tags/lazywebzack's home pagehttp://upsilon.cc/~zack/tags/lazyweb/zack's home pageikiwiki2010-01-15T09:49:50ZPreserving privacy with Google Docshttp://upsilon.cc/~zack/blog/posts/2010/01/Preserving_privacy_with_Google_Docs/2010-01-15T09:49:50Z2010-01-15T09:43:58Z
<h1>Eclectic paper: SEcure GOogle DOCumentS</h1>
<p>Two days from an <a href=
"http://googleblog.blogspot.com/2010/01/new-approach-to-china.html">
important Google announcement</a>, <strong>privacy
awareness</strong> is steadily increasing in the media. The old
mantra that "despotic governments might use your data in unexpected
way" sounds more real than last week, and <a href=
"http://www.imdb.com/title/tt0405094/">recent movies</a> ring
different bells in our heads.</p>
<p>That event has prodded me to (finally!) blog about <a href=
"http://upsilon.cc/~zack/blog/posts/2009/11/Enforcing_type-safe_linking_using_package_dependencies/">
yet another eclectic paper</a> of <a href=
"http://upsilon.cc/~zack/research/publications/">mine</a>, co-authored with my old
friend <a href=
"http://www.cs.unibo.it/~gdangelo/index-eng.html">Gabriele
D'Angelo</a>, and which I'm going to present at <a href=
"http://www.acm.org/conferences/sac/sac2010/">the forthcoming ACM
SAC conference</a>. The paper is titled <a href=
"http://upsilon.cc/~zack/research/publications/sac10-coclo.pdf"><strong>Content
Cloaking: Preserving Privacy with Google Docs and other Web
Applications</strong></a> and poses (again) a rather simple
question: why should you trust Google to faithfully store your
<strong><a href="http://docs.google.com">Google Docs</a>
data</strong>? What if roles in the recent Google-vs-China issue
were inverted?</p>
<p>The proposed solution (Content Cloaking) then simply implements
<strong>transparent encryption and decryption</strong> in the
payload which is sent back and forth between your browser and the
Docs backend. Trying to access your Docs data without a decryption
layer and the needed key will then just show garbage, for both
humans and Google harvesters. Of course you lose something, like
full text search which is performed server-side by Google, but at
least you're back in charge again: it is you who decides to which
extent trading-off your privacy with offered services.</p>
<p>A <strong>proof-of-concept implementation</strong> is provided
(and of course is free software!) as an extension for the Firefox
browser, but is now out of date wrt Firefox mainline and was not
really production ready anyhow (let's say it was
master-thesis-implementation-quality ...). Still we, the authors,
stand behind the idea even if we don't have the energy to maintain
a production-quality implementation.</p>
<p>So, <strong>Dear LazyWeb</strong>, If you are interested in the
topic and you've development cycles to spare, please <a href=
"mailto:zack@upsilon.cc">drop me a mail</a> and I'll be happy to
point you to all needed details to resurrect the implementation (or
create one from scratch, which should be pretty easy and quick if
you're familiar with extension development).</p>
gdebi needs youhttp://upsilon.cc/~zack/blog/posts/2009/09/gdebi_needs_you/2009-11-28T12:00:16Z2009-09-20T18:56:47Z
<h1>please help out with gdebi - a history of why</h1>
<p>Short summary: <strong>if you are looking for a way to help
Debian become a bit more user friendly, please take care of
<a href="http://packages.qa.debian.org/g/gdebi.html">gdebi</a> in
Debian</strong>.</p>
<p>I'm rather upset. So beware, rant ahead.</p>
<p>The reason dates back to the beginning of this afternoon, when a
friend of mine, GNU/Linux <strong>newbie</strong>, mailed me asking
for help with his brand new (to my astonishment) Debian Lenny
installation running the GNOME desktop environment. The request was
simple and common to a lot of our users: "how can I see videos on
YouTube and use Skype"?</p>
<p>Surely, the first (brief) explanation I gave was <em>why</em>
those pieces of software are not in Debian, because they are pieces
of <strong>evil proprietary software</strong>. Fair enough, usual
song and dance, that gets the message through. But than, given that
I personally care about releasing a completely free operating
system, but not necessarily in inhibiting the usage of any non-free
bits of software, I wanted to actually <strong>solve</strong> my
friend's problem.</p>
<p>Regarding <a href=
"http://packages.qa.debian.org/f/flashplugin-nonfree.html">flashplugin-nonfree</a>,
unfortunately it is not in Lenny. Two solutions to that: either
point him to <strong><a href=
"http://www.backports.org">http://www.backports.org</a></strong>
and explain how to use them from synaptic (not particularly hard).
