August 30, 2015

Russ Allbery

Review: Pound Foolish

Review: Pound Foolish, by Helaine Olen

Publisher: Penguin
Copyright: 2012, 2013
Printing: 2013
ISBN: 1-59184-679-X
Format: Trade paperback
Pages: 241

For at least the last six years, it's not been surprising news that the relationship between the average person and the US financial system is tense at best, and downright exploitative at worst. The collapse of the housing bubble revealed a morass of predatory lending practices, spectacularly poor (or spectacularly cynical) investment decisions, and out-of-control personal debt coupled with erosion of bankruptcy law. Despite this, there's always a second story in all discussions of the finances of the US population: the problem isn't with financial structures and products, but with us. We're too stupid, or naive, or emotional, or uninformed, or greedy, or unprincipled, or impatient. Finances are complicated, yes, but that just means we have to be more thoughtful. All of these complex financial products could have been used properly.

Helaine Olen's Pound Foolish is a systemtic, biting, well-researched, and pointed counter to that second story. The short summary of this book is that it's not us. We're being set up for failure, and there is a large and lucrative industry profiting off of that failure. And many (although not all) people in that industry know exactly what they're doing.

Pound Foolish is one of my favorite forms of non-fiction: long-form journalism. This is an investigative essay into the personal finance and investment industry, developed to book length. Readers of Michael Lewis will feel right at home. Olen doesn't have Lewis's skill with characterization and biography, but she makes up for it in big-picture clarity. She takes a wealth of individual facts about who is involved in personal finance, how they make money, what they recommend, and who profits, and develops it into a clear and coherent overview.

If you have paid any attention to US financial issues, you'll know some of this already. Frontline has done a great job of covering administrative fees in mutual funds. Lots of people have warned about annuities. The spectacular collapse of the home mortgage is old news now. But Olen does a great job of finding the connections between these elements and adding some less familiar ones, including an insightful and damning analysis of financial literacy campaigns and the widespread belief that these problems are caused by lack of consumer understanding. I've read and watched a lot of related material, including several full-book treatments of the mortgage crisis, so I think it's telling that I never got bored in the middle of Olen's treatment.

I find the deep US belief in the power of personal improvement fascinating. It feels like one of the defining characteristics of US culture, for both good and for ill. We're very good at writing compelling narratives of personal improvement, and sometimes act on them. We believe that everyone can and should improve themselves. But that comes coupled to a dislike and distrust of expertise, even when it is legitimate and earned (Hofstadter's Anti-Intellectualism in American Life develops this idea at length). And I believe we significantly overestimate the ability of individuals to act despite systems that are stacked against us, and significantly overestimate our responsibility for the inevitable results.

This was the main message I took from Pound Foolish: we desperately want to believe in the myth of personal control. We want to believe that our financial troubles are something we can fix through personal education, more will power, better decisions, or just the right investment. And so, we turn to gurus like Suze Orman and buy their mix of muddled financial advice and "tough love" that completely ignores broader social factors. We're easy marks for psychologically-trained investment sellers who mix fear, pressure, and a fantasy of inside knowledge and personal control. We're fooled by a narrative of empowerment and stand by while a working retirement system (guaranteed benefit pensions) is undermined and destroyed in favor of much riskier investment schemes... riskier for us, at least, but loaded with guaranteed profits for the people who "advise" us. And we cling to financial literacy campaigns that are funded by exactly the same credit card companies who fight tooth and nail against regulations that would require they provide simple, comprehensible descriptions of loan terms. One wonders if they support them precisely because they know they don't work.

Olen mentions, in passing, the Stanford marshmallow experiment, which is often used as a foundation for arguments about personal responsibility for financial outcomes, but she doesn't do a detailed critique. I wish she had, since I think it's such a good example of the theme of this book.

The Stanford marshmallow experiment was a psychological experiment from the late 1960s and early 1970s in delayed gratification. Children were put in a room in front of some treat (marshmallows, cookies, pretzels) and told that they could eat it if they wished. But if they didn't eat the treat before the monitor came back, they would get two of the treat instead. Long-term follow-up studies found that the children who refrained from eating the treat and got the reward had better life outcomes along multiple metrics: SAT scores, educational attainment, and others.

On the surface, this seems to support everything US culture loves to believe about the power of self-control, self-improvement, and the Protestant work ethic. People who can delay gratification and save for a future reward do better in the world. (The darker interpretation, also common since the experiment was performed on children, is that the ability to delay gratification has a genetic component, and some people are just doomed to make poor decisions due to their inability to exercise self-control.)

However, I can call the traditional interpretation into question with one simple question that the experimenters appeared not to ask: under what circumstances would taking the treat immediately be the rational and best choice?

One answer, of course, is when one does not trust the adult to produce the promised reward. If the adult might come back, take the treat away, and not give any treat, it's to the child's advantage to take the treat immediately. Even if the adult left the treat but wouldn't actually double it, it's to the child's advantage to take the treat immediately. The traditional interpretation assumes the child trusts the adults performing the experiment — a logical assumption for those of us whose childhood experience was that adults could generally be trusted and that promised rewards would materialize. If the child instead came from a chaotic family where adults weren't reliable, or just one where frequent unexpected money problems meant that promised treats often didn't materialize, the most logical assumption may be much different. One has to ask if such a background may have more to do with the measured long-term life outcomes than the child's unwillingness to trust in a future reward.

And this is one of the major themes of this book. Problems the personal finance industry attributes to our personal shortcomings (which they're happy to take our money to remedy) are often systematic, or at least largely outside of our control. We may already be making the most logical choices given our personal situations. We're in worse financial shape because we're making less money. Our retirements are in danger because our retirement systems were dismantled and replaced with risky and expensive alternatives. And where problems are attributed to our poor choices, one can find entire industries that focus on undermining our ability to make good choices: scaring us, confusing us, hiding vital information, and exploiting known weaknesses of human psychology to route our money to them.

These are not problems that can be solved by watching Suze Orman yell at us to stop buying things. These are systematic social problems that demand a sweeping discussion about regulation, automatic savings systems, and social insurance programs to spread risk and minimize the weaknesses of human psychology. Exactly the kind of discussion that the personal finance industry doesn't want us to have.

Those who are well-read in these topics probably won't find a lot new here. Those who aren't in the US will shake their heads at some of the ways that the US fails its citizens, although many of Olen's points apply even to countries with stronger social safety nets. But if you're interested in solid long-form journalism on this topic, backed by lots of data on just how badly a focus on personal accountability is working for us, I recommend Pound Foolish.

Rating: 8 out of 10

30 August, 2015 01:04AM

August 29, 2015

Tassia Camoes Araujo

Report from the MicroDebconf Brasília 2015

This was an event organized due to a coincidental meeting of a few DD’s in the city of Brasilia on May 31st 2015. What a good thing when we can mix vacations, friends and Debian ;-)

Group photo

We called it Micro due to its short duration and planning phase, to be fair with other Mini DebConfs that take a lot more of organization. We also ended up having a translation sprint inside the event that attracted contributors from other cities.

Our main goal was to boost the local community and bring new contributors to Debian. And we definitely made it!

The meeting happened at University of Brasilia (UnB Gama). It started with a short presentation where each DD and Debian contributor presented their involvement with Debian and plans for the hacking session. This was an invitation for new contributors to choose the activities they were willing to engage, taking advantage of being guided by more experienced people.

Then we moved to smaller rooms where participants were split in different groups to work on each track: packaging, translation and community/contribution. We all came together later for the keysigning party.

Some of the highlights of the day:

  • ~40 participants, from which ~10 were already engaged in the Debian community
  • hands-on packaging tutorial
  • 4 new packages uploaded
  • from the 6 brazilian names annouced as new contributors in the DPN just after the meeting, 4 were among us in Brasília
  • hands-on translation tutorial
  • newbie translators paired with more experienced ones, numerous translations committed
  • discussion about chalenges of migrating debianArt to Noosfero
  • initial setup of Collab.Debian (with Noosfero), aiming to facilitate contributions of users to the Debian project (this platform was offcially released at DC15 lightining talks (46:00))
  • first keysigning party for many of the participants
  • first time some longterm Brazilian contributors had the change to meet in person

For more details of what happened, you can read our full report.

The MicroDebconf wouldn’t be possible without the support of prof. Paulo Meirelles from UnB Gama and all the LAPPIS team for the local organization and students mobilization. We also need to thank to Debian donnors, who covered the travel costs of one of our contributors.

Last but not least, thanks to our participants and the large Brazilian community who is giving a good example of team work. A similar meeting happened in July during the Free Software International Forum (FISL) and another one is already planned to happen in October as part of the LatinoWare.

I hope I can join those folks again in the near future!

29 August, 2015 11:22PM by tassia

hackergotchi for Francois Marier

Francois Marier

Letting someone ssh into your laptop using Pagekite

In order to investigate a bug I was running into, I recently had to give my colleague ssh access to my laptop behind a firewall. The easiest way I found to do this was to create an account for him on my laptop and setup a pagekite frontend on my Linode server and a pagekite backend on my laptop.

Frontend setup

Setting up my Linode server in order to make the ssh service accessible and proxy the traffic to my laptop was fairly straightforward.

First, I had to install the pagekite package (already in Debian and Ubuntu) and open up a port on my firewall by adding the following to both /etc/network/iptables.up.rules and /etc/network/ip6tables.up.rules:

-A INPUT -p tcp --dport 10022 -j ACCEPT

Then I created a new CNAME for my server in DNS:   3600    IN  CNAME

With that in place, I started the pagekite frontend using this command:

pagekite --clean --isfrontend --rawports=virtual --ports=10022

Backend setup

After installing the pagekite and openssh-server packages on my laptop and creating a new user account:

adduser roc

I used this command to connect my laptop to the pagekite frontend:

pagekite --clean --service_on=raw/

Client setup

Finally, my colleague needed to add the folowing entry to ~/.ssh/config:

  CheckHostIP no
  ProxyCommand /bin/nc -X connect -x %h:10022 %h %p

and install the netcat-openbsd package since other versions of netcat don't work.

On Fedora, we used netcat-openbsd-1.89 successfully, but this newer package may also work.

He was then able to ssh into my laptop via ssh

Making settings permanent

I was quite happy settings things up temporarily on the command-line, but it's also possible to persist these settings and to make both the pagekite frontend and backend start up automatically at boot. See the documentation for how to do this on Debian and Fedora.

29 August, 2015 09:20PM

Zlatan Todorić

Interviews with FLOSS developers: Elena Grandi

One of fresh additions to Debian family, and thus wider FLOSS family is Elena Grandi. She is from realms of Valhalla and is setting her footprint into the community. A hacker mindset, a Free software lover and a 3D printing maker. Elena has big dedication to make the world free and better place for all. She tries to push limits on personal level with much care and love, and FLOSS community will benefit from her work and way of life in future. So what has the Viking lady to say about FLOSS? Meet Elena "of Valhalla" Grandi.

