Skip to content

Off the list – The Pied Piper of MIT

Richard Matthew Stallman is a prolific writter and thinker. Mails he send these days start with:

[[[ To any NSA and FBI agents reading my email: please consider ]]]
[[[ whether defending the US Constitution against all enemies, ]]]
[[[ foreign or domestic, requires you to follow Snowden’s example. ]]]

Freedom matter a lot of him. So that makes sense.

But as the same time, RMS is an autocrat. He was in 2003 when he wrote:

I’d like people to understand that we are not still considering the question. It is a final decision to do this.

I will give a brief explanation. We cannot continue doing that because we have no one to maintain it properly.
This is maintained seriously. Therefore we will switch to This.

That was something he was never involved with, into he never spent a dime or a second. But as it relates to GNU, he thought he had the right not only to state his mind but to override any other opinion and ultimately decide. Because he thinks he’s right and know better, he thinks he can just have private talks with some parties and decides on his own. Well, This that he promoted turned into a proprietary software a few years later: he definitely should have know even better.

More than 12 years later, he’s still the same when he writes:

For now, please do NOT install this change.

I will talk with ThisDude about this, off the list, to find out more about the situation.

He still thinks himself entitled to make things go, begin or end. He still thinks he will find out what to do solely on his own after consulting people privately.

So although he values his freedom and values freedom in general, working with him, even in a very distant way, is just a matter of subordination. He’d make a credible science-fiction character: distopian guru, the Pied Piper of MIT.

Pied_piper

Apt-get this /scratch (apt/steam cache, exim greylist, owncloud, tumblr daily post, etc)

 

I conveniently use, since more than 10 years, one debian package to distribute over different computers some scripts, notably all the ones published here and on github (except rawdog and pxe setup – but that could change). While it’s practical for me, it’s not for anyone else since the package content is overly random.

Someone using the apt/steam cache as described on this blog can easily end up with out-of-date scripts – unless he fetch updates from git directly.

I decided to split this big package into multiples and improve the conffiles so they are more or less zeroconf.

The result is:

  • -keyring: Keyring used to signed packages along with repository set-up
  • -utils-cache-apt: APT downloads cache setup
  • -utils-cache-steam: Steam downloads cache setup
  • -utils-cloud: Owncloud setup and apps
  • -utils-exim: Exim greylist, bogofilter and spamassassin setup
  • -utils-torrent: Manage transmission via NFS/Samba
  • -utils-tumblr: Automated image post on tumblr
  • -utils-webmail: Roundcube setup and plugins
  • and some others packages that these depends on.

 

The easiest way to get anything is to first install the keyring package and then directly apt-get:

  	# wget http://apt.attique.org/stalag13-keyring.deb
	# dpkg -i stalag13-keyring.deb
	# apt-get update
	# apt-get install stalag13-...

 

Improving Qualys SSL server test results regarding Poodle attack and SHA1

Fancy being in the Qualys list of worst recent server tested for SSL? Got a T rating (A being the target)  mainly it’s due to the fact that I’m using self-signed certificates (no need to certify my authenticity toward myself), otherwise I’d get a C.

I fixed the following issues so now I get a A (ignoring self-signed):

It’s a good practice to get servers tested every now and then.

March 31th, Karen Sandler: “Financially the (GNOME) Foundation is in good shape”

I wanted to post his as a side note. But that’s a bit too much.

I dropped GNOME years ago. Back in the days when they dropped tons of cash on people creating shitty confusing companies like Eazel and HelixCode. I said Nautilus would never amount to anything and it never did. I said Miguel de Icaza was taking a very questionable path and he ended writing proprietary software. If it werent so sad, it would be kind of funny to see that nothing changed since then. Their Foundation is going more or less bankrupt while their financial reports shows that, for instance in 2012, they spent 1/4 of their resources to the pet project of their “executive director” Karen Sandler, some sexist bullshit called “Women’s Outreach” (I’m waiting for the “Black’s Outreach”, etc).