Or give him a direct download link of the .deb coming from
backports.org.</p>
<p>It turns out that for Skype there is no such choice. Once there
used to be an APT-gettable repository for their debs, but it seems
to have vanished (or else I can't find it). Still, there is a page
from which you can download Lenny .debs. Given that for Skype the
choice is forced, I was tempted to simply reply to him with a
couple of link to .debs and solve his problem rather easily.</p>
<p>But wait. Once he has the two debs, <strong>how can he install
them</strong>? First attempt: "just click on them in Nautilus" (my
hope: "synaptic will do the right thing™). No way, it will fire up
file-roller. Second attempt: "install <strong>gdebi</strong> (using
synaptic), right-click on the deb, and choose ;open with gdebi'".
Seems to work, but no, you will be hit by <a href=
"http://bugs.debian.org/493352">Debian bug #493352</a>. (BTW, the
reason why you need the <em>right</em> click is <a href=
"http://bugs.debian.org/421096">Debian bug #421096</a>).</p>
<p>What makes me upset is that both bugs were there way before the
Lenny release and slipped through our QA knots. Nobody's fault, the
maintainer apparently lost interest (or time) package and stopped
caring about it. Happens all the time. But damn!, we will lose a
user the moment I tell him "you know, you need to open up a root
terminal". A few remarks: this rant is not about "we should invite
user to use non-free software"; it is not even about "we should be
more attractive to newbies"; it is just about the pity of losing
users <strong>like this</strong>, dumbly.</p>
<p>Concluding:</p>
<ol>
<li>
<p><strong>dear lazyweb</strong>, any idea of what can I suggest to
my friend to install the debs I'll point him to, without needing
the knowledge of a terminal?</p>
</li>
<li>
<p>gdebi in Ubuntu is ahead of lots of version wrt Debian, I'm
convinced that it fixes most outstanding issues (given that
upstream author is a Canonical employee). If you have some free
Debian-time slots (I currently don't) and you care about
newbie-accessibility, please consider <strong>helping out with
gdebi</strong>. He needs you.</p>
</li>
</ol>
<p>EOR (end of rant)</p>
<p><strong>Update 07/10/2009</strong>: gdebi is now fixed in
unstable \o/ , thanks to Michael Vogt and Luca Falavigna for
bringing back into sync Debian with upstream/ubuntu.</p>
PAM hookshttp://upsilon.cc/~zack/blog/posts/2008/01/PAM_hooks/2009-11-28T12:00:16Z2008-01-23T08:28:07Z
<h1>pam-hooks - PAM module to execute login/logout actions</h1>
<p>Yesterday I've finally <a href=
"http://upsilon.cc/~zack/hacking/software/pam-hooks/">published</a> a PAM module I
wrote a while ago to implement an apparently trivial need which I
haven't found implemented elsewhere. What I wanted to do was simply
to be able to execute hook scripts upon an user is entering or
leaving a PAM session. Actually, my use case is to clean the home
directory of a user upon its GDM logout (and to be sure also just
after he logs in) as such a user is a "dummy" one, reused by
several people in a stripped down kiosk-like environment.</p>
<p>When I did my googling about this I was able to find only
Enrique Ocaña's <a href=
"http://community.igalia.com/twiki/bin/view/Corunix/InstallPamPreprofile_1_0">
PAM preprofile</a> which can force script execution at
authentication time, but nothing for the logout. So I wrote my own
toy module, generalizing a bit the API so that invoked scripts are
informed about whether a login or logout is in process.</p>
<p>The result is <a href=
"http://upsilon.cc/~zack/hacking/software/pam-hooks/">pam-hooks</a>. It is not in
Debian since I do not know how many people can be interested in
such a thing; in case you are just let me know.</p>
<p>Dear lazyweb, comments, code auditing, and pointers to similar
stuff I've overlooked are really welcome.</p>
which python parser generatorhttp://upsilon.cc/~zack/blog/posts/2007/07/which_python_parser_generator/2009-11-28T12:00:16Z2007-07-23T08:24:31Z
<h1>Too Many Python Parser Generators</h1>
<p>Dear LazyWeb, there are too many Python parser generators.</p>
<p>There is a Wiki page comparing them, articles at various
editions of the Python conference, tons of mailing list posts. I'm
so bored about all this amount of information (which I actually did
read some months ago) that I'm not even willing to look for the
relevant hyperlinks and add them here; that sucks.</p>
<p>( Rant: I frankly have hard time in believing that a language
with a respectable standard library as Python has failed so far in
establishing a de facto solution for parser/lexer generations.
