KDE 4.2 “The answer”

First of all: I always prefer and love KDE for his elegance, customization, easy-usage, great applications and now because is really  interesting for programming. I use KDE in my everyday work: Konqueror (now Dolphin), konsole, k3b, Amarok, kate, Konversation, Kopete and other ones.

When KDE 4.0 was published many people criticize it very hard: A lot of bugs, different look and concept of desktop, different panels, new applications menu, widgets, etc, etc were some features that made most KDE users unhappy. However, KDE developers always said in the announcement page, blogs and mailing lists that KDE 4 is a work in progress and they will be working, coding hard to release new versions of KDE (4.1, 4.2… ) with a lot of improvements.

KDE 4.1 was much better than KDE 4.0(many bugs killed and improvements,more stability, applications,speed), but KDE 4.2, in my opinion, is a version, that give us a stable desktop  with cool, interesting, features not only for users but also for developers. This KDE version was named: “The answer” because it minimize negative, destructive. comments and people who didn’t believe in the KDE community and team. I consider these people don’t know appreciate the innovation and great effort.

Congratulations to the all KDE Team for the hard-work they made. I am really impressed about how can you customize your desktop, add new features and the KDE 4 development way.

In this video you can see the KDE 4 presentation in Google Campus where Aaron Seigo a famous KDE hacker member of the core-team talk about the KDE 4 technology and how KDE innovation can make current desktops obsolete.

Nepomuk, Decibel, Plasma, Oxygen, Solid, Phonon, Akonadi are some parts of KDE 4 that introduce new behaviours and will make a big change in KDE. I am particularly interested in Plasma and Nepomuk for development and deciding in which project participate for this Google Summer of Code. But I need more reading and practicing about how these work. If you  make a Gsoc proposal without researching, reading, practicing and talking to mentors you probably will fail.  In this page, you can see the initial process to start your KDE 4 development environment.

In general KDE 4  has as main goals: Improve the desktop user experience, have better applications and development platform and make our desktop a central place to be more productive. That is my impression and for now on I will continue researching and folowing the KDE development process.

Blogging once again

Wow.  Almost 4 months since my last post, sometimes it’s too hard to update my blog. I’m married, have a beautiful baby, study and work and believe me that is a little bit difficult to manage.

However, I continue exploring and learning new technologies about my passion: Open Source/Free Software.

Here are some things that happened in the last months.

I started learning Python and Django and I have to admit that since the first moment I tried them that I like it very much. On the other hand, I got tired about how slow rails is and the fucking error messages whenever you upgrade some gems and plugins. Conclusion: I switched to Python-Django for web development. Now I am re-writing an application, written in Rails, with Django.

My boss acquired a dedicated server hosting to run a lot of web services for his company use and proposed me to manage it. Now I am maintaining the server and it was fun to learn SSH and Fedora commands (I use Debian). SSH takes part of my everyday freelance work.

Last week, I finished the development of an e-commerce site for an American company called Misti International. I used the Magento e-commerce platform to develop it. Which at the beginning seems beautiful with a lot of cool features, but you need some patience to understand it deeply, because has a complex structure with too many folder and files and it is kind of difficult to customize it. But, I worked hard on this site and my client is really happy about it. I strongly recommend to learn PHP5 and take a look at the Zend Framework to learn more about the Magento code.

I installed KDE 4.2 in my Debian machine. (Here is a quick tutorial ). The only thing I want to say is: THANKS to all the KDE team for give us this great technology that is so well created and designed. But I will talk about KDE in other posts, because I am really interested in developing for KDE.

Google Summer of Code 2009 was announced and I am going to apply this year again.  I already got in contact with a mentor to work in his proposal and received good feedback about it.

That’s it. Well , I forgot to mention that with Maritza and Celeste (wife and daughter) visited many tourist places here in Arequipa and had great moments. I love spend and enjoy time with my 2 girls.

¡Grande BarCampLima!

Que linda experiencia, lindo día, no sé como describirlo, pero el 1er BarCamp Lima para mi fue simplemente de puta madre. Un evento que definitivamente debe repetirse, me encantó los pequeños debates que se armaban mientras alguien exponía, la informalidad, la colaboración, el espíritu open source, charlas interesantísimas, aprendí muchísimo sobre todo temas de los cuales tenía muy poco conocimiento como por ejemplo Computación en la nube (Cloud Computing) y también temas que me apasionan como programación en la web.

