In preparation for several upcoming high power rocket launches, I've spent some time over the last two weeks building up several more TeleMetrum boards. Five new ones, in fact, serial numbers 7 through 11. The first four are fully-loaded normal boards, the last one has a 100 gee accelerometer installed instead of the normal 50 gee part.

While I haven't yet tested 100% of the functionality on all five, I'm definitely getting better at loading and reflow soldering these boards. I found exactly one soldering defect, a bridge between two pins on the cc1111 noticed during initial visual inspection which was easily removed, and all five flashed and passed initial tests on the first try!

I also retrieved one of the OLPC XO machines from my son and loaded it up with Debian for the XO, then upgraded it to unstable so that I can use it as a ground station for receiving telemetry. Having a small machine with long battery life and a screen that is readable in direct sunlight should be a huge win!

Now that I care about having working AltOS bits on more than one machine, I took some time today and created a Debian package. In the process, as I stumbled over various issues, Keith was quick to jump in and help... as were fellow Debian developers on IRC. We now have a "lintian clean" package that's easily maintainable from our shared git repository, and yes, we even have man pages for all the utilities!

A special note for folks near Colorado. Weather permitting, this Sunday morning the 23rd of August, I'm planning to "drag race" my big Goblin airframe against Jason Chamberlin's similarly-sized Polecat Fat Man on long-burning Aerotech M650W motors at Chili Blaster. Even for those of us who fly high power model rockets every chance we get, a drag-race between 10-inch airframes on long-burning M motors is a special event. If you've never seen rockets like this fly, and/or would like to see a TeleMetrum board in action, this would be a great time to come hang out with us!

I just uploaded makedev version 2.3.1-89, the most significant change of which is a move from Debian package priority 'required' to priority 'extra'. I've also filed a suitable bug against ftp.debian.org asking the ftp-masters to do the required bit on their end.

This change was largely motivated by bug #522048, which pointed out that in an era of reliable udev, most Linux users should no longer care about the presence of MAKEDEV. The Debian packaging of the Hurd apparently uses it's own MAKEDEV script, and I understand this change is a non-issue for the BSD porters in Debian as well. Since the makedev package is not marked 'essential', and the package documentation and Debian policy encourage conditional use of the MAKEDEV script, there should be no package changes required as a result of this demotion in priority.

If anyone experiences any undue pain as a result of this change, please let me know.

As already reported, while at Debconf9 this week, I succumbed to peer pressure, and have generated a new 4096-bit RSA key. Doing this was made substantially more pleasant (and certainly a bit more amusing!) by the fact that I was loaned a prototype of the new Simtec Entropy Key to play with.

Can't wait until they're in production and available for sale...

Basically, it's "just" a very high quality hardware random number generator that sits on a USB interface. Associated with this is a small MIT-licensed daemon that gets loaded along with some udev configuration (all in a Debian package in my case), such that any time you plug it in, your system available entropy goes way up and stays up until you unplug it. It really is that easy! My new 4096-bit GPG key generated without perceptable delay, while the one my daughter made at the same time on her similar notebook required lots of mouse wiggling and I/O traffic generation to accumulate enough bits. A dramatic difference, to say the least!

Anything that needs lots of random bits for generating things like session keys will clearly benefit from a device like this. Some systems have other hardware sources of random numbers, but I was impressed by the attention to detail the guys have put into this little widget, and the work they've done to make it integrate so well with Debian.

Very cool.

In recent months, a number of arguments have been made in favor of abandoning use of SHA-1, which I won't rehash here (yes, pun intended!). The practical consequence that matters to me is that many Debian developers are in the process of transitioning to new, stronger gpg keys, and in the process also moving to generate more strongly coded key signatures.

While at Debconf9 this week, I succumbed to peer pressure, and have generated a new 4096-bit RSA key 0xC095D941 which I will henceforth use as my primary key. I note in passing that my previous key 0xF2CF01A8 is just over 10 years old, and thanks largely to my intense business travel in recent years and willingness to engage in key signings everywhere I go, had risen to be one of the world's best connected keys and thus very near the center of the "strong set". Since I have no evidence that this key has been compromised, I have no intention to immediately revoke it, and in fact will continue to sign keys with both my old and new keys for at least a while until my new key establishes itself. In the process of creating and setting up my new key, I stumbled over some issues that I think others should be aware of.

To create a strong key, there are several reasonable recipes, and following one is a good idea. I started with these notes from Ana's blog. Make sure to read the followup comments and follow the suggestion to add the algorithm preferences to the gpg.conf file before creating your new key, so that you don't have to update the preferences manually afterwards. I also learned a lot by reading about using multiple subkeys here... while the document says it's out of date, most of the important bits are still completely accurate. With these two documents, and a little man page review, creating my shiny new key was pretty easy.

