fidzu : Fedora

回應張元毓先生「盜版絕版軟體當然是侵權行為(上)」一文：

敝對筆者觀點深深認同。

假設軟件的發行不像物理性質貨品而不涉及發佈成本，我要指出開發商亦需付出「負面影響現有銷售中的新版本產品或相關功能產品的銷售額－－即其利潤」的沉重代價。想想看如果「麥XX」將製造超過兩小時的食物都免費供人索取，他們的營業額會不會受到牽連？

以非道德標準套用在商業情境，遣責開發商的自私自利，在邏輯上已完全站不住腳；就像要養一隻貓，沒有事先對貓不可能像狗一樣聽使命令這顯淺道理的覺悟，反而生氣貓對命令的不理睬般，非常可笑。

只要將自己放在商人的角度去想，這一切都是完全合乎情理；各位應該將價值觀理智的套用在適當的目標上，把目光放遠一點吧！

24 Jul 2008 12:03am GMT

This year's GNOME Conference was pretty much fantastic. I had a great time in Istanbul. Where to start?

• The People: All the awesome folks were there, had great discussions and learned a bunch of new things.
• The Event: Pretty good, presentations mostly technical, BoFs I attended were more or less fruitful, visionary talks did have plans with them, some flames.
• The Partaes: Hotel open terraces rock. Boat triped rocked (thanks Collabora!). Lots of fun! (except the one with cheap beer..)
• The City: Fantastic. Istanbul and the Bosporus are beutiful, pretty European feeling, its people were very friendly, weather was fine.

I took a bunch of photos from the event and the City - check them out at dimitris.glezos.com/photos/events/guadec08/.

I gave a short talk on Transifex. Two points I wanted to stress were the following. One, translations are important for any project that would like to increase its userbase with little sweat (you code for English and let translators help you reach out to a bigger audience). You create for the 5% of the Earth's population, plus the other 95%. And two, that GNOME's concerns for the upcoming move to distribute VCSs and translations could become less of a problem once we deploy Transifex in GNOME's infrastructure.

From the discussions I had, it seems that a lot of people are anxious in setting Transifex somewhere centrally for any open source project, hosted anywhere, to benefit from. There are some maintainers who stick around svn.gnome.org, just for the sake of translations. That's something that shouldn't happen - developers shouldn't be forced by translations to use inferior tools that affect their productivity negatively. Hackers tend to get frustrated quite easily when they don't have the tools they need. :-/

It also happens that companies like Red Hat, Novell and Nokia, among others, which contribute extensively in open source, spend a lot of money in transferring translations around their downstream community, their translation contractors and upstream. I've actually heard the phrase "shitloads of money" at GUADEC. Which translates in many cases in either development time (since contractors often don't know how to talk with upstream) or just in no sharing of the translations with upstream at all.

Lately I've more or less made it my personal goal is to tackle these challenges. Translations should be easy. Dead-simple easy. For both developers (documenters, webmasters) as well as translators.

Can we make it a click away?

23 Jul 2008 10:55pm GMT

Paul Frields (Fedora Project Leader) sits down to discuss the Live USB feature debuted in Fedora 9 with developer Jeremy Katz. See a live demo of the persistant desktop, and find out how to get more involved in the next Fedora release.

23 Jul 2008 10:12pm GMT

Et voilà, la liste des noms pour Fedora 10 est disponible. Il s'agit maintenant de voter ! Petit rappel quand même : le nom des distributions au sein du Projet Fedora n'a pas de vocation « commercial » mais est un simple délire de contributeurs.

• Cambridge
• Farnsworth
• Mississippi
• Nile
• Nitrate
• Saltpetre
• Terror
• Water
• Whiskey Run

Bon vote à tous, et que le meilleur gagne ! N'oubliez pas, vous devez posséder un compte au sein du Projet Fedora pour être en mesure de voter.

23 Jul 2008 7:45pm GMT

http://www.linux.com/feature/141098

http://terrasoftsolutions.com/news/2008/2008-07-23.shtml

23 Jul 2008 7:24pm GMT

Thomas blogged about my nemesis, bug 482354. I've been trying to upstream the fix for unbreaking clicking on links for quite a while now.

In it, Christophe brought up Rhythmbox, which is quite similar to Pidgin in how it acts with the tray icon.

Several years ago I was chatting with Seth about Rhythmbox and he mentioned that he thought it was a fairly special kind of application because it is generally used in a very "transient/background" way. For example, a normal way to use it would be minimized to the tray (not even in tasklist at the bottom); then when you want to switch songs or albums, you click the tray, do a quick search, and then minimize again. This contrasts with "regular" applications like Eclipse, Firefox, Evolution where it's expected that you will often spend a substantial amount of time in them in one go.

