Debian Conference 1, additional notes

<< To the main report

Here are some additional notes of the Debian Conference 1 presentations. I'm not trying to summarize the presentations but concentrate on the question / answer part and some other points which cannot be found on the slides.

The opening session

• First Woody freeze just announced by Anthony Towns (http://lists.debian.org/debian-devel-announce-0106/msg00014.html).
• Work that would be useful to do during the conference (besides the presentations): boot floppies, installer, RC bugs in Woody.
• Somebody commented that Debian is a good example of a real system / organization that works without a commercial structure, without it we would be in a lot more commercial world of software.
• The setbacks in economical situation and bankrupts of some free software companies were brought up, Kuhn from FSF answered not to be particularly worried, the dedicated people will stay with free software anyway.
• Stephane noted that in the EU the question is more than about just software patents: they are thinking patents as general indicators of the welfare of a certain area => thus patents are good in general.
• The GATT agreement: patents considered as national taxes on exportation and traited on that bases - if able to patent in US should be patentable in other countries.
• Kuhn commented that Europe has an easier battle because people here in general more interested in fighting for freedom, everybody didn't fully agree. The politicians are afraid of a big negative impact when they have to consider whether to support freedom.
• Question about the enforceability of the GPL in court. There has been violations but always solved privately (in 95 % of the cases the violation it's accidental). Not anybody daring to challenge it is already a pretty good sign of the strength of the license.
• If software patents pass do we get attacks from US? (at least in some cases, see for instance the GATT agreement question).
• Interesting idea from a Swiss person: there it's free to start a legal process - many people challenging a patent costs a lot of money to the company and/or the patent office, a sort of denial of service attack. Others' comments were quite sceptical because a) the companies do have quite a lot of money and b) the first successful defence would make the other cases clearly wrong.
• The risk of a company breaking the GPL and then suing a single person responsible of that program, thus choosing a weaker opponent than the FSF for example. For such purposes, the FSF would like to collect money in a "GPL Legal Fund", but they are looking for large donors to bootstrap the fund. Contact gnu@gnu.org for more information.
• Some maintainers put the copyright on the name of SPI (Software for Public Interest) that would then be responsible for lawsuits against Debian? Kuhn noted that it shouldn't be done without a copyright assignment. For an official GNU program, you can assign the copyright to the FSF, if you want. Write to maintainers@gnu.org to enquire about making a program officially into GNU software.
• A bulleting board to gather small meetings and workshops during the conference was requested.

Outside the conference hall, during lunch, dinner and breaks on the first day:

• Kuhn brought up one way I hadn't thought before how the Gnu Free Documentation License can be attractive to publishers. They can use the invariant texts to say "Company X paid for this material" or something similar so other companies have less incentive on publishing their editions of the material. O'Reilly has adopted it for a few books, maybe usable to get commercial books on Debian too?
• Should the gpg key length be distributed with the key id, name and fingerprint, is it possible to create a fake key with the same fingerprint by changing lenght?
• Has the version numbering policy an effect on media interest and should Debian be concerned about that?
• Reiserfs support (to get root filesystem reiserfs) and usb keyboard support on boot floppies were wanted by some people.

Quality assurance

Slides: http://www.cyrius.com/talks/debconf1-2001-qa/
Contact: Martin Michlmayr <tbm@cyrius.com>

Before the talk Thierry Laronde proposed a workshop on developing a new better algorithm to calculate dependencies between packages.

