Yesterday was my first appearance as a sardine in Zurich s public transport vehicles, as part of a campaign by the Swiss group for sustainable mobility, umverkehR, which I support: We handed out flyers and answered questions, and the general reaction was very positive. The fact that we got covered in Switzerland s most popular newspaper, 20 Minuten will add greatly to the reconnaisance factor, so that in the months to come, us sardines will be immediately recognised, hopefully provoking thought and chat over the roots of the campaign. Most of us know the sardine as a dead fish perched into a can with many others in a way to minimise space. Human-sized, walking sardines are a great way to increase awareness of the issue of over-crowded public transport. It was fun to see even the Really Serious Newspaper Readers unable to suppress a smile. Talking to friends about the campaign, I ve often been met with expressions of how absurd such a campaign is in Switzerland, possibly the country with the best public transport system world-wide. I agree, but that doesn t mean that we should not keep working on further improving it. If you ve ever been stuck in a commuter train during rush-hour, standing around in stifling heat and jealously eyed those that managed to grab a seat before you, you ll probably agree that even in Switzerland, we could be doing it better. These days, with the financial crisis weighing heavy on everyone s budgets, and with environmental concerns on the rise, we are witnessing a never-before level of readiness of the public to make sustainable choices. Confronting those people with stuffed trains doesn t reconfirm those decision. Instead, it will make those people crave their air-conditioned cars and possibly switch back to polluting the air with exhaust and noise, because it surely is more comfortable to sit in your own cool car than it is to be perched in public transport like a sardine. Thus, umverkehR s message goes mainly to the politicians: prioritise public transport in your future mobility plans, keep the prices affordable, and help get people off the road in the interest of our environment. You can see more pictures in the gallery and a short film on Youtube. We have a separate sardine blog, a Facebook account and there s even a chance for you to win travel coupons: all you have to do is submit an original photo of anything to do with over-crowded public transport by e-mail or MMS to sardine t umverkehr.ch by October 2009. You can browse all submissions on Flickr. I hope that we can spread the idea as far as New Zealand and the countries between. There are always chances in any crisis. NP: Porcupine Tree: Stupid Dream

Switzerland voted today for the introduction of biometric passports, with 50.1% for and 49.9% against, one of the closest votes since 1848 (according to NZZ). While the news don t fill me with glee there are too many unanswered questions around the digital passports one aspect of the decision surprised and even shocked me. I do not like biometric passports, because I like to know when my data are consumed, and by whom. The German government assures that only authorised parties can access those data, and published information about the security features of the German biometric passports, but I am unconvinced that those are adequate to protection for the 10 years of validity of the passport. Furthermore, I could find absolutely no information on who the authorised parties are, or which regulations cover who will become authorised in the near future. If that was properly addressed, e.g. by leaving it up to me and only me to decide who gets access, then the digital passport could actually be a good step forward, streamlining border control and making travel easier. But there is a completely different avenue of concern, no matter who gives permission to whom to consume whose data: how are they used, and where, and how long are they stored, and for what? Again, I cannot find any regulations. Instead, my question to the German Department of the Interior was answered (!) along the lines of it being up to each country to decide themselves over the use and storage of the data. In this light, it makes little difference that the German procedure for the digital passport does not permit the issuing bureau to store the data, while Switzerland s strategy is to build a central database of all these personal details (this is what shocked me). It might make you wonder what use the Swiss government is hoping for, and you might feel uncomfortable with your government building up an even tighter database of its people. But I d much rather have my data stored in Switzerland than consumed and stored every time I enter another country, because when I compare the style of governance of Switzerland to pretty much anything else out there, I am glad I get to live here (even though I am not Swiss and cannot vote). Yet, it s a worrying step in a direction of the glass human , of a society in which personal privacy is unknown and everything is part of the system. These are totalitarian visions, and it s doubtful whether we ll ever actually get there (so far, I don t think any state has come up with the information management strategies required to properly store, make use, and read sense out of the massive amounts of information), but the trend is clearly visible. In the end, however, what worries me the most is how relaxed people treat their personal information these days. Look at the infamous social networking sites, or other Web 2.0 gimmicks and you really start to wonder how headless people can be these days. I cannot immediately paint a scenario where it might be dangerous to push all kinds of information about yourself to the masses, but the mere idea of that is scary in and of itself. I d prefer to have the choice with whom to share what data. The biometric passports, despite the advantages they might bring, are one step away from that, because they empower the government to make that choice for you. I don t consider that progress at all. Update: NZZ reports that the issue is not closed. In the cantons of Grishuna and Lucerne, people are challenging the vote and a recount or even re-vote seems possible. I will post an update as soon as I know more. Then, I would also like to address some replies I ve received over the real problems behind the digital passports, because it cannot be just the central data storage it s not like your government doesn t already have all that, and I can t imagine how your fingerprint could be used against you.

