food, consumer experience and Joshi Wadewala

For a while now, I have been looking at various options of how food quality experience is checked by various people. The only proper or official authority is FSSAI but according to CAG and quartz own web report FSSAI has to go a long way.

The reasons I share this is over the years I have mentioned about how Joshi Wadewala has managed to outdo what others could also have done. But lately, it seems the staff and the owners have grown lax and arrogant about the quality of food and service they provide. For instance under FSSAI it is written under labeling –

Labelling

It is mandatory that every package of food intended for sale should carry a label that bears all the information required under FSS (Packaging and Labelling) Regulation, 2011. Food package must carry a Label with the following information :

Common name of the Product.
Name and address of the product’s Manufacturer
Date of Manufacture
Ingredient List with additives
Nutrition Facts
Best before/ Expires on
Net contents in terms of weight, measure or count.
Packing codes/Batch number
Declaration regarding vegetarian or non-vegetarian
Country of origin for imported food

no label on mango lassi

Also many a times their fresh food is either not fresh or not cooked properly. This has been happening for couple of weeks now. I have to point out that they are not the only ones although this is a proper shop, not a pavement dweller per-se.

Joshi Wadewala image

I did file my concern with FSSAI but I highly doubt any action will be taken although it is a public safety issue, health issue but as biggies are never caught then he’s a smallish-time operator.

It is also a concern as my mother has no teeth and I was diagnosed with convulsive seizures last year which prevented me from attending debconf last year. I was in hospital for a period of 3 months.

I have stopped going to the establishment as there are others who are better at receiving feedback and strive to being better.

Disclaimer – All the photos shared are copyright zomato.com

I have also no idea if GST is paid or not as you do not get any receipts for your purchases which is also one of the basic consumer right. They just have one slip which you get when you do your purchase and have to hand it over for either take-away or getting food.

They do have a bill book but that is for bulk purchases only.

Advertisements

Debconf 2018, MATE 1.2.0, libqalculate transition etc.

Dear all,

First up is news on Debconf 2018 which will be held in Hsinchu, Taiwan. Apparently, the CFP or Call for Proposals was made just a few days ago and I probably forgot to share about it. Registration has also been opened now.

The only thing most people have to figure out is how to get a system-generated certificate, make sure to have an expiry date, I usually have a year, make it at least 6 months as you would need to put up your proposal for contention and let the content-team decide it on the proposal merit. This may at some point move from alioth to salsa as the alioth service is going away.

The best advice I can give is to put your proposal in and keep reworking/polishing it till the end date for applications is near. At the same time do not over commit yourself. From a very Indian perspective and somebody who has been to one debconf, you can think of the debconf as a kind of ‘khumb‘ Mela or gathering as you will. You can definitely network with all the topics and people you care for, but the most rewarding are those talks which were totally unplanned for. Also it does get crazy sometime so it’s nice if you are able to have some sane time for yourself even if it just a 5-10 minute walk.

On the budgeting side of things, things have been going well but could be better. The team has managed to raise probably bit more than half the target. See the list of the sponsors of Debconf. With so many companies using the products the Debian Developers work hard at maintaining, it would be in the companies self-enlightened interest to keep the pot going. There are high hopes that it will be a healthy turnout and influences hardware, software, Information technology policymakers to have a more open and secure society where people are just not data.

In other news, I’m excited to see MATE 1.20 which is now in testing. I asked people from the mate-team last month for the new packages, came to know of the gtk3+ port which was unfortunately postponed to 3.20.1 which is also complete and might be in a little later. I love mate quite a bit for the functionality and yet low memory usage it provides. I tried to push to have a mate-desktop install CD but was consequently denied. While he didn’t elaborate the reasons, I can hypothesize some of the reasons that might be an influence –

a. Any -desktop CD would not be for a single architecture but all of the architectures.
b. Which in turn would bring headaches from storage at the mirror network
c. not to mention making sure that mate is always at a releasable state especially in point releases.

I have to admit that I have become a bit of mate fanboy since I started using it sometime back.

The mate-team atm consists of Mike Gabriel and Martin Wimpress with Martin usually doing the patching work while Mike does the uploading work to the archive. There are well-wishers like me who do chime in from time to time but probably needs 1 or 2 dedicated people who make things easier. If you have the technical chops and want to learn packaging it might be a good way to get into it. It isn’t big and heavy like GNOME, nor is it at light as some of the other competitors in the desktop space. It’s just right. Add to that it brings in its own unique themeing and looks which makes it look unique than other distributions.

The only thing bad about it is that upstream is a bit secretive about what can we expect in the releases round the corner and in the near/late future probably bit of reason might be constrained resources.

Update – For what it’s worth they have started the package uploads of the new version having the debian-mate@lists.debian.org which means by the pkg-mate-team archives are now in read-only mode. While I dunno what the long-term plans for the alioth infrastructure is, but probably think as more and more packages support shift to lists.debian.org, lists.alioth.debian.org would turn to read-only and then at some point a highly compressed data-dump for historical purposes where crazy people like me might come from time-to-time in order to have history of the packaging, collaboration or something about any of the teams or the packages that the teams maintained.

One of the interesting and yet frustrating things I have been seeing from far is how nodejs is missing the whole build from the source and in turn the reproducible builds concept. I have been looking to see riot.im come into debian but it seems it will just take forever. Just this github discussion is enough to highlight the difference between the two cultures and understandings. And that is a problem because then you are trusting riot.im with your data. I know at least quite a few people in debian-in want to see this come in Debian as well as people from different groups. Why, even in the last -debconf bi-weekly meeting somebody mentioned how matrix (riot’s web-browser based client) lags. So I/We are not the only users of this particular piece of software. How to get it would probably be another story in itself.

