A view from the hill

When I bought a new workstation some time ago, I made sure it would have much more power than I would probably need. One reason for this was that I wanted to toy around more with virtualization. I had successfully used VMware server on a comparingly weak laptop some time ago, but opted to try out the more recent open source solutions. I looked briefly at VirtualBox but that seemed to be very similar to VMware which I already knew, so I didn't really pursue this path. Xen had caught my interest for quite a while, but it looked to me as not to straight forward to setup and as of not-so-recent time, KVM seems to be the new kid on the block that nearly everybody seems to see as the more natural solution for linux users.

What got me going was that I wanted to take a look at how far Debian Squeeze had already got. In particular, I wanted to try the amd64 bit variant, but as I quickly discovered that requires a 64bit host installation. So, off I went, re-installing my lenny system to be 64bit instead of the original 32bit system I had been using up to then, thinking that I could easily re-establish that 32bit system as a virtual system on top of my 64bit host. The general idea was to have a relatively clean host system with several guests for developing, surfing and working running on top of it.

Given the considerations above and that Debian ships with easy to install KVM packages (see the debian wiki on KVM for details), that was the way I choose. In particular, I installed the KVM and qemu packages as well as virt-manager, a graphical frontend to manage virtual machines. And sure enough, setting up a first virtual machine really looked easy: click a few buttons, decide on a few things like image size and feed the machine an installation medium of the OS to boot. For this installation medium, I choose a squeeze netinstall image. However, as I soon discovered, the squeeze guest couldn't see/access the net on boot. No problem, I thought, I'll fix it later on. Unfortunately, though, it turned out that although virt-manager claimed to provide a network card, dnsmasq and stuff was running, the squeeze guest wasn't able to see the outside world -- which is, of course, quite problematic when the guest requires network access to complete installation. The guest was provided a network interface, but it wouldn't recive an IP via DHCP and even setting routes manually didn't allow to access the net.

So I thought, maybe updating the host to squeeze might help -- as the host has a real small and lean installation, this was neither problematic nor taking much time. This time, with the new KVM and virt-manager packages in squeeze, again I had no net on installation, but I had success with regard to the network access afterwards, so I could happily install a complete squeeze system in the guest. Update:What I forgot to mention was that I fiddled around with the available virtual networks with virt-manager, adding a new network. As I recognized that the guest was using the provided default network, I deleted the additional one and re-enabled auto-start on the default one. This, however, doesn't really work: whenever I startup virtmanager, I have to manually restart the virtual net, now (no, virsh net-auto-start didn't help) and worse, I have to first manually add an iptables rule (that then gets deleted on start up of the virtual net) and restart dnsmasq. Sigh

Afterwards, I turned to re-install my private data in the guest which I had previously copied to an external USB drive. This turned out to be a bad idea. First of all, you can't easily assign new hardware to a running virtual machine -- you have to startover the guest. But second, and much more problematic, was IO time. Looking at iotop, I saw an average data transfer of 500k/sec with reads from the USB disk, which means copying a single gigabyte would nearly take forever. Compared to copying the same data from the same disk on the host, iotop showed an average of 31M/sec! I haven't as of yet tried to verified that the problem is accessing the USB or if a similar problem exists with accessing "local" disks (i.e. reading/writing to the virtio disk/image is equally slow). If it's only USB access, the problem is a lot smaller in everyday usage, but still this experience was a real disappointment. Update:In the meantime I've verified that the problem is reading from the USB disc. Reading and writing to the guest virtio filesystem is, of course, slower than IO on the host, but it's not that huge a difference.

But that's still not the end of the story. Given that I really wanted to more or less live inside my guests, I also wanted to use multimedia stuff there. That this idea might turn out to have restrictions with regard to video performance was clear to me from the beginning. However, I didn't expect that I might have trouble to have audio. It looks like the problem is best summarized in this ubuntu bug report on virt-manager and vnc: while qemu/KVM of course can hand over audio to the host, this fails when using virt-manager with VNC because the vnc viewer virt-manager is using doesn't handle audio. There are ways around this, for instance Russel Crockers advise to use Xephyr, but this a) takes even more time to setup and b) takes away the bit of comfort of using virt-manager.

So, in summary, using KVM as provided by Debian Lenny and or Squeeze turned out to be quite a disappointment. I would go so far and claim that it's not really recommandable unless you're willing to invest a substantial amount of time. I've had my fair share of trouble with VMware, too, but getting things up and running was never so troublesome as this.

ObTitle: Gorillaz, "Demon Days"

I'm using computers for quite a while and since fifteen or more years I've been using multi-user systems and the internet. Having a computer science and linguistics background, security of passwords is not exactly a new issue for me. Quite to the contrary, I've been telling a lot of my friends that using good passwords is important.

