Planet freenode

August 30, 2016

mquin's blog

A small wireless sensor network

Back in the dim and distant I wrote about collecting electricity consumption data. In the intervening time and due to some hardware changes and failures I had stopped doing this.

Recently, Graeme Thomson gave a talk at ScotLUG about the system he is using to monitor temperatures around his house, using a 1-wire sensor network. Inspired by this, I decided to revisit my monitoring efforts.

Graeme's system took advantage of the fact that his house had recently been rewired and at that time he had laid in a number of twisted pair drops into each room, which could easily be patched onto his 1-wire bus.

Not wanting to run more cable around my own flat I decided to look at the possibility of doing the same thing wirelessly, and I remembered, from my Arduino tinkering, about the JeeNode project.

JeeNodes are compact, low-power Arduino-compatible AVR microcontroller boards with onboard wireless modules. They are very versatile and ideal as a basis for all sorts of wireless sensor nodes. They are also relatively inexpensive, particularly when purchased in kit form.

After a bit of tinkering around I settled on a sensor node design consisting of a JeeNode with an AA battery based power supply, and a DS18B20 digital temperature sensor.

Assembled sensor node

I now have four of these scattered around the flat, running a simple sketch that takes a sample from the temperature sensor every minute or so and transmits it back to my central server. The 878Mhz radio system seems to comfortably cover the entire building.

Using one JeeNode per sensor is not the cheapest way of doing this, but saves me pulling cable and leaves me with a lot of flexibility should I wish to expand this system or monitor additional parameters in future.

The end result: pretty graphs, and a better understanding of how the temperature in my flat changes over time.

24 hour temperature graph

Ideas that I have for the future include replacing the node near my server with a Arduino Nano, rather than using wireless to span half a metre, and reuse the JeeNode in another room.

August 30, 2016 11:29 PM

August 14, 2016

erry's blog

August 06, 2016

freenode staffblog

Happy Birthday to the World Wide Web

25 years ago—On the 6'th of August 1991—the world's first website went live, and it's still there.

In other words, the world wide web is celebrating silver jubilee today.

Imagine where we would've been without it. Would your project exist? Would freenode exist?

On behalf of freenode, I'd like to give all our sponsors a big shoutout, for making freenode possible—read more about who they are on our acknowledgements page.

And lastly we would like to thank you, the people that use freenode, the people who use freenode for your projects, the people that contribute to keeping the internet full of Free and Open Source Software. You are a part of what took the internet this far and a part of what keep it, and a lot of other tech related things, evolving.

Stay with us, it's freenode's porcelain jubilee this year, keep chatting, keep the internet open.

by Swant at August 06, 2016 10:06 PM

July 18, 2016

freenode staffblog

A Reminder

Hi all,

In the distant past, freenode fairly frequently sent /wallops about news of conferences, releases or anything else that might be of interest to the FOSS community. We'd quite like to do more of that, so… if you know of anything that might fit the bill, please drop the community team a line at [email protected] or message me (my nickname is e) on IRC (even if the project in question isn't (yet) registered with freenode).

We'd also like to feature a bit more FOSS news on our blog, so if you're itching to write a guest post for us, I'd love to hear about that as well.

Thanks for using freenode! :)

by edk at July 18, 2016 10:06 PM

July 04, 2016

freenode staffblog

Help protect net neutrality in the EU

As many of you no doubt know, the European Union passed legislation last year intended to protect net neutrality. However, it contained significant loopholes which many people believe will allow European ISPs to prioritise paying partners' traffic. Among other things, this is potentially quite scary for FOSS projects—most of which don't have the kind of funding necessary to enter into such arrangements.

If this is something that concerns you, campaigns aimed at convincing BEREC to close the loopholes are running at https://www.savenetneutrality.eu/ and https://savetheinternet.eu/en/.

by edk at July 04, 2016 02:58 PM

June 07, 2016

Pricey's blog

.uk domain transfers are scary

.uk transfers are a little different:
  • You instruct your old registrar to change the "IPS tag" to point the domain to your new registrar.
  • You tell your new registrar that the domain just assigned to them is yours.
The new registrar then dutifully updates all of Nominet's records. Even if the name... email... address... you provided them with bears no relation to the existing (private?) registration information. Who cares if you had 2 factor authentication enabled on the original Nominet account, your domain is gone.

Nominet says the onus is on the registrar to ensure they verify you're the owner when going through this process. But they don't?

What's to stop someone scraping whois records (that IPS tag is public) and racing to claim the domains you're transferring before you do?

Apparently nothing. A few weeks ago I ran a little test. I registered a new domain at one registrar and immediately asked they change the IPS tag to another. A coworker watched over my shoulder as I retrieved the whois details for my domain to see the tag change, but then I got distracted looking for cake/looking over their shoulder. They set up a new account at the second registrar and claimed the domain, using no secret information and without either registrar or Nominet gaining my consent.

What am I missing? Do some registrars I haven't tried put effort into verifying your ownership? Is it just a few bad actors?

UPDATE: One registrar I've contacted has now promised they've updated their systems to email the owner listed by Nominet for confirmation, before handing over the domain. Minor success...

by Joseph Price ([email protected]) at June 07, 2016 03:28 PM

June 04, 2016

freenode staffblog

User-enabled sendpass

As a network, we feel it is hugely important to maintain close relationships with our many communities and users. Our interactions with users in #freenode and elsewhere on the network, fielding support requests and assisting users, help build and maintain these relationships.

But we're constantly looking for things to change and make better, and one of the pieces of feedback we've had is that users would like a little automation - and the ability to be able to resolve some of their own support requests.

We recognise that allowing users to generate their own password reset e-mails brings us in line with other registration systems online and may provide a higher quality of service.

So for now, if you are having difficulties accessing your account, you can generate your own password reset e-mail using the following command:

/msg NickServ SENDPASS <account>

This command will only work with an offline account (i.e. it won't work if a client is logged into your account via NickServ), and should obviously only be used on an account that you believe is yours.

We will be keeping an eye on how this feature is used, and may retain it permanently if it proves to be helpful and non-harmful!

by njan at June 04, 2016 12:48 AM

Turbulence

As many of you will be aware, freenode has been experiencing intermittent instability today, as the network has been under attack. Whilst we have network services back online, the network continues to be a little unreliable and users are continuing to report issues in connecting to the network.

We appreciate the patience of our many wonderful users whilst we continue to work to mitigate the effects this has on the network.

We also greatly appreciate our many sponsors who work with us to help minimise the impact and who are themselves affected by attacks against the network.

We've posted on this subject before, and what we said then remains as true as ever - and for those of you who didn't read the earlier blogpost first time round, it's definitely worth perusing it now if this subject interests or affects you.

Thank you all for your patience as we continue to work to restore normal service!

[UPDATE 04/02/2014]

At the moment SASL authentication works only on PLAINTEXT, not BLOWFISH. We've checked and TOR should be working too. Sadly wolfe.freenode.net will be taken off the rotation, so those users who've connected specifically to it, please make sure that your client points to our recommended roundrobin of chat.freenode.net!

by njan at June 04, 2016 12:48 AM

The New Policies

One of the several problems that's become obvious in recent times is that we  have too many policies, they're often not consistent with each other, and we've spent too much time and effort wondering whether something, which is obviously the right thing to do, fits with our published policy. With that in mind, the following stripped-back set of policies will apply in future, with the intention that we can set out a simple set of baselines and apply common sense on top of them.

Nickname ownership

Nicknames are allocated on a first-come, first-served basis, to the first person who registers the name with NickServ. However, we expect users to act in good faith and reserve the right to remove a nickname registration where we believe that this has not been the case. Nickname and account registrations expire ten weeks after they are last used. For nicknames, 'used' means that you were using the nickname while logged in to the account which owns it. For accounts, 'used' means that you logged in to the account, regardless of the nickname you used to do so. Nicknames which are the primary account name only expire when the entire account is expired. In some cases, such as for very old accounts, we may, at our discretion, extend the expiry time of a nickname or account. We will not normally do this beyond 15 weeks past the last use.

Some nicknames and accounts, including but not limited to some of those owned by current or former network staff, do not expire at all. These accounts can be identified by the 'Hold' flag in their NickServ info output.

Nicknames and accounts which are expired will not automatically be dropped. Please contact network staff if you would like to take over an expired nickname.

Channel ownership

Channels on freenode fall into one of two categories. Primary channels, which begin with a single # character, are reserved for on-topic projects. If you'd like to take over one of these channels, then you'll need to be associated in some way with the project in question. Topical, or 'about' channels, begin with two # characters, and these are allocated on a first-come, first-served basis to the first person who registers it with ChanServ. As with nicknames, however, we reserve the right to remove or alter registrations where we believe they have not been made in good faith.

Primary channels do not expire with inactivity, though they can be claimed at any time by a representative of an on-topic project with the appropriate name. Topical channels expire after 60 days in which no user on the access list for the channel has joined it.

On-topic Use

freenode's primary goal is to encourage and foster the development and use of free and open source software projects and other peer-directed communities producing broadly licensed creative output. Any project falling under this broad description is likely to be considered on-topic for the purposes of primary channel naming and other project services which we may provide, but individual decisions may be made at the discretion of staff.

Off-topic Use

We expect all users of the network, whether affiliated with a project or not, to act in good faith and in accordance with both their local laws and those applicable where freenode operates. Use of freenode and its facilities is a privilege, not a right, and may be withdrawn where we believe that this has not been the case.

by spb at June 04, 2016 12:48 AM

Services database purge

On or around Friday, October 2nd, we shall be cleaning up the services database. This involves the bulk removal of expired nicks, channels and accounts.

Therefore, please remember to identify to services when you connect ( /msg nickserv help identify ) and to use your grouped nicks whilst identified - remember, they all expire separately.

Nicks that are past the expiry threshold of 120 days unidentified on October 2nd will be freed from the database and available for others to register.

If you have a nick grouped to your account that you'd prefer to use as your main nick, you can change your account name - see /msg nickserv help set accountname for information.

Remember you can use sendpass to recover lost passwords - see /msg nickserv help sendpass.

by mrmist at June 04, 2016 12:48 AM

Server Issues: Update

Following up on our previous blog post, we have continued to investigate the compromise of freenode infrastructure, aided by our sponsors in addition to experts in the field.

NCC Group's Cyber Defence Operations team kindly provided pro bono digital forensic and reverse engineering services to assist our infrastructure team and have recently published a report with some of their findings:

https://www.nccgroup.com/en/blog/2014/10/analysis-of-the-linux-backdoor-used-in-freenode-irc-network-compromise/

NCC's support has been invaluable in aiding us in further securing our infrastructure, and we have already made significant changes to ensure that it is more resilient against further attacks. Our investigation into the compromise is ongoing and we will provide further updates as appropriate.

In the mean time, if you haven't updated your password, we would advise you do so as some traffic may have been sniffed. Simply "/msg nickserv set password newpasshere" and don't forget to update your client's saved password.

Whilst we endeavour to provide a robust service, it is worth bearing in mind that no computer system is ever perfectly secure and many are inevitably breached. For this reason we do not suggest relying entirely on freenode (or any infrastructure) to protect sensitive data, and encourage our users to take further steps (e.g. unique passwords per service, encryption) as part of a defence in depth strategy to safeguard it.

We are extremely grateful to NCC in addition to our many other sponsors for their assistance and continued support. Without the ongoing support of our generous sponsors and wonderful infrastructure team, freenode would quite literally not have a network!

We will be continuing to work with our sponsors in addition to other relevant authorities regarding this breach and any further incidents.

by Pricey at June 04, 2016 12:48 AM

Server issues

Earlier today the freenode infra team noticed an anomaly on a single IRC server. We have since identified that this was indicative of the server being compromised by an unknown third party. We immediately started an investigation to map the extent of the problem and located similar issues with several other machines and have taken those offline. For now, since network traffic may have been sniffed, we recommend that everyone change their NickServ password as a precaution.

Before changing your password, please check your email address in /msg nickserv info and, if needed, update it - see /msg nickserv help set email (remember to check your new email for the verification key). This will ensure that we can send you a password reset email should, for whatever reason, your password change not work properly. If you have no email set on your account or an email set that you cannot access, we cannot send password resets to you, so do please keep this up-to-date.

