don’t forget we have the new site now with forums, and you can chat to us in #progbox on irc.freenode.net

Disclaimer
Though messing around with keyboards is fun, touch the wrong contacts and you could end up harming the keyboard, and indeed your PCs USB ports. pr0g80X.vid accepts no responsibility for equipment damaged through trying tricks shown in the show. You have been warned.

Thanks to everyone for watching and look out for episode 4 coming soon!!

Taking the most amount of time get out the door so far it's episode0.3 of pr0g80X.vid. This episode was a real nightmare to edit, however the end result means not only is it looking sweet, but also that I have a much firmer tool for working on 0.4. In this episode we have, New Look News [01:26] - Short news segment Pimp My Project [03:28] - Bill Reminder gets the first PMP treatment Hugin [06:55] - Learn how to create stunning panoramics Beginning Python [15:13] - Book review on this little number Keyboard Hacking [19:24] - So just how does our faithful friend work Sign Off [26:37] - The usual see ya next time Don't forget we have the new site now with forums, and you can chat to us in #progbox on irc.freenode.net Disclaimer Though messing around with keyboards is fun, touch the wrong contacts and you could end up harming the keyboard, and indeed your PCs USB ports. pr0g80X.vid accepts no responsibility for equipment damaged through trying tricks shown in the show. You have been warned. Thanks to everyone for watching and look out for episode 4 coming soon!!

Just to show how much work goes into producing a single episode of progbox. 2 hours of recording. 2 hours of sound and video support material. 5 hours in Cinelerra. And this is the result……

A bit of a delay in getting this one uploaded because of a wee problem with the CD but it's now available.

Recorded May 4th at St Paul's in our monthly Celebration service, 19 minutes, 45 seconds long available as Ogg Vorbis or MP3:

At work, we have just had a Big Ass Fan fitted. When the controls are set to the heart of the sun, you really have to hold onto your syrup.

Glastonbury is a fantastic little town, with lots of communities thriving around the spiritual hub that the place has become. If you miss being there, the gardens, the shops, the people, the tor you can keep in touch by listening to Glastonbury Radio.

This has nothing to do with the summer concerts that we see all over the media. It’s about the community and what’s going on, no matter what your spiritual path or interest, it’s covered by this net only radio.

Ok, so first off my apologies to the entire community for being so brazen and grumpy for the last week. I had spent over 5 hours preparing the video and audio for progbox.vid episode 0.3, and the fact that I was being hampered by a piece of video editing software, on my favorite distro, was just sheer pain. Kdenlive, is a great package, but the current version in Ubuntu Hardy Heron, does have some issues that need resolving. Before people try to give me any more advice on this, I’m done. At the moment Kdenlive is out of the picture. Let me tell you about my new friend.

I was so frustrated, and so enthusiastic about doing episode 3, and indeed progbox.vid in general, that I was even looking at purchasing something like Adobe Premiere, though how I would have afforded it, I’ll never know. I tried so many different alternatives, though the one that kept coming back to me was Cinelerra. I have heard so many negative reports about it, but just occasionally you get a positive report that just wipes all the others clean. I’m hoping this is going to be one of those.

When I first started using Cinelerra, I was put off by the look of the interface. It was dated and old. I also tried importing a few video clips and got very different results. One played just fine, the other played at about 2 frames per second. I was not impressed. So I ditched it once again and went back to banging my head against kdenlive.

Sunday afternoon, it just got the better of me. I loaded up Cinelerra, and started working with the clips I knew worked. Now there are comments floating around that the Cinelerra interface is less than easy to use. Whilst I agree it does have it’s problems, once you have read a few bits in the manual and taken the time to use it, and indeed experiment, it’s really not so bad. I mean if you went out and bought Adobe Premiere, you’d surely spend the time to get to know the package, after all you’ve just shelled out £700 for it. In fact Cinelerra is just down right awesome. Sometimes, because something is free, we just don’t give it the chance it deserves.

Yeh, I admit it I was scared of the unknown. I knew kdenlive, it had been good for making the first two episodes and the promo video, but I needed to stop being stubborn and move on. So, episode 0.3 is done. It’s currently awaiting moderation by my beta team, and then it’ll be live.

