Living in a surveillance state

Because of time constraints it has been a long time since I wrote something here. However, this is something I want to share with as many people as possible now: Mikko Hypponen’s talk titled “Living in a surveillance state”, last week at TEDxBrussels . If you think that you don’t have to fear the spying by the NSA, GCHQ and other state services because you have nothing to hide, or you are wondering what we can do against it, then you should definitely watch this. “Open source” is the key answer to the latter question by the way.

These are 20 very well spent minutes of your time.

Samsung N210 netbook on Debian GNU/Linux

With the upcoming holidays in sight, I could not resist buying a netbook system to take along with me on my travel to Italy. So yesterday, I received a brand new Samsung N210.

I chose this system because it is not too expensive and it appeared about the best netbook in this price class according to many reviews. Especially the battery time, keyboard and matte screen are praised a lot. It also seemed to work nice in Linux, which was of course also an important requirement.

I have removed the Windows 7 Starter edition which was installed on this system and installed Debian GNU/Linux Squeeze (currently testing) on it. I decided to go for Debian because it is quickly becoming my favourite distribution, now that Mandriva has all kind of difficulties keeping up with innovation and I fear that its future does not seem too bright.

I booted the Debian installer using PXE. So on my DHCP server, I added this in dhcpd.conf:

group {
  allow bootp;
    filename "/pxelinux.0";
    host samsung-n210 {
        hardware ethernet xx:xx:xx:xx:xx:xx;

With being the address of the TFTP server (the same host as the dhcpd in my case).

I installed tftpd-hpa and xinetd, and created this tftpd file in /etc/xinetd.d:

service tftp
   socket_type   = dgram
   protocol   = udp
   wait      = yes
   user      = root
   server      = /usr/sbin/in.tftpd
   server_args   = -p -v -v -v -s /var/lib/tftpboot
   disable      = no
   flags        = IPv4

Then I dumped the contents of netboot.tar.gz of the Debian installer daily builds for AMD64 in /var/lib/tftpboot. Then set up the N210’s BIOS to enable PXE booting and set the network card as first boot device and you should get into the Debian installer.

I had some trouble with the network connection bailing out after some time, but after a few attempts at least I succeeded in installing the Debian base system without X and the system booted correctly. Maybe I was just using a bad network cable.

I installed the gnome-desktop-environment package with apt, which also pulled in X. The graphical environment was working perfectly fine out of the box without any manual configuration needed. Also the webcam was working fine out of the box with Cheese.

The wireless network card works fine once you install the firmware-linux-nonfree package from the non-free repository and to get a nice GUI to connect to wireless networks, I installed network-manager-gnome. Then connecting to my wifi AP protected by WPA2 was a piece of cake and the wireless connection works perfectly stable too.

Actually the only minor problem I met is that the brightness keys are not working. There is a documented solution available to change the brightness (execute # setpci -s 00:02.0 f4.b=ff for maximum brightness).

All in all, I am very happy with this system. Even though it has a 5400 RPM hard drive, which feels a bit slowish during the installation, and has only 1 GB RAM, the system is very fast during normal use in GNOME, especially if you use some more lightweight applications (for example Epiphany or Chromium as web browser). Also with a few adaptations to the desktop and application settings, the small resolution is not really a problem. But maybe I will write some more details about this in a later post.

Server and blog update

Tonight, I updated the server on which this blog is running from Mandriva 2010.0 to Mandriva 2010.1 Cooker. The update went very smooth. The only problem I discovered is that the bacula-fd init script seems pretty broken so I made some bug reports about that.

At the same time, I updated WordPress to the latest version 2.9.2 and installed a new theme, the Arjuna X which looked nice at first sight. All visitors using Internet Explorer will get a banner with a recommendation to update to a better browser thanks to the No IE Welcome plug-in. I hope more people will put up such a banner on their website in order to help spreading the word about better browsers. Especially in light of the current Theora vs. H264 video codec in HTML 5 discussion, I think we really need to promote those browsers that favour a really open codec. Firefox, Chrome and also Opera (from version 10.50, not yet available for Linux) are the good guys supporting Theora.

