Debian is quite probably the project that most uses a OpenPGP implementation (that is, GnuPG, or gpg) for many of its internal operations, and that places most trust in it. PGP is also very widely used, of course, in many other projects and between individuals. It is regarded as a secure way to do all sorts of crypto (mainly, encrypting/decrypting private stuff, signing public stuff, certifying other people's identities). PGP's lineage traces back to Phil Zimmerman's program, first published in 1991 By far, not a newcomer PGP is secure, as it was 25 years ago. However, some uses of it might not be so. We went through several migrations related to algorithmic weaknesses (i.e. v3 keys using MD5; SHA1 is strongly discouraged, although not yet completely broken, and it should be avoided as well) or to computational complexity (as the migration away from keys smaller than 2048 bits, strongly prefering 4096 bits). But some vulnerabilities are human usage (that is, configuration-) related. Today, Enrico Zini gave us a heads-up in the #debian-keyring IRC channel, and started a thread in the debian-private mailing list; I understand the mail to a private list was partly meant to get our collective attention, and to allow for potentially security-relevant information to be shared. I won't go into details about what is, is not, should be or should not be private, but I'll post here only what's public information already. What are short and long key IDs? I'll start by quoting Enrico's mail:

there are currently at least 3 ways to refer to a gpg key: short key ID (last 8 hex digits of fingerprint), long key ID (last 16 hex digits) and full fingerprint. The short key ID used to be popular, and since 5 years it is known that it is computationally easy to generate a gnupg key with an arbitrary short key id. A mitigation to this is using "keyid-format long" in gpg.conf, and a better thing to do, especially in scripts, is to use the full fingerprint to refer to a key, or just ship the public key for verification and skip the key servers. Note that in case of keyid collision, gpg will download and import all the matching keys, and will use all the matching keys for verifying signatures.

So... What is this about? We humans are quite bad at recognizing and remembering randomly-generated strings with no inherent patterns in them. Every GPG key can be uniquely identified by its fingerprint, a 128-bit string, usually encoded as ten blocks of four hexadecimal characters (this allows for 160 bits; I guess there's space for a checksum in it). That is, my (full) key's signature is:

AB41 C1C6 8AFD 668C A045  EBF8 673A 03E4 C1DB 921F

However, it's quite hard to recognize such a long string, let alone memorize it! So, we often do what humans do: Given that strong cryptography implies a homogenous probability distribution, people compromised on using just a portion of the key the last portion. The short key ID. Mine is then the last two blocks (shown in boldface): C1DB921F. We can also use what's known as the long key ID, that's twice as long: 64 bits. However, while I can speak my short key ID on a single breath (and maybe even expect you to remember and note it down), try doing so with the long one (shown in italics above): 673A03E4C1DB921F. Nah. Too much for our little, analog brains. This short and almost-rememberable number has then 32 bits of entropy I have less than one in 4,000,000,000 chance of generating a new key with this same short key ID. Besides, key generation is a CPU-intensive operation, so it's quite unlikely we will have a collision, right? Well, wrong. Previous successful attacks on short key IDs Already five years ago, Asheesh Laroia migrated his 1024D key to a 4096R. And, as he describes in his always-entertaining fashion, he made his computer sweat until he was able to create a new key for which the short key ID collided with the old one. It might not seem like a big deal, as he did this non-maliciously, but this easily should have spelt game over for the usage of short key IDs. After all, being able to generate a collision is usually the end for cryptographic systems. Asheesh specifically mentioned in his posting how this could be abused. But we didn't listen. Short key IDs are just too convenient! Besides, they allow us to have fun, can be a means of expression! I know of at least two keys that would qualify as vanity: Obey Arthur Liu's 0x29C0FFEE (created in 2009) and Keith Packard's 0x00000011 (created in 2012). Then we got the Evil 32 project. They developed Scallion, started (AFAICT) in 2012. Scallion automates the search for a 32-bit collision using GPUs; they claim that it takes only four seconds to find a collision. So, they went through the strong set of the public PGP Web of Trust, and created a (32-bit-)colliding key for each of the existing keys. And what happened now? What happened today? We still don't really know, but it seems we found a first potentially malicious collision that is, the first "nonacademic" case. Enrico found two keys sharing the 9F6C6333 short ID, apparently belonging to the same person (as would be the case of Asheesh, mentioned above). After contacting Gustavo, though, he does not know about the second That is, it can be clearly regarded as an impersonation attempt. Besides, what gave away this attempt are the signatures it has: Both keys are signed by what appears to be the same three keys: B29B232A, F2C850CA and 789038F2. Those three keys are not (yet?) uploaded to the keyservers, though... But we can expect them to appear at any point in the future. We don't know who is behind this, or what his purpose is. We just know this looks very evil. Now, don't panic: Gustavo's key is safe. Same for his certifiers, Marga, Agust n and Maxy. It's just a 32-bit collision. So, in principle, the only parties that could be cheated to trust the attacker are humans, right? Nope. Enrico tested on the PGP pathfinder & key statistics service, a keyserver that finds trust paths between any two arbitrary keys in the strong set. Surprise: The pathfinder works on the short key IDs, even when supplied full fingerprints. So, it turns out I have three faked trust paths into our impostor. What next? There are several things this should urge us to do.