The tray icon approach sort of works, but I think we could do better. Following is a potential approach that I'm recording in my blog so I don't forget, and of course to gather comments.

Transient Application

First, for reference here is how Rhythmbox currently looks:

Unmodified Rhythmbox

And here's a mockup of how it could work:

How Rhythmbox could be a "transient" application

The general idea is to treat the application window like a really fancy GtkMenu. Here's a concrete list of user-visible behavioral changes:

• 
  
• Clicking anywhere outside of the window causes it to minimize back to the tray icon.
• 
  
• It does not appear in the task list
• 
  
• There are no minimize/maximize buttons
• 
  
• The close button does not actually exit the app (i.e. stop your music), but just minimizes
• 
  
• There is a visible arrow showing you the association with the tray
• 
  

Overall I think this approach will make the "show Rhythmbox window, choose song/album, start playing, make it go away" task nicer since you'll only have to move your mouse to the tray icon and click once (to open) instead of twice (once to open, once to close). It will make it a lot clearer to the user what's going on (in the current Rhythmbox we have the minimize/maximize animation, but no arrow).

Implementing this would require window manager changes, new GTK+ API for GtkStatusIcon, and updating several applications that fall in this category (Rhythmbox, Pidgin, Banshee, etc.) to use it. Also someone with actual graphics skills would have to draw the arrow. Does that sound like a lot of work just to save you one mouse click? Not when you're applying the forehead mashing method of user experience improvement!

Now to find some time to implement it...

Edit: - I forgot to mention this would also be perfect for the new NetworkManager connection dialog.

23 Jul 2008 6:45pm GMT

RPM of Apache2::SOAP are available in Fedora and EPEL repositories (after testing stage), and in remi repository for older release. A replacement for Apache::SOAP designed to work with mod_perl 2

Les RPM de Apache2::SOAP sont disponibles dans les dépôts Fedora et EPEL (après passage en testing) et dans le dépôt remi pour les anciennes versions. Une alternative à Apache::SOAP conçu pour fonctionner avec mod_perl 2

23 Jul 2008 5:46pm GMT

I won a contest at 99designs today. Prize money: $600.

I'm excited. 8D

23 Jul 2008 5:42pm GMT

Red Hat and Canonical are competitors.

Every time you see a Mark Shuttleworth quote that pertains to Red Hat, you should do well to bear this fact in mind, and to think: "why is he saying this?"

Mark has recently said, for instance, that Ubuntu has a better security record than Red Hat does. My thanks to LWN for pointing out, with an admirable bluntness, that this assertion is not supported by facts. But positioning is absolutely everything, especially when you're looking to build a business that makes money -- and sometimes in an effort to build strong product positioning, people say things that aren't, strictly speaking, the unvarnished truth. Canonical plays the game just like everyone else does.

Another thing: Mark is talking a lot recently about how Ubuntu prides itself on working well upstream; it was a major focus of his talk at OSCON last night. That's good; I'm glad to hear this message. I believe that Fedora's incredibly strong track record of working upstream is paying dividends, and that message is so compelling to the community that Mark is forced to respond to it in kind.

Leadership is a tricky thing. Allow me to tell one of my old man stories.

Once upon a time, Jeff Waugh came to speak at Red Hat. He was actually speaking at the Triangle Linux Users Group, which meets at Red Hat HQ in Raleigh. Half of his presentation was dedicated to GNOME, and the other half was dedicated to Ubuntu. It was compelling, and educational, and all-around awesome -- but there was one slide in particular that stuck with me. It was a photo of a whiteboard from an early strategy meeting at Canonical. There were a few pithy phrases on the whiteboard that are surely familiar to Ubuntu followers, including the hilariously pithy "don't make the baby Jesus cry." But I could only focus on one thing. In the upper right corner of that whiteboard, blocked off and emphasized, was the following aspirational imperative:

"A better Fedora than Fedora."

It hit me like a ton of bricks, because it was audacious, and at the time of Jeff's presentation, completely true. Here was a representative of our nascent competitor, standing in our living room, and punching us right in the face. Everything I've done in the Fedora community since that day has been inspired by that single image, and how it made me feel.

That's why competition is good.

So how are we doing today?