In Debian even if nothing, at least many packages initial packaging has some hardening flags which at the very least give some protection. The goal is though to have the whole archive in hardened mode and more. The matrix wiki page is a nice page to watch over and see how things come in Debian.

I don’t want to delve too much into it as there is a whole team called debian-security where probably lot of white hats, grey hats and even black hats might be congregating 🙂

This is one of the reasons why I love and use Debian so much , you get the convenience and the security at the same time which is rare although that is more for packages in stable rather than unstable or even testing.

There is a bit of lost cause in qalculate though. I had a chat with maintainer though both on-list and off-list and it seems he isn’t able to find time to maintain it anymore. So sometime back, I filed a RFH Request for help for the package. While there are other calculator applications this is the only one which goes through the web to site, download all the exchange rates for the moment and is helpful to people who might be budgeting to go to conferences or holidays or both or be a part-time foreign currency market watcher . With the right script, you might be even able to put charts and have an understanding of how money markets are behaving and maybe even anticipate how the markets will behave.

Update 23/03/2018 – Most of the parts of the library of the new qalculate version are now in experimental. The only ones which are not in experimental is qalculate-gtk.

$ apt-cache policy qalculate-gtk
qalculate-gtk:
Installed: (none)
Candidate: 0.9.7-6+b1
Version table:
0.9.9-1 100
100 http://cdn-fastly.deb.debian.org/debian experimental/main amd64 Packages
0.9.7-6+b1 900
900 http://cdn-fastly.deb.debian.org/debian buster/main amd64 Packages
100 http://cdn-fastly.deb.debian.org/debian unstable/main amd64 Packages

$ apt-cache policy libqalculate14-data
libqalculate14-data:
Installed: 2.2.1-1
Candidate: 2.2.1-1
Version table:
*** 2.2.1-1 100
100 http://cdn-fastly.deb.debian.org/debian experimental/main amd64 Packages
100 /var/lib/dpkg/status

I did see Vincent’s work and checked out his personal repo. at https://people.debian.org/~vlegout/qalc/ and was able to install his qalculate binaries and even put couple of tickets on upstream while trying to figure out things, 71 and 72 . I am just hoping it comes into experimental so can play with it more.

I also sort of butted in #852035 which I normally wouldn’t have if the spectre-meltdown-checker had refused to tell part of the check without binutils installed. As it is, it is way above my pay-grade.

For quite sometime now, I had been thinking of how to get a stock ticker working in GNU/Linux. I know and knew lot of large financial institutions use GNU/Linux as finances are secrets and GNU/Linux is or can be great at keeping secrets. Hence I was under probably the false impression, I would just need to go to github or some code-sharing place and somebody would already have done something. For self-security as I’m a freelancer (we don’t have pensions in our part of world apart from Government and the defense services) I have invested some money in equities and some in Mutual Funds. Now the Bombay Stock Exchange lists both equities and mutual funds on its exchange. Now tuning on TV and trying to figure out stocks and what they are listing is a major time sink. I don’t need real-time quotes. There are quite a few services which give near-realtime quotes but even they are a bit of overkill for what I have in my mind.

I just need a ticker which takes the BSE codes and gives near-realtime quotes and displays it in the ticker. Joey Hess made one and its lying orphaned in debian.

That doesn’t really work for me. I did try the example as given by joeyh in

/usr/share/doc/ticker/examples$ cat sysinfo-ticker

while it works on the console on the upper part, I need it to be more of a stand-alone ticker which scrolls at the bottom near the bottom panel.

Brownie points if it’s able to store the output to another .json file along with IST time-stamp. Better if it’s also able to share the volume of trade. BSE does give all this info. for free in near-realtime quotes as money is made by big punters who do real-time purchase and sale within the working day itself.

I did see another one at jstock.org and https://github.com/yccheok/jstock but github.com software doesn’t give any instructions for self-compile or/and testing. Also don’t like .bin files.

Just to check out the competition, I did a search-engine fu search to see if there is a ticker for MS-Windows and somebody already made it.

If this is made possible and maybe at some future date might do a gnuplot once enough data is there.

For the data part, there are two competing services so it might be possible to use one as primary source and the other as secondary or fallback resource.

A hack and a snowflake

This would be a long post. Before starting, I would like to share or explain that I am not a native English speaker. I say this as what I’m going to write, may or may not be the same terms or meaning that others understand as I’m an Indian who uses American English + British English.

So it’s very much possible that I have picked up all the bad habits of learning and understanding and not any of the good ones in writing English as bad habits as elsewhere in life are the easier ones to pick up. Also I’m not a trained writer or have taken any writing lessons ever apart from when I was learning English in school as a language meant to communicate.

Few days back, I was reading an opinion piece (I tried to find the opinion piece again but have failed to do since) if anybody finds it, please share in the comments so will link here. A feminist author proclaimed how some poets preached or shared violence against women in their writings, poems including some of the most famous poets we admire today. The author of the article was talking about poets and artists like William Wordsworth and others. She picked out particular poems from their body of work which seemed to convey that message. Going further than that, she chose to de-hypnate between the poet and their large body of work. I wished she had cared enough to also look a bit more deeply in the poet’s life than just labeling him from one poem among perhaps tens or hundreds he may have written. I confess I haven’t read much of Wordsworth than what was in school and from those he seemed to be a nature lover rather than a sexual predator he was/is being made out to be. It is possible that I might have been mis-informed.

