Summer in Greece! Is the weather too hot for you to code or contribute to your favorite FOSS project? Do you need some motivation and a refreshing swim? Come to our Summer Camp! The Greek openSUSE community is organizing its first openSUSE Summer Camp, in central Greece at Grand Platon Hotel at Olympiaki akti. This is is the beach of the city of Katerini. The doors will be open from the 15th to the 17th of July 2011, at the Heart of Summer!

Sounds awesome, I’ll book my tickets.

So, you’ll be there. What can you expect? Our goal is to bring FOSS communities closer and encourage people to contribute to their favorite projects. A lot of people, with little to a lot of experience can benefit from the workshops included in our program, during which we will work on things like translation, wiki usage, coding, packaging and much more, showing how to work inside a community and how to collaborate with others!

Hmmm. But I could go swimming…

There will be relaxing and swimming of course! But hey, we have a common passion, don’t we? We love what we do, we are having fun contributing to FOSS and we hate doing it alone in our rooms during Summer time. Besides coding, translating and all other ‘working stuff’ there will also be plenty of sun and beach, a large swimming pool and plenty of beers – all paid by you since we only sponsor the sun, the fun and all the other free stuff…

We are looking forward to seeing you at the openSUSE Summer Camp Greece!

Please use info@os-el.gr to contact the team organizing the event.

PS I’ll be there too, and I’ll do a Python/Django workshop. My brother will also do a workshop about Vim (everyday use plus for development). Both are going to be long and boring, the attendees are adviced to get into the sea instead.

Quick summary:

I’m writing a CMS for the Gentoo website, that will offer an LDAP web interface, plus it will replace Gorg and provide Beacon as WYSIWYG editor to edit the XML files.

The login system had to change though. Robin wanted mail logins instead of username logins. This needed a lot of changes, since in LDAP mail is a multi-valued attribute, and in Django is single-valued field. I created an all_mails field in user profile instead, that has all the mails, but the user has to verify about them first. In initial registration, the user’s mail is stored in a DB table, along with a 30char string, and a mail is sent to the user which contains the same string in the form of a URL. The system checks if those two match, and if they do, it removes the entry from that table and moves the mail to the user’s LDAP mail attribute (and in the all_mails field in the DB, if applicable). The same procedure is followed when the user wants to add a new email to his account, for which he has to verify before getting it in the list. Afterwards, the user can log in with any of those emails he has verified. For password recovery, the user fills in the mail he wants to use for that session.

The user profile is extendable, if other people want to use the LDAP frontend. For now there is a GentooProfile class that extends the UserProfile class, that has gentoo-specific fields based on the LDAP attributes Gentoo uses, plus the custom gentoo LDAP schema.

User settings are available, under accounts/$USER subURL. The system checks if the URL maps to the user currently logged in, or another user in the LDAP server, then checks if the user is in the DB, migrates it if not, and shows the fields according to the logged in user’s permissions. Edit settings is also available and works with the same logic.

I’ve also added a lot of docstrings there, and started messing around with sphinx.

The logging system is improved as well. The errors are printed in console if the project is run with Django’s runserver for development purposes, and in /var/log/messages (which is configurable, it can go to a dedicated dir easily) for production use.

More tests were written, and the ebuild is almost complete. I’ve set up an instance in one of my home servers, which will run tests automatically and notify me for failures.

There is an addressbook available, as a replacement to userinfo.xml we currently have. I’m going to play around with genmap as well to replace the developer map.

Since the LDAP work is done, with only bugfixes and small improvements needed here and there, I’ve started working on the front page. It will follow the steps of the one we currently have. It will be a syndication-like page, combining the info from planet/blogs, news items written by PR team, new packages etc. I also started working on the lxml scripts to parse our XML documentation, and next week I’ll plug in the design done in www-redesign repo, and improve it as possible.

PS. The report was delayed, because I’ve been offline pretty frequent due to multiple reasons. I had my last exams, which went good and I probably graduated (finally!), I had to be on another city without internet for some days, and finally, the frequent power cut in Greece (as part of the general strikes, riots and frustration of the economic crysis here) not only kept me offline, but also destroyed one of my drives in my desktop, and one of my home servers completely. I learned from that though, I follow their website for future power cuts.

