March 06, 2015

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

Rcpp 0.11.5

The new release 0.11.5 of Rcpp just reached the CRAN network for GNU R, and a Debian package has also been be uploaded.

Rcpp has become the most popular way of enhancing GNU R with C++ code. As of today, 345 packages on CRAN depend on Rcpp for making analyses go faster and further; BioConductor adds another 41 packages, and casual searches on GitHub suggests dozens mores.

This release continues the 0.11.* release cycle, adding another large number of small bug fixes, polishes and enhancements. Since the previous release in January, we incorporated a number of pull requests and changes from several contributors. This time, JJ deserves a special mention as he is responsible for a metric ton of the changes listed below, making Rcpp Attributes even more awesome. As always, you can follow the development via the GitHub repo and particularly the Issue tickets and Pull Requests. And any discussions, questions, ... regarding Rcpp are always welcome at the rcpp-devel mailing list.

See below for a detailed list of changes extracted from the NEWS file.

Changes in Rcpp version 0.11.5 (2015-03-04)

  • Changes in Rcpp API:

    • An error handler for tinyformat was defined to prevent the assert() macro from spilling.

    • The Rcpp::warning function was added as a wrapper for Rf_warning.

    • The XPtr class was extended with new checked_get and release functions as well as improved behavior (throw an exception rather than crash) when a NULL external pointer is dereferenced.

    • R code is evaluated within an R_toplevelExec block to prevent user interrupts from bypassing C++ destructors on the stack.

    • The Rcpp::Environment constructor can now use a supplied parent environment.

    • The Rcpp::Function constructor can now use a supplied environment or namespace.

    • The attributes_hidden macro from R is used to shield internal functions; the R_ext/Visibility.h header is now included as well.

    • A Rcpp::print function was added as a wrapper around Rf_PrintValue.

  • Changes in Rcpp Attributes:

    • The pkg_types.h file is now included in RcppExports.cpp if it is present in either the inst/include or src.

    • sourceCpp was modified to allow includes of local files (e.g. #include "foo.hpp"). Implementation files (.cc; .cpp) corresponding to local includes are also automatically built if they exist.

    • The generated attributes code was simplified with respect to RNGScope and now uses RObject and its destructor rather than SEXP protect/unprotect.

    • Support addition of the rng parameter in Rcpp::export to suppress the otherwise automatic inclusion of RNGScope in generated code.

    • Attributes code was made more robust and can e.g. no longer recurse.

    • Version 3.2 of the Rtools is now correctly detected as well.

    • Allow 'R' to come immediately after '***' for defining embedded R code chunks in sourceCpp.

    • The attributes vignette has been updated with documentation on new features added over the past several releases.

  • Changes in Rcpp tests:

    • On Travis CI, all build dependencies are installed as binary .deb packages resulting in faster tests.

  • Thanks to CRANberries, you can also look at a diff to the previous release As always, even fuller details are on the Rcpp Changelog page and the Rcpp page which also leads to the downloads page, the browseable doxygen docs and zip files of doxygen output for the standard formats. A local directory has source and documentation too. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

    This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

    06 March, 2015 11:26AM

    hackergotchi for DebConf team

    DebConf team

    Valessio Brito wins DebConf15 logo contest (Posted by Penny Leach)

    In May, the DebConf15 Team held a competition to design the logo for DebConf15, which will take place in Heidelberg, Germany. We received many great entries, and after a week-long voting period, this logo by Valessio Brito was selected:

    DebConf15 logo (by Valessio Brito)

    The lion depicted is the “Kurpfälzer Löwe”, which makes up Heidelberg’s coat of arms.

    Valessio is Brazilian, graduated in Communication and Advertising, and specialised in Free Software Development. He is currently a consultant to UI Design of the Secretariat-General of the Presidency of the Republic, living in Brasilia, Brazil. He has been a Debian user since 2000, contributing to local communities, Inkscape and the Debian project.

    Valessio has a tattoo of the red spiral!

    His personal website is (pt_BR).

    He invites you to visit to discover the work of other artists and designs that contribute to the Debian project.

    Thanks very much Valessio for your great contribution!

    06 March, 2015 08:14AM by DebConf Organizers

    hackergotchi for Steve Kemp

    Steve Kemp

    Free hosting, and key-signing

    Over the past week I've mailed many of the people who had signed my previous GPG key and who had checked my ID as part of that process. My intention was to ask "Hey you trusted me before, would you sign my new key?".

    So far no replies. I may have to be more dedicated and do the local-thing with people.

    In other news Bytemark, who have previously donated a blade server, sponsored Debconf, and done other similar things, have now started offering free hosting to Debian-developers.

    There is a list of such offers here:

    I think that concludes this months blog-posting quota. Although who knows? I turn 39 in a couple of days, and that might allow me to make a new one.

    06 March, 2015 12:00AM

    March 05, 2015

    Ian Wienand

    Acurite 02032CAUDI Weather Station

    I found an Acurite Weather Center 02032CAUDI at Costco for $99, which seemed like a pretty good deal.

    It includes the "colour" display panel and a 5-in-1 remote sensor that includes temperature, wind-speed and direction, humidity and rain gauge.

    The colour in the diplay is really just a fancy background sticker with the usual calculator-style liquid-crystal display in front. It does seem that for whatever reason the viewing angle is extremely limited; even off centre a little and it becomes very dim. It has an inbuilt backlight that is quite bright; it is either off or on (3-levels) or in "auto" mode, which dims it to the lowest level at certain hours. Hacking in a proximity sensor might be a fun project. The UI is OK; it shows indoor and outdoor temperature/humidity, wind-speed/rain and with is able to show you highs and lows with a bit of scrolling.

    I was mostly interested in its USB output features. After a bit of fiddling I can confirm I've got it connected up to Meteobridge that is running on a Dlink DIR-505 and reporting to Weather Underground. One caveat is that you do need to plug the weather-station into a powered USB hub, rather than directly into the DIR-505; I believe because the DIR-505 can only talk directly to USB2.0 devices and not older 1.5 devices like the weather station. Another small issue is that the Meteobridge license is €65 which is not insignificant. Of course with some effort you can roll-your-own such as described in this series which is fun if you're looking for a project.

    Luckily I had a mounting place that backed onto my small server cupboard, so I could easily run the cables through the wall to power and the DIR-505. Without this the cables might end up a bit of a mess. Combined with the fairly limited viewing angle afforded, finding somewhere practical to put the indoor unit might be one of the hardest problems.

    Mounting the outdoor unit was fine, but mine is a little close to the roof-line so I'm not sure the wind-speed and direction are as accurate as if it were completely free-standing (I think official directions for wind-speed are something like free-standing 10m in the air). It needs to face north; both for the wind-direction and so the included solar-panel that draws air into the temp/humidity sensor is running as much as possible (it works without this, but it's more accurate with the fan). One thing is that it needs to mounted fairly level for the rain-gauge; it includes a small bubble-level on the top to confirm this. Firstly you'll probably find that most mount points you thought were straight actually aren't! Since the bubble is on the top, if you want to actually see it you need to be above it (obviously) which may not be possible if you're standing on a ladder and mounting it over your head. This may be a situation that inspires a very legitimate use of a selfie-stick.

    It's a fun little device and fairly hackable for an overall reasonable price; I recommend.

    05 March, 2015 11:15PM by Ian Wienand

    On VMware and GPL

    I do not believe any of the current reporting around the announced case has accurately described the issue; which I see as a much more subtle question of GPL use across API layers. Of course I don't know what the real issue is, because the case is sealed and I have no inside knowledge. I do have some knowledge of the vmkernel, however, and what I read does not match with what I know.

    An overview of ESXi is shown below

    overview of vmkernel and vmkapi

    There is no question that ESXi uses a lot of Linux kernel code and drivers. The question as I see it is more around the interface. The vmkernel provides a well-described API known as vmkapi. You can write drivers directly to this API; indeed some do. You can download a SDK.

    A lot of Linux code has been extracted into vmkLinux; this is a shim between Linux drivers and the vmkapi interface. The intent here is to provide an environment where almost unmodified Linux drivers can interface to the proprietary vmkernel. This means vendors don't have to write two drivers, they can re-use their Linux ones. Of course, large parts of various Linux sub-systems' API are embedded in here. But the intent is that this code is modified to communicate to the vmkernel via the exposed vmkapi layer. It is conceivable that you could write a vmkWindows or vmkOpenBSD and essentially provide a shim-wrapper for drivers from other operating systems too.

    vmkLinux and all the drivers are GPL, and released as such. I do not think there could be any argument there. But they interface to vmkapi which, as stated, is an available API but part of the proprietary kernel. So, as I see it, this is a much more subtle question than "did VMware copy-paste a bunch of Linux code into their kernel". It goes to where the GPL crosses API boundaries and what is considered a derived work.

    If nothing else, this enforcement increasing clarity around that point would be good for everyone I think.

    05 March, 2015 10:30PM by Ian Wienand

    hackergotchi for EvolvisForge blog

    EvolvisForge blog

    I have to give you that one

    After seeing what the Wildfly (formerly JBoss AS) and Liferay combo does to /tmp, and somewhat attempting to fix it, I saw JVM_TMP in the Debian tomcat7 init script and thought, oh no, not another one.

    Is that even safe, what they do here, or is that a possibility to instantly pwn?

    The net is full of literature for how to obtain temporary files and directories, but there is nothing about how to reliably obtain paths under /tmp or, more generally, directories not just writable for one single user (think the g+w thing that got FusionForge CVE-2013-1423).

    The scenario here is: I am root, and I want to start something as another user, and pass it a stable path, such as /tmp/liferay. So I can just mkdir /tmp/liferay || die; chown thatuser /tmp/liferay and, in the “stop” process, rm -rf /tmp/liferay, right? (Of course not. Also, bad example, as the liferay thing can also be started as thatuser, and our devs regularily need to do that, the init script is there just for the admin convenience and reboot-safety. But I still am interested if there is a secure way to achieve this.)

    The tomcat7 scenario is “trivial”: on That Other Init System™, it would just get its private /tmp declared in the .service file, and good is, no more hassle. That’s one I have to give you. (No idea if this is actually shipped in jessie. Our production systems run wheezy anyway, so there is not even the slightest bit of temptation. Plus, it would not solve the liferay issue, see above. Still, a point for going into the right direction.)