Y claro también hice unos cuantos amigos e intercambié un par de ideas con varios de los geeks presentes.

Aquí está el video de mi charla, motivando a la gente para que participe en el Google Summer of Code.

Google Summer of Code – Barcamp Lima

Felicitaciones a todos los organizadores, colaboradores, participantes y a todos los que hicieron de esto un gran día.

¡Salud por el BarCampLima!

What I learned from Gsoc?

Google Summer of Code was a wonderful experience for me, I’ll never forget it. I finished my project and that gave me a lot of satisfaction. Getting opinions and feedback from the open source community was really special. In general, this is what I learned:

Community:

Improve my communication skills: Doing a project that involves other people means that you have to be clear in your words, be brief but efficient, and most important, make people understand what you are trying to say.

English:

I wrote a lot in English. (My project, IRC meetings, asking in the list, answering questions, etc). Although, English is not my first language I enjoyed having to be clear with my mentor, my organization and the Google group of summer of coders.

Technology

Ruby and Ruby on Rails: This Ruby user’s guide helped me a lot. I haven’t finished it, but I learned a lot about this great language (regular expressions, strings, arrays, iterators, control structures, OOP, classes, methods). And I also do a lot of programing with the ruby on rails framework. I learned how to manage and modified some plugins.

Actually working with views is not my favorite part of a project. However, CSS work at the end of the project was really fun. What CSS make is impressive.

Solr: I never ever have worked with a search server. Solr is just amazing – Full-Text Search Capabilities- . t I learned how to integrate Solr and the act_as_solr plugin to my Rails application.

Subversion: I learned how to work with this collaboration tool which I consider make you more productive. However, I had to deal with so many error messages, strange problems, I need to learn more commands apart from the common ones.

Vulnerability and Patch concepts.

I believe that be an expert in these fields takes his time. I never did a security system and didn’t work with a security team before. But I learned key concepts related to patches and vulnerabilities that helped me a lot to write the code. For example:

• Vulns classification (Location, Attack Type , Impact, Solution, Exploits).
• Vulns technical description and how to test a vulnerability.
• Patch severity (Critical, Severe,important, Minor, Pointless )
• Security Products: Nikto, Snort and Nessus.
• What CVE means.
• How to associate a vuln-patch with a Vendor/Product/Version

Many lessons learned in these months let me think what I did wrong and what I did well. I feel that  I’m not always as productive as I might like to, my effort changes with the tasks I’m doing.

Once I read some Linus interview in which he said that if you are completely present in a situation and totally focused on something then that something *becomes* interesting, whatever it may be.

So, I think that making your job interesting and fun and get really concentrated on the problem are the keys to your project success.

I would like to participate for Gsoc 2009 again.

¡Happy Hacking!

Rails 2.2 will be thread safe

Reading the rubyonrails blog I read that Rails 2.2 will be thread safe and that this hard work comes from a Google Summer of Coder. Josh Peek who will join the rails core.

This is a great advance for the framework, because many people were looking for merb for this rails weak, but this improvement will attract new developers to join the rails community.

Congratulations Josh.

Finishing my project for the Gsoc

These are the latest changes on the project. Before that, it is important to know all the work made before and the information we can submit for a patch.

Basic Information:
Dates(Disclosure, Creation)
Description
Classification
Severity
Ratings

Association with:
Products
Vulnerabilities
Files
Documentation Links
Credits (Authors, Companies)

User Interaction:
Comments:
Stats (views, percent complete).

Updates:

* Allow users select patches based on the watchlist.
* Patches were incorporated into the solr search engine.Main fields were indexed(id, title,short and technical description,dates,vendors and products). For the moment, the search for patches is separated from the search for vulnerabilities.
* An advanced search for patches (For severity, for classification, for products)
* When adding vulnerabilities to a patch, users can auto complete vulns based on the their identifiers..
* I made some CSS work changing the style for the show page on the patches, that way users can distinguish immediately an information page for a patch from a vulnerability.
* However I will need one or maybe two more days to finish all my presentation styles and user alerts when a patch is released and goes into the portal.

I am really glad to see that everything is coming fine and all work made in these months is having sense for me.

Passed GSoC Mid-Term Evaluation

I am really happy. I passed the Google Summer of Code 2008 mid-term evaluation! This means that I get to finish my project patch management portal. I want to thank Dave, my mentor for give me the opportunity to continue working on the project.

This is a quick report of all the work made until this point.

