Surgut

Two factor authentication

2011-06-09T20:48:00.000+01:00

Two factor authentication, how hard can it be?

Two factor authentication has two components: something you know, and something you have. Something you know is usually username&password and gives you the first factor. Something you have is a second factor and it isn't usually implemented.

One can argue that private/public key encryption is strong, but it's not two-factor authentication into the computer systems. An ssh key or SSL certificate can be password protected, but it's still just a file on the computer usually. And you don't want someone to compromise user's laptop, take as long as they need to decrypt the password and use that to get access to your intranet.

The criteria are:

two-factor authentication
open standard
vendor independent
free software stack available
secure
user friendly
low-cost

So let's start running down the systems available today for the two factor authentication:

Smartcards / Tokens using PKCS #11 API & PKCS #15 standard
Hardware / Software Tokens using OATH HOTP or TOTP standard
Yubikey Token with Yubikey Validation standards

Smartcards, while common in everyday live are not very convenient. You need smartcard reader with you, you get authentication prompts from you browser which look different across all platforms. There is cost of buying smartcards & smartcard readers. Not sure how that would work with SSH. Can't use it on your mobile. This is probably a good solution in managed enterprise networks with single sign on implemented with Kerberos. So it's not an easy solution. And I haven't looked much into it.

OATH is Open Authentication initiative behind the one-time password (OTP) authentication using event or time based. It's a simple nice algorithm, which you can read about here. It generates 6-8 digit long one time password using a seed (initial secret) and variable. In event based form it's just a sequential counter, in time based it's the time. There are many hardware and software tokens available on the market. So it's one contender I'm looking into.

YubiKey is a battery-less USB token with touch sensitive button. It simulates a usb keyboard and "types" passwords. It can be configured to produce: 32 character yubikey OTP, 6-8 digit OATH HOTP or long static password. Later yubikeys also added challenge-response functionality as well. The cool thing is that the hardware design and yubikey OTP documentation is published. And all the software around it is Open Source. There isn't another hardware vendor though.

Now implementation details. For my use case I need: central validation server, pam authentication module, over the network authentication, authentication plugins for specific applications (e.g. OpenERP, Drupal, etc.).

For Yubikey: there are multiple opensource validation servers, multiple pam modules (including those that work against validation server over the network), multiple plugins for many applications out there. There is an investment cost for the Yubikeys ($25 each, cheaper if buying in bulk +VAT +Shipping) and you are locked to a single vendor of the keys.

For OATH: found only one validation server, which is a dead work of a dead original... there is oath-toolkit with pam module, but it means storing the secret seeds on each machine where you want to authenticate, cause it doesn't talk securely to a validation server over the network.

Underdog is yubikey-yubiserve which is OATH HOTP/YubiKey validation server using YubiKey validation protocol (REST API over SSL with client API signatures). But they aren't HOTP pam modules which know how to talk over YubiKey validation protocol.

I'm thinking to modify c-yubico-pam module to accept OATH HOTP and use yubikey-yubiserve. Then I get open source stack, vendor independence, awesome user experience with yubikey OTP, worse user experience with OATH HOTP, but at least I will be able to mix and match ;-)

ps. fedora project and CERN are using yubikeys, so maybe it's not that bad. any takers for software yubikey generators for JavaME / Android / iPhone / MeeGo / Desktop?

Thanks Ubuntu

2011-03-03T00:20:00.000Z

I have first used Ubuntu in 2006 after having been burned by RedHat in 1999. It was a surprise that it worked, was much faster than my current OS and allowed me to painlessly install / use: GIMP, LaTeX, Emacs and many electronics CAD tools. Later Ubuntu allowed me to learn a lot about Linux through the ubuntuforums, ubuntu irc channels, help / wiki, developer weeks, code review, etc. I have now got an open-source job because I have these skills.

Many of the above was either directly or indirectly sponsored by Canonical. From the first CD, to fixing bugs, to code review from exceptional Canonical hackers and of course free training sessions. All interaction I had with Canonical employees was very professional and timely. Heck, I've asked for URL-shortening service for launchpad and we have now as in http://pad.lv/1.

