Search Results: "jeb"

16 January 2022

Chris Lamb: Favourite films of 2021

In my four most recent posts, I went over the memoirs and biographies, the non-fiction, the fiction and the 'classic' novels that I enjoyed reading the most in 2021. But in the very last of my 2021 roundup posts, I'll be going over some of my favourite movies. (Saying that, these are perhaps less of my 'favourite films' than the ones worth remarking on after all, nobody needs to hear that The Godfather is a good movie.) It's probably helpful to remark you that I took a self-directed course in film history in 2021, based around the first volume of Roger Ebert's The Great Movies. This collection of 100-odd movie essays aims to make a tour of the landmarks of the first century of cinema, and I watched all but a handul before the year was out. I am slowly making my way through volume two in 2022. This tome was tremendously useful, and not simply due to the background context that Ebert added to each film: it also brought me into contact with films I would have hardly come through some other means. Would I have ever discovered the sly comedy of Trouble in Paradise (1932) or the touching proto-realism of L'Atalante (1934) any other way? It also helped me to 'get around' to watching films I may have put off watching forever the influential Battleship Potemkin (1925), for instance, and the ur-epic Lawrence of Arabia (1962) spring to mind here. Choosing a 'worst' film is perhaps more difficult than choosing the best. There are first those that left me completely dry (Ready or Not, Written on the Wind, etc.), and those that were simply poorly executed. And there are those that failed to meet their own high opinions of themselves, such as the 'made for Reddit' Tenet (2020) or the inscrutable Vanilla Sky (2001) the latter being an almost perfect example of late-20th century cultural exhaustion. But I must save my most severe judgement for those films where I took a visceral dislike how their subjects were portrayed. The sexually problematic Sixteen Candles (1984) and the pseudo-Catholic vigilantism of The Boondock Saints (1999) both spring to mind here, the latter of which combines so many things I dislike into such a short running time I'd need an entire essay to adequately express how much I disliked it.

Dogtooth (2009) A father, a mother, a brother and two sisters live in a large and affluent house behind a very high wall and an always-locked gate. Only the father ever leaves the property, driving to the factory that he happens to own. Dogtooth goes far beyond any allusion to Josef Fritzl's cellar, though, as the children's education is a grotesque parody of home-schooling. Here, the parents deliberately teach their children the wrong meaning of words (e.g. a yellow flower is called a 'zombie'), all of which renders the outside world utterly meaningless and unreadable, and completely mystifying its very existence. It is this creepy strangeness within a 'regular' family unit in Dogtooth that is both socially and epistemically horrific, and I'll say nothing here of its sexual elements as well. Despite its cold, inscrutable and deadpan surreality, Dogtooth invites all manner of potential interpretations. Is this film about the artificiality of the nuclear family that the West insists is the benchmark of normality? Or is it, as I prefer to believe, something more visceral altogether: an allegory for the various forms of ontological violence wrought by fascism, as well a sobering nod towards some of fascism's inherent appeals? (Perhaps it is both. In 1972, French poststructuralists Gilles and F lix Guattari wrote Anti-Oedipus, which plays with the idea of the family unit as a metaphor for the authoritarian state.) The Greek-language Dogtooth, elegantly shot, thankfully provides no easy answers.

Holy Motors (2012) There is an infamous scene in Un Chien Andalou, the 1929 film collaboration between Luis Bu uel and famed artist Salvador Dal . A young woman is cornered in her own apartment by a threatening man, and she reaches for a tennis racquet in self-defence. But the man suddenly picks up two nearby ropes and drags into the frame two large grand pianos... each leaden with a dead donkey, a stone tablet, a pumpkin and a bewildered priest. This bizarre sketch serves as a better introduction to Leos Carax's Holy Motors than any elementary outline of its plot, which ostensibly follows 24 hours in the life of a man who must play a number of extremely diverse roles around Paris... all for no apparent reason. (And is he even a man?) Surrealism as an art movement gets a pretty bad wrap these days, and perhaps justifiably so. But Holy Motors and Un Chien Andalou serve as a good reminder that surrealism can be, well, 'good, actually'. And if not quite high art, Holy Motors at least demonstrates that surrealism can still unnerving and hilariously funny. Indeed, recalling the whimsy of the plot to a close friend, the tears of laughter came unbidden to my eyes once again. ("And then the limousines...!") Still, it is unclear how Holy Motors truly refreshes surrealism for the twenty-first century. Surrealism was, in part, a reaction to the mechanical and unfeeling brutality of World War I and ultimately sought to release the creative potential of the unconscious mind. Holy Motors cannot be responding to another continental conflagration, and so it appears to me to be some kind of commentary on the roles we exhibit in an era of 'post-postmodernity': a sketch on our age of performative authenticity, perhaps, or an idle doodle on the function and psychosocial function of work. Or perhaps not. After all, this film was produced in a time that offers the near-universal availability of mind-altering substances, and this certainly changes the context in which this film was both created. And, how can I put it, was intended to be watched.

Manchester by the Sea (2016) An absolutely devastating portrayal of a character who is unable to forgive himself and is hesitant to engage with anyone ever again. It features a near-ideal balance between portraying unrecoverable anguish and tender warmth, and is paradoxically grandiose in its subtle intimacy. The mechanics of life led me to watch this lying on a bed in a chain hotel by Heathrow Airport, and if this colourless circumstance blunted the film's emotional impact on me, I am probably thankful for it. Indeed, I find myself reduced in this review to fatuously recalling my favourite interactions instead of providing any real commentary. You could write a whole essay about one particular incident: its surfaces, subtexts and angles... all despite nothing of any substance ever being communicated. Truly stunning.

McCabe & Mrs. Miller (1971) Roger Ebert called this movie one of the saddest films I have ever seen, filled with a yearning for love and home that will not ever come. But whilst it is difficult to disagree with his sentiment, Ebert's choice of sad is somehow not quite the right word. Indeed, I've long regretted that our dictionaries don't have more nuanced blends of tragedy and sadness; perhaps the Ancient Greeks can loan us some. Nevertheless, the plot of this film is of a gambler and a prostitute who become business partners in a new and remote mining town called Presbyterian Church. However, as their town and enterprise booms, it comes to the attention of a large mining corporation who want to bully or buy their way into the action. What makes this film stand out is not the plot itself, however, but its mood and tone the town and its inhabitants seem to be thrown together out of raw lumber, covered alternatively in mud or frozen ice, and their days (and their personalities) are both short and dark in equal measure. As a brief aside, if you haven't seen a Roger Altman film before, this has all the trappings of being a good introduction. As Ebert went on to observe: This is not the kind of movie where the characters are introduced. They are all already here. Furthermore, we can see some of Altman's trademark conversations that overlap, a superb handling of ensemble casts, and a quietly subversive view of the tyranny of 'genre'... and the latter in a time when the appetite for revisionist portrays of the West was not very strong. All of these 'Altmanian' trademarks can be ordered in much stronger measures in his later films: in particular, his comedy-drama Nashville (1975) has 24 main characters, and my jejune interpretation of Gosford Park (2001) is that it is purposefully designed to poke fun those who take a reductionist view of 'genre', or at least on the audience's expectations. (In this case, an Edwardian-era English murder mystery in the style of Agatha Christie, but where no real murder or detection really takes place.) On the other hand, McCabe & Mrs. Miller is actually a poor introduction to Altman. The story is told in a suitable deliberate and slow tempo, and the two stars of the film are shown thoroughly defrocked of any 'star status', in both the visual and moral dimensions. All of these traits are, however, this film's strength, adding up to a credible, fascinating and riveting portrayal of the old West.

Detour (1945) Detour was filmed in less than a week, and it's difficult to decide out of the actors and the screenplay which is its weakest point.... Yet it still somehow seemed to drag me in. The plot revolves around luckless Al who is hitchhiking to California. Al gets a lift from a man called Haskell who quickly falls down dead from a heart attack. Al quickly buries the body and takes Haskell's money, car and identification, believing that the police will believe Al murdered him. An unstable element is soon introduced in the guise of Vera, who, through a set of coincidences that stretches credulity, knows that this 'new' Haskell (ie. Al pretending to be him) is not who he seems. Vera then attaches herself to Al in order to blackmail him, and the world starts to spin out of his control. It must be understood that none of this is executed very well. Rather, what makes Detour so interesting to watch is that its 'errors' lend a distinctively creepy and unnatural hue to the film. Indeed, in the early twentieth century, Sigmund Freud used the word unheimlich to describe the experience of something that is not simply mysterious, but something creepy in a strangely familiar way. This is almost the perfect description of watching Detour its eerie nature means that we are not only frequently second-guessed about where the film is going, but are often uncertain whether we are watching the usual objective perspective offered by cinema. In particular, are all the ham-fisted segues, stilted dialogue and inscrutable character motivations actually a product of Al inventing a story for the viewer? Did he murder Haskell after all, despite the film 'showing' us that Haskell died of natural causes? In other words, are we watching what Al wants us to believe? Regardless of the answers to these questions, the film succeeds precisely because of its accidental or inadvertent choices, so it is an implicit reminder that seeking the director's original intention in any piece of art is a complete mirage. Detour is certainly not a good film, but it just might be a great one. (It is a short film too, and, out of copyright, it is available online for free.)

Safe (1995) Safe is a subtly disturbing film about an upper-middle-class housewife who begins to complain about vague symptoms of illness. Initially claiming that she doesn't feel right, Carol starts to have unexplained headaches, a dry cough and nosebleeds, and eventually begins to have trouble breathing. Carol's family doctor treats her concerns with little care, and suggests to her husband that she sees a psychiatrist. Yet Carol's episodes soon escalate. For example, as a 'homemaker' and with nothing else to occupy her, Carol's orders a new couch for a party. But when the store delivers the wrong one (although it is not altogether clear that they did), Carol has a near breakdown. Unsure where to turn, an 'allergist' tells Carol she has "Environmental Illness," and so Carol eventually checks herself into a new-age commune filled with alternative therapies. On the surface, Safe is thus a film about the increasing about of pesticides and chemicals in our lives, something that was clearly felt far more viscerally in the 1990s. But it is also a film about how lack of genuine healthcare for women must be seen as a critical factor in the rise of crank medicine. (Indeed, it made for something of an uncomfortable watch during the coronavirus lockdown.) More interestingly, however, Safe gently-yet-critically examines the psychosocial causes that may be aggravating Carol's illnesses, including her vacant marriage, her hollow friends and the 'empty calorie' stimulus of suburbia. None of this should be especially new to anyone: the gendered Victorian term 'hysterical' is often all but spoken throughout this film, and perhaps from the very invention of modern medicine, women's symptoms have often regularly minimised or outright dismissed. (Hilary Mantel's 2003 memoir, Giving Up the Ghost is especially harrowing on this.) As I opened this review, the film is subtle in its messaging. Just to take one example from many, the sound of the cars is always just a fraction too loud: there's a scene where a group is eating dinner with a road in the background, and the total effect can be seen as representing the toxic fumes of modernity invading our social lives and health. I won't spoiler the conclusion of this quietly devasting film, but don't expect a happy ending.

The Driver (1978) Critics grossly misunderstood The Driver when it was first released. They interpreted the cold and unemotional affect of the characters with the lack of developmental depth, instead of representing their dissociation from the society around them. This reading was encouraged by the fact that the principal actors aren't given real names and are instead known simply by their archetypes instead: 'The Driver', 'The Detective', 'The Player' and so on. This sort of quasi-Jungian erudition is common in many crime films today (Reservoir Dogs, Kill Bill, Layer Cake, Fight Club), so the critics' misconceptions were entirely reasonable in 1978. The plot of The Driver involves the eponymous Driver, a noted getaway driver for robberies in Los Angeles. His exceptional talent has far prevented him from being captured thus far, so the Detective attempts to catch the Driver by pardoning another gang if they help convict the Driver via a set-up robbery. To give himself an edge, however, The Driver seeks help from the femme fatale 'Player' in order to mislead the Detective. If this all sounds eerily familiar, you would not be far wrong. The film was essentially remade by Nicolas Winding Refn as Drive (2011) and in Edgar Wright's 2017 Baby Driver. Yet The Driver offers something that these neon-noir variants do not. In particular, the car chases around Los Angeles are some of the most captivating I've seen: they aren't thrilling in the sense of tyre squeals, explosions and flying boxes, but rather the vehicles come across like wild animals hunting one another. This feels especially so when the police are hunting The Driver, which feels less like a low-stakes game of cat and mouse than a pack of feral animals working together a gang who will tear apart their prey if they find him. In contrast to the undercar neon glow of the Fast & Furious franchise, the urban realism backdrop of the The Driver's LA metropolis contributes to a sincere feeling of artistic fidelity as well. To be sure, most of this is present in the truly-excellent Drive, where the chase scenes do really communicate a credible sense of stakes. But the substitution of The Driver's grit with Drive's soft neon tilts it slightly towards that common affliction of crime movies: style over substance. Nevertheless, I can highly recommend watching The Driver and Drive together, as it can tell you a lot about the disconnected socioeconomic practices of the 1980s compared to the 2010s. More than that, however, the pseudo-1980s synthwave soundtrack of Drive captures something crucial to analysing the world of today. In particular, these 'sounds from the past filtered through the present' bring to mind the increasing role of nostalgia for lost futures in the culture of today, where temporality and pop culture references are almost-exclusively citational and commemorational.

The Souvenir (2019) The ostensible outline of this quietly understated film follows a shy but ambitious film student who falls into an emotionally fraught relationship with a charismatic but untrustworthy older man. But that doesn't quite cover the plot at all, for not only is The Souvenir a film about a young artist who is inspired, derailed and ultimately strengthened by a toxic relationship, it is also partly a coming-of-age drama, a subtle portrait of class and, finally, a film about the making of a film. Still, one of the geniuses of this truly heartbreaking movie is that none of these many elements crowds out the other. It never, ever feels rushed. Indeed, there are many scenes where the camera simply 'sits there' and quietly observes what is going on. Other films might smother themselves through references to 18th-century oil paintings, but The Souvenir somehow evades this too. And there's a certain ring of credibility to the story as well, no doubt in part due to the fact it is based on director Joanna Hogg's own experiences at film school. A beautifully observed and multi-layered film; I'll be happy if the sequel is one-half as good.

