Filmaster.com, a social network for film lovers, has recently presented a new movie recommendations engine. The algorithm that generates recommendations is open source and has been released under AGPLv3 license.

How does it work?

The new algorithm works by fetching the current ratings from database, processing them using a teaching algorithm and then generates recommendations for each user/film pair and eventually stores them in the relational database (PostreSQL). The first and the last part of the process is obviously Filmaster-specific. The teaching algorithm, on the other side, is universal and can be easily used in any external open source project.

The recommendation engine has been designed and implemented based on the best practices of the Nexflix contest participants. The correctness of recommendations (computed using the recommendation engines test, is — according to Filmaster — almost 20% better than in case of the previous algorithm used. Precisely, the RMSE value based on ~250 thousands ratings is as follows:
- 1.55 for the old algorithm
- 1.30 for the new one

Technical details

Here is how the programmers document how the algorithm works.

Movies have a number of different features, each of those can also be rated (e.g. the scripts or the level of violence, etc). Obviously every user has a different attitude to those features. One may enjoy violence, the other might not stand it. So we can also rate users’ preferences for each feature. Here we get our U and M matrices where f_num dimension is the number of features we consider. Notice that in R' every guessed rating (u,m) is now of form: sum of U[u][f]*M[f][m] for every feature f. So the higher the preference for feature f is and the higher is its level in a movie, the higher guessed rating will be. We also need to scale it so it would be in a <1,10> range. So all that needs to be done is to find the possibly best U and M matrixes.

None of the existing SVD algorithms seemed to fit, so teaching approach with a heuristics has been used instead. We start with both matrices U,M filled with the same unsignificantly small real number in each entry. We will now modify it separately for each feature. We begin with teaching the first feature and then after a certain number of teaching cycles we proceed to the second etc. In a teaching cycle we compute the actual R' matrix and then take all nonempty entries (u,m) in R matrix and for each of them we use a given formula:

err = lrate * (R[u][m]-R'[u][m])
U[u][f] += err*M[f][m]
M[f][m] += err*U[u][f]

where lrate is a constant real number and f is a number of presently computed feature.

We notice that when our guessed rating is too low, err will be positive so the entries in U and M will increase. In the other case, err is negative and entries decrease. During the next teaching cycles the err absolute value decreases, as our guess ratings are getting closer to the real ones. In the end going through more cycles does not have significant effect so we proceed to the next feature. This simple formula happens to give quite satisfactory results.

Who stands behind the algorithm?

The algorithm was implemented solely by Jakub Tlałka, currently a mathematics and computer science student on University of Warsaw and part-time Filmaster developer.

Despite the fact that Filmaster is coded in Python using the Django Web Framework, the recommendation engine has been implemented in C++ for performance reasons. It outperforms the previous one (written in Python) by an order of magnitude.

The code and the documentation

• Filmaster movie recommendation algorithm code is exposed in a public bitbucket (Mercurial) repository
• Detailed technical documentation for the new algorithm on Filmaster wiki
• Previous attempts: old algorithm in Python and an unimplemented concept algorithm for those who’d like to work on alternative engines

Try it yourself!

You can test the film recommendation engine yourself by rating at least 20 movies on Filmaster (an account is required - Open ID and Facebook Connect can be used as well) and then switching to the film recommendations page to see the suggestions.

Alternatively, you can use the open source code to apply the algorithm on your own collection of data in any open source project you’re currently working on. If you do so or if you’d like to help enhancing the current alorithm, please leave a comment under this article and write to Filmaster project maintainers at filmaster@filmaster.com.

The author of this article is one of the founders of the Filmaster project, but not the author of the new algorithm.

Stefano Zacchiroli, a new Debian Project Leader, in an interview with Polish Debian Portal speaks about this year’s campaign, realase policy of the project, the Debian GNU/kFreeBSD port and other non-linux ports, and the role of local Debian communities.

Thanks to azhag, we’re happy to publish the interview for you!

Stefano Zacchiroli’s term began on April 17. During last month he has already appoint several delegates, took part — as th DPL — in several discussions, and gave a talk in UDS conference about Debian-Ubuntu relationship.

