I didn't tell anybody, but a couple of months ago, when I finally had time at work to upgrade my work computer desktop from Squeeze to Wheezy I also switched from GNOME to XFCE. Now I read via LWN that Debian is doing the same, at least for a while :)
BTW, I knew newer GNOME was different (had seen it in Fedora 18 for example), anyway I installed it (because I was lazy enough just to apt-get dist-upgrade the box) and tried it.
Maybe it's me, becoming an old dog which doesn't want to learn new tricks, but in order to get my work done as fast as usually I had to install something usable, hence went back to XFCE. I had to manually convert GNOME panel launchers to XFCE launchers but, besides that and some missing applet I'm pretty happy with the switch.
Follow me also on Twitter
The new version of Brebis "Claquette" 0.8 was published two days ago. Brebis is a fully automated backup checker. Brebis does not create backups. It only performs controls on them.
Brebis is able to detect a corrupted archive compressed with different formats (tar, gzip, bzip2, lzma and zip), automatically checking the integrity of your archives and lots of parameters of the files inside these archives or inside a tree of files and provide detailed reports if unexpected states are detected. Check out the list of the supported features.What’s new?
The main features of this new version are:
- new parameter sha512 in the Brebis configuration file to verify the authenticity of the list of files.
- support for a GPG signed configuration file of Brebis, allowing to verify the authenticity of the backup checking configuration.
The official archive of Brebis 0.8 is available in Debian Sid or from sources at http://brebisproject.org/attachments/download/9/brebis-0.8.tar.gz
The documentation has improved and a full example of how to secure you backup checking process is now available.Feedback about Brebis
What do you think about the Brebis project ? We at the Brebis Project welcome any feedback about Brebis. Feel free to comment on this blog, to subscribe to the Brebis-users mailing list, by Twitter or email me directly at email@example.comOfficial website: http://www.brebisproject.org Mailing-list: http://lists.sourceforge.net/lists/listinfo/brebis-users
Review: Fantasy & Science Fiction, July/August 2011Editor: Gordon van Gelder Issue: Volume 121, No. 1 & 2 ISSN: 1095-8258 Pages: 258
Nothing of particular interest in the book reviews in this issue, although I was entertained to see Charles de Lint review a collection of the Prince Valiant strip. I have memories of that strip being one of the most boring works of art created by mankind. De Lint, of course, quite likes it. Our tastes seem to be very disjoint, although I have to admit that I've not read it collected and it may be more coherent and more interesting in that format.
The science column in this issue, by Paul Doherty and Pat Murphy, deserves special mention. It's on roshambo (rock-paper-scissors), human difficulties with randomness, and strategy in roshambo competitions. It's also the first essay I've read that clearly explains how there can be strategy to roshambo, and why that strategy is worth studying. Even though the primary topic of the column is randomness, it's worth reading from the perspective of strategy in competitive human vs. human games.
"Bronsky's Dates with Death" by Peter David: Anyone familiar with PAD's body of work will immediately expect a humorous story with some deeper thoughtful bits, and that's exactly what this is. Bronsky, the title character, is a man almost incapable of saying exactly what's on his mind, and what's on his mind is his eventual death. Not that it bothers him that much; he's just thinking a lot about it. But his incessant discussion of it certainly bothers the people around him.
This leads to a few entertaining exchanges with his family, and then to more entertaining exchanges with Death. Or Deaths, as there appear to be several different kinds. I found the exact metaphysics a bit confused, but the ending was still touching and a bit funny. (7)
"The Way It Works Out and All" by Peter S. Beagle: This is a reprint of a special fund-raising story about Avram Davidson, so a lot of it was lost on me given that I know almost nothing about Davidson and have yet to get to any of his novels I own. But even without that background, it's a diverting story of hidden and parallel worlds and unexpected explorations. There isn't all that much in the way of a plot, but it's a nice bit of characterization set against a fun SF twist. (6)
"Less Stately Mansions" by Rob Chilson: This is a story about conservatism in life, about a farmer staying on his farm and resisting change, and about nostalgia, but I liked it much better than I normally like stories with those themes. It's set against a future world in which climate change is making life increasingly untenable. Humans are migrating into space colonies of various types, but Jacob refuses. This frustrates some parts of the family who want a piece of the substantial cash-out he's being offered for his farm, which of course makes Jacob even more stubborn. It's more of an elegy than a story, but I think it captures a particular stubborn mood, and a conscious decision to go with what one knows even if it doesn't have a long future, quite well. (7)
"The Ants of Flanders" by Robert Reed: This is the novella of the issue, and, as you might expect from the author, it's thoughtful, meaty, and satisfying. At the start of the book, the planet is visited by an extraterrestrial ship (or ships — it's not entirely clear at first). One of the people near one landing is Bloch, a huge teenager who has an odd lack of natural fear. He stays near the center of the story as Reed slowly develops a cosmology and a galactic political background that makes it clear humans may be incidental to everything that's happening.
