Noodles' Emptiness

6 months of GNOME Shell

2012-05-19T19:57:50Z

Back in November I ranted about the migration of Gnome Shell to Debian/Testing. Plenty of other people did the same thing (or have done the same thing about Unity).

I'd just like to say sorry to any of the GNOME people who felt unappreciated; I know you work hard to try and produce a useful user experience out of the box. I ended up doing the dist-upgrade on my work laptop only a week or so after my home machine, and in the process discovered that the nouveau Mesa driver now supports my machine pretty well. It's taken me a while to get used to it, but my frustrations with the change have diminished and I haven't felt the need to move to something different. So, a belated thanks for all your hard work.

Going to DebConf 12

2012-05-12T15:38:28Z

Meant to post this a while ago when I booked the tickets, but life has a habit of being busy at present. I'm pleased to say I'm going to DebConf 12 in Managua. In the off-chance someone else might be on some of the same flights as me, here's what I've booked:

Outbound:

2012-07-07 00:15 SFO -> 08:12 CLT US466
2012-07-07 11:40 CLT -> 13:44 MIA US1831
2012-07-07 16:07 MIA -> 16:45 MGA US4925

Inbound:

2012-07-14 21:15 MGA -> 01:50 MIA US4944
2012-07-15 06:15 MIA -> 08:19 CLT US1800
2012-07-15 09:40 CLT -> 12:08 SFO US1485

There were some single stop options but the timings didn't them any quicker, they weren't any cheaper, and these times worked better for me anyway.

The future is here again

2012-04-24T05:38:55Z

Back in 2004 when Simon and I went full time with Black Cat one of the first things I did was sort out an ADSL offering, including native IPv6. We were one of the first UK ISPs to offer this (possibly the first; I know A&A had been doing tunneled IPv6 for a lot longer, but I'm not sure exactly when they enabled IPv6 on the PPP session. Also Bogons were fairly quick to enable it as well). By the middle of 2004 I was fully IPv6 enabled; my colo box had a native connection, my entire home network (a /64 for the wired, a /64 for the wireless) was configured, BCN had multiple native IPv6 connections to other ISPs (such as peering over LoNAP). By and large it just worked; I remember at one point looking at a traffic graph link from someone in Australia and them indicating surprise that I'd come in over v6. I hadn't noticed anything different than normal, which is exactly how it should be.

When we sold BCN in 2007 unfortunately one of the casualties was the v6 support. The ISP that took over the ADSL wasn't setup to be able to continue the v6 support, nor were RapidSwitch, who took over most of the hosting (I note with sadness that RapidSwitch still don't seem to be offering v6, though they keep saying it's a work in progress). So I stopped having any v6 for some time, refusing to slum it with a tunnel.

This changed at the start of last year, when I sought out new hosting for the. I ended up selecting Bytemark, partly because I knew of their commitment to v6. I'd chosen Sonic as my US access ISP, again partly because they offered an IPv6 tunnel service (while not as nice as native v6 over the DSL I felt that a tunnel provided by the DSL ISP was acceptable for access). However a combination of not having a machine that was always on at home, and a dynamic IP on my connection, meant that I never got round to configuring anything permanent up.

Recently I got around to buying a little low powered box to be always-on and this week I finally looked at configuring it up as the tunnel endpoint, planning to do some sort of screen scraping of the web interface to automatically update the tunnel broker information for the rare occurrences when my IP changes. The first nice surprise was that Sonic are now doing static IPs for free (previously you could only have a block of 8 for $20/month extra). That makes things a lot easier. So tonight I configured up the little server as the tunnel endpoint, installing radvd and some basic v6 firewalling. As expected my laptop sees the RAs, automatically configures everything up and my ssh sessions start to go over IPv6 instead. Looks like my phone also does the same. I'm not entirely sure what the NAT on the ADSL router is doing and if inbound connections will fail if there's nothing outbound holding the translation entry active, but I'm sure I can work around that if it turns out to be a problem. I care more about access than hosting anything on the end of my DSL anyway.

This means I'm finally almost back to where I was nearly 8 years ago, just in time for World IPv6 Launch day.