The Wrestler (2008) Randy 'The Ram' Robinson is long past his prime, but he is still rarin' to go in the local pro-wrestling circuit. Yet after a brutal beating that seriously threatens his health, Randy hangs up his tights and pursues a serious relationship... and even tries to reconnect with his estranged daughter. But Randy can't resist the lure of the ring, and readies himself for a comeback. The stage is thus set for Darren Aronofsky's The Wrestler, which is essentially about what drives Randy back to the ring. To be sure, Randy derives much of his money from wrestling as well as his 'fitness', self-image, self-esteem and self-worth. Oh, it's no use insisting that wrestling is fake, for the sport is, needless to say, Randy's identity; it's not for nothing that this film is called The Wrestler. In a number of ways, The Sound of Metal (2019) is both a reaction to (and a quiet remake of) The Wrestler, if only because both movies utilise 'cool' professions to explore such questions of identity. But perhaps simply when The Wrestler was produced makes it the superior film. Indeed, the role of time feels very important for the Wrestler. In the first instance, time is clearly taking its toll on Randy's body, but I felt it more strongly in the sense this was very much a pre-2008 film, released on the cliff-edge of the global financial crisis, and the concomitant precarity of the 2010s. Indeed, it is curious to consider that you couldn't make The Wrestler today, although not because the relationship to work has changed in any fundamentalway. (Indeed, isn't it somewhat depressing the realise that, since the start of the pandemic and the 'work from home' trend to one side, we now require even more people to wreck their bodies and mental health to cover their bills?) No, what I mean to say here is that, post-2016, you cannot portray wrestling on-screen without, how can I put it, unwelcome connotations. All of which then reminds me of Minari's notorious red hat... But I digress. The Wrestler is a grittily stark darkly humorous look into the life of a desperate man and a sorrowful world, all through one tragic profession.

Thief (1981) Frank is an expert professional safecracker and specialises in high-profile diamond heists. He plans to use his ill-gotten gains to retire from crime and build a life for himself with a wife and kids, so he signs on with a top gangster for one last big score. This, of course, could be the plot to any number of heist movies, but Thief does something different. Similar to The Wrestler and The Driver (see above) and a number of other films that I watched this year, Thief seems to be saying about our relationship to work and family in modernity and postmodernity. Indeed, the 'heist film', we are told, is an understudied genre, but part of the pleasure of watching these films is said to arise from how they portray our desired relationship to work. In particular, Frank's desire to pull off that last big job feels less about the money it would bring him, but a displacement from (or proxy for) fulfilling some deep-down desire to have a family or indeed any relationship at all. Because in theory, of course, Frank could enter into a fulfilling long-term relationship right away, without stealing millions of dollars in diamonds... but that's kinda the entire point: Frank needing just one more theft is an excuse to not pursue a relationship and put it off indefinitely in favour of 'work'. (And being Federal crimes, it also means Frank cannot put down meaningful roots in a community.) All this is communicated extremely subtly in the justly-lauded lowkey diner scene, by far the best scene in the movie. The visual aesthetic of Thief is as if you set The Warriors (1979) in a similarly-filthy Chicago, with the Xenophon-inspired plot of The Warriors replaced with an almost deliberate lack of plot development... and the allure of The Warriors' fantastical criminal gangs (with their alluringly well-defined social identities) substituted by a bunch of amoral individuals with no solidarity beyond the immediate moment. A tale of our time, perhaps. I should warn you that the ending of Thief is famously weak, but this is a gritty, intelligent and strangely credible heist movie before you get there.

Uncut Gems (2019) The most exhausting film I've seen in years; the cinematic equivalent of four cups of double espresso, I didn't even bother even trying to sleep after downing Uncut Gems late one night. Directed by the two Safdie Brothers, it often felt like I was watching two films that had been made at the same time. (Or do I mean two films at 2X speed?) No, whatever clumsy metaphor you choose to adopt, the unavoidable effect of this film's finely-tuned chaos is an uncompromising and anxiety-inducing piece of cinema. The plot follows Howard as a man lost to his countless vices mostly gambling with a significant side hustle in adultery, but you get the distinct impression he would be happy with anything that will give him another high. A true junkie's junkie, you might say. You know right from the beginning it's going to end in some kind of disaster, the only question remaining is precisely how and what. Portrayed by an (almost unrecognisable) Adam Sandler, there's an uncanny sense of distance in the emotional chasm between 'Sandler-as-junkie' and 'Sandler-as-regular-star-of-goofy-comedies'. Yet instead of being distracting and reducing the film's affect, this possibly-deliberate intertextuality somehow adds to the masterfully-controlled mayhem. My heart races just at the memory. Oof.

Woman in the Dunes (1964) I ended up watching three films that feature sand this year: Denis Villeneuve's Dune (2021), Lawrence of Arabia (1962) and Woman in the Dunes. But it is this last 1964 film by Hiroshi Teshigahara that will stick in my mind in the years to come. Sure, there is none of the Medician intrigue of Dune or the Super Panavision-70 of Lawrence of Arabia (or its quasi-orientalist score, itself likely stolen from Anton Bruckner's 6th Symphony), but Woman in the Dunes doesn't have to assert its confidence so boldly, and it reveals the enormity of its plot slowly and deliberately instead. Woman in the Dunes never rushes to get to the film's central dilemma, and it uncovers its terror in little hints and insights, all whilst establishing the daily rhythm of life. Woman in the Dunes has something of the uncanny horror as Dogtooth (see above), as well as its broad range of potential interpretations. Both films permit a wide array of readings, without resorting to being deliberately obscurantist or being just plain random it is perhaps this reason why I enjoyed them so much. It is true that asking 'So what does the sand mean?' sounds tediously sophomoric shorn of any context, but it somehow applies to this thoughtfully self-contained piece of cinema.

A Quiet Place (2018) Although A Quiet Place was not actually one of the best films I saw this year, I'm including it here as it is certainly one of the better 'mainstream' Hollywood franchises I came across. Not only is the film very ably constructed and engages on a visceral level, I should point out that it is rare that I can empathise with the peril of conventional horror movies (and perhaps prefer to focus on its cultural and political aesthetics), but I did here. The conceit of this particular post-apocalyptic world is that a family is forced to live in almost complete silence while hiding from creatures that hunt by sound alone. Still, A Quiet Place engages on an intellectual level too, and this probably works in tandem with the pure 'horrorific' elements and make it stick into your mind. In particular, and to my mind at least, A Quiet Place a deeply American conservative film below the surface: it exalts the family structure and a certain kind of sacrifice for your family. (The music often had a passacaglia-like strain too, forming a tombeau for America.) Moreover, you survive in this dystopia by staying quiet that is to say, by staying stoic suggesting that in the wake of any conflict that might beset the world, the best thing to do is to keep quiet. Even communicating with your loved ones can be deadly to both of you, so not emote, acquiesce quietly to your fate, and don't, whatever you do, speak up. (Or join a union.) I could go on, but The Quiet Place is more than this. It's taut and brief, and despite cinema being an increasingly visual medium, it encourages its audience to develop a new relationship with sound.

6 November 2017

James Bromberger: Web Security 2017

I started web development around late 1994. Some of my earliest paid web work is still online (dated June 1995). Clearly, that was a simpler time for content! I went on to be Webmaster (yes, for those joining us in the last decade, that was a job title once) for UWA, and then for Hartley Poynton/JDV.com at time when security became important as commerce boomed online. At the dawn of the web era, the consideration of backwards compatibility with older web clients (browsers) was deemed to be important; content had to degrade nicely, even without any CSS being applied. As the years stretched out, the legacy became longer and longer. Until now. In mid-2018, the Payment Card Industry (PCI) Data Security Standard (DSS) 3.2 comes into effect, requiring card holder environments to use (at minimum) TLS 1.2 for the encrypted transfer of data. Of course, that s also the maximum version typically available today (TLS 1.3 is in draft 21 at this point in time of writing). This effort by the PCI is forcing people to adopt new browsers that can do the TLS 1.2 protocol (and the encryption ciphers that permits), typically by running modern/recent Chrome, Firefox, Safari or Edge browsers. And for the majority of people, Chrome is their choice, and the majority of those are all auto-updating on every release. Many are pushing to be compliant with the 2018 PCI DSS 3.2 as early as possible; your logging of negotiated protocols and ciphers will show if your client base is ready as well. I ve already worked with one government agency to demonstrate they were ready, and have already helped disable TLS 1.0 and 1.1 on their public facing web sites (and previously SSL v3). We ve removed RC4 ciphers, 3DES ciphers, and enabled ephemeral key ciphers to provide forward secrecy. Web developers (writing Javascript and using various frameworks) can rejoice the age of having to support legacy MS IE 6/7/8/9/10 is pretty much over. None of those browsers support TLS 1.2 out of the box (IE 10 can turn this on, but for some reason, it is off by default). This makes Javascript code smaller as it doesn t have to have conditional code to work with the quirks of those older clients. But as we find ourselves with modern clients, we can now ask those clients to be complicit in our attempts to secure the content we serve. They understand modern security constructs such as Content Security Policies and other HTTP security-related headers. There s two tools I am currently using to help in this battle to improve web security. One is SSLLabs.com, the work of Ivan Risti (and now owned/sponsored by Qualys). This tool gives a good view of the encryption in flight (protocols, ciphers), chain of trust (certificate), and a new addition of checking DNS records for CAA records (which I and others piled on a feature request for AWS Route53 to support). The second tool is Scott Helm s SecurityHeaders.io, which looks at the HTTP headers that web content uses to ask browsers to enforce security on the client side. There s a really important reason why these tools are good; they are maintained. As new recommendations on ciphers, protocols, signature algorithms or other actions become recommended, they re updated on these tools. And these tools are produced by very small, but agile teams like one person teams, without the bureaucracy (and lag) associated with large enterprise tools. But these shouldn t be used blindly. These services make suggestions, and you should research them yourselves. For some, not all the recommendations may meet your personal risk profile. Personally, I m uncomfortable with Public-Key-Pins, so that can wait for a while indeed, Chrome has now signalled they will drop this. So while PCI is hitting merchants with their DSS-compliance stick (and making it plainly obvious what they have to do), we re getting a side-effect of having a concrete reason for drawing a line under where our backward compatibility must stretch back to, and the ability to have the web client assist in ensure security of content.

31 October 2016

James Bromberger: The Debian Cloud Sprint 2016

I m at an airport, about to board the first of three flights across the world, from timezone +8 to timezone -8. I ll be in transit 27 hours to get to Seattle, Washington state. I m leaving my wife and two young children behind. My work has given me a days worth of leave under the Corporate Social Responsibility program, and I m taking three days annual leave, to do this. 27 hours each way in transit, for 3 days on the ground. Why? Backstory I started playing in technology as a kid in the 1980s; my first PC was a clone (as they were called) 286 running MS-DOS. It was clunky, and the most I could do to extend it was to write batch scripts. As a child I had no funds for commercial compilers, no network connections (this was pre Internet in Australia), no access to documentation, and no idea where to start programming properly. It was a closed world. I hit university in the summer of 1994 to study Computer Science and French. I d heard of Linux, and soon found myself installing the Linux distributions of the day. The Freedom of the licensing, the encouragement to use, modify, share, was in stark contrast to the world of consumer PCs of the late 1980 s. It was there at the UCC at UWA I discovered Debian. Some of the kind network/system admins at the University maintained a Debian mirror on the campus LAN, updated regularly and always online. It was fast, and more importantly, free for me to access. Back in the 1990s, bandwidth in Australia was incredibly expensive. The vast distances of the country mean that bandwidth was scarce. Telcos were in races to put fiber between Perth and the Eastern States, and without that in place, IP connectivity was constrained, and thus costly. Over many long days and nights I huddled down, learning window managers, protocols, programming and scripting languages. I became a system/network administrator, web developer, dev ops engineer, etc. My official degree workload, algorithmic complexity, protocol stacks, were interesting, but fiddling with Linux based implementations was practical. Volunteer After years of consuming the output of Debian and running many services with it I decided to put my hand up and volunteer as a Debian Developer: it was time to give back. I had benefited from Debian, and I saw others benefit from it as well. As the 2000 s started, I had my PGP key in the Debian key ring. I had adopted a package and was maintaining it load balancing Apache web servers. The web was yet to expand to the traffic levels you see today; most web sites were served from one physical web server. Site Reliability Engineering was a term not yet dreamed of. What became more apparent was the applicability of Linux, Open Source, and in my line-of-sight Debian to a wider community beyond myself and my university peers. Debain was being used to revive recycled computers that were being donated to charities; in some cases, unable to transfer commercial software licenses with the hardware that was no longer required by organisations that had upgraded. It appeared that Debian was being used as a baseline above which society in general had access to fundamental capability of computing and network services. The removal of subscriptions, registrations, and the encouragement of distribution meant this occurred at rates that could never be tracked, and more importantly, the consensus was that it should not be automatically tracked. The privacy of the user is paramount more important than some statistics for the Developer to ponder. When the Bosnia-Herzegovina war ended in 1995, I recall an email from academics there, having found some connectivity, writing to ask if they would be able to use Debian as part of their re-deployment of services for the Tertiary institutions in the region. This was an unnecessary request as Debian GNU/Linux is freely available, but it was a reminder that, for the country to have tried to procure commercial solutions at that time would have been difficult. Instead, those that could do the task just got on with it. There s been many similar project where the grass-roots organisations non profits, NGOs, and even just loose collectives of individuals have turned to Linux, Open Source, and sometimes Debian to solve their problems. Many fine projects have been established to make technology accessible to all, regardless of race, gender, nationality, class, or any other label society has used to divide humans. Big hat tip to Humanitarian Open Street Map, Serval Project. I ve always loved Debian s position on being the Universal operating system. Its vast range of packages and wide range of computing architectures supported means that quite often a litmus test of is project X a good project? was met with is it packaged for Debian? . That wide range of architectures has meant that administrators of systems had fewer surprises and a faster adoption cycle when changing platforms, such as the switch from x86 32 bit to x86 64 bit. Enter the Cloud I first laid eyes on the AWS Cloud in 2008. It was nothing like the rich environment you see today. The first thing I looked for was my favourite operating system, so that what I already knew and was familiar with was available in this environment to minimise the learning curve. However there were no official images, which was disconcerting. In 2012 I joined AWS as an employee. Living in Australia they hired me into the field sales team as a Solution Architect a sort of pre-sales tech with a customer focused depth in security. It was a wonderful opportunity, and I learnt a great deal. It also made sense (to me, at least) to do something about getting Debian s images blessed. It turned out, that I had to almost define what that was: images endorsed by a Debian Developer, handed to the AWS Marketplace team. And so since 2013 I have done so, keeping track of Debian s releases across the AWS regions, collaborating with other Debian folk on other cloud platforms to attempt a unified approach to generating and maintaining these images. This included (for a stint) generating them into the AWS GovCloud Region, and still into the AWS China (Beijing) Region the other side of the so-called Great Firewall of China. So why the trip? We ve had focus groups at the Debconf (Debian conference) around the world, but its often difficult to get the right group of people in the same rooms at the same time. So the proposal was to hold a focused Debian Cloud Sprint. Google was good enough to host this, for all the volunteers across all the cloud providers. Furthermore, donated funds were found to secure the travel for a set of people to attend who otherwise could not. I was lucky enough to be given a flight. So here I am, in the terminal in Australia: my kids are tucked up in bed, dreaming of the candy they just collected for Halloween. It will be a draining week I am sure, but if it helps set and improve the state of Debian then its worth it.