Fedora continually gains momentum. More and more active contributors on every continent. More subprojects, more innovation, more sticky problems to be solved and more smart people gathering to help solve them. I think it's getting harder and harder for Mark to claim that he is still building "a better Fedora than Fedora". Take away the ease of installing patent-encumbered software, and what meaningful advantage does Ubuntu have right now, in any area? I ask the question earnestly, because I don't see one. (Here's one hint: it's definitely not security.)

Red Hat and Canonical are competitors. Fedora and Ubuntu are competitors. Once upon a time, Ubuntu forced us to elevate our performance. I'm thankful for that push. It made us better -- a *lot* better. Now, I believe that the tables are turned, and we are forcing the SABDFL to elevate his own performance -- and he'll need to do it with more than just talk, because in Fedoraland, we're only going to keep moving faster.

And for those who are just looking for the snarky soundbite:

"Spaceman, we've upped our game. Up yours."

(Kidding, kidding. I'm a kidder. Mostly.)

23 Jul 2008 5:29pm GMT

23 Jul 2008 4:22pm GMT

Flaws in the implementation of the DNS protocol allow it to be exploited and used for malicious activities. Because DNS is such a critical protocol for Internet operations, countless operating systems, and applications, operators and administrators must harden DNS servers to prevent them from being used maliciously. Some of these flaws are presented in this document to inform operators how they can be used maliciously. Techniques are shared that can be used to prevent these types of activities.

more info :

http://www.cisco.com/web/about/security/intelligence/dns-bcp.html

23 Jul 2008 3:24pm GMT

Last weekend, I spent approximately 48 hours in the UK for LUG Radio Live 2008.

The purpose of the trip was threefold:

1) I had been invited to give the Community Architecture for Fun and Profit talk at the event by the organizers.

2) I wanted to meet a few of the Red Hat employees from the UK who would be in attendance.

3) I hoped to have a few interesting conversations with other attendees, who either contribute to Fedora or work in other upstream parts of the free software community.

Rather than give a chronological trip report, I'll just share various highlights and lowlights.

NUGGET: My talk itself went fine -- it's a good presentation about our community building strategies in Red Hat and Fedora, where we have been successful, and where we have failed but learned from our mistakes. However, the overall audience was much lower than I hoped/expected, and I was quite disappointed by that. All was not lost, however, for Jeremy Allison (of Samba and Google) was in the audience, and he mentioned to me afterward that he enjoyed the talk and would like to figure out how I could give it as a Google Tech Talk. Of course, I would be more than happy to do this.

NUGGET: Two of the booths at the event that I found kind of interesting, and thought I'd give links to. The first: Open Street Map, which I first saw at LinuxTag back in May, but have been hearing more and more about over the past few months. The second: Open Rights Group, sort of like the Electronic Frontier Foundation of Europe.

NUGGET: I had a chance to meet Jon Fautley and Tom Ellis, who work as consultants at Red Hat. Both were great guys, and they brought a decent amount of Red Hat swag with them. A special thank you to Tom, who created about 40 or 50 Fedora Live USB keys over the course of two days, which were (as always) in great demand at the event.

NUGGET: Spent about 45 minutes talking with Benjamin Otte, a GNOME developer and upstream maintainer of swfdec, an open source flash decoder. Benjamin and I spoke about some of the general challenges of building community in the GNOME world, especially when you have large groups of older, established contributors who have been participating for many years, and another group of young contributors with potentially different goals/objectives. Additionally, Benjamin was disappointed with his experiences in the Fedora 9 feature process. Not having any firsthand knowledge of this, I promised to look into it and also put him in touch with John Poelstra, and I still need to follow up on that promise.

NUGGET: Participating in the "mass debate" with Jeremy Allison (Samba & Google), Matthew Garrett (Red Hat & GNOME), and one of the LUG Radio guys whose name I cannot remember. Discussion included GPL v3, whether or not there is incentive to standardize distro release cycles, recruitment of new developers, and various distros/companies mildly poking at each other (enough to make a point, but not enough to make anyone angry).

NUGGET: Someone reciting the St. Crispin's Day speech from Henry V, substituting LUG Radio and Linux names when appropriate.

NUGGET: Interesting chat with Jon about Spacewalk, Func, Cobbler, Puppet, and how customers are quite excited about different pieces of technology that have come out of either Fedora or (what used to be called) Red Hat's Emerging Technologies group.

NUGGET: 45 minute interview with Linux Format magazine. I felt that it went pretty well. We'll see what parts of it they use, because it was far more material than can fit into any reasonably-sized article.

