Older blog entries for thomasvs (starting at number 161)

Fedora Core 2

Overall, upgrade of most of my/our machines went smoothly. It's during those operations that I re-appreciate the value of our fedora.us policies and the ease of rebuilding that mach brings me.

FC2's kernel has a very sparsely documented feature that seems to be called vdso or linux-gate. Run ldd /bin/bash on an FC2 machine and you'll see it being linked to a "library" called linux-gate.so.1 which isn't a real library, but something the kernel dynamically creates. Took me quite some time to pinpoint this mechanism as the problem for mach to set up chroot's for pre-FC2test3 on post-FC2test3 systems.

Now on to figuring out a way to build kernel modules properly on 2.6.

Here's the thing. In 2.4, you could build out-of-tree kernel modules just by using the kernel source that was preconfigured. Using this, you could make modules for any Red Hat kernel. That means, also for smp, or for i586, and so on.

With 2.6, you need a bunch of generated files specific to your arch/type combination, which is now stored in /lib/modules/(uname -r)/build

So, if you want to build all modules for a given kernel release in one go, you can't. Since the i586 and i686 kernel rpms aren't parallel installable, for example, you need two runs. What's more, apt-get will look at /etc/rpm/platform through rpm to figure out the correct arch to install, and there's no real way I can make apt forcefully install the i586 one on an i686 machine.

So, one solution would be to download the kernel rpms, rpm2cpio them, and extract all the files, and repackage them. Doable. But that would create some huge .src.rpms and some huge end result .rpms.

So I ran a diff on the four directories. It turns out that not that many files are different. So here's what I'm going to do:

  • Write a script to unpack all the kernel rpms for a given release
  • run a python script on it that tells me which files are the same in all fours, and which files are different in any of them
  • make a deeply symlinked forest of all common stuff, and copy the different stuff
  • package this forest as a kernel-modules-devel rpm.
The %post script would then need to figure out if you have a normal or smp kernel installed for the same kernel version/release, so it can set up a symlink from the original /lib/modules/(uname -r) to the common one the symlink forest links from.

A big hack, but a smart one. It took half a day to think about the algorithm. After having written it down, it took another half a day to write the python code until it worked. Running involves a lot of waiting due to the rpm unpacking and list scanning.

Then I went on to actually use these packages. Looking at the stuff in autostars, I was trying to come up with a decent way of integrating 2.6's kbuild system with our autotooled setup.

Since obj-m vars are refused by automake, however, the best I could come up with was a hack that would generate a Makefile.26 for the new system which would be invoked from automake. That would have been kludgey at best.

But Dave to the rescue: he had looked at the same problem lately and had updated but not commited the macros to work with 2.6. Apparently he wrote a small modtool script in analogy with libtool, creating .ko files and necessities in a .mods dir. I was left with just fixing the small issues to make it work on Fedora Core 2, and (as I later found out) merge back all my previously commited fixes which he threw away :)

So, our as-linux stuff, combined with the kernel rpm I made for the symlink forest, managed to build the sample kernel modules fine. Next step - real modules.

The trickiest one to get right was the combination of hostap and ipw2100. The ipw2100 modules need the hostap ones, and build against headers from hostap and needs symbols from hostap. With a few enhancements to as-linux, this worked out fine too. And now I need testers. If you have FC2 and an ipw2100 network card, try these packages. You need hostap and ipw2100. Don't forget to get/update the firmware file in /etc/firmware, you need version 1.1 of the file.

I also tried rebuilding the qc-usb kernel module, but while it loads fine and detects the camera, it doesn't really work. I tried a regular build from the source project too, though, and it had the same results, so it's probably not my fault.

If you have a kernel project that you'd like to see packaged, let me know and if it's something I can test, I'll give it a shot.


I was scared advogato was down for good and had taken my diary entries with me. Over the years I've written quite a few entries and I was hoping to somehow get them back so I can store them for when I go to the old men's home.

When it got back up I wrote a simple script using the xml-rpc python interface. Python is soooo nice for simple stuff like this. If you want to backup your entries, get the script and run it with your username as argument. It will create a directory with that name in your current dir and download each of the entries to a separate .html file.

I've thought about setting up a planet aggregator and wordrpess on our apestaart server to get my friends to blog a little about their life in Belgium. Blogging is a nice unintrusive way of letting others know what you're up to, and reading them is a nice way of knowing how they're doing.


