I’d draw a caricature involving a Toyota car, representing capitalism, with a stuck gas petal and Barack Obama trying to fix it. But as I cannot draw very well, especially recognizable people, I created this collage:
The photo of Obama was created by Beth Rankin.
Yesterday, I found the 3/10-issue of the German “Linux-Magazin” in my mailbox. (I don’t dare to call it the March issue – they are a bit off schedule...) On page 62, you can find my 3½ page article about creating a symbol font with FontForge. I briefly covered the topic on my blog and later thought that it would made a nice article, even though I’m not an expert on this area. The article will be freely available in about three years.This is already my third publication, after my article on the Cross-Site-Authentication attack that was published in the same magazine (circulation ~63.000) and in its international counterpart in 2005 and my recent article in the “freeX” magazine (circulation ~15.000). Looks like I’ll have to add a “Publications” section to my website soon...
A long while ago I wrote a plugin for gaim called gaim-thinklight that blinks ones ThinkPad ThinkLight when a new message arrives. By now it is called pidgin-blinklight and supports some other hardware as well, but has not changed since over a year. Today, I implemented a new feature, and I’m curious if it will actually work:
Until now, the blink pattern was hardcoded: ON, wait 150ms, OFF, wait 125ms, ON, wait 150ms, OFF. Since version 0.11, pidgin-blinklight will calculate these three delay times based on the contacts login name. So different contacts will have very slightly different blinking patterns. The idea is that, after a while, you start to recognize your frequent buddies already by the blinking. The wait times are from the range from 50ms to 250ms, I hope that range works well.
Users of Debian unstable will get the new version automatically. If you want to compile pidgin-blinklight from source, you will have to grab it from the debian ftp server. The source is in the pidgin-blinklight Darcs repository.
The XML-Editor Serna by Syntext has been published as Free Software a few months ago. This was very good news, because there was a lack of a good free XML editors with a good graphical view on DocBook documents, which I needed to recommend to users of zpub. Therefore, I investigated packaging Serna for Debian. I had to patch a few things to make it compile on and64 and to use components shipped by Debian where possible. Today, I could finally close the RFP bug filed by W. Martin Borgert, as the serna package was accepted by the ftp-masters. The first bug (SEGFAULT on startup on lenny) is already filed. I hope this is a good sign, as it shows that there is interest in the package.
For my packaging workflow, I used git-svn to import the upstream SVN branch into a git repository. I then use git-dpm by Bernhard R. Link to manage my changes as patches in the new 3.0 (quilt) debian source package. I must say that I prefer this approach to git-buildpackage, as there is only one git branch to publish. I hope that Bernhard uploads git-dpm to Debian soon.
Serna is quite a big software project and uses stuff that I know little about (Qt, C++ with python interaction etc.). Also, the package currently bundles the DITA-OT package, which should rather be packaged separately. Therefore, I’d be glad if co-maintainers would join the effort.
In a comment to my previous blog post, I linked to the DebConf photo gallery page with the DebConf8 mugshots. Felix Brandt, a friend of mine, noticed the per-picture view statistics there and plotted them, differentiating between male and female. He finds that the number of views on an image gives a fairly good indication of the sex (or gender?) of the person in question:
The most notable exception is the image of bubulle. He does not even look feminine. Maybe it’s because he’s like a mother to us Debianers, always kind and always helpful? :-)
This observation fits my experience when I created a top-100-statistic of individual picture page views of my personal gallery: I got a collection of pretty much all pictures of girls in bikinis, lying at some beach, across the various pages and years, and hardly any other picture. I won’t post these top-100 here, as I don’t want to additionally increase the effect...
Over the holidays I investigated how to cross-compile GTK applications for Windows, and managed to port screen-message. I also created an Inno Setup based installer for it that includes the necessary GTK DLLs. You can grab it from the screen-message homepage. The installer optionally binds screen-messages to the key combination Alt-Ctrl-S.
I would have published the binary much earlier if starting the application had not always given the error message
The application failed to initialize properly (0xc000007b). Click on OK to terminate the application.
on Windows, while it worked fine under WINE. It took me a while to find the cause, as there seems to be only one mention of it in the internet: One must not use MinGW’s strip.exe utility on DLLs not created with MinGW, it seems.
I added a “make installer” target to the Makefile to create the installer. If you are curious about how that works, have a look at the source.
