Belpic 2.5.9-5
Or, beid 2.5.9-5
Which I uploaded today to Debian Unstable (and to backports.org as 2.5.9-5~bpo1). It contains the fix for #385735, which is filed in ubuntu as their bug 63632. I was going to fix it "soon" (since I have lots of other urgent things to take care of), but then it was pointed out that Ubuntu expects to release edgy near the end of this month, and that they'd like to have this bug fixed there.
When I looked at it on the train, I figured out that I had apparently already fixed the damn bug, just forgot to test and upload. Which is done now, after only half an hour (or so) of work. Whee.
Still TODO: fix #380275. But that's less urgent, so not for today.
Oktober 4th
Today is World Animal Day, celebrating animal life in all its forms, types, and sizes.
Today is also my dad's 60th birthday. Time flies
Whether both of the above are related is debatable.
In any case, dad: happy birthday!
SQL injection vulnerabilities
Via Bruce Schneier:
Michael Sutton apparently did a simple test wherein he found that more than 10% of the sites in his sample were vulnerable to SQL injection.
Interesting.
Go Antwerp, Go!
Yesterday was Election day in Belgium; 318 municipal governments were elected, along with 5 provincial governments (of whom nobody really knows what they do) and in some large cities (such as Antwerp, where I live) also district governments.
One secret hope I had was that the extreme-right Vlaams Belang party would not get any more successful than they already are. The good news is that they in fact didn't. The bad news is that they didn't lose any votes either. They gained .6% (or so) on the 33% that they already had, which basically is a stagnation.
The very good news, however, is that Patrick Janssens, defending mayor of Antwerp, gained a good 16% in votes to arrive at 35%, becoming the largest party of Antwerp. Finally, sanity is beginning to return.
Go Antwerp, Go!
On Firefo^WIceWeasel
Recently there's been some awe in the Free Software and general Linux world from several people over the fact that Debian is dropping Firefox from its distribution, and planning to replace it with GNU IceWeasel.
Personally, I don't see what else the Firefox maintainers should do. While I can understand the Mozilla people's concern over modified (read: possibly trojaned) versions of Firefox and that they need to protect their trademark against abuse, I can't believe that there can't be a better way to handle this than to require review of every patch in the Debian package. After all, packaging a browser requires more than just writing a script that gets it compiled and that gets the compiled stuff in the .deb archive. There is also branding to be done—the Debian firefox package contains a search engine for Debian packages. I doubt this is part of the original firefox source, and there are more things. Additionally, sometimes you may have to change stuff so that it works with the specific quirks of the Debian distribution, or other things.
Finally, in accordance with its published policy on the matter, the Debian distribution also wants to be able to distribute security-patched versions of Firefox after Debian Stable releases; and we want to do that not just by throwing in the new version of Firefox, but by using the older version, patching it so that the security bug (and only the security bug) gets fixed, and releasing that. We can't use the official mozilla.org/mozilla.com source for that, since they cease security support after half a year or so (which is, by far, not enough for Debian); and the discussion in the bug report on the matter does not inspire confidence that we would be allowed to release a security-fixed version of firefox and still call it firefox. The alternative would be to forget about our own security releases and ceding to the braindead mozilla.org/mozilla.com security policy, but I have a pretty public opinion on that one.
So that leaves us with not adhering to their braindead trademark policy, which requires us to choose another name. And as it happens, there already appears to be a piece of software that not only is a forked Firefox, it also drops non-free software from the release, something which Debian has to do anyway. So why not use that instead?
BTW, yes, I did call their trademark policy braindead. No, IANAL. But you don't have to be a lawyer to see that doing something like the way Debian manages its trademark—you're not allowed to call it "official" unless your product is bit-by-bit the same thing as what Debian produces—is sane enough without being a nuisance like the firefox trademark policy.
Dentists...
... are good, because they decrease your pain in the long term.
... are bad, because they increase your pain in the short term.
I'm hungry.
Disk not full anymore
In case you visited planet grep earlier today, you may have noticed something peculiar: the front page being corrupted, or truncated, or not there at all. This had everything to do with a full hard disk in samba.grep.be, the machine that serves Planet Grep. I temporarily shut down the apache process and modified some configuration items so that some caching bits do not use quite as much space as they used to anymore, and we're now back at approximately 10G of free disk space. So we're good for the go again.