The upstream projects I'm involved in will probably never be part of any revenue questions. And some of them explicitly do not accept donations.

I can defiantly say that Canonical has spent more money on me personally, then the revenue I have brought them. Heck, partially I have a full-time job now because of them. Speaking of which - the company I work for has a good relationship with Canonical. Some of our developers were sub-contracted for initial Ubuntu release and even today we do ad-hoc development for them.

Nothing is free (as in beer). Somebody throughout the years has been sponsoring this: parents, universities, companies, individuals, etc. Who is paying bills for all the bandwidth, disk space, buildbots, that you have ever used? Surely it wasn't yourself all the time.

Debian is a phenomenon. And has been for the past 17 years. Two of directors in my company are Debian Developers, Canonical technical board are all past/present Debian Developers. All of us do share a certain set of common values. Our priorities do shift. I want a roof above my head, food on a table, bandwidth and an OS to run on it. I want to listen to my favourite online radio station in banshee, running gnome, on Ubuntu with back ends running Linux on Amazon cloud. If you yank any of these pieces out, the domino effect kicks in. I fail to see now affiliation fee split between banshee/ubuntu/gnome/amazon can affect any of the four projects in anyway since all four are directly or indirectly inter-dependant on each other.

The moral is, it doesn't matter which part of the community you kiss, you will still get slapped for it.

This "flame war" was actually very boring... I can't wait for the Natty UI freeze to get all the juicy comments, e.g. like in the past about Maverick wallpaper and the buttons on the left and the like ;-)

I got a $job in #FLOSS!

2011-02-10T21:16:00.007Z

So my last post was about me trying to find a job in Open Source. That post generated an email from Tristan Hill who told me that he recently started to work for Credativ and that they have positions open. So I've checked it out, looked lovely, but I wasn't so sure about the what type of work I would have to do. In February, I had an interview with Chris Halls and it was a dream come true. I took the job.

Thank you Tristan Hill for reading Ubuntu Planet.

Credativ is Open Source company. Job satisfies FSF open-source job definition. The company was started in Germany, by a Debian Developer - Dr. Michael Meskes. There are a few other Debian Developers.

Credativ does a lot of 3rd line support around the world. The centre in Germany is 24h, the UK office is not. In the UK we do a lot of Nagios and OpenERP development & support as well as provide OSS training. Relaxed, diverse, challenging and fun =) And you get root ;-) And our marketing manager Irenie White has cakes =) All it takes is a quick chat on jabber to get one!

It was a great feeling that yes you can run Ubuntu on your machine and yes you get root on most of the boxes you need to do your work on. It is a pleasure to come to work everyday! I'm probably easy to please. But it is a really good feeling when you come to the interview and your future manager knows what packages you are maintaining in Debian and what mailing lists you have appeared on and etc. I was also touched by the fact that all equal opportunities statements in the handbook referred to "marital or civil partnership status".

Overall - loads of development, amazing staff, challenging support tickets from sysadmins and everything is in open source.

There are currently 2 Ubuntu Desktop machines in the Office, with other desktops & servers are running Debian Squeeze. But I'm sure it will gradually change to the purple side ;-)

Are you a Debian / Ubuntu developer? Do you program? Are you into Open Source? Do you want to enjoy working with Open Source 9-5? Then apply, cause we are looking for technical people to join us. If you want to talk about Credativ you can find my IRC/email details on launchpad.

My hobby, became my full-time job. I'm a recent university graduate, I'm between 20-25 and only 3% of 200 000 jobs created last year in the UK were full-time... The odds were against me and I made it =)

How did you get your first job in open-source?

2010-12-20T18:13:00.000Z

I have graduated with a 2:1 Masters of Engineering in the UK. I am now looking for recent-graduate entry level jobs. I have been involved in Ubuntu development during my spare time over the past years. My current job hunt hasn't been successful yet. So i want to ask:

How did you get your first job in open-source?

