During one of my project I need to interact with Java cryptographic extension. Some data has been encrypted using PBEWithMD5AndDES. I need to access it from OCaml. I take a look at available cryptographic extension in the Debian project for OCaml: cryptgps and cryptokit. I choose cryptokit, because its author is well known: Xavier Leroy. This article was my starting point. Of course, I keep in mind that the reference is there and that there is a good article covering it. Here is the result in OCaml:

 let decrypt passphrase salt ?(iterationCount=41) str =
   let key, iv =
     let rec hash_aux iter str =
       if iter > 0 then
         (* Rehash string *)
         hash_aux
           (iter - 1)
           (hash_string
              (Hash.md5 ())
              str)
       else
         (* Key = first 8 bytes of the MD5 hash *)
         String.sub str 0 8,
         (* IV = last 8 bytes of the MD5 hash *)
         String.sub str 8 8
     in
       (* Hash n times combination of passphrase and salt,
           return key and iv 
         *)
       hash_aux
         iterationCount
         (passphrase ^ salt)
   in
     transform_string
        (Cipher.des
           ~pad:Padding.length
           ~iv:iv
           key
           Cipher.Decrypt)
       str

The only missing information was the pad algorithm to use (Padding.length). For this piece of information, I need to browse the RSA documentation and test a little bit. Rewriting PBEWithMD5andDES is quite straightforward with cryptokit and OCaml. It takes 25 lines with C# and OCaml (only counting LoC, no comment, no empty constructor or declaration in C#). I was thinking that this task will require 2 or 3 days, but it has been done in 4 hours... Many thanks to cryptokit ;-)

The month is coming to an end, and I d like to recommend you some things on flattr.com :)OpenRheinRuhr Ein Pott voll Software Die OpenRheinRuhr ist eine Messe mit Kongress rund um das Thema Freie Software . Die OpenRheinRuhr 2010 findet am 13. und 14. November im Rheinischen Industriemuseum in Oberhausen statt. Freie Software ist aus Firmen, Verwaltungen, Bildungseinrichtungen und Privathaushalten nicht mehr wegzudenken. In der bev lkerungsreichsten Region Europas bietet der OpenRheinRuhr e.V. durch Ausstellungen, Vortr ge und Workshops Informationen ber Freie Software. Auch Themen jenseits der Technik, wie B rgerrechte im Netz oder die Handhabung von Lizenzen werden behandelt. Vortr ge in mehreren Tracks sprechen Menschen mit unterschiedlichem Kenntnisstand an vom Anf nger bis zum Profi. Entwickler & Projekte bekommen die Gelegenheit zum Erfahrungsaustausch. Weitere Informationen und Anmeldem glichkeiten unter: http://openrheinruhr.deBitlBee The IRC geek s solution to instant messaging. Tunnels instant messaging traffic (supporting all popular IM protocols and Twitter) to a virtual IRC channel and virtual IRC queries. Can be installed locally, but also available as a public service for people who can t/don t want to install it.
KiBi s blog This blog mainly features Debian-related posts on various topics: X.Org package maintenance (including calls for help, and status updates towards users), Debian GNU/kFreeBSD (GNU userland running on a FreeBSD kernel), and Debian s Graphical Installer (now based on X.Org). Also some upstream stuff, like the bugzilla replica type for SD (Simple Defects).
phpMyAdmin phpMyAdmin is a tool intended to handle the administration of MySQL over the Web. It can create, rename, and drop databases, create/drop/alter tables, delete/edit/add fields, execute any SQL statement, manage keys on fields, create dumps of tables and databases, export/import CSV data, and administrate one single database and multiple MySQL servers.
Debian Backports Over the last years I did numerous backports for Debian and also run backports.org. Since September 2010 we moved backports.org to backports.debian.org so its an officialDescriptions shamelessly stolen from flattr.Some words on these things:

• OpenRheinRuhr is a nice small FOSS event in my area
• I m using BitlBee every day as my main jabber client
• KiBi just rocks ;)
• phpMyAdmin is a tool I couldn t live/work without
• formi runs backports very good :) (yes, I know, he is not the only one)

During one of my project I need to interact with Java cryptographic extension. Some data has been encrypted using PBEWithMD5AndDES. I need to access it from OCaml. I take a look at available cryptographic extension in the Debian project for OCaml: cryptgps and cryptokit. I choose cryptokit, because its author is well known: Xavier Leroy. This article was my starting point. Of course, I keep in mind that the reference is there and that there is a good article covering it. Here is the result in OCaml:

 let decrypt passphrase salt ?(iterationCount=41) str =
   let key, iv =
     let rec hash_aux iter str =
       if iter > 0 then
         (* Rehash string *)
         hash_aux
           (iter - 1)
           (hash_string
              (Hash.md5 ())
              str)
       else
         (* Key = first 8 bytes of the MD5 hash *)
         String.sub str 0 8,
         (* IV = last 8 bytes of the MD5 hash *)
         String.sub str 8 8
     in
       (* Hash n times combination of passphrase and salt,
           return key and iv 
         *)
       hash_aux
         iterationCount
         (passphrase ^ salt)
   in
     transform_string
        (Cipher.des
           ~pad:Padding.length
           ~iv:iv
           key
           Cipher.Decrypt)
       str