 

Meaning of author

– Courtesy bluediamondgallery.com – CC-by-SA

The reason I say this is because I’m a hack. A hack in the writing department or ‘business’ is somebody who is not supposed to tell any back story and just go away. Writers though, even those who write short stories need to have a backstory at least in the back of their mind about each character that s/he introduces into the story. Because it’s a short story s/he cannot reveal where they come from but only point at the actions they are doing. I had started the process two times and two small stories got somewhat written through me but I stopped both the times midway.

while I was hammering through the keyboard for the stories, it was as if the characters themselves who were taking me on a journey which was dark and I didn’t want to venture more. I had heard this from quite a few authors, few of them published as well and I had dismissed it as a kind of sales pitch or something.

When I did write those stories for the sake of argument, I realized the only thing that the author has is an idea and the overall arc of the story. You have to have complete faith in your characters even if they led you astray or in unexpected places. The characters speak to you and through you rather than the other way around. It is the most maddest and the most mysterious of journeys and it seemed the characters liked the darker tones more than the lighter ones. I do not know whether it the same for all the writers/hacks (at least in the beginning) or just me ? Or Maybe its a cathartic expression. I do hope to still do more stories and even complete them even if they have dark overtones just to understand the process. By dark I mean violence here.

That is why I asked that maybe if the author of the opinion piece had taken the pain and shared more of the context surrounding the poem themselves as to when did Mr. Wordsworth wrote that poem or other poets did, perhaps I could identify with that as well as many writers/authors themselves.

I was disappointed with the article in two ways, in one way they were dismissing the poet/the artist and yet they seemed or did not want to critique/ban all the other works because

a. either they liked the major part of the work or

b. they knew the audience to whom they were serving the article to probably likes the other works and chose not to provoke them.

Another point was I felt when you are pushing and punishing poets are you doing so because they are the soft targets now more than ever? Almost all the poets she had talked about are unfortunately not in this mortal realm anymore. On the business side of things, the publishing industry is in for grim times . The poets and the poems being perhaps the easiest targets atm as they are not the center of the world anymore as they used to do. Both in United States as well as here in India, literature or even fiction for that matter has been booted out of the educational system. The point I’m trying to make here that publishers would and are not in a position to protect authors or even themselves when such articles are written and opinions are being formed. Also see https://scroll.in/article/834652/debut-authors-heres-why-publishers-are-finding-it-difficult-to-market-your-books for an Indian viewpoint of the same.

I also did not understand what the author wanted when she named and shamed the poets. If you really want to name and shame people who have and are committing acts of violence against women, then the horror film genre apart from action genre should be easily targeted. In many of the horror movies, both in hollywood, Bollywood and perhaps in other countries as well, the female protagonist/lead is often molested,sexually assaulted, maimed, killed, cannibalized so and so forth. Should we ban such movies forthwith ?

Also does ‘banning’ a work of art really work ? The movie ‘Padmavaat‘ has been mired in controversies due to a cultural history where as the story/myth goes ‘Rani Padmavati’ (whether she is real or an imaginary figure is probably fodder for another blog post) when confronted with Khilji committed ‘Jauhar’ or self-immolation so that she remains ‘pure’. The fanatics rally around her as she is supposed to have paid the ultimate price, sacrificing herself. But if she were really a queen, shouldn’t she have thought of her people and lived to lead the fight, run away and fight for another day or if she was cunning enough to worm her way into Khilji’s heart and topple him from within. The history and politics of those days had all those options in front of her if she were a real character, why commit suicide ?

Because of the violence being perpetuated around Rani Padmavati there hasn’t been either a decent critique either about the movie or the historical times in which she lived. It perhaps makes the men of the land secure in the knowledge that the women then and even now should kill themselves than either falling in love with the ‘other’ (a Muslim) romantically thought of as the ‘invader’ a thought which has and was perpetuated by the English ever since the East India company came for their own political gains. Another idea being women being pure, oblivious and not ‘devious’ could also be debated.

(sarcasm) Of course, the idea that Khilji and Rani Padmavati living in the same century is not possible by actual historians is too crackpot to believe as the cultural history wins over real history. (/sarcasm)

The reason this whole thing got triggered was the ‘snowflake’ comments on https://lwn.net/Articles/745817/ . The article itself is a pretty good read as even though I’m an outsider to how the kernel comes together and although I have the theoretical knowledge about how the various subsystem maintainers pull and push patches up the train and how Linus manages to eke out a kernel release every 3-4 months, I did have an opportunity to observe how fly-by-contributors are ignored by subsystem-maintainers.

About a decade or less ago, my 2-button wheel Logitech mouse at the time was going down and I had no idea why sometimes the mouse used to function and why sometimes it didn’t. A hacker named ‘John Hill’ put up a patch. What the patch did essentially was trigger warnings on the console when the system was unable to get signal from my 2-button wheel mouse. I did comment and try to get it pushed into the trunk but it didn’t and there was also no explanation by anyone why the patch was discarded. I did come to know while building the mouse module as to how many types and models of mouse there were which was a revelation to me at that point in time. By pushing I had commented on where the patch was posted and the mailing list where threads for patches are posted and posted couple of times that the patch by John Hill should be considered but nobody either got back to me or him.

It’s been a decade since then and still we do not have any proper error reporting process AFAIK if the mouse/keyboard fails to transmit messages/signals to the system.

That apart the real long thread was about the term ‘snowflake’. I had been called that in the past but had sort of tuned it out as I didn’t know what the term means/meant.

