Thursday, August 31, 2017

Kubuntu Artful beta 1 milestone released today

I'm happy to announce that Kubuntu Artful beta 1 milestone released today, having passed all the mandatory testing, thanks to lots of testers! Thanks so much to each of you.

If possible, we'll also be participating in Beta 2 with the next round of KDE bug-fix releases for the last testing milestone before release of Kubuntu 17.10 on 19 October 2017.

Release notes: https://wiki.ubuntu.com/ArtfulAardvark/Beta1/Kubuntu

If you would like to help us seed the torrents, go to http://torrent.ubuntu.com:6969/. To quickly find all the betas: control f and type beta.

Join us in freenode IRC: #kubuntu-devel with praise, help, or bug reports.

Saturday, August 19, 2017

Why YOU care about accessibility, and can help!

Accessibility (a11y for short) seems like a niche area of concern for many people. I was thinking about this recently on a hot morning in Spain, walking to the bus station with my wheeled luggage. The sidewalks are thoughtfully cut out for wheelchairs -- and those with luggage! and the kids riding skateboards, and...... the rest of us.

When websites and program output can be parsed by a screen-reader, it is great for blind folks. It is also great for the busy person working and listening, and even for the reader who doesn't have to ignore popup menus and other distractions. In other words, all of us.

There are many more examples, but my point is -- a11y helps everyone. So please - everyone - help KDE focus on accessible software at Randa! Fundraiser is ongoing! Don't pass it by because you think this is niche. Accessible software is better for all.

Stop by https://www.kde.org/fundraisers/randameetings2017/ and give generously, or read more about it first: Randa Meetings 2017: It's All About Accessibility.

Tuesday, August 15, 2017

Repugnant

I grew up in a right-wing, Republican family. As I grew to adulthood and read about the proud history of the Republican party, beginning with Lincoln, I embraced that party, even as racism began to be embraced as a political strategy during Nixon's campaign for president. I overlooked that part, because I didn't want to see it. Besides, the Democrats were the party of racists.

However, as I heard about the crimes that President Nixon seemed to be excusing, and that people around me also seemed to excuse, I began to think long and hard about party versus principle. Within a few years, I left that party, especially as I saw the Democrats, so long the party steeped in racism, begin to attempt to repair that damage done to the country. It took me many years to admit that I had changed parties, because my beliefs have not changed that much. I just see things more clearly now, after reading a lot more history.

Today I've seen a Republican president embrace racism, support of the Confederacy, and support racists, neo-Nazis, white nationalists, and the Ku Klux Klan party -- a party his father supported in Queens, New York. Fred Trump was arrested for marching publicly in full regalia, masked, hooded and robed. I've seen no report that he was convicted, although there are pictures of the march and the arrest report in the local newspaper.

Make no mistake about it; today's statement was deliberate. Trump's entry into the political fray was as a leader of the so-called birthers, questioning Barack Obama's citizenship. His announcement of candidacy was a full-throated anti-immigrant stance, which he never moderated and has not changed.

Yes, previous American presidents have been racist, some of them proudly so. But since the Civil War we have not seen -- until today -- a president of the United States throw his political lot in with white nationalists and neo-Nazis. Good people voted for this man, hoping that he would shake things up in Washington. Good people cannot stand by statements such as Trump made today.

It is time for the Congress to censure this President. The statements made today are morally bankrupt, and are intolerable. Good people do not march with neo-Nazis, and good people cannot let statements such as those made today, stand.

Friday, August 11, 2017

Akademy; at 20, KDE reaches out

Some of the talks, initiatives, conversations, and workshops that inspired me at Akademy. Thanks so much for the e.V. for sponsoring me.

A. Wikidata  - We have some work to do to get our data automatically uploaded into Wikidata. However, doing so will help us keep our Wikipedia pages up-to-date.

B. Looking for Love, Paul Brown's talk and workshop about Increasing your audience's appreciation for your project. Many of the top Google results for our pages don't address what people are looking for:
  1. What can your project do for me? 
  2. What does your application or library do?
Paul highlighted one good example: https://krita.org/. That crucial information is above the fold, with no scrolling. Attractive, and exactly the approach we should be taking in all our public-facing pages.

My offer to all projects: I will help with the text on any of your pages. This is a serious offer! Just ask in IRC or send an email to valorie at kde dot org for editing.

C. The Enterprise list for people with large KDE deployments, an under-used resource for those supporting our users in huge numbers, in schools, governments and companies. If you know of anyone doing this job who is not on the list, hand along the link to them.

D. Goalposts for KDE - I was not at this "Luminaries" Kabal Proposals BoF, but I read the notes. I'll be happy to see this idea develop on the Community list.

E. UserBase revival -- This effort is timely! and brings the list of things I'm excited about full circle. For many teams, UserBase pages are their website. We need to clean up and polish UserBase! Join us in #kde-wiki in IRC or the Telegram channel and https://userbase.kde.org/Wiki_Team_Page where we'll actually be tracking and doing the work. I'm so thankful that Claus is taking the leadership on this.

If you are a project leader and want help buffing your UserBase pages, we can help!


In addition to all of the above ideas, there is still another idea floating around that needs more development. Each of our application sites, at least, should have a quality metric box, listing things like code testing, translation/internationalization percentage, number of contributors, and maybe more. These should be picked up automatically, not generated by hand. No other major projects seem to have this, so we should lead. When people are looking for what applications they want to run on their computers, they should choose by more than color or other incidentals. We work so much on quality -- we should lead with it. There were many informal discussions about this but no concrete proposals yet.

Saturday, August 5, 2017

Keysigning!

There are a couple of reasons to create a network of trust, using gpg keys. If you are a software developer and want to sign your commits, and on a larger stage, sign software releases, you need a key pair. On a distribution level, ISOs are signed as well. In Ubuntu, a GPG key is required to sign the Code of Conduct.

On a personal level, emails and other communications and files can be signed and/or encrypted. In this era of wide-spread spoofed emails and more and more efforts to snoop into our every move, gpg is a tool we can use to prove our identity and be able to rely on gpg-signed emails.

I attended a keysigning at Akademy, which involved a few steps. First, generating a key pair. This is amazingly easy: gpg --gen-key . Various options are discussed here, among other places: http://www.cryptnet.net/fdp/crypto/keysigning_party/en/keysigning_party.html#keypair_generation. This site and many others describes how to immediately create a revocation certificate, just in case. This is not difficult either. Finally, send your key pair to a keyserver, and your fingerprint to the person running the keysigning event, or print out the fingerprint yourself.

At the keysigning, you will check to see that your own fingerprint is correct as provided by the host, and that each person at the event has valid identification proving they are who they say they are.

The final step to creating your web of trust is signing those keys. Some people have an additional step before signing and uploading; that of sending an encrypted email to each person to establish that both keys work. Since I created my key pair using my gmail address, I was having some difficulty with decrypting some of those emails using "mailvelope", a gmail addon. Bhushan Shah told me that I can download the raw encrypted email and then decrypt that file by gpg --decrypt filename.txt . Excellent!

gpg --encrypt filename.txt recipientkeyID works as well.

Now I've found and am trying out GooPG which is interesting, and seems to work. Nothing seems to be able to read the email I got from Launchpad to verify my uploaded key, however. :(  The actual code block throws a CRC error.

To sum up: be a geek, do some key signing, and sign your emails! And when needed, encrypt them.

PS: Martin Bednar asked where to find the Google extension. None of my browsers let me answer comments (or even make comments) directly, so here is the link: https://chrome.google.com/webstore/detail/goopg/ifpoaednafmgolabhpjmbimllaoidelg