Søren Hansen

I'm about to head out the door to a Linux install party at the local university (info), and my wife decided to bake us a cake. I think it's ROCKING!

Due to bad planning on my part and even worse execution of said plan, I didn't finish packaging and integrating eBox before FeatureFreeze. This means you're going to have to wait for Gutsy+1 before eBox will be an easily available component in your favourite Linux distribution.

I apologise to anyone who (like me) was looking forward to this.

...and it could be all your fault! That's right, it's another Bug Day! This time around, we're trying to focus on server bugs, so we'll be trying to get through as many bugs in these packages as possible:

• samba
• php5
• openssh
• mysql
• apache2
• postfix
• openldap2.3

If you're new to this, you can help out by going through the ones marked as New and see if they're valid and ready to be looked at by a developer, valid but need more information before they can be worked on, duplicates of other bugs, etc. You are of course also very welcome to work on other packages you find interesting, or actually fix some of these bugs by sending us patches.

As always, I'll be hanging out in #ubuntu-server and #ubuntu-devel and throughout bug day, I'll also try to keep an eye on #ubuntu-bugs. My nick is shawarma. I'm looking forward to working with all of you! Let's make Ubuntu Server rock even harder!

I just connected to Hotmail's SMTP server (don't ask). Here's the greeting (emphasis mine):

220 bay0-mc1-f11.bay0.hotmail.com Sending unsolicited commercial or bulk e-mail to Microsoft's computer network is prohibited. Other restrictions are found at http://privacy.msn.com/Anti-spam/. Violations will result in use of equipment located in California and other states.

Per request, I'm hereby joining planet.opensource.dk. A bit of introduction is probably in order: My name is Søren Hansen, a 26 year-old Danish male living in Nørresundby near Aalborg, Denmark.
My involvement in free software includes contributions to a long list of free software projects over the years, from the Linux kernel to Gaim (now pidgin) to mod_musicindex for Apache to mbuni to hal etc.. Since some time in 2005 I've been focused on Ubuntu development and package maintenance, and I'm now working for Canonical on Ubuntu's server team, which is a (true) subset of the distro team.

To further add to the confusion: No, I'm not the same Søren Hansen as Søren Hansen, or Søren Hansen for that matter. Go figure.

In Sevilla the taxis seem to turn ON their green lights on the roof when they're taken and vice versa. Go figure.

Last week, I asked the community's help in finding a proper name for my SoC project. I actually thought it was a bit of a long shot that anyone would even care, but as it turns out, within just a few hours of posting to the planet there were more than 20 suggestions and at the end there were almost 60 suggestions. You just got to love this community.

Anyhow, after much deliberation I've settled on a name that

• is just one word,
• I knew how to pronounce right away without asking Webster's for help, and
• hints towards who the target audience is.

Anyone who's monitoring the "newest projects" bit on Launchpad may have already guessed that the winner is "SOHObuntu" suggested by none other than our very own screencast team leader, Alan Pope (aka. popey), who can collect his prize beer in Sevilla in less than a fortnight.

Don't expect a whole lot to happen on the project just yet, though. I'm working a bit on designing the plugin API and such, and Google says that my mentor is not to take anything before May 28th into account when evaluating me at the end of SoC.

As previously mentioned, I've been accepted for Google's Summer of Code doing a project for Ubuntu. However, I have yet to come up with a proper name for the project and before I do, I don't want to create a product for it Launchpad and all that. So: I'd like to point you all at this wiki page and kindly ask your help in finding a proper name for the project. From the wiki page:

I'm pretty sure we can all agree that "Ubuntu Easy Business Server" is not the catchiest project name in the world. Hence, I'd like to get some suggestions on a good name for the project. Please add your suggestions and your name to the list below. You have until this Friday (March 20th) at noon UTC to add your suggestions. Soon after the deadline, I'll look over the list and decide on a winner. The submitter of the winning entry will be awarded eternal fame and glory, a free Ubuntu CD courtesy of http://shipit.ubuntu.com , and a beer if I ever run into you IRL.

Congratulations! This email is being sent to inform you that your application was accepted to take part in the Summer of Code.

Yay! I'll be implementing my Ubuntu Easy Business Server specification mentored by the great Tollef Fog Heen (aka. Mithrandir on IRC).

Even though the timing has been very suboptimal for the mentors, as they've been busy polishing the Feisty Fawn release to the max, it's conveniently close to UDS so I can discuss the spec there and get a lot of great input very early on. It's going to be great. Yay Google!

Toby Smithe linked to an article by some guy called Jeff, who claims he can predict the future. He uses his powers of clairvoyance to tell the world that Linux will never ever make it on the desktop. Well, except for the one or two times where he says that it might anyway, but mostly he says it'll never happen. Ever.

