 Hello everybody, up here, welcome to Lightning Talks, I appear to be the hostess with the mostest, we're limited to five minutes each, I have a kitchen timer with the most obnoxious noise to keep everybody in line. So first off we have Lunar doing a quick talk on coca-lico, which is a one-click file sharing web application with a focus on user's privacy. So welcome, I'm Lunar and I'm a Gibbon developer and sometimes I'm also upstream and I'm going to present you that. And I'm also, this specific piece of software that I actually started because I'm part of a small community hosting provider called Portage.org, which we host friends, family and comrades and at some point we told them that we were really happy to receive pictures of their newborn donkeys, but not in the form of a 30 megabyte email attachment. So I mean we told them that and they decided to use simple file sharing services, like mega upload, things like that. Problem is what the amount of advertisement got really painful and also how much can we trust these providers because at Portage.org when we spend so much time taking care of giving people secure email. So we assembled on a small piece of software called Giraffe, which was as simple as that, it was PHP code and you upload a file and it gives you a URL in return and people can send them in emails instead of attachments. We looked at the code, it took like 15 minutes to install Giraffe, and then people started to actually use it and they really liked it. Actually they liked it enough so that one morning the hard drive was 99% full and I actually noticed that way when like searching why the hard drive was full that I could actually read every file they've been exchanging through that service and it makes me uncomfortable because some have really bad taste in movies and I didn't want to know. So this is when I actually started the idea of co-clicko, so co-clicko, sorry for English speaking, people, and it's a one-click file sharing web app basically. It's same thing as Giraffe, you just give it a file and give you a link, but the twist is that it actually stores the file encrypted on the server and when the file gets removed due to expiration they get zeroed so the content cannot be retrieved and it's also a GPL license. So basically the interface is like you first enter an upload password because we can't provide bandwidth for the whole internet and then you select how much time it should be available and input it eventually in the password and then a file. So you just press bar, you wait a little bit and then you get a link and that's it, that's basically what co-clicko is about. It's not meant to replace enter encryption because the server can, with the current design, the server can still actually see the clear text bytes that are just encrypted before being written to the server hard drive. Quick pause here. Actually the first commit of this web app dates from June 2010 which is kind of old and it's actually predates the HTML5 file API which is what MEGA uses to encrypt files on the client machine. It would be great to actually add that to co-clicko but right now the files are just encrypted on the server side. And so yes, co-clicko is like it's written in Ruby using the Synergy Framework and there's a bit of HTML, CSS, JavaScript, this kind of stuff. It's translatable and using get text so if people want to translate it's not much string it would be really great. And also I spent really a good amount of time in trying to make the thing as easy as possible to install and right now there is a DBN package in Instable since several months and you can just do app to install co-clicko and then you have three lines to add into your Apache configuration file and boom you have that on your own server and it's very useful and it makes people happy. So please try it, have a look, eventually contribute code that will make my life pretty happy and your server is also pretty happy. Thanks. Next up is David Bremner telling you how to hack your email with not much. So in this group we know hack means good things, right? Okay, so I want to talk about a phenomenon that sort of surprised me. I'm one of the upstream developers, maybe I just hold it. So I'm one of the upstream developers of not much which actually that part surprised me too but that's a different story. And so not much is designed to provide fast searching and tag management for emails so you can think of it like your own Gmail, I guess, I mean that's the sales pitch. But what surprised me is that the system that sort of an ecosystem developed. So I'll mention why I think part of this happened. So in the beginning of this project Carl created a command line client and an Emacs front end and then well things started growing. So by now, Simo maintains a lot in Debian which I'll talk about in a minute. And there's all these front ends and just as interesting there are language bindings for Python and Ruby and Go and other bindings are not so hard. There's a shared library. So what can you do with this thing? Well, oh, so by the way before you spend time investing in a project you might ask yourself well, is upstream a healthy project? And I think it is that there's a whole bunch of committers and since the Weezy