A friend of mine is interested in trying out the Automatic Rule Based Time-Tracker arbtt which I programmed. Unfortunately, he is using Windows and up to now, arbtt only worked on Linux. But as I wanted to check out Haskell’s cross-platform abilities for a while, this was a good opportunity to do so. I don’t have Windows installed myself (and did not plan to do so), so I did all this under WINE, the Windows compatibility layer, which works very well: It takes only a few minutes to install the Haskell Platform for Windows and then I was able to run wine ghc --make and cabal install.
I played around with some simple programs and was surprised by these timings:
$ rm *.o *.hi; ghc --make fourfours.hs ; time ./fourfours > /dev/null [1 of 1] Compiling Main ( fourfours.hs, fourfours.o ) Linking fourfours ... real 0m1.909s user 0m1.692s sys 0m0.208s $ rm *.o *.hi; wine ghc --make fourfours.hs ; time wine ./fourfours.exe > /dev/null [1 of 1] Compiling Main ( fourfours.hs, fourfours.o ) Linking fourfours.exe ... real 0m1.631s user 0m1.376s sys 0m0.092s
So it is faster to run a compiled Haskell program on top of a compatibility layer than directly on Linux! The world is in order again, though, if optimization is enabled:
$ rm *.o *.hi; ghc -O --make fourfours.hs ; time ./fourfours > /dev/null [1 of 1] Compiling Main ( fourfours.hs, fourfours.o ) Linking fourfours ... real 0m0.981s user 0m0.876s sys 0m0.108s $ rm *.o *.hi; wine ghc -O --make fourfours.hs ; time wine ./fourfours.exe > /dev/null [1 of 1] Compiling Main ( fourfours.hs, fourfours.o ) Linking fourfours.exe ... real 0m1.270s user 0m1.036s sys 0m0.072s
Funny. Anyways, I wanted to port arbtt. The only platform-dependent part is the capture module that gathers the list of open Windows. The Win32 package that comes with the Haskell Platform did not cover all the functions needed to do so, but creating additional function bindings is really easy with Haskell, as can be seen in the Graphics.Win32.Window.Extra module. I also replaced the locking code that prevents two instances of arbtt-capture to run at the same time by equivalent code using Windows mutexes (module System.Win32.Mutex). With these small changes and some CPP conditionals to make the code compile for either platform, the porting was done! Even accessing the files in ~/.arbtt works correctly on Windows, where it will look in the Application Data folder, without changing the code, thanks to System.Directory.getAppUserDataDirectory.
But Windows users won’t like compiling software on their own. They won’t even like installing software by copying various files to certain directories. Therefore, I also had to create a Windows Installer. I picked Inno Setup, because it’s Free Software and seems to be simpler than NSIS. The installer puts the compiled .exe files, the example categorize.cfg and the HTML documentation in the right spot, adds icons to the Start Menu (“Edit categorize.cfg”, which fires up wordpad, a link to the documentation and the uninstaller), puts arbtt-capture in the Autorun folder, puts the path to arbtt-stats in the PATH variable and starts arbtt-capture at the end (the last three points being optional). Of course it undoes all this when removing the program again. I integrated the call to the Inno Setup installer into the usual ./Setup build process of Haskell packages. Some more details of how to create the Windows installer are mentioned in the README file.
Now all this does not magically add a graphical user interface to arbtt, so users will still have to work with arbtt-stats on the command line – even on Windows. If this is not a problem for you then you can fetch the latest installer from the arbtt homepage. And if you happen to become a serious user of arbtt on Windows and want to help maintaining the Windows port, I’ll gladly share some responsibilities.
I’m very satisfied with the process and the result and I’m happy to
know that I can offer some of my programs also to Windows users in the
future.It is also a big plus for Haskell – with Python, shipping a program for Windows users is likely more difficult. The next step will be providing gtk-based graphical Haskell applications for Windows, including a nice installer that ideally includes all dependencies (gtk etc.).
Seit über einem Jahrzehnt schon produziere ich für meine Verwandtschaft Photo-Kalender. Anfangs waren es Abzüge vom analogen Photo auf einem Bastelkalender, die letzten Jahre dagegen Digitalbilder, aus denen Pixum.de, ein Online-Photoshop, Kalender produziert hat. Dabei beschrifte ich meine Bilder mit einem Perl-Skript bereits auf meinem Computer und lade sie dann in der richtigen Reihenfolge hoch – fertig.