Since the planet cache also had gotten corrupted during all this, I nuked it. This revealed that the ISOC people's feed had not been refreshed since quite a while, and that they use an incomplete. As a result, in accordance with my policy, I removed its feed. Also, yesterday the feed for the FOSDEM website has been added—but that only got active today, because of the disk space issues. Oh well.
Thanks, Matthew
I couldn't have said it any better.
FOSDEM 2007
So it's autumn again, which means that the organization of FOSDEM is going to start its work again. I haven't been doing much in the central organization; however, I have been organizing the Debian presence there since 2004.
This year, organizing FOSDEM will have an extra interesting
edge, since they had a rather dramatic disc failure on their webserver
and no backups, meaning, they'll have to build a new website. Apparently
they chose to use Drupal (a project which occasionally was started by
fellow Antwerp developer Dries
Buytaert) rather than reinstalling their homebrewn CMS again.
Anyway. A few weeks back I sent an SMS to the guy who did the Devrooms on FOSDEM side last year, asking whether I could get one for Debian this year, seen how their site was down and that they might've lost my contact information. Yesterday, I received a reply that he wanted an email instead. Fair enough, so I did that immediately. Haven't received a reply or an acknowledgement yet, though; that may not have been unexpected.
In any case, I updated the website, which should be enough for now. Let's see what happens.
Life sucks
mail too
MacOS X "open source"
A few years back, news was buzzing over how Apple was going to make its then-next operating system, MacOS X, to be Open Source. A CVS server was set up, a number of other things were done, and people could actually contribute back code.
Fast forward more than half a decade, I was wondering today why nothing interesting has happened with that code. I mean, sure, there's OpenDarwin, but who's ever heard of someone actually running that? Not me, that's for sure.
So I went and had a look at the OpenDarwin website, trying to figure out what the hell had happened to that. Turns out that (1) according to this article, Apple's mentality to "open source" is actually not very open source at all anymore, and that (2) the OpenDarwin project has shut down by now as a result.
Guess it's too late to try anything remotely similar to "Debian GNU/Darwin" today, then.
Linux 2.6.18 vs NBD
Version 2.6.18 of the kernel contained a small(ish) change to <linux/nbd.h>:
--- nbd.h 2006-10-17 19:53:55.000000000 +0200 +++ /usr/include/linux/nbd.h 2006-09-20 05:42:06.000000000 +0200 @@ -37,19 +37,28 @@ /* userspace doesn't need the nbd_device structure */ #ifdef __KERNEL__ +#include +#include + /* values for flags field */ #define NBD_READ_ONLY 0x0001 #define NBD_WRITE_NOCHK 0x0002 +struct request; + struct nbd_device { int flags; int harderror; /* Code of hard error */ struct socket * sock; struct file * file; /* If == NULL, device is not ready, yet */ int magic; + spinlock_t queue_lock; struct list_head queue_head;/* Requests are added here... */ - struct semaphore tx_lock; + struct request *active_req; + wait_queue_head_t active_wq; + + struct mutex tx_lock; struct gendisk *disk; int blksize; u64 bytesize; @@ -68,11 +77,11 @@ * server. All data are in network byte order. */ struct nbd_request { - u32 magic; - u32 type; /* == READ || == WRITE */ + __be32 magic; + __be32 type; /* == READ || == WRITE */ char handle[8]; - u64 from; - u32 len; + __be64 from; + __be32 len; } #ifdef __GNUC__ __attribute__ ((packed)) @@ -84,8 +93,8 @@ * it has completed an I/O request (or an error occurs). */ struct nbd_reply { - u32 magic; - u32 error; /* 0 = ok, else error */ + __be32 magic; + __be32 error; /* 0 = ok, else error */ char handle[8]; /* handle you got from request */ }; #endif
Which meant that the userland NBD utilities would not build against that anymore. The Debian packages are unaffected (they ship their own nbd.h since they need to build on non-Linux ports, too), but that doesn't mean we can leave it like that.
The first hunk is unimportant, as it's enclosed within an #ifdef __KERNEL__. The others represent an interface change: rather than having u32 and u64, they come with __be32 and __be64. Nothing that can't be fixed with a few #define lines, but still something that had to happen.
So today I released nbd versions 2.7.8 (from the outdated 2.7-branch), 2.8.7 (from the current stable and supported 2.8-branch), and 2.9.0-test3 (from the current development branch) to sourceforge, and released version 1:2.8.7-1 to Debian unstable. I'll probably also release 1:2.9.0-test3-1 to Debian experimental "some time soon", but not just yet.