To change your password use /msg nickserv set password newpasshere

Since traffic may have been sniffed, you may also wish to consider any channel keys or similar secret information exchanged over the network.

We'll issue more updates as WALLOPS and via social media!

by mrmist at June 04, 2016 12:48 AM

Recent Events and Future Changes

Many of you have been asking questions about the recent rash of high-profile staff resignations, and we feel we owe you all both an explanation and an apology.

First, the explanation: in short, it's become clear over recent months that freenode has lost its way somewhat, when compared to the ideals and goals that we were created with. A growing sense of disillusionment amongst those of us who remember the olden days, when we were far more friendly, approachable and engaged in the communities we were set up to serve, has recently come to a head. Naturally, when some of these people decided they could no longer continue with the way things had become, it was time for us to think long and hard about what had gone wrong and what we should do about it.

And so, to the apology. We're uncomfortably aware that freenode was set up with the strong idea that the projects and communities which use it should be the first, and often the only, priority. We've lost sight of that, and we're sorry. We'll be doing our best, from now on, to get back in touch with the ideals that made freenode such a great place.

This won't be easy for us, as we've got years of bad habits to break, but hopefully you should start seeing some improvements in the coming months. If you see anything that we're not doing that would help your communities, please tell us and we'll try our best to find a way to make it happen. You might see a bit of chaos or inconsistency while we try to find our way around again, but please try to bear with us and we hope you'll see things get better in time.

And finally, because we're conscious that a lack of clarity around our leadership structure has not helped matters, we've decided to set out unambiguously how the staff management structure will work from now on. Our activities and operations will be split roughly into four areas, each with a designated lead.

  • mist is head of staff, and in charge of day to day network operations and general staff issues.

  • kloeri is head of infrastructure, in charge of making sure that the network continues to run in a usable fashion and that we have the right hardware and server platforms in place to provide the services we want to.

  • spb is head of development, in charge of the software platforms that we use to run the network.

  • christel is head of projects and communities, and also the overall project lead in charge of the other three heads. She'll be trying to make sure that we get back the levels of engagement that we once had with the projects we're here to serve.

These four, together, will take any decisions that affect the future direction of freenode. While they each have their own area of focus, feel free to contact any of us about any issues you may have -- we try to keep an open (virtual) door policy.

by spb at June 04, 2016 12:48 AM

New Website

If you are reading this you have most probably already realised that our brand spanking new website is up and running. On behalf of freenode I would like to express heartfelt thanks to dsample, edk, Swant, thefam, emerson and SteinSplitter and boxmein -- not only for the help in designing the new website based on a very fickle and constantly changing spec but also for providing tremendously amusing banter and generally being awesome guys! You did beautifully and it has been an absolute pleasure working with you, I can't wait to do it again sometime (soon!).

Oh, and the new website is hosted with Github Pages.

by christel at June 04, 2016 12:48 AM

New extban: $j

We have loaded a new module on the network which provides the $j extban type:

$j:<chan> - matches users who are or are not banned from a specified channel

As an example...

/mode #here +b $j:#timbuktu

...would ban users from #here that are banned (+b) in #timbuktu.

Please note that there are a couple of gotchas:

  • Only matching +b list entries are checked. Quiets (+q) Exemptions (+e) & invexes (+I) are NOT then considered. As such, the following mode change would not alter the behaviour of the first example:

    /mode #timbuktu +e *!*@*

  • Quiets and the quieting effect of bans may not immediately take effect on #here when #timbuktu's ban list changes due to caching by the ircd.

  • $j isn't recursive. Any $j extbans set in #timbuktu are ignored when matching in #here.

We imagine you'll have some more useful use cases than the above.

Thanks for flying freenode!

by Pricey at June 04, 2016 12:48 AM

Helping GNOME defend its trademark

The GNOME project will be familiar to the vast majority of our users, what you might not be aware of is that the project is currently facing an expensive trademark battle against Groupon with the latter having allegedly chosen to infringe upon GNOME's trademark by launching a product with the same name (a POS "operating system for merchants to run their entire operation").

I am not going to go into the details here, as they have been explained by the GNOME project over at http://www.gnome.org/groupon/ and the GNOME folk are in a much better position than me to provide more detailed information on the matter.

What I am going to do is appeal for your help. The GNOME project is looking to raise $80,000 to cover the legal costs involved in defending their trademark. At the time of writing this post the freenode network has 89,998 connected users. Users who are passionate about FOSS.

If each of us donated just ONE DOLLAR to the GNOME project they would cover the anticipated legal costs AND have some spare change leftover for a pint when the proceedings conclude.

Even if you do not use GNOME, please consider helping them out. This is bigger than just GNOME and I think would be fantastic if the FOSS communities could drum together to support our own.

If you head over to http://www.gnome.org/groupon/ you can make a donation directly via PayPal by clicking on the "Help us by donating today" button.

Update: Due to the controversial nature of PayPal, GNOME is now also offering other ways to donate .

Thank you!

Update #2: According to the Groupon blog and this article over at Engadget Groupon has issued the following statement: "Groupon is a strong and consistent supporter of the open source community, and our developers are active contributors to a number of open source projects. We've been communicating with the Foundation for months to try to come to a mutually satisfactory resolution, including alternative branding options, and we're happy to continue those conversations. Our relationship with the open source community is more important to us than a product name. And if we can't come up with a mutually acceptable solution, we'll be glad to look for another name."

I am assuming that this means that the trademarks filed will be retracted and that the GNOME project can go about business as usual. I am certain they will be releasing a statement with further details before long.

by christel at June 04, 2016 12:48 AM

Heartbleed

The recently exposed heartbleed bug in the OpenSSL library has surprised everyone with a catastrophic vulnerability in many of the world's secure systems.

In common with many other SSL-exposed services, some freenode servers were running vulnerable versions of OpenSSL, exposing us to this exploit. Consequently, all of our affected services have been patched to mitigate the vulnerability, and we have also regenerated our private SSL keys and certificates.

In an unrelated event, due to service disruption & the misconfiguration of a single server on our network, an unauthorised user was allowed to use the 'NickServ' nickname for a short period Sunday morning. Unfortunately there is a possibility that your client sent data (including your freenode services password) to this unauthorised client. Identification via SASL, certfp or server password were not affected, but any password sent directly to the "NickServ" user might have been.

Because of these two recent issues, we would like to make the following recommendations to all of our users. It would also be good practice to follow them at regular intervals.

  • Though we are not aware of any evidence that we have been targeted, or our private key compromised, this is inevitably a possibility. SSL sessions established prior to 2014/04/12 may be vulnerable. If your current connection was established prior to this date via ssl then you should consider reconnecting to the network.

  • We would advise that users reset their password (after reconnecting) using instructions returned by the following command:

/msg nickserv help set password

This should help ensure that if your password was compromised through an exploitation of the Heartbleed vulnerability, the damage is limited.

  • In line with general best practice, we would always recommend using separate passwords on separate systems - if you shared your freenode services password with other systems, you should change your password on all of these systems; preferably into individual ones.

  • If you use CertFP, you should regenerate your client certificate (instructions) ****and ensure that you update NickServ with the new certificate hash. You can find out how to do this using the following command:

/msg nickserv help cert

  • Having changed passwords and/or certificate hashes, it cannot hurt to verify your other authentication methods (such as email, ACCESS or CERT). It is possible you have additional access methods configured either from past use or (less likely) due to an account compromise.

  • At the recommendation of the Tor Project, we have regenerated private keys for our hidden services. The new list of addresses is now available on our website. Please update your tor configuration!

  • Finally, it is worth noting that although probably the least likely attack vector, Heartbleed can also be used as client-side attack, i.e. if you are still running a vulnerable client a server could attack you. This could be a viable attack if, for instance, you connect to a malicious IRC server and freenode at the same time; hypothetically the malicious IRC server could then attack your client and steal your IRC password or other data. If affected, you should ensure your OpenSSL install is updated and not vulnerable then restart your client.

As ever, staff are available in #freenode to respond to any questions or concerns.

by Pricey at June 04, 2016 12:48 AM

+freenode

UPDATE: This was of course an April Fool... you can "/msg nickserv set property GOOGLE+" to remove the property from your account. There might still be other secrets within the message though...

freenode4

Edit: Previous versions of the post contained an incorrect NickServ command. We have corrected this and apologise for the inconvenience.

by Pricey at June 04, 2016 12:48 AM

Atheme 7.2 and freenode

Hello!

We've begun some testing on Atheme's latest release, 7.2, and we'd like to invite interested users to help with that.

Not all changes the Atheme project has included in their new release will be included in our Atheme upgrade, so here's the bulk of the changes that will actually affect our network:

  • /msg NickServ DROP will require confirmations from the user similar to the ChanServ variant. This is to prevent people DROPping when they should be GHOSTing or similar.

  • We've loaded two exttargets:

    • $registered to grant flags to all people who are identified to NickServ

    • $chanacs to grant flags to people who have flags in another channel. Please read /msg ChanServ HELP FLAGS for details on how they work.

  • The SASL mechanism DH-BLOWFISH has been removed. People using it can connect via SSL and use PLAIN or upgrade to ECDSA-NIST256P-CHALLENGE. Details of how to do so are here and our SASL page will be updated with the relevant documentation soonish.

You should be able to connect to testnet at testnet.freenode.net Port 9002 for cleartext, and 9003 for SSL. Bear in mind, the database is a couple weeks old, so changes you've recently made on the production network may not be mirrored on the testnet network. Various amounts of staff should be idling in #freenode on testnet at all times, please feel free to poke us with any questions.

Thanks!

by tomaw at June 04, 2016 12:48 AM

April 1st 2014, Followup

It's been almost too long for this blog post to arrive here after the April Fools quiz this year. Thanks to everyone who participated!

The first ten people who completed the challenges are, in descending order of aprilness:

(times are listed in UTC)

  1. 2014-04-02T18:25:17 booto

    2014-04-02T23:36:53 Fuchs *

  2. 2014-04-03T00:29:29 furry

  3. 2014-04-03T01:34:18 mniip

  4. 2014-04-03T09:41:38 jojo

  5. 2014-04-03T16:29:51 redi

  6. 2014-04-03T18:57:21 BlueShark

  7. 2014-04-04T15:33:24 larinadavid

  8. 2014-04-04T22:27:20 Omniflux

  9. 2014-04-04T23:02:19 apoc

  10. 2014-04-04T23:13:02 thommey

(*) user opted out of any prizes

There were 25 additional nicks who completed the quiz and made it to the winner's circle but weren't fast enough to place in the top 10.

The prizes were cloaks for those in the top-10. In addition to the top-10 cloaks everyone else who finished the challenge that 'opted-in' were eligible for the cloak lottery. This was a lottery for 3 runnerup cloaks.

Out of the 25 additional people that completed the challenge, the following 3 won a cloak through the cloak lottery:

  • skasturi

  • danielg4

  • jojoa1997

Here are the riddles and their solutions, in the original order:

  • Level 0

    • The clue was given in the April 1st blog post: IyMjI3hrY2Q=

    • That is the string "####xkcd" encoded using base64.

    • The answer: ####xkcd, which was the first channel in the quiz.

  • Level 1

    • Clue: Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=

    • This is a rot13'ed and base64'ed string.

    • In Python: "Tnl2cHItbmFxLU9iby1qbnl4LXZhZ2Itbi1vbmU=".decode('base64').decode('rot13')

    • The answer: ####Alice-and-Bob-walk-into-a-bar

  • Level 2

    • Clue: MKWkpKMa

    • This is another string that is encoded with a series of base64 and rot13 transformations.

    • In Python: "MKWkpKMa".decode('rot13').decode('base64').decode('rot13')

    • The answer: ####reddit

  • Level 3

    • Clue: SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg== | Save this for a later level: https://i.imgur.com/87cX9y4.jpg | 4 decodes needed

    • Yet another string encoded with a series of base64 and rot13 transformations.

