A source close to the Debian Project has informed me that the project will break from it s long running tradition of Pixar codenames for their releases.
Going further than this, in what is surely a contentious move, the project will also use multi-worded code names. This is as they feel jealous of the extra exposure that Ubuntu and Fedora have with double barrelled release names.
Thus, the next version of Debian will actually be called Debian 8dot0 phoronoix-will-believe-anything . For those without a satirical radar, this may all be a complete lie

Confused yet? The popular browser extension AdBlock for Chrome/Chromium and Safari has launched a new crowdsourced campaign - to buy up internet advertising space inviting people to download AdBlock, so they can block ads. Additionally, if they raise enough, they'd like to get additional space for a billboard at Times Square, a full page spread in the New York Times, and even a TV slot at the Superbowl (although the target for this is $4.2M, so I'm not entirely confident they'll make it.) However, this does raise an interesting question, which has been under debate for some time. How do you make money on the internet without adverts? Wikipedia has a few interesting suggestions. Firstly, affiliate programmes. These mean that any products or services that are linked or searched via the original site earn a little bit of commission for that site. Founded in the mid-90s, and most famously used by Amazon, it's a possible method for getting money. However, it should be deployed with careful thought. If a blogger or reviewer is recommending a product, is it simply because they are being paid to do so, or is it a genuine endorsement? The BBC ban this practice, and the Society of Professional Journalists also has strong guidelines on taking gifts. Interestingly, a few search engines now offer this to browsers for them sending their default search traffic to them. Secondly, you could engage in (what I consider to be) the shady practice of data monetisation. People visit a website, and they leave data about their visit. By visiting here, you've told me that you're probably interested in technology issues, what country and city you're from, and where you came from. Other programmes and sites will also be able to wrap up what other sites you've visited, and can build up quite a profile of your browsing habits. Add together a rather unscrupulous vendor, and they can also know your contact details. This metadata can then be sold on. Thirdly, you can essentially ask your readers for money. Donations, via a micropayment link (which I use) or larger donation requests. Another method is to have a membership system, where content is locked up behind a paywall. This does, however, risk making your content less valuable as people will just head elsewhere for news and opinion. To counter this, a couple of sites (LWN, Slashdot) simply delay the latest news for a little while. Alternatively, you can just ask like the fantastic C G P Grey has done. Interestingly, he also has a great video on why advertising can be a bad thing for content creators. Lastly, you can sell things. This could be your authorship services on another site as a guest post, writing a book, offering consultancy services, or simple merchandise. In summary though, which is more honest? An advert may well bend your view on what sort of content is being created, but is at least a lot more open than potentially hiding real motives behind affiliate links, and a lot more open than selling data. Asking for money is fairly straightforward, though could easily backfire if it's viewed as begging. Google's advertising income totalled $43.7 billion in 2012 - so it's quite clear that advertising is big business. Websites cost money to run, can the web survive in an ad-free environment? If so, it certainly won't be the same web as we know today.

With the number of female software engineers standing at 20.9% [1], recruitment of females into the industry is a major concern. A friend of mine, Rosemary Francis who's MD of Ellexus, has a great talk about this issue. It mentions various methods you can use to tailor your job applications to be more attractive to females, by simply being careful not to exclude or put off potential applicants. However, there is also a very poor way of doing so, which is highly sexist and plays to stereotypes. As we can see from Bloopark's hiring page, this is exactly what they have done.

Web developer (m)
Need for programming
You are addicted to PHP, MySQL and Javascript since years? Your life makes no sence without programming? Your girlfriend doesn't understand, why you start learning the fifth php framework and your parents say, your head is full of unix and linux. Do you want to talk to us about this? We want to invite you to an anonymous or maybe very personal meeting. No worries, we will bring you to a team that understands you and will support your passion of programming. Web developer (f)
Beautiful und sexy code wanted
We are convinced that woman are great programmers. Woman write sexy code: neat and clean. Many of them have long relationship... with PHP5, MySQL and Javascript. They like to talk and communication is essential in our work. Female programmers get along with customers very well and take such a good care of code quality, as if it is a pair of their new shoes. The best thing is that their detailed documentation and code organisation match the rules of Feng-Shui. Are you a female programmer with passion? May we invite you for coffee?

Really? New pair of shoes? Pictures of nail varnish? They're in a relationship with code? And why does the male version need to have a girlfriend rather than a boyfriend? [1] US Bureau of Labor Statistics (BLS) - ftp://ftp.bls.gov/pub/special.requests/lf/aa2010/aat11.txt

Are you a fan of kerning? Are all your letters running together? Do you want your documents in LibreOffice to look normal again? Try turning off hardware acceleration: Tools -> Options -> View -> Use hardware acceleration. Brought to you by the handy department of readable text.