However this seems to be the case. )</p>
<p>Feeling lost, I convinced myself that I wanna go for a
Python-Bison glue, so that at least I'll have a grammar in a
widespread format that I can reuse in other languages in case of
need. But even in this case there seems to be several Python-Bison
glues out there <img src="http://upsilon.cc/~zack/smileys/sad.png" alt=":-(" /> ...
and almost all seem to be dead projects!</p>
<p>Dear LazyWeb, any suggestions about which to choose?</p>
crappy ooimpress styleshttp://upsilon.cc/~zack/blog/posts/2007/05/crappy_ooimpress_styles/2009-11-28T12:00:16Z2007-05-24T20:56:39Z
<h1>Crappy OpenOffice.org Impress Styles</h1>
<p>The "GNOME suite" (mainly <a href=
"http://www.abisource.com/">AbiWord</a> and <a href=
"http://www.gnome.org/projects/gnumeric/">Gnumeric</a>) is quite
nice and I usually prefer it to the bloated <a href=
"http://www.openoffice.org/">OpenOffice.org</a> counterparts.
Unfortunately it is missing a good presenter. Yeah, I know, I
should use beamer, and I fact I often do for academic stuff, but
for quick and dirty presentations, where you care more than you
should about visual aspects and WYSIWYG ... I often resort to
ooimpress.</p>
<p>It is not <em>that</em> bad, if you can stand its memory
consumption and startup time, but for a long time I was convinced
that <em>I</em> was wrong about a feature I was not finding in the
UI. My reading of the ooimpress manual this morning seems to
contradicts this belief.</p>
<p>Here is the simple scenario. I do not play with fonts, the
default styles inherited by the master page are fine. I just want
from time to time to select some text and mark it as "verbatim
text":</p>
<ul>
<li>
<p>monospace font</p>
</li>
<li>
<p>remove the bullet/number corresponding to the current outline
level</p>
</li>
</ul>
<p>the use cases are those you guessed: markup a shell command, a
command output, or a code snippet. Of course I can't stand doing it
again and again by hand, having to keep in mind each time the font
I chose and its size for ensuring uniformity. I want to use a
style.</p>
<p><em>That's it</em>, nothing less, nothing more. Is it asking too
much?</p>
<p>It seems so. ooimpress supports two kind of styles. One type
(sorry, forgot the name) can be applied to built-in content types,
e.g.: heading1-9, titles, subtitles, .... Changing such a style
will affect all slides. Fair enough, that's good. The other type
can be applied only to "graphics" elements, including text boxes.
Fair enough as well, this way I can change at once all the text
boxes or labels I've used in my document.</p>
<p>But wait ... how can I solve my problem now?</p>
<p>I see only two awful ways:</p>
<ol>
<li>
<p>devote a high heading level (e.g. 9) to my verbatim text</p>
</li>
<li>
<p>use a graphic style</p>
</li>
</ol>
<p>of course, a graphic style can not be applied inside
non-floating text boxes and I do not want to use tons of text
boxes, especially because they are not anchored to ordinary
text</p>
<p>Dear lazyweb, please prove me wrong.</p>
rhythmbox gstreamer pipelinehttp://upsilon.cc/~zack/blog/posts/2007/02/rhythmbox_gstreamer_pipeline/2009-11-28T12:00:16Z2007-02-11T14:25:38Z
<h1>Looking for a Gstreamer Pipeline for Remote Audio with
Rhythmbox</h1>
<p>Dear Lazyweb,</p>
<p>i'm looking for a <a href=
"http://gstreamer.freedesktop.org/">gstreamer</a> custom pipeline
for configuring <a href=
"http://www.gnome.org/projects/rhythmbox/">Rhythmbox</a> so that I
can execute it remotely via X and deliver audio to the local
machine.</p>
<p>Can you help me out?</p>
<p>In exchange to your help I offer:</p>
<ul>
<li>
<p>recipe for obtaining remote audio playing with <a href=
"http://www.xmms.org/">XMMS</a> using <a href=
"http://www.tux.org/~ricdude/overview.html">EsounD</a>:</p>
<ol>
<li>
<p>on the local machine run esd as follows</p>
<pre><code> $ esd -nobeeps -tcp -public
</code></pre></li>
<li>
<p>on the remote machine run XMMS, enter the preferences
(<tt>CTRL-P</tt>), "Audio I/O Plugins" tab, choose "eSound Output
Plugin" as "Output Plugin", click "Configure" and enter the address
of the local machine, TCP port is 16001</p>
</li>
</ol>
</li>
<li>
<p>recipe for playing an ogg/mp3/whatever file located on the
remote machine via network using Gstreamer pipelines, postponing
the audio decoding on the local machine so that network usage is
minimized:</p>
<ol>
<li>
<p>on both local and remote machines install the <a href=
"http://packages.debian.org/unstable/utils/gstreamer-tools">gstreamer-tools</a>
package</p>
</li>
<li>
<p>on the local machine run</p>
<pre><code> $ gst-launch tcpserversrc host=0.0.0.0 port=3000 ! decodebin ! audioconvert ! alsasink
</code></pre></li>
<li>
<p>on the remote machine run</p>
<pre><code> $ gst-launch filesrc location=yourfile.mp3 ! tcpclientsink host=localmachine port=3000
</code></pre></li>
</ol>
</li>
</ul>
<p>Now, would you be so kind in giving me back another pipeline?