NUGGET: Two cool things from the Debian booth. First, a simple app running that displayed a scrolling list of all the people in their community. We should do something like that for Fedora. I'm sure it would be very easy. They were simply going through each package installed on the system and displaying the name/email address of the maintainer. I also saw a Debian poster that gave me a cool idea for Fedora artwork -- the picture would display what seems to be a forge, with molds in the shape of the Fedora logo and molten blue/white liquid being poured into them. Around the floor would be various instances of the finished product. The Debian poster was something similar with beakers pouring out liquid in the shape of the Debian swirl, and it looked pretty cool.

NUGGET: Walking into the Social Event on Saturday night to a room full of people all singing "Yellow Submarine" in unison.

23 Jul 2008 2:43pm GMT

The Fedora 10 name elections are open. My totally awesome name suggestion for F9 (Bathysphere) lost by a slim margin, so now I'm lobbying harder for decent names. So here's what you should vote for:

• Whiskey Run, because whiskey is awesome, and the potential for a whiskeyrunner theme in the artwork is excellent.
• 
  
• Saltpetre, because it's a double-whammy connection with Sulphur (British variant spelling, and component of gunpowder), and gunpowder -> steampunk art -> awesome.
• 
  
• Farnsworth, because Futurama.
• 
  
• Cambridge, because Red Hat Linux 10 would have been Cambridge, and we finally made it to version 10 of something.

Every time you vote for something else, God detonates a kitten.

23 Jul 2008 2:34pm GMT

The SELinux Developer Summit went pretty well yesterday. It was a long day: 10 hours of talks and discussions with about forty developers attending.

I've just uploaded slides from the talks, which may be found next to their respective entries in the schedule.

Some of the talks I found particularly useful/interesting:

• 
  
• Josh Brindle on SELinux in Ubuntu. They're making good progress, although the idea of SELinux is to introduce ubiquitous, generalized MAC security, so he is advocating they enable SELinux by default as is done in Fedora, and as you typically do with other OS security layers.
• 
  
• John Weeks from Sun talking about OpenSolaris FMAC (introducing Flask/TE to their OS). It was interesting to see a dtrace graph of the AVC operating-a kernel mechanism for which I've developed an abstract mental model but never "seen".
• 
  
• Dan Walsh Talking about his ongoing work in utilizing SELinux to create practical security features for everyday users.
  
  
  
  The above is from a demonstration where nsplugin (the framework for Firefox plugins, i.e. where flash etc. is run) is being sandboxed by SELinux, so that a flawed or malicious plugin cannot be used to snoop your keystrokes. In this case, a simulated (and trivial) exploit was blocked from capturing internet banking passwords by SELinux.
  
  Btw, Dan will be demonstrating this today during his OLS talk on Confining the User. There's a lot of really cool stuff coming in this area & the talk should be well worth attending.
• 
  
  
• Karl MacMillan on alternatives to comprehensive least-privilege, where he described some ideas and plans for simplifying the way SELinux policy is deployed for general purpose use. He has some really promising ideas on reducing the granularity of the policy while still maintaining strong security. This can lead to simpler and smaller policy, which is important for all kinds of users.
• 
  
• Peter White talked about two higher-level languages being developed to express SELinux policy, Lobster and Shrimp, which will introduce features such as type checking and object orientation to the policy language area. Peter is a Haskell guy, and it all looks very promising.
• 
  

***



Yuichi Nakamura talking about embedded systems and SELinux.

The format worked reasonably well-a series of short talks and discussions-although it would have been nicer to have a more relaxed schedule and more time for deep discussions on specific issues. There's already been discussion of what to do next year, and we may move it to a two-day event. Certainly, I think we'll want to have it again in conjunction with a major developer conference, which makes it a good environment for collaboration with the wider FOSS community.

For those that couldn't make it this year, I believe notes were taken and will be sent out to the mailing list. There are more photos here.

23 Jul 2008 1:13pm GMT

2 days in series, all messy.

Caught a messy cold, messy house building progress, messy RHCE study progress, messy JLPT3 (Japanese Language Proficiency Test level 3) study progress, messy digital painting practising progress, messy career development progress.

Stress fuelled sleep paralysis and auditory hallucination at last night. There was also a dream about sinking into very clear water stream with colorful light beams. I knew I am sinking but at the same time feeling happiness.

My emotions now is like a roulette...

23 Jul 2008 12:41pm GMT

Since I'd promised a certain gentleman that given the phone I'll try out Mundu Radio, I went ahead and downloaded it yesterday. Without wasting too many words - it is a cool application to have. The UI was a little bit klunky for me, but got used to it pretty fast. Now if only they had one for the n810 that'd be nice

If you want to listen to nice music on your phone, go ahead and get your account now.

23 Jul 2008 11:11am GMT