This comes with a dealy, as I’ve been sick the past days. The LDAP related code is 90% done. It now has the following features:

•  Login to the system (report #1 explains in detail how login works). It previously was using only the basic info (real name, primary email), but now it is configurable to use more info, where the sysadmin is able to define in the config files. This was easy to do, by creating a second dictionary to map the django user profile fields with LDAP attributes.
• Signup. For this, an admin LDAP account is needed to be put in the config file. The admin account, contrary to other backends, is used only to create new users. Other LDAP implementations use that admin account for everything though. So, now the user declares username/password, the anon account searches if the user already exists (both the username and the email have to be unique), and if not, it creates the account, using the same dictionary to map django DB fields with LDAP attributes.
• User settings. There are some forms that allow the user to change his data. This is done by using his own account, and not by using the admin account to do that. A second password is being created for the session, since we didn’t want to cache the regular password. (again, report #1 has more info about it).
• Map LDAP ACL to Django groups. For that, a special multivalued attribute is used, in gentoo it is called gentooAccess, which contains some *.group entries that specify the user’s special permissions. This gives the abillity to a special team to touch other users’ data, eg infra. While the mapping is complete, the UI is not yet.

Other things that I did:

• I set up the service in one of my home servers, so that Matt can test it too. The LDAP used there is very minimalistic.
• I gave Robin some cfengine patches for both the webapp and the LDAP (which should be as much identical to the official as possible). They are not complete yet though. Once the webapp is up and running in vulture ( the soc.dev server) I’ll be able to test it in our official configuration.

What I’m going to do during the weekend:

• Improve documentation (docstrings) and fire up sphinx
• Improve logging system
• I started writing some tests for the backend, I’m going to finish it, and plus write tests for all the above as well.
• Create an ebuild to automate tests
• Finish the “touch other users’ data” UI

After that, the LDAP system will be finished, and let the tests show me bugs. Next week I’ll start working on the website part, beginning with the LXML parsing of our docs.

Time to sleep, it is 0640 already here, I didn’t even realize the sun is up.

The past week I’ve been experimenting with LDAP mostly. I set up a clone of ldap1.gentoo.org (with fake data of course) at my home server, and gave a Cfengine patch to Robin, pending for review, in order to have the testing LDAP service to vulture (the soc.dev box). I also set up my git repo, and split the settings.py file in many files, under a settings/ dir. This is how the transifex guys and my mentor Matt do it, and this approach allows us to put the config files even in /etc for example.

My major goal was to finish the LDAP backend part, either by using an existing library or writing it from scratch. Finally, after taking a look at many libraries and implementations, I wrote my own. More specifically, what the Django LDAP authentication backend does is to override the default Django DB authentication backend. When a user logs in, the backend checks if the user exists in the LDAP server. In order to do the search, the OpenLDAP server has to provide either an account to do that (an “anonymous” account with minimal privileges, just to do those kinds of ldap queries) or allow anonymous searches. In case the account is being used, it has to be declared in the settings file. I took it one step further from what the other backends did actually: in a common ldap configuration, all users are under OU=users or something. I intend to split it though to OU=users and OU=developers, thus I allowed the backend to search in multiple organizational units, by converting the variable to a python list. If the query sends a result (meaning the user is found), then it tries to bind with the credentials provided in the login form. If it suceeds, then the user data (apart from the password) are transfered to the django db, where they are going to be used for the rest of the session. Django actually has only email, real name and username in its accounts, but it gives the opportunity to extend those by creating a profile. That is technically an extra table in the db, with the ability to add custom fields, really handy.

The major problem that I’ve faced with all those ldap backends was that they all asked for an admin account, and they performed all changes with that account. That is acceptable for user creations but not for all the other cases. If a user wants to change his data, he should be able to do it with his regular account. Another problem emerged here though. OpenLDAP asks for the password before every action and one solution was to do it that way. Bcooksley had another idea though, to create a second 50char password, which will stay only for one session, and will be destroyed using itself at the end. I liked that idea very much, as asking the password is not too user friendly in my opinion, and the web frontend looses its purpose. For important changes though the password will be required (that includes uploading a new SSH/GPG key, or resetting the password).