20 April 2016

Reproducible builds folks: Reproducible builds: week 51 in Stretch cycle

What happened in the reproducible builds effort between April 10th and April 16th 2016: Toolchain fixes Antoine Beaupr suggested that gitpkg stops recording timestamps when creating upstream archives. Antoine Beaupr also pointed out that git-buildpackage diverges from the default gzip settings which is a problem for reproducibly recreating released tarballs which were made using the defaults. Alexis Bienven e submitted a patch extending sphinx SOURCE_DATE_EPOCH support to copyright year. Packages fixed The following packages have become reproducible due to changes in their build dependencies: atinject-jsr330, avis, brailleutils, charactermanaj, classycle, commons-io, commons-javaflow, commons-jci, gap-radiroot, jebl2, jetty, libcommons-el-java, libcommons-jxpath-java, libjackson-json-java, libjogl2-java, libmicroba-java, libproxool-java, libregexp-java, mobile-atlas-creator, octave-econometrics, octave-linear-algebra, octave-odepkg, octave-optiminterp, rapidsvn, remotetea, ruby-rinku, tachyon, xhtmlrenderer. The following packages became reproducible after getting fixed: Some uploads fixed some reproducibility issues, but not all of them: Patches submitted which have not made their way to the archive yet: diffoscope development Zbigniew J drzejewski-Szmek noted in #820631 that diffoscope doesn't work properly when a file contains several cpio archives. Package reviews 21 reviews have been added, 14 updated and 22 removed in this week. New issue found: timestamps_in_htm_by_gap. Chris Lamb reported 10 new FTBFS issues. Misc. The video and the slides from the talk "Reproducible builds ecosystem" at LibrePlanet 2016 have been published now. This week's edition was written by Lunar and Holger Levsen. h01ger automated the maintenance and publishing of this weekly newsletter via git.

12 June 2015

James Bromberger: Logical Volume Management with Debian on Amazon EC2

The recent AWS introduction of the Elastic File System gives you an automatic grow-and-shrink capability as an NFS mount, an exciting option that takes away the previous overhead in creating shared block file systems for EC2 instances. However it should be noted that the same auto-management of capacity is not true in the EC2 instance s Elastic Block Store (EBS) block storage disks; sizing (and resizing) is left to the customer. With current 2015 EBS, one cannot simply increase the size of an EBS Volume as the storage becomes full; (as at June 2015) an EBS volume, once created, has fixed size. For many applications, that lack of resize function on its local EBS disks is not a problem; many server instances come into existence for a brief period, process some data and then get Terminated, so long term managment is not needed. However for a long term data store on an instance (instead of S3, which I would recommend looking closely at from a durability and pricing fit), and where I want to harness the capacity to grow (or shrink) disk for my data, then I will need to leverage some slightly more advanced disk management. And just to make life interesting, I wish to do all this while the data is live and in-use, if possible. Enter: Logical Volume Management, or LVM. It s been around for a long, long time: LVM 2 made a debut around 2002-2003 (2.00.09 was Mar 2004) and LVM 1 was many years before that so it s pretty mature now. It s a powerful layer that sits between your raw storage block devices (as seen by the operating system), and the partitions and file systems you would normally put on them. In this post, I ll walk through the process of getting set up with LVM on Debian in the AWS EC2 environment, and how you d do some basic maintenance to add and remove (where possible) storage with minimal interruption. Getting Started First a little prep work for a new Debian instance with LVM. As I d like to give the instance its own ability to manage its storage, I ll want to provision an IAM Role for EC2 Instances for this host. In the AWS console, visit IAM, Roles, and I ll create a new Role I ll name EC2-MyServer (or similar), and at this point I ll skip giving it any actual privileges (later we ll update this). As at this date, we can only associate an instance role/profile at instance launch time. Now I launch a base image Debian EC2 instance launched with this IAM Role/Profile; the root file system is an EBS Volume. I am going to put data that I ll be managing on a separate disk from the root file system. First, I need to get the LVM utilities installed. It s a simple package to install: the lvm2 package. From my EC2 instance I need to get root privileges (sudo -i) and run:
apt update && apt install lvm2
After a few moments, the package is installed. I ll choose a location that I want my data to live in, such as /opt/. I want a separate disk for this task for a number of reasons:
  1. Root EBS volumes cannot currently be encrypted using Amazon s Encrypted EBS Volumes at this point in time. If I want to also use AWS encryption option, it ll have to be on a non-root disk. Note that instance-size restrictions also exist for EBS Encrypted Volumes.
  2. It s possibly not worth make a snapshot of the Operating System at the same time as the user content data I am saving. The OS install (except the /etc/ folder) can almost entirely be recreated from a fresh install. so why snapshot that as well (unless that s your strategy for preserving /etc, /home, etc).
  3. The type of EBS volume that you require may be different for different data: today (Apr 2015) there is a choice of Magnetic, General Purpose 2 (GP2) SSD, and Provisioned IO/s (PIOPS) SSD, each with different costs; and depending on our volume, we may want to select one for our root volume (operating system), and something else for our data storage.
  4. I may want to use EBS snapshots to clone the disk to another host, without the base OS bundled in with the data I am cloning.
I will create this extra volume in the AWS console and present it to this host. I ll start by using a web browser (we ll use CLI later) with the EC2 console. The first piece of information we need to know is where my EC2 instance is running. Specifically, the AWS Region and Availability Zone (AZ). EBS Volumes only exist within the one designated AZ. If I accidentally make the volume(s) in the wrong AZ, then I won t be able to connect them to my instance. It s not a huge issue, as I would just delete the volume and try again. I navigate to the Instances panel of the EC2 Console, and find my instance in the list:
EC2 instance listA (redacted) list of instance from the EC2 console.
Here I can see I have located an instance and it s running in US-East-1A: that s AZ A in Region US-East-1. I can also grab this with a wget from my running Debian instance by asking the MetaData server:
wget -q -O - http://169.254.169.254/latest/meta-data/placement/availability-zone
The returned text is simply: us-east-1a . Time to navigate to Elastic Block Store , choose Volumes and click Create :
Creating a volume in AWS EC2: ensure the AZ is the same as your instanceCreating a volume in AWS EC2: ensure the AZ is the same as your instance
You ll see I selected that I wanted AWS to encrypt this and as noted above, at this time that doesn t include the t2 family. However, you have an option of using encryption with LVM where the customer looks after the encryption key see LUKS. What s nice is that I can do both have AWS Encrypted Volumes, and then use encryption on top of this, but I have to manage my own keys with LUKS, and should I lose them, then I can keep all the cyphertext! I deselected this for my example (with a t2.micro), and continue; I could see the new volume in the list as creating , and then shortly afterwards as available . Time to attach it: select the disk, and either right-click and choose Attach , or from the menu at the top of the list, chose Actions -> Attach (both do the same thing).
Attach volumeAttaching a volume to an instance: you ll be prompted for the compatible instances in the same AZ.
At this point in time your EC2 instance will now notice a new disk; you can confirm this with dmesg tail , and you ll see something like:
[1994151.231815]  xvdg: unknown partition table
(Note the time-stamp in square brackets will be different). Previously at this juncture you would format the entire disk with your favourite file system, mount it in the desired location, and be done. But we re adding in LVM here between this raw device, and the filesystem we are yet to make . Marking the block device for LVM Our first operation with LVM is to put a marker on the volume to indicate it s being use for LVM so that when we scan the block device, we know what it s for. It s a really simple command:
pvcreate /dev/xvdg
The device name above (/dev/xvdg) should correspond to the one we saw from the dmesg output above. The output of the above is rather straight forward:
  Physical volume "/dev/xvdg" successfully created
Checking our EBS Volume We can check on the EBS volume which LVM sees as a Physical Volume using the pvs command.
# pvs
  PV  VG  Fmt  Attr PSize PFree
  /dev/xvdg  lvm2 ---  5.00g 5.00g
Here we see the entire disk is currently unused. Creating our First Volume Group Next step, we need to make an initial LVM Volume Group which will use our Physical volume (xvdg). The Volume Group will then contain one (or more) Logical Volumes that we ll format and use. Again, a simple command to create a volume group by giving it its first physical device that it will use:
# vgcreate  OptVG /dev/xvdg
  Volume group "OptVG" successfully created
And likewise we can check our set of Volume Groups with vgs :
# vgs
  VG  #PV #LV #SN Attr  VSize VFree
  OptVG  1  0  0 wz--n- 5.00g 5.00g
The Attribute flags here indicate this is writable, resizable, and allocating extents in normal mode. Lets proceed to make our (first) Logical Volume in this Volume Group:
# lvcreate -n OptLV -L 4.9G OptVG
  Rounding up size to full physical extent 4.90 GiB
  Logical volume "OptLV" created
You ll note that I have created our Logical Volume as almost the same size as the entire Volume Group (which is currently one disk) but I left some space unused: the reason for this comes down to keeping some space available for any jobs that LVM may want to use on the disk and this will be used later when we want to move data between raw disk devices. If I wanted to use LVM for Snapshots, then I d want to leave more space free (unallocated) again. We can check on our Logical Volume:
# lvs
  LV  VG  Attr  LSize Pool Origin Data%  Meta%  Move Log Cpy%Sync Convert
  OptLV OptVG -wi-a----- 4.90g
The attribytes indicating that the Logical Volume is writeable, is allocating its data to the disk in inherit mode (ie, as the Volume Group is doing), and that it is active. At this stage you may also discover we have a device /dev/OptVG/OptLV, and this is what we re going to format and mount. But before we do, we should review what file system we ll use.
Filesystems
Popular Linux file systems
Name Shrink Grow Journal Max File Sz Max Vol Sz
btrfs Y Y N 16 EB 16 EB
ext3 Y off-line Y Y 2 TB 32 TB
ext4 Y off-line Y Y 16 TB 1 EB
xfs N Y Y 8 EB 8 EB
zfs* N Y Y 16 EB 256 ZB
For more details see Wikipedia comparison. Note that ZFS requires 3rd party kernel module of FUSE layer, so I ll discount that here. BTRFS only went stable with Linux kernel 3.10, so with Debian Jessie that s a possibility; but for tried and trusted, I ll use ext4. The selection of ext4 also means that I ll only be able to shrink this file system off-line (unmounted). I ll make the filesystem:
# mkfs.ext4 /dev/OptVG/OptLV
mke2fs 1.42.12 (29-Aug-2014)
Creating filesystem with 1285120 4k blocks and 321280 inodes
Filesystem UUID: 4f831d17-2b80-495f-8113-580bd74389dd
Superblock backups stored on blocks:
  32768, 98304, 163840, 229376, 294912, 819200, 884736
Allocating group tables: done
Writing inode tables: done
Creating journal (32768 blocks): done
Writing superblocks and filesystem accounting information: done
And now mount this volume and check it out:
# mount /dev/OptVG/OptLV /opt/
# df -HT /opt
Filesystem  Type  Size  Used Avail Use% Mounted on
/dev/mapper/OptVG-OptLV ext4  5.1G  11M  4.8G  1% /opt
Lastly, we want this to be mounted next time we reboot, so edit /etc/fstab and add the line:
/dev/OptVG/OptLV /opt ext4 noatime,nodiratime 0 0
With this in place, we can now start using this disk. I selected here not to update the filesystem every time I access a file or folder updates get logged as normal but access time is just ignored. Time to expand After some time, our 5 GB /opt/ disk is rather full, and we need to make it bigger, but we wish to do so without any downtime. Amazon EBS doesn t support resizing volumes, so our strategy is to add a new larger volume, and remove the older one that no longer suits us; LVM and ext4 s online resize ability will allow us to do this transparently. For this example, we ll decide that we want a 10 GB volume. It can be a different type of EBS volume to our original we re going to online-migrate all our data from one to the other. As when we created the original 5 GB EBS volume above, create a new one in the same AZ and attach it to the host (perhaps a /dev/xvdh this time). We can check the new volume is visible with dmesg again:
[1999786.341602]  xvdh: unknown partition table
And now we initalise this as a Physical volume for LVM:
# pvcreate /dev/xvdh
  Physical volume "/dev/xvdh" successfully created
And then add this disk to our existing OptVG Volume Group:
# vgextend OptVG /dev/xvdh
  Volume group "OptVG" successfully extended
We can now review our Volume group with vgs, and see our physical volumes with pvs:
# vgs
  VG  #PV #LV #SN Attr  VSize  VFree
  OptVG  2  1  0 wz--n- 14.99g 10.09g
# pvs
  PV  VG  Fmt  Attr PSize  PFree
  /dev/xvdg  OptVG lvm2 a--  5.00g 96.00m
  /dev/xvdh  OptVG lvm2 a--  10.00g 10.00g
There are now 2 Physical Volumes we have a 4.9 GB filesystem taking up space, so 10.09 GB of unallocated space in the VG. Now its time to stop using the /dev/xvgd volume for any new requests:
# pvchange -x n /dev/xvdg
  Physical volume "/dev/xvdg" changed
  1 physical volume changed / 0 physical volumes not changed
At this time, our existing data is on the old disk, and our new data is on the new one. Its now that I d recommend running GNU screen (or similar) so you can detach from this shell session and reconnect, as the process of migrating the existing data can take some time (hours for large volumes):
# pvmove /dev/sdb1 /dev/sdd1
  /dev/xvdg: Moved: 0.1%
  /dev/xvdg: Moved: 8.6%
  /dev/xvdg: Moved: 17.1%
  /dev/xvdg: Moved: 25.7%
  /dev/xvdg: Moved: 34.2%
  /dev/xvdg: Moved: 42.5%
  /dev/xvdg: Moved: 51.2%
  /dev/xvdg: Moved: 59.7%
  /dev/xvdg: Moved: 68.0%
  /dev/xvdg: Moved: 76.4%
  /dev/xvdg: Moved: 84.7%
  /dev/xvdg: Moved: 93.3%
  /dev/xvdg: Moved: 100.0%
During the move, checking the Monitoring tab in the AWS EC2 Console for the two volumes should show one with a large data Read metric, and one with a large data Write metric clearly data should be flowing off the old disk, and on to the new. A note on disk throughput The above move was a pretty small, and empty volume. Larger disks will take longer, naturally, so getting some speed out of the process maybe key. There s a few things we can do to tweak this: Back to the move Upon completion I can see that the disk in use is the new disk and not the old one, using pvs again:
# pvs
  PV  VG  Fmt  Attr PSize  PFree
  /dev/xvdg  OptVG lvm2 ---  5.00g 5.00g
  /dev/xvdh  OptVG lvm2 a--  10.00g 5.09g
So all 5 GB is now unused (compare to above, where only 96 MB was PFree). With that disk not containing data, I can tell LVM to remove the disk from the Volume Group:
# vgreduce OptVG /dev/xvdg
  Removed "/dev/xvdg" from volume group "OptVG"
Then I cleanly wipe the labels from the volume:
# pvremove /dev/xvdg
  Labels on physical volume "/dev/xvdg" successfully wiped
If I really want to clean the disk, I could choose to use shred(1) on the disk to overwrite with random data. This can take a lng time Now the disk is completely unused and disassociated from the VG, I can return to the AWS EC2 Console, and detach the disk:
Detatch volume dialog boxDetach an EBS volume from an EC2 instance
Wait for a few seconds, and the disk is then shown as available ; I then chose to delete the disk in the EC2 console (and stop paying for it). Back to the Logical Volume it s still 4.9 GB, so I add 4.5 GB to it:
# lvresize -L +4.5G /dev/OptVG/OptLV
  Size of logical volume OptVG/OptLV changed from 4.90 GiB (1255 extents) to 9.40 GiB (2407 extents).
  Logical volume OptLV successfully resized
We now have 0.6GB free space on the physical volume (pvs confirms this). Finally, its time to expand out ext4 file system:
# resize2fs /dev/OptVG/OptLV
resize2fs 1.42.12 (29-Aug-2014)
Filesystem at /dev/OptVG/OptLV is mounted on /opt; on-line resizing required
old_desc_blocks = 1, new_desc_blocks = 1
The filesystem on /dev/OptVG/OptLV is now 2464768 (4k) blocks long.
And with df we can now see:
# df -HT /opt/
Filesystem  Type  Size  Used Avail Use% Mounted on
/dev/mapper/OptVG-OptLV ext4  9.9G  12M  9.4G  1% /opt
Automating this The IAM Role I made at the beginning of this post is now going to be useful. I ll start by adding an IAM Policy to the Role to permit me to List Volumes, Create Volumes, Attach Volumes and Detach Volumes to my instance-id. Lets start with creating a volume, with a policy like this:
 