Read more… (12 min remaining to read)

29 August, 2015 02:23PM by Zlatan Todoric

hackergotchi for Norbert Preining

Norbert Preining

Kobo Glo and GloHD firmware 3.17.3 mega update (KSM, nickel patch, ssh, fonts)

I have updated my mega-update for Kobo to the latest firmware 3.17.3. Additionally, I have not built (and tested) updates for both Mark4 hardware (Glo) and Mark6 hardware (GloHD). Please see the previous post for details on what is included.

The only difference that is important is the update to KSM (Kobo Start Menu) version 8, which is still in testing phase (thus a warning: the layout and setup of KSM8 might change till release). This is an important update as all version up to V7 could create database corruptions (which I have seen several times!) when used with Calibre and the Kepub driver.

Kobo Logo

Other things that are included are as usual: Metazoa firmware patches – for the Glo (non HD) version I have activated the compact layout patch; koreader, pbchess, coolreader, the ssh part of kobohack, custom dictionaries support, and some side-loaded fonts. Again, for details please see the previous post

You can check for database corruption by selecting tools - nickel diverse.msh - db chk in the Kobo Start Menu. If it returns ok, then all is fine. Otherwise you might see problems.

I solved the corruption of my database by first dumping the database to an sql file, and reloading it into a new database. Assuming that you have the file KoboReader.sqlite, what I did is:

$ sqlite3  KoboReader.sqlite 
SQLite version 2015-07-29 20:00:57
Enter ".help" for usage hints.
sqlite> PRAGMA integrity_check;
*** in database main ***
Page 5237: btreeInitPage() returns error code 11
On tree page 889 cell 1: 2nd reference to page 5237
Page 4913 is never used
Page 5009 is never used
Error: database disk image is malformed
sqlite> .output foo.sql
sqlite> .dump
sqlite> .quit
$ sqlite3 KoboReader.sqlite-NEW
SQLite version 2015-07-29 20:00:57
Enter ".help" for usage hints.
sqlite> .read foo.sql
sqlite> .quit

The first part shows that the database is corrupted. Fortunately dumping succeeded and then reloading it into a new database, too. Finally I replaced (after backup) the sqlite on the device with the new database.


Mark6 – Kobo GloHD

firmware: Kobo 3.17.3 for GloHD

Mega update: Kobo-3.17.3-combined/Mark6/KoboRoot.tgz

Mark4 – Kobo Glo, Auro HD

firmware: Kobo 3.17.3 for Glo and AuroHD

Mega update: Kobo-3.17.3-combined/Mark4/KoboRoot.tgz


29 August, 2015 12:04AM by Norbert Preining

August 28, 2015

hackergotchi for Gunnar Wolf

Gunnar Wolf


180 degrees — people say their life has changed by 180° whenever something alters their priorities, their viewpoints, their targets in life.

In our case, it's been 180 days. 183 by today, really. The six most amazing months in my life.

We are still the same people, with similar viewpoints and targets. Our priorities have clearly shifted.

But our understanding of the world, and our sources of enjoyment, and our outlook for the future... Are worlds apart. Not 180°, think more of a quantic transposition.

28 August, 2015 04:09PM by gwolf

Zlatan Todorić

The big life adventure called DebConf15

By the help of sponsorship I managed again to attend the conference where Debian family gathers. This is going to be a mix without any particular order of everything, anything and nothing else ;)

attendance pic

I arrived to Heidelberg Main Train Station around 9am on 15th August and almost right away found Debian people so it made my trip to hostel easier. After arrival I checked in but needed to wait for 3 hours to get the key (it seems that SA will not have that problem at all, which is already an improvement). Although waiting was 3 hours long, it wasn't actually difficult at all as I started hugging and saying hi to many old (the super old super friend of mine - moray, or how I call him, "doc") and new friends. I just must say - if you know or don't know Rhonda, try to get somehow into her hugs. With her hug I acknowledged that I really did arrive to reunion.

Read more… (14 min remaining to read)

28 August, 2015 10:38AM by Zlatan Todoric

Dimitri John Ledkov

Go enjoy Python3

Given a string, get a truncated string of length up to 12.

The task is ambiguous, as it doesn't say anything about whether or not 12 should include terminating null character or not. None the less, let's see how one would achieve this in various languages.
Let's start with python3

import sys

Simple enough, in essence given first argument, print it up to length 12. As an added this also deals with unicode correctly that is if passed arg is 車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇, it will correctly print 車賈滑豈更串句龜龜契金喇. (note these are just random Unicode strings to me, no idea what they stand for).

In C things are slightly more verbose, but in essence, I am going to use strncpy function:

#include <stdio.h>
#include <string.h>
void main(int argc, char *argv[]) {
char res[12];
This treats things as byte-array instead of unicode, thus for unicode test it will end up printing just 車賈滑豈. But it is still simple enough.
Finally we have Go
package main

import "os"
import "fmt"
import "math"

func main() {
fmt.Printf("%s\n", os.Args[1][:int(math.Min(12, float64(len(os.Args[1]))))])
This similarly treats argument as a byte array, and one needs to cast the argument to a rune to get unicode string handling. But there are quite a few caveats. One cannot take out of bounds slices. Thus a naïve os.Args[1][:12] can result in a runtime panic that slice bounds are out of range. Or if a string is known at compile time, a compile time error. Hence one needs to calculate length, and do a min comparison. And there lies the next caveat, math.Min() is only defined for float64 type, and slice indexes can only be integers and thus we end up writing ]))))])...

12 points for python3, 8 points for C, and Go receives nul points Eurovision style.

EDIT: Andreas Røssland and James Hunt are full of win. Both suggesting fmt.Printf("%.12s\n", os.Args[1]) for go. I like that a lot, as it gives simplicity & readability without compromising the default safety against out of bounds access. Hence the scores are now: 14 points for Go, 12 points for python3 and 8 points for C.

EDIT2: I was pointed out much better C implementation by Keith Thompson - in essence it uses strncat() which has much better null termination semantics. And Ben posted a C implementation which handles wide characters I regret to inform you that this blog post got syndicated onto hacker news and has now become the top viewed post on my blog of all time, overnight. In retrospect, I regret awarding points at the end of the blog post, as that's just was merely an expression of opinion and is highly subjective measure. But this problem statement did originate from me reviewing go code that did "if/then/else" comparison and got it wrong to truncate a string and I thought surely one can just do [:12] which has lead me down the rabbit hole of discovering a lot about Go; it's compile and runtime out of bounds access safeguards; lack of universal Min() function; runes vs strings handling and so on. I'm only a beginner go programmer and I am very sorry for wasting everyone's time on this. I guess people didn't have much to do on a Throwback Thursday.

The postings on this site are my own and don't necessarily represent Intel’s positions, strategies, or opinions.

28 August, 2015 09:48AM by Dimitri John Ledkov (

hackergotchi for Lucas Nussbaum

Lucas Nussbaum


I attended DebConf’15 last week. After being on semi-vacation from Debian for the last few months, recovering after the end of my second DPL term, it was great to be active again, talk to many people, and go back to doing technical work. Unfortunately, I caught the debbug quite early in the week, so I was not able to make it as intense as I wanted, but it was great nevertheless.

I still managed to do quite a lot:

  • I rewrote a core part of UDD, which will make it easier to monitor data importer scripts and reduce the cron-spam
  • with DSA members, I worked on finding a suitable workaround for the storage performance issues that have been plaguing UDD for the last few months. fsyncs() will now longer hang for 15 minutes, yay!
  • I added a DUCK importer to UDD, and added that information to the Debian Maintainer Dashboard
  • I worked a bit on cleaning up the status of my packages, including digging into a strange texlive issue (that showed up in developers-reference), that is now fixed in unstable
  • I worked a bit on improving git-buildpackage documentation (more to come in that area)
  • Last but not least, I played Mao for the first time in years, and it was a lot of fun. (even if my brain is still slowly recovering)

DC15 was a great DebConf, probably one of the two bests I’ve attended so far. I’m now looking forward to DC16 in Cape Town!

28 August, 2015 08:47AM by lucas

hackergotchi for Ben Hutchings

Ben Hutchings

Securing my own blog

Yeah I know, a bit ironic that this isn't available over HTTP-S. I could reuse the mail server certificate to make work...

28 August, 2015 01:03AM

Securing debcheckout of git repositories

Some source packages have Vcs-Git URLs using the git: scheme, which is plain-text and unauthenticated. It's probably harder to MITM than HTTP, but still we can do better than this even for anonymous checkouts. git is now nearly as efficient at cloning/pulling over HTTP-S, so why not make that the default?

Adding the following lines to ~/.gitconfig will make git consistently use HTTP-S to access Alioth. It's not quite HTTPS-Everywhere, but it's a step in that direction:

[url ""]
	insteadOf = git://
	insteadOf = git://

Additionally you can automatically fix up the push URL in case you have or are later given commit access to the repository on Alioth:

[url "git+ssh://"]
	pushInsteadOf = git://
	pushInsteadOf = git://

Similar for

[url ""]
	insteadOf = git://
[url "git+ssh://"]
	pushInsteadOf = git://

RTFM for more information on these configuration variables.

28 August, 2015 01:01AM

Securing git imap-send in Debian

I usually send patches from git via git imap-send, which gives me a chance to edit and save them through my regular mail client. Obviously I want to make a secure connection to the IMAP server. The upstream code now supports doing this with OpenSSL, but git is under GPL and it seems that not all relevant contributors have given the extra permission to link with OpenSSL. So in Debian you still need to use an external program to provide a TLS tunnel.

The commonly used TLS tunnelling programs, openssl s_client and stunnel, do not validate server certificates in a useful way - at least by default.

Here's how I've configured git imap-send and stunnel to properly validate the server certificate. If you use the PLAIN or LOGIN authentication method with the server, you will still see the warning:

*** IMAP Warning *** Password is being sent in the clear

The server does see the clear-text password, but it is encrypted on the wire and git imap-send just doesn't know that.


	user = ben
	folder = "drafts"
	tunnel = "stunnel ~/.git-imap-send/stunnel.conf"


debug = 3
foreground = yes
client = yes
connect =
sslVersion = TLSv1.2
renegotiation = no
verify = 2
; Current CA for the IMAP server.
; If you don't want to pin to a specific CA certificate, use
; /etc/ssl/certs/ca-certificates.crt instead.
CAfile = /etc/ssl/certs/StartCom_Certification_Authority.pem
checkHost =

If stunnel chokes on the checkHost variable, it doesn't support certificate name validation. Unfortunately no Debian stable release has this feature - only testing/unstable. I'm wondering whether it would be worthwhile to backport it or even to make a stable update to add this important security feature.

28 August, 2015 12:26AM

August 27, 2015

hackergotchi for Norbert Preining

Norbert Preining

Kobo Japanese Dictionary Enhancer 1.1

Lots of releases in quick succession – the new Kobo Japanese Dictionary Enhancer brings multi-dictionary support and merged translation support. Using the Wadoku project’s edict2 database we can now add also German translations.