My top tips for Cinelerra

• Mouse Madness
  Remember to learn how to use the different mouse buttons for trimming. Each has a different function.
• Track Weapons
  Take care on arming and disarming tracks, it looks like a pain to begin with, but it’ll save your life. Cinelerra likes to help you, and if it thinks a video and an audio track are synced, it’ll move them together. IF you don’t want this, just disarm the track you don’t want to move.
• Make Room
  Keep a spare audio track handy. For some reason, when dragging in some audio tracks, Cinelerra likes to double them up. Always drag into a new audio track first, then you can delete the second instance.
• Format Wars
  Use MOV, DV or OGG video formats and you’ll be fine.
• Mr Scientist
  Experiment with the tools. There is nothing wrong with taking a few hours to make a few test video clips.

So in short, I totally rate Cinelerra as the best video editing app on Linux. The feature set is powerful, the effects are plentiful and the general usage is a dream. Yes it took me a little while to get to grips with but now I say with great confidence,

Video editing on Linux isn’t a myth, it isn’t false hope, it’s here.

I hope you can all forgive my rash comments and remarks. Linux still hasn’t ever let me down, sometimes it just takes a week or so to rise to the occasion

I also hear Cinelerra is being rewritten from the ground up.

Happy Birthday, Roger.

Just a short entry in case anyone else gets bitten by this one. File in /etc/cron.d are processed according to run-parts convention - this means they must not contain dots. script.live has now been renamed script-live!

So some of you will know my trials and tribulations with kdenlive of late. I felt it only fair to post up a summary of what I have learnt. I recently updated my machine to Hardy, from Gutsy. Whilst I was happy with the upgrade overall, and in fact so happy I was that I did a nice fresh install so that I would have a nice clean system. I wrongly assumed that kdenlive would continue to work just as it had. Well it didn’t. I have tried many things including, but not limited to, installing the old debs from gutsy, recompiling the old version, compiling the new version, compiling a version from April, using the debian multimedia debs. In short, I’m stuck. I feel rather stupid, after being interview on Ubuntu-UK podcast and saying how nice kdenlive was. Kdenlive is awesome, I just don’t understand what has happened to it in Hardy. And I know some people are sitting there saying, well just downgrade to Gutsy again. I don’t particularly want to, and I shouldn’t have to.

So I went searching for an alternative. Blender crashed when playing any audio, even after I found a fix for having no audio in it’s video editing engine. I don’t know how I’d do Picture in Picture effects but if someone knows how to fix this I’d be willing to give ita try, except that when I dragged a video clip in with audio, the audio section seemed to be twice as long as the video, so I’m guessing they were out of sync?

OpenMovie editor, just didn’t have the transitions I needed.

Cinelerra crashed and wouldn’t give me a realtime preview of anything

Lives, I can’t even remember what happened there?!

Kino, doesn’t have a multitrack time line, and therefore is pretty useless to me.

In short, I was sure that video editing wasn’t that bad on Linux. Maybe I lured myself into a false sense of security. Kdenlive was great in Gutsy. Sure it crashed a few times, but it seems unusable in Hardy. I’ve seriously been considering buying some kind of software for doing video editing, but that would mean I have to make friends with another OS, and a) I don’t have the money, and b) I don’t really want to do that.

I have very much enjoyed working on progbox.vid, it’s been a lot of fun. I have worked for about 5 hours getting the footage together for episode 3, but at the moment it’s just sitting on my hard drive, gathering fragmentation

At the moment I’m out of ideas……….and I tell ya what…..it’s soo depressing. I love working with Linux and it’s never ever let me down……but I’m feeling like it’s close now. If someone can help out. Please, please. Please. I’ve been at this for over a week.

And now I sleep…………

There should be a website to coordinate cinema-dates.

I don't like going to the cinema alone and have, in the past, frequently missed viewing films rather than go alone.

This is a habit I'm growing out of, but I still think it is better to go with a friend or two.

In the near future I'm going to view the last Indianna Jones movie, and the Sex & The City film. I have partners for both of those.

But after that? There are a few films which I can't immediately think of who I'm going to lure away with me. I could either :

• Go alone, regardless.
• Randomly ask people to come

If there were a site that had list of upcoming films, and allowed you to express interest in going to see them that would be a fantastic idea. (Obviously location based).

I'd not even assume "dating", because I think in my life I've had a first-date at a cinema once. When I was about 14. Because it just doesn't work - you can't talk during, (and back then we couldn't go to the pub afterward to discuss the film. I think we did anyway ;)

For bonus points you could allow people to rate the films, or even each other. Hmm.