    • In Python: "SHg5RkR4SUpIeHFGSnlXVUlJSVFJeHFKCg==".decode('base64').decode('rot13').decode('base64').decode('rot13')

    • This yields: EBEORIETEMETHHPITI

    • Contestants were expected to do a web search for this and find out it is the end of the Zodiac Killer's infamous message.

    • The answer: ####zodiac

  • Level 4

    • Clue: https://i.imgur.com/x4nejBh.png | LaTeX right direction | Google! | No maths needed

    • The topic changed several times as contestants seemed pretty stumped on this level, the topic line above was its final form.

    • The answer: ####exner - this was expected from figuring out what the equation is. Simply put, the equation in the image is Exner's Equation.

  • Level 5

  • Level 6

    • Clue: https://www.dropbox.com/s/emz7xy3p9r2ivxe/wat.unknown (verify the file, sha256sum: 0efade1bb29d1b7fdd65e5612159e262cbd41a2e27ed89a0144701a5556da68f)

    • This file is more stenography:

    • Use 'file' to determine what the file type is.

    • Un-7zip the .unknown file

    • Base64 decode the output

    • Use 'file' to determine that the output is a .jpg

    • Unzip the .jpg

    • Untar two.tar.gz

    • Open the surprised.txt file.

    • The content of surprised.txt is: ####ImSoMetaEvenThisAcronym

    • The answer: ####ImSoMetaEvenThisAcronym

  • Level 7

    • Clue: AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS and "Da Vinci" | Jules Verne | s/.02/.03/ in the decrypted text

    • The clue is base64'ed and rot13'ed. To decode it in Python: print "AQwPfPN1ZBXNfvNj4bPmVR4fVQYPfPNlZBXNfvNkAP4jZhXNflOS".decode('rot13').decode('base64')

    • This yields: 48° 50′ 0″ N, 2° 20′ 14.02″ E

    • These are GPS coordinates for the Paris meridian.

    • From this and the "Da Vinci" clue contestants were expected to find the Wikipedia page about the Rose Line.

    • The specific quote that contestants were suppose to find:

    "Dan Brown simply invented the 'Rose Line' linking Rosslyn and Glastonbury. The name 'Roslin' definitely does not derive from any 'hallowed Rose Line'. It has nothing to do with a 'Rose Bloodline' or a 'Rose Line meridian'. There are many medieval spellings of 'Rosslyn'. 'Roslin' is certainly not the 'original spelling': it is now the most common spelling for the village."[18]

  • Source

    • The "Jules Verne" clue is suppose to reaffirm to contestants that they were on the right track:

    The competition between the Paris and Greenwich meridians is a plot element in Jules Verne's "Twenty Thousand Leagues Under the Sea", published just before the international decision in favor of the British one.

  • Source

    • The answer: ####roslin
  • Level 8

  • Level 9

    • Clue: ZCLVLLCOIUTKKJSCEKHHHSMKTOOPBA | OGUCSSGAPVGVLUMBTVOGICUNJDHSTB | RUTJJGNXUNTY | Letters that would repeat in a typical word do not repeat in the key(s), example 'freenode' would be 'frenod' | https://i.imgur.com/pGIBjEE.png | http://is.gd/TgNsvm

    • Alright this one is really really really tricky. The topic changed several times.

    • The three strings are encoded with Four-square from the previous level with the same keys.

    • Contestants were expected to use 'UVB' and 'RUSSIA' as keys for the Four-square cipher.

    • It was expected that contestants arrive at 'UVB' from the channel name, ####POVAROVOSOLNECHNOGORSKRUSSIA

    • The former transmitter[27] was located near Povarovo, Russia[28] at 56°5′0″N 37°6′37″E which is about halfway between Zelenograd and Solnechnogorsk and 40 kilometres (25 mi) northwest of Moscow, near the village of Lozhki.

  • Source

    • The is.gd link points to a file that has the "No Q" image from a previous level hidden in it.

    • The "RUTJJGNXUNTY" decrypts to AaronHSwartz

    • The answer: ####AaronHSwartz

  • Level 10

    • Clue: HKGJSUOJVRLGSBELAUHOUIGLVRURWMGTUGJGWTKN

    • Originally this channel (####AaronHSwartz) was suppose to be the winner's circle, however due to too many people leaking answers and channel names, one more challenge was added.

    • Same cipher as before, this time the keys were 'DEMAND' and 'PROGRESS'

    • Demand Progress is an Internet activist-related organization specializing in petitions to help gain traction for legal movements against Internet censorship and related subjects, started by Aaron Swartz, source.

    • The clue decrypts to JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS

    • RMS is Richard Matthew Stallman, and 'Join Us Now and Share the Software' is an openly licensed song by Richard Stallman.

    • The answer: ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS

The topic in ####JOINUSNOWANDSHARETHESOFTWAREWRITTENBYRMS was: Congratulations on solving the freenode's April Fools 2014 Crypto Challenge | Want MOAR? #ircpuzzles

Congratulations to those who participated this year!

The 25 additional people that completed the challenge:

  • 2014-04-05T04:06:53 knivey

  • 2014-04-05T10:00:12 Tordek

  • 2014-04-05T15:40:50 jacob1 *

  • 2014-04-05T15:48:48 stac

  • 2014-04-05T16:24:01 Changaco *

  • 2014-04-05T17:30:01 Arch-TK *

  • 2014-04-05T17:35:05 ar *

  • 2014-04-05T18:16:20 Weetos *

  • 2014-04-05T18:38:39 nyuszika7h

  • 2014-04-05T18:56:26 vi[NLR]

  • 2014-04-05T19:06:38 tkd *

  • 2014-04-05T21:54:56 Chiyo

  • 2014-04-05T22:46:01 slidercrank

  • 2014-04-05T22:54:10 jojoa1997

  • 2014-04-06T00:55:51 Pixelz *

  • 2014-04-06T02:53:25 Transfusion

  • 2014-04-06T02:58:15 DonkeyHotei

  • 2014-04-06T03:04:01 sdamashek *

  • 2014-04-06T03:07:49 Cypi *

  • 2014-04-06T03:36:03 FXOR

  • 2014-04-06T13:44:35 pad

  • 2014-04-06T19:22:06 skasturi

  • 2014-04-06T19:37:13 Bloodhound

  • 2014-04-07T08:16:22 molly *

  • 2014-04-07T14:42:32 Bijan-E

(*) user opted out of the cloak lottery

by yano at June 04, 2016 12:48 AM

AFD quiz

As a tradition, we would like to invite our users to participate in the annual April Fool's Day quiz.

Good luck and have fun! You can join us in #ircpuzzles for casual conversation.

IyMjIyMjQUZEMjAxNlN0YXJ0

by mniip at June 04, 2016 12:48 AM

April 20, 2016

erry's blog

[vlog] this year’s uni projects

It’s … been a while, hasn’t it?

Okay, okay, it’s been three months. I’m currently buried underneath 6ft of Uni work, given this is my final year and my dissertation is due soon.

I’ll try to blog more often once I get into full-time paid employment. However, until then, here’s some demo videos I made for some uni projects:

 

  1. Survey wolf: A survey monkey clone in Laravel (sorry!)
  2. An alternative youtube app for android (because we needed another one)
  3. Sparkitect: The inbred mutant child of of Field Trip and Ingress, an AR application that shows interesting information about historical sites in Huddersfield. Only useful if you’re in Huddersfield.

That’s all for now – I hope to get back to more regular blogging once I’ve submitted my Uni work and survived. IF I survive….

by Errietta Kostala at April 20, 2016 10:02 PM

April 01, 2016

freenode staffblog

AFD quiz

As a tradition, we would like to invite our users to participate in the annual April Fool's Day quiz.

Good luck and have fun! You can join us in #ircpuzzles for casual conversation.

IyMjIyMjQUZEMjAxNlN0YXJ0

by mniip at April 01, 2016 12:00 PM

March 22, 2016

freenode staffblog

New Website

If you are reading this you have most probably already realised that our brand spanking new website is up and running. On behalf of freenode I would like to express heartfelt thanks to dsample, edk, Swant, thefam, emerson and SteinSplitter and boxmein -- not only for the help in designing the new website based on a very fickle and constantly changing spec but also for providing tremendously amusing banter and generally being awesome guys! You did beautifully and it has been an absolute pleasure working with you, I can't wait to do it again sometime (soon!).

Oh, and the new website is hosted with Github Pages.

by christel at March 22, 2016 11:25 PM

February 19, 2016

freenode staffblog

Recent Events and Future Changes

Many of you have been asking questions about the recent rash of high-profile staff resignations, and we feel we owe you all both an explanation and an apology.

First, the explanation: in short, it's become clear over recent months that freenode has lost its way somewhat, when compared to the ideals and goals that we were created with. A growing sense of disillusionment amongst those of us who remember the olden days, when we were far more friendly, approachable and engaged in the communities we were set up to serve, has recently come to a head. Naturally, when some of these people decided they could no longer continue with the way things had become, it was time for us to think long and hard about what had gone wrong and what we should do about it.

And so, to the apology. We're uncomfortably aware that freenode was set up with the strong idea that the projects and communities which use it should be the first, and often the only, priority. We've lost sight of that, and we're sorry. We'll be doing our best, from now on, to get back in touch with the ideals that made freenode such a great place.

This won't be easy for us, as we've got years of bad habits to break, but hopefully you should start seeing some improvements in the coming months. If you see anything that we're not doing that would help your communities, please tell us and we'll try our best to find a way to make it happen. You might see a bit of chaos or inconsistency while we try to find our way around again, but please try to bear with us and we hope you'll see things get better in time.

And finally, because we're conscious that a lack of clarity around our leadership structure has not helped matters, we've decided to set out unambiguously how the staff management structure will work from now on. Our activities and operations will be split roughly into four areas, each with a designated lead.

  • mist is head of staff, and in charge of day to day network operations and general staff issues.

  • kloeri is head of infrastructure, in charge of making sure that the network continues to run in a usable fashion and that we have the right hardware and server platforms in place to provide the services we want to.

  • spb is head of development, in charge of the software platforms that we use to run the network.

  • christel is head of projects and communities, and also the overall project lead in charge of the other three heads. She'll be trying to make sure that we get back the levels of engagement that we once had with the projects we're here to serve.

These four, together, will take any decisions that affect the future direction of freenode. While they each have their own area of focus, feel free to contact any of us about any issues you may have -- we try to keep an open (virtual) door policy.

by spb at February 19, 2016 01:11 PM

The New Policies

One of the several problems that's become obvious in recent times is that we  have too many policies, they're often not consistent with each other, and we've spent too much time and effort wondering whether something, which is obviously the right thing to do, fits with our published policy. With that in mind, the following stripped-back set of policies will apply in future, with the intention that we can set out a simple set of baselines and apply common sense on top of them.

Nickname ownership

Nicknames are allocated on a first-come, first-served basis, to the first person who registers the name with NickServ. However, we expect users to act in good faith and reserve the right to remove a nickname registration where we believe that this has not been the case. Nickname and account registrations expire ten weeks after they are last used. For nicknames, 'used' means that you were using the nickname while logged in to the account which owns it. For accounts, 'used' means that you logged in to the account, regardless of the nickname you used to do so. Nicknames which are the primary account name only expire when the entire account is expired. In some cases, such as for very old accounts, we may, at our discretion, extend the expiry time of a nickname or account. We will not normally do this beyond 15 weeks past the last use.

Some nicknames and accounts, including but not limited to some of those owned by current or former network staff, do not expire at all. These accounts can be identified by the 'Hold' flag in their NickServ info output.

Nicknames and accounts which are expired will not automatically be dropped. Please contact network staff if you would like to take over an expired nickname.

Channel ownership

Channels on freenode fall into one of two categories. Primary channels, which begin with a single # character, are reserved for on-topic projects. If you'd like to take over one of these channels, then you'll need to be associated in some way with the project in question. Topical, or 'about' channels, begin with two # characters, and these are allocated on a first-come, first-served basis to the first person who registers it with ChanServ. As with nicknames, however, we reserve the right to remove or alter registrations where we believe they have not been made in good faith.