release, these are the five who've been most active and all made more than 50 commits. So I think that's why I claim bus factor five. So you need to throw five of us under a bus. I mean you may consider those bonuses other than disabling not much but okay. So what's the interface look like? It looks enough like Git that sometimes I get mixed up and type not much tag when I mean Git tag and vice versa. But so you have the not much command, you have sub commands. It's fairly uniform. We do use the command line interface, at least the core developers do. So we think about that. There's search syntax which is reasonable. You have date search. You have some of the header search, you have tags. Okay, so I don't know if you can see this. I guess not really, sorry about that, but I didn't want to do a live demo. This is the sort of next version of the Emacs interface. It has a sort of muddy thread window over here and a single message down below, we have good support for MIME, really good support for MIME and open MIME PGP, not so good with inline PGP. So I think what sort of helped this ecosystem develop is that some people really hate Emacs. So if you really hate Emacs, you use VIME and indeed you can use VIME as a front end for not much. It wouldn't be my recommendation. I think a lot is a better choice for Emacs haters, even though the Emacs hate factor is not quite as good. Recently there's quite a snazzy looking web client that John Lentz from Berkeley has developed. And I know Joey is looking for more Haskell projects. So this is written in Haskell and it's for Joey. You can hack in Perl. I know some of you like to hack in Perl. There's no real Perl bindings. It's kind of like using Perl as a more sensible shell script, which after all is one of the original goals of Perl. If you want more programming language style bindings, you have Python and Ruby where you have a database object and you call searches, you make queries and so it's all quite easy to write simple programs. And so people complain that not much doesn't have a bug tracker. In fact, it has a very nice bug tracker called an Mbug, which uses not much. So there's a read-only web interface. There's a distributed tagging interface, which you also can't see working in this window. And you can see what bugs are outstanding and you can find more information there. Next up is Simon Chopin and Nicolas Dandrimon telling us about FEDMessage, Message Passing for Debian Infrastructure. Take it away, Jax. Okay, so, hi, I'm Simon. This is Nicolas. So I'm a GSOC student and he's my mentor on bringing the FEDMessage bus developed by the federal infrastructure people to Debian, which basically means that we'd use a system that's been developed to help have asynchronous communication within a distribution infrastructure. So we'd have the same goodies as they have, basically. And I was planning to do a live demo with actual showing on what is going on on the bus right now, which is not much because, well, it's still work in progress. But due to human error, mainly mine, it's not exactly possible. So the only way I have to show you what's going on is if you do a comment, if Nicolas does a comment on his package on mentors.debian.net, which is an actual service on the Debian, well, not infrastructure, it's a.net, but it's still quite used. Well, you'll see we have an ISC bot who listens to the bus and just throw out there in Debian Dash FEDMessage on OFTC and just, well, reads out loud with some human-readable text. Because basically, the information is just a JSON dict, which contains, for instance, name of the package, name of the uploader, and, well, name of the commenter in that case. And you'll have just automatically processing of the information to have it in human-readable, but that's not really the important point. So that's our bus, our bus, so that's not our bus, that's federal bus. So you see, the way they use it, they have the chance that we, well, I don't know if it's a chance, but they have self-contained infrastructure mainly, which means that they can use it, they can listen to each other without too much problem, without fearing that the network will go down between two servers, but if they have the problem, they have probably bigger problems. So they just don't send out the messages directly to the world, they have a relay that just send it out. So that's kind of the biggest challenge we face. We, in Debian, we need to be able to be resilient to a network failure on one endpoint, but still the rest of the infrastructure must still work and just catch up whenever the service brings it back up. So while I understand that many have problem or thing that's the way the bus works, it might not be suitable for this kind of thing, I think we can do it, and which means that if we have actually live events thrown for every single tiny thing that happens in Debian, for instance, package upload, or FTP master reject, or git commit, or wiki edit, or whatever, if every time we have an event that's thrown on the bus, you can actually develop a new service quite easily with an API that's pretty much every time the same. So, and like, for instance, the PTS wouldn't be lagging behind every time you upload a package, which can be