Somebody write it for me? I've got too much on my plate ..probably

ObQuote: Se7en

Apologies to maintainers of Planet type sites that aggregate my blog (including to myself for Planet SUSE) as those sites will be picking up some of the non-blog bits of my site at the moment. As part of sorting out the site, I've moved those pages into the blog tree rather than having to maintain two versions of the look of the site (one for the blog script the other for the PHP pages) and, having also edited some, they now have a datestamp of today.

I've also changed the look of my site slightly, tweaking the style I launched at the start of the year. There's less dead-space now and larger fonts make it easier to read. It also defaults to the Free DejaVu fonts when they're available.

Given that you're here, and apparently reading this tripe, I assume you want to know something about me. Well, I'm in my early 30s and I currently live near Southampton on the south coast of England. I've been married to Amanda since March 1998 and we have a son, Callum, who was born in January 2007.

I used to be a UNIX Systems Administrator for an insurance company. Before that I was Network Manager at SUSE Linux UK. I am probably best known for my work on the openSUSE GNOME repositories and for running Planet SUSE, where you can read the latest blogs from the openSUSE community.

I've been a curate at an Anglican church here since July 2007 and before that I was training at St John's College, Nottingham. Before starting my training, we lived in Watford, which is in Hertfordshire, just north-west of London.

The Dovecot SSL certificate expired on my Dovecot POP3s server and needed refreshing.

It was the end to a long drawn out and painful week.

* Works is sh*t at the moment
* Landlord is evicting us and we have to find somewhere else to rent
** House prices are tumbling, so I refuse buy at the moment
** Estate agents are lazy, greedy and useless
** Moving is a pain however you look at it
* ADSL service at home is cr*p at the moment
* I'm depressed and miserable

Participants in the Google Summer of Code will now be recognised on Planet SUSE by having GSoC in front of their names at the top of their posts.

If you're a student on the GSoC and you don't see this with your posts, please drop me a line and let me know.

In the summer time
When the pollen count is high
I wish plants would die.

My MP, Alan Keen, finally wrote to me after about 6 weeks to say he had signed Early Day Motion 1155 on public photography. fanks mister! \o/

A cynical man may suspect that all labour MPs have been instructed to make nice after their local election hammering, and otherwise ignored communications from constituents have been revisited.

For those who either have to use Windows occasionally or (poor, poor people) all the time, there are kick-ass OpenOffice.org 2.4.0 builds now available at Go-OO.org.

Why does this make my life easier? The presentation PC at church runs Windows and this means I can now upgrade the OOo install on it.

Ok, I got it built. I had to make two small hacks.

1) I hacked up the script, line 287 becomes

export CFLAGS="$CFLAGS -I$DEST_DIR/include/libavcodec/ -I$DEST_DIR/include/libavformat/ -I$DEST_DIR/include/libswscale/ -I$DEST_DIR/include/libavdevice/ -I$DEST_DIR/include/"

else it complains that it can’t find the avcodec.h

2) Hack up a file in mlt source dir mlt/src/modules/avformat/Makefile
Change line 18, to read

LDFLAGS+=-L/home/pete/build/lib

However, even after doing this, it builds, but as soon as it starts, it segfaults, with this.

Continuing.
Qt: gdb: -nograb added to command-line options.
	 Use the -dograb option to enforce grabbing.
kbuildsycoca running...
kio (KMimeType): WARNING: KServiceType::offers : servicetype ThumbCreator not found
kio (KMimeType): WARNING: KServiceType::offers : servicetype ThumbCreator not found
kdenlive: //  INIT EFFECT SEARCH
kdenlive: ---------  close 1b
kdenlive: ---------  close 2b

Program received signal SIGSEGV, Segmentation fault.
mlt_properties_set (this=0x0, name=0x829fb1c "resource", 
    value=0x852a7b8 "/usr/share/apps/kdenlive/profiles/metadata.properties")
    at mlt_properties.c:277
277		property_list *list = this->local;
Current language:  auto; currently c
(gdb) bt
#0  mlt_properties_set (this=0x0, name=0x829fb1c "resource", 
    value=0x852a7b8 "/usr/share/apps/kdenlive/profiles/metadata.properties")
    at mlt_properties.c:277
#1  0xb6ce2bd8 in Mlt::Properties::set ()
   from /home/pete/build/lib/libmlt++.so.0
#2  0x081af929 in KRender::KRender ()
#3  0x081b0948 in KRenderManager::createRenderer ()
#4  0x081b0cd0 in KRenderManager::findRenderer ()
#5  0x08192dc6 in KdenliveDoc::KdenliveDoc ()
#6  0x0817c715 in Gui::KdenliveApp::initDocument ()
#7  0x0818a987 in Gui::KdenliveApp::KdenliveApp ()
#8  0x081d0781 in main ()
(gdb) 

Any ideas??

