Tomorrow, Penny and I head off back home, and two months of living in NZ come to an end. (did you hear that, pleaserobme.com?) Maybe I ll find the time to write about my impressions of living on this side of the planet, and being immersed in Kiwi culture while going after my daily routine and trying to work as much as I could. But there is one thing that should not wait: Thank you, Catalyst IT for giving us workspaces! For the better part of 6 weeks, you gave us our own room, monitors, keyboards, mice, and connectivity. And more than that: you welcomed us, let us participate in sessions, invited us to your parties, received our parcels, sent out letters, and generally provided us with a great environment to work. This was certainly well above what we had dreamed of. At times, I was forced to stay into the middle of the night 12 hours time difference with Europe is not always easy and spent waking hours in your building alone. Thank you for your trust! Catalyst is a fully New Zealand owned company who deliver critical open source business systems to some of NZ s largest organisations, and organisations worldwide. Catalyst was also a major enabler of LCA2010, and a sponsor of Kiwi Foo Camp, both events that I had the privilege to attend. Let me know when you re in my part of the world. ;) NP: The Mamaku Project: Karekare

Shortly after I wrote my last article about ACTA and the lack of transparency, I was delighted to find out that a report of the recent negotiations in Mexico has been leaked. I find it a bit disconcerting that our politicians, who are theoretically supposed to represent our interests, are writing documents that can leak to the public, when they should have been available to the public from the start. The document and the coverpage are available for direct download. Michael Geist has a first analysis

A brief report from the European Commission authored by Pedro Velasco Martins (an EU negotiator) on the most recent round of ACTA negotiations in Guadalajara, Mexico has leaked, providing new information on the substance of the talks, how countries are addressing the transparency concerns, and plans for future negotiations. (read more )

NP: Dimmer: Degrees of Existence

Dear lazyweb: I am in search of a mailing list for discussion on matters related to digital identity and privacy in the information age. Unfortunately, my (limited) searching has not unveiled results, mostly because many mailing lists have privacy agreements or somesuch, polluting the results with pointers to those. If you know such a list, or you don t but you are interested in the topic, don t hesitate to drop me a line. I will then either let you know when my search was successful, or subscribe you when I have created a list to fill the void. NP: Sola Rosa: Solarized

Right now, your government is probably engaged in the discussion of the Anti-Counterfeiting Trade Agreement (ACTA). You are likely not aware of that because your government has been actively keeping these negotiations and details surrounding them secret. Your government does not want you to know about a treaty that has far-reaching negative effects on your freedom, as well as your basic human rights. If you did know, you might speak up and make it difficult for the drivers of ACTA to smoothly push their interests past you. The red light should light up in your head right now! The goals of the trade agreement that is being negotiated are multifarious, but essentially seem to centre around challenges related to intellectual property, and copyright in the digital age, even though it is sometimes claimed that the agreement serves primarily to contain trade of fake Prada bags and Rolex watches. In reality, ACTA is about content producers like movie studios, who try everything to prevent you from copying their work without paying for it even if you cannot actually purchase the work, because of e.g. technical measures designed to prevent certain people from legally obtaining content, or simply because the media companies are greedy and consider it PR-savvy to delay the release of a given work in certain countries until after people have had a chance to pay a lot of money to the cinemas. In theory, a creative work goes out of copyright 50 or 75 years after its author died, depending on whether the creativity can be attributed to a person or a corporation, respectively. Therefore, 50 or 75 years after creation, it gets increasingly hard to monetise a work that has not been reinvented in that period of time. Sounds plausible to you and me, but this sort of stuff frightens companies like Disney, who seem powerful enough to simply have the law changed. That is not how things should work. The media producers are failing to control the Internet, and hence they want to turn it into something more like cable TV, which they do know how to control. ACTA aims to make copyright infringement a criminal offence. ACTA wants to make it possible for a government to cut you off the Internet because someone thinks you did something bad they don t actually have to prove it though, accusation is enough. Similar efforts have already failed all over the world, e.g. in France and New Zealand. That s a sign, not a reason to try again. ACTA wants to set in stone that you have absolutely no rights when you cross borders. This is largely already the case border officials can pretty much do with you whatever they want now it s supposed to be made official, and legally binding. ACTA will create a culture of surveillance and suspicion. ACTA is designed to break the Internet, among other things. But worst of all: I am just speculating because we are not supposed to know the details. The best current source of information on ACTA seems to be Canadian law professor Dr. Michael Geist, who has been collecting content and linking to articles consistently since the ACTA negotiations commenced 2 3 years ago. The Electronic Frontier Foundation also has comprehensive resources available. It s even more important today than before to put an end to this secrecy. Don t let your government enter secret agreements that affect you and your life, refusing to talk to you about it beforehand, and probably refusing all responsibility afterwards. Talk to your politicians and ask questions that cannot be answered with stock replies. If you have specific contact addresses for politicians, please let me know so I can add them. Colin Jackson helped me with this article at Kiwi Foo Camp. He also takes an issue with the secrecy around ACTA.

