My job: I am a software chef

November 3, 2011 in fedora, packaging, personal, rant

How often are you asked what is your job? Most non-IT people will not be able to understand packaging, dependencies, rpms and whatnot. Hell, I even had trouble explaining what I do to my ex-schoolmates from university working in a traditional corporate environments. And they are software developers.
Was that just my problem? I don’t think so. I had an epiphany while on a vacation few months back. I am almost sure the idea was not mine and it was just my subconsciousness that stole it from someone else. So what is my revelation? As you might have guessed from the title:


I am a software chef. I create recipes and prepare them.

I work in a restaurant, that we call Linux distribution. There are many restaurants, each having their own recipes, rules and so on. Some restaurants form “chains” where they share most of their recipes. In these cases there is usually one restaurant that creates most recipes (Debian is such a restaurant in its Linux ecosystem).
Each restaurant usually has hundreds of chefs, some of them specialize in few recipes (build scripts), some are more flexible. In my case I specialize in a type of recipes dealing with coffee (i.e. Java).
Every recipe starts with customer (user) ordering some meal they have heard about. I look up ingredients (upstream projects) the food is made of and start recreating recipe for our restaurant. Quite often the food is made of more recipes (dependencies) and I have to create those first. Sometimes these recipes are already being prepared by other chefs, so I just use their work for my final meal. However our ingredients can be slightly bit different from the original. For example we have cow milk, but no goat milk that was in original recipe. So I have to find a way to fix the recipe using spices (patches).
Creating recipes is only part of my job though. I also work with our suppliers of ingredients (upstream developers). Sometimes the ingredients are bad, or I have found a way to improve the ingredient so I contact the suppliers and we work together.
Third part of my job is improving cooking process (simplifying packaging). So sometimes I move some furniture around so that other chefs don’t have so much between the fridge and other places. Or I create a new mixer (tools) that speeds up mixing of ingredients.
Final part of my job is to work in a VIP part of the restaurant (RHEL). Only some customers can go there, most meals are usually very similar to normal restaurant, but each meal is tasted (tested) before we give it to customers and if they don’t like it they can complain and we bring them improved recipe.
I find this metaphor kind of works for most things to a surprising degree. For the record:
  • Package maintainers – chefs
  • QE/QA – tasters
  • Security – bouncers
  • Release engineering – waiters (sorry guys)

Do you have an idea where this came from? Or can you think of a better metaphor for packaging? I’ll probably keep updating and expanding this post as I go so I can point people to this when then want to know what I do..

Fedora RPG – Three level badge system?

October 20, 2010 in fedora, game, open source, rant

I stumbled upon one great idea on Fedora Planet. It is nothing other than Fedora RPG!

In short, it’s a system to create characters similar as they are in Role-playing games (RPGs) with levels, skill points and more.

You might think it doesn’t make sense to give contributors “points” for non-gaming activities but you would be wrong. Most communities have created ways to reward their members this way. Look no further than my favourite stackoverflow.com. It also uses badge and skill point system for various actions on the website. In one of earliest blog posts about how stackoverflow will work, Jeff Atwood shared his vision: three levels of badges (bronze, silver, gold). Each level with unique badges tailored to the purpose of stackoverflow.

I guess Fedora RPG will go a bit further in this regard. I would love to know how it will all turn out and how the levels will work. Let the games begin!

Mobile (not so) open standards

August 25, 2009 in en, linux, lock-in, mobile, problem, projects, rant

Yesterday I promised I’ll talk about why I hate mobile phones. Of course I didn’t mean all of them. Just the ones I have to deal with. Why? Well my mobile phone kind of died few days ago. I have a Nokia N73 and it’s really quite good phone even if it’s a bit old by today’s standards. You control the phone by using “joystick” kind of thing in the upper part of keyboard. I decided to include image so you don’t have to look for it :-)

So this joystick stopped working (even slightest touch would be evaluated as pushing it, therefore it was unusable). I didn’t have my backup phone with me, but one friend gave me her battered Siemens S55. So what was the problem? Well I have the same sim card for almost 10 years now. Back then only 100 contacts would fit on it. I have almost 300 contacts in my N73. So how do I get all contacts from one phone to the other? Normally I could just send them through bluetooth, but since I couldn’t really control my N73 this was out of question. I was barely able to turn on the bluetooth. I thought that I’ll use SyncML interface to get vCards from N73 to my computer and then sync them again to the S55. In the end I kind of did, but boy was that an unpleasant experience!