If he was talking about me as well, then he's giving me too much credit. All I'm trying to do is to make sure we can do streaming, and try and tackle the general "Multimedia, Codecs, Patents, Licenses and Distributions" problem. But we're making progress. Interested in what the FSF has to answer to our questions.


I was getting the feeling my favourite cat herder was turning into a prison warden, but he sort of put my mind to rest.

11 May 2004 (updated 11 May 2004 at 10:30 UTC) »
Why I stick with Red Hat/Fedora

It's pretty simple. A bunch of their engineers go out to see a movie. Three of them blog about it.

And not a single one of them manages to mention the utterly delectable Kate Beckinsale.

These guys are just impossible to distract from whatever their goal was. And that's why, kids, Red Hat/Fedora will always be a top notch distro.


Whilst on the subject... Went to see Intermission because we were too late for Big Fish. Quite ok. Saw Bully over the weekend. Alrightish, but man, are those kids stupid in the movie. Based on a true story, but I hope they were slightly brighter in real life.

Saw "Varsity Blues" yesterday. I can honestly say it was the best movie I've seen all yesterday.


So Ronald and I took over maintainership from Ted. I've started by applying all the patches that were still applicable to the 2.6 branch, then tried to branch, but failed because Ted apparently had already branched for 2.6.

Updated my local GNOME Maintainer's Guide with all the steps I'm taking while I go along.

After sorting out the branch mess, I started to work on some of the bugs in 2.7.

I wrote a command-line CDDB client for the CDDB slave so I could reproduce some of the bugs more easily, which caused some segfaults when run together with gnome-cd. It was like an itch you're trying to scratch that keeps running away from your nails - I spent quite some time figuring out exactly what was going wrong. The setup is quite complicated, with clients requesting a slave client, which is instantiated through CORBA, which causes the CDDB slave component to create a slave object to handle the requests, and then signal the slave clients.

One of the problems was that each slave client got notified of every lookup from every slave client, so my command-line client forced gnome-cd to believe the disc had changed :)

Anyways, after restructuring the code, adding comments and hacking notes, and adding some code to set the CDDB server to protocol level 6 so it gets UTF-8 responses, things are starting to come along quite nicely.

I also added error checking to the CFLAGS, and then spent some time fixing all the warnings/errors that generated. Seriously, everyone who is against -Wall -Werror is probably just writing sloppy code. That doesn't mean I write good code; but I know I write better code with -Wall -Werror, and I know ANYONE writes better code with it.

It's actually quite nice to work on someone else's code as a new maintainer; 90% of the work is already done, and you can refactor code more easily since you have a reference version that works.

So you just start learning the code by tackling some of the simpler bugs, adding comments to functions as you go, and taking notes on how you work, until you've seen and changed the whole code.


The basic setup to replace camserv works fine. Monkeys are being spanked at an alarming rate. I hope we get our server soon so we can make a continuous stream available to the outside world.

Today we're going to try and stream Ogg/Theora.


Did a lot and very little at the same time. Went out with collagues, helped a friend of mine move (I hate moving, and having to move boxes to the center of a city like Barcelona is even worse), went out blading, had my niece over for a few hours, played some SSX3, went to have dinner with two friends at their place (with the best salad I've eaten since moving here).

Got a nice mail from someone about the ipw2100 modules I made. Need to update them to 2.6 kernels, I think I have the mechanism worked out now.


Wim started today, yay. I'm stuck on trying to figure out a way to help negotiation wrt. fixation a little.

Join Ross

"Grab the nearest book, open it to page 23, find the 5th sentence, post the text of the sentence in your journal along with these instructions." Suggestion 2: Pay attention to your problems.

I had to cheat though, the first book only had three sentences on that page.


Last week I managed to embarass myself again for a change. I'd been looking for a tango place when I moved here. The first one we went to last month was closed for renovation. I had found some posters around our place with "Tango" on it in a nice big font, and a stylised dancing couple. It claimed the place had three evenings with orchestra. So last weekend we went there, got in, paid 10 euros each, and entered the big room.

Looked like a nice enough dance hall, but everyone in there was at least 50. While it's not uncommon to have older people on Tango evenings, there was no one our age at all. Also, the music wasn't tango music, but Spanish popular music. After some walking around and thinking, I realised that the place itself was called "Tango". Sigh.