When I went to wikipedia and came up with the ‘snowflake’ and it came with 3 meanings to the same word.

a. A unique crystalline shape of white

b. A person who believes that s/he is unique and hence entitled

c. A person who is weak or thin-skinned (overly sensitive)

I believe we all are of the above, the only difference is perhaps a factor. If we weren’t meant to be unique we wouldn’t have been given a personality, a body type, a sense of reasoning and logic and perhaps most important a sense of what is right or wrong. To be thick-skinned also comes the inability to love and have empathy with others.

To round off on a somewhat hopeful note, I was re-reading maybe for the umpteenth time ‘Sacred Stone‘ an action thriller in which four hindus along with a corrupt, wealthy and hurt billionaire try to blow the most sacred site of the Muslims, the Mecca and Medina. While I don’t know whether it would be possible or not, I would for sure like to see people using the pious days for reflection . I don’t have to do anything, just be.

Similarly, the spanish pilgrimage as shown in the Way . I don’t think any of my issues will be resolved in being either of the two places but it may trigger paths within which I have not yet explored or forgotten longtime ago.

At the end I would like to share two interesting articles that I saw/read over the week, the first one is about the ‘Alphonso‘ and the other Samarkhand . I hope you enjoy both the articles.

WordPress.com tracking pictures and a minidebconf in Pune

This would be a big longish post.

I have been a wordpress.com user for a long time and before that blog post for a long long time. Sometime back on few blog posts I began to notice that on planet.debian.org the pictures were not appearing. I asked the planet maintainers what was going on. They in turn shared with me a list of filters that they were using as a default. While I’m not at liberty to share any of the filters, it did become clear from reading of the regular expressions of the filters and conversations with the planet maintainers that wordpress.com was at fault and not Planet.debian. I tried to see if there was anything as a content producer I could do but apparently nothing. The only settings for media or even for general has no settings through which I could stop tracking.

Sharing a screenshot below –

Media settings in normal wordpress.com account.

Sp while there’s nothing I can do atm, I can share about the Debian event that we did in reserved-bit about couple of months ago. Before I start, here’s a small brief about reserved bit, it’s a makerspace right next to where all the big IT companies are and where they come to pass the time after work. It’s on top of a mall.

Reserved-bit is run jointly by Siddhesh and Nisha Poyarekar husband-wife duo. Siddhesh was working with Redhat and now does his own thing. Works with Linaro and is a glibc maintainer and I read somewhere that he was even a releaser of couple of glibc releases (Update = actually 2.25 and 2.26 of glibc which is wow and also a big responsibility.) Pune is to India what Detroit was to the States. We have number of automobile companies and siddesh did share he was working on the glibc variants for the automobile, embedded market.

Nisha on the other hand is more on the maker side of the things, his better half and I believe she knows quite a bit of Aurdino. I believe there was a workshop yesterday on aurdino but due to time and personal constraints was not able to attend it or would have got more to share. She is the one who is looking at the day-to-day operations of maker-bit and Siddhesh chips in as and when he can.

Because of the image issue, I had been dragging my feet to post about the event for more than couple of months now. I do have access of a debconf gallery instance but was not comfortable for this. If I do attend a debconf then probably that would be the place for that.

Anyways, about 3 months back Gaurav shared an e-mail on the local LUG mailing list . We were trying to get the college where the LUG meets as it is one of the central parts of the city but then due to scheduling changes it was decided to be held at reserved-bit. I had not talked with Praveen for some time but had an inkling that he might be bringing one of the big packages which has a lot of dependencies on them which I shared in an email . As can be seen, I also shared the immense list that Paul always has and as can be seen free software is just growing leaps and bounds, what we are missing are more packagers and maintainers.

I also thought that it is possible that somebody might want to install debian and hence shared about that as well.

As I wasn’t feeling strong enough, I decided to forgo taking the lappy along. Fortunately, a friend arrived and we were together able to reach the venue on time. We probably missed about 10 minutes which probably was the introduction session a bit.

Image of Praveen talking about various software

Image – courtesy Gaurav Sitlani

Praveen is in middle, somewhat like me with the beard, and white t-shirt.

I had mentally prepared myself for newbie questions but refreshingly, even though there were lot of amateurs, most of them had used Debian for sometime. So instead of talking about why we need to have Debian as a choice or why X disto is better than Y we had more pointed topical questions. There were questions about privacy as well where Debian is strong and looking to set the bar even higher. I came to know much later than Kali people are interested in porting most of their packages and maintain it in main, more eyes to see the code, a larger superset of people would use the work they do than those who would only use kali and in time higher quality of packages which is win-win to all the people concerned.

As I had suspected Praveen shared two huge lists of potentials software that needs to be packaged. Before starting he took some of the introductory part of the npm2deb tutorial. I had played with build programs before but npm2deb seemed a bit more automated than others, specifically with the way it picks up the metadata about software to be packaged. I do and did realize that npm2deb is for specific bits only and probably that is the reason that it could be a bit more automated than something like makefile, cmake, premake but then the latter are more generic in nature, they are not tied to a specific platform or way of doing things.

He showed a demo of npm2deb, the resultant deb package, ran lintian on top of it . He did share the whole list of software that needs to be packaged in order to see npm come into Debian. He and Shruti also did a crowdfunding for it sometime back.

I am not sure how many people noticed but from what I recollect both nodejs and npm came around June/July 2017 in Debian. While I don’t know it seemed Praveen and Shruti did the boring yet hard work to bring both the biggish packages into Debian. There may be some people involved as well which I might not know about but that is unintentional. If anybody knows any better feel free to correct me and will update it here as well.