    The idea here is the same. It creates a directory on start and tears it down on stop. If there was nothing to do on start, the init script could just use mktemp -d. Heck, maybe it still should, but it would need to note down, and communicate to the stop instance, the actual name used. What a drag…

    This is something I see popping up from time to time. I want to use stable paths for SSH session multiplexing control sockets in my ssh_config(5) file, but have them on tmpfs (Linux) or mfs (BSD) so they get properly removed on reboot. No Unix traditionally has per-user temporary directories that are clean and created after reboot. (Adjusting the paths is trivial once you have them.) Android has it worse, what with not having a world-writable tmp directory, which the shell needs e.g. for here documents; there are two components here, to have a directory the current user can write to, and to know its location. Some fail at the first, some at the second, some at both, and the classic /tmp is not the cure, as we have seen. (But if you ever see mksh erroring out due to lack of write permissions somewhere (including /sqlite_stmt_journals which used to be it) as non-root on Android, or even as root, set TMPDIR to something writable; it’s tracked, so the change gets active immediately.)

    05 March, 2015 02:07PM by Thorsten Glaser

    March 04, 2015

    hackergotchi for Phil Hands

    Phil Hands

    The future arrived, again!

    I am reminded by Gunnar's wonderful news that I have been very remiss in publishing my own.

    Mathilda Sophie Hands, our second daughter, was delivered on the 9th of January.

    Her arrival was a little more interesting than we'd have preferred (with Gunde being suddenly diagnosed with HELLP Syndrome), but all has turned out well, with Gunde bouncing back to health surprisingly quickly, and Mathilda going from very skinny to positively chubby in a few short weeks, so no harm done.

    Today Mathilda produced her first on-camera smile.

    Matilda, smiling on camera for the first time

    It's lovely when they start smiling. It seems to signal that there's a proper little person beginning to take shape.

    04 March, 2015 10:04PM

    Simon Josefsson

    EdDSA and Ed25519 goes to IETF

    After meeting Niels Möller at FOSDEM and learning about his Ed25519 implementation in GNU Nettle, I started working on a simple-to-implement description of Ed25519. The goal is to help implementers of various IETF (and non-IETF) protocols add support for Ed25519. As many are aware, OpenSSH and GnuPG has support for Ed25519 in recent versions, and OpenBSD since the v5.5 May 2014 release are signed with Ed25519. The paper describing EdDSA and Ed25519 is not aimed towards implementers, and does not include test vectors. I felt there were room for improvement to get wider and more accepted adoption.

    Our work is published in the IETF as draft-josefsson-eddsa-ed25519 and we are soliciting feedback from implementers and others. Please help us iron out the mistakes in the document, and point out what is missing. For example, what could be done to help implementers avoid side-channel leakage? I don’t think the draft is the place for optimized and side-channel free implementations, and it is also not the place for a comprehensive tutorial on side-channel free programming. But maybe there is a middle ground where we can say something more than what we can do today. Ideas welcome!

    04 March, 2015 02:30PM by simon

    hackergotchi for Clint Adams

    Clint Adams

    As one might expect, a white person responded to him.

    “I think poor black people and white intellectuals using the same model is pretty telling, actually: the two most isolated sides of the spectrum,” he said.

    04 March, 2015 02:19PM

    Zlatan Todorić

    Interviews with FLOSS developers: Paul Wise

    After starting with Joey Hess, we continue with Paul Wise. What makes his star to shine are many things such as being a DSA (Debian System Administrator), a helpful hand on mailings list, encouraging people to join Debian teams but most of all - he has encyclopedia knowledge on Debian as a whole which he gladly shares with anyone who asks (very fast response on IRC channels). It is almost impossible for any single person to count all Debian teams, work and places - to know most of those things, you can image the vast knowledge which Paul has. The legend says that his brain has better and faster search engine algorithm on Debian related queries than all other engines combined. So lets see what he has to share with world.

    me: Who are you?

    pabs: Paul Wise (pabs) and I have to say that I'm no-where near as knowledgeable as your intro suggests.

    me: How did you start programming?

    pabs: Messing around with fractals and graphics things in MS BASIC.

    me: How would you now advise others to start programming?

    pabs: Pick an issue in a tool you use, investigate how the tool works and how you can change it, fix that and contribute the change back to the project that created that tool. In the process you will learn skills, interact with the community and contribute to the project.

    me: Setup of your development machine?

    pabs: Lenovo Thinkpad with external monitor, Debian testing and some tweaks

    me What is your preferable language (for hacking)? Why? How do you compare it to other languages?

    pabs: I currently prefer Python for its readability. It still has some rough edges though the documentation covers them fairly well. I generally pick up new languages when working on projects written in them. Haskell is next on the horizon due to Nikki and the Robots.

    me: Describe your current most memorable situation as software developer/hacker?

    pabs: I had a great time creating fractals in BASIC, learning about the Mandelbrot set, L-systems and more. My days and nights of hacking on frhed (a GPLed hex editor for Windows) to help me cheat at Civilisation were pretty memorable. frhed led to my work on reverse engineering the CHM file format (a documentation format for Windows programs). A stand-out moment during my time with Debian was hacking on the derivates census patch generation code during the Debian UK BBQ weekend, surrounded by geeks playing Portal, cooking things, hacking on Debian and generally having a good time (thanks Steve!).

    me: Some memorable moments from Debian conferences?

    pabs: There are so many; meeting Debian folks, playing Mao once and then never again, late night games of werewolf, both delectably delicious and hideously disgusting cheeses, fried insects, day trips to beautiful landscapes, inspiring keynotes, exciting BoFs, secret IRC channels for planning surprise birthday parties, blue hair, wet air, blocks of fried cheese, a vast quantity of icecream, pants, geeks in the surf, volcanoes, hiking, a wonderful view, a uni-cycling stormtrooper & more.

    me: How do you see future of Debian development?

    pabs: I hope we will continue to exist and uphold our principles for the foreseeable future. I don't have any crystal balls though.

    me: You recently became member of Debian DSA - what is that like, what roles do you have and what tasks are in front of DSA?

    pabs: We wrote a bit of text about that for DPN recently.

    me: You have large knowledge on Debian and you share it with anyone who wants to know more. What motivates you to do so?

    pabs: I want the operating system I personally rely on to exist into the future, helping folks work on and join Debian can help with that.

    me: Why should developers and users join Debian community? What makes Debian a great and happy place?

    pabs: Every Debian contributor has different reasons for joining the community. Personally the Social Contract, the DFSG and the spirit and culture behind them are the main reason to be involved. I also like our many efforts towards technical excellence and correctness. Of course I've made a number of good friends over the years, especially as a result of attending DebConf every year since 2007.

    me: You are member of Debian publicity team which writes Debian news - do you need more people to join that team and how can they start?

    pabs: Since there is an infinite amount of work to do, pretty much every part of Debian always needs help, that includes the publicity team. We published a post about ways to help here.

    me: If someone wants to contribute to Debian in terms of packaging, can they do it anonymously (for example over Tor network, does Debian have .onion address)?

    pabs: Due to Debian's penchant for transparency it is harder but there are definitely package maintainers who have built up a reputation for good work under a pseudonym over the years and become Debian contributors as a result. I'm not aware of completely anonymous package maintainers but there are definitely people who file bugs using one-off pseudonyms, which is almost the same thing as anonymously. There are definitely Debian contributors and members who use Tor while contributing to Debian. In fact, as Debian is very highly dependent on OpenPGP and the best practices for OpenPGP include refreshing your keyring slowly over Tor, so probably quite a number of Debian contributors use Tor. As far as I know Debian itself does not run any Tor relays or onion services.

    me: What are places that non-packaging developers and people could join and help spread Debian even more?

    pabs: There are many ways to help Debian, including non-technical ones. Unfortunately our web page about helping Debian isn't quite up-to-date with all of them but a few more are to volunteer at DebConf, helo with artwork requests, speak about Debian at events or even come up with ideas for projects. Whatever skills you have, Debian can probably make use of them. If you aren't sure where to start, jump on the debian-mentors mailing list or IRC channel and we can probably guide you to the right place within Debian. Don't worry about not being skilled enough, everyone starts somewhere.

    me: How do you see Debian will manage webapps?

    pabs: Personally I prefer locally installed software, standard data formats and standard data transfer protocols to the wild webapps world but I understand they are becoming very popular to produce and use due to the ubiquity of the web browser platform. Antonio Terceiro is mentoring a project for this year's newcomer mentorship programs (outreachy/gsoc) that aims to improve support for installing web apps on Debian installations. I hope it succeeds as it could help make Debian more popular on servers and home servers in particular.

    me: How would you advise Debian (and other FLOSS users) to setup their machine in terms of security and anonymity?

    pabs: All technology has upsides and downsides. I would advise anyone to analyse their situation and protect themselves accordingly. For example if you have a bad memory, full disk encryption, which is based on pass-phrases might lead to data loss and physical security might be a better choice for protecting your data. The right choices around technology are very much a personal thing.

    me: Is it better to setup xmonad (because it is Haskell based WM) with small dependency chain or GNOME (because it is getting sandboxed apps) in term of security and privacy implications?

    pabs: Again, the right choices around technology are very much a personal thing. Due to the design of X11, both of these are approximately equivalent from a window-manager security properties point of view, that is to say, pretty bad. Wayland is one of the possible X11 successors and offers much better security properties. GNOME folks are working on switching to Wayland. Ultimately though it comes down to how each person uses their window manager and which software they run under it.

    me: Should Debian join Tor project as distro that installs Tor relays by default - should it offer that as option in installer in Debian 9?

    pabs: Running a Tor relay requires a reasonably fast and reliable Internet connection and should be a conscious decision on behalf of the sysadmin for a computer so Debian probably shouldn't install them by default. If tasksel gets support for installing tasks from Debian Pure Blends, then we could add a Tor relay task to the Debian Sanctuary Pure Blend.

    me: Have you ever considered joining initiatives such as FreedomBox?

    pabs: I was quite moved by Eben Moglen's talk at DebConf10 in New York and the resulting BoF. It seemed like a very ambitious project but I didn't really have the knowledge, skills or time to contribute yet.

    me: Are you a gamer? Valve Steam games are offered for free to Debian Developers - do you use steam and play Valve games? Your thoughts on Steam and non-free Linux gaming?

    pabs: I play computer games occasionally, all from Debian main or ones that I'm packaging. 0ad is my current go-to for a bit of gaming. I don't have any experience with Steam or non-free games on Linux.

    me: Is there something you would change in FLOSS ecosystem?

    pabs: Various folks have highlighted new and ongoing challenges for the FLOSS ecosystem in various places in recent years.

    Something that I would like to highlight that does not get talked about enough is the choices we make around our digital artefacts. This is the discussion around "preferred form for modification" or "source". The "source" for a particular digital artefact is a deliberate choice on behalf of the authors. Often generated files are distributed alongside the "source" without any instructions for reproducing the generated files from the "source". It sometimes happens that FLOSS contributors forget to distriute what they have chosen as "source", instead just distributing the generated files. This is a fairly well known issue but still happens. What isn't thought about quite as much is that the choice of "source" has consequences for future development possibilities of that "source". Some forms of "source" are more expressive than others, can be modified in a wider variety of ways and are better choices in general. Sometimes the consequences of choosing less expressive forms are mild and other times they are quite important. I hope more people will start to think about these choices. Some examples where, in my opinion, various people could have made better choices are listed in the mail I sent to the games team list last year.