At least I know where to send my parents to next time they're in town.

29 Apr 2004 (updated 29 Apr 2004 at 17:57 UTC) »

Working is becoming more and more fun. Working on streaming and seeing it evolve is rewarding. I must say I'm quite impressed how decent the 0.8 GStreamer core has become; most of my time is spent looking at fixing plug-in issues.

David did a great job on the caps rewrite; he put in stuff he wasn't sure of yet how to use (like, all of the fixating hooks), but as I learn how it works in actual use day by day it seems to get easier to fix bugs on it, and I get the feeling he had the right hunch. I'm not sure he's yet able to express exactly how the hooks are supposed to be used :) but his gut instinct seemed to point in the right place, and now it's up to fixing plugins.

Benjamin has been plugging memleaks all over, which is great. I should really build a custom valgrind that works with GStreamer, my system one has GStreamer running into some hardcoded limits.

Ronald meanwhile is beating the crap out of any media file we're currently not playing. The number is shrinking rapidly. One of these days someone is going to add mp4v/mp4a support to qtdemux, which I need for some other project.

All in all, it's moving at a pretty quick speed.

This week, I dove into the v4lsrc element, which didn't work with the qc-usb drivers because those drivers use an internal buffer of only one frame, and Ronald coded the v4lsrc element to work in streaming mode, which requires at least 2. After some fiddling and reading, I learnt that this specific driver has a hack which enables streaming mode by exposing two buffers, with both buffers being the same physical ones in the driver.

That didn't get it to work yet either. But this was due to some code in v4lsrc that only used the buffer's pointer to check which buffer to requeue in the driver, and since the driver is handing the EXACT same pointer this didn't work. So, attach the frame number as private data to the buffer, and use this to requeue the proper frame, and v4lsrc was fixed.

Next in line was rewriting TCP elements. As I've blogged before, this entailed modelling four elements (two servers and two clients) on the fdsrc/fdsink elements. At first I was just sending over raw buffer data. That, combined with an element that is able to figure out correct buffer size for raw video frames (since you can calculate this based on the output format), allowed us to stream raw video.

This breaks of course when you want to stream encoded video. There's no way to transfer the buffer size properly, so the second pipeline cannot chop up the incoming data to one buffer per frame.

So, on to writing a simple protocol to transfer GstBuffer, GstCaps and GstEvent over the TCP link. It's a bit messy at the moment, but I got it to work today. I did spend three hours over a random bug that in the end was caused by my own stupid code that freed a caps structure right before returning it :/ (In my defense, I haven't had a decent night of sleep all week).

I used to only work on audio, and am slowly picking up on video-related issues. The fun thing about hacking video is that the experiments and bugs are very rewarding. For example, as soon as we got JPEG streaming to work, we dropped down the quality level to 0, which looks like this. (It's a lot cooler if you see it move :))

Bugs are fun too. Here's a wacky colorspace conversion bug. And combining crap with bugs gives this.

It's fun to invent a protocol, as simple as it is, and write the code to handle it, all in some vacuum where you don't have to care too much yet about other opinions. It's a small simple unit with a simple design that I can easily put together, and I like doing stuff like that. I had the worst headache yesterday when I decided to do this, and having fun with it all day made my headache seem to go away.


So, yesterday I woke up at 6 with a splitting headache, took something, went back to sleep, woke up againt at 7.30, huge headache, took something, back to sleep, woke up at 9, still a huge headache. It lasted all through the day.

At night, early to bed, but no chance of getting any sleep. Got up at 1 again and started to look at doing a decent addressbook OpenLDAP setup, and this time documenting it properly with my new docbook-xml-template. Was happy to figure out how to make computer output look like a computer screen, and simple stuff like that. Hope to finish this simple HOWTO as soon as I figure out some of the more intricate details. But this time I want the stupid addressbook setup to Just Work.

I also tried out conglomerate quickly. I'm not sure it works well yet, but it looks sweet for sure, and it seems pretty responsive. I should check up on if I can use it do to real work yet.

New employee

arrived today, yay ! Johan and I are excited to have someone extra in our huge office. We're only taking up a quarter of the space right now. Granted, we don't have our definitive furniture yet, and we're still missing the pool table, pingpong table, couch, plasma TV, sauna, shower, and minibar. But still ...