On arranging meetings

2012-02-11T23:44:31Z

I've been spending a lot more time recently in meetings. Mostly things I should actually be at. And in general if it's something I think is reasonable I'll try to be there. In an effort to help with this I actually keep my work calendar up to date. Given that I'm running Linux on my laptop and the corporate standard is Exchange this requires a little bit of effort on my part (the Thunderbird Provider for Microsoft Exchange and Android support for talking to Exchange are helpful with this).

Sometimes it seems like I shouldn't bother. I spent this week at a conference, and marked my calendar to indicate I was out of the office. I think I had at least 3 meeting requests, all for things that would actually have been appropriate for me to go to. Last week I managed to be booked for 7 hours of meetings from 7am until noon. That included a 30 minute window where I was triple booked.

The thing is, I'm really not that busy in terms of meetings - you can usually find a spot when I'm free on any given day unless I'm actually not in the office. If you bother to check my calendar, that is.

Another problem I have is the times people like to book meetings at. Booking a technical meeting at 9am isn't going to get me at my best. Equally doing so at 5pm is likely to have me clock watching to make sure I don't miss my bus and/or train. Also I seem to work with far too many people who don't eat lunch and book hour long meetings at midday or 1pm.

I understand sometimes that's the only time you can get everyone into a room together, but at least bloody ask and explain the need rather than just sending out a meeting invite.

Finally, book meetings of a realistic length. There are some people who invite me to things and cause me to add another 30 minutes on the end, because I know it always overruns.

It's not all bad. I have a VP who always runs a meeting to time, and never seems to call one for spurious reasons. I've also worked with a program manager who will organize the meeting so that if you're only there for one point on the agenda that'll get dealt with near the beginning so it doesn't take up more of your time that it needs to. Funnily enough I'm much more likely to go to things both of these people arrange.

Disclaimer: In the unlikely event anyone I work with who invites me to meetings is reading this, I might be talking about you, but everything I mention has been done by more than one person, so I'm not thinking about anyone in particular for each point.

I want you to see my storage automagically

2012-01-22T23:57:40Z

For my day job I build storage systems. A lot of what I do at present involves caring a lot about how different OSes deal with things like new LUNs being presented from a SCSI target, or errors along a subset of the available paths to a device.

It will come as no surprise to you to discover that they all suck (for values of all equal to Linux, Solaris, Windows and VMWare). New LUNs are particularly annoying. I'm in the situation that creation and removal of a LUN is exceptionally easy.

Hmmm. Maybe I need to back up here a bit first. SCSI has the concept of a target (think, device, eg hard drive). Each target can present multiple logical units. Each of these is assigned a number - a Logical Unit Number. Most devices (a hard drive, or a CDROM drive) will present a single LUN. A storage array will tend to present multiple LUNs; one for each volume that is exported to the host. At the host level each LUN really just looks like a separate device (for Linux /dev/sda and /dev/sdb may well be separate LUNs on the same array, rather than 2 separate arrays/hard drives, for example. At the block device level you don't care about the difference usually).

Anyway. For various reasons I end up adding and removing LUNs quite often. And there are ways for the array to indicate that this has happened to the host (the UNIT ATTENTION/REPORT LUNS DATA CHANGED check condition seems to be favoured these days, as a complete Fibre Channel LIP can be disruptive). What I'd like to happen in that case is the host to pick up the check condition and drop and/or add the devices that have changed. Instead everything wants a manual rescan. rescan-scsi-bus tends to be simplest for Linux. Windows wants a manual refresh in Disk Administrator. VMWare a "Rescan HBAs" from vSphere. Solaris a "devfsadm -C" and possibly a "cfgadm -al" first. And all of these can be temperamental about picking up the changes.

We've done a lot about hotplug for the desktop user experience, without doing the same level for the server experience. I appreciate that there are situations that you don't want your server to reconfigure things without being told to, but the current situation can be detrimental (for example Linux multipathing will hold a device open even after it's disappeared and is returning an "INVALID LUN" response; it would be much better if it could cleanly close that device and wait for it to return). Storage is capable of being much more than just a single block device these days, and it's a shame that nothing seems to deal fully with that fact.