    Another thing I would like to highlight is the work that organisations like Software Freedom Conservancy and Software in the Public Interest do to protect, defend, promote and support FLOSS projects. It is very important work that needs our interest and support.

    me: Can FLOSS world create great alternatives to Viber, Dropbox, WhatsUp, Facebook, Skype and other non-free services?

    pabs: I think that the FLOSS world has already created alternatives to all of those. The success of non-free services doesn't take these alternatives away but it does mean some of them are less useful because some of them are the kind of tools that become more useful with a larger amount of people using them. I don't know what it would take for the FLOSS alternatives to achieve similar success as network effects are hard to overcome. Hopefully mako is right and the network effects are overrated.

    me: Your thoughts and compare Cloud, IaaS, PaaS, SaaSS? To what should the FLOSS world pay more attention and energy?

    pabs: Initially I dismissed these as buzzwords and a threat to Free Software. These days I view them as potential opportunities for Free Software. Cloud-related technologies such as OpenStack and virtual machines can make private compute farm hardware more flexible and useful to their owners. IaaS providers can be used to run Debian more simply and cheaply and therefore bring Debian to more people than possible with hardware. PaaS providers can be used to run Free Software services. SaaSS can be based entirely on Free Software and respect users. Of course, just like running Free Software on hardware (proprietary or libre), cloud technology, IaaS, PaaS and SaaSS all come with downsides. The FLOSS world should aim to inform users of our software of these downsides. For example, the Debian installer could note that it is running on Intel CPUs with a proprietary BIOS and various proprietary software running, that it is running on a mobile phone with a locked bootloader, that it is running in a Xen VM on machines owned by Amazon. Free Software services could note they are running on Google App Engine etc. Free Software web browsers, chat clients etc could note when they are connecting to proprietary network services. All these notes could inform users about the downsides present in the particular situation encountered. There is also much work to be done making it easier to run Free Software on top of or use Free Software to connect to all manner of platforms from lowRISC to UEFI to VMware to Google App Engine to GitHub to Facebook. The more places Free Software can reach, the more people will be exposed to the philosophy behind it and the more potential there is for folks to join the community. While co-option of the FLOSS world is a dangerous certainty, co-option of proprietary platforms might be able to expand the reach of the philosophy behind Free Software.

    me: Your thoughts on Purism (the open hardware laptop initiative that got recently funded on CrowdSupply)?

    pabs: I don't know enough about that to comment but personally I am more interested in a laptop based on a libre CPU architecture. The RISC-V ISA and the lowRISC project seems to be one of the more promising possibilities at this point in time.

    me: Did you watch Citizenfour - comments on it?

    pabs: I've seen the trailer and look forward to watching it at some point, I read there might be a screening at DebConf15.

    04 March, 2015 11:11AM by Zlatan Todorić

    March 03, 2015

    hackergotchi for Daniel Pocock

    Daniel Pocock

    Wrong day or wrong volcano?

    On our last visit to Chile, we stayed in Pucon for a few days and went to climb the Villarrica volcano:

    It is demanding (1500 meter rise in elevation from the bus stop, crampons must be worn on the glacier) but the view is breathtaking. While we were there, another nearby volcano erupted.

    Today, Villarrica Volcano had its turn:

    03 March, 2015 07:12PM by Daniel.Pocock

    March 02, 2015

    Carl Chenet

    Backup Checker 1.2 : verify remote backups

    Follow me on  or Twitter  or Diaspora*diaspora-banner

    Backup Checker is a command line software developed in Python 3.4, allowing users to verify the integrity of archives (tar,gz,bz2,lzma,zip,tree of files) and the state of the files inside an archive in order to find corruptions or intentional of accidental changes of states or removal of files inside an archive.

    The major feature of this new version is the ability of Backup Checker to use Unix streams. Using classic Unix tools like OpenSSH or wget, Backup Check is able to verify a remote tar.{gz,bz2,xz} archive. The following example verifies a tar.gz archive located on remote server through SSH:

    $ ssh -q server "cat /tmp/backup.tar.gz" | ./ -c . -

    Another short example with the FTP protocol, to verify a tar.bz2 archive located on a remote server through FTP:

    $ wget --quiet -O - ftp://user:pass@server/backup.tar.gz | ./ -c . -

    Moreover in this release, a new option –configuration-name allows the user to define a custome name for the files generated by Backup Checker (default is defined from the name of the archive using the -g or -G options).

    It is a major step for Backup Checker. It is indeed easier and easier to use Backup Checker in your own scripts, allowing to fully automate your backup controls.

    Several companies now use Backup Checker to secure their backups. Let us know if we can help you.

    As usual, any feedback is welcome, through bug reports, emails of the author or comments on this blog.

    02 March, 2015 11:00PM by Carl Chenet

    hackergotchi for Jonathan Dowland

    Jonathan Dowland

    Debian and Docker

    I've been playing around with Debian and Docker a little bit. I found Joey Hess' post about Docker trust interesting reading, in particular this advice:

    I'd recommend only trusting docker images you build yourself. I have some docker images published somewhere that are built with 100% straight debootstrap with no modifications (...) But I'm not going to link to them, because again, you should only trust docker images you built yourself.

    On that advice, I did exactly that. I've pushed the basic scripts I used to build my images to github:jmtd/debian-docker. Suggestions welcome!

    However, I am planning to share the images I build, at least for my own convenience, on the Docker repository. I'm hoping to publish some PGP-signed sums somewhere so you could verify the binary images on the Docker registry if you so wish.

    The three images I'm currently maintaining are:

    • jmtd/debian:buildd: a sid image, variant buildd, to use as the base for package builds
    • jmtd/debian:wheezy: a minbase wheezy
    • jmtd/debian:wheezy-i386: a minbase wheezy, i386

    (note: I haven't pushed them all yet.)

    With docker 1.5.x at least, the i386 image works fine on amd64 hosts. I've used it as the basis for running wine and Windows binaries. I might push a wine image if I generalise it enough to be more useful.

    The Docker folks recommend using Debian as a base image because it's a small size (approx. 163M for my base image, 85.01M for the semi-official one: See Joey's blog for some of the differences) but with a good set of tools. I wondered whether I could leverage the efforts of the Emdebian project to get an even smaller base image.

    Unfortunately, the Emdebian project discontinued their 'Grip' project midway through last year. A basic Emdebian grip install is a fair bit smaller than the equivalent wheezy image, but once you've applied security updates most of the difference is lost. I suspect that some of Emdebian's minimisation techniques would be useful and applicable for shrinking Docker base images.

    02 March, 2015 09:34PM

    Zlatan Todorić

    Debian priglavci

    Mom and Debian is an awesome combination. :)

    Debian pape

    02 March, 2015 08:36PM by Zlatan Todorić

    hackergotchi for Wouter Verhelst

    Wouter Verhelst

    NBD 3.9

    I just released NBD 3.9

    When generating the changelog, I noticed that 3.8 happened two weeks shy of a year ago, which is far too long. As a result, the new release has many new features:

    • AF_UNIX support
    • New "treefiles" mode, which exports a gazillion of page-sized files; useful for exporting things which are stored on an SSHFS or amazon AWS (trough FUSE) or similar, where every write causes an upload to the backend storage
    • New "cowdir" option, allowing to specify where copy-on-write files are written.
    • Minor changes so that nbd-client can now also be compiled for the Android platform. This required removal of the -swap command line option, which requires the mlockall() system call, unavailable on Android.
    • Protocol update: a reserved bit is used to avoid sending the 124 bytes of useless data at the beginning of the negotiation. The change is implemented so that things will still work with clients not supporting this option, however.
    • gznbd is now built by the same build system, rather than a separate one. Note however that gznbd is still unmaintained; it should be considered a "contrib" feature.
    • "nbd-server -V" will now output the nbd-server version number.
    • Fixed test suite on non-GNU getopt() implementations
    • Various fixes found through Coverity and the clang static analyzer, and lots of other minor things too small to mention here.

    Get it at the usual place.

    02 March, 2015 07:39PM

    hackergotchi for DebConf team

    DebConf team

    Inviting speakers to DebConf15 (Posted by René Mayorga)

    Last year for the DebConf edition that took place in Portland, we had some invited speakers that helped bring a different point of view to the matters discussed during the conference. This year we would like to do this again.

    If you would like to suggest inviting someone that would not regularly attend DebConf, the DebConf Content Team encourages you to do that now. We will stop accepting new suggestions on 10 March 2015.

    You can follow the simple procedure described on the Inviting Speakers page in the DebConf’s Wiki

    Please keep in mind that we don’t promise to bring to Heidelberg everyone that is suggested. The final list of invited speakers will depend on the speakers’ availability and our limited budget.

    02 March, 2015 06:00PM by DebConf Organizers

    hackergotchi for Michal Čihař

    Michal Čihař

    Gammu 1.35.0

    Gammu 1.35.0 has been just released. This is just bugfix release to fix some major issues introduced in 1.34.0.

    Full list of changes:

    • Fixed encoding of UTF-8 for higher code points.
    • Improved provided udev rules.
    • Fixed possible lock while getting network status in SMSD.
    • Various localization updates.

    You can download it from

    I will not make any promises for future releases (if there will be any) as the tool is not really in active development.

    Filed under: English Gammu Wammu | 0 comments | Flattr this!

    02 March, 2015 05:00PM by Michal Čihař (

    March 01, 2015

    Robert Edmonds

    Converting to --upstream-vcs-tag

    Recently, the Google protobuf developers announced a migration of their project's source code from an svn repository to a git repository. Up until this point, the Debian protobuf package repository had only tracked upstream development by embedding upstream release tarballs using gbp import-orig with pristine-tar. It would be nice to smoothly migrate the packaging repository to additionally make use of the --upstream-vcs-tag option to gbp import-orig, the advantages of which have been well described by Russ Allbery.

    This turned out to be harder than expected, so for reference I documented the steps I took below. Note that this packaging repository uses the default gbp import-orig repository layout, where upstream sources are placed on a branch named upstream, and the Debian branch is named master.

    Add an upstream remote configured to track the upstream repository's master branch and tags.

    $ git remote add --tags --track master upstream

    The upstream remote shouldn't be confused with our upstream branch. Note that git-remotes are local to the repository, so the upstream remote should probably be documented in the debian/README.source file.

    Fetch the upstream branch and tags.