23 Apr 2004 (updated 23 Apr 2004 at 17:12 UTC) »

A disheveled young man knocked on my door last Wednesday claiming he was a friend of 'the GNOME release manager' and if I could put him up for a few nights, together with his girlfriend. He was tired from a long trip from Australia to Europe and all through Europe. So I took pity on him and took him in.

In the evening my home server started beeping loudly again, and he immediately came to the rescue. First he helped me get lm_sensors running on the machine, then we used gkrellm to check on the temperature. His hunch was correct; at 60 degrees C it started beeping. He started to fan the open computer with a book and made it drop to 50 in a minute, which stopped the beeping.

So that explained why it was crashing. Now to see what caused the CPU to go crazy. Which was pretty much my own dumb fault - I was running Xvnc on the machine for some applications, and the screensavers take it to 100% after a few minutes.

So taking in a complete stranger already paid off on the first day. Of course, the second day he took over the PlayStation and Entered the Matrix. I hope he gets out of Tunnel A7 by the time his plane to Australia leaves.

It was nice meeting thaytan and Jaime, hope they have a good flight home.


Nice to see us getting a warm reception. It's also nice to be able to code a little again. I checked GStreamer's tcp elements and found they were done differently than I would expect. The server was done in the source element, and the client as a sink. This means that you need to start the consuming pipeline first, and the producing pipeline after that. Also, the server was set up to be able to handle multiple connections, but to me it makes little sense to have the start of a pipeline take data from multiple elements.

The code was outdated too, so I made a bunch of new elements, where source and sink are implemented as both client and server. Then we tested them by streaming videotestsrc. Now I need to figure out how to add them to the testsuite properly.

I made all the elements blocking, since our filesrc and filesink are blocking too. But this might not be what we want.


So, Ted passed on maintainership to Ronald and me. I commited a few of the easier patches for a 2.6.1 release in time for the 2.6.1 GNOME release. Now we need to go through the rest and pick out the ones we can apply before branching for 2.7

20 Apr 2004 (updated 20 Apr 2004 at 17:53 UTC) »

Had quite a productive weekend. First of all, I got off my ass and tried out the Intel Pro Wireless 2100 drivers on my laptop. I had bought driverloader, which worked quite well, but I'm getting tired of having to download stuff each time I upgrade my kernel, and of course I actually forget to download the RPM before upgrading in the first place.

Of course this gave me a good change to test my kernel module packaging strategy again. Fifteen minutes of work gave me a loadable ipw2100 module (without WEP, at first), just by running ./configure and make. Five more minutes gave me a set of packages for it.

Then, I enabled WEP and rebuilt the hostap packages from the QA submission queue at www.fedora.us. I had a problem with the function call being used from hostap not being versioned. After some thinking, I figured out that this was because the hostap package didn't include a hostap.ver file that actually does the symbol redefining. So I changed the hostap package to include that, rebuilt it for four archs and four kernels, and then rebuilt the ipw2100 packages for the same. And lo and behold, the packages worked. So if you have Fedora Core 1 and an ipw2100 card, *please* test these packages together with these..

Don't forget to download the firmware as per the instructions on the ipw2100 project site, and install it in /etc/firmware.

Next step is to update my kernel module stuff to 2.6, but I'm not looking forward to that. AFAICT from discussing with people it seems there is no decent way of building kernel modules against a read-only kernel-source tree. Moreover, Arjan seems to say that to build kernel modules for a kernel/arch combo, you need that exact kernel package installed as well. That will probably make it harder to do mass builds of kernel modules as well. Sigh :)


I've been wanting to write a usable DocBook template tarball for quite some time. There are a couple of "guides" I'd like to do and every time I work on projects that use DocBook there is always something tripping me up. Between xmlto breaking in TeX processing for PS and PDF, or the docbook2 tools insisting on downloading SYSTEM identifier stuff from the net, there just is no foolproof way of building this stuff.

So, after a day of trying to write somewhat clean make rules and .m4's, I have a template tarball project that builds documentation, passes make distcheck, and easy to use in other projects. Yay me.


So, it's official: Fluendo is launched ! In a nutshell, we're going to write a free software streaming media server, on top of GStreamer, making it possible to do completely free software-based video streaming, using royalty-free codecs.