• Martin's proposition that packages would move from unstable to testing only after somebody says they're ok raised some discussion about what the role of testing should be. Somebody commented that the point to create testing was that most people that want to live "on the edge" would be in testing and so it can be supposed to be broken at times. Old library versions disappearing also cause problems. Martin said that it would be the first step towards systematic testing that is apparently needed.
• Work done about automatic verification of dependencies, surveying the contacts to slow / non-active maintainers (mia-database available for developers).
• Test suite (the second last slide), hopefully in the future we have a automated test suite that runs a script on all the architectures at build time and sends the results to the maintainer (that usually tests on one architecture only).
• Splitting Debian to different priorities of packages is a controversial topic. Martin presented the problem how releases are delayed because of waiting for some packages, others pointed out that Debian already has some priorities (base system etc.) and sometimes packages are dropped to get a release (but in general too late).
• Should Debian be more strict when new packages are included, in other words evaluate whether the program is really needed (when included difficult to drop).
• Fabien Ninoles told about another proposition being discussed in debian policy to split some packages into core and optional parts (more themes, different documentation format) that would be in another directory called data. That would make packages smaller, ease the workload of the maintainer, reduce server load (synchronizing optional packages to mirrors could be done more rarely) and also help with the priorities so that the optional part is lower priority.
• Lameter commented on fights - boring, always the same fights, look at the archives. A comment from the audience, need need to pass a history test. :) Then again, can one get rid of flamewars and are they even useful?

Fully Automatic Installation

Slides: http://www.informatik.uni-koeln.de/fai/bordeaux2001.pdf.gz
Site: http://www.informatik.uni-koeln.de/fai/
Contact: Thomas Lange <lange@informatik.uni-koeln.de>

• To make automatic installation easier packages should switch to using debconf whenever possible, other installation scripts needing input difficult to handle.
• Q: Is there any hardware detection? A: No extra commands or tools but using the functionality provided by standard kernel, output can be parsed if you write scripts on your own. Devfs could solve some problems.
• Q: Include this system in the Debian installer? A: Would need a BIG boot floppy (FAI boots from the network), maybe a merge possible in the future.
• Q: How long does it take to understand the tool, create the configuration? A: Probably 1-2 days for a sysadmin, the important thing is to have thought of a concept how the installation should be done.
• There was discussion about the differences of the approach in FAI and having Grub + initial ramdisk. Thomas said that he didn't want to have RAM as a limiting factor, in FAI the kernel can be small because one needs only network support and modules can be loaded from NFS.
• Q: Collecting the network information for the first time? A: There should be an IP address and hostname assigned to each mac address. The mac addresses can be collected by a script, then the hostname can be derived from it.
• Thomas told about the need to rewrite the disk partitioning code and asked hints whether to use fdisk, parted or something else. Neil Walfield suggested parted for portability, and somebody else pointed out that SWIG can be used to generate interfaces for scripting languages.
• Q: FAI portability? Should work on other platforms for i386 because no executables but might need some changes (different fdisk in PowerPC for example).
• Q: Maintaining the configuration? A: FAI can be used only for initial installation or complete reinstall, cfengine suggested for manipulating the config files.
• Q: When installing, is interaction with the console screen possible? A: Virtual consoles and remote access possible, not possible to answer specific questions (e.g. one package) in the installation. During the first part of installation one can write a script to ask some questions if really needed, in general the class of the pc and other info should be specified beforehand in the configuration files on the server.
• Q: Overriding configuration class definitions? A: There's a priority structure of classes, overriding more general classes with specific classes possible.

Debian / OpenBSD

Slides: http://www.schuldei.org/andreas/talks/lsm-2001/
Contact: Andreas Schuldei <andreas@schuldei.org>