He took some time out to speak to us about some aspects of Debian.

First of all: congratulation on being elected. Was it a hard campaign? How was it different from last year’s?

Thanks, I feel honored of the result. I’m not really able to judge whether it has been “hard” or not: the most interesting part of DPL campaigning is not really the challenge, but rather that it is the moment where the Debian project discusses of its “politics”, something which rarely happen in other occasions. For sure, by comparison with last year, I can tell that it has been a very intense campaign, as the volume of discussed topics shows.

In rebuttals you wrote that you like some of the opponents ideas. Do you plan to realize some of them, or let your opponents to realize them by themselves?

Sure, I’ve no preconceptions on others’ ideas, and I’d generally love to see implemented all ideas that can improve Debian, no matter who advances them. Regarding who is going to implement them, well, that doesn’t really matter and in my first “bits from the DPL” I’ve already made quite clear that anyone who needs some kind of “DPL blessing” to implement an idea can come to me. The DPL role is mainly about coordination and communication, the real hard work get done by all developers which decide to take responsibility on their shoulders.

During last DebConf Debian accepted a new release policy (actually, a freeze policy, but this leads to releases). Do you think it’s a good policy?

No, not really. That idea was presented during the Release Team talk and then retracted a few days after due to the disruptive effect that a very short development cycle would have add on many of our teams.

That said, all choices about release cycles belong mostly to the Release Team, which should discuss them with the rest of the project. Personally, I don’t see Debian going to a time-based release policy anytime soon, as we very much like to “release when it’s ready”; a value that other users appreciate to.

On the other hand, I find the idea of time-based freezes quite interesting: it enables teams to plan more accurately their development initiatives for a given release, without trading off our “when it’s ready” mantra. Again, that ought to be discussed at large in the project, though, and it should better be postponed after the release of Squeeze.

Debian GNU/kFreeBSD is a release architecture in Squeeze. What do you think about non-Linux ports of Debian? Are they just whims and waste of time and resources, or actually valuable projects?

I think they are very valuable projects. In general, Debian is one of the free software distribution with the largest number of ports (at least for what concerns Linux) and that makes of us a very valuable platform for both upstreams which care about portability and for users of non mainstream *NIX platforms.

The addition of any new port is something that increases our value and I’m particularly proud at the idea of having a non-Linux port in the next Debian stable release. Kudos goes to the kFreeBSD Debian porters and to all developers which have worked towards that goal!

Do you have any “bits from the DPL” to ordinary Debian users, especially those from Poland?

In particular for Poland, I’d like to thank the country for all the valuable Debian Developers and contributors which it has “given” to Debian. I really believe in local communities as the key place to attract new users and to teach them how cool is participating and getting involved in Debian. Keep up the good work, and remember that Debian will continue only if we will manage to explain to more and more people our values and have them join us!

Thank you very much. Wish you a fruitful term.

However, a notable group of Polish lawyers, journalists, academics, enterpreneurs, politicians and bloggers think otherwise and signed a letter (written by myself, btw) to President of Poland, Lech Kaczyński, asking him to turn the law down (in Polish legal system, president has the right to do this, but the parliament can then overcome president’s opposition if 2/3 of the delegates vote for it).

Here is the translation of the letter:

Dear Mr President!

We are addressing You to raise issue crucial for every Polish citizen using Internet. By pushing ahead so called ‘Anti-Gambling Law’ government of Donald Tusk is proposing, in the name of fight against gambling, to claim the right for filtering of all content available on-line. The Art.179a of Telecommunication Law, introducing ‘Registry of Banned Websites and Services’ is supposed to allow that.

It is a very dangerous idea which contradicts the interest of citizens. The statement that Internet should be governed by the same law as that referring to any other part of public space might be valid, however realisation of the above postulate has nothing to do with the constitutional right to freedom of expression. The planned changes in law are simply new way of censorship, very well known to You from previous system. Similar regulations allowing governments unrestricted filtering of content available for citizens are currently in place only in few countries of the world. Amongst those You will find for instance Iran and China. Do we really want Poland to join them?

