Old version of pymarkdown:

Ran 75 tests in 0.349s

FAILED (failures=57, errors=2)

Ouch.

New version of pymarkdown:

Ran 75 tests in 0.450s

OK

New version of pymarkdown available from http://err.no/pymarkdown/ or my arch repository

Roland Mas complained about that PGP.com doesn’t tell him what key he’s verifying. Well, they do. At least they tell me if I go to the web page listed in the mail. (And the fingerprint is in the mail as well.) Still not good that they want me to sign their signing key, but not as bad as Roland’s post says.

So, I guess more or less “everybody” has gotten a mail from pgp.com asking them to verify it so it can be included in their Global Directory. (Which I guess is just a glorified, web-based keyserver which spams you every six months.) However, I decided to actually click the verify link, and was very much surprised with the directions on the page after the confirm page:

To ensure that your PGP software trusts keys verified by this directory, you must download and trust this directory’s Verification Key.

Download the Verification Key

After downloading, import the Verification Key into your PGP software. Then, sign the key with your key and mark it as Trusted. Please see the documentation for your PGP software for specific instructions on trusting a key.

What? They want me to mark a random key downloaded off some random web page as trusted and sign it? I wonder what crack they have been smoking.

This semester, I’m taking a class which is called “Management of Very Large Data Volumes”. The textbook, for some weird, weird reason talks a fair amount about MS-DOS. Apart from the fact that it’s about ten years old, so all the numbers are really wrong, the book is bearable.

However, once in a while, I come across sections which I wonder if are there just to make me cry (the textbook is in Norwegian, so any translation errors are mine):

MSDOS’ file system is a bit too simple. Among other things, the security is not cared for well enough. The directory ought to show who has created or owns the file as well as the time the file was created and when it was last changed. With regards to security and rights, a minimum requirement is the file should have an associated password. In fact, it ought to be one password for writing and perhaps another password for deletion and extending the file.

Four months have passed since the last Canonical Conference, which happened in Oxford. The December conference, nicknamed “The Matarò Sessions” was held in Matarò, just outside of Barcelona in Spain.

The travel to the conference was uneventful. Plane from Trondheim to Amsterdam, a bit more than an hour in Amsterdam, then plane further on to Barcelona. I called Fabbione after I came through customs. He arrived at a different terminal than I, so I headed over there and we met up. Train to Matarò itself and then a short walk to the hotel. We then went out and ate some food at a nearby Chinese place.

Karianne arrived in the early afternoon on Monday. Even though we were only separated for a day, it was nice to see her again. Most of the day was taken up with BOFs and we had a bunch of very productive discussions. I also got a fair amount of work done, fixing bugs and uploading packages.

Tuesday was not such a good day. The BOFs were a bit less interesting and I had a hard time concentrating on my tasks. We went to the Chinese place again and it was a disaster. Or, not a disaster, but they didn’t do a very good job. First, they used ages and ages for getting me food. Then they took even longer getting Karianne her food. Then they gave my food to somebody else (yes, you. The sharks at the end of the table. You know who you are). Then Karianne got her main course. Then she got her starter. I waited a fair bit more for my main course to arrive. It was good when I got it, and I had gotten my starter, luckily.

Wednesday was a bit more productive again, getting a bunch of bugs squashed and fun BOFs. Actually, this was the day some serious crack-smoking projects started, namely Quick Boot. As part of this, “hotplug should start all hardware-related init-scripts” came along. (So hotplug detects you have a sound card and starts alsa-base. It detects you have a network interface and configures, and so on.) Daniel Stone made the X startup a lot faster as well, eliminating a fair bunch of loops and file system overhead.

I started working on fixing some Openoffice.org bugs on Thursday. It has a problem where it currently links the normal libtl645.so to libgnomevfs, which is of course wrong. The patch ended up being fairly simple, and I’m liking the build system a bit. Scary! One of the nice things about Openoffice’s build system is it saves the applied patch. This means you can’t break it by editing a patch without removing it, unlike dpatch (for instance). We went to a very nice resturant in the evening, where somebody stole Karianne’s camera. She’s insured and all that, but it’s a nuisance nonetheless.