I liked this. It's a touch depressing in spots, and Bloch is a strange protagonist, but the cosmology is not the normal SF background and sparks some thoughts about how a status quo would be maintained by powers that don't care much about individual lives. The interlude with the leopard is nicely done, even if its significance is inobvious at first. (7)
"Hair" by Joan Aiken: This is one of those weird Gothic horror stories about creepy families and half-explained supernatural events that some people love and that do nothing for me. (3)
"The Witch of Corinth" by Steven Saylor: This is straight historical fantasy, featuring a Roman and his Greek tutor (heroes, apparently, of a series of historical mysteries) visiting the ruins of Corinth and encountering some bloody and dangerous local conflicts. It's slow and atmospheric, carried along by good characterization and description of ruins. It's not that much of a mystery — the characters don't figure things out as much as stick around until the answer becomes obvious — but it kept me entertained throughout a sizable story. Numerous elements of the story appear to be fantasy and then get other explanations, but there is a fantasy twist to the ending. (6)
"Sir Morgravain Speaks of Night Dragons and Other Things" by Richard Bowes: This odd story is set among the knights of King Arthur on Avalon, where they sleep (mostly), awaiting their call to aid Britain again. Most of the story is told as one-sided dialogue from Morgravain, interspersed with some italic narration. Again, not much of a plot; the story, as such, is figuring out what Morgravain is doing and the point of his interactions with the other knights. I thought it was slight and oddly pointless, but I may have just missed the point. (4)
"Someone Like You" by Michael Alexander: A time travel story, but one that's less about time travel per se than about examining and speculating about the alternate paths childhood could take and whether those changes produce different people. It takes some time to figure out what's going on, during which Alexander fills in the protagonist's past and the murder mystery that drives the tale. The time travel mechanism is blatantly hand-waved, making this more of a fantasy than an SF story, which matches the emphasis on emotion and psychology. It's not a bad story, and I think I see where the author was going with the slowly-constructed central conflict, but I still found it hard to take the conflict that seriously. One of the problems with time travel is that undermining of causality also undermines finality of decisions and consequences in ways that can rob stories of their punch. (6)
"The Ramshead Algorithm" by KJ Kabza: The first-person protagonist is a well-respected and experienced fixer in a world of chaos and dimensional connection, a world with physics and inhabitants very much unlike ours. But the story doesn't spend much time there; his connection to his home earth is threatened, and he returns to try to stabilize it, which leads to the reader discovering that his family considers him a worthless appendage on a wealthy business family whose sole purpose in life is to stay out of their way. And his portal is rooted in a hedge maze that his father intends to demolish.
This is one of those stories that gets more interestingly complex the deeper one gets into it. Ramshead's family is badly screwed up along multiple axes, but not without some hope of redemption. He's desperate and ineffective in his home universe, but more confident and capable when it comes to dealing with dimensional portal problems (although he still seems very young and relies on tools given to him by others). And there's always more going on than it first appears, and not as few obvious villains as it first appears. Good stuff, although I would have liked to understand more about Ramshead's world. (7)
Rating: 7 out of 10
You keep using that word. I do not think it means what you think it means. -Inigo Montoya
Having worked in full-time management positions for some years now, I am increasingly convinced that management is widely misunderstood as a role, as a discipline and as a field, and that this makes a lot of lives more difficult and stressful than necessary. It is the subject of much speculation and misbelief, and I’ve chosen a few of my favorite examples to deconstruct here.Misbelief #1: management is what managers do
I’ve noticed a trend among a certain class of companies, whose employees will tell anyone who will listen that there is no “management” in their organization, they never plan to have any, and neither should you. I think these statements are respectively a lie, a naïve belief, and a piece of bad advice. Usually, these companies are just a few years old and relatively small, most of the people in the company have been there for less than a year, and the speaker is trying to persuade us what a unique and innovative company they work for because nobody there is a “manager”. They invariably have not read The Tyranny of Structurelessness.
Management is the practice of enabling people to effectively cooperate. A manager is someone whose job is to do that. It’s that simple. It usually involves tasks such as sharing information, agreeing on a course of action, dividing up work, and figuring out what to do when there’s a problem. They’re things that every team needs to do, whether anyone is designated a “manager” or not. Teams can function without managers, but they can’t function properly without management. Someone (or everyone) has to do the work to make cooperation possible.
