Michal Čihař - Blog Archives for Debian

I love Spanish Railways

I never thought I will have such big trouble to buy train tickets online. Some hints for anybody who has not managed it so far:

  • Do not even try to register in English, it will fail for some obscure reason.
  • Once the thing has failed, it has so broken javascript that you have to reload it.
  • Relax your spam filters, otherwise you will not get any mail from them.
  • If you have only one credit card, you might be lost. Mine did not work and I had to use another one.
  • Be patient, when your third payment attempt ended nowhere.
  • If you are not sure whether you booked or not, you can find existing bookings under Mis viajes / Impresión.

But finally I have the tickets from Caceres to Barcelona. I'm going to manage rest on the way.

Going to DebConf 09

I finally managed myself to book the flights and ask for vacation, so yes, I'm going to DebConf 09. Will be there for whole DebConf and I will travel around Spain a bit before and after.

Going to DebConf

PS: I will come there also with new PGP keys to sign, see announcement.

Lenny Release General Resolution

Hmm, again another general resolution. Yes, but this one seems to be really tricky. During discussion, several almost unrelated options have been merged into single vote, what really does not make it easy to understand and choose preferred option. Yes they are related in the way that they will affect time of Lenny release, but I think splitting it into several votes would make more sense.

On the other side, Lenny release is getting delayed more and more and boycotting this vote also does not seem as a good choice to me. Such choice will practically delay Lenny release after another decision will be made or all firmware issues will be solved. And neither of these choices seems to be possible to happen in a timely manner...

Double check what you do

I just wanted to fix some RC bugs till I'll go home, so I looked at the list of open ones and randomly chosen two bugs about roxen fonts which looked like low hanging fruits. Both were in fact same issue, just copied to two packages.

I worked on the fix, creating some intermediate version and then I finally wanted to upload the package. Unfortunately in this step I somehow managed to use the intermediate version, which did not really fix the issue. As packages were already uploaded, there was not much I could do except yet another NMU, now with full set of changes.

Just as accepted emails arrived I also noticed that I messed up bug numbers in changelog - I used same bug number in both changelogs. Okay, manually closing the bug worked around this.

But now I'm afraid what else did I mess up. Probably it's time to go for a dinner and stop working on computer for now :-).

More fun with phpMyAdmin package in Debian

When finishing series of articles about Debian packaging and writing about dbconfig-common, I just had to ask myself, why it is not used in phpMyAdmin package. I did not find any reason and as Thijs did not have any objections, I hacked it together this evening.

So what you will get? All fancy features where phpMyAdmin requires it's database to manage some additional features. For example you can create PDF pages with structure of your database, add additional comments to databases, notice relations between MyISAM tables, etc. Simply see wiki for more details.

Besides this, phpMyAdmin is now automatically configured to use database you choose using dbconfig-common, so you can also connect to remote MySQL server without manually configuring anything.

The only thing which scares me a bit is that we now increased a lot number of debconf questions user has to reply by this...

Přivítejte Squeezyho

Release team Debianu (kromě nepodstatných věcí jako informací o zmražení a počtu kritických chyb Lennyho) dnes přišel se zásadní informací – následovník Lennyho se bude jmenovat Squeeze a tradice postaviček z Toy Story tak nebude narušena.

Squeeze

Pokud nevíte jakou roli si v Toy Story zahrál, Wikipedia napoví .

(Obrázek je dostupný pod CC na Flickru .)

No DebConf this year for me

Okay, I will again miss DebConf. This time it is not because of time, but because of money. The flight to Buenos Aires is far too expensive to go there just for DebConf and I didn't manage to plan some more travelling around South America...

Hopefully it will get better next year, at least DebConf will be much closer :-).

PS: Just after deadline for confirmation and my decision for not going there, I got an email that my sponsorship for travel was approved. Unfortunately too late to change my decision.

Time for change, time for DebConf?

Okay I did thing I considered already for several months - I decided to quit my current job at SYSGO, make one month holidays in summer and find some new job meanwhile. So I'm looking forward to free August, which I will probably spend travelling somewhere :-).

This brought up again question whether to go or not to go to this year DebConf. The only problem with this is distance - flight to Buenos Aires will be something around 2000 USD and it means lot of money for me. I applied for sponsorship for half of the price (well I'm not sure if I can really pay the other half, but I would feel really bad for asking that much money) and let's see how it turns out. On the other side, I'd love to visit Argentina, but that would probably require much more time and money. Let's see how it all turns out, there is still time to decision...

PS: If you have some interesting job offer, just contact me at michal@cihar.com.

Changing SSH keys on SF.net

Yes Erik, SourceForge did not do anything. But what is even more "funny" is that changing keys over web interface does not change ~/.ssh/authorized_keys. So even if you are aware of this problem and change keys in interface which should do it, it does not work. I just realized this today when I read your post and wanted to check whether this file is really world readable...

Everything bad is good for something

After recent not so funny thing with OpenSSL in Debian, I realized that I will have to regenerate most of keys and certificates, because last big changes I did in networking/vpn/ssh setup which involved generating keys are not older than broken OpenSSL appeared in archives.

First obvious thing was SSH keys and cleanup of ~/.ssh/authorized_keys on all hosts. While doing that, I realized that I still have there several keys, which are more or less gone (not that I'd lost them, but I simply stopped to use them). So it was good opportunity to do cleanup here. While I was at these changes, cleaning up ~/.ssh/known_hosts was also good idea, because I still had there lot of hosts I collected during some of my previous jobs and I definitely won't (and can not) access these machines anymore. So good, big cleanup in SSH configuration was forced :-).

Next and harder step was to found out where else I use certificates generated by vulnerable OpenSSL. Server certificates for sure were also generated by OpenSSL, so let's regenerate web and email certificates and hope I did not miss anything.

All this happened yesterday, but today I realized that I missed other even more important thing - OpenVPN certificates. While regenerating certificates, I also found some machine keys which are not really used anymore, so I again could drop some of them. So that was task for this evening and now I'm hopefully really done with this issue and I really hope that this won't happen again in near future, I don't need to cleanup that often ;-).