Apart from the obvious #define lines, the 2.9.0-test3 release also fixes some issues (in contrast to -test2 which was a bit of a crashing horror, -test3 actually works) and has revamped multi-file support. Most of the changes in -test3 (in fact, most likely all of them apart from the #define lines) were done by Phillip Hellewell, whom I owe a beer if I ever see him. Occasionally, the 2.9 line has some extra code and features that aren't available in 2.8, such as configuration file support and the ability to serve multiple block devices from one nbd-server parent process. Check it out if you have a chance and/or are interested.
On top of that, the 1:2.8.7-1 release also contains some fixes in the debconf stuff, that close 3 bugs. Am I cool or what?
Nah.
Wanted: some systray applications
There are a few things that I'd like to have in my fd.o-compatible system tray, but that do not seem to exist at this time (either that, or I haven't been looking too carefully):
- An application to manage my Kerberos tickets. It should display how
much time I have left before the tickets expire, allow me to renew them
with a click on a button, and (optionnally) pop up a window when the
tickets are about to expire.
The ability to log in to kerberos and/or to change my password is nice, but not required (I have PAM set up to do that). - An application that will show me how much battery power I have left, in a PMU-specific way. I'm perfectly aware of the fact that there are a number of applications that can query the battery state on my powerbook by using the PMU driver's APM emulation, but I want to have the extra data that the PMU driver knows about (such as the amount of power I'm burning); that won't be available if I use the APM emulation. Additionally, I hate udev with a vengeance, so it must not use that (or hal, which depends on udev)
Anyone know of such a thing?
Wireless networking
Warning: useless rant follows
Since about two years, my main machine is an Apple Powerbook G4. These come with builtin wireless ("Airport Express"), but for a long time there were no Linux drivers for these things. Instead, I had bought myself a USB wireless thingy; one based on a ZD1211 chipset, for which there is a free driver contributed by the company that designed the chipset. The driver needs non-free firmware, but I don't give a flying **** about that. The unfortunate thing about the driver is that it was written in a style that makes it hard to be accepted by the kernel developers, so that didn't happen. And won't for a while. As a result, the driver sometimes breaks upon kernel upgrade, which is a shame. But when it does work (which unfortunately is not 'now'), it works great; the throughput is about as much as I could expect from my 11M wireless access point.
The alternative now is to use the Airport Express driver. Unfortunately, this driver only exists because some binary-only driver that existed for Linux somewhere was reverse-engineered. As a result, the driver isn't very good; it sometimes crashes on me (in which case the only thing I can do is power down my laptop and boot it up again), and when it does work only has a throughput of about 60kB, at best. Which is not very good (a 10Mbit network can easily reach about 10 times that speed; and yes, I did verify that I'm running at 11Mb/s, not at 1).
I'm very grateful to Zydas for providing a GPL-ed driver for their hardware. If only companies such as nVidia, ATI, and broadcom would give up their crack pipe and behave similarly, then this world would be a much better place. But I'm not grateful to Zydas for just providing a dump of their CVS repository and leaving it at that; getting a driver into the Linux kernel is not that hard, it just takes some persistence. Had they done that, I would've had working wireless now.
Real working.
grmbl.
Update: Seems the situation is better than I thought. It had been a long time since I last tried the bcm43xx driver. Last time I tried it it was a piece of crap; when I tried it a few days ago, it was also a piece of crap. Apparently, though, that was just bad luck, since the driver in 2.6.18 is buggy (but it should be fixed in 2.6.18.1).
And for the Zydas driver, apparently it made it into the kernel mainline while I wasn't looking. Only it doesn't work for me, probably because the hardware is breaking down (if I hold it in a peculiar way, it gets detected as a broken USB1 device rather than a working USB2 device, which is not good...). That, or my access point is playing tricks on me. That wouldn't be the first time, either.