Modern management is a specialized discipline, which draws on a broad range of skills in communication, psychology, empathy, problem-solving, leadership, and more. These skills aren’t unique to managers, but it often makes sense to designate certain people to do more of the management work, on behalf of the team. By devoting more of their time and attention to it, they free other members of the team to focus on other tasks. They can act as a coordinator to help the team stay in sync, and by focusing on this job, they may be able to do a better job of it, and acquire a higher level of skill through practice and study. But it remains an inherently collaborative practice.Misbelief #2: management is about telling people what to do
There are many different varieties of management, each of which is oriented toward a particular type of team or organization. Factories are managed differently from design studios, large companies are managed differently from small companies, and every team has its own distinct management style which arises from the unique group of people involved. Some managers are specialists in a particular type of management, while others are more generalists.
The “telling people what to do” style of management is called “command and control”. It’s characterized by authority, hierarchy, and strict adherence to protocol. It’s widely employed by military organizations, and by the managers we see in television and film. It has some advantages and disadvantages, which I won’t discuss here. My point is that it is just one example, but this example is used to represent the general concept of management. Self-organization, where no one in particular is responsible for group decisions, is another, quite different, style of management.
Small, self-organizing teams are capable of amazing feats of productivity. They’re less difficult to manage because they’re comparatively simple, and so simple tools and techniques work well. Everyone can be fully aware of what everyone else is doing, and new information propagates quickly throughout the team. But as the team or organization grows, it will often outgrow this way of working, and needs to adapt. There is no single management approach which works universally well.Misbelief #3: management is a promotion
You know the story. When an employee is successful within their area of expertise, someone will eventually offer them a management role as a “reward” for their good work. This is utter nonsense. Management is not a promotion: it’s a career change. It means starting over as a beginner in a new discipline and learning from the ground up. Domain expertise is important, as a manager needs to understand the work of the other people on their team, but it is no longer paramount. The team, the human system, becomes their focus.
When organizations fail to provide career advancement within a discipline, people may turn to management as “the only way to get promoted”, only to discover that they are completely unprepared for this new field, and often their new job when they realize what they’ve gotten into.
If someone were “promoted” from a position as a financial analyst to a new job as a biochemist with no training or expertise, we would probably find this bizarre. But this is analogous to what happens to new managers all the time, and has become almost standard practice in many organizations and industries.So what?
Management is misunderstood. So are science, engineering, and many other fields. What does it matter?
“People leave managers not companies…in the end, turnover is mostly a manager issue,”
- Marcus Buckingham & Curt Coffman, First, Break All the Rules
This mythology leads to massive organizational dysfunction, making it harder for everyone to do their jobs. It virtually guarantees incompetent management, which is a scourge on anyone who is exposed to it. It ruins days, weeks, jobs and careers. It leads talented people to leave companies, and it drives them out of their chosen professions.
I recommend that we stop denigrating and ignoring management, and start doing a better job of it.
Thanks to Axel Beckert (abe@), 12 people interested in Debian met last Tuesday in Zürich and celebrated the start of our monthly Debian meetup.
New faces are always very welcome. If you live in Zürich, or if you’re visiting, please feel free to attend our meetup — no registration necessary.
See the initial announcement, and subscribe to firstname.lastname@example.org for updates.
Thanks to everyone for the nice evening, see you next time!
Weblate 1.8 has been released today. It comes with lot of improvements, especially in registration process where you can now use many third party services.
Full list of changes for 1.8:
- Please check manual for upgrade instructions.
- Nicer listing of project summary.
- Better visible options for sharing.
- More control over anonymous users privileges.
- Supports login using third party services, check manual for more details.
- Users can login by email instead of username.
- Documentation improvements.
- Improved source strings review.
- Searching across all units.
- Better tracking of source strings.
- Captcha protection for registration.
You can find more information about Weblate on it's website, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Ready to run appliances will be soon available in SUSE Studio Gallery.
If you are free software project which would like to use Weblate, I'm happy to help you with set up or even host Weblate for you.
Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far!
Review: Muse of Fire, by John ScalziPublisher: Subterranean Copyright: 2012 Printing: 2013 ISBN: 1-59606-639-3 Format: Kindle Pages: 28
This is another separately-published short work by Scalzi — probably a novelette, although I didn't do a word count. Since it's separately published and has its own ISBN, it gets its own separate review page. At present, it's $1 on the Kindle (and probably elsewhere).
I've read a variety of these now, and while the quality of Scalzi's short works varies (as with everyone), I've generally enjoyed them. This is the first one I've read that I really didn't like.
The premise is promising enough. Ben Patton is a scientist or engineer of some sort (I don't recall if the story is specific) working on plasma physics for a corporation. He has a nervous tic involving playing with a lighter and an obsession with fire, which his co-workers tolerate (and his boss does not tolerate). The reason for that tic is something he keeps secret: he sees a beautiful woman named Hestia in any flames that he's looking at. For him, she's his muse, and his untouchable obsession. He's mangled one hand trying to touch her. But she appears in fire because she's trapped in hell.