We decided some time ago to fund Xiph.org, since to reach our goal we actually *need* a decent royalty-free video codec. Theora is very close to what we need at this point; as soon as the bitstream specification is fixed, all videos created with that version of Theora will be playable by future versions of the library. This will hopefully have the same effect as the Vorbis Beta 1 release had for audio.

And even if it doesn't, it still enables us to provide this server working completely, for free, and hopefully, allow distributors of Linux to pick it up, distribute it, as well as the GStreamer stack with playback and recording applications. I can understand it doesn't make sense to do so if you can't distribute video codecs as well, so once Theora is ready to be distributed, I hope this changes the field a little.

Anyway, I'm pretty psyched we can announce all of this. There's always a fear of turning over to the dark side without realizing, but being able to start a company with these goals is exciting, and I hope we do well. We're moving in our new office this week, and our new collague is arriving next week.

The nice thing was being able to use my docbook-xml-template to generate the press release easily :) So the next one we do will just be a matter of filling in the content and running make.


Ross is not the first one to link Fluendo to influenza. I really like the name, it took us long enough to come up with something that we liked, still had a domain name available, and not too much GoogleJuice. I'm wondering though if non-hypochondriac people make the same link between Fluendo and influenza ?

Also, Ross ran away with a "might happen" newsbit and posted it, probably to put some pressure on us to deliver :) All I can say is that we'd like to, but aren't sure yet if all the pieces will be in place.


Read Jorn's latest entry. Good to see Muine progressing. Only, Jorn is switching backends (again). I have a lot of respect for Jorn, and he's a talented coder, but I really have to wonder *how hard it can be to do some bug reporting*. The number of times jorn was in our channel, multiplied by the number of bug reports by him, multiplied by the number of mails to our mailing list, are easily countable on the fingers of my two hands.

People seem to think stuff should just fall out of the sky. Sometimes it does, but when it doesn't, it doesn't hurt to poke the clouds a little so they drop some more stuff you want :) How's about some simple feedback about the framework you're coding against ?

Easter Weekend

Over here Good Friday is a holiday too. Great ! Kristien's birthday, so spent all day together. Hope she's happy with the very lowcost present she got, to compensate with the high-cost one from our anniversary that she didn't seem pleased with (the present, not the anniversary.)

In the evening we went out to an absolutely wonderful Thai restaurant. Been quite a while since I had such good food.

Over the course of a few days I've seen a whole bunch of movies: Ghost World (Scarlett, yum), 21 Grams (scary, but good), True Romance (again, I love this movie), Liar Liar (I haven't seen a lot of Jim Carrey films, which means I don't get annoyed, so I liked this one), and Highlander (which is still one of my favourites, even if only for sentimental reasons), and 8 Mile. I must avoid catching hadessitis. And tonight we watched Sixteen Candles, which was ok-ish if only for seeing a really young John Cusack :)

For counterbalance Kristien also made me watch about 10 more episodes of Friends. Well, it was her birthday, she got to choose this weekend.

Had a great barbecue on Sunday too for Easter. Invited some friends over, experimented with roasting peppers to great success, and had a great day out on the terrace. I love the weather here, even though it's been flaky of late.


Finally ended up packaging all the bits and pieces for Dave/Dina to make TV/out work again with the new Matrox. That meant rebuilding kernel packages with appropriate patches and options, DirectFB from CVS, and some other stuff.

Played a little with an interesting application from someone that basically rendered a user interface as a filter to MPlayer. It's a big hack, and I'm not sure it's the direction I want to go in eventually, but it does work very well when you don't know how it works. Left me thinking about a lot of things. It's not ideal however because it won't be easy to get output from other applications (say, MAME) into that.

It does make me realize though that it really isn't that easy to get nicely output interlaced video on a TV from a bunch of applications.


Walters asked for new releases in time for Fedora Core 2 Test 3, so I went ahead. Releasing was so much less painful than before. I could easily tweak the spec files to rebuild packages to test, and everything worked out fine. So 0.8.1 of both core and plugins are out the door.


Experimented a little with camserv, which gave me some trouble making packages, but after a few patches it agreed to be put in an rpm. I didn't like what I saw from the code though. Now to start thinking how to split up GStreamer pipelines to implement the same thing.


New office is almost ready. I get thrilled even only from seeing our name in sticky letters by the door :) We'll probably move in sometime next week.