Would all the paranoid crypto-users please stop flooding Planet Debian with GPG output? And if you just cannot avoid it, please tag those posts meme, because that s what they are. If you really think there s a need for a new key, you re one step ahead of me, because so far, there s only a theoretical attack and the valid question of whether this is actually something to worry about in the context of GPG (or in the context of Git, for that matter). There is no practical exploit out there, and I don t expect one that would endanger your use of GPG any time soon. Of course, we ought to replace the current crypto infrastructure with a new one before the current one is compromised, but that should really be motivated by careful consideration and planning, not by lemming-like behaviour and the infamous tipping point. I ve long been meaning to clean up my key and may also switch to using a new one in the near future. However, I don t think there is an immediate need and I ll take time first to investigate the options RSA is hardly free from problems or an optimal choice. For instance, why would I want to use an RSA key, which is limited in GPG to 4096 bit keys? Do we really want to deal with signatures that are 4-10 times longer than their DSA counterparts? When RSA is broken, will we see a replay of this whole key-replacing frenzy? Wouldn t it make more sense to leverage the current situation and work on pushing/improving the DSA algorithm with larger keys, and to strive towards better algorithms in general, e.g. through SHA-3. If you still need to replace your key, revoke the old one, point at the new one in the revocation reason, and please refrain from abusing feed aggregators from letting the world know. If gpg cannot follow the trust chain after the revocation, please fix it. In the mean time, it is a good idea to use RIPEMD160 instead of SHA-1 for signing, with the following lines in ~/.gnupg/gpg.conf:

personal-digest-preferences SHA512 SHA384 SHA256 SHA224 RIPEMD160
default-preference-list [ ] H10 H9 H8 H11 H3 [ ]

and to set the preferences on your key accordingly:

% gpg --edit-key $KEYID
> setpref [ ] H10 H9 H8 H11 H3 [ ]
> save
% gpg --send-key

Then, make sure RIPEMD160 is being used:

% gpg --clearsign -a </dev/null   grep '^Hash:'

I ll end with a link to a decent write-up on the cryptographic basics of GPG.

Do you use GPG or PGP to sign or encrypt your emails and/or files? This is a reminder to those who answered yes: make sure you have a revocation certificate, as well as backups of your private/public key pair, ideally in multiple safe locations. It s always a good idea to keep backups. But what is more important with GPG is the revocation certificate. That s your emergency brake. If someone ever gains control over your key, this is the only way for you to minimise (further) abuse of your key and your identity. However, even a revocation certificate won t be able to prevent all abuse, by nature of the design of the GPG Web of Trust. You also need to exercise utmost care in protecting your key and making sure third parties cannot gain control over it. Do not keep it on machines you don t trust, and make sure to use a safe, non-guessable passphrase! With GnuPG, generating a revocation certificate is as easy as this; replace $KEYID with your 8 or 16 digit hexadecimal key ID:

gpg --gen-revoke $KEYID > $KEYID.revoke.asc

and store it away. Do not import it until you need to revoke your key! In my case, the process was this; lines requiring my input are prefixed with an arrow ( ):

  sec  1024D/330C4A75 2001-06-20 Martin F. Krafft <mail@martin-krafft.net>
  Create a revocation certificate for this key? (y/N) y
  Please select the reason for the revocation:
    0 = No reason specified
    1 = Key has been compromised
    2 = Key is superseded
    3 = Key is no longer used
    Q = Cancel
  (Probably you want to select 1 here)
  Your decision? 1
  Enter an optional description; end it with an empty line:
  > 
  Reason for revocation: Key has been compromised
  (No description given)
  Is this okay? (y/N) y
  You need a passphrase to unlock the secret key for
  user: "Martin F. Krafft <mail@martin-krafft.net>"
  1024-bit DSA key, ID 330C4A75, created 2001-06-20
  ASCII armored output forced.
  Revocation certificate created.
  Please move it to a medium which you can hide away; if Mallory gets
  access to this certificate he can use it to make your key unusable.
  It is smart to print this certificate and store it away, just in case
  your media become unreadable.  But have some caution:  The print system of
  your machine might store the data and make it available to others!

I then printed the file, put it in the safe, stored it on a removable disk and hid it away. Even though I exercise great care over my key material, I can now sleep better at night, knowing that I can at least minimise any damage done by an attacker who compromises my key. Also, that way I can make sure to declare unused keys as such, since there is no other way to revoke a published key for which you ve lost the private key or forgotten its passphrase. I ve left such traces in my past and wish I had known what I was doing at the time: A8FA196E, C22D1C01, 1EF0975C. This is your chance to do it right. Make yourself a revocation certificate now (along with backups)! And always exercise care and keep your key secure. NP: Mono: One More Step and You Die

xmodmap has long been the only way to modify the keyboard map of the X server, short of the complex configuration daemon approaches used by the large desktop managers, like KDE and GNOME. But it has always been a hack: it modifies the X keyboard map and thus requires a baseline to work from, kind of like a patch needs the correct context to be applicable. Worse yet, xmodmap weirdness required me to invoke it twice to get the effect I wanted. When the recent upgrade to X.org 7.4 broke larger parts of my elaborate xmodmap configuration, I took the time to finally ditch xmodmap and implement my modifications as proper xkb configuration.

