Allgemein horde Tech

Heads Up: Cannot login as horde admin anymore?

Please be careful: Horde has introduced a new default setting $conf[‚auth‘][‚lowercase‘] which acts like the auth hook used to do.

This might lead to issues when your default admin account is named „Administrator“.

It is actually a very useful setting. It ensures that any prefs and other profiles also work with case-insensitive backends regardless of how you type the user name.

How to fix?

a) Lowercase all admin names in your $conf[‚auth‘][‚admin‘] settings in conf.php

b) disable $conf[‚auth‘][‚lowercase‘] by setting it to false value.


The state of horde composer deployments

In early 2019 I first wrote a few lines on migrating horde to composer based setups.

Even though I was too occupied with other business for several months, I have something to show and it is time to review what we have and what we don’t have.

The good news is, it really runs as far as I am concerned. For the mainstream apps, the Web UI works correctly as well as caldav/carddav access, handling of db schema migrations, some critical commandline scripts. There is still a lot of scripts to check and possibly fix.

The Horde Components helper has been modified to be run as a part of a horde deployment or standalone. It can also still be run from git-tools. I added some code to git-tools to improve the way it wraps horde-components. However, most things git-tools provides are no longer that interesting to the casual developer or to deploying horde master tree installations.

I also improved the horde Controller/Routes core. It is now more successful in detecting which app handles a request. Also, a new option for unauthenticated routes and for „API style“ auth handling has been included. This enables REST interfaces.

I finally did a small proof of concept app which is completely based on the controller/routes core and does not have a single traditional „page“ file. Maybe this should be provided as an alternative skeleton.

How to run your own composer based install

Running a new horde install for development or CI purpose is as easy as:

cd your/web/root/
git clone https://github.com/maintaina-com/horde-deployment.git .
composer install
cp web/horde/config/conf.php.dist web/horde/config/conf.php

For using a database, provide a config with a db backend instead.
You might also want to run web/horde/bin/horde-db-migrate.

I intend to improve the installer a little to detect if pre-made configs have been put into expected locations of the deployment and use them.

Why you should not use this in production

This deployment comes „as is“. It is still dependent on a satis server not controlled by the horde organisation, running a no-warranties fork of the unreleased git master code. If you run this in production, you need to do a lot of QA for your specific use case. Patches welcome. You may also encounter features not part of official horde releases because they are incomplete, lacking tests or else.

I am still trying to get this upstream. Dealing with a downsteam horde distribution of 150+ repos is tedious work. I’d rather invest time in actual software development. In case you really need to, contact me about commercial support options.

Allgemein horde OpenSUSE Tech

PEAR down – Taking Horde to Composer

Since Horde 4, the Horde ecosystem heavily relied on the PEAR infrastructure. Sadly, this infrastructure is in bad health. It’s time to add alternatives.

Everybody has noticed the recent PEAR break-in.

A security breach has been found on the http://pear.php.net webserver, with a tainted go-pear.phar discovered. The PEAR website itself has been disabled until a known clean site can be rebuilt. A more detailed announcement will be on the PEAR Blog once it’s back online. If you have downloaded this go-pear.phar in the past six months, you should get a new copy of the same release version from GitHub (pear/pearweb_phars) and compare file hashes. If different, you may have the infected file.

While I am writing these lines, pear.php.net is down. Retrieval links for individual pear packages are down. Installation of pear packages is still possible from private mirrors or linux software distribution packages (openSUSE, Debian, Ubuntu). Separate pear servers like pear.horde.org are not directly affected. However, a lot of pear software relies on one or many libraries from pear.php.net – it’s a tough situation. A lot of software projects have moved on to composer, an alternative solution to dependency distribution. However, some composer projects have dependency on PEAR channels.

I am currently submitting some changes to Horde upstream to make Horde libs (both released and from git) more usable from composer projects.
Short-term goal is making use of some highlight libraries easier in other contexts. For example, Horde_ActiveSync and Horde_Mail, Horde_Smtp, Horde_Imap_Client are really shiny. I use Horde_Date so much I even introduced it in some non-horde software – even though most functionality is also somewhere in php native classes.

The ultimate goal however is to enable horde groupware installations out of composer. This requires more work to be done. There are several issues.

  • The db migration tool checks for some pear path settings during runtime https://github.com/horde/Core/pull/2 Most likely there are other code paths which need to be addressed.
  • Horde Libraries should not be web readable but horde apps should be in a web accessible structure. Traditionally, they are installed below the base application („horde dir“) but they can also be installed to separate dirs.
  • Some libraries like Horde_Core contain files like javascript packages which need to be moved or linked to a location inside another package. Traditionally, this is handled either by the „git-tools“ tool linking the code directory to a separate web directory or by pear placing various parts of the package to different root paths. Composer doesn’t have that out of the box.

Horde already has been generating composer manifest files for quite a while. Unfortunately, they were thin wrappers around the existing pear channel. The original generator even took all package information from the pear manifest file (package.xml) and converted it. Which means, it relied on a working pear installation. I wrote an alternative implementation which directly converts from .horde.yml to composer.json – Calling the packages by their composer-native names. As horde packages have not been released on packagist yet, the composer manifest also includes repository links to the relevant git repository. This should later be disabled for releases and only turned on in master/head scenarios. Releases should be pulled from packagist authority, which is much faster and less reliant on existing repository layouts. https://github.com/horde/components/pull/3

To address the open points, composer needs to be amended. I currently generate the manifests using package types „horde-library“ and „horde-application“ – I also added a package type „horde-theme“ for which no precedent exists yet. Composer doesn’t understand these types unless one adds an installer plugin https://github.com/maintaina-com/installers. Once completed and accepted, this should be upstreamed into composer/installers. The plugin currently handles installing apps to appropriate places rather than /vendor/ – however, I think we should avoid having a super-special case „horde-base“ and default to installing apps directly below the project dir. Horde base should also live on the same hierarchy. This needs some additional tools and autoconfiguration to make it convenient. Still much way to go.