(Yes, yes, I should write and submit patches, but I appreciate that there's not always a simple answer, nor necessarily an answer that works for all situations automatically. Plus, y'know, not enough hours in the day and I hope you all appreciate I've taken a break from watching BSG to write this.)

Totally divorced

2012-01-22T22:12:11Z

I got divorced earlier this month; the decree absolute arrived in the post last weekend. I'm hoping this isn't news to anyone who knows me well, and I only really mention it here as an endpoint given that I blogged about the wedding itself.

All I need is a large enough white wall

2011-11-26T00:28:12Z

I think I'm currently supposed to be out buying a TV at the moment. Or something else expensive. Instead I'm lying on the sofa listening to Whale and drinking tea. That's much better in my opinion, but it reminded me that I hadn't mentioned that I bought a projector.

I had the loan of a projector for a while when I was in Belfast. It was a huge thing that made a lot of noise, but was pretty cool for watching films with. When I moved to the US I decided not to bother with a TV to start with - using my laptop did just fine for most things. Except films. They really benefit from a bigger screen. Especially if you want to watch them with someone else. So I started looking at pico projectors, because I wanted something small and cute that I could throw in a bag with my tiny laptop. At the time the best the pico projectors could do was 840x480, which I felt wasn't really that great. However back in January TI announced their DLP Pico HD chipset, offering a resolution 1280x800.

I kept a look out for projectors using this to appear, and eventually, in July, Amazon claimed to have availability of the Vivtek Qumi. So I bought one. And I'm very happy with it. I'm not a heavy user, and there are some niggles, but it's small and does exactly what I want. In low light conditions it'll happily throw an image all the way across the room, which is more than it's rated at. There's a mini-HDMI connector on the back, so it's a doddle to plug it into my laptop using the supplied HDMI to mini-HDMI cable. The laptop auto-detects the device and extends the desktop appropriate, as you'd expect.

It'll also do media playback itself - there's a USB host port and a micro SD slot on the back. This works ok, and the included remote means you can easily set the projector somewhere above your head and still be able to easily control it. Unfortunately the built in speakers are fairly useless. There's a 3.5mm socket for external speakers, but having to plug something else in detracts from the convenience factor of the built-in media player. Also my unit had the power switch installed upside down (the little red line indicating the power is on actually shows up when it's off), but that's the only complaint I've got about the build quality. There's a little neoprene case to store the thing in as well.

So, er, yeah. I think I can continue to make do without a normal TV for a while longer and avoid the nightmare that I suspect are the shops on Black Friday.

The cost of progress

2011-11-08T05:53:51Z

You should probably ignore this post. I'm just venting. I'll be better after a nice cup of tea.

Things that are causing me to fume about the fact Gnome Shell just hit Debian/Testing:

Spacefun came back. Even on GDM3. Just fucking die already.
I had to reboot to get bluetooth working again.
/desktop/gnome/shell/windows/workspaces_only_on_primary set by default? SRSLY?
It failed to carry over my previous monitor settings.
I'm pretty sure I don't have a latent desire for a machine running OS X, whatever the GNOME devs might think.
How many mouse clicks to get to the list of applications?
Er, why have you changed my default apps? (Why is clicking a link in a terminal opening Epiphany rather than a new tab in Iceweasel?)

I update my testing boxes (work + home laptops) almost every day. It rarely breaks, and certainly when it does I accept that's what I get for doing rolling upgrades. I can't remember the last time I did an upgrade that actually made me angry.

Also I suspect this thing is going to have a complete fit on my binary nVidia/hacked up DisplayLink configuration at work (the DisplayLink side refuses to do 3D for starters). Perhaps better not to upgrade there until I have a sufficient block of free time.

Maybe it's time to go back to evilwm. I only stopped because I wanted a dock for wifi/bluetooth etc applets on my laptop that didn't get hidden when I fullscreened things. Implementing _NET_WM_STRUT might make that doable...

(I'm sure some of this is just dealing with the change but it's a bit bloody difficult to deal with a complete change in user interface that hasn't even managed to carry across settings from the old one.)

