KDE Applications 4.11 released

Today,  KDE Applications 4.11 has been released. Besides all the new features added, it’s nice to see that one of theses features are KMail supporting themes and that now we have a new theme editor for email headers.

You can see my full report of the Google Summer of Code project in which I worked in the past. In this post I talked about all this stuff.

You can get these themes from KMail -> View – > Headers -> Download New Themes.  And you can create your own ones using the KMail Header Theme Editor and upload them to KDE-Look.

At the moment, there are a couple of email header themes that look beautiful (Kudos to the authors):

KMail header theme

KMail header theme

Thanks to all the KDE Community for the new release, the new features added in applications, workspaces and the platform.

Advertisements

KDE 4.2 “The answer”

kde 4First of all: I always prefer and love KDE for his elegance, customization, easy-usage, great applications and now because is really  interesting for programming. I use KDE in my everyday work: Konqueror (now Dolphin), konsole, k3b, Amarok, kate, Konversation, Kopete and other ones.

When KDE 4.0 was published many people criticize it very hard: A lot of bugs, different look and concept of desktop, different panels, new applications menu, widgets, etc, etc were some features that made most KDE users unhappy. However, KDE developers always said in the announcement page, blogs and mailing lists that KDE 4 is a work in progress and they will be working, coding hard to release new versions of KDE (4.1, 4.2… ) with a lot of improvements.

KDE 4.1 was much better than KDE 4.0(many bugs killed and improvements,more stability, applications,speed), but KDE 4.2, in my opinion, is a version, that give us a stable desktop  with cool, interesting, features not only for users but also for developers. This KDE version was named: “The answer” because it minimize negative, destructive. comments and people who didn’t believe in the KDE community and team. I consider these people don’t know appreciate the innovation and great effort.

Congratulations to the all KDE Team for the hard-work they made. I am really impressed about how can you customize your desktop, add new features and the KDE 4 development way.

In this video you can see the KDE 4 presentation in Google Campus where Aaron Seigo a famous KDE hacker member of the core-team talk about the KDE 4 technology and how KDE innovation can make current desktops obsolete.

Nepomuk, Decibel, Plasma, Oxygen, Solid, Phonon, Akonadi are some parts of KDE 4 that introduce new behaviours and will make a big change in KDE. I am particularly interested in Plasma and Nepomuk for development and deciding in which project participate for this Google Summer of Code. But I need more reading and practicing about how these work. If you  make a Gsoc proposal without researching, reading, practicing and talking to mentors you probably will fail.  In this page, you can see the initial process to start your KDE 4 development environment.

In general KDE 4  has as main goals: Improve the desktop user experience, have better applications and development platform and make our desktop a central place to be more productive. That is my impression and for now on I will continue researching and folowing the KDE development process.

Blogging once again

Wow.  Almost 4 months since my last post, sometimes it’s too hard to update my blog. However, I continue exploring and learning new technologies about my passion: Open Source/Free Software.

Here are some things that happened in the last months:

I started learning Python and Django and I have to admit that since the first moment I tried them that I like it very much. On the other hand, I got tired about how slow rails is and the error messages whenever you upgrade some gems and plugins. Conclusion: I switched to Python-Django for web development. Now I am re-writing an application, written in Rails, with Django.

My boss acquired a dedicated server hosting to run a lot of web services for his company use and proposed me to manage it. Now I am maintaining the server and it was fun to learn SSH and Fedora commands (I use Debian). SSH takes part of my everyday freelance work.

Last week, I finished the development of an e-commerce site for an American company called Misti International Inc. I used the Magento e-commerce platform to develop it. Which at the beginning seems beautiful with a lot of cool features, but you need some patience to understand it deeply, because has a complex structure with too many folder and files and it is kind of difficult to customize it. But, I worked hard on this site and my client is really happy about it. I strongly recommend to learn PHP5 and take a look at the Zend Framework to learn more about the Magento code.

I installed KDE 4.2 in my Debian machine. (Here is a quick tutorial ). The only thing I want to say is: THANKS to all the KDE team for give us this great technology that is so well created and designed. But I will talk about KDE in other posts, because I am really interested in developing for KDE.

Google Summer of Code 2009 was announced and I am going to apply this year again.  I already got in contact with a mentor to work in his proposal and received good feedback about it.

What I learned from GSoC?

Google Summer of Code was a wonderful experience for me, I’ll never forget it. I finished my project and that makes me feel great. Getting opinions and feedback from the Open Source community was really special. In general, this is what I learned:

Community:

Improved my communication skills: Doing a project that involves other people means that you have to be clear in your words, be brief but efficient, and most important, make people understand what you are trying to say.

English:

I wrote a lot in English. (My project, IRC meetings, asking in the list, answering questions, etc). Although, English is not my first language I enjoyed having to be clear with my mentor, the OSVDB (Open Sourced Vulnerability Database) developers and the Google group of summer of coders.

Technology

Ruby and Ruby on Rails: This Ruby user’s guide helped me a lot. I haven’t finished it, but I learned a lot about this great language (regular expressions, strings, arrays, iterators, control structures, OOP, classes, methods). And I also do a lot of programing with the ruby on rails framework. I learned how to manage and modified some plugins.

Actually, working with views is not my favorite part of a project. However, CSS work at the end of the project was really fun. What CSS makes is impressive.