I found out yesterday that my university s Microsoft Exchange Server account stopped forwarding my mail on 8 December 2009. As a result, mail accumulated there and remained unseen. Dear examiners, paper authors, supervisors, sponsors, participants, and peers who responded to my calls and cries related to my PhD thesis. I am terribly sorry that you were subjected to this. You replied usually within a few days, but I still sent you reminder after reminder in the weeks to follow. You must have thought that I was a real dork. Please forgive me. I really appreciate your patience! I filed a ticket with my university s IT service provider, which got closed the next day with it should now work again . That wasn t going to cut it for me, so I reopened the ticket, asking for an explanation. Next, I received an apology with a bit of speculation. After a bit of research, it seems that the reason was to be found in the inconsistency of being an external staff member (i.e. an e-mail address outside of the Active Directory domain), but still having an account on the server. On 8 December 2009, the server was upgraded with a service pack. This caused Exchange to go a little manic on the housekeeping. After all, why would anyone ever want to forward their e-mail elsewhere, and still have an account? Well, I certainly don t want an account, and yet I have to have one: Microsoft has bought their ways into the university and spread their germs all across, I need credentials to be able to access shared files, print, browse the library, or search the phone book. However, considering that UL s Outlook Web Access instance does not let users of decent browsers search their mailboxes (a premium feature reserved for users of Internet Exploder), one cannot manipulate more than a page-full of e-mails at a time, bounce messages, or do many of the other operations that make dealing with large amounts of e-mail possible, and because Exchange mail if it doesn t get lost in the first place sucks in so many other ways, I certainly prefer my mail to be handled by a real mail server with a proper mail filter (writeup in progress). Maybe the Exchange service pack was simply designed to get rid of outcasts like me who don t buy into the low-Microsoft-quality vendor lock-in? We ll never know, thanks to the proprietarity of their software (and the fact that the university service provider apparently does not keep logs of changes). NP: AC/DC: Back in Black

I do not like it when people tell Web 2.0 sites to send me invitation e-mail. I won t enumerate the reasons here. But there is one reason for why I don t like you passing on my address to those sites, which is subject of this article: Unlike popular belief, the Web 2.0 is not a money-printing machine. It s a long road until you can actually generate real money with user content. Therefore, some shadey sites are probably selling contact details to advertisers to make ends meet while hoping for the big cashflow. I don t have any data to back this up, and I want to change that:

Please tell all your Web 2.0 sites to send me an invitation! Please use an address in the signmeup.madduck.net domain for that, and make sure to include the domain name of the service to which you sign me up before the @ symbol. Also append a hyphen/dash and a random, short string. More on that in just a sec. For instance, if you are one of those people that believes that letting people know where you are (and have been) at any point in time, tell Foursquare to send an invitation to:

foursquare.com-ponies@signmeup.madduck.net

The reason for the random, short string ( ponies ) is simply so that I can later cross-check that a message receiving spam actually went through a social networking site I intend to catalog the invitation messages.