The only missing information was the pad algorithm to use (Padding.length). For this piece of information, I need to browse the RSA documentation and test a little bit. Rewriting PBEWithMD5andDES is quite straightforward with cryptokit and OCaml. It takes 25 lines with C# and OCaml (only counting LoC, no comment, no empty constructor or declaration in C#). I was thinking that this task will require 2 or 3 days, but it has been done in 4 hours... Many thanks to cryptokit ;-)

Call for papers: JITP-2010
The Politics of Open Source
May 6-7, 2010 - Amherst, Massachusetts Full Paper Submission Due Date: January 10, 2010 Approach
Free/Libre and Open Source Software (FOSS) has made significant advances, both technically and organizationally, since its emergence in the mid-1980s. Over the last decade, it has moved from a software development approach involving mostly volunteers to a more complex ecology where firms, nonprofit organizations, government agencies and volunteers may be involved. Moreover, the production paradigm continues to expand to other areas of digital content (e.g., Creative Commons, Wikipedia, Connexions, etc.). In this conference we use the phrase open source to capture this broader phenomenon. The Program Committee encourages disciplinary and interdisciplinary approaches to the study of open source, broadly defined. Politics in the conference title, can have many interpretations. Political issues closely tied to the free and open source software movement(s) include: national government policies related to the adoption of open source technologies or questions related to interoperability and open standards, software patents, vendor lock-in, and copyright. These are central themes we expect may be discussed in this forum. In this context, we welcome international submissions since differences in the political perspective appear in international contexts. However, topics related to how the concept of openness has led to various interpretations, adaptations, and applications of open source in other domains, and political issues that surround these broader innovations, are also welcome. Specific topics might include, but are not limited to: General topics related to the politics of open source:
+ How open source software or its principles are changing politics
+ Emerging transparencies in software, systems and society
+ Open source in the developing world and other international contexts
+ The political economy of open source
+ Digital divides and open source Open source and the public sector:
+ Open source software and transparency in government
+ Government policies toward open source and open standards
+ Regulation and open source Open source and democracy:
+ Open source and democratic engagement
+ Open source voting systems
+ Activism, political mobilization and open source The expansion of open source into other domains:
+ Understanding how open source collaboration works and how it can be extended into other areas of collective action
+ Policy areas, such as the effects of free textbooks on education policy or the politics of One Laptop Per Child
+ The political implications of open source in other cultural domains Keynote Speakers
We are pleased to confirm Eric von Hippel (MIT) and Clay Johnson (Sunlight Labs) as the daily keynote speakers for JITP-2010. Paper Submissions
Authors are invited to prepare and submit to JITP a manuscript following one of the six submission formats by January 10, 2010. These formats include research papers, policy viewpoints, workbench notes, review essays, book reviews, and papers on teaching innovation. The goal is to produce a special issue, or double issue, of JITP with a wide variety of approaches to the broad theme of The Politics of Open Source.

How to Submit
Everything you need to know about how to prepare and submit a strong JITP paper is documented at http://www.jitp.net/. Papers will be put through an expedited blind peer review process by the Program Committee, and authors will be notified about a decision by March 10, 2010. A small number of papers will be accepted for presentation at the conference. Other paper authors will be invited to present a poster during the Friday evening reception. All posters must include a YouTube version of their research findings. Best Paper and Poster Cash Prizes
The author (or authors) of the best research paper will receive a single $1,000 prize. The creator (or creators) of the best poster/research presentation will also receive a single prize of $1,000. Program Committee
M.V. Lee Badgett, University of Massachusetts Amherst
Paul M.A. Baker, Georgia Institute of Technology
Deborah Bryant, Oregon State University Open Source Lab
Andrea Calderaro, European University Institute
Mark Cassell, Kent State University
Edward Cherlin, Earth Treasury
Gabriella Coleman, New York University
Doug Downham, University of Massachusetts Amherst
Robert English, Daystar Computing & University of Massachusetts Amherst
Joseph Feller, University College Cork
Jelena Karanovic, Rutgers University
Dave Karpf, University of Pennsylvania/Miller Center for Public Affairs
Jeremy Hunsinger, Virginia Tech
Andrea Kavanaugh, Virginia Tech
Jose Marichal, California Lutheran University
Jens Hardings Perl, Pontificia Universidad Cat lica de Chile
Charlie Schweik, University of Massachusetts Amherst, co-chair
Stuart Shulman, University of Massachusetts Amherst, co-chair
Megan Squire, Elon University
Krishna Ravi Srinivas, Research Information System For Developing Nations
Louis Suarez-Potts, Sun Microsystems, Inc. & OpenOffice.org
Anas Tawileh, Cardiff University & Meedan.net

