Posted about 1 year ago
The question of mutually exclusive streams in PulseAudio came to mind earlier, and thanks to Arun and Jens in #gupnp I discovered the PulseAudio supports them already. The use-case here is a system where there are many ways of playing music, but ... [More] instead of mixing them PA should pause the playing stream when a new one starts.
Configuring this with PulseAudio is trivial, using the module-role-cork module:
$ pactl load-module module-role-cork trigger_roles=music cork_roles=music
This means that when a new stream with the “music” role starts, “cork” (pause to everyone else) all streams that have the “music” role. Handily this module won’t pause the trigger stream, so this implements exclusive playback.
Testing is simple with gst-launch
$ PULSE_PROP='media.role=music' gst-launch-0.10 audiotestsrc ! pulsesink
Setting pipeline to PAUSED ...
Pipeline is PREROLLING ...
Pipeline is PREROLLED ...
Setting pipeline to PLAYING ...
New clock: GstPulseSinkClock
At this point, starting another gst-launch results in this stream being paused:
Setting state to PAUSED as requested by /GstPipeline:pipeline0/GstPulseSink:pulsesink0...
Note that it won’t automatically un-cork when the newer stream disappears, but for what I want this is the desired behaviour anyway. [Less]
Posted about 1 year ago
I read a few good articles in English about the latest elections in Italy, but they all seemed a bit unclear about what can actually happen and what cannot happen.
I hope this post can be easy to understand, not too boring and not too ... [More] imprecise (I’m trying to simplify a few things and I didn’t study law).
A brief introduction
Italy is a parliamentary republic. The parliament is formed by two separate houses, the chamber of deputies and the senate. The two houses have the same powers to make laws and to pass votes of confidence for the government.
The cabinet is usually formed by members of the parliament, but this is not a requirement. The prime minister is not particularly powerful, for instance the prime minister cannot dismiss ministers or call for new elections.
The president of Italy is the head of state. The president is mainly a figurehead with limited powers, but becomes very important when it’s time to form a new government or to dissolve the parliament.
The president is elected by a joint session of the two houses of the parliament plus 58 local representatives for a 7-year term.
How is the parliament elected?
The current electoral law, disliked by almost everybody, was used for the first time in 2006 and was designed to make it difficult for the left to get a stable majority. Parties can form coalitions or stand on their own.
For the lower house, the coalition or party with the most votes automatically gets 55% of the seats. The rest of the seats are assigned to the other coalitions or parties on a proportional basis.
The senate is elected in a similar way, but on a regional basis (Italy is formed by 20 regions). This means that the party or coalition that gets most of the votes in a region gets 55% of the seats assigned to that region. It means that, at a national level, it’s possible that nobody will have a majority.
What are the main parties/coalitions in Italy?
The left is formed mainly by the Democratic Party (a center-left social democratic party) and by Left Ecology Freedom (a communist-ish/green party).
The centre is a mix of Christian and economically liberal parties. Its leader is Mario Monti, the current technocrat prime minister.
The right is formed by Silvio Berlusconi‘s People of Freedom and by the Northern League (they want more independence for the North of Italy and they are a bit populist and racist).
The new entry at the latest elections was Beppe Grillo‘s Five Star Movement. Their policies are a mix of environmentalism, anti-corruption and euroscepticism. While most of their goals are laudable, they are very populist with huge holes in their policies; basically it’s not clear where they could get the money for any of their policies. While they claim to value direct democracy, it’s Beppe Grillo who actually completely control the party, even if he was not a candidate at the elections.
Why isn’t Beppe Grillo in the parliament?
Beppe Grillo says he is just the spokesperson of his party. Moreover, the Five Star Movement is against electing people that were found guilty of any crime in the past and Beppe Grillo was found guilty of manslaughter for a car accident in which three passengers died.
Who won the elections?
Nobody. The left has a majority in the lower house, but no current coalition has a majority in the senate.
Who voted for the 5 Star Movement?
Apparently one third of their voters used to vote for the left, one third for the right and one third didn’t vote in the past.
What is going to happen now?
The new parliament’s term will start in a couple of weeks. At that point the two houses need to vote for their presidents/speakers. Then the Italian president will hold meetings with the various political leaders and try to find a prime minister that has good chances of creating a cabinet that could pass a confidence vote by both houses of the parliament. This is the problem as there is no majority at the moment.
Is a broader coalition possible?
In theory yes. Any coalition will have to include the left because they control the lower house.