However, this week I've stumbled about some interesting pieces that shed new light on the topic for me. The first is a not exactly new article by Bruce Schneier about how secure passwords keep you safer, which contained quite some information that was new to me. It's a very interesting piece on possible approaches to break passwords as of three years ago. Now combine that with a more recent piece on using cloud computing to crack passwords and you might get an idea how important using really good passwords might have become today. The second piece that hit the same spot for me, takes known approaches to come up with a new method to let users pick their passwords -- that is, which ever password they want, unless it is too popular.

This brings me back to my current usage of passwords. Until now, I've seen my passwords as reasonably hard to break. They contain all the usual stuff, a mix of upper and lower case letters, numbers and some symbols. However, reading Schneiers article made it clear to me that not all my passwords may really be as secure as I thought they would be, so it's time to overhaul these.

In addition, I've been using some passwords for more than one site (though not for critical/important ones), to ease the mental cost of having to remember particular passwords for some sites. On the other hand, some time ago, I already started using a password manager to store my passwords, synchronizing the db over several installations. So, the cost for using unique passwords is lower as it used to be, so I'm going to correct that error, too.

What this amounts to at the end of the day, though, is a really old lesson: security is a permanent issue not a one-time shot. What once might have been enough security measure might be totally insufficient soon.

Kristian hat eine interessante Liste von Firefox Plugins. Meine weicht an einigen Stellen ab, insbesondere habe ich eben auch das ein oder andere Webentwickler-Plugin mit drin.

Long time no post -- I've been overwhelmed with work and afterwards on holidays. In the mean time, I've somehow still managed to obtain some records, but I've had no time to write any review for plattentests.de.

Let's start out with Sophie Hunger, "1983", which I first heard of on a Verve Jazz Today sampler. Her music is not easy to describe: some tracks are certainly jazz influenced, others more folk oriented and there some tracks might be guitar pop. But beware: this is not the next radio hype. A very nice record overall. (7/10)

Another lady, but a totally different style is Melissa auf der Maur. "Out of our minds", her new album after a four years delay nethertheless sounds as if nothing has happened in between. Rock with a touch of wave, but the hits are sadly missing. (5/10)

The National, "High violet" is a record I needed some time to get used to. The band not only looks but also sometimes sounds rather as if you're grandpa has gone recording an alternative album after having sucked in a great pipe of Sigur Ros, Radiohead and Morrissey -- take away nearly all of the noisy feedback, leave the slighly melancholic glistening shimmer remaining. Sometimes even iery, sometimes nostalgic, never rushed. No hit singles but a very homogenous beautiful album. (7/10)

I also have difficulties with the new Broken Social Scene, "Forgiveness record". While the alternative collective hasn't changed its style too much, I'm not as easily lurred into this one as with the previous records. And I'm also not as fascinated. (6/10)

A stark contrast is, of course, Gogol Bordello, "Trans-continental hustle". Finally, a record that smells like Pogues, but isn't irish at all. This gypsy-punk is fascinating world music (mostly) on speed. And no, they're not from East Europe. (8/10)

Die Zukunft, "Sisters&Brothers" is an album that didn't make it to being reviewed for plattentests.de, despite the fact that the band consists of several noteworthy German musicians: Bernadette La Hengst, Guz (from "Die Aeronauten") and Knarf Rellöm. Pretty strange and interesting texts throughout, but the mix between chart aiming dance pop, soul and rock'n'roll leaves me uninspired. Pretty difficult to judge overall. (5/10)

Pavement, "Quarantine the past" is starting the section "records from the crypt", although the record is from 2010. But it's a best-of album of one of the most influential alternative bands of the late 90s/early 2000s. In hindsight, I can't say I enjoy the slackness of most songs. This doesn't imply that the album isn't worth the money, though, quite to the contrary. (7/10)

Pennyless People of Bulgaria, "Velocity" is not new, it was released in 1993. I recently found this record by chance in my local record store and immediately bought it. If you like Husker Du-style punk/Bob Mould rock from the no-longer hardcore area, this record as well as it's even greater successor "Mould" is definitely worth listening. (7/10)

Endlich mal wieder 'ne gute Nachricht aus Freiburg: netzpolitik.org zitiert den Freiburger Chef des Max-Planck-Institus für ausländisches und internationales Strafrecht Hans-Jörg Albrecht im aktuellen SPIEGEL, der die aktuelle Debatte um die ach-so-schrecklichen "Wir-werden-alle-STÖRBEN!"-Rufe nach dem Urteil des Bundesverfassungsgerichts kommentiert, dass die deutsche Umsetzung der EU-Richtlinie zur Vorratsdatenspeicherung nichtig sei und hohe Hürden bei einer erneuten Umsetzung zu beachten seien:

Er hält sie für “leicht hysterisch, politischen Interessen geschuldet und überhaupt nicht nachvollziehbar”. Die aktuelle “Panikstimmung” sei “durch keinerlei Hinweis aus Forschung und Praxis belegt”, sagt er.