    $ git fetch upstream
    warning: no common commits
    remote: Counting objects: 5210, done.
    remote: Compressing objects: 100% (861/861), done.
    remote: Total 5210 (delta 3869), reused 5194 (delta 3855)
    Receiving objects: 100% (5210/5210), 3.57 MiB | 1.43 MiB/s, done.
    Resolving deltas: 100% (3869/3869), done.
     * [new branch]      master     -> upstream/master
     * [new tag]         v2.6.0     -> v2.6.0

    We now have a git-remote upstream, a remote-tracking branch upstream/master which corresponds to the master branch that upstream makes releases from, and a release tag v2.6.0. Note that the remote-tracking branch upstream/master shouldn't be confused with our master branch.

    Up until this point, our upstream branch has been synthetically generated by importing upstream's release tarballs with gbp import-orig. We need to merge this synthetic history with upstream/master. Unfortunately, I couldn't find a way to do this without using a temporary branch.

    $ git checkout -b tmp upstream/master
    Branch tmp set up to track remote branch master from upstream.
    Switched to a new branch 'tmp'
    $ git merge -s ours -m \
      "Merge the original 'upstream' branch with upstream's new master branch" upstream
    Merge made by the 'ours' strategy.
    $ git checkout upstream
    Switched to branch 'upstream'
    Your branch is up-to-date with 'origin/upstream'.
    $ git merge --ff-only tmp
    Updating 7ed940b..9ba221e
     CHANGES.txt                                                     |    49 +-
     COPYING.txt => LICENSE                                          |     0                                                     |    64 +-                                                     |  1041 --
     README.txt =>                                         |    49 +-
    [...many more lines...]
    $ git branch -D tmp
    Deleted branch tmp (was 5f18f02).

    There are now an additional 400 or so commits on our upstream branch, corresponding to the new git repository history published by upstream.

    Import the 2.6.0 release tarball against the upstream v2.6.0 tag, using the --upstream-vcs-tag option.

    $ git checkout master
    Switched to branch 'master'
    Your branch is up-to-date with 'origin/master'.
    $ gbp import-orig -u 2.6.0 --upstream-vcs-tag=v2.6.0 ~/debian/tarballs/protobuf_2.6.0.orig.tar.gz
    gbp:info: Importing '/home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz' to branch 'upstream'...
    gbp:info: Source package is protobuf
    gbp:info: Upstream version is 2.6.0
    pristine-tar: committed to branch pristine-tar
    gbp:info: Merging to 'master'
    gbp:info: Successfully imported version 2.6.0 of /home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz

    The upstream branch now contains a mixture of the original series of release tarball content imported by plain gbp import-orig and the upstream/master branch as published by upstream.

    Updating the Debian packaging repository when new upstream releases occur only requires a git fetch to pull down upstream's updated git history and release tag and using the --upstream-vcs-tag option when importing the release tarball with gbp import-orig.

    01 March, 2015 10:36PM by Robert Edmonds

    hackergotchi for Dirk Eddelbuettel

    Dirk Eddelbuettel

    drat 0.0.2: Improved Support for Lightweight R Repositories

    A few weeks ago we introduced the drat package. Its name stands for drat R Archive Template, and it helps with easy-to-create and easy-to-use repositories for R packages. Two early blog posts describe drat: First Steps Towards Lightweight Repositories, and Publishing a Package.

    A new version 0.0.2 is now on CRAN. It adds several new features:

    • beginnings of native git support via the excellent new git2r package,
    • a new helper function to prune a repo of older versions of packages (as R repositories only show the newest release of a package),
    • improved core functionality in inserting a package, and adding a repo.

    Courtesy of CRANberries, there is a comparison to the previous release. More detailed information is on the drat page.

    This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

    01 March, 2015 03:39PM

    Thorsten Alteholz

    My Debian Activities in February 2015

    FTP assistant

    Processing the new queue got off the ground again. This month I marked 154 packages for accept and rejected 20 packages.

    Some emails I got were rather funny and people are very creative when trying to interpret the license of upstream. But hey, most of the time upstream has a reason to choose a specific wording. You can try to interpret those words, but don’t waste your time. Better ask upstream about their intention and whether this fits into the world of Debian. It only sounds strange when upstream publishes their stuff under licenseA and wants to distribute their files under licenseB but insists on keeping the wording of licenseA. That’s life!

    Squeeze LTS

    This was my eighth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

    This month I got assigned a workload of 14.5h and I spent these hours to upload new versions of:

    • [DLA-145-2] php5 regression update
    • [DLA 146-1] krb5 security update
    • [DLA 150-1] unzip security update
    • [DLA 151-1] libxml2 security update
    • [DLA 162-1] e2fsprogs security update

    For whatever reason, the DLA-145-2 didn’t reach debian-lts-announce. As the listmaster didn’t find any reason for this (at least the other emails all appeared), I think there has been some extraterrestrial influence (“The Truth Is Out There”).

    Anyway, I also worked on an upload for binutils, but one patch is a real 100kB-beast. Meanwhile I am down to only one regression in one source file, so I hope that there will be an upload in March.

    I also uploaded one DLA for libgtk2-perl ([DLA 161-1] libgtk2-perl security update although no LTS sponsor indicated any interest.

    Other packages

    I didn’t do any work on other packages, but looking at the bug count, the number of bugs has increased. So, sorry, if you sent in a bug report and I didn’t answer. It is not forgotten.


    After adding some micro payment buttons to my blog in January, I already got a donation of 20€ in February. I really appreciate this and I feel vindicated that my contributions to Debian are still useful.

    01 March, 2015 02:02PM by alteholz

    February 28, 2015

    hackergotchi for Ben Hutchings

    Ben Hutchings

    Debian LTS work, February 2015

    This was my third month working on Debian LTS, and the first where I actually uploaded packages. I also worked on userland packages for the first time.

    In the middle of February I finished and uploaded a security update for the kernel package (linux-2.6 version 2.6.32-48squeeze11, DLA 155-1). I decided not to include the fix for CVE-2014-9419 and the large FPU/MMX/SSE/AVX state management changes it depends on, as they don't seem to be worth the risk.

    The old patch system used in linux-2.6 in squeeze still frustrates me, but I committed a script in the kernel subversion repository to simplify adding patches to it. This might be useful to any other LTS team members working on it.

    In the past week I uploaded security updates for cups (version 1.4.4-7+squeeze7, DLA 159-1) and sudo (1.7.4p4-2.squeeze.5, DLA 160-1). My work on the cups package was slowed down by its reliance on dpatch, which thankfully has been replaced in later versions. sudo is a more modern quilt/debhelper package, but upstream has an odd way of building manual pages. In the version used in squeeze the master format is Perl POD, while in wheezy it's mandoc, but in both cases the upstream source includes pre-generated manual pages and doesn't rebuild them by default. debian/rules is supposed to fix this but doesn't (#779363), so I had to regenerate 'by hand' and fold the changes into the respective patches.

    Finally, I started work on addressing the many remaining security issues in eglibc. Most of the patches applied to wheezy were usable with minimal adjustment, but I didn't have time left to perform any meaningful testing. I intend to upload what I've done to for testing by interested parties and then make an upload early in March (or let someone else on the LTS or glibc team do so).

    Update: I sent mail about the incomplete eglibc update to the debian-lts list.

    28 February, 2015 09:39PM

    Petter Reinholdtsen

    The Citizenfour documentary on the Snowden confirmations to Norway

    Today I was happy to learn that the documentary Citizenfour by Laura Poitras finally will show up in Norway. According to the magazine Montages, a deal has finally been made for Cinema distribution in Norway and the movie will have its premiere soon. This is great news. As part of my involvement with the Norwegian Unix User Group, me and a friend have tried to get the movie to Norway ourselves, but obviously we were too late and Tor Fosse beat us to it. I am happy he did, as the movie will make its way to the public and we do not have to make it happen ourselves. The trailer can be seen on youtube, if you are curious what kind of film this is.

    The whistle blower Edward Snowden really deserve political asylum here in Norway, but I am afraid he would not be safe.

    28 February, 2015 09:10PM

    Zlatan Todorić

    Interviews with FLOSS developers: Joey Hess

    Edit: Now translated to Chinese. Thanks zhang wei!

    There is really hardly a better way to open a series of interviewing with developers behind Free Libre Open Source Software project, then with incredible mind such as Joey Hess. To write his contributions to Free software ecosystem, especially in Debian, would be a book by itself. His impact exceeds even his projects - people literally follow his blog posts to see what he is doing and how is he living. A hacker from cabin. If you really need to have a picture of true hacker, then Joey is the one. As this isn't a book I will just mention few projects that he has been behind - git-annex, ikiwiki, etckeeper, debian installer, parts of dpkg, debhelper, devscripts, taskel. So without further waiting here it is.

    Picture of Joey Hess

    me: Who are you?

    joeyh: I'm Joey --

    me: How did you start programming?

    joeyh: Atari 130XE which came with BASIC and a boring word processor and not much else. No other friends had one, so the only way to get software was to type in demo programs from manual and then begin to change and write my own. So, the easy way to learn. Also some Logo in school.

    me: How would you now advise others to start programming?

    joeyh: Difficult question, it seems much harder to get an intimate understanding of things than when I started, and much harder to be motivated to program when there's so much stuff easily available. Maybe simple bare-metal systems like Arduino coupled with real-world interaction are the answer.

    I've recently been mentoring my nephew who is learning python and Python the Hard Way has gotten him far impressively fast.

    me: Setup of your development machine?

    joeyh: Lenovo laptop de-spywared with Debian unstable, xmonad, xfce, vim.

    me: Your thoughts on Purism (the open hardware laptop initiative that got recently funded on CrowdSupply)?

    joeyh: I don't know much about that one, but it seems that consumer level hardware has gotten so low quality, and so closed and untrustworthy that it makes sense to either build alternatives that are open, or pick out, as a community, the stuff we can adapt to our needs and concentrate on it. Several projects are trying, I hope they succeed.

    me: How do you see future of Debian development?

    joeyh: Well, I've mostly stopped worrying about it. If you look back at my presentations at the past 2 or 3 DebConfs, you'll find my best thoughts on the matter.

    me: You retired as Debian developer - do you intend sometime soon to come back and/or do you plan to join some other communities?

    joeyh: It would be glorious to come back, wouldn't it? But I don't think I will. Can't step in the same river twice, and all.

    Instead, Debian will probably have to put up with me as an annoying upstream author who doesn't ship tarballs, but does ship debian/ directories, and as a bug reporter who enjoys reporting amusing bugs like -0 NaN.