I guess an apology is warranted here. Sorry.
nVidia
I know, I just ranted about it. However, it would seem that the Xorg driver can do more with the video card in my laptop than would appear at first sight. If I plug a VGA monitor to the mini-DVI output of my PowerBook and start X, then the nv(4) driver seems to detect it. Behold the diff:
--- Xorg.0.log.not-connected 2006-10-19 14:49:07.000000000 +0200 +++ Xorg.0.log.connected 2006-10-19 14:49:51.000000000 +0200 @@ -11,7 +11,7 @@ Markers: (--) probed, (**) from config file, (==) default setting, (++) from command line, (!!) notice, (II) informational, (WW) warning, (EE) error, (NI) not implemented, (??) unknown. -(==) Log file: "/var/log/Xorg.0.log", Time: Thu Oct 19 14:42:00 2006 +(==) Log file: "/var/log/Xorg.0.log", Time: Thu Oct 19 14:42:46 2006 (++) Using config file: "xorg.conf" (==) ServerLayout "Default Layout" (**) |-->Screen "Default Screen" (0) @@ -444,7 +444,7 @@ (II) NV(0): Probing for analog device on output A... (--) NV(0): ...can't find one (II) NV(0): Probing for analog device on output B... -(--) NV(0): ...can't find one +(--) NV(0): ...found one (II) NV(0): Probing for EDID on I2C bus A... (II) NV(0): I2C device "DDC:ddc2" registered at address 0xA0. (II) NV(0): I2C device "DDC:ddc2" removed. @@ -452,7 +452,46 @@ (II) NV(0): Probing for EDID on I2C bus B... (II) NV(0): I2C device "DDC:ddc2" registered at address 0xA0. (II) NV(0): I2C device "DDC:ddc2" removed. -(II) NV(0): ... none found +(--) NV(0): DDC detected a CRT: +(II) NV(0): Manufacturer: MAX Model: 178e Serial#: 2006 +(II) NV(0): Year: 2000 Week: 13 +(II) NV(0): EDID Version: 1.0 +(II) NV(0): Analog Display Input, Input Voltage Level: 0.714/0.286 V +(II) NV(0): Sync: Separate +(II) NV(0): Max H-Image Size [cm]: horiz.: 36 vert.: 27 +(II) NV(0): Gamma: 2.76 +(II) NV(0): DPMS capabilities: StandBy Suspend Off; RGB/Color Display +(II) NV(0): redX: 0.632 redY: 0.329 greenX: 0.272 greenY: 0.604 +(II) NV(0): blueX: 0.142 blueY: 0.062 whiteX: 0.280 whiteY: 0.311 +(II) NV(0): Supported VESA Video Modes: +(II) NV(0): 640x480@60Hz +(II) NV(0): 640x480@75Hz +(II) NV(0): 800x600@75Hz [...more data about the monitor goes here...]
The nv(4) manpage also contains this bit:
Option "CrtcNumber" "integer" Many graphics cards with NVIDIA chips have two video outputs. The driver attempts to autodetect which one the monitor is con‐ nected to. In the case that autodetection picks the wrong one, this option may be used to force usage of a particular output. The options are "0" or "1". Default: autodetected.
... but when I set that to 1 in the Section "Device" of my xorg.conf, it still uses the internal monitor of my laptop. Am I missing something?
Rock migration finished
This weekend, I started modifying the way I use disk space on rock, my home desktop and server.
rock used to be a PentiumIII running at 650Mhz, until I received an SMP box from Osamu Aoki when he moved back to Japan and couldn't take it with him. So rock is now a dual Celeron 433Mhz, and the machine that originally served as my desktop went on to replace pop, my parent's box.
A little while later, rock's hard disk died, and I was left with a single 13G hard disk (or so I thought). At that point, I used the sarge installer to install rock on an LVM system, so that I could easily enlarge the volumes in the installation later on, without having to start copying files for no good reason. When I later on bought a second-hand 80G hard disk to add to the LVM system, I found that there were in fact two more hard disks inside rock, which simply hadn't been connected to the IDE controllers; one was 20G large, the other 40G.
So I added them all, and enlarged all the volumes that could use some extra space.
A while later, I started worrying. What if one of the disks would die? Reading the documentation, I found that I would lose all the LVM volumes that were on the dead disk, even if only partially. Obviously there's also an option to get LVM to mount partial volumes to get at the data that's still available, but it didn't sound too hopeful. In short, I became convinced that what I was doing wasn't all that sure for my data. Obviously I have backups of the important stuff, but avoiding failure is always preferable over having to use recovery procedures, even if they're good recovery procedures.
So I decided that I would migrate to a setup that would use at least some redundancy; that way, I could stop worrying as much. And since I had four disks, there should've been a way to do that.
