We imported all existing developers into the system, and all developers from the past too. Your username is identical to your subversion username. Your don’t have a password yet, but by using the obvious option on the welcome screen you can reset it and get access.

After the login you will be greeted with your profile. You can fill in all your details as you like. During the import we have set your Name and email address and the ssh public keys you use for svn access currently.

Important to know is what will become available to whom. We will not show all the profile data to everyone. We will use the grouping feature of the identity.kde.org-system. Basically we now the following groups: users, developers, former-developers, ev-members and sysadmins. users will never see anything. developers will probably see the usernames, names and email info of other developers, and ev-members will see what developers see, but also some more contact info about fellow ev-members. Or if someone decides otherwise, that’s fine too, we’re just executers trying to work with sane defaults for that matter.

This system will replace the famous accounts file in the future. We will of course provide something downloadable in the future for that. And hopefully it will replace the database we once used for ev-members, but this last bit is not sure yet, as the system is still being evaluated for this purpose.

This screen allowes your change your ssh-keys. This part is the primary use case for this system at this moment in time. While importing we have imported your keys already, and from now on you can manage your own ssh keys. You no longer need the system team to control which keys you will have access to svn. You can delete keys, and upload new additional keys, whatever you like, as often as you like and whenever it suits you.

Currently we are working on getting the scripts working which deal with all the key changes, so currently you can test this as much as you like without it having consequences. Just make sure that when you are ready with testing, you have the right set of keys uploaded. Starting from this weekend the scripts will be activated and the keys on identity.kde.org will be leading.

The future of the system is that we will soon open identity.kde.org for new users. After registration they will belong to the group ‘Users’. On this level, your username and password for identity.kde.org will also provide you immediate access to the new reviewboard and redmine system we will soon launch.

As a user you can request an upgrade to de developer status. This is done with a similar form as which we have used for the last couple of years. After the sysadmin has processed the request, the user is upgraded to developer, and from that moment on the user has push access to the repositories.

Both git.kde.org and svn.kde.org will allow commits / pushes from developers, both systems verify against the keys that are available in identity.kde.org. There is no difference between developers for git and developers for svn. If you can commit to svn you can also push to git.kde.org.

In the future we can use the data from identity.kde.org for a gazillion new purposes. Not only will your username and password from identity.kde.org give you access to a few new sites, but also you can think of more fun things. For example we can use it to power planetkde, instead of the config file, you can manage your rss feed from identity.kde.org. Or @kde.org email address holders can change the forward address behind the kde.org address. Or we can manage registrations for akademy this way. We’ve explcitely choosen identity.kde.org (which is powered by GOsa), because of the ability to create such features in a limited amount of time.

I’ve talked way to much for an introduction. You can now jump to the identity.kde.org-site, read the interview with Ben Cooksley, the sysadmin that deserves most of the credits for the setup of this system. You can also follow our progress in the launch of the git.kde.org infrastructure in our schedule. As usual you can file bugs for identity.kde.org at our bug tracker.

Feel free to Flattr this post at www.omat.nl, if you like it.

Next week we are going to import all developers to our new gosa based system ( we will call it identity.kde.org probably ). This system will be used for managing your ssh-keys you are using for svn and git. You can add additional ones, remove compromised ones and do whatever you like to them. You can get access to the system by using the password recovery function of the system. This means your e-mailaddress should be up-to-date. Please make sure that the correct one is currently listed in the accounts file. View it here.

In preparation to the conversion, this file will be made read-only next week. After the conversion the file will be automatically generated based on the gosa database. Consequence is that if your e-mail address is incorrect, you can not change it in the accounts file, and the password recovery function of gosa will not work, hence you will need to file a bugreport and wait for a sysadmin to solve it and verify your identity. You better prevent that and make sure your e-mail address is listed correctly.

Another item I’ld like to make you aware of is that due to this conversion, it will be a bit harder for us for a while to process new developer applications. That means that creating new svn and git accounts will be a bit more work for us. Although we will process them normally, we would like to ask to either postpone applications or do them this week. If you feel someone needs a svn account, ask them to do it in the next few days please!