Two recent announcements have been made about how it's viewed that people should interact with each other. Both, in my opinion, are misguided. Firstly, Yahoo's chief executive, Marissa Mayer has announced that she's banning staff from remote working. The idea behind this announcement is simple - that "some of the best decisions and insights come from hallway and cafeteria discussions, meeting new people, and impromptu team meetings". This is absolutely spot on, but the next sentence in the leaked internal memo is more problematic: "Speed and quality are often sacrificed when we work from home".
Don't get me wrong, working remotely has some special challenges, but they are by no means insurmountable. There's lots of tips for people working remotely which will turn into a future blog post at some point (I'm running an internal training about how to do it in a couple of weeks), but three simple rules are stay connected, set a routine and take care of yourself. The second decision is one by Ubuntu to move Ubuntu Developer Summits to a purely online meeting, ditching the physical meeting. This misses the point of conferences. If we simply wanted to listen to talks and presentations, why meet up at all? Webcasts have been around for the last 20 years, and yet conferences still exist. The most important part of a conference isn't the talks, it's the "hallway track" - it's the ability for people to meet up, chat and socialise. Be this an impromptu meeting in the corridor, or over a few nice beers. Without this component, why schedule a time at all? Simply publish a list of talks over the coming 3 months, and anyone can pick the best time for them to attend. At Collabora, many of our engineers work remotely. One of the perks we offer is the ability to attend conferences, and to "touch base" and visit and work from one of the offices. It is important to recognise the importance of collaboration physically and it shouldn't be discounted the way Ubuntu has done. But it should not be seen as a silver bullet to an organisation, like Yahoo seem to be implying. Both extremes are wrong, and a balance must be struck to ensure the best outcome for productivity and innovation. (Title from an iconic 80s song)

For some time, I have been concerned about the amount of data I store on Google. This post aims to show alternatives to the service. This is primarily for two reasons. The first is simple. I would like to avoid a single point of failure, and the risk that I could be suspended for a number of months with no recourse. The second if more political. I'm worried about the way that certain governments can subpoena information which they may not be able to collect directly. Now, don't get me wrong. Google is good at transparency. They also provide a very useful service that works incredibly well. In fact, the quality of the integration and services provided is the primary reason I have not changed previously. Calendaring is something that I naturally feel shouldn't be hard, but somehow is. Google Calendaring service is rather good, and far outstrips anything open source I've found so far. However, I've managed to migrate to Zoho which offers a very similar level of functionality. It's also very easy to extract your entire calendar from Google, which makes the transition easier. Reader is a service provided to subscribe and read RSS feeds. In the past, I've used Gregarius as a self hosted solution, but this seems to have disappeared recently. I briefly flirted with NetVibes, which works well once you turn off the frustrating 'widget' mode, but has completely failed to address the need to have native tablet apps. In the end, I settled for NewsBlur which also has the clever use of hotkeys for navigation which I found essential in Google's products. Picasa has stood me well for hosting photos for some time. And photo hosting is something I have quite a large amount of professional experience with :) Despite having previously been in competition with them, I can heartily recommend Flickr, even with it's dogmatic reliance to creating a Yahoo! email address for each account. Search still has some way to go to find a viable replacement. I've tried DuckDuckGo, but found it lacking. Much like the mistake that Apple seem to have made with the launch of Apple Maps, there seems to be a misunderstanding that search is actually HARD.
There are two camps when it comes to searching. You can be dumb, or you can be smart. By being dumb, the user can provide enough information to help narrow the results down to a single (or at least manageable) result set. This works fine, and is a traditional model. The opposite is to be smart. Simply get the results right, using a variety of metrics to work out what the user wanted in the first place. This is obviously more difficult, but infinitely more valuable, and is something that Google excels at. The problem lies when you fall in between these stalls. Unfortunately, it seems that there is no viable alternative to the big G at the moment.