I don't deal with this sort of thing very well, so I had to comment on it, and I figured I'd share my comments with you:

I always think it's interesting when people are really dogmatic, but call it pragmatism because they think that that way, they're magically right.

Tell me, how is not dogmatic to say that something which a non-static entity never will be X, no matter what X is?

Also, how is it not dogmatic to use previously stated dogma (stated by oneself, even!) to prove that very same dogma? See: "I've said right here, on this very blog, that Vista will dominate the market"..
Dude.. Using your previously stated opinions as a reference doesn't work. Let's try it: Linux will be the dominant OS on desktops real soon now. I've said so right here: http://pastebin.ca/raw/405753 .See how it's not any more true now than it was when I wrote it the first time?

"those examples are both corporate use, not mainstream market." Dude, I don't know where you've worked before, but the average corporate users are *not* much more computer literate than the average home user. Corporate users are likely home users too, and more and more of home users use computers at work. It may not be *entirely* the same demographic right now, but the intersection between the two sets is definitely substantial.

As a final note, could you take a look in the crystal ball that told you that "five years down the road Vista [...] owns the market", and perhaps ask it if you'll ever learn to not base your entire argument on non-substantiated (or even substantiable), opinionated claims. Maybe then I might stop by to read more of your blather.

kthxbye

Soren: instead of responding with a philosophical bent and arguing semantic construction, how about trying to convince me that Linux will make considerable strides in the consumer desktop space sometime in the short- to even intermediate-term future?

How about ever?

What you read here is indeed my "blather" - it's my opinion. This is an op/ed piece.

It also happens to be right.

Jeff, I find it futile to try to convince someone who argues the way you do. Besides, unlike you I cannot predict the future, nor do I claim to be able to do so. I do however reserve the right to dismiss anyone else's predictions of said future especially ones that are not based on any sort of scientific argument.

Also, I find it interesting that while you try to argue that Linux will _never_ be anything but a niche market, _I_ must - to prove you wrong - give you reasons why Linux will "make it" in the near or intermediate future.

But very well, I shall give you reasons why Linux could make it. I'm not saying it necessarily will, because I cannot predict the future, but it rather just tell you why it _could_. Heck, I'll even give you a formal proof.

First, a few fundamental properties of features:

• Any feature either depends on other features for it to work or it is a so-called basic feature. (This is *not* well-known terminology. I make it up as I go, but that is beside the point).
• The directed graph, G, where nodes represent features and an edge from x to y represents x's dependency on y, is a tree.

Let S be the set of features Windows possesses, but Linux lacks.
Proposition: There exists no element X in S for which it holds that X could not be implemented in Linux.
Proof: Assume (wrongfully) that the converse was true, i.e. there exists an X in S which cannot be implemented in Linux. Without loss of generality, let X be the element in S closest to a basic feature in G. X exists in Windows, which means that it must be possible to implement in finite time. Any reason why X could not be implemented in Linux must be the lack of a certain feature, X', on which X depends, but since we assumed X was the element in S closest to a basic feature in G, X' must be implemented, and hence X can be implemented. QED

Furthermore, implementing any feature in S requires finite ressources as can easily be deduced from its current existence. From a similar argument one can realize that the number of elements in S is also finite. So, if r is the average amount of ressources that was needed to implement the features in S, and s is the amount of elements in S, then r*s is also finite. Hence, the entirety of S can be implemented in Linux in finite time.

So much for formality. Let's assume Windows has a head start (I'm not quite sure I agree, but let's just assume) and that new features will be implemented in Windows. Any such feature might already be implemented in Linux in which case its inception does not affect S in any way. Is the feature not already present in Linux, it is added to S. All that's left to show is that the size of S is decreasing. I cannot prove this formally, but let's look at some numbers. SourceForge has 1,541,558 registered users. According to Microsoft themselves ( http://www.microsoft.com/presspass/inside_ms.mspx ) they have 71,172 people working for them. Let's assume that the percentage of administrative personnel in those 71,172 roughly corresponds to the percentage of duplicate accounts and whatnot on SourceForge. Registering on SourceForge tells the world that you intend to work on some sort of open source software at some point. So the number of who are willing to work on making Linux better ("Linux" is actually just the kernel, but everywhere else in this comment (and in your story, too) "Linux" has referred to the entire software stack comprising a complete Linux based system) outnumber the number of people who could possibly work on making Windows better (it's not open source, so you have to work for Microsoft to make any changes to it) by a factor of 15. I'd say that that indeed makes is possible that the amount of elements in S will decrease. Some (who are willing to predict the future) may even call it inevitable. I'll leave it as an exercise to the reader to ponder this.

Hmm... So I start out by saying it's futile to try to convince you, yet I try anyway. I don't know what that makes me..