    I seem to have more time to spend in other online communities since I left Debian, but in a more diffuse way. Maybe that's just what it's like, to be involved in Free Software but not in the embrace of a big project like Debian.

    me: Some memorable moments from Debian conferences?

    joeyh: There are so many! Picnicing on berries and tamales at the Portland farmer's market right outside the venue; rainbows and bonfire in Switzerland after crazy busy days; impromptu pipe organ repair in a weird night venue in Edinburgh; walking through Porto Alegre at night with Ian Murdock and how humble he was about what he'd started; hacking all night in Spain; failing to sleep through midnight sun and incessent partying Finland; hanging out in the hotel lobby in Atlanta where we designed Build-Depends.

    me: Are you a gamer? Valve Steam games are offered for free to Debian Developers - do you use steam and play Valve games?

    joeyh: I've played through Half Life and Portal, but nethack has claimed more of my time. I mostly enjoy short, indie games, or games that tell us something new about the medium of games, A recent favorite was A Dark Room.

    But really, I have more pure fun playing real world Tabletop games with friends, like Carcassanne Discovery and Hive.

    In March, I am going to try to write a roguelike game in one week, in Haskell, for the Seven Day Roguelike Challenge and I'll be blogging about my progress daily.

    me: You are nowdays a Haskell hacker (git-annex) - what would you like to say about this language and how does it compare to Python, C, JavaScript, Ruby and Perl?

    joeyh: Not just git-annex; all my current projects are written in Haskell.

    I think it's amazing how much we expect programmers to keep in their heads while writing code. Is that buffer going to overflow? Is changing the value of that global variable going to break some other part of the code? Is that input sanitized yet? Did that interface change? Haskell solves some of these outright, but more, it makes you start noticing this kind of pervasive issue, and it provides ways to completely eliminate a class of problems from your code.

    For example The class of bugs I avoided there had never affected my code even once, but it was still worth preventing that whole class of bugs, so I don't have to worry about them ever again.

    me: Would you suggest Haskell as first language to learn especially for those that have an itch for mathematics?

    joeyh: I think that can work well. Or it can go other the way -- I had an affinity to mathematics when I was young, but it got knocked out of me in the way that happens to many people, and languages like perl and C don't do much to make you want to learn more about higher-order math. I've been picking up a bit more here and there via Haskell.

    me: How do you compare your productivity in Haskell compared to your Perl days?

    joeyh: It's very different; I'm a very different programmer now. I probably would bang out quick hacks more quickly when I was writing Perl. But, they tended to stay quick hacks. Now, I might take a little longer to get there, but the code seems a lot more solid, while also being more malleable to turn into larger or different programs.

    I'm also a lot more drawn toward writing software libraries.

    me: Can you describe your philosophy of life (you live in cabin, in forest, using a lot of solar power - many people are intrigued (including myself) what drives you towards that kind of life and how does it impact your overall quality of life and happiness. Looking the todays modern predator capitalistic society, in which you could easily earn more then $10.000 a month, you seem to be an anarchist and very humble human)?

    joeyh: I want to build worthwhile things that might last. Which is super hard in the world of software, both because it's hard to think far ahead at all, and because most jobs don't emphasize that kind of real value. I've been lucky and bootstrapped up to a point where I've been able to work full time on free software for years, and I'm willing to forgo a lot to continue that.

    Living in the woods without modern conveniences is great, because it's quiet and you can think as much as you like; the internet is just as close as it is anywhere else (maybe a bit slower); and when you've spent too much time quietly thinking you'll need to go chop wood, or haul water, or jump in the river to cool off, depending on the season.

    (Humble? Like most programmers, I am internally a flaming tower of ego...)

    Vote on Hacker News

    28 February, 2015 08:40PM by Zlatan Todorić

    Mathieu Parent

    Hello Planet Debian

    After more than five years of being a Debian developer, here is my first post on Planet Debian!

    I currently maintain 165 packages. My focus has changed since 2009, but those are still mostly sysadmin packages:

    • ctdb (under the pkg-samba umbrella), the clustered database used by samba
    • c-icap and c-icap-modules: a c-icap server mostly useful with squid and providing url blacklists and antivirus filtering
    • pkg-php-tools: easy packaging of PHP packages (PEAR, PECL and Composer) as .deb
    • 124 php-horde* (Horde) packages: A groupware and webmail, written in PHP
    • 12 PHP PEAR, Composer, or PECL packages (those are Horde dependencies)
    • I’m mostly maintaining alone the above packages. Any help is appreciated!
    • python-ceres, graphite-carbon and graphite-web: Graphite is an high performance monitoring and graphing software. Jonas Genannt is maintaining the packages well and I only do review
    • 20 shinken packages : a monitoring solution, compatible with nagios configuration files and written in python. Thibault Cohen is doing most of the packaging, and I give advice
    • svox: The TTS from Android (unfortunately non-free because of missing or outdated sources). This is now under the Debian Accessibility Team umbrella
    • kolabadmin: this is the last remaining piece from my former pkg-kolab membership (unfortunately kolab server won’t be in jessie, you can help the team for Stretch)

    Now that the first post is online, I will try to keep up!

    28 February, 2015 06:05PM by sathieu

    hackergotchi for Dirk Eddelbuettel

    Dirk Eddelbuettel


    A new release of RcppEigen is now on CRAN and in Debian. It synchronizes the Eigen code with the 3.2.4 upstream release, and updates the RcppEigen.package.skeleton() package creation helper to use the kitten() function from pkgKitten for enhanced package creation.

    The NEWS file entry follows.

    Changes in RcppEigen version (2015-02-23)

    • Updated to version 3.2.4 of Eigen

    • Update RcppEigen.package.skeleton() to use pkgKitten if available

    Courtesy of CRANberries, there is also a diffstat report for the most recent release.

    This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

    28 February, 2015 02:34PM

    hackergotchi for Gunnar Wolf

    Gunnar Wolf

    Welcome to the world, little ones!

    Welcome to the world, little ones!

    Welcome little babies!

    Yesterday night, we entered the hospital. Nervous, heavy, and... Well, would we ever be ready? As ready as we could.

    A couple of hours later, Alan and Elena Wolf Daichman became individuals on their own right. As is often the case in the case of twins, they were brought to this world after a relatively short preparation (34 weeks, that's about 7.5 months). At 1.820 and 1.980Kg, they are considerably smaller than either of the parents... But we will be working on that!

    Regina is recovering from the operation, the babies are under observation. As far as we were told, they seem to be quite healthy, with just minor issues to work on during neonatal care. We are waiting for our doctors to come today and allow us to spend time with them.

    And as for us... It's a shocking change to finally see the so long expected babies. We are very very very happy... And the new reality is hard to grasp, to even begin understanding :)

    PS- Many people have told me that my blog often errors out under load. I expect it to happen today :) So, if you cannot do it here, there are many other ways to contact us. Use them! :)

    28 February, 2015 01:26PM by gwolf

    February 27, 2015

    Richard Hartmann

    Release Critical Bug report for Week 09

    The UDD bugs interface currently knows about the following release critical bugs:

    • In Total: 1072 (Including 181 bugs affecting key packages)
      • Affecting Jessie: 152 (key packages: 117) That's the number we need to get down to zero before the release. They can be split in two big categories:
        • Affecting Jessie and unstable: 101 (key packages: 80) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
          • 23 bugs are tagged 'patch'. (key packages: 17) Please help by reviewing the patches, and (if you are a DD) by uploading them.
          • 6 bugs are marked as done, but still affect unstable. (key packages: 4) This can happen due to missing builds on some architectures, for example. Help investigate!
          • 72 bugs are neither tagged patch, nor marked done. (key packages: 59) Help make a first step towards resolution!
        • Affecting Jessie only: 51 (key packages: 37) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
          • 35 bugs are in packages that are unblocked by the release team. (key packages: 27)
          • 16 bugs are in packages that are not unblocked. (key packages: 10)

    How do we compare to the Squeeze and Wheezy release cycles?

    Week Squeeze Wheezy Jessie
    43 284 (213+71) 468 (332+136) 319 (240+79)
    44 261 (201+60) 408 (265+143) 274 (224+50)
    45 261 (205+56) 425 (291+134) 295 (229+66)
    46 271 (200+71) 401 (258+143) 427 (313+114)
    47 283 (209+74) 366 (221+145) 342 (260+82)
    48 256 (177+79) 378 (230+148) 274 (189+85)
    49 256 (180+76) 360 (216+155) 226 (147+79)
    50 204 (148+56) 339 (195+144) ???
    51 178 (124+54) 323 (190+133) 189 (134+55)
    52 115 (78+37) 289 (190+99) 147 (112+35)
    1 93 (60+33) 287 (171+116) 140 (104+36)
    2 82 (46+36) 271 (162+109) 157 (124+33)
    3 25 (15+10) 249 (165+84) 172 (128+44)
    4 14 (8+6) 244 (176+68) 187 (132+55)
    5 2 (0+2) 224 (132+92) 175 (124+51)
    6 release! 212 (129+83) 161 (109+52)
    7 release+1 194 (128+66) 147 (106+41)
    8 release+2 206 (144+62) 147 (96+51)
    9 release+3 174 (105+69) 152 (101+51)
    10 release+4 120 (72+48)
    11 release+5 115 (74+41)
    12 release+6 93 (47+46)
    13 release+7 50 (24+26)
    14 release+8 51 (32+19)
    15 release+9 39 (32+7)
    16 release+10 20 (12+8)
    17 release+11 24 (19+5)
    18 release+12 2 (2+0)

    Graphical overview of bug stats thanks to azhag:

    27 February, 2015 03:40PM by Richard 'RichiH' Hartmann

    Enrico Zini


    Another day in the life of a poor developer

        # After Python 3.3
        from import Iterable
    except ImportError:
        # This has changed in Python 3.3 (why, oh why?), reinforcing the idea that
        # the best Python version ever is still 2.7, simply because upstream has
        # promised that they won't touch it (and break it) for at least 5 more
        # years.
        from collections import Iterable
    import shlex
    if hasattr(shlex, "quote"):
        # New in version 3.3.
        shell_quote = shlex.quote
        # Available since python 1.6 but deprecated since version 2.7: Prior to Python
        # 2.7, this function was not publicly documented. It is finally exposed
        # publicly in Python 3.3 as the quote function in the shlex module.
        # Except everyone was using it, because it was the only way provided by the
        # python standard library to make a string safe for shell use
        # See
        import pipes
        shell_quote = pipes.quote
    import shutil
    if hasattr(shutil, "which"):
        # New in version 3.3.
        shell_which = shutil.which
        # Available since python 1.6:
        from distutils.spawn import find_executable
        shell_which = find_executable

    27 February, 2015 11:02AM

    hackergotchi for Dirk Eddelbuettel

    Dirk Eddelbuettel

    RcppArmadillo 0.4.650.1.1 (and also 0.4.650.2.0)

    A new Armadillo release 4.650.1 was released by Conrad a few days ago. Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab.