The LDAP backend is now working, which is really cool, I didn’t expect it to be done so fast. My next step is to write some tests and documentation, for which I’ll use sphinx. Also, I plan to continue working on the ldap web frontend, by finishing the login/signup systems, and the user settings page, and then start messing with the UI.

1) KDE SC 4.6.80 aka 4.7 beta 1 bump

jmbsvicetto and alexxy did a great job so far about it, with ABCD forward-porting the commits to the live ebuilds. It is not ready yet though, and we’d not recommended to users yet, unless they know what they are doing. Upstream split some of the tarballs in order to follow the repos for 4.7. We were very lucky so far, and upstream’s split was very similar to ours, apart from kdebindings, which we’ll have to re-package to follow them.

2) Drop of kdeprefix useflag

The kdeprefix USE flag is announced to be dropped this Monday. As a result, we’ll have to move all ebuilds to slot 4. We could move them to 0 as well in order to drop the slotting entirely, but since most of them are already 4 it will prevent us from doing another massive slotmove.

3) Useflags in kde profile

It was decided these useflags to be added to the kde profile: declarative, dri, kipi, phonon, plasma, semantic-desktop, xcomposite, xinerama, xscreensaver

4) KDE SC 4.6.3 stabilization

First of all, dilfridge deserves congratulations for taking care the heavy job of doing the 4.6.2 stabilization, along with Qt 4.7 and a large number of other Qt and KDE applications. Keep in mind that this was a really hard job to do, since the previous stable version was 4.4.5. Things are now back in order now, with 4.6.2 fully stabilized and 4.4 completely removed (finally). 4.6.3 is the next stabilization target, to keep stable tree up to date.

*) Open floor

dilfridge said he is interested in doing some cups work, which we hope to affect KDE and desktop users in general.

We lost scarabeus, one of our top developers. Thus, we’d like to remind anyone that we always appreciate the help of new people. If you are one of the guys that already has access to the overlay, time to complete your ebuild and end quiz then!

Planet KDE readers: this is not a KDE GSoC project, feel free to skip it

I’ve been accepted for this year’s GSoC yey!! Many thanks to my mentor, Matthew Summers, for all the help. I’ll do a complete rewrite of the gentoo.org website using Django. The project actually consists basically of three parts: 1) create a django web frontend for our LDAP server 2) Create a django CMS replacement for the current website that will be able to read the XML files 3) Plug in the Beacon Editor, a WYSIWYG GuideXML editor, to the web app. Below is a part of my full proposal, which can be found at google-melange and has more technical information.

Currently Gentoo employs a number of websites with separate user accounts. LDAP servers are used for the developers only. Developers update their LDAP data through a perl script. Complaints about difficult handling of forgotten passwords occur frequently. A web interface around LDAP will make LDAP more user friendly, plus it can be easily extended to support non-developers, just by adding a new schema and OU (organizational unit) for them. The choice of Django was made for several reasons. It is a web framework based on Python, that is a programming language very easy to learn and maintain. A Django project is equally easy to maintain and extend. In Django parlance, the term “project” refers to a collection of pluggable, modular applications, that together form a more complex web application, the project. This modularity will let the Gentoo Community easily write new Django applications on top of the main instance, in order to enhance its features. Apart from the above, the Django and Python upstream communities are doing a great job, notably by releasing often, especially for security reasons.

Today, documentation is stored in XML files in a CVS repository. An XML to HTML converter (wrapped up with Ruby), called Gorg, is currently used to display the actual result. People who want to contribute to documentation or translations have to locally install a Gorg instance and check out the CVS repository, which can be rather cumbersome. Having a WYSIWYG editor embedded in the gentoo.org website would be preferred, as it will make it really easy to contribute to documentation, or even send improvements through bugzilla to the appropriate documentation or translation team. By all appearances Gorg has been abandoned as a project. This has resulted in difficulty in maintaining the Gentoo website, and also makes the work of updating the website’s design or functionality all the more troublesome. Therefore, a complete redesign is easier than resurrecting the old system. The overall end result of the new system will be a complete rewrite of the old Gentoo website, including everything under www.gentoo.org