Solr: I never ever have worked with a search server. Solr is just amazing – Fulltext search capabilities. I learned how to integrate Solr and the act_as_solr plugin to my Rails application.

Subversion: I learned how to work with this collaboration tool which I consider makes you more productive. However, I had to deal with so many error messages. I need to learn more commands apart from the common ones.

Vulnerability and Patch concepts.

I believe that being an expert in these fields takes his time. I never did a security system and didn’t work with a security team before. But I learned key concepts related to patches and vulnerabilities that helped me a lot to write the code. For example:

  • Vulns classification: Location, Attack Type , Impact, Solution, Exploits.
  • Vulns technical description and how to test a vulnerability.
  • Patch severity: Critical, Severe,important, Minor, Pointless.
  • Security Products: Nikto, Snort and Nessus.
  • What CVE means.
  • How to associate a vuln-patch with a Vendor/Product/Version.

Many lessons learned in these months let me think what I did wrong and what I did well. I feel that  I’m not always as productive as I might like to, my effort changes with the tasks I’m doing.

Once I read some Linus interview in which he said that if you are completely present in a situation and totally focused on something then that something *becomes* interesting, whatever it may be.

So, I think that making your job interesting and fun and get really focused on the problem are the keys to your project success.

Thanks for your visit to the blog. You can follow me on Twitter:

¡Happy Hacking!

Finishing my project for the Gsoc

These are the latest changes on the project. Before that, it is important to know all the work made before and the information we can submit for a patch.

Basic Information:
Dates(Disclosure, Creation)
Description
Classification
Severity
Ratings

Association with:
Products
Vulnerabilities
Files
Documentation Links
Credits (Authors, Companies)

User Interaction:
Comments:
Stats (views, percent complete).

Updates:

* Allow users select patches based on the watchlist.
* Patches were incorporated into the solr search engine.Main fields were indexed(id, title,short and technical description,dates,vendors and products). For the moment, the search for patches is separated from the search for vulnerabilities.
* An advanced search for patches (For severity, for classification, for products)
* When adding vulnerabilities to a patch, users can auto complete vulns based on the their identifiers..
* I made some CSS work changing the style for the show page on the patches, that way users can distinguish immediately an information page for a patch from a vulnerability.
* However I will need one or maybe two more days to finish all my presentation styles and user alerts when a patch is released and goes into the portal.

I am really glad to see that everything is coming fine and all work made in these months is having sense for me.

Passed GSoC Mid-Term Evaluation

I am really happy. I passed the Google Summer of Code 2008 mid-term evaluation! This means that I get to finish my project patch management portal. I want to thank Dave, my mentor for give me the opportunity to continue working on the project.

This is a quick report of all the work made until this point.

May 26 – June 1: Tables used on the project were created and integrated into the OSVDB schema. Use cases were defined.

June 1-18:

I created an MVC to manage patches. So the base_patches_controller.rb allow us to manage all the actions related to patch submission. I was testing the code and submitting my first patches and all their relevant information and things are going quite well.

So, principal functions were created. You can submit general information about a patch, also associate it with a vendor/product/version, associate it with an author, vulnerability and add a patch rating.

These are the principal actions (methods). However, more actions will be created this week, specially for ratings and vulnerabilities.

General: create edit update destroy
Ratings: addpatchrating updatepatchrating
Products: addvendor showversions
Credits: adduthor update_author deleteauth
Vulnerabilities addvuln deletevuln

I also created and MVC for base_patch_rating_levels. So, it is possible to CRUD patch_rating_levels.

I just worked in models creating maping objects (Has many, belongs_to, has_and_belongs_to), but didn’t work on validations yet. I expect to work in views at the end of this week. (This is HTML and CSS work).

June 18-30: We have the core of Patch Management Portal written. Patches are linked to vulnerabilities and shown in the home page.

-Main views for patches were created.
-Optimization in the database tables.(indexes)
-Active and fragmet caching in some pages and methods.And a patch sweeper created.
-Moderator nav modified to submit a patch and to C,R,U,D rating levels with Active scaffold.
-Home page modified to show “Latest OSVDB Patches” (similar functionality to vulns) with Printer,normal and popup views.

-Validations added to models.

July 01-07: Working on file submission.

This is really important because users can submit a file for everybody to download. So, it is more easy for mostly users to apply the patch just by reading the short-technical description and downloading the file(code).
my my
July 13: File Submission finished. Users can add/delete files related to patches.

You can see my work in progress here in the project wiki and also take a look at my mid-term evaluation. Later on I will be publishing the source code.

I expect to finish the project successfully and be part of the development team.

Summer of Code started

Hey. Today Summer of Code started and I feel pretty well at this point.

I had a good chat with my mentor David Shettler (Leader software developer of the OSVDB team). I consider him a complete professional and better mentor because of his support, humility and his advices.

I remember perfectly the first words he told me today: “Oh Ronny. Fun starts today”.

We discuss many things , mainly about the current OSVDB database schema wich is really big. This let me get a better understanding of the project and making an initial design of my work and use cases.

I got subversion access and I am now looking the source code and running this great software project (OSVDB 2.0). This is a real web application written in ruby on rails used to manage vulnerabilities and all the osvdb website. It is just amazing.

I really enjoyed this day and think this will be a great experience for me and other summer of coders. I am going to inform of my work progress in the OSVDB gsoc 2008 wiki.

Good luck to everyone. Enjoy the summer.