That said, I don’t think pear support should be dropped anytime soon. It’s the most sensible way for distribution packaging php software. As long as we can bear the cost involved in keeping it up, we should try.


Current (10/2018) Tumbleweed on Raspberry Pi 1


I just had a little struggle getting the current tumbleweed to run on the original Raspberry Pi (first generation, though the revision with larger RAM).

Just in case this helps anybody: I did not have any luck with a fresh openSUSE Tumbleweed image of one of the current arm6 builds. Don’t know why.

Here’s what I did:
– Download a pretty old known-good OpenSUSE 13.1 built by Bernhard Wiedemann


Unzip, dump it to SD Card

xz -d raspberrypi-opensuse-latest.img.xz
dd if=raspberrypi-opensuse-latest.img of=/dev/mmcblk0 bs=8M

Boot up, change to text console (CTRL + ALT + F2)
Log In (root/linux)

Change Password (passwd)

nano /etc/zypp/repos.d/oss131.repo
Change baseurl line to
Save and get out (CTRL+X, Y)

#Resize partition and FS as this build won’t do:
# Adjust to more if your card is larger or to less if you need a more advanced partitioning scheme

parted resize 3 16G

resize2fs /dev/mmcblk0p3

zypper ref

zypper up gzip rpm

zypper dup –download in-advance

#(super conservative, get all needed packages first) – This is going to take quite a while

reboot, power cycle

Note that you will end up with a system booting into X11 login. You should probably change the default systemd target and maybe also get rid of some software. And you really don’t want a server with ssh password „linux“, so better don’t skip changing the PW


horde OpenSUSE Tech

horde trustr – A new horde CA app step by step

Trustr is my current project to create a simple certificate management app.
I decided that it is just about the right scope to demonstrate a few things about application development in Horde 5.

I have not made any research if the name is already occupied by some other software. Should any problems arise, please contact me and we will find a good solution. I just wanted to start without losing much time on unrelated issues.

My goals as of now:

– Keep everything neat, testable, fairly decoupled and reusable. The core logic should be exportable to a separate library without much change. There won’t be any class of static shortcut methods pulling stuff out of nowhere. Config and registry are only accessed at select points, never in the deeper layers.
– Provide a CLI using Horde_Cli and Horde_Cli_Application (modeled after the backup tool in horde base git)
– Store to relational database using Horde_Db and Horde_Rdo for abstraction
– Use php openssl extension for certificate actions, but design with future options in mind
– Rely on magic openssl defaults as little as possible
– Use conf.xml / conf.php for any global defaults
– Show how to use the inter-app API (reusable for xml-rpc and json-rpc)
– Showcase an approach to REST in Horde (experimental)

The app is intended as a resource provider. The UI is NOT a top priority. However, I am currently toying around with a Flux-like design in some unrelated larger project and I may or may not try some ideas later on.

Initial Steps: Creating the working environment

I set up a new horde development container using the horde tumbleweed image from Open Build Service and a docker compose file from my colleague Florian Frank. Please mind both are WIP and improve-as-needed projects.

git clone https://github.com/FrankFlorian/hordeOnTumbelweed.git
cd hordeOnTumbelweed
docker-compose -f docker-compose.yml up

This yields a running horde instance on localhost and a database container.
I needed to perform a little manual setup in the web admin ui to get the DB to run and create all default horde schemas.

Next I entered the developer container with a shell
docker exec -it hordeOnTumbelWeed_php_1 bash

There are other ways to work with a container but that’s what I did.


Creating a  skeleton app

The container comes with a fairly complete horde git checkout in /srv/git/horde and a clone of the horde git tools in /srv/git/git-tools

A new skeleton app can be created using

horde-git-tools dev new --author "Ralf Lang <lastname@b1-systems.de>" --app-name trustr

The new app needs to be linked to the web directory using

horde-git-tools dev install

Also, a registry entry needs to be created by putting a little file into /srv/git/horde/base/config/registry.d

cat trustr-registry.d.php

// Copy this example snipped to horde/registry.d
$this->applications['trustr'] = array(
'name' => _('Certificates'),
'provides' => array('certificates')


This makes the new app show up in the admin menu. To actually use it and make it appear in topbar, you also need to go to /admin/config and create the config file for this app. Even though the settings don’t actually mean anything by now, the file must be present.

I hope to follow up soon with articles on the architecture and sub systems of the little app.


Why upstream rejects patches

I held „12 Gründe, warum dein Patch immer abgelehnt wird“ (12 top reasons why upstream rejects your patches) at Chemnitzer Linuxtage 2018, using examples from OpenStack, Horde and nextcloud. I intend to follow up with some blog posts shortly.


Boneyard – a barebone horde „dynamic view“ app based on „skeleton“.

Boneyard – a barebone horde „dynamic view“ app based on „skeleton“.