Thanks for the offer, but...

2011-10-05T05:55:20Z

I was due for another Google interview mail it seems. I have to say I wasn't expecting it, but this week I had a follow up to my polite mail from 6 months ago that said "No thanks, I'm not looking" asking if it was still the case. Normally I welcome this little bit of ego stroking; it's always nice to be wanted. Except that's not really the case, is it? It's an invitation to interview for something, not any indication that you've done more than tick some initial boxes. Google mails inevitably ask me if I'd like to work in SRE. It's always SRE. No one ever emails and asks if I want to work on self-replicating nanobots that will roam Mars searching for the perfect spot to build a beach house. And that's where things fall down. If someone currently has a job, then emailing them out of the blue to ask if they want to come and interview for something vague is hoping that they're either looking, and just haven't come to you yet, or not looking but unhappy enough with their current role that all they needed to start was an email asking them to submit a recent CV. For the former, if you're Google, do you really think that person doesn't know where to find you? For the latter, you're being quite presumptuous, aren't you? The act of updating my CV my be some effort (actually it's usually not, because the stuff that's not on it is the stuff I can't talk about because it's not released yet, or stuff that's specific and thus wouldn't go on a CV for a vague job spec). Even if it's not the act of interviewing is potentially a waste of time for both of us, if the role isn't clear. One argument used is that people will be placed according to the skills they show during the interview process. That's fine from the employers point of view, but if you're actively trying to get some interest from people who are gainfully employed you really need to grab their attention somehow. I can't remember the last time I had an unsolicited email interview offer that actually wowed me, or indeed even showed more than a passing sign of tailoring a spec to my profile. When I was running Black Cat I made a point of always replying to unsolicited CVs. How polite I was depended on how the covering emails were worded (a Word document with nothing else was likely to get short shrift, something well targeted in a Linux friendly format would normally get some comment about how we weren't hiring and were unlikely to be, but if that changed it would be mentioned on the website), but I felt people deserved a reply - I have been disappointed by not receiving responses myself to what I considered well targeted job inquiries. So far I've so far taken the same approach with mails from corporate recruiters (less so with recruiters that are associated with recruitment firms, rather than directly with the companies they are hiring for), but I'm starting to feel like changing that stance. Candidates are told to tailor CVs to the role being applied for, provide a decent cover letter, and in general make companies want to talk to them. Companies who are sending out recruitment emails should be held to the same standard. Even assuming you do a basic phone screen first, I can probably expect to need to take a day off work assuming that goes well. You need to convince me I can justify that before I'm going to feel like engaging at all. (And if I'm honest, based on what I've seen so far, it's unlikely to happen. All of the things I've considered have come from conversations with people I know directly about companies they own or work for, never some random contact via email. I try hard not to think of recruitment mail as spam, but I can how that line of thought follows through.) I should apologize to Google here. They got mentioned as an example, but I don't think they're particularly bad. I did interview with them at one point, and made the decision not to continue that process after deciding a different, more certain, path was better for me. So I've displayed interest. And in response to my reply today of "I know where to find you, so please assume I'll do so if I change my mind." they've said they'll make a note on their records....

Chromium

2011-07-01T04:27:02Z

The thing that finally made me install Chromium? The refusal of Google+ to work with Firefox 3.5 (from Debian/testing). Well played Google. Well played.

Update: Please note I didn't say "switch to Chromium", it was just installing it at all. I've also pulled in FF 5 from experimental which seems to be working nicely - I hope that it can make its way into unstable and thus to testing soon.

Building a FreeDOS bootable USB stick under Linux

2011-06-05T03:37:03Z

This is for my own reference more than anything else; periodically I find myself needing to boot DOS. Usually because I want to upgrade a BIOS and the upgrade tool only works with Windows or DOS. Yes, I'm aware of flashrom, but the scary messages about toasting laptops means I'm much happier going the DOS route there. So I need a writable medium with a DOS boot image. The easy way to do it is to find a DOS floppy image and write that to a USB stick with dd, but it's basically a one off and means you can't fit a whole lot on the image. I wanted to do a native USB boot. The following did the trick for me.