Looking at the numbers, we have now 326064 translated entries when using the English edict2, and 368943 translated entries when using the German Wadoku edict version. And more than that, as an extra feature it is now also possible to have merged translations, so to have both German and English translations added.


Please head over to the main page of the project for details and download instructions. If you need my help in creating the updated dictionary, please feel free to contact me.


27 August, 2015 10:39PM by Norbert Preining

hackergotchi for Ben Hutchings

Ben Hutchings

Truncating a string in C

This version uses the proper APIs to work with the locale's multibyte encoding (with single-byte encodings being a trivial case of multibyte). It will fail if it encounters an invalid byte sequence (e.g. byte > 127 in the "C" locale), though it could be changed to treat each rejected byte as a single character.

#include <locale.h>
#include <stdio.h>
#include <stdlib.h>
#include <string.h>
#include <wchar.h>

int main(int argc, char **argv)
    size_t n = 12, totlen = 0, maxlen, chlen;

    setlocale(LC_ALL, "");

    if (argc != 2)

    maxlen = strlen(argv[1]);

    while (n--) {
	chlen = mbrlen(argv[1] + totlen, maxlen - totlen, NULL);
	if (chlen > MB_CUR_MAX)
	    return EXIT_FAILURE;
	totlen += chlen;

    printf("%.*s\n", (int)totlen, argv[1]);
    return 0;

27 August, 2015 08:10PM

hackergotchi for Alexander Wirt

Alexander Wirt

Basic support for SSO Client certificates on

Sometimes waiting for a delayed flight helps to implement things. I added some basic support for the new Debian SSO Client Certificate feature to

If you are using such a certificate most anti-spam restrictions, code limitations and so on won’t count for you anymore.

27 August, 2015 07:07PM

hackergotchi for Ritesh Raj Sarraf

Ritesh Raj Sarraf

Laptop Mode Tools - 1.68

I am please to announce the release of Laptop Mode Tools, version 1.68.

This release is mainly focused on integration with the newer init system, systemd. Without the help from the awesome Debian systemd maintainers, this would not have been possible. Thank you folks.

While the focus now is on systemd, LMT will still support the older SysV Init.

With this new release, there are some new files: laptop-mode.service, laptop-mode.timer and lmt-poll.service. All the files should be documented well enough for users. lmt-poll.service is the equivalent of the module battery-level-polling, should you need it.

Filtered git log:

1.68 - Thu Aug 27 22:36:43 IST 2015

    * Fix all instances for BATTERY_LEVEL_POLLING

    * Group kill the polling daemon so that its child process get the same signal

    * Release the descriptor explicitly

    * Add identifier about who's our parent

    * Narrow down our power_supply subsystem event check condition

    * Fine tune the .service file

    * On my ultrabook, AC as reported as ACAD

    * Enhance lmt-udev to better work with systemd

    * Add a timer based polling for LMT. It is the equivalent of battery-polling-daemon,

      using systemd

    * Disable battery level polling by default, because most systems will have systemd running

    * Add documentation reference in systemd files
The md5 checksum for the tarball is 15edf643990e08deaebebf66b128b270




27 August, 2015 05:39PM by Ritesh Raj Sarraf

hackergotchi for Thorsten Glaser

Thorsten Glaser

Go enjoy shell

Dimitri, I personally enjoy shell…

tglase@tglase:~ $ x=車賈滑豈更串句龜龜契金喇車賈滑豈更串句龜龜契金喇
tglase@tglase:~ $ echo ${x::12}
tglase@tglase:~ $ printf '%s\n' 'import sys' 'print(sys.argv[1][:12])' >
tglase@tglase:~ $ python $x

… much more than Python, actually. (Python is the language in which you do not want to write code dealing with strings, due to UnicodeDecodeError and all; even py3k is not much better.)

I would have commented on your post if it allowed doing so without getting a proprietary Google+ account.

27 August, 2015 02:12PM by MirOS Developer tg (

hackergotchi for Joey Hess

Joey Hess

then and now

It's 2004 and I'm in Oldenburg DE, working on the Debian Installer. Colin and I pair program on partman, its new partitioner, to get it into shape. We've somewhat reluctantly decided to use it. Partman is in some ways a beautful piece of work, a mass of semi-object-oriented, super extensible shell code that sprang fully formed from the brow of Anton. And in many ways, it's mad, full of sector alignment twiddling math implemented in tens of thousands of lines of shell script scattered amoung hundreds of tiny files that are impossible to keep straight. In the tiny Oldenburg Developers Meeting, full of obscure hardware and crazy intensity of ideas like porting Debian to VAXen, we hack late into the night, night after night, and crash on the floor.

sepia toned hackers round a table

It's 2015 and I'm at a Chinese bakery, then at the Berkeley pier, then in a SF food truck lot, catching half an hour here and there in my vacation to add some features to Propellor. Mostly writing down data types for things like filesystem formats, partition layouts, and then some small amount of haskell code to use them in generic ways. Putting these peices together and reusing stuff already in Propellor (like chroot creation).

Before long I have this, which is only 2 undefined functions away from (probably) working:

let chroot d = Chroot.debootstrapped (System (Debian Unstable) "amd64") mempty d
        & Apt.installed ["openssh-server"]
        & ...
    partitions = fitChrootSize MSDOS
        [ (Just "/boot", mkPartiton EXT2)
        , (Just "/", mkPartition EXT4)
        , (Nothing, const (mkPartition LinuxSwap (MegaBytes 256)))
 in Diskimage.built chroot partitions (grubBooted PC)

This is at least a replication of vmdebootstrap, generating a bootable disk image from that config and 400 lines of code, with enormous customizability of the disk image contents, using all the abilities of Propellor. But is also, effectively, a replication of everything partman is used for (aside from UI and RAID/LVM).

sailboat on the SF bay

What a difference a decade and better choices of architecture make! In many ways, this is the loosely coupled, extensible, highly configurable system partman aspired to be. Plus elegance. And I'm writing it on a lark, because I have some spare half hours in my vacation.

Past Debian Installer team lead Tollef stops by for lunch, I show him the code, and we have the conversation old d-i developers always have about partman.

I can't say that partman was a failure, because it's been used by millions to install Debian and Ubuntu and etc for a decade. Anything that deletes that many Windows partitions is a success. But it's been an unhappy success. Nobody has ever had a good time writing partman recipes; the code has grown duplication and unmaintainability.

I can't say that these extensions to Propellor will be a success; there's no plan here to replace Debian Installer (although with a few hundred more lines of code, propellor is d-i 2.0); indeed I'm just adding generic useful stuff and building further stuff out of it without any particular end goal. Perhaps that's the real difference.

27 August, 2015 12:01AM

August 26, 2015

Carl Chenet

Retweet 0.2 : bump to Python 3

Follow me on  or Twitter  or Diaspora*diaspora-banner

Don’t know Retweet? My last post about it introduced this small Twitter bot whichs just retweets (for now) every tweets from a Twitter account to another one.


Retweet was created in order to improve the Journal du hacker Twitter account. The Journal du hacker is a Hacker News-like French-speaking website.


Especially useful to broadcast news through a network of Twitter accounts, Retweet was improved to bump Python version to 3.4 and to improve pep8 compliance (work in progress).

The project is also well documented and should be quite simple to install, configure and use.

After my first blog post about Retweet, new users gave me feedback about it and I now have great ideas for future features for the next release.


What about you? If you try it, please tell me what you think about it, opening a bug request or ask for new features. Or just write your comment here ;)

26 August, 2015 09:01PM by Carl Chenet

hackergotchi for Holger Levsen

Holger Levsen


jenkins has a fourth state

So, at the BOF (very short summary: j.d.o will be coming soonish, long summary thanks to the awesome video team) I shared a trick I discovered almost a year ago, but had never really announced anywhere yet, which enables one to programatically use a fourth state to the existing three jenkins job states ("success", "unstable" and "failed"), which is "aborted".

Common knowledge is that it's only possible to abort jobs manually, but it's also possible to do that like this:

curl -o $TMPFILE
java -jar $TMPFILE -s http://localhost:8080/ set-build-result aborted

The nice thing about aborted job runs is that these don't cause any notifications (neither mail nor IRC), so I intend to use this for several cases:

  • to abort jobs which encounter network problems
  • to abort jobs where a known bug will prevent the job from succeeding. This will require a small database to map bugs to jobs and some way to edit that database, so I will probably go with a .yaml file in some git repo.

I've no idea when I'll get along to actually implement that, so help doing this is very much welcome and I'd also be glad to help hooking this into the existing codebase.

In related news, I'm back home since Monday and am thankful for having shared a very nice and productive DebConf15 with many old and new friends in Heidelberg. Many thanks to everyone involved in making this happen!

26 August, 2015 10:41AM

NOKUBI Takatsugu

1Gbps FTTH

This month, I changed FTTH Internet from 100Mbps to 1Gbps. The costs is almost same as the past line.

To change the line, I had need to be witness in the construction, so I  couldn’t get time to attend DebConf 2015.

According to, I can get about 300 Mbps upstream bandwidth.

26 August, 2015 09:22AM by knok

hackergotchi for Raphaël Hertzog

Raphaël Hertzog

Freexian’s report about Debian Long Term Support, July 2015

A Debian LTS logoLike each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In July, 79.50 work hours have been dispatched among 7 paid contributors. Their reports are available:

Evolution of the situation

August has seen a small decrease in terms of sponsored hours (71.50 hours per month) because two sponsors did not pay their renewal invoice on time. That said they reconfirmed their willingness to support us and things should be fixed after the summer. And we should be able to reach our first milestone of funding the equivalent of a half-time position, in particular since a new platinum sponsor might join the project.

DebConf 15 happened this month and Debian LTS was featured in a talk and in a work session. Have a look at the video recordings:

In terms of security updates waiting to be handled, the situation is better than last month: the dla-needed.txt file lists 20 packages awaiting an update (4 less than last month), the list of open vulnerabilities in Squeeze shows about 22 affected packages in total (11 less than last month). The new LTS frontdesk ensures regular triage of CVE reports and the difference between both counts dropped significantly. That’s good!

Thanks to our sponsors

Thanks to Sig-I/O, a new bronze sponsor, which joins our 35 other sponsors.

One comment | Liked this article? Click here. | My blog is Flattr-enabled.

26 August, 2015 09:14AM by Raphaël Hertzog

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

RProtoBuf 0.4.3

A new maintenance release 0.4.3 of RProtoBuf is now on CRAN. RProtoBuf provides R bindings for the Google Protocol Buffers ("Protobuf") data encoding library used and released by Google, and deployed as a language and operating-system agnostic protocol by numerous projects.

This release comes upon the request of CRAN and adds additional import statements to the NAMESPACE file. While we were at it, a few more things got cleaned up and edited---but no new code was added. Full details are below.

Changes in RProtoBuf version 0.4.3 (2015-08-25)

  • Declare additional imports from methods in NAMESPACE.

  • Travis CI tests now run faster as all CRAN dependencies are installed as binaries.

  • The tools/winlibs.R script now tests for R (< 3.3.0) before calling the (soon-to-be phased out) setInternet2() function.