There are all sorts of great places Scalzi could have gone with this. Musae and inspiration by themselves are fodder for many stories. The woman's name is Hestia, which is immediately recognizable as the Greek goddess of the hearth and who is extremely important to Greek religious life (although she's definitely not a muse, but I'd even let that pass). That raises more story possibilities around the transition of religion and the effect on worshiped gods, including the way Christian missionaries called "pagan" gods and goddesses devils and indeed did claim they were from hell. There are interesting science and magic crossover possibilities between plasma physics and a muse of fire. And there is, of course, the whole rescue from hell angle, which has generated many a story going back to ancient Greek drama.
As you might have guessed from this catalog and my disappointment, Scalzi didn't go any of those directions. He provides some good characterization of the passions and discomfort of Ben's life, shows us the practicalities of his relationship with Hestia, and sets up dramatic tension, all well and good. And then takes the most obvious, least interesting, and least satisfying twist possible. I was getting nervous as I got closer and closer to the end of the story and Scalzi had yet to develop any of the interesting possible directions, but even then I didn't expect the train wreck ending. Even a simplistic "happily ever after" ending would have been preferable.
He did catch me by surprise, but only because I wouldn't have expected any author to take that easy of a way out of the story. I can't build up a proper rant while avoiding spoilers, but I will say that Scalzi even manages to walk straight into a rather nasty stereotype in the process.
I'm not sure what happened here, but it didn't work, and it's far below the normal standards of Scalzi's work. Such a shame, too, since the setting had so much potential. Avoid.
Rating: 4 out of 10
At IETF 88, we held a plenary discussion of how we could harden the Internet against ongoing monitoring and survalence. There were no significant surprises in what people said about monitoring. So, we had an opportunity to focus on what the IETF as a standards organization responsible for technical standards that drive the Internet can do about this problem. I think we made amazing progress.
The IETF works by consensus. We discuss issues, and see if there’s some position that can gain a rough consensus of the participants in the discussion. After a couple of hours of discussion, Russ Housley asked several consensus questions. The sense of the room is that we should treat these incidents of monitoring as an attack and include them in the threats we try and counter with security features in our protocols. The room believes that encryption, even without authentication has value in fighting these attacks. There was support for the idea of end-to-end encryption is valuable even when there are middle boxes. IETF decisions made in meetings are confirmed on public mailing lists, so the sense of the room is not final. Also, note that I did not capture the exact wording of the questions that were posed.
This is huge. There is very strong organizational agreement that we’re going to take work in this space as seriously. Now that we’ve decided pervasive monitoring is an attack, anyone can ask how a proposed protocol (or change to a protocol) counters that attack. If it doesn’t handle the attack and there is a way to address the attack, then we will be in a stronger position arguing the threat could be addressed. In addition, the commitment to encryption providing value without authentication will be useful in providing privacy and minimizing fingerprinting by passive attackers.
The IETF is only one part of the solution. We can work on the standards that describe how systems interact. However, implementations, policy makers, operators and users will also play a role in securing the Internet against pervasive attacks.
So I recently mentioned that I stopped myself from registering all the domains, but I did aquire rsync.io.
Today I'll be moving my last few backups over to using it.
In terms of backups I'm pretty well covered; I have dumps of databases and I have filesystem dumps too. The only niggles are the "random" directories I want to backup from my home desktop.
My home desktop is too large to backup completely, but I do want to archive some of it:
- ~/Images/ - My archive of photos.
- ~/Books/ - My calibre library.
- ~/.bigv/ - My BigV details.
In short I have a random assortment of directories I want to backup, with pretty much no rhyme or reason to it.
I've scripted the backup right now, using SSH keys + rsync. But it feels like a mess.
PS. Proving my inability to concentrate I couldn't even keep up with a daily blog for more than two days. Oops.
I’ve been investigating the generation of WebID profiles for Debian project members for some time.
After earlier experiments on webid.debian.net, in a static and very hackish manner, I’ve investigated the use of Django. Django is no random choice, as it is being used in several ongoing efforts to rewrite some Debian Web services.
I’ve worked on integrating some of the LDAP querying code written by Luca together with the Django WebID provider app written by Ben Nomadic (both modified by me), and the result is a bit hackish for the moment.
It’s very early, but allows the generation of WebID profiles for Debian project members, using data queried in Debian’s LDAP directory, and adding TLS certs to the profiles. The TLS certs could in principle be used later as a WebID + TLS authentication mechanism.