Das passt auch sehr gut zu den Fakten zur aktuellen Diskussion um die Vorratsdatenspeicherung auf netzpolitik.org, die einen schöne Zusammenstellung der schönsten Panikmache-Schlagzeilen und Antworten darauf bietet. Erwähnenswert ist in diesem Zusammenhang auch, die Darstellung von Frank Rieger vom CCC in der FAZ, die noch vor dem Urteil erschienen war und die die Grundlage der Bewertung des BGH nochmal sehr schön zusammenfasst.

Es gibt diese Woche aktuell zwei schöne Meldungen aus Datenschützersicht: EU-Parlament kippt SWIFT-Abkommen. und Schwarz-Gelb rückt von Internetsperren ab. Das klingt erstmal prima, denn es bedeutet, dass es keine offiziell genehmigte Lieferung von Bankdaten im großen Stil von der EU in die USA geben wird und "man" vielleicht doch nochmal drüber nachdenken wird, ob das Löschen von Kinderpornographie dem leicht zu umgehenden Sperren der Webseite vorzuziehen ist. Man könnte also auf den Gedanken kommen, dass die ganzen Diskussionen im letzten Jahr nun endlich nach Abklingen des (Bundes-)Wahlkampfgetöse zu einer Einsicht bei unseren herrschenden Volksvertretern geführt haben.

Aber so einfach ist die Lage dann leider nicht. Kommen wir zuerst zum Thema Internetsperren: Im Endeffekt ist der Stopp für Zensursula-Stoppschilder zweifelhaft, wie die Kollegen bei netzpolitik.org in Bundesregierung will Zensursulagesetz, aber es nicht anwenden detailierter ausführen. In der Tat ist es momentan so, dass wir bisher nur Meinungsbekunden und Ankündigungen haben, aber noch nichts greifbares. Wie so was laufen kann, sieht man ja bei der Diskussion um die Hotelier-Steuererleichterung: Auf die Einsicht, dass man da vielleicht nicht so ganz glücklich agiert hat, kommt schnell ein "Weiter so", denn jedwedes Eingeständnis eines Fehlers könnte ja schon im nächsten Wahlgang (NRW im Mai) wieder Stimmen kosten. Und man darf nicht vergessen, dass an anderer Stelle (Jugendmedienschutz) gerade eine ganz ähnliche Stoßrichtung verfolgt wird. Kristian Köhntopp hat dazu eine gerade zu besorgniserregende Analyse zum geplanten Jugendmedienschutz-Staatsvertrag verfasst, die sehr plausibel völlig andere Beweggründe für das geplante Vorgehen nennt: Das geht von wirtschaftlichen Interessen von Medienherstellern über den elektronischen Personalausweis bis zur Einrichtung/Stärkung einer Zensurinfrastruktur.

Man erlebt ja auch ein Deja Vu beim Thema Software-Patente: Die entsprechenden Lobbyisten haben sich nach ihrer Niederlage vor einiger Zeit zu einem erneuten Angriff formiert, so dass es eine erneute Aufforderung zum Widerstand (sprich: Petition gegen Softwarepatente) gegen die neuerlich Auflage einer Einführung von Softwarepatenten auf EU-Ebene gibt. Kommen wir zu SWIFT: Liest man mal den Bericht bei Heise zum Kippen des SWIFT-Abkommens, dann findet man da schön aufgelistet, mit welchen Tricks man noch versucht hat, das heutige Ergebnis zu verhindern. Und Verhandlungen über ein neues Abkommen sind schon konkret anvisiert -- das klingt nicht danach, als wäre das Thema vom Tisch. Man wird aufpassen müssen, dass man nicht mit wachsweichen Alibiformulierungen den anvisierten Status quo doch noch durch die Hintertür etabliert.

"Man" sind dabei eigentlich alle, die verstanden haben, dass die Meinung "ich habe doch nichts zu verbergen" nicht zielführend ist. Und wer das noch nicht verstanden hat, dem sei der folgende Artikel von Christiane Schulzki-Haddouti bei heise online über die Gefahren der Vorratsdatenspeicherung empfohlen.