A coalition of the left and the centre is what most people expected before the elections, but Monti didn’t get as many votes as expected, so this coalition would not have a majority in the senate.
A coalition of the left and the 5 Star Movement would have a majority, but Beppe Grillo doesn’t want to form alliances with anybody. The 5 stars are against traditional politics and want a deep renovation of the Italian political class; if they decided to form an alliance with a traditional party they would lose a lot of their voters.
A coalition of the left and the right is possible too, but unlikely. The current technocrat government was, after all, a coalition of left, centre and right, but Berlusconi decided to stop supporting it, so why should he be trusted again? Moreover, I think that a coalition of left and right would disgust a lot of their voters.
Is a minority government possible?
It would be very unstable but yes, it would be possible to have a minority government formed by the left and, maybe, the centre with external support by the 5 stars. The problem is that this cabinet would still need to pass a vote of confidence in the lower house (easy) and in the senate (not so easy as the 5 stars don’t want to vote for it).
But the 5 star senators could just abstain, right?
No. Abstentions in the senate count as no, so the government would not get the parliament’s confidence.
But the 5 star senators could just leave the senate during the confidence vote!
No. Votes in the senate are only valid if the majority of senators is present. The right would not have enough votes to block the confidence vote, but they could just leave before the vote, making the vote invalid.
Can’t you just vote again?
Usually the president, when it’s clear that there is no chance to form a cabinet, calls for elections, but this time it’s not possible.
The authors of our constitution were worried that a president could dissolve the parliament just before the end of the presidential term in the hope of getting a more favourable parliament that would elect the current president for another term.
The term of the current president will end in a few months, so he cannot dissolve the parliament now.
How about another technocrat government?
It would be possible (and it would be very different from the current one!) but it would be very difficult to get the left and the 5 stars to agree on much.
Could the new parliament elect another president that would then dissolve the parliament?
Yes, but finding an agreement to make this happen is going to be complicated and take time. In the meantime, Italy won’t have a stable government (the current Monti government will be in charge until a new government is found, but with very limited powers).
So, what is going to happen?
Good question. I have no idea. [Less]
Posted about 1 year ago
I was at the developer conference in Brno over the last weekend, so I missed this when it first came out, but I’ve just watched the new video by my colleague Monty, and I must say it is really fantastic. Go watch it!
If you want to learn more about the topic and about the software that he used in the production, its all here.
Posted about 1 year ago
Up early, misc. code cleanup, patch review, tool writing,
chat with JRB. Out to cell group in the evening.
Posted about 1 year ago by nore...@blogger.com (Marta Maria Casetti)
So, how did the Documentation sprint go? Not bad, not bad at all. I wish I would have been feeling better (I was quite under the weather, I don't know why) - and that I could have been a bit more productive (and that I could have gone for a few more ... [More] beers with the others), that's all I can complain about.
I finally wrote the "generic widget" example for the Python GTK+ tutorial for beginners. I also learned a bit of Cairo in the process.I reviewed (with a precious help of Kat Gerasimova) the above mentioned tutorial as a whole.Last but not least, with Allan Day and Dave King we planned a complete rewriting of the presentation of the developer docs. The last point is the reason for the title of this post. The idea is to separate the tutorials for beginners (that may be either a 10 minutes tutorial on "how to do something" or a more extensive introduction to a library) and the documentation directed at more experienced programmers. The former would end in a separate area in the website, whereas the latter would be under "tutorials" in the main website. Allan Day has designed a wonderful mock-up:
So, what's next?
I would then revise the Guitar Tuner and Image Viewer tutorials to make them a first example of "10 minutes tutorials" (for GStreamer and GTK+, respectively).
So: many plans for the future have come out of this Documentation sprint. Many pleasant meetings, a lot of new ideas, a better understanding of little (but not less relevant!) things (I never knew that there was a difference between the capitalization of the titles in UK and US English - now I know)...
So: a "see you soon" to everyone who was there, a GIGANTIC thank you to our hosts in Brno, especially Florian Nadge, who woke up at 4am to pick me up at the airport on the first day! and that accompanied us almost everywhere.
And, of course: thanks to the GNOME Foundation who sponsored my travel!
And... see you soon for GUADEC, Brno! [Less]
Posted about 1 year ago
It's fairly straightforward to boot a UEFI Secure Boot system using something like Shim or the Linux Foundation's loader, and for distributions using either the LF loader or the generic version of Shim that's pretty much all you need to care about. ... [More] The physically-present end user has had to explicitly install new keys or hashes, and that means that you no longer need to care about Microsoft's security policies or (assuming there's no exploitable flaws in the bootloader itself) fear any kind of revocation.