  • Several small edits were made to DESCRIPTION to clarify library dependencies, provide additonal references and conform to now-current R packaging standards.

CRANberries also provides a diff to the previous release. The RProtoBuf page has a package vignette, a a 'quick' overview vignette, and a unit test summary vignette. Questions, comments etc should go to the GitHub issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

26 August, 2015 03:01AM

August 25, 2015

hackergotchi for Norbert Preining

Norbert Preining

Plex Home Theater 1.4.1 updated for Debian/sid

Debian/sid is going through a big restructuring with the switch to a new gcc and libstc++. Furthermore, libcec3 is now the default. So I have updated my PHT builds for Debian/sid to build and install on the current status, both for amd64 and i386.


Add the following lines to your sources.list:

deb sid pht
deb-src sid pht

You can also grab the binary for amd64 directly here for amd64 and i386, you can get the source package with


The release file and changes file are signed with my official Debian key 0x860CDC13.

For Debian/testing I am waiting until the transition has settled. Please wait a bit more.

Now be ready for enjoying the next movie!

25 August, 2015 11:21PM by Norbert Preining

Richard Hartmann

Tor-enabled Debian mirror, part 2

Well, that was quite some feedback to my last post; via blog, email, irc, and in person. I actually think this may be the most feedback I ever got to any single blog post. If you are still waiting for a reply after this new post, I will get back to you.

To handle common question/information at once:

  • It was the first download from an official Tor-enabled mirror; I know people downloaded updates via Tor before
  • Yes, having this in the Debian installer as an option would be very nice
  • Yes, there are ways to load balance Tor hidden services these days and the pre-requisites are being worked on already
    • Yes, that load balanced setup will support hardware key tokens
  • A natively hidden service is more secure than accessing a non-hidden service via Tor because there is no way for a third-party exit node to mess with your traffic
  • apt-get etc will leak information about your architecture, release, suites, desired packages, and package versions. That can't be avoided, but else it will not leak anything to the server. And even if it did.. see above
  • Using Tor is also more secure than normal ftp/http/https as you don't build up an IP connection so the server can not get back to the client other than through the single one connection the client built up
  • noodles Tor-enabled his partial debmirror as well: http://earthqfvaeuv5bla.onion/
    • It took him 14322255 tries to get a private key which produced that address
    • He gave up to find one starting with earthli after 9474114341 attempts
  • I have been swamped with queries if I had tried apt-transport-tor instead of torify
    • I had forgotten about it, re-reading the blog post reminded me about apt transports
    • Tim even said in his post that Tor hidden mirror services would be nice
    • Try it yourself before you ask ;)
    • Yes, it works!

So this whole thing is a lot easier now:

# apt-get install torsocks apt-transport-tor
# mv /etc/apt/sources.list /etc/apt/sources.list--backup2
# > /etc/apt/sources.list << EOF
deb tor+http://vwakviie2ienjx6t.onion/debian/ unstable main contrib non-free
deb tor+http://earthqfvaeuv5bla.onion/debian/ unstable main contrib non-free
# apt-get update
# apt-get install vcsh

25 August, 2015 11:11PM by Richard 'RichiH' Hartmann

hackergotchi for Lunar


Reproducible builds: week 17 in Stretch cycle

A good amount of the Debian reproducible builds team had the chance to enjoy face-to-face interactions during DebConf15.

Names in red and blue were all present at DebConf15
Picture of the “reproducible builds” talk during DebConf15

Hugging people with whom one has been working tirelessly for months gives a lot of warm-fuzzy feelings. Several recorded and hallway discussions paved the way to solve the remaining issues to get “reproducible builds” part of Debian proper. Both talks from the Debian Project Leader and the release team mentioned the effort as important for the future of Debian.

A forty-five minutes talk presented the state of the “reproducible builds” effort. It was then followed by an hour long “roundtable” to discuss current blockers regarding dpkg, .buildinfo and their integration in the archive.

Picture of the “reproducible builds” roundtable during DebConf15

Toolchain fixes

  • Kenneth J. Pronovici uploaded epydoc/3.0.1+dfsg-12 which makes class and modules ordering predictable (#795835) and fixes __repr__ so memory addresses don't appear in docs (#795826). Patches by Val Lorentz.
  • Sergei Golovan uploaded erlang/1:18.0-dfsg-2 which adds support for SOURCE_DATE_EPOCH to erlc. Patch by Chris West (Faux) and Chris Lamb.
  • Dmitry Shachnev uploaded sphinx/1.3.1-5 which make grammar, inventory, and JavaScript locales generation deterministic. Original patch by Val Lorentz.
  • Stéphane Glondu uploaded ocaml/4.02.3-2 to experimental, making startup files and native packed libraries deterministic. The patch adds deterministic .file to the assembler output.
  • Enrico Tassi uploaded lua-ldoc/1.4.3-3 which now pass the -d option to txt2man and add the --date option to override the current date.

Reiner Herrmann submitted a patch to make rdfind sort the processed files before doing any operation. Chris Lamb proposed a new patch for wheel implementing support for SOURCE_DATE_EPOCH instead of the custom WHEEL_FORCE_TIMESTAMP. akira sent one making man2html SOURCE_DATE_EPOCH aware.

Stéphane Glondu reported that dpkg-source would not respect tarball permissions when unpacking under a umask of 002.

After hours of iterative testing during the DebConf workshop, Sandro Knauß created a test case showing how pdflatex output can be non-deterministic with some PNG files.

Packages fixed

The following 65 packages became reproducible due to changes in their build dependencies: alacarte, arbtt, bullet, ccfits, commons-daemon, crack-attack, d-conf, ejabberd-contrib, erlang-bear, erlang-cherly, erlang-cowlib, erlang-folsom, erlang-goldrush, erlang-ibrowse, erlang-jiffy, erlang-lager, erlang-lhttpc, erlang-meck, erlang-p1-cache-tab, erlang-p1-iconv, erlang-p1-logger, erlang-p1-mysql, erlang-p1-pam, erlang-p1-pgsql, erlang-p1-sip, erlang-p1-stringprep, erlang-p1-stun, erlang-p1-tls, erlang-p1-utils, erlang-p1-xml, erlang-p1-yaml, erlang-p1-zlib, erlang-ranch, erlang-redis-client, erlang-uuid, freecontact, givaro, glade, gnome-shell, gupnp, gvfs, htseq, jags, jana, knot, libconfig, libkolab, libmatio, libvsqlitepp, mpmath, octave-zenity, openigtlink, paman, pisa, pynifti, qof, ruby-blankslate, ruby-xml-simple, timingframework, trace-cmd, tsung, wings3d, xdg-user-dirs, xz-utils, zpspell.

The following packages became reproducible after getting fixed:

Uploads that might have fixed reproducibility issues:

Some uploads fixed some reproducibility issues but not all of them:

Patches submitted which have not made their way to the archive yet:

  • #795861 on fakeroot by Val Lorentz: set the mtime of all files to the time of the last debian/changelog entry.
  • #795870 on fatresize by Chris Lamb: set build date to the time of the latest debian/changelog entry.
  • #795945 on projectl by Reiner Herrmann: sort with LC_ALL set to C.
  • #795977 on dahdi-tools by Dhole: set the timezone to UTC before calling asciidoc.
  • #795981 on x11proto-input by Dhole: set the timezone to UTC before calling asciidoc.
  • #795983 on dbusada by Dhole: set the timezone to UTC before calling asciidoc.
  • #795984 on postgresql-plproxy by Dhole: set the timezone to UTC before calling asciidoc.
  • #795985 on xorg by Dhole: set the timezone to UTC before calling asciidoc.
  • #795987 on pngcheck by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #795997 on python-babel by Val Lorentz: make build timestamp independent from the timezone and remove the name of the build system locale from the documentation.
  • #796092 on a7xpg by Reiner Herrmann: sort with LC_ALL set to C.
  • #796212 on bittornado by Chris Lamb: remove umask-varying permissions.
  • #796251 on liblucy-perl by Niko Tyni: generate lib/Lucy.xs in a deterministic order.
  • #796271 on tcsh by Reiner Herrmann: sort with LC_ALL set to C.
  • #796275 on hspell by Reiner Herrmann: remove timestamp from aff files generated by mk_he_affix.
  • #796324 on fftw3 by Reiner Herrmann: remove date from documentation files.
  • #796335 on nasm by Val Lorentz: remove extra timestamps from the build system.
  • #796360 on libical by Chris Lamb: removes randomess caused Perl in generated icalderivedvalue.c.
  • #796375 on wcd by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #796376 on mapivi by Dhole: set the date in the man pages to the latest debian/changelog entry.
  • #796527 on vserver-debiantools by Dhole: set the date in the man pages to the latest debian/changelog entry.

Stéphane Glondu reported two issues regarding embedded build date in omake and cduce.

Aurélien Jarno submitted a fix for the breakage of make-dfsg test suite. As binutils now creates deterministic libraries by default, Aurélien's patch makes use of a wrapper to give the U flag to ar.

Reiner Herrmann reported an issue with pound which embeds random dhparams in its code during the build. Better solutions are yet to be found.

Package pages on now have a new layout improving readability designed by Mattia Rizzolo, h01ger, and Ulrike. The navigation is now on the left as vertical space is more valuable nowadays.

armhf is now enabled on all pages except the dashboard. Actual tests on armhf are expected to start shortly. (Mattia Rizzolo, h01ger)

The limit on how many packages people can schedule using the reschedule script on Alioth has been bumped to 200. (h01ger)

mod_rewrite is now used instead of JavaScript for the form in the dashboard. (h01ger)

Following the rename of the software, “debbindiff” has mostly been replaced by either “diffoscope” or “differences” in generated HTML and IRC notification output.

Connections to UDD have been made more robust. (Mattia Rizzolo)

diffoscope development

diffoscope version 31 was released on August 21st. This version improves fuzzy-matching by using the tlsh algorithm instead of ssdeep.

New command line options are available: --max-diff-input-lines and --max-diff-block-lines to override limits on diff input and output (Reiner Herrmann), --debugger to dump the user into pdb in case of crashes (Mattia Rizzolo).

jar archives should now be detected properly (Reiner Herrman). Several general code cleanups were also done by Chris Lamb.

strip-nondeterminism development

Andrew Ayer released strip-nondeterminism version 0.010-1. Java properties file in jar should now be detected more accurately. A missing dependency spotted by Stéphane Glondu has been added.

Testing directory ordering issues: disorderfs

During the “reproducible builds” workshop at DebConf, participants identified that we were still short of a good way to test variations on filesystem behaviors (e.g. file ordering or disk usage). Andrew Ayer took a couple of hours to create disorderfs. Based on FUSE, disorderfs in an overlay filesystem that will mount the content of a directory at another location. For this first version, it will make the order in which files appear in a directory random.

Documentation update

Dhole documented how to implement support for SOURCE_DATE_EPOCH in Python, bash, Makefiles, CMake, and C.