Die interessante Frage ist jetzt, was erleben wir da diese Woche eigentlich mit den scheinbaren "Niederlagen"? Im EU-Parlament ist es womöglich hauptsächlich zu einer Ablehnung von SWIFT gekommen, weil der vorausgegange Schachzug der Kommission, das Abkommen schnell an den Abgeordneten vorbei (vor der Konstitution des neuen Parlaments) zu installieren, möglicherweise zu einer Art Revange geführt hat. Dann wäre die Ablehnung nichts anderes als ein Winkelzug im Machtspiel zwischen Kommission und Parlament und somit von wenig Wert für eine Neuauflage. Spannender noch ist jedoch die Ankündigung von Schwarz-Gelb: Ist das ein Zugeständnis seitens der Konservativen an die sog. Liberalen, die dafür im Gegenzug etwas anderes durchgehen lassen? Zum Beispiel eine Einigung beim Einsatz von Nackscannern? Das wird man wohl abwarten müssen, aber spekulieren ist erlaubt und aufpassen explizit erwünscht.

While this year is still young, I just finished writing my second review for the (German) plattentests.de. But it's been some time since my last post, so I'll also go over records from the last months that I hadn't mentioned previously.

One of the nicer surprises of last year was the new album by the Editors, "In this light and on this evening". Much less reduced pathos in comparision to their last album "An end has a start" (see my more detailed discussion of the old record here). And they still try to find new ways to vary that one old song. (8/10)

The same can not be said for Dial M for Murder!, "Fiction of her dreams", which I received for review for plattentests.de. They, too, are in the Interpol/Joy Division/etc.-sound-a-like genre, but the singer has a sometimes unnerving voice. Add 80-style keyboards and you have a record that nobody misses a review for. (5/10)

But it can get even worse: Echo & the Bunnymen, "The fountain", which I reviewed in more detail for plattentests.de, is a real disappointment, especially as their former album was a real nice comeback for this 80s heroes of guitar wave. This time all they come up with is another weak attempt of becoming the little brother of the Simple Minds. (4/10)

The Church show on "Untitled #23" (also reviewed for plattentests.de) how to just keep going constantly without losing credibility over a time about as long as the Bunnymen. A nice trip into the blue sky between the green earth and the dark cold universe, as usual. (6/10)

And the last of the records I reviewed last year, was The Xx, "The Xx" which is a very reduced low-tone record with a very nice, although cold ambiente. The young couple are not really comparable to, say, the White Stripes, as their music is much more electronic, although they are clearly grounded in alternative music. A very concise and atmospheric record, but also sometimes a little too cold and without much variation. (7/10)

But 2009 had even more to offer: The great Sonic Youth also made a new record, called "The eternal". What can you say? You get what you can expect, basically. I find the record more interesting than the last one, which is in part because the guitars are this time often so catchy instead of noisy. It's probably safe to call "The eternal" the most poppy sounding record Sonic Youth have made so far. (8/10)

Of course, I couldn't ignore Them Crooked Vultures, "Them Crooked Vultures": If there has ever been an Alternative super group, this is probably it. But the nice thing is that it's also a fantastic rock record. (8/10)

The first record for review this year was The Black Box Revelation, "Silver threats". These two guys make music somewhere between alternative rock and blues ala Jon Spencer, and nobody will be missing anything (instrument-wise, I mean). Overall, a fine record, although some songs are a little bit overdone. (6/10)

Finally, my review of the Die Aeronauten, "Hallo Leidenschaft" is just online. This Swiss band makes German pop roughly according to the so-called Hamburger Schule (school of Hamburg), which means that you can intelligent texts and catchy guitar takes. But the Aeronauten add a lot of brass sounds and do a lot to not get stuck with this not exactly new style. (6/10)

When I got a Handspring Visor (a Palm Pilot offspring) roughly ten years ago, I was amazed about all the nice things you could do with the device. I even wrote a German version of the visor linux howto, although I never really finished it. What I especially liked was the possibility to install a ssh client and use it to connect on the push of a button to my workstation -- which I took to good use several imes when my Xserver went beserk. Unfortunately, over time the major incentive to use the thing, syncing calender and address book vanished, as it turned out to be a major hassle when the main calendar to sync with was Lotus Domino. So, since some years my trusty Visor has only gathered dust. But even back in 2000, it was clear to me that the Palm Pilot would only be the starting point and that at some time in the then-unknown future, we would have small devices that would allow issuing phone calls, taking pictures, listening to music as well as providing the "usual" features of handhelds.

Back then, I didn't really think about when exactly that device would arrive but I think the time has come finally. Some days ago I bought a Nokia N900, which is a mobile device running Maemo on top of a Linux kernel on an ARM platform (see this overview of the hardware for more details). This is really a neat little gadget which is really as close to my ten year old dream as you can get: It comes with mobile phone capabilitiy, UMTS and wlan connection, 5MP camera, media player, RSS feed reader, etc. and also has a quite usable sliding keyboard. It's not really a mobile phone but a pocket computer which you can also use to call people with, which shows for instance in that most applications require the device to held in landscape position.

