March 27, 2015

hackergotchi for Michal Čihař

Michal Čihař

Spring is here

Finally winter seems to be over and it's time to take out camera and make some pictures. Out of many areas where you can see spring snowflakes, we've chosen area Čtvrtě near Mcely, village which is less famous, but still very nice.

Filed under: English Photography Travelling | 0 comments | Flattr this!

27 March, 2015 05:00AM by Michal Čihař (

March 26, 2015

hackergotchi for Daniel Pocock

Daniel Pocock

WebRTC: DruCall in Google Summer of Code 2015?

I've offered to help mentor a Google Summer of Code student to work on DruCall. Here is a link to the project details.

The original DruCall was based on SIPml5 and released in 2013 as a proof-of-concept.

It was later adapted to use JSCommunicator as the webphone implementation. JSCommunicator itself was updated by another GSoC student, Juliana Louback, in 2014.

It would be great to take DruCall further in 2015, here are some of the possibilities that are achievable in GSoC:

  • Updating it for Drupal 8
  • Support for logged-in users (currently it just makes anonymous calls, like a phone box)
  • Support for relaying shopping cart or other session cookie details to the call center operative who accepts the call

Help needed: could you be a co-mentor?

My background is in real-time and server-side infrastructure and I'm providing all the WebRTC SIP infrastructure that the student may need. However, for the project to have the most impact, it would also be helpful to have some input from a second mentor who knows about UI design, the Drupal way of doing things and maybe some Drupal 8 experience. Please contact me ASAP if you would be keen to participate either as a mentor or as a student. The deadline for student applications is just hours away but there is still more time for potential co-mentors to join in.

WebRTC at mini-DebConf Lyon in April

The next mini-DebConf takes place in Lyon, France on April 11 and 12. On the Saturday morning, there will be a brief WebRTC demo and there will be other opportunities to demo or test it and ask questions throughout the day. If you are interested in trying to get WebRTC into your web site, with or without Drupal, please see the RTC Quick Start guide.

26 March, 2015 09:58PM by Daniel.Pocock

Zlatan Todorić

Random bits


I installed today Gogs and configured it with mysql (yes, yes, I know - use postgres you punk!). I will not post details of how I did it because:

  • It still has "weird" coding as pointed already by others
  • It doesn't have fork and pull request ability yet

And there was end of journey. When they code in fork/PR , I will close my eyes on other coding stuff and try it again because Gitlab is not close to my heart and installing their binary takes ~850MB of space which means a lot of ruby code that could go wrong way.

It would be really awesome to have in archive something to apt install and have github-like place. It would be great if Debian infrastructure would have the possibility to have that.


Although I am thrilled about it finally reaching Debian archive, it still isn't ready. Not even closely. I couldn't even finish installation of it and it's not suitable for main archive as it takes files from github repo of diaspora. Maybe poking around Bitnami folks about how they did it.

The power of Free software

Text Secure is was an mobile app that I thought it could take on Viber or WhatsUp. Besides all its goodies it had chance to send encrypted SMS to other TS users. Not anymore. Fortunate, there is a fork called SMSSecure which still has that ability.


So there is this Allwinner company that does crap after crap. Their latest will reach wider audience and I hope it gets resolved in a matter how they would react if some big proprietary company was stealing their code. It seems Allwinner is a pseudo for Alllooser. Whoa, that was fun!

A year old experiment

So I had a bet with a friend that I will run for a year Debian Unstable mixed with some packages from experimental and do some random testings on packages of interest to them. Also I promised to update aggressively so it was to be twice a day. This was my only machine so the bet was really good as it by theory could break very often. Well on behalf of Debian community, I can say that Debian hasn't had a single big breakage. Yay!

The good side: on average I had ~3000 packages installed (they were in range from 2500-3500). I had for example xmonad, e17, gnome, cinnamon, xfce, systemd from experimental, kernels from experimental, nginx, apache, a lot of heavy packages, mixed packages from pip, npm, gems etc. So that makes it even more incredible that it stayed stable. There is no bigger kudos to people working on Debian, then when some sadist tries countless of ways to break it and Debian is just keeps running. I mean, I was doing my $PAID_WORK on this machine!

The bad side: there were small breakages. It's seems that polkit and systemd-side of gnome were going through a lot of changes because sometimes system would ask password for every action (logout, suspend, poweroff, connect to network etc), audio would work and would not work, would often by itself just mute sound on every play or it would take it to 100% (which would blow my head when I had earplugs), bluetooth is almost de facto not working in gnome (my bluetooth mice worked without single problem in lenny, squeeze, in wheezy it maybe had once or twice a problem, but in this year long test it's almost useless). System would also have random hangs from time to time.

The test: in the beginning my radeon card was too new and it was not supported by FLOSS driver so I ended up using fglrx which caused me a lot of annoyance (no brightness control, flickering of screen) but once FLOSS driver got support I was on it, and it performed more fluid (no glitches while moving windows). So as my friends knew that I have radeon and they want to play games on their machines (I play my Steam games on FLOSS driver) they set me the task to try fglrx driver every now end then. End result - there is no stable fglrx driver for almost a year, it breaks graphical interface so I didn't even log into DE with it for at least 8 months if not more. On the good side my expeditions in flgrx where quick - install it, boot into disaster, remove it, boot into freedom. Downside seems to be that removing fglrx driver, leaves a lot of its own crap on system (I may be mistaking but it seems I am not).

Debian with love

Well, that's all for today. I think so. You can never be sure.

26 March, 2015 03:04PM by Zlatan Todorić

Patrick Matthäi

More wheezy-backports work


now you can install the following package versions from wheezy-backports:

  • apt-dater-host (Source split, 0.9.0-3+wheezy1 => 1.0.0-2~bpo70+1)
  • glusterfs (3.2.7-3+deb7u1 => 3.5.2-1~bpo70+1)
  • geoip-database (20141009-1~bpo70+1 => 20150209-1~bpo70+1)

geoip-database introduces a new package geoip-database-extra, which includes the free GeoIP City and GeoIP ASNum databases.

glusterfs will get an update in a few days ago to fix CVE-2014-3619.

26 March, 2015 08:01AM by the-me

March 25, 2015

hackergotchi for Matthew Garrett

Matthew Garrett

Python for remote reconfiguration of server firmware

One project I've worked on at Nebula is a Python module for remote configuration of server hardware. You can find it here, but there's a few caveats:
  1. It's not hugely well tested on a wide range of hardware
  2. The interface is not yet guaranteed to be stable
  3. You'll also need this module if you want to deal with IBM (well, Lenovo now) servers
  4. The IBM support is based on reverse engineering rather than documentation, so who really knows how good it is

There's documentation in the README, and I'm sorry for the API being kind of awful (it suffers rather heavily from me writing Python while knowing basically no Python). Still, it ought to work. I'm interested in hearing from anybody with problems, anybody who's interested in getting it on Pypi and anybody who's willing to add support for new HP systems.

comment count unavailable comments

25 March, 2015 11:51PM

hackergotchi for Yves-Alexis Perez

Yves-Alexis Perez

LXCs upgrade to Jessie

So I started migrating some of my LXCs to Jessie, to test the migration in advance. The upgrade itself was easy (the LXC is mostly empty and only runs radicale), but after the upgrade I couldn't login anymore (using lxc-console since I don't have lxc-attach, the host is on Wheezy). So this is mostly a note to self.

auth.log was showing:

Mar 25 22:10:13 lxc-sync login[1033]: pam_loginuid(login:session): Cannot open /proc/self/loginuid: Read-only file system
Mar 25 22:10:13 lxc-sync login[1033]: pam_loginuid(login:session): set_loginuid failed
Mar 25 22:10:13 lxc-sync login[1033]: pam_unix(login:session): session opened for user root by LOGIN(uid=0)
Mar 25 22:10:13 lxc-sync login[1033]: Cannot make/remove an entry for the specified session

The last message isn't too useful, but the first one gave the answer. Since LXC isn't really ready for security stuff, I have some hardening on top of that, and one measure is to not have rw access to /proc. I don't really need pam_loginuid there, so I just disabled that. I just need to remember to do that after each LXC upgrade.

Other than that, I have to boot using SystemV init, since apparently systemd doesn't cope too well with the various restrictions I enforce on my LXCs:

lxc-start -n sync
Failed to mount sysfs at /sys: Operation not permitted

(which is expected, since I drop CAP_SYS_ADMIN from my LXCs). I didn't yet investigate how to stop systemd doing that, so for now I'm falling back to SystemV init until I find the correct customization:

lxc-start -n sync /lib/sysvinit/init   
INIT: version 2.88 booting
[info] Using makefile-style concurrent boot in runlevel S.
hostname: you must be root to change the host name
mount: permission denied
mount: permission denied
[FAIL] udev requires a mounted sysfs, not started ... failed!
mount: permission denied
[info] Setting the system clock.
hwclock: Cannot access the Hardware Clock via any known method.
hwclock: Use the --debug option to see the details of our search for an access method.
[warn] Unable to set System Clock to: Wed Mar 25 21:21:43 UTC 2015 ... (warning).
[ ok ] Activating swap...done.
mount: permission denied
mount: permission denied
mount: permission denied
mount: permission denied
[ ok ] Activating lvm and md swap...done.
[....] Checking file systems...fsck from util-linux 2.25.2
[ ok ] Cleaning up temporary files... /tmp.
[ ok ] Mounting local filesystems...done.
[ ok ] Activating swapfile swap...done.
mount: permission denied
mount: permission denied
[ ok ] Cleaning up temporary files....
[ ok ] Setting kernel variables ...done.
[....] Configuring network interfaces...RTNETLINK answers: Operation not permitted
Failed to bring up lo.
[ ok ] Cleaning up temporary files....
[FAIL] startpar: service(s) returned failure: udev ... failed!
INIT: Entering runlevel: 2
[info] Using makefile-style concurrent boot in runlevel 2.
dmesg: read kernel buffer failed: Operation not permitted
[ ok ] Starting Radicale CalDAV server : radicale.
Yes, there are a lot of errors, but they seem to be handled just fine.

25 March, 2015 09:26PM by Yves-Alexis (

Enrico Zini


Work around Google evil .ics feeds

I've happily been using 2015/akonadi-install for my calendars, and yesterday I added an .ics feed export from Google, as a URL file source. It is a link in the form:

After doing that, I noticed that the fan in my laptop was on more often than usual, and I noticed that akonadi-server and postgres were running very often, and doing quite a lot of processing.

The evil

I investigated and realised that Google seems to be doing everything they can to make their ical feeds hard to sync against efficiently. This is the list of what I have observed Gmail doing to an unchanged ical feed:

  • Date: headers in HTTP replies are always now
  • If-Modified-Since: is not supported
  • DTSTAMP of each element is always now
  • VTIMEZONE entries appear in random order
  • ORGANIZER CN entries randomly change between full name and user ID
  • ATTENDEE entries randomly change between having a CN or not having it
  • TRIGGER entries change spontaneously
  • CREATED entries change spontaneously

This causes akonadi to download and reprocess the entire ical feed at every single poll, and I can't blame akonadi for doing it. In fact, Google is saying that there is a feed with several years worth of daily appointments that all keep being changed all the time.

The work-around

As a work-around, I have configured the akonadi source to point at a local file on disk, and I have written a script to update the file only if the .ics feed has actually changed.

Have a look at the script: I consider it far from trivial, since it needs to do a partial parsing of the .ics feed to throw away all the nondeterminism that Google pollutes it with.

The setup

The script needs to be run periodically, and I used it as an opportunity to try systemd user timers:

    $ cat ~/.config/systemd/user/update-ical-feeds.timer
    Description=Updates ical feeds every hour
    # Only run when on AC power

    # Run every hour
    # Run a minute after boot

    $ cat ~/.config/systemd/user/update-ical-feeds.service
    Description=Update ICal feeds

    # Use oneshot to prevent two updates being run in case the previous one
    # runs for more time than the timer interval

    $ systemctl --user start update-ical-feeds.timer
    $ systemctl --user list-timers
    NEXT                         LEFT       LAST                         PASSED UNIT                    ACTIVATES
    Wed 2015-03-25 22:19:54 CET  59min left Wed 2015-03-25 21:19:54 CET  2s ago update-ical-feeds.timer update-ical-feeds.service

    1 timers listed.
    Pass --all to see loaded but inactive timers, too.

To reload the configuration after editing: systemctl --user daemon-reload.

Further investigation

I wonder if ConditionACPower needs to be in the .timer or in the .service, since there is a [Unit] section is in both. Update: I have been told it can be in the .timer.

I also wonder if there is a way to have the timer trigger only when online. There is a and I do not know if it is applicable. I also do not know how to ask systemd if all the preconditions are currently met for a .service/.timer to run.

Finally, I especially wonder if it is worth hoping that Google will ever make their .ics feeds play nicely with calendar clients.

25 March, 2015 08:50PM

Bits from Debian

Hewlett-Packard Platinum Sponsor of DebConf15


We are very pleased to announce that HP has committed support of DebConf15 as Platinum sponsor.

"The hLinux team is pleased to continue HP's long tradition of supporting Debian and DebConf," said Steve Geary, Senior Director at Hewlett-Packard.

Hewlett-Packard is one of the largest computer companies in the world, providing a wide range of products and services, such as servers, PCs, printers, storage products, network equipment, software, cloud computing solutions, etc.

Hewlett-Packard has been a long-term development partner of Debian, and provides hardware for port development, Debian mirrors, and other Debian services (HP hardware donations are listed in the Debian machines page).

With this additional commitment as Platinum Sponsor, HP contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software, helping to strengthen the community who continue to collaborate on their Debian projects throughout the rest of the year.

Thank you very much, Hewlett-Packard, for your support of DebConf15!

Become a sponsor too!

DebConf15 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through, and visit the DebConf15 website at

25 March, 2015 01:45PM by Laura Arjona Reina

Richard Hartmann

Visiting Hongkong and Shenzhen

TSDgeos had a good idea:

Lazyweb travel recommodations.

So, dear lazyweb: What are things to do or to avoid in Hongkong and Shenzhen if you have one and a half week of holiday before and after work duties? Any hidden gems to look at? What electronic markets are good? Should I take a boat trip around the waters of Hongkong?

If you have any decent yet affordable sleeping options for 2-3 nights in Hongkong, that would also be interesting as my "proper" hotel stay does not start immediately. Not much in ways of comfort is needed as long as I have a safe place to lock my belongings.

In somewhat related news, this Friday's bug report stats may be early or late as I will be on a plane towards China on Friday.

25 March, 2015 09:56AM by Richard 'RichiH' Hartmann

hackergotchi for Francois Marier

Francois Marier

Keeping up with noisy blog aggregators using PlanetFilter

I follow a few blog aggregators (or "planets") and it's always a struggle to keep up with the amount of posts that some of these get. The best strategy I have found so far to is to filter them so that I remove the blogs I am not interested in, which is why I wrote PlanetFilter.

Other options

In my opinion, the first step in starting a new free software project should be to look for a reason not to do it :) So I started by looking for another approach and by asking people around me how they dealt with the firehoses that are Planet Debian and Planet Mozilla.

It seems like a lot of people choose to "randomly sample" planet feeds and only read a fraction of the posts that are sent through there. Personally however, I find there are a lot of authors whose posts I never want to miss so this option doesn't work for me.

A better option that other people have suggested is to avoid subscribing to the planet feeds, but rather to subscribe to each of the author feeds separately and prune them as you go. Unfortunately, this whitelist approach is a high maintenance one since planets constantly add and remove feeds. I decided that I wanted to follow a blacklist approach instead.


PlanetFilter is a local application that you can configure to fetch your favorite planets and filter the posts you see.

If you get it via Debian or Ubuntu, it comes with a cronjob that looks at all configuration files in /etc/planetfilter.d/ and outputs filtered feeds in /var/cache/planetfilter/.

You can either:

  • add file:///var/cache/planetfilter/planetname.xml to your local feed reader
  • serve it locally (e.g. http://localhost/planetname.xml) using a webserver, or
  • host it on a server somewhere on the Internet.

The software will fetch new posts every hour and overwrite the local copy of each feed.