In this article, I will show you some minimal setup for a „horde5 dynamic view“ application as demonstrated by hermes time tracking and kronolith calendar

We have a working git checkout of a 5.2 or master installation of horde with some authentication and prefs backend working and the migrations inplace.
If your setup did not involve editing install_dev.conf, you probably have something else and I cannot guarantee this walkthrough will work for you without adopting some parts.

Let’s generate a fresh application called boneyard

maintaina:/srv/git/horde5-webmail/horde # php framework/bin/horde-generate-module boneyard "Ralf Lang "
Started new Module in /srv/git/horde5-webmail/horde/boneyard!
Register the new Module with a file in the config/registry.d directory:

$this->applications['boneyard'] = array('name' => _("Boneyard"));

We put a file with this oneliner into the directory as advised

maintaina:/srv/git/horde5-webmail/horde # vim horde/config/registry.d/boneyard.php

Now let’s re-run the script generating the links for the git checkout installation

maintaina:/srv/git/horde5-webmail/horde # php framework/bin/install_dev
EMPTYING old web directory /srv/www/vhosts.d/horde.ralf-lang.de

Setting static directory permissions...
LINKING applications to web directory /srv/www/vhosts.d/horde.ralf-lang.de
[.. snip ..]
LINKING pastie
LINKING boneyard
LINKING hvview
LINKING passwd
LINKING operator
LINKING gollem
LINKING sueporter
LINKING ulaform

LINKING framework
[ INFO ] Source directory: /srv/git/horde5-webmail/horde/framework
[ INFO ] Framework destination directory:
[ INFO ] Horde directory: /srv/www/vhosts.d/horde.ralf-lang.de
[ INFO ] Create symbolic links: Yes

[ INFO ] Package(s) to install: ALL (129 packages)
[ INFO ] Installing package ActiveSync
[.. snip ..]
[ INFO ] Installing package xxhash

Now boneyard is set up in your web-accessible dir.
Let’s make the config dir web-writeable

chown wwwrun:www /srv/www/vhosts.d/horde.ralf-lang.de/boneyard/config

This is for SUSE – debian or redhat may have different user/group for the web server.

Next go to $yourdomain/admin/config/ the admin panel and generate the conf.php file by clicking on the „boneyard“ entry and then the „create boneyard config“ button.
At this point, we do not care about the actual contents of this config – the defaults are just fine.

If you only see „horde“ and some library names, you most probably have not edited registry.local.php to contain something like:

// By default, applications are assumed to live within the base Horde
// directory (e.g. their fileroot/webroot will be automatically determined
// by appending the application name to Horde's 'fileroot'/'webroot' setting.
// If your applications live in a different base directory, defining these
// variables will change the default directory without the need to change
// every application's 'fileroot'/'webroot' settings.
$app_fileroot = '/srv/www/vhosts.d/horde.ralf-lang.de/';

Now „Boneyard“ should appear in your horde topbar with some bogus buttons and content

Let’s create the structure of a „dynamic“ application

* lib/Ajax.php – The Boneyard Ajax base class to load locale- and setting-dependent content into the browser’s javascript
* lib/Ajax/Application/Handler/Example.php – A handler for Ajax requests to load data from the server — we skip that for now
* lib/View/Sidebar.php – Boneyard_View_Sidebar – a sidebar for the dynamic view
* template/dynamic/sidebar.html.php – The template used by the sidebar view
* template/dynamic/index.inc – The main template of the dynamic view
* template/dynamic/example1.inc – One of our two example views in this demo
* template/dynamic/example2.inc – One of our two example views in this demo
* js/boneyard.js – The BoneyardCore object which contains the main click handler etc

We also need to touch the index.php file to enable the dynamic view and the lib/Application.php file to advertise that dynamic view exists.

See https://github.com/ralflang/horde-boneyard to view the code in detail.


Horde_Rdo Many to Many relations and Horde DB Migrator

Many to Many relations btween to object types or table rows are usually saved to a database using a third table.

For example, if every server can have multiple services and each service can run on multiple computers, we need a third table to store the relations:

server table:
server_id | server_name
        1 | hoellenhund.internal.company.com
        2 | forellenfisch.internal.company.com
service table:
service_id | service_name
         1 | tomcat
         2 | dovecot
relation table:
service_id | server_id
         1 | 1
         2 | 2
         2 | 1

Horde’s ORM Layer Horde_Rdo supports creating, checking and changing such relations but it’s not very prominently documented.

Let’s look at an example.

First, we need to create the database schema. Note that the relations table has no autoincrement key, only the two columns used for lookup

/usr/share/php5/PEAR/www/horde/hvview/migration # cat 1_hvview_base_tables.php
* Create Hvview base tables.
* Copyright 2015-2015 B1 Systems GmbH (http://www.b1-systems.de/)
* See the enclosed file COPYING for license information (GPL). If you
* did not receive this file, see http://www.horde.org/licenses/gpl.
* @author Ralf Lang
* @package Hvview
class HvviewBaseTables extends Horde_Db_Migration_Base
* Upgrade
public function up()

$t = $this->createTable('hvview_technical_landscapes', array('autoincrementKey' => 'landscape_id'));
$t->column('landscape_name', 'string', array('limit' => 255, 'null' => false));
$t->column('period_id', 'integer', array('limit' => 11, 'null' => false));

$t = $this->createTable('hvview_resource_pools', array('autoincrementKey' => 'resource_pool_id'));
$t->column('pool_name', 'string', array('limit' => 255, 'null' => false));
$t->column('landscape_id', 'integer', array('limit' => 11, 'null' => false));
$t->column('period_id', 'integer', array('limit' => 11, 'null' => false));