But what about if you're a distribution that cares about booting without the user having to install keys? There's several reasons to want that (convenience for naive users, ability to netboot, that kind of thing), but it has the downside that your system can now be used as an attack vector against other operating systems. Do you care about that? It depends how you weigh the risks. First, someone would have to use your system to attack another. Second, Microsoft would have to care enough to revoke your signature. The first hasn't happened yet, so we have no real idea how likely the second is. However, it doesn't seem awfully unlikely that Microsoft would be willing to revoke a distribution signature if that distribution were being used to attack Windows.
How do you avoid that scenario? There's various bits of security work you need to do, but one of them is to require that all your kernel modules be signed. That's easy for the modules in the distribution, since you just sign them all before shipping them. But how about third party modules? There's three main options here:
Don't support third party modules on Secure Boot systemsHave the distribution sign the modulesHave the vendor sign the modules
The first option is easy, but not likely to please users. Or hardware vendors. Not ideal.
The second option is irritating for a bunch of reasons, and a pretty significant one is license-related. If you sign a module, does that mean you're endorsing it in some way? Does signing the nvidia driver mean that you think there's no license concerns? Even ignoring that, how do you decide whose drivers to sign? We can probably assume that companies like AMD and nvidia are fairly reputable, but how about Honest John's Driver Emporium? Verifying someone's identity is astonishingly expensive to do a good job of yourself, and not hugely cheaper if you farm it out to a third party. It's also irritating for the driver vendor, who needs a separate signature for every distribution they support. So, while possible, this isn't an attractive solution.
The third option pushes the responsibility out to other people, and it's always nice to get other people to do work instead of you. The problem then is deciding whose keys you trust. You can push that off to the user, but it's not the friendliest solution. The alternative is to trust any keys that are signed with a trusted key. But what is a trusted key? Having the distribution sign keys just pushes us back to option (2) - you need to verify everyone's identity, and they need a separate signing key for every distribution they support. In an ideal world, there'd be a key that we already trust and which is owned by someone willing to sign things with it.
The good news is that such a key exists. The bad news is that it's owned by Microsoft.
The recent discussion on LKML was about a patchset that allowed the kernel to install new keys if they were inside a PE/COFF binary signed by a trusted key. It's worth emphasising that this patchset doesn't change the set of keys that the kernel trusts - the kernel trusts keys that are installed in your system firmware, so if your system firmware trusts the Microsoft key then your kernel already trusts the Microsoft key. The reasoning here is pretty straightforward. If your firmware trusts things signed by Microsoft, and if a bad person can get things signed by Microsoft, the bad person can already give you a package containing a backdoored bootloader. Letting them sign kernel modules doesn't alter the power they already have over your system. Microsoft will sign PE/COFF binaries, so a vendor would just have to sign up with Microsoft, pay $99 to Symantec to get their ID verified, wrap their key in a PE/COFF binary and then get it signed by Microsoft. The kernel would see that this object was signed by a trusted key and extract and install the key.
Linus is, to put it mildly, unenthusiastic about this idea. It adds some extra complexity to the kernel in the form of a binary parser that would only be used to load keys from userspace, and the kernel already has an interface for that in the form of X509 certificates. The problem we have is that Microsoft won't sign X509 certificates, and there's no way to turn a PE/COFF signature into an X509 signature. Someone would have to re-sign the keys, which starts getting us back to option (2). One way around this would be to have an automated service that accepts PE/COFF objects, verifies that they're signed by Microsoft, extracts the key, re-signs it with a new private key and spits out an X509 certificate. That avoids having to add any new code to the kernel, but it means that there would have to be someone to run that service and it means that their public key would have to be trusted by the kernel by default.
Who would that third party be? The logical choice might be the Linux Foundation, but since we have members of the Linux Foundation Technical Advisory Board saying that they think module signing is unnecessary and that there's no real risk of revocation, it doesn't seem likely that they'll be enthusiastic. A distribution could do it, but there'd be arguments about putting one distribution in a more privileged position than others. So far, nobody's stood up to do this.