  "Version": "2012-10-17",
  "Statement": [
   
  "Sid": "CreateNewVolumes",
  "Action": "ec2:CreateVolume",
  "Effect": "Allow",
  "Resource": "*",
  "Condition":  
  "StringEquals":  
  "ec2:AvailabilityZone": "us-east-1a",
  "ec2:VolumeType": "gp2"
   ,
  "NumericLessThanEquals":  
  "ec2:VolumeSize": "250"
   
   
   
  ]
 
This policy puts some restrictions on the volumes that this instance can create: only within the given Availability Zone (matching our instance), only GP2 SSD (no PIOPs volumes), and size no more than 250 GB. I ll add another policy to permit this instance role to tag volumes in this AZ that don t yet have a tag called InstanceId:
 
  "Version": "2012-10-17",
  "Statement": [
   
  "Sid": "TagUntaggedVolumeWithInstanceId",
  "Action": [
  "ec2:CreateTags"
  ],
  "Effect": "Allow",
  "Resource": "arn:aws:ec2:us-east-1:1234567890:volume/*",
  "Condition":  
  "Null":  
  "ec2:ResourceTag/InstanceId": "true"
   
   
   
  ]
 
Now that I can create (and then tag) volumes, this becomes a simple procedure as to what else I can do to this volume. Deleting and creating snapshots of this volume are two obvious options, and the corresponding policy:
 
  "Version": "2012-10-17",
  "Statement": [
   
  "Sid": "CreateDeleteSnapshots-DeleteVolume-DescribeModifyVolume",
  "Action": [
  "ec2:CreateSnapshot",
  "ec2:DeleteSnapshot",
  "ec2:DeleteVolume",
  "ec2:DescribeSnapshotAttribute",
  "ec2:DescribeVolumeAttribute",
  "ec2:DescribeVolumeStatus",
  "ec2:ModifyVolumeAttribute"
  ],
  "Effect": "Allow",
  "Resource": "*",
  "Condition":  
  "StringEquals":  
  "ec2:ResourceTag/InstanceId": "i-123456"
   
   
   
  ]
 
Of course it would be lovely if I could use a variable inside the policy condition instead of the literal string of the instance ID, but that s not currently possible. Clearly some of the more important actions I want to take are to attach and detach a volume to my instance:
 
  "Version": "2012-10-17",
  "Statement": [
     
      "Sid": "Stmt1434114682836",
      "Action": [
        "ec2:AttachVolume"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:us-east-1:123456789:volume/*",
      "Condition":  
        "StringEquals":  
          "ec2:ResourceTag/InstanceID": "i-123456"
         
       
     ,
     
      "Sid": "Stmt1434114745717",
      "Action": [
        "ec2:AttachVolume"
      ],
      "Effect": "Allow",
      "Resource": "arn:aws:ec2:us-east-1:123456789:instance/i-123456"
     
  ]
 
Now with this in place, we can start to fire up the AWS CLI we spoke of. We ll let the CLI inherit its credentials form the IAM Instance Role and the polices we just defined.
AZ= wget -q -O - http://169.254.169.254/latest/meta-data/placement/availability-zone 
Region= wget -q -O - http://169.254.169.254/latest/meta-data/placement/availability-zone rev cut -c 2- rev 
InstanceId= wget -q -O - http://169.254.169.254/latest/meta-data/instance-id
VolumeId= aws ec2 --region $ Region  create-volume --availability-zone $ AZ  --volume-type gp2 --size 1 --query "VolumeId" --output text 
aws ec2 --region $ Region  create-tags --resource $ VolumeID  --tags Key=InstanceId,Value=$ InstanceId 
aws ec2 --region $ Region  attach-volume --volume-id $ VolumeId  --instance-id $ InstanceId 
and at this stage, the above manipulation of the raw block device with LVM can begin. Likewise you can then use the CLI to detach and destroy any unwanted volumes if you are migrating off old block devices.

9 January 2015

Uwe Hermann: My GPG key transition to a 4096-bit key

This is long overdue, so here goes:
-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1,SHA512
I'm transitioning my GPG key from an old 1024D key to a new 4096R key.
The old key will continue to be valid for some time, but I prefer
all new correspondance to be encrypted to the new key, and will be making
all signatures going forward with the new key.
This transition document is signed with both keys to validate the transition.
If you have signed my old key, I would appreciate signatures on my new
key as well, provided that your signing policy permits that without
re-authenticating me.
Old key:
pub   1024D/0x5DD5685778D621B4 2000-03-07
      Key fingerprint = 0F3C 34D1 E4A3 8FC6 435C  01BA 5DD5 6857 78D6 21B4
New key:
pub   4096R/0x1D661A372FED8F94 2013-12-30
      Key fingerprint = 9A17 578F 8646 055C E19D  E309 1D66 1A37 2FED 8F94
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1
iEYEARECAAYFAlSwEaIACgkQXdVoV3jWIbQW5QCgoFHVU/D4fKSbvmGv3nNy3MAW
S2UAn075ztmxQ8Y9/22crbUug1sEjfh5iQIcBAEBCgAGBQJUsBGiAAoJEB1mGjcv
7Y+U9PgP/29jPvrNcdWsLI8YK9U6+JzS+TMXNyfp6CQXc8O/+zJwqvvxNpqY3rLM
5otRLIEJ2EVdiF8sCWTDGusS9NkMePzumR0AFAR0iltIkekO5O0HbHhK0sXJQv0s
EipDpFRO9k4/CBpJEy6Pkkxwd3ndtmwrL1/oKeVmM4E62PJd9ofMpQb/gMUsrA8u
F8xoOXY8Os82Rrd759PypSxNecjd6SYaVJTHgFbZ0QIMJkdKaufifzARdw+v5jwg
8Q11BhpYxvUSugZgiciKA6RjRK5bfRnT8VQPFd0zneilsIW13zz/jub9df/vtM5L
vY/6jHvXczYXSG8EGpHJQCD3KtQJPWZ0Nz9rAm4emEPmR2qav6KGARatYAm0RBqZ
Y81YUEuiWzGli6DH1m9SQe8bqM/J94vQAAX9VqUn2gz0Z0Ey25kVQE7NOGsbbGVS
vD/E74FSk1At9/RGpstrfEjsDKPRman2xk/oZe+08sRB22CJl40N4tZV9AkCJNom
HHGZKp+VEKaCEiLUIRjKTHt2HTThg39zmxl+OnoTSFYvloxrDJyi9SxZgCAmBhbD
7kLkaSDmdUj6CmoilGU+gd2zmQl2D+RHinYZBxOUf1vi1MDLWNcLIMgrz4mRXgzE
YKkG0newf9UbyJw42sXe2ukNQBIqBcL/DmAhG7V+r0RD7MQnMEYy
=09bN
-----END PGP SIGNATURE-----
The new key is available from keyservers, e.g. pgp.mit.edu or others. In other news: Yes, I've not been blogging much recently, will try to do updates more often. In the mean time, you can also refer to my Twitter account for random stuff or the new sigrok Twitter account for sigrok-related posts.

26 May 2014

Clint Adams: Before the tweet in Grand Cayman

Jebediah boarded the airplane. It was a Bombardier CRJ900 with two turbofan jet engines. Run by SPARK, a subset of Ada. He sat down in his assigned seat and listened to the purser inform him that he was free to use his phone door-to-door on all Delta Connection flights. As long as the Airplane Mode was switched on. Jebediah knew that this was why Delta owned 49% of Virgin Atlantic. On the plane ride, a woman in too much makeup asked Jebediah to get the man next to him so she could borrow his copy of the Economist. The man said she could keep it and that it was old. He had stubby little fingers. She was foreign. At Terminal 2, they passed by Kids on the Fly, an exhibit of the Chicago Children's Museum at Chicago O'Hare International Airport. A play area. Jebediah thought of Dennis. The Blue Line of the Chicago Transit Authority was disrupted by weekend construction, so they had to take a small detour through Wicker Park. Wicker Park is a neighborhood. In Chicago. Jebediah looked at Glazed & Infused Doughnuts. He wondered if they made doughnuts there. Because of the meeting, he knocked someone off a Divvy bike and pedaled it to the Loop. The Berghoff was opened in 1898 by Herman Joseph Berghoff. Once he got to the Berghoff, he got a table for seven on the west wall. He eyed the electrical outlet and groaned. He had brought 3 cigarette lighter adapters with him, but nothing to plug into an AC outlet. How would he charge his device? An older gentleman came in. And greeted him. Hello, I'm Detective Chief Inspector Detweiler. Did you bring the evidence? Said the man. Jebediah coughed and said that he had to go downstairs. He went downstairs and looked at the doors. He breathed a sigh of relief. Seeing the word washroom in print reminded him of his home state of Canada. Back at the table he opened a bag, glared angrily at a cigarette lighter adapter, and pulled out a Palm m125. Running Palm OS 4.0. He noticed a third person at the table. It was the ghost of Bob Ross. , said the ghost of Bob Ross. It was good for him to communicate telepathically with Sarah Palin. This has eight megabytes of RAM, Jebediah informed the newcomer. Bob Ross's ghost right-clicked on his face and rated him one star. Jebediah looked angrily at the AC outlet and fidgeted with two of his cigarette lighter adapters. DCI Detweiler said, I had a Handspring Visor Deluxe, and pulled out a Samsung Galaxy Tab 3 8.0 eight-inch Android-based tablet computer running the Android 4.2.2 Jelly Bean operating system by Google. This also has eight megabytes of RAM, he continued. As you requested, I brought the video of your nemesis at the Robie House. Jebediah stared at the tablet. He could see a compressed video file, compressed with NetBSD compression and GNU encryption. It was on the tablet. Some bridges you just don't cross, he hissed. Meanwhile, in Gloucestershire, someone who looked suspiciously like Bobby Rainsbury opened up a MacBook Air and typed in a three-digit passcode. Across the street a wall safe slid out of the wall. And dropped onto someone's head. She closed the laptop. And went to Dumfries. Not far from the fallen safe, a group of men held a discussion. FBI: Why are we here on this junket? CIA: Where are we? DIA: We're here. JIA: This is confusing. NSA: I have to get back to that place in Germany where I don't work. ATF: We're talking about giant robots here, people. EPA: Huh? Part 2 AUD:USD 1.0645 donuts:dozen 12 Gold $1318.60 Giant robot spiders fought each other in a supermarket parking lot. Detective Seabiscuit sucked on a throat lozenge. Who are you again? he asked the toll-booth operator. I said my name is Rogery Sterling, replied the toll-booth operator. Rajry what? I said my name is Rogery Sterling, replied the toll-booth operator. Again. Where am I? Look, I'm telling you that that murder you're investigating was caused by software bugs in the software. Are we on a boat? Look at the diagram. This agency paid money to introduce, quite deliberately, weaknesses in the security of this library, through this company here, and this company here. Library, oh no. I have overdue fees. And they're running a PR campaign to increase use of this library. Saying that the competing options are inferior. But don't worry, they're trying to undermine those too. Detective Seabiscuit wasn't listening. He had just remembered that he needed to stop by the Robie House.