Chris Lamb started to convert the wiki page describing SOURCE_DATE_EPOCH into a Freedesktop-like specification in the hope that it will convince more upstream to adopt it.

Package reviews

44 reviews have been removed, 192 added and 77 updated this week.

New issues identified this week: locale_dependent_order_in_devlibs_depends, randomness_in_ocaml_startup_files, randomness_in_ocaml_packed_libraries, randomness_in_ocaml_custom_executables, undeterministic_symlinking_by_rdfind, random_build_path_by_golang_compiler, and images_in_pdf_generated_by_latex.

117 new FTBFS bugs have been reported by Chris Lamb, Chris West (Faux), and Niko Tyni.


Some reproducibility issues might face us very late. Chris Lamb noticed that the test suite for python-pykmip was now failing because its test certificates have expired. Let's hope no packages are hiding a certificate valid for 10 years somewhere in their source!

Pictures courtesy and copyright of Debian's own paparazzi: Aigars Mahinovs.

25 August, 2015 04:11PM

Richard Hartmann

Tor-enabled Debian mirror

During Jacob Applebaum's talk at DebConf15, he noted that Debian should TLS-enable all services, especially the mirrors.

His reasoning was that when a high-value target downloads a security update for package foo, an adversary knows that they are still using a vulnerable version of foo and try to attack before the security update has been installed.

In this specific case, TLS is not of much use though. If the target downloads 4.7 MiB right after a security update with 4.7 MiB has been released, or downloads from, it's still obvious what's happening. Even padding won't help much as the 5 MiB download will also be suspicious. The mere act of downloading anything from the mirrors after an update has been released is reason enough to try an attack.

The solution, is, of course, Tor.

weasel was nice enough to set up a hidden service on Debian's infrastructure; initally we agreed that he would just give me a VM and I would do the actual work, but he went the full way on his own. Thanks :) This service is not redundant, it uses a key which is stored on the local drive, the .onion will change, and things are expected to break.

But at least this service exists now and can be used, tested, and put under some load:


I couldn't get apt-get to be content with a .onion in /etc/apt/sources.list and Acquire::socks::proxy "socks://"; in /etc/apt/apt.conf, but the torify wrapper worked like a charm. What follows is, to the best of my knowledge, the first ever download from Debian's "official" Tor-enabled mirror:

~ # apt-get install torsocks
~ # mv /etc/apt/sources.list /etc/apt/sources.list.backup
~ # echo 'deb http://vwakviie2ienjx6t.onion/debian/ unstable main non-free contrib' > /etc/apt/sources.list
~ # torify apt-get update
Get:1 http://vwakviie2ienjx6t.onion unstable InRelease [215 kB]
Get:2 http://vwakviie2ienjx6t.onion unstable/main amd64 Packages [7548 kB]
Get:3 http://vwakviie2ienjx6t.onion unstable/non-free amd64 Packages [91.9 kB]
Get:4 http://vwakviie2ienjx6t.onion unstable/contrib amd64 Packages [58.5 kB]
Get:5 http://vwakviie2ienjx6t.onion unstable/main i386 Packages [7541 kB]
Get:6 http://vwakviie2ienjx6t.onion unstable/non-free i386 Packages [85.4 kB]
Get:7 http://vwakviie2ienjx6t.onion unstable/contrib i386 Packages [58.1 kB]
Get:8 http://vwakviie2ienjx6t.onion unstable/contrib Translation-en [45.7 kB]
Get:9 http://vwakviie2ienjx6t.onion unstable/main Translation-en [5060 kB]
Get:10 http://vwakviie2ienjx6t.onion unstable/non-free Translation-en [80.8 kB]
Fetched 20.8 MB in 2min 0s (172 kB/s)
Reading package lists... Done
~ # torify apt-get install vim
Reading package lists... Done
Building dependency tree       
Reading state information... Done
The following extra packages will be installed:
  vim-common vim-nox vim-runtime vim-tiny
Suggested packages:
  ctags vim-doc vim-scripts cscope indent
The following packages will be upgraded:
  vim vim-common vim-nox vim-runtime vim-tiny
5 upgraded, 0 newly installed, 0 to remove and 661 not upgraded.
Need to get 0 B/7719 kB of archives.
After this operation, 2048 B disk space will be freed.
Do you want to continue? [Y/n] 
Retrieving bug reports... Done
Parsing Found/Fixed information... Done
Reading changelogs... Done
(Reading database ... 316427 files and directories currently installed.)
Preparing to unpack .../vim-nox_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-nox (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim_2%3a7.4.826-1_amd64.deb ...
Unpacking vim (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-tiny_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-tiny (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-runtime_2%3a7.4.826-1_all.deb ...
Unpacking vim-runtime (2:7.4.826-1) over (2:7.4.712-3) ...
Preparing to unpack .../vim-common_2%3a7.4.826-1_amd64.deb ...
Unpacking vim-common (2:7.4.826-1) over (2:7.4.712-3) ...
Processing triggers for man-db ( ...
Processing triggers for mime-support (3.58) ...
Processing triggers for desktop-file-utils (0.22-1) ...
Processing triggers for hicolor-icon-theme (0.13-1) ...
Setting up vim-common (2:7.4.826-1) ...
Setting up vim-runtime (2:7.4.826-1) ...
Processing /usr/share/vim/addons/doc
Setting up vim-nox (2:7.4.826-1) ...
Setting up vim (2:7.4.826-1) ...
Setting up vim-tiny (2:7.4.826-1) ...
~ # 

More services will follow. noodles, weasel, and me agreed that the project as a whole should aim to Tor-enable the complete package lifecycle, package information, and the website.

Maybe a more secure install option on the official images which, amongst others, sets up apt, apt-listbugs, dput, reportbug, et al up to use Tor without further configuration could even be a realistic stretch goal.

25 August, 2015 07:50AM by Richard 'RichiH' Hartmann

hackergotchi for Norbert Preining

Norbert Preining

Kobo Japanese Dictionary Enhancer 1.0

I have just released a wastly improved new version of the Kobo Japanese Dictionary Enhancer. It allows you to enhance the Kobo Japanese dictionary with English translations.


The new version provides now 326064 translated entries, which covers most non-compound words, including Hiragana. In my daily life reading Harry Potter and some other books in Japanese, I haven’t found many untranslated words by now.

Please head over to the main page of the project for details and download instructions. If you need my help in creating the updated dictionary, please feel free to contact me.


25 August, 2015 07:34AM by Norbert Preining

Raphael Geissert

Updates to the editor

Debconf is a great opportunity to meet people in real life, to express and share ideas in a different way, and to work on all sort of stuff.

I therefore spent some time to finish a couple of features in the editor for Here are some of the changes:

  • Compare the source file with that of another version of the package
  • And in order to present that: tabs! editor tabs!
  • at the same time: generated diffs are now presented in a new editor tab, from where you can download it or email it

Get it for chromium, and iceweasel.

If your browser performs automatic updates of the extensions (the default), you should soon be upgraded to version 0.1.0 or later, bringing all those changes to your browser.

Want to see more? multi-file editing? in-browser storage of the editing session? that and more can be done, so feel free to join me and contribute to the Debian sources online editor!

25 August, 2015 07:00AM by Raphael Geissert (

August 24, 2015

Richard Hartmann


Even though the week of DebCamp took its toll and the stress level will not go down any time soon...

...DebConf15 has finally started! :)

24 August, 2015 10:48PM by Richard 'RichiH' Hartmann

Iustin Pop

Finally, systemd!

Even though Debian has moved to systemd as default a long while ago now, I've stayed with sysv as I have somewhat custom setups (self-built trimmed down kernels, separate /usr not pre-mounted by initrd, etc.).

After installing a new system with Jessie and playing a bit with systemd on it a couple of months ago, I said it's finally time to upgrade. Easier said than starting to actually do it ☹.

The first system I upgraded was a recent (~1 year old) install. It was a trimmed-down system with Debian's kernel, so everything went smoothly. So smoothly that I soon forgot I made the change, and didn't do any more switches for a while.

Systemd was therefore out of my mind until this recent Friday when I got a bug report about mt's rcS init script and shipping a proper systemd unit. The first step should be to actually start using systemd, so I said - let's convert some more things!

During the weekend I upgraded one system, still a reasonably small install, but older - probably 6-7 years. First reboot into systemd flagged the fact that I had some forced-load modules which no longer exist, fact that was too easy to ignore with sysv. Nice! The only downside was that there seems to be some race condition between and ntp, as it fails to start on boot (port listen conflict). I'll see if it repeats. Another small issue is that systemd doesn't like duplicate fstab entries (i.e. two devices which both refer to the same mount point), while this works fine for mount itself (when specifying the block device).

I said that after that system, I'll wait a while until to upgrade the next. But so it happened that today another system had an issue and I had to reboot it (damn lost uptimes!). The kernel was old so I booted into a newer one (this time compiled with the required systemd options), so I had a though - what if I take the opportunity and also switch to systemd on this system?

Caution said to wait, since this was the oldest system - installed sometime during or before 2004. Plus it doesn't use an initrd (long story), and it has a split /usr. Caution… excitement… caution lost ☺ and I proceeded.

It turns out that systemd does warn about split /usr but itself has no problems. I learned that I also had very old sysfs entries that no longer exist, and which I didn't know about as sysv doesn't make it obvious. I also had a crypttab entry which was obsolete, and I forgot about it, until I met the nice red moving ASCII bar which—fortunately—had a timeout.

To be honest, I believed I'll have to rescue boot and fix things on this "always-unstable" machine, on which I install and run random things, and which has a hackish /etc/fstab setup. I'm quite surprised it just worked. On unstable.

So thanks a lot to the Debian systemd team. It was much simpler than I thought, and now, on to exploring systemd!

P.S.: the sad part is that usually I'm a strong proponent of declarative configuration, but for some reason I was reluctant to migrate to systemd also on account on losing the "power" of shell scripts. Humans…

24 August, 2015 09:40PM

hackergotchi for David Moreno

David Moreno

Thanks Debian

I sent this email to debian-private a few days ago, on the 10th anniversary of my Debian account creation:

Date: Fri, 14 Aug 2015 19:37:20 +0200
From: David Moreno 
Subject: Retiring from Debian
User-Agent: Mutt/1.5.23 (2014-03-12)

[-- PGP output follows (current time: Sun 23 Aug 2015 06:18:36 PM CEST) --]
gpg: Signature made Fri 14 Aug 2015 07:37:20 PM CEST using RSA key ID 4DADEC2F
gpg: Good signature from "David Moreno "
gpg:                 aka "David Moreno "
gpg:                 aka "David Moreno (1984-08-08) "
[-- End of PGP output --]

[-- The following data is signed --]


Ten years ago today (2005-08-14) my account was created:

Today, I don't feel like Debian represents me and neither do I represent the
project anymore.

I had tried over the last couple of years to retake my involvement but lack of
motivation and time always got on the way, so the right thing to do for me is
to officially retire and gtfo.