Of course, what's most interesting to me is the software on the device. Basically, Maemo 5 is a linux distribution based on Debian technology, e.g. apt/dpkg and friends work as expected. You don't get all of your favourite linux applications of course, but still there are quite a lot of the regular stuff you would expect. This includes the mobile version of Firefox, Fennec, vim, OpenSSH (client and server) and even Emacs. Being the geek that I am, nearly the first thing I did was a remote login via ssh from my workstation on the N900 (also see this overview of USB networking on the N900). Native maemo applications are typically developed with Python and GTK, although that is probably going to change for Maemo 6 (Nokia has announced it favours Qt over GTK). The community seems quite active, too: just shortly, a port of Clisp (a Common Lisp compiling to byte code) was announced (including a running Swank backend, so you can connect from your development Emacs remotely), although I imagine that the development environment for Python is, generally speaking, more advanced (for Maemo development, this is). I haven't looked any closer into developing for Maemo up to now, but it surely looks interesting.

ObTitle: Gossip, "Music for men"

It's this time of the year again: Jahrespoll @plattentests.de again. You can still participate until 31. December 2009 and maybe win one out of 25 packages with CDs, shirts etc.

Here are my votes for this year:

When I upgraded lately, my old fbpanel configuration was broken. I basically stumbled over Debian bug #288594, my old configuration as well as the system default pointed to a no longer existing /etc/fbpanel/menu file. So, my fbpanel no longer showed a menu. Sure enough, my WindowMaker has its own menu, so it was not much of a hassle. The broken menu entry (I just edited out the reference in my .fbpanel/default) annoyed me nethertheless, so I gtfn[*] today and found the missing info: in order to include the system menu, you just have to include a systemmenu entry. My menu referencing section now looks like this and I have a working menu again.

Plugin {
    type = menu
    config {
	image = /usr/share/icons/gnome/16x16/places/gnome-main-menu.png
        systemmenu {
        }

	separator {
	}
        
        item {
            name = terminal
            image = /usr/share/fbpanel/images/gnome_terminal.svg
            action = /usr/bin/x-terminal-emulator
        }

    }
}

ObTitle: The Mighty Mighty Bosstones, "Let's face it"

[*] gtfn: googled the friendly net

Gestern abend hat die ARD zum zweiten Mal Frank Schirrmacher ausladend Gelegenheit gegeben, sensationsheischend Werbung für sein neuestes Buch "Payback" zu machen: Er war zusammen mit Jauch bei Beckmann zu Gast und beide ließen sich über die "Reizüberflutung", "Abhängigkeit" durch das "Internet" und die "Durchleuchtbarkeit des Menschen durch die Maschine" aus.

Liebe Freunde des gedruckten Wortes auf totem Holz: get a life. Ganz ähnlich wie Kris habe ich das Gefühl, mal wieder einigen Leuten vom falschen Planeten oder aus dem falschen Jahrtausend gesehen zu haben. Nur mit dem Unterschied, dass die zwei da gestern das "in letzter Zeit" das "Internet" entdeckt haben und nun erhebliche Anpasssungsschwierigkeiten haben -- so wie die Leute, denen man früher die Schreibmaschine wegnahm, um sie mit einem Computer zu ersetzen. Der größte Witz dabei ist, dass die beiden Intellektuellen offenbar auf ihrem ureigensten Gebiet verlieren: Wenn man als Bildungsbürger (oder deren Wissensikone) eines gelernt haben sollte, dann ist das die Filterung von Informationen. Es gibt keinen Zwang das mitzumachen, was die beiden da als Gefahr sehen: Weder muss man den ganzen Tag online sein und sich von jeder Email ablenken lassen, noch muss man alle Geheimnisse irgendwelchen Firmen anvertrauen und man kann auch weitere als nur die ersten drei Suchtreffer anklicken. Das ist allerdings überhaupt nichts neues, denn auch schon früher musste man nicht jeden klingelnden Anruf direkt annehmen, nicht seinen Namen usw. bekannt machen, wenn man ein Buch suchte, noch seine Bankverbindung jedem mitteilen, dem man nach dem Weg fragt. Wenn noch nicht mal gestandene Medienleute in der Lage sind, Suchergebnisse kritisch zu hinterfragen und gegenzuprüfen, dann gute Nacht. "Warum wir im Informationszeitalter gezwungen sind zu tun, was wir nicht tun wollen, und wie wir die Kontrolle über unser Denken zurückgewinnen" (so der Untertitel von Schirrmachers Buch) -- ja, mein Gott, das Hirn nicht abschalten, wenn man den Rechner oder das Handy einschaltet.