$t = $this->createTable('hvview_hardware_pools', array('autoincrementKey' => 'hardware_pool_id'));
$t->column('pool_name', 'string', array('limit' => 255, 'null' => false));
$t->column('landscape_id', 'integer', array('limit' => 11, 'null' => false)); /* possibly redundant, but may speed up things */
$t->column('period_id', 'integer', array('limit' => 11, 'null' => false));

/*Relations table*/
$t = $this->createTable('hvview_rp_hwps', array('autoincrementKey' => false));
$t->column('resource_pool_id', 'integer', array('limit' => 11, 'null' => false));
$t->column('hardware_pool_id', 'integer', array('limit' => 11, 'null' => false));

$t = $this->createTable('hvview_periods', array('autoincrementKey' => 'period_id'));
$t->column('period_ts', 'integer', array('limit' => 11, 'null' => false));

/* We collapse hypervisor and blade server objects into one for now - let`s see if this scales well */
$t = $this->createTable('hvview_servers', array('autoincrementKey' => 'server_id'));
$t->column('period_id', 'integer', array('limit' => 11, 'null' => false));
$t->column('hardware_pool_id', 'integer', array('limit' => 11, 'null' => false));
$t->column('hostname', 'string', array('limit' => 100, 'null' => false));
$t->column('state', 'string', array('limit' => 20, 'null' => true));
$t->column('os_release', 'string', array('limit' => 20, 'null' => true));
$t->column('comment', 'string', array('limit' => 255, 'null' => true));
$t->column('hv_free_vcpu', 'integer', array('limit' => 11, 'null' => true));
$t->column('hv_free_memory', 'integer', array('limit' => 11, 'null' => true));
$t->column('hv_free_disk', 'integer', array('limit' => 11, 'null' => true));
$t->column('hv_total_vcpu', 'integer', array('limit' => 11, 'null' => true));
$t->column('hv_total_memory', 'integer', array('limit' => 11, 'null' => true));
$t->column('hv_excluded', 'integer', array('limit' => 1, 'null' => true));
$t->column('hv_vm_count', 'integer', array('limit' => 3, 'null' => true));

// Indices not before we have an idea which of them we need most
// $this->addIndex('hvview_items', array('item_owner'));


* Downgrade
public function down()

The relations are defined in a Horde_Rdo_Mapper class which also knows how to spawn objects from the rows.

The Objects

/usr/share/php5/PEAR/www/horde/hvview/lib/Entity # cat ResourcePool.php 

class Hvview_Entity_ResourcePool extends Horde_Rdo_Base {

/usr/share/php5/PEAR/www/horde/hvview/lib/Entity # cat HardwarePool.php 

The Mappers:

/usr/share/php5/PEAR/www/horde/hvview/lib/Entity # cat ResourcePoolMapper.php 
class Hvview_Entity_ResourcePoolMapper extends Horde_Rdo_Mapper
     * Inflector doesn't support Horde-style tables yet
    protected $_classname = 'Hvview_Entity_ResourcePool';
    protected $_table = 'hvview_resource_pools';
    protected $_lazyRelationships = array(
             'hwps' => array('type' => Horde_Rdo::MANY_TO_MANY,
                          'through' => 'hvview_rp_hwps',
                          'mapper' => 'Hvview_Entity_HardwarePoolMapper')


/usr/share/php5/PEAR/www/horde/hvview/lib/Entity # cat HardwarePoolMapper.php 
class Hvview_Entity_HardwarePoolMapper extends Horde_Rdo_Mapper
     * Inflector doesn't support Horde-style tables yet
    protected $_classname = 'Hvview_Entity_HardwarePool';
    protected $_table = 'hvview_hardware_pools';
    protected $_lazyRelationships = array(
             'rps' => array('type' => Horde_Rdo::MANY_TO_MANY,
                          'through' => 'hvview_rp_hwps',
                          'mapper' => 'Hvview_Entity_ResourcePoolMapper')


The relation is defined in both direction and only loaded on-demand ("lazy") as opposed to upfront when the item is created from the database rows.
Now let's fetch two items and link them:

You can do this through the mapper or through one of the two partners

Adding a relation to an object using the object

// $rm is a ResourcePoolMapper instance
// $hm is a HardwarePoolMapper instance
$rp = $rm->findOne(); // In reality, you would not pick a random item but add some criteria
$hwp = $hm->findOne();
$rp->addRelation('hwps', $hwp);

Adding a relation to an object using the mapper

// $rm is a ResourcePoolMapper instance
// $hm is a HardwarePoolMapper instance
$rp = $rm->findOne(); // In reality, you would not pick a random item but add some criteria
$hwp = $hm->findOne();
$rm->addRelation('hwps', $rp, $hwp);

Thimbleweed Park angekündigt

Ron Gilbert, der Mann, der uns Maniac Mansion, Monkey Island (1+2) und Total Annihilation brachte, hat zusammen mit Gary Winnick die Entwicklung eines klassischen Point&Click-Adventures begonnen. Thimbleweed Park wird für PC, Android und iOS erscheinen und (optionale) Sprachausgabe sowie Übersetzung von Boris Schneider-Johne, der schon Monkey Island übersetzte. Mitte Juni 2016 soll das Spiel im Handel erscheinen, so der erste Zeitplan. Ich bin gespannt.