Then after a while Raju shared the work he has been doing with Hamara but not in great detail as still lot of work is yet to be done. There were questions about rolling release and how often people update packages, while both Praveen and Raju pointed out that they did monthly updates, I am more of a weekly offender. I usually use debdelta to update packages and its far much easier to track and have the package diffs cheaply without affecting the bandwidth too much.

I wanted to share about adequate as I think it’s one of the better tools but as it has been orphaned and nobody has stepped up, it seems it will die a death after sometime. What a waste of a useful tool.

What we hadn’t prepared for that somebody had actually wanted to install Debian on their laptop then and there. I just had the netinstall usb stick by chance but the person who wanted to install debian had not done the preparatory work which needs to be done before setting up Debian. We had to send couple of people to get a spare external hdd which took time, copying the person’s data and then formatting that partition, sharing the different ways that Debian could be installed onto the system. There was a bit of bike-shedding there as there are just too many ways. I am personally towards have a separate / , /boot (part of it I am still unable to resolve under the whole Windows 10 nightmare, /home, /logs and swap. There was also a bit of discussion about swap as the older model of 1:1 memory doesn’t hold much water in the 8 GB RAM+ scenario.

By the time the external hdd came, we were able to download a CD .iso and show a minimal desktop installation. We had discussions about the various window managers and desktop environments, the difference and the similarities. IIRC, CD 1 has just LXDE as none of the other desktop environments can fit on CD1. I also shared about my South African Debconf experience as well the whole year-long preparation it takes to organize Debconf. IIRC, I *think* I shared having a conference like that costs north of USD 100,000 (it costed that much for South Africa, beautiful country) – the Canadian one might have costed more and the Taiwan one happening coming July would cost the same even though accommodation is free. I did share that we had something like 300+ people for the conference, the Germany one the year before had 500 so for any Indian bid we would have to grow up a whole lot more before we think of getting anywhere of hosting a debconf in India.

There was interest from people to contribute to Debian but this is where it gets a bit foggy, while some of the students want/ed to contribute they were not clear as to where they could contribute. I think we shared with them the lists, shared/showed them IRC/Matrix and sort of left them to their own devices. I do think we did mention #debian-welcome and #debian-mentors at possible points of contact. As all of us are busy with our lives, work etc. it does become hard to tell/advise people. Over the years we have realized that its much better to just share the starting info. and let them find if there is something that interests them.

There was also discussion about different operating systems and how the work culture and things differed from the debian perspective. For e.g. I shared how we have borrowed quite a bit of security software from the BSD stable and some plausible reasons of where BSD has made it big and where it sort of failed. The same was dissected for other operating systems too who are in the free software space and quite a few students realized it’s a big universe out there. We shared about devuan and how a group of people who didn’t like systemd did their own thing but at the same they realized the amount of time it takes to maintain a distro. In many a ways, it is a miracle that Debian is able to be independent and have its own morals and compasses. We also shared bits of the Debian constitution and Manifesto but not too much otherwise it would have become too preachy.

Coming towards the end, it gives me quite a bit of pleasure to share that Debian would be taking part in Outreachy and GSOC at the same time. While the projects seem to be different, I do have some personal favorites. The most exciting to me as a user are –

1. Wizard/GUI helping students/interns apply and get started – While they have narrow-cased it, it should help almost everybody who has to get over the learning curve to make her/is contribution to Debian. Having all the tools configured and ready to work would make the job of on boarding on to Debian a whole lot easier.

2. Firefox and Thunderbird plugins for free software habits – It’s always a good idea to start of with privacy tools, it would make the journey of free software much easier and enjoyable.

3. Android SDK Tools in Debian – This I think would be a multi-year project for as long as Android is there as a competitor in the mobile space. Especially for Pune students doing work with Android might lead to upstream work with Linaro who have been working with companies and various stake-holders to have more homogeneity to a kernel which would make it more secure, more maintainable in the short and long run.

4. Open Agriculture Food Computer – This probably would be a bit difficult but for colleges like COEP who have CNC lathes and 3-d printer and a benefactor in Sharad Pawar and other people who are interested in Agriculture, Nitin Gadkari . The TED link shared and reproduced below does give some idea. Vandana Shiva, who has been a cultural force and has a seed bank so we have culture, recipes and food for generations would be pretty much appropriate for the problems we face. It actually ties in with another ted talk which is also a global concern, the shortage of water and recycling of water.

This again from what I could assess with my almost non-existent agricultural skills, would be multi-year project as the science and understanding of it are in early stages. People from agriculture, IT, Atmospheric Science etc. all would have a role in a project like this. The interesting part of it is that from what has been shared, it seems there are lots that can be done in that arena.

Lastly, I would like some of the more privacy consciously people to weigh in on 1322748. I have used all the addons which have been mentioned on the bugzilla one time or the other and am stymied as my web experience is poorer as I cannot know who to trust and who to not without the info. about what ciphers the webmasters are using. Public pressure can only work when that info. is available.

I am sure I missed a lot, but that’s all I could cover. If people have some more ideas or inputs, feel free to suggest in the comments and I will see if I can incorporate them in the blog post if need be.

webmail saga continues

I was pleased to see a reply from Daniel as a reaction to my post. I read and re-read the blog couple of times yesterday and another time today to question my own understanding and see if there is anyway I could make life easier and simpler for myself and other people whom I interact with but finding it somewhat of an uphill task. I will not be limiting myself to e-mail alone as I feel until we don’t get/share the big picture it would remain incomplete.