Once again proving his editing prowess, Tony has managed to squeeze around 4 hours of wibble into a 40 minute podcast. Nice one.

In this episode:-

• Discussion:
  • An interview with Pete Savage.
    • progbox.vid
  • A chat with Phil Newborough.
    • Random Ubuntu Advocacy
    • Crunchbang Linux
  • We rate our Hardy upgrade experiences.
  • Following up with our CLI vs GUI discussion with Laura Cowen.
• In the news:
  • gNewSense release version 2.
  • Adobe opening up the FLV specs.
  • The UK's Unix User Group has convinced the High Court to carry out a judicial review of the British Standard Institute's decision to vote in favour of Microsoft's controversial Office Open XML (OOXML) specification.
  • 30th birthday of spam
  • Sun in process of certifying Ubuntu.
• Competition results!
  • The winner of the trivia competition is announced. We'll send them a coupon for the Canonical Store to spend on whatever they want! We'll have another competition in Episode 6.

Comments and suggestions are welcomed to: podcast@ubuntu-uk.org
Up to 30 seconds of voicemail can be left at +44 (0) 845 508 1986
Follow our twitter feed http://twitter.com/uupc

Well a brief post about what I've been up to over the past few days.

An alioth project was created for the maintainance of the bash-completion package. I spent about 40 minutes yesterday committing fixes to some of the low-lying fruit.

I suspect I'll do a little more of that, and then back off. I only started looking at the package because there was a request-for-help bug filed against it. It works well enough for me with some small local additions

The big decision for the bash-completion project is how to go forwards from the current situation where the project is basically a large monolithic script. Ideally the openssh-client package should contain the completion for ssh, scp, etc..

Making that transition will be hard. But interesting.

In other news I submitted a couple of "make-work" patches to the QPSMTPD SMTP proxy - just tidying up a minor cosmetic issues. I'm starting to get to the point where I understand the internals pretty well now, which is a good thing!

I love working on QPSMTPD. It rocks. It is basically the core of my antispam service and a real delight to code for. I cannot overemphasise that enough - some projects are just so obviously coded properly. Hard to replicate, easy to recognise...

I've been working on my own pre-connection system which is a little more specialied; making use of the Class::Pluggable library - packaged for Debian by Sarah.

(The world -> Pre-Connection/Load-Balancing Proxy -> QPSMTPD -> Exim4. No fragility there then ;)

Finally I made a tweak to the Debian Planet configuration. If you have Javascript disabled you'll no longer see the "Show Author"/"Hide Author" links. This is great for people who use Lynx, Links, or other minimal browsers.

TODO:

I'm still waiting for the creation of the javascript project to be setup so that I can work on importing my jQuery package.

I still need to sit down and work through the Apache2 bugs I identified as being simple to fix. I've got it building from SVN now though; so progress is being made!

Finally this weekend I need to sit down and find the time to answer Steve's "Team Questionnaire". Leave it any longer and it'll never get answered. Sigh.

ObQuote: Shooting Fish

It's great to see openSUSE Lizards launched. People blogging on Lizards will soon start to appear on Planet SUSE (basically as soon as they start posting). Where they have an existing blog and both will continue to be active, their entries from Lizards will be prefixed with Lizards:

Centrologic have a great site about the Ubuntu Story, http://www.ubuntustory.com/ lots of good flashy graphics with clear simple explanations of the main topics that people searching for Ubuntu might want to know about.

As I write this post, I am exceedingly angry and frustrated. I’m currently trying to put together episode 0.3 of progbox.vid. I thought this was going to be a fairly simple task, as was 0.1 and 0.2, using my favorite editor, kdenlive. Not so.