I started partitioning, and found that I had overlooked a second 40G hard disk that rock was using; so rather than creating a RAID5 array on top of two 33G partitions (on the 40G and 80G disks) and one RAID0 array or something similar (combining the 13G and 20G disks), I decided to create a 40G RAID5 array composed of two 40G disks and one 40G partition on an 80G disk. All other disk space (the other 40G on the 80G disk, and the 20G and 13G disks) would be combined into an LVM volume group for less important data (such as the squid cache and other large parts of /var, swap space, and a bunch of digitized CD's of which I still have the originals). Also, the RAID5 array wouldn't just be one large volume or so; instead, I created another LVM volume group in the RAID array. Theoretically I could of course combine everything in one volume group and use pvmove and/or the right options on lvcreate to force important volumes on the RAID array, but then having separate volume groups for RAID/no RAID would force me to think carefully before managing volumes, which is never a bad idea.
So on Friday I started moving data. This would involve running pvmove on a particular physical volume until all data would be removed from it; then run vgreduce -a <vgname> to remove the physical volume from it; use the just-freed drive to create new partitions on it to hold the live data; copy the live data over; and start doing pvmove again. Rinse, repeat, until all data is copied over and/or you've freed enough disks to create the RAID array.
Luckily one can create a RAID array in degraded mode, or the procedure would've involved updating my backups, verifying them, wiping the hard disks, and reinstalling. As it is, I could get away with creating partitions that were just large enough to hold all data, and hoping people wouldn't try creating more data.
I started working on this on Friday, and am just now, over 48 hours later, finishing up. It should've been possible to do all this in far less time; but rather than explaining what went wrong, let me just say, for the record, that I hate hardware. And that I should plan better.
Anyway. The last stumbling block was the fact that the system simply wouldn't boot from the new root device. The reason was fairly obvious; the initrd was generated when mdadm was not installed yet, so had to be regenerated. But after calling yaird with the right options, it still wouldn't work.
It took me a while to figure it out; but eventually, I found that yaird will read your /etc/fstab to find out about your root device; that it will see how it can get at that root device (where it's smart enough to know about md devices and LVM devices etc); and that it will then add the right software to the initrd based on that.
Sure enough, my temporary root device that I had put outside of any LVM thing on /dev/hdb3 did have /dev/hdb3 as its root partition. So yaird didn't think mdadm was necessary. Heh.
Quick edit fixed that.
So now I have my important data on an LVM system on RAID5, and my less important data still on LVM.
Me happy.
Conversion in progress
Sometimes the things you want don't happen until you stop trying so hard.
For as long as we've had Intel-compatible computers here at home, my parents have been running Windows. At first I didn't care—this was before I had even heard about Linux, let alone install it—but as I became more and more involved in Linux, I wanted more and more for them to make the change, too. Especially given how I'm still supposed to be responsible for making sure their machine keeps running; if I wasn't, I wouldn't care as much.
These are the approaches I've taken to try to convert them, and why they failed:
- At first, I tried convincing them that Windows sucks and that they should use "something else, something better". This approach utterly failed, simply because Windows did not suck as much as I claimed it was. I was advocating something I believed in, but my arguments weren't fully on target. Whether or not this was intentional isn't something I remember fully (it's been somewhere about nine years), but I do remember it did fail because of that.
- Next, I made Linux boot up as default. They still could boot up Windows if they so chose, but they had to make a decision at exactly the right time. This approach utterly failed because it caused them to associate Linux with annoyances. Bad idea.
- The next step was to get annoyed at having to fix Windows every few
months because of viruses and spyware and whatnot, and just not doing
it. This was not a conscious decision; but having to reinstall a system
from scratch is no fun, and eventually I got so fed up with it that I
kept postponing it. At some point this turned into a strategy to subvert
them into running Linux, by giving them "temporary" replacements for
things that broke down. This would start with installing Free Software
on Windows; using Thunderbird for e-mail, or OpenOffice.org as their
office suite. Some of these replacements (such as Thunderbird, after I
explained the security issues in Outlook Express) would be accepted with
ease; others (such as OpenOffice.org, where my dad was much
more used to Microsoft Office) would face initial resistance. They have
eventually come to accept all of them, however.