Do you remember at school, when the teachers mentioned that something would be on your "permanent record"? The big secret is that there isn't one. Apologies to all teachers, but it's not likely this blog's demographic will reach your students. However, since the advent of the internet, a permanent record does exist. Everywhere from the Wayback Machine to Google's cache contains copies of all public activity you post online. At Collabora, we hire some of the best open source software engineers to work for our clients. It should be no surprise that a quick Ohloh and search for someone's name is a standard part of the hiring process. This normally comes up with all sorts of exciting things which people have done, both with software and further abroad. A tricky situation will occur if you have lost your temper online, as Patrick Ryan has done recently. He made a comment on #node.js on the Freenode network that:

[20.16.34] < TheEmpath> anyone else have a hot programmer girl in their office? o____O

This was quite rightly called out as being inappropriate for the channel, and quickly decided to have a large and abusive rant about this. This was then continued with him opening a number of bugs against the projects owned by the person who called him out, with titles such as "Hyperactive Leftist Power Trip not included" and "Not anti-Republican enough". This then gets worse. Once the log is posted (link above) there is yet more abuse and unfounded accusations by Mr Ryan in the comments. So, what happens when you search for his name? You get a log with someone being entirely inappropriate and then large rants. Not the best move for a software consultant.

I was impressed by http://unicodesnowman.com/, and I'm always forgetting sequences for hearts, so I present:

http://unicodeheart.com

Hearts for all!

After 4 flights, about 15,000 miles, a beach, some To a and cheese and lots of geeks, I'm able to update my Places I've Been map by adding Nicaragua to it. I was speaking at DebConf12, entitled Bits from the Release Team. In case you missed it, it's been recorded by the wonderful DebConf video team and is available in high and low quality. It was great to catch up with people again, and do quite a bit of work on Debian itself, mostly on the Wheezy release. I even found an hour to take a basic Spanish class, although I'm fairly sure I've forgotten most of it by now. As usual, there were a number of Collaborans present, and it was good to meet them. I suspect I'll be seeing a few more at GUADEC in a weeks time. My photos are available, should anyone be interested.

Today, OFCOM issued a press release entitled "New measures to protect online copyright and inform consumers". According to the announcement, internet users will be encouraged to download music and films through legal channels under the measures. Ofcom has published a draft code for consultation that would require large internet service providers (ISPs) to inform customers of allegations that their internet connection has been used to infringe copyright. There does seem to have been a number of concessions made, which is welcome, but I do still have a number of concerns. The code 'only' covers ISPs with more than 400k fixed lines - BT, Everything Everywhere, O2, Sky, TalkTalk Group and Virgin Media. This covers about 93% of the UK retail market. If an allegation of copyright infringement is made, the ISP would need to write to the customer with notice that an infringement has occurred, and in a new change, the number of copyright infringement reports connected to their account. If more than three letters are received in a year, anonymous information may be provided on request to copyright owners showing them which infringement reports are linked to that customer s account. The copyright owner may then seek a court order requiring the ISP to reveal the identity of the customer. Two more changes have been implemented:

• Copyright owners procedures for gathering evidence of infringement must now be approved by Ofcom, rather than by the copyright owners themselves.
• Ofcom has decided that subscribers should have 20 working days to appeal an allegation of infringement, but only on grounds specified in the Digital Economy Act.

Obviously the former of these will require further scrutiny, but I'm happier that this is not with the vested interest themselves. As for the latter, this gets a bit interesting. The Act states that

an appeal on any grounds must be determined in favour of the subscriber unless the copyright owner or internet service provider shows that a) the apparent infringement was an infringement of copyright, and b) the report relates to the subscriber s IP address at the time of that infringement.

This is good as it puts the burden of proof on the copyright owner, although it still uses IP addresses which is problematic. For example, New York Judge Gary Brown has ruled IP addresses are insufficient evidence to identify pirates, and has provided a lengthy and thoughtful explanation in his ruling. There has also been a consultation published on the how to share costs costs. The suggestion is fairly simple:

"Copyright Owners should bear all of the costs incurred by Ofcom, the majority of costs incurred by the appeals body, and 75% of the costs efficiently and reasonably incurred by Qualifying ISPs in carrying out their obligations."

This has the risk of driving up internet access prices as ISPs have to recover the costs of these notifications. Additionally:

"Under the Order, subscribers will have to pay a 20 fee to make an appeal against a report of infringement, which will be refunded in the event the appeal succeeds; the remaining costs of determining an appeal will be met by the Copyright Owner who submitted the CIR which has been appealed."

I disagree with the concept of having to pay for an appeal in this way. If accused, someone should be able to refute the argument without cost. This will introduce a barrier to entry, and even if it is refundable is something I believe should be avoided. Finally, the exact costs of implementing this have been set out. It looks like the Copyright Owners would have to pay 60p per letter (with the ISPs shouldering the remaining 20p), a similar split around capital costs - which are the ones that are actually significant. Taking the above, it seems that in total that content owners will have to shell out 15M to use the DEA scheme. The cost seems to be more or less fixed which could encourage content owners to send out frivolous accusations. There's an iterative process which will run to determine the estimated number of notifications, and if eventually the Content Owners don't agree with the pricing, they will have elected not to take advantage of the provisions of the Initial Obligations Code, as they have not been able to make binding commitments to fund CIR processing. So, in summary, this is something to keep an eye on. It certainly hasn't gone away, it's due to start in March 2014. The revised draft code and consultation, which closes on 26 July 2012, can be found here, and the sharing of costs consultation runs until 18th September 2012, found here.