You don’t know who is Karen Sandler? Typical GNOME character. That’s just someone that never achieved anything related to computing but has been selected to be some sort of speaker nonetheless. I’m not saying only people that produced something that actually serve or served a purpose are entitled to speak. But to put people in position of “director”/whatever, at some point, there should be some knowledge, abilities, even just ideas, that makes the person stand out to be entitled to represent or lead the others.

So what could she speak of? About bad management?

More like, on GNOME.org “Announcing her departure, Karen said: “Working as the GNOME Foundation Executive Director has been one of the highlights of my career.” She also spoke of the achievements during her time as Executive Director: “I’ve helped to recruit two new advisory board members… and we have run the last three years in the black. We’ve held some successful funding campaigns, particularly around privacy. We have a mind-blowingly fantastic Board of Directors, and the Engagement team is doing amazing work. The GNOME.Asia team is strong, and we’ve got an influx of people, more so than I’ve seen in some time.”” 

Typical GNOME bullshit? Indeed: pompous titles, bragging, claiming. “Successful funding campaings”? Seriously? “Amazing work”. “Mind blowing”. It’s sad for the few GNOME developers that are worth it, because the main thing is a fucking joke.  It’s just empty words, no damn facts that matter that are even slightly true.

Not convinced? Too harsh maybe? Keep on reading. On her blog you’ll get her statement. The one quoted on GNOME.org.

“I think I have made some important contributions to the project while I have been Executive Director. I’ve helped to recruit two new advisory board members, and we recently received a one time donation of considerable size (the donor did not want to be identified). Financially the Foundation is in good shape, and we have run the last three years in the black. We’ve held some successful funding campaigns, particularly around privacy and accessibility. We have a mind-blowingly fantastic Board of Directors, and the Engagement team is doing amazing work. The GNOME.Asia team is strong, and we’ve got an influx of people, more so than I’ve seen in some time.
I hope that I have helped us to get in touch with our values during my time as ED, and I think that GNOME is more aware of its guiding mission than ever before.”

Yes, you can skip the fact that she consider recruiting advisory board members as an achievement (!!!). It seems that she thinks that a Foundation should focus on itself and not on the project it is derived of, seems that she does not even for a second mention anything that the software project GNOME would benefit of directly.

GNOME.org quoted her putting three dots and skipping “Financially the Foundation is in good shape”, and this just one week before we’re told they are definitely not.

She’s right one one thing though: now GNOME is definitely “more aware of its guiding mission than ever before”, since they are forced to cut on all unnessary expenses like the one she promoted.

I’m not sure to understand why someone smart as Bradley Kuhn recruited her at the Software Freedom Conservancy.

Synchronizing your (Roundcube) webmail and (KDE) desktop with a (Android) phone

So I finally got an Android-based phone. I thought waiting for Ubuntu/Firefox stuff to be released but my current one (Bada-based: never ever) died.

First, I learned that actually you need to lock your phone with a Google account for life. It just confirmed that the sane proper first steps with this is too remove anything linked to Google.

First place to go is to F-Droid. From there, instead of getting tons of shitty freeware from Google Play/Apps/whatever, you get Free Software, as in freedom even though I like free beer.

Using ownCloud? From F-Droid, get DavDroid. Yes, that works perfectly and is easy to set up, unlike the Dav-related crap on Google Apps. The only thing you have to take care of, if your SSL certificate (trendy topic theses days) is self signed, is to make a certificate the specific way Android accepts them. For now, they recommends to do it like:

#http://vimeo.com/89205175

KEY=fqdn.servername.net

openssl req -new -x509 -days 3550 -nodes -out $KEY.pem -keyout $KEY.key
openssl x509 -in $KEY.pem -outform der -out $KEY.crt

Apart from that, everything is straight-forward. You just add your IMAPS, CalDav and CardDav info like you did with KDE and Roundcube. And can obviously also use mozilla sync through your ownCloud.