Call for papers: JITP-2010
The Politics of Open Source
May 6-7, 2010 - Amherst, Massachusetts Full Paper Submission Due Date: January 10, 2010 Approach
Free/Libre and Open Source Software (FOSS) has made significant advances, both technically and organizationally, since its emergence in the mid-1980s. Over the last decade, it has moved from a software development approach involving mostly volunteers to a more complex ecology where firms, nonprofit organizations, government agencies and volunteers may be involved. Moreover, the production paradigm continues to expand to other areas of digital content (e.g., Creative Commons, Wikipedia, Connexions, etc.). In this conference we use the phrase open source to capture this broader phenomenon. The Program Committee encourages disciplinary and interdisciplinary approaches to the study of open source, broadly defined. Politics in the conference title, can have many interpretations. Political issues closely tied to the free and open source software movement(s) include: national government policies related to the adoption of open source technologies or questions related to interoperability and open standards, software patents, vendor lock-in, and copyright. These are central themes we expect may be discussed in this forum. In this context, we welcome international submissions since differences in the political perspective appear in international contexts. However, topics related to how the concept of openness has led to various interpretations, adaptations, and applications of open source in other domains, and political issues that surround these broader innovations, are also welcome. Specific topics might include, but are not limited to: General topics related to the politics of open source:
+ How open source software or its principles are changing politics
+ Emerging transparencies in software, systems and society
+ Open source in the developing world and other international contexts
+ The political economy of open source
+ Digital divides and open source Open source and the public sector:
+ Open source software and transparency in government
+ Government policies toward open source and open standards
+ Regulation and open source Open source and democracy:
+ Open source and democratic engagement
+ Open source voting systems
+ Activism, political mobilization and open source The expansion of open source into other domains:
+ Understanding how open source collaboration works and how it can be extended into other areas of collective action
+ Policy areas, such as the effects of free textbooks on education policy or the politics of One Laptop Per Child
+ The political implications of open source in other cultural domains Keynote Speakers
We are pleased to confirm Eric von Hippel (MIT) and Clay Johnson (Sunlight Labs) as the daily keynote speakers for JITP-2010. Paper Submissions
Authors are invited to prepare and submit to JITP a manuscript following one of the six submission formats by January 10, 2010. These formats include research papers, policy viewpoints, workbench notes, review essays, book reviews, and papers on teaching innovation. The goal is to produce a special issue, or double issue, of JITP with a wide variety of approaches to the broad theme of The Politics of Open Source.

How to Submit
Everything you need to know about how to prepare and submit a strong JITP paper is documented at http://www.jitp.net/. Papers will be put through an expedited blind peer review process by the Program Committee, and authors will be notified about a decision by March 10, 2010. A small number of papers will be accepted for presentation at the conference. Other paper authors will be invited to present a poster during the Friday evening reception. All posters must include a YouTube version of their research findings. Best Paper and Poster Cash Prizes
The author (or authors) of the best research paper will receive a single $1,000 prize. The creator (or creators) of the best poster/research presentation will also receive a single prize of $1,000. Program Committee
M.V. Lee Badgett, University of Massachusetts Amherst
Paul M.A. Baker, Georgia Institute of Technology
Deborah Bryant, Oregon State University Open Source Lab
Andrea Calderaro, European University Institute
Mark Cassell, Kent State University
Edward Cherlin, Earth Treasury
Gabriella Coleman, New York University
Doug Downham, University of Massachusetts Amherst
Robert English, Daystar Computing & University of Massachusetts Amherst
Joseph Feller, University College Cork
Jelena Karanovic, Rutgers University
Dave Karpf, University of Pennsylvania/Miller Center for Public Affairs
Jeremy Hunsinger, Virginia Tech
Andrea Kavanaugh, Virginia Tech
Jose Marichal, California Lutheran University
Jens Hardings Perl, Pontificia Universidad Cat lica de Chile
Charlie Schweik, University of Massachusetts Amherst, co-chair
Stuart Shulman, University of Massachusetts Amherst, co-chair
Megan Squire, Elon University
Krishna Ravi Srinivas, Research Information System For Developing Nations
Louis Suarez-Potts, Sun Microsystems, Inc. & OpenOffice.org
Anas Tawileh, Cardiff University & Meedan.net