A possible outcome is that the distributions who care about signed modules will all just carry this patchset anyway, and the ones who don't won't. That's probably going to be interpreted by many as giving too much responsibility to Microsoft, but it's worth emphasising that these patches change nothing in that respect - if your firmware trusts Microsoft, you already trust Microsoft. If your firmware doesn't trust Microsoft, these patches will not cause your kernel to trust Microsoft. If you've set up your own chain of trust instead, anything signed by Microsoft will be rejected.
What's next? It wouldn't surprise me too much if nothing happens until someone demonstrates how to use a signed Linux system to attack Windows. Microsoft's response to that will probably determine whether anyone ends up caring.
Posted about 1 year ago
Can't believe am almost done with three quarters of my internship, wow! it's rather sad to think about not being mentored after the internship. I have really enjoyed the time spent in writing the help, learning new things every single ... [More] day!
We are going to start mergin to master today onwards, yep! GNOME Terminal help will be there for you to check via master :D w00t!
Keep an eye here ;) [Less]
Posted about 1 year ago
Who needs borders and local regulations when you have internet? The answer to this question is why I like Bitcoin so much. It is a trully decentralized currency.
But Bitcoin has some major issues, something which was covered by ... [More] Rick Falkvinge on his blog.
The first problem that hits any Bitcoin user is usability. Using Bitcoin is complicated and cumbersome. You can’t send a simple payment with a comment to someone without asking him first to create a dedicated Bitcoin address. You have to care about making a secure backup of your wallet. This makes things nearly impossible to use for a huge percentage of the population.
The second problem is trust: how do you know that the Bitcoin address is valid and was not replaced through a man-in-the-middle attack? How do you know that you will well receive the goods or the service? Sure, many escrow services appeared but they make a Bitcoin transaction even more cumbersome.
The third problem is the power of the exchanges. The whole Bitcoin economy runs with only a handful of Bitcoin exchange services, MtGox being the bigger. This de-facto centralisation is a big weakness for Bitcoin. MtGox has the power to control the price. If MtGox has any problem, the whole value plummets.
Last but not least, people have to trust bitcoins. Except when Internet Archives offers its employees to receive a Bitcoin salary, most services accepting bitcoins are in fact converting them immediately to dollars/euros. It means that Bitcoin is seen as a transport, not a currency.
I even drafted a proposed solution as a Bitcoin-banking decentralized protocol. Recently a quite old project called Ripple surfaced and brought the idea to a whole new level: what if every one of us was a bank and we decide who we trust and at what level.
Remember when you go on a trip with a bunch of friends. Everybody pays for some stuff and, at the end, you try to equilibrate the balance. It was a nightmare until you discovered Tricount. Well, Ripple is basically a decentralised Tricount at the scale of the internet. We are 7 billions friends on the same trip. We pay for each other, we owe some people money and that’s it.
The beauty of it is that it solves all Bitcoin’s hurdles as long as there are enough people in the network. It is easy, decentralized. It will also make money exchanges completely obsoletes. It has the potential to create a true P2P economy.
Now, it is only a proof of concept. Firstly, if the client is opensource, the server is not (yet). And that’s a problem because there’s no competition to ripple.com at the moment. It means it is hugely centralised.
Also, you still have to exchange weird addresses like rKXFsg5EuG4BzLxdTBFXJq2a6iNfyx1hRX (this is my actual Ripple address). In order to become popular, Ripple should allow you to directly connect with your Facebook/G+/Twitter friends so you can trust them or send them money. After creating the Ripple wallet, the process is still very mysterious.
Ripple also raises a few questions. Is its own internal money (XRP) making Bitcoin obsolete? Or is Bitcoin going to stay? And what about the Dollar or the Euro? At least, an interesting experiment to follow.
Picture by Lee Haywood
Posted about 1 year ago
Last week, Xamarin announced their Xamarin 2.0 product, which contains Xamarin Studio, a brand new version of MonoDevelop. Miguel describes the impressive amount of work that went into Xamarin Studio in his blog post The Making of Xamarin Studio. ... [More] Xamarin Studio is written in C# and for a large part relies on GTK+ 2.x to make the product cross platform, shipping versions for Mac OS X and Windows, but Xamarin Studio should also run just fine on Linux. As an addition to Miguel’s blog post, I will describe some of the interesting work that we have done under the hood in our ongoing collaboration with Xamarin.