So what exactly happened? I installed OpenSync libraries and tools and using multisyncgui I created sync group with one side being file-sync plugin and other was syncml-obex-client plugin. Configuraion of file-sync plugin was mostly just changing path to directory where I wanted to sync. Final version looked like this:





/tmp/sync
contact
vcard30


Configuration for syncml-obex-client appeared to be much more challenging. It appears that Nokia N73 has two quirks:

  • It only talks to SyncML client if it says its name is “PC Suite”
  • It contains a bug that causes it to freeze after certain amount of data if configuration is not correct

First of these quirks is mentioned in almost every tutorial on data synchronization in Linux. However the second one caused me to lose quite some time. My Nokia N73 would freeze after synchronizing approximately 220-240 contacts. To continue working I had to restart the whole phone.In the end I found out that I need to set parameter recvLimit to 10000 in order to synchronize everything. Final setting for syncml-obex-client looks like this:




2
00:1B:33:3A:D1:37

13
0
PC Suite
1
1


1
0
0
10000
0

Contacts
contact
vcard21


So after all that I was able to get vCards from my N73 to my notebook. For every vCard OpenSync created file in directory /tmp/sync. Now came the interesting part. How to get these vCards to Siemens S55?

Simple Google search on Siemens S55 and synchronization in Linux seemed to suggest that tool most suited to do the job was scmxx. This little app is specialized on certain Siemens phones. According to some manuals it was supposed to be able to upload vCards themselves, however I couldn’t get it to work as scmxx was complaining about invalid command line arguments.After some testing I found out that it could access and change sim card phone numbers.

Unfortunately for me, my sim card has limit of 100 phone numbers, each with 14 character identifier (name). This meant I needed to convert vCards from N73 to special format that scmxx used. Mentioned format looked something like this:


1,"09116532168","Jones Rob"
2,"09223344567","Moore John"
...

First column being number of slot that will be overwritten by new information, second column is number and third one name of contact (less than 15 characters).

So I fired up vim and started coding conversion script. It didn’t take long and I had my contact in the old-new phone. There are a lot of hard-coded things in that script since I don’t plan to ever use it again but you can download it from my dropbox. Consider it public domain, and if anyone asks I didn’t have anything to do with it :-)


import os
import re

MAX_CONTACTS=100

class PbEntry(object):

def __init__(self, name, tel, year, month, day):
self.name = name
self.tel = tel
self.year = year
self.month = month
self.day = day

def cmp_pb(e1, e2):
if e1.year > e2.year:
return -1
elif e1.year return 1
else:
if e1.month > e2.month:
return -1
elif e1.month return 1
return 0


telRe = re.compile('TEL(;TYPE=\w+)*:([*#+0-9]+)', re.M)
revRe = re.compile('REV:(\d{4})(\d{2})(\d{2}).*', re.M)
nameRe = re.compile('^N:(.*);(.*);;;', re.M)
def get_entry_from_text(text):
ret = nameRe.search(text)
surname = None
name = None
tel = None
rev = None
if ret:
surname = ret.group(1)
name = ret.group(2)

ret = telRe.search(text)
if ret:
tel = ret.group(len(ret.groups()))

if surname and name:
fn = "%s %s" % (surname,name)
elif surname:
fn = surname
else:
fn = name

if fn:
ret = re.search('(.{0,14}).*', fn)
fn = ret.group(1)