It s been a while now since the 2008 Summer of Code ended. This year, twelve (?) projects were selected. That s twelve students working full time on a Debian-related project during the summer. The Google Summer of Code has sometimes been criticized in the past for having a poor student-developer retention rate inside the host projects. One of the goals of the program has always been to bring new people to budding or established free software organizations and it s a pity that some would leave the project as soon as the program ends. On the other end, poor integration of created code within the project leads to work that is hard to merge in, or worse, doesn t get merged in at all. That s a waste of time and resources and a probably cause of global warming as well. Hopefully, it s not always the case. Some people choose to stay committed within the organization in the long-term. Useful code gets merged in and pushed to the public. I am going to give a talk about this at FOSDEM (go to FOSDEM!) so I m giving you a little preview. I need your help to collect information for my talk. As you know, information is always hard to come by with these kinds of projects so anything can be useful. Without further ado, let s have a look at the cast of the Debian Google Summer of Code 2008: Netconf, a network configuration management system Presentation Netconf is a network configuration management system designed with modern network infrastructures and the needs of roaming users in mind. It is a personal project of Martin Krafft that he started in 2007. He did some presentations about it that you can find on the dev website. The project proposal was introduced by the mentor. The work was mainly about completing the roadmap items for version 1.0. Most of the design was done and code fleshed out. The stated goal was to have netconf ready for lenny. Martin noted that due to lack of regular free time, he couldn t reach that goal by himself. Student Jonathan Roes was a computer science graduate student from the University of North Carolina at Charlotte. He had programming experience as a hobby for a long time and wrote some free games and libraries for the Nintendo DS and some proprietary webapps. He submitted a few little patches in mid-march right after the publication of accepted mentoring organizations and went on to work from mid-may to mid-august. He wrote a lot of code right into the trunk since the whole project was a prototype. Result The last commit by Jonathan was also the last to date in the main netconf git repository. No further progress has been made and obviously netconf didn t get into lenny. I couldn t find any further public involvement of Jonathan within Debian. The ultimate Debian database, all things Debian in a SQL database Presentation The Ultimate Debian database wants to reunite all Debian data sources in a SQL database The project was mentored by Lucas Nussbaum and co-mentored by Stefano Zacchiroli and Marc HE Brockschmidt. The project proposal was introduced by Lucas. Student Christian Neronus Von Essen is.. well, there wasn t much information readily available on him. Result The whole project is coded up and working well with a whole bunch of data sources. There will be a talk at FOSDEM about this so I ll leave it to Lucas to talk about it in detail. I couldn t find any further public involvement of Christian within Debian. Security-beta, a beta testing for Debian security updates Presentation The task is to improve the quality assurance process for security updates by providing a public security update beta test program in addition to the existing QA done for security updates. During the preparation of security updates, there s an inherent delay between the initial upload of the fixed packages and the time until the packages have been built on porter machines. This time gap will be used for a new security update beta program. The project was supposed to be mentored by Moritz M hlenhoff. Student The project was supposed to be done by Nico Nion Golde. He is studying computer sciences at the Technical University of Berlin. He s also a DD. Result There s no nothing. Nico, what happened ? And obviously, he s still developing for Debian. Debgraph, a generic infrastructure for the development of packages management tools Presentation In a large software ecosystem such as Debian Linux, there is the potential for dependencies among software packages to create complex management and technical problems. For example, dependency loops (cycles) in which a package directly or indirectly depends on itself can confuse package management tools as they determine the proper order of package installation. debgraph helps developers to solve this problem by enabling generic queries (e.g., Give me all the nodes that depend on package X ) against the graph of packages and thus automating much of the manual labor that is typically involved in resolving dependency problems. The project was mentored by Robert Lemmen, who introduced the project proposal. The project was already started and the C++ code foundation was done by the time it was proposed. Student The project was executed by Adam Jensen, research assistant in the Software Engineering and Network Systems Laboratory at Michigan State University. Result Adam maintained a blog about his progress and finished ahead of schedule. However, the resulting work seems to be unused, which is a pity since the code could be used within other programs (package managers?). I couldn t find any further public involvement of Adam within Debian.
That s all for now. The information is quite fragmented I admit. Most of it was pulled from Google, mailing lists, commit logs, blogs, whatever. If some projects are lacking in information here, it s because I couldn t find it readily (which is an issue in itself!). In my next post, I ll try to analyze the success and failures to extract some insight. Teaser: pet projects!
If you re a student or a mentor mentioned above, feel free to fill any of the blanks in my report. It s much appreciated. You re not a student or mentor mentioned above and have an opinion on how to improve the next Debian Summer of Code ? Feel free to comment.
Sledge, ping! Here s a list of projects to be described in my next posts:

• Debian NAS, improve support of Debian on NAS devices
• Cran2deb, generate Debian packages from R packages
• Mergemaster, interactively merge changes in configuration files
• PAS NSS Debian Installer, improve support of PAM and NSS at install-time
• Jigdo-ivory, a JavaScript Jigdo client
• Aptitude-gtk, usability and GTK+ GUI for the Aptitude package manager
• Lintian for fuller automated setups
• Debexpo, a generic web-based package repository

Currently there is a debate about censoring the Internet in Australia. Although debate might not be the correct word for a dispute where one party provides no facts and refuses to talk to any experts (Senator Conroy persistently refuses all requests to talk to anyone who knows anything about the technology or to have his office address any such questions). The failures of the technology are obvious to anyone who has worked with computers, here is an article in the Sydney Morning Herald about it [1] (one of many similar articles in the MSM). I don’t plan to mention the technological failures again because I believe that the only people who read my blog and don’t understand the technology are a small number of my relatives - I gave up on teaching my parents about IP protocols a long time ago. One of the fundamental problems with the current censorship idea is that they don’t seem to have decided what they want to filter and who they want to filter it from. The actions taken to stop pedophiles from exchanging files are quite different from what would be taken to stop children accidentally accessing porn on the net. I get the impression that they just want censorship and will say whatever they think will impress people. I have previously written about the safety issues related to mobile phones [2]. In that document I raised the issue of teenagers making their own porn (including videos of sexual assault). About four months after writing it a DVD movie was produced showing a gang of teenagers sexually assaulting a girl (they sold copies at their school). It seems that the incidence of teenagers making porn using mobile phones is only going to increase, while no-one has any plans to address the problem. The blog www.somebodythinkofthechildren.com has some interesting information on this issue. Two final reasons for opposing net censorship have been provided by the Sydney Anglicans [3]. They are:

1. Given anti-vilification laws, could religious content be deemed illegal and be filtered out? Could Sydneyanglicans.net be blocked as illegal if it carries material deemed at some point now or in the future as vilifying other religions? If it s illegal in Vic say, and there isn t state-based filtering (there wont be), will the govt be inclined to ban it nation wide?