18 January 2014

James Bromberger: Linux.conf.au 2014: LCA TV

The radio silence here on my blog has been not from lack of activity, but the inverse. Linux.conf.au chewed up the few remaining spare cycles I have had recently (after family and work), but not from organising the conference (been there, got the T-Shirt and the bag). So, let s do a run through of what has happened LCA2014 Perth has come and gone in pretty smooth fashion. A remarkable effort from the likes of the Perth crew of Luke, Paul, Euan, Leon, Jason, Michael, and a slew of volunteers who stepped up not to mention our interstate firends of Steve and Erin, Matthew, James I, Tim the Streaming guy and others, and our pro organisers at Manhattan Events. It was a reasonably smooth ride: the UWA campus was beautiful, the leacture theatres were workable, and the Octogon Theatre was at its best when filled with just shy of 500 like minded people and an accomplished person gracing the stage. What was impressive (to me, at least) was the effort of the AV team (which I was on the extreme edges of); videos of keynotes hit the Linux Australia mirror within hours of the event. Recording and live streaming of all keynotes and sessions happend almost flawlessly. Leon had built a reasonably robust video capture management system (eventstreamer on github) to ensure that people fresh to DVswitch had nothing break so bad it didn t automatically fix itself and all of this was monitored from the Operations Room (called the TAVNOC, which would have been the AV NOC, but somehow a loose reference to the UWA Tavern the Tav crept in there). Some 167 videos were made and uploaded most of this was also mirrored on campus before th end of the conference so attendees could load up their laptops with plenty of content for the return trip home. Euan s quick Blender work meant there was a nice intro and outro graphic, and Leon s scripting ensured that Zookeepr, the LCA conference manegment software, was the source of truth in getting all videos processed and tagged correctly. I was scheduled (and did give) a presentation at LCA 2014 about Debian on Amazon Web Services (on Thursday), and attended as many of the sessions as possible, but my good friend Michael Davies (LCA 2004 chair, and chair of the LCA Papers Committee for a good many years) had another role for this year. We wanted to capture some of the hallway track of Linux.conf.au that is missed in all the videos of presentations. And thus was born LCA TV. LCA TV consisted of the video equipment for an additional stream mixer host, cameras, cables and switches, hooking into the same streaming framework as the rest of the sessions. We took over a corner of the registration room (UWA Undercroft), brought in a few stage lights, a couch, coffee table, seat, some extra mics, and aimed to fill the session gaps with informal chats with some of the people at Linux.conf.au speakers, attendees, volunteers alike. And come they did. One or two interviews didn t succeed (this was an experiment), but in the end, we ve got over 20 interviews with some interesting people. These streamed out live to the people watching LCA from afar; those unable to make it to Perth in early January; but they were recorded too and we can start to watch them (see below) I was also lucky enough to mix the video for the three keynotes as well as the opening and closing, with very capable crew around the Octogon Theatre. As the curtain came down, and the 2014 crew took to the stage to be congratulated by the attendees, I couldn t help but feel a little bit proud and a touch nostalgic memories from 11 years earlier when LCA 2003 came to a close in the very same venue. So, before we head into the viewing season for LCA TV, let me thank all the volunteers who organised, the AV volunteers, the Registration volunteers, the UWA team who helped with Octogon, Networking, awesome CB Radios hooked up to the UWA repeated that worked all the way to the airport. Thanks to the Speakers who submitted proposals. The Speakers who were accepted, made the journey and took to the stage. The people who attended. The sponsors who help make this happen. All of the above helps share the knowledge, and ultimately, move the community forward. But my thanks to Luke and Paul for agreeing to stand there in the middle of all this madness and hive of semi structured activity that just worked. Please remember this was experimental; the noise was the buzz of the conference going on around us. There was pretty much only one person on the AV kit my thanks to Andrew Cooks who I ll dub as our sound editor, vision director, floor manager, and anything else. So who did we interview? One or two talks did not work, so appologies to those that are missing. Here s the playlist to start you off! Enjoy.

16 April 2013

Aigars Mahinovs: na 6 internets

na ir slavena ne tikai ar savu akmens m ri valsts zieme os, bat ar ar Di o nas Ugunsm ri apk rt visam s valsts Internetam, kas blo visu p c k rtas un iebremzina visu p r jo. Man pirm person g saskarsme ar o pakalpojumu notika jau anhajas lidost , kad tri vien izr d j s, ka valst blo ts ir ne tikai Facebook, bet ar Twitter, kas iev rojami apgr tin ja manas iesp jas tri un viegli apzi ot visus, ka es esmu v l joproj m esmu dz vs un vesels. P c p ris eksperimentiem izr d j s, ka, lai ar no telefona nav pieejama Google+ m jas lapa un nav lejupl d jama Google+ (un WhatsApp) programma uz Android, tom r, ja t s jau ir telefon , ie abi servisi turpina no telefona str d t. T p c es s ku rakst t ce ojuma piez mes Google+ un da as dienas p c ce ojuma s kuma man pat izdev s nokonfigur t If This Then That servisu, lai tas pa em manus Google+ ierakstus un uztaisa no tiem Twitter ierakstus (kas jau t l k pa citiem kan liem izplat s uz Facebook un Draugiem un ar par d s k ned as kopsavilkums aj blog ). Google+ ir savi plusi, bet ar savi m nusi. Galvenais m nuss, ko es aj ce ojum paman ju ir tas, ka Google+ Android aplik cij nav iesp jams sagatavot vair kus ierakstu melnrakstus (v lams katru ar savu geolok ciju) bez Interneta var rakst t tikai vienu ierakstu un t ieraksta GPS koordin tes b s t s kur viet p c tam Internets par d sies. Es jau uzrakst ju Googlei par o probl mu. Galvenais pluss Google plusam (no pun intended) ir Instant Upload ja bild t fotogr fijas ar Android telefonu, s fotogr fijas autom tiski tiks aug upiel d tas un par d sies jaun ieraksta izveides interfeis , kur t s var pievienot ierakstam ar vienu klik i bez jebk das gaid anas. Diem l tas nestr d ar norm laj m kamer m. Pagaid m ;) Ta u es neb tu sts datori is, ja es nepam in tu uzlaust vai apiet o nelielo nas probl mu, ne? ;) Visvienk r akais veids k apiet nas Lielo Ugunsm ru ir izmantot jebk du VPN, kas at auj ne tikai piek t VPN t kla resursiem, bet ar at auj laist visu trafiku caur o VPN savienojumu. dus VPN piesl gumus var nopirkt, vai (ja ir Linux serveris vai routeris rpus nas) izveidot pa am. Man gad jum tas bija ar vienu klik i iesl gts OpenVPN uz Fonera routera, kas st v man s m j s. Diem l na ir sav da. Blo to lapu, portu un protokolu saraksts main s gan da dos rajonos, gan ar atkar b no t vai Internets ir mob lais vai wifi vai ar piesl gumu, gan ar vienk r i no dienas dien . Liel da gad jumu blo to lietu sarakst iekr t ar VPN savienojumi. Bie i vien ar priv tie. Man kaut k ne iet, ka mana m jas IP adrese ir nas ugunsm ra sarakstos, ta u da reiz ar tam VPN pievienoties es nevar ju. Un t d s situ cij s, lai apskat tu k du YouTube video, atliek tikai viens, eni ls risin jums sshuttle! is eni lais r ks izveido ko l dz gu VPN savienojumam caur parasto SSH portu un protokolu. Uz lok l s ma nas ir nepiecie ams Python un root ties bas, bet uz servera ir vajadz gas tikai ties bas palaist Python programmas. sshuttle pats aizs ta sevi uz serveri un palai s tur, pat ie ifr un p rs ta visus savienojumus un ar DNS piepras jumus, ja vi am to paprasa. Var p rs t t konkr tus t klus vai visu trafiku. Un trums man pieredz tas ir bija pat tr ks par parasto VPN. Kopum Interneta blok de un t visp r gais l nums ir viens oti spec gs m nuss nai. Aizskrienot mazliet uz priek u st st jum pateik u, ka Hong Kong das probl mas nav tur Internets ir lielisks! L k t ds t zeris san ca :)

1 February 2013

James Bromberger: LCA 2013

LCA Past Organisers

Previous core organisers of Linux.conf.au, taken at Mt Stromolo Observatory during LCA 2013 (pic by Josh Stewart); except one of these people organised CALU, and another hasn t organised one at all!

Thanks to all the people at LCA2013 in Canberra; it was a blast! So good to see old friends and chat freely on what s hot and happening. Radia (known for STP, TRILL), Sir Tim (the web) and old friend Bdale (Debian, SPI, Freedom Box) were inspiring. As was Robert Llewellyn (Kryten, Red Dwarf), who was a complete pleasure he wandered back and talked for a while with the volunteer video crew. Hats off to Pia for organising the TBL tour, to Mary Gardner for being awarded the Rusty Wrench, and to the team from PLUG (Euan, Jason, Leon, Luke) who stepped up to help with the video team and to Paul who graciously accepted the help. Next up LCA2014 Perth! Y all come back now.. it s been a decade.

6 December 2012

James Bromberger: Official Debian Images on Amazon Web Services EC2

Please Note: this article is written from my personal perspective as a Debian Developer, and is not the opinion or expression of my employer.
Amazon Web Service s EC2 offers customers a number of Operating Systems to run. There are many Linux Distributions available, however for all this time, there has never been an Official Debian Image or Amazon Machine Image (AMI), created by Debian. For some Debian users this has not been an issue as there are several solutions of creating your own personal AMI. However for the AWS Users who wanted to run a recognised image, it has been a little confusing at times; several Debian AIMs have been made available by other customers, but the source of those images has not been Debian . In October 2012 the AWS Marketplace engaged in discussions with the Debian Project Leader, Stefano Zacchiroli. A group of Debian Developers and the wider community formed to generated a set of AMIs using Anders Ingemann s ec2debian-build-ami script. These AMIs are published in the AWS Marketplace, and you can find the listing here: No fees are collected for Debian for the use of these images via the AWS Marketplace; they are listed here for your convenience. This is the same AMI that you may generate yourself, but this one has been put together by Debian Developers. If you plan to use this AMI, I suggest you read http://wiki.debian.org/Cloud/AmazonEC2Image, and more explicity, SSH as the user admin and then sudo -i to root. Additional details Anders Ingemann and others maintain a GitHub project called ec2debian-build-ami which generates a Debian AMI. This script supports several desired features, an was also updated to add in some new requirements. This means the generated image supports: Debian Stable (Squeeze; 6.0.6 at this point in time) does not contain the cloud-init package, and neither does Debian Testing (Wheezy). A fresh AWS account (ID 379101102735) was used for the initial generation of this image. Any Debian Developer who would like access is welcome to contact me. Minimal charges for the resource utilisation of this account (storage, some EC2 instances for testing) are being absorbed by Amazon for this. Co-ordination of this effort is held on the debian-cloud mailing list. The current Debian stable is 6.0.6 Squeeze , and we re in deep freeze for the Wheezy release. Squeeze has a Xen kernel that works on the Parallel Virtual Machine (PVM) EC2 instance, and hence this is what we support on EC2. (HVM images are a next phase, being headed up by Yasuhiro Akarki <ar@d.o>). Marketplace Listing The process of listing in the AWS Marketplace was conducted as follows: This image went out on the 19th of November 2012. Additional documentation was put into the Wiki at: http://wiki.debian.org/Cloud/AmazonEC2Image/Squeeze A CloudFormation template may help you launch a Debian instance by containing a mapping to the relevent AMI in the region you re using: see the wiki link above. What s Next The goal is to continue stable releases as they come out. Further work is happening to support generation of Wheezy images, and HVM (which may all collapse into one effort with a Linux 3.x kernel in Wheezy). If you re a Debian Developer and would like a login to the AWS account we ve been using, then please drop me a line. Further work to improve this process has come from Marcin Kulisz, who is starting to package ec2debian-build-ami into a Debian: this will complete the circle of the entire stack being in main (one day)! Thanks goes to Stefano, Anders, Charles, and everyone who contributed to this effort. Resources