ret = revRe.search(text)
year = ret.group(1)
month = ret.group(2)
day = ret.group(3)

return PbEntry(fn, tel, year, month, day)


entries = []

files = os.listdir('/tmp/sync')
for file in files:
fh = open('/tmp/sync/%s' % file, 'r')
content = fh.read()
entry = get_entry_from_text(content)
entries.append(entry)

entries = sorted(entries, cmp=cmp_pb)

i = 1
for entry in entries:
print '%d,"%s","%s"' % (i, entry.tel, entry.name)
i = i + 1
if i > MAX_CONTACTS:
break

I had my share of incompatibilities between mobile phones, computers and other devices. Fortunately most of devices being sold today use open communication protocols for sharing of data (and other stuff). Too bad people had to put so much energy into reverse engineering proprietary solutions in the past. Just ranting about this vendor lock-in could be spread on quite a few pages. Imagine having 300+ contacts and calendar information in your phone of brand X. When you are buying your new phone, you would be able to synchronize your data only if you bought new phone also from brand X. Would that affect your decision? It sure would affect mine.

Now I have a choice. After fixing my old N73 I will start looking into new phone. So far HTC Hero looks pretty cool and reviews are not half bad.

World is spinning too fast

November 13, 2008 in en, rant

And while it’s spinning faster every day (perhaps because of her?) my blog themes are getting cold and old. I wanted to write about many topics but instead I was living my life. Go figure…So first let me just post simple summary of links I found worth reading in past weeks:
There were also few others but just like 2001: A search oddysey they became outdated some time ago.

There is however one article that sparked my interest more than others in past weeks. Title of the article is “Tips for getting started in information security“. Why was this interesting to me? I have quite a few feeds in my RSS reader. Some of them are dealing with security, some with more general IT topics, some are just plain fun. My problem is that I like security as much as I like software development. It is however not that easy to find basic-level stuff that is dealing with application security. When I read about attack on Adobe Flash virtual machine my head started turning. I know thing or two about stack, buffer overflows etc. but this is just too much for me now. So I decided I have to change my approach a bit and start catching up on application security. Otherwise I will just turn to one of those old school wannabes that actually know something about everything nut not really everything about something.

Unfortunately I don’t suspect I will have much time in upcoming days for blogging but we’ll see.

We need CAPTHHA

October 11, 2008 in en, privacy, rant, security, software engineering

I am pretty sure everyone has seen CAPTCHA (Completely Automated Public Turing test to tell Computers and Humans Apart) before. Maybe you didn’t know the (full) name but you have encountered it when registering accounts, posting comments or accessing some parts of web. You know, those annoying things that are exercising your ability to recognize distorted words with weird backgrounds.

CAPTCHAs are used to protect against automated attacks. For example automatic registration of new users on Gmail would create great opportunities for spammers. CAPTCHAs are mostly working, even when they get “hacked” from time to time. The biggest problem? They are reaching levels where even humans are having problems reading the letters. I still have nightmares when I remember CAPTCHAs used on RapidShare. Telling cats from dogs was not that easy for me somehow. I am not sure about “hackability” of reCAPTCHA, but as far as usability goes, it’s one of the best ones for me. Too bad only a few sites are using it.

The main problem of CAPTCHAs is not the complexity but relay attacks and human solvers from 3rd world countries paid for solving thousands of CAPTCHAs a day. What we really need is CAPTHHA (Completely Automated Public Test to tell Humans and Humans Apart). Computer science is far from being able to tell humans with “clean” intentions from those being paid to get past the defences. One solution would be to issue certificates of “humanity” signed by central authority. You could then ban users that were misusing their certificates. There are of course privacy and security problems with this approach, not to mention financial “issues”, so I guess this is not how it’s gonna work.  Other approaches have also been tried, but they usually have problems with disabled people. I am certainly interested how Computer Science solves this problem.

