- <div class="title"><a href="http://people.skolelinux.org/pere/blog/Always_download_Debian_packages_using_Tor___the_simple_recipe.html">Always download Debian packages using Tor - the simple recipe</a></div>
- <div class="date">15th January 2016</div>
- <div class="body"><p>During his DebConf15 keynote, Jacob Appelbaum
-<a href="https://summit.debconf.org/debconf15/meeting/331/what-is-to-be-done/">observed
-that those listening on the Internet lines would have good reason to
-believe a computer have a given security hole</a> if it download a
-security fix from a Debian mirror. This is a good reason to always
-use encrypted connections to the Debian mirror, to make sure those
-listening do not know which IP address to attack. In August, Richard
-Hartmann observed that encryption was not enough, when it was possible
-to interfere download size to security patches or the fact that
-download took place shortly after a security fix was released, and
-<a href="http://richardhartmann.de/blog/posts/2015/08/24-Tor-enabled_Debian_mirror/">proposed
-to always use Tor to download packages from the Debian mirror</a>. He
-was not the first to propose this, as the
-<tt><a href="https://tracker.debian.org/pkg/apt-transport-tor">apt-transport-tor</a></tt>
-package by Tim Retout already existed to make it easy to convince apt
-to use <a href="https://www.torproject.org/">Tor</a>, but I was not
-aware of that package when I read the blog post from Richard.</p>
-
-<p>Richard discussed the idea with Peter Palfrader, one of the Debian
-sysadmins, and he set up a Tor hidden service on one of the central
-Debian mirrors using the address vwakviie2ienjx6t.onion, thus making
-it possible to download packages directly between two tor nodes,
-making sure the network traffic always were encrypted.</p>
-
-<p>Here is a short recipe for enabling this on your machine, by
-installing <tt>apt-transport-tor</tt> and replacing http and https
-urls with tor+http and tor+https, and using the hidden service instead
-of the official Debian mirror site. I recommend installing
-<tt>etckeeper</tt> before you start to have a history of the changes
-done in /etc/.</p>
-
-<blockquote><pre>
-apt install apt-transport-tor
-sed -i 's% http://ftp.debian.org/% tor+http://vwakviie2ienjx6t.onion/%' /etc/apt/sources.list
-sed -i 's% http% tor+http%' /etc/apt/sources.list
-</pre></blockquote>
-
-<p>If you have more sources listed in /etc/apt/sources.list.d/, run
-the sed commands for these too. The sed command is assuming your are
-using the ftp.debian.org Debian mirror. Adjust the command (or just
-edit the file manually) to match your mirror.</p>
-
-<p>This work in Debian Jessie and later. Note that tools like
-<tt>apt-file</tt> only recently started using the apt transport
-system, and do not work with these tor+http URLs. For
-<tt>apt-file</tt> you need the version currently in experimental,
-which need a recent apt version currently only in unstable. So if you
-need a working <tt>apt-file</tt>, this is not for you.</p>
-
-<p>Another advantage from this change is that your machine will start
-using Tor regularly and at fairly random intervals (every time you
-update the package lists or upgrade or install a new package), thus
-masking other Tor traffic done from the same machine. Using Tor will
-become normal for the machine in question.</p>
-
-<p>On <a href="https://wiki.debian.org/FreedomBox">Freedombox</a>, APT
-is set up by default to use <tt>apt-transport-tor</tt> when Tor is
-enabled. It would be great if it was the default on any Debian
-system.</p>
+ <div class="title"><a href="http://people.skolelinux.org/pere/blog/A_program_should_be_able_to_open_its_own_files_on_Linux.html">A program should be able to open its own files on Linux</a></div>
+ <div class="date"> 5th June 2016</div>
+ <div class="body"><p>Many years ago, when koffice was fresh and with few users, I
+decided to test its presentation tool when making the slides for a
+talk I was giving for NUUG on Japhar, a free Java virtual machine. I
+wrote the first draft of the slides, saved the result and went to bed
+the day before I would give the talk. The next day I took a plane to
+the location where the meeting should take place, and on the plane I
+started up koffice again to polish the talk a bit, only to discover
+that kpresenter refused to load its own data file. I cursed a bit and
+started making the slides again from memory, to have something to
+present when I arrived. I tested that the saved files could be
+loaded, and the day seemed to be rescued. I continued to polish the
+slides until I suddenly discovered that the saved file could no longer
+be loaded into kpresenter. In the end I had to rewrite the slides
+three times, condensing the content until the talk became shorter and
+shorter. After the talk I was able to pinpoint the problem –
+kpresenter wrote inline images in a way itself could not understand.