18 October 2012

Jonas Smedegaard: SOME DESCRIPTIVE TITLE

# Copyright (C) YEAR Free Software Foundation, Inc. # This file is distributed under the same license as the PACKAGE package. # FIRST AUTHOR <email>, YEAR. # #, fuzzy msgid "" msgstr "" "Project-Id-Version: PACKAGE VERSION\n" "POT-Creation-Date: 2012-10-12 11:14+0300\n" "PO-Revision-Date: YEAR-MO-DA HO:MI+ZONE\n" "Last-Translator: FULL NAME <email>\n" "Language-Team: LANGUAGE <ll>\n" "Language: \n" "MIME-Version: 1.0\n" "Content-Type: text/plain; charset=UTF-8\n" "Content-Transfer-Encoding: 8bit\n" #. type: Title # #, no-wrap msgid "Status hos doktoren" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text #, no-wrap msgid "\n" msgstr "" #. type: Plain text #, no-wrap msgid "" "**Jonas Smedegaard** [dr.jones at pobox.com " "](mailto:friends%40jones.dk?Subject=Status%20hos%20doktoren&In-Reply-To=1.5.4.32.19971011010004.0067de34%40kaospilot.dk) " "\n" msgstr "" #. type: Plain text msgid "_Sat Oct 11 15:22:00 CEST 1997_" msgstr "" #. type: Bullet: ' * ' #: msgid "Previous message: [Spamming? ](000001.html)" msgstr "" #. type: Bullet: ' * ' #: msgid "" "**Messages sorted by:** ? date (date.html#2) ? thread (thread.html#2) " "? subject (subject.html#2) ? author (author.html#2)" msgstr "" #. type: Plain text #, no-wrap msgid " Hej Patrik (og alle Jer andre )!\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " >_Vad sker med dig det var ett stycke tid diden?\n" " _>_Vad skedde der med ditt arbejde pa cafeet og pa skolen?\n" " _\n" " Lang historie!\n" " (den kommer nu )\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Jeg tror snart jeg har laert (the hard way) hvor dyr jeg egentligt er i " "drift.\n" " Jeg har nu i 3 maneder "ligget med r ven *under* vandskorpen" " " konomisk: minus 15.000,- pa kontoen. Det vender forhabentligvis indenfor " "den naeste maned - ellers pa jeg tage et regulaert lan, hvis jeg fortsat " "skal have firma som fuldtidsbeskaeftigelse.\n" " Det betyder, at jeg for tiden arbejder fra ca. 9 morgen til 0:30 nat syv " "dage om ugen (med enkelte eftermiddage eller aftener fri). Der er faktisk " "opgaver at lave, som ogsa gi'r penge i kassen - men det har der ikke vaeret " "for nogle maneder siden, og nar der var, har jeg taget mig for billigt " "betalt (men du kender mig jo!). Jeg er begyndt mere at involvere min " "storebror, nar jeg udarbejder tilbud, til at hjaelpe mig med en mere reel " "prissaetning.\n" msgstr "" #. type: Plain text #, no-wrap msgid " Her er lidt(?) om, hvad jeg beskaeftiger mig med for tiden:\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " *** Homebase ***\n" " Jeg far forbindelse fra mit kontor og ned til Mejlgade om en lille uge - " "rent teoretisk ihvertfald - derefter skal jeg ha' elektronikken til at " "fungere \n" " Jeg administrerer deres servere og netvaerk, og er "Boss" for Morten " "P. fra Frontl berne, som er blevet hyret til at vedligeholde alle " "arbejdspladserne pa skolen.\n" " Jeg har *intet* at g re med content pa webserveren. Efter i foraret at " "have haft DogSystem (et par nystartede edb-folk) til at udarbejde noget " "smart (som vist aldrig blev rigtigt til noget) har Uffe nu faet samlet nogle " "studerende (vist primaert fra hold 3), som skal hitte pa noget \n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Her er et uddrag af en mail til Rasmus fra hold 3:\n" " >>_Du ma gerne f lge lidt med i arbejdet og sende mig en kommentar " "eller\n" " _>>_gode rad, hvis du f ler for det.\n" " _>_\n" " _>_Jeg har et ambivalent forhold til Jeres arbejde:\n" " _>_ - Jeg f ler for det, Ja. Meget!\n" " _>_ - I sidder og laver mit arbejde \n" " _>_ - Meningen med mit arbejde er ar g re mig selv arbejdsl s - sa det " "er\n" " _>_*godt*, at I laver det \n" " _>_ - I laver det maske bedre, maske darligere end jeg ville ha' gjort " "det -\n" " _>_men helt sikkert anderledes!\n" " _>_ - Min force (og min kaephest!) er grundstrukturer mere end visuel " "(og\n" " _>_anden) indpakning. Det er svaert at kommentere og komme med gode rad, " "nar de\n" " _>_er omkring grundstruktur. Det kraever naesten, at man sidder ved " "roret \n" " _>_ - Hvis ikke jeg kommer med mine kommentarer nu, skal jeg enten holde " "mund\n" " _>_med det (og det er svaert) eller de vil udvikles til bagklogskab og\n" " _>_bedrevidenhed \n" " _>_ - Jeg har egentligt for travlt til at beskaeftige mig med det: Jeg " "har hele\n" " _>_tiden haft "travlt". At jeg har "for travlt" er et udtryk for, at " "jeg er\n" " _>_blevet klar over, at for at leve et liv som selvstaendigt " "erhvervsdrivende\n" " _>_er det ikke nok at arbejde hardt - man skal ogsa ta' penge for " "det Jeg\n" " _>_har derfor ikke for travlt, hvis der er penge i lortet (men det er " "sjaeldent\n" " _>_tilfaeldet i Mejlgade - til gengaeld er der sa meget andet " "dernede!).\n" " _\n" " *** Brugerflade-design ***\n" " Jeg har faet et job ved Frontl berne: VPAE (Virtual Project Assistance " "Environment).\n" " De er med i et faelles-nordisk projekt om at lave en "virtuel " "projektvugge" - altsa et forum pa Internet med en raekke vaerkt jer til " "projektudvikling og administration af gamle projekter.\n" " Konkret arbejder jeg i diss uger pa design af brugergraenseflade " "(dialogbokse osv.) og n dvendige datastrukturer til et system til " "udarbejdelse af en projektbeskrivelse.\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Jeg arbejder taet sammen med Morten P., og det er utroligt spaendende at " "arbejde med en konkret, mindre opgave med stor paedagogisk og funktionel " "vaerdi.\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " *** Praktikant ***\n" " En af mine venner fra gymnasietiden, Henrik, studerer informatik (det " "hedder vist noget lidt andet ) her i rhus, og meget tyder pa, at han " "snart kommer i praktik her hos mig i en maned.\n" " Han skal arbejde meget selvstaendigt. Jeg har brug for hans viden " "indenfor PR, han kan bruge mig som "pr veklud", og jeg kan stille medier " "(webserver o.l.) til hans radighed.\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Jeg har en ide om at vaere meget aben overfor brug af praktikanter - " "ikke bare som nem arbejdskraft (det er kraevende at saette i arbejde, og at " "give opgaver fra sig!), men mere fordi det giver mig en traening i " "formidling af min viden, og erfaringer mht. "s saetning" af mine metoder " "og ideer som tekniker - men det kraever maske lidt uddybning :\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Mit virke er grundliggende at bygge bro mellem teknikere og brugere " "indenfor IT. Det har 2 aspekter - at naerme teknikeren til brugeren, og at " "naermere brugeren til teknikken. Jeg arbejder med undervisning (arketyper, " "paedagogik og kommunikation), brugerfladedesign og almen radgivning for at " "hjaelpe brugeren pa vej. For at hjaelpe teknikeren tager jeg udgangspunkt i " "mig selv og mit arbejde med brugeren, og udvikler herigennem en raekke " "metoder og tankesaet, som jeg vil formidle - gennem praktikanter eller " "evt. decideret undervisning - til andre teknikere, som ikke i det daglige " "arbejder "i begge lejre", og derfor ikke ser de samme problematikker som " "mig.\n" " konomisk skulle "Projekt dr. Jones" gerne baeres igennem " "vha. konkrete projekter - virksomheder og enkeltpersoner, som har behov for " "min viden og mit arbejde, og som er villige til at betale merprisen for " "forskning fremfor traditionelle l sninger (NB! jeg bruger bevidst ikke ord " "som "udvikling" og "innovation" - for mit arbejde f rer til tider " "tilbage til udgangspunktet - det er ikke *altid* n dvendigt at opfinde den " "dybe tallerken igen!)\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Henrik vil ikke give mig de store erfaringer mht. formidling af min " "viden - jeg har for stor en pukkel af opgaver liggende til at kunne gabe " "over ham ogsa. Denne gang er det primaert hans felt - PR - jeg kan drage " "nytte af.\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " *** Undevisning ***\n" " Jeg har nu i en maned undeervist i edb som valgfag pa IDA " "(Idraetsdagh jskolen). Indtil nu har det vaeret 2 timer om ugen, elever i " "alderen 30-60 ar - men om fa uger bliver der yderligere 4 timer om ugen med " "elever pa 20-30 ar.\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Afl nningen er symbolsk (nej, god l n regnet som underviser, jeg far " "samme l n som en uddannet laerer - men ikke sammenholdt med, hvor " ""dyrebar" min tid er som selvstaendig ), men sjaeldent har jeg oplevet " "sa tydeligt et ryk i min paedagogiske forstaelse og opmaerksomhed.\n" " Jeg bliver sandsynligvis ikke haengende ved IDA i mere end et 1/2-1 ar - " "det er simpelthen for tids- og ressourcekraevende - men h ster gode " "erfaringer salaenge (og bader mig i deres positive feedback :-)\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " *** Brugerflade-programmering ***\n" " Samtidig (egentligt burde jeg forlaengst vaere faerdig, men opgaven greb " "om sig) arbejder jeg pa mit eget projekt: BOS (BrugerOpdateringsSystem).\n" " Det er et CGI-script (lille program pa en web-server), som muligg r " "redigering af indholdet pa websider uafhaengigt af sidens grafiske " "opsaetning, og - vaesentligst - UDEN AT SKRIVE EEN ENESTE KODE!\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " 1. udgave af BOS betalte jeg en programm r 15.000,- for at udvikle. Jeg " "havde brug for det til en opgave for AC (Akademikernes Centralorganisation), " "som skulle bruge det til bl.a. pressemeddelelser og publicering af et " "manedsblad pa deres 200+ siders websider (som jeg ogsa har lavet!).\n" " Da AC i sensommeren kom med rettelser og udvidelser til deres website " "blev der brug for forbedringer af BOS, og jeg erfarede, at min programm r " "havde lavet meget u-fleksibel kode, som var umulig at bygge videre pa.\n" " 2. udgave af BOS er nu naesten faerdig. Jeg valgte at skrive det om fra " "grunden selv (med hjaelp fra en god ven, som studerer datalogi), og har " "efterhanden skrevet ca. 750 linjers kode i programmeringssproget Perl \n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Jeg havde ikke troet, at jeg nogensinde skulle kunne programmere. Det " "kraever disciplin og god forstaelse for grundliggende datastrukturer, som " "jeg hidtil troede n dvendiggjorde et mangearigt universitetsstudie " "(datalogi).\n" " Jeg vil ikke sla mig ned som programm r, men kan nu bruge det som ekstra " "fjer i min vifte af erfaringsomrader, i min rejse mod "At vaere det ledende " "radgivningsorgan i Danmark indenfor anvendt edb"!\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " *** Internet-Cafe ***\n" " Jeg har jo kontor i 2 lokaler hos NETLAB, en spillecafe (computerspil i " "netvaerk). Det tog ikke mange jeblikke at slutte deres og mit netvaerk " "sammen, sa alle spillecomputerne ogsa kunne komme pa Internet - desvaerre " "fungerede det ikke med store computerspil (lang teknisk forklaring ), kun " "med alm. ting som e-mail og at "surfe" pa nettet.\n" " Jeg far snart (indenfor fa uger) "aegte" adgang til Internet, via fast " "forbindelse d gnet rundt. Sa kan der spilles computerspil via Internet, og " "spillecafeen er reelt blevet en Internet-Cafe \n" " Den kommende Internetforbindelse er dog ikke saerligt kraftig (64kbit - " "2-4 x modemhastighed) til deling mellem 20 kraftige maskiner, og har lagt en " "f ler ind hos Telia: Om ikke de har lyst til at sponsorere stedet. Give os " "en kraftig forbindelse til Internet, og til gengaeld fa reklamevaerdien af " "en stabil og hurtig forbindelse Folk der bliver rigtigt bidt af det vil " "jo f r eller siden k be en maskine selv, og sa far de jo brug for en " "Internet-udbyder \n" " Min rolle bliver at administrere "hullet" (eller "hullerne" til " "Internet, og evt. ogsa at strukturere og administrere mail-adresser til " "bes gende pa cafeen.\n" " konomisk forestiller jeg mig en fast procentdel af indtaegterne i " "cafeen - eller evt. simpelthen en billigere husleje?!?. Det gaelder om at " "finde en prispolitik, som spiller sammen med den grundliggende holdning ved " "bade dr. Jones og NETLAB om et indbydende, seri st (uden at blive kedeligt!) " "milj fremfor "flest muligt forbi kasseapperatet".\n" msgstr "" #. type: Plain text #, no-wrap msgid " -\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Det blev et laengere brev - og jeg tror faktisk, jeg vil genbruge det " "til ogsa at fortaelle familie og andre venner, hvorfor de har h rst sa lidt " "til mig pa det sidste \n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Hej allesammen!\n" " Haber I nyder tilvaerelsen. Det g r jeg - men traenger ogsa snart til et " "lille pusterum - juleferie i Sydfrankrig, regner jeg med!\n" msgstr "" #. type: Plain text #, no-wrap msgid "" " Ha' det bra!\n" " Jonas\n" " :_-)\n" " _\n" msgstr "" #. type: Plain text msgid "" "[More information about the Friends mailing list](http://mail.jones.dk/cgi- " "bin/mailman/listinfo/friends)" msgstr "" #. type: Plain text msgid "This text is part of my friends scriblings." msgstr ""

8 May 2012

James Bromberger: Courier IMAP and FAM

Last Friday, while tracking Debian Testing, the courier package was updated, and while authentication could be seen to be successful, actually using IMAP seemed to fail. Turns out the FAM package was somehow to blame; installing fam and libfam0 was the solution. This uninstalled gamin for me. So if you re pulling your hair out with a similar courier/imap issue, then perhaps have a look at the courier-imap mailing list.

4 April 2012

James Bromberger: Goodbye Linux.2.6.x

It s taken some time, but now none of my personal Linux hosts (4 in total) are running the 2.6 kernel any more. From the start (January) my company web host on Amazon EC2 has been running a 3.x kernel. My little Acer Aspire Revo low power home server, with attached disk pack that sits in my shed in a network cabinet has run 3.x for the last 6 months or so. My Linux laptop (Dell Studio 1558) which only recently got installed (and, since removing Windows, hasn t overheated once!) went to 3.x immediately. And the last piece of the puzzel is a virtual machine I ve had for many years with Bytemark.co.uk they re now offering a 3.2 kernel in their menu of selectable kernels. Not that 3.x is that much different than 2.6.3x; but its a line in the sand of feature and security thats easy to identify. But with nearly 15 years of looking at a 2.x kernel, its about time we moved to 3.x!

23 February 2012

James Bromberger: Hurricane Electric IPv6 tunnel MTU

I ve been running an IPv6 tunnel for a long time, but occasionally I ve been seeing traffic hang on it. It looks like it was the MTU, defaulting at 1500 bytes, causing issues when large amounts of data were being shuffled OUT from my Linux box, back to the net . The fix is easy: /etc/network/interfaces should have an up line for the interface definition saying: up ip link set mtu 1280 dev henet, where henet is the name of your tunnel interface. Easy enough to skip this line if your tunnel appears to be working OK, but interesting to track down.

13 February 2012

James Bromberger: Debian Wheezy: US$19 Billion. Your price FREE!

