I can’t help being amused by the comments below this post which run like this:

1. Thanks to Unity!

2. Despite unity.

3. Despite unity & gnome shell.

4. Thanks to gnome & despite unity.

5. Thanks to Ubuntu.

6. Thanks to Linux Mint.

This sort of united, combined front in opposition to proprietary software is exactly what will drive free software to say, oh around 2% of the desktop.

“Google thrives where privacy does not. If you’re like most internet users, Google knows more about you than you might be comfortable with. Whether you were logged in to a Google account or not, they know everything you’ve ever searched for, what search results you clicked on, what news you read, and every place you’ve ever gotten directions to. Most of the time, thanks to things like Google Analytics, they even know which websites you visited that you didn’t reach through Google. If you use Gmail, they know the content of every email you’ve ever sent or received, whether you’ve deleted it or not.

They know who your friends are, where you live, where you work, and where you spend your free time. They know about your health, your love life, and your political leanings. These days they are even branching out into collecting your realtime GPS location and your DNS lookups. In short, not only do they know a lot about what you’re doing, they also have significant insight into what you’re thinking.”

His solution to this problem was interesting. He came up with the idea of a proxy system which would intercept all google queries, strip off identifying material (such as cookies and UserAgent strings and other HTTP headers) substitute new identifiers and mix the requests up with those from other users before forwarding to google. Implementation depended upon a Firefox addon (nothing for other browsers) which identified google queries and forwarded them to the proxy. All other traffic was untouched.

I stopped using google (except via scoogle) some time ago, and when Moxie’s new proxy first surfaced I thought it interesting but susceptible to the same problem I discussed in mid 2009 when writing about Hal Roberts’ experience of GIFC – all you are doing is shifting knowledge of your searches from google to a new intermediary. However, Moxie later addressed this problem with the release of version 0.20 of his addon so I thought I’d take another look at it. Unfortunately the addon won’t work with FF 9 (which I am using). Moxie’s proxy is not the only one out there however. Because he released the code under an open source licence, others have picked it up. I found one at gs.netsend.nl. They also provide an updated FF addon which will work with versions up to 15 (i.e. probably around next wednesday given the speed with which Mozilla is currently shipping new FF releases).

Once the addon is installed, it gives you two proxy options in the preferences settings – one is the original proxy.googlesharing.net, the other is gs.netsend.nl itself. In testing I found that the original googlesharing proxy seemed to be off-line, but when using the netsend.nl proxy I was reassured to see the message “Search results anonymized by GoogleSharing” added to the google homepage. I was even more reassured that my sniffer showed a connection to vps1101.pcextreme.nl on 31.21.98.201 and not to any known google network.

So, will I use it? Maybe. But the proxy mechanism seems to be unreliable. In many tests, the proxy connection seemed to be bypassed and the connection was obviously made direct to google (as evidenced by my sniffer). I think this failure is doubly unfortunate because it does not fail safe (i.e. the connection does not simply fail with an error message, it passes you direct through to google). This could lead the unwary to think that they are protected when in fact they are not.

I prefer not to use google at all. And in those cases where I do want to compare results with another search engine I prefer to do so via tor. But it is one more option in my toolkit if used carefully. And if using it pisses off google, then it is worth it occasionally.

Having shut down and had the DNS round robin amended, I attended to finding some way of throttling my traffic so that I could live within my allowance whilst still providing a useful mirror. I scratched my head for a while before stumbling on the obvious, I should be throttling at application level. (Sometimes I find that I miss simple answers because I am looking for complicated ones).