Allow to share me few observations below –

1. The first one is probably cultural in nature (either specific to India or its worldwide I have no contextual information.) Very early in my professional and personal life I understood that e-mails are leaky by design. By leaky I mean being leaked by individuals for profit or some similar motive.

Also e-mails are and were used as misinformation tools by companies and individuals then and now or using sub-set or superset of them without providing contextual information in which they were written. While this could be construed as giving straw man I do not know any other way. So the best way, at least for me is to construct e-mails in a way where even if some information is leaked, I’m ok with it being leaked or being in public domain. It just hurts less. I could probably give 10-15 high-profile public outings in the last 2-3 years itself. And these are millionaires and billionaires, people on whom many people rely on their livelihoods should have known better. In Indian companies, for communications they do have specific clauses where any communication you had with them is subject to privacy and if you share it with somebody you would be prosecuted, on the other hand if the company does it, it gets a free pass.

2. Because of my own experiences I have been pretty circumspect/slightly paranoid of anybody promising or selling the cool-aid of total privacy. Another example which is of slightly recentish vintage and pains me even today was a Mozilla add-on for which I had done RFP (Request for Package) which a person for pkg-mozext-maintainers@lists.alioth.debian.org (probably will be moved to salsa in near future) packaged and I thanked him/her for it. Two years later it came to fore that under the guise of protecting us from bad cookies or whatever the add-on was supposed to do, it was actually tracking us and selling this information to third-parties.

This was found out by some security researcher casually auditing the code two years down the line (not mozilla) and then being confirmed by other security researchers as well. It was a moment of anguish for me as so many people’s privacy had been invaded even though there were good intentions from my side.

It was also a bit sad as I had assumed (perhaps incorrectly) that Debian does do some automated security audit along with hardening flags that it uses when a package is built. This isn’t to show Debian in a bad light but to understand and realize that Debian has its own shortcomings in many ways. I did hear recently that lot of packages from Kali would make it to Debian core, hopefully some of those packages could also serve as an additional tool to look at packages when they are being built 🙂

I do know it’s a lot to ask for as Debian is a volunteer effort. I am happy to test or whichever way I can contribute to Debian if in doing so we can raise the bar for intended or unintended malicious apps. to go through. I am not a programmer but still I’m sure there might be somehow I could add strength to the effort.

3. The other part is I don’t deny that Google is intrusive. Google is intrusive not just in e-mail but in every way, every page that uses Google analytics or the google Spider search-engine be used for tracking where you are and what you are doing. The way they have embedded themselves in web-pages is it has become almost impossible to see almost all web-pages (some exceptions remain) without allowing google.com to see what you are seeing. I use requestpolicy-continued to know what third-party domains are there on web-page and I see fonts.googleapis.com, google.com and some of the others almost all the time. The problem there is we also don’t know how much information google gathers. For e.g. even if I don’t use Google search engine and if I am searching on any particular topic and if 3-4 of the websites use google for any form or manner, it would be easy to know the information and the line/mode or form of the info. I’m looking for. That actually is same if not more of a problem to me than e-mails and I have no solution for it. Tor and torbrowser-launcher are and were supposed to be an answer to this problem but most big CDNs (Content Distributor Networks) like cloudfare.com are against it so privacy remains an elusive dream there as well.

5. It becomes all the more dangerous when in mobile space where Google Android is the only vendor. The rise of carrier-handset locking which is prevalent in the west has also started making inroads in India. In the manufacturer-carrier-Operating System complex such things will become more common. I have no idea about other vendors but from what I have seen I think the majority might probably be doing the same. IPhone is supposed to also have lot of nastiness where it comes to surveillance.

6. My main worry for protonmail or any other vendor is should we just take them at face-value or is there some other way for people around the world to be assured and in case things take a worse time be possible to file claim for damages if those terms and conditions are not met. I looked to see if I could find an answer to this question which I asked in my previous post and I looked but didn’t find any appropriate answer in your post. The only way I see out of is decentralized networks and apps but they too leave much to be desired. Two examples I can share of the latter. Diaspora started with the idea that I could have my profile in one pod, if for some reason I didn’t like the pod, I could take all the info. to another pod with all the messages, everything in an instant. At least till few months back, I tried to migrate to another pod and found that feature doesn’t work/still a work in progress.

Similarly, zeronet.io is another service which claimed to use de-centralization but for last year or so I haven’t been able to send one email to another user till date.

I used both these examples as both are foss and both have considerable communities and traction built around them. Security or/and anonymity is still at a lower path though as of yet.

I hope I was able to share where I’m coming from.

Webmail and whole class of problems.

Yesterday I was reading Daniel Pocock’s ‘Do the little things matter’ and while I agree with parts of his assessment I feel it is incomplete unless taken from user’s perspective having limited resources, knowledge etc. I am a gmail user so trying to put a bit of perspective here. I usually wait for a day or more when I feel myself getting inflamed/heated as it seemed to me a bit of arrogant perspective, meaning gmail users don’t have any sense of privacy. While he is perfectly entitled to his opinion, I *think* just blaming gmail is an easy way out, the problems are multi-faceted. Allow me to explain what I mean.

The problems he has shared I do not think are Gmail’s alone but all webmail providers, those providing services free of cost as well as those providing services for a fee. Regardless of what you think, the same questions arise whether you use one provider or the other. Almost all webmail providers give you a mailbox, an e-mail id and a web interface to interact with the mails you get.

The first problem which Daniel essentially tries to convey is the deficit of trust. I *think* that applies to all webmail providers. Until and unless you can audit and inspect the code you are just ‘trusting’ somebody else to provide you a service. What pained me while reading his blog post is that he could have gone much further but chose not to. What happens when webmail providers break your trust was not explored at all.