Background information I had tried before to use per-user xkb configuration, but could not find the answers I want. It was somewhat by chance that I found Doug Palmer s Unreliable Guide to XKB configuration at the same time that Julien Cristau and Matthew W. S. Bell provided me the necessary hints on the #xorg/irc.freenode.org IRC channel to get me started. The other resource worth mentioning is Ivan Pascal s collection of XKB documents, which were instrumental in my gaining an understanding of xkb. And just as I am writing this document, Debian s X Strike Force have published their Input Hotplug Guide, which is a nice complement to this very document you are reading right now, since it focuses on auto-configuration of xkb with HAL. The default xkb configuration comes with a lot of flexibility, and often you don t need anything else. But when you do, then this is how to do it:

Installing a new keyboard map The most basic way to install a new keyboard map is using xkbcomp, which can also be used to dump the currently installed map into a file. So, to get a bit of an idea of what we ll be dealing with, please run the following commands:

xkbcomp $DISPLAY xkb.dump
editor xkb.dump
xkbcomp xkb.dump $DISPLAY

The file is complex and large, and it completely went against my aesthetics to simply edit it to have xkb work according to my needs. I sought a way in which I could use as much as possible of the default configuration, and only place self-contained additional snippets in place to do the things I wanted done differently. setxkbmap and rule files Thus began my voyage into the domain of rule files. But before we dive into those, let s take a look at setxkbmap. Despite the trivial invocation of e.g. setxkbmap us to install a standard US-American keyboard map, the command also takes arguments. More specifically, it allows you to specify the following high-level parameters, which determine the sequence of events between key press and an application receiving a KeyPress event:

• Model: the keyboard model, which defines which keys are where
• Layout: the keyboard layout, which defines what the keys actually are
• Variant: slight variantions in the layout
• Options: configurable aspects of keyboard features and possibilities

Thus, with the following command line, I would select a US layout with international (dead) keys for my Thinkpad keyboard, and switch to an alternate symbol group with the windows keys (more on that later):

setxkbmap -model thinkpad -layout us -variant intl -option grp:win_switch

In many cases, between all combinations of the aforementioned parameters, this is all you ever need. But I wanted more. If you append -print to the above command, it will print the keymap it would install, rather than installing it:

% setxkbmap -model thinkpad -layout us -variant intl -option grp:win_switch -print
xkb_keymap  
  xkb_keycodes    include "evdev+aliases(qwerty)"        ;
  xkb_types       include "complete"     ;
  xkb_compat      include "complete"     ;
  xkb_symbols     include "pc+us(intl)+inet(evdev)+group(win_switch)"    ;
  xkb_geometry    include "thinkpad(us)"         ;
 ;

There are two things to note:

1. The -option grp:win_switch argument has been turned into an additional include group(win_switch) on the xkb_symbols line, just like the model, layout, and variant are responsible for other aspects in the output.
2. The output seems related to what xkbcomp dumped into the xkb.dump file we created earlier. Upon closer inspection, it turns out that the dump file is simply a pre-processed version of the keyboard map, with include instructions exploded.

At this point, it became clear to me that this was the correct way forward, and I started to investigate those points in order. The translation from parameters to an xkb_keymap stanza by setxkbmap is actually governed by a rule file. A rule is nothing more than a set of criteria, and what setxkbmap should do in case they all match. On a Debian system, you can find this file in /usr/share/X11/xkb/rules/evdev, and /usr/share/X11/xkb/rules/evdev.lst is a listing of all available parameter values. The xkb_symbols include line in the above xkb_keymap output is the result of the following rules in the first file, which setxkbmap had matched (from top to bottom) and processed:

! model         layout              =       symbols
  [...]
  *             *                   =       pc+%l(%v)
! model                             =       symbols
  *                                 =       +inet(evdev)
! option                            =       symbols
  [...]
  grp:win_switch                    =       +group(win_switch)

It should now not be hard to deduce the xkb_symbols include line quoted above, starting from the setxkbmap command line. I ll reproduce both for you for convenience:

setxkbmap -model thinkpad -layout us -variant intl -option grp:win_switch
xkb_symbols     include "pc+us(intl)+inet(evdev)+group(win_switch)"    ;

A short note about the syntax here: group(win_switch) in the symbols column simply references the xkb_symbols stanza named win_switch in the symbols file group (/usr/share/X11/xkb/symbols/group). Thus, the rules file maps parameters to sets of snippets to include, and the output of setxkbmap applies those rules to create the xkb_keymap output, to be processed by xkbcomp (which setxkbmap invokes implicitly, unless the -print argument was given on invocation). It seems that for a criteria (option, model, layout, ) to be honoured, it has to appear in the corresponding listing file, evdev.lst in this case. There is also evdev.xml, but I couldn t figure out its role.

Attaching symbols to keys I ended up creating a symbols file of reasonable size, which I won t discuss here. Instead, let s solve the following two tasks for the purpose of this document:

1. Make the Win-Hyphen key combination generate an en dash ( ), and Win-Shift-Hyphen an em dash ( ).
2. Let the Caps Lock key generate Mod4, which can be used e.g. to control the window manager.

