Random Developer Interviews: Lars Steinke
on 29.12.2008, 09:01
in interviews
atool: handling archives without headaches
on 28.12.2008, 05:00
in packages-news
Debian Project News 2008/17
on 17.12.2008, 00:00
in weekly-news
ferm: a straightforward firewall configuration tool
on 14.12.2008, 13:00
in packages-news
ferm: a straightforward firewall configuration tool
on 14.12.2008, 05:00
in packages-news
gcompris: educational suite for children
on 07.12.2008, 05:00
in packages-news
Debian Project News 2008/16
on 02.12.2008, 00:00
in weekly-news

Random Developer Interviews: Lars Steinke

published on Mon Dec 29 09:01:55 2008 in interviews

“Random Developer” Interviews

Debian has more than 1000 official Developers and maintainers plus uncounted (two or three times as many?) other contributors, not counting one-time only bug reporters. Debian is also famous for epic flamewars which — sadly — have lead to some developers quitting the project or reducing their involvement. But it is often forgotten that Debian also has a big number of developers who are more quiet on the lists, just work on a few things (or, as it happens, used to work on a few things in the past) and are not noticed much by others. In honour of this “(almost) silent majority” I will publish short interviews with random Debian Developers and Maintainers, starting below with Lars Steinke (blame /dev/random and bogosort. He was not picked for any special reason.) And, lest I forget: yes, the interviews on women.debian.org did serve as inspiration.
Adrian von Bidder

But now, without further ado: Lars Steinke

How did you end up using Debian and becoming a DD?

Back in 1996 I participated in a C programming course at the Imperial College Dept. of Computing, and they used Debian (must have been 0.93) on their teaching pool machines — that made me aware enough of Debian to install 1.1 (I think) and subsequently apply as DD in 1997. The initial task to “prove my worthiness” set for me by Joey Schulze after verifying my identity was packaging moodss, a Tk/Tcl admin tool.

How are you currently involved in the Debian project?

Sadly enough my participation was rather passive in the last few years, due to my private and professional life putting demands on me which only marginally overlapped with the projects' demands.

How do you currently use Debian?

Incidentally, I am proud of Debian being the solid basis for Ubuntu, which has become my standard desktop and server system back in 2006.

What do you do when you're not working on Debian?

Apart from enjoying life with my wife I recently moved and became product manager for a small software company — a job that holds some potential for involvement with the project once again.

atool: handling archives without headaches

published on Sun Dec 28 05:00:48 2008 in packages-news

Article submitted by Paulus Esterhazy. Last article of 2008! We hope 2009 will be full of good articles about Debian and Ubuntu packages. But we can’t do it without your help, please submit good articles about software you like!

Have you ever wrestled with tar(1) and other Unix archive tools? Wondered why every tool has its own arcane syntax and nonstandard behavior? And why on earth is it impossible to use unzip(1) to unpack multiple archive files?

The good news is that, in the Unix universe, you can be sure that someone else has asked himself the same question before and, perhaps, solved it. And so it is. The atool package supplies a set of commands that hide the complexities and lets you work with compressed file archives in a sensible manner.

Arguably the most useful commands included are apack, aunpack and als which as their names suggest create an archive, and extract or list its contents. In addition, acat uncompresses an archive file and outputs the file contents to standard output, whereas adiff compares two archives and shows the differences between their contents. These commands work as you would expect them to, and the author has stuck to the Unix conventions where possible.

The details, however, are worth a look. Some examples:

  • aunpack archive.tgz Unpacks all the files in the archive. If the author of the archive was so inconsiderate as to put multiple files in the archive’s root, the command automatically creates a directory and moves the files inside.
  • aunpack -e archive1.tgz archive2.zip Unpacks each archive.
  • apack archive.tar.bz2 *.txt Creates a new compressed archive containing all text files in the current working directory.
  • als archive.rar Shows the names of the files contained in the archive.

Note that for each atool command the archive file name precedes the names of the files to add or extract on the command line. Compare aunpack -e archive1.tgz archive2.tgz and aunpack archive1.tgz file.txt.