Thank you for your time. Keep in mind: the more, the merrier. I ll make sure to report back on the outcome of this little experiment right here, so watch this space. NP: Billy Joel: Cold Spring Harbor

I had previously sought alternative, innovative search engines, but none of the proposed options made me particularly happy. About a year ago, I came across DuckDuckGo, and today, I ve been using DDG as my primary search provider for exactly 10 months. The reasons why I switched included

• my dislike of the Google information monopoly and the potential that a single, corporate entity with financial interests, gets to censor the information I see. I am sceptical of their Do-no-evil promise because there s nothing binding about it, and if it gets in the way of money-making, I am sure it ll be discarded at a whim if it even still exists.
• the awareness that my usage augments their database (although I am probably too far away from mainstream to provide useful data), which translates into more funds available to them to further strengthen their market position.
• my belief that the days of index-based searches are over, given how 95% (or more) of user-generated content is bogus. Google undoubtedly optimises the results with obscure, secret algorithms, but that s just not enough for me.
• Of course the name DuckDuckGo was perhaps the strongest reason to switch. :)

I am aware that DuckDuckGo is index-based itself, using the Yahoo API, which, in turns means that DuckDuckGo may already be using Bing data. Sounds a bit like out of the frying pan into the fire, unfortunately. I am still investigating better search solutions, sticking with DuckDuckGo meanwhile. Unfortunately, DuckDuckGo doesn t quite cut the mustard at all times, forcing me to go to Google instead. For this reason I am glad to find that the CustomizeGoogle Firefox extension has not been discontinued, but simply renamed to OptimizeGoogle. This extension allows me to anonymise my identity towards Google, remove click tracking (which Google doesn t want you to know about and hence hide with JavaScript), hide ads, and customise a slew of other aspects of the giant s search engine. It alleviates some of the aforementioned concerns, but not all. Maybe it s time to rethink the way I use the web and lower my search needs. If you are using Firefox, try it out! If you re still using Internet Exploder, you should not, and instead upgrade to Firefox. Users of other browsers might find similar functionality for their application, or might want to switch as well. NP: Tunng: Comments from the Inner Chorus

I got involved with open-source software before I learnt about software development in a university course. Naturally, when my profs tried to teach the waterfall model to me, I couldn t take them too seriously back then. After all, requirements specification design implementation verification maintenance is not really in line with the principle to release early, release often. Furthermore, since water cannot flow uphill, the waterfall model fails to represent development cycles, as they naturally appear, even in behemoth, ancient software nightmares. And yet, when embarking on a new project, I do tend to find myself first thinking about the big picture, instead of churning out the code. I am certainly not the best coder out there, and it might well be that I could benefit from learning to break down problems to get an earlier start on the implementation of components. However, I maintain that avoiding the waterfalls and engaging directly in extreme programming, agile software development, or pair-based approaches right away is not the answer. Rather, the best approach should probably involve a certain level of conceptualisation before code is produced. I am a big fan of test-driven development, and I like the scrum method for the very reason that it involves talking and challenging ideas (although I wouldn t follow the method down to the book). I like to think about trickles in the mountains where water droplets joyfully jump around. * * * When Glyn Moody spoke in his LCA2010 keynote about challenges we (as in society) face, and how open-source seems to have many answers, he dropped the following gem, which spoke right to my heart:

Twitter is the release early, release often principle applied to thinking.