• First of all, configure your local GPG to never show you short IDs. This is done by adding the line keyid-format 0xlong to ~/.gnupg/gpg.conf.
  • I just checked both in /usr/share/gnupg/options.skel and /usr/share/gnupg2/gpg-conf.skel, and that setting is not yet part of the packages' defaults. I'll check a bit deeper and file bugs right away if needed!
• Have you written or maintained any program that deals with GPG keys in any way? Make sure it specifies --keyid-format long or 0xlong in any relevant call. It might even be better to use the machine-oriented representation instead: --with-colons.
  • ...Of course, your computer will not feel tired or confused at comparing 160-bit full fingerprints instead of 64-bit long IDs, so it's better if our scripts use the full version for everything.
• Only sign somebody else's key if you see and verify its full fingerprint (this is not a new issue, but given we are talking about it, and that DebConf is around the corner, and that we will have a KSP as usual...)

And there are surely many other important recommendations. But this is a good set of points to start with. [update] I was pointed at Daniel Kahn Gillmor's 2013 blog post, OpenPGP Key IDs are not useful. Daniel argues, in short, that cutting a fingerprint in order to get a (32- or 64-bit) short key ID is the worst of all worlds, and we should rather target either always showing full fingerprints, or not showing it at all (and leaving all the crypto-checking bits to be done by the software, as comparing 160-bit strings is not natural for us humans). [update] This post was picked up by LWN.net. A very interesting discussion continues in their comments.

A few days ago, fellow Qt/KDE team member Lisandro gave an update on the situation with migration to Plasma 5 in Debian Testing (AKA Stretch). It s changed again. All of Plasma 5 is now in Testing. The upgrade probably won t be entirely smooth, which we ll work on that after the gcc5 transition is done, but it will be much better than the half KDE4 SC half Kf5/Plasma 5 situation we ve had for the last several days. The issues with starting kwin should be resolved once users upgrade to Plasma 5. To use the current kwin with KDE SC 4, you will need to add a symlink from /usr/bin/kwin to /usr/bin/kwin_x11. That will be included in the next upload after gcc5. Systemsettings and plasma-nm now work. In my initial testing, I didn t see anything major that was broken. One user reported an issue with sddm starting automatically, but it worked fine for me. During the upgrade you should get a debconf prompt asking if you want to use kdm or sddm. Pick sddm. When I tried to dist-upgrade, apt wanted to remove task-kde-desktop. I let it remove it and some other packages and then in a second step did apt-get install task-kde-desktop. That pulled it back in successfully along with adding and removing a reasonably large stack of packages. Obviously we need to make that work better before Stretch is released, but as long as you don t restart KDE in between those two steps it should be fine. Lastely, I used apt-get autoremove to clear out a lot of no longer needed KDE4 things (when it asks if you want to stop the running kdm, say no). Here are a few notes on terminology and what I understand of the future plans: What used to be called KDE is now three different things (in part because KDE is now the community of people, not the software): KDE Frameworks 5 (Kf5): This is a group of several dozen small libraries that as a group, roughly equate to what used to be kdelibs. Plasma (Workspaces) 5: This is the desktop that we ve just transitioned to. Applications: These are a mix of kdelibs and Kf5 based applications. Currently in Testing there are some of both and this will evolve over time based on upstream development. As an example, the Kf5 based version of konsole is in Unstable and should transition to Testing shortly. Finally, thanks to Maximiliano Curia (maxy on IRC) for doing virtually all of the packaging of Kf5, Plasma 5, and applications. He did the heavy lifting, the rest of us just nibbled around the edges to keep it moving towards testing.