I'm off to CeBIT in 5 hour's time. It's a 9 hour bus ride, so I'll be there at around 8 am Saturday. If anyone wants to meet up you text me on +45 28287542. (I can't really decide if I'm going to regret posting my GSM number here.. We'll see.)

A few years ago LPI had a stand at CeBIT where they offered certifications for a significantly reduced price. The only problem was that I didn't notice this until 20 minutes after the last round of tests was over. Bad luck. This year I've done my home work (even though it was a bit hard as they encrypted it.. in German!) and found out that they offer LPIC-1 and LPIC-2 exams at 60 EUR (about half price) and LPIC-3 exams at 80 EUR at 10.00, 12:30, and 15:00. The web site says to sign up, but the sign up page only allows you to register for tests at LinuxWorld in Brussels. Strange. I hope they let me take the tests anyway.

Also on my plan for CeBIT:

• Canonical's Malcolm Yates will be giving a talk at 11:15 in Hall 5, Stand G64 about "Vista vs. Linux: What Linux has to offer".
• Canonical's stand at Hall 1, Stand F74/1
• The Ubuntu stand at Hall 5, Stand G64/1

I've just passed the point of no return: I've booked a non-cancellable flight to UDS in Sevilla (that's "Seville" for the Spanish-impaired).

I'm really looking forward to seeing the other Ubunteros again and finally using my Spanish for something other than mumbling to myself.

I've decided to apply to Google's Summer of Code this year. I've already written two applications, both of which can be seen on Launchpad:

• Ubuntu Management Console (UMC)

  In short: It's a web based configuration interface for creating meta packages and configuration packages and assigning them your different servers.

• Ubuntu Easy Business Server. (formerly known as "Ubuntu Small Business Server", but that spec name was already taken :-) )

  In short: It's a web based configuration system for Ubuntu servers. You know the web interface you see, when you plugin a new router and connect to it? Something like that except instead of just network configuration, you can set up e-mail, printer sharing, file sharing, etc., all without you ever touching a configuration file or knowing what software is used. It should be pretty cool.

I'm quite confident that I would be able to finish either of them. As mentioned on the corresponding wiki page, I already have a mostly functional prototype of UMC, so it should definitely be possible to get it done within the SoC timeframe. I think UEBS is more of a challenge and will be much more interesting to carry out.

All that's left now is keep my fingers crossed and hope that I'll get accepted. I'm hoping my current involvement in Ubuntu as a MOTU will mean something when the selection will be made.

More to come... (hopefully)

This is somewhat old news by now, but in case you haven't heard it elsewhere, kqemu, the until very recently non-free kernel module allowing qemu to do virtualisation (as opposed to emulation), has been released under the GPL. I suspect it's a response to VirtualBox being liberated less than a month ago.

I'm currently experiencing an issue with kqemu on my amd64 box, but with Fabrice Bellard at the wheel, I'm confident it'll be fixed in no time. :-)

Update: It appears that the only issue I was actually having was inability to read the docs. It says loud and clear that x86_64 guests are experimental.. I've switched to i386 guests only and it's rocking!

Every once in a while (not too often) I leave the house without my trusty laptop or maybe I'm just in a place with no wifi available to me. In such cases I sometimes need access to one of my servers or perhaps just my e-mail, but I've always felt uncomfortable entering my password on strange computers, especially ones running Windows. You never know what kind of key loggers or other kinds of spyware they might be infected with. Every time I've done it, I've always changed my password on said servers the next time I'm using my own laptop which I quite trust. This procedure gets quite annoying. Enter OPIE.

OPIE

OPIE is a free implementation of the S/KEY (one time password) specifications (RFC 1760 and RFC 2289). The idea is that each password is only usable once so it doesn't matter if anyone grabs it as it'll be useless when they try to use it.

Setting it up was quite simple:

• Install the opie-server package.
• Add pam_opie to your pam configuration. If you haven't tweaked your pam configuration at all, you can just copy /usr/share/doc/libpam-opie/examples/pam.d/common-auth to /etc/pam.d/common-auth. You'll still be able to log in as you've always done it, but also with your shiny new one-time-password setup.
• Now, as your regular user, run opiepasswd. You'll see a prompt like this:

  Adding sh:
  You need the response from an OTP generator.
  New secret pass phrase:
          otp-md5 499 bi0617
          Response:

  Now, in another terminal, run the command shown (in this case otp-md5 499 bi0617). This will look something like this:

  $ otp-md5 499 bi0617
  Using the MD5 algorithm to compute response.
  Reminder: Don't use opiekey from telnet or dial-in sessions.
  Enter secret pass phrase: 
  DARE LAID BUM TAB PI BURY
  

  Your passphrase will have to be 10 characters or more. Now, enter that ("DARE LAID BUM TAB PI BURY") into the opiepasswd session from before.

