Monthly Archives: April 2012

Meeting Notes

We had a short meeting last night. the log is on the wiki, as usual. The most interesting outcome is, that we plan a release 2012.1 Desperado around the 20th of May, shortly before LinuxTag in Berlin. LinuxTag conference itself will see a release of siduction with Razor-Qt Desktop Enviroment, as mentioned before.

Unfortunately for the release, KDE SC 4.8.x will probably not be fully packaged so that we have to rely on KDE SC 4.7.4. Maybe there is a chance for XFCE 4.10 to be included.

Core Meeting and other Ocurrances

Last night we had a Core-Team Meeting. We did not have one for 3 weeks as there was no topics. Last nights topics were:

  • final thoughts on nm integration?
  • reconsidering our release plan?
  • Amazon Affiliate Program (https://partnernet.amazon.de/) – objections?
  • razor-qt artwork
  • are we to set up a little http server on our build server for providing iso files and packages for testing purposes more easily?

As for Network manager integration, we decided to release it with XFCE for a start to get a broader picture. It seems most trouble with nm is with KDE.

The release plan was and is, to release before LinuxTag convention (May 23-26). We are waiting for KDE SC 4.8.2 to be available somewhere in a debian repo. We still plan to do a release of Razor-qt, probably as a developement-release outside of our release cycle.

We agreed that we want to use the Amazon Affiliate Program to generate some money. We hope you will order through the link we will provide, if you order from Amazon.

Razor-qt will have it’s separate artwork, as the first release is outside of our release cycle. a first draft by se7en is online.

As for a http server to serve early testers: we will have one, but rather rsynched to another server than on the devbox directly. We think it’s better to keep that box untainted.

In other news, we have a new mirror in Germany at University Stuttgart. the specs are:

Linux and the tenacious 1% myth

Over the years we hear from all kinds of media, that Linux on the desktop is stuck at 1% market share. Even linux related publications carry this myth further, because they have no clue how the data is retrieved and what vital interests are behind this.

I was writing a story about the worldwide domination of the browser Chrome on Sundays, a  phenomena ongoing for about 6 weeks now. So I looked into the ways how data is retrieved by the companies that offer stats for browsers, operating systems and the like. There are big 2 companies in this business. The one that sees Chrome digging fastly into IE territory on weekends is Statcounter. The other one is Net Applications and sees IE far ahead of Chrome and Linux constantly at 1% for years.

So, how do those companies retrieve their data? Statcounter says it gets the data from ~ 3 million watched websites. Net Applications uses only 40,000 Websites to brew up their graphs. How is that? Net Applications watches the pages of its customers, that pay for the service. Two of the biggest customers to Net Applications are Microsoft and Apple. Rings a bell? Customers of Net Applications are not typicaly linux-affine, hence the 1%. For Microsoft this is a perfect setting, as they get the data that fits into their marketing strategy along the lines of: Linux on the desktop is irrelevant and will fade away.

Looking for more fitting numbers, one can look at Wikimedia statistics, which has Linux by itself at 1.6 percent and, Linux kernel based systems at 4.9 percent. Statcounter sees Linux in Germany at around 2 percent and steadily growing. The only use for the Net Application numbers that i can see is, to compare them to themselves over time. Even then there is not much, that varies the 1% graph. In no way do they give the real picture on their own.

Upgrade to ChiliProject 3.1.0

We have upgraded our installation to ChiliProject 3.1.0. Our congratulations go to the people behind ChiliProject.

In short a cite from their release announce:

ChiliProject 3.1.0 includes some new features and bugfixes for ChiliProject 3.0.0 as well as some critical security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

What’s included

3.1.0 includes 20 bug fixes including one security fix and 5 new features for 3.0.0.

The security fix addresses several the mass assignment vulnerabilities in ChiliProject. These allowed users to write certain pieces of data which they should not have been allowed to. However users could not grant themselves access to data they can’t normally access. It was also not possible for non-admins to grant users additional rights.

All of the vulnerabilities existed since the start of the project, most going back to the beginning of Redmine itself. To further mitigate the issue, we are going to review the controller code and add additional means to prevent mass-assignment vulnerabilities in the future. As these changes require some architectural changes, we will spread them out over the future releases as part of our migration to Rails 3.

More information about the way mass-assignment works in Rails can be found at Michael Hartl’s tech blog.

You can download ChiliProject 3.1.0 here. A full list of changes can be found in the release announce linked above.