sometimes a bit annoying. I'm sure I'm not the only one who thinks that. So see, that's, in theory, it could work quite well and it could, it could benefit all of us for easy service development and real-time communication, well, for machines, not for us, that would be another GSOC project. So, yeah, I wish I could actually show you, well, either the code or the bus, the JSON messages, but yeah, certainly that's not possible. I think maybe on the fedmessage.com website, which is shown here, they might have some examples, but, well, yeah, anyway, and this, I think this bus could be a really great thing for Debian for our infrastructure, assuming we managed to make it reliable, which means a real queuing, which they don't have for now, and also signing cryptographically, signing the messages, which they do using X509, what, time's up, okay, so, if you want more info, just ping me. Time's up. Right, now we have Helmut Krone, who is going to introduce and possibly demonstrate ddapp.debian.net. Okay, I'd like to share my little yak shaving experience. It started out with my disk being full. Well, then you maybe have the old idea using hard links to reduce the space on the disk used. Well, there's a tool to do that. Yeah, we know that maybe. Just maybe this also works for slash user. Yeah, true, but maybe do it upstream, and doing things upstream means like, no, don't do this yourself, do a web service, and classify it as QA, and then let all the other people do it, which means you, okay? So what is this doing? I'm currently processing the main archive, sit main, MD64, I extract data, metadata from the packages to display, this is boring, now to the interesting things. For each regular file in the package, I collect the file name, the size, and then for each of the files, I compute a cryptographic checksum, and in addition to just the checksum, I also do other checksums such as first decompressing the file, and then hashing the decompressed content, because we have these funny timestamps in Gzip files, and they make it different all the time, so now we can de-deplicate across compressed content. Later on I discovered, wait, there's a similar issue with PNGs, they compress differently, so let's just hash the contents. And when we're doing images anyway, let's also try GIF images. Currently it does only the first frame, so it has some false positives over there. So, capturing all this stuff in the database gives it big database, but querying it in a useful way is not that good, so I do pre-computation of the actual results in a sharing table which is indexed by two packages each. So, whenever we have a single package, it has a sharing with itself, and all files but one are considered duplicate. If there are two packages, all files from the one package that appear in the other package are considered duplicate, including all the copies. So, differently compressed PNG files are considered equal, like images and GZIP files, and we can even do across different hash functions, like finding a compressed copy of GPL3 which matches an uncompressed copy of GPL3. Yeah, and we can detect some issues like broken GZIP files or PNG files which are not named PNG. So, now we need to look at how this looks like in practice. I hope this works out, live demo. This is a typical site. It tells you about metadata, and it tells you that this particular package shares 10 megabytes of data which amounts to about 20% of its size. It should just use a single heart link instead and avoid that crap. Now, can I go back? Then we have regular embedding, like in Calibra, which embeds the Python ODF package. As we see here, these are the files on the Calibra package, and here we see the files of the ODF package, and obviously it shouldn't be doing that. So, this can help the security team in reducing embedded copies as well. Then we have the nice case of, how many packages do you include the GPL3 by hash? Yeah, you'll see, the list goes down over there. And then we have files that are claimed to have the GZIP extension, but are actually empty in this case. Yeah, that's not useful at all. This is not intended to be, there was not the original attention, but it fell off like nothing to do. So, yes, the database is over two gigabytes. 40K packages in all the stats, you see it. Importing takes a bit of time. I'll need to move to different infrastructure at some point, and now I need questions. Maybe afterwards I'll stay over here. I need input on what other hashes are needed and like that. Now we have Thomas Koch telling us how to organize our live with org mode. Almost ready. Can you hear me? Yes, that's fine, thank you. So, I should also turn on the light. Time's running. Oh, thank you. Now just need to find A-Rent Air somewhere. Oh, A-Rent Air gives me a trace back. It's written in Python. Shit. Does somebody know to do it on the command line with A-Rent Air? Okay, I give up, thanks. Okay, last of the regularly scheduled lightning talks is Daniel Brendle doing the Scarped Web Management System. Thank you. Hello, Debcons. I'm sure it will work. Always use VDF to do lightning talks. And then all of them you want to hear. Yeah, and I have a screen. Hello, today I will present you the Scarped Web Management System, which is