2. Given anti-discrimination laws, if Sydneyanglicans.net runs an article with the orthodox line on homosexuality, will that be deemed illegal, and the site blocked? You can imagine it wouldn t be too hard for someone to lobby Labor via the Greens, for instance.

So the Sydney Anglicans seem afraid that their religious rights to discriminate against others (seriously - religious organisations do have such rights) will be under threat if filtering is imposed. I was a bit surprised when I saw this article, the Anglican church in Melbourne seems reasonably liberal and I had expected the Anglican church in the rest of Australia to be similar. But according to this article Peter Jensen (Sydney’s Anglican Archbishop) regards himself as one of the “true keepers of the authority of the Bible” [4]. It seems that the Anglican church is splitting over the issues related to the treatment of homosexuals and women (Peter believes that women should not be appointed to leadership positions in the church to avoid “disenfranchising” men who can’t accept them [5]). It will be interesting to see the fundamentalist Christians who want to protect their current legal rights to vilify other religions and discriminate against people on the basis of gender and sexual preference fighting the other fundamentalist Christians who want to prevent anyone from seeing porn. But not as interesting as it will be if the Anglican church finally splits and then has a fight over who owns the cathedrals. ;) A comment on my previous post about the national cost of slow net access suggests that Germany (where my blog is now hosted) has better protections for individual freedom than most countries [6]. If you want unrestricted net access then it is worth considering the options for running a VPN to another country (I have previously written a brief description of how to set up a basic OpenVPN link [7]).

• [1] http://www.smh.com.au/articles/2008/11/11/1226318639085.html?page=fullpage


• [2] http://doc.coker.com.au/safety/mobile-phone-safety/


• [3] http://www.sydneyanglicans.net/forums/viewthread/3673/


• [4] http://www.smh.com.au/articles/2008/06/22/1214073053814.html


• [5] http://www.abc.net.au/worldtoday/content/2004/s1213397.htm


• [6] http://etbe.coker.com.au/2008/11/17/national-cost-slow-net-access/#comment-16729


• [7] http://etbe.coker.com.au/2008/05/24/ipsec-is-pain/

Yesterday, 10 July, was the due date for the second milestone of my work on DebGraph. I am happy to report that we are roughly two weeks ahead of schedule, so meeting this milestone was not a cause for worry. We now have support for the following graph operators:

• Difference
• Intersection
• Filter (by properties)
• Find Cycles (via Tarjan's algorithm)
• Find Dependencies
• Find Reverse Dependencies
• Symmetric Difference (XOR)
• Union

The next milestone includes the development of a high-level language (or integration with an existing extension language) that streamlines the construction of complex queries using the operators listed above. We can build arbitrarily complex queries using the C++ operators, but dealing with the static typing and compiler toolchain can be very clunky. As such, I have spent the past week working on Lua bindings for DebGraph, which will enable us to query the graph of Debian packages from a clean, dynamically typed language. Lua has a powerful C API that exposes the Lua stack and lets us move DebGraph information to and from the Lua interpreter. I'm writing documentation that outlines how to use DebGraph from both C++ and Lua in order to make this work accessible to more folks. Sneak peak
As an example, we can utilize the FindCycles operator in Lua as follows:

libdg = package.loadlib("./libdebgraph.so",
"luaopen_libdebgraph")
libdg()
LoadPackages('cache')
-- 'g' is the main graph of unstable binary-arm packages
cycles = FindCycles(g)
print("Found " .. #fc .. " cycles")
for comp_key,comp in pairs(cycles) do
    comp_nodes = ""
    for node_key,node in pairs(comp) do
        prop = GetProperty(node, "Package")
        comp_nodes = comp_nodes .. prop .. " "
    end
    print("* " .. comp_nodes)
end

The above Lua script produces the following result:

reading cache/unstable/main/binary-arm/Packages
Found 61 cycles
* debconf-english debconf-i18n debconf
* perl-modules perl 
* cdebconf fontconfig-config fontconfig gsfonts-x11
libcairo2 libfontconfig1 libgtk2.0-0 libpango1.0-0
libpango1.0-common libxft2 ucf x11-utils xutils
[...]

These are the package names in the strongly connected components, shown in alphabetical order. There is still a lot of work to do before the Lua binding will achieve feature parity with the core library, but we have now laid the foundation (and a brick or two).

The overall situation (admittedly a bit of a stretch):

(The soil depends on the chicken to keep it fertilized. Work with me here.) There are an infinitude of cycles that could be extracted from this, but we're only interested in the set of shortest-length cycles. Exhibit A:
Exhibit B:
And the classic philosophical gem, Exhibit C:
Is the problem solved, then? Not quite. The current DebGraph cycle detection operator works well for dependencies, but we also want to discover cycles of conflicting packages. Furthermore, one of our documented use cases involves finding nodes that depend on and conflict with one another.