As many would know, Debian GNU/Linux is one of the oldest, and the largest Linux distributions that is available for free. Since it was first released in 1993, several people have analysed the size and produced cost estimates for the project. In 2001, Jes s M. Gonz lez-Barahona et al produced an article entitled Counting Potatoes , an analysis of Debian 2.2 (code named Potato). When Potato was released in June 2003, it contained 2,800 source packages of software, totalling around 55 million lines of source code. When using David A. Wheeler s sloccount tool to apply the COCOMO model of development, and an average developer salary of US$56,000, the projected development cost that Gonz lez-Barahona calculated to start-from-scratch and build Debian 2.2 in 2003 was US$1.9 billion. In 2007 an analysis entitled Macro-level software evolution: a case study of a large software compilation by Jes s M. Gonz lez-Barahona, Gregorio Robles, Martin Michlmayr, Juan Jos Amor and Daniel M. German was released. It found that Debian 4.0 (codename Etch released April 2007) had just over 10,000 source packages of software and 288 million lines of source code. This analysis also delved into the dependencies of software packages, and the update flow between Debian release (not all packages are updated with each release). Today (February 2012) the current development version of Debian, codenamed Wheezy, contains some 17,141 source packages of software, but as it s still in development this number may change over the coming months. I analysied the source code in Wheezy, looking at the content from the original software that Debian distributes from its upstream authors without including the additional patches that Debian Developers apply to this software, or the package management scripts (used to install, configure and de-install packages). One might argue that these patches and configuration scripts are the added value of Debian, however the in my analysis I only examined the pristine upstream source code. By using David A Wheeler s sloccount tool and average wage of a developer of US$72,533 (using median estimates from Salary.com and PayScale.com for 2011) I summed the individual results to find a total of 419,776,604 source lines of code for the pristine upstream sources, in 31 programming languages including 429 lines of Cobol and 1933 lines of Modula3! In my analysis the projected cost of producing Debian Wheezy in February 2012 is US$19,070,177,727 (AU$17.7B, EUR 14.4B, GBP 12.11B), making each package s upstream source code wrth an average of US$1,112,547.56 (AU$837K) to produce. Impressively, this is all free (of cost). Zooming in on the Linux Kernel In 2004 David A. Wheeler did a cost analysis of the Linux Kernel project by itself. He found 4,000,000 source lines of code (SLOC), and a projected cost between US$175M and US$611M depending on the complexity rating of the software. Within my analysis above, I used the standard (default) complexity with the adjusted salary for 2011 (US$72K), and deducted that Kernel version 3.1.8 with almost 10,000,000 lines of source code would be worth US$540M at standard complexity, or US$1,877M when rated as complex . Another Kernel Costing in 2011 put this figure at US$3 billion, so perhaps there s some more variance in here to play with. Individual Projects Other highlights by project included:
Project Version Thousands
of SLOC
Projected cost
at US$72,533/developer/year
Samba 3.6.1 2,000 US$101 (AU$93M)
Apache 2.2.9 693 US$33.5M (AU$31M)
MySQL 5.5.17 1,200 US$64.2M (AU$59.7M)
Perl 5.14.2 669 US$32.3M (AU$30M)
PHP 5.3.9 693 US$33.5M (AU$31.1M)
Bind 9.7.3 319 US$14.8M (AU$13.8M)
Moodle 1.9.9 396 US$18.6M (AU$17.3M)
Dasher 4.11 109 US$4.8M (AU$4.4M)
DVSwitch 0.8.3.6 6 US$250K (AU$232K)
Debian Wheezy by Programming Language The upstream code that Debian distributes is written in many different languages. ANSI C with 168,536,758 is the dominant language (40% of all lines), followed by C++ at 83,187,329 (20%) and Java with 34,698,990 (8%).
Line chart

Break down of Wheezy by Language

If you are intersted in finding the line count and cost projections for any of the 17,000+ projects, you will find them in the raw data CSV. Other Tools and Comparisons Ohcount is another source code cost analysis tool. In March 2011 Ohcount was run across Debian Sid: its results are here. In comparison, its results appear much lower than the sloccount tool. There s also the Ohloh.net Debian Estimate which only finds 55 Million source lines of code and a projected cost of US$1B. However Ohloh uses Ohcount for its estimates, and seems to be to be around 370 million SLOC missing compared to my recent analysis. Summary Over the last 10 years the cost to develop Debian has increased ten-fold. It s intersting to know that US$19 billion of software is available to use, review, extend, and share, for the bargain price of $0. If we were to add in Debian patches and install scripts then this projected figure would increase. If only more organisations would realise the potential they have before them. Need help with Linux (including Debian), Perl, or AWS? See www.jamesbromberger.com.

19 March 2010

Aigars Mahinovs: Latvijas pavasara Ubuntu Bug Jam un Installest 27.03.2010

The following is an invitation to the Latvian Ubuntu Bug Jam (in Latvian) sent for a bit of a wider circulation to catch people that monitor Planet Debian, but not Planet Ubuntu.lv. 27. mart LU Linux centr notiks divi pas kumi vien Ubuntu Global Bug Jam Latvijas da a un installfests. Global Bug Jam ir pas kums, kur piedal ties ir aicin ti interesenti, speci listi, studenti, lai mekl tu k das Ubuntu Lucid Lynx test anas versij . Cilv ki, kas grib uzzin t par Ubuntu Linux, vai kuri grib atrisin t k du konkr tu probl mu ar Ubuntu Linux tiek aicin ti n kt uz pas kuma otro da u no pulksten 14:00 l dz 16:00. Pas kuma b s kafija un bulci as ar Accenture atbalstu. Ubuntu Global Bug Jam ir glob ls pas kums, kura m r is ir iepaz stin t programm t jus un tulkot jus ar r kiem, kas tiek lietoti, lai labotu probl mas Ubuntu oper t jsist m un ar izlabot p c iesp jas liel ku skaitu probl mu s laik . Izstr d t ji, kas grib labot Ubuntu probl mas vai iem c ties k labot Ubuntu probl mas, tiek aicin ti ierasties 12:00 un palikt l dz 16:00. Installfest pas kuma sada tiek aicin ti visi eso ie Ubuntu lietotaji, kuriem ir k das konkr tas probl mas un ar cilv ki, kas tikai v l interes jas par Ubuntu Linux. Ja jums ir konkr ta probl ma ar Ubuntu Linux ir ieteicams atnest uz pas kumu savu datoru, kur o probl mu var atk rtot, lai pas kum eso ie programm t ji var tu noteikt s probl mas iemeslu un pal dz tu no nov rst. Installfests s ksies 14:00 un turpin sies l dz 16:00. Ubuntu ir bezmaksas, uz Linux balst ta pilna apjoma oper t jsist ma jebkuram person lajam datoram, serverim un portat vajai iek rtai. T s standarta komplekt iek autas visas nepiecie am s programmas, lai str d tu ar tekstiem, att liem, elektronisko pastu un Internetu, k ar j s varat instal t papildus programmat ru da diem nol kiem. Pasaul to obr d jau lieto vair k k 8 miljoni cilv ku, un to leg li bez maksas var lietot gan m j s, gan komerci l s un nekomerci l s organiz cij s. LU Linux Centrs ir izveidots Latvijas Universit tes Datorikas fakult t . Linux Centra darb bas m r i ir: populariz t atv rt pirmkoda (Open Source) programmat ras, tai skait , Linux oper t jsist mas un citu atv rto tehnolo iju iesp jas un priek roc bas; piedal ties LU studiju proces un stenot lieti o IKT p t jumu projektus, tajos izmantojot un att stot atv rt s tehnolo ijas; sekm t APP pieejam bu Latvij un pasaul .

26 January 2010

Lucas Nussbaum: Re: How free is the Nokia N900?

Following my questions on the freeness of the Nokia N900, I received quite a lot of comments. I m trying to summarize the most important points here. For all the details, see the comments and Tollef s blog.

8 February 2008

Aigars Mahinovs: (Latvian) Velost vvietas R gas centr

(This blog post is in Latvian and is about a public discussion that the capital of Latvia, Riga is having about where to put new bicycle racks in the center of the city. In the post I point to an article describing where to send in suggestions, point out a few possible locations for such racks and suggest installing racks with build-in locks that would require inserting a refundable coin to remove the key locking a bike in place) R gas dome v c ierosin jumus par jaunu velost vvietu novietojumu R gas centr . Es tur nos t ju sekojo us ieteikumus, parosieties ar j s. Vislab k velovietnes b tu izvietot t d viet , kas b tu p rredzama no ce iem, pa kuriem iet daudz cilv ku un ar kur b tu novietotas dro bas nov ro anas kameras, lai minimiz tu z dz bu risku. Viena vietne var tu atrasties Str lnieku laukum vai t tuvum , jo tur ir viegla piek uve no Krasta ielas. Vieta starp RTU ku Ka u 1 un
Krasta ielu var tu b t oti piem rota. Tas ar ierosin s studentus lietot velotransportu pa ce am uz lekcij m Ka u iel . Alberta laukuma var tu atrasties vieta velosip du novieto anai - vieta ir viegli pieejama no Stacijas puses un ir tuvu vair k m viesn c m. Ja ir pl ni izveidot Pay&Ride autom tisko velosip du nomu, tad is var tu b t par vienu no vislab kajiem punktiem dai iecerei. Pils laukums ir viegli sasniedzams no P rdaugavas pa Van u tiltu. Ja tur izveidotu velost vvietu, tad tas iev rojami atvieglotu iesp ju atbraukt ar velosip du pa J rmalas veloceli u p ri Van u tiltam, nogriezties pa labi un uzreiz dro i noparkoties. T pat l dzu apv rt ideju pielietot velovietnes ar ieb v tu atsl gu, lai neb tu nepiecie ams vest l dzi savu sl dzeni. Katrai vietai var tu b t sava sl dzene (bieza un pietieko i gara cietmet la trose) un atsl ga. Atsl gu var tu iz emt no sl dzenes tikai tad, kad sl dzene ir aiztais ta un sl dzenes meh nism ir ielikta 1 Ls mon ta. Atsl dzot sl dzeni ar atsl gu mon ta tiktu atdota atpaka . Tas nodro in s pret vand lismu, kad vienk r i vis m sl dzen m tiktu iz emtas atsl gas un aizmestas prom. Ta u jebkur gad jum j b t vieglam veidam k aizvietot nozaud t s atsl gas gan gad jumos kad velosip da pa nieks to pieprasa (tas var aiz emt vair kas dienas un pras t 5-10 Ls un iesnieguma uzrakst anu) vai ar kad velosip ds ir pamests piesl gt st vokl . Jaunas atsl gas izgatavo anai nevajadz tu pras t vair k k 1 Ls no pils tas bud eta, tad tas 1 Ls sl dzen os izdevumus atmaks s.

15 February 2007

Jordi Mallach: Tunisia

Last month, Bel n and I managed to secure our trip to Tunisia on the very last moment. So, planning trips on the very last moment isn't nothing new around this place, but we made a big effort to take things to the limit. I can't remember why exactly, but on January 31 we were *so* close to fucking everything up before it started, when we packed our stuff just a pair of hours before having to leave to the train station. My luggage was prepared in a rush, so while I think I took everything I thought I'd need, I didn't really select my clothes too much. The idea was to have our suitcases mostly empty to bring back stuff from the markets: smoking cachimbas, lamps, leather stuff, etc. At that time I didn't know that would end up being a great strategy. Anyway, like 9 minutes before the train's departure we were stuck in Nuevo Centro without a taxi and at that point I really had lost hope about being on time. For some reason, there were no taxis in the area, when it's normally a place where there's tons of them. Suddenly one appeared, we rushed in and I asked the taxi driver to please fly to the station. Happily, we got an incredible green wave around the avenues, he drove us at like 80 Km/h and we even had to wait for a few minutes at the station. In Barcelona, we prepared our small New Year's Eve dinner with my cousin Laia and Marc, and while the plan was to go to sleep pretty early to be in good shape to go to the airport next morning, the bottles of wine and cava emptied quite fast, and around 4:30 we were quite drunk when we decided it was enough. When some annoying sound woke us up next morning, it was really late, so we again rushed out to the empty streets of Barcelona, sneaked into a regional train, without knowing it was the only way to get in time in El Prat airport, and after some initial confusion trying to find the travel's agency desk in the wrong terminal, we managed to check into our flight, being the very last to do so. With all the rush, I couldn't get some clothes from my suitcase transfered into my hand luggage, which I really wanted to do after my nice lost luggage experience during Debconf 5 in Helsinki. Anyway, chances are small that your luggage gets lost, right? But of course, Murphy is always vigilant, and this was a great opportunity to fuck me up. After a short but horrible (due to our really bad hangover) to Tunis/Carthage airport, we were in the long security/passport check. When Bel n picked up her bag and mine didn't appear, I tried to tell myself hey, it'll appear, no worries! . After 15 minutes, the stupid suitcase was nowhere to be found. Apparently, another two pieces of luggage had the same luck, which made us contact a group of four Uruguayans who were missing one of them. Nothing too terrible; it'll surely come on tomorrow's flight. After reclaiming our lost luggage, we went out to the parking where a bus was waiting for us, and on the way there, the six of us nearly fell into the first Tunisian scam, involving a dude selling jasmine flowers at 2 each. The bus took us down to Jasmine Hammamet, the most touristic place in Tunisia. Valencians might have an easy imagining the atrocity of the area by picturing what twice Marina d'Or plus Benidorm including Terra M tica would look like. Kilometres and kilometres of a disgusting Who can build the most horrible giant hotel right next to the beach contest. So it was pretty clear we had to spend as little time as possible in the area. We soon learned about how transport works in Tunisia. The cheapest is to use the public busses and the luagge collective taxis, we soon found out. Our first morning there, our guide Rejeb, working for Iberojet and Solplan touroperators, gave a talk where he advised us against travelling alone, specially around the South, while he offered organised trips around the country for every day of the week. Although we expected this danger! speech, we decided to book the two day trip to the South and Great South of the country, basically because it was the best way to see many places in a short time, even if it meant having limited time in each destination. We wandered around Jasmine Hammamet and discovered Carthage Land, sort of a Disneyland set in the age of Anibal and Carthage's empire, which was inside a newly built medina complex. This was a really bad place to practice the art of haggling, as the place was so desert, merchants really tried hard to get you buy something. Again, we were close to fucking up after our first negotiation, but we finally decided we weren't so interested. Lucky, we later found out the price was outrageous. Sadly, we spent way too much time in that tourist trap, and we found it was too late to go to the real Hammamet town to see a real medina and real stuff, so we had a long walk around the immense beach until sunset. On Wednesday, we did organise a bit with the Uruguayans and some others we had met: Mar a and Santi Kuchi Kuchy , Cristina and Pedro and an Argentinian family, and managed to hire a van driver to drive us all over the North. For quite a good price, we were taken to a few ruin sites in Carthago, now mostly a residential area, and it was really impressive. While the condition of many of the remainings is not optimal, it was exciting to see things which had been built by Phoenicians and Romans 2,000 years ago. I really enjoyed the remainings of the Antonine thermal baths of the city. It had been a huge building right next to the sea; one of the standing columns helps figuring out how big it had been. Right next to this site, the Presidential Palace dominated the whole gulf. Military places are treated zealously in Tunisia, and it is against the law to take pictures of any bit of it, not even a barbwire of the fence. The Palace had a great Tunisian flag waving over it, and many signs advised you against taking pictures in that direction. I couldn't resist.


The ruins of the Roman Antonine Baths After Carthage, we went to Sidi Bou Said, a small touristic town, which had the peculiarity and beauty of having all windows and doors painted in a beautiful light blue colour. Our last stop for the day was in Tunis, where we visited the most amazing medina of the whole week. Unlike the new medina in Jasmine Hammamet, this one was literally packed with people going up and down the maze of very narrow streets. Every few metres you'd come across a new, attractive smell coming from the few salons de th or spice, leather or perfume shops. Here we finally started developing our haggling skills, and managed to get a few items for reasonable amounts.