I have experience in C/Python/Gtk programming, Ubuntu/Debian Deb packaging as well as Fedora/openSUSE RPM packaging, autotools/CMake/distutils, git/bzr/svn. I am looking for internship, entry level job with prospects of future full-time employment. Ideal position is an open-source C/Python developer on Linux as part of an experienced team. Location: UK, EU, Russia.

This is my story =) Share your story with me!

attach. CV

Psychological report is in, I'm dyslexic

2010-06-21T15:33:00.000+01:00

Bo hoo.... Got to finish dissertation and do well in GSoC.

I wonder if I shall work on my weaknesses or just ignore that in find a job where I can take full advantage of my strengths?

Chromium vs Gnome Panel

2010-06-12T01:45:00.000+01:00

Chromium starts up and opens my pinned tabs: Gmail, Gcalendar & Greader before gnome panel appears... Also network manager sometimes is slow to bring up WiFi even though my home network is set up to be used by all users, resulting in failed to load in chromium.

Apple booting in a nutshell

2010-06-11T14:28:00.000+01:00

As part of GSoC I need to get an easy tool to create boot able usb sticks from Intel Macs. This past week I've been investigating how Macs do boot. In the process I've wiped my partition table, recovered using testdisk, plaid around with rEFIt, mac boot options, NVRAM, efi shell read tons of apple source code, and UEFI specs. Overall it's quite complex and fun =). I'll try to document as much as possible of everything I have found out in the rest of this post.

On power-on, BootROM is doing Power-on-Sefl-test and hands over to OpenFirmware on PowerPC machines, or to the EFI bootmanager (as far as I understand) on Intel Macs. The BootROM "knows" about the fancy startup keys, e.g. options key which can passes hints to OpenFirmware & EFI bootmanager on what user wants to do (e.g. clean NVRAM & PRAM, force pop-out cd, perform target-disk mode boot, netboot or present available boot drives).

OpenFirmware later on passes onto BootX and that boots OS 9 or OS X kernels & brings up init-rc / launchd. This is PowerPC. I'll stop talking about PowerPC from now on =)

The EFI bootmanager is the gray screen screen which also produces the WALL-E sound (aka mac jiggle). This EFI bootmanager brings up to live some hardware and it can read NVRAM, FAT r/w and HFS+ read-only as well as get onto network. It reads NVRAM to figure out default boot partition, picks that, reads HFS+ headers of that partition to find EFI loader (aka "blessed" loader) and passes onto that to do the rest of initialisation, brings up launchd and gets to the desktop.

This EFI bootmanager after the Boot Camp upgrade (or all recent macs) can also find mbr bootable internal "legacy" systems, emulate BIOS and boot those / make them selectable. And it is a bit stubborn =) it doesn't like identifying my LiveUSB sticks, even though when I jump through the hoops it loads. The Hoops being:

EFI bootmanager ->
rEFIt ->
grub-efi -> in grub-efi "appleloader usb" ->
? EFI bootmanager ? ->
syslinux/grub-pc from USB stick loads.

Also the EFI bootmanager doesn't "see" regular simple file system efi bootloaders e.g. (/efi/boot/bootia32.efi) and doesn't let me boot those =( although some people reported this to work as well as regular legacy usb-sticks (various random posts on grub-devel & ubuntuforums)

What about regular booting of the installed system?

Ideally we should be able to put grub-efi on EFI system parition as /Ubuntu/bootia32.efi & /Ubuntu/bootx64.efi and set NVRAM to boot those. That grub probably should just chainload into another grub-pc or grub-efi installed on the root ubuntu partition.

Or we can modify rEFIt to read ext4 partitions and stick that into system /efi partition.

What does "bless" tool do on Macs? It can do many things but in general it does this:

Sets the HFS+ partition headers with a pointer to a directory/file which should be used to finish efi boot
Stores in NVRAM default boot device / default efi to load

I haven't looked into hfsplus yet but hopefully it can be used to mimic bless tool to set hfs+ headers to point to custom efi's.