There’s plenty of work ahead, and this may never be deployed, but as an example see the kind of way such WebID profile documents may look (in Turtle format) :@prefix cert: <http://www.w3.org/ns/auth/cert#> . @prefix foaf: <http://xmlns.com/foaf/0.1/> . @prefix rdf: <http://www.w3.org/1999/02/22-rdf-syntax-ns#> . @prefix rdfs: <http://www.w3.org/2000/01/rdf-schema#> . @prefix wot: <http://xmlns.com/wot/0.1/> . @prefix xml: <http://www.w3.org/XML/1998/namespace> . @prefix xsd: <http://www.w3.org/2001/XMLSchema#> . <> a foaf:PersonalProfileDocument ; foaf:primaryTopic <http://db.debian.org/olivier#me> . <#gpgkey> a wot:Pubkey ; wot:fingerprint "ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5" ; wot:pubkeyAddress <ttps://db.debian.org/fetchkey.cgi?fingerprint=ACE46EBD89F6656D6642660BE941DEDA7C5BB6A5> . <http://db.debian.org/olivier#me> a foaf:Person ; cert:key [ a cert:RSAPublicKey ; rdfs:label "key made on [...] on my laptop" ; cert:exponent 65537 ; cert:modulus "bb7d5735181c7687a09abf3c88a064513badfe351f14fc2d738978a7f573d12eb831140a7a02c579f31f4617c14145493aeff4009832ba7fd1c579d6da92f68cd4437072266b000451d6eb45c03cd00b20e1f2230d83bdc3caeebb317e6618dd38a3f53abbbb2b6495a893495d3df685a2f0f599be8a74ef88841ce283dd8f65"^^xsd:hexBinary ], [ a cert:RSAPublicKey ; rdfs:label "key made on [...] on my laptop" ; cert:exponent 65537 ; cert:modulus "b078dedb61d215348adaa3315f478eca803513a8750753255f50fd335e3b6afdafd385afb62878edc412bbbc0c125d1805abef2920cb3dccb94d818b4973435f4f312ddfad960db7b7ec4522036e5c1fb1e5d7154756a97e924075b301cdf95e97e3bb665a97cdf0187c2aa229939962b0e9975dfb97c71ea60384af465aa40726fe8a2a1dd504da6a168e7f80fc37a1363d5f583a1a8d4f8253af0e7e5c0f3d2fabb61dd9cde17aba328022fd4be4e0214f407d83a95ec06b2d70c61835bb78ba3b46e8b82be3a4d6d53d88a94123144ef9b7a7c97e9396767505f34995488c62bcd697180f92244c82147a71a5b86a25f2c8ddf0ea965fc8ced8d6b84cff97"^^xsd:hexBinary ] ; foaf:homepage <http://www.olivierberger.org/> ; foaf:mbox "mailto:email@example.com" ; foaf:name "Olivier Berger" ; foaf:nick "obergix" ; wot:hasKey <#gpgkey> .
If you’re interested in WebID in the frame of Debian project services, see the discussion list.
This is a glue script to integrate git-buildpackage with cowbuilder or pbuilder. Guido Günther provided a patch to make it use the correct URL for the backports archive for wheezy and later when setting up a new build chroot. I also updated my email address, since I'm slowly transitioning to using a permanent email address I control for my various software projects.
This script really should be rewritten in Python and just become part of the git-buildpackage package rather than having a separate existence, which I will get to in my copious spare time. (I do want to get back to using Python.) In the meantime, if you want to download a separate copy, you can still find the latest version on my scripts page.
The following post is a verbatim copy of my message to the debian-devel list.
While botch produces loads of valuable data to help maintainers modifying the right source packages with build profiles and thus make Debian bootstrappable, it has so far failed at producing this data in a format which is:
- human readable (nobody wants to manually go through 12 MB of JSON data)
- generated automatically periodically and published somewhere (nobody wants to run botch on his own machine or update periodically update the TODO wiki page)
- available on a per-source-package-basis (no maintainer wants to know about the 500 source packages he does NOT maintain)
While human readability is probably still lacking (it's hard to write in a manner understandable by everybody about a complicated topic you are very familiar with), the bootstrapping results are now generated automatically (on a daily basis) and published in a per-source-package-basis as well. Thus let me introduce to you:
For now it is funny to see that the main architectures do not bootstrap (since July, for different reasons) while less popular ones like ia64 and s390x bootstrap right now without problems (at least in theory). According to the logs (also accessible at above link, here for amd64) this is because gcc-4.6 currently fails compiling due to a build-conflict (this has been reported in bug#724865). Once this bug is fixed, all arches should be bootstrappable again. Let me remind you here that the whole analysis is done on the dependency relationships only (not a single source package is actually compiled at any point) and compilation might fail for many other reasons in practice.
It has been the idea of Paul Wise to integrate this data into the pts so that maintainers of affected source packages can react to the heuristics suggested by botch. For this purpose, the website also publishes the raw JSON data from which the HTML pages are generated (here for amd64). The bugreport against the bts can be found in bug#728298.