a system to manage websites. On the contrary to CMS, CMS only knows the website it manages. And it only knows the website it manages and only the website itself. My system is able to know the network infrastructure which the web servers are running on. So this basically simplifies the process of setting up new websites significantly. So I'll take the risk, do a live demo and I hope you enjoy it. So this is the login screen of the Scarped Web Management System and I'm just going to log into my profile. Right here I have three servers up there and I want to install a new website on 1040.012 and I'll show you my web browser in which you can see that there is nothing that reacts to the HTTP calls on that server. I reload a few times, there's nothing in there. So now I simply go there and say create instance, give it a name, for example, Debcons and tell it to listen on every IP the server has and then port 80, which is pretty obvious. And let the magic happen. So what's basically happening here is that the web server and the instances get installed right now on the server. We're done. So now I can switch back to the web browser and see if I reload. Oh, there's something there that responds. Now I want to have some content, of course. The first thing I want to do is to give the website a face. We do this by installing a template. I can simply do this by double clicking. It's being drawn from a repository. Now it's installed, I switch back and see. There's a template, there's a layout installed. Now I want to add some content. Basically in Scarft functionality like content, blocks of content like basically a discussion forum or a chat or something is done via modules. They're simply there to accumulate functionality information and code. I install it by dragging and dropping also from the repository. There it is. I create a widget and there I can enter some text like hello world. So now I save it. Oh, okay, we will see that. Now I have to do one more thing and tell Scarft where to display this content. Save it, return to the web browser, reload. And see, we've got a hello world website made with Scarft. I've been developing this project for about two years now. I am developing together since about a half year with Andrew Kupika who is at the university at Munich. And I hope you enjoyed it. This program is licensed under AGPL version three written in Python. And I hope somebody gets interested in this project and maybe someone could use it. I placed some stickers here. If you want, you can take some stickers with you. Be sure to check out our website which is their Scarft.org. And as you can read, we plan to release an early feature in 2013. Thank you guys. We're going to let Thomas try again. Might as well. In the meantime, the musical interlude. Do, do, do, do, do, do, do, do, do. Once more onto the breach. There we go. So, Gnome did detect my displays. I give them both 800, 600, mirror displays, apply. It's actually a bug in A-Rent Air that I already reported. Hey, thank you. So, no problem, should be no problem. Okay, it's e-max after all. So, I'll start now to keep a journal of what I'm doing. This is already part of orc mode giving lightning talk. And it already gives a link to where I've been before. So, this is called capturing when quickly something interrupts me. I can quickly enter a note. This time, I want to capture what I'm doing. So, I start the clock. It's running in the mode line. You might not see it. So, and this has gone away. And now, I'll give my talk with an extension of orc mode. I started, hopefully give it five minutes. So, the idea of orc mode is invented by a researcher and he wanted to have all the information related to his research in plain text files. The setup of the experiment, all the data, all the calculation, all the algorithms or source code and the planning, the organization of the research, including to-do items, calendaring, scheduling. And this is a subset of orc mode's structural markup. So, I have headlines with stars. I have lists with dashes. I have links and links are just these things. Now, I made a link out of it. Next slide. I can edit tables in orc mode. So, I can give it more lines. I can delete lines. I can move columns around. And the last line here is a formula. And when I change something in the table, let's say I enter another value here. So, it recalculates the table. I can export my orc mode document in other formats like HTML. I select HTML over here with B. And I have an HTML document. I can export it to Latex. This takes a little bit longer. And I can export it to Open Document Text. Here it, we are. And DocBook, iCalendar, and some other tools I have not used. And this export framework has been rewritten for orc mode eight. It is even more powerful now. I use orc mode seven. I can use the table editing facility in other modes. So, for example, I can use it in a Latex file. And here I have my table in orc mode format. And I export it to Latex and have automatically a table in this ugly Latex format that nobody really wants to edit. I can organize my to-do items with orc mode. So, I have a to-do item here. It has a deadline. It is scheduled for date. And I get a list of all the to-do items that I currently have. In some