I certainly learned a bunch from dozens of Debian people over these many years,
and I'm nothing but grateful with all of them; I will for sure carry the project
close to my heart — as I carry it with the Debian swirl I still have tattooed
on my back ;)

I have three packages left that have not been updated in forever and you can
consider orphaned now: gcolor2, libperl6-say-perl and libxml-treepp-perl.

With all best wishes,
David Moreno.

[-- End of signed data --]

I received a couple of questions about my decision here. I basically don’t feel like Debian represents my interests and neither do I represent the project – this doesn’t mean I don’t believe in free software, to the contrary. I think some of the best software advancements we’ve made as society are thanks to it. I don’t necessarily believe on how the project has evolved itself, whether that has been the right way, to regain relevancy and dominance, and if it’s remained primarily a way to feed dogmatism versus pragmatism. This is the perfect example of a tragic consequence. I was very happy to learn that the current Debian Conference being held in Germany got the highest attendance ever, hopefully that can be utilized in a significant and useful way.

Regardless, my contributions to Debian were never noteworthy so it’s also not that big of a deal. I just need to close cycles myself and move forward, and the ten year anniversary looked like a significant mark for that.

Poke me in case you wanna discuss some more. I’ll always be happy to. Specially over beer :)


24 August, 2015 07:43PM

hackergotchi for Jonathan McDowell

Jonathan McDowell

Random post-DebConf 15 thoughts

There are a bunch of things I mean to blog about, but as I have just got fully home from Heidelberg and DebConf15 this afternoon that seems most appropriate to start with. It’s a bit of a set of disjoint thoughts, but I figure I should write them down while they’re in my head.

DebConf is an interesting conference. It’s the best opportunity the Debian project has every year to come together and actually spend a decent amount of time with each other. As a result it’s a fairly full on experience, with lots of planned talks as a basis and a wide range of technical discussions and general social interaction filling in whatever gaps are available. I always find it a thoroughly enjoyable experience, but equally I’m glad to be home and doing delightfully dull things like washing my clothes and buying fresh milk.

I have always been of the opinion that the key aspect of DebConf is the face time. It was thus great to see so many people there - we were told several times that this was the largest DebConf so far (~ 570 people IIRC). That’s good in the sense that it meant I got to speak to a lot of people (both old friends and new), but does mean that there are various people I know I didn’t spend enough, or in some cases any, time with. My apologies, but I think many of us were in the same situation. I don’t feel it made the conference any less productive for me - I managed to get a bunch of hacking done, discuss a number of open questions in person with various people and get pulled into various interesting discussions I hadn’t expected. In short, a typical DebConf.

Also I’d like to say that the venue worked out really well. I’ll admit I was dubious when I heard it was in a hostel, but it was well located (about a 30 minute walk into town, and a reasonable bus service available from just outside the door), self-contained with decent facilities (I’m a big believer in having DebConf talks + accommodation be as close as possible to each other) and the room was much better than expected (well, aside from the snoring but I can’t blame the DebConf organisers for that).

One of the surprising and interesting things for me that was different from previous DebConfs was the opportunity to have more conversations with a legal leaning. I expect to go to DebConf and do OpenPGP/general crypto related bits. I wasn’t expecting affirmation about the things I have learnt on my course over the past year, in terms of feeling that I could use that knowledge in the process of helping Debian. It provided me with some hope that I’ll be able to tie my technology and law skills together in a way that I will find suitably entertaining (as did various conversations where people expressed significant interest in the crossover).

Next year is in Cape Town, South Africa. It’s a long way (though I suppose no worse than Portland and I get to stay in the same time zone), and a quick look at flights indicates they’re quite expensive at the moment. The bid presentation did look pretty good though so as soon as the dates are confirmed (I believe this will happen as soon as there are signed contracts in place) I’ll take another look at flights.

In short, excellent DebConf, thanks to the organisers, lovely to see everyone I managed to speak to, apologies to those of you I didn’t manage to speak to. Hopefully see you in Cape Town next year.

24 August, 2015 03:18PM

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

RcppDE 0.1.3

A pure maintenance release 0.1.3 of the RcppDE package arrived on CRAN yesterday. RcppDE is a "port" of DEoptim, a popular package for derivative-free optimisation using differential optimization, to C++. By using RcppArmadillo, the code becomes a lot shorter and more legible.

This version simply fixes a typo in the vignette metadata noticed by Kurt, and updates the package in a few other spots to update it to current CRAN Repository Policy standards.

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

24 August, 2015 01:09PM

hackergotchi for Michael Prokop

Michael Prokop

DebConf15: “Continuous Delivery of Debian packages” talk

At the Debian Conference 2015 I gave a talk about Continuous Delivery of Debian packages. My slides are available online (PDF, 753KB). Thanks to the fantastic video team there’s also a recording of the talk available: WebM (471MB) and on YouTube.

24 August, 2015 12:15PM by mika

August 23, 2015

hackergotchi for Norbert Preining

Norbert Preining

Debian/TeX Live complete update

Triggered by all the bugs around font problems I spent my weekend instead of mountaineering with crawling through the TeX Live history for changes and fixes to dvipdfm-x. Thanks to 角藤さん for his hints, I have pulled out the changes necessary to fix Type1 support in dvipdfm-x and have reincluded them into the Debian texlive-bin package. The uploaded binaries (version 2015.20150524.37493-6) are already compiled against the new C++ ABI, see the Debian transition, so most systems will still need to wait for the update to be installable.

Debian - TeX Live 2015

At the same time I did an update to the whole set of arch: all packages (texlive-base, texlive-lang, texlive-extra (version 2015.20150823-1). This was triggered by bug that seems to be caused by bad interplay between fontspec and l3 packages. Furthermore, I needed to remove the activation for fontconfig of the URW++ Base35 fonts, to ensure that fontconfig returns always the ones from the gsfonts package, instead of a mixture between TeX Live and gsfonts.

Unrelated bug fix: libpaper intergration has been fixed and should work again. So for now all the bugs are now hopefully settled and we are back to normal. What remains is trying to fix jessie which is also broken in some respects.

Updated packages

acro, animate, babel-bosnian, babel-french, babel-latin, beamer-FUBerlin, beebe, breqn, chemformula, chet, cnltx, crossrefware, dantelogo, datetime2-it-fulltext, disser, drm, dvipdfmx-def, ecclesiastic, eledform, gradstudentresume, idxcmds, l3build, mcf2graph, media9, pageslts, pdfpages, reledmac, siunitx, tcolorbox, tex4ht, texlive-docindex, texlive-scripts, udesoftec, upmethodology, xindy.

New packages

blochsphere, e-french, fitbox, nar


23 August, 2015 10:50PM by Norbert Preining

August 22, 2015

hackergotchi for Joachim Breitner

Joachim Breitner

Quickest path to a local apt repository

As I’m writing this, DebConf 15 is coming to an end. I spend most of my time improving the situation of the Haskell Packages in Debian, by improving the tooling and upgrading our packages to match Stackage 3.0 and build against GHC 7.10. But that is mostly of special interest (see this mail for a partial summary), so I’d like to use this post to advertise a very small and simple package I just uploaded to Debian:

During one of the discussion here I noticed that it is rather tricky to make a locally built package available to apt-get. The latest version in unstable allows one to install a debian package simply by running apt-get install on it, but in some cases, e.g. when you want a convenient way to list all packages that you made available for local use, this is insufficient.

So the usual approach is to create a local apt repository with your packages. Which is non-trivial: You can use dpkg-scanpackage, apt-ftparchive or reprepro. You need to create the directories, run the commands, add the repository to your local sources. You need to worry about signing it or setting the right options to make apt-get accept it without signing.

It is precisely this work that my new package local-apt-repository automates for you: Once it is installed, you simply drop the .deb file into /srv/local-apt-repository/ and after the next apt-get update the package can be installed like any other package from the archive.

I chose to use the advanced features that systemd provides – namely activation upon path changes – so works best with systemd as the init system.

If you want to contribute, or test it before it passes the NEW queue, check out the git repository.

22 August, 2015 01:48PM by Joachim Breitner (

hackergotchi for Christian Perrier

Christian Perrier

[LIFE] Running activities - Echappee Belle next week

Hello dear readers,

Next week, I'll be running the "Echappee Belle" race : 144km and 10.000 meters positive climb, in French Alps (Belledonne range, this time).

That will be, by far, my longest race ever and indeed a great challenge for me with very difficult tracks (when there are tracks).

I expect to run for about 48 hours, or even up to 55, two nights out.....or maybe less as I'm in very good shape.

You can follow me on the live tracking site. The race starts on Friday August 28th, 06:00 CET DST.

22 August, 2015 05:47AM

hackergotchi for Junichi Uekawa

Junichi Uekawa

Back to Tokyo, and it's hot.

Back to Tokyo, and it's hot.

22 August, 2015 12:09AM by Junichi Uekawa

August 21, 2015

hackergotchi for Rhonda D'Vine

Rhonda D'Vine


I tried to start to write this blog entry like I usually do: Type along what goes through my mind and see where I'm heading. This won't work out right now for various reasons, mostly because there is so much going on that I don't have the time to finish that in a reasonable time and I want to publish this today still. So please excuse me for being way more brief than I usually am, and hopefully I'll find the time to expand some things when asked or come back to that later.

Part of the reason of me being short on time is different stuff going on in my private life which requires additional attention. A small part of this is also something that I hinted in a former blog entry: I switched my job in June. I really was looking forward to this. I made them aware of what the name Rhonda means to me and it's definitely extremely nice to be addressed with female pronouns at work. And also I'm back in a system administration job which means there is an interest overlap with my work on Debian, so a win-win situation on sooo many levels!

I'm at DebConf15 since almost two weeks now. On my way here I was complimented on my outfit by a security guard at the Vienna airport which surprised me but definitely made my day. I was wearing one of these baggy hippie pants (which was sent to me by a fine lady I met at MiniDebConf Bucharest) but pulled up the leg parts to the knees so it could be perceived as a skirt instead. Since I came here I was pretty busy with taking care of DCschedule bot adjustments (like, changing topic and twittering from @DebConf at the start of the talks), helping out with the video team when I noticed there was a lack of people (which is a hint for that you might want to help with the video team in the future too, it's important for remote people but also for yourself because you can't attend multiple sessions at the same time).

And I have to repeat myself, this is the place I feel home amongst my extended family, even though I it still is sometimes for me to get to speak up in certain groups. I though believe it's more an issue of certain individuals taking up a lot of space in discussions without giving (more shy) people in the round the space to also join in. I guess it might be the time that we need a session on dominant talking patterns for next year and how to work against them. I absolutely enjoyed such a session during last year's FemCamp in Vienna which set the tone for the rest of the conference, and it was simply great.