Primary channels do not expire with inactivity, though they can be claimed at any time by a representative of an on-topic project with the appropriate name. Topical channels expire after 60 days in which no user on the access list for the channel has joined it.

On-topic Use

freenode's primary goal is to encourage and foster the development and use of free and open source software projects and other peer-directed communities producing broadly licensed creative output. Any project falling under this broad description is likely to be considered on-topic for the purposes of primary channel naming and other project services which we may provide, but individual decisions may be made at the discretion of staff.

Off-topic Use

We expect all users of the network, whether affiliated with a project or not, to act in good faith and in accordance with both their local laws and those applicable where freenode operates. Use of freenode and its facilities is a privilege, not a right, and may be withdrawn where we believe that this has not been the case.

by spb at February 19, 2016 01:11 PM

January 14, 2016

erry's blog

A first look at Cordova: pros and cons

I absolutely love the fact that tools like ionic and Cordova exist. It  means that Web Developers like myself can build hybrid applications (apps that work in both web and mobile) without needing to write native code. However, this doesn’t come without disadvantages. Due to this, I wanted to write a blog post comparing its pros and cons.

Pros

  • Designing android apps no longer a headache
    My experience with native Android was that changing even basic elements, such as the colour of the header bar in your application, meant having to create themes and styles in XML file, and sacrifice a few animals before it worked. Now, I never did any real android development, so it may have just been my own lack of exp in the subject. I know many people are able to make beautiful looking android apps, but personally I find being able to define styling with CSS just like any other web application very helpful.
  • Plugins are great… Mostly.
    Cordova uses plugins to “link” Javascript code to native code in the back end. There are plugins for every feature and platform you can imagine, and even if not, Cordova’s API for writing your own is rather straight forward.
  • Build management
    Cordova creates its own config file for tracking your enabled platforms and plugins. Additionally, it provides commands such as ‘cordova run android/ios’. You don’t need to build your apps using different IDEs and/or command line tools for each platform, Cordova handles it for you.
  • Frameworks like ionic!
    Ionic framework provides an angular code base with native-like widgets you can use. This allows you to have things like tabs, toggle buttons, reorderable lists, etc. in your web application.

Cons

  • Plugins only mostly work.
    I’ve had to fork and modify every single plugin I’ve used so far on my current project. Some was just adding some extra functionality or extra configuration options, but other modifications were more serious, such as having to fix a crash. Just be aware that when using plugins you may have to hunt a bit to find one that works properly… And sometimes have to fix somebody else’s code yourself.
  • UX isn’t native
    Being able to build and design using web tech is great, but the thing is that if you’re not careful with your UI and UX your app will not look or feel like a native app. This isn’t always a bad thing (for example, Facebook, YouTube, twitter, etc… all their apps look the same between platforms rather than adapting the platform’s native UX logic), but it’s definitely something to keep in mind. If your app’s UX needs to feel as much as a native app as possible, then you should at the very least have a different layout and different front-end interactions for each platform you are supporting. Having said that, Cordova means that instead of writing the same application two or three times and maintaining three different code base (one for each platform), you can just have three different layouts.
  • Performance and app size
    Well, this goes without saying. You’re running your  app in a webview, it’s not going to reach native performance. Still, I tried my cordova app in an average android phone, and it performed as well as most native apps from a user perspective, so..

 

by Errietta Kostala at January 14, 2016 11:49 PM

December 04, 2015

erry's blog

November 30, 2015

erry's blog

The long-awaited Mozfest 2015 post!

As I hope you know, Mozfest 2015 took place from November 6 to November 8 2015 at Ravensbourne UK. Mozfest is organised by Mozilla, but it is not entirely about Mozilla products. Instead, it aims to get people together talking about policies Mozilla cares about as an organisation – such as being open, promoting free speech, and working against surveillance.

A quote printed on a piece of paper found in a fortune cookie. It says 'The opposite of "open" isn't closed. The opposite of "open" is "broken" - John Wilbanks @wilbanks'

The opposite of open isn’t “closed”, it’s “broken”

I was invited to Mozilla Festival as part of my new role as a Participation Leader At Global Events™. As Official™ and Important™ as that sounds, it’s really not. Being a participation leader isn’t being above others – on the contrary, it’s encouraging other people to be leaders as well. We can all lead participation, together!

 

A poster at Mozfest explaining participation leaders' role. It says "Participation leaders design for impact, mobilize action and networks, and serve to unleash Mozillian potential"

A poster at Mozfest explaining participation leaders’ role

In the participation space, there was lots of discussion of problems people face contributing. Lack of time and organisation, lack of support for non-technical projects, and the perceived very high barrier to entry were just some of these. However, there was also lots of discussions on solutions, and mainly how we – as participation leaders – can change these things.

A "candy poll" stall at Mozilla festival. The sentence "I know how to participate at Mozilla" is printed on a poster. There are two candy containers, one labelled "yes" and the other "no".

Surely, such a poll could never be skewed…

Apart from sharing ideas on how to participate, there were also practical sessions that helped defeat the notion that the barrier to entry was high, and showed people first-hand how they can be involved – as well as answered any of their questions. I ran my own session in this format, entitled “FirefoxOS app-building workshop”. It was a bigger success than imagined – we must have had about 15 participants! I kept the session very practical, making giving a very small starting tutorial on Firefox OS based on my workshop blog post. I can say that it went better than last year’s session – both in attendance and in participant satisfaction. By the end of the session, everybody had built something, which was exactly what I wanted. If you can build an app in one hour, it can’t be that hard, can it?

A poster for the session I ran at Mozfest. On the left, there is a drawing of a smart phone with "ffOS" written on the screen. On the right, the phrase "Firefox OS app-building workshop - Sunday 14:45 at 401. It's easy!" is written.

The session was far superior to my drawing skills.

 

My inspiration from the festival was to continue spreading the ‘participation bug’ to others. I want them to know how good participating is and how easy it is to get involved. As such, I really want to run a similar workshop to my previous one, or an open source hackathon/workshop in my local community, which is my goal for 2016 as a participation leader!

What do you think? Is that a good idea? What would you do?

by Errietta Kostala at November 30, 2015 01:38 PM

November 12, 2015

erry's blog

Dear circuit laundry: your UX SUCKS!

Ah, the joys of student life. Not only is accommodation absurdly expensive (Over 100 pounds a week to live near campus outside London. I’m not going to mention London prices, because anybody who doesn’t already know them is going to have a heart attack.), but laundry costs on top of that.

And not only that, paying for it is DIFFICULT!

I went to the laundry room and saw I had no credit. So my thought was, “okay, I’ll just top up from my smartphone.” To my dismay, I soon realised it’d have been much faster to just run to my room and do it from my laptop!

First of all, the site is of course not responsive. Way to go to fit a huge site in a tiny screen like that.

Secondly, the only login method is username and password. Despite the fact that you have my laundry card number and my phone number. Seriously. It’s just laundry, not a bank account. Make an easier login system that just texts you a code and for extra paranoia, allow that to only top up.

Thanks to your current system, I could hardly fill out the form because mobile, I needed to reset my password which is also hard to type on mobile, and then log in to PayPal (with two factor auth and all!) and finally pay.

And then I had to swipe my card once to top up, again to confirm, then two more times to start the laundry!

The whole top up took over ten minutes. Absolutely absurd. Had I a choice, I’d not be using your service.

I don’t have a choice, though, so feel free to not change anything.

 

 

 

by Errietta Kostala at November 12, 2015 12:29 AM

November 11, 2015

erry's blog

To me, no localisation is better than bad localisation.

I am Greek, and when I lived in Greece and had my system language to Greek, the first thing I would usually do would when installing a piece of software or visiting a website that realised the fact that I’m Greek would be to ensure it’s set to English. The reason is partly because that’s how most people would use the software in question so I would be able to Google how to do something more easily, but also because sometimes the Greek localisation is… more difficult to understand than if it were just in English. Some things I’ve seen throughout my life:

  • Terrible, incomprehensible grammar thanks to using automated translation software to translate your UI (Don’t do this!)
  • Direct translation of date formats, ending in something that would directly trnaslate as “Of November 11”, which is about as right in Greek as it is in English.
  • Doing half a job, and making it obvious. Non-localised text in the middle of localised text, localised text that hasn’t been updated this century (ISTR the University of Piraeus’ English page mentioning really ancient hardware, while their Greek page didn’t. While I don’t doubt they do have really ancient hardware, I think their failure to remove the evidence from their English page is due to them never updating that page), or straight out leading a user to a non-localised screen without letting them know.
  • Stuff like this:translation-fails

 

What are your favourite localisation fails? Let me know!

 

by Errietta Kostala at November 11, 2015 03:02 PM

October 31, 2015

erry's blog

Firefox OS App building workshop

Hello world

 

Making a basic hello world app is as easy as making a simple web page. You can even do it straight from your browser!

I recommend taking advantage of Firefox’s WebIDE to make firefox OS application building a breeze, at least at first.

Simply press shift+F8, or from the hamburger menu click ‘Developer’ then find ‘WebIDE’. You should see something like this:

Firefox OS IDE

Firefox OS IDE

 

You can use this environment to test already-made apps and even take a look at FirefoxOS’s native apps if you have a debug environment! However, we’re currently going to use it to make a brand-new app.

Simply go to Project->New, and select ‘Hello World’ App, then follow the instructions.

making a new Firefox OS app

making a new Firefox OS app

 

Once done, You should be able to see a list of files in the left-hand side, being “icons/”, “app.js”, “index.html”, and “manifest.webapp”. (If not, make sure View->Toggle Editor is enabled.)

index.html and app.js work exactly like they would for any other website. If you open them, you’ll see regular HTML and JavaScript code. The only “special” file currently here is “manifest.webapp”. This is required for Firefox OS Web apps, and it tells the OS some information about the app:

{
"name": "HelloApp",
"description": "A Hello World app",
"launch_path": "/index.html",
"icons": {
"16": "/icons/icon16x16.png",
"48": "/icons/icon48x48.png",
"60": "/icons/icon60x60.png",
"128": "/icons/icon128x128.png"
},
"developer": {
"name": "Your name",
"url": "http://example.com"
}
}

You can change the name, description, and developer name and URL to match you and your app. launch_path may also be interesting for more advanced apps, as it’s your app’s default/first page.

If you want to take this hello world app for a go, you need to either plug in a phone or install a simulator, which you can do from the ‘select runtime’ menu, and install the newest stable (2.2)

Selecting a runtime for the IDE

Selecting a runtime for the IDE

Once you’ve installed the simulator, you can launch it in the same way.

You can then launch your app by clicking the ‘play’ button. You can also click the ‘wrench’ button, to get your regular web developer tools!

App debugging

App debugging

As you can see, we easily got a ‘hello world’ app, and it can be inspected easily just like any normal website.

Adding firefox and online APIs

Now we can make this into a basic weather app. Let’s start by adding a few things to our HTML file:

<html>
  <head>
    <title>
      My app
    </title>
    <script src="jquery.js"></script>
  </head>
  <body>
  <div id="offline" style="display:none">
    <img src="offline_cloud.png">
  </div>
  <div id="data">
  </div>

    <script src="app.js"></script>
  </body>
</html>

I added JQuery for AJAX requests. The #offline Div will be displayed when we detect we’re offline (more on that in a bit), #data will hold the data we’ll get from the weather API, and I included a script file, app.js which we’ll be writing.

var appid = 'your-app-id';

function handleChange() {
    //firefox API
    updateHTML(!navigator.onLine);
}

//we get passed on a boolean that's true if we're offline.
function updateHTML(isOffline) {
  console.log(isOffline);
    //remember #offline div?
    var offline = document.getElementById('offline');

    if (isOffline) {
        offline.style.display = '';
        updateData(getOfflineData());
    } else {
        offline.style.display = 'none';

        //getAPIData accepts a function as an argument, which it calls once it's done.
        setInterval(function() {
            getAPIData(
                function(data) {

                    //firefox OS api!
                    window.navigator.vibrate(200);
                    updateData(data);
                });
        }, 60000);

        getAPIData(
            function(data) {
                window.navigator.vibrate(200);
                updateData(data);
            });
    }
}


handleChange();


//check if we're still online
setInterval(
    handleChange,
    60000
);


function getAPIData(callback) {
    var dataDiv = document.getElementById('data');

    if (!dataDiv.innerHTML) {
        dataDiv.innerHTML = "loading...";
    }

    $.ajax({
            url: "http://api.openweathermap.org/data/2.5/weather?q=London,uk&units=metric&appid=" + appid,
        })
        .done(function(data) {
            
            if (callback && typeof callback === 'function') {
                callback(data);
            }

            console.log("Sample of data:", data);
        });
}

function updateData(data) {
  if (!data || !data.main) {
        return;
    }
  
    window.localStorage.setItem('data', data);
    var dataDiv = document.getElementById('data');
    console.log(data);
   
    dataDiv.innerHTML = data.main.temp;
}

function getOfflineData() {
    return localStorage.getItem('data');
}

You should now have a basic weather app!