I'm sure that a couple of things regarding understandability of the results are not yet sufficiently explained or outright missing. If you see any such instance, please drop me a mail, suggesting what to change in the textual description or presentation of the results.
I also created the following two wiki pages to give an overview of the utilized terminology:
Feel also free to tell me if anything in these pages is unclear.
Direct patches against the python code producing the HTML from the raw JSON data are also always welcome.
Review: Asimov's Science Fiction, August 2011Editor: Sheila Williams Issue: Volume 35, No. 8 ISSN: 1065-2698 Pages: 112
The editorial this issue is about the Dell Magazines Award, so newsy without a lot of content (particularly since we don't get to read the winners). Silverberg's column is much more interesting, focusing on the complex rules of the honor code of the Albanian highlands and pointing out that there's more complexity and strangeness in things we can find on Earth than in a lot of science fiction. Even within the rules of real human cultures.
James Patrick Kelly's column this issue is an interesting summary of what graduates of the Clarion writing workshop learned, in their own words. It's a nice barrage of quick writing tips, and an interesting view of what people take away from a writing workshop. The book review column this issue is Peter Heck's normal workman-like job.
"The End of the Line" by Robert Silverberg: Someday, I really should read Lord Valentine's Castle. As you might guess from this comment, this is another Majipoor story. This one follows an official who is part of an advance party for the Coronal Lord, the ruler (of sorts). He's decided, as part of those duties, to take the opportunity to learn more about the aboriginal people of Majipoor: the somewhat mysterious metamorphs, or Piurivar.
I'm not that familiar with the history of Majipoor, since all I've read is this story and one other, none of the novels. Apparently, knowing that the official in question is named Stiamot will place this story for more familiar readers. For the unfamiliar, such as myself, there's a lot of politics here and what's clearly background for a major event in the world, but as a standalone story it's a bit unsatisfying (and grim). It's not that clear why things had to turn out the way they did, and the characters seem largely without agency. It's well-written, but mostly a story for fans of the series, I think. (6)
"Corn Teeth" by Melanie Tem: This is a tight third-person story about a human child raised by alien foster parents, and it's deeply disturbing. Not because of the fostering, which appears wonderful and loving, but because it's a train wreck sort of story: the reader can see the horrible coming and can't do anything about it (and it turns out even worse than one might expect). It's also a story built around failure of communication and failure of empathy, and has a monumentally depressing ending, the kind that leaves scars. I'm sure all of this is entirely intentional; it seems very well-written. But I really didn't want this much horrible misunderstanding and depressing hopelessness in my reading. (2)
"Watch Bees" by Philip Brewer: I rather liked this story even if the protagonist is an awful person. The story is set in a future of bioengineered insects and hard economic times, and it features a man who is supposedly working his way from farm to farm to get back home. What he's actually after is more complicated and is closely related to the defense systems that keep intruders off of farms. You might guess some of the rest from the title. It's a story about understanding layered defense systems, and about economic warfare. I didn't care much for any of the characters, but the story is well-plotted and kept me interested in seeing what would happen next. (6)
"For I Have Lain Me Down on the Stones of Loneliness and I'll Not Be Back Again" by Michael Swanwick: By Swanwick, so it's a little odd, but I found this story surprisingly moving and ambiguous. It's about an American of Irish descent, a trip to Ireland, and a love affair with a fierce Irish nationalist, all set against an SF background of an Earth conquered by benevolent aliens. It's angry, uncertain, fanatical, and realistic by turns, and left me with profound mixed feelings. I think it does a good job capturing in a brief story the emotional complexities of what it means to give onself to a cause. (7)
"We Were Wonder Scouts" by Will Ludwigsen: This is a short and odd story about a variant of the Boy Scouts founded by a man who is a little too obsessed with the paranormal, and an outing in the woods that turns rather creepy. It's a type of story that I'm not very fond of: one that twists the delight of discovery into something dark and mundane. I suppose you could call it horror; it's more horror than fantasy, at least. Anyway, not my thing. (3)
"Pairs" by Zachary Jernigan: This story, on the other hand, isn't as dark as it seems like it should be from the setup. Humans have been conquered and enslaved by more powerful alien races, and now human souls are a profitable business. The protagonist is a person who has been embodied in a spaceship, and who works with (and monitors) another largely insane embodied person as they work as couriers, carrying souls to their buyers. But neither of them are as fully under control as they might appear, which is the point of the story. There is no grand tale of redemption, and the price is high, but I found the psychological portrayal oddly satisfying and faintly hopeful, and I was intrigued by the world background. (7)
"Paradise is a Walled Garden" by Lisa Goldstein: The cover story, this is by far the best story of the issue. It's steampunk, set in a world where Muslim civilization was not pressed back by Christianity and continues to thrive into the reign of Queen Elizabeth as, among other things, makers of automata. A girl has managed to get herself a job in a British factory by posing as a boy and is the first to sound the alarm when the automata that do most of the work go strangely (and violently) haywire. That leads to her being assigned to the subsequent delegation to Al-Andulus (Muslim Spain, if you're not familiar with that name from history).