I started out by assuming that I should be using tc and iptables mangling, or something like the userspace tool trickle, all of which looked horribly more complicated than the approach taken by tor (which allows you to simply set the acceptable bandwidth rate to some limit, plus set an accounting period maximum of some total transfer limit per day/week whatever). And of course it turns out that my webserver (lighttpd) allows something similar. Just set the server limit to some chosen max transfer rate and, if necessary, also impose a per IP max rate. The magic configuration file options are:

# limit server throughput to 300 kbytes/sec (~3000 kbits/sec)
server.kbytes-per-second = 300
# and limit individual connections to 50 kbytes (~500 kbits/sec)
connection.kbytes-per-second = 50

I tested this by pulling a copy of the tails iso from one of my other VMs which has a high bandwidth connection and got acceptable (and expected) results. So now I can go back on-line later this month safe in the knowledge that I’m not going to blow all my bandwidth in one week.

Firstly, X is not exactly a secure protocol, nor is it easy to filter at NAT firewalls, so the ability to tunnel it over ssh is hugely welcome. In fact, ssh can be used to tunnel practically any other protocol you care to name, so it should be your first port of call should you wish to connect to a remote system using an insecure protocol. (I use it to wrap rsync for example).

I don’t run X on my VMs (there is no need, they don’t run desktop software) and I had not previously seen the need to run X based graphical programs on those servers. However, a couple of days ago I thought it would be really useful to run etherape on one particular remote server so that I could watch the traffic patterns. Normally I use iptraf (which is ncurses based) when I want to monitor network traffic in real time, but etherape is pretty cool and gives a nice graphical view of your network connections. But it runs on an X based gui.

So. I changed the remote server’s sshd_config to enable X forwarding (“X11Forwarding no” becomes “X11Forwarding yes”) and restarted sshd. On my desktop I similarly changed my local ssh_config file to allow X forwarding (“ForwardX11 no” becomes “ForwardX11 yes”) to obviate the need to use the -X switch on the command line. I then installed etherape on the remote server and fired it up only to get the message “Error: no display specified”. Sure enough “echo $DISPLAY” showed nothing. But I had thought (and everything I had read confirmed) that ssh should take care of setting the appropriate display when X11 forwarding was set.

So I then tried setting a display manually (export DISPLAY=localhost:10.0 on the remote server) and then got the response “Error: cannot open display: localhost:10.0″. So, still no deal. I spent some time scratching my head (and reading man pages) and sent off a query to my local Linux User group in parallel asking for advice. They were gentle with me.

The first, and rapid, response, said:

On the server:

sudo apt-get install xauth

Then disconnect and reconnect the client.

Jobs a good un.

Thank you Brett.

So the moral is, make sure that you have X authorisation working properly on the remote system (check for the existence of $HOME/.Xauthority) if you experience the same symptoms I did.

I’m not at all surprised.

“The bug is easy to reproduce: open a Launchpad bug about how Unity breaks a common usage pattern, and you get a “won’t fix” status and then radio silence. The results of this bug are what seems to be a sizable community of disgruntled, dismayed and disappointed users, who go on to spread their discontent and ill will.”

Both Liron’s bug entry (and the subsequent commentary) and Byfield’s analysis of that discussion bear reading. I found myself frustrated by the obvious lack of understanding of (and impatience with) Liron’s position apparent in Mark Shuttleworth’s responses. Byfield concludes that:

“[Suttleworth] sounds impatient, resorting to personal attacks and invoking his personal authority or the necessities of design or standard practice instead of offering explanations. At times, he seems to address issues that at best approximate what others in the discussion are saying. Exactly why this change has happened is uncertain, but it adds a sting to Shuttleworth’s once-humorous title of Benevolent Dictator for Life.”

Meanwhile, over at El Reg, Liam Proven offers his analysis of the Ubuntu upheaval. In that article, Proven describes the differences between GNOME 3, GNOME 2 and Unity and explains how these changes (or more properly, the management of these changes) have led to the difficulties now facing a wide range of users. Proven concludes:

“Ubuntu is gambling that Unity will attract floods of new Linux users in such numbers as to outweigh those abandoning it for its spin-offs and rivals. If it’s correct, then Ubuntu will continue its rise to near-total dominance of the Linux desktop. But if it’s wrong, it will leave the Linux world more fragmented than ever.”