To approach these two tasks, let s create a symbols file in ~/.xkb/symbols/xkbtest and add two stanzas to it:

partial alphanumeric_keys
xkb_symbols "dashes"  
  key <AE11>  
    symbols[Group2] = [ endash, emdash ]
   ;
 ;
partial modifier_keys
xkb_symbols "caps_mod4"  
  replace key <CAPS>  
    [ VoidSymbol, VoidSymbol ]
   ;
  modifier_map Mod4   <CAPS>  ;
 ;

Now let me explain these in turn:

1. We used the option grp:win_switch earlier, which told xkb that we would like to use the windows keys to switch to group 2. In the custom symbols file, we now simply define the symbols to be generated for each key, when the second group has been selected. Key <AE11> is the hyphen key. To find out the names of all the other keys on your keyboard, you can use the following command:

   xkbprint -label name $DISPLAY -   gv -orientation=seascape -
   
   

   I had to declare the stanza partial because it is not a complete keyboard map, but can only be used to augment/modify other maps. I also declared it alphanumeric_keys to tell xkb that I would be modifying alphanumeric keys inside it. If I also wanted to change modifier keys, I would also specify modifier_keys. The rest should be straight-forward. You can get the names of available symbols from keysymdef.h (/usr/include/X11/keysymdef.h on a Debian system, package x11proto-core-dev), stripping the XK_ prefix.
2. The second stanza replaces the Caps Lock key definition and prevents it from generating symbols (VoidSymbol). The important aspect of the second stanza is the modifier_map instruction, which causes the key to generate the Mod4 modifier event, which I can later use to bind key combinations for my window manager (awesome).

The easiest way to verify those changes is to put the setxkbmap -print output of the keyboard map you would like to use as a baseline into ~/.xkb/keymap/xkbtest, and append snippets to be included to the xkb_symbols line, e.g.:

"pc+us(intl)+inet(evdev)+group(win_switch)+xkbtest(dashes)+xkbtest(caps_mod4)"

When you try to load this keyboard map with xkbcomp, it will fail because it cannot find the xkbtest symbol definition file. You have to let the tool know where to look, by appending a path to its search list (note the use of $HOME instead of ~, which the shell would not expand):

xkbcomp -I$HOME/.xkb ~/.xkb/keymap/xkbtest $DISPLAY

You can use xev to verify the results, or just type Win-Hyphen into a terminal; does it produce ? By the way, I found xev much more useful for such purposes when invoked as follows (thanks to Penny for the idea):

xev   sed -ne '/^KeyPress/,/^$/p'

Unfortunately, xev does not give any indication of which modifier symbols are generated. I have found no other way to verify the outcome, other than to tell my window manager to do something in response to e.g. Mod4-Enter, reloaded it, and then tried it out.

Rules again, and why I did not use them in the end Once I got this far, I proceeded to add option-to-symbol-snippet mappings to the rules file, and added each option to the listing file too. A few bugs [[!debbugs 524512 desc=later]], I finally had setxkbmap spit out the right xkb_keymap and could install the new keyboard map with xkbcomp, like so:

setxkbmap -I$HOME/.xkb [...] -print   xkbcomp -I$HOME/xkb - :0

I wrote a small script to automatically do that at the start of the X session and could have gone to play outside, if it hadn t been for the itch I felt due to the entire rule file stored in my configuration. I certainly did not like that, but I could also not find a way to extend a rule file with additional rules. When I looked at the aforementioned script again, it suddenly became obvious that I was going a far longer path than I had to. Even though the rule system is powerful and allows me to e.g. automatically include symbol maps to remap keys on my Thinkpad, based on the keyboard model I configured, the benefit (if any) did not justify the additional complexity. In the end, I simplified the script that loads the keyboard map, and defined a default xkb_keymap, as well as one for the Thinkpad, wich I identify by its fully-qualified hostname. If a specific file is available for a given host, it is used. Otherwise, the script uses the default.