    It turned out that this release had one shortcoming with respect to the C++11 RNG initializations in the R use case (where we need to protect the users from the C++98 RNG deemed unsuitable by the CRAN gatekeepers). And this lead to upstream release 4.650.1 which we wrapped into RcppArmadillo 0.4.650.1.1. As before this, was tested against all 107 reverse dependencies of RcppArmadillo on the CRAN repo.

    This version is now on CRAN, and was just uploaded to Debian. Its changes are summarized below based on the NEWS.Rd file.

    Changes in RcppArmadillo version 0.4.650.1.1 (2015-02-25)

    • Upgraded to Armadillo release Version 4.650.1 ("Intravenous Caffeine Injector")

      • added randg() for generating random values from gamma distributions (C++11 only)

      • added .head_rows() and .tail_rows() to submatrix views

      • added .head_cols() and .tail_cols() to submatrix views

      • expanded eigs_sym() to optionally calculate eigenvalues with smallest/largest algebraic values fixes for handling of sparse matrices

    • Applied small correction to main header file to set up C++11 RNG whether or not the alternate RNG (based on R, our default) is used

    Now, it turns out that another small fix was needed for the corner case of a submatrix within a submatrix, ie V.subvec(1,10).tail(5). I decided not to re-release this to CRAN given the CRAN Repository Policy preference for releases “no more than every 1–2 months”.

    But fear not, for we now have drat. I created a drat package repository in the RcppCore account (to not put a larger package into my main drat repository often used via a fork to initialize a drat). So now with these two simple commands

    ## if needed, first install 'drat' via:   install.packages("drat")

    you will get the newest RcppArmadillo via this drat package repository. And course install.packages("RcppArmadillo") would also work, but takes longer to type :)

    Lastly, courtesy of CRANberries, there is also a diffstat report for the most recent CRAN release. As always, more detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

    This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

    27 February, 2015 02:01AM

    February 26, 2015

    hackergotchi for Daniel Pocock

    Daniel Pocock

    PostBooks accounting and ERP suite coming to Fedora

    PostBooks has been successful on Debian and Ubuntu for a while now and for all those who asked, it is finally coming to Fedora.

    The review request has just been submitted and the spec files have also been submitted to xTuple as pull requests so future upstream releases can be used with rpmbuild to create packages.

    Can you help?

    A few small things outstanding:

    • Putting a launcher icon in the GNOME menus
    • Packaging the schemas - they are in separate packages on Debian/Ubuntu. Download them here and load the one you want into your PostgreSQL instance using the instructions from the Debian package.

    Community support

    The xTuple forum is a great place to ask any questions and get to know the community.


    Here is a quick look at the login screen on a Fedora 19 host:

    26 February, 2015 09:08PM by Daniel.Pocock

    hackergotchi for EvolvisForge blog

    EvolvisForge blog

    tomcat7 log encoding

    TIL: the encoding of the catalina.out file is dependent on the system locale, using standard Debian wheezy tomcat7 package.

    Fix for ‘?’ instead of umlauts in it:

    cat >>/etc/default/tomcat7 <<EOF
    export LC_CTYPE

    My “problem” here is that I have the system locale be the “C” locale, to get predictable behaviour; applications that need it can set a locale by themselves. (Many don’t bother with POSIX locales and use different/separate means of determining especially encoding, but possibly also i18n/l10n. But it seems the POSIX locales are getting more and more used.)

    Update: There is also adding -Dfile.encoding=UTF-8 to $JAVA_OPTS which seems to be more promising: no fiddling with locales, no breakage if someone defined LC_ALL already, and it sets precisely what it should set (the encoding) and nothing else (since the encoding does not need to correlate to any locale setting, why should it).

    26 February, 2015 04:09PM by Thorsten Glaser

    Zlatan Todorić

    Useless web

    Or maybe they want to say use less web? Who would know but once you get into it, its hard to get out. You get taken. You become addicted. You know you want it. Say please. You welcome.

    26 February, 2015 02:49PM by Zlatan Todorić

    hackergotchi for EvolvisForge blog

    EvolvisForge blog

    tomcat7 init script is asynchronous

    TIL: the init script of tomcat7 in Debian is asynchronous.

    For some piece of software, our rollout (install and upgrade) process works like this:

    • service tomcat7 stop
    • rm -rf /var/lib/tomcat7/webapps/appname{,.war}
    • cp newfile.war /var/lib/tomcat7/webapps/appname.war
    • service tomcat7 start # ← here
    • service tomcat7 stop
    • edit some config files under /var/lib/tomcat7/webapps/appname/WEB-INF/
    • service tomcat7 start

    The first tomcat7 start “here” is just to unzip the *.war files. For some reason, people like to let tomcat7 do that.

    This failed today; there were two webapps. Manually unzipping it also did not work for some reason.

    Re-doing it, inserting a sleep 30 after the “here”, made it work.

    In a perfect world, initscripts only return when the service is running, so that the next one started in a nice sequential (not parallel!) init or manual start sequence can do what it needs to, assuming the previous command has fully finished.

    In this perfect world, those who do wish for faster startup times use a different init system, one that starts things in parallel, for example. Even there, dependencies will wish for the depended-on service to be fully running when they are started; even more so, since the delays between starting things seem to be less for that other init system.

    So, this is not about the init system, but about the init script; a change that would be a win-win for users of both init schemes.

    Update: Someone already contacted me with feedback: they suggested to wait until the “shutdown port” is listened on by tomcat7. We’ll look at this later. In the meantime, we’re trying to also get rid of the “config (and logs) in webapps/” part…

    PS: If someone is interested in an init script (Debian/LSB sysvinit, I made the effort to finally learn that… some months before the other system came) that starts Wildfly (formerly known as JBoss AS) synchronously, waiting until all *.?ar files are fully “deployed” before returning (though with a timeout in case it won’t ever finish), just ask (maybe it will become a dialogue, in which we can improve it together). (We have two versions of it, the more actively maintained one is in a secret internal project though, so I’d have to merge it and ready it for publication though, plus the older one is AGPLv3, the newer one was relicenced to a BSDish licence.)

    26 February, 2015 02:24PM by Thorsten Glaser

    hackergotchi for Michael Banck

    Michael Banck

    26 Feb 2015

    My recent Debian LTS activities

    Over the past months, my employer credativ has sponsored some of my work time to keep PostgreSQL updated for squeeze-lts. Version 8.4 of PostgreSQL was declared end-of-life by the upstream PostgreSQL Global Development Group (PGDG) last summer, around the same time official squeeze support ended and squeeze-lts took over. Together with my colleagues Christoph Berg (who is on the PostgreSQL package maintainer team) and Bernd Helmle, we continued backpatching changes to 8.4. We tried our best to continue the PGDG backpatching policy and looked only at commits at the oldest still maintained branch, REL9_0_STABLE.

    Our work is publicly available as a separate REL8_4_LTS branch on Github. The first release (called 8.4.22lts1) happened this month mostly coinciding with the official 9.0, 9.1, 9.2, 9.3 and 9.4 point releases. Christoph Berg has uploaded the postgresql-8.4 Debian package for squeeze-lts and release tarballs can be found on Github here (scroll down past the release notes for the tarballs).

    We intend to keep the 8.4 branch updated on a best-effort community basis for the squeeze-lts lifetime. If you have not yet updated from 8.4 to a more recent version of PostgreSQL, you probably should. But if you are stuck on squeeze, you should use our LTS packages. If you have any questions or comments concerning PostgreSQL for squeeze-lts, contact me.

    26 February, 2015 11:45AM

    hackergotchi for Wouter Verhelst

    Wouter Verhelst

    Dear non-Belgian web developer,

    Localization in the web context is hard, I know. To make things easier, it may seem like a good idea to use GeoIP to detect what country an IP is coming from and default your localization based on that. While I disagree with that premise, this blog post isn't about that.

    Instead, it's about the fact that most of you get something wrong about this little country. I know, I know. If you're not from here, it's difficult to understand. But please get this through your head: Belgium is not a French-speaking country.

    That is, not entirely. Yes, there is a large group of French-speaking people who live here. Mostly in the south. But if you check the numbers, you'll find that there are, in fact, more people in Belgium who speak Dutch rather than French. Not by a very wide margin, mind you, but still by a wide enough margin to be significant. Wikipedia claims the split is 59%/41% Dutch/French; I don't know how accurate those numbers are, but they don't seem too wrong.

    So please, pretty please, with sugar on top: next time you're going to do a localized website, don't assume my French is better than my English. And if you (incorrectly) do, then at the very least make it painfully obvious to me where the "switch the interface to a different language" option in your website is. Because while it's annoying to be greeted in a language that I'm not very good at, it's even more annoying to not be able to find out how to get the correctly-localized version.


    26 February, 2015 09:22AM

    February 25, 2015

    hackergotchi for Joachim Breitner

    Joachim Breitner

    DarcsWatch End-Of-Life’d

    Almost seven years ago, at a time when the “VCS wars” have not even properly started yet, GitHub was seven days old and most Haskell related software projects were using Darcs as their version control system of choice, when you submitted a patch, you simply ran darcs send and mail with your changes would be sent to the right address, e.g. the maintainer or a mailing list. This was almost as convenient as Pull Requests are on Github now, only that it was tricky to keep track of what was happening with the patch, and it would be easy to forget to follow up on it.

    So back then I announced DarcsWatch: A service that you could CC in your patch submitting mail, which then would monitor the repository and tell you about the patches status, i.e. whether it was applied or obsoleted by another patch.

    Since then, it quitely did its work without much hickups. But by now, a lot of projects moved away from Darcs, so I don’t really use it myself any more. Also, its Darcs patch parser does not like every submissions by a contemporary darcs, so it is becoming more and more unreliable. I asked around on the xmonad and darcs mailing lists if others were still using it, and noboy spoke up. Therefore, after seven years and 4660 monitored patches, I am officially ceasing to run DarcsWatch.

    The code and data is still there, so if you believe this was a mistake, you can still speak up -- but be prepared to be asked to take over maintaining it.

    I have a disklike for actually deleting data, so I’ll keep the static parts of DarcsWatch web page in the current state running.

    I’d like to thank the guys from for hosting DarcsWatch on urching for the last 5 years.

    25 February, 2015 11:39PM by Joachim Breitner (

    hackergotchi for Holger Levsen

    Holger Levsen


    Developing is a use case too

    For whatever reason Ulrike's blog post about AppArmor user stories and user tags was not syndicated to planet.d.o, despite it should have been and despite planet admins nicely having looked into it. Whatever...

    As you might have guessed by now, the user stories referred to in this blog post are about developers supporting AppArmor (a kernel module for restricting capabilities of processes) in their Debian packages. So if you're maintaining packages and have always been pondering to look into this apparmor thingy, go read that blog post!