By this simile, journal articles are produced according to the waterfall model. This may well be why they are usually outdated at the time of publication. Microblogging (like Twitter), on the other hand, is primarily used to publish stuff before it s ready, and which would never be published otherwise. With journals on one end, and microblogging on the other, I think the epiphany is found in between as with software development: web logs web applications that allow for easy publishing by anyone (which is a different problem not to be discussed here). Since articles on those platforms usually have at least a title and a body, they require just a little bit more thought than 140 characters of contracted brain farts, spilled into the world faster than it takes one to stand up, stretch, and sit down again. * * * Microblogging seems to be in line with where we re heading: more information, more self-promotion, more access to more people, and all that with lower barriers of entry. It s hard to argue against a trend, but I think we ve taken a wrong turn somewhere. The one specific instance of content is no longer relevant, and there is no more time in the day to read elaborate treatments of subject matters. Instead, what seems to prevail is a constant flow. This flow threatens to replace actual thinking and discourse, both of which require reflection and time a scarce resource used up by ever new, fast-flowing media. It seems to me that those who immersed in this flow are unable to get out, as if sucked in by a maelstrom. I ve seen people enter serious withdrawal within hours of not knowing what s going on in the world. One could miss out on something. If you re following people on one of those microblogging platforms, I challenge you to spend the weekend offline and when the urge hits, ask yourself what you are actually missing. I mean what you are really missing, and by that I mean anything other than the cozy buzz and hum of entertainment washed upon you, preventing you from having to think about what you could be (actively) doing instead. I hope it s not a lot. For else, I fear that this means that future generations will be stuck with this communication culture, just like water droplets can t ever play in the mountain trickle again. NP: Sola Rosa: Get It Together

On Wednesday I got DAM approval and since Saturday late evening I m officially a Debian Developer. Yay! :-) My thanks go to

• Christoph Berg (Myon) whom I know for more than a decade since we studied together, and who s career in Debian was way faster than mine, but who on the other hand probably knows me better than nobody else in Debian which made him the perfect advocate;
• Bernd Zeimetz (bzed) whom I know from my times at DaLUG and who was the friendliest Application Manager I could imagine he s probably also one of the fastest (8 days from application to AM report :-);
• Luca Capello (gismo), who was the most demanding but also most inspiring sponsor I ever had and who became a very good friend after we found each other over my package conkeror.
• Arne Wichmann (Y_Plentyn) for being my first drop-in center for Debian questions (like can I directly dist-upgrade from 2.0 to 3.0? :-);
• Martin Zobel-Helas (zobel) who was always encouraging me to continue exploring new sides of Debian;
• Gerfried Fuchs (Rhonda) just for being there (and for being a package maintainer with good relations to upstream ;-);
• my coworkers at the IT Services Group of the Department of Physics at ETH Zurich, who always found new challenges in Debian for me to solve;
• and all those others who offered to also advocate me (e.g. Otavio Salvador) or sponsored my packages so far (or at least offered to do so), e.g. Alexander Wirt (formorer), Martin F. Krafft (madduck), Robert J rdens (jordens),

As Bernd cited in his AM report, my earliest activity within the Debian community I can remember was organising the Debian booth at LinuxDay.lu 2003, where I installed Debian 3.0 Woody on my Hamilton Hamstation hy (a Sun SparcStation 4 clone). I wrote my first bugreport in November 2004 (#283365), probably during the Sarge BSP in Frankfurt. And my first Debian package was wikipedia2text, starting to package it August 2005 (ITP #325417). My only earlier documented interest in the Debian community is subscribing to the lists debian-apache@l.d.o and debian-emacsen@l.d.o in June 2002. I though remember that I started playing around with Debian 2.0 Hamm, skipping 2.1 (for whatever reasons, I can t remember), using 2.2 quite regularily and started to dive into with Woody which also ran on my first ThinkPad bijou . I installed it over WLAN with just a boot floppy at the Chemnitzer Linux-Tage. :-) Anyway, this has led to what it had to lead to a new Debian Developer. :-) The first package I uploaded with my newly granted rights was a new conkeror snapshot. This version should work out of the box on Ubuntu again, so that conkeror in Ubuntu should not lag that much behind Debian Sid anymore. In other News Since Wednesday I own a Nokia N900 and use it as my primary mobile phone now. Although it s not as free as the OpenMoko (see two other recent posts by Lucas Nussbaum and by Tollef Fog Heen on Planet Debian) it s definitely what I hoped the OpenMoko will once become. And even if I can t run Debian natively on the N900 (yet), it at least has a Debian chroot on it. :-) A few weeks ago, I took over the organisation of this year s Debian booth at FOSDEM from Wouter Verhelst who s busy enough with FOSDEM organisation itself. Last Monday the organiser of the BSD DevRoom at FOSDEM asked on #mirbsd for talk suggestions and they somehow talked me into giving a talk about Debian GNU/kFreeBSD. The slides should show up during the next days on my Debian GNU/kFreeBSD talks page. I hope, I ll survive that talk despite giving more or less a talk saying Jehova! . ;-) What a week.