Most of the webmail providers I know are outside my geographical jurisdictions. While in one way it is good that the government of the day cannot directly order them to check my mails, it also means that I have no means to file a suit or prosecute the company in case if breaches do occur. I am talking here as an everyday user, a student and not a corporation who can negotiate, make iron-clad agreements and have some sort of liability claim for many an unforeseen circumstances. So no matter how you skin it, most users or to put it more bluntly almost all non-corporate users are at a disadvantage to negotiate terms of a contract with their mail provider.

So whether the user uses one webmail provider or other, it’s the same thing. Even startups like riseup who updated/shared the canary do show that even they are vulnerable. Also it probably is easier for webmail services to have backdoors as they can be pressurized for one government or the other.

So the only way to solve it really is having your own mail server which to say truthfully is no solution as it’s a full-time job. The reason is because you are responsible for everything. Each new vulnerability you come to know, you are supposed to either patch it or get it patched, or have some sort of workaround. In the last 4-5 years itself, it has become more complex as more and more security features are being added as each new vulnerability or class of vulnerabilities has revealed itself. Add to that at the very least a mail server should at the very least have something like RAID 1 at the very least to lessen data corruption. While I have seen friends who have the space and the money to invest and maintain a mail server most people won’t have the time, energy and the space to do the needful. I don’t see that changing in the near future at least.

Add to that over the years when I did work for companies most of the times I have found I needed to have more than one e-mail client as emails in professional setting need to be responded quickly and most of the GUI based mail clients could have subtle bugs which you come to know only when you are using it.

Couple of years back I was working with Hamaralinux. They have their own mail server. Without going into any technical details, looking into the features needed and wanted for both the parties. I started out using Thunderbird. I was using stable releases of Thunderbird. Even then, I used to see subtle bugs which sometimes used to corrupt the mail database or do one thing or the other. I had to resort to using Evolution which provided comparable features and even there I found bugs so for most of the time I had to resort between hopping between the two mail clients.

Now if you look at the history of the two clients you would assume that most of the bugs should not be there but surprisingly they were. At least for Thunderbird, I remember gecko used to create lot of problems besides other things. I did report the bugs I encountered and while some of them were worked upon, the solution used to often take days and sometimes even weeks to be resolved. Somewhat similar was the case with Evolution also. At times I also witnessed broken formatting and things like that but that is our of the preview of the topic.

Crudely, AFAIK these the basic functions an email client absolutely needs to do –

a. Authenticate the user to the mail server
b. If the user is genuine, go ahead to next step or reject the user at this stage itself.
c. If the user is genuine. let them go to their mailbox.
d. Once you enter the mailbox (mbox) it probably looks at the time-stamp when the last mail was delivered and see if any new mail has come looking at the diff between timesw (either using GMT or using epoch+GMT).
e. If any new mail has come it starts transferring those mails to your box.
f. If there are any new mails which need to be sent it would transfer them at this point.
g. If there are any automatically acknowledgments of mails received and that feature is available it would do that as well.
h. Ideally you should be able to view and compose replies offline at will.

In reality, at times I used to see transfers not completed meaning that the mail server still has mails but for some reason the connection got broken (maybe due to some path in-between or something else entirely)

At times even notification of new mails used to not come.

Sometimes offline Thunderbird used to lock mails or mbox at my end and I had to either use evolution or use some third-party tool to read the mails and rely on webmail to give my reply.

Notice in all this I haven’t mentioned ssh or any sort of encryption or anything like that.

It took me long time to figure out https://wiki.mozilla.org/MailNews:Logging but as you can see it deviates you from the work you wanted to do in the first place.

I am sure some people would suggest either Emacs or alpine or some other tool which works and I’m sure it worked right out of bat for them, for me I wanted to have something which had a GUI and I didn’t have to think too much about it. It also points out the reason why Thunderbird was eventually moved out of mozilla in a sense so that community could do feature and bug-fixing more faster than either mozilla did or had the resources or the will to do so.

From a user perspective I find webmail more compelling even with leakages as Daniel described because even though it’s ‘free’ it also has in-built redundancy. AFAIK they have enough redundant copies of mail database so that even if the node where my mails are dies, it simply will resurrect it from the other copies and give it to me in timely fashion.

While I do hope that in the long-run we do get better tools, in the short-to-medium term at least from my perspective its more about which compromises you are able to live with.

While I’m too small and too common a citizen for the government to take notice of me, I think it’s too easy to blame ‘X’ or ‘Y’ . I believe the real revolution will only begin when there are universal data protection laws for all citizens irrespective of countries and companies and governments are made answerable and liable for any sort of interactive digital services provided. Unless we raise the consciousness of people about security in general and have some sort of multi-stake holders meetings and understanding in real life including people from security, e- mail providers, general users and free software hackers, regulators and if possible even people from legislature I believe we would just be running about in circles.

Economic Migration, Unemployment, Retirement benefits in advanced countries etc.

After my South African Debconf experience and especially the Doha, Qatar layover experience soon after my return back, a friend from Kerala had sent me a link of a movie called Pathemari . For various reasons I could not see the movie till I had come from the Hospital few months back. I would recommend everybody to see that movie if they want to see issues from a blue-collar migrant worker’s views.

Before I venture further, I think a lot of people confuse between economic migration and immigration. As can be seen in the movie, the idea of economic migrants is to do work and come back to his/her own country while immigration is more about political asylum, freedom of expression those kind of ideas. The difference between the two can be starkly seen in one of my favorite movies of all times ‘Moscow on Hudson’.