And then there was the DebConf Poetry Night. I'm kinda disappointed with the outcome this year. It wasn't able to attract as much people anticipated, which I to some degree account to me not making people aware of it well enough, overlapping with a really great band playing at the same time in competition, and even though the place where we did it sounded like a good idea at first, it didn't had enough light for someone to read something from a book (but that was solved through smartphone lights). I know that most people did enjoy it, so it was good to do it, but I'm still a fair bit disappointed with the outcome and will try to work on improving on that grounds for next year. :)

With all this going on there unfortunately wasn't as much time as I would have liked to spend with people I haven't seen for a long time, or new people I haven't met yet. Given that this year's DebConf had an height in attendees (526 being here at certain times during the two weeks, and just today someone new arrived too, so that doesn't even have to be the final number) it makes it a bit painful to have picked up so many tasks and thus lost some chances to socialize as much as I would have liked to.

So, if you are still here and have the feeling we should have talked more, please look for me. As Bdale pointed out correctly in the New to DebConf BoF (paraphrased): When you see us DebConf old timers speaking to someone else and you feel like you don't want to disturb, please do disturb and speak to us. I always enjoyed to get to know new people. This for me always is one of the important aspects of DebConf.

Also, I am very very happy to have received feedback from different people about both my tweets and my blog, thank you a lot of that. It is really motivating to keep going.

So, lets enjoy the last few hours of DebConf!

Another last side notice: While my old name in the Debian LDAP did manage to find some wrongly displayed names in the DebConf website, like for speakers, or volunteers, it was clear to me that having it exposed through isn't really something I appreciate. So I took the chance and spoke to Luca from the DSA team right here today, and ... got it fixed. I love it! Next step is getting my gpg key exchanged, RT ticket is coming up. :)

/debian | permanent link | Comments: 1 | Flattr this

21 August, 2015 09:00PM by Rhonda

hackergotchi for Simon Kainz

Simon Kainz

DUCK challenge: Final week

Well, here are the stats for the final week of the DUCK challenge as well as DebConf15:

So we had 21 packages fixed and uploaded by 14 different uploaders. People were really working hard on this during DebConf. A big "Thank You" to you!!

Since the start of this challenge, a total of 89 packages, were fixed.

Here is a quick overview:

Week 1 Week 2 Week 3 Week 4 Week 5 Week 6 Week 7
# Packages 10 15 10 14 10 9 21
Total 10 25 35 49 59 68 89

Thank you all for participating - either on purpose or "accidentially": Some people were really surprised as i sneaked up on them at DebConf15, confronting them with a green lighter! I just tried to put even more fun into Debian, i hope this worked out

Pevious articles are here: Week 1, Week 2, Week 3, Week 4, Week 5,Week 6.

21 August, 2015 08:30PM by Simon Kainz

August 20, 2015

hackergotchi for Axel Beckert

Axel Beckert

German-written Debian Package Management Book

Thursday was our big day: After more than 2.5 years of working in the hidden, ups and downs, Frank Hofmann and myself were able to announce the availability of our book project Debian Package Management under a free license (Creative Commons Attribution ShareAlike 4.0 International License, short “CC BY-SA 4.0”) during a Lightning Talk at DebConf15 in Heidelberg.

This became possible because we found Onyx Neon, a publishing company which is specialised on books with contents under free licenses. Its founder does not only have a faible for Perl but also for Debian. (Since the question already came up: We also thought about self-publishing, e.g. via Lulu or Epubli — and it would have been our fallback solution —, but we prefer the professionalism and services of a real publisher. I’m though happy to share what I found out about self-publishing in the past few months.)

The source code of the book is written in the AsciiDoc format and available on GitHub.

The book is still work in progress. But if you want, you can already build an e-book out of the publically available source code:

sudo apt-get install asciidoc dblatex git
git clone git://
cd dpmb

(Works fine on Debian 7 Wheezy, Debian 8 Jessie and Ubuntu 14.04 LTS Trusty. Does not work on Ubuntu 12.04 LTS Precise.)

If you find an error in the book, please file an issue on GitHub. If you also know how to fix the error, please for the Git repository on GitHub, fix the error in your Git repository and file a pull request. (The first pull request already happenend and has been applied.)

Initially there will be only a German written issue as e-book (at least in HTML, PDF and EPUB formats, maybe also KF8/MOBI and EPUB3) and at some point in the future also as printed book at Onyx Neon. But we’re also planning a translation to English as well as a Debian package.

If your want to get informed when we publish a printed book, a translation or an official e-book release, please subscribe to one of our mailing lists: There’s one in German and one in English.

20 August, 2015 11:28PM by Axel Beckert (

hackergotchi for Sune Vuorela

Sune Vuorela

Debconf 2015 – 7

The other day, the main talk was “Lets encrypt”, today it was “Let’s reproduce”

20 August, 2015 10:08PM by Sune Vuorela

Raphael Geissert

Call for release goal: package reconsideration

Based on a discussion around breakfast, and encouraged by the people at the table, I hereby call for a new release goal (or challenge, whatever you prefer to call it):

Every package maintainer should remove one of their packages from the archive.

It's dead simple. It is acceptable to adopt a package to replace the one that has been removed, or to add a new one to the archive.
For tracking purposes please include "for RG" (release goal) in the removal request to

And how about a debconf challenge? how about filing over 100 removal requests before the end of Debconf 15 on Saturday night? blog about it, dent/twit about it, spam IRC about it!

The idea came up after discussing about how us as package maintainers refuse to remove our obsolete or unused packages. So yes, that may also include the very first package that you got into the archive.

Sad news, good news.

20 August, 2015 09:33AM by Raphael Geissert (

hackergotchi for Simon Kainz

Simon Kainz

vim in Heidelberg

Following the tradition of Love Locks, apparently there is someone really in love with vim in Heidelberg!


Found at the Old Bridge in Heidelberg during DebConf15.

20 August, 2015 09:30AM by Simon Kainz

hackergotchi for Sune Vuorela

Sune Vuorela

Debconf 2015 – 6

There is more people with blue hair at Debconf than at an average Akademy. KDE – we need to do better :)

20 August, 2015 07:48AM by Sune Vuorela

August 19, 2015

Petter Reinholdtsen

In my hand, a pocket book edition of the Norwegian Free Culture book!

Today, finally, my first printed draft edition of the Norwegian translation of Free Culture I have been working on for the last few years arrived in the mail. I had to fake a cover to get the interior printed, and the exterior of the book look awful, but that is irrelevant at this point. I asked for a printed pocket book version to get an idea about the font sizes and paper format as well as how good the figures and images look in print, but also to test what the pocket book version would look like. After receiving the 500 page pocket book, it became obvious to me that that pocket book size is too small for this book. I believe the book is too thick, and several tables and figures do not look good in the size they get with that small page sizes. I believe I will go with the 5.5x8.5 inch size instead. A surprise discovery from the paper version was how bad the URLs look in print. They are very hard to read in the colophon page. The URLs are red in the PDF, but light gray on paper. I need to change the color of links somehow to look better. But there is a printed book in my hand, and it feels great. :)

Now I only need to fix the cover, wrap up the postscript with the store behind the book, and collect the last corrections from the proof readers before the book is ready for proper printing. Cover artists willing to work for free and create a Creative Commons licensed vector file looking similar to the original is most welcome, as my skills as a graphics designer are mostly missing.

19 August, 2015 08:10PM

Andrew Cater

Poetry for Debconf15 poetry night

Debian's reached the age of 22
I wish I could be there with you
In Heidelberg, fair German city
To share, in person, this my ditty

Rhonda's worked hard - the work is done
With poems now begins the fun
While others play cards or hack new code
Or dream of running down the road

Free software, arguments, warmth, good cheer
Too soon all over 'til next year
 All of the best are there / on 'Net
Here's hope that it's the best Debconf yet

19 August, 2015 07:33PM by Andrew Cater (

hackergotchi for Aigars Mahinovs

Aigars Mahinovs

Poetry night - Space

A bi-lingual poem created on inspiration from Debconf15 and in honor of Debconf Poetry Night by Rhonda

Du ...

Du hast ...

Du hast apt ...

Du hast apt gebrochen!

Reconsider your disk usage,

And APT might work again.

(as usual - licenced as CC-BY V3+ or GPLv2+)

19 August, 2015 07:07PM by aigarius

Patrick Schoenfeld

aptituz/ssh 2.3.2 published

I’ve just uploaded an update version of  my puppet ssh module to the forge.

The module aims at being a generic module to manage of ssh server and clients, including key generation and known_hosts management. It provides a mechanism to generate and deploy ssh keys without the need of storeconfig or PuppetDB but a server-side cache instead. This is neat, if you want to remain ssh keys during a reprovisioning of a host.


The update is mostly to push out some patches I’ve received from contributors via pull requests in the last few months. It adds:

  • Support for the AllowUsers, AllowGroups and DenyUsers aswell as DenyGroups parameters in the default sshd_config template. Thanks to cachaldora  for the patches.
  • Support for multiple ports in the default sshd template. Thanks to Arnd Hannemann for that patch.
  • Fixes in the template for it to work with newer puppet versions. Untested by me, but this probably fixes compatibility with puppet 4. For that contribution my thanks go to Daine Danielson.Apart from this changes I’ve added a couple of beaker tests.If the module is of any use for you, I’d be happy for ratings at puppetforge. The same is true for critical feedback, bug reports or (even better :) pull requests.

19 August, 2015 09:32AM by Patrick Schönfeld

Russell Coker

The Purpose of a Code of Conduct

On a private mailing list there have been some recent discussions about a Code of Conduct which demonstrate some great misunderstandings. The misunderstandings don’t seem particular to that list so it’s worthy of a blog post. Also people tend to think more about what they do when their actions will be exposed to a wider audience so hopefully people who read this post will think before they respond.


The first discussion concerned the issue of making “jokes”. When dealing with the treatment of other people (particularly minority groups) the issue of “jokes” is a common one. It’s fairly common for people in positions of power to make “jokes” about people with less power and then complain if someone disapproves. The more extreme examples of this concern hate words which are strongly associated with violence, one of the most common is a word used to describe gay men which has often been associated with significant violence and murder. Men who are straight and who conform to the stereotypes of straight men don’t have much to fear from that word while men who aren’t straight will associate it with a death threat and tend not to find any amusement in it.

Most minority groups have words that are known to be associated with hate crimes. When such words are used they usually send a signal that the minority groups in question aren’t welcome. The exception is when the words are used by other members of the group in question. For example if I was walking past a biker bar and heard someone call out “geek” or “nerd” I would be a little nervous (even though geeks/nerds have faced much less violence than most minority groups). But at a Linux conference my reaction would be very different. As a general rule you shouldn’t use any word that has a history of being used to attack any minority group other than one that you are a member of, so black rappers get to use a word that was historically used by white slave-owners but because I’m white I don’t get to sing along to their music. As an aside we had a discussion about such rap lyrics on the Linux Users of Victoria mailing list some time ago, hopefully most people think I’m stating the obvious here but some people need a clear explanation.