May 26 – June 1: Tables used on the project were created and integrated into the OSVDB schema. Use cases were defined.

June 1-18:

I created an MVC to manage patches. So the base_patches_controller.rb allow us to manage all the actions related to patch submission. I was testing the code and submitting my first patches and all their relevant information and things are going quite well.

So, principal functions were created. You can submit general information about a patch, also associate it with a vendor/product/version, associate it with an author, vulnerability and add a patch rating.

These are the principal actions (methods). However, more actions will be created this week, specially for ratings and vulnerabilities.

General: create edit update destroy
Ratings: addpatchrating updatepatchrating
Products: addvendor showversions
Credits: adduthor update_author deleteauth
Vulnerabilities addvuln deletevuln

I also created and MVC for base_patch_rating_levels. So, it is possible to CRUD patch_rating_levels.

I just worked in models creating maping objects (Has many, belongs_to, has_and_belongs_to), but didn’t work on validations yet. I expect to work in views at the end of this week. (This is HTML and CSS work).

June 18-30: We have the core of Patch Management Portal written. Patches are linked to vulnerabilities and shown in the home page.

-Main views for patches were created.
-Optimization in the database tables.(indexes)
-Active and fragmet caching in some pages and methods.And a patch sweeper created.
-Moderator nav modified to submit a patch and to C,R,U,D rating levels with Active scaffold.
-Home page modified to show “Latest OSVDB Patches” (similar functionality to vulns) with Printer,normal and popup views.

-Validations added to models.

July 01-07: Working on file submission.

This is really important because users can submit a file for everybody to download. So, it is more easy for mostly users to apply the patch just by reading the short-technical description and downloading the file(code).
my my
July 13: File Submission finished. Users can add/delete files related to patches.

You can see my work in progress here in the project wiki and also take a look at my mid-term evaluation. Later on I will be publishing the source code.

I expect to finish the project successfully and be part of the development team.

Summer of Code started

Hey. Today Summer of Code started and I feel pretty well at this point.

I had a good chat with my mentor David Shettler (Leader software developer of the OSVDB team). I consider him a complete professional and better mentor because of his support, humility and his advices.

I remember perfectly the first words he told me today: “Oh Ronny. Fun starts today”.

We discuss many things , mainly about the current OSVDB database schema wich is really big. This let me get a better understanding of the project and making an initial design of my work and use cases.

I got subversion access and I am now looking the source code and running this great software project (OSVDB 2.0). This is a real web application written in ruby on rails used to manage vulnerabilities and all the osvdb website. It is just amazing.

I really enjoyed this day and think this will be a great experience for me and other summer of coders. I am going to inform of my work progress in the OSVDB gsoc 2008 wiki.

Good luck to everyone. Enjoy the summer.

Wellcome Google Summer of Code

wget http://code.google.com/soc/2008/soc.gz
tar xvzf soc.gz
cd soc
./configure && make && make install

#!/usr/bin/ruby

class SummerofCode
  attr_accessor :words

  def initialize(words = "Happy")
    @words = words
  end

  def wellcome
    if @words.nil?
      puts "..."
    elsif @words.respond_to?("each")

      @words.each do |word|
        puts " #{word}"
      end
    else
      puts " #{@words}"
    end
  end

end

if __FILE__ == $0
  soc = SummerofCode.new
  soc.wellcome

  soc.words = "Thanks OSVDB"
  soc.wellcome

  soc.words = ["Wellcome", "Google", "Summer of Code","2008"]
  soc.wellcome

end

ruby soc.rb

Happy
Thanks OSVDB
Wellcome
Google
Summer of Code
2008
...
...

rails patch_management_portal

These last two months were really exciting:
Researching, reading, writing, talking with mentors, reviewing and reviewing my applications, hanging out in the Gsoc IRC channel, nervous, anxious, refreshing the Gsoc page every minute and finally waiting for the final word. ¡Great experience! But, this just starts.

THANKS TO GOOGLE, OSVDB, and folks from the open source community who encouraged, adviced and guided me to participate in this Summer of Code.

I am going to work and code hard to make the best Open Source “Patch Management Software” and give it free (Like in Freedom) to the Information Security World and of course to the Open Source Vulnerability Database.

I dedicate all this effort to my wonderful country Peru and to the women who trust 100% at me: My four wifes: Maria, Nadia, Maritza and Celeste.

WE CAN DO IT

Patch Management Portal at Google