  Adding sh:
  You need the response from an OTP generator.
  New secret pass phrase:
          otp-md5 499 bi0617
          Response: DARE LAID BUM TAB PI BURY
  
  ID test OTP key is 499 bi0617
  DARE LAID BUM TAB PI BURY

  And that's it. From now on, you can log in using these one time passwords. Try su - yourusername and just press enter on the well-known "password:" prompt, and you'll be prompted for a one-time-password.

All that's left is a way to get your hands on these one-time passwords when you need them. You can either use the otp-md5 tool to generate a bunch of passwords, print them, and carry them with you (see the man page for otp-md5 for details on the -n option), or you can install a generator on your mobile phone (there are several options available) or your Nokia 770 if you are lucky enough to own one of those.

imapproxy

As I mentioned in the beginning, I needed this for webmail, but as you might know, when using PHP based webmail systems every page load means a new login to the IMAP server, but when your passwords are only good for one login, you're not going to have a very enjoyable experience with this setup. But if we add imapproxy to the mixture we're back in business.

imapproxy was created to offload imap servers from these excessive logins, but at the same time, it resolves our problem. When connecting for the first time, imapproxy passes your authentication credentials on to the imap server, and if succesfully authenticated, it remembers your password for a configurable amount of time while keeping the connection to the imap server open... so the webmail app will keep using your (almost-but-not-quite-)one-time password to authenticate against imapproxy. Make sure you configure a relatively short cache_expiration_time so that the window of opportunity for an attacker is as narrow as possible. I've set it to 70 seconds since my webmail system refreshes every minute, so 70 seconds leaves a bit of time for different delays and such.

A word of warning:If you're writing an e-mail from the webmail system, it might not be refreshing every minute anymore, so if you're writing a long e-mail, make sure you do it in a different window so that when you click send, you won't be rejected because the connection from your imapproxy to your imap server has been dropped and hence your password has expired.

The configuration file for imapproxy is heavily commented, but here's is mine(stripped for comments and blank lines) if you're interested:

server_hostname localhost
cache_size 3072
listen_port 144
listen_address 127.0.0.1
server_port 143
cache_expiration_time 70
proc_username nobody
proc_groupname nogroup
stat_filename /var/run/pimpstats
protocol_log_filename /var/log/imapproxy_protocol.log
syslog_facility LOG_MAIL
send_tcp_keepalives no
enable_select_cache no
foreground_mode no
force_tls no
enable_admin_commands no

Launchpad can be a hassle to navigate at times, so I figured I'd share a little gem with you. Every once in a while, there's a bug in an Ubuntu package. Yes, hard to believe, but it's true. To figure out exactly when it broke it sometimes helps to be able to install previus versions of a package to determine when the issue arose, but what if the package has been removed from the archives? Here's the trick:

1. Figure out the name of the source package. http://packages.ubuntu.com/ can help you there. The bottom of each binary package page lists -- among other things -- the name of the source package.
2. Go to Ubuntu's Launchpad page (remember, Launchpad is not only for Ubuntu).
3. In the search field, enter the name of the source package. E.g. "firefox".
4. This gives you a list of possible matches. Select the right one. :-)
5. Find the version you're interested in in the table and click the version number (the far right column).
6. You'll see a list of binary packages generated by this source package. On the left, there's a box that says "Builds of sourcepackagename - version" with each of the relevant architectures' build results. Click the architecture you're running.
7. You'll see some info relating to the build of the package (which server built it, how long did it take, when was it done, etc.). On the right, there's a box containing a list of the resulting binary package. Select the one, you're looking for.
8. There! At the top, there's a download link for the deb. Mind you, you're on your own with regard to managing dependencies.

Oh, and per request I've added myself to the planet. Yay!

$ mkdir templatetags && cd templatetags
$ touch __init__.py
$ wget http://pyscrobbler.googlecode.com/svn/trunk/audioscrobbler.py
$ $EDITOR lastfm.py

from django import template
from audioscrobbler import AudioScrobblerQuery

register = template.Library()

def lastfm_info(user):
    q = AudioScrobblerQuery(user=user)
    r = q.recenttracks()
    tracks = [dict([(d.tag, d.text) for d in t]) for t in r]
    return { 'recent' : tracks }

register.inclusion_tag('lastfm.html')(lastfm_info)

<h4>Recently played</h4>
<ul>
{% for song in latest %}
<li>{{ song.artist }}: {{ song.name }}</li>
{% endfor %}
</ul>

{% load lastfm %}
{% lastfm_info "shawarma" %}

Should you be MALE or FEMALE?*
created with QuizFarm.com

• RSS feeds
• Comments
  • Allow new comments to be added
  • Import old ones
• Cool things in the sidebar