Hello, This has been a terrific week and a real learning experience for me. I finished packaging both Muon and QApt for Debian; my first two real debian packages, with very different packaging styles! Sune (svuorela), Maximiliano (maxy) and others helped me allot to understand the tools and I thank them very much for their support. While the first part of this second week was all about trying to make a solid package, the second part was me figuring out Policykit and KAuth in order for us to let go (as much as possible) of Kdesudo. I have managed to do a complete turnaround from kdesudo through policykit and now I am working on making an add-repo helper in C++/Qt using KAuth to keep it in line with QApt, in order to have a more uniform codebase. Big thanks to Aleix (apol) that guided me through the different uses of policykit and Kauth. To keep it short, policykit will not be used directly except QApt, in every other case we ll use KAuth. I m very close to finishing the KAuth add-repo helper and that will add improved functionality, as it extends well in what I will be doing next: renouncing specific backend support; The helper will manage how backends add/remove repos, meaning that if you use PackageKit you will no longer be tied to Apt if you want to use Muon! Here is a screenshot of the configure-software button in muon-discovery (finally) working on Debian and launching software-properties-kde:
And below are some screens of Muon in the wild, running on Debian:
I hope you enjoyed this update and stay tuned for the debian package which is currently under review. Floris.

Thanks to the Qt/KDE team, specially to Maxy who has done most of the packaging and uploading, sid users are now enjoying KDE 4.10.5, including the new KDE PIM stuff that we have held out for the Wheezy release.

I started using KMail2 (inside Kontact) a few days after Wheezy's release, getting it from experimental. And I have to admit that I really like it, just like with KMail1.

But my upgrade did have some bumps on the road, so I'm sharing them here so you can now how I solved them.

Mail import worked as we were waiting: it did work. So it was really useful to hold back Kmail1 until this really worked.

Now, I had a problem with my hard disk: whenever KMail started, it would start accessing it without pause. There where two reasons (for what I could test, I haven't looked at the source to really see if there was some other oddity) for this: I had a nepomuk/virtuoso DB created quite some time ago and initial mail indexing.

The initial mail indexing takes lots of time. For 1GB of DIMAP I had to wait like 5 hours (yes, 5 hours) on a 5600 rpm disk to let it fully finish. My desktop machine, with a faster hard drive, took a little less.

As far as people told me, that should have been enough, but my disk kept crawling. So I remembered someone from the team saying something about people with early-created nepomuk/virtuoso databases will have some speed issues. Mine where more than that, buy trying was worth the shot.

I had nepomuk disabled since I tried it the first version due to this exact problem. So I closed my KDE session and removed the nepomuk/virtuoso data:

rm -r ~/.kde/share/apps/nepomuk/

Then I logged back in KDE and waited (again) the 5 hours to let nepomuk re index my mail, this time totally finishing after 5 hours. Starting from that point, I get some one or two minutes of disk trashing some times I log in (not always), but it's actually not that bad. And I heard that in KDE 4.11 this has been improved a lot, so I should see a better behavior from that point on.