Resources

Now what? How do I expand on this?

https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS

https://developer.mozilla.org/en-US/Apps/Build/Building_apps_for_Firefox_OS/Firefox_OS_app_beginners_tutorial

 

– Mozilla’s guides on app building

https://developer.mozilla.org/en-US/Marketplace/Publishing/Introduction

how to publish an app

 

by Errietta Kostala at October 31, 2015 11:45 PM

October 27, 2015

Md's blog

Per-process netfilter rules

This article documents how the traffic of specific Linux processes can be subjected to a custom firewall or routing configuration, thanks to the magic of cgroups. We will use the Network classifier cgroup, which allows tagging the packets sent by specific processes.

To create the cgroup which will be used to identify the processes I added something like this to /etc/rc.local:

mkdir /sys/fs/cgroup/net_cls/unlocator
/bin/echo 42 > /sys/fs/cgroup/net_cls/unlocator/net_cls.classid
chown md: /sys/fs/cgroup/net_cls/unlocator/tasks

The tasks file, which controls the membership of processes in a cgroup, is made writeable by my user: this way I can add new processes without becoming root. 42 is the arbitrary class identifier that the kernel will associate with the packets generated by the member processes.

A command like systemd-cgls /sys/fs/cgroup/net_cls/ can be used to explore which processes are in which cgroup.

I use a simple shell wrapper to start a shell or a new program as members of this cgroup:

#!/bin/sh -e
CGROUP_NAME=unlocator

if [ ! -d /sys/fs/cgroup/net_cls/$CGROUP_NAME/ ]; then
  echo "The $CGROUP_NAME net_cls cgroup does not exist!" >&2
  exit 1
fi

/bin/echo $$ > /sys/fs/cgroup/net_cls/$CGROUP_NAME/tasks

if [ $# = 0 ]; then
  exec ${SHELL:-/bin/sh}
fi

exec "$@"

My first goal is to use a special name server for the DNS queries of some processes, thanks to a second dnsmasq process which acts as a caching forwarder.

/etc/dnsmasq2.conf:

port=5354
listen-address=127.0.0.1
bind-interfaces
no-dhcp-interface=*

no-hosts
no-resolv
server=185.37.37.37
server=185.37.37.185

/etc/systemd/system/dnsmasq2.service:

[Unit]
Description=dnsmasq - Second instance
Requires=network.target

[Service]
ExecStartPre=/usr/sbin/dnsmasq --test
ExecStart=/usr/sbin/dnsmasq --keep-in-foreground --conf-file=/etc/dnsmasq2.conf
ExecReload=/bin/kill -HUP $MAINPID
PIDFile=/run/dnsmasq/dnsmasq.pid

[Install]
WantedBy=multi-user.target

Do not forget to enable the new service:

systemctl enable dnsmasq2
systemctl start dnsmasq2

Since the cgroup match extension is not yet available in a released version of iptables, you will first need to build and install it manually:

git clone git://git.netfilter.org/iptables.git
cd iptables
./autogen.sh
./configure
make -k
sudo cp extensions/libxt_cgroup.so /lib/xtables/
sudo chmod -x /lib/xtables/libxt_cgroup.so

The netfilter configuration required is very simple: all DNS traffic from the marked processes is redirected to the port of the local dnsmasq2:

iptables -t nat -A OUTPUT -m cgroup --cgroup 42 -p udp --dport 53 -j REDIRECT --to-ports 5354
iptables -t nat -A OUTPUT -m cgroup --cgroup 42 -p tcp --dport 53 -j REDIRECT --to-ports 5354

For related reasons, I also need to disable IPv6 for these processes:

ip6tables -A OUTPUT -m cgroup --cgroup 42 -j REJECT

I use a different cgroup to force some programs to use my office VPN by first setting a netfilter packet mark on their traffic:

iptables -t mangle -A OUTPUT -m cgroup --cgroup 43 -j MARK --set-mark 43

The packet mark is then used to policy-route this traffic using a dedicate VRF, i.e. routing table 43:

ip rule add fwmark 43 table 43

This VPN VRF just contains a default route for the VPN interface:

ip route add default dev tun0 table 43

Depending on your local configuration it may be a good idea to also add to the VPN VRF the routes of your local interfaces:

ip route show scope link proto kernel \
  | xargs -I ROUTE ip route add ROUTE table 43

Since the source address selection happens before the traffic is diverted to the VPN, we also need to source-NAT to the VPN address the marked packets:

iptables -t nat -A POSTROUTING -m mark --mark 43 --out-interface tun0 -j MASQUERADE

October 27, 2015 03:02 AM

September 18, 2015

freenode staffblog

Services database purge

On or around Friday, October 2nd, we shall be cleaning up the services database. This involves the bulk removal of expired nicks, channels and accounts.

Therefore, please remember to identify to services when you connect ( /msg nickserv help identify ) and to use your grouped nicks whilst identified - remember, they all expire separately.

Nicks that are past the expiry threshold of 120 days unidentified on October 2nd will be freed from the database and available for others to register.

If you have a nick grouped to your account that you'd prefer to use as your main nick, you can change your account name - see /msg nickserv help set accountname for information.

Remember you can use sendpass to recover lost passwords - see /msg nickserv help sendpass.

by mrmist at September 18, 2015 08:58 AM

September 16, 2015

erry's blog

Setting up OpenVPN to use on your chromebook

Chromebooks are fun, light, and have a long battery life, which is why I use one. It’s an awesome companion for travelling, studies, and other cases that require long battery life and mobility more than they do computing power.

ChromeOS lacks some of the capabilities you find on Windows OS’s and Linux distributions, but it does have built-in OpenVPN support. However, it currently requires a specific configuration and some work to get to work. This post hopefully explains how!

OpenVPN server

On your server box, start by setting up the OpenVPN server.

sudo apt-get install openvpn

Locate the easy-rsa directory. It can be in /usr/share/doc/packages/openvpn /usr/share/doc/openvpn or /usr/share/easy-rsa/, or in certain cases you may have to install easy-rsa seperately. In either case, once you’ve found it, cd to it:

cd /usr/share/easy-rsa/

Now, we can build our ca certificate:

. ./vars
./clean-all
./build-ca

Follow all the instructions given when running that script. It should ask some questions, answer accordingly.
This should generate ca.crt. Copy this file to your chromebook, as you will need it. Furthermore, copy it to your OpenVPN configuration directory, usually /etc/openvpn

Now we can build a key for the openvpn server:

./build-key-server server

The ‘server’ argument will determine the name of the resulting key, in this case you should end up with server.crt and server.key. Copy them in /etc/openvpn as well.

Now we can build a key for our client. Run:

./build-key client1

This will generate client1.key and client1.crt. Normally you should be able to use these files to connect, however chrome OS requires a different format. We can convert the client key now that we have the required files:

openssl pkcs12 -export -in client1.crt -inkey client1.key -certfile ca.crt -name MyClient -out client.p12

If done correctly, you should end up with client.p12. Copy this to your chromebook, as you will need it.

Finally, run

./build-dh

Congratulations, you finally have ALL the files you need! Now you need to edit the OpenVPN configuration. This is usually in /etc/openvpn/server.conf

sudo vim /etc/openvpn/server.conf

Since chrome OS does not yet have the UI to allow for all possible OpenVPN settings, you need specific settings set.

Firstly, since Chrome OS requires both password AND key authentication, you need to enable the PAM module:

plugin  /usr/lib/openvpn/openvpn-plugin-auth-pam.so login

Unfortunately, the location of this plugin varies per distribution, so please double-check its location for your server.

The server type should be UDP, and the device set to ‘tun’:

proto udp
dev tun

Now, make sure the server cert and key are set properly. These are the files you generated earlier. Ensure these files are in /etc/openvpn and their names are right:

ca ca.crt
cert server.crt
key server.key # This file should be kept secret
dh dh2048.pem

You can configure your OpenVPN to handle DHCP and DNS:

push "redirect-gateway def1 bypass-dhcp bypass-dns"

If you don’t want to do that, keep only “redirect-gateway def1”. Both configs should work.

Set DNS:

push "dhcp-option DNS 8.8.8.8"
push "dhcp-option DNS 8.8.4.4"

If comp-lzo is enabled, you need to disable it, since chromeOS does not support it:

# comp-lzo

Any settings not mentioned above can be left to defaults.

Now you should restart OpenVPN

sudo /etc/init.d/opennms restart

You can check /var/log/syslog to see if it restarted properly, and correct any errors.

Chromebook client

Now that your server is working fine, it’s time to set up the client.

First, make sure you’ve generated and copied ca.crt and client.p12 from before.
Now, we’re going to need to import the certificate authority’s cert and our key into Chrome OS.
Navigate to chrome://settings/certificates

In the Authorities tab click Import and find ca.crt. You will be asked if you want to trust the CA; “trust this certificate for identifying websites” should be checked there, otherwise your self-signed cert will be rejected by Chrome OS.

Now, from the chrome://settings/certificates page, navigate to “your certificates”. You need to click import and bind to device, and NOT import. Select the .p12 file. You should now see your certificate and “(hardware-backed)” if done correctly.

Adding the VPN

Hopefully, you can now add the VPN to chrome OS. Click on the bottom right (where the clock, network, battery, etc. are), and bring up the network settings. Click “Add connection” and select “OpenVPN/L2TP”

Fill it in thusly:
Server hostname: the IP address or host name of your VPN server.
Service name: This is just the name the network will be saved under, can be anything.
Provider type: OpenVPN
Server CA certificate: This is the CA certificate you imported earlier. If done correctly, it will appear in the drop down here.
User certificate: This is the user certificate you imported. If done correctly, it’ll be here and say “hardware-backed”.
Username/Password: Your Server username and password.

Leave everything else empty/default. Hopefully, it’ll connect!

Debugging

If something fails, these are the places you can look to find what’s going on:

  • /var/log/syslog on your server will tell you if ChromeOS is trying to connect at all, and if yes, what problem it’s having
  • If ChromeOS is not trying to connect at all, it most likely doesn’t like something in your certificate or settings. chrome://system contains the user log, syslog, netlog, and network-services log where you can hopefully get some more verbose error message about WHAT it doesn’t like!
  • If the VPN connects but you have no Internet connection, make sure you’ve done the required network forwarding server side, e.g.:
    iptables -t nat -A POSTROUTING -s 10.8.0.0/24 -o eth0 -j MASQUERADE

    . The OpenVPN documentation has more explanation on that.

Settings not supported by the ChromeOS UI

Allegedly, you can force Chrome OS to accept settings like comp-lzo and other settings the gui doesn’t support, by creating a configuration file. You can read that document and try to follow it if you’re particularly a glutton for punishment.

That’s it! Enjoy your (hopefully) VPN-connected chromebook.

Sources:
OpenVPN on ChromeOS which helped me find out how to import certificates and all that jazz.
OpenVPN HOWTO!

by Errietta Kostala at September 16, 2015 12:20 PM

August 25, 2015

RichiH's blog

Tor-enabled Debian mirror, part 2

Well, that was quite some feedback to my last post; via blog, email, irc, and in person. I actually think this may be the most feedback I ever got to any single blog post. If you are still waiting for a reply after this new post, I will get back to you.