As you can see, atool commands automatically determine the file type by looking at the extension, but they resort to using file(1) if the simpler heuristic fails (you can override the guess using the -F switch). Most commonly used archive types are supported, including tar+gzip, tar+bzip2, zip and rar; a notable omission in the version available in Debian Sarge and Ubuntu 8.04 is the relatively new LZMA compression format (lzma(1)), but the active upstream author has already added support for it. You can also extract a .deb package by forcing the ar archiving method using the switch -F a.

Atool is blessed with the virtue of simplicity and its options are explained in the helpful manpage, which thankfully doesn’t follow the Unix convention of leaving out examples. Here’s one last gem from the documentation. If you frequently work with archives you get from the internet, you probably follow this procedure: Check archive type, check that the archive contains a top-level directory, unpack the archive, change to the directory extracted. These steps can be combined by adding the following function definition to your $HOME/.bashrc or $HOME/.zshrc:

aunpack () {
  TMP=$(mktemp /tmp/aunpack.XXXXXXXXXX)
  atool -x --save-outdir=$TMP "$@"
  DIR="$(cat $TMP)"
  [ "$DIR" != "" -a -d "$DIR" ] && cd "$DIR"
  rm $TMP
}

After adding these lines, you can “reload” the configuration file in your shell using source ~/.bashrc or source ~/.zshrc. Now running aunpack automatically changes the current directory to the one just extracted. Note that adding this snippet is necessary to achieve the desired behavior becausing a directory change is effectively useless unless it is performed in the context of the running shell.

Atool was written in perl by Oskar Liljeblad. It is available in all current Debian and Ubuntu releases. Besides atool, there are a few other tools that aspire to be the Swiss army knife of archivers, for example deco. These programs, however, are not as full-featured and mature as atool.

watch (from procps): execute a program at regular intervals, and show the output

published on Sun Dec 21 05:00:32 2008 in packages-news

Article submitted by Kris Marsh. If you celebrate Christmas, you can give to Debian Package of the Day a nice present: a good article! :-)

Ever wanted to monitor a directory every second and see differences in filesizes per second? Or for that matter, run any program once a second and highlight differences in time? Well you can, and you have been able to since forever as it’s installed by default on the majority of Linux distributions. watch is part of the procps package, available in Debian and Ubuntu.

Here is an example for checking a directory:

watch ls -l

To highlight changes in each program run, you can use the -d flag:

watch -d ls -l

And to run the command every N seconds, use -nN (by default, watch runs every 2 seconds):

watch -n1 -d ls -l

Finally, to make the diff highlighting “sticky” (i.e. stay on permanently after a change is detected), use: -d=cumulative

Other examples:

  • Watch your log directory for changes
    watch -d=cumulative -n1 ls -lt /var/log
  • Watch for new email
    watch -n60 from
  • Monitor free memory
    watch -n10 free -m
  • Monitor established connections
    watch -n1 -d 'netstat -an | grep ESTABLISHED'

… you get the point. If you’re a system administrator, or just maintain Linux machines in general you’ll probably spot a bunch of places where you can use this straight away.

Debian Project News 2008/17

published on Wed Dec 17 00:00:00 2008 in weekly-news

Welcome to this year's 17th issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

ferm: a straightforward firewall configuration tool

published on Sun Dec 14 13:00:57 2008 in packages-news

Article submitted by David A. Thompson. We’re running out of articles! If you like Debian Package of the Day please submit good articles about software you like!

Grumble… a postgresql server on an old Sun workstation isn’t visible to another old Sun workstation which (in theory…) is storing data on the postgresql server. The culprit was a misconfigured firewall. Rather than wading through a bunch of iptables commands, it seemed time to revisit the world of iptables front-ends on the off-chance there was an undiscovered treasure I’d missed on earlier visits. It turns out that there was one: ferm.