+Eventually that bug was fixed and kpresenter ended up being a great
+program to make slides. The point I'm trying to make is that we
+expect a program to be able to load its own data files, and it is
+embarrassing to its developers if it can't.</p>
+
+<p>Did you ever experience a program failing to load its own data
+files from the desktop file browser? It is not a uncommon problem. A
+while back I discovered that the screencast recorder
+gtk-recordmydesktop would save an Ogg Theora video file the KDE file
+browser would refuse to open. No video player claimed to understand
+such file. I tracked down the cause being <tt>file --mime-type</tt>
+returning the application/ogg MIME type, which no video player I had
+installed listed as a MIME type they would understand. I asked for
+<a href="http://bugs.gw.com/view.php?id=382">file to change its
+behavour</a> and use the MIME type video/ogg instead. I also asked
+several video players to add video/ogg to their desktop files, to give
+the file browser an idea what to do about Ogg Theora files. After a
+while, the desktop file browsers in Debian started to handle the
+output from gtk-recordmydesktop properly.</p>
+
+<p>But history repeats itself. A few days ago I tested the music
+system Rosegarden again, and I discovered that the KDE and xfce file
+browsers did not know what to do with the Rosegarden project files
+(*.rg). I've reported <a href="http://bugs.debian.org/825993">the
+rosegarden problem to BTS</a> and a fix is commited to git and will be
+included in the next upload. To increase the chance of me remembering
+how to fix the problem next time some program fail to load its files
+from the file browser, here are some notes on how to fix it.</p>
+
+<p>The file browsers in Debian in general operates on MIME types.
+There are two sources for the MIME type of a given file. The output from
+<tt>file --mime-type</tt> mentioned above, and the content of the
+shared MIME type registry (under /usr/share/mime/). The file MIME
+type is mapped to programs supporting the MIME type, and this
+information is collected from
+<a href="https://www.freedesktop.org/wiki/Specifications/desktop-entry-spec/">the
+desktop files</a> available in /usr/share/applications/. If there is
+one desktop file claiming support for the MIME type of the file, it is
+activated when asking to open a given file. If there are more, one
+can normally select which one to use by right-clicking on the file and
+selecting the wanted one using 'Open with' or similar. In general
+this work well. But it depend on each program picking a good MIME
+type (preferably
+<a href="http://www.iana.org/assignments/media-types/media-types.xhtml">a
+MIME type registered with IANA</a>), file and/or the shared MIME
+registry recognizing the file and the desktop file to list the MIME
+type in its list of supported MIME types.</p>
+
+<p>The <tt>/usr/share/mime/packages/rosegarden.xml</tt> entry for
+<a href="http://www.freedesktop.org/wiki/Specifications/shared-mime-info-spec">the
+Shared MIME database</a> look like this:</p>
+
+<p><blockquote><pre>
+<?xml version="1.0" encoding="UTF-8"?>
+<mime-info xmlns="http://www.freedesktop.org/standards/shared-mime-info">
+ <mime-type type="audio/x-rosegarden">
+ <sub-class-of type="application/x-gzip"/>
+ <comment>Rosegarden project file</comment>
+ <glob pattern="*.rg"/>
+ </mime-type>
+</mime-info>
+</pre></blockquote></p>
+
+<p>This states that audio/x-rosegarden is a kind of application/x-gzip
+(it is a gzipped XML file). Note, it is much better to use an
+official MIME type registered with IANA than it is to make up ones own
+unofficial ones like the x-rosegarden type used by rosegarden.</p>
+
+<p>The desktop file of the rosegarden program failed to list
+audio/x-rosegarden in its list of supported MIME types, causing the
+file browsers to have no idea what to do with *.rg files:</p>
+
+<p><blockquote><pre>
+% grep Mime /usr/share/applications/rosegarden.desktop
+MimeType=audio/x-rosegarden-composition;audio/x-rosegarden-device;audio/x-rosegarden-project;audio/x-rosegarden-template;audio/midi;
+X-KDE-NativeMimeType=audio/x-rosegarden-composition
+%
+</pre></blockquote></p>
+
+<p>The fix was to add "audio/x-rosegarden;" at the end of the
+MimeType= line.</p>
+
+<p>If you run into a file which fail to open the correct program when
+selected from the file browser, please check out the output from
+<tt>file --mime-type</tt> for the file, ensure the file ending and
+MIME type is registered somewhere under /usr/share/mime/ and check
+that some desktop file under /usr/share/applications/ is claiming
+support for this MIME type. If not, please report a bug to have it
+fixed. :)</p>
projects / homepage.git / blobdiff