Ideally we should be able to access NVRAM from linux to load Ubuntu, the efibootmgr package should be able to do this, but I can't get it to work on my machine yet. The kernel efivars module is not loaded =( and modprobe can't find it either.

I have loads of pages in my page history / bookmarks. Most of this has been found through trial & error, reading bless & BootX sourcecode, notes from apple, UEFI spec, grub-devel mailing list, and ubuntuforums.

In response to bzr-git case study blog

2010-06-01T23:34:00.000+01:00

This blog post on Debian Planet, mentions how easy it is to package with bzr-buildded ontop of upstream git repository.

Also there are bzr-svn and bzr-hg plugins, and you can request launchpad to automatically do imports of those upstreams every 6 hours and on-demand ;-) and of course you can still push your bzr packaging branch to alioth ;-) if you don't want to tie yourself up to much with launchpad.

Bzr and launchpad designed for collaboration =) especially with awesome ground contol tool which integrates launchpad into nautilus.

And yes you can associate multiple authors with a commit (if multiple people worked on a debdiff you are merging), and yes you can associate BTS, Launchpad and any bug tracking URL's with a bzr commit. Git can't do that ;-)

Also note launchpad is getting building packages out of recipes, so if your packaging branch is based on top of upstream branch import, you will be able soon request launchpad to merge packaging with upstream on launchpad and build packages into PPA's for daily builds testing.

For Debian stable, you can use openSUSE build-service (see osc command line tool). Unfortunately I'm not aware of openly available build services for debian testing / unstable yet.

Debian packaging is a social with bzr.

GSoC, rEFIt, Eurovision & Britain's Got Talent

2010-06-01T00:32:00.001+01:00

GSoC

Yes, I'm doing GSoC as well =)

I'll be working on improving usb-creator: doing command line frontend, Mac OS X fronend, merge usb-creator with Wubi, and hopefully allowing to customise usb sticks.

I've already fix a couple of bugs in usb-creator, debranded the package and the debian ITP discussion are ongoing. Hopefully we will hit the debian archive soon ;-) and I did swirled branding for debian as well.

Right now, i'm working on command line interface. A few options work and I can create bootable usb-stick from command-line but it's currently in ugly but works state with debug output =)

rEFIt

ATTENTION mactel users there is a new release of rEFIt 0.14 download =) if you're ubuntu was getting identified as "legacy" system recently in the rEFIt menu please try that.

Don't forget to click customise during installation and include ext and ReiserFS tools. Also if you are using my wonderful humanity icon theme for rEFIt, you will need to reinstall it. Download here.

Eurovision

Congratulations Germany ;-) i've voted twice for Lena. BBC commentary was hilarious, but UK will not win this until they allow artists to come up with their own songs, e.g. I'd love to see KT Tunstall or the Script as Eurovision entries for GB.

Britain's Got Talent

The guy that swallowed Amanda's ring and locked it to the lock in his stomach and got it back out should have gone through to the finals.

ps. flash embedded videos of Eurovision winner & Britain's Got Talent after the brake

pss. Tesco.com didn't deliver £30 of my shopping. =((( had to call 4 times, and in the end yell over the phone to get a refund.

Moved & Funny TED bits

2010-05-18T03:21:00.001+01:00

I've got myself a domain surgut.co.uk and I was hoping I did move my feed correctly without spamming Ubuntu Planet... Well I did reimport the whole blog and kept all the timestamps but the RSS feed got screwed up so I did spam the planet afterall trials and testing. Sorry about the spam =(

I did move my blog from wordpress.com to blogger.com for many reasons. Both are hosted services (I can't afford my own hosting) and blogger has more features and is less evil. I do want to be able to edit full stylesheet and include ubuntu countdown banner without paying =) plus I already use my google account for pretty much everything else.