A revisit to firestarter, a straightforward GUI interface, ended when firestarter segfaulted and then, when started again, automatically started its firewall. Fortunately, I had altered the firestarter rule set and opened port 22 before firestarter segfaulted. Otherwise I would have been hundreds of miles away from an inaccessible server. After firestarter crashed again with a memory error, I decided to move on…

Like several other firewall front-ends, ferm is aware of the issues associated with working on servers hundreds of miles away from one’s physical location. Ferm starts with a default configuration which leaves the default SSH port open. Even better, ferm has a ‘try-before-you-buy’ feature (shared with a few other packages such as firehol): ferm --interactive activates a specific ruleset and, if a user response isn’t given within 30 sec, the system reverts to the previous ruleset.

Rather than using a GUI interface (e.g., firestarter, gnome lokkit, guarddog, kmyfirewall, knetfilter, …), ferm is configured via a text configuration file and can be controlled in a straightforward manner from the console. This may be a desirable feature for running on a box with limited disk space as GUI interfaces generally require the presence of X windows-related packages, often along with several KDE- or Gnome-related packages.

My main concern wasn’t with whether the application had a GUI or console interface but was with whether the application facilitated straightforward configuration of an iptables ruleset (translation: it shouldn’t take 20 min of reading documentation to get a simple firewall up). Other front-ends (e.g., shorewall and firewall builder) appear to be designed for complex rule-sets and require a substantial investment of effort to learn the syntax of configuration files or a ‘rule-making language’.

Along with ferm, another front-end, firehol seemed to also hit the mark with respect to having a straightforward syntax. Unfortunately, I found that firehol ended up being a time-consumer. In my experience, preparing a firehol configuration file which didn’t trigger multiple errors from firehol/iptables did not prove to be straightforward. In contrast, ferm gave me no such problems. A few tweaks of the default system configuration file —primarily opening a few ports—:

  proto tcp dport ssh ACCEPT;
  proto tcp dport http ACCEPT;
  proto tcp dport https ACCEPT;
  proto tcp dport postgres ACCEPT;

A simple /etc/init.d/ferm restart and things were running smoothly. Minimal effort, satisfying results…

The bottom line is that, for simple rulesets, using ferm is definitely easier than preparing iptables rules by hand. However, ferm can also be used to put together more complex firewall rulesets. It uses a reasonably powerful configuration language (including support for variables, function definitions, and arrays) which facilitates addressing more complex situations than the one I faced. To top it off, ferm seems to be under active development with bugs being squashed and features being added relatively regularly.

ferm has been available in Debian since Etch and in Ubuntu since Dapper.

Update, editor’s note: I’d like to add to this article my personal experience with ferm. Being a SysAdmin, I’ve been using netfilter/iptables for many years, after migrating away from ipchains; and the day I’ve found ferm my work changed completely. To me, being able to write your rules in clean structures, with blocks, variables and ‘functions’ is, by far, the most important feature of ferm. Thanks to this, I was able to write very complicated rule-sets, which were still readable to the point that the more junior SysAdmins, with little exprience on netfilter, have no difficult modifying it to open up ports or creating a new NAT rule.

Having said that, a warning to the newcomers to netfilter: there’s no tool that will magically allow you to write non-trivial rule-sets if you don’t understand the underlying stuff. You will be able to manage your home server, but if you want to do more serious work, you’ll need to really understand how TCP/IP works, and after that, read a lot about the details of routing and packet filtering in Linux. Having seen many people get frustrated by this, is better for you to know that this beast is quite tricky.

ferm: a straightforward firewall configuration tool

published on Sun Dec 14 05:00:57 2008 in packages-news

Article submitted by David A. Thompson. We’re running out of articles! If you like Debian Package of the Day please submit good articles about software you like!

Grumble… a postgresql server on an old Sun workstation isn’t visible to another old Sun workstation which (in theory…) is storing data on the postgresql server. The culprit was a misconfigured firewall. Rather than wading through a bunch of iptables commands, it seemed time to revisit the world of iptables front-ends on the off-chance there was an undiscovered treasure I’d missed on earlier visits. It turns out that there was one: ferm.