The GNU C library (packaged as libc6 in Debian) is the bedrock of a lot of code. What are the packages that it depends on? (Yo, DebGraph!) Original image [997 kB] libc6 is one of the well-connected vertices in the lower-left corner (third quadrant, if you like). For graphs like this one, we would like DebGraph to identify dependency cycles (loops). For example, libc6 depends on libgcc1, which in turn depends on libc6. This can be seen in the graph above by applying some careful scrutiny, but why not let the computer work its magic for us? (To be continued.) As a bonus, who depends on arping 2.05-2 for i386?

Watched De Gr nne slagtere (great black comedy even if it moves a bit slowly. I think if you have to chose you'd better watch Adams bler with which it shares writer/director Anders Thomas Jensen and a big part of the cast). And this just has to be said: I can't believe anybody could call eXistenZ “quite a good see”. One of the worst movies I've ever seen, on a level with “Tweed” (a late 90s Bond parody I distinctly remember having seen but can't find on imdb right now.) I agree with Adeodato's assessment of Billy Elliot, though.

Another week has been spent in a repetition course in the military. Readers of my blog will know that this means playing poker (I lost about CHF 7 this week — we just play for fun at CHF 5 for 50 chips) and watching movies. Tron and Kill Bill Vol. 1 from my collection, and the extremely funny Adams bler which I didn't know before. The story centers around a neo-nazi serving some time in some kind of rehab in a church where, it is soon discovered, the priest in charge of the whole thing is not that much in charge, even of himself. I'm told that I also should watch I Kina spiser de hunde by the Danish Anders Thomas Jensen (writer and director of Adams bler, writer of In China they eat dogs.) Also recently watched Casino Royale (the recent Bond movie. I haven't seen the 1967 one yet.) and The Gold Rush: the 1942 version with added spoken narrative and music by Chaplin. The DVD does contain the original 1925 silent movie, too, where especially the ending is a bit different. And finally lots of episodes of , ! (Nu, pogodi!), which was the Soviet equivalent to Tom and Jerry (not a clone, it is entirely different.) I can highly recommend this to everybody who likes cartoons.

Thursday evening, I joined the inhabitants of the twin town of Valga-Valka, sitting smack on the Estonian-Latvian border, to celebrate their entry into the Schengen treaty. Ever since I first crossed the border there on a roadtrip from Tallinn to Fallingbostel, in year 2001, I knew I would have to return and, sure enough, I briefly passed through during last summer with an Estonian friend, on our way to an acquaintance's birthday party. Still, that told me nothing of the town's life and left me wanting for more. Upon hearing that year 2004 EU accession countries would join Schengen in December 2007, I immediately promised myself to show up and join the crowd. As it turns out, I missed Aleks Tapin of the All About Latvia blog by very little, having I caught his last-minute e-mail the next afternoon. Aleks blogged a great article depicting the Latvian side of life and providing some background info on the town, if you're curious. I arrived late-evening on Thursday via the Tallinn-Viljandi-Valga bus and checked into my hotel, then proceeded to checkpoint Valga II around 23:30, with the intention of grabbing a drink on the Latvian side and returning just before midnight for the celebrations. Hardly anyone was in sight, except for Latvian officer abana who was completing the inspection of a Russian car with three noisy passengers. Upon presenting her with my passport, officer abana cheerfully lead me to the office and slid my passport through a slot to officer Bukss, who was visibly surprised to have any tourist show up on the last day of his job to get their passport stamped. Upon explaining to him the reasons for my presence, he pointed me to a nearby bar where I could have a drink, visibly amused by the situation. I spent the next few minutes in a local casino in the company of three hilarious Latvian truck drivers, Zintars and Aivars, two Latvians with limited English language skills and Yuri, an ethnic Russian living in Ireland who was born stateless on the Latvian side of the town and who later acquired Estonian citizenship by claiming ancestral land on the Estonian side. Upon returning to the border, just minutes before midnight, I found myself in the middle of a huge crowd of villagers, police officers, border guards and politicians from both countries - barely getting noticed by anyone. I handed my passport to an Estonian border guard who emotionally commented to a civilian friend of his nearby that, "Wow! That was the last one!", handing me my passport back just as the midnight bells rang and the mayor of the Estonian side started his speech amidst pyrotechnics lining the road. I then had a chance to chat with the Estonian mayor, who promptly handed me a bilingual certificate, signed by the mayors of both towns, attesting that I was the first to cross the open border, while introducing me to his two young daughters with whom he was about to take a stroll on the Latvian side. The next morning, an even bigger and more symbolic event took place: the demolition of the fence that had been cutting the S prus/Rai a street in half. You can see a picture of what the street looked like before on Aleks' blog article [edit: or on Jens-Olaf's blog article]. After the fence was removed, it instead looked like this: The crowd then proceeded to checkpoint Valga III, where a stage had been setup for the politicians to make their speeches. An interesting fact is that, because of the way the border was drawn, along a creek leading to Pedeli river, an Estonian main road was technically on the Latvian border and thus aptly named "Raja" (border) street. The Estonian mayor commented in his speech that the the brand new supermarket standing behind us was also technically on borderland and could not have possibly been built earlier, weren't it for the Schengen treaty matter-of-factedly eliminating borders between participating EU countries. The speeches were closed by a youth group whose choreography featured six break-dancing boys, dressed as Estonian and Latvian border guards and as border posts. The choreography ended with the teenage border guards carrying away the human posts on their shoulders, just as a choir of young girls replaced them with songs in either languages. Before catching my bus back to Tallinn, I dropped by the Valga tourist info, only to face a nervous-looking Kapo officer in plain clothes. Upon mumbling something about the tourist info and wanting to grab maps, I noticed that a press conference was taking place behind. As he finally let me pass to the tourist info side of the building, a familiar voice said to me, "Hey! Weren't you at our place last summer with Martin Ranna?" Yup, the wife of the acquaintance whose birthday party I had attended last summer is working there and greeted with me refreshments and munchies she had cooked in prevision for the presidential visit! As was my luck, she had one of the commemorative plaques that had been given to the politicians at Valga III on hand: I was glad to see the town becoming one again, even though it is ethnically divided. There are already signs of people on both sides learning one another's languages and shopping on either side of town, not to mention plans of merging the municipal bus operations of the Estonian and Latvian halves of the town, so I'm sure that they'll get there in due course. For me, Schengen brought a much more practical and quite welcome change: the end of messy border crossing stamps that were rapidly filling my almost new passport, every time I visited the head office of our company in Tallinn. While Estonian border guards mostly stamp passports in an orderly fashion, being careful to fit exactly 8 stamps in a single page and to put entry and exit stamps side-by-side, Finnish border guards apparently are incapable of doing so, instead systematically wasting pages by either stamping sloppily in a way that makes it impossible for more than 4 stamps to appear on a given page or by flipping to a brand new page, every time I had to cross the border. In case anyone ever wondered why I'm currently representing Estonian interests abroad, despite living in Finland, this example is one of the many reasons: Finnish authorities routinely display arrogant carelessness towards the population and doubly so towards immigrants. It amounts to an accumulation of idiocy that has costly consequences on people's lives. For some, it's about being denied the public institutions' support when they need it the most and their life forever going downhill thereafter. For me, it has been about countless missed opportunities (jobs, love affairs, travel plans), plus very costly passport and residence permit renewals. Given this, I simply don't see myself ever representing Finnish interests ever again. Faith no more. Besides, the Estonians are fun and easy-going people. Siski ma m tlen, kas ma peaksen n d Eestisse kolima v i?