Firstly, this is all on a Debian testing box, in particular with dosfstools (3.0.9-1), mbr (1.1.11-4) and syslinux (2:4.04+dfsg-2). I don't think I'm using anything particularly new from these tools, so I suspect Debian stable will work just fine.

In the below my USB stick is on /dev/sdb, I've got a copy of FreeDOS in ~/FreeDOS/ (I extracted the files from a balder10.img floppy image that's easy enough to find, but all you need is kernel.sys and command.com), and I wanted things neatly in their own subdirectories so I could try and keep the key for repeated use and know which bits I wanted to keep and which were transient. I also added a copy of the Debian Installer for convenience; it would need a copy of the netinst ISO dropped into the root to actually be useful, as there's not enough to do a full netboot from the wider Internet using just the HD initrd.

    # Create a single bootable LBA VFAT partition spanning entire stick.
    echo 0,,C,* | sfdisk /dev/sdb
    # Format as VFAT and give it a disk label.
    mkfs.vfat -n 'DOS BOOT' /dev/sdb1
    # Install an MBR
    install-mbr /dev/sdb
    # Mount it and create some directories for our files.
    mount /dev/sdb1 /media/DOS\ BOOT/
    cd /media/DOS\ BOOT/
    mkdir boot
    mkdir boot/syslinux/
    mkdir FreeDOS
    # Copy the chain.c32 syslinux tool over.
    cp /usr/lib/syslinux/chain.c32 boot/syslinux/
    # Copy FreeDOS over and move the important bits to /
    cp ~/FreeDOS/* FreeDOS/
    mv FreeDOS/command.com .
    mv FreeDOS/autoexec.bat .
    mv FreeDOS/fdconfig.sys .

    # Add the Debian Installer
    mkdir boot/d-i/
    cd boot/d-i/
    wget http://cdn.debian.net/debian/dists/squeeze/main/installer-amd64/current/images/hd-media/initrd.gz
    wget http://cdn.debian.net/debian/dists/squeeze/main/installer-amd64/current/images/hd-media/vmlinuz

    # Install syslinux
    syslinux -d boot /dev/sdb1

I made a boot/syslinux.help file containing:

    Available boot options are: FreeDOS d-i

and a boot/syslinux.cfg with:

    prompt 1
    display syslinux.help
    default FreeDOS

    label FreeDOS
        COM32 /boot/syslinux/chain.c32
        APPEND freedos=/FreeDOS/kernel.sys

    label d-i
        KERNEL /boot/d-i/vmlinuz
        INITRD /boot/d-i/initrd.gz

Initial testing was done using kvm which was a lot easier than constantly rebooting my laptop.

Hopefully this is of help to someone. The only neat bit that I didn't see elsewhere when I was looking was the use of chain.c32 to load kernel.sys rather than having to use a FreeDOS provided boot sector image.

A minor keyring-maint rant

2011-05-09T00:44:12Z

This should probably be an official FAQ, but a) I wanted to rant a bit more than is probably acceptable for something "official" and b) the sort of person this information is directed at never bloody reads keyring.debian.org, which is the logical place for it.

Who are keyring-maint?

Currently Gunnar Wolf (good cop) and Jonathan McDowell (bad cop). Previous keyring maintainers include Igor Grobman & James Troup.

I'd like to be a DM/DD. Do I send you my key?

No. You go through the DebianMaintainer or NM processes. Then the DM team or DAM tell us to add your key to the appropriate keyring.

I'd like to replace my DM/DD key in the Debian keyring. What should I do?

Read the instructions at http://keyring.debian.org/replacing_keys.html

I have a new key that isn't signed by anyone else, will you accept it?

No. Did you read http://keyring.debian.org/replacing_keys.html ?

I've got a single DD signature on my new key. That's enough, right?

Not unless your old key has been lost and you're getting a different DD to request the replacement for you (and if they're prepared to ask for a key replacement we'll wonder why they're not prepared to sign the new key too).

Did you read http://keyring.debian.org/replacing_keys.html ?

I'm still really confused about how I should request a key replacement. Help?