I have had quite a few discussions with some friends from Kerala last year and years before seeing this movie and had been sort of flabbergasted with the answers shared by them with me at the time. Most of them were on the lines of ‘we don’t want/need any development. I/We would go to X (Any Oil producing country) or west to make money and then come back home. Then why should we have industry ? While this is from personal anecdotal experiences while I was in the hospital, I also saw similar observations online as well. For e.g. Northwestern did an article which explains some of the complexity years ago . More recently has been an IIM, Bangalore Working Paper which corroborates the importance of Nursing to Kerala, the state as well as to the Indian economy as a whole. It’s a pretty interesting paper specifically for those wishing to understand aspects of Indian migration outward (nursing) and some info. about expectations from such migrants who want to join in the labor markets in Netherlands and Denmark (local language, culture, adaptions etc. all of which is good.).

In hindsight, I now agree with parts of the reasons shared by my colleagues and peers from Kerala in context to what has occurred in Goa in recent past and how that affected tourism of the state. While it has been few years since I last stayed in Goa for 2 weeks or more, I have always found it to be a little piece of Paradise tucked in the corner.

Also similarly in the context of median age of Americans rising which was shared in the previous article, I don’t see them replenishing their own ranks with young blood. The baby boom years for America seem to be over (for now and bit into the future). On the medicine side, since we have been talking about nursing. another observation is it seems that the American Government will cut off whole lot of Americans from medical care which Mr. Trump did few days back. The statements shared therein seems much a spin story as no numbers were shared or anything. There was this report I read last year which tells how an urban middle-class American family might suffer depending on how much medicare is cut.

I have seen something very similar happening in Pune, India, with quite a few insurance companies, medical practitioners, staff etc. giving needless medicines or tests where they aren’t needed, more so if you have insurance. Of course after you have availed it, your individual premium will rise as the ‘risk’ has increased but this is veering off the main story. There were quite a few patients who shared their horror stories and lessons with me during my stay in the hospital.

On the labor front I don’t see a way out for Americans to work. For e.g. Patels (a caste and a community) went to States and found that most Americans do not or did not like maintaining motels and they provided/took over the that service, partly as it’s a risky business and partly most motels are run-down etc. Apart from the spin being put in the context of both legal and illegal immigration in States, it seems, at least to me there would be more undocumented illegal Americans living then those coming legally and America would suffer economically due to that.

You can see Qatar doing it already as well as Saudi Arabia trying to be more open, while States seems to be dancing on another beat altogether.

Coming to the India perspective –

Note – Mrs. Sushma Swaraj, Ministry of External Affairs, India has been particularly active and robust in seeking welfare for Indian brethren trying to find work abroad.

One of the few good things that the present Government has done is have a pro-active foreign policy minister and being given a free hand to operate, she also seems to trust herself and others to do the right thing. Although she hasn’t done much apart from taking the lowest apples which were ripe for taking for years, it also tells/reminds that what apathy most Governments had towards foreign policy partly due to the socialist structure and culture in education, culture and even affairs of the State.

While I was reading on the subject I came across I,Daniel Blake . I saw the movie and shared with my mother. We were both shocked as we saw the trials that the gentleman had to go through and eventually his passing away. We thought that only bureaucracy in India was bad, now we come to know its the same at least as UK is concerned.

https://www.theguardian.com/society/2018/jan/19/esther-mcvey-makes-disability-benefits-u-turn-over-payments

https://www.theguardian.com/society/2017/nov/17/benefit-claimants-underpaid-employment-support-allowance

https://www.theguardian.com/society/2016/mar/29/employment-and-support-allowance-the-disability-benefit-cuts-you-have-not-heard-about

https://www.theguardian.com/commentisfree/2018/jan/16/government-policy-poor-people-debt-benefits-universal-credit

http://www.dailymail.co.uk/news/article-3138853/Britain-s-mid-life-crisis-UK-average-age-hits-40-time-population-jumps-500-000-64-6-million.html

https://www.theguardian.com/business/2018/jan/28/freedom-great-deal-of-that-inside-the-eu-brexit

After seeing the movie saw the. The above does give some of the understanding why UK opted for Brexit and the expected fallout that probably will be.

Before I end I want to give a shout out, kudos to Daniel Echeverry for putting guake ported to gtk3 with dark theme. I really like the theme and do hope more themes follow in upcoming days, weeks and months.

Guake, dark theme and gtk3

Also another shoutout to Timo Aaltonen for getting a newer snapshot of xserver-xorg-video-intel for testing .

I do hope to explore a bit more of the new system, see what the new CPU, GPU can do in the coming days and weeks. I did some explorations about libsdl1.2 recently http://lists.alioth.debian.org/pipermail/pkg-sdl-maintainers/2018-January/002711.html and do hope to at least get some know-how where the newer integrated graphics and power options would become more useful in short and medium-term.

I also was thinking about the impending python3 transition and it seems that 90% of the big libraries are ready to make the transition. The biggest laggards seem to be mozilla, which I guess is still trying to deal with the fallout from firefox 57.0, the whole web-extensions bit etc.

Atm it seems a huge setback for mozilla, whether they will be able to survive is entirely on the third-party add-on developers. If that ecosystem doesn’t get enriched to the status they were before the transition, we could see firefox losing lot of users, at least in the short and medium-term.

Lastly, I did try to add a new usb device in the usb-database at https://usb-ids.gowdy.us/read/UD/1ecb/02e2 but there doesn’t seem to be a way to know whether that entry got accepted or not 😦