Karianne left on Friday, just after Amaya and a bit before helix arrived. I worked a bit more on Openoffice, including an upload, but it didn’t build due to some silliness. The problem of testing Openoffice’s build system is fairly large, even with ccache it takes a couple of hours to build.

I didn’t do much on Saturday, got up, breakfast and hung about a little before leaving for the train station. It has been a good week and I’ve gotten a lot of work done. Seeing all the crazy canonical people have been fun as well, with lots of interesting technical and non-technical discussions. I’m sorry I had to leave early, but my last two exams are happening on Monday and Friday, and I should really start preparing for those.

Wouter blogged a bit about how he has problems with using GNOME because it lacks sloopy focus. Really, what you are complaining about is that metacity doesn’t have sloppy focus. Then use a different window manager. Please just change what you have in /desktop/gnome/applications/window_manager/current to E or whatever you prefer. I run a perfectly usable GNOME desktop with openbox as my WM. Works fine, and I have sloppy focus. I don’t like flipping desktops with my mouse so I haven’t investigated how to do that.

This is more of a heads-up for people who wonder why freedesktop.org doesn’t answer (or why fooishbar.org, daniels’ box is down). The hosts were compromised a short while ago and they are being worked on. fd.o will hopefully be back in a few days, with new and beefier hardware. Daniel has a blog on LJ where he gives updates.

I changed the base URL of my feed last night, which made Planet Debian think all my posts were new. RSS 0.91 doesn’t have a GUID field or something similar, so it sucks. Going to switch to RSS2 and Atom soon, I think, to avoid something similar in the future.

Last night, I was at a debate between IBM and Microsoft on the benefits of open source software and commercial software respectively. I know that commerical doesn’t imply closed-source, so what the debate was really about was open versus closed source software. Shame the organizers didn’t grasp the difference.

It was a good debate. Microsoft’s people were a lot better than IBM’s people, both because they were good and also because IBM had two salespeople and only one technical guy. It didn’t help that the technical guy was from Skåne in Sweden, which made him hard to understand.

The debate started with MS and IBM talking a bit about standards and innovation. MS complained about standardization processes taking a long time, which means it will in many cases slow innovation. Standards are also costly. Patents were briefly covered, and IBM said they were granted about 4 to 5000 patents per year. MS stumbled on their part of the facts, claiming that TCP/IP was invented by Tim Berners-Lee 15 years ago. (He was probably talking about HTTP, to his defense.)

Anders Christensen had a short talk about different licenses used at the department of computer and information science, which was short, fun and to the point. IBM talked a little bit about the GPL and GNU; it was hard to hear what the guy was saying, it was in Swedish and the guy was a bit fluffy. Not very easy to describe, but his words were often high-flying and hard to grasp.

MS then talked proprietary licenses and why they thought they were good. They tried to say “we can show you the source as well”, through their Shared Source program. (But we’ll only show you our deepest secrets if you are a NSA, the IT department of the police or similar.) Of course, they had to FUD a little with saying that you have to watch the license if you use open source software. This is correct, but it applies equally well to proprietary software. If you use third-party software in your application, you have to understand the license, no matter whether the license is free or not.

The IBM people clearly hadn’t done their homework, as one of them said (paraphrased): “Open source is no longer only used on open source platforms”, while this is how it all started. In the early days of the GNU project, the platforms weren’t free, it’s only recently (last ten years or so) that you have been able to run fully free operating systems.

MS were asked whether they though the profit motivation of proprietary software {companies} could interfere with user rights. They didn’t think so, which amazed me a bit. Isn’t that fairly obvious, that in certain situations, a company may want to do something which isn’t in the users’ interest, in order to earn money?