    Hopefully the next post will "magically" appear on planet again ;-)

    25 February, 2015 11:07PM

    Zlatan Todorić

    Net neutrality for average Joe

    If you are still unsure what it means, here is perfectly simple example.

    25 February, 2015 10:45PM by Zlatan Todorić

    hackergotchi for Clint Adams

    Clint Adams

    Juliet did not show up on cue

    I brought a dozen cupcakes. There were 3 carrot, 3 red velvet, 2 marble, 2 peanut butter fudge swirl, and 2 of some chocolate-chocolate-chocolate thing that I forgot the name of because it sounded so disgusting.

    He had a romcom fantasy about her a year before. She did not live up to his expectations, so things went sideways.

    Now she was having a romcom fantasy all by herself, waiting patiently for hours for him to do something in particular.

    You could have graphed her hopes falling. In the end, she left dejected. He didn't understand why. Then he left town.

    He was much more excited about the cupcakes than she was.

    25 February, 2015 09:43PM

    hackergotchi for Jonathan Dowland

    Jonathan Dowland

    CD ripping on Linux

    A few months ago I decided it would be good to re-rip my CD collection, retaining a lossless digital copy, and set about planning the project. I then realised I hadn't the time to take the project on for the time being and parked it, but not before figuring a few bits and pieces out.

    Starting at the beginning, with ripping the CDs. The most widely used CD ripping software on Linux systems is still cdparanoia, which is pretty good, but it's still possible to get bad CD rips, and I've had several in a very small sample size. On Windows systems, the recommended ripper is Exact Audio Copy, or EAC for short. EAC calculates checksums of ripped CDs or tracks and compares them against an online database of rips called AccurateRip. It also calibrates your CD drive against the same database and uses the calculated offset during the rip.

    I wasn't aware of any AccurateRip-supporting rippers until recently when Mark Brown introduced me to morituri. I've done some tentative experiments and it appears to be produce identical rips to EAC for some sample CDs (with different CD reading hardware too).

    Fundamentally, AccurateRip is a proprietary database, and so I think the longer term goal in the F/OSS community should be to create an alternative, open database of rip checksums and drive offsets. The audio community has already been burned by the CDDB database going proprietary, but at least we now have the—far superior—MusicBrainz.

    25 February, 2015 09:36PM

    hackergotchi for Eddy Petrișor

    Eddy Petrișor

    Occasional Rsnapshot v1.3.0

    It is almost exactly 1 year and a half since I came up with the idea of having a way of making backups using Rsnapshot automatically triggered by my laptop when I have the backup media connected to my laptop. This could mean connecting a USB drive directly to the laptop or mounting a NFS/sshfs share in my home network. Today I tagged Occasional Rsnapshot the v1.3.0 version, the first released version that makes sure even when you connect your backup media occasionally, your Rsnapshot backups are done if and when it makes sense to do it, according to the rsnapshot.conf file and the status of the existing backups on the backup media.

    Quoting from the README, here is what Occasional Rsnapshot does:

    This is a tool that allows automatic backups using rsnapshot when the external backup drive or remote backup media is connected.

    Although the ideal setup would be to have periodic backups on a system that is always online, this is not always possible. But when the connection is done, the backup should start fairly quickly and should respect the daily/weekly/... schedules of rsnapshot so that it accurately represents history.

    In other words, if you backup to an external drive or to some network/internet connected storage that you don't expect to have always connected (which is is case with laptops) you can use occasional_rsnapshot to make sure your data is backed up when the backup storage is connected.

    occasional_rsnapshot is appropriate for:
    • laptops backing up on:
      • a NAS on the home LAN or
      • a remote or an internet hosted storage location
    • systems making backups online (storage mounted locally somehow)
    • systems doing backups on an external drive that is not always connected to the system
    The only caveat is that all of these must be mounted in the local file system tree somehow by any arbitrary tool, occasional_rsnapshot or rsnapshot do not care, as long as the files are mounted.

    So if you find yourself in a simillar situation, this script might help you to easily do backups in spite of the occasional availability of the backup media, instead of no backups at all. You can even trigger backups semi-automatically when you remember to or decide is time to backup, by simply pulging in your USB backup HDD.

    But how did I end up here, you might ask?

    In December 2012 I was asking about suggestions for backup solutions that would work for my very modest setup with Linux and Windows so I can backup my and my wife's system without worrying about loss of data.

    One month later I was explaining my concept of a backup solution that would not trust the backup server, and leave to the clients as much as possible the decision to start the backup at their desired time. I was also pondering on the problems I might encounter.

    From a security PoV, what I wanted was that:
    1. clients would be isolated from each other
    2. even in the case of a server compromise:
        • the data would not be accessible since they would be already encrypted before leaving the client
        • the clients could not be compromised

      The general concept was sane and supplemental security measures such as port knocking and initiation of backups only during specific time frames could be added.

      The problem I ran to was that when I set up this in my home network a sigle backup cycle would take more than a day, due to the fact that I wanted to do backup of all of my data and my server was a humble Linksys NSLU2 with a 3TB storage attached on USB.

      Even when the initial copy was done by attaching the USB media directly to the laptop, so the backup would only copy changed data, the backup with the HDD attached to the NSLU2 was not finished even after more than 6 hours.

      The bottleneck was the CPU speed and the USB speed. I tried even mounting the storage media over sshfs so the tiny xscale processor in the NSLU2 would not be bothered by any of the rsync computation. This proved to an exercise in futility, any attempt to put the NSLU2 anywhere in the loop resulted in an unacceptable and impractically long backup time.

      All these attempts, of course, took time, but that meant that I was aware I still didn't have appropriate backups and I wasn't getting closer to the desired result.

      So this brings us August 2013, when I realized I was trying to manually trigger Rsnapshot backups from time to time, but having to do all sorts of mental gymnastics and manual listing to evaluate if I needed to do monthly, weekly and daily backups or if weekly and daily was due.

      This had to stop.
      Triggering a backup should happen automatically as soon as the backup media is available, without any intervention from the user.
      I said.

      Then I came up with the basic concept for Occasional Rsnapshot: a very silent script that would be called from  cron every 5 minutes, would check if the backup media is mounted, if is not, exit silently to not generate all sorts of noise in cron emails, but if mounted, compute which backup intervals should be triggered, and trigger them, if the appropriate amount of time passed since the most recent backup in that backup interval.

      Occasional Rsnapshot version v1.3.0 is the 8th and most recent release of the script. Even if I used Occasional Rsnapshot since the day 1, v1.3.0 is the first one I can recommend to others, without fearing they might lose data due to it.

      The backup media can be anything, starting from your regular USB mounted HDD, your sshfs mounted backup partition on the home NAS server to even a remote storage such as Amazon S3 online storage, and there are even brief instructions on how to do encrypted backups for the cases where you don't trust the remote storage.

      So if you think you might find anything that I described remotely interesting, I recommend downloading the latest release of Occasional Rsnapshot, go through the README and trying it out.

      Feedback and bug reports are welcome.
      Patches are welcomed with a 'thank you'.
      Pull requests are eagerly waited for :) .

      25 February, 2015 07:41PM by eddyp (

      Andrew Cater

      Cubietruck now running Debian :)

      Following a debootstrap build of sid on one machine to complete the cross-compilation of mainline u-boot, I managed to get vanilla Debian installed on my Cubietruck

      A USB-serial cable is a must for the install and for any subsequent major reconfiguration as the stock Debian installer does not have drivers for the video / audio. Various Cubietruck derivative distributions do - but the Sunxi kernel appears flaky

      All was fine for a few days, then I decided to try and configure the Wifi by hand configuring /etc/network/interfaces and wpasupplicant files. I managed to break the network connectivity by doing things in a hurry and typing blind. I'd put it into the appropriate closed metal case so was rather stuck.

      A friend carefully took the case apart by easing off the metal cover plates, removed two screws holding the whole thing together and precision drilled  the metal cover plates on one side so that four screws can be undone and the entire inner part of the case can slide out as one while the other metal clover plate remains captive. He will follow this procedure with his two later.

      Very pleased with the way it's turned out. The WiFi driver has non-free firmware but I now have a tiny, silent machine, drawing about 3W tops and both interfaces are now working.

      25 February, 2015 06:23PM by Andrew Cater (

      Petter Reinholdtsen

      The Norwegian open channel Frikanalen - 24x7 on the Internet

      The Norwegian nationwide open channel Frikanalen is still going strong. It allow everyone to send the video they want on national television. It is a TV station administrated completely using a web browser, running only Free Software, providing a REST api for administrators and members, and with distribution on the national DVB-T distribution network RiksTV. But only between 12:00 and 17:30 Norwegian time. This has finally changed, after many years with limited distribution. A few weeks ago, we set up a Ogg Theora stream via icecast to allow everyone with Internet access to check out the channel the rest of the day. This is presented on the Frikanalen web site now. And since a few days ago, the channel is also available via multicast on UNINETT, available for those using IPTV TVs and set-top boxes in the Norwegian National Research and Education network.

      If you want to see what is on the channel, point your media player to one of these sources. The first should work with most players and browsers, while as far as I know, the multicast UDP stream only work with VLC.

      The Ogg Theora / icecast stream is not working well, as the video and audio is slightly out of sync. We have not been able to figure out how to fix it. It is generated by recoding a internal MPEG transport stream with MPEG4 coded video (ie H.264) to Ogg Theora / Vorbis, and the result is less then stellar. If you have ideas how to fix it, please let us know on frikanalen (at) We currently use this with ffmpeg2theora 0.29:

      ./ffmpeg2theora.linux <OBE_gemini_URL.ts> -F 25 -x 720 -y 405 \
       --deinterlace --inputfps 25 -c 1 -H 48000 --keyint 8 --buf-delay 100 \
       --nosync -V 700 -o - | oggfwd 8000 <pw> /frikanalen.ogv

      If you get the multicast UDP stream working, please let me know, as I am curious how far the multicast stream reach. It do not make it to my home network, nor any other commercially available network in Norway that I am aware of.

      25 February, 2015 08:10AM

      February 24, 2015

      Sven Hoexter


      I recently learnt that my former coworker Jonny took his efforts around his own monitoring system Bloonix and moved to self-employment.

      If you're considering to outsource your monitoring consider Bloonix. :) As a plus all the code is open under GPLv3 and available on GitHub. So if you do not like to outsource it you can still build up an instance on your own. Since this has been a one man show for a long time most of the documentation is still in german. Might be a pro for some but a minus for others, if you like Bloonix I guess documentation translations or a howto in english is welcome. Beside of that Jonny is also the upstream author of a few Perl modules like libsys-statistics-linux-perl.

      So another one has taken the bold step to base his living on free and open source software, something that always has my admiration. Jonny, I hope you'll succeed with this step.