I've recently book my places at a few conferences, so just to confirm: I hope to see a few people there!

I'm on my way back from the Anti ACTA demo in London, at which I was asked to speak. I was good to see a number of people attend. I bumped into the wonderful Bridget Fox too! Here's my speech:

As I was travelling here on the train, I found myself thinking: why am I here?
What has gone so wrong with the political system that politicians pass laws - the DMCA, the DEA, SOPA, PIPA, ACTA. Laws that look attractive on the surface, but are so deeply flawed. Why have they stopped listening?
But, they haven't stopped listening. They're falling in to a trap set by big businesses with vested interests. The ones with money to influence policy, the lobbying firms, the corporate hospitality arrangements. They hear that the economy is bumbling along the bottom. That many businesses are struggling, and these are hard problems to solve. And suddenly a shining beacon is held out - support our creative industries and all will be well. No one is interested in this new fangled Internet thing anyway. Well, apart from the people stood here today! People like you, and me. People like Julian Huppert - we helped take a motion to the Liberal Democrat Conference to repeal the damaging parts of the Digital Economy Act. The Alliance of Liberals and Democrats in Europe will vote against ACTA, and in three major committees it has already been rejected it. Something has changed. The people who represent us are starting to hear our stories. How we will not put up with censorship, interference and snooping. And let me tell you this. The big industries are scared. Shady back room negotiations so that they may be able to slip it past the public. Thanks to you, this won't work anymore. We have a voice, and it's here today. It's not too late to stop damaging our freedoms. Go visit your elected representatives. Tell them why we need to stop these bad laws. Help them understand that it's not ok to pass these. Write about it, tell people, shout in the streets! We know ACTA is bad. Let's tell the world.

The government is currently consulting on open standards, and I have responded on behalf of Collabora. We believe that efforts to avoid vendor lock in, and to open up government from the extra expense this occurs is to be applauded. I have previously blogged about my decision to purchase Microsoft Office for Cambridge City Council, and the reasons why there was only one vendor. The consultation runs until the 4th June due to a potential conflict of interest which was revealed last month, and so everyone has time to influence government and ensure that government is more open to everyone who wants to access it. It's really easy to respond, so doing so is important. Make sure your voice is heard before it's too late.

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/IFe9wiDfb0E" width="560"></iframe>

<iframe frameborder="0" height="315" src="http://www.youtube.com/embed/IFe9wiDfb0E" width="560"></iframe>

Today I tried to install Debian Wheezy on a Lenovo X220, in preparation for the upcoming release. It generally went well, with just a couple of incompatabilities:

• the wireless card requires some firmware in non-free
• the fan seems to be constantly on at a low speed

Generally though, the install went very smoothly. At that point, I booted up and greeted by the new Gnome 3 desktop, which is where my troubles started. It seems that the fonts are fairly poorly rendered, either far too small or far too large. There doesn't appear to be any way of changing workspaces using the keyboard. [edit: ctrl+alt+arrows works] Using a second screen placed above the first produces some... interesting effects with moving windows around, as can be seen at http://www.youtube.com/watch?v=1yTr12Q7CYU. The result is that I've gone back to using XFCE. It seems to actually work well, which is kinda important when trying to be productive.

One of the things that Collabora does is work with other open source projects to improve things for open source software in general. I was chatting with Michael Meeks of SUSE fame and we had a chat about my recent decision to buy Microsoft Office 2010 for the city council. One of the overriding problems with the comparison was the lack of support for macros within OpenOffice and I was glad to hear about improvements being made in that area. However, there was still an issue. Doing improvements like this cost lots of time, and therefore for a commercial open source company, money. A question arises as to who can pay for this. A district council has limited funds, and can't devote it to (essentially what equates to) a large search and development software engineering task. Companies themselves won't want to take the risk that comes with the large development without a buyer, as once the work is done, it is open source so is harder to monetize. In the mean time, millions of pounds of public money is being siphoned into a private company, and vendor lock in continues. An easy out for a councillor can be to say "Central Government should pay" but given the current state of the economy, I can't see is happening in the immediate future. However, there is a consultation on Open Standards that's currently accepting submission until May, and if that insisted on ensuring that open standards are adopted throughout the UK, it may help unlock this chicken and egg problem.