The approach failed because I was never up-front about my intentions (even if initially there were none, they did eventually surface). As such, they kept seeing some things as "temporary" replacements and never invested any time into trying to learn the system, whereas I was postponing reinstallation as long as I could. Eventually, this led to an argument which resulted in the next strategy. - The next attempt was a direct result of the failure of the previous
one; I asked them to give the system a chance, and they agreed to
seriously try Debian for a few months. After those few months, we would
sit together and decide what would be done; I promised to reinstall
Windows if they decided that Linux wasn't good enough. Contrary to what
I expected, the approach failed. Their main argument was that it was too
slow. This was not totally unexpected, since their system at
the time was a 133Mhz Pentium I running Windows 98 (I believe);
installing Sarge with Gnome on that was a bad idea. I had tried a few things to speed up matters
about halfway through the experiment; but unfortunately that didn't cut
it. I now realise that the reason the attempt failed was that I was
insufficiently prepared, and that I had to cobble together a workable
environment for them in just a few days. Had I had a bit more time, I
could've looked around for a useful yet not resource-hungry interface
that would've made the system useable for them, and they might have
accepted it. Oh well.
Or I could've just bought them a new system and have them use that. Hah. - After the failed attempt, I just plain gave up. I didn't remove the
Linux partition from their machine, but I did not expect them to boot it
anymore, either. A few months passed. I received an SMP box from Osamu,
and replaced their aging box with my 650Mhz Pentium III. Eventually, my
dad asked me about creating some poster for the theater group where he
was directing a piece. What he wanted to do (having an utter mish-mash
of letters of all sizes and forms as a backdrop) required a DTP
application, or at least a decent graphical application; while I am
aware of such applications for the Windows platform, I do not actually
have them. So I said "I can help you with that, but it'll have
to be under Linux". I rebooted the box, installed scribus (which, through the miracles
of synaptic, looked to him like I was just fine-tuning a few things),
showed him how it worked, and let him do it.
A while later, he wanted to print out a picture. Similarly, I know of Windows applications to do this, but I helped him use The Gimp—under Linux.
Another while later (now a month ago), they wanted to keep better track of their income and their expenses. Again, I know of Windows applications to do this, but gave them gnucash, because I know that best. This actually is the first application in the list that they now use on an almost daily basis. These days, when I get up and take a peek at their system, more often than not it runs Linux. And since I configured it (at their request) to run 'shutdown -h now' by cron at 1:30 AM (to force them to go to bed), this means that they actually choose to run Linux in the morning now, rather than just not bothering to reboot or shut down the machine when they want to. I expect they've finally chosen to use Linux instead of Windows for the things they want to use a computer for, even though they don't know it themselves yet. I can only be happy about that.
All in all, my message is this: if you want to convert people like my parents—who couldn't care less about all this freedom stuff and whatnot, shit just has to work for them—to Linux, then you should make sure that they have a reason to use it. They didn't use it when I tried to push them behind the curtains. They didn't use it when I tried to push them openly. They only decided to use it when, eventually, they had a solid reason to use Linux: there were applications there that weren't available on Windows.
Of course, there's nothing in gnucash, the gimp, or scribus that prevents me from installing it on Windows. But installing software on Windows is such a pain—and, well, I did have a hidden agenda.
Little me, DPL?
Christoph Berg had a shortlist in his blog about people whom he'd like to see become DPL on the next election (which is in spring, so still quite some time). I was surprised, to asked him about it.
16:25 < Yoe> Myon: me? 16:25 < Yoe> (re: your blog post) 16:26 < Myon> why not? 16:27 < Myon> you are visible in the project, and have ideas I like 16:27 < Yoe> actually, I /have/ been pondering to send in my candidacy for at least the last three elections or so 16:27 < Yoe> I just didn't expect other people would want that 16:27 * Myon reads Yoe mind 16:28 < Yoe> heh
Of course it's a bit early to start campaigning, but then that's not at all what I'm doing here (this pushed me a bit, but the real-life issues that made me not do it last time still exist). I'm just surprised.
US$ 6000
There's a bit of commotion around the amount of 6000 US dollars that's being paid to the RMs for a month of work; some people seem to think that this is a lot of money for one month of work.
My guess is that these people have never had to run a business.
Steve does run one; I don't know about aba.
But let's just make some calculations here, shall we? I'd make them with the US system in mind, but as I have a business in Belgium, that's kinda hard to do. So I'll make them with the Belgian system in mind instead.