• Q: Increasing the number of packages against the policy of OpenBSD? A: Yes, definitely, a small system is more secure, a clueless user makes any system insecure but it would be nice also for experienced users to have nicer tools.
• Q: OpenBSD code base at the moment? A: Pretty big, all kinds of servers, full-featured already.
• Andreas mentioned some problems on dpkg depending on GNU tar features, Marcus Brinkmann commented that dpkg should work on any tar that provides POSIX features and if it doesn't it's a bug on dpkg and should be fixed anyway.
• Comment from the audience: Debian is not about changing but integrating the software it uses and as long as you have different toolchains you will have incompatibilities. So incompatibilities with GNU tools and Posix will exist (not only emotional, fundamental technical problems).
• Thierry noted that dpkg problems are already seen on boot floppies and other places: not a particular problem with OpenBSD, dpkg will have to be fixed for Hurd too.
• Q: Posix compliance of OpenBSD? Don't know exacly, thinks it should be pretty compliant, some of the audience didn't fully agree. To be investigated?
• Q: You have to change OpenBSD system, are you willing to do it? A: Yes, it's a difficult thing (culture clashes), but some people are interested in making these tools work even if many OpenBSD people are not supporting the effort.
• Debian-BSD mailing list was mentioned (ports of also other flavors of BSD), Andreas had the impression that it was more concentrated on talking and he wants to get some working code first
• Q: Debian philosophy: install a package and it starts running, conflict with OpenBSD philosophy? A: In a way yes, on the other hand installing packages in Debian is simpler so they (daemons etc.) can be left out and install can be considered the "start daemon" -step in OpenBSD use.
• Q: OpenBSD architectures? A: Quite portable but this work currently i386 only.
• Q: FHS compliance? A: Not currently, but this Andreas is willing to change.
• Q: Contacts OpenBSD official? Yes by email, response more friendly than expected :-) - don't know if they're taking it seriously or not.
• Q: Can we have another fork of BSD? A: Yes, that's one way [laughter].
• Q: Is release to be expected in the near future? A: Not very soon, lack of people, especially binutils knowledge.

The Hurd

Slides and text of the presentation: http://people.debian.org/~brinkmd/talk-hurd/ (the address may change, see also Marcus's home page).
Site: http://hurd.gnu.org/
Contact: Marcus Brinkmann <marcus@gnu.org>

• In the user space policies can be defined but you must enforce them in the kernel so for instance memory management policy has to be enforced there.
• Possibility to run a stable OS and an unstable OS at the same time on the same microkernel (very nice for OS hacking), the microkernel changes rarely because new features are not added there.
• The Hurd allows users to write and run their servers too (usually in other microkernel systems you have to be the superuser).
• Q: About the pathname lookup example, does the kernel do string operations? A: No, it's in the c library.
• Q: About performance in the previous lookup example, does it do full resolv every time? A: Currently yes.
• Q: About the ports architecture, how many ports there are, can they be recycled? A: Thousands, Marcus draw a schema how the Mach port system works and that it shouldn't be a bottleneck.
• Q: Debugging servers? A: Just start them under gdb, set breakpoints, of course doesn't respond remote procedure calls while suspended.
• Q: Is it hard to write servers? A: No general answer, depends on the task of the server, the basic task to connect to auth server for instance is not too hard.
• Telnetting to a Hurd box gives a shell without user id by default and such process cannot access any protected files, but one can give files specifically permission to be used without an user id: a pretty secure environment to run unsecure daemons.
• Q: Communication over network, can communication between servers be encrypted? A: Currently not implemented, but possible.
• The authentication server and the default process server cannot be replaced with your own implementations, basically everything else can. Additionally one can run his own process server for those parts of the interface that don't require superuser permissions.
• Virtual filesystems provide a lot of new possibilities, transparently accessing ftp servers and other network resources in the filesystem (see also hostmux filesystem).
• Q: AFS, journaling filesystems? Not currently, in general new filesystems easy to add but journaling ones may have some special issues.
• Q: general question about speed? Messages decrease speed but results are improving (sending remote procedure calls very quickly), all in all it is at the moment considerably slower than linux for example.
• Q: Doing find, performance problems with all pathname lookups? A: Of course.
• Q: Is the Mach microkernel itself slow? A: There are some faster ones available but they don't have all the necessary features like asynch message passing.
• Q: Solution for random device? A: There is an implementation but difficult to get good random data without kernel support.
• Statistics of the packages ported can be found at http://buildd.debian.org/stats/graph.png, currently improving fast as the autobuilder is going through the list right now.
• It can be expected that the Hurd will be somewhat binary compatible with Linux.
• Q: Sound applications, Linux kernel latency problems, how about Hurd? A: Not at all a real time system, no guarantee on latencies, but Hurd runs on realtime Mach too, that gives one possibility. Robert Strandt noted that in many cases an absolute guarantee is not necessary, and latencies of a standard system will be tested in the near future.
• Q: Hardware interfaces? A: Very simple, open call, read, write etc., only works for well block devices. For terminal devices the interface is very old and definitely needs work.
• Q: Other architectures than i386? A: Written in C, portable in general, but currently no others, some code for Alpha exists.

