English

I think this needs no text.

Channel 4, a UK television channel, has a new series called IT Crowd. As they are very modern and as the series is about an IT company, they may have thought:
»We've heard of this bleeding-edge thing called internet. Maybe we should do something about that.«

And here is what they did: They provided an obscure mix of javascript and flash to play an embedded wmv-file (which doesn't work in my konqueror, although I have the appropriate plugins installed). Julian wrote about it and was able to extract the download URL. WMV9, so no chance without win32codecs atm.

More and more tv stations provide some stuff online and this is really fine. It could be more, it could be better quality, there should be more free licensed stuff etc., but still, it's a step in the right direction. But hey, providing proprietary file formats embedded in proprietary is not how the web should look like in 2006. RSS-Feeds are made for stuff like that. Why can't they just use them? We have a bunch of formats that can at least be played on nearly every platform (and, not to forget that I'd always prefer an mpeg/patent-free format like ogg theora).

Sidenote: Recently I wrote to the german tv magazine Monitor, that provides it's files as real-streams, why they couldn't provide RSS with other formats. Their answer was that it's due to copyright reasons so people cannot download the files ...

... with their Internet Explorer. If you come over an rtsp/mms/whatever-stream and want to download it, mplayer is your friend. mplayer -dumpstream [url] fetched every stream I ever wanted to download.

As reported on several news-pages, Firefox is going to implement a »ping« that implements a new »feature« to the link-tag to send a ping out to some URL defined. This has a very bad taste to me.
What I always liked in the free software world was that not every app is sending »something« to »someone« in the net, as it's quite common in Windows apps. I remember on the last days I were using Windows (98) on a regular basis, I had some of those »personal firewalls« installed. Apps that had absolutely nothing to do with the net wanted to connect to their home-server, apps where I've selected »no internet connection« still tried to do »something« online (the last one for example was winamp).

Now, I know that the design of the world wide web is really privacy-unfriendly. Yes, you can filter out a lot of things with stuff like privoxy, but in the end, you have the only possibility to disable everything (javascript, image loading from foreign servers, cookies) and lose the possibility to use a bunch of web-services. The browser can't do much about this, as this is how the web is designed.
But still, I think this firefox »feature« is a big mistake. Especially free software applications should be much more precautious about their users privacy. I can't see a big use of it for the user. But I can think of a bunch of possibilities to misuse it.

We are always crying about the »evil ones«, the spyware-producers out there, just remember the recent buzz about the iTunes-spyware-functionality. That's perfectly right. But in the end, we need to do better in free software to provide an alternative. I hope that the firefox developers re-think about this and remove or at least disable-by-default these website-pings before their next release.

Warning: By following the instructions below, you are probalby replacing some base libs from your system (mesa, glitz). This can and will seriously break your whole system if you don't know what you're doing. You may likely face other problems than I, so be prepared to play around yourself if you try this.

Ok, now for the fun part. Xgl is some experimental code for the next generation of X systems, with rendering completely done in OpenGL. Recently, David Reveman presented some major updates of the xgl-code. The instructions should be generic so you can do this on any distribution, however if you're using Gentoo, it'll be much easier, because you can get my xgl-overlay containing ebuilds for everything you need (get xgl-overlay-xxxx.tar.bz2 from here, I'll put up updated versions if neccessary). Non-Gentooers should also fetch this tarball, cause it contains all patches you'll need to follow the instructions.
I did this with an ATI Radeon 9200, till now this only works with the proprietary drivers from ATI or Nvidia. I haven't tried this with Nvidia, but it should work mostly the same way.