Internet is a public space enabling expression and exchange of opinions. Thus the top to down filtering of Internet can be only compared to closing citizens mouths before they even start to speak up. It is something that even George Orwell did not imagine in his famous novel “1984″ about vision of totalitarian state.

What can be done towards following the law on the Internet then? Exactly the same as in case of breach of law related to rights of fellow citizens! Those who brake the law need to be simply prosecuted. If a website contains materials banned by law (including treacherous child pornography or content promoting Nazism or hate), we have appropriate mechanisms in place to punish those who are responsible for them. It is more difficult then the top to down filtering, as it requires separate analysis of each case. However does it mean, that for this very reason we should sacrifice our freedom of speech?

In May on the website stopcenzurze.wikidot.com we have collected 75.000 confirmed signatures against possibility of Internet censorship in European Union. No one really expected at that point of time that similar problem might occur in our own homeland.

We hope that having in consideration freedom as major value in a democratic state, You will decide to veto this disadvantageous for citizens proposal.

With regards,

Borys Musielak, creator of Grupa Jakilinux, author of this letter

And the undersigned [list of Polish lawyers, journalists, academics, enterpreneurs, politicians and bloggers here]

(big thanks to Sylwia Presley for the translation!)

Everyone is welcome to sign the petition opposing net neutrality violating law. We already have 75 thousands of signatures and counting!

You can also join the “Stop Cenzurze” group on Facebook to show your stance.

It’s a very important moment for Polish Internet users and for the whole European Union as Poland would be the first country after the passing of the Telekom Package that actually uses the opportunity to censor the Internet. The only other nation in Europe (not EU though) that has similar law is totalitarian Belarus.

Borys Musielak
E-mail: borys@musielak.eu
Phone: +447972761605 (UK mobile)

Lots of Internet forum discussions with various people on the subject of computer piracyillegal copying and intellectual property were my inspiration for this article. Along with the discussions, a lot of inaccuracies and lacks in the image of reality presented to humanity by RIAA, MPAA, MAFIAA and other corporate lobbyists appeared. Because I hate lies and injustice, I decided not to tolerate the false propaganda and to write this article which is a finial of few years of thinking, mentioned discussions and arguments used by both sides of the barricade.

Translated from Polish by Kamil Zawadzki

1. Definitions.

Intellectual property and its theft is often spoken of in media lately, but how many of us actually think about intellectual property and its definition? According to English Wikipedia definition, “Intellectual property (IP) is a term referring to a number of distinct types of legal monopolies over creations of the mind, both artistic and commercial, and the corresponding fields of law.(…)”. Thanks to intellectual property law, “owners are granted certain exclusive rights to a variety of intangible assets, such as musical, literary, and artistic works; discoveries and inventions; and words, phrases, symbols, and designs.”. As we can see, it is a very wide definition.

Everything, that is created by a human mind and is unique in its own way, can be under protection. This way to understand it is not an exaggeration and stands not far from reality given by examples: magenta color registration by German T-Mobile brand, or so-called patent troll, that sued Internet for using technology, that supposedly was his invention.

Case no 1

So if everything can be protected under intellectual property law, even something simple and a trivial, it is logical that every small bit of that “property” is an intellectual property as well. Let’s consider an example, in which somebody actually patents the word “arse”. Since that very moment “arse” becomes an intellectual property of that person. Moreover, let’s assume that all combinations such as “ar”, “rs”, “se” etc, that the word “arse” consists of were already “invented” by somebody else, and they are his intellectual property. Actually, if we would really want to be consequent, the letters “a”, “r”, “s”, “e” are also somebody’s intellectual property. OK, but whose property are those letters? To whom do they belong to? Logical explanation should be be: They belong to those, who actually invented them. So… WHO did invent them?
Society.

Therefore…if society is both the author and owner of “a”, “r”, “s”, “e” letters and all combinations that the “arse” word consists of, how come an author of the “arse” word dares to claim to wholly own the word and demands protection the word from its illegal copying from the government? How can we estimate in what percent is he owner of the word?