Do you listen to the radio? I don t, and there are multiple reasons for that: First and foremost, I don t like the music they play these days. Even though there are stations which will occasionally play a more eclectic tune, the Swiss government does not, to my knowledge, dictate any quota, like New Zealand actually requires stations to broadcast New Zealand music at least 20% of the time. The result is music made by producers, who stand pop icons with little clothing in front of microphones, instruct them to move their bodies in obscene ways, and coach them to croak songs someone else wrote en masse in some basement somewhere. All those songs sound alike. To ensure a constant supply of pop dolls, they hype television shows with titles such as Germany s seeks the next superstar , when most of Germany actually couldn t care less, and only those with vacuous brain capacity follow with excitement, because they wouldn t know what else to do. Second, I don t have the time or energy to listen to discussion rounds on the radio, especially not when topic are about society , which noone can define in the first place. Wittgenstein always had it right. The same goes for most commentaries. If I don t have anything to do, I prefer to listen to birds in the trees, rather than someone s polished opinion. The scariest aspect is that those people actually believe that they have something worthwhile to say, and so do their producers and the other staff, when in most cases, they don t. At least not worthwhile to people who have other things occupying their minds. I also don t like someone to make a pre-selection of news and squash that into 5-15 minute time slots, to be read out by dull-sounding speakers. I d rather skim over articles, and the Web ensures that I get the information I want much quicker than the radio stations can transmit them. And sports over the radio waves makes me come close to aural epileptic seizures. I am painting the sky black a bit. I am fully aware that there exist people with thought-provoking arguments, that some stations play interesting music I would otherwise never discover, and that the radio is a source of entertainment in the lives of thousands of other people who are less privileged than me. But when the Billag rang my doorbell today and wanted CHF 14,10 per month for posession of any device capable of turning radio waves into sound, including those radio waves broadcast over the Internet these days, I got a bit furious. In the past, they concentrated only on actual radio and TV receivers. When I moved into my previous flat in Zurich in 2002, they wanted money because my stereo had a tuner button. I refused to pay, opened the device, unsoldered the radio coil, and sent it to them with an angry letter of refusal; they let me off the hook. Since then, they changed the law in 2007 (but haven t actually updated the forms they force you to sign) to include audio players, cellular phones, and computers, which are all radio-capable. I d really prefer if they used their funds to revert that trend, or at least remove the loudspeakers from all mobile phones. But instead, this morning, I skid right into their claws. As I said before, the radio is also a social support system, and as such I have less of a problem to subsidise it. However, given that I strongly disagree with the quality level broadcast, I would prefer to direct my money towards causes I consider more useful, and with which I could better identify. Unfortunately, the whole system is governmentalised to the point where this choice is taken away from me. The Billag website helpfully offers answers to the common questions, including one along the lines of quality. They suggest that you get in touch directly with the programme directors to complain about their content, and offer suggestions. Shortly after I moved to Zurich, Radio Lora offered me a radio show. Radio Lora is a private station, but they also receive subsidies from the monies exacted by the government, so I am using them as an example here. I suggested that I concentrated only on progressive and psychedelic rock from the sixties and the seventies. They refused the show in the end, claiming that this would not be what their listeners want. So instead I now get to pay for content that is deemed more appropriate. I can only imagine the pains I d have to go through to be able to host a radio show concentrating on eclectic tunes on one of the public radio stations. And even if I succeeded (without becoming a full-time public radio broadcaster), then I could only contribute a few hours a week to that content. If you ask me, the Swiss government is overstepping its competencies a bit. NP: Mono: Hymn to the Immortal Wind

I experience extreme ecstasy on this train ride to Fribourg to see the girl, who makes it no secret that she is looking forward to cooking for me. That per se is not the reason for my bliss; rather it s seeing her again after an endless 24 hours apart. I just had to share. NP: Russian Circles: Station

Dear Miles & More service people: when I tell you that your actions and words (in the general terms of service) diverge, and you reply by putting your actions to words, maybe you also want to change the legal text, instead of contradicting yourself? Alternatively, instead of just restating the facts I ve included in my letter to you without adding any new information, maybe you just want to shut up? You ve definitely lost me, there shall never be another mile credited to my account. Fucking idiots. NP: Portishead: Third

On trains from Germany to Switzerland you used to notice the crossing of the border not only due to the appearance of the passport control folks in the train: once the Swiss train team replaced their German colleagues, passengers were finally able to travel in peace. Once you crossed the border, there would be no more almost-continuous blather through the speakers about where to find the restaurant, how lovely and relaxing it would be to enjoy fine cuisine there (I bet they never actually ate there themselves), and that the train crew regrets that some passengers are going to leave at the next stop, how much they hope that they ll soon come back, and how happy they are to welcome new passengers. Each announcement would last somewhere around 30 long seconds, and when it was finally over, they d repeat it in horrific English: wrong words, bad grammar, and pronunciation that made me cringe every time. But apparently, the German railway needs more business and their PR department seems to think that this is the way forward. Not the Swiss, or at least I thought until today. Heck, I even gave myself a GA for my 30th birthday, a year subscription for all Swiss public transport, because I enjoy travelling in Switzerland, and even if it s just to get work done. But just now, on the train from Fribourg back home, the productive and calm silence was interrupted by an announcement where to find the restaurant in four languages, and when the minibar passed the upper deck of our wagon, the voice again made sure we knew. It seems that the days on Swiss trains are gone, when short, smooth, and unobtrusive announcements would let you know about the next station, just in time for you to pack up and get ready to go, or a similarly pleasant message greeted you as you boarded the train, allowing you to make sure that you got on the right line. What a shame.

Hey Meike, a new edition is planned, but first I need to finish my research and submit my thesis. Then I will immediately turn to the book, which I will update for lenny , and to which I will add a lot of content. My goal is to provide enough of a reason for everyone to buy the new edition, I do not want to disappoint those who have bought the first edition. Stay tuned over at the book s website or the book s announcement list. NP: The Penguin Cafe Orchestra: The Penguin Cafe Orchestra