The protagonist is the best part of this story. She's thoughtful, resourceful, and delights in learning things, something that she's rarely had the opportunity to do. She's also utterly unintimidated. In Al-Andulus, she thrives, despite the contempt of the leader of the expedition and some dangerous intrigues around the source of the anomalous behavior. I won't spoil the ending, but it's a delight, leaving the reader with a lot of hope for her future. I also liked the portrayal of the Muslim world, which is engrossed in its own business and has its own advantages and disadvantages, but is at least open to and focused on learning and technological development. The contrast with the superstitious British delegation is both pointed and historically grounded in Muslim relations with Europe around the point of divergence of Goldstein's world. (8)
Rating: 7 out of 10
I defended my dissertation three months ago. Since then, it feels like everything has changed.
I’ve moved from Somerville to Seattle, moved from MIT to the University of Washington, and gone from being a graduate student to a professor. Mika and I have moved out of a multi-apartment cooperative into into a small apartment we’re calling Extraordinary Least Squares. We’ve gone from a broad and deep social network to (almost) starting from scratch in a new city.
As things settle and I develop a little extra bandwidth, I am trying to take time to get connected to my community. If you’re in Seattle and know me, drop me a line! If you’re in Seattle but don’t know me yet, do the same so we can fix that!
Wishing everyone a happy Gujarati New Year (Vikram Samvat 2070 called Vishvavasu.)
You'll get your Diwali present tomorrow :-)
Continuing my nomadic experiment, I have just arrived in Buenos Aires. My plan is to live here for 3 months, working and enjoying the city like I never did before: I always lived in the suburbs and only came to the city to work or study.
After a few days seeing my immediate family and some close friends, today I finally went out, taking advantage of a beautiful spring day. And my first stop is the National Library.
I came with the intention of working a bit on some projects, but arriving as a visitor forbade me to enter the most interesting places of the library (now I have registered so next time they will not treat me as a tourist :)). It is an imposing building, I have seen it a few times before, but never entered it. I only learned today that in these grounds there used to be the presidential residence, back in Perón days, and then it was thoroughly demolished by the barbarians of the '55 coup.
I also learned this new building was only opened in 1992, which is surprising, as I don't remember the fact at all, and I was already 14.
TL;DR: don't put valuable passwords in ~/.netrc
In the olden days, the ~/.netrc file was used for storing FTP usernames and passwords. These days we have clients of other protocols that use said file. Perhaps your IMAP or SMTP client use it. So you put your e-mail accounts password into ~/.netrc, and then meticulously configured the clients to always connect via TLS and to verify server certificates. You feel secure.
But you shouldn't. Here's how an attacker capable of MiTM can exploit wget to steal ~/.netrc passwords:
1) Alice tries to download a file over HTTP:$ wget http://xkcd.com/538/
2) Eve takes over the HTTP connection, sending a redirection response:HTTP/1.1 303 See Other Location: http://supersecuremail.example.net/
3) Alice's wget follows the redirection.
4) Eve takes over the connection to supersecuremail.example.net, requesting password authentication:HTTP/1.1 401 Unauthorized WWW-Authenticate: Basic realm="moo"
5) Alice's wget sends the supersecuremail.example.net password straight to Eve.
I have created a backport of the otrs package for Wheezy backports and it has been just accepted.
So much fun with otrs2/3.2.11-1~bpo70+1 and have a look here for backport installation instructions!
While reading stuff posted by others about AppStream, and because of the discussion happening about AppData on kde-core-devel right now, I feel the need to clarify a few things. Especially because some are implementing AppStream in a way which is not really ideal right now. This is to some extend my fault, because I should have communicated this in a much more visible way.
To those people who don’t know it already: AppStream is a Freedesktop project aiming at providing basic building blocks to create distro- and desktop-agnostic software centers.
So, let’s answer some questions about AppStream!Is AppStream GNOME or $distro specific?
No, not at all! It was originally created by people from at least 4 different distributions, and I took great care of it not becoming specific to any desktop or distribution. GNOME just happened to go ahead and implement the specs, which was absolutely necessary, since there was less progress in implementing AppStream for a long time.How does AppStream actually work?
AppStream is a bunch of things, so I will only focus on what we have specified right now and what is working.
Basically, the distributor compiles a list of applications available in the repositories, and makes it available in some defined directories on the system. AppStream defines an XML specification for that, but since some peple don’t want to use it or can’t use it, there are also others ways to publish AppStream application data. For example, Debian will likely use YAML for that.