In my view Ubuntu (or more precisely Canonical and Shuttleworth himself) is wrong and will regret this decision not to properly engage with its user base. I don’t blame them for changing the desktop, after all, the GNOME developers have forced that change upon them. But I do agree strongly with Liron’s position. Ubuntu could do well to listen more.

And in a nice summary of Xfce, Scott Gilbertson today explains why previous GNOME users are moving to that desktop in the wake of the GNOME 3 and Unity changes. It seems I’m in the company of a growing number of other users.

My main desktop now looks like this:

and my netbook looks like this:

(click on either image to get full sized views)

I chose LMDE rather than Xubuntu partly out of pique with the way Canonical is taking Ubuntu, and partly out of a genuine desire to move to a distro which is closer to the ideals of the FOSS community which Ubuntu used to espouse and which Debian always has done. For me, LMDE now offers the best compromise between a truly useable modern desktop (with all that implies for proprietary codecs) and the purity and stability of Debian. I know where things are in Debian and I much prefer the Debian package manager to RPM (which immediately rules out Fedora or SUSE). Having now spent some time playing with Xfce I find myself surprised that I didn’t move to it much earlier. It is clean, relatively lightweight, fast and eminently configurable.

On my main desktop machine (which is running the 64 bit version to take full advantage of the 8 Gig of RAM I have installed) everything works as it should – even the dreaded flash (yes, I occasionally watch youtube). On the netbook (32 bit version) everything except the RHS card reader works. Hot plugging works on the left, and the right /will/ work if there is an SD card in place on boot. (But no, I /still/ can’t read Sony memory sticks. I have sort of given up on that now anyway since I no longer use the PSP to watch videos.)

Now to convert my wife.

I have used the LTS versions of Ubuntu because, in my view, it provides the best trade off between bleeding edge and stability. I’m a huge fan of Debian and use it on my servers and slugs, but Debian is too conservative (and too purist about non-free software such as multimedia codecs) to make it a truly attractive OS for the modern desktop without a lot of additional work. So, the fact that Ubuntu was based on Debian, but with a rather faster release schedule and added usability has made it an obvious choice for some time. And it has become hugely popular. It still ranks number one at distrowatch and there are many other distributions which are based upon it. But Canonical have been taking some controversial decisions of late, many of which have split the user base.

After trialling the unity desktop on the netbook edition in Ubutu 10.10, Canonical merged the netbook and desktop versions into one with 11.04. This meant that users upgrading from an earlier (GNOME based) version were suddenly faced with a radically different looking desktop. The GNOME desktop (called Ubuntu classic) was still available as a fallback from unity in 11.04, but from the latest release (11.10) this is no longer the case, instead you get a 2D version of unity. So, you have unity or you have a worse version of unity.

Ubuntu may be using the GNOME libraries (and it is now using the GNOME 3 libraries rather than those for GNOME 2 as it did when unity was first launched) but many people, myself included, cannot understand why Canonical did not simply work with the GNOME project on version 3. But Canonical have form here. As a company they have been criticised many times in the past for taking rather too much from the FOSS community and not putting enough back. Without Debian, Ubuntu would never have existed. Ian Murdock (the “ian” in Debian) himself expressed concern some time ago that the Ubuntu codebase could diverge too much from Debian unless Canonical developers pushed changes back into the upstream projects. Furthermore, unlike companies such as Intel and Redhat, Canonical developers seem to be almost entirely absent from the linux kernel development community. An interesting, indeed almost comical, statistic emerged recently showing that Microsoft was the fifth most productive contributor to the Linux 3.0 kernel behind only Redhat, Intel, Novell and IBM respectively. As admin magazine notes however, this position owes much to the fact that Microsoft employee K. Y. Srinivasan made 343 changes. Most of those changes were to clean up the code implementing a driver for Hyper-V virtualization. But this is just a statistical blip – I fully expect Microsoft to drop out of the top five, or even top twenty five, shortly.