One thing that people should consider “jokes” is the issue of punching-down vs punching-up [1] (there are many posts about this topic, I linked to the first Google hit which seems quite good). The basic concept is that making jokes about more powerful people or organisations is brave while making “jokes” about less powerful people is cowardly and serves to continue the exclusion of marginalised people. When I raised this issue in the mailing list discussion a group of men immediately complained that they might be bullied by lots of less powerful people making jokes about them. One problem here is that powerful people tend to be very thin skinned due to the fact that people are usually nice to them. While the imaginary scenario of less powerful people making jokes about rich white men might be unpleasant if it happened in person, it wouldn’t compare to the experience of less powerful people who are the target of repeated “jokes” in addition to all manner of other bad treatment. Another problem is that the impact of a joke depends on the power of the person who makes it, EG if your boss makes a “joke” about you then you have to work on your CV, if a colleague or subordinate makes a joke then you can often ignore it.

Who does a Code of Conduct Protect

One member of the mailing list wrote a long and very earnest message about his belief that the CoC was designed to protect him from off-topic discussions. He analysed the results of a CoC on that basis and determined that it had failed due to the number of off-topic messages on the mailing lists he subscribes to. Being so self-centered is strongly correlated with being in a position of power, he seems to sincerely believe that everything should be about him, that he is entitled to all manner of protection and that any rule which doesn’t protect him is worthless.

I believe that the purpose of all laws and regulations should be to protect those who are less powerful, the more powerful people can usually protect themselves. The benefit that powerful people receive from being part of a system that is based on rules is that organisations (clubs, societies, companies, governments, etc) can become larger and achieve greater things if people can trust in the system. When minority groups are discouraged from contributing and when people need to be concerned about protecting themselves from attack the scope of an organisation is reduced. When there is a certain minimum standard of treatment that people can expect then they will be more willing to contribute and more able to concentrate on their contributions when they don’t expect to be attacked.

The Public Interest

When an organisation declares itself to be acting in the public interest (EG by including “Public Interest” in the name of the organisation) I think that we should expect even better treatment of minority groups. One might argue that a corporation should protect members of minority groups for the sole purpose of making more money (it has been proven that more diverse groups produce better quality work). But an organisation that’s in the “Public Interest” should be expected to go way beyond that and protect members of minority groups as a matter of principle.

When an organisation is declared to be operating in the “Public Interest” I believe that anyone who’s so unable to control their bigotry that they can’t refrain from being bigoted on the mailing lists should not be a member.

19 August, 2015 09:26AM by etbe

hackergotchi for Sune Vuorela

Sune Vuorela

Debconf 2015 – 5

Watching people figuring out how to use a Danish cheese slicer is kind interesting. But by using enough force most people succeeding in getting a lump of cheese.

19 August, 2015 06:35AM by Sune Vuorela

Russ Allbery

krb5-sync 3.1

Another relatively minor release, this of a software package that I've technically orphaned. But, well, it needed a fix, and it only took a few hours. krb5-sync is a system for synchronizing passwords from a Kerberos KDC to an Active Directory realm (which I no longer personally use).

The primary change in this release is some tweaks to the silent mode of krb5-sync-backend to keep it from spamming output about transient errors if accounts are slow to materialize on the Active Directory side. It also incorporates changes from the Debian packaging to relax the timing on some tests.

You can get the latest version from the krb5-sync distribution page.

19 August, 2015 04:56AM

rra-c-util 5.8

Another collection of random bug fixes in my general C utility library. Fixes a missing va_end, a segfault in buffer_find_string with new buffers, and how relative paths are computed in Test::RRA::Automake. Also adds a portability layer for the MIT Kerberos kadm5_init_krb5_context function.

You can get the latest release from the rra-c-util distribution page.

19 August, 2015 04:16AM

C TAP Harness 3.4

Nothing particularly exciting in this release of my C testing framework, but aherbert on Github found a segfault in the runtests driver with test lists that had only blank lines and comments. Since I'm releasing some other software anyway, that seemed to be worth a release.

While preparing the release, I found that the test for spelling errors in the POD documentation had some bad assumptions about how to canonicalize paths, so you may want to grab a new copy of that if you're using it in your projects.

You can get the latest release from the C TAP Harness distribution page.

19 August, 2015 03:41AM

August 18, 2015

Lior Kaplan

Overdue GPG signing

In the last few years I wasn’t really maintaining my GPG keys. I’ve created a new one (B4E14499) in 2011 during DebConf11, after the older primary one (99E81DA0) became too weak (1024D). I thought that I didn’t have enough signatures on the new key and almost lost my place on the debian keyring due to removal on the old one (without adding the new key).

Due to my confusion with the key signature, I didn’t really take the time to sign other people keys. But that doesn’t mean I ignored them completely, as I kept all the information from Debconf11 (yes, 4 years ago) and also the slips I was handed since.

Today, I finally took the time to finish the backlog and sign all the keys which are strong enough and still valid (haven’t expired / revoked). One less item on the todo list.

For those who got my signatures – I’m sorry for the delay, but better later than never, right ?

Filed under: Debian GNU/Linux Tagged: gpg

18 August, 2015 11:23PM by Kaplan

hackergotchi for Aigars Mahinovs

Aigars Mahinovs

Debconf 15 group photo

The long awaited group photo from Debconf15 is now available: here and here.

Due to its spectacular glory, the Google Photos could not handle the massive 52 Mb, and 19283*8740=168.5Mpix of awesomness, so there is only a half-size version.

Also I plan to have a lightning talk on Thursday on how exactly such things are made :)

18 August, 2015 09:10PM by aigarius

hackergotchi for Matthew Garrett

Matthew Garrett

Canonical's deliberately obfuscated IP policy

I bumped into Mark Shuttleworth today at Linuxcon and we had a brief conversation about Canonical's IP policy. The short summary:
  • Canonical assert that the act of compilation creates copyright over the binaries, and you may not redistribute those binaries unless (a) the license prevents Canonical from restricting redistribution (eg, the GPL), or (b) you follow the terms of their IP policy. This means that, no matter what Dustin's blogpost says, Canonical's position is that you must ask for permission before distributing any custom container images that contain Ubuntu binaries, even if you use no Ubuntu trademarks in the process. Doing so without their permission is an infringement of their copyright.
  • Canonical have no intention of clarifying their policy, because Canonical benefit from companies being legally uncertain as to whether they have permission to do something or not.
  • Mark justifies maintaining this uncertainty by drawing an analogy between it and the perceived uncertainties that exist around certain aspects of the GPL. I disagree with this analogy pretty strongly. One of the main reasons for the creation of GPLv3 was to deal with some more ambiguous aspects of GPLv2 (such as what actually happened after license termination and how patents interacted with the GPL). The FSF publish a large FAQ intended to provide further clarity. The major ambiguity is in what a derivative work actually is, which is something the FSF can't answer absolutely (that's going to be up to courts) but will give its opinion on when asked. The uncertainties in Canonical's IP policy aren't a result of a lack of legal clarity - they're a result of Canonical's refusal to answer questions.

The even shorter summary: Canonical won't clarify their IP policy because they believe they can make more money if they don't.

Why do I keep talking about this? Because Canonical are deliberately making it difficult to create derivative works, and that's one of the core tenets of the definition of free software. Their IP policy is fundamentally incompatible with our community norms, and that's something we should care about rather than ignoring.

comment count unavailable comments

18 August, 2015 07:02PM

Arturo Borrero González

2015 FLOSS summer report

debian logo
Good news. Many things happened since my last report (8 months ago), some of them very interesting :-)

debian maintainer

Back in April 2015 I applied to become Debian Maintainer (DM). I was supported by several Debian Developers (DD), including Ana Guerrero, Anibal Monsalve, Michael Prokop and Vicent Cheng. They are people I have been somehow involved with in the last times (developing, in-person meetings, other talks...).

After a month or two, my PGP key was added to the debian keyring.

And what means this? If a DD gives me the corresponding authorization, I can now upload packages directly to the archive without the need for a sponsor.

I have been maintaining packages as a standard contributor since early 2014. From 2014 to 2015 I've learned many many things about Debian. That knowledge was key to become DM.

Google Summer of Code 2015

This is my 3º year in GSoC. In 2013 and 2014 I was involved with the Netfilter Project, but this time I'm contributing to the Debian project.
In concrete, my project is "Improve the Debian port mipsel".

Most of the software is developed to run in common CPU architectures like amd64 and i386. However, Debian can run in a large variety of arches (not so many operating systems have this power). Developers tend to consider these arches 'exotic' and don't pay much attention to them.
The mips/mipsel architecture is somewhat similar to arm: its mainly intended for small devices.

My tasks consist mainly into fixing bugs and FTBFS errors in the mipsel architecture.

Roughly speaking, this can be done in two ways: emulating the mipsel arch using qemu, or using a physical mipsel machine. The qemu way is very very slow. Fortunately, as part of my GSoC involvement, I was given a ci20 mipsel board by Imagination Technologies. I have been using this board for all my GSoC work.

Detailing my work during this GSoC deserves his own blog post. However, the Debian workflow for GSoC'15 requires a weekly report, and here are mine:

  1. week 1
  2. week 2
  3. week 3
  4. week 4
  5. week 5
  6. week 6
  7. week 7
  8. week 8
  9. week 9
  10. week 10
  11. week 11
  12. week 12

no longer involved with the Netfilter Project

Such is life. Days only have 24 hours. I had to 'refactor' my priorities and my involvement with the Netfilter Project is now almost none. This happened back in May'15. I was in so many business that I had stress and even had anxiety. Among other things, this hard decision meant that I missed the Netfilter Workshop 2015 in Budapest :-(

My plan for 2016 is to focus in the University and pay bills with my full-time job as a system administrator.

other debian sutff

Regarding packaging, it worth mention my latest new package: liquidprompt. For people who get their hands dirty with the CLI, I recommend it :-)
I made lot of updates to the other packages as well.

The nftables package is now in jessie-backports. Debian includes now Linux v4 in jessie-backports as well, which mean you can start playing with a full-featured nftables right now :-)
I'm looking forward to package the following version of upstream nftables, which is to include new exciting changes.

best regards!

18 August, 2015 07:00PM by Arturo Borrero Gonzalez (

hackergotchi for Bastian Venthur

Bastian Venthur

Please Help to Port python-debianbts to Python3

Dear Lazyweb,

I’m currently trying to find a way to port python-debianbts to Python3. Debian’s standard bugreport tool reportbug depends on python-debianbts and can thus not convert to Python3 if python-debianbts does not as well. Unfortunately python-debianbts depends on SoapPy for parsing the Debian bugtracker’s responses, and that library is not ported to Python3 yet, and probably never will.

I’m planning to replace SoapPy with pysimplesoap which is available for Python2 and Python3. Unfortunately debbugs does not support WSDL which makes parsing of the replies extremely painful and error-prone. I wonder if there is a  SOAP/Python expert out there who’d be willing to give some assistance in porting python-reportbug to pysimplesoap? python-reportbug’s repository is on GitHub and patches are very welcome.

Since SOAP is quite a beast and debbugs uses it for read-only purposes only, another attractive solution would be to replace/augment debbugs’ API with something much more simple, like JSON. That would make parsing extremely easy as many programming languages including Python support JSON without any external libraries. In theory this could be quite easy but requires some serious Perl skills.

18 August, 2015 12:07PM by Bastian