Vorbestellungen sind zu 25 US-$ möglich über Amazon und Paypal.


Allgemein OpenSUSE Tech

Sara Golemon (Facebook) announces PHP Language Specification for OSCON 2014

For more than 10 years, PHP core developers repeatedly raised the topic of providing a formal language specification for PHP. Now a team of facebook employees has written such a specification. The spec document is currently only available as a preview chapter a preview chapter . PHP veteran Sara Golemon announced on the „PHP internals“ list that the full document will be ready for O’Reilly’s OSCON 2014. Sara Golemon published the standard book on „Extending and Embedding PHP“ some years ago and now works for Facebook’s own PHP implementation HHVM. The PHP spec defines PHP version 5.6 in about 200 pages and contains all the odd and obscure quirks of the language core. Facebook’s own HHVM aims to be as close to the spec as possible. Currently, PHP developers discuss how amending the spec can become a mandatory part of the language development process. Though some are sceptic that all developers will embrace the change in the process, everybody on the list was happy to have the new document.

Software Architect Stas Malyshev:

Thank you Sara and Facebook team for doing something we’ve been talking
about for more than a decade and before that nobody actually attempting
to do. I think it is a great development and I hope to see the first
version soon.



Sara Golemon (Facebook) kündigt PHP Language Specification auf OSCON 2014 an

Seit über 10 Jahren bringen immer wieder einige der PHP-Sprachentwickler den Plan an, eine formale Spezifikation für den Sprachkern bereitzustellen. Ein Team bei Facebook hat das nun getan. Die Spezifikation, die bisher nur als Vorschau vorliegt, wurde von Sara Golemon auf der Entwickler-Liste angekündigt und soll auf der OSCON 2014 vorgestellt werden. Sara Golemon veröffentlichte schon vor einigen Jahren ein Standardwerk über die Entwicklung von PHP-Erweiterungsmodulen und arbeitet mittlerweile an Facebooks eigener PHP-Version HHVM.

Das rund 200 Seiten starke Dokument orientiert sich an der PHP-Version 5.6 und enthält auch obskure Verhaltensweisen des PHP-Sprachkerns in seltenen Randfällen. Die Facebook-eigene PHP-Version HHVM soll sich möglichst eng an diese Vorgaben halten.

Die PHP-Community berät derzeit, wie sie die Fortschreibung der Spezifikation in den Entwicklungsprozess einbinden kann. Die Ankündigung wurde mit viel Begeisterung aufgenommen.

Software-Architekt Stas Malyshev:

Thank you Sara and Facebook team for doing something we’ve been talking
about for more than a decade and before that nobody actually attempting
to do. I think it is a great development and I hope to see the first
version soon.



Perl: Semantic Version Sorting via callback puts betas before releases (empty string after text)

Semantic Versioning

Semantic program versions are a great help in administration life: When done right, they help you identify if only bugs have been resolved (2.11.z) or features added (2.y.0) or the program has undergone big changes with chances that an upgrade needs a lot of admin intervention (x.0.0). For developers and early testers, additional suffixes identify alpha (early testing), beta (testing) and Release Candidate (pre-release polishing) versions which are not intended for production use.

The Problem

Sorting program versions is not exactly trivial. You cannot sort them as strings, otherwise you would put 2.2.2 after 2.12.1. You cannot sort them as numbers either, because they contain multiple dots and possibly alpha characters.


a) Fixed-Length Score string

A traditional method expands the version string to a fixed-format score integer or string which can be safely compared and sorted by basic sorting algorithms. This is based on the assumption that there are not more than a fixed number of values per field, i.e. not more than 99 patch versions before the next minor, not more than 99 minor versions before the next major. This is safe for most mainstream projects but corner cases may exist. It also doesn’t play well with development releases.

This solution would first split the version string into its components, then merge them to a string and then run an alphabetic sort on it:

my @versions;
foreach my $version_string (@version_strings) {
  my ($major, $minor, $patch) = split /\./, $version_string;
  push(@versions, sprintf(%02d%02d%02d, $major, $minor, $patch));
my @sorted_versions = sort {$a cmp $b} @versions;

This is a simplified example. You need to get back to the original string format, either by a function for reverse conversion or by storing both together in an array of hashref. I also left out handling for alpha, beta, RC versions.

b) Using a sort callback

The sort() routine allows you to specify a callback which decides for any two values $a and $b if they are equal or which is greater. This works by any criteria you can imagine and is also usable for objects and hashes.

This is what we do: We split the version string into a hashref of its components (and a key for the original format, for convenience) and then we define a callback.

sub release_to_version_hash {
  my $release = shift;
  my ($package, $major, $minor, $patch, $dev) = $release =~ /\/(\w+)-(\d+)\.(\d+)\.(\d+)(\w*)/;
  return { 
    major => $major,
    minor => $minor,
    patch => $patch,
    dev => $dev,
    pkg => $package,
    url => $release,
    string => sprintf("%d.%d.%d%s", $major, $minor, $patch, $dev)

We use a regular expression to retrieve the version fields.
Note: This code is taken from an open source project of mine.
The release strings have this format:
If your source string is just a version, your regular expression would look like this:


Now let’s get down to business. The actual sorting routine is not very exciting. It gets an Array Reference of Hash References, the hashes being in the format produced above. It returns an array reference (note the [] brackets). The sort routine gets the list (ref) of releases, dereferenced to an array and invokes the compare_versions routine many times, comparing any two values $a and $b inside the releases list which is the „bigger“ one.

sub sort_releases {
  my $releases = shift;
  return [sort compare_versions @$releases];

Now let’s look at that callback.

