Author: Daniel Mettler

talking about hacked debian (btw. isn’t it typical that the pgp signature was missing in the first post?):

according to ripclaw, the new debian-based linux distro adamantix (formerly known as trusted debian) supports package signing. nice to see that there’s finally a linux distro taking security seriously.

i tried to convince gentooers long enough to introduce package signing (the currently used portage architecture is highly insecure despite of sandboxing). i therefore made a (actually pretty simple – remember “kiss”) concept and a prototype, but i lacked interest to do the necessary clearing of the rampant portage code base (take a look at its “architecture” and source code and you know what i’m talking about ;) for a production quality implementation. several later attempts by gentoo devs to implement a production quality package signing feature for portage showed no success (probably for the same reason). now the core-devs are finally thinking aloud about a portage rewrite from scratch (this time hopefully using a more sophisticated architecture, wiser decisions and a better implementation), a thing gert suggested (and actually started doing) about 1.5 years ago already.

the trouble with package-signing is not only a technical one (implementing a secure architecture can be pretty difficult). depending on the chosen model there are also social consequences. for example my concept was to put users in control instead of devs which is the right thing to do considering that in the end, only users can decide whom they trust – through a decentrialized trust-model heavily leveraging the already existing openpgp web of trust (why re-invent the wheel?). note that my proposition didn’t make centralization impossible (you could still sign dev keys with a master dev key), but rather enabled decentralization.

one of my intents was to make secure (aka trustworthy), decentralized software development and deployment possible through a decentralized, user-centric package signing trust model. there are many reasons for this, among others (see also those mentioned above) the scalability (mostly qa) and security problems most distros suffer from.

btw recently i’ve been very pleased to read that markus aka maol seems to have a similar vision (at least regarding decentralized development and distribution) for crux :)

miguel de icaza has published his impressions of the pdc. insightful non-ms perspective.

the thing still irritating me is that since the release of the clr/cli specs the gnome/ximian ppl seem to be much more interested in clr/cli compatibility than in co-operation with kde. on one hand, the first is probably important for the long-term success of linux on the desktop, on the other hand the latter is crucial for the short-term survival of gnome/gtk as more and more distros bet on kde/qt. maybe it’s time for novell (backed by bigbrother and strategist ibm) to stimulate the kde/gnome/ximian/mono/qt/gtk co-operation as well, now as they own both ximian and suse.

hddtemp is a great little tool for all those who already experienced hard disk crashes/failures caused by overheating. to prevent future crashes, i’ve hacked a tiny bash-script, hddtempmonitor as a simple wrapper. with this script, i’m “deliberately” on the safe side – preventing a fatal disk failure has priority over maximizing server uptime (at least atm, when time is scarce). for now, it does the job it’s supposed to do, but it really should be improved (feel free to do so). some random points: season awareness, fuzzy logic, adaptation, state awareness, increasing temperature thresholds to prevent possible endless rebooting, moving average, mean, confidence interval, confidence level, combination with external temperature sensor, combination with an ids, selective process kill, command line options instead of hardcoded vars, sms gateway, logging. etc. etc.

the script is called from /etc/crontab:

# mettlerd: hddtempmonitor (hard disk temperature monitor)
*     * * * *   root    /usr/local/bin/hddtempmonitor >/dev/null 2>&1

vold volume daemon for linux:

But there already is an automounter in Linux! Why do we need this ‘vold’?
Something I did never like about the automounter is that its auto mounting is somehow special. Devices are not mounted automatically when they are available but when they are accessed. Another point that really annoyed me was that when I plugged in my Memory Stick in Windows or in Mac OS X, I needn’t do anything else – it just worked. I plugged it in on Linux and … nothing happened (as usual..). I could live with the mount process but its not only that. The device names may change if you have more that one hotpluggable device depending on which device you plug in first.

according to clemens, vold is in fact very similar to the volume daemon ‘vold’ found on Solaris or the ‘autodiskmount’ on Mac OS X. hmm.. polling/busy waiting?

i need to check it out as soon as i find some spare time (a rare thing lately and probably also for the next few months). i wonder whether there are any synergies with the new, planned devfs replacement.. possibly. perhaps an opportunity to get rid of hardcoded devices in the “scan file”.

once more i’ve noticed how much faster my old (but actually fine) vaio notebook is when running lean fluxbox as window manager instead of using full-blown desktop environments such as kde or windows. as i prefer fluxbox anyway i’ll probably keep it like this for a while.

so far, i haven’t heard anything new from apple regarding their 15.2″ aluminium powerbook screen problems. this is lousy. i don’t know yet whether i should risk ordering it anyway and let apple just fix it if required. after all, i still think that both mac os x 10.3 and the new powerbooks are great things.

in other news, my hi-fi set doesn’t work properly anymore. troubles with l/r channels, low frequencies (aka “give me bass, baby”) and the audiocd drive. that’s a pity. i think it’s time to get rid of it (yep, we’re living in a “junk society”). i’m thinking about not replacing it but re-activating my workstation’s 5.1 digital surround boxes instead. i prefer listening to web-radio (lounge-radio.ch, radio42.com etc.) anyway (much better sound, no news, broader choice, international stations, no advertisement). of course it’s also more suitable for listening to mp3/ogg, audiocd etc.. hmm.. yes, i think i will soon have my do-it-yourself mediacenter pc ;)

see heise mobil newsticker (german), linuxant press release. wrapping windows drivers is a bit ugly imho, but obviously the only solution atm. other centrino-news (german)