I got an eMail tonight. I guess this means I can say hello officially now. (Everything else is details, waiting and fixing some bugs and technicalities, or so.) Thanks to everyone involved, I learned a lot already. Oh, and I had a look into madduck's book (the old sarge edition, which I got for free recently) and found a nice graphic explaining what non-native english speakers (I even had latin first, and 3 programming languages!) don't, from the Debian constitution. Congratulations XTaran for making it as well, even visible on the website already! Please don't file an "Please package mksh R39b" bug again, I am aware there's a new version ;-) as I'm upstream too. I'm just short of time at the moment, and I'd like to put out high-quality packages. Besides, the webpage needs fixing first (while the checksums and the changelog for the release are there, no proper announcement is yet, and I'd like, for this version, to add a "upgrading caveats" section, since due to bugfixes and better standards compliance some scripts need to be updated; some of the pdksh behaviour favoured Bourne over POSIX even!

Tollef forced me to take over libpam-passwdqc after I had reported bug #517967. passwdqc is a toolset that can be used to enforce password strength policies at exactly the right place: there s a PAM module, and with the next version, you can also use a library and command-line tools read on below. The toolset gives administrators flexibility in defining the minimum password length based on the number of character classes a user tries to use. It also includes libpam-cracklib functionality and prevents the use of trivial passwords. I appreciate this functionality, so I had little choice but to make the best out of it:

• I uploaded libpam-passwdqc 1.0.5-1 to unstable, fixing a few bugs on the way, and bringing the packaging up to speed.
• I wrote a message to upstream introducing myself and was happy when I got an almost immediate response from two developers, suggesting that development was thriving. Yay!
• Having been pointed to the upstream CVS-Git clone, I based the packaging off the repository, rather than the tarballs. This required me to juggle directories a bit, as well as to repack the tarballs. Oh well.
• Next, I fixed the bug I reported, and now libpam-passwdqc can be installed and configured in a jiffy, thanks to Steve Langasek s impressive work on pam-auth-update. Someone also reported this feature request as LP#314775, but I don t use Launchpad, so someone else will have to triage it there.
• Finally, I imported the latest upstream work into the repository, which had me change the source package name. The benefit of version 1.1.4 in addition to improvements and bugs fixed is that the functionality is now also available through client programs in the passwdqc package, as well as in an independent C library. Due to the new packages, the upload is currently waiting in the Debian NEW queue, so hold your horses for a few days.

Debhelper 7 is really nice. Thanks, Joey.