To cut a long story short, I wasted an hour this morning trying to make a 30 second video. Kdenlive crashed 15 times at least this morning. So what’s changed I hear you cry 0.5 to 0.6-svn that’s what. 0.6 hasn’t even been released yet, so why are we now using it? I also found regression, in that some plugins I wanted were no longer available (freeze).

I tried to compile from source, but this failed too, maybe a testament to the instability of the 0.6 release at the moment. Incidentally, I also attempted to compile 0.5, but that failed too.

So, I turned my attention to Blender. Blender has a sophisticated video editor built in right? Well, yes it does, but only if I don’t want to be able to mix sound in too By default I had no sound. I googled and found an env line to make SDL use alsa, which apparently works in Hardy. Like heck it does. On my machine it segfaulted.

For video, all I want to do is be an end user, I don’t know enough to contribute in the coding area, I got meaningless backtraces. People are always complaining about not having enough time. Well pool together. Make a common resource. We’re going for a common goal here of video on Linux.

I know I’m going to get lots of comments saying, I use X,Y,Z. Before you do, here are my requirements.

• Import DivX AVI, MOV, other AVI
• Create overlay slides from a PNG, and fade them in
• Crossfade clips
• Multiple audio tracks, mixable
• Picture in picture
• Non Linear

So, please I’m begging you, I wanted to get this episode out by the end of the week. At the moment that looks unlikely.

HELP!

At the moment my only choice is to either re-install gutsy, or get 0.5 working.

[EDIT]
I found this bug on Launchpad. Will try out tonight. Very excited now, hopefully this will solve my problems. https://bugs.launchpad.net/ubuntu/+source/kdenlive/+bug/223260

I leave my main desktop logged in for months a time; as demonstrated by my previous bug with the keyboard transition for xorg.

The screen is setup to lock after 5 minutes of idle, so there's no real security issue, and it is extremely convenient.

Every few weeks though my desktop gets into a funny state where no new windows may be opened.. Existing applications continue running without any problems, but no new windows/shells/whatever may be opened.

Tonight it happened again.

And the lightbulb went on in my head: My flat uses CFEngine to manage itself. (Two physical servers here, with 5-10 Xen guests, and a number of remote servers.)

One of the things that CFengine is configued to do is to tidy directories of files which are older than 30 days. Including /tmp.

So that explains that.

Every month the magic cookie in $TMP would be nuked, and X would disallow new connections.

I guess the next time this happens I should look at using Xauth to fix the issue, but generally I just logout, make coffee, smoke a cigarette, and login again.

In conclusion: I'm a stupid-head.

ObQuote: Fight Club

I recently got hold of an Asus Eee PC 900 - the newer version of the Eee 701. It's a lovely piece of kit, which I'll probably review more fully on the podcast.

After playing with Zattoo on my Ubuntu laptop, I thought I'd give it a go on the Eee 900 which is running the default Xandros Linux distribution (which I actually quite like).

Here's what it looks like once installed:-

Unfortunately the Asus software repositories don't contain the Zattoo package, or the dependency that allows Zattoo to install cleanly. However as Xandros is based on Debian Etch, so it's possible to fix this issue quite easily.

Here's what I did:-

• Download the zatto deb package.
• Download libgtkglext1 from the Debian Etch repository.
• Open a terminal with [CTRL]+[ALT]+t
• Install the two deb packages downloaded using the following command
• dpkg -i *.deb

Then you can run zattoo from the command line.

You can of course zoom in.

Full screen works very nicely.

One thing I have yet to figure out is how to add an icon to the big "telly tubby" menu.

Update Found out that editing /opt/xandros/share/AsusLauncher/simpleui.rc enables me to maintain the graphical the icon for the zattoo_player executable.

And that’s about it. I interviewed Adam in Union Square on Monday morning before they all left for the airport. (We were staying out in the US for a bit of a holiday.) Waiting for the taxi in the hotel lobby, we started disecting what lessons from the US event could transfer to the UK one. This included Aq doing some “blue sky thinking” in the hotel lobby on Monday morning which was cool but potentially landed me with a shed load more work. Nothing unusual there!

The rest of the holiday was not really LUG Radio related, apart from shooting some video of the sights and sounds of San Francisco (cable cars, Golden Gate bridge etc. etc.) I also edited the live show recording whilst in Pacific Grove. It’s not brilliant but not bad for being edited on a laptop’s sound card on the road. I think this is the first LUG Radio episode not mixed for release by Jono.