Enjoy life!

If you have been following this blog for some time, you will have noticed that lately I have been posting a lot less than in the past and that I also reduced my Mandriva packaging activity. There are many reasons for this, which all come down to this: I have the feeling I can spend my time in a more useful and pleasant way than by creating bunches of Mandriva packages every day and being active on the Cooker mailing list, like I used to.

I expect I will not be able to resist to updating a package now and then, but because I am considering switching to another distribution (which would likely be Debian testing), this might also end in the future. In any case, also don’t expect “Cooker noteworthy updates” posts any more on this blog.

Now it is time to enjoy life! :-)

Blue sky

Blue sky
Blue sky

Just an ordinary sky on a nice spring week-end? No. Notice the lack of any airplane trails. Because of the ash cloud caused by Iceland’s volcano, all of northern Europe’s airspace is closed. I guess I will never see this again in my lifetime, such a nice blue sky…

Replacing Google

The last few weeks, Google is getting some very negative attention. Google’s privacy policy, its total domination and its lack of collaboration with the Open Source community are raising some questions:

Do we really want this, depending on one single company for so many features? Do we accept that one single company knows so much information about millions of users all over the world? Do we accept that a company creates more and more features, officially because they want to help the world, but which in reality give them more sources for collecting private data and thus more power? For me the answer to these questions is definitely no.

For this reason, I will not install Chromium on my or anyone other’s computer. I strongly recommend people to use another browser, such as Firefox or one of the many webkit browsers in Linux, which are making great progress now, such as Epiphany, Midori or Arora. For similar reasons, you do not want to use Chrome OS: it basically does not add anything to a standard Linux distribution. Quite on the contrary, there is not much more than just the Chrome browser which is installed, so it forces you to use all of Google’s online services to get anything done. I recommend Moblin as an alternative operating system on netbooks.

I had some kind of “trash” GMail account which I used for some mailing list. I have unsubscribed from those mailing lists and evenually I will resubscribe with the e-mail address of my ISP or a GMX FreeMail account. Or I will just read those lists online or with a news reader via GMane.

As default search engine, I currently switched to In some corner cases, it is lacking a bit compared to Google, but the majority of searches yield good results, so it is perfectly fine as default search engine for me. Be sure to enable AskEraser for a privacy level much better than what you get with Google.

Making your mixed KDE and GNOME desktop look cool

Most people use a mix of QT/KDE and GTK+/GNOME applications on their Linux system. Because both QT and GTK+ use their own widgets (which are all GUI elements, like buttons, toolbars, menus, checkboxes, etc…) and theme engine, QT and GTK+ applications look different from each other. This is especially bad if you use KDE in Debian: in that case by default no GTK+ theme is configured, making GTK+ applications, like Firefox, look like ugly Windows 95 applications. Mandriva on the contrary does use a common graphical theme for both GTK+ and KDE applications (called Ia Ora), but it’s not easy to change the GTK+ theme if you use KDE or the QT/KDE theme if you use GNOME.

Here’s a howto for Debian and Mandriva which explains how to make your desktop look nice if you’re using a mix of KDE and GTK+. Because Ubuntu is based on Debian, this howto might also apply to Ubuntu, but I have not verified this.


I assume that you are running either Debian Squeeze (testing) or Mandriva 2010.0 or a more recent version of these distributions. For Mandriva 2010.0, you also need to have activated the Backports repositories. You can activate them in the Mandriva Control Centre – Software Management – Configure media sources.

Using GTK+ applications in KDE

If you want to use a unified look for KDE and GTK+ applications, then I recommend using the QtCurve theme. Just like Mandriva’s Ia Ora, it consists of a theme engine for KDE and another one for GTK+ which looks exactly the same.

In Mandriva you install the kde4-style-qtcurve package. If you have urpmi’s “suggests” support enabled (it is by default), then this will automatically pull in both the KDE 4 and the GTK+ theme, and also systemsettings-qt-gtk, a tool which lets you choose the GTK+ theme to use in KDE.

