I'm going to cut down on debian-related stuff further. At least until next DebConf, I plan to reduce my involvement in the project to a minimum.

So, I'm unsubscribing from all (52!) lists now, except debian-devel-announce. Feel free to mail me privatly if you want to ask about anything. I'll still see bug reports.

Missed the morning talks.. looking forward to replays being available..

rails

Projects not bothering to release tarballs, and just publishing a git repo (hopefully with some tags!) will only become more common, I think, and it's interesting to see this is already very common with ruby gems.

Faking up an orig tarball is still a reasonable workaround now, but will probably look very retro in 5 years.

Re Debian vs Rails communities, I wonder if there's a generation gap in here somewhere..

rest

(will update throughout the day)

Today I figured out why the awesome window manager's tags are so eh, awesome.

I'm attending debconf via irc and web stream, and have that on tag 9. Which I mostly think of a a desktop, since I generally view one tag at a time, and flip between them like desktops.

But often I want to browse the web, or do something else too, without losing the video and irc offscreen. So from tag 9, I can press mod+ctrl+3 to display tags 9+3 at the same time. And after I've done this, can mod+left/right to go up and down between tags, and tag 9 stays selected and visible. Awesome automatically lays everything out.

Only thing I don't like is that if I use mod+N to switch to a specific tag, it will drop tag 9.

More notes and reactions from DebConf video.

debbugs

Hadn't realised how handy bts select is!

My CVE-XXX-XXXX tags are a fairly large percentage of the 3000+ unique user tags. 2461 to be exact. :-) It would be nice to be able to view a list of all users of usertags, and their tags, in the BTS web interface.

Yay! Don implemented the summary idea already.
(And I implemented bts summary during his talk.)

Local partial debbugs mirror: Crazy idea, but better than bts cache. :-) (And if it provides an incentive for a current and proper debbugs deb to be maintained, that's a win.)

vcs-pkg

I won't bother once again repeating my responses to tired arguments like "git's archive format will change!" Been there, done that, been ignored; stopped maintaining any non-native packages; your loss.

Topgit looks generally handy, and it was neat to have its author on irc during the talk.

video team

Hundreds of remote watchers -- impressive..

Looking forward to the remote controlled telepresence robots at debconf 10!

(Also to a lack of tango loop music.)

bugs in large packages

Bug summaries are not yet shown in the "extra information" in the bug index page.

A few notes/reactions from the talks I attended today from the very, very back of the room. (AKA the skivvies and/or backyard track.)

(titular story by Connie Willis)

DPL talk

FYI, I raised my hand when Sledge asked for a show of hands. :`-(

MANCOOSI

(Is aptitude's dependency resolver deterministic?)

wiki

I doubt that trying to get the whole wiki licensed under a specific license is a good use of time. Since the wiki is not a package that we ship, but is instead a ad-hoc collection of many documents, and many conversations, I also don't see the point of a single consistent license, or any reason to be bothered by content whose license is not specified.

Be very wary of anything that makes contributing to the wiki require jumping through more legal hoops than it takes to contribute to lists.debian.org or bugs.debian.org. Chilling effects can work both ways.

method diffusion in free software projects

Most interesting talk today. Was hoping for some results, but not disappointed. (Yak shaving!)

user and NM surveys

Looked like most DDs in the audience hadn't heard of the survey?

SPI

Nice numbers and more big projects than I'd thought.

Avoided being locked in room, so still not a SPI member. ;-)

Well, close as I'll get this year.

Making the most of it, thanks to the video team.

I've been fearing August for months. That miserable hot streak in early June pumped it up to absolute dread. Not being able to escape to winter in Argentina didn't help.

Now it's August and we're going to have a whole week of weather like today's: In the upper 70's (aka mid 20's), breezy, beautiful puffy clouds.

I'm still dreading the second half of the month though. ;-)

Spent the first half of the day working on a web inteface to configure ikiwiki. The next version of ikiwiki will have that and some other neat setup features that make it really easy to set up a wiki.

Then up to Abingdon for VA highlands. I was actually reminded of Edinburgh, but not by the kilts and celtic music; instead by the post-rain damp and little alleys.

Drove Anna's golf cart around the swamp. Suprisingly capable in mud and creek ford and general rough going. (PS, if my next car has internal combusion, please shoot me.)

Another night on battery power @yurt.

Now playing: Cicadas and The Who, loudly.

So, the good news is that I'm the only one who will be flooding planet Debian by upgrading ikiwiki. Bad news of course is that I didn't notice the bug until I was testing the new release in my own blog. :-)

So for those of you who arn't aware, as of yesterday, it's easy for any spotty teenager/script kiddie to make you see content you didn't expect to when you go to google or your bank, etc. Maybe you're lucky and someone has fixed the problem on your network. Most likely you're not so lucky.

(Confidential to Anna, Maggie, Adrianne, Errol, Barbara, Mark: You're lucky! But only when you're at home.)

At the moment, the idea that DNS can be trivially poisoned seems like a really serious problem.

Will there come to be a point when we just regard this as "DNS spam", basically accepting that it's happening all the time, indeed that a given DNS query is as likely spoofed than good, and nothing can be trusted, or indeed, fixed? If you don't think this can happen to a internet techology, just look at the average inbox now, and compare it to the average inbox circa 1993.

I can't claim to be an expert in this area, but based on what I'm reading, the current "fix" increases the time-to-exploit from 11 seconds to maybe 1 week. (BTW, is there a reason why DNS servers are caching in-baliwick responses.. would it work to entirely disable that caching? Any chance for a second round of more targeted fixes now that the cat is out of the bag?) Also, I get the impression DNSSEC will never be successfully deployed, barring a miracle. And we seem to have just run out of miracles.