This data is taked by the AppStream software (running as a PackageKit plugin) and transformed into a Xapian database. This database is then in turn used by software-centers, in combination with PackageKit, to present applications.
This is the reason why it is bad to use the XML data directly – it might not be available on every distribution. The Xapian database is what matters. The database can be accessed using libappstream, a GLib based library (so far, there was no need for a Qt version).Why is GNOME using the XML data directly then?
The libappsream stuff was under heavy construction, and GNOME wanted to be fast and ship the stuff with Fedora in their next release. They’ll likely switch to the Xapian db soon, or offer it as backend.Is AppStream already used in KDE?
Yes, Apper can utilize it, see one of my previous blogposts.What is AppData?
AppData is an initiative started by Richard Hughes in order to enhance the quality of applications descriptions shipped with AppStream. It defines a small file $appname.appdata.xml, which describes the application, sets screenshots etc. These files can be parsed at the distribution’s side in order to enhance the app metadata. They can also be translated upstream.
AppData might be merged into the XDG AppStream pages later, but that is to be discussed.Are application authors forced to ship AppData files?
No, nobody is forced However, the GNOME Software application-center prefers applications shipping more metadata, and “punishes” the others, so shipping an AppData file makes sense for higher lising in GS. This is a policy decision by GNOME, KDE can make it’s own ones here.
Shipping AppData files makes sense, in general, because it enhances the metadata distributed with your application. It is also the file-format used by Listaller (well, a superset of it) in order to generate cross-distro app-packages, so you might want to consider adding one.Are there any rules for the AppData files?
Yes, you can find them on the AppData specification page. However, these are more recommendations than “forced”, and it is currently aimed at GNOME apps. I later want to generalize that and create an own page with recommendations for KDE (martin had some good ideas already).Where do software-centers get the screenshots from?
The screenshots are defined in AppData files, and the cached by the distributor. If there are no “official” screenshots, user-provided screenshots will be taken, using a screenshots-service with screenshots.d.n-like API.Where do I find the specs?
The official AppStream spec, the thing which distributors should implement, can be found on Freedesktop.
The AppData spec can be found here. It also includes some nice hints on how to handle screenshots etc. and includes it’s own FAQ.Where do I find libappstream?
Great! Please get in contact with me or Richard. The only feature we would not consider for the official standard is desktop/distro-specific stuff (which should be obvious ).
I will extend this FAQ, if I feel the need for it, so this article might change a bit.
I'm getting the hang of the more or less daily RC bug fixing again. below you find what I did this week.
as a side note: as you can see, quite a few of the patches are taken from ubuntu; it's great that someone over there already took the time to come up with a fix; thanks! – not so great is that only one of them was in the BTS. guys, you have already been better at forwarding your patches to the debian BTS, please try to get back into this good habit :)
- #709908 – src:make-dfsg: "make-dfsg: FTBFS with automake1.13: automatic de-ANSI-fication support has been removed"
change build dependency like done in Ubuntu by Colin Watson, upload to DELAYED/2
- #710609 – src:spring: "spring: FTBFS: CScopedTimer.h:39:31: error: expected unqualified-id before numeric constant"
add Ubuntu patches (Colin Watson, Dmitrijs Ledkovs), upload to DELAYED/2
- #711572 – src:libhtml-widget-perl: "libhtml-widget-perl: FTBFS with perl 5.18: test failure"
add patch to fix hash randomisation issue with perl 5.18 (pkg-perl)
- #713159 – src:jruby: "jruby: FTBFS: build.xml:313: The archive nailgun-0.7.1.jar doesn't exist"
add modified patches from Ubuntu / Julian Taylor (pkg-java)
- #713393 – src:libzip: "libzip: FTBFS: dh_auto_test: make -j1 check returned exit code 2"
add autotools patch from upstream via Ubuntu / Bjoern Michaelsen, upload to DELAYED/2
- #713559 – src:libfakekey: "libfakekey: FTBFS: ld: fakekey-test.o: undefined reference to symbol 'XOpenDisplay'"
add fix from Ubuntu / Daniel T Chen (link against missing lib), upload to DELAYED/2
- #713628 – src:prelink: "prelink: FTBFS: (.text+0x1d8): undefined reference to `pthread_atfork'"
sponsor QA upload prepapred by Andreas Moog
- #723964 – src:devtodo: "devtodo: FTBFS: required file './compile' not found"
prepare two alternative debdiffs
- #728588 – libhttp-async-perl: "libhttp-async-perl: FTBFS: test requires internet connectivity"
skip test that requires internet access (pkg-perl)
- #728646 – src:libfilesys-smbclient-perl: "libfilesys-smbclient-perl: FTBFS: libsmbclient.h: No such file or directory"
prepare patches (pkg-perl)