A revisit to firestarter, a straightforward GUI interface, ended when firestarter segfaulted and then, when started again, automatically started its firewall. Fortunately, I had altered the firestarter rule set and opened port 22 before firestarter segfaulted. Otherwise I would have been hundreds of miles away from an inaccessible server. After firestarter crashed again with a memory error, I decided to move on…

Like several other firewall front-ends, ferm is aware of the issues associated with working on servers hundreds of miles away from one’s physical location. Ferm starts with a default configuration which leaves the default SSH port open. Even better, ferm has a ‘try-before-you-buy’ feature (shared with a few other packages such as firehol): ferm --interactive activates a specific ruleset and, if a user response isn’t given within 30 sec, the system reverts to the previous ruleset.

Rather than using a GUI interface (e.g., firestarter, gnome lokkit, guarddog, kmyfirewall, knetfilter, …), ferm is configured via a text configuration file and can be controlled in a straightforward manner from the console. This may be a desirable feature for running on a box with limited disk space as GUI interfaces generally require the presence of X windows-related packages, often along with several KDE- or Gnome-related packages.

My main concern wasn’t with whether the application had a GUI or console interface but was with whether the application facilitated straightforward configuration of an iptables ruleset (translation: it shouldn’t take 20 min of reading documentation to get a simple firewall up). Other front-ends (e.g., shorewall and firewall builder) appear to be designed for complex rule-sets and require a substantial investment of effort to learn the syntax of configuration files or a ‘rule-making language’.

Along with ferm, another front-end, firehol seemed to also hit the mark with respect to having a straightforward syntax. Unfortunately, I found that firehol ended up being a time-consumer. In my experience, preparing a firehol configuration file which didn’t trigger multiple errors from firehol/iptables did not prove to be straightforward. In contrast, ferm gave me no such problems. A few tweaks of the default system configuration file - primarily opening a few ports -

  proto tcp dport ssh ACCEPT;
  proto tcp dport http ACCEPT;
  proto tcp dport https ACCEPT;
  proto tcp dport postgres ACCEPT;

- and a simple /etc/init.d/ferm restart and things were running smoothly. Minimal effort, satisfying results…

The bottom line is that, for simple rulesets, using ferm is definitely easier than preparing iptables rules by hand. However, ferm can also be used to put together more complex firewall rulesets. It uses a reasonably powerful configuration language (including support for variables, function definitions, and arrays) which facilitates addressing more complex situations than the one I faced. To top it off, ferm seems to be under active development with bugs being squashed and features being added relatively regularly.

ferm has been available in Debian since Etch and in Ubuntu since Dapper.

gcompris: educational suite for children

published on Sun Dec 7 05:00:46 2008 in packages-news

Article submitted by Raman Pandarinathan. We’re running out of articles! If you like Debian Package of the Day please submit good articles about software you like!

As a parent, have you ever wondered if kids can use FOSS to have fun and learn at the same time? As a teacher, have you ever wondered how to teach using a computer and FOSS tools? The answer is gcompris.

Gcompris combines fun and learning. Each activity is designed and developed with creativity in mind, and it has a nice interface for children.

My children have learned some computer basics like mouse usage, it has also helped them to understand basic arithmetic, colour identification and many other things. Tuxpaint is also included, so children can draw to their imagination.

Gcompris is a collection of over 90 educational activities for children. The activities are classified into mathematics, computer discovery, puzzles, strategy games, amusement activities, experimental activities and reading activities.

Mathematics

This has more than 20 activities classified into calculations, geometry and numeration. The activities are planned to teach basic arithmetic, geometry, money usage, etc.

For example, below you can see a screen shot of an activity that consist in finding series of numerical operations. Here the final answer is 15 and should be derived in two steps. The child has to select the numbers and operators from the top and form equations to get the final answer.

numerical operations

Puzzles

The puzzle activities include: drag and drop pieces to rebuild paintings, build a given shape with seven pieces, drive the crane and copy the model, tower of Hanoi, sudoku and the fifteen game.

Below is a screen shot of the Crane activity. The objects in the left grid should be placed in the same position as in the right side grid. The crane can be operated by clicking on the four arrows at the bottom.