Please understand that this was my trial-and-error fix, it may be possible that someone comes with a better solution :-)

I should have posted this a few days ago, better late than never they say... On Saturday, 8/9/12, a BSP was held in Dublin for the first time. Google kindly offered office space and some food and refreshments for the event, so we had a nice room with good Internet access and two big screens to project IRC activity. I consider the event to be a big success. There was a good attendance: 15 people showed up, with most of them staying a solid 8 hours. There was a good balance of experienced Debian people and newcomers, as well as a few DDs that work for Google. Even if the squashed bug count was not huge, it was great to see people helping each other, people who had never done any Debian work getting up to speed with the basics and getting excited about helping. I think the biggest outcome of this BSP is that after we packed up, we had already agreed on holding a second BSP in October, and to bootstrap a local Debian community! (Now we need to convince the listmasters to create the mailing list at #687430). A few stats:

1. 15 people attended.
2. 7 DDs, 2 DM, and 6 unaffiliated contributors.
3. 6 out of 15 attendees were Googlers.
4. 8 different nationalities.
5. 2 people came from Germany to attend the event.
6. And the most important stat: 25 bugs were closed, lowered severity, received patches, or got worked on.

I would like to thank everybody who participated, to Google for sponsoring the event (and sponsoring the next one too!), and to marga@ and maxy@ for coming from M nchen, and helping with the organisation and with the introductory talk. I hope to see you all again in the next BSP, tentative date: October, 20th. Tags: Planet Debian, Debian