I went looking for two bands I have heard stuff off but haven't found CD's for here yet. I came up with their latest albums. The first band is Mew, a Danish band. Their music is sort of like My Bloody Valentine in sound, but more poppy, and with Sigur Ros-like singing, but in English instead of made-up-language. I saw them live once and really liked them, but never found a CD in a store. I must say it's a really good album (with a good Stina Nordenstam duet on it too) and I'll probably order it. The other one was by the Walkmen, which for lack of inspiration I'll describe as a mix of Interpol and the Strokes :)


We had sort of crappy weather with lots of rain over the last week. More rain than in the three months before last week combined. But this weekend has been absolutely wonderful. We went out skating with a smaller group today and it was incredibly nice. A bit of sea wind, lots of sun, and pure fun. We passed by a square were they were setting up huge cranes for some construction work, and I noticed a van with a cable tied to a traffic light, with the traffic light being bent.

After some cluedo'ing we concluded that the van had reversed on purpose to pull down the traffic light in an angle so the big crane could take the place of the traffic light. I wish I could've taken a picture :) That's Spain for you - if the traffic light's in the way, you just bend it.


Finally made some time to finish up some new packaging. I finally figured out the right kernel magic plus DirectFB magic to make applications share the framebuffer, and have video playback be smooth again, and return to XDirectFB after exiting. It involves cvs of the linux-fusion module and DirectFB in itself at the moment, but it seems to work. Just rebuilding the whole stack of RPM's from the kernel to XDirectFB on just takes a lot of time though. On the plus side, the latest set of improvements to mach just help a huge bunch. Nice to see your software coming together.

2 Apr 2004 (updated 2 Apr 2004 at 17:38 UTC) »

Tracking Heisenbugs this week. The first one was that after my return from holidays, GstPlay wasn't able to play back anything anymore. I didn't really look into it much until I really got annoyed and decided to read some logs.

The first problem was missing return value checking in the libraries, giving the Totem user no clue on what is going wrong. I added some error handling for these cases. On bugs like these it's best to work from the outside in, and first fix the bugs at the top of the stack. If you fix the underlying bugs, you forget about the toplevel bug that "the user doesn't know something is wrong".

The actual problem seemed to be osssink failing to negotiate, and after some digging I realized some code was added while I was away to autoprobe the allowed sample rates. The log seemed to indicate that it wasn't able to play back any sample rate, and from that point on everything failed.

I added some error signaling code for this condition. Only after testing again it suddenly worked. This was even more surprising. I wasn't able to reproduce it since, but I'm sure if anyone encounters it they'll at least get a nice error dialog. So now it's a matter of waiting until it pops up again for me.

Does serve as a reminder though that we really need to take more care in the stuff we commit after 0.8.0 - it is impossible to predict how other people's hardware will react to changes we make if they're less than trivial.

The second Heisenbug is one where playing our Matrix test clip and seeking a lot of times can trigger an error where it fails to negotiate. Dolphy and I thought it was a race, but it turns out it really isn't. It's another bug that gets exposed sometimes because of a race. Basically our plugin is somehow failing to cope with a resynchronisation after a seek. It looks like the mad library handles the resync correctly, but we probably mess up emptying the internal buffer somewhere. As a result, each seek, even in audio files, triggers a whole bunch of resynchronisation in a row as it's misreading header information and changing the sample rate quickly. Only in some random cases this fails and throws an error.

Mad documentation is very sparse and our plugin isn't exactly crystal clear either, so I'm spending some time reading the code and adding comments to figure out what exactly could be wrong. It doesn't help that I'm constantly distracted by other things to do as well.

One of those is thinking of the whole media playback/licensing issue. We're starting to see some solutions to that problem but they will all take time.


I really want to use GNOME 2.6 as soon as possible, there are some enhancements that I'd like to use and there is code I want to test and fix. Over the last years I've changed and tweaked my cvs setup a little, and this time I made the last change I wanted to make. Instead of having the cvs checkouts and install locations under my user account, I decided to move it to /home/gnome and create a second test user. There are some things that really don't like having the same process from different locations for the same user at the same time running, so for those things it's better to run your cvs session as a different user.

So basically, I have jhbuild check out to /home/gnome/head/cvs and install to /home/gnome/head/prefix. I'll also be having a 2.6 jhbuild branch, in the same location, but with head changed to 2.6. Maybe I should write a short article on how I organize stuff and why, because a lot of people seem to run in various problems using cvs build tools and the resulting build.