It was a pleasure to travel with the gents and to hang out for a few days. Usually we meet up and LRL and chat online but the former is frantic and the latter isn’t a fantastic communication medium. Having a couple of days of chatting, coming up with stupid ideas (some of which might even come to fruition) and getting to know everyone a bit better on a personal level was cool, especially Adam and Chris who I got to spend more time with than the others.

Laura and I were invited to visit the Google campus (aka the Googleplex) by Kynan so we dropped in on the Wednesday. It was great to wander round the various buildings, conference areas and see the fantastic range of facilities, especially the food. With the vibrating chairs, sleep pods, swimming pools, a gym and more besides it seemed like a pretty cool place to work.

Just a little promotional video about the chat room, forums. Built with Blender + Kdenlive. Enjoy.

Just a little promotional video about the chat room, forums. Built with Blender + Kdenlive. Enjoy.

I made an emergency release of the chronicle blog compiler yesterday, after noticing that it was truncating titles containing periods.

That was a bit of a mea-culpea moment, but I guess mistakes happen.

The new release is in perfect shape for Lenny, and now includes two new scripts installed into the examples/ directory:

• The RSS-feed importer I mentioned prviously.
• A quick hack to detect duplicate post/entry titles.

The latter was applied to my own blog, and I discovered several duplicates. I guess my film quotes having only a limited source collection to work from could also include duplicates - so I've updated my Makefile to only build and rysnc my blog if there are none detected.

(In many ways that films site is the precursor to this blog; it uses a collection of text files, one per film, and generates a cross-linked HTML output of film entries. Sadly it is out of date, because entering titles is a real pain..)

Chronicle Comments

I'm pleased with the comment process now though, the CGI comment submission script simply archives each submitted comment into a "comments/" directory on the webserver.

There a cron-job passes each one through a bayasian filter and moves the file(s) to either "comments/good/", "comments/bad/" or "comments/unsure/".

When I come to rebuild the blog I rsync the "comments/good" directory to my local machine, rebuild and then rsync the output back to my remote webserver.

(On a single machine this would be much simpler process!)

I've imported my blog source into a mercurial repository, so the client-side is consistent. I have a bad habit of making new postings from wherever I happen to be and having a central repository will make that less prone to diaster.

Just running "make steve" against the Makefile is sufficient to rebuild everything and sync it to my live system.

ObQuote: Kalifornia

Due to an unexpected problem, the feed url for pr0g80X.vid has changed. Please update your podcast downloaders. http://www.progbox.co.uk/wordpress/?feed=podcast

I love my ASUS eeePC, it goes everywhere with me, but I think I’m going to have to fight hard not to buy one of HP’s 2133 mini-note PCs.

In a last minute change to the schedule, Mark Shuttleworth will now be giving a Q&A session in #ubuntu-classroom on the freenode irc network. Ask questions in #ubuntu-classroom-chat and they will get pasted into #ubuntu-classroom by an operator.

See https://wiki.ubuntu.com/UbuntuOpenWeek for details.

Tonight I'm going to enjoy a nice long sleep after attending The Beltane Fire Festival yesterday evening.

I did manage to sort out an SSL certificate yesterday, before I went out. A lengthier process than expected because the SSL-registrar was annoying and mailed the admin address listed in whois for my domain; rather than an address upon the domain itself.

I guess they can't be blamed for that, and the registrar did forward on the request when begged, so it wasn't the end of the world. For reference I used godaddy.com; who sold me a 3 year SSL certificate for about £25.

Today I've been mostly catatonic because I had only two hours sleep last night. But one good piece of news was receiving a (postal) mail from Runa in response to the letter I had sent her some time ago.

ObQuote: 300

We are hiring. We have a number of open positions at work, for both contractors and permanent staff. I believe the job is on JobServe, probably this one or this one.

I know SAP R/3 ABAP development is a bit of an arcane skill but the number of quality applicants hasn't been great so far. I don't know where people learnt to write CVs but I don't want 12 pages of waffle or to know you worked at McD's when you were at school. Two to three pages is plenty and please list skills with some idea of how you rank them, copying out the entire contents of a SAP marketing brochure is not helpful...

I don't like dealing with recruitment, it's slow tedious and quite frustrating. The agents only make things worse, there are times I wonder how we'll ever find anyone...

On the bright side there does seem to be a larger number of Perl/Linux positions in the area should I decide to jump ships!