One last bit from the sysadmin team: we fixed the account creation on kdedevelopers.org. We’ve updated the drupal cms to the latest version and it should be fine now. I’ve processed the back log, but if you have applied for an account and you’ve not yet received the activation confirmation, please let us know on the email address you got in the registration confirmation.

Feel free to Flattr this post at www.omat.nl, if you like it.

While I was interviewing, I was wondering where and how to publish them. In the past we used the behindkde.org domain, but that system and domain wasn’t really used anymore. Ingo Malchow decided that it was time to reinstate the domain and use a content management system for it. He did all the work, made a theme, converted some of the old interviews (that’s still work in progress) and setup the structure so we can use it again in the future.

I’m planning to publish interviews with current sysadmins, sysadmins that want to leave the team and some ‘behind the scenes’ admins – who knows who is behind the anonsvn mirrors? Every two weeks a new interview will appear, in total there will be around 6 of these ‘dedicated’ interviews, maybe a bit more. After that we hopefully have some more interviews coming from KDE Brazil.

I’ve very happy we can use behindkde.org in a more ‘platform’ way. I hope it will get used for more than only these interviews. The masters of the universe serie from gamaral is also listed, and we hope to extend it with other interviews, podcasts, vidcasts, icecasts and whatever has to do with the people around KDE. If you have stuff that should be listed there, contact me or Ingo, easiest is via IRC on #kde-www I guess.

The very first interview is with Ingo. Not only did he re-initiate the behindkde.org site, but he’s also part of the sysadmin team. Go over there and read all about him.

Feel free to Flattr this post at www.omat.nl, if you like it.

Say you want to donate 5 euro each month to projects you care about. Paypal could be used if they have a donate button, but that’s kind of an annoying system to use for this type of donations.

Flattr makes donating easy. When you see a Flattr button next to an article you like, you can press it. It counts as one ‘click’.At the end of the month your 5 euro will be divided by all articles or projects you gave a click to. If you clicked 5 times on such a button, each will get 1 euro. When say 20 different people did that, the author could receive a nice, flattering, amount of money.

You can add a Flattr-button next to the blogs you write, sites you have or projects you run. That way you have a nice and easy way to receive donation, where the barrier for the donation is as low as it will get.

I really like that system. I find it fun to browse through the top lists to see what others find flattering. Sometimes I see why and Flattr them too. If I do, it gets on my facebook page automagically, which is quite nice, as it shows which pages or blogs I like and other people can look at them too. The top lists showed me some new blogs I’ve started to follow.

It’s silly to think you will get rich with the system, I see it just for fun and a simple way to express gratitude to some people or projects. Although that does not have much to do with actually money I guess. For me, maybe it will cover some of the domains I’m currently privately paying or the tickets to the cinema now and then. I guess it will be the same for the recipients of my ‘clicks’. Anyways, join it, it is fun!

Feel free to Flattr this post at www.omat.nl, if you like it.

Those 67 are the contributors that have used their password based account this year, so we will not move forward without them. Please do not complain that we won’t make our deadlines!

Feel free to Flattr this post at www.omat.nl, if you like it.

According to the schedule, we will stop providing access to svn if you use a password based account on August 25th.

If you have not converted yet. Do it now. Though everyone affected should have received a personal invitation already. Don’t wait any longer, do it now! If you did not contact sysadmin now!

You might wonder how many accounts are affected. When we started with the first round of invitations two or three months ago, we sent out 1209 invitation to convert. This time we have sent 861 invitation. That means 350 contributors already converted [edit: or indicated the account can be deleted because it is no longer used]

Eike Hein did a further analysis of those 861 accounts that are not yet git-ready. He noted that only 92 accounts of those have been active this year, only 56 with more than 10 commits this year. That means we are on track with the conversion, and we are confident that those accounts will be converted in this round of invitations.

One of the reasons is that ssh only worked on port 22, some people are behind a firewall, and have only access to port 80 (http) and 443 (https). Starting from today we also offer svn via ssh on port 443. That means those account holders can convert too now.