other files, I can jump to the definition of the to-do item. Now, I must find my presentation back. Okay, here we are. I can give text to headlines. You see the slide over there. That's a text. I can add more text or edit the text. Can filter to-do items by text. I can attach files to to-do items, select any file, and it's over here. Thank you. Can I have some? Okay, I've had a couple more requests for people to do very quick ad hoc ones. Time depending. I will try and get them all in. First up is Richie. It'll be a very quick one, but I figured why not if we have the time. Basically, there's a little new project. It's called Metamonger. It's used to store metadata about files in a plain text file, which is designed to basically synchronize your metadata, be it mtime, be it access, user access rights or whatever, between different systems by means of Git. It's designed to be merge-friendly and designed to break if you introduce incompatible changes. So, yeah. Anyway, current version is able to store any and everything which stat can spew out. And there's a branch which can restore. And if anybody's interested, poke me in the RSC and that's it. Okay, that actually wins the prize for the fastest one so far. I think that was 45 seconds. Ashish, would you like to come up? Those of you who know me know I'm not going to win that prize. Hello, computer. Yeah, I guess I don't need that actually. Guess I'll just do that. Hi, everyone. Guess I'll grab this mic. I probably have like four minutes. Natty, can you give me like four, three as the minutes tick by? Great. So, hi, I'm Ashish. I work on this project called Open Hatch. I feel like I mentioned it periodically but rarely explain it. So, I'll first say that this is our logo, named Sufian. And he is a baby penguin. He's called Sufian because of his file name in the repository. There's a story about that that I'll share when I have a bit more time. But one thing you might not know about Open Hatch is we have beautiful t-shirts which summarize what we are, which is Free Software's welcoming committee. So, I'll explain a bit about what that means. The project started out with me and a few other friends wanting to start a company to revolutionize something about getting developers jobs based on their free software experience and connect users with free software. And anyway, really what I wanted to do was to help people find ways to contribute to free software. So, the first thing we wrote was this tool to let you browse bite-sized bugs in a variety of free software projects and this works is still on the site now. You can import from a wide variety of bug trackers. We call it the Volunteer Opportunity Finder. And over time we evolved, we failed to make millions of dollars and actually we're now a non-profit. This is a screenshot of one of the more recent additions to the site, the training missions. These are interactive teaching tutorials for Subversion, TAR, Git and different patch. So, if somebody shows up to your project and it's like, I know C++ and I want to submit a patch but I don't know anything about version control, you can either say, or you can say, go read some man pages which is basically equivalent or you can have them use these interactive tools to step through how to learn these things in a plot-driven way. So, with the training missions you click through a few things as a user and we give you a plot to work through where through doing the plot you learn how to use, for example, Subversion. So, to be more concrete in the Subversion example you show up and we say, you are an agent for Mr. Good trying to subvert the work of Mr. Bad. What you're going to do is submit a patch to his project, get his trust, get commit access and then modify his other files. And so, as you do that, the system validates, makes a special Subversion repository just for you, validates your diff and then grants you commit access when you get that far. So, that's not part of the project. So, as we were doing this, I realized that teaching people online wasn't as much fun as teaching people in person. So, about three years ago I started running these how to get involved in free software workshops called Open Source Comes to Campus and we're doing a lot more of that recently over the past year. This is a photo from one of the first ones of those and we do have a focus on gender diversity, gender diversity in these events. So, we try to organize them where possible with women in CS groups. I'm sure that if you guys want to help organize one of these wherever you live, we would love to help you do that. And I noticed that after running the first Open Source Comes to Campus event, we had a really great set of lectures. We asked students to work on a wide variety of bugs and then we sort of ran away, didn't talk to them anymore and I had no real idea if they were still active in their free software projects that they wanted to contribute to. So, I took a page out of a different, I basically thought, let me try to clone something that does have follow through builds into it. And so I took this gender diversity outreach workshop in San Francisco called Railsbridge back when I was living in Boston, cloned it into the Boston Python workshop for women and