A basic configuration file looks like this:

url =



There are currently two ways of filtering posts out. The main one is by author name:

authors =
  Alice Jones
  John Doe

and the other one is by title:

titles =
  This week in review
  Wednesday meeting for

In both cases, if a blog entry contains one of the blacklisted authors or titles, it will be discarded from the generated feed.

Tor support

Since blog updates happen asynchronously in the background, they can work very well over Tor.

In order to set that up in the Debian version of planetfilter:

  1. Install the tor and polipo packages.
  2. Set the following in /etc/polipo/config:

     proxyAddress = ""
     proxyPort = 8008
     allowedClients =
     allowedPorts = 1-65535
     proxyName = "localhost"
     cacheIsShared = false
     socksParentProxy = "localhost:9050"
     socksProxyType = socks5
     chunkHighMark = 67108864
     diskCacheRoot = ""
     localDocumentRoot = ""
     disableLocalInterface = true
     disableConfiguration = true
     dnsQueryIPv6 = no
     dnsUseGethostbyname = yes
     disableVia = true
     censoredHeaders = from,accept-language,x-pad,link
     censorReferer = maybe
  3. Tell planetfilter to use the polipo proxy by adding the following to /etc/default/planetfilter:

     export http_proxy="localhost:8008"
     export https_proxy="localhost:8008"

Bugs and suggestions

The source code is available on

I've been using this for over a month and it's been working quite well for me. If you give it a go and run into any problems, please file a bug!

I'm also interested in any suggestions you may have.

25 March, 2015 09:55AM

hackergotchi for Steinar H. Gunderson

Steinar H. Gunderson

GCC 5 and AutoFDO

Buried in the GCC 5 release notes, you can find this:

A new auto-FDO mode uses profiles collected by low overhead profiling tools (perf) instead of more expensive program instrumentation (via -fprofile-generate). SPEC2006 benchmarks on x86-64 improve by 4.7% with auto-FDO and by 7.3% with traditional feedback directed optimization.

This comes from Google, with some more information at this git repository and the GCC wiki, as far as I can tell. The basic idea is that you can do feedback-directed optimization by low-overhead sampling of your regular binaries instead of a specially instrumented one. It is somewhat less effective (you get approx. half the benefit of full FDO, it seems), but it means you don't need to write automated, representative benchmarks—you can just sample real use and feed that into the next build.

Now, question: Would it be feasible to do this for all of Debian? Have people volunteer running perf in the background every now and then (similar to popularity-contest), upload (anonymized) profiles to somewhere, and feed it into package building. (Of course, it means new challenges for reproducible builds, as you get more inputs to take care of.)

25 March, 2015 12:22AM

GCC 5 and AutoFDO

Buried in the GCC 5 release notes, you can find this:

A new auto-FDO mode uses profiles collected by low overhead profiling tools (perf) instead of more expensive program instrumentation (via -fprofile-generate). SPEC2006 benchmarks on x86-64 improve by 4.7% with auto-FDO and by 7.3% with traditional feedback directed optimization.

This comes from Google, with some more information at and, as far as I can tell. The basic idea is that you can do feedback-directed optimization by low-overhead sampling of your regular binaries instead of a specially instrumented one. It is somewhat less effective (you get approx. half the benefit of full FDO, it seems), but it means you don't need to write automated, representative benchmarks—you can just sample real use and feed that into the next build.

Now, question: Would it be feasible to do this for all of Debian? Have people volunteer running perf in the background every now and then (similar to popularity-contest), upload (anonymized) profiles to somewhere, and feed it into package building. (Of course, it means new challenges for reproducible builds, as you get more inputs to take care of.)

25 March, 2015 12:22AM

March 24, 2015

Simon Josefsson

Laptop indecision

I wrote last month about buying a new laptop and I still haven’t made a decision. One reason for this is because Dell doesn’t seem to be shipping the E7250. Some online shops claim to be able to deliver it, but aren’t clear on what configuration it has – and I really don’t want to end up with Dell Wifi.

Another issue has been the graphic issues with the Broadwell GPU (see the comment section of my last post). It seems unlikely that this will be fixed in time for Debian Jessie. I really want a stable OS on this machine, as it will be a work-horse and not a toy machine. I haven’t made up my mind whether the graphics issue is a deal-breaker for me.

Meanwhile, a couple of more sub-1.5kg (sub-3.3lbs) Broadwell i7’s have hit the market. Some of these models were suggested in comments to my last post. I have decided that the 5500U CPU would also be acceptable to me, because some newer laptops doesn’t come with the 5600U. The difference is that the 5500U is a bit slower (say 5-10%) and lacks vPro, which I have no need for and mostly consider a security risk. I’m not aware of any other feature differences.

Since the last round, I have tightened my weight requirement to be sub-1.4kg (sub-3lbs), which excludes some recently introduced models, and actually excludes most of the models I looked at before (X250, X1 Carbon, HP 1040/810). Since I’m leaning towards the E7250, with the X250 as a “reliable” fallback option, I wanted to cut down on the number of further models to consider. Weigth is a simple distinguisher. The 1.4-1.5kg (3-3.3lbs) models I am aware that of that is excluded are the Asus Zenbook UX303LN, the HP Spectre X360, and the Acer TravelMate P645.

The Acer Aspire S7-393 (1.3kg) and Toshiba Kira-107 (1.26kg) would have been options if they had RJ45 ports. They may be interesting to consider for others.

The new models I am aware of are below. I’m including the E7250 and X250 for comparison, since they are my preferred choices from the first round. A column for maximum RAM is added too, since this may be a deciding factor for me. Higher weigth is with touch screens.

Toshiba Z30-B 1.2-1.34kg 16GB 13.3″ 1920×1080
Fujitsu Lifebook S935 1.24-1.36kg 12GB 13.3″ 1920×1080
HP EliteBook 820 G2 1.34-1.52kg 16GB 12.5″ 1920×1080
Dell Latitude E7250 1.25kg 8/16GB? 12.5″ 1366×768
Lenovo X250 1.42kg 8GB 12.5″ 1366×768

It appears unclear whether the E7250 is memory upgradeable, some sites say max 8GB some say max 16GB. The X250 and 820 has DisplayPort, the S935 and Z30-B has HDMI, and the E7250 has both DisplayPort/HDMI. The E7250 does not have VGA which the rest has. All of them have 3 USB 3.0 ports except for X250 that only has 2 ports. The E7250 and 820 claims NFC support, but Debian support is not given. Interestingly, all of them have a smartcard reader. All support SDXC memory cards.

The S935 has an interesting modular bay which can actually fit a CD reader or an additional battery. There is a detailed QuickSpec PDF for the HP 820 G2, haven’t found similar detailed information for the other models. It mentions support for Ubuntu, which is nice.

Comparing these laptops is really just academic until I have decided what to think about the Broadwell GPU issues. It may be that I’ll go back to a fourth-gen i7 laptop, and then I’ll probably pick a cheap reliable machine such as the X240.

24 March, 2015 10:11PM by simon

hackergotchi for Daniel Pocock

Daniel Pocock

The easiest way to run your own OpenID provider?

A few years ago, I was looking for a quick and easy way to run OpenID on a small web server.

A range of solutions were available but some appeared to be slightly more demanding than what I would like. For example, one solution required a servlet container such as Tomcat and another one required some manual configuration of Python with Apache.

I came across the SimpleID project. As the name implies, it is simple. It is written in PHP and works with the Apache/PHP environment on just about any Linux web server. It allows you to write your own plugin for a user/password database or just use flat files to get up and running quickly with no database at all.

This seemed like the level of simplicity I was hoping for so I created the Debian package of SimpleID. SimpleID is also available in Ubuntu.

Help needed

Thanks to a contribution from Jean-Michel Nirgal Vourgère, I've just whipped up a 0.8.1-14 package that should fix Apache 2.4 support in jessie. I also cleaned up a documentation bug and the control file URLs.

Nonetheless, it may be helpful to get feedback from other members of the community about the future of this package:

  • Is it considered secure enough?
  • Have other people found it relatively simple to install or was I just lucky when I tried it?
  • Are there other packages that now offer such a simple way to get OpenID for a vanilla Apache/PHP environment?
  • Would anybody else be interested in helping to maintain this package?
  • Would anybody like to see this packaged in other distributions such as Fedora?
  • Is anybody using it for any online community?

Works with HOTP one-time-passwords and LDAP servers

One reason I chose SimpleID is because of dynalogin, the two-factor authentication framework. I wanted a quick and easy way to use OTP with OpenID so I created the SimpleID plugin for dynalogin, also available as a package.

I also created the LDAP backend for SimpleID, that is available as a package too.

Works with Drupal

I tested SimpleID for login to a Drupal account when the OpenID support is enabled in Drupal, it worked seamlessly. I've also tested it with a few public web sites that support OpenID.

24 March, 2015 04:57PM by Daniel.Pocock

Vincent Fourmond

Release 0.12 of ctioga2

Out is the new version of ctioga2, which brings:
  • a much better handling of heterogeneous x,y coordinates in heat maps: ctioga2 now automatically splits the data into homogeneous segments;
  • control on the properties of the fill and the stroke of symbols (image)
  • decent improvement of error messages
  • and some bug fixes and other minor improvements
As usual, the new release is available as a gem:
~ gem update ctioga2
The website has also been decently improved, with now a search box for finding images in the gallery

24 March, 2015 01:43PM by Vincent Fourmond (

hackergotchi for DebConf team

DebConf team

Working towards a child-friendly DebConf (Posted by Martin Krafft)

The Debian Project will celebrate its 22nd birthday during DebConf15 in Heidelberg in August 2015. At this age, it’s unsurprising that children of Debian contributors have attended our developer conference for several years.

Going with the times, we would like to work further towards making DebConf15 a child-friendly (parents-friendly) conference. The conference venue is far away from traffic, self-contained, and there is a dedicated children’s play room. There are green areas around, and the Heidelberg Zoo is literally within sight of the venue. We haven’t yet discussed deals with them, but we could.

In short: if you’d like to attend DebConf, but you are yet unsure what to do with your children… bring your kids along!

The hostel has a number of 3 and 4 bed-rooms with en-suite bathrooms, plus a good supply of cots available for the very little ones. We will allocate such rooms to families exclusively for your privacy (subject to availability, so please register yourself ASAP, and include a note about your kids).

We would also like to explore additional possibilities to make it easier for parents to participate in the conference. At the moment, we’re still scouting for ideas and there are already a number of promising leads.

To help us figure out what we’d best offer, we need to know about the demand. If you are planning to bring your children, or if you’re thinking about it, please drop a short note with number and ages and any other relevant information to Your mail will be read by a few parents involved in the organisation of DebConf15 and we will obviously keep your data private.

We also created a (publicly archived) mailing list to discuss options and keep people updated on our plans. Please subscribe yourself to the list, if interested, and feel free to write to with any questions or ideas you might have.

24 March, 2015 01:35PM by DebConf Organizers

Russ Allbery

Review: Fukushima

Review: Fukushima, by David Lochbaum, et al.

Author: David Lochbaum
Author: Edwin Lyman
Author: Susan Q. Stranahan
Author: Union of Concerned Scientists
Publisher: The New Press
Copyright: 2014
ISBN: 1-59558-927-9
Format: Kindle
Pages: 320

This is a very interesting book, and I can recommend it, but there are two things you should be aware of up-front. The packaging does not necessarily make clear what expectations you should have of it going in.

First, the subtitle (The Story of a Nuclear Disaster) should have appended to it And Its Implications for US Nuclear Power Policy. This book is very concerned with the impact of the Fukushima disaster on US policy and nuclear regulation, to the point where I think more than half of the book is about US agencies, nuclear regulatory history, and US reaction. There's nothing wrong with that, of course: the US should take a hard look at its own nuclear energy policy given the events at Fukushima, and it's a worthy topic for a book. But if you go into this book expecting a broader perspective, you will be disappointed. For example, I think the fact that France has a lot of nuclear power was mentioned maybe twice in the whole book, and French reaction was never discussed at all. There is a very detailed examination of exactly what happened at Fukushima (more on that in a moment), but most of the policy implications are examined purely from a US perspective. Even Japanese nuclear policy gets somewhat short shrift.

Second, note that the fourth listed co-author is the Union of Concerned Scientists. For those not familiar with US environmental groups, the UCS has a reputation as an anti-nuclear advocacy organization. I don't think that's entirely fair; I think the UCS's position on nuclear power is better summarized as holding that it is theoretically possible to run a nuclear power plant safely, but the actual US nuclear power industry is not very close to that standard, and it would require much tighter regulation and more investment in safety systems to reach that standard. But be aware that the authors of this book have a clear position on the adequacy of current nuclear power safety standards, namely that they aren't. And they don't try to conceal that position in this book. Personally, I prefer authors to be open about their perspective in books like this, but your mileage may vary.

There, disclaimers out of the way. I bought this book for a specific reason: I had followed some of the news coverage at the time of the earthquake and tsunami, and then (like many people, I suspect) lost track of the final outcome as the story fell out of the news and I started ignoring people who didn't understand how large the Pacific Ocean is. Now that we've had the benefit of several years of analysis and thoughtful reconstruction of events, I wanted to know what had actually happened. I'm happy to say that this book delivers quite well on that front. Roughly the first half of the book is a detailed blow-by-blow description of exactly what happened at Fukushima, at least as well as we've been able to reconstruct, told as an engrossing and dramatic narrative. There may be a little too much interleaving of reactions within the US government, which I suspect will particularly annoy non-US readers, but the level of factual detail is excellent, clear, and well-explained.

What I wasn't expecting, but was pleasantly surprised by, is that it's also a great story. There's tension, conflict, heroism, hard choices, and moral quandries, and the authors do a great job conveying factual information while still giving the reader the sense of being in the middle of the unfolding drama. They resist the urge to disclose all the results of later analysis in the middle of the story, which may provide a slightly less clear view of the disaster, but which makes the telling far more compelling. I usually read non-fiction more slowly than fiction, but Fukushima dragged me in. I found myself grabbing moments to read just another few pages.

Unfortunately, this is only about half the book. The other half is a mix of other things that won't have as broad of appeal: an analysis of the challenges of US nuclear regulation, a history of the US nuclear power industry, and a presentation of the authors' opinions about the best path forward for regulation of nuclear power in the US. Since I'm a US citizen and resident with an interest in both nuclear power and regulation of nuclear power in my country, I found this interesting, if not as engrossing as the rest of the book. But it felt a bit oddly tacked on, and I think it's a stretch to say that it's part of the story of Fukushima.

The authors try to draw that link by presenting the Japanese nuclear power industry as heavily influenced by their US counterparts, and their regulatory problems as similar to the problems in the US, but there is nowhere near enough detail about Japanese regulatory practices here to support that conclusion. I think the largest weakness, and the most obvious gap, in this book is the lack of detailed analysis of the history and players in the Japanese nuclear regulatory environment. This is an odd miss. If one is concerned about regulatory inadequacy, Japanese government policy is far more obviously part of the story of Fukushima than US policy. I can only speculate that the authors had inside sources for the US policy discussions but not for the Japanese policy discussions (and, sadly, fall back on painting with a rather broad brush and making unsupported generalizations about Japanese regulatory approaches in a few spots). The result feels like two partly-unrelated books stacked and partly shuffled together.

So, there are parts of Fukushima that are rather disappointing, particularly for non-US readers. But I still recommend it as a great detailed history of the actual incident and a summary of what we now think happened. That summary is unfortunately sketchy and still very unclear, but I don't think that's the fault of the authors. The inside of a nuclear power plant during a meltdown is a very difficult environment to measure or analyze, and there's a lot of data that we will probably never have. Some details may never be known. But what we do know, and how that knowledge unfolded, is told very well.

This is the only book-length treatment on Fukushima I've read, so I can't compare it against other books on the same topic. But it satisfied my curiousity nicely. If you have a similar curiosity, I recommend this book to your attention, although be aware of its approach and its US-centric analysis going in so that you're not surprised by a mismatch of expectations.

Rating: 8 out of 10

24 March, 2015 03:59AM

March 23, 2015

Carl Chenet

Unverified backups are useless. Automatize the controls!