To handle common question/information at once:

  • It was the first download from an official Tor-enabled mirror; I know people downloaded updates via Tor before
  • Yes, having this in the Debian installer as an option would be very nice
  • Yes, there are ways to load balance Tor hidden services these days and the pre-requisites are being worked on already
    • Yes, that load balanced setup will support hardware key tokens
  • A natively hidden service is more secure than accessing a non-hidden service via Tor because there is no way for a third-party exit node to mess with your traffic
  • apt-get etc will leak information about your architecture, release, suites, desired packages, and package versions. That can't be avoided, but else it will not leak anything to the server. And even if it did.. see above
  • Using Tor is also more secure than normal ftp/http/https as you don't build up an IP connection so the server can not get back to the client other than through the single one connection the client built up
  • noodles Tor-enabled his partial debmirror as well: http://earthqfvaeuv5bla.onion/
    • It took him 14322255 tries to get a private key which produced that address
    • He gave up to find one starting with earthli after 9474114341 attempts
  • I have been swamped with queries if I had tried apt-transport-tor instead of torify
    • I had forgotten about it, re-reading the blog post reminded me about apt transports
    • Tim even said in his post that Tor hidden mirror services would be nice
    • Try it yourself before you ask ;)
    • Yes, it works!

So this whole thing is a lot easier now:

# apt-get install torsocks apt-transport-tor
# mv /etc/apt/sources.list /etc/apt/sources.list--backup2
# > /etc/apt/sources.list << EOF
deb tor+http://vwakviie2ienjx6t.onion/debian/ unstable main contrib non-free
deb tor+http://earthqfvaeuv5bla.onion/debian/ unstable main contrib non-free
EOF
# apt-get update
# apt-get install vcsh

by Richard &#x27;RichiH&#x27; Hartmann at August 25, 2015 11:11 PM

Tor-enabled Debian mirror

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from security.debian.org, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.

weasel was nice enough to set up a hidden service on Debian's infrastructure; initally we agreed that he would just give me a VM and I would do the actual work, but he went the full way on his own. Thanks :) This service is not redundant, it uses a key which is stored on the local drive, the .onion will change, and things are expected to break.

But at least this service exists now and can be used, tested, and put under some load:

http://vwakviie2ienjx6t.onion/

I couldn't get apt-get to be content with a .onion in /etc/apt/sources.list and Acquire::socks::proxy "socks://127.0.0.1:9050"; in /etc/apt/apt.conf, but the torify wrapper worked like a charm. What follows is, to the best of my knowledge, the first ever download from Debian's "official" Tor-enabled mirror:

~ # apt-get install torsocks
~ # mv /etc/apt/sources.list /etc/apt/sources.list.backup
~ # echo 'deb http://vwakviie2ienjx6t.onion/debian/ unstable main non-free contrib' > /etc/apt/sources.list
~ # torify apt-get update
Get:1 http://vwakviie2ienjx6t.onion unstable InRelease [215 kB]
Get:2 http://vwakviie2ienjx6t.onion unstable/main amd64 Packages [7548 kB]
Get:3 http://vwakviie2ienjx6t.onion unstable/non-free amd64 Packages [91.9 kB]
Get:4 http://vwakviie2ienjx6t.onion unstable/contrib amd64 Packages [58.5 kB]
Get:5 http://vwakviie2ienjx6t.onion unstable/main i386 Packages [7541 kB]
Get:6 http://vwakviie2ienjx6t.onion unstable/non-free i386 Packages [85.4 kB]
Get:7 http://vwakviie2ienjx6t.onion unstable/contrib i386 Packages [58.1 kB]
Get:8 http://vwakviie2ienjx6t.onion unstable/contrib Translation-en [45.7 kB]
Get:9 http://vwakviie2ienjx6t.onion unstable/main Translation-en [5060 kB]
Get:10 http://vwakviie2ienjx6t.onion unstable/non-free Translation-en [80.8 kB]
Fetched 20.8 MB in 2min 0s (172 kB/s)
Reading package lists... Done
~ # torify apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  vim-common vim-nox vim-runtime vim-tiny
Suggested packages:
  ctags vim-doc vim-scripts cscope indent
The following packages will be upgraded:
  vim vim-common vim-nox vim-runtime vim-tiny
5 upgraded, 0 newly installed, 0 to remove and 661 not upgraded.
Need to get 0 B/7719 kB of archives.
After this operation, 2048 B disk space will be freed.
Do you want to continue? [Y/n] 
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
(Reading database ... 316427 files and directories currently installed.)
Preparing to unpack .../vim-nox_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-nox (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim_2%3a7.4.826-1_amd64.deb ...
Unpacking vim (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-tiny_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-tiny (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-runtime_2%3a7.4.826-1_all.deb ...
Unpacking vim-runtime (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-common_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-common (2:7.4.826-1) over (2:7.4.712-3) ...
Processing triggers for man-db (2.7.0.2-5) ...
Processing triggers for mime-support (3.58) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Setting up vim-common (2:7.4.826-1) ...
Setting up vim-runtime (2:7.4.826-1) ...
Processing /usr/share/vim/addons/doc
Setting up vim-nox (2:7.4.826-1) ...
Setting up vim (2:7.4.826-1) ...
Setting up vim-tiny (2:7.4.826-1) ...
~ # 

More services will follow. noodles, weasel, and me agreed that the project as a whole should aim to Tor-enable the complete package lifecycle, package information, and the website.

Maybe a more secure install option on the official images which, amongst others, sets up apt, apt-listbugs, dput, reportbug, et al up to use Tor without further configuration could even be a realistic stretch goal.

by Richard &#x27;RichiH&#x27; Hartmann at August 25, 2015 07:50 AM

August 24, 2015

RichiH's blog

DebConf15

Even though the week of DebCamp took its toll and the stress level will not go down any time soon...

...DebConf15 has finally started! :)

by Richard &#x27;RichiH&#x27; Hartmann at August 24, 2015 10:48 PM

August 02, 2015

erry's blog

I survived a year at Shadowcat!

As you may know, I did a placement year/”year in industry” as part of my University degree. This is basically done in one’s third year of studies, before their final year and it helps get experience in the ‘real’ world before graduating.

I had the ability to do a placement at Shadowcat Systems, a Lancaster-based consultancy. I worked on projects for clients, helping them resolve bugs, write test cases, and add new features to their applications, which used a variety of technologies, including Perl and JavaScript.

I also helped develop ShadowNMS, a web application that uses OpenNMS to monitor the response time and availability of clients’ services, such as web servers, ssh servers, and more. My role in the project was a full-stack developer, as I worked in the angular front-end, the perl back-end, as well as in developing the PostgreSQL database schema. I led the development of the angular front-end, as I already had javascript and angular experience from working on Open Source projects.

My placement year gave me the financial ability to travel and see many new places, which I am extremely grateful for. I was given scholarships for many interesting conferences: Mozfest, London Perl Workshop, FOSDEM, and a Mozilla all-hands conference in Whistler. This allowed me to grow as a person, improve my technical skills and meet many new friends.

Working in the industry for the first time ever was tiring, stressful and difficult at times. But it was mostly awesome – I became good friends with my colleagues, whom I’ll grately miss now that I’ve left, plus I got to work in many different projects, see how a real company handles specific issues, and learn many new things about Perl, Catalyst, angular, and more.

I’m now very much looking forward to going back to uni for my final year – I see myself likely to get a first class degree upon graduation!

by Errietta Kostala at August 02, 2015 02:26 PM

July 06, 2015

erry's blog

Mozilla conference at Whistler, BC

Foxy hugs

Foxy hugs

I had the pleasure to spend the week of the 22nd – 27th of June in Whistler, BC for Mozilla’s all-hands conference, called Mozilla Work Week. The invitation came out of the blue, and I am extremely grateful to have received it! I could say that it was some of the best moments I’ve had in my life.

Mozilla likes looking out the window

Mozilla likes looking out the window

Arriving in Whistler I realised that it’s such a beautiful place that it’s almost unreal. I was exhausted from the jet lag (let’s just say that this was a 9.5 hour flight leaving Manchester at Monday 1200 BST and arriving at Vancouver at Monday 1330 PDT…), travel, and finding my hotel, but when I got to the hotel reception I was greeted by a sign saying ‘welcome mozillians’, and some of my most favourite Mozilla people which made me feel a lot better! I had to contain myself so that I could check in before talking to them and handing out hugs!

When I got to my hotel room I was greeted by another little box which contained my conference badge, stickers, and, most importantly, meal vouchers. Mmmm. It also had a bath tab, which I gladly used before getting some well-deserved sleep.

A much appreciated welcome

A much appreciated welcome

A much appreciated welcome

A much appreciated welcome

The conference finally started the next morning. The very first session was an all-hands, including every single person at Mozilla, and I was extremely happy to be one such person! The all-hands reminded us that we’re awesome… and we had some good inspiration on how we can come together and work together. We learned about making sure we ‘date’ our users; that is, working with them to ensure we’re delivering software that they need and want to use. Some of us even had the opportunity to make little ducks out of lego!

The afternoon found me back at my hotel, attending some AMA sessions and discussions with various people at Mozilla Foundation. This was also a chance of me to find more of the Webmaker team, the team that I work the most with, together and socialise. I also attended the Mozilla science fair, where I could see what cool new things each team had to showcase. The most exciting things were Web of Things libraries that allowed controlling hardware, such as LEDs through your browser, and VR code that worked with Oculus Rift to facilitate stunning, immersive games and applications.

Mark Surman with a chainsaw

Chainsaw time.

The next day, Wednesday, included a demonstration fo the Webmaker project. I attended this and helped collect suggestions and bugs for the github issues page while building an application with two other mozillians.

I also attended a session on Radical Participation (which was radical!). We listened to speakers, such as CEOs of other companies, talk about how they make sure their staff and users are included in the process of building their products. One of my favourite talks was about the Obama electorial campaign in 2012, in which actual every day people had their say on issues they wanted resolved, and the campaign was ran by volunteers working from their homes, garages, etc!

Thursday was the busiest day for me. I attended a picnic with the Webmaker engineering team where we discussed ways we could improve the contribution experience for the project, for example by providing some tutorial sessions where we help volunteers with the initial installation, as well as technical tutorials for JavaScript, React, Java, and other needed skills, which I think is an amazing idea and I’m looking forward to!

After the picnic I had another participation session with Emma Irwin (<3) and her team. The session attendants consisted primarily of volunteers, which I found very good since we could all talk about our own experience and the problems we faced. I talked about installation being difficult and sometimes having to wait to get help with it, as well as volunteers asking for mentorship and more clear pointers on bugs, some of which can be very vague, and sometimes not getting a response for months. I also spent some time hacking on a React application with my beloved Kate Hudson so that I could learn more about it. The evening also consisted of a Mozilla Foundation party where I was thanked for my contributions! [caption id="attachment_540" align="aligncenter" width="1000"]Engineers need to eat, too Engineers need to eat, too[/caption]

Finally, Friday was a bittersweet day. Sweet because we took an amazing group photo with Foxy mascot, and had a great party up in the mountain! We took the Whistler gondola, which took us to the peak of the mountain while providing us with a unique experience and a really amazing view. The party itself had food, drinks, and Mozillian karaoke and dance.

Of course, it was bitter because it was the last day of the conference. I will miss Whistler, I will miss my Mozillian friends (even though we talk online!) and I’m looking forward to the next amazing opportunity being a Mozillian gives me!

goin' up

goin’ up

goin' up

goin’ up

at the top of the peak!

at the top of the peak!

at the top of the peak!

at the top of the peak!

by Errietta Kostala at July 06, 2015 11:53 PM

June 13, 2015

erry's blog

Form sins: part two

This is a continuation of my previous rant on mistakes web developers make that make forms unusable. Here are other things I’ve noticed, mostly about forms that need your address:

  • Requiring a ‘middle name’. They’re not used in every country in the world.
  • Having a broken country input. This, in my experience, has ranged from having only one country option (????), to doing something that will break the browser’s ability to skip to a particular option by typing the first letter. By the way, why do we even use select boxes for them in 2015? This is one of the things that you would be absolutely justified to use a jquery autocomplete box for (with a select polyfill if JS is disabled)
  • Requiring a “state”. Most forms nowadays are smart enough to change the input depending on the country, but not everyone lives somewhere with states.
  • AJAX submit flows without a loading indicator. Great, thanks for having me guess if your form is stuck, if I clicked the button wrong, or if I just need to wait because you didn’t do anything to indicate I’m waiting for an AJAX request.
  • Purchase flows that don’t have a way to go back to the previous step or cancel on every single step. I saw this on a piece of software: “connecting to paypal” screen, something went wrong and the paypal window never opened, and I had no way to cancel and go back without closing the window and starting over.
US only form option

Gee, thanks for the option..