Aber ja, natürlich ist es so, dass heute viele Leute all das Unsinnige tun (nur den ersten Link klicken, alle privaten Geheimnisse rausbrüllen). Das sind aber die gleichen, die schon früher jede Schlagzeile der Bildzeitung geglaubt haben, die "keine Geheimnisse", weil sie ja eh nichts zu verbergen hatten und die auch in der Bibliothek/Buchhandlung ohne Unterstützung hoffnungslos von der schieren Menge der erhältlichen Bücher erschlagen waren. Wenn Schirrmacher dann fordert, dass wir heute in der Bildung mehr auf die Förderung des Denkens achten sollten als auf das bloße Faktenwissen, dann, aber auch genau nur dann, kann man ihm nur zustimmen. Warum er aber scheinbar glaubt, dass diese Fähigkeiten irgendwie besonders durch die Allgegenwärtigkeit von Rechnern, Internetzugängen und Informationen aller Arten gefordert sind, man diese im Umkehrschluss sonst aber nicht braucht, ist mir schleierhaft. Aber nicht nur mir, auch die Welt titelt schön Jauch und Schirrmacher scheitern am Internet und es war auch (natürlich, war ja Beckmann) keiner da, der ihnen hätte helfen können. Es kam zwar alibiweise ein Blogger (dessen Name ich mir leider nicht gemerkt habe) für ca. 15 Sekunden per Spot für einen (sehr treffenden) Kommentar zu Wort, aber dessen Vermutung, dass Schirrmacher "Angst vor dem Verlust der Deutungshoheit" hätte, wurde von diesem gleich beiseite gewischt.

Bleibt die Gewissheit, dass ich mein müdes, vermanschtes Gehirn gestern abend besser zur Ruhe gebettet hätte anstatt es dieser "wahnsinnigen Flut" an Nicht-Informationen und (Buch-)Werbemüll auszusetzen. Aber immerhin habe ich es nur versäumt, die Flimmerkiste auszuschalten, nicht das eigenständige Denken und Handeln.

PS: Noch ein Wort zum Thema "Manipulation des Wissens der Menschen durch Suchinformationen" sei gestattet. Ja, ich benutze Suchmaschinen. Meistens Google. Aber nicht nur. Die meisten Informationen, die ich aus dem Netz ziehe, werden originär erstellt. Die Informationsanbieter sind dabei durchaus klassische Medienproduzenten (wie etwa Zeitungen oder Nachrichtenproduzenten), aber natürlich auch eine Menge an anderen rein im Internet vertretenen Anbietern, Blogs wie netzpolitik.org oder diverse sog. Planets und News-Aggregratoren etwa. Was ich lese, entscheide ich dabei absolut gleichwertig wie bei herkömmlichen Medien anhand einer von mir aufgrund von Rezeption zugesprochenen Vertraubarkeit/Verlässlichkeit (engl. Credibility).
Natürlich lese ich nicht alles, was da alles produziert und angeboten wird. Nicht irgendeine Maschine entscheidet für mich, was relevant ist, sondern ich mache das. Aber natürlich nach einer Vorfilterung, was aber wiederum nichts neues ist, denn auch die Zeitungsmacher entscheiden etwa für mich, was ich am Morgen lesen kann. Insofern ergibt sich da für mich keine neue Situation, ich muss genau wie vorher versuchen, ein vielfältigen Blick auf eine bestimmte Information zu bekommen, um sie verlässlich bewerten zu können. BTDT.

Via Lambda the Ultimate I came across an interesting article On data abstraction, revisited by William Cook, written for OOPSLA'09. It carefully dissects abstract data types from objects. All theoretical considerations aside that distinguish ADTs and objects, there is one common characteristics given by Cook: you can't inspect the concrete representation of the data you're abstracting. This is in itself interesting and reminded me of two rather practical things.