Dieses Jahr, ich war schon recht knapp dran, musste ich mit Schrecken feststellen, dass Pixum eine neue Software für das Kalender-Design eingeführt hat. Da kann man zwar ganz tolle Designs auswählen, Bilder- und Textrahmen frei platzieren und vieles mehr. Was aber nicht geht, ist ein Bild so ein dem Bild-Rahmen zu platzieren, dass es eingepasst wird. Die Software besteht darauf, den Rahmen zu füllen und dadurch das Bild abzuschneiden.
Also machte ich mich auf die Suche nach einem alternativen Anbieter, doch die allermeisten hatten das gleiche Problem oder es gab andere Probleme: Die Kalenderformate waren ungeeignet oder fertig entworfene Kalender verschwanden beim Speichern. Sogar der Photoladen vor Ort arbeitet mit einer Kalender-Design-Software mit dem gleichen Manko und konnte die Bilder nicht einmal ohne Zuschnitt entwickeln. Zuletzt habe ich mich dann einen verlängerten Abend lang hingesetzt und mit LaTeX und Perl mein eigenes Design gemacht, um dann die erzeugen PDF-Dateien bei einer „richtigen“ Druckerei drucken zu lassen.
Aber eigentlich wollte ich ja etwas anderes erzählen:
Bei einem der Anbieter (Nennen wir ihn, um ihm den Spott zu ersparen, kurzschlussverlag.de. In echt firmiert er unter einem halben Dutzend verschiedener Namen im Internet.) waren die Kalender-Entwürfe weg, sobald ich sie im Flash-Designer speichern wollte. Das äußerte sich darin, dass der Web-Browser eine Weile läd und irgendwann einfach nichts mehr macht. Dabei enthielt die URL-Zeile einen Eintrag, der ungefähr so aussieht (der Lesbarkeit halber auf mehrere Zeilen aufgeteilt):
http://shop.kurzschlussverlag.de/cgi-bin/r40msvcshop_beleg_detail_anzeigen.pl? var_hauptpfad=../r40/vc_kurzschluss/& var_datei_selektionen=20091222/12913721974b3118f19322eb.dat& var_html_folgemaske=frontend_login_aus_flash_opener.html& var_te46_uebergabe=J& var_te40_uebergabe=2& var_variable_uebergabe5=2& var_variable_uebergabe3=../r40/vc_kurzschluss/public/firma2/pdf_files/vcmedia_lq/124898.pdf
Dabei machte mich vor allem der letzte Parameter neugierg. Ins Blaue hinein rief ich die Seite
http://shop.kurzschlussverlag.de/r40/vc_kurzschluss/public/firma2/pdf_files/vcmedia_lq/124898.pdf
auf und siehe da: Eine PDF-Vorschau meines Kalenders, mit etwas verpixelten Bildern, war zu sehen. Wer nun, wie ich, diese URL aufmerksam betrachtet kommt vielleicht auf die Idee, auch andere Nummern im Dateinamen der PDF-Datei zu probieren. Und siehe da: auch 124899.pdf, 124900.pdf und 124901.pdf waren Photo-Kalender – nur eben nicht meine! Der direkte Zugriff auf diese Dateien ist völlig ungesichert, und die Nummern werden sequentiell vergeben. Es ist eigentlich überflüssig zu erwähnen, dass ein solches Leck bei sensiblen Daten wie privaten Photos ein großes Problem ist! Vor allem auch, da die Kalender und andere Photo-Produkte zum Teil mit Texten versehen sind, die Rückschlüsse zur Identität der abgebildeten Personen zulassen. Man findet etwa das Facebook-Profil einer frisch verheirateten Frau, die anscheinend ihrem Mann (und sicherlich nur ihrem Mann) einen Kalender mit Bildern von sich schenken wird und deren Spitzname auf dem Kalender-Titelbild auftaucht.
All dies passierte letzten Mittwoch. Ich schrieb eine e-Mail an den Verlag und wies auf das Problem hin. Am nächsten Morgen bekam ich eine kurze Antwort mit einem Dank für den Hinweis. Man werde sich nach Rücksprache mit den Entwicklern erneut melden. Am Montag dann eine e-Mail, dass die Entwickler eine Lösung gefunden habe (die Dateien sollen mit einer zufälligen Zahl geschützt werden) und diese am Mittwoch, also heute, produktiv eingesetzt werden soll – noch ist das nicht der Fall, ich werde das prüfen.