Linux.conf.au 2010 has come to an end and I am looking back at an intense week of conferencing. A big shout out to the organisers for their excellent work. I think LCA (as well as DebConf) just keeps getting better every year. This does not at all discredit previous organisers, because they were the best at their times and then passed on the wisdom and experience to help make it even better in the following year. The week started off with the DistroSummit, which Fabio and I organised. Slides are forthcoming, as I failed to get them off the speakers right after their talks it s interesting how stress levels and adrenaline can cause one to forget the most obvious things. This is where experience comes in. I ll be there again next year, I hope, to do things better. The theme of the day was cross-distro collaboration, and we started the day a little bit on the Debian-side with Lucas Nussbaum telling us about quality assurance in Debian, alongside an overview of available resources. We hoped to give people from other distros pointers, and solicit feedback that would enable us to tie quality assurance closer together. Next up was Bdale Garbee who talked about the status of the Linux Standard Base. While I am really interested in such standardisation efforts, I realised during his talks that I had considerable difficulties paying attention because as organiser of the conference, I had all sorts of other things occupying my thoughts. I proceeded to tell the audience the room was mostly filled throughout the day with an estimated 40 50 folks, and I d say about half of them stayed throughout, while the other half came in and left the room between talks. I could not get the projector to work with my laptop after the upgrade to Kernel Mode Setting, and thus used the whiteboard to give a brief introduction to vcs-pkg.org, talk about the current state of affairs, summarise the trends in discussions around patch management and collaboration, give an outlook of what s up next, and solicit some discussion. Sadly, just like during Bdale s talk, I found myself worrying over the organisation of the day, rather than actually taking in most of the discussion. Fortunately, others have written about the most important points, so I defer to them. Michael Homer then told us about GoboLinux s Aliens system, which is a way to integrate domain-specific packages with distro-specific package maintenance e.g. how to get APT to handle CPAN directly, or how to let YUM manage Python packages. The ensuing discussion was interesting, and we carried it over to the next slot, because Scott, the next speaker, was stuck in traffic. To summarise briefly: scripting languages have a lot of NIH-style solutions because it works for them, but these are a nightmare to distro packagers. One symptom of the status quo is that complex software packages like Zimbra are forced to distribute all required components in their installation packages, which make distro packaging, quality assurance, and security support even harder. I don t think we found a solution, other than the need for further standardisation (like the LSB), but the road seems to be a long and windy one. Laszlo Peter introduced the audience to SourceJuicer, a new build system used by OpenSolaris. The idea is that contributors submit packages via a web interface, kicking off a workflow incorporating discussion and vetting, and only after changes have been signed-off are packages forwarded to auto-builders and eventually end up in the package repository. This is very similar to upload ideas I ve had a while ago, which I ve started to (finally) implement. Unfortunately, SourceJuicer seems very specific to OpenSolaris, as well as non-modular, so that I probably won t be able to reuse e.g. the web interface on top of a Debian-specific package builder. After the break, Dustin Kirkland stepped up to tell us about his user experience of Launchpad. Unfortunately, I found his talk a bit too enthusiastic. Launchpad undoubtedly has some very cool features and ideas, but it s just one of the available solutions. The dicussion of Launchpad also dominated the next talk, in which Lucas Nussbaum told us about the Debian-Ubuntu relationship. While his presentation showed that the relationship was improving (Matt Zimmerman made the point that there are rather many relationships, rather than one relationship), I was a bit disturbed by the comments of Launchpad developers in the room, ranging from Debian is declining anyway to Just use Launchpad if you want to collaborate with others and not go down . There was a slight aura of arrogance in their comments which tainted my experience of the otherwise constructive discussions of the day. Overall I had a great time. Debian and Ubuntu made up the vast majority of attendants, with only a handful of representatives from other distros present. I wonder why that would be. One reason might be that around 70% of LCA attendants declared themselves Debian or Ubuntu users, and so there weren t many other distros around. Another might be that I still haven t spread the word enough. Let s hope to do better next year! Thanks to all the speakers. We may have organised the day, but you made it happen and interesting! Slides and recordings of the talks will be linked from the archived website when they become available (yes, the archive page does not exist yet either).

Coming to New Zealand for an extended period of time, I figured it would make sense to purchase a prepay mobile plan to make it easier to mix with locals. Not knowing better, I went with Vodafone, which I whole-heartedly regret: their website is a massive pain in the ass, their price plans completely over the top, and their customer service representative incompetent and unfriendly. My latest experience eclipsed all previous encounters, and makes me want to tell you about it: Between all the obscure add-ons Vodafone threw at me when I bought this SIM card, two weeks ago I couldn t figure out how my balance had decreased from $30 to $0 when I rarely ever made calls. I wrote an e-mail to their customer service hotline, and it took them a week to get back to me, with the following text:

Due to being a Prepay Customer, unfortunately usage details are not available as per terms and conditions. I have although checked your usage and can confirm that all charges are correct.

Obviously, I wasn t going to accept this claim of omniscience, so when last weekend, $20 disappeared over the course of a day, that was the catalyst for me to reopen the ticket and reply along the lines of:

Only I know when I used my phone and thus only I can determine whether the charges are correct. Please show the full records to me, or else

This seemed to convince the representative, and 8 messages and 11 days after my initial request, I was told I could request the records at $5/30 records. Yes, you read that right: they wanted to charge me to view the records. I thus replied:

I am NOT willing to pay for that. If you are unable to comply with my desire for transparency, then I shall terminate the contract and make sure to inform the media as well as the consumer institute of this conduct. As stated previously, I shall also consult with a lawyer. Charging consumers to view data that is obviously available is a strong indication that you do not want me to see it. I can t imaging why this would be the case other than the data being inconsistent with reality.