At Lanedo, we have been working with Xamarin for the last 1,5 years to improve the GTK+ stack on the Mac OS X and Windows platforms. This work was based on the GTK+ 2.x stack, because MonoDevelop is a GTK+ 2.x application. We have made an effort to upstream all fixes and improvements that were suitable to be committed in the upstream projects. Where possible, fixes have also been merged into the GTK+ 3.x branch. Furthermore, we have helped with the implementation of the gorgeous GTK+ theme (available in the xamarin-gtk-theme module on GitHub) that is used in the product and makes Xamarin Studio look like a native application, and not look completely out of place on Mac OS X or Windows like GTK+ applications typically do. In my opinion, the approach that Xamarin has taken for theming will be useful for many other GTK+ applications running on Mac OS X as well.
Most of the work we have done was under the hood, but that does not make it less interesting. Some of the things we have worked on are:
Many, many annoying interaction problems and crasher bugs with GTK+ on Mac OS X have been fixed. Such as non-working tree view expanders, broken key navigation, issues with window resizing, and gaps in clipboard support.
Keyboard fixes for Mac OS X: everything with respect to keyboard modifiers and key mapping has been reviewed, several problems with typing dead accents, keyboard accelerators, etc., have been resolved.
The GTK+ "testtext" test rendering glyphs from different scripts using CoreText, but through font fallback done in Pango itself.
Xamarin sponsored the work to properly implement font fallbacks in Pango’s CoreText backend. As a result, text involving glyphs from different scripts will now render beautifully on Mac OS X.
gtk-demo with overlaid scrollbars. Though, for full admiration you really have to see it in person!
We have worked very hard to make scrolling behave as native as possible on Mac OS X. Support for representing "precise deltas" from NSEvents in GdkEvents has been written, which already gives you much smoother scrolling on Apple hardware and support for momentum events (built-in kinetic scrolling).
The next step was to have overlaid scrollbars and rubber banding, like native applications on Mac OS X Lion and higher. To achieve this, we actually place a CALayer on top of the NSView in which the GTK+ application is drawn, and draw the scroll bars in this layer. We have tweaked the event handling so that information about the gesture phase is considered, in order to be able to implement rubber banding. Unfortunately, this code is not in a state such that it can be upstreamed.
Performance problems were uncovered in how GDK handled scrolling on OS X, apparently, much more of the widgets was being redrawn than necessary. These problems have been fixed and upstreamed, and scrolling is now pretty smooth.
Cocoa controls embedded in a GTK+ application using GtkNSView, the web page is shown in a native WebView.
Work has been done on a GtkNSView widget, which allows native Cocoa widgets to be embedded in a GTK+ application. For example, it is possible to embed a native WebKit control in a GTK+ application. Work on this widget is still ongoing in Bug 619155.
Some improvements were made so that GTK+ applications render at higher resolution on Retina displays. This includes work to render stock icons at a higher resolution.
A few Windows problems have been resolved, including a crash with Windows IME, font substitution and other minor problems.
We have very much enjoyed working with Xamarin over the last 1,5 years and are grateful for the large contributions they have made to the involved upstream projects. In my opinion, the GTK+ 2.24 branch is these days in a very good shape for cross platform application development for the Linux, Windows and Mac OS X platforms. The work that has been done has immediately been beneficial for other applications, for example the native GIMP application for Mac OS X has been much improved. These days it is available as a proper application bundle in a DMG installer (due to the work by Clayton Walker) from the main GIMP download page and it works very well!
We look forward to the continued collaboration with Xamarin to further improve the GTK+ stack for use by Xamarin Studio! [Less]
Posted about 1 year ago
R. Eric Collins made this fascinating and alarming movie to visually demonstrate the dramatic decrease in Arctic sea ice happening right now.
"When I was born, in 1979, the minimum summer sea ice extent in the Arctic was about ... [More] 17,000 cubic kilometers. In 2012, it was less than 5,000 cubic kilometers.
The red points show weekly estimates of sea ice volume in the Arctic through time, from 1979 to today. The scale is from 0 to 35,000 cubic kilometers. There is a seasonal expansion of the ice during winter and a shrinking during the summer. There is no evidence for a sea-ice free summer in the past 700,000 years of Earth history. The next one is predicted to take place in the next 5-30 years.
Sea ice volume estimates by PIOMAS show a long-term decline in sea ice volume in the Arctic. The summer sea ice minimum now contains only 20–30% of the ice volume observed in the last 1970′s.
This phenomenon has been termed the “Arctic Sea Ice Death Spiral” and is directly related to anthropogenic greenhouse warming of the atmosphere.
It is possible that the Arctic has reached an irreversible “tipping point” from which it cannot recover the lost ice."
Read more and comment at the original source. [Less]