 

Update: As described in this recent post, it’s best to use options -newkey rsa:4096 -sha512.

Replicating IMAPs (dovecot) mails folders and sharing (through ownCloud) contacts (kmail, roundcube, etc)

dual IMAPs servers:

Having your own server handling your mails is enabling -you can implement anti-spam policies harsh enough to be incredibly effective, place catch-alls temporary addresses, etc. It does not even require much maintainance these days, it just takes a little time to set it up.

One drawback, though, is the fact if your host is down, or simply its link, then you are virtually unreachable. So you want a backup server. The straightforward solution is to have a backup that will simply forward everything to the main server as soon as possible. But having a backup server that is a replica of the main server allows you to use one or the other indifferently, and definitely have always one up at hand.

In my case, I run exim along with dovecot.  So once exim setup is replicated,  it’s only a matter of making sure to have proper dovecot setup (in my case mail_location = maildir:~/.Maildir:LAYOUT=fs:INBOX=~/.Maildir/INBOX
and mail_privileged_group =   mail  set in /etc/dovecot/conf.d/10-mail.conf along with ssl = required in /etc/dovecot/conf.d/10-ssl.conf  – you obviously need to create a certificate for IMAPs, named as described in said 10-ssl.conf but that’s not the topic here, you can use only IMAP if you wish).

Then, for each user account (assuming we’re talking about a low number), it’s as simple as making sure SSH access with no passphrase can be achieved from one of the hosts to the other and adding a cronjob like:

*/2 * * * *     user   dsync mirror secondary.domain.net 2> /dev/null

The first run may be a bit slow but it goes very fast afterward (I do have a strict expire policy though, it probably helps). This is done the the primitive  way, recent version of dovecot (ie: not yet in Debian stable) provides plugins to do it.

You may as well install unison on both server and synchronize things like ~/.procmailrc, /etc/aliases or whatever, for instance:

8 */2 * * *	user	unison -batch -auto -silent -log=false ~/.procmailrc ssh://secondary.domain.net//home/user/.procmailrc 2> /dev/null

Once you checked that you can properly login on both IMAPs, it’s just a matter of configuring your mail clients.

and many mail clients:

I use roundcube webmail whenever I have no access to a decent system with a proper mail client (kmail, gnus, etc) configured. With two IMAPs servers, there’s no benefit of not having the same webmail setup on both.

The only annoying thing is not to have common address book. It’s possible to replicate the roundcube database but it’s even better to have a cloud to share the address book with any client, not doing some rouncube-specific crap. So I went for the option of installing ownCloud on one of the hosts (so far I’ve not decided yet if there is a point in replicating also the cloud, seems a bit overkill to replicate data that is already some sort of backup or replica), pretty straight-forward since I already have nginx and php-fcgi running. And then if was just a matter of pluging roundcube in ownCloud through CardDav.

Once done, you may just want to also plug your ownCloud calendar/addressbook in KDE etc, so all your mail clients will share the same address book (yeah!). Completely unrelated, add mozilla_sync to your ownCloud is worth it too.

The only thing so far that miss is the replication of your own identities – I haven’t found anything clear about that but havent looked into it seriously. I guess it’s possible to put ~/.kde/share/config/emailidentities on the cloud or use it to extract identities vcard but I’m not sure a dirty hack is worth it. It’s a pity that identities are not part of the addressbook.

(The alternative I was contemplating before was to use kolab; I needed ownCloud for other matters so I went for this option but I keep kolab in mind nonetheless)

Release: SeeYouLater 1.2

Hi there! I’ve just released SeeYouLater 1.2 (fetch a list of IP or known spammers and to ban them by putting them in /etc/hosts.deny). It now includes seeyoulater-httpsharer, that enables to share ban list  over http instead of authenticated MySQL. It’s useful for distant hosts with unreliable link to each other/to avoid having MySQL listening on public ports.

You can obtain it on the Gna! project page using SVN or debian packages.

Follow

Get every new post delivered to your Inbox.