When I think about Margarita, I always remember her as a friendly and welcoming person. Like most of the Debian Women members by the way. But she likes to spread some love and organized a Debian Appreciation Day for example. I think I met her in real life for the first time at Debconf 6 in Oaxtepec (Mexico). She deeply cares about Debian in general. She has proven it multiple times with her DPL candidacy and by giving talks like Making Debian rule again. One last thing, Debconf11 is just over and you will see that Debconf4 has had a big influence on Marga. My advice is simple: next time there s a Debconf on your continent, make sure to take a few days off and come to meet us! It really gives another picture of the Debian community. Now let s proceed with the interview. Raphael: Who are you? Margarita: I m Margarita Manterola, a Software Developer from Argentina. I work developing software in Python in a Debian-friendly company during the day, and teach programming at a local university during the evenings. I m married to Maximiliano Curia who is also a Debian Developer, most of our Free Software work has been done together. I only maintain a handful of packages in Debian, I m more interested in fixing bugs than in packaging new software. I ve also been a part of the organizing team of many of the previous Debian Conferences. One of the biggest commitments and the biggest success of my participation in Debian was being part of the organizing team of DebConf8, in Argentina. Raphael: How did you start contributing to Debian? Margarita: I started using Debian around 2000. Soon after we had learned the grips of general GNU/Linux usage, Maxy and I started giving an introductory course at our local university, and became quite involved with the local LUG. At some point in 2002/2003 I became a Debian Bug Reporter : most of my friends would report bugs to me, and I would then write them in the proper form to the BTS. I would also be very attentive about reporting any bugs that I might encounter myself trying to create good bug reports. The turning point in my participation in Debian was DebConf4 in Porto Alegre, Brazil. Being so close to Argentina meant that we felt specially invited to be there, and Maxy and I decided to go to DebConf for our honeymoon. We didn t really know much about DebConf dynamics, but we were really eager to learn more about Debian and become more involved. What happened was that meeting with DDs from all over the world transformed our lives, we became part of the Debian family and wanted to be more and more involved. Soon after that we both started maintaining packages and not long after that, applied to become Developers. The Debian Women project also meant a lot to me. I felt encouraged all along the way, encouraged to learn, to ask questions and to lose the fear of making mistakes. I became a Debian Developer on November 2005. Since then, Debian has always been one of the most important things I do in my life. Raphael There was a Debian Women BoF during debconf. What are the plans for Debian Women in the upcoming months? Margarita: I was not there in person, but thanks to the awesome work of the video team, and of Christian Perrier s typing efforts when something failed, I was able to experience much of what was discussed. One of the many points that came up during the BOF is that many people Want to help but don t know where to start or how to go about it. It s a challenge for the Debian Women project to find a way to allow these people to become involved in Debian through Mini projects or something like that. Another of the subjects that was brought up was the Debian Women mentoring project, which has been going on for quite a while now, but lacks enough publicity. So, we need to reach more people about it, and maybe also improve it with some templates, similar to the New Maintainer templates, so that mentees that don t know where to start have some sort of general path to follow. Raphael: You created very useful diagrams documenting how package maintainer scripts are invoked by dpkg. How did you do it and was that a useful experience? Margarita: I did those diagrams to be able to answer one of the questions in the NM templates, regarding the order of the maintainer script execution. Answering the question in text was basically copying and pasting the part of the Debian Policy that explained it, which wasn t really too clear for me, so I decided to go and make a diagram of it, so that I could really understand it. I did it by the best of all debugging techniques: adding prints to each of the maintainer scripts, and testing them in all the different orders that I could think of. It was a useful experience at the time, because I learned a lot of how maintainers scripts work. I didn t expect the diagrams to become so famous, though, I only did them to answer one NM question, that I assumed most other people had already answered before Raphael: You participated in a DPL election. This is a big commitment to make. What were your motivations? Margarita: As I said, I was part of the organizing team of DebConf8, in Argentina. Which was quite a success, a lot of people enjoyed it and praised the good work that had been done by the local team. During said DebConf8, I had a dream (it was almost a nightmare, actually): I woke up and just like that, I was the DPL. I spoke to some people about this dream and to my complete surprise many said that I should actually do it. After giving that possibility a year and a half of thoughts, during the 2010 campaign I was talked into participating myself as a candidate, and it was a very interesting experience. However, I m very glad that Zack got elected and not me, I think he makes a much better DPL that I would have made. Raphael: What s the biggest problem of Debian? Margarita: I think the main problem that we have is our communication, both inside the project and outside the project. Most of us are very technical people, our skills lay in the technical part of Debian (preparing packages, fixing bugs, writing software, administering systems) not in the social part. And thus, we lack a general empathy that is quite needed when interacting with people from all over the world. Raphael: Do you have wishes for Debian Wheezy? Margarita: Not particularly. I do want it to be a great release with good quality, stable software. I would also like to keep making Debian more and more universal with each release, making it more user friendly, more accessible, and more robust than any other previous release. Raphael: Is there someone in Debian that you admire for their contributions? Margarita: I admire a lot of people in Debian. There s a lot of people that contribute a lot of time to Debian, amounts of time that I can t begin to understand how they can afford. I admire Stefano Zacchiroli, our current project leader. And Steve McIntyre, the project leader before him. Also Bdale Garbee, who s also been a DPL in the past. Making this list I realize that Debian has been blessed by quite a number of great leaders in the past. I admire Holger Levsen, for his contributions to the DebConf video team, that have made it possible year after year for the whole project to participate in DebConf remotely. I admire Steve Langasek and Andreas Barth (etch is still my favourite release). I admire Christian Perrier for his work on internationalization. I admire Joerg Jaspert for the incredible amounts of time that he puts into Debian. And actually, I could go on admiring people all night long. I admire so many people that this interview could become a very boring list of names. I guess it s better to leave it at saying that Debian is lucky to have quite a lot of excellent hackers around.

---

Thank you to Marga for the time spent answering my questions. I hope you enjoyed reading her answers as I did. Subscribe to my newsletter to get my monthly summary of the Debian/Ubuntu news and to not miss further interviews. You can also follow along on Identi.ca, Twitter and Facebook.

14 comments Liked this article? Click here. My blog is Flattr-enabled.

A few months after starting the NM process, I have just been accepted as a Debian Developer. My account name is simply: julien I have been a Debian user for about 10 years now, and have begun contributing to Debian in 2005. I have then been accepted as a Debian Maintainer in 2007. This post is mainly to thank:

• all my sponsors: Christoph Haas (haas) , Lo c Minier (lool), Free Ekanayaka (freee), Maximiliano Curia (maxy) and Micah Anderson (micah),
• my advocate: Matthijs M hlman (matthijs)
• my AM (who actually make it happen in a really short time frame, thanks a lot to him): Xavier Oswald (xoswald)
• all people who helped me during the process, to name a few: Christoph Berg (myon), Enrio Zini (enrico), Peter Palfrader (weasel)

Also thanks to all people who have already sent their congratulations, it makes me very proud!