When you order good into Switzerland, they will pass the customs office, where VAT and possibly import duties are levied. The customs office does not charge any duties if the total amount to be paid is less than 5 CHF Practically, given 7.6% VAT, this means that you can import 5 CHF / 0.076 = 65.79 CHF for free . As soon as you exceed this amount, it gets complicated. All of a sudden, the carrier charges you for the customs declaration it does in your name. What really blows my mind is that the fee to pay to the carrier (more on that later) actually plays into the whole equation. Let s assume you order goods for 100 CHF, which is well above the free import limit. You also paid 10 CHF for shipping. The carrier charges you 20 CHF to do the customs presentation for you. There, they determine that import duties are 5 CHF, and you end up paying: (100 + 10 + 20 + 5) * 107.6% = 145.26. That s fun, isn t it? I continue to be amazed by all the ways in which the government sucks money from your pockets. What s similarly baffling is how some carries deal with this. The Swiss Post (and their ally TNT) makes you pay taxes, duties, and fees on delivery, and their charges are the lowest when compared to the other carriers. With this approach, you have the option to refuse the package, if you re willing to deal with the vendor to get your money back. DHL is the only other carries I know who does things like the Swiss Post. However, due to their extraordinary crap performance and service, I could never recommend them to anyone. The three letters of DHL, a German company, apparently stand for das heisst langsam this means slow . None of the other carriers give you the option to accept the duties and their services. For instance, GLS delivers your parcel, and some weeks later you get an invoice, asking for the taxes and duties, and charging a fee of 45 CHF for their service, which you ve never really asked for and which you could not refuse. UPS, FedEx, and DPD fall into the same category, but their charges are lower. The one and only time I had used GLS to have something shipped to me, I called them up to complain about their invoice, and replied with an invoice of my own, in which I charged the same amount for opening and reading your letter and giving your call-centre employee the chance to talk to me directly . They got the message and dropped the invoice. The next step should be to play them off against each other: create some pencil art, write an invoice for half a million, and pay UPS to deliver the package to GLS headquarters. Attach a miniature audio transmitter to the invoice for added fun. NP: Goldie: Timeless

While I have most of my albums encoded as Ogg Vorbis files, the music from my college days (and before) is still only on disc, either in a big box in storage, or in one of a couple Case Logic CD wallets I used back then to lug my tunes around the globe. I ve long been meaning to encode those and shove the boxes and cases into storage, but in more than a year, that hasn t happened. A few weeks ago, my adorable girlfriend offered the necessary encouragement, suspecting that I might enjoy going through old music again. Right she was: it s great fun. I didn t think I was ever going to listen to Drum and Bass again, and now I am quite enjoying the music I listened to in high school. Unfortunately, while encoding all those discs, there s a pattern emerging: the discs from the box are all processed without any problems; the discs from the wallets yield many read errors. Inspecting the physical media, the cause seem to be scratches in the plastic deep enough to damage the reflective layer. When CDs came out, they were touted to be rigid and sturdy. The material quality has noticeably decreased in the years, as the producers kept cutting their costs. Discs of the past 15 years aren t good enough anymore to be stored in the Case Logic way. I wish I had known 15 years ago. NP: LTJ Bukem: Logical Progression

If I open a link from within one of my terminals, it causes Firefox to load that link in a new tab, which it activates (puts on top). Unfortunately, the browser window also steals the focus. This is driving me nuts at times. I want the new tab in the foreground, but I don t want the browser to steal the window focus. Firefox would not be Firefox if it didn t have an obscure, under-documented feature that almost achieves what I want, but comes with negative side-effects. As I learnt over at UbuntuForums, I can enable browser.tabs.loadDivertedInBackground, and the browser stays unfocused. The negative side-effect is that new tabs are loaded in the background. I cannot decide whether that s more or less annoying than the focus thievery. Rock, hard place, rock, hard place could someone please offer a way out? How can I make firefox load links in foreground tabs, but to keep its greedy little fingers off my focus? The rest of this post is personal. In cooperation with my therapist, I ve stopped wondering about Firefox design choices, and my life quality took a boost from that. Every other day, however, I find myself plotting ways to get rid of the Firefox crap, only to conclude that none of the alternatives provide the functionality I want/need, which are provided by some of the Firefox plugins: AdBlock+, CustomizeGoogle, Firebug, NoScript, TreeStyleTabs, and, of course, Vimperator. And there are others too. That s like being forced to drive a GM truck because the stereo you like doesn t work in any other car. I better go and swallow some more pills. Update: I ve filed a bug with the Mozilla bug tracker: Mozilla bug #481844