Mehr als ein kurzer Dank in einer e-Mail war dem Verlag der Hinweis nicht wert. Einen Anspruch habe ich natürlich nicht darauf, aber eine kleine Aufmerksamkeit, etwa in Form eines Warengutscheins, für das diskrete Vorgehen wäre doch angemessen, oder? Was für Erfahrungen haben denn andere gemacht, die deratige Hinweise an Website-Betreiber gaben? (Ich vermute dass dies bei einigen Lesern dieses Blogs schon vorgekommen sein könnte.)
Nachtrag: Gerade eben finde ich heraus, dass die verwendete Shop-Software keine Eigententwicklung des „Kurzschlussverlags“ ist, sondern von einer anderen Firma gekauft und auch von dieser gehostet wird. Auf deren Website findet sich dann auch eine Liste von weiteren Websites, die mit der fraglichen Software arbeiten und auch andere Produkte wie etwa Grußkarten oder Hochzeitszeitungen anbieten. Und auch hier kann man auf diesem Wege die Bestellungen anderer Kunden betrachten. Alles sehr bedenklich.
Three years ago, while I was in Ghana, I wrote a small screensaver that displays a randomly picked unicode character full-screen. I like it because there is a huge bunch of very weird characters and signs in the unicode standard. It also prints the unicode codepoint and character name.
Now I finally got around to properly package it: Created a small homepage, a source tarball with (hopefully) proper autotool files, all managed in a git repository (also on gitorious), complete with manpage, README and other additional files. I’m also going to upload the package to Debian, so you can just do apt-get install unicode-screensaver as soon as it gets accepted.
It can probably not enter the official xscreensaver distribution as it adds dependencies on the fontconfig and freetype libraries.
Yesterday, the German magazine freeX published its December issue. It includes an three-page article about vbox-sync, written by me, that is even mentioned on the cover page. After my article on the Cross-Site-Authentication attack that was published in the German Linux-Magazin and the international Linux Magazine in 2005, this is my second publication.
Vbox-sync is a tool to distribute VirtualBox images via apt-get that Phil Kern and I wrote as part of our work for itomig.de, a German Free Software consulting company, and the LiMux project. I also held a talk about it at the Debian Conference in Extremadura, Spain, in 2009.
Folllowing an idea by Kai Hendry, I re-implemented my Linux application screen-message, which does nothing but display a piece of text that you enter as large as possible, in HTML. So whenever you are in need of screen-message, but don’t have it installed at the moment, put your browser into fullscreen mode, go to
and type away.
I only tested it with the web browser galeon, so I expect it to work with Firefox and related browsers. If it does not work with Internet Explorer, I can’t help it – but patches are welcome. The file is stored in the screen-message Darcs repository at http://darcs.nomeata.de/screen-message.upstream.
PS: If anyone wants to donate a shorter domain for this, you are welcome. But I guess all good domains with “sm” in them are taken...
The Automatic Rule Based Time Tracker that I have created some weeks ago is now available in Debian unstable, so if if you were reluctant to use it because you did not want to figure out how to compile the Haskell code, you can just do apt-get install arbtt.
Although it’s such a young project, it already has a fork: Andreas Klöckner was very impatient with a feature request (sensible merging of logs from different hosts), so we went ahead and re-implemented arbtt in python, named whatup. Although I prefer contributions to arbtt, it shows that the principle of arbtt is useful. And I won’t be shy to copy nice ideas from him, as well :-)
The darcs hacking sprint is slowly nearing its end. As planned, I have worked on integrating DarcsWatch and bugs.darcs.net, and I am satisfied so far. From now on, if someone submits a Darcs patch to patches@darcs.net, the patch will also be tracked by DarcsWatch. DarcsWatch will display a link to the entry on bugs.darcs.net, and also add a comment to the bugtracker with a link to the patch on DarcsWatch. And eventually, if the patch is included in the darcs.net repository, DarcsWatch will change the state of the ticket to accepted, removing one step of work for the Darcs maintainers. Currently, it checks the state of the repository three times per hour, so expect a delay after you applied the patch to the repository before the state is updated.
Today, my alarm clock was set to 4:30, as I was going to Vienna, to attend the Darcs hacking sprint. I’ll be working on DarcsWatch, making it a bit more modular and hopefully integegrate it better into bug tracking systems (especially roundup, as that’s used by the Darcs team). On Monday, I’ll be a tourist until I leave in the evening. If any Debianers or Haskellers want to meet for keysigning or sightseeing, just drop me a mail!
Bilder