Then I wanted to actually use it without interrupting with my regular X sessions, so I tried to use gdmflexiserver -n again, but it just crashes mysteriously on my Fedora box, bringing down the current X. After some searching and poking, it seems that this is a known bug (127780), and I pulled the fix from CVS and rebuilt the FC1 rpm - if you're experiencing the same problem, get this RPM and try it out.

So now my fake user is happily running GNOME head again, and I can finally fix some nautilus-media bugs again. And I get to recover about 5 GB of accumulated crap from my main user's gnome directories, including some stray patches I was going to still submit.

ssh key authentication

Some people gave me some tips. Apparently keychain is a daemon which allows you to authenticate only once per bootup, not once per session. Also, You don't really need the two files I created on Fedora Core; your X session is already run inside ssh-agent by default, and you can just add ssh-add to gnome-session-properties and you get a nicer, nonblocking dialog for your passphrase. Even better ! Thanks.


Saw a poster this week for a great music festival at the end of May in the middle of Barcelona ! Beside Wilco, PJ Harvey and Elbow, the Pixies are playing ! I'll get to see them before all of my undoubtly jealous Belgian friends :) Too bad I have to be in Belgium the first day of the festival for my dad's thesis/graduation/professor thing, but as long as I can see the Pixies, I'll be fine.

31 Mar 2004 (updated 31 Mar 2004 at 10:16 UTC) »

Spun a new tarball yesterday because a translation got added. This also allowed me to try and put in a patch I had received for the thumbnailer but for which I didn't have time or inclination to push it in before going on holidays. Having to respin the tarball anyway made me submit the patch to the release team together with some good arguments on why this patch makes sense. Nice to see that good arguments help make good decisions.

Then I made an RPM to test and got extremely puzzled by the fact that nautilus crashed as soon as I checked a property page on an audio file. After reading a bunch of bonobo, then ORBit code, which scared me senseless, I figured out the right way to run nautilus from gdb (remove nautilus from the session), and then the problem became readily apparent. It was not finding glade files, and it was not doing so because I forgot a "make" command in the spec file. So the actual build was done from %makeinstall, which overrides datadir and friends, causing the wrong - install-time - location for the UI files to be put in the binary.

So now I firsthand experienced the difference between running or not running make before make install.


With the recent break-in on GNOME servers I wanted to do my part in making sure I'm doing things correctly. I got told that using passphraseless ssh keys is worse than doing password-based ssh access, so I started looking into how it ought to be done instead. Some people asked me to let them know if I figured out the right set of things to do, so here it is.

Basically, I did the following:

  • mv .ssh ssh in my homedir
  • generate a completely new ssh-dsa key, with passphrase
  • replace the old public key in authorized_keys on all the servers I use this key on (for this step, ssh -i ssh/id_dsa is useful, since you want to get on the servers using your old key to install your new pubkey)
It is possible to add a passphrase to your current key, but since that doesn't really change the public key it doesn't help at all if someone might have gotten your old private key. So, don't :)

After this, you want to set up your session so that you only get asked for your passphrase once, and ssh-agent takes care of authenticating when you move around. If you run Red Hat/Fedora, you can do the following:

  • run switchdesk, and choose the same type of session you are running. This will generate .Xclients and .Xclients-default
  • edit .Xclients and replace each "exec" instance with "exec ssh-agent". This step makes sure that your session is run under ssh-agent.
  • edit .Xclients-default and add "ssh-add < /dev/null" BEFORE the exec gnome-session line. This step makes sure that before your gnome-session is loaded, a GUI window will pop up to ask you for your passphrase.
Now log out and back in, fill in your passphrase, and try logging into a server where you copied your new public key to. It should just let you in.

If I made an important security boo-boo, let me know please.


There's this incredibly nut roasting store in Barcelona. If you're ever around, go over and buy some almonds or hazel nuts. They taste so much better than the ones you buy anywhere else. I feel an addiction coming up.

152 older entries...

New Advogato Features

New HTML Parser: The long-awaited libxml2 based HTML parser code is live. It needs further work but already handles most markup better than the original parser.

Keep up with the latest Advogato features by reading the Advogato status blog.

If you're a C programmer with some spare time, take a look at the mod_virgule project page and help us with one of the tasks on the ToDo list!