C                                       G
If you're happy with your ekey, blog your praise
                                      C
If you're happy with your ekey, blog your praise
       F                              C
If you're happy with your ekey, then your blog will surely show it.
       G                              C
If you're happy with your ekey, blog your praise

maulkin@cheshire:/usr/share/doc/ekeyd$ cat /proc/sys/kernel/random/entropy_avail 
4096

Thanks to my eKey.

With all the discussion about SHA-1 weaknesses and generation of new OpenPGP keys going on there's some concern about how the web of trust will be affected. I'm particularly interested in the impact on Debian; while it's possible to add new keys and keep the old ones around that hasn't worked so well for us with the migration away from PGPv3 keys. We still have 125 v3 keys left, many of them for users who also have a v4 key but haven't asked for the v3 key to be removed or responded to my email prodding them about it. I don't want to repeat that.

So if we're looking at key replacement we need to have some idea about where our Web of Trust currently stands, and what effect various changes might have on it. I managed to find the keyrings Debian shipped all the way back to slink and ran the keyanalyze and cwot stats against them. I then took the current keyring, pull in all the updates for the keys in it (so that any signatures from newly generated keys would be included) and ran the stats again. Finally I took details of 12 key migrations (mostly from Debian Planet but also a couple of others I knew about) and calculated what the effect of removing each key would be. These stats are cumulative and I replaced the most well connected (by centrality) keys first.

The results are below.

• Total is the total number of keys in the keyring
• SCS is the largest Strongly Connected Subset
• Reachable is the largest reachable subset
• MSD is the Mean Shortest Distance
• Centrality is the average centrality for the reachable subset
• update-foo indicates that foo's key was replaced with a newer one

	Total	SCS		Reachable		MSD	Centrality
1999-02-06 (slink)	228	36	(15.78%)	50	(21.92%)	2.9022
2000-01-03 (potato)	375	104	(27.73%)	180	(48.00%)	4.3382
2001-09-22 (woody)	948	538	(56.75%)	704	(74.26%)	4.7320	2008.6249
2005-05-28 (sarge/etch)	1106	883	(79.83%)	969	(87.61%)	3.3485	2074.6604
2007-12-04	1191	1001	(84.04%)	1062	(89.16%)	3.1103	2113.3747
2009-01-18 (lenny)	1126	947	(84.10%)	1010	(89.69%)	3.0489	1941.2594
2009-04-04 (squeeze/sid)	1121	946	(84.38%)	1008	(89.91%)	3.0466	1936.9761
2009-05-06 (current)	1067	894	(83.78%)	958	(89.78%)	2.9670	1759.4363
	Total	SCS		Reachable		MSD	Centrality
base	1067	904	(84.72%)	959	(89.87%)	2.9640	1776.4389
update-93sam	1067	902	(84.53%)	958	(89.78%)	2.9734	1780.9874
update-joerg	1067	900	(84.34%)	958	(89.78%)	2.9776	1780.7578
update-aurel32	1067	898	(84.16%)	957	(89.69%)	2.9803	1779.2497
update-noodles	1067	896	(83.97%)	956	(89.59%)	2.9831	1777.8326
update-jaldhar	1067	896	(83.97%)	955	(89.50%)	2.9855	1779.9193
update-srivasta	1067	896	(83.97%)	955	(89.50%)	2.9904	1784.3382
update-ana	1067	895	(83.88%)	954	(89.40%)	2.9926	1784.3102
update-nobse	1067	893	(83.69%)	953	(89.31%)	2.9947	1782.2392
update-neilm	1067	892	(83.59%)	951	(89.12%)	2.9974	1782.6098
update-reg	1067	891	(83.50%)	950	(89.03%)	2.9977	1780.8515
update-rmayorga	1067	890	(83.41%)	949	(88.94%)	2.9984	1779.4910
update-evgeni	1067	889	(83.31%)	948	(88.84%)	2.9974	1776.6445

This is actually more hopeful than I thought. There's an obvious weakening as a result of the migrations, but the MSD stays under 3 and the centrality stays fairly constant too. The reachable/SCS counts do decrease, but at this point it looks fairly linear rather than an instant partition. Of course the more keys that are removed the more likely this is to drop off suddenly. Counteracting that DebConf9 is coming up which will provide a good opportunity for normally geographically disperse groups to cross sign, reinforcing the WoT for these new keys.

Either way I at least have a better handle on the current state of play, which gives me something to work with when thinking about how to proceed. For now, bed.