First of all, I was reminded of a section in Bob Martins Clean code development which discussed the idea that you should on the one hand follow the rule "Tell, don't ask" and on the other hand have data access objects that don't have much, if any behaviour besides providing data. This is obviously directly related to Cooks article: if you want data abstraction, you shouldn't really provide any way to allow other objects/methods to access the internal representation. This somewhat also forbids getters as this is likely to lead to leaky abstraction, since more often than not programmers simply return the value of some data field, directly exposing the representation chosen. Now, please note that this does not necessarily follow from Cooks article, as it is possible to design getters in such a way that you can return whatever you want for a getter method, i.e., you can return a desired return type or an object satisfying a particular interface. For me, the relevant point here is the way of thinking about the kind of object at hand: do I want some behaviour (aka Cooks objects) or do I want a data sink. In the former case, and in line with what is suggested in the clean code book, it is arguably the best way to tell the object to do what is necessary rather than to inspect (get) the data it holds and do it externally in some other object/method. But even in the latter case, I think it is important to give great attention to hiding the internal representation from external access and to only allow very focussed access to the data itself. It could and has been argued that restricting the access to the stored data via getter methods is tedious (see e.g. the discussion in getters/setters/fuxors) and that allowing public access to members is allright, but looking at the issue from a data abstraction point of view it simply boils down to the question whether you want or need data abstraction or not.

Second, I've recently seen these two postings on the merits of the Zope Component Architecture: The emperors new clothes and the reply The success of the ZCA. Malthe asks why one should use the ZCA to override the use of a particular implementation with another instead of using some kind of reloading (or rather says that the latter is the preferrable approach). Relating this to Cooks article, Malthe could be paraphrased roughly as: we have ADTs all over the place and we only should allow only one implementation per ADT (this is what the type system would guarantee in other systems). If you want another implementation (of some interface, as Cook shows for his objects), you should reload the object defintion with the one you want. The use of the ZCA, however, is directly related to the very idea of object oriented programming in the way Cook defines it: you only have interfaces that are the relevant defining characteristics of objects (values) and hence, the use of the ZCA is the way to deal with multiple implentations in Zope (or Python). For me, all I can say is that I'm happy that the ZCA and hence the ability to easily intermingle multiple implementations is there (then again, with me reading computer science theoretic articles I'm arguably not of the angry web designer type whose benefit Malthe is arguing for).

There is another, more puzzling aspect of the article to me. After some considerations, I have to conclude that of all OO languages I happen to know, it's really only Java that seems to be object oriented in Cooks view of the world. This is because in Java, you can define a method to return objects satisfying an interface. In addition, in dynamically typed languages like Python, Ruby, or CLOS, you could try to come away with duck typing, but it's arguably only Python which tries to take it to the heart (for instance in CLOS, most values you're gonna deal with are non-CLOS values and you even have an ETYPECASE statement, which is a switch-statement on type distinction). Funny enough, Cook finishes his Smalltalk analysis with the statement that "one conclusion you could draw from this analysis is that the untyped lambda calculus was the first object-oriented language". But besides the point how some language is "more OO" than another, there is also to the point that in order to program truly object-oriented, you shouldn't (and in Cooks world really can't) rely on type checks, because the whole point of using objects as data abstraction is to rely on behaviour.

ObTitle: Dial M for Murder, "Fiction of her dreams"

I'm a long standing user of Gnus, the Emacs mail and news reader (news as in usenet for those geeks young enough to not have used it in the 90s). I've been using Gnus in various settings whereas the latest configuration was to talk to a local leafnode NNTP server on my workstation. This was all fine and dandy and also survived several distribution level upgrades of the linux installation running on the system. However, some time ago, I bought new hardware and opted for a completely new installation. Of course, I backed up my leafnode and gnus configuration and restored it once the system was running.

Which was when the trouble started. I ran into the problem that I couldn't see any articles on my local leafnode, although I could retrieve them with other newsreaders just fine. I then opted to go and do a gnus-cache-generate-nov-databases. This turned out to be a pretty bad idea -- as a result I couldn't retrieve my mail any longer. After digging quite a lot around, it occured to me that the active file might have a problem. Indeed, it was empty. Fortunately, I could restore that quite easily, so I could access my mail again. Otherwise, however, I had gained nothing: still no news wasn't so good news. Next try: see if the server buffer tells me anything new. It did: the connection to my leafnode was open and I could even access the new messages on it this way. But this didn't have any effect on my normal group buffer.

Having learned to look around for the active file the hard way made me look into all kind of directions. Sometime in the past, I've used the agent-mode of gnus which resulted in a larger subdirectory tree in my News directory. And where which information was stored in the first place seems to have changed over time (or modifications I might to my configuration), too, so my News directory had lots of old files. After several tries and errors, I finally moved the News/cache directory out of the way and finally started to see new articles again. So, I'm now back to reading usenet.