- First, you have to pay VAT. On computer services, the amount of VAT in Belgium to be paid is 21%. That's roughly one-fifth, or 1200 US dollars. Had dunc-tank been a registered company (like, say, SPI) then they could get that money back. As it is, this is 1200 US dollars that goes to the government and stays there. So that's 4800 left.
- Steve has a company; I presume he rents an office somewhere. Rental prices for floorspace in office buildings is insanely expensive when compared to private apartments. 500US$ per person per month would seem to be approximately right. So, 4300 left.
- You'll be having to pay for utilities, such as phone, water, heating, electricity, Internet, and so on. In my experience, this is a few hundred each month. Say, 400? 3900 left.
- If you don't want to pay too much taxes and fines at the end of the year because you didn't fill out the right paperwork at the right time and in the right way, you'll want to pay an accountant. These people are not cheap; 300 each month (on average) would seem to be right. 3600.
- in Belgium, if you work as an "independent", you have to pay an amount of money to social security, which gives me basic health benefits. In addition to that, you pretty much have to pay an amount of money to a private institution for additional health benefits if you don't want to be left in the cold in case something happens that the basic health care doesn't cover. The amount you need to pay each quarter depends on your income; a guess could be somewhere around 500US$ each month. 3100.
- There's going to be insurance. This will involve both hardware insurance, and something to fall back on in case you make a terrible mistake and need to pay someone some compensation. The former depends on the amount of hardware your company has; the latter depends on the amount of invoices you get to write each year, i.e., the amount of money you make. I can't guess how much this is for Steve, but let's say 700? So we've got 2400 left.
And now if you want to pay yourself, you get to do the above dance all over again. You get to pay income taxes, insurance, rent or mortgage, Internet, phone, water, and whatnot. Plus food.
In addition to all of the above, I don't know how much Steve has to drive around to talk to his customers, but if that's "quite a bit", then he may be leasing a car. I don't know whether he's got an ad running somewhere to attract more customers for the months after his paid Debian work, but if he is, he may have to pay a considerable amount of money to do so. And there can be any number of things that I've forgotten to include, but for which you still need to pay.
In addition, if you want to run a business in a sane way, you need to ask a bit more than what your costs are, because there'll always be a few days that are not billable, and on which you need to live and pay expenses, too; but I could imagine that these were dropped for this particular month.
Obviously the above numbers all involve some guesswork. I've been running a business for quite a while now, but it's only recently become profitable; many of these numbers will go up when your business is profitable for a long time.
6000 is nothing. I've had customers tell me you're
cheap
five seconds after I asked nearly twice as much.
Trust me, that's no fun.
It's one of the things I've had to learn while running a business: some amounts of money that seem hugely expensive in a private capacity are next to nothing in the business world. That's just the way it works...
Finally, let me note that this is not meant to take any position one way or another in the matter. I did feel that experimenting with paying fellow developers was a good idea, but not at all costs; and certainly, I don't feel that going ahead with this by setting up something of the likes of dunc-tank is a very bright idea. I just thought it good to put some numbers into perspective.
Update: Set the numbers straight. 6000 - 1200 is 4800, not 5800. Whoops. Yes, usually I do use a calculator
Will I or won't I?
I've been looking at this for a while now:
Subject: Proposal for general resolution. From: wouter@debian.org To: debian-vote@lists.debian.org I propose a vote on the following general resolution as a position statement on an issue of the day, as described under §4.1.5 of the Debian constitution. =============Begin resolution text============ Debian has gone insane. =============End resolution text============== I am looking for seconds.
Eventually I decided that it wouldn't help, so I didn't send it. But the constant bickering has gone past mere annoyance, past being just "bothersome", past even "silly". It's pure insanity. It'd only be fair if we'd admit it.
Darn.
715 + Oct 27 Debian Installe (0,5K) nbd_2.8.7-2_powerpc.changes REJECTED [...] 717 Oct 28 Debian testing (0,3K) nbd 1:2.8.7-1 MIGRATED to testing
Apparently I had done something wrong with the uploa of 2.8.7-2, so it didn't get in. And 2.8.7-1 migrated instead, which it shouldn't have.
Oh well, fixed upload is on its way now; and it's not that important, either.
Sharing a Developer's room with Ubuntu at the next FOSDEM?
I've been asked whether the Debian project would agree to sharing a Devroom with the Ubuntu folks at the next FOSDEM in Brussels.
If you have an opinion on that, please reply to the mail I just sent to the debian-events-eu mailinglist about that subject.