A couple of days ago I've watched a few really fun and interesting TED talks. While generally they are highly sophisticated and educational here are some of the humorous I've found:

Julia Sweeney "The Talk" - about kids & parenting
Dan Meyer "Math class needs a makeover"
Sebastian Wernicke "Lies, damned lies and statistics" - TED talk about TED talks

The videos are embedded after the break.

local svn:externals with bzr and by-reference trees

2010-04-29T01:18:00.000+01:00


$ bzr branch https://mingw-w64.svn.sourceforge.net/svnroot/mingw-w64/trunk
$ cd trunk/
$ svn proplist -v -R https://mingw-w64.svn.sourceforge.net/svnroot/mingw-w64/trunk | grep externals -C1
Properties on 'svn-checkout/mingw-w64-headers/ddk/include':
svn:externals
ddk svn://svn.reactos.org/reactos/trunk/reactos/include/ddk

$ bzr branch svn://svn.reactos.org/reactos/trunk/reactos/include/ddk mingw-w64-headers/ddk/include/ddk
$ bzr join mingw-w64-headers/ddk/include/ddk/
$ bzr ci -m "Merging svn:externals"

$ bzr merge :parent
https://mingw-w64.svn.sourceforge.net/svnroot/mingw-w64/trunk is permanently redirected to https://mingw-w64.svn.sourceforge.net/svnroot/mingw-w64/trunk/
+N  mingw-w64-crt/misc/wcstof.c
+N  mingw-w64-headers/direct-x/include/d3dx9shape.h
M  mingw-w64-crt/ChangeLog
#snip
M  mingw-w64-headers/include/ChangeLog
M  mingw-w64-headers/include/dbghelp.h
All changes applied successfully.

$ bzr ci -m "merged from upstream svn"

$ bzr merge svn://svn.reactos.org/reactos/trunk/reactos/include/ddk
M  mingw-w64-headers/ddk/include/ddk/hubbusif.h
M  mingw-w64-headers/ddk/include/ddk/ntddk.h
M  mingw-w64-headers/ddk/include/ddk/ntifs.h
M  mingw-w64-headers/ddk/include/ddk/ntimage.h
M  mingw-w64-headers/ddk/include/ddk/usbbusif.h
M  mingw-w64-headers/ddk/include/ddk/wdm.h
All changes applied successfully.

$ bzr ci -m "Merged updates from ddk svn:externals"

If you really need to commit back. Create pristine bzr-svn import without joined externals. Merge just the revisions you want to commit and merge that into svn.


$ echo "Bzr rocks" >> sure-it-does; bzr add sure-it-does; bzr ci -m "My masive hack"
$ bzr branch :parent ../pristine
$ cd ../pristine
$ bzr merge -r-2..-1 ../trunk
$ bzr ci -m "Bingo"
$ bzr push :parent

But this will invalidate your "joined" clone.

When bzr people talk about NestedTrees we mean by-reference Nested Trees such that joining a tree doesn't join it's whole history but instead transperatly, rerucsivly commits to correct child branches. With by-reference nested trees you would then be able to push to correct upstreams of all externals code.

Free & not so free: WebKit2 & iPhone OS 4.0 vs MonoTouch

2010-04-10T22:33:00.001+01:00

Webkit2 looks amazing. Will have to read up about it more =) can I please have it in epiphany - NOW? Please =) this has been covered on LWN as well.

Well well, I can't verify this but iPhone 4.0 SDK limits programming languages to Javascript (Webkit), C, C++ & Objective-C. Although this is a large choice, but it makes impossible for C# / MonoTouch apps to enter the App Store with 4.0 API's =(

What's next Apple? Forcing to use XCode and not allowing apps with an Emacs or Vi mode-lines in the source-code?

Can't wait for Lucid =) Must put the count-down banner on my blog ;-)

rEFIt Humanity Icons

2010-02-19T01:59:00.000Z

If you are familiar with the screen above. This post is for you! I couldn't stand staring at inconsistent icons and despite liking tux a lot I wanted to see ubuntu logo there.