Puzzles

Computer discovery

These activities help children learn basic skills of computers. Bellow is a screen shot of the keyboard activity in which the child has to push the ball to Tux. In order to do it, both shift keys should be pressed simultaneously, as if pushing the ball with the hands. If they are pressed simultaneously the ball will travel in a straight line and reach Tux, if not the ball will drift and fall into the sea.

keyboard activity

Strategy Games

Some of them are chess, arranging four coins in a row, bar game (don’t use the last ball), and oware (shown below).

Oware

Amusement Activities

The amusement activities include Tuxpaint, a simple football game, and an animation creator.

Below is a screen shot of the animation creator. If you want to create an animation, you first select an image and put it somewhere. Then take a snapshot using the camera icon. Now move it to the next position and take another snapshot. Repeat until you reach the desired position. Finally click on the film icon and you’ll see the animation.

Animation creation

Experimental activities

This section lets the children learn various things which require thinking in a series of steps. Things like the water cycle and operating canal lock lets the child learn systemic thinking.

Below is a screen shot of the activity about the water cycle. First the sun raises, water evaporates and clouds are formed. When you click on the cloud it starts raining and the rain fills the water tank. Operating the water inlet gives Tux a shower.

An example of the water cycle

Discovery

This section is about learning several common things like colour names, clock reading, symmetry, etc. The activity shown in the screen shot is about identifying colours: you must identify the colour from the name displayed.

Identifying colors

Reading Activities

These are activities about learning the letters, words and matching them with images. Reading can be practised both horizontal and vertical.

Below is a screen shot where the child has to drag and drop the image onto the correct name.

Reading activity

As part of my Linux Users Group activity, I give talks and demos about FOSS frequently. Whenever I see kids and parents among the audience, the first thing I do is to demonstrate gcompris, and it’s a sure hit. The kids love it and parents realize its educational value.

Here are some photos of one such event held in a public park at Chennai, India.

gcompris grabs the attention of everyone   Kids playing gcompris   Kids love it. And parents too!

Pros and cons

  • Pros
  • Cons
    • It requires more local language and sound support, especially for several Indian languages. At present for Indian Languages the sounds and reading practices are not well developed. Though gcompris is well structured to support translations, it lacks volunteers.

There is another similar package named childsplay - also available in Debian.

Availability

gcompris was a part of Debian even in the Sarge days and it’s been in Ubuntu since Dapper (if not before!).

Debian Project News 2008/16

published on Tue Dec 2 00:00:00 2008 in weekly-news

Welcome to this year's 16th issue of DPN, the newsletter for the Debian community. Topics covered in this issue include:

Etch-and-a-half installation images updated

As a result of the release of the first release candidate for Lenny of Debian Installer (D-I RC1) on November 12th, the installer images for Etch-and-a-half have also been updated. A consequence of this update is that during installation of Etch-and-a-half using the currently available images, a newer kernel version (2.6.26) will be used. However, the kernel used for the installed system remains unchanged at version 2.6.24. In some cases this can mean that hardware which is supported during the installation does not work after the reboot into the installed system because support for it was added after the 2.6.24 version.

Old Etch-and-a-half businesscard and netinst CD images remain usable. Old netboot images are no longer usable and will need to be replaced with a current image. The Etch-and-a-half Debian Installer web page has links to the new images and to the release announcements which give an overview of changes in the installation system. The Debian Installer team is currently preparing the second release candidate (RC2) of the Lenny installer, which will again result in an update of the installer images for Etch-and-a-half. The kernel version used during installation will remain at 2.6.26.

GNU Affero General Public License suitable for Debian "main"

Jörg Jaspert, representing the FTP Archives team, has released a position statement about the inclusion in main of works licensed under GNU Affero General Public License version 3 (AGPLv3). In short, the statement says that such works are suitable for Debian/main, even though the AGPL has an additional clause when compared to the GNU General Public License (GPLv3). The clause in question requires software to offer the source code to a user when interacting with it remotely through a computer network.

Security Teams Meeting in Essen

Martin Joey Schulze reports on the Debian Security meeting which took place 28-30 November 2008 in Essen, Germany. Members of both the stable and the testing security teams attended as did the developers who are currently working on security updates for the backports archive.