Patents are the best way to improve development, and software inventors have just the natural right to their algorithms and designs. Research and Development in industry wouldn’t just work without patent protection, and technology improvements would just stop, right? Well, I’m not so sure of that. Key arguments against software patents, stolen from Pieter Hintjens’ article:

• The economic evidence shows that software patents damage the software sector.
• They conflict directly with copyright law, creating uncertainty and risk for innovative firms.
• They are harmful to free software and open standards, both increasingly vital technologies.
• They promote litigation, especially from incumbents against startups, and patent trolls against product producers.
• They prolong monopolies, historically in the telecoms market, and more recently in desktop computing.
• They were instituted both in Europe and the USA by subterfuge, by dominant software firms and patent advocates, without proper economic analysis or legislative study.
• The time it takes to grant a patent, its lifespan, and its overall costs don’t match the needs of the software industry.
• Software patenting enables an arms race where litigation wins over innovation and small innovative firms are excluded.
• They are barely linked to real achievements, but instead to speculative claims for how technology might be used.
• Their proper examination is impossible–too little documented prior art, too little time to examine, and strong economic incentives to grant, not refuse, software patents.

The first serious i18n effort for the Games Team is now bearing fruit. The newer version of the game hex-a-hop is now entering Debian. All the merit goes to Jens Seidel, who has developed the patches for making it work with SDLPango and to support all the spectrum of Unicode characters, instead of the limited ASCII set included in the game, as well as to all the people of Debian i18n who have done the translations (Helge Kreutzmann, Damyan Ivanov, Enrique Mat as S nchez, Bas Wijnen, Piotr Engelking, Yuri Kozlov and Clytie Siddall). The game has already been translated to Bulgarian, German, Spanish, Dutch, Polish, Russian and Vietnamese. Thanks Jens, both for taking care of the changes in the code needed to achieve this, and also for coordinating all the t10n and i18n process, as I don’t really have much experience in those areas.

NDR are broadcasting the Hamburg Classic in DVB (digital) and PAL (analogue) at 19 east at 11-14 GMT today, while ARD at 19 east and 13 east overlaps at 12.30-15.00 GMT, presumably including the closing stages. Notably, this race has excluded Tour de France winner Contador, apparently as well as everyone else even mentioned in connection with the Fuentes affair. Yesterday's last stages of the Burgos and the Deutschland-Tour seemed surprisingly unsurprising, with Juan Mauricio Soler and Jens Voigt kept their respective leads.