Feel free to Flattr this post at www.omat.nl, if you like it.

Gosa
The Gosa system is a webinterface which makes it possible to maintain your personal data, like name and e-mail. A bit similar to the -soon deprecated- kde-common/accounts file. This system can also be used to maintain your personal ssh-keys that you want to use for repository access.

SSI
Gosa will also be used as base for a Single Sign In system. In the past few years we have launched several services that require a seperate login and password (techbase & friends, reviewboard, kde-developers, etc). We don’t want that in the future. The username and password that you use for Gosa, can also be used for reviewboard and other new services in the future.

Redmine
With the launch of git, we also want a per project landing page. A place where you can find all relevant information about a project, where you can browse the source code, find links to communitybase and tarballs, and where projects can also place news items. We have chosen Redmine for this task.

We have now reached a point that we have tested all the individual items and feel that it is time to let all those pieces of the puzzle fall together.

We have chosen to not go for a simulation of the big bang and launch everything at the same day, but have chosen for a step-by-step schedule with different milestones. In the end we are changing key infrastructure and we don’t want to make errors.

It also means that whenever we encounter a problem along the way, the schedule will be delayed. We will keep the page up to date as we go along.

At key moments we will also inform the kde-core-devel and kde-cvs-announce mailing lists.

You can find the schedule here! Have fun.

Feel free to Flattr this post at www.omat.nl, if you like it.

The first talk was about Evolution. They gave an overview of the last year which seemed to me like regular bug fixes and implementing some new features. They’ve rewritten some parts, and rewritten an IMAP library, called IMAPX. It supports IDLE, multiple connections and that kind of stuff. Which made me a bit depressed, because we have written something similar the past year or so too. With a simple mail we might have joined forces, maybe making something better than the two implementations we have now.

Anyhow chatted a bit with them about the past after the presentation and exchanged some business cards ( luckily i still had my Akonadi-cards, yay). I really hope we can do better – communication wise – in the future (from both sides).

Gnome Shell is basically a bit of window management, the interface around alt-tab and their activities interface. It looked nice and easy to use. Although we discovered quite a few inconsistencies in the new interface and some weird design decisions, like no good fallback for unsupported video cards and no connections at all with the gnome theming, Anyhow, I was impressed and think many of the gnome users will be happy with it.

The state of the union was a fun show, without much concrete content. It was just a pleasant break in the middle of the day and a very good laugh.

I’ve also been to some kind of a BOF like presentation where they were discussing the current state of the gnome. I managed to take a picture of a slide that says it all:

So, while KDE is just getting started with making a desktop, Gnome is Done :). Anyhow, the context is that he thinks a bit more should be invested in the Platform part of Gnome. He made some valid points about for example the fact that new developers are somewhat more attracted to develop for the mobile platform and it is hard to find devels for desktop, due the somewhat high entry level regarding setting up a devel system and learning the tools.

He wants to tackle that by working towards a simple SDK which can get new devels up and running quickly. That kind of opened up my eyes regarding the work that Aaron Seigo does for plasma. Probably with the somewhat same motivation. I should check it out.

Finally I went to a presentation from Jake Edge from lwn.net. Although a bit boring in regard of the presentation skills, he gave a nice, good and – in my eyes – complete overview of the things which you have to deal with regarding the promotion of your Open Source Project. Ranging from looking at what the minimal requirements for your website to how to write a press release which will have a good chance to get published. Maybe no surprising items, like they are all logical an we all know them, but still a good reminder about what I did wrong in the past and what some projects are still doing wrong.

Had a nice day there in Den Haag. Nice presentations and nice venue!

Feel free to Flattr this post at www.omat.nl, if you like it.

Just saw Unthinkable. It’s about three nuclear bombs hidden around the US and one brave guy trying to interrogate the one who planted them to discover the locations.