The same analogy can be used to all sorts of intellectual property

• Music: If Britney Spears owns her song, created it from the scratch, did she also created words, notes, the way to write notes, instruments, rhythm, dancing and singing? All these are intellectual properties owned by society.
• Software: If programmers are the only ones who own their programs, do they own mathematical and physical laws, algorithms and all other elements that made software creation and compilation possible?
• Films: If filmmakers are the only ones who own their films, do they own the idea of acting, movie with sound, music, audio and video recording on hard drives ? On no account. All of these are intellectual property that have been improved by human race for thousand of years.
• Books: If writers and poets are the only ones who own their books, do they own digits, numbers, letters, words, literate styles or inspirations, that allowed the creation of these works ? Hell no, though all those elements are intellectual property, that nobody has taken into possession using monopoly.
• Inventions: If an inventor/concept creator is the only one who owns an invention/concept, does he also own mathematical, physical, chemical and biological laws that his invention consists of ? Does the baker who patents a new kind of bread also own patents for flour, sponge, oven and concept stating that you can actually create food by boiling ground grain with water and some other ingredients although all the “patents” for those particular things belong to society and are public property?

It often happens, that people compare intellectual property theft to common theft (which is absurd, but we will get to that later). Let’s use the same, senseless weapon and use this comparison to the following example. The question is: Who is the rightful owner of a Mercedes — Mr John, who has all ownership acts for all the parts, that the Mercedes consist of, or rather Mr Bob, Mr. John’s mechanic, who unscrewed and screwed back wheels on John’s car but switched their places?

Conclusion no 1

From the logical point of view, something like “intellectual property” in practice should not exist, because it’s impossible to own something, that consist of other, smaller pieces owned by somebody else. All fragments of someone’s imagination consist of other, smaller fragments of somebody else’s imagination. The difference between fragments and the whole thing is that the most of the fragments are not protected by patents and copyrights, but are indeed public property. (public domain).

In that kind of understanding the matter of intellectual property, we can only own a small amount (<5%) of created intellectual property, because all that we create, invent, imagine, consist mostly of other’s people imagination and realizations.

2. Where did the protection of “intellectual property” come from?

Case no 2a: Copyrights

Today’s copyrights comes from 16th century English censorship organizations and it was suggested, designed and enforced by distributors and printers. 16th century was the century, when first proper printing machines were introduced. That resulted in real explosion of diverse creations, artists. Because of the inspirational character of the easiness and speed of copying works, authors could create more than ever. “Authors’ laws ” (copyrights) weren’t in danger despite there was no authors “protection” system. Creators manufactured a lot of content, which was very disturbing for English Government, because it was afraid of propagation of seditious contents. So the government founded “The London Company of Stationers”, that had monopoly for all English printings and additionally could destroy all works printed illegally.

This system had been working just fine for one and a half century, but at the turn of the 17th century English Government loosened the knots of censorship and wanted to end distributors monopoly to authors delight. Salesmen, at risk of being thrown out on the street, designed a new strategy: they claimed that authors “have no means to distribute their work”, so they need printing machines, distribution network, supplies investment, typographic sets etc – things that can only be provided by a distributor. They came up with distributive copyrights , that limited the copying of the subject of law with the possibility of selling the rights whoever was interested (accurately predicting the fact, that in most of the cases author is going to resell his rights to his publisher).

The system was devised by publishers for publishers as an extension of their censorship monopoly. In them days, it seemed absurd for authors to demand limitations to their work, because why would they want returning to censorship, from which they have just escaped ? Coming up with distributive copyrights was an incredibly devious move of the distributors, that allowed them to survive untouched for the next 300 years till today.

More information in terms of copyrights and its origins can be found in Karl Fogel’s“Surprising History of Copyright and The Promise of a Post-Copyright World”.

Conclusion no 2a

From the logical point of view, there is no grounds for distributive copyrights protection system, that is an censorship extension and a limitation for human mind works distribution, should exist. If authors created more before “intellectual property” protection was introduced and other people’s creations were just inspirations for acting, abolishing “protection” is not going to result in creativity decrease as it’s claimed by organizations that fights piracy illegal copying.