So, what do you think? Am I, once again, just being grumpy? Should there be a part 3? :-D

by Errietta Kostala at June 13, 2015 02:50 PM

June 12, 2015

RichiH's blog

Happy Friday!!

So, what do you do before you break the Internet?

You tweet this:

by Richard &#x27;RichiH&#x27; Hartmann at June 12, 2015 11:31 AM

June 10, 2015

erry's blog

Web forms

Web forms. They are used everywhere.
Yet I have seen so many things done in them, that have made it difficult for even myself (a tech-savvy user, a web developer) to fill in. This should not happen.

Filling in web forms is required for many reasons, yet to many users it’s possibly the most tedious part of the user experience. This is understandable; it requires typing in information, having to find your credit card if you’re making a purchase, remembering your email and phone number, and often making mistakes and having to start over.

In order to not have our users ragequit in the middle of filling out our form, we should at least make it as easy as possible, and not hinder their experience even more.

Here are some things (in no particular order), that I have witnessed happening in web forms, and that I absolutely don’t think you should do. Some are more opinionated, others are common sense.

  • If it takes more than one try to fill out a form (barring typos, etc) you’re doing it wrong.
  • If you’re using custom JavaScript controls that break in certain browsers or make the experience harder rather than easier, you’re doing it wrong. Find another way to present your input field. I would much rather have to type in my birthday than deal with a JavaScript calendar that displays incorrectly and in which I have to manually go back 21 years to find my birth year.
  • If you’re using your own autocompletion script without disabling the browser’s, your punishment should be having to fill out your own form. Seriously, it’s nearly impossible to select something from a JQuery drop-down when your browser’s autocompletion is displayed on top of it. Just disable autocomplete for that input and move on.
  • For most forms, if your form takes more than 2 minutes to fill out (not taking typing speed into account), you’re doing it wrong. If it has to be a long form, please at least consider breaking it in different parts.
  • On the same note, if the form is something that you know takes a long time to fill out (e.g. job application forms with many/long questions) and you expire sessions after 30 minutes (I’ve had this exact thing happen…), your punishment should be having to fill out your own form.
  • If my grandmother can’t figure out your form on the first try, you’re doing it wrong.
  • If your form isn’t usable from a screenreader, your code should be able to take your ability to see away.
  • If your form requires JavaScript, seriously re-think it. JavaScript can be used to make the experience faster and easier to the user, but for the most part your average form should not require it. This is particularly bad if you have the submit button disabled by default with no explanation. Never, ever, do that.
  • If your form loses the filled in data after an error, you should have to fill out your own form 10 times.
  • If your form doesn’t make it clear where the error is, you’re doing it wrong.
  • If your form has required disabled fields that are automatically filled in based on other input… (Yes, I’ve seen forms that do it. It never, ever works well. Ever.)
  • Bear in mind that people on the Internet don’t read. They skim through text. Therefore, if most forms do something one way, you should probably not try to do it the opposite way. What do I mean with this? Today I saw this:

    “Are you under 18? [ ] No [ ] Yes”

    99% of forms I’ve seen usually have “Yes” radio buttons first. I accidentally selected the wrong option in the form I’m talking about, and it actually managed to confuse me. I know this may just be me reading even less than the average user, but i would personally rephrase the question: “Are you over 18? [ ] Yes [ ] No”. This is both closer to what most forms do with age questions (asking that you’re over the required age), and closer to (at least my) expectations of the order of Yes/No buttons.

What do you think? Do you agree with the above, or am I just grumpy and nitpicky?

by Errietta Kostala at June 10, 2015 10:19 AM

May 30, 2015

erry's blog

Calling all women in IT

Hello,

So, being on the Internet a lot, I’ve seen several tweets from tech event organisers that have had difficulty finding women in IT to invite to their talks. While I understand there are (unfortunately) less women in STEM than men, I know that there are still many very talented women. So, I want to write a blog post highlighting women in tech and IT (or even other STEM fields!) and their talents, in order to make it easier for event organisers to find them.

So, this post is targeted at YOU! Are you a woman in technology/IT or another STEM field anywhere in the world?! Write a short paragraph about yourself and what you do in your work and email it to me at [email protected] and you will see yourself here*

*Admittedly not the most popular website in the world…

by Errietta Kostala at May 30, 2015 05:12 PM

May 29, 2015

RichiH's blog

Do what I want

Sesse just gave me the most useful piece of information of this week:

To zoom in/out in Android, you double tap and then drag your finger. All of a sudden, you can use Google Maps in one-handed operation again!

A quick search turned up this gem: Touch mechanics on Android.

Neat.

by Richard &#x27;RichiH&#x27; Hartmann at May 29, 2015 10:19 AM

May 28, 2015

RichiH's blog

On SourceForge

You either die a hero or you live long enough to see yourself become the villain.

And yes, we all know that that SF decided to wrap crapware around Windows installers ages ago and then made it opt-in after the backlash. Doing so for stale accounts makes sense from their PoV, which makes it all the worse.

And no, I don't know how stale that account actually was, but that's irrelevant in this context either way.

by Richard &#x27;RichiH&#x27; Hartmann at May 28, 2015 12:09 PM

May 18, 2015

erry's blog

A quick review of Scratch

My life as a CodeClub volunteer consists mainly of complaining about wonderful public transport options and working with a program called Scratch. In this post, I will talk about the latter, as it is probably more interesting ;)

Scratch is an interactive, drag-and-drop programming language that allows users to make animations and games. It’s perfect for beginners, as it helps them understand the logic of programming without needing any prior knowledge! The knowledge gained in Scratch can then be applied to real programming languages.

The Scratch Interface

The Scratch Interface

So, how well does it work? I will go through some pros and cons. Note that these are nothing but my own opinion ;)

Pros

Easy to use interface

As mentioned earlier, the interface is very easy to use. You can drag and drop various ‘blocks’, categorised as motion, looks, sound, etc. Definitely easy enough for a 10 year old kid to use.

Online version

Scratch can be used online without downloading. What is more, you can download and upload your work from and to the website, so students need not make an account to save their work. Again, this is good for using in a school environment where installing software may not be possible, and eliminating the need to make an account is useful for students – no need to remember passwords, etc.

Fun!

Scratch can be used to make very fun projects that spark one’s interest, especially when teaching to children. Having fun is the best way to learn. For example, some of the projects I have taught students to build were a space animation, a band, and a game with balloons. Who doesn’t like these things!?

Cons

Scratch has some things I don’t like. Of course, no software is perfect, so this is hardly surprising.

Flash

Scratch requires flash

Scratch requires flash

Need I say more? Dear MIT: 1996 called, it would like its web technologies back.

Now, I understand Flash is a relatively easy way to make applications that will work cross-platform. However, my biggest problem is since Adobe dropped Linux support for Adobe Air, one cannot run the native application on Linux any more. The web version will of course still run as long as flash is installed. However, this is problematic for those wishing to use a raspberry pi for teaching and learning. Raspberry pis are cheap computers, so breaking them is not a problem, and they can be used for building many interesting projects. However, running the web version on a pi may be difficult due to lack of resources – a native version would be SO much better…

The colour scheme.

Blocks are colour coded, which is great – students can immediately know which category a block belongs to just by looking at its colour!
…Except when they can’t.

Coloured blocks

Coloured blocks

As you can see in the above screenshot, few colours look very similar: Motion and Looks (and to some extend, sound), as well as Data, Events, and Control are nearly identical. This problem becomes worse if you’re colour-blind:

How scratch looks with deuteranopia

How scratch looks with deuteranopia


How scratch looks with protanopia

How scratch looks with protanopia

But what’s even worse is that these colours look almost identical when looked at from an interactive board, especially from a distance. This confuses my students because they keep looking in the wrong categories. This may be a problem with the interactive board, but they should have made more of an attempt to make the colours look different, since interactive boards are very common in classrooms.

Closed source.

Last but not least, Scratch is, unfortunately, closed source. This is a huge pity, given that it’s supposed to be about learning and sharing, but its creators seem to have no interest in helping others learn from their work. If it were open source, people could adapt it to their needs, contribute features, and learn from its code!

So, what do you think? Do you use scratch? What’s your opinion? Let me know in the comments, or don’t.

PS: Sorry for not having posted in 100 years.

by Errietta Kostala at May 18, 2015 12:59 AM

April 24, 2015

RichiH's blog

Release Critical Bug report for Week 17

At the current rate, Jessie should release... tomorrow! :)

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1040 (Including 150 bugs affecting key packages)
    • Affecting Jessie: 66 (key packages: 49) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 57 (key packages: 43) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 14 bugs are tagged 'patch'. (key packages: 10) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 3 bugs are marked as done, but still affect unstable. (key packages: 0) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 40 bugs are neither tagged patch, nor marked done. (key packages: 33) Help make a first step towards resolution!
      • Affecting Jessie only: 9 (key packages: 6) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 0 bugs are in packages that are unblocked by the release team. (key packages: 0)
        • 9 bugs are in packages that are not unblocked. (key packages: 6)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46) 87 (71+16)
13 release+7 50 (24+26) 97 (77+20)
14 release+8 51 (32+19) ???
15 release+9 39 (32+7) 82 (49+17)
16 release+10 20 (12+8) 53 (49+4)
17 release+11 24 (19+5) 66 (57+9)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at April 24, 2015 01:08 PM

April 19, 2015

RichiH's blog

Release Critical Bug report for Week 16

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1031 (Including 146 bugs affecting key packages)
    • Affecting Jessie: 53 (key packages: 42) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 49 (key packages: 42) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 12 bugs are tagged 'patch'. (key packages: 9) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 3 bugs are marked as done, but still affect unstable. (key packages: 2) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 34 bugs are neither tagged patch, nor marked done. (key packages: 31) Help make a first step towards resolution!
      • Affecting Jessie only: 4 (key packages: 0) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 1 bugs are in packages that are unblocked by the release team. (key packages: 0)
        • 3 bugs are in packages that are not unblocked. (key packages: 0)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at April 19, 2015 09:35 PM

April 10, 2015

RichiH's blog

Release Critical Bug report for Week 15

Still on the road with shittynet; sorry for missing last week.

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1041 (Including 159 bugs affecting key packages)
    • Affecting Jessie: 82 (key packages: 54) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 65 (key packages: 49) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 19 bugs are tagged 'patch'. (key packages: 13) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 6 bugs are marked as done, but still affect unstable. (key packages: 1) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 40 bugs are neither tagged patch, nor marked done. (key packages: 35) Help make a first step towards resolution!
      • Affecting Jessie only: 17 (key packages: 5) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 8 bugs are in packages that are unblocked by the release team. (key packages: 5)
        • 9 bugs are in packages that are not unblocked. (key packages: 0)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at April 10, 2015 05:45 PM

April 01, 2015

erry's blog

Goin’ to space

I’m happy to announce that I have been selected for one of the most amazing employment opportunities – being the first ever programmer on Mars!

I have been living and training at NASA’s Johnson space centre the past few months, and I am finally ready to be launched into space.

By NASA (Great Images in NASA (image link)) [Public domain], via Wikimedia Commons

By NASA (Great Images in NASA (image link)) [Public domain], via Wikimedia Commons

I will be travelling on the newest, most high-tech space shuttle devised by NASA, which uses classified technology to reach speeds as fast as 0.05 times the speed of light. With that speed, it will only take just over 6 hours to get to Mars!