Try reading https://rt.debian.org/Ticket/Display.html?id=3141 (which just happens to be a recent decent example). Clear subject line (I'd have added a real name too, but it's still fairly clear), full fingerprint of the old and new keys, inline signed so RT doesn't mangle it. New key signed by old key and 3 other DDs. Request signed by old key.

That RT link needs a login. I don't have one.

Have you tried reading up on the Debian RT system? There's a generic read only login that'll get you access.

That's too hard. Can't you just give me the details?

Damnit. It appears the read-only login details are currently disabled due to misuse (one wonders how). Try reading http://wiki.debian.org/rt.debian.org

Why are you using RT? Isn't bugs.debian.org more appropriate?

We need the ability to for people to contact us is in a private fashion, for example if they need to us to remove a key because it's been lost or compromised. We could only use RT for that purpose and use bugs.d.o for things that can be public, but this way all the information is in one place and we get to make the call about when it becomes a publicly viewable ticket.

What's with jetring? Should I send you a jetring changeset?

jetring is a tool written by Joey Hess that used to be used to manage the Debian Maintainers keyring. keyring-maint borrowed a number of good ideas from jetring but don't use it at all. We ignore jetring changesets.

So you just want key fingerprints, not attached keys?

Yes. Of course you have to make sure your key is actually on a public keyserver so we can get it. the.earth.li is a good choice (because Jonathan runs it and thus pays more attention to it), but subkeys.pgp.net or pool.sks-keyservers.net are also commonly used.

My key has expired and I want to update the key expiry date. I should email RT asking for this to be done, right?

No, you should send the updated key via HKP to keyring.debian.org. You can do this with

"gpg --keyserver keyring.debian.org --send-key "

Obviously replace with your own key ID.

I tried to send an entirely new key via HKP to keyring.debian.org, but I can't see it there. What gives?

keyring.debian.org only accepts updates to keys it already knows about. That means you can send updated expiry dates, new uids and new signatures to your existing key, but not an entirely new key.

I sent my updated key via HKP to keyring.debian.org and can see it's updated there, but the Debian archive processing tools (eg dak) don't seem to recognize the update. Why not?

The updates sent via HKP are folded back into the HKP server automatically every 15 minutes or so. They are folded into the live Debian keyrings on a manual basis, at least once a month.

This means if your key has an expiry date then you probably want to update your key at least a month before it expires.

Where can I find these live Debian keyrings?

They're what's available via rsync from keyring.debian.org::keyrings/keyrings/

This is canonical location for the current Debian Developers and Debian Maintainers keyrings.

What about the debian-keyring package?

This is a convenience package of the keyrings. It's usually the most out of date. We update it sporadically and try to ensure that the version shipped with a stable Debian release is current at the point of release. It is not used by any of the official Debian infrastructure.

Why don't you automatically update my key in the live keyring when I send an update via HKP?

We think that automatic updates of keys that allow uploads to Debian are a bad thing and that invoking a human eye at some step of the process is a useful sanity check.

Paranoid much?

Never enough.

How are updates to the keyring tracked?

We use bzr to maintain the keyring, with a separate file per key that can then be easily combined into the various keyrings. You can see the repository at:

http://bzr.debian.org/scm/loggerhead/keyring/debian-keyring/changes

Note that this is only updated when a keyring is pushed to live; the working tree may contain details of compromised keys and thus isn't public.

What's with the whole replacement of 1024 bit keys?

2 things. Firstly 1024 bit keys tend to use SHA1 as a hash algorithm, which has been shown to be weaker than expected. While we're not aware of active exploits against this updating all of the keys Debian uses is not a trivial process and it's wiser to get it done /before/ there's a known issue. Secondly computing power has moved on and we feel that upgrading to larger key sizes is prudent.

Elliptic curve cryptography (ECC) keys look like the future. Can I use one for Debian?

No, not at present. When there are tools that are part of a Debian stable release that support them we'll look into it, after discussion with the major users of the keyring (DSA, ftpmaster, the secretary).