their friends and learned a lot about event organizing through that. That event is still going on even though I live in San Francisco. This is BostonPythonWorkshop.com explaining that event. And if you want to get in touch with us, the best way to do that is to join the Hash Open Hatch IRC channel on FreeNode. There's also a bunch of great mailing lists and we have a lovely monthly newsletter and a gorgeous blog with lots of photos. But most importantly, you can get your very own Sufjan sticker that says Open Hatch, put it on your laptop if you find me after the lightning talks. Thanks. I have, no I'm just asking. Is it okay to go very slightly over? Okay, next is Tinho. Hello. I didn't know if I was going to be able to do the lightning talk so it's not really well prepared, but it's just, I wanted to tell you a bit about this, my story, that I think might be good for some people because I'm feeling really happy about what I'm doing and so many people have been telling me, oh, that's awesome, I would like to do the same. And I think people just don't dare. And I think it's easier. So I just want to tell you a big thing. I have a few things about this. I have said that a lot of our people in our community is very talented, but many of these people don't get the jobs that they would like to have because they feel they're not good enough, they're not good at bargaining and whatnot. Also, our skills are generally in high demand, which is a huge privilege for us. And what happens, I think, is that companies take advantage of the low confidence that many people have to counter this effect, so to keep wages lower and don't give so many privileges that you could have. So my story is that I've been infected with wanderlust for a few years and I've been traveling more and more and cannot get enough time to travel. I have good jobs, even if I was not a good bargainer or whatnot, never had enough time to travel. I've been pushing my employers for more and more time, always finding a loophole and whatnot. But at some point I had to surrender these privileges and go pursue other goals. And they are working at Google, which is a great job, especially for what I do, and getting more money than what I needed. That is true. But in the end, not having enough time to travel. They give me five weeks of holidays, but I want more. So at some point I thought, there's many companies that need what I do and what we do. And there's not enough people to do this. And not always they need a person nine to five. Many companies will only need you for a couple of hours a week or so, and they're willing to pay good money for that. So I decided I can send my conditions. This might work out. So what I did was two months and a half ago I quit my job at Google and, well, we had a customer. I've been talking with some other post-adventure customers. And I had decided I will do this and will not take very tempting offers. So I said, no, I'm going to work only on projects only for certain hours on my schedule from wherever I am to ask me to go to an office at least some time to time. And I can charge more because it's freelancing, so I can work less hours. So that means I only need to work when I feel like working, like instead of spending the whole day in an office procrastinating like we all do. So far this is working. I've been working hard for some weeks and this week I didn't work because I didn't need to. Next, in the two months I will be moving country again. I just moved countries two weeks ago and I will be living in Argentina for three months and then I will come back to Europe and I don't know where I'm going to be next year. But I think it's pretty cool and I think it's a good example of what you can do with our really privileged position if you want to. So don't be afraid and take control of your work life. That's it. It's Joey. So this is a solution to the no projector problem. I have here a Git repository in CollabMaint called DevConf Share. And if you clone this repository and install Git NX and put some pictures or GPS traces or whatever interesting files you have from DevConf in there that maybe you don't have another place to share them, then you can easily follow the readme to sync them up. They go to Alioff and then they go to a server which is currently being set up as I speak and they can be installed by, they can be downloaded again by anyone. You can branch, you can make your own branches in this repository, reorganize the files however you like. And that way you can say oh, we've did this thing, I'm going to put all the little pieces together and here it is, is one thing that is saved that we can keep. And after a while these things will get uploaded to archive.org or someplace like that and stored for posterity, these are public files. So that's really all I want to say. I think we kind of have been kept to all of our DevConf things from the past. And maybe we should start doing that and maybe this is a good way to do it. We'll see. Thanks. Okay. DevConf share, he says. Right, I think, the speakers are available for questions afterwards when you've all gone. Right, I do believe that's everybody. Thank you for coming. Thank you for letting me do my one-stint of hosting and see you next time.