ObTitle: Porcupine Tree, "On the sunday of life"

November is here and Ubuntu 9.10 Karmic Koala is there, too. As one of its promises is faster start-up time, I used the weekend to update my laptop (a Dell 610) which was still running Hardy (8.04). The upgrade path (hardy->intrepid->jaunty->karmic) took quite some time and I'm not entirely sure it was worth it:

- Bootup time doesn't seem to have improved, quite to the contrary. I'm mounting ntfs volumes on startup and it seems that
the new parallel bootup procedure seems to run into trouble with that.
- I lost support for fglrx, the proprietary driver for the ATI graphics. It's possible to reinstall the package, but modprobing the module gives a "failed to allocate memory" error. Hence, no "graphics effects" (aka) compiz for me.
- Gnome-Shell isn't installed by default for me.
- The xemacs21-mule package postinstall script fails. This has the not exactly nice side effect that the upgrade procedure decided to quit after installing new packages, which means that it didn't clean up the cruft left behind from the old installation and also didn't boot into the new kernel.
- The update to grub2 didn't honour my old selection for which OS to boot by default (the laptop is mostly used by family members who prefer alternative systems).

And as always on Ubuntu update, a lot of crap that I got rid off previously, gets reinstalled. Like fspot, tomboy and wvdial, to name but a few. I can't help being reminded of adware.

Update:Turns out that newer fglrx modules don't support my ATI Radeon Mobility 1400 any longer (since jaunty, that is). To get GLX working, I had to un-install everything related to fglrx and re-install mesa. What I learned again the hard way during me fiddling with my old xorg.conf is that gdm is a real PITA if you have no working X configuration. What really annoyed me, though, was that status messages from dosfsck hosed the recovery (boot) mode in that the keyboard became unusable. Worse, my hard configured wlan setup at boot time is currently not working anymore, I can connect to my WiFi only through network manager. But without X I couldn't startup network manager, of course, so I also could't do a remote login. And the Wifi connection is really flakey whereas it had been stable ever since with the older hardy installation. Probably a driver issue. Update 2: Various forum entries suggested using backported modules for wifi, including a newer version of the iwl3945 driver. However, this didn't solve my problem. Another entry suggested switching to wicd instead of NetworkManager. And yes, indeed, my wifi problems are gone now.

ObTitle: Gorillaz, "Demon Days"

If you just stumbled over this blog entry searching for what the heck all that buzzing about agile methods amounts to, I may have unfortunate news for you: An agile approach to development might for a lot of people all over the world, but may be not for you. For starters, take a look at the agile manifesto and its principles. These have quite a lot of implications, directly translating into presuppositions about you, if you wanted to participate in an agile development project.

Now, perhaps you're the well communicating, team oriented developer type who happens to work in a surrounding which you respect and general feel well motivated. But real life experience with your typical geek or ex-geek-turned-professional-developer suggests that having a hard time with direct communication, face-to-face, happening very often with those pesky guys and girls you don't really like is a more likely scenario ("Eeek, those business and marketing people" anybody?). Now, you might say, baah, I know some communication is a necessary evil of professional software development, but maybe I can get away with my old habits of trading documents (specs, bug reports, etc.) against direct communication, since that is the trusted old way and what do you mean by face-to-face communication being more effective? Everybody hates those horrible meetings eating up all your time, right?

The point is that if you're wanting to go agile you should better soon adapt your view or else you won't see any of the promised benefits of all of those agile processes. Agile development is not only about using test driven design, timeboxing, iterations and releasing often. More than anything else, agility is about how people effectively interact with each other as quickly and direct as possible in order to come to solutions. To me, this basically boils down mainly to three issues: adaptability to (changing) situations, an open mind toward communication and taking responsibility for the project at hand.

Being lazy, sticking bone-headed to "trusted paths", not seeking confrontation when it's needed, avoiding communication because of being too busy "doing" is the anti-pattern to agility. You could keep a product and sprint backlog, present new features every other week to your customer and even use continuous integration and still would be muddling in pseudo agile, doomed to fail water. What I would suggest is that you should revisit the agile manifesto and think about what those principles might imply for you and your current behaviour. Let's try an example: If you find that you might end up pointing fingers at your customer (or product owner to use the terminology from Scrum) because he won't behave as demanded in the agile manifesto, you should reconsider if that fits in with what the agile manifesto demands of you: you wouldn't do the project any good. You would build up frontiers where there should be a single team including the target of your pointed finger. This is not to say that you shouldn't point out the defect, no communication about problems is another all too familiar reason for frustration and lack of commitment. What is necessary is direct communication and finding a way that works for all people involved.

Let me sum up this posting: if you're interested in agile approaches to software development, that's fine. If you don't feel comfortable about what this might imply for you, that's fine too. But it might also tell you that agile development approaches might not work for you.

Update: Irionically, I stumbled via Infoq about the one essential agile ingrediment which says all about it much nicer than I ever could have done, only that Mark Schumann shows the confidence that agile works for the most part whereas I hold the more pessimistic view that it's not going to work for some, but for exactly the same reasons.

ObTitle: Hermann Hesse, "Steppenwolf"