Category Archives: Politics

First days at Red Hat

Red Hat Logo As I mentioned in my last post I left my previous employer after quite some years – since July 1st I work for Red Hat.

So, its one month since I joined Red Hat and it is been quite an experience so far. Keeping in mind where I come from – infrastructure focused, couple dozen people – Red Hat is something entirely different. They are huge. Like, *really* big. And that shows everywhere. Organization, processes, structure, reach, customers, employees, possibilities, etc. Also, these days Red Hat is much more than just Linux: other huge chunks of Red Hat are Middleware, there are several virtualization products, they are serious towards software defined storage, and they indeed have a very specific idea of what Cloud means and how to do that – and it’s all backed up by products which are again backed by pretty vivid community projects (with colorful names as Drools, Byteman and CapeDwarf).

All in all, it’s a lot to learn – and as usual I will use the blog to try to digest everything. Most likely this will focus on technologies I yet don’t even have a clue about – like the aforementioned drooling midgets. But I might also reiterate everything else I have to know in my own words to better learn it – subscription model, product variation, all the shiny stuff you print glossy papers about but have to explain anyway.

It might not be the most interesting for others – but vital for me. And I’m actually looking forward to learn, well, really a lot in a short time :)

Hello Red Hat

Red Hat Logo As I mentioned in my last post I left my previous employer after quite some years – since July 1st I work for Red Hat.

In my new position I will be a Solutions Architect – so basically a sales engineer, thus the one talking to the customers on a more technical level, providing details or proof of concepts where they need it.

Since its my first day I don’t really know how it will be – but I’m very much looking forward to it, it’s an amazing opportunity! =)

Good bye credativ

As you might know 7 years ago I joined a company called credativ. credativ was and is a German IT company specialized in Open Source support around Debian solutions.

And it was a great opportunity for me: having no business/enterprise experience whatsoever there was much to learn for me. Dealing with various enterprise and public customers, learning and executing project management, support sales as a technician/pre-sales and so on. Without credativ I wouldn’t be who I am today. So thanks, credativ, for 7 wonderful years!

However, everything must come to an end: over the recent time I realized that it’s time for me to try something different: to see what else I am capable of, to explore new and different opportunities for me and also to dive into more aspects of the ever growing open source ecosystem.

And thus I decided to look out for a new job. My future still is with Linux, and might not be that surprising for some readers – but more about that in another post.

Today, I’d just like to say thanks to credativ. Good bye, and all the best for the future! =)

Current distribution of WhatsApp alternatives [Update]

Android_robotMany people are discussing alternatives to WhatsApp right now. Here I just track how many installations the currently discussed, crypto-enabled alternatives have according to the app store.

WhatsApp was already bad before Facebook acquired it. But at least now people woke up and are considering secure alternatives. Yes, this move could have come earlier, but I do welcome the new opportunity: its the first time wide spread encryption actually has a chance in the consumer market. So for most of the people out there the question is more “which alternative should I use” instead of “should I use one”. Right now I do not have the faintest idea which alternative with crypto support will make the break through – but you could say I am well prepare.

Screenshot installed instant messengers
Screenshot installed instant messengers

Well – that’s obviously not a long term solution. Thus, to shed some light on the various alternatives and how they stand right now, here is a quick statistical overview:

Secure Instant Messengers, state updated 2014-03-11
Name WebPage/GooglePlay installed devices Ratings Google +1
ChatSecure Website / Google Play 100 000 – 500 000 1 626 2 620
Kontalk Website / Google Play 10 000 – 50 000 237 265
surespot Website / Google Play 50 000 – 100 000 531 632
Telegram Website / Google Play 10 000 000 – 50 000 000 273 089 97 641
Threema Website / Google Play 500 000 – 1 000 000 9 368 12 594
TextSecure Website / Google Play 100 000 – 500 000 2 478 2 589

The statistics are taken from Google’s Android Play Store. I would love to include iTunes statistics, but it seems they are not provided via the web page. If you know how to gather them please drop me a note and I’ll include them here.

These numbers just help to show how fat an application is spread – it does not say anything about the quality. For example Threema is not Open Source and thus not a real alternative. So, if you want to know more details about the various options, please read appropriate reviews like the one from MissingM.

Android 4.4 now *can* sync multiple calendars via ActiveSync

Android_robotWith the release of Android 4.4 called KitKat Google made some interesting changes to their ActiveSync implementation: the code is now set up to sync more than one calender, and the first KitKat user already confirmed that new feature.

In February I described in a blogpost why Android cannot sync multiple calendars via ActiveSync. The problem was that Google did not implement the necessary parts of the ActiveSync specification in Android.

However, that seems to have changed: if you look at the current ActiveSync implementation of Android 4.4 KitKat, the source code (tag 4.4rc1) does list support for multiple calendars – and also for multiple address books:

        MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_USER_CALENDAR, Mailbox.TYPE_CALENDAR);
        MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_USER_CONTACTS, Mailbox.TYPE_CONTACTS);

I had no chance yet to test that on my own, but there are reports that it is indeed working:

Today i flashed a Android 4.4 Rom on my smartphone. After adding the Exchange Profile all my Calendars are there […]
I’ve uploaded a screenshot here:
http://postimg.org/image/5d4u364ub/

Looks like Google actually listened to…erm, corporate users? At least to someone, though ;)

But: Since I have no first-hand-experience in this regard I would like to ask all of my nine readers out there if anyone has a stock KitKat running and if the could check this feature. Please test this and leave a report about your experiences in the comments. I will include it in the article.