Canonical also got into a spot of bother when they ditched the GNOME audio player Rhythmbox in favour of Banshee. Rythmbox is decidedly “free software” and links users to free music downloads from Jamendo and paid for music from Magnatune, whilst Banshee looks far more commercially oriented (it linked to Amazon’s MP3 store for downloads in mid 2010 and Canonical used it to link to its own Ubuntu One music store in the 11.04 release. Such decisions can upset people (and make Canonical begin to look like Apple). If they introduce any form of DRM then there will be hell to pay.

With the release of 11.04, Ubuntu Studio, the Ubuntu based distro aimed at multimedia creators, defaulted to retaining GNOME in preference to unity, saying in its release notes “Ubuntu Studio does not currently use Unity. As the user logs in it will default to Gnome Classic Desktop (i.e. Gnome2)”. Shortly thereafter, in May of this year, Scott Lavender, the project lead for Ubuntu Studio announced that they would move away from unity (and GNOME) and use the lightweight Xfce desktop as the default environment in future.

Criticism of Ubuntu (and of Canonical the company) has become so loud and frequent of late that Jono Bacon, the Ubuntu Community “spokesman” reacted by founding openrespect.org apparently as a means of deflecting some of that criticism. The openrespect website says:

“OpenRespect was founded out of a concern that discussion and discourse in the Open Source, Free Software, and Free Culture community has become a little too fiery and flamey in recent years. The goal of OpenRespect is simple: to provide a simple declaration that distills some of the core elements of showing respect to other participants in discussions.”

But as itwire points out, the timing here is rather odd since it is only now “when Canonical has its feet held to the fire, we have a new website called OpenRespect.org registered and volumes of spiel being generated by Bacon.” Quite so.

Jono Bacon has also popped up in a variety of fora getting all defensive about Canonical’s design decisions. He even fronted an article in the July 2011 issue of LinuxFormat magazine where he “interviewed” four key players at Canonical (including Mark Shuttleworth). That interview included such unbiased questions as “Unity is an exciting new vision. What are your goals and inspirations?” Worse, the article did not bother to mention that Bacon was a key Canonical employee.

I have no doubt that Canonical will make unity work. The installed base of Ubuntu users is so large that developers will be forced to make it work, but I don’t have to like it. My problem is that GNOME itself has also changed radically in the move from 2.30 to 3.0. And I don’t like that either. I find myself in good company though, back in July of this year, Linus Torvalds called GNOME 3.0 an “unholy mess” and announced that he was ditching it in favour of Xfce. Although unlike Linus, I never liked KDE, even before the KDE 4 debacle

On 29 December last, Matt Mullenweg posted a notice to the wordpress security blog announcing a very important update which he recommnded be applied as soon as possible because it fixes a “core security bug in [wordpress'] HTML sanitation library, KSES”. Mullenweg rated this [3.04] release as “critical.”

I have just updated my installation. I recommend you do the same.

The sig2dot program itself is available in the debian/ubuntu repositories in the package called “signing-party”. But unless you want to install a shed load of other unnecessary cruft along with it (exim? for god’s sake, why?), I recommend you simply pull the perl code direct from the author’s site. Along with the sig2dot program itself, you will need “neato” from the graphviz package and “convert” from the wondrous imagemagick package suite. If you don’t already have those installed then it is pretty safe to pull them from your distro’s package repository.

That done, try the following:

first create an ascii graphviz dot file ready for neato

$ gpg –list-sigs –keyring ~/.gnupg./pubring.gpg | sig2dot.pl > ~/.gnupg/pubring.dot

now convert to a postscipt file

$ neato -Tps ~/.gnupg/pubring.dot > ~/.gnupg/pubring.ps

before using imagmagick to convert to a png graphic

$ convert ~/.gnupg/pubring.ps ~/.gnupg/pubring.png

Those of you with gpg keyrings may wish to try it out (and no. I’m not going to show you mine).