## A compare function callback for version hashes, suitable for sort
## returns -1, 0 or 1
sub compare_versions {
    $a->{major} <=> $b->{major} or
    $a->{minor} <=> $b->{minor} or
    $a->{patch} <=> $b->{patch} or
    ## handle development releases
    ( !$a->{dev} && $b->{dev} ? 1 : 0 ) or
    ( !$b->{dev} && $a->{dev} ? -1 : 0 ) or
    lc($a->{dev}) cmp lc($b->{dev})

Now what happens here? This routine returns -1, 0 or 1 depending on which versions is „bigger“. In practice, you should never get 0 because you should never have two identic version strings. After the major versions are compared as a number via the spaceship operator (<=>), perl evaluates the result.
If version $a (major) is smaller (-1) or bigger (1) than version $b (major), then this evaluates to a true (non-zero) value. This fulfills the „or“ condition, so perl immediately stops evaluating and returns the value. If the major versions are equal, the first expression evaluates to false (0) and the next part of the comparison is evaluated. This is sufficient for sorting major, minor, patch version in that order.

If we also want to handle development releases, we also need the last three lines.
The last line sorts development releases alphabetically, sorting all alphas of the same major.minor.patch before all betas. Normally, perl would sort all empty strings before all non-empty strings, which is bad. It would sort a production version 2.0.0 before the alpha releases.

To fix this, we use the upper two lines:
If a string is empty, it evaluates to false.
So if the first string is false (empty, production) and
the second string is true (any characters, development), the first version is the preferable version. In this case the expression evaluates to 1 and returns. Otherwise it evaluates to false (0) and the next or clause is evaluated. This one checks for the opposite case where version b is the better version and returns -1. If both versions contain a dev string, we skip to alphabetic comparison.

This results in a list where the best version is the last hash entry. Getting the best version is as easy as

$version = pop @versions;
## or
$version = $versions[-1];

Bonus: A versatile filter for all sorts of tasks

This filter is best applied before sorting but it also works afterwards. It can filter out all development releases or return only releases within a specific major version etc:

sub filter_releases {
  my $releases = shift;
  my $filter = shift || 
    { stable => 1, 
      rc => 0, 
      beta => 0, 
      alpha => 0, 
      major => 0, 
      minor => 0, 
      patch => 0, 
      pkg => '' };
  my @legit;
  foreach my $pkg (@$releases) {
    ## filters
    next if ($filter->{pkg} && $pkg->{pkg} ne $filter->{pkg});
    next if ($pkg->{dev} =~ /RC/ && $filter->{'rc'} == 0);
    next if ($pkg->{dev} =~ /alpha/ && $filter->{'rc'} == 0);
    next if ($pkg->{dev} =~ /beta/ && $filter->{'rc'} == 0);
    next if ($filter->{major} && $filter->{major} != $pkg->{major});
    next if ($filter->{minor} && $filter->{minor} != $pkg->{minor});
    next if ($filter->{patch} && $filter->{minor} != $pkg->{patch});
    push @legit, $pkg;
  return \@legit;

Horde Recipe: Storing the last login language

A simple Horde Hook to store the last chosen login value in a user preference.
You can use this for example to determine in which language automatic messages by cron job or daemon should be sent.

// // APPLICATION AUTHENTICATED HOOK: See above for format.
public function appauthenticated()
global $language;
global $prefs;
if ($language) {
$prefs->setValue('language', $language);


// // Code to run when an application is first authenticated

If you want, you can modify it so it won’t overrule manual settings in the prefs UI:

if ($language && empty($prefs->getValue('language')) {
$prefs->setValue('language', $language);


OpenSUSE Tech

SLES 11: Upgrading mysql from SP2 to SP3

Under some condition, mysql is not able to restart after an upgrade from SLES11 SP2 to SLES11 SP3. The output messages are a bit misleading

131122 14:41:28 InnoDB: The InnoDB memory heap is disabled
131122 14:41:28 InnoDB: Mutexes and rw_locks use GCC atomic builtins
131122 14:41:28 InnoDB: Compressed tables use zlib 1.2.7
131122 14:41:28 InnoDB: Using Linux native AIO
131122 14:41:28 InnoDB: Initializing buffer pool, size = 128.0M
131122 14:41:28 InnoDB: Completed initialization of buffer pool
131122 14:41:28 InnoDB: highest supported file format is Barracuda.
131122 14:41:28 InnoDB: Waiting for the background threads to start
131122 14:41:29 InnoDB: 5.5.33 started; log sequence number 4796605421
/usr/sbin/mysqld: Out of memory (Needed 64 bytes)
131122 14:41:29 [ERROR] Plugin 'INNODB_CMP' registration as a INFORMATION SCHEMA failed.
131122 14:41:29 InnoDB: Unable to allocate memory of size 8120.
131122 14:41:29 InnoDB: Assertion failure in thread 140387876259584 in file mem0mem.c line 361
InnoDB: We intentionally generate a memory trap.
InnoDB: Submit a detailed bug report to http://bugs.mysql.com.
InnoDB: If you get repeated assertion failures or crashes, even
InnoDB: immediately after the mysqld startup, there may be
InnoDB: corruption in the InnoDB tablespace. Please refer to
InnoDB: http://dev.mysql.com/doc/refman/5.5/en/forcing-innodb-recovery.html
InnoDB: about forcing recovery.
13:41:29 UTC - mysqld got signal 6 ;
This could be because you hit a bug. It is also possible that this binary
or one of the libraries it was linked against is corrupt, improperly built,
or misconfigured. This error can also be caused by malfunctioning hardware.
We will try our best to scrape up some info that will hopefully help
diagnose the problem, but since we have already crashed,
something is definitely wrong and this may fail.