The thing Marcus was most concerned about was the changed needed to the Debian distribution infrastructure. For instance makedev is binary-all, but works only on the Linux kernel, and he has proposed a new binary-all-linux definition. The change seems small but is actually pretty big because almost all the tools (dpkg for example) need at least small changes to conform to the new structure.

Debian port to HP PA-RISC

Slides: http://mkhppa1.esiee.fr/debian/index.html
Site: http://www.parisc-linux.org
Site 2: http://www.esiee.fr/puffin
Contacts: Thomas Marteau <marteaut@esiee.fr>, Xavier Debacker <mailto:debackex@esiee.fr>, Matthieu Delahaye <delahaym@esiee.fr>

I'm sorry I don't have any notes of this talk.

Telemetry Box

Slides: http://www.lameter.com/lsm2001/tbox.html
Site: http://telemetrybox.org
Contact: Christoph Lameter <christoph@lameter.com>

• Q: Partitioning? A: Simple: 20 MB boot, 200 MB swap, everything else root.
• Q: File System? A: Now ext2, next release (1.3) will have reiserfs. Grub will be introduced as a bootloader.
• Some sysadmins use Telemetry box cd:s to install Debian to web servers quickly and easily. After the basic install they kill Christop's packages and get the other stuff that is necessary. :)
• Noted in business: End user must see immediate results, otherwise they want continue using a product: if you can get they start using it they can customize later.
• The RedHat / Debian issue: RedHat has the name, many people feel safer with that. Lameter commented that Debian is better as it's not a startup of which many are currently failing.
• When offering to companies, just market it as an appliance, no mention of Debian, Linux etc. Once they find out that it's incredibly useful and ask how it is done you can tell them.
• Q: Security? A: Tied to Debian standard security.
• Q: Cost in terms of bandwidth when scanning? A: Very minimal, just the initial scan takes some considerable bandwith.

The closing session

• Q: What the conference has meant to you? A: (from the audience) People come more than just words in emails when you see their faces.
• James noted that in the Debian incoming there are three times more packages than normally, people have been active in the hacking room (on many nights staying until 4 am).
• Q: How often should Debian Conference be organized? A: There seemed to be a sort of consensus to do it once a year. Thierry warned about the material requirements, it is difficult to have cheap accommodation and meals for everyone. Here LSM has helped a lot. It became a sort of conclusion that the organization also elsewhere should be aimed to be in cooperation with a bigger event than just Debian people.
• This year many other events overlapping (LinuxTAG in Germany, something in UK), prevented some people from coming.
• Thierry doesn't want to do the organisation third time, asking for volunteers.
• The group hasn't necessarily have to be big, this year the organisation of whole LSM about 6-7 people, but very tiring.
• This year lots of problems with accommodation, a big number of dormitory rooms suddenly not available.
• Funding here public funds, in many other places the organisation would require commercial funding.
• Organizing at LSM more public relations than material organisation, the university facilities help.
• James noted that it was a good idea to start the Debian Conference before the main LSM so that people didn't spread to different topics.
• Q: How early should the organizing be started? A: Days have to be decided well in advance, but organization is usually made in the last moment (one or two months).
• Q: separate events suggested for Europe and U.S.? A: One possibility, Kuhn proposed a track in Usenix.
• Izma: regional meetings needed, could be tried to organize so that some people come overseas but expensive flights would be mostly avoided. Flight company sponsorship would be great. :-)
• A new list debian-meetings or debian-events could be useful.
• Kuhn mentioned FSF:s free software directory, a few issues about licenses that should be solved on debian-legal.

The Debian photos were being sold and after the official closing the event turned into a photo signing session, a good ending.

<< To the main report