New Stable SuiteTelecentro 2.0

The new stable version of SuiteTelecentro is now available for download from Sourceforge. SuiteTelecentro is a customisation of Debian and is built at the Free Software Laboratory of the IT Board of Banco do Brasil, the largest and oldest public bank in Brazil.

Dependency based boot sequencing release goal completed

Petter Reinholdtsen announced that the release goal of supporting a dependency based boot sequence has been completed. This allows system services to be started in an order which is calculated from their dependencies on each other instead of a hardcoded order.

Debian bugs #600000 and #1000000 contest

Christian Perrier announced that as the bug #500000 mark was turned on September 24th 2008, Debian developers and contributors need a new challenge. So a small contest has been set up again. The principle is very simple: participants should place a bet (one per person) about the day bugs #600000 and #1000000 will be reported. The winners will be the persons placing their bets as close as possible to the real moment bugs #600000 and #1000000 are reported.

Inter-distribution collaboration for maintaining games

Initiated by members of the merged Debian and Ubuntu games teams and Hans de Goede from Fedora, a mailing list was created to foster collaboration between operating systems for the maintenance of games. The goal is to share and review patches that the upstream project is slow or unwilling to accept, or to take over as the new upstream for software in cases where the original upstream has died.

Call for talks for the Debian Developers' room at FOSDEM

Wouter Verhelst called for talks for the Debian Developers' room at the upcoming Free and Open Source Developers European Meeting (FOSDEM): a yearly community meeting that takes place at the université libre de Bruxelles in Brussels, Belgium and which concentrates on bringing developers of Free Software together. As during previous events, Debian has the opportunity to hold its own one and a half day conference sub-track.

When to do non-maintainer uploads?

A recent non-maintainer upload of the php5 package caused some discussion about how and when non-maintainer uploads should be done. While fixing release critical bugs is indeed a very important topic (especially for long standing bugs without action from the maintainer), release team member Steve Langasek reminded that developers should still inform the maintainers about any plans to perform a NMU, while Thomas Viehmann reminded maintainers that they should fix, or at least comment on, release critical bugs within two weeks.

Popular packages in Ubuntu that are not in Debian main

Petter Reinholdtsen did a survey on the question of which popular Ubuntu packages are not included in Debian/main and why. In order to determine the packages' popularity, Petter used their popcon ratings. He ended up with a list of 152 popular Ubuntu packages which are currently not in Debian/main, a number he considered surprisingly low.

Developer News wanted

Raphael Hertzog, the author of the Misc Developer News asks developers to (regularly) share short news about their work and plans so they can be published in the Misc Developer News. Possible news covers everything which is related to Debian development and not worth a dedicated mail to debian-devel-announce. The news is published whenever five news stories have come together. Raphael points out that the Misc Developer News can also be used to post calls for help.

Need for an unofficial public community repository?

The rejection from the queue for some new packages to be added to Debian by the ftp-masters caused some discussion about the need of a repository for unofficial packages not meeting Debian's standards or being otherwise unsupported. Holger Levsen pointed to debian-unofficial.org, which isn't flawless. This caused Holger to think about a solution inside of debian-community.org. The proposal to use apt-get.org has been criticised as well.

New maintainer

One applicant has been accepted as Debian Maintainer since the prior issue of the Debian Project News. Please welcome Jörg Sommer into our project!

Bits from the buildd world

Adeodato Simó sent bits from buildd world. Buildds are a part of Debian's infrastructure, organising which automated build system (build daemon) is building which package for which architecture. Beside some personnel changes, he also explains the proper ways to contact the buildd team, as well as where the source code of the buildd infrastructure is maintained.

Release cricital bug stats for the upcoming release

According to the unofficial RC-bugs count, the upcoming release Debian GNU/Linux 5.0 Lenny is currently affected by 118 release critical bugs. 43 of them have already been fixed in Debian's unstable branch. Of the remaining 75 release critical bugs, 33 already have a patch (which might need testing) and 5 are marked as pending.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): python2.4, xulrunner, iceweasel, wireshark and phpmyadmin. Please read them carefully and take the proper measures.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

Work-needing packages

Currently 488 packages are orphaned and 117 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.