<img src="http://upsilon.cc/~zack/smileys/smile.png" alt=":-)" /></p>
<p><em>PS</em> oh, yes, a way to configure the remote Rhytmbox so
that the local esd server is used would be fine too ...</p>
<p><strong>Update:</strong> thanks to the tip from Marius I found
the solution: I run esd on the local machine as per the XMMS recipe
and then I run rhythmbox as follows: <tt>ESPEAKER=localmachin
rhythmbox</tt></p>
looking for a website markup languagehttp://upsilon.cc/~zack/blog/posts/2006/12/looking_for_a_website_markup_language/2009-11-28T12:00:16Z2006-12-23T14:01:45Z
<h1>Which Website Markup Language?</h1>
<p><em>Dear Lazyweb</em>,</p>
<p>now that I've finished my Ph.D. thesis (i.e. now that I'm
officially unemployed <img src="http://upsilon.cc/~zack/smileys/smile.png" alt=
":-)" /> ) it's time to renew <a href=
"http://www.bononia.it/~zack">my vetust homepage</a>. That page is
written with <a href="http://thewml.org/">WML</a>, I used to be
quite happy with it, but this is no longer the case (lots of
reasons for that snippet).</p>
<p>I'm now looking for an <a href="http://www.w3.org/XML/">XML</a>
based markup language for re-writing my new homepage, the features
I would like to see in a tools based on it are:</p>
<ul>
<li>
<p>content-oriented XML-based markup for describing the content of
the website (if not XML-based at least processable via an API
implemented in some programming language I like: python, ruby, ML,
...)</p>
</li>
<li>
<p>legacy <a href="http://www.w3.org/TR/xslt">XSLT</a> (or whatever
if not XML-based) transformations for generating <a href=
"http://www.w3.org/TR/xslt11/">XHTML 1.1</a> pages which can be
statically served by a web server requiring no particular
extensions</p>
</li>
<li>
<p>ability to extend both the input format of the transformation
tool (e.g. adding support for new XML dialects) and the
corresponding transformations, and to integrate the results in the
resulting website. Relegating the results of the ad-hoc
transformations in a subdirectory of the resulting website which is
not integrated elsewhere is <em>not</em> ok</p>
</li>
<li>
<p>ability to integrate verbatim snippets of XHTML/Javascript/...
in the input document where needed (hopefully not so often)</p>
</li>
<li>
<p>clean final XHTML pages which rely only on <a href=
"http://www.w3.org/Style/CSS/">CSS</a> for presentational purposes
would be nice</p>
</li>
<li>
<p>support for predefined common website layouts would be nice
(e.g. 2/3-column layouts supported by <a href=
"http://pages.google.com/">Google Page Creator</a>)</p>
</li>
</ul>
<p>Of course I can design my own XML format and all the needed XSLT
transformations, but I would like to avoid re-inventing the wheel
if possible.</p>
<p>Actually a while ago I think I read about a couple of tools like
the one I'm looking for here on <a href=
"http://planet.debian.org">planet</a>, but right now I'm unable to
find the relevant posts. Similarly I'm apparently unable to find
the right set of Google keywords for finding anything useful.</p>