OK, I still have to load my photos of Debconf10 somewhere. Shame on me. My gallery is broken (no longer allows uploads, even local ones!). Still, do you remember that we somehow mentioned that a small bunch of geeks did run together a local race at Debconf10? Indeed, a dozen of Debconf10 attendees did participate to the Van Cortland Track Club Summer Series run of Thursday August 5th. And all of us completed this 5km cross-country run in Van Cortland Park, in Bronx, turning it into the most international attendance of this local race. We now have the official results.. So please congratulate No l K the for finishing 17th scratch, 2nd in his category...or Gaudenz Steinlin being 32th only 41 seconds after No l. Or Iustin 107th, Gregory, 113th, Luca (and kilt) 140th, Maxy 163th, Marga 167th. Even /me though I finished 5 minutes after that Kevin british guy who I ran with the week-end before, dammit. Or whoever I'm forgetting (we were more than this, IIRC). Geeks can run. Fast, for some of them (I still need to have No l telling me about his last marathon).

Dear Debian, today you turn 17 ... ... happy birthday! I've already argued how you're in very good health now that you're close to the major age and how unique and important you are for the whole ecosystem of free software. So, no, I won't insist on that here. Still, today sounds like a good day to say thank you, Debian for being here promoting software freedom and showing to the world that all this can be done do-ocratically, democratically, relying on volunteer work and donations. If you too think Debian deserves being thanked for what it is giving to the world, just say thank you, Debian . My first (meta) thank you messages go to Marga, Maxy, Valessio, Raphael, Ana, and Rhonda for ideating and spreading the 1st Debian Appreciation Day ever. Update: fix 404 Penta b0rkage in the slides link

Today is Debian's Birthday, and for a while I've wanted to do something special on this date. In order to raise the general motivation of the project, have a special day when everyone is invited to thank those that make our lives easier. However long I have wanted to do this, I haven't had that much time to prepare the site itself. I've spent the past two days getting it working, with the help of Maxy, Valessio and Raphael, but there's still a lot more work to do. In any case, it's already usable at: thank.debian.net. I invite you to use it to send thanks to those that work on Debian. The code is temporarily hosted at code.google.com, but I plan to move it to alioth as soon as I'm not so rushed to finish it. Bugs & Patches much appreciated!

I spent the whole last week in bed with an acute case of pharyngitis, so I haven't been able to gather my thoughts in a blog post up to now. I'd like to congratulate zack on winning the election, and I have faith that he will be a great DPL. I'm happy with my second place, I'd like to thank everybody that supported me and I think that I'll probably try again in the future, although not necessarily next year. Since zack is probably not going to have time to keep up with his bug squashing campaign, I'm going to try and continue that myself. And, if time permits I'm also going to try to put some of the ideas in my platform into action. Finally, last friday both Maxy and me were granted the US visa that we needed to go to DC10, so we finally can say:

Finally, after more than a year of preparation, and six months of very very hard work, DebConf8 has come and gone. Even if I'm not yet completely recovered from all that stress, I'm good enough to feel really happy about how things turned out. DebConf8 was a great success. We had great talks, many opportunities for developing interesting ideas, a lot of social interaction, an awesome video team that allowed more than 200 people from all around the world to be part of the conference even if they weren't in Argentina, and in general almost everyone had a very good time. It was really nice to have so many people from Debian over here, and it was specially nice to see them working and enjoying themselves so much. This was all possible thanks to our sponsors, thanks to the many hours spent during the previous months both by the DebConf orga-team (the usual suspects) and specially by the local team, which includes Tincho, Dami n, Romanella, Maxy, Sebas, Zero, Mendieta, Dererk, Melisa, Angasule, Lisandro, Nueces, and also thanks to the all help of the volunteers that came to work with us during DebCamp and DebConf, which include Tom s, Tinchito, M nica, Lucas, Germ n, Diego, Fefu, Nicol s, Mart n, Marcos, Hern n, Alejandro, Mat as, Rodrigo, Alberto and Joaqu n, and finally, DebConf wouldn't have been the great event it was without all the people that managed to travel thousands of kilometers to get here. To all of them, thanks, for making DebConf8 such a great conference Now, at last, DebConf8 is over (although there is some stuff that we still need to do before we can really forget all about it), and life goes on. Today, I did my first NMU after a long time. I'm particularly glad to have time for fixing bugs again, but I won't lie, I'm also extremely satisfied with how DebConf8 turned out. See you in Extremadura!