For quite some time, I've been exclusively using caff (which stands for "CA - fire and forget") from the PGP Tools repository that ends up as the signing-party package in Debian to do all my key signing. Unfortunately it has a bug or feature relating to the use of a distinct home for gpg within the ~/.caff directory such that new options added to my normal ~/.gnupg/gpg.conf file were not noticed by caff! So even though I moved to a new strong key, I was continuing to generate weak SHA-1 signatures with the new key! The fix for this turned out to be simple enough (after burning a half-hour or so figuring out what the problem was!), I just created a symbolic link so that ~/.caff/gnupghome/gpg.conf points to my canonical gpg.conf file, and all was well. Or, almost all...

It bothered me that I had generated weak signatures with my new strong key, so I decided to re-sign the keys I had already signed with my new key so that all the signatures issued with my new strong key are strong signatures. To do this, I used gpg's --edit-key option with gpg warped to point to the caff home to 'delsig' the signatures I'd made to these keys, then used caff with the '--no-download' option to re-sign the keys and re-issue the associated emails. Trolling ~/.caff/keys helped me discover which keys were in the affected set, then I studied the command lines caff was feeding to gpg to see what options I'd need for gpg. Here's an example of the commands required to fix key id 0x2DA8B985:

gpg --homedir=/home/bdale/.caff/gnupghome --secret-keyring /home/bdale/.gnupg/secring.gpg --no-auto-check-trustdb --trust-model=always --edit-key 2DA8B985
caff --no-download 2DA8B985

I haven't fixed all the signatures made this week yet, but I will. Those of you who think I'm just re-sending the same signatures, take note of what's really going on! I understand that adding the new signatures works and you'll end up with my stronger signatures replacing the weak ones.

Hope this helps someone else avoid the frustration I felt while chasing these details down last night late!

In between keeping things going at work and hanging out more than usual with my kids (who are off from school on spring break), I've been trying to help out around the edges with Debian Installer this week. Probably the most significant thing I've done is to provide access to one of my hppa systems so that nightly builds of d-i for hppa can happen. However, trying to help out has finally gotten me to organize "my other rack" in a way that testing stuff like this will be easier in the future.

What I've done is to set up a modest test server with a private subnet behind it. The private subnet now has an APC Masterswitch remotely-controllable power switch, a Cyclades 16-port serial server, and a growing set of target systems representing different Debian architectures. The server provides DHCP and TFTP support for network booting the various target systems, my evolving conserver configuration makes it possible to access serial consoles on each target system, and the Masterswitch makes it possible to power cycle the target systems remotely. There's a bit of security work yet to do before I allow anyone else to play, but my intent is to allow other folks working on debian-installer to also have access to this lashup for remote testing of some of the less-readily-available system architectures...

My only gripe is that conserver is in non-free. I'm not entirely sure why, though, since the licensing appears at first glance to be a mixture of BSD-like with and without advertising clauses. Time to email the maintainer and ask...

People keep asking me about the beard thing... Here's my take on what happened and why.

Just before I left for LCA 2009, my wife offered to send along one of the limited edition prints of her award-winning waterfall photograph. She knew from prior years that the LCA organizers often host an auction or raffle to raise money for some worthy charity at the conference banquet. Since the photo was taken at Milford Sound on the way to last year's LCA in Melbourne, there was a connection between the photo and LCA. We had no idea what this year's charity might be, nor did we anticipate that her photo would become the centerpiece of the evening's fund-raising activities.

The charity selected this year was an organization that is trying to save the Tasmanian Devil from extinction. Professor Hamish McCallum, the chief scientist with the program, gave a talk after dinner and before the auction began. The native population is suffering from a fatal facial tumor disease that results in horrible lesions, and is likely to kill off all the Devils within a decade or three. My family and I all have a strong love of nature, and Karen and I had the pleasure of touring Tasmania after LCA 2003 in Perth, so this seemed like a great charity to raise money for with her photo.

As often happens at LCA, the auction and related fund-raising activities got complicated. This year, the photo alone was bid up to $2500 (which was very cool!), before people started offering things for higher bids. For years, going maybe as far back as Perth, I've been cajoled about shaving my beard if the bidding hit some level, and have always said no. This year, someone offered $5000 if I would shave my beard, and again I said no. Much later, after more cajoling and many counter offers, when the bids and various matching offers had us approaching $20,000 in total donation to the charity, I relented and announced that if we hit a total of $25,000 going to the charity I would consent to a shave. The resulting frenzy, including the suggestion that if it went high enough Linus should do the shaving, and the formation of a bidding consortium that kept raising more money and bidding against itself, was completely unexpected! Others have tried to capture details of the insanity, but the bottom line is that by the end of the evening, the total had blown way past anything we could have imagined, and by the end of the conference the total going to the charity was on the order of $40,000!