So I've made a script, converted Humanity icons into Macintosh icns format and made a mac package to install them. See this screen:

So If you want this boot experience (including gray ubuntu silhouette after you select ubuntu similar to mac's apple)

Project page: https://edge.launchpad.net/refit-humanity

Download page: https://edge.launchpad.net/refit-humanity/+download

Comments, Code, Bugs and Blueprints are welcome =)

ps. the "screenshots" are actually edited files using themed graphics and same size because rEFIt is not build with screenshot support but it is very close to reality. I don't believe it will be upstreamable to rEFIt cause it's BSD licensed and icons are GPL ...

Push Google Buzz to Twitter, Identi.ca, Facebook and pretty much anything (updated)

2010-02-11T23:11:00.002Z

(Updated Step 5)

Until Google Buzz supports pushing updates natively here is a quick guide how to push your buzzes to social networking websites.

Click buzz

Click on your name

Click "Google Profile"

Click on RSS button in your browser to get the feed (http://buzz.googleapis.com/feeds/NNNNN/public/posted where NNNNN long string of numbers from your Google Profile URL)

Go to twitterfeed.com to set up pushing your buzz feed to Twitter, Identi.ca, Facebook or pretty much to any social site using Ping.fm. (Make sure to change advanced setting to "1/2 hour" that will actually push updates live as soon as they are buzzed using PubSubHubBub technology. Twitterfeed people will update "1/2 hour" wording to "live" soon. )

If you still have problems with updates check the feed status. Good status is "feed status: Feed Checked OK". If feed is ok then your logins might be wrong or twitterfeed is down =(

Good thing twitterfeed supports OpenId and PubSubHubBub for hassle free and near instantaneous publishing from your feed =)

LinkedIn & Gmail = Spam

2010-02-11T17:44:00.002Z

Hello all

I've just registered with LinkedIn and it offered to invite people from my Gmail address book. I've used that feature and now regret it cause invitation email have been send out to all Launchpad bugs, questions, merge proposals, mailing lists and BTS bugs.....

I'm very sorry for all the spam! Please don't block me =(

Sveiki Planet Ubuntu!

2010-02-03T02:12:00.005Z

Hello Everyone =)

During the last Developer Membership Board meeting I got approved as Ubuntu Contributing Developer & Ubuntu Member. Thank you everyone!

I support Crosswire related packages in Debian & Ubuntu as part of ~pkgcrosswire team and I do a few things syncs/merges/bug fixes here and there =)

Although I'm now in Hull, UK studying Engineering I made a political decision to put Latvia on the Ubuntu Members map. I grew up in Latvia, my family still lives there and I spend most of my holidays there =)

My other hobbies include opportunistic scientific python programming and volleyball. I'm national volleyball league referee in UK and I play for a few teams as well. Can't wait for the London 2012 Olympics cause I might be a Beach Volleyball Line Judge (finger's crossed).

So please welcome to Ubuntu Planet - Latvia the Country that Sings. Here is an amazing video "Welcome to my Country" about Latvia. The soundtrack is by Brainstorm, probably the most internationally known Latvian Band (Eurovision fans say ooh ;-) )

ps. Lithuania is our neighbors ;-) we are a different country in the Baltic States !

pss. Ubuntu Planet readers youtube video did not get embedded =( open the blog to see it

Xiphos on Mac OS

2009-12-27T22:27:00.002Z

Well I have just finished building Xiphos on Mac OS X using jhbuild from gtk-osx project. Just like gedit on Mac I had to use gconf 2.22 for gtkhtml. And it worked like a charm.

Things are not integrated as nicely yet but hopefully soon there will be a nice bundle to install ;-)

Student Politics

2009-10-23T18:43:00.002+01:00

This year I'm Athletic Union Treasurer, voting member of the Sports Zone committee and voting member of HUU council.

For the past 2 council meetings we did not meet quorum. Leading to a chicken and egg problem:

Loads of things are not ratified and a lot of people are not elected to sit on different committees.

Some structural pieces struggled because of this (notably societies).