In the end it turned out to be a permission problem with /var/run/mysql
To fix this:

chown -R mysql /var/run/mysql
rcmysql restart

This did it for me. I had this problem on several but not all instances of mysql on SLES11SP2 upgrading to SLES11SP3. My wild guess is that it is based upon if this was a fresh SP2 install or upgraded from an earlier service pack.

Allgemein Non-Tech and German

Die Wahlfälscher-Angst: Warum die Sorgen der AfD unbegründet sind

Am 22. September 2013 wählten die Deutschen den neuen Bundestag mit sensationellem Ergebnis: Erstmals in ihrer Geschichte ist die FDP nicht im deutschen Parlament vertreten und scheiterte knapp mit 4,8% der Stimmen.

Ihr schärfster Konkurrent, die im Frühjahr gegründete Anti-Euro-Partei „Alternative für Deutschland“ (AfD) kam knapp hinter ihr auf 4,7%. Beide sind damit nicht im Parlament vertreten. AfD-Anhänger witterten unmittelbar Wahlbetrug. Aus Sicht der Mitglieder ist das nachvollziehbar: Hatte doch Parteichef Lucke erklärt, die Umfragen seien manipuliert und man stehe bei 8-9% – Eine Aussage, für die er eine Verfügung vom Gericht bekam, sie nicht zu wiederholen. Hatte doch der von der AfD häufig zitierte Internet-Dienst Wahl-Radar 2013 in seiner Meta-Prognose vom 19. September die AfD noch auf 7,3% taxiert. Kritikern fiel schnell auf, dass der Unternehmer hinter diesem Prognosedienst selber AfD-Aktivist war.

Es ist nicht verwunderlich, dass auf der Facebook-Seite von AfD schnell einige User von angeblichen Ungereimtheiten im Wahllokal raunten. So knapp gescheitert, da kommen schnell komische Ideen zustande.

In dieser Situation ist es wichtig, einen kühlen Kopf zu bewahren und das Vertrauen in unsere Demokratie nicht zu beschädigen. Selbst der AfD-Führung ist es mittlerweile peinlich, mit welcher Verve enttäuschte Anhänger unseren Institutionen flächendeckenden Betrug vorwerfen. Daher fordert er die Fans bei Facebook auf:

Der Bundesvorstand hat mögliche Probleme bei der Auszählung der Stimmen zur Kenntnis genommen und wird den Vorwürfen natürlich nachgehen.

und die nötigen Schritte einleiten.

Bis zu diesem Zeitpunkt möchten wir Sie bitten, von Aussagen Abstand zu nehmen, die in der Presse falsch aufgefasst werden könnten

Um deutlicher zu machen, warum viele im Internet und in Leserbriefen kursierende Betrugsszenarien übertriebene Ängste sind, habe ich einige typische Behauptungen herausgesucht und kommentiert.

„Im Wahllokal wurden Stimmzettel radiert“
In den meisten Wahllokalen liegen Kugelschreiber aus. Nur in wenigen Wahllokalen werden Bleistifte verwendet. Jeder Stift ist legal, mit dem deutlich erkennbare Markierungen gemacht werden können. Der Wähler trägt seinen Stimmzettel zur Wahlurne und wirft den Zettel selbst ein. Die Urne ist mit einem Schloß gesichert und mit einem Siegel versehen, das erst nach 18 Uhr im Beisein aller Wahlhelfer und Wahlbeobachter geöffnet und dabei zerstört wird. Zu keinem Zeitpunkt könnte irgendwer außer dem Wähler selbst Radierungen vornehmen.

„Die Wahlhelfer lassen Stimmzettel verschwinden“
Jeder Wähler wird im Wählerverzeichnis markiert, wenn er seinen Stimmzettel einwirft. Die Urne ist mit einem Schloß gesichert und mit einem Siegel versehen, das erst nach 18 Uhr im Beisein aller Wahlhelfer und Wahlbeobachter geöffnet und dabei zerstört wird. Verschwundene Stimmzettel würden auffallen, weil die Zahl der Markierungen im Protokoll nicht zur Zahl der Wahlzettel passen würde.
Vor Beginn der Auszählung werden alle leeren Stimmzettel vom Tisch entfernt und in einem Karton gelagert, sodass nicht versehentlich oder absichtlich weitere Stimmzettel hinzugefügt werden können.

„Die haben meinen Ausweis nicht kontrolliert“
Der Wahlvorstand hat das Recht, aber nicht die Pflicht, den Ausweis des Wählers zur Identifizierung zu verlangen. Normalerweise übergibt der Wähler die Wahlbenachrichtigung (meist eine Postkarte) mit einer Nummer an den Wahlhelfer. Der Wahlhelfer schaut, dass derjenige im Wählerverzeichnis vorhanden ist, dass das Geschlecht stimmt und auch das Alter ungefähr zum Aussehen passt. Bei Zweifeln oder stichprobenartig verlangt er ein Ausweisdokument. Der Wahlvorstand behält die Wahlbenachrichtigung nach der Wahl ein.