In Debian you need the packages qtcurve and also system-config-gtk-kde to set up the GTK+ theme.

Once you have installed all packages, you can start KDE’s System Settings and go to Appearance. In the Style page, you can choose the theme to use in KDE applications, while in GTK+ Styles and Fonts, you select the theme used by GTK+ applications. If you choose QtCurve in both, KDE and GTK+ applications will look very similar and even use the same KDE icon set.

The QtCurve theme comes with different pre-defined styles. If you don’t like the default look of QtCurve, go to System Settings – Appearance – Style, and click on the Configure… button next to the QtCurve widget style box. Under the button Options there, you find the list of predefined styles.

Of course you can also further fine-tune the theme by going to the Colors and Windows pages in System Settings – Apperance, where you can choose a colour set and window manager theme to your liking (QtCurve has a matching colour set and window manager theme, but of course you can choose something else if you want).

Using QT/KDE applications in GNOME

If you are using GNOME and want to make QT and KDE applications look like all GNOME applications without using Ia Ora, you have to run the qtconfig application. In both Mandriva and Debian, you need to have the qt4-qtconfig package installed. Then in qtconfig you select GTK+ as the GUI style to use. If you run KDE applications, you will also need to set the KDE theme to GTK+. This can be done by running
$ kwriteconfig --file kdeglobals --group General --key widgetStyle gtk
in a terminal window. Before executing this command, you will need to have the kdebase4-runtime package installed in Mandriva or kdebase-runtime in Debian.

Debian Squeeze running KDE with the QtCurve theme.
Debian Squeeze KDE 4.3 running Dolphin and Iceweasel (Firefox) 3.5 with the QtCurve theme (Shiny Glass style), Slim Glow Plasma theme and desktop effects enabled.

Flash news flash

A quick update about my Flash rant from some time ago.

Today I wanted to listen to the music tracks on Because of all the annoyance with the Flash plug-in, I had removed it in May, and haven’t looked back since. Now I heard that there was a new pre-release of the Flash 10 plug-in for Linux x86_64 and some people said that it was working fine. So I thought this was the right moment to give it a try again.

What happened when I try to load the MySpace music player with this plug-in installed? As it did already months ago, my browser completely crashed. I wanted to know the cause of this, and so I ran firefox -g from a terminal. When it crashed, I was greeted with this error: “illegal instruction”. So it seems Adobe’s 64 bit Flash plug-in, actually does not work on all x86_64 systems and requires some newer instructions which my AMD Athlon 64 3500+ does not support (I guess it requires SSE3 or something similar) to work. Hence the browser crash when loading any Flash animation.

Then I tried on another machine, where I have the 32 bit plug-in with nspluginwrapper installed. I click on the FlashBlock icon to start the MySpace music player, but it does not appear at all. The Youtube videos on the same page, load fine though.

So, two systems, and two times Flash is not working as it should. I’ll happily remove it again, because no Flash plug-in is at least better than a non-working and potentially browser crashing Flash plug-in.

Open letter to Adobe

Dear Adobe,

You are the developers of the successful Flash plug-in. Your plug-in is successful in the sense that it’s almost impossible to browse the web without having your plug-in installed. Flash is widely used for movie clips, web radio, informative animations, navigation menus, stock graphs, ad banners and many more. Some sites are even written completely in Flash.

For that reason, I have been using Flash for many years on my computer systems. First I used it on Windows and later on Linux, which I strongly prefer now. In all those years, I have had many problems with your plug-in.

When I was using Flash (I think it was version 4) on Windows 98 on my trusty Pentium II 350 Mhz, full screen Flash sites would make my computer very unresponsive. It also happend to me and also to a friend that different Flash versions were installed together, probably one we downloaded from Macromedia’s site and another older version which was included in some software, probably Microsoft Encarta. Because of these conflicting versions, we had Flash immediately crashing our browser when visiting certain web sites.

Then when I moved to Linux, there were times that I could not visit certain web sites because they required a newer Flash version which was not yet available for my OS. I also could not use my distribution’s package manager to install your software, because you did not permit others to include your software in my distro’s online repositories.

