Gentoo

Warning: By following the instructions below, you are probalby replacing some base libs from your system (mesa, glitz). This can and will seriously break your whole system if you don't know what you're doing. You may likely face other problems than I, so be prepared to play around yourself if you try this.

Ok, now for the fun part. Xgl is some experimental code for the next generation of X systems, with rendering completely done in OpenGL. Recently, David Reveman presented some major updates of the xgl-code. The instructions should be generic so you can do this on any distribution, however if you're using Gentoo, it'll be much easier, because you can get my xgl-overlay containing ebuilds for everything you need (get xgl-overlay-xxxx.tar.bz2 from here, I'll put up updated versions if neccessary). Non-Gentooers should also fetch this tarball, cause it contains all patches you'll need to follow the instructions.
I did this with an ATI Radeon 9200, till now this only works with the proprietary drivers from ATI or Nvidia. I haven't tried this with Nvidia, but it should work mostly the same way.

1. First you need a system based on the modular X version, that means Xorg 7.0. Gentoo users read this, others don't ask me, ask your distribution.
2. Now configure your X to use the fglrx-driver (ATI owners) or the nvidia-driver with Direct Rendering activated (check with glxinfo). I'm not going into detail, there are enough instructions for that out there.
3. Get a cvs-version of glitz and replace your local glitz-installation with it (Gentooers: use ebuild from overlay). I didn't face any problems with my normal system by doing this, but this may differ.
4. Get a cvs-version of mesa. David Reveman has posted some patches with the xgl-release you'll need to apply (mesa-glx-x11-get-drawable-attribs-fix-1.diff, mesa-glx-x11-render-texture-5.diff, r200-copy-pixels-1.patch). The render-texture-Patch needs some constants that were nowhere defined on my system. I've written an ugly workaround (mesa-glx-x11-glxproto-defines.diff), this is probably not the correct/nice way to do, but at least it works. After applying those four patches, compile and install. Gentooers use my ebuild as before, it already contains all patches. As with glitz, I had no problems with my normal system using mesa-cvs, but don't count on this.
5. Fetch the kdrive/xserver-cvs. Configure with
   ./configure --enable-xglserver --enable-glx --with-mesa-source=[point to your mesa-cvs-tree]
   Gentooers use the xgl-ebuild (This contains some ugly hack for the Mesa-cvs-tree, which assumes that you've built mesa before and the mesa-cvs lays in your distfiles. Better solutions welcome.)
6. Get glxcompmgr from xorg cvs. autogen.sh failed for me due to an error in plugins/Makefile.am, apply my patch (glxcompmgr-makefile-am-fix.diff). Gentooers use the ebuild ;-)
7. Now, you've everything installed. You can now start
   Xgl :1 -ac -accel xv:pbuffer -accel glx:pbuffer (ATI users)
   or
   Xgl :1 -ac -accel xv -accel glx:pbuffer (Nvidia users)
8. Now start some apps in it. My experiences was it crashes less often with Gnome stuff, konsole and xterm completely crashed xgl. I managed to run complete gnome and kde-sessions. glxcompmgr doesn't really work with some windowmanagers (e.g. icewm), but kwin and metacity at least work. To start something inside the xgl, do something like:
   DISPLAY=:1 metacity
9. Now for glxcompmgr. This is a bit complicated, because you'll need to run glxcompmgr with the libGL from mesa/xorg, while your xserver and the xgl running on it need the libGL from the proprietary driver. Suggestion is running a terminal with LD_LIBRARY_PATH, e.g.
   LD_LIBRARY_PATH=/usr/lib/opengl/xorg-x11/lib/ DISPLAY=:1 gnome-terminal
   Then, inside xgl and the terminal, you can check with glxinfo if GLX_MESA_render_texture is listed in GLX extensions. It is not enough if it's only listed on server glx extensions! If this is the case, you probably didn't point it to mesa-libGL correctly.
10. Now run glxcompmgr, e.g. with the wobbly and shadow plugin.
    glxcompmgr wobbly shadow
    glxcompmgr contains a bunch of more plugins, but most of them I failed to figure out how to start the actual effect (e. g. cube). Play around with it, have fun.

Problems so far:

• Crashes all the time.
• Keyboard sometimes doesn't work, not deterministic.
• Most effects (e. g. cube, expose, zoom) not running yet.

Update:
I just found a problem some people had according to a portage bug. I've put a fixed portage-ebuild into the overlay (this may lead to problems if portage-devs decide to release an update called 2.1_pre3-r2).

What you can see here is my first screenshot running xgl with glxcompmgr and the wobbling windows effect. Yes, it's not really smooth, gimp couldn't manage to take a real screenshot (in reality, there were no such glitches). This effect looks very similar to the luminocity-one I presented some months ago, but that was the only effect I was able to run.
So you really want to know how I managed to get this running? Well, the short version: Created a bunch of cvs-ebuilds (glitz, mesa, xgl, glxcompmgr), added patches, patched around myself, did some strange thing with my libGL, ...
Long version, together with portage-overlay, will follow tomorrow, now I'll go asleep ;-)

Today I held a talk about »Technical defense against surveillance« on an event with rather non-technical visitors.

I noticed that we still really have a lot of problems when providing easy-to-use security.

Things like "yes, you can do gpg with jabber, but only with a few clients, there's also another thing called otr, that's better from a cryptographic point of view but it is not based on the gpg-key-infrastructure and it's also only supported by some (other) clients" are really horrible to say if you always fear that nobody understands you.

A short list of things that came me to mind:
- I found no easy way on encrypting partitions with linux. Maybe I missed something, but I googled for it, tried it in ubuntu, found nothing. Had to tell them "there are some console-apps, dm-crypt, cryptsetup, etc.".
- Apps should enable ssl by default. Servers should forbid login without ssl. No more pop3, smtp, imap, jabber, webmail, whatever-web-login without ssl-encryption.
- Jabber should have a standard for encryption, based on gpg, with the cryptographic features of otr.
- We need to get rid of all unsecure algorithms (MD5, SHA1, RSA/DSA/ElGamal with 1024 bit) by default (yes, I know I said this hundred times before). GPG still creates 1024bit DSA-keys.
- Things like tor could be integrated into distributions, to be enabled by a click or similar.

Just some random ideas. It is possible to create much more secure systems. We just need to do it.

(And to not only cry, I hope I'll find some time and motivation to push some of the things I suggested in the near future)