Streets of Sidi Bou Said Back at our hotel, everyone tried to get a quick dinner and go early to bed, as next morning we were taking a bus for our trip around the South. There was time to call yet another time to the Airport, to find out that one of the luggage pieces had been found. While there was no news about my suitcase, we shared a taxi to the airport to pick the found suitcase, and see if mine was actually there by any chance. Unluckily, it wasn't, so I wouldn't have any clothes for the desert visit. Some people in the group were kind enough to lend me some t-shirts and pants. For my underwear, I actually resorted to using some of Bel n's (no kidding, it was way too sexy :P), while mine dried up after some manual washing. The alarm clock went off at 5:15 or so, and soon after we were ready in the hall with our small bags. When the bus was ready to pick us up, the guide said we weren't allowed in, as we weren't on the list. WTF? We were nearly the first ones to book and pay for it! So he finally let us in, for a short while, until he realised there was no space for everyone, so he demanded that we got off. Of course, we didn't, and a long and very disgusting argument started between the guide, us and a few people who had seen us pay for our trip, and were trying to support us. To make a long story short, we ended up stepping down when I noticed the bus driver calling the police, and after Rejeb, our guide, told us the other bus would be waiting for us at the travel agency if we quickly took a taxi there. We of course knew that was a fantasy to get the bus moving, but dealing with the police at 6:30AM wasn't on my list of activities for the day, so we finally gave up to let the rest of the people get in time to their visits, as they were very tightly scheduled to make everything fit in two days. Nobody was waiting for us at the travel agency, but we were promised our money back, which did happen in the evening; our plans for Thursday and Friday were a bit broken though, and the rest of the morning was spent looking for alternatives. When we had managed to book a new trip in a different agency for Saturday, we took the bus to Nabeul, the capital of the province, well known for their medina specialised in pottery. In Nabeul, we lived a tourist trap which I found to be quite original. Not having walked 3 metres into the city walls, some young dude stops us and tells us that he knows us, as he works in the restaurant of our hotel . I totally didn't remember his face at all, but why not? So he quickly tells us Nabeul has good carpet workshops, and her sister is working in one which is regulated by the Government, and you can only visit two days a week. Coincidentally, Thursday is one of them! So he literally grabs us by the arm and takes us to one of the streets perpendicular to the main market street, and we enter a carpet shop. To the right, his sister probably being like 45 years older, is knitting a nice carpet on the loom. And a few seconds after, we're taken upstairs, where a Teletienda show starts before us. Without being asked if we want to buy a carpet, some other dude starts to unroll carpets and more carpets before us, talking in some very basic Spanish. While we're offered jasmine tea, which is really nice, Ali the brother quickly excuses himself and vanishes, leaving us with the salesman, which continues unrolling more and more before us, now helped by someone else. When 10 minutes later we convince them that we won't buy any carpet, he asks a donative for his young employee, who has unrolled and will now roll back a zillion carpets. Back in the hotel, we have dinner with a pair of Catalans from our flight, and when we tell us about the carpet place, they tell us they went over the same story like one hour before us! On Friday, we got some advice on other places to visit, and decided to go up to Cape Bon and visit Kerkuan, the only important remainings of a Punic city which, when conquered by the Romans, was destroyed to the grounds, but not rebuilt on top (they were busy with Carthage). Romans did an excellent job when destroying cities, and the result is a site which still lets you see perfectly how a small town (around 1,500) looked like 2,000 years ago.


Ruins of a Kerkuan neighbourhood, with their red bathrooms nearly intact To reach Kerkuan we had taken the bus up to Nabeul and then our first luagge to Kelibia, where we took a taxi (after no less than half an hour arguing in French with the taxi driver to settle on a rate for a ride to Kerkuan and then to the tip of the Cape in El Haouaria. Luagges are undoubtedly the best way to travel medium distances for very little money, while getting mixed with locals. During our ride up North, we chatted with a nursing student from Kelibia who was going back to her town for the weekend. She was really open, like most of the people we found in Tunisia, and we ended up exchanging our post addresses; we still need to send her a postcard from Val ncia soonish. This area wasn't so touristic, so the roads, while totally acceptable, weren't as good as the highway from Tunis to Sfax we were used to. We had seen some bits of the local driving skills , but the luagge driver performed some of the most extreme overtakings I've ever seen. These happened every three of four minutes, so after a while I was actually amused about what was going on. We would overtake two lorries on one go when there was absolutely no visibility; if things went too far, people would just slow down to let the overtaker get back into his lane on time, and those coming ahead would just use their headlamps to make them know it was just a bit too close. The taxi driver, annoyed at us, took us to Kerkuan but didn't wait for us; he immediately left, leaving us without any transportation in the middle of nowhere. After a visit at the site, we walked around 2.5 kilometres back to the main road, where we decided it was too late and risky to continue the journey up to El Haouaria, so we waited on the road gutter for a taxi. The first one which stopped was, to our surprise, the same bastard who left us one hour before, who stopped, laughing at us a little. Luckily some other taxi came by in the correct direction, and soon forgot about that man. After a taxi, luagge and bus ride, we were back in Hammamet, and the desert group had already got back from the two day trip. We were asked over and over what happened, what did we do, etc. People who hadn't talked to us before would come over and see; we were really surprised about the warm welcome we had. After dinner, we improvised a customes party, and many people managed to dress up in Tunisian/arabic fashions using bed sheets and so on. We had to wake up at 5AM next morning, but didn't go to bed until 2AM. Nothing could go wrong this time. We had our tickets, we had confirmed we would be going on Sunday the night before, so at 6:15, our new guide came in, and came straight towards me. He said something in German, and after I told him I spoke absolutely no German, he said huh, well you know the bus is full of Germans, and my indications will be in German? . Pretty incredible, but again a fuckup by the agency. My ticket said, clearly: Sahara safari. Bus + 4x4. (ALL). Turns out ALL meant Allemand, not everything included , although we had requested English pretty clearly. This was quite a minor problem though, after having no clothes for a whole week and having been left behind two days before. I think we were really lucky getting that German group, though. We were only 16 people on the minibus, making the stops a lot faster than the normal ones, where 55 persons need to get out and in of the bus. We had our own Routard guide for Tunisia, so we could read about the places we were about to visit before getting ther. Also, I surprisingly knew much of what our guide was talking about, just missing the details he talked about oil production in Tunisia compared to Spain's, among other topics . When the landscape was becoming drier and drier, Bel n and I spotted something dark far away ahead in the completely straight road. As it became bigger, I started thinking it might be the #1 place to visit for me in Tunisia: El Djem's impressive Roman amphitheatre. When we got off the bus, I was totally excited. Before me, the walls of an incredibly well preserved, huge Roman building; in fact, the best Roman ruins in the whole continent. El Djem's amphitheatre was the third biggest of the Roman empire with 35,000 seats, only surpased by Rome's and Capua's. It remained mostly intact until the 17th century, when some of its stones were used to build the city and some of the treasures taken to the Great Mosque of Kairouan, but when it took more damage was during two consequent wars, when the Turks didn't have many problems to blow part of the wall away using cannons to end up a siege of the city.


The Roman amphitheatre of El Djem The underground tunnels are intact, and it's difficult to not have flashes of Gladiator while walking under the arena's trapdoors. Sadly, there was little time to spend there, and we had to continue the journey after just 45 minutes. I would have spent half of the day there. From here, the landscape truly started to get drier and more desertic. The south of Tunisia is a giant olive field, until you reach the Great South, where it's dry enough that the only thing that grows in the land are rocks. Hours later we arrived in Matm ta, the very famous troglodyte village of small holes in the ground. Although I was curious about being there, watching how organised and massive tourism has destroyed these Berber's ways of life dissapointed me greatly. Our guide stopped the bus in one of the pits, which was decorated with white and light blue. In the first room, an old woman was grinding something in a small, stone mill. The dwellers of the few pits still used by their original inhabitants now make a living by letting people into their homes and getting dinar as a payment for taking photographs. What the woman was doing was just a bit of theatre, part of the show. After this first room, we got into the middle of the pit, which had a series of other passages to some rooms, some of which were simply open so we could get in and have a look. I felt a little bit like violating someone's privacy, and wondered how much the house had changed in the last years.


Inside a troglodyte underground house in Matm ta After our visit, we continued up the mountains of Matm ta, and after going by a giant "WELCOME TO MATMATA" sign drawn in white in the middle of a mountain, Hollywood style (!), we stopped for a brief photo-stop (sic). Indeed, the view was quite impressive, and is universally famous as one of the filming spots of Tatoonie scenes in Star Wars: A New Hope. Speaking of famous places, a few minutes later we stopped at the top of one of the hills, were we'd have lunch in the Hotel Sidi Driss, a place of pilgrimage for Star Wars fans, as it was the troglodyte pit which served as the Skywalker's home. The place is full of references to the film saga, and one of the open pits is full of set pieces stuck into the walls. We were served couscous, which wasn't bad, but was cooked and served in the most genuine fast-food fashion. Everyone there gets couscous to eat, apparently, and it's the same in many other touristic places in the area.


Matm ta's lunar landscape From here, our journey headed straight West, in the middle of the rocky desert, until after some time, you could start to see lines of palm tree branches planted here and there, a sign that rocks would soon disappear, being replaced by sand and dunes. As when we were approaching El Djem, at some point a huge, dark spot appeared on the horizon. Douz, probably named after some 12th French batallion which stayed there, is a small town in the very limit of the Sahara desert, built right next to a huge oasis, exclusively dedicated to palm tree plantations, making dates production a big source of income, along with, of course tourism. The travel agencies use Douz as the starting point for several-day trips into the desert, camel rides and stuff like this. Our guide offered us getting a camel and carriage ride in Tozeus for 20 dinar, but Bel n and I declined. He didn't seem to be too happy about it, and had no problem commenting this in German and Arab with the driver (Spanisch and Spanien were clear to me). We learned that the agency (or the guide) makes around 3 Dinar for everyone who contracts the camel rides, after speaking to one native young kid who worked in the camel place. While our German trip mates got dressed in berber fashion, we opted to walk into the desert and play around in the sand on our own. I discovered a few desert insects which were unlike anything I've seen anywhere, and their diminute trails were all over the dunes. Looking West, the view was astonishing, with only thousands of kilometres of yellow dunes ahead us.


The evening sun over the dunes After they came back, we were taken to our hotel, which was really impressive. After leaving our stuff in our room, we headed back to the desert, which was like 300 metres away, to see the sunset over the Great Dune . There's a street which literally serves as the frontier between the rocky ground and the sand desert. From there, you could see many lines of palm tree branches, which are planted by locals in a futile attempt to stop the inexorable advance of the desert. Women in Douz and other towns in the desert limit spend their days sweeping the entrances to their homes, as sand gets in really fast. A small village next to Douz even had to be abandoned and rebuilt in some other place, with the old one being finally devoured by the dunes. When it got dark, we still had some time to kill before dinner, and we discovered a hammam in our hotel. I got in, and saw there was a bored young man inside. He informed us about the prices, and after some short deliberation, we realised we'd spent half of the camel money in some Arab relaxation; while I got a really cool massage, Bel n enjoyed a Turkish bath. I spoke to the guy for a while, and he said not that many people used that hammam. He actually handed the list of services since 2002, which easily fitted in one piece of paper. People don't know what they are missing; he explained that most of the hotel's clients just showed no interest in the baths. I wonder how Fins or Norwegians would react, given their sauna culture. The dinner and breakfast in that hotel was absolutely awesome, and I actually ate too much to have an easy sleep. Next morning we had to be ready at 5:30. That's pushing my limits. The bus started crossing the Chott Jerid when it was still quite dark. The chotts are dry, salt lakes in the middle of the desert, which during some seasons do get some water, sometimes from the underground. The Chott Jerid is the biggest of the three chotts in the area, and the views are fantastic. It's like a giant, totally flat muddy sea which reflects light creating dangerous mirages of oasis-like dark patterns. Before the construction of the recent road that links Douz and Tozeur, crossing the chott was so risky that many people died in the attempt. We had the unique opportunity to see the sun rise over the salty horizon.


Sunrise at the Chott Jerid Again, on our way to Tozeur, we were offered a carriage ride for ten dinar, and again we declined. The guide then asked us if we had no money or what. So in Tozeur we basically wanted to walk around the oasis fields, and ended up talking most of the time with some old man who sold drums and desert roses. On a 4x4, we went up North to Chebika, a really cool town with a small oasis of thermal water, which I guess was around 40 C. The short walk to the wall where the oasis surfaced was packed with children who insistently begged for money or offered necklaces and other items. It was difficult to make them understand you didn't want anything. We then went up the mountain behind Chebika through a road which had its own piece of history. It seems that during WWII, Rommel suffered an Allied siege in Chebika, with a range of mountains behind their backs. The Allies gave him one month to surrender, and he took his time to answer. During that time, he ordered his engineers to design and build a road which would let them escape Chebika through the steep mountains, and they managed. When the ultimatum expired, the Allies apparently found out Chebika had been abandoned by the Germans, including tanks and most of their equipment. So, on the way up, a few kilometres away from the Algerian border, there was another typical visit to the biggest oasis waterfall in Tunisia, which was several metres high.


The oasis at Chebika Our Sahara trip would soon end, and after lunch we headed Northeast on our way to Hammamet. On our way back, we stopped in Kairouan, one of the key Islam pilgrimace spots, with the Great Mosque as the biggest attraction. Unluckily, as we arrived after lunch, we didn't had a chance to see it. Apparently it is really impressive. We haggled a bit for a pair of babouches and a small leather couch in the medina. We came back to our hotel around 7, and found most of the people around the hall. After the obligatory update on how it went, we went to bed as we were exhausted, and of course we had to get up really early to head to the airport. The airport was at that early time of the morning a total chaos, and while people stood in the checkin lines, I tried to find out what was going on with my still lost luggage. I went back to the lost luggage window, which would be closed for 5 more minutes. When they finally opened, they told me once again they had no clue about what was going on with my luggage. I finally understood they had no clue: my tracking number wasn't in their database. I asked them if I could have a look at the unreclaimed luggage storage room. They kindly opened a small door for me, and invited me to go inside and have a look. The view was gross: hundreds of lost bags all over the place. As I was in a bit of a hurry (I actually had to get back to Barcelona), I asked him where to find the bags of one week ago, and he nearly bursted into laugher. Okay, I had to look all over the place, scanning every piece of luggage in an attempt to spot mine. There were bags of absolutely every type in there. In one of the corridors, I sensed a disgusting smell, and figured out some poor guy may have food or something in one of their lost bags, which was rotting in that horrible room. So wrong: soon after I found myself nearly stepping on a puddle of shit, as if someone had literally dumped it right there. Oh my... luckily my search was nearly over and unsuccessful, and I got back to Barcelona with the hope of finding my bag in El Prat. After looking in their two storage rooms I realised I'd probably not see the luggage again, which is a real pain in the ass. A few hours of train later we were back in Val ncia, with a feeling of having spent 3 or 4 weeks in Tunisia, not just 8 days. Really a great place to visit, not only for their cultural treasures, both current and ancient, but for the openness of their people. I hope I'll be back at some point!

Next.