A few years later, I built a new machine with an AMD Athlon 64 3500+ processor. I installed a 64 bit Linux distribution, but there was no 64 bit Flash plug-in. I contacted your company Macromedia, creator of the Flash plug-in, to request a 64 bits versions of the plug-in, but I did not receive any positive answer, in spite of many other people requesting the same thing. Fortunately, the number of sites which were totally unusable without Flash, were not that high, so I accepted to live without your plug-in. One more year later, nspluginwrapper was born, and finally made it possible to view Flash animations on my 64 bits machine again.

In 2007, I started using an Apple PowerPC machine at work. Because Linux was (and currently is) still my preferred OS, I installed Debian GNU/Linux on this machine. But again, no Flash plug-in was available for this system.

We are now May 2009. Many new Flash versions were released in all those years, and finally you started developping a plug-in for the x86_64 architecture. However, things are not much better yet. When I try to view a Flash animation with your 64 bit development version of the plug-in, my browser often crashes hard. If I try to use your 32 bit plug-in with nspluginwrapper, the plug-in itself is not very stable: often when switching tabs in my browser, Flash animations suddenly die and streaming video clips on some Belgian websites do not work at all: the video applet just shows it is buffering, but the video never comes up. The same thing works fine another machine I own. Maybe your plug-in does not work well together with the NVidia drivers, another piece of proprietary sofware I need on this system? Or maybe your plug-in needs some extra libraries which are missing on this system? Unfortunately, I could not find a complete requirement list for your plug-in. The requirements on your download page are very general; only in a blog posting I found that I also need Curl, but I do have libcurl4 installed in both 32 and 64 bit versions on my Mandriva system.

Today, I can only conclude that I’m fed up with this situation. In all those years, I have had lots of problems with your plug-in and with every new version, new problems were introduced. Not only does your plug-in have many problems, the use of Flash is preventing universal access to information for everyone, no matter what kind of system, OS or browser they use. I uninstalled your plug-in today on this system, and I will continue my quest against your software in full force. I will actively search for non-Flash web sites and promote these as alternatives to Flash based web sites. I will also actively promote alternatives to your technology. Good web sites should be based around real open standard file formats, which Flash most definitely is not.

I hope you, Adobe, will finally see the light some day, and start publishing a really complete specification of your proprietary format under a totally Free license and that you will actively support and promote Free Software implementations. However, until then, I see no other option than boycotting your software.

With kind regards,

Frederik Himpe

Futher reading:

“The Great Firewall of Belgium” active

Since today, Belgium has got it’s own version of “The Great Firewall of China”. The biggest Belgian ISPs are blocking access to several web sites, often related to child porn.

The idea already existed for several months, but the implementation was probably accelerated after a Dutch guy recently created a website where he posted detailed personal information about child abusers in Belgium. While publishing such detailed private information is forbidden in Belgium, it was very difficult to take real action against the website, because it operated from abroad.

So now this website is not accessible anymore from most Belgian ISPs. People who try to access this website, get redirected to a web page which explains that the web site is not accessible because it is considered illegal in Belgium.

Technically, it’s not really a firewall. The redirection happens on the DNS level. Instead of returning the real IP of the server, the DNS servers now return the address of a server in Belgium containing the warning page.

While I agree (like every sane person) that things like child’s pornography are completely sick and should be severely acted against, I think that creating a blacklist of websites which people cannot visit any more is a very dangerous precedent. It’s not clear at all how it is decided to put a website on the blacklist. Currently this is not based on a judge’s decision after an official juridical procedure. Also how long will it take until someone makes a mistake in the list and blocks half of the Internet by error (which is not unrealistic, it happened to Google recently!), or worse, until sites of political dissidents are blocked? For this reason, I have decided to stop my internal Bind DNS server at home from forwarding its requests to my ISPs DNS and instead I let it do iterative recursion now.  I read that many others are starting to use OpenDNS now, but this seems to have privacy issues by itself too.