Eurosport are broadcasting the Vuelta a Burgos at 19 east until Saturday. This can be an interesting race for seeing how well the ProTour teams are recovering from the Tour de France, ready for the Vuelta a Espa a. Barloworld's TdF revelation Juan Mauricio Soler has a 17-second lead into tomorrow's individual time trial. The 69th Volta a Portugal finished yesterday with an ~50-minute individual time trial that saw the lead change hands and Xavier Tondo of LA/MSS take the General Classification by a little under a minute. RTP's coverage was strangely subdued. It seemed like they only had cameras around the finish line, not on motorbikes following the riders. The bad weather may have caused that, though. Meanwhile, the Deutschland-Tour 2007 is broadcast to Europe until Saturday on ARD at 19 east and 13 east. Gerald Ciolek of T-Mobile won his second stage in a row today, while CSC's ever-popular Jens Voigt remains in yellow. Individual time trial there too tomorrow. ARD's coverage has been very swish so far this year. Widescreen with informative graphics, although the commentary is still a bit subdued for my taste. Overall, it's a shame there's not more airtime given to it.

Dekoor, a student choir which includes our friend Jense, from Utrecht participates in a television show Korenslag, a pop-idol like contest for choirs. As we've been devoted fans of Jense from the "Miracle Man" up to now, we attended the semi finals of this program. Being in the audience of this show that is broadcast live on national television is an experience in itself. An "applause master" instructed us when to be silent, when to applaud, and when to go absolutely crazy. To which we faithfully complied. During the show Dekoor did very well in our unbiased ears, although the others did okay too. Although we SMS'ed a fortune to vote for Dekoor, the choir "Re-Flax" got the popular vote. Quite to my suprise because they were the least original and dynamic of the four, in my opinion. Luckily the professional jury was again impressed and decided that Dekoor must go to the finals together with "Re-Flax". Unfortunately the finals are decided by popular vote (eur 0,60 per vote) which might work against them. So remember, next Thursday, 20.30 Nederland 1: the finals. Vote Dekoor! P.S. I made some pictures aswell.

I have uploaded exim4 4.67-2 to experimental. Lots of changes and improvements. Quite some changes have gone into the Debconf stuff (for example, the split/unsplit config question is not asked first any more), and into update-exim4.conf (including input sanitazion, transformation of input to lower case, and getting rid of the DEBCONFsomethingDEBCONF stuff in the configuration). I’d like you to test the experimental package before I upload to unstable (probably on sunday). Please report your findings.

exim4 (4.67-2) experimental; urgency=low
  - update-exim4.conf:
    - finally get rid of the DEBCONFfooDEBCONF stuff. That information
      is now passed to the configuration by ue4c by directly setting exim
      macros in the configuration. This has caused both the configuration
      and ue4c to be much shorter.
    - run with -e, -C and -u.
    - convert input read from update-exim4.conf.conf to lower case
    - barf if strange characters are found in ue4cc. Closes: #400294
  - Remove superfluous “x$foo” = “xbar” constructs from scripts
  - Add routers to reject mail to accounts with low UID.
    Closes: #400790.
  - Make daily cron job barf if /usr/bin/mail is not found. Have
    exim4-base recommend mailx. Closes: #427960
  - Have all -daemon packages provide exim4-localscanapi-1.0 and
    exim4-localscanapi-1.1 as requested by Magnus Holmgren while fixing
    #426425. Also include exim4-localscan-plugin-config script with
    exim4-dev. Thanks to Magnus for helping with this. Closes: #428274
  - remove /etc/exim4/email-addresses symlink and document this.
    Thanks to Josip Rodin. Closes: #420578
  - introduce conf.d/250_exim4-config_lowuid which optionally allows
    to reject (or alias away) mail to low-uid accounts that are not
    listed in an exception list. Thanks to Dominic Hargreaves,
    Marc Sherman and Ross Boylan. Closes: #400790, #307768, #331716
  - remove versioned depends on cron, since the version we need is
    well before sarge.
  - Add cron   fcron dependency. Fcron is going to be removed again
    at the first sign of trouble. Closes: #381806
  - remove move_exim3_spool debconf template. Closes: #391762
  - replace openssl gendh with openssl dhparam. Closes: #413235
  - adapt docs, README and manpages
  - have Hilko fix the lynx-dump postprocessing to repair generating
    README.Debian text version. Thanks!
  - increase README.Debian generation robustness. Thanks to Hilko.
  - debconf:
    - Partly apply Christian Perrier’s patch for reviewed
      templates and control file. Closes: #426980
    - Other minor template changes.
    - get rid of “mails” in debconf templates, use “messages” instead.
      Re-word local_interface debconf template. Other minor changes.
      Thanks to Jens Seidel and Christian Perrrier. Closes: #394976
    - re-work exim4-config.config logic to have split/non-split config
      asked last instead of first. This partly addresses #410756.
    - Add exim4-daemon-heavy.templates, exim4-daemon-light.templates
      and exim4.templates to POTFILES.in
    - Re-Word dc_other_hostnames debconf template.
      Thanks to Hans G. Ehrbar. Closes: #421860
    - translation updates:
      - French
      - Ukrainian. Closes: #427793
      - Bulgarian.
      - Thai.
      - Galician.
      - Swedish.
      - Punjabi.
      - Indonesian.
      - Italian.
      - Khmer.
      - Traditional Chinese. Closes: #428072, #428069.
      - Portuguese.
      - Simplified Chinese. Closes: #428072, #428069.
      - Marathi
 -- Marc Haber <mh+debian-packages@zugschlus.de>  Wed, 13 Jun 2007 14:00:38 +020
0