Follow me on  or Twitter  or Diaspora*diaspora-banner

Unverified backups are useless, every sysadmins know that. But manually verifying a backup means wasting time and resources. Moreover it’s boring. You should automatize it!


Charlie Chaplin Modern Times

Backup Checker is a command line software developed in Python 3.4 on GitHub (stars appreciated :) ) allowing users to verify the integrity of archives (tar, gz, bz2, lzma, zip, tree of files) and the state of the files inside an archive in order to find corruptions or intentional of accidental changes of states or removal of files inside an archive.


Backup Checker on github

The new feature of the latest version 1.4 is the control of outdated archives with the new outdated parameter. Lots of data are outdated quite fast, because they are dependent of other data, or because they are only useful in a specific context.

Hey, this database dump is 6 months old, it’s useless today!

Backup Checker now controls the expiration duration and triggers a warning if the given duration starting from the last modification of the archive (mtime) is expired. Short examples of the warning:

WARNING:root:/backups/backups-12022015.tar.gz is outdated. Was good until 01/03/15 00:00:00 – now 22/03/15 21:38:20

You won’t be surprized any more by outdated useless data in your backups.

Backup Checker also offers lots of other controls. Check the features list!

Installing Backup Checker

Backup Checker is available from PyPI using the following command:

# pip3.4 install backupchecker

It’s also available for your Debian Squeeze or Debian Wheezy. Check how to get it for your specific distributions.


What about you? How and what for do you use Backup Checker? We would be happy to get your feedbacks. The project cares about our users and the outdated feature was a awesome idea in a feature request by one of the Backup Checker user, thanks Laurent!


23 March, 2015 11:00PM by Carl Chenet

hackergotchi for Martin-Éric Racine

Martin-Éric Racine

This and That

I haven't blogged anything in months and figured that now might be a good time to get around that. Here it goes:

Free Software

While I occasionally upgrade the packaging of the software I maintain at Debian to keep up with best practices, my activity downsizing goes on. Simply put: I never had any ambition to become a Debian Developer. My involvement has always remained pragmatic and mostly from the perspective of packaging software that I found useful. Even then, my motivation for doing that keeps on dwindling into nothingness, because key pieces of software keep on breaking, whenever someone upstream decides to reinvent the wheel.

For instance, GNOME no longer works at all on Geode chipsets and it barely works on Nouveau chipsets. This happened as soon as GNOME 3.14 was uploaded into unstable, right before the freeze started. Then again, I wouldn't jump to a conclusion that GNOME itself might be at fault, since Plymouth also stopped working on the same two video platforms at the same time. For all we know, this could be caused by some changes in the X.Org server code. Bugs were filed, additional information was provided, but no fix has taken place.

Given how Geode and Nouveau represent 80% of my hardware investment (my Intel laptop being the sole exception), it essentially means that the upcoming Debian "stable" is useless for me. Now try and remain motivated, even just as a mere Free Software end-user. At this point, I'm done.


Finland is holding national elections this April. I still have no idea who I'll vote for this time. The guy I voted for last time has become a career politician with an inflated ego and zero connection to the average Finn's aspirations and worries. Meanwhile, two friends are standing as candidates: one who is a razor-sharp fact finder and who is a proven pragmatic decision-maker, but whose values are slightly off with mine, and one whose actions come straight from the heart but whose concept of today's Finnish reality leaves a lot to be desired.

National Defence

There's been a lot of recent articles about how former hardware and locations of the Finnish defence forces and border guards have been sold, often for peanuts, to Russian interests. In some cases, we're only talking about buildings formerly used for on-site staff accommodations. In other cases, former patrol boats and navy harbours changed hands. Now, to top it all, it appears that our north-western neighbour, Norway, has sold a former submarine base to German investors who, in turn, leased it to – you guessed it – Russian interests.

Looking at Russian actions in Ukraine, I cannot help but feel great concern that strategic locations are falling into potentially dangerous hands. Just seeing the picture of a former navy harbour with a handful of patrol boats on standby, right on the Finnish coastline, half-way between Helsinki and Turku, was a sobering experience. While the whole idea of shooting at people – even invading armies – gives me the creeps, at this point, I cannot help but start pondering whether defending this country might in fact be an occupation worth training for.


It has now been 6 years since I held my last dayjob. Since then, the only thing I've found is an unpaid training in the national bureaucracy. I've also freelanced as an actor and model, but that barely brought me pocket change, if even that. Seeing my face on posters advertising a movie I participated in last year was indeed nice, getting some media attention in connection to that too, but it hasn't lead to additional gigs. As far as I can tell, this was just my Warholian 15 minutes of fame.

However, there's a larger issue at stake. Newspapers recently published an employment statistics map for Nordic countries and the truth couldn't be more bleak: while Norway and Sweden's employment figures are nearly spotless for almost every province, those of Finland are – save for a couple of mildly successful provinces – outright catastrophic. Given this and despite feeling relatively happy living in Finland and having developed a will to defend this country from an eventual Russian assault, I've come to the conclusion that I would be better off going West, with a strong preference for Norway.

Now, the main question is, doing what? 6 years later, I have strong doubts that I would be remotely considered for any high-tech job. Besides, come to think of it, I wouldn't want any new office job. Off the top of my head, my idea of a cool job that would allow me to stay physically fit would be working as a tourist guide in Lapland. However, if Norway is anything like Finland, someone probably needs a dozen of permits of all sorts (first aid certification, C or even D class driving license, college degree in tourism, etc.) that I cannot afford. What then?

23 March, 2015 07:27PM by Martin-Éric (

hackergotchi for Mario Lang

Mario Lang

Why is Qt5 not displaying Braille?

While evaluating the cross-platform accessibility of Qt5, I stumbled across this deficiency:

#include <QApplication>
#include <QTextEdit>

int main(int argv, char **args)
  QApplication app(argv, args);

  QTextEdit textEdit;

  return app.exec();

(compile with -std=c++11).

On my system, this "application" does not show the correct glyph always. Sometimes, it renders a a white square with black border, i.e., the symbol for unknown glyph. However, if I invoke the same executable several times, sometimes, it renders the glyph correctly.

In other words: The glyph choosing mechansim is apparently non-deterministic!!!

UPDATE: Sune Vuorela figured out that I need to set QT_HARFBUZZ=old in the environment for this bug to go away. Apparently, harfbuzz-ng from Qt 5.3 is buggy.

23 March, 2015 10:59AM by Mario Lang

hackergotchi for Jonathan Dowland

Jonathan Dowland

Linux music players, 2015 edition

Now I'm back to Linux on the Desktop for my dayjob, I was slightly nervous about checking out the state of the art for Linux music players; an area I've never felt the Linux desktop was very strong on.

However for the time being I've largely side-stepped the issue by listening to BBC 6 Music for most of the day. For better or worse, I scrobble, and somebody has written a neat web app for scrobbling along to radio stations. When I want to listen to something different for a change, I've been trying out a trial of Google Play Music, for which somebody has written a Chrome extension to scrobble. On the rare occasions I listen to local music, I'm using VLC.

Google Play Music seems pretty good, but I'm not getting a lot from my trial because 6 Music is generally fantastic.

Scrobbling 6 Music has revealed a bit of a disconnect for how I use, and how website thinks you should use it. Within a day or two, my "music compability" with 6 Music was (predictably) "SUPER". Looking at my "Top artists", right near the top are 6 Music's current playlist favourites Courtney Barnett and Nadine Shah, who I can (at least) recall the songs that have been played; just below them are Young Fathers, who I cannot. A little lower are Hot Chip and Slaves: both artists who have current singles out which I enjoyed for a while, but the relentless BBC playlist policy is overdoing them and I'm inclined to switch over when they come on now. If I listen to a whole album in a given week, then the artist will likely (and rightly) be sat at the top of "last 7 days"; if I don't, then it could be something I can't even remember listening to.

23 March, 2015 10:10AM

hackergotchi for Jan Wagner

Jan Wagner

Wordpress dictionary attack

Today early in the morning my monitoring system notified me about unusual high outgoing traffic on my hosting plattform. I traced the problem down the webserver which is also hosting this abondened website.

Looking into this with iptraf revealed that this traffic is coming only from one IP. At first I thought anybody might grabbing my Debian packages from But no, it was targeting my highly sophisticated blogging plattform.

$ grep /var/log/nginx/vhosts/access_logs/ | tail -2 - - [23/Mar/2015:08:20:12 +0100] "POST /wp-login.php HTTP/1.0" 404 22106 "-" "-" - - [23/Mar/2015:08:20:12 +0100] "POST /wp-login.php HTTP/1.0" 404 22106 "-" "-"
$ grep /var/log/nginx/vhosts/access_logs/ | wc -l
$ grep /var/log/nginx/vhosts/access_logs/ | wc -l
$ grep /var/log/nginx/vhosts/access_logs/ | grep -v wp-login.php | wc -l

It makes me really sad to see, that dictionary attacks are smashing with such a high power these days, even without evaluating the 404 response.

23 March, 2015 07:23AM

March 22, 2015

hackergotchi for Rhonda D'Vine

Rhonda D'Vine


Friday the 13th was my day. In so many different ways. I received a package which was addressed to Rhonda D'Vine with a special hoodie in it. The person at the post office desk asked me whether it was for my partner, my response was a (cowardly) "no, it's my pseudonym" but that settled any further questions and I got my package.

Later I received an email which made me hyper happy (but which I can't share right now, potentially later).

In the evening there was the WortMacht FemSlam (WordMight FemSlam) poetry slam to which the host asked me to attend just the day before. I was hyper nervous about it. The room was fully packed, there were even quite some people who didn't have a place to sit and were standing at the side. I presented Mermaids because I wasn't able to write anything new on the topic. One would think I am attached enough to the poem by now to not be nervous about it, but it was the environment that made my legs shake like hell while presenting. Gladly I hope it wasn't possible to see it enough under my skirt, but given that it was the first time that I presented it in my home town instead of the "anonymous" internet made me extra anxious. In the end I ended up in place 5 of 7 attendees, which I consider a success given that it was the only text presented in English and not in typical poetry slam style.
(Small addition to the last part: I've been yesterday to the Free Hugs Vienna event at the Schloss Schönbrunn, and one of the people I hugged told me I know you, I've seen you at the FemSlam!. That was extra sweet. :))

I'm happy that I was notified about the FemSlam on such short notice, it was a great experience. So today's entry goes out to the host of that event. This is about Yasmo. One can just be envious about what she already accomplished in her still young life. And she is definitely someone to watch out for in the years to come. I have to excuse to my readers who don't understand German yet again, but I'll get back to something English next time, I promise. :)

  • Kein Platz für Zweifel: The title track from her last album.
  • Wer hat Angst vorm weißen Mann: Most straight-to-the-point line of the lyrics is Wie kann es sein, dass es immer noch diesen Jolly-Buntstift gibt, der "Hautfarbe" heißt?" (How is it possible that there is still this jolly crayon called "colour of the skin"?)
  • Wo kommst du her?: Not a song but one of her great slam poetry texts that I love since I first heard it.

Like always, enjoy!

/music | permanent link | Comments: 0 | Flattr this

22 March, 2015 06:19PM by Rhonda

hackergotchi for Lars Wirzenius

Lars Wirzenius

Obnam 1.9 released (backup software)

I have just released version 1.9 of Obnam, my backup program. See the website at for details. The new version is available from git (see and as Debian packages from Due to the freeze of Debian for the jessie release, I've not uploaded this version to Debian yet (not experimental and not backports).

This is the first Obnam release since May 13, 2014, 313 days ago. That's a long time. I make no excuses: Obnam is a hobby project, which I work on when I have the time and energy. The past year has been very /interesting/ year for me, in all sorts of stressful ways: I've changed jobs, moved to another country, and dealt with the loss of a close relative. Because of this, I've not been able to spend as much time on Obnam as I'd like.

The NEWS file extract below gives the highlights of what has happened to Obnam during this time. There's been a lot of things, actually.

My plans for Obnam next are mainly centered around performance. This will require developing a new repository format, to allow things that are not possible with the current format. For example, the current format stores each data chunk in its own file in the repository, and that is quite wasteful when live data files (and therefore their chunks) are quite small.

As preparation for this work, the silly-looking "simple" format has been added, mostly to make sure the internal code infrastructure is ready to support multiple repository formats in the same Obnam version.

Those interested in discussing ways to make Obnam fast should join the obnam-dev mailing list.

Version 1.9, released 2015-03-22

New features:

  • James Vasile changed Obnam so it can backup an individual file, instead of an entire directory.

  • James Vasile added the --include option to Obnam, allowing one to include files that would otherwise be excluded (see --exclude).

  • Carlo Teubner changed obnam fsck to remove unused chunks, if the --fsck-fix or --fsck-rm-unused settings are used. He also made it not check for unused chunks when it's useless to do so, because of various --fsck-skip settings are used.

  • A start of a French translation of the manual by pedrito2.

  • Ian Cambell provided a new Obnam command, obnam kdirstat, which makes the KDE k4dirstat utility be able to show graphically which parts of a backup generation use most space.

  • Lars Wirzenius added the simple repository format, which is for demonstration only. It is much too simplistic to be used for real.

Minor changes:

  • The manual page and obnam --help are now clearer that the --root setting and command line arguments to obnam backup can be SFTP URLs. Thanks to Simone Piccardi for reporting the issue.

  • David Fries filled in the displayed file permission mode bits.

  • Grammar and typo fixes for the obnam.1 manual page, from Jean Jordaan.

  • Tom Chiverton suggested a clarification to the manual page for "obnam mount" to say that each generation is a subdirectory.

  • David Fries changed restore to set the group ownership if possible even when not root. No warnings are issued if the attempt fails.

  • Jan Niggemann added a little to the German translation of the Obnam manual.

  • Lars Wirzenius added the path to the error message about a missing chunk (R43272X).

  • Lars Wirzenius made the message at the end of a backup report more statistics about transfers during the backup.

Bug fixes:

  • The Obnam SFTP plugin would loop infinitely if it lost the connection to the SSH server while creating a temporary file. Itamar Turner-Trauring provided a fix for this.

  • Will Dyson fixed a bug about locking while removing checkpoint generations.

  • Michel Alexandre Salim fixed a Python 2.6 compatibility problem in the unit tests (use of assertRaises as a context manager).

  • Lars Kruse fixed a bug with backing up of overlapping backup roots (e.g., / and /boot), given a test case by Adrien Clerc.

  • Thomas Eschenbacher fixed a bug in the format 6 repository code that would crash when there is an obscure problem and a B-tree code can't be found in the tree.

  • Tom Chiverton pointed out that the manual page was using "obnam restore" instead of "obnam mount" in an example for "obnam mount".

  • The yarn test suite now runs FUSE tests (obnam mount) when fusermount is available, rather than checking for membership in the group fuse. The latter is a Debianism (fixed in Debian jessie).

  • Thomas Waldmann noticed that obnam verify didn't notice that a file had new data, when the modification time was the same. Obnam now notices this.

  • Thomas Waldmann fixed many typos and minor bugs in the source code.

  • Laurence Perkins reported that the Tahoe-LAFS SFTP server returned some stat fields as None. Fixed to change those to be 0 instead.

  • Lars Wirzenius fixed double-downloading of chunks during restores.

22 March, 2015 04:12PM

hackergotchi for Mehdi Dogguy

Mehdi Dogguy

Running for DPL

Every year, Debian organizes a DPL election. Around end of March, one waits for the beginning of the DPL campaign. Everyone can ask questions to nominated candidates on debian-vote. This year, and for the first time, I nominated myself as a candidate for the 2015 DPL election. You can read my platform here.

Over the past few years, I've followed DPL campaigns on debian-vote reading questions and replies from candidates. It didn't seem easy to keep up with flood of questions and find the right wording while replying. Intuitively, you may think that a question is the first mail of every thread and replies follow... but, not at all :-) Questions can be asked in any mail. So candidates have to read every single mail posted to the list :-) The campaign ends within a week (or so) and it is still time to ask more questions.

Following discussions on debian-vote is a very good opportunity for newcomers to understand, for example, how Debian works and where help is needed. It is also a good place to see what are the main current issues (as perceived by contributors) and read a list of proposals to fix them. I invite anyone interested in Debian in reading debian-vote's archives.