That worked, and I finally got an Excel sheet with my usage data, which allowed me to track down the depletion of my account: to lure customers in, they promise free calls to other Vodafone numbers for the first four weekends. There are three problems with that though:

1. Having purchased my card on Saturday afternoon, I was annoyed to find out that the remaining 34 hours of that weekend would be counted as a whole weekend.
2. They don t provide a way by which to find out whether a given number actually belongs to Vodafone or not. The 021 prefix is not enough of an indication.
3. They don t actually tell you anywhere but the aforementioned horrific website that the addon has expired.

So thanks, Vodafone. You ve lost a customer, who should have gone with 2degrees in the first place, who have much lower rates, even though their data coverage doesn t seem as good. I don t need data anyway. I ll still insist on Vodafone providing the data in a Free format. You can find more information about NZ mobile phone providers on the LCA2010 wiki page. NP: Age Pryor: Shank s Pony

Hello, Planet Debian. I'm pleased to have announced about the first Debian event in Thailand: Thailand MiniDebCamp 2010. This is a follow-up to Taiwan MiniDebConf 2009 in last September in Taipei. At the end of that event, we discussed about having a mini-DebCamp in Thailand during the New Year holidays. However, with many factors, it has been moved to this March. And the date has been settled on 13-19 March. The place will be Khon Kaen University (KKU) in Khon Kaen, a north-eastern province of Thailand (close to Lao, if you look for it in a map). In this event, we plan to arrange a Bug Squad Party for the Squeeze release, and some meetings between DDs and local people, to encourage more Debian activities in Thailand and nearby countries. Thailand has started its GNU/Linux development and usage since no later than 1997. Currently, we have projects like Thai Linux Working Group for upstream Thai resource developments; OpenTLE.Org and thaiopensource.org for local distros (Ubuntu-based); and some communities like ubuntuclub, debianclub, and more others for other distros. The user base is slowly growing, while developer base is yet growing more slowly. We have had domestic events occasionally. But certainly, an international one like this would effectively encourage more prospecters, as well as create closer cooperations with the global projects. We also hope this event to be a meeting point for developers from nearby regions. And internationalization, among other issues, can be discussed and worked out. So, please be invited to join and discuss. Please make sure to add your name to the Wiki page so we can prepare things for you, including accommodation. And feel free to propose your agenda in BarCamp style. It will be summarized some time before the event date. We also have a mailing list for updates and discussions.

After several months of not-too-intensive searching for a KVM-hoster with native IPv6 connectivity, Steve hooked me up with a VPS at Bytemark, and I am very pleased. In addition to a properly virtualised KVM instance, I got access to a console server, which allows me to reset the machine, switch kernels, and log in locally . It s exactly what I wanted, but it was hard to find, as everyone else seems to offer only Xen or Vservers, both of which are nearing end-of-life. Thanks Steve, and Bytemark. NP: Porcupine Tree: Up the Downstair

It took us a bit longer than planned, but we are happy to announce the schedule for the Distro Summit at the upcoming LCA2010 conference. We focused on cross-distro aspects, and we hope that you are as excited as we are about the result. The schedule is displayed on the Distro Summit homepage and I best refrain from duplicating it here.

Martin, Prague airport used to be (one of) most expensive airport for food and drinks prices. They recently reduced prices quite a lot, but I still think they fully qualify to be in the group of most expensive airports. But it has great advantage that every other airport looks cheap for us. This is almost same as prices for taxi, which is also usually cheaper than in Prague :-).

Dear lazyweb: I am in a dreadful situation! I need to secure e-mail communication between five types of users:

• Outlook 2003 users who receive their mail by POP3 from Exchange,
• Thunderbird users downloading mail with POP3,
• Apple Mail users downloading mail with POP3,
• Webmail users (Squirrelmail and Roundcube),
• and a bunch of Unix folks using proper clients.