1. First you need a system based on the modular X version, that means Xorg 7.0. Gentoo users read this, others don't ask me, ask your distribution.
2. Now configure your X to use the fglrx-driver (ATI owners) or the nvidia-driver with Direct Rendering activated (check with glxinfo). I'm not going into detail, there are enough instructions for that out there.
3. Get a cvs-version of glitz and replace your local glitz-installation with it (Gentooers: use ebuild from overlay). I didn't face any problems with my normal system by doing this, but this may differ.
4. Get a cvs-version of mesa. David Reveman has posted some patches with the xgl-release you'll need to apply (mesa-glx-x11-get-drawable-attribs-fix-1.diff, mesa-glx-x11-render-texture-5.diff, r200-copy-pixels-1.patch). The render-texture-Patch needs some constants that were nowhere defined on my system. I've written an ugly workaround (mesa-glx-x11-glxproto-defines.diff), this is probably not the correct/nice way to do, but at least it works. After applying those four patches, compile and install. Gentooers use my ebuild as before, it already contains all patches. As with glitz, I had no problems with my normal system using mesa-cvs, but don't count on this.
5. Fetch the kdrive/xserver-cvs. Configure with
   ./configure --enable-xglserver --enable-glx --with-mesa-source=[point to your mesa-cvs-tree]
   Gentooers use the xgl-ebuild (This contains some ugly hack for the Mesa-cvs-tree, which assumes that you've built mesa before and the mesa-cvs lays in your distfiles. Better solutions welcome.)
6. Get glxcompmgr from xorg cvs. autogen.sh failed for me due to an error in plugins/Makefile.am, apply my patch (glxcompmgr-makefile-am-fix.diff). Gentooers use the ebuild ;-)
7. Now, you've everything installed. You can now start
   Xgl :1 -ac -accel xv:pbuffer -accel glx:pbuffer (ATI users)
   or
   Xgl :1 -ac -accel xv -accel glx:pbuffer (Nvidia users)
8. Now start some apps in it. My experiences was it crashes less often with Gnome stuff, konsole and xterm completely crashed xgl. I managed to run complete gnome and kde-sessions. glxcompmgr doesn't really work with some windowmanagers (e.g. icewm), but kwin and metacity at least work. To start something inside the xgl, do something like:
   DISPLAY=:1 metacity
9. Now for glxcompmgr. This is a bit complicated, because you'll need to run glxcompmgr with the libGL from mesa/xorg, while your xserver and the xgl running on it need the libGL from the proprietary driver. Suggestion is running a terminal with LD_LIBRARY_PATH, e.g.
   LD_LIBRARY_PATH=/usr/lib/opengl/xorg-x11/lib/ DISPLAY=:1 gnome-terminal
   Then, inside xgl and the terminal, you can check with glxinfo if GLX_MESA_render_texture is listed in GLX extensions. It is not enough if it's only listed on server glx extensions! If this is the case, you probably didn't point it to mesa-libGL correctly.
10. Now run glxcompmgr, e.g. with the wobbly and shadow plugin.
    glxcompmgr wobbly shadow
    glxcompmgr contains a bunch of more plugins, but most of them I failed to figure out how to start the actual effect (e. g. cube). Play around with it, have fun.

Problems so far:

• Crashes all the time.
• Keyboard sometimes doesn't work, not deterministic.
• Most effects (e. g. cube, expose, zoom) not running yet.

Update:
I just found a problem some people had according to a portage bug. I've put a fixed portage-ebuild into the overlay (this may lead to problems if portage-devs decide to release an update called 2.1_pre3-r2).

What you can see here is my first screenshot running xgl with glxcompmgr and the wobbling windows effect. Yes, it's not really smooth, gimp couldn't manage to take a real screenshot (in reality, there were no such glitches). This effect looks very similar to the luminocity-one I presented some months ago, but that was the only effect I was able to run.
So you really want to know how I managed to get this running? Well, the short version: Created a bunch of cvs-ebuilds (glitz, mesa, xgl, glxcompmgr), added patches, patched around myself, did some strange thing with my libGL, ...
Long version, together with portage-overlay, will follow tomorrow, now I'll go asleep ;-)

Today I held a talk about »Technical defense against surveillance« on an event with rather non-technical visitors.

I noticed that we still really have a lot of problems when providing easy-to-use security.

Things like "yes, you can do gpg with jabber, but only with a few clients, there's also another thing called otr, that's better from a cryptographic point of view but it is not based on the gpg-key-infrastructure and it's also only supported by some (other) clients" are really horrible to say if you always fear that nobody understands you.

A short list of things that came me to mind:
- I found no easy way on encrypting partitions with linux. Maybe I missed something, but I googled for it, tried it in ubuntu, found nothing. Had to tell them "there are some console-apps, dm-crypt, cryptsetup, etc.".
- Apps should enable ssl by default. Servers should forbid login without ssl. No more pop3, smtp, imap, jabber, webmail, whatever-web-login without ssl-encryption.
- Jabber should have a standard for encryption, based on gpg, with the cryptographic features of otr.
- We need to get rid of all unsecure algorithms (MD5, SHA1, RSA/DSA/ElGamal with 1024 bit) by default (yes, I know I said this hundred times before). GPG still creates 1024bit DSA-keys.
- Things like tor could be integrated into distributions, to be enabled by a click or similar.

Just some random ideas. It is possible to create much more secure systems. We just need to do it.

(And to not only cry, I hope I'll find some time and motivation to push some of the things I suggested in the near future)