After arriving, I will be living and working in the underground human settlement that exists on Mars. The work I will be doing is currently classified, but my employer plans to make the software I will develop open source as soon as it’s complete. The outcomes of my work will benefit research – both on Mars and our own planet! I will even be able to work with Mars’s native leader, King Xrhsdpmdf IV, which is a great honour.

I will be leaving this planet forever on Monday, 6th April 2015. I will miss my friends and relatives here, but don’t worry: using a Satellite Internet connection, I will still be able to communicate with you guys!

by Errietta Kostala at April 01, 2015 10:39 AM

March 27, 2015

RichiH's blog

Release Critical Bug report for Week 13

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1039 (Including 155 bugs affecting key packages)
    • Affecting Jessie: 97 (key packages: 65) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 77 (key packages: 51) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 13 bugs are tagged 'patch'. (key packages: 9) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 4 bugs are marked as done, but still affect unstable. (key packages: 1) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 60 bugs are neither tagged patch, nor marked done. (key packages: 41) Help make a first step towards resolution!
      • Affecting Jessie only: 20 (key packages: 14) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 11 bugs are in packages that are unblocked by the release team. (key packages: 7)
        • 9 bugs are in packages that are not unblocked. (key packages: 7)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46) 87 (71+16)
13 release+7 50 (24+26) 97 (77+20)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at March 27, 2015 08:42 PM

March 25, 2015

RichiH's blog

Visiting Hongkong and Shenzhen

TSDgeos had a good idea:

Lazyweb travel recommodations.

So, dear lazyweb: What are things to do or to avoid in Hongkong and Shenzhen if you have one and a half week of holiday before and after work duties? Any hidden gems to look at? What electronic markets are good? Should I take a boat trip around the waters of Hongkong?

If you have any decent yet affordable sleeping options for 2-3 nights in Hongkong, that would also be interesting as my "proper" hotel stay does not start immediately. Not much in ways of comfort is needed as long as I have a safe place to lock my belongings.

In somewhat related news, this Friday's bug report stats may be early or late as I will be on a plane towards China on Friday.

by Richard &#x27;RichiH&#x27; Hartmann at March 25, 2015 09:56 AM

March 23, 2015

Pricey's blog

Chromecasts, Netflix & UI-200

My Chromecast has regularly been refusing to play Netflix streams recently with error ui-200.

Ignoring the onscreen suggestion and initial Netflix support page, a quick search will teach you to factory reset the Chromecast.

It doesn't answer the "Why?" though... It turns out that hitting the "Sign out of all devices" button triggers the issue. I guess the Chromecast stores a token which isn't invalidated or replaced, even if you log in again through the Android app.

Until Netflix/Google fix the bug, it might be time to think about upgrading your Netflix plan or telling "someone" to get their own account!

by Joseph Price ([email protected]) at March 23, 2015 05:59 PM

identifying to the freenode testnet with certfp


freenode will be upgrading their services very soon. One of the major new features that this upgrade will bring is the ability to identify using ssl certificates. Here's a very quick guide on how to get started.

I used atoponce's guide for oftc when writing this up.

You can connect to freenode using ssl without using certfp to identify.

Generating your own certificate

You will need openssl installed. Check your operating systems documentation for this. Once done, the following commands will create a certificate and set sensible permissions:
mkdir -p ~/.irssi/certs
cd .irssi/certs/
openssl req -nodes -newkey rsa:2048 -keyout mynick.key -x509 -days 365 -out mynick.crt
cat mynick.crt mynick.key > mynick.pem
chmod 0400 mynick.key mynick.pem

Needless to say, don't give anyone these files!

Connecting with SSL

The testnet is available at irc://testnet.freenode.net:9003 on ssl so make sure you are connecting to that!

After starting irssi, that means something like:
/network add freenodetest
/server add -auto -ssl -ssl_cert ~/.irssi/certs/mynick.pem -network freenodetest testnet.freenode.net 9003
/save
/connect freenodetest

Or if modifying an existing server config:
use_ssl = "yes";
ssl_verify = "no";
ssl_cert = " ~/.irssi/certs/mynick.pem ";

Once you launch irssi, you should see that you are given usermode +Z:
13:41:49 -!- Mode change [+Z] for user Pricey


If you /whois yourself, you should also see your certificate fingerprint:
14:04:43 -!- Pricey [[email protected]]
14:04:43 -!- ircname : pricechilde
14:04:43 -!- server : barjavel.freenode.net [Paris, FR]
14:04:43 -!- : is using a secure connection
14:04:43 -!- : has client certificate fingerprint aaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbb0000
14:04:43 -!- hostname : 76.10.213.24 76.10.213.24
14:04:43 -!- idle : 0 days 0 hours 0 mins 3 secs [signon: Fri Apr 6 14:04:40 2012]
14:04:43 -!- End of WHOIS

If you don't see the fingerprint line, you need to go back and figure out what you've done wrong.

Giving Services your certificate fingerprint

Finally, we need to tell services about our certificate fingerprint. (If you haven't specified your account password as your server password, sasl'd or had a script take care of it, identify first!)
/msg nickserv cert add aaaaaaaaaaaaaaaaaaaaaabbbbbbbbbbbbbb0000
(using the fingerprint from your whois.)

One final thing of note is that the testnet is using a self signed certificate. You can not simply use the ssl_capath option to point to your distributions existing ssl certificates. Irssi will warn you that this is the case and not connect.

by Joseph Price ([email protected]) at March 23, 2015 05:17 PM

March 20, 2015

RichiH's blog

Release Critical Bug report for Week 12

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1041 (Including 155 bugs affecting key packages)
    • Affecting Jessie: 87 (key packages: 61) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 71 (key packages: 52) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 15 bugs are tagged 'patch'. (key packages: 12) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 1 bugs are marked as done, but still affect unstable. (key packages: 0) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 55 bugs are neither tagged patch, nor marked done. (key packages: 40) Help make a first step towards resolution!
      • Affecting Jessie only: 16 (key packages: 9) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 11 bugs are in packages that are unblocked by the release team. (key packages: 5)
        • 5 bugs are in packages that are not unblocked. (key packages: 4)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46) 87 (71+16)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at March 20, 2015 03:59 PM

March 13, 2015

RichiH's blog

Release Critical Bug report for Week 11

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1053 (Including 152 bugs affecting key packages)
    • Affecting Jessie: 97 (key packages: 63) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 68 (key packages: 50) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 13 bugs are tagged 'patch'. (key packages: 10) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 3 bugs are marked as done, but still affect unstable. (key packages: 1) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 52 bugs are neither tagged patch, nor marked done. (key packages: 39) Help make a first step towards resolution!
      • Affecting Jessie only: 29 (key packages: 13) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 27 bugs are in packages that are unblocked by the release team. (key packages: 13)
        • 2 bugs are in packages that are not unblocked. (key packages: 0)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at March 13, 2015 10:02 PM

March 11, 2015

RichiH's blog

100g for deleting

On the assumption that the post titled "Delete file when you have more than 100g for deleting" on the "Linux.com - Content Feed" is not an elaborate joke, it's not unlikely that it will be deleted so I will conserve it here:

Hello Linix community members,

Today I would like to share a simple script for deleting files when you have more than 100g for deleting and when you try to delete using rm -rm /path/fo/files failed.

To do this I use the following procedure;

first I use a "for" ciclo to read file that I going to delete also you can use a mtime for calculate file's date that you're going to delete or you can to calculate previous date of a past day "x=TZ=GMT+24 date +%Y%m%d"

Ex;

#!/bin/bash -x
x=`TZ=GMT+24 date +%Y%m%d`
delcnt=0
for files in `find /path/of/file/to/eraser/ -name \*$x*.bin.gz`
do
echo "Deleting file $files"
/bin/rm -rf $files
delcnt=$(($delcnt + 1))
done

Best regards

Charles E. Rivera

Solaris Server Specialist Engeeneer

But then, Linux.com still aggregates Phoronix, so their focus is not exactly on quality.

by Richard &#x27;RichiH&#x27; Hartmann at March 11, 2015 10:17 PM

March 06, 2015

RichiH's blog

Release Critical Bug report for Week 10

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1068 (Including 159 bugs affecting key packages)
    • Affecting Jessie: 112 (key packages: 84) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 82 (key packages: 60) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 14 bugs are tagged 'patch'. (key packages: 10) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 1 bugs are marked as done, but still affect unstable. (key packages: 0) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 67 bugs are neither tagged patch, nor marked done. (key packages: 50) Help make a first step towards resolution!
      • Affecting Jessie only: 30 (key packages: 24) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 16 bugs are in packages that are unblocked by the release team. (key packages: 12)
        • 14 bugs are in packages that are not unblocked. (key packages: 12)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41)
12 release+6 93 (47+46)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

by Richard &#x27;RichiH&#x27; Hartmann at March 06, 2015 05:18 PM

erry's blog

Greek article translations: “Greece bullies its children”

Introduction

What is this? This is a new segment that I have no idea how long I’ll keep, if at all. I come from Greece, and you may know that there are certain… not very good things going on there, especially relating to the economy. I believe it’s extremely important for people to understand what’s going on in the country as reported by the simple every day people, instead of the EU, the IMF, etc. There are some intelligent Greek articles available online that talk about and explain these facts, but unfortunately they’re very rarely available in other languages which makes it hard for foreigners to understand our side of the story. This segment will obviously not be of technical nature, so if you want to read something more interesting, you’re welcome to. Theree’s plenty of that.

Today’s article is a worldwide issue, so there are probably many articles about it already in every language of the world. Nevertheless, it’s still an issue that bothers me, and that I want to talk about, and I agree with the greek article, so it’s worth stealing. You can try to read the original article here

World day against bullying: Greece bullies its children

Original by Vasillis Thanopoulos posted on http://www.avmag.gr/av/53563/pagkosmia-imera-kata-tou-bullying-i-ellada-foverizi-ta-pedia-tis/ on March 6th, 2015; Antivirus | HOMOEVOLUTION &Copy 2003-2015

Lately we are becoming spectators of more and more cases of bullying. Young people disappear, mouths remain closed, and educational institutions are transformed into cleustrophobic spaces of punishment and humuliation. How far can we allow this phenomenon to go?

The statistics are shocking. Research done by [a Greek children's charity], “Το Χαμόγελο του Παιδιού”, showed that one in three students of secondary education have become a victim of bullying, while in our country [Greece] is fourth out of six European countries in the amount of cases of bullying, with a percentage of 31.98.

Another study done in 13 Health Centers in Macedonia revealed that one in 20 middle school students are a victim of bullying during their last year of middle school, a percentage that almost doubles in high school.

“Every day that I have to go to school, I’m terrified…”

Bullying is a social phenomenon. Anything that appears to be different from the social norm is alienated. The adults’ stereotypical way of thinking passes on to the children and it’s implemented in a very harsh ways in the societies that they take part in. LGBT individuals have always been victims of this phenomenon.

“I can’t tell anyone…”

Bullying is a timeless phenomenon. We might, in most cases, focus on bullying done in schools, but unfortunately it happens in every age and part of social life. It victimises and creates behaviours that continue and worsen a lot of the time.

The antidote to bullying is education.

Statistics:

42% of educators believe that cases of bullying are kept quiet or underestimated.

Only one in 10 children that are bullied in Greece recieve support.

55% of children in Europe that have been bullied claim that as a result they suffer from depression, with more than a third of the children claiming that they have hurted themselves or thought of commiting suicide.

34% of adults consider bullying a normal part of a child’s development

(End of article)
================

My thoughts

As someone who was bullied in school, I couldn’t agree more with this article. This is a huge problem. We need to learn to accept people who are different because they are the ones who can make a difference to the community and move our species ahead, more than anyone. And unfortunately the fact is that many people don’t take this seriously, or even think that the victims should be able to defend themselves, which is plain wrong. They need support from those around them, but even more importantly, we need to teach our children to be open-minded accepting towards other and not judge or attack them. Which begins from the adults out there: You (and I) need to be open-minded and accepting, and not make judgmental, predujiced and unfair comments around your children or the children of your friends, because this behavior is contagious, like a bad disease.

by Errietta Kostala at March 06, 2015 12:51 PM