The idea of the movie is to get people thinking which interrogation methods are allowed to get the suspect to talk. How much can you folter torture this guy to get the locations. Someone probably watched 24 one series too much. This issue has been triggered by them already.. Would you sacrifice a life to save a million…

The comparison with 24 can be continued while comparing the actors. Samuel Jackson vs. Kiefer Sutherland. Both are good guys, but you don’t want to be interrogated by either of them. Samuel’s acting is great, but I can’t say that from some of the other people in the movie. But Samuel compensates a lot.

And that should then be the reason to go to see the movie. The plot is close to crap and predictable. I hate predictable plots. I always try to refrain from predicting, but I keep doing it. I won’t spoil the fun (as far as there might still be some), but in hindsight, when you know the end, some of the dialogs and remarks from some people are strange to say the least.

In any case, a simple, entertaining movie, like there are a gazillion. Too bad the creators did not make more of it and have chosen to make some sections of the movie way too predictable.

Feel free to Flattr this post at www.omat.nl, if you like it.

• SSH Key Management itself can be done in Gosa – but the backend to get it live with gitolite is still to be done (see current todo list below)
• Integration of Reviewboard with LDAP has been accomplished in a testing instance successfully. A script has also been written to sync data such as names and email addresses from LDAP into both Redmine and Reviewboard.
• Gosa has begun to be themed using the kde.org style, chihuahua. Ingo Malchow is brave enough to work on this part.
• Ben Cooksley has been working on making some additional forms for the initial account registration. Basically the new workflow will be like this:
  1. User can register, and can use their account immediately after verifying their email address.
  2. User immediately gets access to redmine and reviewboard and gosa with one and the same login credentials. This is called Single Sign In.
  3. User can change his own data in gosa, for example his ssh public keys. Add more keys or replace lost ones. (yay for no more sysadmin involvement for that)
  4. If the user wants push access to the git repositories (or SVN while it’s still around), he has to apply for that. This is similar to the current form; indicate a supporter and write a small justification.
  5. After evaluation and approval from the supporter, we add the user to the Developers group in gosa, and the user immediately gets push access.
     This grouping mechanism can be extended in the future, to have – for example – a good address book like system for eV-members, or to upgrade users to sysadmins.

The current todo list is basically:

• drive redmine project and reviewboard group creation from gitolite
• This will be used to allow any project to instantly begin to recieve reviews, without any further effort being needed.
• redmine and rb project namespace problems
  At the moment, both Redmine and Reviewboard have problems with projects using the same name, which when you have sub-projects to create a tree of projects, becomes problematic.
• A script to create GOsa accounts, insert SSH key(s) + mail address from the existing data
• Modification of Gitolite to read from LDAP for SSH keys
  By default Gitolite reads the allowed keys from the git admin repository, but we have decided to put the keys in an LDAP database, so there have to be a process to copy the keys to the right place. Currently we do it manually, but that’s not a solution we like :) We just discussed this with Sitaram Chamarty, the author of gitolite and came up with the following workflow:
  • When a user changes a key in gosa, automatically a script is called on the gitolite server so we know something has changed for that user.
  • A script extracts the keys from the LDAP database and updates a folder where all the keys are.
  • Once this is done the internal list of authorised keys will be updated, allowing the new SSH key to be used immediately by the developer.
    That means the keys wont need to go into the special git admin repository which is only accessible by sysadmins. Disadvantage is that this change has to be written by Sitaram with our assistance. So give Sitaram cookies when you see him.
  • Use gitolite for SVN authentication, tying SVN into the unified account system
  • Retire the old “Get an SVN account” web app (as Gosa takes its place)
  • Send out a final set of ‘convert to ssh keys or else your svn access will stop working’ invitations for svn users which use a password currently.
  • Move all the software bits to the right hardware, and give everything the final shake down.

  This blog is a bit on the technical side probably. The open todo’s unfortunately are rather technical, so that’s unavoidable. But it still gives you a good idea about the progress and the things we are currently facing.

  

  Feel free to Flattr this post at www.omat.nl, if you like it.

  

  ]]> http://www.omat.nl/2010/07/25/sysadmin-status-update/feed/ 3