How to be a lazy but successful Google SoC mentor

Each year, Google is sponsoring a Summer of Code (SoC). During three months, Google pay students to work on various opensource projects. Each student should be followed by a « mentor » from the original project but the mentor is not paid, he receives a tshirt.

Google SoC

3 years ago, I was a SoC student and developed the now abandoned Conseil but I learned a lot from that experience.

This year, one of the GNOME SoC projects was related to Getting Things GNOME!, the software I started with Bertrand. The project was to add the concept of geolocalization to your tasks list so you would be able to see where you can do tasks. The candidate, Paulo Cabido, seemed bright and skilled. I was the mentor. Strange to be on the other side of the fence.

Getting Things Gnome! 0.1 – « Just 5 minutes more »

GTG icon Bertrand and I are very proud to announce you the first release of Getting Thing Gnome!, a personal organizer and todo list manager for the GNOME desktop.

GTG allows you to add and edit tasks with nearly no fields at all. It support subtasks and tags that you can use the way you want. It aims for flexibility. Getting Things Gnome! goal is to adapt itself to your workflow, not the opposite. GTG also brings the concept of « workview », a display of tasks that can be done right now, right here.

The signals and threads flying circus

Disclaimer : if you don’t program in python and don’t know what a thread is, you probably want to skip this post as this is highly technically geekish loghorea which is not funny or even understandable in a remotely perverse way. Knowing some Flying Circus episodes might also help.

Say that you have two thread in your python application. One is « TV_speaker » and the other is « knight ». Those two threads live in parallel their own live and all is good. But sometimes you want the « TV_speaker » to stop. In order to do that, you will ask the knight to throw a chicken at him. And the first thing that comes to mind is using a « signal ».

You cant to call knight.send(« chicken ») and that, on the other side, tv_speaker.connect(« chicken ») handles things correctly.

Problem : using google, you find that, since 2.6, the python documentation is barely readable and unusable.

Hopefully, you find your way back to the good old and well organized 2.5 documentation only to discover that those signals are UNIX signals and have nothing in common with signals you can use in a GTK application.

Worse : those signals don’t work with threads !

You seat down, cry and wait that a giant foot quickly stops your pain.

Monty Foot

I’m not a virgin anymore/there’s always a first time

Heron I’ve been in the Free Software community for years now. I wrote countless documentation, articles, I translated a lot of stuffs, I did a lot of beta testing/bug reporting/bug triaging, including for a secret project called « no-name-yet », wich later became… Ubuntu. Sometimes, I wrote a quick trivial patch or I play with the code of something. But now that you ask, I must admit that there’s no non-trivial code I wrote in Ubuntu. I’ve no problem with that : a lot of developpers are so bright and talented that I can’t really compete. I contribute with my own weaponry : promoting, writing books, doing conferences.

Anyway, better late than never. I’m proud to say that Hardy Heron will include an obscure but non-trival patch from me : you will be able to stop the background music in gweled (bug #90499). The five people in the world that play Gweled know that it’s a huge improvement !

Le gilet de sauvetage et le TGV

Mandarine,quel rapport avec l'article ?Parmi les longues traditions de la sécurité informatique, on trouve la tristement célèbre obligation de changer son mot de passe toutes les 4 ou 6 semaines.

Cependant, comme beaucoup de traditions, lorsqu’on les applique sans en saisir réellement le sens, on finit par les rendre inutiles voire nocives !

A ce sujet, Bruce Schneier, « Monsieur sécurité informatique », recommande l’excellent article du docteur Gene Spafford, professeur à l’université de Purdue, Indiana.

Changer de mot de passe régulièrement est extrêmement envahissant, ennuyeux et perturbant. Si votre accès à Internet dépend de ce mot de passe, cela peut même relever du parcours du combattant sous des systèmes comme MS Windows où chaque application possède sa propre configuration et nécessite elle aussi de changer le mot de passe bien caché dans les préférences (ennui qui est nettement moindre pour les heureux utilisateurs de systèmes mieux conçus où toutes les applications coopèrent autant que possible). Il en résulte donc du stress, de la perte de temps et de productivité, parfois des appels au helpdesk simplement car l’utilisateur a oublié de changer son mot de passe.

Dilbert password

Il ne faut pas non plus sous estimer l’impact psychologique qui amène les utilisateurs à craindre le tant redouté « jour du changement de mot de passe », à développer une aversion grandissante pour l’outil informatique et tout ce qui tourne autour. Beaucoup pensent qu’un utilisateur sans problème implique un utilisateur heureux. Au contraire, je défend qu’un utilisateur sans problème doit être tout d’abord un utilisateur heureux. Le changement imposé de mot de passe est perçu comme une mesure inique qui va à cet encontre.

On pensera donc que cette mesure rébarbative, pour être si répandue, doit être amplement justifiée et indispensable. Cela reste à voir…

The Invisible Captcha Mechanism (ICM) against Form Spam

Today’s web suffers of a terrible plague of spam. Each form is a way for spammers to send their content : blog comments, forums, wiki, … I call this « Form Spam ».

To fight this, most of webmasters out there use a « captcha » : a picture with text inside that people must copy. It’s annoying, it’s boring, it’s hard to read (see some examples) and it’s the worst thing ever for people with bad sight. Worst of all : some robots can now read them !

For almost a year now, I’ve been using a hand-made solution called « Invisible Captha Mechanism » that works perfectly : I have approximately one spam/month in my comments. (I had more than 200/day before ! I also solved completely the trackbacks spam problem) No captcha, no known false positive, no annoyance and easy to implement. For me, it was perfect but I was just to lazy to document it for you before today (and you know how much I like to fight spam).