GFuture

October 3, 2008 in en, google, rant

I’m slowly starting to feel like Google Fanboy(tm), but Big G has made an interesting announcement recently. Dubbed “Clean Energy 2030“, proposal tries to encourage several ways to achieve usage of “clean” energy by year 2030. I suggest you read it, especially if you like sci-fi. Basically they suggest 3 complementary things to do:
  1. Reduce demand by doing more with less – in other words energy efficiency.
  2. Develop renewable energy that is cheaper than coal (RE
  3. Electrify transportation and re-invent our electric grid.
Of these, first two seem OK. But electrifying transportation? Especially in US where you cannot buy car with engine less than 2000cc? I will watch closely. I still remember those sci-fi movies that showed flying cars in year 2000 and I am still dissapointed there are almost none.

I would love to see future come sooner, possibly while I’m still alive, but I am a little bit sceptical. Google might chip-in with generous 45$ mil this year, but will goverments follow? I doubt it. Still, hope dies last. I still have this dream of Earthlings being one big nation where it doesn’t really matter which part of Earth are you from. It just matters you are not from Qo’noS or Minbar. And this “cheap energy for everyone” initiative reminds me of these dreams. Oh well, one can dream.

Google Chrome mass betatesting

September 16, 2008 in en, google, rant, security, software, software engineering

Google released its own Web browser called Chrome few weeks ago and whole web was buzzing with excitement since then. They did it Google style. Everything is neat, clean and simple. And quite a few features are also unique. Google engineers obviously put a lot of thought into scratching their itches with web applications. Javascript engine is fast and whole browser is created around the idea that web is just a place for applications. One of the most touted things about Chrome were its security features. You can read whole account of basic Chrome features on its project page.

In Chrome each tab runs as a separate process communicating with main window through standard IPC. This means that if there is fatal error in handling of some page (malicious or otherwise), other tabs should be unaffected and your half-written witty response to that jerk on the forum will not be lost. Chrome also has other security enhancements, that should make it more secure. I said should. Within few days of Chrome release several security vulnerabilities surfaced, ranging from simply annoying DOS to plain dangerous remote code execution.

What caught my attention was bug that enabled downloading files to user’s desktop without user confirmation. It was caused by Googlers using older version of Webkit open source rendering engine in Chrome. Integrating “foreign” software with your application can be tricky, especially if you have to ensure that everything will be working smoothly after the upgrade. In that respect, it is sometimes OK to use older versions of libraries. As long as you fix at least security bugs. People write buggy software. Google engineers included. I am just surprised that they don’t have any process that would prevent distribution of software with known security vulnerabilities to the public.

And that is the main problem. Chrome is beta software. Because of this, bugs are to be expected. But Google went public with Chrome in the worst possible way. They included link to Chrome download page on their home page, making hundreds of thousands of people their beta testers. People who have no idea what “beta testing” actually means. They just know that Google has some cool new stuff. So let’s try it right? Wrong. Most of us expect our browser to be safe for e-banking, porn and kids (not necessarily in that order). Unfortunately Chrome is not that kind of browser. Yet. I am pretty sure it is gonna be great browser in the future though. But right now Google should put big red sign saying “DANGEROUS” in the middle of Chrome download page.

Until Chrome becomes polished enough for Google to stop calling it “beta“, it has no place on desktops of common computer users. Even oh-so-evil Microsoft doesn’t show download link for IE8 beta on their main page to promote it. Mentioned issues aside, Chrome really sports few good ideas that other browsers could use as well. Try it out, and you will like it. Then go back to your old browser for the time being.

Google copying ideas?

September 11, 2008 in en, rant

Google’s Marissa Mayer (head of Search Products & User Experience dep.) today wrote blog post about current limitations of search and possible future improvements. All in all very interesting article where she compares current search to biology of 16th-17th century.
[search is] a new science where we make big and exciting breakthroughs all the time. However, it could be a hundred years or more before we have microscopes and an understanding of the proverbial molecules and atoms of search. Just like biology and physics several hundred years ago, the biggest advances are yet to come.