To make matters worse: there is no common provider or server infrastructure, so the solution must work across providers and mailboxes.

Requirements

• Human error should be anticipated and prevented.
• Mail between all parties must be encrypted (and signed) automatically. If encryption is not possible, the mail must not be sent. This includes the situation where not all mail recipients keys are known;
• Ideally, one can define rules (using wildcards or regular expressions) to enforce certain policies.
• Mail to other parties may be signed, and it would be good to be able to turn this on and off by default;
• The MIME standard should be employed so that the mail body is not altered, and attachments can be seamlessly encrypted too. Existing MIME parts should be encapsulated as children of a new multipart tree;
• Incoming mail should be automatically and seamlessly decrypted/verified, and the user must be alerted if the verification fails.

Ideally, the solution will be open-source. However, if proprietary software performs better, then we will gladly use that where required.

Previous attempts So far, we ve tried (and were let down by)

• GpgOL, which has very irky and brittle integration with Outlook and can only do inline signing/encryption.
• S/MIME, which seems supported by all involved clients, but Outlook does not really allow you to specify policies. Encryption seems to be opportunistic at best, which is not enough.
• GPGrelay, which is promising because transparent, but apparently messes with MIME, and I am unsure whether it can fit between Outlook and Exchange. I have yet to run real tests though. If you are a GPGrelay user, or you d like to try it (it s Windows-only), please get in touch.
• WinGEAM, but that apparently no longer exists, and neither is the underlying GEAM.

Help! Does anyone have proper suggestions over what to use? In fact, if you are interested in devising a solution, or even deploying it, there s money to pay you for those services. Write in if you are interested.

I'd like to make pyroman IPv6 capable. That is actually the one big thing before calling it a version "1.0".I must admit that I havn't been very active on Pyroman (or Debian in general) the last years. This goes even so far as that "pyroman" was considered "abandoned" by Fedora or so. It is not; I use it on all my servers. It's still in use at the network I developed it for (after all there is not that much benefit for a workstation setup, where a 10 line iptables script will do the job just perfectly.).Anyway, I'd like to get IPv6 support into pyroman, but there is one big issue here: I don't have any machine using IPv6, so I havn't used ip6tables myself yet, so I don't know about all the magic involved ...So if you use IPv6, it would be very cool if someone would jump in to get full IPv6 support into pyroman. Madduck had already done some preliminary stuff, but I didn't get around to have a look at the integration or completeness yet.The '--no-act' and '--print' modes of pyroman should even allow development without any IPv6 support or root permissions in the system.Other things remaining on my pyroman wishlist:

• Fully automatic iptables firewall visualization
• Keeping traffic counters over firewall reloads
• Configuration UI
• A fancy 'arsonist' icon and a web page design

I accompanied Penny to Prague, from where she embarked into the mountains today for a week-long Moodle developer meeting. We froliced in the city a bit, tried to avoid the hordes of anonymous tourists that flooded the city, steered clear of the Christmas kitsch that was all over, sampled Czech food wherever we could, and enjoyed the local beer. On Friday, Petr Baudis took us out to The Pub, an ingenious concept by the Czech brewery Pilsner Urquell: every table has taps from where one can draw beers without waiting or having to get up, guests accumulate a tab measured in litres, and a huge screen shows which The Pub instance has the best beer throughput. Add to that an automated ordering system for salty snacks, and the brewery ensures a ready beer flow with need for no more than two staff members. Penny and I had already decided that Pilsner Urquell was our favourite Czech beer, mostly due to its bitterness. We also sampled the local Staropramen, and the well-known Budvar, and found our preference reinstated. At street prices of 50 CZK per half-litre of Pilsner, it was thus a punch in the face when the bartender at the airport bar asked for 145 CZK for the carelessly tapped beer, offering crap music and uncomfortable seating for the price. I refused the beer, because I prefered to keep only the good memories of the brew. NP: OSI: Blood