Category Archives: Blog

2012.1.1 Desperado Reloaded released

Late last night  we released Desperado Reloaded, just a week ahead of the freeze for Debian 7. The Release Note has all the details. Downloads are available from our mirrors or as Torrent.

As for the near future: We will use the time to break some toys to rebuild them.

  • The way the art packages are built and integrated needs a complete overhaul. It’s too complicated and error-prone.
  • Instead of building releases from the Debian mirrors directly, we will establish a repository mirror to give us some more resilience at release time.
  • Besides that we will look into Jenkins for automated package/iso-building and regression testing to further streamline our infrastructure.

Desperado Reloaded

We had a (belated) core team meeting last night. We mainly had 2 topics:

  • a fix-release for 2012.1 Desperado
  • the permanent absence of 2 core team members

The fix-release will happen on the evening of Sun, 2012-06-24 (if sid lets us). This fix release will bring KDE SC 4.8.4-x in the same complete set as it will go into Wheezy. With the freeze for the release of Wheezy starting on 2012-06-30, we want to use the time to upgrade to this packageset, as the one on 2012.1 Desperado was a very basic one. Besides that our  KDE SC image will default to Sqlite for use with akonadi instead of requiring mysql. Minor fixes to LXDE and XFCE complete the fix-release named 2012.1.1 Desperado Reloaded.

The 2nd major topic was to vote on what to do on behalf of 2 Core Team members, who have been absent for a while. The 2 member are vibora and edhunter. It was decided in a vote that both are removed from the core team. The team needs active members who take part at least in meetings and votes. Mute voices block the team because they reduce the number of members, also quorum is a problem. We will work on a policy to deal with that. Our thanks go to vibora and edhunter for the work they have done with siduction and its predecessors. We will fill the 2 empty places on the team soon. There is some candidates already, but more on that when we vote someone in.

Another topic was to set a code freeze 24 hours before a release. Find the log of the meeting, as always, on Chili.


LinuxTag 2012 is over. We had a good time during the 4 days and on the parties at night. Of course a lot of people asked, what the new namechange was all about, but noone was begrudging really. Thanks to the debian and kanotix people for sharing a great booth.

On Friday night we had a little release party at the booth with about 30 attendents, who enjyoed beer, meatballs and a first open build and introduction to our razor-qt release. It was planned that it should be released from there, but we decided to give it some more love and add some eyecandy. So we released it this morning. Downloads are to be found on our mirror site.

Just before LinuxTag 2012 we also did the final release of siduction 12.1 Desperado. Release notes has the details and downloads are also on the mirror site.

Short Core Meeting

We had a short formal meeting tonight to decide, we have to delay our planned RC for 2012.1 for probably 2 days. The reason is that KDE SC does not build today. On the flipside of this we might see KDE SC 4.8.4 in the RC.

Here is a quick sneak preview:

Meeting Notes

We had a short meeting last night. the log is on the wiki, as usual. The most interesting outcome is, that we plan a release 2012.1 Desperado around the 20th of May, shortly before LinuxTag in Berlin. LinuxTag conference itself will see a release of siduction with Razor-Qt Desktop Enviroment, as mentioned before.

Unfortunately for the release, KDE SC 4.8.x will probably not be fully packaged so that we have to rely on KDE SC 4.7.4. Maybe there is a chance for XFCE 4.10 to be included.

Core Meeting and other Ocurrances

Last night we had a Core-Team Meeting. We did not have one for 3 weeks as there was no topics. Last nights topics were:

  • final thoughts on nm integration?
  • reconsidering our release plan?
  • Amazon Affiliate Program ( – objections?
  • razor-qt artwork
  • are we to set up a little http server on our build server for providing iso files and packages for testing purposes more easily?

As for Network manager integration, we decided to release it with XFCE for a start to get a broader picture. It seems most trouble with nm is with KDE.

The release plan was and is, to release before LinuxTag convention (May 23-26). We are waiting for KDE SC 4.8.2 to be available somewhere in a debian repo. We still plan to do a release of Razor-qt, probably as a developement-release outside of our release cycle.

We agreed that we want to use the Amazon Affiliate Program to generate some money. We hope you will order through the link we will provide, if you order from Amazon.

Razor-qt will have it’s separate artwork, as the first release is outside of our release cycle. a first draft by se7en is online.

As for a http server to serve early testers: we will have one, but rather rsynched to another server than on the devbox directly. We think it’s better to keep that box untainted.

In other news, we have a new mirror in Germany at University Stuttgart. the specs are:

Linux and the tenacious 1% myth

Over the years we hear from all kinds of media, that Linux on the desktop is stuck at 1% market share. Even linux related publications carry this myth further, because they have no clue how the data is retrieved and what vital interests are behind this.

I was writing a story about the worldwide domination of the browser Chrome on Sundays, a  phenomena ongoing for about 6 weeks now. So I looked into the ways how data is retrieved by the companies that offer stats for browsers, operating systems and the like. There are big 2 companies in this business. The one that sees Chrome digging fastly into IE territory on weekends is Statcounter. The other one is Net Applications and sees IE far ahead of Chrome and Linux constantly at 1% for years.

So, how do those companies retrieve their data? Statcounter says it gets the data from ~ 3 million watched websites. Net Applications uses only 40,000 Websites to brew up their graphs. How is that? Net Applications watches the pages of its customers, that pay for the service. Two of the biggest customers to Net Applications are Microsoft and Apple. Rings a bell? Customers of Net Applications are not typicaly linux-affine, hence the 1%. For Microsoft this is a perfect setting, as they get the data that fits into their marketing strategy along the lines of: Linux on the desktop is irrelevant and will fade away.

Looking for more fitting numbers, one can look at Wikimedia statistics, which has Linux by itself at 1.6 percent and, Linux kernel based systems at 4.9 percent. Statcounter sees Linux in Germany at around 2 percent and steadily growing. The only use for the Net Application numbers that i can see is, to compare them to themselves over time. Even then there is not much, that varies the 1% graph. In no way do they give the real picture on their own.

Upgrade to ChiliProject 3.1.0

We have upgraded our installation to ChiliProject 3.1.0. Our congratulations go to the people behind ChiliProject.

In short a cite from their release announce:

ChiliProject 3.1.0 includes some new features and bugfixes for ChiliProject 3.0.0 as well as some critical security fixes. It is suitable for use on production websites and we recommend that all users download the release as soon as possible.

What’s included

3.1.0 includes 20 bug fixes including one security fix and 5 new features for 3.0.0.

The security fix addresses several the mass assignment vulnerabilities in ChiliProject. These allowed users to write certain pieces of data which they should not have been allowed to. However users could not grant themselves access to data they can’t normally access. It was also not possible for non-admins to grant users additional rights.

All of the vulnerabilities existed since the start of the project, most going back to the beginning of Redmine itself. To further mitigate the issue, we are going to review the controller code and add additional means to prevent mass-assignment vulnerabilities in the future. As these changes require some architectural changes, we will spread them out over the future releases as part of our migration to Rails 3.

More information about the way mass-assignment works in Rails can be found at Michael Hartl’s tech blog.

You can download ChiliProject 3.1.0 here. A full list of changes can be found in the release announce linked above.