While preparing my platform, I've also realized how much writing down thoughts and ideas was important. It really helps to put things into perspective and re-evaluate priorities. It may sound obvious but I think we are not used to do this often. I really recommend everyone to do this as an exercise, and for any perimeter (personal, team, project-wide, ...).

Last but not least, I'd like to thank all those who helped me to polish my platform and to prepare my candidacy. I am sure they will recognize themselves :-) (whatever the outcome of the election may be)

22 March, 2015 10:44AM by Mehdi (

Hideki Yamane

just an idea: automated release note generation about changes in packages

Now we're (hopefully) in the last stage for Debian "Jessie" release cycle. Well, however, "Please add your package information to release notes ASAP" style doesn't work well, IMHO.

Some package maintainer (including me ;) are lazy, they forget about changes in their package when it was pushed to a repo (put & forget about it). And "last spurt" edit is hard for translators. We translators want to finish it with Debian release time but it's really hard thing.

How wonderful if release notes would be automatically generated! So, system should help them us. Then, how about adding [releasenote] section to debian/NEWS?

In debian/changelog,

foobar (0.2.0-1) unstable; urgency=medium 
  * update debian/NEWS file 
 -- Hideki Yamane <>  Wed, 20 Aug 2014 07:12:51 +0900

and debian/NEWS file,

foobar (0.2.0-1) unstable; urgency=medium 
 [releasenote: Stretch]
  * "buz" package user should migrate other packages since this package
    doesn't provide buz package anymore. 
 -- Hideki Yamane <>  Wed, 20 Aug 2014 07:12:51 +0900

Then, parse all debian/NEWS files and generate release notes automatically.

It's just an idea, not well considered. But probably you'll get the point. "Big Bang release" style is not good, CI style is better - don't you think so?

22 March, 2015 09:16AM by Hideki Yamane (

Robert Edmonds

Bad Google repository signatures

Google publishes Linux software repositories for several of their products, including Google Chrome, which is available from the following apt source:

deb stable main

These repositories are signed with an 8 year old 1024-bit DSA key:

pub   1024D/7FAC5991 2007-03-08
      Key fingerprint = 4CCA 1EAF 950C EE4A B839  76DC A040 830F 7FAC 5991
uid                  Google, Inc. Linux Package Signing Key <>
sub   2048g/C07CB649 2007-03-08

Asymmetric 1024-bit keys are not considered strong enough and were, for instance, aggressively retired from Google's SSL frontends almost two years ago. Such short keys should not be used to protect the integrity of software package repositories.

Note that this key has a longer 2048-bit ElGamal subkey, which is not actually used to produce signatures, but only for encryption. In fact, only a signing key is needed to sign the files in a secure apt repository, and, for instance, the archive keys used to sign official repositories do not contain an encryption subkey.

Since years, many users have reported an error message like the following when running apt-get update:

W: GPG error: stable Release: The following signatures were
invalid: BADSIG A040830F7FAC5991 Google, Inc. Linux Package Signing Key

This error might resolve itself if apt-get update is run again. Apparently, this is due to "bad pushes" occurring in the Google infrastructure. An example of this can be seen in the following curl output:

$ curl -v \
* Hostname was NOT found in DNS cache
*   Trying
* Connected to ( port 80 (#0)
> GET /linux/chrome/deb/dists/stable/Release HTTP/1.1
> User-Agent: curl/7.38.0
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 1347
< Content-Type: application/octet-stream
< Etag: "518b8"
< Expires: Sun, 22 Mar 2015 18:55:19 PDT
< Last-Modified: Fri, 20 Mar 2015 04:22:00 GMT
* Server downloads is not blacklisted
< Server: downloads
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Sun, 22 Mar 2015 01:55:19 GMT
< Alternate-Protocol: 80:quic,p=0.5
Origin: Google, Inc.
Label: Google
Suite: stable
Codename: stable
Version: 1.0
Date: Thu, 19 Mar 2015 22:55:29 +0000
Architectures: amd64 i386
Components: main
Description: Google chrome-linux repository.
 53375c7a2d182d85aef6218c179040ed 144 main/binary-i386/Release
 c556daf52ac818e4b11b84cb5943f6e0 4076 main/binary-i386/Packages
 867ba456bd6537e51bd344df212f4662 960 main/binary-i386/Packages.gz
 2b766b2639b57d5282a154cf6a00b172 1176 main/binary-i386/Packages.bz2
 89704f9af9e6ccd87c192de11ba4c511 145 main/binary-amd64/Release
 fa88101278271922ec9b14b030fd2423 4082 main/binary-amd64/Packages
 1ba717117027f36ff4aea9c3ea60de9e 962 main/binary-amd64/Packages.gz
 19af18f376c986d317cadb3394c60ac5 1193 main/binary-amd64/Packages.bz2
 59414c4175f2cc22e67ba6c30687b00c72a7eafc 144 main/binary-i386/Release
 1764c5418478b1077ada54c73eb501165ba79170 4076 main/binary-i386/Packages
 db24eafac51d3e63fd41343028fb3243f96cbed6 960 main/binary-i386/Packages.gz
 ad8be07425e88b2fdf2f6d143989cde1341a8c51 1176 main/binary-i386/Packages.bz2
 153199d8f866350b7853365a4adc95ee687603dd 145 main/binary-amd64/Release
 7ce66535b35d5fc267fe23af9947f9d27e88508b 4082 main/binary-amd64/Packages
 a72b5e46c3be8ad403df54e4cdcd6e58b2ede65a 962 main/binary-amd64/Packages.gz
 dbc7fddd28cc742ef8f0fb8c6e096455e18c35f8 1193 main/binary-amd64/Packages.bz2
* Connection #0 to host left intact
* Found bundle for host 0x7f24e68d06a0
* Re-using existing connection! (#0) with host
* Connected to ( port 80 (#0)
> GET /linux/chrome/deb/dists/stable/Release.gpg HTTP/1.1
> User-Agent: curl/7.38.0
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 198
< Content-Type: application/octet-stream
< Etag: "518f4"
< Expires: Sun, 22 Mar 2015 18:55:19 PDT
< Last-Modified: Fri, 20 Mar 2015 04:05:00 GMT
* Server downloads is not blacklisted
< Server: downloads
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Sun, 22 Mar 2015 01:55:19 GMT
< Alternate-Protocol: 80:quic,p=0.5
Version: GnuPG v1.4.10 (GNU/Linux)

* Connection #0 to host left intact

Note that both the Release and Release.gpg files were fetched with the same HTTP connection, so the two files must have come from the same web frontend. (Though, it is possible they were served by different backends.) However, the detached signature in Release.gpg does not match the content in Release:

gpgv: Signature made Fri 20 Mar 2015 12:01:58 AM EDT using DSA key ID 7FAC5991
gpgv: BAD signature from "Google, Inc. Linux Package Signing Key <>"

Performing the same pair of fetches again, the same Release.gpg file is returned, but the Release file is slightly different:

$ curl -v \
* Hostname was NOT found in DNS cache
*   Trying
* Connected to ( port 80 (#0)
> GET /linux/chrome/deb/dists/stable/Release HTTP/1.1
> User-Agent: curl/7.38.0
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 1347
< Content-Type: application/octet-stream
< Etag: "518f3"
< Expires: Sun, 22 Mar 2015 18:55:04 PDT
< Last-Modified: Fri, 20 Mar 2015 04:05:00 GMT
* Server downloads is not blacklisted
< Server: downloads
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Sun, 22 Mar 2015 01:55:04 GMT
< Alternate-Protocol: 80:quic,p=0.5
Origin: Google, Inc.
Label: Google
Suite: stable
Codename: stable
Version: 1.0
Date: Fri, 20 Mar 2015 04:02:02 +0000
Architectures: amd64 i386
Components: main
Description: Google chrome-linux repository.
 89704f9af9e6ccd87c192de11ba4c511 145 main/binary-amd64/Release
 fa88101278271922ec9b14b030fd2423 4082 main/binary-amd64/Packages
 1ba717117027f36ff4aea9c3ea60de9e 962 main/binary-amd64/Packages.gz
 19af18f376c986d317cadb3394c60ac5 1193 main/binary-amd64/Packages.bz2
 53375c7a2d182d85aef6218c179040ed 144 main/binary-i386/Release
 c556daf52ac818e4b11b84cb5943f6e0 4076 main/binary-i386/Packages
 867ba456bd6537e51bd344df212f4662 960 main/binary-i386/Packages.gz
 2b766b2639b57d5282a154cf6a00b172 1176 main/binary-i386/Packages.bz2
 153199d8f866350b7853365a4adc95ee687603dd 145 main/binary-amd64/Release
 7ce66535b35d5fc267fe23af9947f9d27e88508b 4082 main/binary-amd64/Packages
 a72b5e46c3be8ad403df54e4cdcd6e58b2ede65a 962 main/binary-amd64/Packages.gz
 dbc7fddd28cc742ef8f0fb8c6e096455e18c35f8 1193 main/binary-amd64/Packages.bz2
 59414c4175f2cc22e67ba6c30687b00c72a7eafc 144 main/binary-i386/Release
 1764c5418478b1077ada54c73eb501165ba79170 4076 main/binary-i386/Packages
 db24eafac51d3e63fd41343028fb3243f96cbed6 960 main/binary-i386/Packages.gz
 ad8be07425e88b2fdf2f6d143989cde1341a8c51 1176 main/binary-i386/Packages.bz2
* Connection #0 to host left intact
* Found bundle for host 0x7ffa33d8b6a0
* Re-using existing connection! (#0) with host
* Connected to ( port 80 (#0)
> GET /linux/chrome/deb/dists/stable/Release.gpg HTTP/1.1
> User-Agent: curl/7.38.0
> Host:
> Accept: */*
< HTTP/1.1 200 OK
< Accept-Ranges: bytes
< Content-Length: 198
< Content-Type: application/octet-stream
< Etag: "518f4"
< Expires: Sun, 22 Mar 2015 18:55:05 PDT
< Last-Modified: Fri, 20 Mar 2015 04:05:00 GMT
* Server downloads is not blacklisted
< Server: downloads
< X-Content-Type-Options: nosniff
< X-Frame-Options: SAMEORIGIN
< X-Xss-Protection: 1; mode=block
< Date: Sun, 22 Mar 2015 01:55:05 GMT
< Alternate-Protocol: 80:quic,p=0.5
Version: GnuPG v1.4.10 (GNU/Linux)

* Connection #0 to host left intact

Note that the Date line in the Release file is different:

@@ -6 +6 @@
-Date: Thu, 19 Mar 2015 22:55:29 +0000
+Date: Fri, 20 Mar 2015 04:02:02 +0000

The file hashes listed in the Release file are in a different order, as well, though the actual hash values are the same. This Release file does have a valid signature:

gpgv: Signature made Fri 20 Mar 2015 12:01:58 AM EDT using DSA key ID 7FAC5991
gpgv: Good signature from "Google, Inc. Linux Package Signing Key <>"

Note that the Release.gpg files in the good and bad cases are the same, and the same signature cannot cover two files with different content. Also note that the same mis-signed content is available via HTTPS, so it is probably not caused by a MITM attack.

The possibility of skew between the Release and Release.gpg files is precisely why inline signed Release files were introduced, but Google's repositories use only the older format with a detached signature.

It would be nice if Google could fix the underlying bug in their infrastructure that results in mis-signed repositories being published frequently, because it trains users to ignore cryptographic failures.

22 March, 2015 03:50AM by Robert Edmonds

March 21, 2015

Iustin Pop

Effects of a PSU upgrade

Got some unexpected results from a hardware upgrade

First, GPU upgrade

Old videocard

My current video card was getting a bit long in the tooth. I kept delaying the upgrade, because newer Radeon cards are pretty inefficient, energy-wise, and I didn't want to upgrade my PSU as well.

My old card had a TDP of 150W, and I was looking for upgrading to something in the same ballpark. While there were more current similar cards, the performance benefit was not that great - to get a real boost, I'd need to upgrade to something 200W+, if not 250W.

Additionally, I was focused on AMD-only cards because of Linux open-source support, even though newer AMD cards don't support EXA anymore (plain 2D).

Surprised to learn about Nvidia Maxwell

While looking at what AMD cards to upgrade to, I happen to learn about the now ~1 year old Nvidia Maxwell architecture, which is - surprisingly - much more energy efficient. So efficient, that I could upgrade to a top-of-the-line card, with around 6× performance on most benchmarks compared to my current card, with only a 25W TDP increase.

I couldn't believe I missed this for almost a year, just because I was focused only on AMD cards.

I research some more, I try to console myself about going back to Nvidia's binary blobs until Nouveau supports GM20x card well, but in the end the results seem too good to ignore.

Upgrade: in-game performance and noise

For the card I bought, Nvidia says a PSU with 500W output is the minimum. That matched exactly the PSU I had, and it was a quality producer (Seasonic), so I bought the new videocard and installed it.

Performance was, surprisingly, as expected: my new card is faster at maximum settings than my old card was on low settings in two or three games that I tested. So all good from this side.

On Linux, moving to the non-free Nvidia driver was a walk in the part, thanks to the maintainers of all things Nvidia: thanks! Last I used an Nvidia card, many years ago, it was a bit more painful. And yes, Nvidia doesn't enable all monitors upon boot, requiring some reshuffling of the outputs for multi-monitor work. Finding that I still had an .nvidia-settings-rc in my homedir from ages ago was fun :)

The downside was that the system was noisier under load; slightly noisier in some games, to much more noisier in others. This didn't match my expectations, since the specific version of the card I bought was not overclocked and had extra large fans, and with only a +25W TDP it shouldn't have been significantly noisier. Well, that's it, I said, not all marketing/reviews should be believed.

One interesting thing was that I wasn't clearly able to pin-point what was generating the additional noise.

PSU upgrade

I was thinking anyway about doing a PSU upgrade as well, since my current PSU was even older than my videocard, and was at the limit.


So I bought a PSU as well, and spent about half a day installing it. Why half a day? Because the new PSU is modular, and the combination with the case I have means I could redo the cabling inside my case, significantly.

In the process, I found a lot of accumulated dust which I cleaned. I also found out that parts of the CPU cooler fins were blocked by dust, so the fan was not as effective as when new. I also realised that one case fan was no longer effective in its position, since I have no HDDs that need cooling (this case is split between MB and HDD/PSU areas), so I could move it in a place that cools better the various PCIe devices.

… and silence!

After all was said and done, the PC booted up just fine. Everything seemed correct, the new position of the fan was drawing in cold air and pushing it over the PCIe cards, so it was time to see if all the cleanup had any effect on the behaviour under load.

So I start a game, the card gets slightly noisier compared to idle, and stays there. I go on playing for 10 minutes, which would have been more than enough to heat the whole system enough that it becomes noisy, but nothing, just slightly above the normal "PC is on" noise. Before all the upgrades, my old card was definitely noisier when playing…

I don't know if there is a single, key factor, or if it's a combination of all of:

  • better CPU cooling
  • PSU with higher wattage, which means it has to work less for the same load; at idle these PSUs are very silent, but not so much at 80-90% of the maximum
  • better cooling of the video-card, since it doesn't only recycle the air inside the case, but actually has cold air pushed over it.

In any case, I'm happy now. I got much better performance (5-6× is nothing to laugh at) for slight increase in energy consumption at load (~+25W). If I had stopped here, it would have been good enough. But spending 3 hours cleaning and simplifying the cabling means I also got a much quieter PC.

The only downside is Linux with binary drivers. Waiting now for Nouveau…

21 March, 2015 02:37PM

hackergotchi for Junichi Uekawa

Junichi Uekawa



21 March, 2015 07:17AM by Junichi Uekawa

March 20, 2015

Zlatan Todorić

Interviews with FLOSS developers: Laura Arjona

One of fresh additions to Debian, that is showing Debian's commitment to diversity in all fields is Laura Arjona Reina. A helpful hand on channels and a great flux of FLOSS energy she brings with herself. Although applied for non-packaging Debian Developer status, Laura does recognize that there are still some technical aspects what must grasp on. Her dedication to FLOSS and trying to solve some of its issues is astonishing, as this woman is doing a lot of self-hosting and system administration. Yes, you read it right - she does all of that and still applied for non-packaging Debian Developer. She is perfect example how FLOSS enhances humans in many ways. Hello Laura.