“Anti-piracy” law sets a legal monopoly that blocks natural flow of thoughts, ideas and creations of imagination which limit human creativity by definition, the same as every other monopoly. It should be repealed as soon as possible.

Case no 2b: patent law

Patent law, similarly to copyrights, was created to protect unique innovations of some individual from copying and using this innovations by others. So patent’s core slightly differs from copyrights. In opposition to copyrights, patent is a very old “invention” because it was first used 500 years BC in a Greek city Sybaris.

Typical arguments of patent law supporters are:

Producer’s argument no 1: If there was no patent law, people would not be eager to invent things

• Counter argument no 1:If people hadn’t have motivation to invent new things, how come we have developed as civilizations for 10,000 years before the patent law was invented? Does the lack of patent law made inventing wheel, fire, bow or breeding cattle impossible ? No.
• Counter argument no 2:Do solid evidence with a 90% probability, which indicates that creators wouldn’t published their inventions, if they were unable to get monopoly in order to gain profits exist ?
• Counter argument no 3:If above was supposed to be true, should we assume that, without patent protection most of the inventors wouldn’t publish their creations at all ? If that were true, we would also have to assume, that most of the inventors are extreme egoists, and likelihood of this particular situation is really low.
• Counter argument 4:As far as 3rd counter argument is concerned, If there have never been a patent law, would any of the inventors come up with the idea not to publish his inventions, because he would not get protection? The same as artists would not thought up an idea of copyrights and would still publish everything under free license, also Inventors would publish their inventions freely if it weren’t for distributors which created the protection system.

Producer’s argument no 2: Without patent law, it would not be profitable for corporations to spend millions of dollars on R&D departments.

• Counter argument:Of course, the argument stating that, corporations would not have any motivation for spending millions of dollars on research without being sure that they gain monopoly, is theoretically correct. Corporations act only in their own, purely egoistic, interest - therefore investments that won’t bring 100% long-or-short-term return are pointless from their point of view.However conceptual failure of this kind of thinking is that, we presuppose that corporations have to take care of new technologies research and development. Meanwhile, if there was no patent law, some different business model would emerge, which surely would take into consideration the fact, the one corporation cannot afford to spend large amount of money on R&D. Universe hates emptiness. Maybe this model would rely on non-profit R&D foundations. Another example can be universities, that develop loads of projects every year.Also Wikipedia’s, Linux’s kernel , Apache’s server or self-retorted machineRepRap improvement paths and other projects under free license, that are developed without any corporate guidance, shows that this development model is not only possible, but also may be extremely efficient.Using this model, president/founder decides on the development path for the foundation and corporations may (but don’t have to) support it by dedicating their workers time or by donations. But the example of Linux kernel shows, that investing in this kind of a business model is quite profitable for corporations and investors. (Appendix 1, appendix 2 (PDF)).

Producer’s argument no 3: Because of the factors mentioned in argument 1 and 2, patent law accelerates civilization development.

• Counter argument no 1:By definition, Patent law creates market monopoly, that limits possibilities all subjects apart from, the one who owns the patent. Other subjects cannot freely use patented technology, cannot improve it or create products, that are based on it. These are facts. So, if logical is, that monopoly restricts all people and companies apart from one how is it possible to accelerate development by slowing it down?Let’s consider the following example of an experimental race: Let’s say we deploy 10 sport racing cars on a track, and order every driver to drive at 60mph average. After each lap, we measure the average speed of all cars in general. We don’t need a lot of calculations much to notice, that average speed of all cars will be 60mph which equals the average speed of every single car.Now, let’s put “patent” into the system. We tell only one driver to drive at 120mph. After the race finishes, average of all cars equals 66mph. It’s just slightly more than in the first case.Now, let’s remove the “patent law” and allow every driver drive at the speed of 120mph. It’s not really surprising, that after measuring the average speed of all cars in general the result is 120mph.

  Of course, this example shows only the problem of patent’s idea core, all numbers are made up and and their precision is minimal.