I have a bit of money invested in stocks and funds, passively managed by my bank. I ve made a bit with risky speculations, and I ve lost about the same amount with the markets dive of the last 18 months. Net benefit: zero cash, a bit of experience. Time to move on I am not an interesting customer, so I was all the more surprised to get a call from an employee of the bank the other day. He identified himself as Crisis Manager or something similarly ridiculous, mentioned at least 20 times that he was a regular employee and wouldn t receive provisions, and he also kept assuring me that he s doing himself what he s suggesting to me: leveraging the cost-average effect. I turned him down, probably a bit too briskily. Let s investigate why. Banks are good at devising ingenious tricks to fool people; it s their business after all. One of those tricks is the so-called cost-average effect. It s awesome, they say, because it is the first product that adapts to the ever-changing market: when prices are up, it buys smaller numbers of shares, and in low times, it stocks up on them by buying larger quantities, automatically. Fancy, no? It isn t, because the entire idea is to get your signature on a contract that obliges you to pay a fixed sum each month, with which shares are then bought. Obviously, when prices are up, numbers you get for your money are low, and vice versa. Observe how well the banks manage to turn that basic rule into a selling point. They are good at that. In fact, that s probably all they re good at. Obviously , inflation is also factored in, so the monthly fixed sum actually increases by a projected 5% each year, which they call inflation protection . While this strategy investing fixed-sum installments rather than lump sums certainly has its benefits, and can level out the risk of throwing a large sum of money at the market, it is commonly considered a suboptimal strategy, especially when employed over longer spans of time. For more information, I refer you to the frequently cited article Nobody gains from dollar cost averaging analytical, numerical and empirical results , published in the 1992/1993 issue of the Financial Services Review journal. So why would the bank approach me with this offer ? Let s go hypothetical and check out Ashley s investment practices: Ashley bought a fund five years ago at 100 per share, and it s now down to 80 . The loss is thus 20%, a -4% factor (20% / 5 years) that affects the overall performance of the portfolio. Ashley doesn t really care much about the percentages. After all, the only thing that counts is the worth of the shares when sold right now. Everything else is history and only influences the size of the tears one weeps in times like this, which is a psychological malfunction, not a function of the financial markets crisis. The bank, however, does not like negative performance values. Positive percentages yield happy (blinded?) customers, who get much more enthusiastic (greedy?) to put more money into the giant machine that makes the banks tick which is still in the process of blowing up into their faces. But negative performance values cause investors to become conservative and leery. They d rather hold on to their hard-earned cash for fear of losing more. That s the flip-side of aforementioned psychological malfunction, and this is the core of the reason why some of the big investors get bigger even in times like this they do not succomb to the feeling . The banks, however, need cash, and loads of it, and while the state is busy printing notes, they take every chance to get more. Private clients are wonderful prey, as they are less informed about the system than investors. So, to get cash from the clients, the banks have to circumvent the psychological malfunction. They cannot boost the market value share, but there are two values that factor into a percentage, and the cost-average effect, sold as the best thing since sliced bread, is nothing but a way to affect the other number: the sale price, the divisor. If the fund stays below the original sale price (100 ), each time Ashley pumps more cash into the machinery each month, this divisor decreases, effectively decreasing the percentage value. In the long run, this yields happier customers, who are willing to put more money in, especially if the performance turns positive. The baseline is now lower, so a return to previous heights would correspond to larger performance values than ever before. Obviously, a positive market causes the baseline to grow, but the cost-average deals continues to pay off for the banks. Since Ashley put that signature on the contract, the bank has a guaranteed cash flow for the contract s duration, while Ashley wonders why the percentage remains dampened. Cost-average means decreasing the percentage, in good as well as in bad times. Just now, the bank doesn t have to work so hard to get even more money from you. It gets worse: usually, those contracts are embedded in some sort of life insurance deals with grand promises in 40 years to come, and over all that time, it ll be quite clear who wins and who loses. Scary, huh? I was going to end with the advice to stay away from the cost-average effect, but I think I can just as well make it more general: if you don t understand a deal, don t sign it. If you abide by that rule, you would stay away from cost-average effect deals all by yourself. Maybe my little writeup has helped, nonetheless. NP: DJ Ti sto: Live at Innercity

Dear recording industry: I hate almost all of you. One of my all-time favourite albums, Poland: The Warsaw Concert by Tangerine Dream, has been castrated, probably to save cost by squeezing a double LP onto a single CD. Today, Wikipedia turned my world upside down. Screw you, money-greedy recording industry. Please fuck off and leave music to those who care. This includes smaller labels who know what they are doing. I now must have the full-length track. Unfortunately, it s seemingly impossible to come by. I searched the Web, even dreaded sites like Ebay, but after an hour I gave up without success. There s a seller on Amazon, but s/he consistently gets negative feedback, so that s a bit risky for the price asked. Thus, dear world, please save me: does anyone have the full-length third track of that album, titled Barbakane , in a high-quality digital recording and would let me have it? I will pose with the album and today s newspaper to prove legal ownership. Heck, go ahead and make a ridiculous request, such as standing on my head. I m desperate. NP: Tangerine Dream: Phaedra

My home file server, Asterisk PBX, firewall and general router is apparently dying. I am looking forward to replacing it, because it s old and eats too much power anyway. Now I just need to figure out what to put in its place. Basically I need a low-power machine that ll be always on, with at least two LAN ports (three would be better, but I can also connect the cable modem with USB), and a means to connect at least two harddrives with at least 1Tb capacity. I d rather use SATA for the drives than USB, but I would be willing to investigate eSATA and external drives too. However, I want to have direct access to the drives and not be forced to use some sort of proprietary RAID. At the moment, I am investigating the Thecus N3200PRO, which has quite a reasonable hardware selection. The device has a low-power AMD Geode processor, but for some reason I have it stuck in my head that the ARM would be a better choice. Does anyone have experience with this device? Or maybe someone would like to make a different suggestion? Mail me! I d prefer a device that I can get working without too much learning or frickling. The less I have to learn/know about and touch hardware, the better. It would help if the machine booted off the harddisk, for then I could install Linux elsewhere and move the disks. Alternatively, network booting and a serial console would work, although I hear that USB makes that unnecessarily painful. I d like to avoid flashing ROMs or other black magic just to get it working. NP: AC/DC: Powerage Update: The folks at EXSYS kindly replied and filled me in with some information regarding the N3200PRO. Thanks! First of all, Thecus officially claims that it is not possible to install Linux on the device (although the device is running Linux, according to the hardware list). Second, the machine boots off a Flash-ROM, which makes the installation more difficult than I d like it, and apparently also one-way: once the Thecus firmware has been overwritten, there seems to be no way to get it back. I am looking elsewhere now, because even though the hardware is exactly what I want, I won t give money to a company who impose shackles on their customers and force them to use software that may not be up-to-date, and which is probably castrated I d be surprised if the N3200PRO spoke IPv6, for instance. Nevertheless, I ve asked about installing Debian in the Thecus User Group forum and I also dropped a message to Thecus itself. I ll keep this post up-to-date, so come back for more.