UEC had a proposal to change the quorum pool 50%+1 of the elected council members instead of 50%+1 of the total possible amount of council members.

UEC had a hung vote 2 vs 2. And chair of UEC made a deciding vote to pass this SO change such that council will vote on this (ratification vote).

At the last minute 2 council members arrive (shortly before the vote).

The council then votes 12 (in favour) vs 10 (against) vs 2 (obstension). Prove me wrong, but if not the last minute arrival of 2 people people council voting would have been a hung vote and the chair of council would have to take deciding vote. As far as I'm aware chair of UEC is currently the chair of council, hence there was a possibility that he would have to take deciding vote on the matter twice.

When we moved on to first item of the agenda "Election Chair of Council". VP Education stood up, interrupted the council and said "If 6 people will walk out now we won't be quorate again". This leaded to massive walk-out and end of council.

I have voted against the ratification of the quorum change. My reasoning here is that such controversial decisions shall only be pushed by unanimous backing from all VP's. If four people have a split vote how do expect 24 people not to have a split vote. In these two votes we had a swing of 3 votes that "represented" 21 000 members of HUU.

Last council showed lack of leadership and team effort from exec team. I did not see "All for one and One for All". Even my beloved HUU president Helen from last year managed to create an image and illusion of united union behind the exec team. And despite the personal differences (and motions of no confidence) IT WORKED.

And VP Education, in my opinion, was not at his behaviour by discouraging people from representing HUU members who voted for us to be in that room. I ran against 2 other candidates to become AU treasurer with 40+ club presidents going through 2 rounds of voting. I'm not going to betray odd 1000 people who join AU each year & run the teams.

After further considerations, I will be running for the chair of council this Monday.

Conversation about ubuntu

2009-08-03T17:23:00.002+01:00

I had this conversation with my sibling:

- Why do you have this other one (Ubuntu)?

- Because it has freedom.

- Is that important for you?

- Yes.

- And what do they change it and publish it somehow?

- Yes... and I do too.

- Ok. Cool.

Lintian no-symbols-control-file

2009-01-29T22:54:00.002Z

This advice has been posted on the debian-mentors mailing list. A quick how to generate symbols file

$ apt-get source libsword6
$ cd sword-1.5.9
$ debuild binary
$ rm -f debian/*.symbols dpkg-gensymbols*
$ dpkg-gensymbols -plibsword6 -Pdebian/libsword6 | patch -p0
$ mv dpkg-gensymbols* debian/libsword6.symbols
$ perl -pi -e 's/-\d.*//' debian/libsword6.symbols

dpkg-shlibdeps: warning: dependency could be avoided

2009-01-29T22:45:00.002Z

dpkg-shlibdeps: warning: dependency on $(lib) could be avoided if $(object) were not uselessly linked against it (they use none of its symbols).

I didn't like this build time warning at all. In the library packaging guide a found a nifty trick, add this line to the debian/rules (this is cdbs, don't know how it is done with debhelper scripts)

DEB_CONFIGURE_SCRIPT_ENV += LDFLAGS=" -Wl,--as-needed"

This worked for the executable and I've saved 300 bytes!!!!! Yeah =D

It didn't work for the library though =( Bummer.

I've met a Debian Developer

2008-12-21T16:40:00.002Z

I've met the only Debian Developer from Latvia. We did keysigning and had a nice chat about Ubuntu, Debian & Life. Hopefully he will sign my key.

Jaunty UDS

2008-12-17T23:44:00.002Z

Jaunty UDS has finished. I haven't been there but planet.ubuntu.com provided a good coverage. Jono Bacon posted on his blog a link to videos from the Jaunty UDS. You might find schedule to be helpful while downloading/watching them.

I couldn't find the most interesting sessions though =( the Upcoming Lauchpad Features, Brainstorm Overview, Becoming MOTU, Python 3000 QA, ext4 and so on. Basically anything that happened in Olympus Mons hall. That's disappointing because there also was a session on Google Apps Engine.

Maybe we will find it on Google Code YouTube channel or something like that.