• Counter argument no 2:Does any signs of monopoly on the free market is stimulating or mayberetaining to this market development? If one company gets monopoly for some critical technology and using it cuts out the competitors, will the customer gain or loose, will the prices soar or sink ? I think the answer to this question is generally known, so why would it be any different with legal patent monopoly? Is this some kind of a magic monopoly ?
• Counter argument no 3:Does any sort of a real-life market example, in which monopoly or one company domination is more stimulating for market growth and development exist ? Did AT&T monopoly make calls cheaper or more accessible ? Does Russia’s monopoly for gas deliveries for Poland and Ukraine make these countries have more gas at a lower price than countries that don’t rely on one provider solely ? Nope — and this are just few examples that can be presented. So, If there aren’t any examples (or perhaps there are, but in marginal quantities) that prove monopoly to be more stimulating than open competition, what are the reasons to believe that it will be any different with legal monopolies created by patent laws?
• Counter argument no 4:Mental example: would “locking” groundbreaking inventions such as fire, wheel or money for 1000 years (patent protection period) by a privileged group of people, that would demand enormous tributes for every case of usage of this technologies, be beneficial or disadvantageous for mankind?

Conclusion no 2b

Logically, patent system does not serve healthy competition or customers. It’s pathological and completely unjustified (or justified, but only by greediness and egoism of privileged individuals) legal creation, that creates corporate monopolies, selfish ways of using others’ accomplishments, slowes down natural mankind development that has had been doing just fine for tens of thousand years without any “intellectual property” protection or unnatural monopolies. Having no proof, that this system is beneficial, it should be completely liquidated or replaced by a better solution.

To be continued
(two parts pending:
- the losses caused by “piracy” (i)
- and the ethics of “piracy” (ii))
- stay tuned!)

Remote access to a computer and internal network’s secured resources - all of it in a simple way that’s following well-known security’s best practices? Sounds impossible, but it’s not. How to achieve it explains Bartosz Feński aka fEnIo.

A computer network with a tight security should be separated from the outside world as much, as it’s possible. It’s often the case. Even if there is a over a dozen of devices(PCs), that play different parts assigned to them in terms of company’s infrastructure, usually there is one that separates them from others, a firewall and a router.

On the assumption that the company’s policy is not too strict we often have an free access to this kind of devices. It can be various internal services, databases, servers of whatever is necessary to run a current company. What if, after work, when we are home safe and sound, we still need to connect to one of those servers that are not accessible outside the internal network.

I’ll describe few ways to do it.

SSH ProxyCommand

The simplest and, as far as I reckon, the most often case is when just behind firewall there is a 2nd server accessible by SSH, but only for LAN users. It’s similar to the situation, where router does NAT, and server’s addresses behind him are from private address’ classes. Therefore, If we want to log in, we need to log in to the firewall first.

Sounds familiar ? How many times have you actually tried to do the following:

laptop$ ssh router
[password1]
router$ ssh server
[password2]
server$

I’ve done it millions of times, and if someone does something often enough there is a chance that it would be so infuriating that eventually someone will try to automate it. SSH share the same story.

Let’s make an configuration file on a laptop ~/.ssh/config:

Host server
ProxyCommand ssh router nc %h %p 2> /dev/null

For this configuration to work a program called netcat is necessary, but most of the distributions have it in high-priority packages so it’s often already installed, so… How does the server connection looks like ?

laptop$ ssh server
[password1]
[password2]
server$

Let’s generate a key so we won’t be bothered about all the passwords.

laptop$ ssh-keygen
laptop$ ssh-copy-id router
laptop$ ssh-copy-id server

Login process is much more easier now:

laptop$ ssh server
server$

The coolest thing about it all is the fact, that along with the possibility of logging in to a device that is not public-accessible, we also get the full set of SSH features. There is no problem in using scp, sshfs, forwarding Xs or to set a tunnel to other device through a server.

But what if…

laptop -> router1 -> router2 -> ... -> routerN -> server

There are no barriers to add several devices to ~/.ssh/config and automate the whole login process even if u need to log in to few middle devices before logging in to the right one. You just need to define the right proxy command.