Not going to DebConf11

2011-05-07T04:39:48Z

I'm sad to report that I won't be attending DebConf11. I'd have loved to go, but unfortunately I couldn't get the time off work due to various schedule conflicts. I'll have to find another excuse to make it to Bosnia at some point.

onak 0.4.0 released

2011-04-24T06:52:43Z

I don't normally mention the PGP keyserver I've been working on for the past 9 years, but there are a few keyserver related comments I've been meaning to make that prompt me to do so this time.

onak is the keyserver powering the.earth.li (AKA wwwkeys.uk.pgp.net). Back in February I finally enabled hkps (HKP over SSL) access to it as I promised dkg I would do back at DebConf10. I also turned on IPv6.

Most of the active keyservers out there are running SKS. I think there might be a few OpenPKSD instances as well. If you're running SKS please ensure that you have at least one address in your mailsync file, so that you send key updates to the non SKS keyservers out there - it seems that SKS requires the receiving keyserver to send out updates via email, rather than each server sending out any updates it processes to its mailsync peers. Feel free to add pgp-public-keys at earth.li - no need to contact me to do so (but you can drop me a line if you want me to send you mail updates back).

Also in the past there was a pgp-keyserver-folk mailing list, originally on flame.org, then on alt.org. Both of these have been dead for a while. I created a local pgp-keyserver-folk some time ago, but never publicised it. I believe the SKS lists are fairly active, but limited to that community, so it would be nice to have somewhere that was keyserver agnostic that admins could talk to each other.

Anyway. onak 0.4.0. Largely fixes to keyd, which is a backend daemon that handles talking to the key database. This is particularly useful for large/busy keyservers. Also a couple of fixes that make the db4 backend a lot more reliable (especially with queries that return lots of results). And various other minor cleanups. If you're one of the 3 people running it you probably want to upgrade; updated packages have already been uploaded to Debian unstable.

Why Linux? (Part 7: Support)

2011-04-17T06:46:17Z

(This is part of a series of posts on Why Linux?)

This is probably a non-obvious reason to run Linux to most people. One of the complaints I've heard in the past is the lack of support for Linux. It's not really relevant to running it on a work desktop (where support is presumably from some central IT organisation), but I believe it's a red herring. Support in the Free software world can exceed that in the proprietary by an impressive margin. And that can turn out to be useful at work, even if you do suppose the existence of central IT.

The support I've received for Linux and applications under it has been, on numerous occasions, excellent in a way I feel I could never expect from the commercial software world. And when it isn't, I have the choice of whomever I want to try and fix my problems, rather than being stuck with no options.

I have found that if I am polite, and provide useful information, and patient, I can talk directly to the developers who make the software I use. If I have a patch they will often take it from me, or use it as a basis for the final fix. If they are no longer available, or too busy, then because I have the source I can find someone else to look at the problem, or do so myself.

The chances of most large proprietary software companies giving me the time of day is low. I don't understand why small businesses think that Windows is a safer choice due to being able to get support from Microsoft.

Again using experience gained at Black Cat, at one point we had a problem with IPv6 routes being updated. Signs pointed to Quagga, Simon collected relevant information and got in contact with the Quagga devs. They investigated, realised it wasn't a problem with their code, and then proceeded to find the issue in the Linux kernel, produce the fix and pass it upstream. Within hours of us reporting the problem. I'll accept that's an exceptional response that can be matched within the proprietary software world, but not without a hefty support contract and I doubt you would have got a response other than "Not our fault, talk to the other supplier", or maybe a workaround at best.

More recently, I had a conversation about Linux and discard support, with one of the people who'd worked on it. Very interesting from my PoV, useful to my work (I ended up fixing something in our code base that led to the Linux support Just Working with our product) and I believe was useful to that developer too, in terms of providing some insight to the other side of the problem. I don't get that kind of access to proprietary software developers - while it could be argued that I know a lot of Free software people, I also know a lot of other programmers and they're just not able to be so open about things, so both sides lose out.

Or my new laptop's ethernet wasn't supported by the kernel in squeeze. I filed a bug requesting the driver be added (and pointing to the patch). The week I wrote the first draft of this article I saw confirmation that this had been done, and will be part of the final squeeze release. I think that's pretty impressive. (Thanks, Ben.)