Picture of Laura

Who are you?

I am Laura Arjona, I work as IT assistant at Technic University of Madrid, I am married and I have a son, and I use and promote free (libre) software both at job and at home and with friends. I have a nice time contributing in Debian and other FLOSS projects but I always want to do more than what I manage to actually do (I hope I can improve that, as time goes by... and maybe when I get retired I am the SuperLArjona that you wrote about!).

What parts of FLOSS community are you engaged?

I use Debian, and CyanogenMod + F-Droid in my phone. I coordinate the translation of the Debian website into Spanish, help with FSFE website translation too, and translate some other free software (GNU MediaGoblin, F-Droid, Android apps that I use, web services that we use at work...). I use and promote some free social networks:, GNU Social, and XMPP. My work/friends environment is mostly Windows/Android so I try to find/promote libre software replacements or interesting applications for them. I give free FLOSS stickers to everybody showing interest for libre software, and a nice Debian sticker if they finally install it in their computers.

Setup of your main machine?

My machine is a humble Compaq Mini 110C laptop (32bits, Atom N270@1.60GHz, 1GB RAM) and I have Debian Jessie (future-stable ATM) with xfce on it. I'm not tied to particular tools, for example I use Mousepad for editing here in my xfce, Kate in my desktop at work, nano in the server. The only "tuning" that I always do is to set a dark background for terminals and text editors, but I don't even switch to a desktop dark theme... (BTW I love Jessie's theme, "Lines"!). I know there are awesome pieces of software out there (hey emacs-org-mode!), but I just don't have fun having to learn them by myself (no LUG near, I'm afraid...).

Some memorable moments from Debian conferences?

I've only been at Barcelona MiniDebConf Women 2014 and it was great. It was memorable that I promoted the keysigning for that MiniDebConf, and came home with lots of signatures and papers to verify and sign... and then I was not remembering my GPG main key passphrase! so I hid under my desk for two months, and then, decided to start again (created a new key and tried to meet some Debian people in Madrid...). So I guess I should go to some (Mini)DebConf again.

You are currently involved in process of becoming non-packaging Debian Developer - what made you take that step?

I began translating in 2011, and since then, I enjoyed contributing in Debian (women, l10n-es, website, publicity). I'm quite regular with the translation work, and applying for DD is a plan to 'force' myself to find chunks of time to contribute more in the other areas too. I also believe that applying I may help other people to also apply or get more involved or become more visible. So here I am.

Although you applied for non-packaging Debian Developer you recognize that there is still a technical learning curve in Debian even for that - what are the technical aspects a non-Developer should grasp?

Well, I suppose it depends on the area you are contributing. In Publicity you find repositories in git (, and subversion (Debian Project News). The website uses CVS ( So you need the basics of 3 different version control systems to commit your changes (or send them to the mailing list and wait somebody to commit them). We use a mail robot to coordinate the translation work, so you need to write the subject with a certain format, and some people complains when somebody send mail in HTML (plain text is preferred). There are some other tools such as IRC and GPG that I began using just for contributing to Debian. Once that you learn them a bit and you learn how Debian works, you understand they are the great tools and you get in love (hey meetbot and KGB! hey!), but I wonder how people with no technical background, or even Computer Engineering students nowadays, accostumed to instant messaging in the mobile, fancy web interfaces and so on, look at these tools and just don't even try.

How do you see future of Debian development?

I don't know, Debian is huge... Some areas in which I hope we, as a community, find the way to work more: packaging (or help configuring) web applications or network services, provide LTS support, and keep on improving outreach/diversity.

What are your future plans in Debian, what would you like to work on?

In the Spanish team area, my plan is to go on translating the website, jump more often into translating package descriptions too, and help first-time-contributors to keep themselves involved. In the website and publicity teams, I hope I manage to put some weekly time to help with pending tasks/bugs, and serve as liaison with the other areas in which I'm involved (women, l10n, contributors...). If I become DD, I would like to create/adopt some data sources for, or convince people to do it I'm not sure if I will be able to attend DebConf some year; meanwhile, at least, I'll continue trying to help with the blog and promotion (as -publicity-team member).

Why should developers and users join Debian community? What makes Debian a great and happy place?

For using it: the desktop experience has improved very much in the last years, there's a clear separation between free and non-free software so the Debian users always know where are we, and there is wide documentation (in English, at least. Probably in other languages too). For getting involved: I like very much that you can lurk what almost everybody does: just join some mailing lists or IRC channels, the Debian people work in the open. So you know a bit where are you jumping in. Later you learn that everything is easier than what was looking from the outside, because you make friends and with friends everything is better.
Contributions made to Debian have many chances to reach a very wide community: Debian users, upstream projects, and the hundreds of derivatives. It's a quite horizontal, decentralized organization (that has its downsides too, but I can live with them).

Is there something you would change in FLOSS ecosystem?

We need much more internationalization and localization efforts. People don't need English for using libre software nowadays in their desktop, it's one of our big strenghts, but they definitely need English for using libre software for Android, or solving problems with the libre software they use in your computers/devices, or to contribute to any community. I think we need more local groups for user support/outreach, more libre-software-based translation tools and online services (replacements for Google Translator, for Transifex...),and more internationalization and localization efforts (manuals, websites... not only the software itself). If we work hard in this area, we'll gain much more users and much more contributors.

Why does privacy matter to you?

I have a son, at our family we interchange photos, and sometimes I have private conversations using the smartphone, mail or other internet services. I want to have the chance that the day that I (or my family) need privacy, we can have it easily. And I want that the people that really need privacy today, have proper tools at their hand. So I try to use PGP, selfhost my multimedia website, use decentralized, free software based networks and XMPP mobile apps... to help those projects to thrive. I try do my part of the network effect!

You are being upset with rise of Github - why is that and what would change would you like to see?

I totally agree with Mako's essay "Free software needs free tools". Yes, many nonfree web services are easier and have better features right now, but the key is that only dogfooding can change that, the same like changed it with the GNU/Linux desktop and Open/LibreOffice for example...
I would like to see more people trying to selfhost, use and promote libre software based forges, so in addition to avoid vendor lock in and win consistency in our discourse, we polish the available tools and eventually win the battle also in the technical side.

You are hosting yours own instances of Mediagoblin - as it is not officially packaged in Debian yet, how do you manage it and how would you encourage others to do it?

I followed the MediaGoblin documentation for its last stable release, and hanged on the IRC channel when in doubts/problems. It was not so hard, because it's well documented for Debian systems, and most of the dependencies are already packaged (in stable and testing). MediaGoblin is in its way to stretch too (thanks simonft and the rest of people working on this!). I'm documenting my adventures with selfhosting in [my blog (, but I need to write more often, and put more time in my small server (now I try to selfhost my git projects with cgit, and I want to setup an XMPP server and Etherpad Lite too).

You are trying to resolve with self-hosting personal issues with services such as WhatsUp and other non-free parts of our everyday lives- what issues are you hitting on during your way and how do you resolve them?

"#iloveemail", but people don't love it anymore, it seems... I've researched a bit about instant messaging to try to propose alternatives to WhatsApp to my family and friends. It seems Conversations with a community XMPP server where to create multi user chat rooms can be a replacement, so my plan is to try during this year. Meanwhile, I've setup the MediaGoblin site so I upload the photos there instead of sending them with the phone, and for the 1-to-1 chat I try to move people to Kontalk (instant messaging, GPG, photos, voice notes...). For the videocalls, I promote Jitsi or just point people to I have account and and will try to host Owncloud too. We'll see what happens.

You are interested in radio shows - what drives you into that field and will we see soon any podcasts from Laura?

I like to talk and I'm not a shy person, so the few times that in any of my social groups there was a chance to "talk in the radio", I volunteered and enjoyed. This has been, in my life, 6 or 7 times (in Spanish, talking about social activism or politics. No records, though!). Some months ago the people of "El Binario" invited me to talk at "findenegro" about and free networks (in Spanish), I accepted and had a very nice time (audios in my mediagoblin). I wish I have more free time to listen to podcasts and maybe to join some other people to participate in a program in a regular basis. OTOH, my son asks for a tale almost each day... I follow one of Gianni Rodari "The grammar of fantasy"'s approach: take some day-to-day facts and add something unexpected and crazy, and tailor a short story. Maybe I could record them and publish in my MediaGoblin... Of course their literary quality is not even near to Gianni Rodari's but people that listened to them when I was storytelling (in the metro, my mother at home, some friends...) say they are fun and interesting. Who knows!

Work of Laura's son

20 March, 2015 10:33PM by Zlatan Todorić

Antonio Terceiro

rrg: visualize the require hierarchy in Ruby projects

Yesterday I was hacking on some Ruby code and getting a weird error which I thought was caused by mutually recursive require statements (i.e. A requires B, and B requires A). Later I realized that this is not an issue in Ruby, since the intepreter keeps track of what has already been required and will not enter a loop. But during the investigation I came up with something that turned out to be useful.

rrg will read the source code of a Ruby project and generate a graph based on the require statements in the code; nodes represent the source files and an arrow from A to B means that A contains a `require ‘B’` statement.

From the README:

Just run rrg at the root of your project. rrg will parse the code inside lib/, and generate a graph description in the Graphviz format. You can pipe the output to Graphviz directly, or store it in a file and process it to generate an image.

If you call rrgv instead, it will automatically process the graph with Graphviz, generate a PNG image, and open it.

Let’s see some examples. First the classical “analysing itself” example, the require graph for rrg itself:

Not very interesting, since all of the logic is currently in the main binary and not on library code. But 1) when I do the refactorings I want to, there will be more library code and 2) while writing this I implemented also parsing scripts in bin/.

Now chake which is a slightly larger project:

An even larger (but still not that big) project, gem2deb:

Note that these visualizations may not be accurate representations of the actual source code. In Ruby, nothing stops one from implementing class A::B in lib/x/y.rb, but most reasonable code will make sure that filenames and the classes namespaces actually match.

If you are working on a sane codebase, though, visualizing graphs like this helps understand the general structure of the code and perceive possible improvements. The gem2deb graph gave me some ideas already and I didn’t even paid much attention to it yet.

20 March, 2015 09:55PM

Zlatan Todorić

My journey into Debian

Notice: There were several requests for me to more elaborate on my path to Debian and impact on life so here it is. It's going to be a bit long so anyone who isn't interested in my personal Debian journey should skip it. :)

In 2007. I enrolled into Faculty of Mechanical Engineering (at first at Department of Industrial Management and later transfered to Department of Mechatronics - this was possible because first 3 semesters are same for both departments). By the end of same year I was finishing my tasks (consisting primarily of calculations, some small graphical designs and write-ups) when famous virus, called by users "RECYCLER", sent my Windows XP machine into oblivion. Not only it took control over machine and just spawned so many processes that system would crash itself, it actually deleted all from hard-disk before it killed the system entirely. I raged - my month old work, full of precise calculations and a lot of design details, was just gone. I started cursing which was always continued with weeping: "Why isn't there an OS that can whithstand all of viruses, even if it looks like old DOS!". At that time, my roommate was my cousin who had used Kubuntu in past and currently was having SUSE dual-booted on his laptop. He called me over, started talking about this thing called Linux and how it's different but de facto has no viruses. Well, show me this Linux and my thought was, it's probably so ancient and not used that it probably looks like from pre Windows 3.1 era, but when SUSE booted up it had so much more beautiful UI look (it was KDE, and compared to XP it looked like the most professional OS ever).

So I was thrilled, installed openSUSE, found some rough edges (I knew immediately that my work with professional CAD systems will not be possible on Linux machines) but overall I was bought. After that he even talked to me about distros. Wait, WTF distros?! So, he showed me I was amazed. There is not only a better OS then Windows - there where dozens, hundreds of them. After some poking around I installed Debian KDE - and it felt great, working better then openSUSE but now I was as most newbies, on fire to try more distros. So I was going around with Fedora, Mandriva, CentOS, Ubuntu, Mint, PCLinuxOS and in beginning of 2008 I stumbled upon Debian docs which where talking about GNU and GNU Manifesto. To be clear, I was always as a high-school kid very much attached to idea of freedom but started loosing faith by faculty time (Internet was still not taking too much of time here, youth still spent most of the day outside). So the GNU Manifesto was really a big thing for me and Debian is a social bastion of freedom. Debian (now with GNOME2) was being installed on my machine.

As all that hackerdom in Debian was around I started trying to dig up some code. I never ever read a book on coding (until this day I still didn't start and finish one) so after a few days I decided to code tetris in C++ with thought that I will finish it in two days at most (the feeling that you are powerful and very bright person) - I ended it after one month in much pain. So instead I learned about keeping Debian system going on, and exploring some new packages. I got thrilled over radiotray, slimvolley (even held a tournament in my dorm room), started helping on #debian, was very active in conversation with others about Debian and even installed it on few laptops (I became de facto technical support for users of those laptops :D ).

Then came 2010 which with negative flow that came in second half of 2009, started to crush me badly. I was promised to go to Norway, getting my studies on robotics and professor lied (that same professor is still on faculty even after he was caught in big corruption scandal over buying robots - he bought 15 years old robots from UK, although he got money from Norway to buy new ones). My relationship came to hard end and had big emotional impact on me. I fell a year on faculty. My father stopped financing me and stopped talking to me. My depression came back. Alcohol took over me. I was drunk every day just not to feel anything. Then came the end of 2010, I somehow got to the information that DebConf will be in Banja Luka. WHAT?! DebConf in city where I live. I got into #debconf and in December 2010/January 2011 I became part of the famous "local local organizers". I was still getting hammered by alcohol but at least I was getting out of depression. IIRC I met Holger and Moray in May, had a great day (a drop of rakia that was too much for all of us) and by their way of behaving there was something strange. Beatiful but strange. Both were sending unique energy of liberty although I am not sure they were aware of it. Later, during DebConf I felt that energy from almost all Debian people, which I can't explain. I don't feel it today - not because it's not there, it's because I think I integrated so much into Debian community that it's now a natural feeling which people here, that are close to me are saying that they feel it when I talk about Debian.

DebConf time in Banja Luka was awesome - firstly I met Phil Hands and Andrew McMillan which were a crazy team, local local team was working hard (I even threw up during the work in Banski Dvor because of all heat and probably not much of sleep due to excitement), met also crazy Mexican Gunnar (aren't all Mexicans crazy?), played Mao (never again, thank you), was hanging around smart but crazy people (love all) from which I must notice Nattie (a bastion of positive energy), Christian Perrier (which had coordinated our Serbian translation effort), Steve Langasek (which asked me to find physiotherapist for his co-worker Mathias Klose, IIRC), Zach (not at all important guy at that time), Luca Capello (who gifted me a swirl on my birthday) and so many others that this would be a post for itself just naming them. During DebConf it was also a bit of hard time - my grandfather died on 6th July and I couldn't attend the funeral so I was still having that sadness in my heart, and Darjan Prtic, a local team member that came from Vienna, committed suicide on my birthday (23 July). But DebConf as conference was great, but more importantly the Debian community felt like a family and Meike Reichle told me that it was. The night it finished, me and Vedran Novakovic cried. A lot. Even days after, I was getting up in the morning having the feeling I need something to do for DebConf. After a long time I felt alive. By the end of year, I adopted package from Clint Adams and Moray became my sponsor. In last quarter of 2011 and beginning of 2012, I (as part of LUG) held talks about Linux, had Linux installation in Computer Center for the first time ever, and installed Debian on more machines.

Now fast forwarding with some details - I was also on DebConf13 in Switzerland, met some great new friends such as Tincho and Santiago (and many many more), Santiago was also my roommate in Portland on the previous DebConf. In Switzerland I had really great and awesome time. Year 2014 - I was also at DebConf14, maintain a bit more packages and have applied for DD, met some new friends among which I must put out Apollon Oikonomopoulos and Costas Drogos which friendship is already deep for such a short time and I already know that they are life-long friends. Also thanks to Steve Langasek, because without his help I wouldn't be in Portland with my family and he also gave me Arduino. :) 2015. - I am currently at my village residence, have a 5 years of working experince as developer due to Debian and still a lot to go, learn and do but my love towards Debian community is by magnitude bigger then when I thought I love it at most. I am also going through my personal evolution and people from Debian showed me to fight for what you care, so I plan to do so.