SSH SOCKS

SSH problem is solved, but what if the service we try to get to is, for example, a WWW server? We can use text browsers from the device we logged in, but it’s not really elegant or convenient.

We can use,mentioned earlier, port forwarding, that along with automatic login to different devices is a pretty flexible solution, but we need to remember to add certain SSH commands to every service or setting it all up in ~/.ssh/config)….

… but SSH function SOCKS saves the day:

laptop$ ssh -D 8080 router
[password1]
router$

If we generated a key, then we don’t need to give a password. We need to set up localhost as a SOCKS server and port 8080 in our browser. All connections will be tunneled to the router and visible for the WWW server as if they were initiated from this device.

Not every applications let’s you use SOCKS server though, but there is a cure. It’s called tsocks. It’s a simple program, that with the help of LD_PRELOAD variable, makes applications use the alternative versions of the connect(), sendto(), socket() functions. Thanks to that the applications can use middle servers almost without any dedicated configuration, unconsciously if we may use this term in reference to binary beings.

The configuration file should look as follows:

server = 127.0.0.1
server_type = 5
server_port = 8080

Now the applications, we’d like to “deceive” should be run:

laptop$ tsocks application_without_socks_support

As I’ve just presented, with SSH and a simple program we can quite easily organize our work environment and bypass limitations caused by a firewall. We can’t solve all our problems though. Let’s take our old FTP for example. It needs 2 ports to communicate, so it can’t be deceived in the way shown above. Moreover, if there is 40 services run on 30 devices behind firewall SSH configuration will be exceptionally complex and hard to maintain.

Perfect would be a solution, in which our laptop with a certain address’ class simply connects to through a channel to the targeted devices in a way, that the device knows the connection came from a secured and trusted network.

OpenVPN

OpenVPN solves the problem. To the contrary to SSH-based solutions, that works on 7th layer (application), OpenVPN works on 3rd (network)or even 2nd (transport) layer so it’s entirely transparent for the software. Moreover, it comes with authentication and encryption, so we don’t loose anything comparing to SSH.

Although since version 4.3 OpenSSH makes 2/3 layer tunneling possible,
but its configuration stands next to impossible.

OpenVPN allows making advanced configurations and, for instance, setting up a secured connection between several corporate branches. I’ll limit the example and only show how to gain access in the case described at the beginning of this article. Laptop will be a client and a VPN server will be configured on a router.

I assume, that openvpn package is installed on the laptop and the router. Let’s generate a key (that will be used to encrypt and authenticate the transmission) on the router.

router$ openvpn --genkey --secret /etc/openvpn/static.key

And a configuration file /etc/openvpn/server.conf:

dev tun
ifconfig 10.8.0.1 10.8.0.2
secret static.key

10.8.x class’ addresses will be used to set up a tunnel. You are free to choose your own addresses.

One thing left is to run the server:

router$ sudo /etc/init.d/openvpn start

We should get one more interface

tun0      Link encap:UNSPEC
HWaddr 00-00-00-00-00-00-00-00-00-00-00-00-00-00-00-00
inet addr:10.8.0.1  P-t-P:10.8.0.2  Mask:255.255.255.255
UP POINTOPOINT RUNNING NOARP MULTICAST  MTU:1500  Metric:1
RX packets:0 errors:0 dropped:0 overruns:0 frame:0
TX packets:0 errors:0 dropped:0 overruns:0 carrier:0
collisions:0 txqueuelen:100
RX bytes:0 (0.0 B)  TX bytes:0 (0.0 B)

Moreover we need to unlock the 1194 port in firewall setup.

We copy generated static.key on the laptop and we create client configuration file /etc/openvpn/client.conf:

remote routers_address
dev tun
ifconfig 10.8.0.2 10.8.0.1
secret static.key
route 192.168.0.0 255.255.255.0

Now we switch routers_address to its actual address. Route option will make a new record in routing table visible and from now all transfer is directed to the set up tunnel.