• A new user registration system, that will import the data in the LDAP server.
• A System Admin, with support of different group permissions, based on the current LDAP ACL, e.g. recruiters, sysadmins, documentation moderators, Gentoo developers, users. For more strict LDAP related operations, the Django Admin will be used, as it will be better especially for following the LDAP ACL. The Django Admin will be used mainly by privileged users, like Infra and Recruiters. Anyone else will be able to view and edit his data through his account profile page and a custom made System Admin. There will be no required data for users apart from a primary email address and a nickname/password.
• A syndicator-like frontpage, that will display recent GLSAs, planet posts, PR team’s news.
• A continuous integration testing model. There will be automated regression testing, by using Portage to build and test the package on a regular basis.
• Support for viewing XML documents.
• Beacon, a WYSIWYG editor, for easily editing those XML documents.
• Git backend support for storing the XML files, using a dummy Git account.
• An easy to translate interface. Translators will be able to select a document and translate it using Beacon.
• Statistics for translators.
• A “send for review” button, so that end users will be able to file a bug to Gentoo Documentation team attaching the XML diff. It needs a custom pybugz script to file the bug. The same system will be used for translations.
• A new improved look, using JavaScript/jQuery. On this area, there will be strict adherence to web standards and accessibility best practices, since the Gentoo website and Documentation pages are being viewed by too many people every day.
• An improved devmap, where developers will be able to click their position on the map.

The name I chose is okupy (you know, k instead of c, and py because it is a python app ) Well, it is not related to KDE, but I am Not to mention the new fashion in KDE apps not having K-names. I’m bringing a new fashion to the world, non-KDE apps with K-names.

Robin Johnson, the Gentoo Infra lead, will co-mentor me on the LDAP specific parts. Matt will be my guide for the django parts. The idea of this project was mine, inspired by both my Django/LDAP thesis project and the identity.kde.org work. I came in touch with the KDE sysadmins as well, and especially Ben Cooksley, who’s been great help so far and gave me lots of ideas already based on his experience maintaining the identity website. I’d be really happy to provide a Django LDAP that could suit both my favorite projects. I created a gsoc tag, where I’ll be posting weekly updates in Planet Gentoo, and the gentoo-soc mailing list. That’s it, time to get back to work.

This blog post comes about a year late, but who cares. This particular project is very important to me, as it was really fun, and my first steps to python/django and sysadmin tasks like LDAP, SVN/Git and friends. The project was written along with my friend Cephalon (Γιάννης Σπανός) under the guidance of our professor Χρήστος Σωμαράς. It is still available at cronos.teilar.gr, but you won’t be able to sign up unless you are a student at TEI of Larissa.

The Problem

My school had an irrational number of websites, providing crucial announcements. It is very hard to follow all of them (the knowledge gets lost when it is spread around), not to mention the unavailability of some during most of the weekends Actually, that belongs to the past I hope, I haven’t noticed anything recently, but in the past the problem was really obvious. Every one or two weekends a power cut was hapenning, even in exams periods. The web services were too many though, some students were not even aware of some (for example the career.teilar.gr website has info about job positions, grad school programs etc). Another very important problem is that most of those websites require different accounts, and I couldn’t even imagine how many students didn’t remember their credentials, and did a password reset every new semester (remember, we are not talking only about CS students here, actually they are the minority, and they are not an exception to that unfortunatelly). Last but not least, none of the mentioned websites provided RSS feeds, making it even harder to track them (some of the major ones do now though).

Brainstorming

So, what would be really useful is a web application that will combine all those announcements, in a syndicator-like page. Plus, a number of other information (like grades, the semester’s declaration, their student mail account, even a list of teachers) could be also included to that app. And, most importantly, we need a unified RSS feed for all those announcements, since some (like me) prefer desktop applications to read their news. Well, we don’t need announcements of every school or every teacher though, the student should have the ability to select what they want to view. Since the uni websites don’t provide RSS feeds, we’ll have to parse the html pages instead, and store the output in a db. Some of them require authorization first, so we’d need the user’s credentials, which should be encrypted with blowfish in order for the system to be able to reuse them when needed. Everything looks good so far, let’s move on:

Implementation

First step was to set up the server. We got a new box and needed to do everything from scrach. We installed and configured OpenLDAP, MySQL, Django with mod_python, Subversion, phpLDAPadmin, phpMyAdmin, WebSVN, and the apache vhost files. Afterwards, we started messing with pycurl and BeautifulSoup. It took us some days, but we finally had two python scripts (django standalone files actually). The first was parsing the names of the schools, the teachers, the lessons as well as the names of the web services from which we were going to collect announcements. The second was actually parsing the announcements, of about 10 websites, which were put in a database. As I said there were no RSS feeds, so we had to send thousands http requests with pycurl and parse with beautifulsoup. I know, very unreliable, but there was no better way we could think of, plus it worked just fine. Some of the websites:

• www.teilar.gr: The most important website, it contains the announcements of all the teachers, school specific announcements, even college and various other announcements.
• e-class.teilar.gr: Equally important. e-class is a very popular webapp among greek universities, which offers tools for better communication between teachers and students. Apart from announcements, it also provides the ability to upload and store files, like presentation files or weekly projects, a calendar, a mini-chat, contact form and others. Many teachers prefer that to announce things instead of the first one.
• dionysos.teilar.gr: This one has the accounts of the students. This is where the student sees his grades, declares classes for the semester, etc. School wide announcements are also provided.
• myweb.teilar.gr: webmail service (no announcements provided here obviously )
• some informational only websites: LinuxTeam, PR, Library, Career, NOC and others (still adding new ones actually).

The above python scripts were put in cron.d, the first runs weekly and the second hourly. It takes about half an hour for the second to complete, and in the old box (a very old celeron laptop used as server) it took 45-50 mins. After having all that data in the db, it is now time to create the signup/login systems, and then print those data to the users. The login system took a while to get ready. We played a lot with LDAP, python-ldap and some django authentication backends to fully understand everything. We used the library ldap_groups, which pretty much had everything we wanted, although we had to tweak it a bit. In short, django allows the usage of another authorization backend instead of its ModelBackend, by adding the following in settings.py:

 
AUTHENTICATION_BACKENS = (
    'path.to.custom.backend',
    'django.contrib.auth.backends.ModelBackend',
)

When a user logs in, the custom backend (assuming it is an LDAP backend) searches for the user in the django DB first, and if not found, it searches in the LDAP server afterwards. If the user is found in the LDAP server, its data will be transfered to the django DB. With that system, the data will stay in the LDAP server (and will be used easily) even if the DB gets wiped out. Similarly, the signup system was searching for duplicate entries only in the LDAP server. The signup got a bit more complex though. The system is asking for the accounts of dionysos, e-class (optional) and webmail (optional), and in order to verify them, it uses them immediatelly, performs a pycurl and parses the output. If successfull, it also parses the student’s data, like his name, semester, registration number, grades, e-class lessons he is subscribed, and put them in the ldap server. Using the django syndicator module we were able to create a unified RSS feed of all those announcements. The pages we created were the following:

• The first page which prints some personal information
• A syndicator-like page with all the announcements
• An e-class specific page, which shows the lessons a student follows, recently uploaded files, and pending deadlines for projects
• An e-mail page, which only shows the mails
• A library page, where the user can get results for books through the library.teilar.gr web page
• A list of all the teachers, with the school they belong and their emails
• An about page
• A settings page, where the student can change his password, his credentials of the other websites, update his grades/declaration/e-class lessons list, and select the teacher/other announcements he wants to follow

The future

Our target was to merge the LDAP server we created with the one the school uses. But due to some changes the NOC did, it was impossible to do that, so I had to drop the LDAP support in our application as well, and use the DB only.

After getting it online, two other guys created a similar django project as their thesis project, which would offer online registration to labs. The original plan was to merge those projects, due to many similarities in the code (especially regarding the registration system, which was also using the same LDAP authorization), but went on a separate web app finally, diogenis.teilar.gr (by Στέφανος Χρούσης and Γιώργος Τσιώκος).