Why did I agree to let Linus shave my beard? To be honest, I'm not entirely certain. I only had one beer that evening, so I can't blame intoxication. The fact that it would yield a worthy charity something over 10 times what my wife's photo alone had drawn as a maximum bid seemed significant to me. In hindsight, I also think I was at least a little bit curious to see what my face looked like after having a beard since sometime around September of 1982! In any case, I made the offer, insane amounts of money were raised, and on the last day of the conference, over the lunch hour, Linus took trimmers in hand and removed my beard in front of an audience.

The reactions have been completely overwhelming. A local TV station and a local newspaper in Hobart were both there and ran stories. The ripple of mentions in the blogosphere was and is just astounding. There's even a silly Shaving Bdale game created overnight by the "Mad Scientists" at Secret Lab! And from all over the globe, people I do and don't know have been sending emails and finding me on IRC to plead with me to grow my beard again! Right after the shave, my good friend Keith Packard said "Bdale, grow it back!". Before I left Hobart, my wife emailed saying she and the kids hoped I wasn't waiting until I got home to start. Joey Hess blogged a hairy tale about how I'd scarred the minds of young Debian developers. The leader of Debian-RS sent word by email that the group all hoped I would re-grow my beard. And on and on and on... I'm really not used to being the center of so much attention!

Being suddenly without beard felt weird in lots of silly little ways. I was hyper-sensitive to drafts. The feel of cold beverages hitting my upper lip was downright strange. And I kept wanting to scratch what wasn't there! After making faces at myself in the mirror for a while, I decided I really wasn't happy, and do prefer being bearded. So I haven't shaved since Saturday morning in Hobart, and am pretty scruffy looking. My wife said today that I'm "already starting to look like Bdale again".

At the current growth rate, I have high hopes of having at least some facial dignity back by the time I speak at FOSDEM. And no, I won't be shaving my beard off again any time soon...

Yesterday, I closed Debian bug #211765 regarding material under the GLX Public License violating the DFSG.

That's two less open bugs tagged lenny-ignore!

It took me 34 hours elapsed time to get from a hotel in downtown San Francisco to the Hotel Dora in Mar del Plata, a few hours longer than planned. But despite being tired, it seems like a good place, my first meal here was quite pleasant, and I've already had some great conversations with people I didn't know would be here. Hard to ask for much more!

I'm glad someone reminded me that I have two sessions scheduled in the first two days, an SPI BOF and then a keynote on Monday morning. But first, some much-needed sleep!

I've been using git for a while, like it a lot, and finally decided it's time to move all my Debian packaging work over from CVS. After a frustrating few hours trying, I gave up on trying to use git-cvsimport. It generates mangled repositories even for simple packages like sudo. The git-import-dsc tool in the git-buildpackage package works fine as far it goes, but I'd really like to preserve my history. So, after some consultation on IRC, I took a look at parsecvs. It didn't quite work out of the box, either, but looks promising, and the author showed an immediate interest in the problems I'm having and offered to help. So, perhaps I'll be able to use it before long...

In the meantime, a while back I offered to help Gudjon I. Gudjonsson restructure the sdcc packages so that a DFSG compliant version can return to main with a full version under a different package name going in non-free. This is all necessary because some of the assemblers provided in the package have a non-commercial use clause in the license, and there are also license issues with the HTML documentation. I care about this because sdcc is a build dependency for gnuradio, which I maintain for Debian (it uses the 8051 toolchain to build downloadable code for the USRP, etc). While waiting for parsecvs to get some love and attention, I sat down this evening to restructure sdcc and move it to git.

I'm pretty happy with my progress so far, though there's a bit left to do before uploads happen. Gudjon and I decided to use the collab-maint facilities on alioth.debian.org for collaboration, which took me a little head-scratching to figure out, but looks like a perfect fit for our needs. I updated the wiki page about Git on Alioth with a few of my learnings as I went through the process.

Using git branching to handle non-DFSG-compliant upstream sources is pretty obvious, the notes in the git-buildpackage documentation helped. Using pristine-tar to capture the deltas required to regenerate orig.tar.gz files from the git repo is amazingly cool. It's hard to believe how much friendlier the world seems when you don't have to drag a bunch of tarballs around with you to do useful work! And git-buildpackage has suitable options to make using it pretty automatic. Great stuff!

It's likely to be a few days before I can get back to this, finish up, and upload the results of this restructuring work. In the meantime, I'm writing this entry largely to offer my compliments to everyone involved in making git-buildpackage, alioth, and collab-maint work so well. Special thanks to Joey Hess, whose pristine-tar package is another in a long line of absolutely brilliant tools that contribute to making my life easier! I'm going to end up using it a lot.

I just made time to catch up on processing requests for access to LWN.net under the Debian group subscription sponsored by HP.

If you think you were waiting for me, and didn't get some sort of email reply articulating what was wrong or saying you were added, please re-send your request.

If you're a DD and don't know what this is about, you can find details about LWN and how to get added to the Debian group subscription in this message in the Debian mailing list archives.

For what it's worth, there are now 494 DD's subscribed to LWN as part of this group subscription.