*Ahem*... I'm soooo excited! After 884 days, I just became a DD. It was almost two years and a half of much work, learning, patience, struggling to keep the morale up, and more work. In fact, Debian is already taking almost all my free time since months ago, something I don't regret at all. I was able to do most of the things I wanted to do, even without an account, including: DebConf organisation, team-maintaining packages (sorry pkg-perl folks, dc8 didn't leave me much time lately), some QA work, coding tools, etc. But this small feat has a huge symbolic importance to me, now the project as a whole is recognising me as a full member; many people already did individually, but sometimes you need the "official" stuff. So thanks to all the people that helped me during the way (sorry for the omissions!): maxy, for introducing me to Debian, marga for encouraging me to apply to NM —and all the moral support—, des for the help and the sarcasm, damog for being my first AM, even if we had our problems, ana for being my second AM and being so supportive, the Perl-lings for being such a nice bunch of people to work with and to learn from. Thanks also to all the nice people I've met along the way (dudes!), you make Debian a nicer place. Update: There was another paragraph that I butchered after noticing that the actual process in the last 24 hours was different than what I thought. But anyway, my thanks to Sam, Myon and Ganneff for their respective help in this process. Also, I don't want to forget to thank Ganneff for the trust he'd put on me during this time. Tags: Planet Lugfi, Planet Debian, Debian

Yes, the console library. I'm learning it right now. It's pretty neat, but it's got some ugly bits. getmaxyx() is one of those ugly bits. That is all.

Three weeks ago, I left Oaxtepec and didn't have the time to blog about it so far. To make it short: DebConf 6 was my first DebConf and it was really great! Actually, I don't know what to tell about it, now that it's over. Just one thing... I went to Mexico with the idea in mind having to work for two weeks full-time on Debian, basically of two reasons: First, because I like to work on Debian and second, because I got a full sponsorship which is kind of an honor to me. If Debian (or Debians sponsors, doesn't matter) are paying money to bring me to Mexico, then I should be worth the money and give something back in the form of good work, to value and acknowledge their investment (some people may say, that this is a typically Swiss attitude - I will not disagree on that :). However, while the first week, there was only hardly internet access, so I couldn't really work on the things I had on my todo list, as they all required quite large downloads or checkouts. Luk knew that I was oviously a bit disappointed about hat and, as the very wise guy he apparently is, told me then, that DebConf isn't (only) for working, but for socializing with the other people (he's the master of it). Of course, I do not blame anyone for anything... I did enjoy the two weeks, certainly more than I would have when having good Internet connection all the time. Thank you all for comming, and a special thanks goes to the DebConf-team and the sponsors who made this great event possible. I'm eagerly looking forward to next years DebConf... :) ...and for those who don't read Planet Debian frequently: This is the group foto and that's me :) Update: I'm so sorry, I almost forgot... Marga and Maxy, we all love you for your excellent pancakes!

Following my talk about Optimizing boot time (slides and the raw material now available), we had several discussions along DebConf6 as to how to make parallel booting a real option. So, Maxy decided to write a small C program called rcpar, that basically has the same functionality of the "shell" concurrency of /etc/init.d/rc, but since it's written in C, it's able to handle the output in a much cleaner way (and it will also handle interactive scripts in the near future). Darcs repository: http://maxy.com.ar/~maxy/darcs/rcpar I will probably be uploading an rcpar package to Debian experimental this weekend.