I can't write all and name all the people that I met, and believe me when I say that I remember most and all of you impacted my life for which I am eternally grateful. Debian, and it's community effect literally saved my life, spring new energy into me and changed me for better. Debian social impact is far bigger then technical, and when you know that Debian is a bastion of technical excellence - you can maybe picture the greatness of Debian. Some of greatest minds are in Debian but most important isn't the sheer amount of knowledge but the enormous empathy. I just hope I can in future show to more people what Debian is and to find all lost souls as me to give them the hope, to show them that we can make world a better place and that everyone is capable to live and do what they love.

P.S. I am still hoping and waiting to see Bdale writing a book about Debian's history to this day - in which I think many of us would admire the work done by project members, laugh about many situations and have fun reading a book about project that was having nothing to do but fail and yet it stands stronger then ever with roots deep into our minds.

20 March, 2015 06:16PM by Zlatan Todorić

Richard Hartmann

Release Critical Bug report for Week 12

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1041 (Including 155 bugs affecting key packages)
    • Affecting Jessie: 87 (key packages: 61) That's the number we need to get down to zero before the release. They can be split in two big categories:
      • Affecting Jessie and unstable: 71 (key packages: 52) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
        • 15 bugs are tagged 'patch'. (key packages: 12) Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 1 bugs are marked as done, but still affect unstable. (key packages: 0) This can happen due to missing builds on some architectures, for example. Help investigate!
        • 55 bugs are neither tagged patch, nor marked done. (key packages: 40) Help make a first step towards resolution!
      • Affecting Jessie only: 16 (key packages: 9) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
        • 11 bugs are in packages that are unblocked by the release team. (key packages: 5)
        • 5 bugs are in packages that are not unblocked. (key packages: 4)

How do we compare to the Squeeze and Wheezy release cycles?

Week Squeeze Wheezy Jessie
43 284 (213+71) 468 (332+136) 319 (240+79)
44 261 (201+60) 408 (265+143) 274 (224+50)
45 261 (205+56) 425 (291+134) 295 (229+66)
46 271 (200+71) 401 (258+143) 427 (313+114)
47 283 (209+74) 366 (221+145) 342 (260+82)
48 256 (177+79) 378 (230+148) 274 (189+85)
49 256 (180+76) 360 (216+155) 226 (147+79)
50 204 (148+56) 339 (195+144) ???
51 178 (124+54) 323 (190+133) 189 (134+55)
52 115 (78+37) 289 (190+99) 147 (112+35)
1 93 (60+33) 287 (171+116) 140 (104+36)
2 82 (46+36) 271 (162+109) 157 (124+33)
3 25 (15+10) 249 (165+84) 172 (128+44)
4 14 (8+6) 244 (176+68) 187 (132+55)
5 2 (0+2) 224 (132+92) 175 (124+51)
6 release! 212 (129+83) 161 (109+52)
7 release+1 194 (128+66) 147 (106+41)
8 release+2 206 (144+62) 147 (96+51)
9 release+3 174 (105+69) 152 (101+51)
10 release+4 120 (72+48) 112 (82+30)
11 release+5 115 (74+41) 97 (68+29)
12 release+6 93 (47+46) 87 (71+16)
13 release+7 50 (24+26)
14 release+8 51 (32+19)
15 release+9 39 (32+7)
16 release+10 20 (12+8)
17 release+11 24 (19+5)
18 release+12 2 (2+0)

Graphical overview of bug stats thanks to azhag:

20 March, 2015 03:59PM by Richard 'RichiH' Hartmann

hackergotchi for Steve McIntyre

Steve McIntyre

Tour of Australia

Jo and I just got back from our massive holiday in Australia. We had an awesome time overall, fitting in lots of stuff in 4 weeks. Time for a quick write-up and some photos!

Ayers Rock

We flew into Sydney, then straight onto Uluru for the obligatory sunset and sunrise viewings. We didn't climb the Rock, both for sensitivity reasons and (to be more honest!) it looked way too much like hard work in 40-plus degree heat.

Ghan train

Coach over to Alice Springs, where we had a very quick look around before taking the Ghan train down to Adelaide. The train was fun for a day, and we got to see a lot of desert. In Adelaide, we had a look around the city (lovely colonial feel!) and got a couple of evenings in fun comedy shows at the Fringe. Great fun!

Cuddling a sleepy wombat!

On to Tasmania, where we did a quick (3 days) run around the island by car: into Hobart, up the east coast. Stopped in Swansea (a nice version!) for some heavenly Devonshire teas, then on up to Grindelwald near Launceston. Visited Trowunna Wildlife Park to see (and cuddle!) lots of local animals, which was amazing - Jo's favourite day of the holiday. Then on to Queenstown and drive back down to Hobart past some impossibly beautiful views around Cradle Mountain. Tassie's gorgeous - like the best bits of Scotland, Wales and Cornwall but with even fewer people and better weather.

Sydney Opera House

Next, on to Sydney for Harry and Cath's wedding. We stayed up in Chatswood. Not knowing anything about the area beforehand, we were a little surprised to basically find ourselves back in Hong Kong! We spent most of the weekend catching up with friends from the wedding group, and the wedding itself was at Quarantine Station, overlooking the harbour. It couldn't have been a more perfect location / weather / view for our friends' big day! We squeezed in a couple of the open-top bus tours of Sydney on the Sunday, but got caught in the horrendous storm that hit and ended up sheltering downstairs under cover on the bus. I'm told Bondi is lovely, but it all looked grey from the bus. :-P

Puffing Billy, Yarra Valley

Down to Melbourne on the train (bit of a wasted day, in hindsight), where we wandered around the city quite a bit. Caught up with an old friend who lives there for a day, and we did a wine tour up the Yarra Valley which was fun too.

Snorkelling at the Reef - all OK!

Up to Port Douglas, where we headed out to the Reef for my highlight of the holiday: a snorkelling tour with some local marine experts who showed us the local flora and fauna. We also visited a local Aboriginal cultural centre, skyrail and scenic railway around Kuranda village.

Koala! :-)

Down to Hervey Bay and a 1-day tour of Fraser Island - an amazing place in combination with quite a thrill-ride experience just being driven around on the sand tracks. Finally, down to Brisbane where we wandered around and visited both the Lone Pine Koala Sanctuary (more cuddles!) and the Gold Coast. Then the long flights home. Whew!

We're knackered now. We knew we could't fit everything in, but we're glad we travelled all over and got tastes of almost everything. Now we can work out where we want to spend more time on our future visit(s). We'll definitely want to head over and see Perth and some of WA next time, and definitely more time in Tasmania, Sydney and Adelaide.

20 March, 2015 02:24PM

hackergotchi for Lucas Nussbaum

Lucas Nussbaum

Several improvements to UDD’s Bug Search and Maintainer Dashboard

Several improvements have been made to UDD’s Bug Search and Maintainer Dashboard recently.

On the Maintainer Dashboard side, the main new feature is a QA checks table that provides an overview of results from lintian, reproducible builds, piuparts, and Check the dashboard for the Ruby team for an example. Also, thanks to Daniel Pocock, the TODO items can now be exported as iCalendar tasks.

Bugs Search now has much better JSON and YAML outputs. It’s probably a good start if you want to do some data-mining on bugs. Packages can now be selected using the same form as the Maintainer Dashboard’s one, which makes it easy to build your own personal bug list, and will suppress the need for some of the team-specific listings.

Many bugs have been fixed too. More generally, thanks to the work of Christophe Siraut, the code is much better now, with a clean separation of the data analysis logic and the rendering sides that will make future improvements easier.

As the reminder, it’s quite easy to hack on UDD (even if you are not a DD). Please report bugs, including about additional features you would like to see!

20 March, 2015 07:36AM by lucas

Noah Meyerhans

Building OpenWRT with Docker

I've run OpenWRT on my home router for a long time, and these days I maintain a couple of packages for the project. In order to make most efficient use of the hardware resources on my router, I run a custom build of the OpenWRT firmware with some default features removed and others added. For example, I install bind and ipsec-tools, while I disable the web UI in order to save space.

There are quite a few packages required for the OpenWRT build process. I don't necessarily want all of these packages installed on my main machine, nor do I want to maintain a VM for the build environment. So I investigated using Docker for this.

Starting from a base jessie image, which I created using the Docker debootstrap wrapper, the first step was to construct a Dockerfile containing instructions on how to set up the build environment and create a non-root user to perform the build:

FROM jessie:latest
MAINTAINER Noah Meyerhans <>

RUN DEBIAN_FRONTEND=noninteractive apt-get update && apt-get -y install \
asciidoc bash bc binutils bzip2 fastjar flex git-core g++ gcc
util-linux gawk libgtk2.0-dev intltool jikespg zlib1g-dev make \
genisoimage libncurses5-dev libssl-dev patch perl-modules \
python2.7-dev rsync ruby sdcc unzip wget gettext xsltproc \
libboost1.55-dev libxml-parser-perl libusb-dev bin86 bcc sharutils \

RUN adduser --disabled-password --uid 1000 --gecos "Docker Builder,,," builder

And we generate a docker image based on this Dockerfile per the docker build documentation. At this point, we've got a basic image that does what we want. To initialize the build environment (download package sources, etc), I might run:

docker run -v ~/src/openwrt:/src/openwrt -u builder -t -i jessie/openwrt sh -c "cd /src/openwrt/openwrt && scripts/feeds update -a"

Or configure the system:

docker run -v ~/src/openwrt:/src/openwrt -u builder -t -i jessie/openwrt make -C /src/openwrt/openwrt menuconfig

And finally, build the OpenWRT image itself:

docker run -v ~/src/openwrt:/src/openwrt -u builder -t -i jessie/openwrt make -C /src/openwrt/openwrt -j3

The -v ~/src/openwrt:/src/openwrt flags tell docker to bind mount my ~/src/openwrt directory (which I'd previously cloned using git) to /src/openwrt inside the running container. Without this, one might be tempted to clone the git repo directly into the container at runtime, but the changes to non-bind-mount filesystems are lost when the container terminates. This could be suitable for an autobuild environment, in which the sources are cloned at the start of the build and any generated artifacts are archived externally at the end, but it isn't suitable for a dev environment where I might be making and testing small changes at a relatively high frequency.

The -u builder flags tell docker to run the given commands as the builder user inside the container. Recall that builder was created with UID 1000 in the Dockerfile. Since I'm storing the source and artifacts in a bind-mounted directory, all saved files will be created with this UID. Since UID 1000 happens to be my UID on my laptop, this is fine. Any files created by builder inside the container will be owned by me outside the container. However, this container should not have to rely on a user with a given UID running it! I'm not sure what the right way to approach this problem is within Docker. It may be that someone using my image should create their own derivative image that creates a user with the appropriate UID (creation of this derivative image is a cheap operation in Docker). Alternatively, whatever Docker init system is used could start as root, add a new user with a specific UID, and execute the build commands as that new user. Neither of these seems as clean as it could be, though.

In general, Docker seems quite useful for such a build environment. It's easy to set up, and it makes it very easy to generate and share a common collection of packages and configuration. Because images are self-contained, I can reclaim a bunch of disk space by simple executing "docker rmi".

20 March, 2015 05:23AM

March 19, 2015

Zlatan Todorić

Icelandic Pirate Party

So according to latest survey the Icelandic Pirate Party is now the largest party in this awesome country. A reason more to move there, double of reasons to learn from the country that shown so many examples for society in last 6 years. Are they springing a new great modern society?

19 March, 2015 10:59PM by Zlatan Todorić

Lior Kaplan

CVE assignment without upstream knowledge

In the past few months I’ve been dealing with aligning PHP CVE information to enable easier tracking of security fixes. The two main locations are the NEWS file which is part of each release and the changelog available on the website which is more popular (and easier to update).

Usually the CVE are assigned per security team request or with cooperation with one of the Linux distribution’s teams (either PHP or security), as should be in a good ecosystem.

Recently I got a few notifications issued by Debian about its PHP package, which I wasn’t familiar with these CVE IDS. When checking this, I found out a few CVE assigned per 3rd party (Linux distribution, bug reporter, etc…) request without upstream knowledge. Digging deeper I found out that some CVE were assigned a month after the fixes were released, while others were only a week or two after. While this makes sure the security information is documented, it’s harder to add the information after tagging and releasing.

In another case, while discussing about a CVE for a specific bug, we found out one was already assigned per the reporter’s request but without the our or the upstream library knowledge. Even if the issue isn’t severe, upstream should get a fair chance to fix issue before making them public. Which also leads to a problem with requesting CVE IDs on a public mailing list which in some cases leads to security information leakage. We should balance transparency with some grace period for upstreams (as projects share code).

Filed under: Debian GNU/Linux, PHP

19 March, 2015 05:33PM by Kaplan

Patrick Matthäi

Todays wheezy-backports work


I have updated geoip in wheezy-backports today from version 1.5.0-3~bpo70+1 to 1.6.2-4~bpo70+1, which includes also the new generators for the City and ASN database. This is also a prerequisite for the upcoming geoip-database updates!

For the otrs users: Now you can also install otrs 3.3.9-3~bpo70+1 in Wheezy, instead of the realy old version 3.2.11-1~bpo70+1.

19 March, 2015 12:30PM by the-me

hackergotchi for Mario Lang

Mario Lang

Why is Qt5 not displaying Braille?

While evaluating the cross-platform accessibility of Qt5, I stumbled across this deficiency:

#include <QApplication>
#include <QTextEdit>

int main(int argv, char **args)
  QApplication app(argv, args);

  QTextEdit textEdit;

  return app.exec();

On my system, this "application" does not show the correct glyph. If pretends to not know how to render 28FF. However, my braille display shows the correct character, so the encoding is OK. In the same X11 desktop, gedit and "cat" can display Unicode braille. So I apparently have the necessary fonts installed.

Any insights? What do I need to do, to convince Qt to display glyphs in the range 2800-28FF?

19 March, 2015 10:36AM by Mario Lang

Patrick Matthäi

Egypt 2015


until the end of last week I were my first time in Egypt at Hurghada. Interesting country and culture but I have to think about it if I would travel again to Egypt :D

I also travelled to Luxor to visit the city itself, to drive on the Nil river and to visit some attractions like the Luxor-Temple and the “Totent11017433_1796663110558337_7374756648991575472_n11008408_1796659850558663_2925510544698606712_nempel of Hatschepsut”.10403407_1796662590558389_1133044057957090257_n11050726_1796659530558695_8174734951625786041_n11036989_1796654460559202_4279833744609842255_n


19 March, 2015 10:31AM by the-me

March 18, 2015

Bits from Debian

DebConf15 welcomes new sponsors

The organization of DebConf15 (from 15 to 22 August 2015, in Heidelberg, Germany) is going smoothly, the call for proposals is open and today we want to provide some updates about our sponsors.

Twelve more companies have joined our nine first sponsors in supporting DebConf15. Thank you to all of them!

Our third Gold sponsor is the Matanel Foundation, which encourages social entrepreneurship in all over the world.

IBM, the technology and consulting corporation, has also joined the DebConf15 sponsorship at a Gold level.

Google, the search engine and advertising company, has increased its sponsorship level from Silver to Gold.

Mirantis, 1&1 (which is also one of Debian's service partners), MySQL and Hudson River Trading have committed sponsorship at Silver level.

And last but not least, six more sponsors have agreed to support us at Bronze level:, the University of Zurich, Deduktiva, Docker, DG-i (which is also one of Debian's service partners), and PricewaterhouseCoopers (which also provides consultancy support for DebConf15).

The DebConf15 team is very thankful to all the DebConf sponsors for their support.

Become a sponsor too!