The next part was “Innovation”. IBM was getting increasingly boring to listen to, saying a fair amount of self-evident things and being completely non-agressive, which was sad to see. MS pointed out that patents in many cases are just used for bartering between companies rather than having a single company exploiting the invention for a long time. This is probably the case, but what about the small and poor who can’t afford a license (or who doesn’t get a license, even if they have the money)? Patents are supposed to help innovation, but in many cases, it helps stopping innovation just as much. MS showed the common misunderstanding that free software is only based on volunteer and “random” contributions. This might have been the case ten years ago, but that hasn’t been true for a long time.

The next big chunk was security. MS said they were a high-profile target with 94% market share. Their biggest problems are worms and email-based viruses rather than script kiddies, which are a bigger problem for the Linux and UNIX world. It seems also MS is taking security more seriously; last year they took all their developers through both “how to code more securely” training. In addition, they spent six months going through all their code with an eye on security. Why they didn’t catch the “what does scripting do in a mail reader” problem, I have no idea.

I got some eye-opening quotes from them as well. “We do not tell about security problems before we have a fix ready […] anything else would be irresponsible.” This is fine, assuming that’s MS are the only ones who have found the bug and that there’s no way to protect oneself apart from patching. That’s two fairly big assumes.

They also claimed responsibility for finding bugs before anybody else does – “We have the responsibility for finding bugs on our platform in time”. (Before they are found by somebody else and exploited.)

MS repeated their claim that they are often hit because they are big. To a certain degree, that’s probably correct. On the other hand; where are all the apache, mysql and postgresql worms we should be seeing, then? They also claimed that they fix security-related bugs faster than the open source world. I don’t think that’s correct, but I didn’t have the statistics there, so I couldn’t whack them with anything.

Again, they talked a bit of technology development (which is really just another way of saying more innovation). MS claimed to innovate for the better of their users. Later, they got a question about their embrace-and-extend attitude around Kerberos 5, where they gave the worst answer I heard the whole evening. They claimed that certification was important and that the other Kerberos 5 implementations weren’t certified with the MS server. Well, Kerberos 5 is a standard, and it was extended a bit (in an incompatible fashion) by MS with their Active Directory. (Which is really just a Kerberos 5 and LDAP server with a fancy GUI.)

One more quote: “All our [MS’] file formates were originally designed to talk to printers […] We are doing the world a favor by not opening them up.” Funny, yes. However, many people need to read those formats with other programs than they were originally created with.

MS claimed to give full hardware-freedom. I was tempted to add: “As long as you run on Intel (or compatible) platforms, sure”. The also gave some incredible FUD, that the linux kernel has had eight trojans in different parts of the source. I know of the one attack on a CVS mirror of the bitkeeper kernel repository, but none others.

All in all, an interesting debate, MS were defending themselves quite well, but they were mostly on the defense. IBM were weak and blunt-toothed, which was sad. The audience wasn’t so weak and pressed home when the answers were just avoiding the question.

Today, I had the dubious pleasure of hacking a bit of perl which clearly wasn’t written by a Perl coder, but rather somebody who learned “programming” by hacking together PHP or something similar.

Take this little piece of code:

print "<DIV CLASS=\"caption\">";
my $tmp = &htmlize_caption ($info{$pathname}{'comment'}, 'slide');
print $tmp;
print "</DIV>\n";

• unecessary temporary variable
• ugly “-escaping
• three print statements and one assignment rather than a single print statement.

This code should rather read:

print qq[<DIV CLASS="caption">],
      htmlize_caption($info{$pathname}{'comment'}, 'slide'),
      qq[</DIV>\n];

or

printf qq[<DIV CLASS="caption">%s</DIV>], 
          htmlize_caption($info{$pathname}{'comment'}, 'slide');

(Really, it should be using templates, but if you aren’t using templates, well, then you aren’t.)

The code doesn’t use strict, but it uses my, it uses long, long, long sequences of print instead of chaining them or templating.

If you are going to write perl, please learn the language properly rather than writing huge scripts which are hard to fix and maintain.