Instead of commenting on all the recent Git on Planet Debian, I d like to point you all to the Git Wiki, and specifically the page BlogPosts. Please link your Git-related blog posts from there. Also, there is Planet RCS for you to aggregate RCS/VCS-relatd posts. NP: Anekdoten: From Within

Init Seven has once again established themselves high on my ranking of awesome service providers. After battling and not resolving the problems with crap nVidia hardware, I was ready to return the server to Transtec, despite having invested a full day of work into it. Having a machine in a rack across town, with the looming danger of simple network traffic taking out the network card along with the bridged IPMI remote console (thus requiring me to head out to the colocation centre each time there was a problem) was just not going to justify the expense for the server. Init Seven connected a second switch port to my VLAN, which now allows me to hook the IPMI card directly to the LAN. This does not solve the problem with the sub-zero-quality crap manufactured by nVidia, but at least it makes it possible to resurrect the machine remotely, until the problem with the hardware has been addressed and dealt with by the forcedeth driver. And if that is not possible (due to nVidia pile of shit), then the last option is a separate network card attached to the riser card slot. In related news: Transtec was quick to proxy to the Supermicro s support (the motherboard manufacturer), and within a few hours, I had a newer forcedeth.c file. I compiled the driver, which seemed to handle larger packets just fine at first. Unfortunately, just as my hopes were up, the problems came back even with the driver from Supermicro. Back to start, do not collect any money. Regardless, I ve been impressed by Transtec s support level so far. Yes, I did purchase a five year express warranty extension, but it wasn t very expensive, definitely nowhere near the price for a real SLA. And yet, my requests to date have each been answered within a day at most, including such extravagant things as them providing doanloadable floppy images of the BIOS update, which Supermicro only distributes as Windows .exe file. Now if only they (and everyone else) would stop shipping nVidia hardware NP: AC/DC: Dirty Deeds Done Dirt Cheap

If you re looking to set up a business in Zurich but lack an idea, here s one almost guaranteed to be successful or well, at least it fills a niche: Healthy home-order food. I d be your first customer, and quite a regular one too, if you delivered to my door freshly cooked, (ethnically) diverse meals with lots of vegetables, at reasonable prices, of course. I m happy to cook fancy dishes for guests, but cooking for the purpose of having something enjoyable to eat alone is just not my thing at all. I sometimes wish it were And before you wonder about my quest for healthy foods: yes, I wouldn t mind losing a bit of weight, but I am certainly not crazy about it. It s more that I ve simply developed a strong liking for vegetables, and quite like not suffering from a heavy stomach after a meal. NP: AC/DC: Ballbreaker

Yesterday, I removed my new server from the rack and brought it back home, after the problems with the nVidia network chip (forcedeth) took down the NIC to the point that the IPMI chip, which is routed through the primary interface, wasn t reachable anymore. Even though a soft reboot fixed the problem, a bit of large-packet traffic, like downloading via IPv6, broke the card again. Since IPMI is also affected, I cannot remotely manage the machine and thus can t leave it in the rack. In fact, I am strongly considering to make use of the try&buy contract and return the thing. I cannot rule out a software problem, but given that the NIC goes into a state in which it gets unusable even to the IPMI system, which is completely independent of Linux, I somewhat doubt it. Instead, I suspect a hardware error, beyond the known problems with nVidia network chips and segmentation/checksum offloading. On the other hand, it s not news that drivers can break hardware, and the fact that I am using Linux is reason for hope. One alternative, which would allow me to potentially help in fixing this bug, is to use a riser card to stuff a different network card into the server. This would mean I didn t invest all the time into the server for nothing. Unfortunately, this workaround comes with extra costs, and would require Init Seven to allocate another switch port for the IPMI card, which I am not sure they ll be keen about. The bottom line of the story is that I will avoid nVidia even more in the future, and you might want to do so as well. Companies that produce crap hardware and do not cooperate with people writing free drivers for them do not deserve the money. Unfortunately, almost everyone out there uses the MCP55 chipset these days, and deny any problems with it. I guess I will take a look at HP and IBM, although I d really prefer not to pay for their brands, and not to enslave myself to their customer support standards. NP: Neil Young: Dead Man