DebConf15 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through, and visit the DebConf15 website at

18 March, 2015 03:00PM by Laura Arjona Reina

hackergotchi for Mario Lang

Mario Lang

Call for Help: BMC -- Braille Music Compiler

Since 2009, I am persuing a personal programming project. As I am not a professional programmer, I have spent quite a lot of that time exploring options. I have thrown out about three or four prototype implementations already. My last implementation seems to contain enough accumulated wisdom to be actually useful. I am far from finished, but the path I am walking now seems relatively sound.

So, what is this project about? I have set myself a rather ambitious goal: I am trying to implement a two-way bridge between visual music notation and braille music code. It is called BMC (Braille Music Compiler).

My problem: I am, as some of you might remember, 100% blind. So I am trying to write a translator between something I will never see directly, and its counterpart representation in a tactile encoding I had to learn from scratch to be able to work on this project. Braille music code is probably the most cryptic thing I have ever tried to learn. It basically is a method to represent a 2-dimensional structure like staff-notation as a stream of characters encoded in 6-dot braille.

As the goal above states, I am ultimately trying to implement a converter that works both ways. One of my prototypes already implemented reading digital staff notation (MusicXML) and transcribing it to Braille. However, to be able to actually understand all the concepts involved, I ended up starting from the other end of the spectrum with my new implementation: parsing braille music code and emitting digital staff notation (LilyPond and MusicXML). This is a rather unique feature, since while there is commercial (and very expensive) software out there to convert MusicXML to braille music code, there is, as far as I know, no system that allows to input un-annotated braille music code and have it automatically converted to sighted music notation.

So the current state of things is, that we are able to read certain braille music code formats, and output either reformatted (to new line-width) braille music code, LilyPond or MusicXML.

The ultimate goal is to also implement a MusicXML reader, and convert the data to something that can be output as braille music code.

While the initial description might not sound very hard, there are a lot of complications arising from how braille music code works, which make this quite a programming challenge. For one, braille music note and rest values are ambigious. A braille music note or rest that looks like a whole can mean a whole or 16th. A braille music note or rest that looks like a half can mean a half or a 32nd. And so on. So each braille music code value can have two meanings. The actual value can be caluclated with a recursive algorithm that I have worked out from scratch over the years. The original implementation was inspired by Samuel Thibault (thanks!) and has since then evolved into something that does what we need, while trying to do that very fast. Most input documents can be processed in almost no time, however, time signatures with a value > 1 (such as 12/8) tend to make the number of possible choices exploed quite heavily. I have found so far one piece from J.S. Bach (BWV988 Variation 3) which takes about 1.5s on my 3GHz AMD (and the code is already using several CPU cores).

Additionally, braille music code supports a form of "micro"-repetitions which are not present in visual staff notation which effectively allow certain musical patterns to be compressed if represented in braille.

Another algorithmically interesting part of BMC that I have started to taclke just recently is the linebreaking problem. Braille music code has some peculiar rules when it comes to breaking a measure of musical material into several lines. I ended up adapting Donald E. Knuth's algorithm from Breaking Paragraphs into Lines for fixed-width text. In other words, I am ignoring the stretch/shrink factors, while making use of different penalty values to find the perfect solution for the problem of breaking a paragraph of braille music code into several lines.

One thing that I have learnt from my perivous prototype (which was apparently useful enough to already acquire some users) is that it is not enough to just transcribe one format to another. I ultimately want to store meta information about the braille that is presented to the user such that I can implement interactive querying and editing features. Braille music code is complicated, and one of the original motivations to work on software to deal with it was to ease the learning curve. A user of BMC should be able to ask the system for a description of a character at a certain position. The user interface (not implemented yet) should allow to play a certain note interactively, or play the measure under the cursor, or play the whole document, and if possible, have the cursor scroll along while playback plays notes. These features are not implemented in BMC yet, but they have been impleemnted in the previous prototype and their usefulness is apparent. Also, when viewing a MusicXML document in braille music code, certain non-structural changes like adding/removing fingering annotations should be possible while preserving unhandled features of the original MusicXML document. This also has been implemented in the previous prototype, and is a goal for BMC.

I need your help

The reason why I am explaining all of this here is that I need your help for this project to succeed. Helping the blind to more easily work with traditional music notation is a worthwhile goal to persue. There is no free system around that really tries to adhere to the braille music code standard, and aims to cover converting both ways. I have reached a level of conformance that surpasses every implementation of the same problem that I have seen so far on the net.

However, the primary audience of this software is going to be using Windows. We desperately need a port to that OS, and a user interface resembling NotePad with a lot fewer menu entires. We also need a GTK interface that does the same thing on Linux. wxWindows is unfortunately out of question, since it does not provide the same level of Accessibility on all the platforms it supports. Ideally, we'd also have a Cocoa interface for OS X. I am afraid there is no platform independent GUI framework that offers the same level of Accessibility on all supported platforms. And since much of our audience is going to rely on working Accessibility, it looks like we need to implement three user interfaces to achieve this goal :-(.

I also desperately need code reviews and inspiration from fellow programmers. BMC is a C++11 project heavily making use of Boost. If you are into one of these things, please give it a whirl, and emit pull requests, no matter how small they are. While I have learnt a lot in the last years, I am sure there are many places that could use some fresh winds of thought by people that are not me. I am suffering from what I call "the lone coder syndrome".

I also need (technical) writers to help me complete the pieces of documentation that are already lying around. I have started to write a braille music tutorial based on the underlying capabilities of BMC. In other words, the tutorial includes examples which are being typeset in braille and staff notation, using LilyPond as a rendering engine. However, something like a user manual is missing, basically, because the user interface is missing. BMC is currently "just" a command-line tool (well enough for me) that transcribes input files to STDOUT. This is very good for testing the backend, which is all that has been important to me in the last years. However, BMC has reached a stage now where its functionality is likely useful enough to be exposed to users. While I try to improve things steadily as I can, I realize that I really need to put out this call for help to make any useful progress in a foreseeable time.

If you think it is a worthwhile goal to help the blind to more easily work with music notation, and also enable communication between blind and sighted musicians in both ways, please take the time and consider how you could help this project to advance. My email address can be found on my GitHub page. Oh, and while you are over at GitHub, make sure to star BMC if you think it is a nice project.

It would be nice if we could produce a end-user oriented release before the end of this year.

18 March, 2015 02:10PM by Mario Lang

hackergotchi for DebConf team

DebConf team

DebConf15 Call for Proposals (Posted by Michael Banck)

We’re now calling for proposals for DebConf15. Proposals are accepted from now until 15 June 2015. To submit an event, go to the Propose an Event page once you are registered for the conference.

The DebConf Content Team will decide on a first round of submissions in May, so be sure to submit your proposal soon if you need it to be accepted by then, e.g. for sponsorship requests.

The current, non-exhaustive list of proposed topics is:

  • Debian Packaging, Policy, and Infrastructure
  • Security, Safety, and Hacking
  • Debian System Administration, Automation and Orchestration
  • Containers and Cloud Computing with Debian
  • Debian Success Stories
  • Debian in the Social, Ethical, Legal, and Political Context
  • Blends, Subprojects, Derivatives, and Projects using Debian
  • Embedded Debian and Hardware-Level Systems

For all further information, please see the Proposals page of the DebConf15 website.

18 March, 2015 11:00AM by DebConf Organizers

March 17, 2015

hackergotchi for Raphaël Hertzog

Raphaël Hertzog

Freexian’s report about Debian Long Term Support, February 2015

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In February, 58 work hours have been equally split among 4 paid contributors. Their reports are available:

Evolution of the situation

During the last month, we gained 3 paid work hours: we’re now at 61 hours per month sponsored by 28 organizations and we have one supplementary sponsor in the pipe that should bring 4 more hours.

The increase is not very quick but seems to be steady. Hopefully at some point, we will have enough resources to do a more exhaustive job. For now, the paid contributors handle in priority the most popular packages used by the sponsors and there are some packages in the end of the queue which have open security issues for months already (example: CVE-2012-6685 on libnokogiri-ruby).

So, as usual, we are looking for more sponsors.

In terms of security updates waiting to be handled, the situation looks a little bit worse than last month: the dla-needed.txt file lists 40 packages awaiting an update (3 more than last month), the list of open vulnerabilities in Squeeze shows about 58 affected packages in total (5 less than last month). We are getting a bit more effective with CVE triage.

A logo for the LTS project?

Every time that I write an LTS report, I remember that it would be nice if my LTS related articles could feature a nice picture/logo that reminds people of the LTS team/initiative. Is there anyone up for the challenge of creating that logo? :-)

Thanks to our sponsors

The new sponsors of the month are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

17 March, 2015 04:42PM by Raphaël Hertzog

March 16, 2015

hackergotchi for Daniel Kahn Gillmor

Daniel Kahn Gillmor

Bootable grub USB stick (EFI and BIOS for Intel)

I'm using grub version 2.02~beta2-2.

I want to make a USB stick that's capable of booting Intel architecture EFI machines, both 64-bit (x86_64) and 32-bit (ia32). I'm starting from a USB stick which is attached to a running debian system as /dev/sdX. I have nothing that i care about on that USB stick, and all data on it will be destroyed by this process.

I'm also going to try to make it bootable for traditional Intel BIOS machines, since that seems handy.

I'm documenting what I did here, in case it's useful to other people.

Set up the USB stick's partition table:

parted /dev/sdX -- mktable gpt
parted /dev/sdX -- mkpart biosgrub fat32 1MiB 4MiB
parted /dev/sdX -- mkpart efi fat32 4MiB -1
parted /dev/sdX -- set 1 bios_grub on
parted /dev/sdX -- set 2 esp on
After this, my 1GiB USB stick looks like:
0 root@foo:~# parted /dev/sdX -- print
Model:  USB FLASH DRIVE (scsi)
Disk /dev/sdX: 1032MB
Sector size (logical/physical): 512B/512B
Partition Table: gpt
Disk Flags: 

Number  Start   End     Size    File system  Name      Flags
 1      1049kB  4194kB  3146kB  fat32        biosgrub  bios_grub
 2      4194kB  1031MB  1027MB               efi       boot, esp

0 root@foo:~# 
make a filesystem and mount it temporarily at /mnt:
mkfs -t vfat -n GRUB /dev/sdX2
mount /dev/sdX2 /mnt
ensure we have the binaries needed, and add three grub targets for the different platforms:
apt install grub-efi-ia32-bin grub-efi-amd64-bin grub-pc-bin grub2-common

grub-install --removable --no-nvram --no-uefi-secure-boot \
     --efi-directory=/mnt --boot-directory=/mnt \

grub-install --removable --no-nvram --no-uefi-secure-boot \
     --efi-directory=/mnt --boot-directory=/mnt \

grub-install --removable --boot-directory=/mnt \
     --target=i386-pc /dev/sdX
At this point, you should add anything else you want to /mnt here! For example: And don't forget to cleanup:
umount /mnt

Tags: bios, efi, grub, tip

16 March, 2015 11:12PM by Daniel Kahn Gillmor (dkg)

Bits from Debian

Debian is now welcoming applicants for Outreachy and GSoC Summer 2015

We'd like to reshare a post from Nicolas Dandrimont.

Hi all,

I am delighted to announce that Debian will be participating in the next round of Outreachy and GSoC, and that we are currently welcoming applications!

Outreachy logo

Outreachy helps people from groups underrepresented in free and open source software get involved. The current round of internships is open to women (cis and trans), trans men, genderqueer people, and all participants of the Ascend Project regardless of gender.

GSoC 2015 logo

Google Summer of Code is a global program, sponsored by Google, that offers post-secondary student developers ages 18 and older stipends to write code for various open source software projects.

Interns for both programs are granted a $5500 stipend (in three installments) allowing them to dedicate their summer to working full-time on Debian.

Our amazing team of mentors has listed their project ideas on the Debian wiki, and we are now welcoming applicants for both programs.

If you want to apply for an internship with Debian this summer, please fill out the template for either Outreachy or GSoC. If you’re eligible to both programs, we’ll encourage you to apply to both (using the same application), as Debian only has funds for a single Outreachy intern this round.

Don’t wait up! The application period for Outreachy ends March 24th, and the GSoC application period ends March 27th. We really want applicants to start contributing to their project before making our selection, so that mentors can get a feel of how working with their intern will be like for three months. The small task is a requirement for Outreachy, and we’re strongly encouraging GSoC applicants to abide by that rule too. To contribute in the best conditions, you shouldn’t wait for the last minute to apply :-)

I hope we’ll work with a lot of great interns this summer. If you think you’re up for the challenge, it’s time to apply! If you have any doubts, or any question, drop us a line on the soc-coordination mailing list or come by on our IRC channel (#debian-soc on and we’ll do our best to guide you.

16 March, 2015 08:45PM by Ana Guerrero Lopez

Enrico Zini


Screen-dependent window geometry

I have an external monitor for my laptop in my work desk at home, and when I work I keep a few windows like IRC on my laptop screen, and everything else on the external monitor. Then maybe I transfer on the sofa to watch a movie or in the kitchen to cook, and I unplug from the external monitor to bring the laptop with me. Then maybe I go back to the external monitor to resume working.

The result of this (with openbox) is that when I disconnect the external monitor all the windows on my external monitor get moved to the right edge of the laptop monitor, and when I reconnect the external monitor I need to rearrange them all again.

I would like to implement something that does the following:

  1. it keeps a dictionary mapping screen geometry to window geometries
  2. every time a window geometry and virtual desktop number changes, it gets recorded in the hash for the current screen geometry
  3. every time the screen geometry changes, for each window, if there was a saved window geometry + wirtual desktop number for it for the new screen geometry, it gets restored.


  1. Is anything like this already implemented? Where?
  2. If not, what would be a convenient way to implement it myself, ideally in a wmctrl-like way that does not depend on a specific WM?

Note: I am not interested in switching to a different WM unless it is openbox with this feature implemented in it.

16 March, 2015 08:29PM

Russ Allbery

Another haul post

Wow, it's been quite a long time since I've posted something here.

Everything is going well -- I'm just very, very engrossed with the new job, since I'm still in exponential ramp-up mode. It's lasting for longer than I expected, although my expectations didn't have much basis since this is the first time I've started a new job in 17 years. I'm feeling more and more capable every day, but the combination of a very heavily social learning process, a lot of new technical areas to learn, and not having taken a vacation since last June means that my weekends are spent just passively watching things and zoning.

Not sure yet how long that will last, and I don't want to make any predictions, although I do have my first significant vacation coming up next month.

Anyway, book reading and buying has continued, although I'm again far behind on writing reviews. With luck, I'll be writing one of those (for posting later) right after writing this post.

Michelle Alexander — The New Jim Crow (non-fiction)
Elizabeth Bear — Karen Memory (sff)
Becky Chambers — The Long Way to a Small, Angry Planet (sff)
Fred Clark — The Anti-Christ Handbook (non-fiction)
Charles de Lint — The Very Best of Charles de Lint (sff)
S.L. Huang — A Neurological Study on the Effects... (sff)
S.L. Huang — Half Life (sff)
Kameron Hurley — The Mirror Empire (sff)
Sophie Lack — Dissonance (sff)
Sophie Lack — Imbalance (sff)
Susan R. Matthews — An Exchange of Hostages (sff)
Kaoru Mori — A Bride's Story #1 (graphic novel)
Donald Shoup — The High Cost of Free Parking (non-fiction)
Jo Walton — The Just City (sff)

Pretty nice variety of different stuff from a huge variety of recommendation sources. I've already read the Chambers (and can recommend it). A review will be forthcoming.

16 March, 2015 02:58AM

March 15, 2015

Dimitri John Ledkov

My IDE needs a makeover

Current Setup

I am a Linux Distribution Engineer and work on arbitrary open source projects. Mostly I'm patching/packaging existing things, and sometimes start fresh projects.

My "IDE", or rather I shall say "toolbox" is rather sparse:

  • GNOME Terminal
  • Google Chrome
  • GNU Emacs
  • GCC toolcahin with GDB
  • Python3 - iPython, iPdb, pyflakes
  • git, GNU bazaar
There are a few things that annoy me, and should be done better these days.