About a month ago, the two services were moved to a new box, who was put under LinuxTeam control, and features two VMs (more on this on separate blog post). We have a long todo list now, and people that have interest in contributing. The service is still online, I hope it will stay for a while, thanks to Δημήτρης Παπαπούλιος and Άλεξ-Π. Νάτσιος for taking care of the server and the VMs, Γιώργος Κούτσικος for the artwork and Γιώργος Τσιώκος for the design! Let’s hope it will stay online for much longer, and more thesis projects on top of this will follow.

Added a few more domains for the lulz:

Also for my brother:

My college’s LinuxTeam celebrated its 4th year a few days ago!! Pretty exciting! We’ve done a lot in those four years, but the most important in my opinion is that there is a whole new group of members now, willing to work for the team. Plus, some of them are not considered new at all now, so they know what the team requires, and how to promote it to newer students, in order to keep it alive.

Apart from the promotion, the conferences and the install fests, the guys are also willing to do more technical work. We got a new box recently, got some oldies in production, but more on this on a separate blog post. We host and maintain two web applications that began as thesis projects (also, more in a separate blog post), our git has even more projects. And people are still working on big projects (KDE, Enlightment, OpenSUSE, Gentoo (yeah, not only me )).

Really great to see that the team is evolving. Finding new members was one of the most significant problems we faced when we first created it, and it feels good to know that we have passed that line. Personally, I’ve lost most of my motivation to work for that team any more, since I’ve done so much in the past, but at least I am not worrying about it any more

We celebrate out team’s birthday at the same place every year, with the same birthday cake design, and lots of fun. Happy birthday team!

After a whole year, I had the chance to go to a rap live again. Well, I’ve been very busy the last year with various stuff, and although I’ve been travelling a lot to Athens and Thessaloniki as usual, i didn’t have the luck to overlap with a live act. It’s not my fault though, most of the names (and I’m talking the foreign ones, I don’t care about the greek lives any more) weren’t so good in my opinion. Not all of them, I admin I lost some. I’ve been in some non-rap concerts though, like Serj’s performance in Athens and Archive’s performance in my city (I never blogged about the second right? Well, they were awesome, go see them ) Anyway, time for another trip to Thessaloniki.

Support Acts

The place is called Block 33. It has two halls, a small one were the support acts took place, and a large one were the actual event happens. DJ Waif and DJ Booker kept us company for about an hour and a half with their brilliant DJ set. Then, a breaker came on stage and started dancing, another breaker came afterwards wearing a mask. He removed the mask and turned out to be the first rapper for the night, 12ος Πίθηκος. Very good performance in general, although I don’t like his music at all. He performed many tracks, along with Πελίνα, and the crowd really enjoyed them. Afterwards, Ψυχοδράμα came on stage, which is one of the very few greek bands that I still listen nowadays. Their performance could have been better, but I didn’t care, I had lots of fun. It was only ΔΠΘ (who was totally wasted) and Άγνωστος Χειμώνας there, along with some non-members on stage, like Sadomas. And after a long wait, about half an hour, the doors of the main hall were finally open.

Time for some live

So, we are in. The hall is huge, and I couldn’t believe that it was full at some point! I didn’t even know that so many people even knew who Psycho Realm are. DJ FM was there warming us up, with his old-school latin rap selections, for more than half an hour. Then, Sick Jacken and Cynic came on stage, and I couldn’t stop dancing, although I was exhausted. They performed for almost two hours, and included everything: old and new (even not released yet) Psycho Realm tracks (I’m an oldie, I went crazy on Stone Garden and Showdown ), with Cynic rapping Big Duke’s verses, the best of “The Legend of the Mask and the Assassin”, English, Spanish, Latin, everything! What I personally found really awesome though is that the rappers were very warm, made us make really comfortable and it was like they were talking to each one of us. Of course the group mentioned Sick Jacken’s brother, Big Duke (who is paralyzed). Jacken ordered us to throw our hands in the air to show our love for him, and he showed us back his appreciation after seeing how the crowd responded. Excellent performance, awesome tracks, crazy DJ, in a place full of people. I had a really good time at that night, no reason to say anything more, just don’t miss the opportunity to see them. I didn’t take any pictures, but there are some low quality videos here. Thank you guys.

PS It is really funny when Americans try to say the word “Thessaloniki”