Last but not least thing we have to do is to run VPN on the laptop:

laptop$ sudo /etc/init.d/openvpn start

Let’s look at the routing table:

10.8.0.1    0.0.0.0    255.255.255.255 UH  0    0    0 tun0
192.168.0.0 10.8.0.1   255.255.255.0   UG  0    0    0 tun0

That’s the way to set up the simplest configuration. Of course, as everything, It has its flaws. For example, everyone who has the key can access our network – sometimes though the key may fall into the wrong hands. OpenVPN has its own, more sophisticated authentication methods – simply get the generated key password-protected, but its security is far beyond this article framework.

Translated from Polish: Kamil Zawadzki

I have managed to find some time to cover the recent changes in the development version of KDE 4.4. The number of changes is not impressive but they are interesting enough to write an article.

Adding applets

There was a time when I complained about the convoluted process of adding new Plasma applets. Not anymore! Today I can say it’s easy and much more intuitive, although still not flawless. For instance, scrolling between the available applets horizontally is not very user-friendly.

The changes made here were cosmetic. The scrolling looks nicer and the information about the applets being displayed is more detailed.

KRunner like YaKuake

A very nice change in KRunnera! Now we can configure it in the way that it’s displayed not in the centre of the screen but shows up in an elegant way at the top of the screen.

Animated Oxygen

Now the window decoration of Oxygen has all the items animated, making it seem more lively. The effects are delicate and it a good taste.

I was too lazy this time to make my own video, so I’ll use the one prepared by Nuno to illustrate what I’m talking about.

Direct link to video: http://www.youtube.com/watch?v=O5Cv0z0dqfk

Grouping windows

The best change ever is the window grouping feature. Now we can put together many windows into one and switch between them using the tabs located in the window title. Have you seen something like that before? Very useful!

Other changes

The module responsible for configuring the mouse actions have been finally cleared up, and the window with System settings got the tooltips.

Stability

To my great surprise, the whole thing works fast and the system is responsive. I haven’t encountered a single crash when playing with KDE 4.4 r1055000. This makes my hope that the next release of my favorite desktop envoronment will be a great success.

The original text was published on official Polish KDE blog: KDE 4.4 r1055000

As an experiment I decided to build Media PC based on Linux. First of all I was wondering, how much did the Linux distributions evolve in the past few years (I’ve used Linux since a few years only on servers). The second thing is, I was fascinated by quite new, miniaturized hardware solutions based on Intel Atom processors. The third was, I wanted to check in real life the suitability of so called Media P..

So, as I mentioned in the previous post, flickr’s CC license image search tool is totally awesome, and that’s where I found today’s image. In the spirit of the license, I’m attributing flickr user Daniel Montesinos as the original photographer. Thank you Daniel. I will also make my finished product available with the same license provisions on my flickr page.

On with the show!

1. Open your photograph in the GIMP and duplicate the background layer. Name the new layer B&W or something descriptive like that.



2. Click on Layer>Color>Desaturate. This will make the layer appear black and white even though it’s still in RGB. That’s not terribly important for this tutorial, but it can be if you’re wanting to do some more advanced blending. But that’s a topic for another day.
3. Right click your B&W layer and click Add layer mask


Now you are all set to begin colorizing an area. What you’re going to do is paint black over the masked area to reveal the color layer beneath. I use a Wacom tablet for this which I find infinitely more usable than a mouse since I can use the pressure sensitivity to do neat things like change the diameter or hardness of the brush dynamically, but it’s not that hard with a mouse either. Onward!

4. With a soft brush selected and set to black, start painting inside the area you want to reveal. In our case, the flower petals and leaves and stem of the center flower. Zoom way in (Shift++) to get the tiny little hairs. Notice the layer mask will have a black and white thumbnail of the areas you’re painting.



5. Once you’ve got the area you want colorized revealed, you may want to play with the color a little. I increased the saturation of the color layer in order to make it stand out a little more. Here’s the final revision:

Thank you for following along today. Stick around for more photo retouching and editing. I’ll try to pick something a little more in depth for the next topic.