I can only concur. Search is relatively easy for tech savvy people. But the common mother of three will have problems formulating her search queries and picking right keywords for the job. There is still a lot of work ahead of Google it’s search boffins.

What made me write this article though was this excerpt:

Our presentation is still very linear (the results are just a list) and even (no one result is more important or larger than the next). What if the results page began to transform radically to really harness these different types of results into something that felt much more like an answer rather than just 10 independent guesses? What if results pages pulled the best media together and laid it out such that the most useful content was not only first but largest? What if we laid out content in columns to use more of the width available on newer, wider screens?

Does it remind you of anything? To me it does. Few weeks ago there appeared a new player in search engine wars. It’s name is Cuil. It does exactly the things that Mayer is thinking about changing. Multiple column results, (mostly) relevant media added to search results and completely different layout. Google has lot of smart people, so I would not be surprised if they were working on revamping Google homepage completely for some time. But the timing of these ideas is not very convincing for me. In the end it’s the end user who wins because we should not care about the search engine, but the results.

Stumbleupon password policy

September 10, 2008 in en, rant, security

I already wrote one post about passwords few weeks ago. As much as we would like to, passwords are not going away in foreseeable future. But it seems I found something worth mentioning again :)

Recently I started using stumbleupon. For those who don’t know this site I provide short description from their main page:

StumbleUpon discovers web sites based on your interests. Whether it’s a web page, photo or video, our personalized recommendation engine learns what you like, and brings you more.

It’s basically social networking site for link rating and exchange. It’s a nice way to discover yet unknown gems of the Interweb. Just stumble around :)

Here’s what sparked my interest. After registering with the site I received following email:

StumbleUpon

Discover new web sites

Hi xxx,
Thanks for joining StumbleUpon! Please click here
to verify your email address:

http://www.stumbleupon.com/verifyuser.php?email=3Dxxx%4=0gmail.com&verification=3Dd6z505kjmtjox3

Here are your login save this information and
store it securely:

Email: xxx@gmail.com

Password: MY PASSWORD IN CLEARTEXT

...
...

What the hell are they thinking? Sending cleartext password through email is not acceptable for quite a few years now, especially for large public websites. There are other options when users forget their password, for example:

  • resetting password to random one that is usable only once,
  • using control questions, i.e. “What was the name of your first pet?”. They are not very secure, but still better then cleartext passwords.
  • lots of other options (google training for the readers :) )

Maybe they count on Stumbleupon being low-risk site, where losing account is not dangerous to your online identity. But they obviously forgot that most users use the same password over and over again. So their password for Stumbleupon will be the same as for their Gmail account, and that will be the same as xy other passwords. I am only fortunate that I stopped recycling passwords long time ago. Shame on you Stumbleupon!

End of the world is not here yet

September 10, 2008 in en, rant

Hooray! The world didn’t end today. If you’ve been living under a rock (or you are not interested in these things :) ) then you may have missed that today morning the LHC started working. Goal of the whole project is to create really small Big Bang.

You can easily guess why some people consider these experiments dangerous. The general consensus among scientists was that it’s safe. But not everyone is sure. It’s almost like with first tests of nuclear weapons. Edward Teller, Hungarian scientist, was concerned that nuclear testing in atmosphere could ignite it, and burn everything (I mean EVERYTHING). The speculation was later refuted by more-less mathematical proof, that it’s not possible. I would say that in the end, LHC can be as important for advances of human race as was Manhattan Project. Yes, I know that they created atomic bomb, but by doing so they started revolution in nuclear energy and certainly other research areas that were not possible before.

Anyway, read at least the Wikipedia article about LHC. It’s really worth it. Or even better, I think that BBC had a LHC documentary, go watch it.

Note: I will finally have time to write some more posts today hopefully. I was too busy living my life for the past week :)