„Die Wähler gehen zweimal wählen – einmal mit Ausweis, einmal mit Wahlkarte“
Wähler, die bereits gewählt haben, werden im Wählerverzeichnis markiert. Eine doppelte Stimmabgabe, einmal mit Karte und einmal mit Ausweis, ist ausgeschlossen.

„Einige Wähler machen Briefwahl und gehen dann nochmal wählen“
Briefwähler sind im Wählerverzeichnis vermerkt und können nicht regulär wählen.

„Einige Wähler klauen Wahlkarten und gehen mit diesen mehrmals wählen“.
Um es gleich vorweg zu sagen: Es handelt sich um eine Straftat, die bis zu fünf Jahren Haft bedeuten kann, wenn sie auffliegt. Praktisch wird das so aber nur sehr selten jemand wagen. Versuchen Sie es lieber nicht!

  •  Der Wahlvorstand besteht aus 7-9 Leuten, manchmal in zwei Schichten. Es sind immer mindestens drei Wahlhelfer anwesend, darunter der Wahlvorsteher oder sein Stellvertreter. Der Wahlvorstand könnte den Betrüger oder den Betrogenen persönlich oder namentlich kennen.
  • Das Geschlecht muss passen
  • Das Alter muss passen
  • Es fällt auf, wenn dieselbe Person mehrfach im Wahllokal auftaucht
  • Es fällt auf, wenn der echte Wähler zuvor schon mit Ausweis wählen gegangen ist. Hören Sie schon die Handschellen klicken?
  • Es fällt auf, wenn der echte Wähler nach Erhalt der Wahlbenachrichtigung verstorben oder verzogen ist – die Listen werden vor der Wahl und noch am Wahltag berichtigt.
  • Es fällt auf, wenn der echte Wähler Briefwahl beantragt hat. Das kann er unabhängig vom Versand der Wahlbenachrichtigung tun.
  • Es fällt auf, wenn der echte Wähler später zu wählen versucht. Dann kriegt man den Betrüger vielleicht nicht, aber man bemerkt den Betrug.

Es ist nicht bekannt, dass solche Fälle gehäuft aufgetreten sind. Die Meldung stellt sich bei näherer Betrachtung meist als Hörensagen heraus.

„Die Wahlhelfer erklären unerwünschte Stimmen für ungültig“
Damit ein Stimmzettel als ungültig gilt, muss er laut Gesetz entweder leer, gefälscht oder falsch ausgefüllt sein. Zu viele Kreuze oder irgendwelche Stichwörter und Markierungen auf dem Stimmzettel machen einen Wahlschein ungültig. Die Wahlhelfer werden vor der Wahl geschult, welche Fälle gültig und welche ungültig sind. Mindestens für den Vorsitzenden des Wahllokals und den Schriftführer ist diese Schulung verpflichtend.
Die Auszählung findet öffentlich statt, Sie können also zusehen. Eindeutig ungültige Stimmzettel (alles/nichts angekreuzt usw) werden in einem gesonderten Stapel gezählt und an den Kreiswahlleiter gegeben. Über Zweifelsfälle stimmt der Wahlvorstand gemeinsam ab, das Abstimmungsergebnis und das Urteil werden auf dem Stimmzettel notiert. Diese Streitfälle werden ebenfalls in einem besonderen Umschlag an den Kreiswahlleiter gegeben und können bei begründetem Verdacht nachgeprüft werden.

„Die Wahlhelfer haben sich verzählt“
Die Auszählung findet nach einem festgelegten Verfahren statt, die einzelnen Zählschritte werden protokolliert:

Zunächst werden die Stimmzettel durchgezählt und Abweichungen von der Zahl der Vermerke im Wählerverzeichnis überprüft.
Dann sortieren die Wahlhelfer die Stimmzettel:

  • Stimmzetteln mit Erst- und Zweitstimme auf derselben Höhe (zB Linke-Kandidat und Linke-Liste)
  •  Stimmzettel mit nur Erststimme, nur zweitstimme, Erststimme und Zweitstimme auf derselben Höhe (zB CDU-Direktkandidat, AfD-Listenstimme)
  •  Zweifelsfälle
  •  Eindeutig ungültige und nicht ausgefüllte Zettel


Die verschiedenen Stapel werden im weiteren Verfahren durchgezählt, auf die Details gehe ich hier nicht ein. Da alle Schritte protokolliert sind und die Stimmzettel in sortierten Stapeln abgegeben werden, können Nachzählungen und logische Konsistenzprüfungen leicht erfolgen.

Abschließend muss man sagen: Vorsätzlicher Wahlbetrug ist strafbar, aufdeckungsgefährdet und mit vertretbarem Aufwand nur in so kleinem, wirkungslosen Maß möglich, dass niemand, der bei Verstand ist, sich darauf einlässt. Fehler hingegen sind schon öfter passiert und werden weiter passieren. Das komplizierte Verfahren stellt auf vielfache Weise sicher, dass die ehrenamtlichen Wahlhelfer Irrtümer, Flüchtigkeitsfehler und dergleichen selbst entdecken können und dass unabhängige Prüfungen hinterher leicht möglich sind. Der annehmbare Restfehler, ob nun durch Irrtum oder Betrug, ist dabei so gering, dass er nicht die Sitzverteilung im Bundestag beeinflusst. Knappe Fälle und statistisch arg abweichende Wahllokale werden routinemäßig kontrolliert.