By the way, the above mentioned source code snippet also tells quite exactly which other ActiveSync functions are not yet supported in Android:

        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_TASKS,  Mailbox.TYPE_TASKS);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_NOTES, Mailbox.TYPE_NONE);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_JOURNAL, Mailbox.TYPE_NONE);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_USER_TASKS, Mailbox.TYPE_TASKS);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_USER_JOURNAL, Mailbox.TYPE_NONE);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_USER_NOTES, Mailbox.TYPE_NONE);
        //MAILBOX_TYPE_MAP.put(Eas.MAILBOX_TYPE_UNKNOWN, Mailbox.TYPE_NONE);
        //MAILBOX_TYPE_MAP.put(MAILBOX_TYPE_RECIPIENT_INFORMATION_CACHE, Mailbox.TYPE_NONE);

I guess syncing tasks could come in handy in corporate environments. Combined with support for multiple task folders you could even design your own Kanban “board” that way.

Nevertheless I’d like to add that ActiveSync is no big deal for me anymore because I am very happy with a – albeit 3rd party and not yet Open Source – CalDav implementation, which can even sync multiple task folders.

#LotT, Learning On The Toilet – learning where you’ve got the time for

Simple Workflow diagramA couple of weeks ago I heard about Testing On The Toilet, and initiative at Google where people hung up information about software testing on toilets. I liked the idea, and adopted it for our own key topics.

Testing On The Toilet (#TotT) was launched in 2007 by Google employees working in the area of software testing. They hung up flyers on Google toilets with information about how to write good software tests. The idea behind the flyers: they contain short but meaningful and easy to remember information. Each flyer only covers one sheet of paper, so its not too much to read. So far they have published dozens of flyers.

I loved the idea immediately – almost everyone goes to the toilet, so your coverage is almost perfect. Besides, each person can still decide on him/her own if its worth a read or not.

Not surprisingly, I decided to take over the idea – however, while the company I work for is situated right in the middle of Open Source software, writing software tests is not our main concern: Our key aspects are system integration and consulting. Think of improving database installations and maintaining enterprise scale server landscapes here. So most of the #TotT fylers do not really apply to us. But there are other things which are interesting and worth distributing, even if I have to create my own flyers.

Thus the idea of “Learning On The Toilet” – #LotT – was born. I just had to find proper information. I discussed the idea with my fellow project managers of my group of regulars, and it was suggested for an initial start to search the internet for suitable “top ten” lists. The idea stuck, and I gathered various lists in the next days. There was a list with tips for Vim, a cheat sheet concerning Selinux, nine points how to improve your communication skills, and others. I shortened the lists to each fit on one page, printed the first, and hung it on our toilets. And waited nervously for the first reactions: I didn’t tell anyone about the idea previously, and wasn’t sure if the sheets of paper would survive the first day.

But: they did! People read them! The feedback was positive – or about how to hang them better in the toilet, or that for example the refrigerator in the kitchen would be a good place as well. Also, some people mentioned that they would like to have this or that topic. But that meant the idea was positively received! I hardly got any bad feedback! That was great relief, and for now I decided to keep hanging up stuff.

The only problem is that there are so many information out there which are worth a read, but often the material does not fit to #LotT: its either too much to read, or too few real worthy information. Also, I’d love to publish the #LotT issues in my blog, but the copyright of the lists usually does not allow that.

So: if you have any good ideas regarding system integration in the Open Source world, just drop a note in the comments, and I will be happy to publish it here.

Thoughts on crypted communication

network-63770_150Due to the recently published information about mass surveillance on a yet not known level right now the question remains how to encrypt communication. I had some thoughts regarding that topic involving a GPG like web of trust combined with user friendliness which I’d like to share here.

Given everything which was published so far, un-encrypted communication is not save at all. The same is unfortunately true for encryption methods which rely on encryption provided by the servers of some organization. If there is a centralized organization storing the keys for you, or just providing you with the encryption technology, you are screwed, because the intelligence agencies will force them to cooperate. For that reason, the encryption must take place on the end users system already (and the software must be Open Source).

However, if you have end-user encryption, you have the problem of the key exchange – if two people want to communicate securely, they need to exchange the keys or at least securely verify that a public key indeed belongs to their private key. That only works if they meet in person – or if there is a web of trust.

A common example of such a web of trust is the GPG web of trust: people who have properly verified that person A belongs to key M sign this key. If person B trusts person A, it can just use key M since it is already verified by person A. However, in case of GPG the web of trust never reached mainstream. It is mainly used by technical minded people. Most users never got used to it.

So, from what I can tell the only chance to establish a web of trust is to hide the technical details as much as possible from the users. The same is true for the actual key exchange – it needs to be as simple as possible so that each normal user can use it.

Given this background I would suggest the following solution at least for mobile phones. You download the app, and it asks the user for a password. In the background, a key pair is generated and secured with the password, and all data stored on the device are encrypted using the public key. If user A meets user B all they need to do is pressing a button in the app, and a QR code is shown. The other user scans that QR code, and its done. The user shows up in the contact list, and they can chat. In the background, the app extracts the key ID and fingerprint from the QR code, downloads the public key, signs it and uploads the signature automatically.

The biggest problem comes up when user C comes into play, wants to communicate with user A, but they both have no common connection in their web of trust. They would have to meet – or use some other way of exchanging the data securely. A simple way would still be to talk on the phone, but that never worked for GPG. So some kind of web service to host their QR code for a short time only would probably a solution, although it would be pretty risky.

To lower the danger of a man in the middle attack in the above given web example the key servers must only accept one key pair for each identity, which is different to the way GPG works. That would in fact mean that you can have each login only once – if you loose your key, your are screwed.

One question though remains: how many steps in the web of trust are still trustworthy? I guess that could be left as a configuration option if, and only if, a user wants to modify that.

To summarize: I guess that the current cryptography technologies we have could really help to establish secure communication. But to really bring that communication to the masses we need easy-to-use (read: your grandma!) applications doing everything in the background.