I lookup documentation mostly with Google Chrome. This includes the texinfo renderings of the docs. There are a few reasons for that. First of all my developer machine is not polluted with all the dev packages under the sun, instead I compile practically everything in a chroot. And most of the time chroots have much newer versions of everything (from gcc & automake, to boost and whatever other dependencies are in use). However I would like to have easy generic lookup builtin for common things that I lookup in the references and which have not changed for a long time:
  • gcc builtins & defines
  • glibc functions
  • automake/autoconf functions definitions
Given that my preferred editor is Emacs, it should be natural to use `info' mode to look things up. However, the rendering there is archaic and is really hard to read. At least when visiting the HTML renderings, the function names are in bold and stand out from the rest of the description.

Ideally I would have unified place to lookup docs, instead of using Google Chrome and navigating:,,,

Project Management

I really hate "traditional" IDEs that create and pollute the working directories with random extra files. My project management tool is VCS, thus .git should be automatically recognized as a "project". I should be able to navigate repository files, have them scanned for tab-completion and jumping to symbols and the like. At the moment, I exit the editor and use git grep to find things and open those files in the editor again. I don't use any tagging systems at the moment, ideally git repository would be scanned and Exuberant Tags (this seems to be the latest hotness in tagging space) stored inside the .git directory automatically.

"SDK" aware aka chroot support

The IDE should be aware of chroots, how to compile things in a chroot and ideally how to compile packages with sbuild, mock or obs build (these are apt, yum and zypper preferred solutions for package compilation). Most importantly to use those chroots to tag includes headers for tab completion.


Gnome Terminal is good enough for my needs. I do have a problem of too many terminal windows... I have tried Terminator (a tiling single-window / multiple-tabs terminal). However during development the things I use shell for, should be part of the IDE directly: changing projects, opening/closing/navigating/creating files, invoking build, invoking debug, "refactoring" (sed). I think I do want to try out a pull-down terminal for temporal look-ups together with a tiling "main" terminal. Or ideally ditch it all together. Emacs does provide multiple terminals, but when I did that I ended up with "inception" -> launching an instance of emacs, inside the terminal, inside emacs...


If anybody has tips or suggestions do share. I will investigate and experiment with all of the above, and see if I can experiment and find new cool things that work better than my current setup.

15 March, 2015 11:30PM by Dimitri John Ledkov (

hackergotchi for Gunnar Wolf

Gunnar Wolf

Crowdfunding call: "Natura" short film

My good friend Felipe Esquivel is driving a crowdfunded project: the first part of the "Natura" short film. I urge every reader of my blog to support Felipe's work!

Felipe, the director for this project, is a very talented Chilean-Mexican animator. He has produced short animated films such as A duel and One fine day.

Not only that: It might be interesting for my blog's readers that a good deal of the work of Chamán Animation's work (of course, I am not qualified to state that "all of" their work — But it might well be the case) is done using Free Software, specifically, using Blender.

So, people: Go look at their work. And try to be part of their work!

15 March, 2015 10:49PM by gwolf

March 14, 2015

Bits from Debian

apt install dpl-candidate: Mehdi Dogguy

0. Who are you and what is your history with Debian Project?

I guess this part is well covered in my platform.

1. What is your most proud moment as Debian Developer?

I am pretty proud of having been part of the few who implemented the first automatic dependency resolver for OCaml programs and libraries in Debian packages. It was really the first one in the OCaml community and we were quite proud of it. But that was done before I become a Debian Developer.

As a DD, I have to admit I am quite proud to be part of the Release Team. It is a fantastic team where there is so much to do. Helping the team means something to me, and I invested a considerable amount of time (a few months) working on reviewing patches for Squeeze and helping to get it ready by our standards. My best moment was Squeeze's release, my first Debian release as Release Team member.

2. In your opinion what is the strongest part of Debian Project?

I am not sure we can identify one single strength of the Debian project. But, when I think about your question, I remember something I've heard many times: “Debian is about people”. I have to admit that I didn't realize it myself until I heard it for the first time and I completely share the idea! For me, all the technical side of the project comes after the community. With time, I think we managed to build a strong community. Many contributors became friends with time. We are seeing many Developers having babies and bringing them to Debian events. I find that really amazing.

3. And what is the weakest part of Debian Project?

Our strength is somehow also our weakness. We are humans and make mistakes. We have feelings and some discussions get heated sometimes. It is not easy to keep everyone calm and focused. We have seen the damage that was caused to our core community last year with all the flamewars. Many people lost their motivation and we have seen some of them stepping down. We are also having troubles on-boarding new contributors, which is a problem today because some teams are under-staffed and could become an even bigger issue on the longer term.

4. How do you intend to resolve the weakest part?

An effort has already been made on this front. We can mention the introduction of the Code of Conduct and the diversity statement, for example. Both are important and make us a more welcoming and caring community.

In my platform, I mentioned some ideas about recruitment and change management. I believe that both sides will help us to get a stronger community. Moreover, a DPL should act as a mediator to help some situation get through. This is one of the DPL tasks that is not formally identified and is usually under-estimated.

5. DPL term lasts for one year - what would you challenge during that term and what have you learned from previous DPL's?

Personally, the main thing I have learned from past DPLs is that communication is very important. A DPL should dedicate time to communicate about ongoing actions and achievements. It is also important to remind a few things even if it may sound repetitive or trivial:

  • Why such action/subject is important.
  • What actions have been tried/done in the past.
  • What progress has been made since last time.
  • What is possibly the next step.

If the communication is only about listing some actions, many people will miss its essence and its goals. It is even more important when we know that some actions may take years (thus, several DPL terms) to complete.

If I am elected as DPL, I'd really like to help the project to publish a roadmap. I think it is very important to set goals to the project to better explain our philosophy and approach in the Free Software world. This may also help to attract new contributors which may be interested by one or some items. Of course, I will not work on that subject only. I invite you to read the rest of my platform to see the other ideas.

6. What motivates you to work in Debian and run for DPL?

Many many things. And more importantly, many many people

As many of us, I like programming and socializing. It feels nice to be part of such a big project and where you can do many different things. I contribute to Debian because I find it fun and let me meet people I will not have been able to meet elsewhere.

In my platform, I tried to identify ideas I'd like to see implemented, or at least started. Since Debian is a do-ocracy, I thought I could try to get them implemented by myself. I think that those ideas are important for the Debian community and will help us moving forward. Running for DPL is also another way of contributing to Debian and I'd feel honored to represent Debian.

14 March, 2015 07:36PM by Zlatan Todorić

apt install dpl-candidate: Gergely Nagy

0. Who are you and what's your history with Debian Project?

I'm a little mouse behind a keyboard, going by the nickname "algernon". I used to be a lot of things: a flaming youth, an application manager, package maintainer, upstream, ftp-assistant, a student, a mentor, a hacker. In the end, however, I am but a simple, albeit sometimes crazy person.

I did a number of things within Debian - mostly small and marginal things, mind you. With a little break, I've been here for over a decade, and am planning to stay for at least another.

1. What's your most proud moment as Debian Developer?

At last year's LinuxTag, I was wandering around a stand where they sold Raspberry Pis (with cases and other accessories). I had a nice chat with one of the staffers there, inquired about the price (including the case, of course), and a few other things. He asked a few things back: what I'll be using it for, and so on. After it turned out that I'm a Debian Developer, and syslog-ng hacker, he went to the back, and emerged a few minutes later with a boxed up Pi, and gave it to me as a gift, for working on Debian.

This was an incredibly touching moment, in many, many ways.

2. In your opinion what is the strongest part of Debian Project?

That's hard to say, to be honest. There are a good number of things Debian is incredibly strong at, and it would be hard to arbitrarily pick one. Quality, responsibility, safety, predictability are all areas we are very good at. But those are the qualities of the OS. As a project, we are remarkably well organised, given the volunteer & distributed nature of the project.

3. And what is the weakest part of Debian Project?

While we can resolve and work with technical issues in a reasonable manner, the project as a whole is rather lacking in all other areas. To grow beyond being the creators of the Universal OS, we, as a project, need to pursue goals beyond the OS.

Being part of GSoC and Outreachy are great steps forward. But we still have a lot of internal issues that need to be resolved. Areas such as innovation, team work, where we're in dire need of improvement.

4. How do you intend to resolve the weakest part?

As explained in my platform, my primary goal is to remove roadblocks. The DPL can do very little alone, his time and powers are better spent on enabling those who have the required skills and desires, to pursue those.

5. DPL term lasts for one year - what would you challenge during that term and what have you learned from previous DPL's?

The most valuable thing I learned from past DPLs is that the expectations are sky-high, yet, a significant portion of what the DPL does is very different than what I imagined in past years.

I'd like to challenge the status quo of the DPL being a nearly full-time job.

6. What motivates you to work in Debian and run for DPL?

I'm in it for the fame and glory, of course! And because my Tamagotchi told me to.

But on a more serious tone, my main motivation to work on Debian is because contributing makes me happy. It satisfies my hunger for doing useful work. Debian is - in my opinion - the perfect platform to give back to the wider Free Software community. Similarly, my motivation to run for DPL is to allow Debian to be a stronger member of that greater

14 March, 2015 07:35PM by Zlatan Todorić

Tiago Bortoletto Vaz

MuseScore 2.0 is great, try it!

A bit of context: two years ago I joined an undergraduate program in electroacoustic music composition at the Université de Montréal. Fortunately the faculty has decided to use mostly free software in the classes. They recently moved from Max/MSP to Pure Data to teach algorithmic composition. OpenMusic has been used for computer assisted composition classes. On acoustics classes, Sonic Visualiser is the recommended tool. For everything related to audio processing and sound synthesis we mainly use Python pyo library and Cecilia, both developed by the professor himself. Other many free softwares are used for building digital musical instruments in the courses: Arduino, SuperCollider, OpenCV, openFrameworks etc.

So far I touched two proprietary softwares for my classes. First it was Reaper, a sequencer which has been recently adopted in replacement of Pro Tools in some grades. Reaper has a less unfair distribution model compared to Pro Tools and despite being a closed piece of software it somewhat looks like a community-oriented project, being developed by a small team of free software enthusiasts. Being an amazing, complete and still lightweight DAW I hope it goes free some day in the future (I've read about this possibility somewhere in a forum that I can't find now). Anyway, after some months playing with Reaper I went back to Ardour. Because it's free, not because it's better (Reapper still seems unbeatable here).

The other was Finale, an alternative to MuseScore for music notation. I used it for three compositions mainly due to its playback capabilities. As a middle-aged music student I don't have the internal ear enough developed to listen orchestral textures, articulations and other details provided by expensive VST stuff. However, I found editing with Finale a pain in the ass. It's so bugged that I thought I were using a sort of alpha version. Basic editing is much more logical and elegant with MuseScore. After all, these first experiences with Finale didn't convince me that such realistic playbacks are adding any value to my music. I suspect that moving back to soundfonts or even composing with no playback at all will probably force me to exercice more critical/analytical listening whenever I need to understand the effects of a specific instrumental gesture and instrument combinations. So, I'm back to MuseScore. Not only because it's free, but also because it's better (at least for my current needs).

MuseScore has allowed me to easily edit music scores in a free operating system, using a small and not so powerful laptop. Unable to donate money to this amazing project I've been happily giving some time to it, by testing new releases, reporting issues, translating to portuguese and making available unofficial Debian packages while the current maintainer prepares the official one, which seems to be coming very soon. If you're a Finale/Sibelius user and don't strictly need that universe of orchestral VSTs samples for your music work, please give MuseScore a try. Have a quick look at its online handbook and in a few minutes you will be able to experience the real pleasure of music scoring using a computer. You can try different soundfonts, including the so nice Sonatina Symphonic Orchestra.

Below is a screenshot of MuseScore 2.0, which will be released very soon. You can download the RC version for your system in the MuseScore website.


MuseScore 2.0

14 March, 2015 05:44PM by Tiago Bortoletto Vaz

Niels Thykier

Imminent steep decline in RC bugs affecting Jessie – need more RC bug fixes

Earlier today, I posted a mail to debian-devel about how approximately 25 RC bugs affecting Jessie have been unblocked.  As mentioned, I planned to age some of them.  The expected result is that about 18 of them will migrate tonight and the remaining 7 of them will migrate tomorrow night.

After that, there are no more RC bugs waiting for the RT to unblock them!  The only remaining item on the list is cgmanager, for which we are requesting a t-p-u (maintainer already contacted about it).  If you want a release sooner, please have a look at the list of remaining RC bugs or/and start testing upgrades.

In other news, the glibc regression got fixed.  The new version of glibc has already been approved by us.  It is now waiting for the debian-installer team to testing it and approve it.

Filed under: Debian, Release-Team

14 March, 2015 04:38PM by Niels Thykier

hackergotchi for Yves-Alexis Perez

Yves-Alexis Perez

ThinkPad X250

So, I also got myself a new toy. My current ThinkPad is a bit ancient, but still sturdy. It's an X201s from 2010 (brought refurbished), and it's still working pretty fine, but eh, I couldn't resist.

The X230 was nice, but didn't have a large resolution screen (1366×768). The X240 brought a full HD (1920×1080) IPS screen, but lost the hardware trackpoint buttons. Finally, the X250 brings back the buttons, still have a nice screen (not qHD or some other trendy resolutions, but still FHD and IPS). And on top of that, it comes with Broadwell, so that means I get smap.

It runs mostly fine out of the box on Debian sid, but for full support some tuning is needed. I've setup a page with more information on the laptop, and some images can be found over there.

14 March, 2015 03:59PM by Yves-Alexis (

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

littler 0.2.3

max-heap image

A new minor release of littler is available now.

It adds or extends a number of things:

  • added support for drat by adding a new example installDrat.r;

  • the install.r, install2.r and check.r scripts now use getOption("repos") to set the default repos; this works well with drat and multiple repos set via, e.g. ~/.littler.r or /etc/littler.r;

  • added support for installing Debian binaries as part of a check.r run, this can be particularly useful for one-command checks as done by some of the Rocker containers;

  • added support for reproducible builds: if REPRODUCIBLE_BUILD is defined, no date and time stamp is added to the binary;

  • added new command-line option -L|--libpath to expand the library path used for packages;

  • added support for setting multiple repos from the command-line in the install2.r script;

  • the manual page was updated with respect to recent additions;

  • a link to the examples web page was added to the --usage output display;

See the littler examples page for more details.

Full details for the littler release are provided as usual at the ChangeLog page.

The code is available via the GitHub repo, from tarballs off my littler page and the local directory here. A fresh package has gone to the incoming queue at Debian; Michael Rutter will probably have new Ubuntu binaries at CRAN in a few days too.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

14 March, 2015 03:36PM

Dimitri John Ledkov

Intel CPU microcode support in ubuntu-drivers-common

Ubuntu Vivid Vervet 15.04 is on its final approach to release at the end of next month. Here is a highlight of one of the features that I have helped to land.

ubuntu-drivers-common is a framework to detect hardware-dependent components on user's machine and offer to install additional packages to enable better support for such hardware. Typical examples are drivers for the graphics cards. This cycle I have added CPU family detection plugin, which helps to detect cpu family and install appropriate microcode update. E.g. if one is running Intel CPU, intel-microcode package is installed.

Check out:
$ ubuntu-drivers devices
$ ubuntu-drivers list
$ ubuntu-drivers autoinstall

14 March, 2015 03:19PM by Dimitri John Ledkov (

Mathieu Parent

Guest sessions in Debian

We have several computers at home, and we want to allow guests to use one of them to access the Internet. This feature comes out of the box in Ubuntu and is called “Guest sessions”.

My attempt to provide the same on Debian jessie is in a script

Some notes:

  • going to greeter via DBus is not standard (All *DM have there own API). I’ve started a discussion about this
  • lightdm in Ubuntu has it’s own life and doesn’t come from Debian (This is expected for an Ubuntu project):
    • Ubuntu’s is the default DM and is not multi-arch, yet
    • Debian’s is focused on Xfce and doesn’t provide any guest-session machinery
  • Ubuntu has patched gnome-shell and adduser to allow guest-sessions. I think we should merge those patches back (after jessie release)

14 March, 2015 12:11PM by sathieu

Zlatan Todorić

𝜋 day

March 14, 2015 - 9:26:53

14 March, 2015 11:15AM by Zlatan Todorić