      24 February, 2015 07:48PM

      hackergotchi for EvolvisForge blog

      EvolvisForge blog

      Java™, logging and the locale

      A coworker and I debugged a fascinating problem today.

      They had a tomcat7 installation with a couple of webapps, and one of the bundled libraries was logging in German. Everything else was logging in English (the webapps themselves, and the things the other bundled libraries did).

      We searched around a bit, and eventually found that the wrongly-logging library (something jaxb/jax-ws) was using, after unravelling another few layers of “library bundling another library as convenience copy” (gah, Java!), which contains quite a few com.sun.istack.localization.Localizable members. Looking at the other classes in that package, in particular Localizer, showed that it defaults to the java.util.Locale.getDefault() value for the language.

      Which is set from the environment.

      Looking at /proc/pid-of-JVM-running-tomcat7/environ showed nothing, “of course”. The system locale was, properly, set to English. (We mostly use en_GB.UTF-8 for better paper sizes and the metric system (unless the person requesting the machine, or the admin creating it, still likes the system to speak German *shudder*), but that one still had en_US.UTF-8.)

      Browsing the documentation for java.util.Locale proved more fruitful: it also contains a setDefault method, which sets the new “default” locale… JVM-wide.

      Turns out another of the webapps used that for some sort of internal localisation. Clearly, the containment of tomcat7 is incomplete in this case.

      Documenting for the larger ’net, in case someone else runs into this. It’s not as if things like this would be showing up in the USA, where the majority of development appears to happen.

      24 February, 2015 04:02PM by Thorsten Glaser

      Sven Hoexter

      just because

      That inevitable led to this on the office wall.

      24 February, 2015 03:51PM

      February 23, 2015

      Richard Hartmann


      Even if you disregard how amazing this is, this quote blows my proverbial mind:

      The test rig is carefully designed to remove any possible sources of error. Even the lapping of waves in the Gulf of Mexico 25 miles away every three to four seconds would have showed up on the sensors, so the apparatus was floated pneumatically to avoid any influence. The apparatus is completely sealed, with power and signals going through liquid metal contacts to prevent any force being transmitted through cables.

      23 February, 2015 11:21PM by Richard 'RichiH' Hartmann

      Simon Josefsson

      Laptop Buying Advice?

      My current Lenovo X201 laptop has been with me for over four years. I’ve been looking at new laptop models over the years thinking that I should upgrade. Every time, after checking performance numbers, I’ve always reached the conclusion that it is not worth it. The most performant Intel Broadwell processor is the the Core i7 5600U and it is only about 1.5 times the performance of my current Intel Core i7 620M. Meanwhile disk performance has increased more rapidly, but changing the disk on a laptop is usually simple. Two years ago I upgraded to the Samsung 840 Pro 256GB disk, and this year I swapped that for the Samsung 850 Pro 1TB, and both have been good investments.

      Recently my laptop usage patterns have changed slightly, and instead of carrying one laptop around, I have decided to aim for multiple semi-permanent laptops at different locations, coupled with a mobile device that right now is just my phone. The X201 will remain one of my normal work machines.

      What remains is to decide on a new laptop, and there begins the fun. My requirements are relatively easy to summarize. The laptop will run a GNU/Linux distribution like Debian, so it has to work well with it. I’ve decided that my preferred CPU is the Intel Core i7 5600U. The screen size, keyboard and mouse is mostly irrelevant as I never work longer periods of time directly on the laptop. Even though the laptop will be semi-permanent, I know there will be times when I take it with me. Thus it has to be as lightweight as possible. If there would be significant advantages in going with a heavier laptop, I might reconsider this, but as far as I can see the only advantage with a heavier machine is bigger/better screen, keyboard (all of which I find irrelevant) and maximum memory capacity (which I would find useful, but not enough of an argument for me). The sub-1.5kg laptops with the 5600U CPU on the market that I have found are:

      Lenovo X250 1.42kg 12.5″ 1366×768
      Lenovo X1 Carbon (3rd gen) 1.44kg 14″ 2560×1440
      Dell Latitude E7250 1.25kg 12.5″ 1366×768
      Dell XPS 13 1.26kg 13.3″ 3200×1800
      HP EliteBook Folio 1040 G2 1.49kg 14″ 1920×1080
      HP EliteBook Revolve 810 G3 1.4kg 11.6″ 1366×768

      I find it interesting that Lenovo, Dell and HP each have two models that meets my 5600U/sub-1.5kg criteria. Regarding screen, possibly there exists models with other screen resolutions. The XPS 13, HP 810 and X1 models I looked had touch screens, the others did not. As screen is not important to me, I didn’t evaluate this further.

      I think all of them would suffice, and there are only subtle differences. All except the XPS 13 can be connected to peripherals using one cable, which I find convenient to avoid a cable mess. All of them have DisplayPort, but HP uses DisplayPort Standard and the rest uses miniDP. The E7250 and X1 have HDMI output. The X250 boosts a 15-pin VGA connector, none of the others have it — I’m not sure if that is a advantage or disadvantage these days. All of them have 2 USB v3.0 ports except the E7250 which has 3 ports. The HP 1040, XPS 13 and X1 Carbon do not have RJ45 Ethernet connectors, which is a significant disadvantage to me. Ironically, only the smallest one of these, the HP 810, can be memory upgraded to 12GB with the others being stuck at 8GB. HP and the E7250 supports NFC, although Debian support is not certain. The E7250 and X250 have a smartcard reader, and again, Debian support is not certain. The X1, X250 and 810 have a 3G/4G card.

      Right now, I’m leaning towards rejecting the XPS 13, X1 and HP 1040 because of lack of RJ45 ethernet port. That leaves me with the E7250, X250 and the 810. Of these, the E7250 seems like the winner: lightest, 1 extra USB port, HDMI, NFC, SmartCard-reader. However, it has no 3G/4G-card and no memory upgrade options. Looking for compatibility problems, it seems you have to be careful to not end up with the “Dell Wireless” card and the E7250 appears to come in a docking and non-docking variant but I’m not sure what that means.

      Are there other models I should consider? Other thoughts?

      23 February, 2015 10:49PM by simon

      Enrico Zini


      Akonadi client example

      After many failed attemps I have managed to build a C++ akonadi client. It has felt like one of the most frustrating programming experiences of my whole life, so I'm sharing the results hoping to spare others from all the suffering.

      First thing first, akonadi client libraries are not in libakonadi-dev but in kdepimlibs5-dev, even if kdepimlibs5-dev does not show in apt-cache search akonadi.

      Then, kdepimlibs is built with Qt4. If your application uses Qt5 (mine was) you need to port it back to Qt4 if you want to talk to Akonadi.

      Then, kdepimlibs does not seem to support qmake and does not ship pkg-config .pc files, and if you want to use kdepimlibs your build system needs to be cmake. I ported by code from qmake to cmake, and now qtcreator wants me to run cmake by hand every time I change the CMakeLists.txt file, and it stopped allowing to add, rename or delete sources.

      Finally, most of the code / build system snippets found on the internet seem flawed in a way or another, because the build toolchain of Qt/KDE applications has undergone several redesignins during time, and the network is littered with examples from different eras. The way to obtain template code to start a Qt/KDE project is to use kapptemplate. I have found no getting started tutorial on the internet that said "do not just copy the snippets from here, run kapptemplate instead so you get them up to date".

      kapptemplate supports building an "Akonadi Resource" and an "Akonadi Serializer", but it does not support generating template code for an akonadi client. That left me with the feeling that I was dealing with some software that wants to be developed but does not want to be used.

      Anyway, now an example of how to interrogate Akonadi exists as is on the internet. I hope that all the tears of blood that I cried this morning have not been cried in vain.

      23 February, 2015 02:44PM


      The wonders of missing documentation

      Update: I have managed to build an example Akonadi client application.

      I'm new here, I want to make a simple C++ GUI app that pops up a QCalendarWidget which my local Akonadi has appointments.

      I open qtcreator, create a new app, hack away for a while, then of course I get undefined references for all Akonadi symbols, since I didn't tell the build system that I'm building with akonadi. Ok.

      How do I tell the build system that I'm building with akonadi? After 20 minutes of frantic looking around the internet, I still have no idea.

      There is a package called libakonadi-dev which does not seem to have anything to do with this. That page mentions everything about making applications with Akonadi except how to build them.

      There is a package called kdepimlibs5-dev which looks promising: it has no .a files but it does have haders and cmake files. However, qtcreator is only integrated with qmake, and I would really like the handholding of an IDE at this stage.

      I put something together naively doing just what looked right, and I managed to get an application that segfaults before main() is even called:

       * Copyright © 2015 Enrico Zini <>
       * This work is free. You can redistribute it and/or modify it under the
       * terms of the Do What The Fuck You Want To Public License, Version 2,
       * as published by Sam Hocevar. See the COPYING file for more details.
      #include <QDebug>
      int main(int argc, char *argv[])
          qDebug() << "BEGIN";
          return 0;
      QT       += core gui widgets
      CONFIG += c++11
      TARGET = wtf
      TEMPLATE = app
      LIBS += -lkdecore -lakonadi-kde
      SOURCES += wtf.cpp

      I didn't achieve what I wanted, but I feel like I achieved something magical and beautiful after all.

      I shall now perform some haruspicy on those oscure cmake files to see if I can figure something out. But seriously, people?

      23 February, 2015 10:36AM

      hackergotchi for Dirk Eddelbuettel

      Dirk Eddelbuettel

      drat Tutorial: Publishing a package


      The drat package was released earlier this month, and described in a first blog post. I received some helpful feedback about what works and what doesn't. For example, Jenny Bryan pointed out that I was not making a clear enough distinction between the role of using drat to publish code, and using drat to receive/install code. Very fair point, and somewhat tricky as R aims to blur the line between being a user and developer of statistical analyses, and hence packages. Many of us are both. Both the main point is well taken, and this note aims to clarify this issue a little by focusing on the former.

      Another point make by Jenny concerns the double use of repository. And indeed, I conflated repository (in the sense of a GitHub code repository) with repository for a package store used by a package manager. The former, a GitHub repository, is something we use to implement a personal drat with: A GitHub repository happens to be uniquely identifiable just by its account name, and given an (optional) gh-pages branch also offers a stable and performant webserver we use to deliver packages for R. A (personal) code repository on the other hand is something we implement somewhere---possibly via drat which supports local directories, possibly on a network share, as well as anywhere web-accessible, e.g. via a GitHub repository. It is a little confusing, but I will aim to make the distinction clearer.

      Just once: Setting up a drat repository

      So let us for the remainder of this post assume the role of a code publisher. Assume you have a package you would like to make available, which may not be on CRAN and for which you would like to make installation by others easier via drat. The example below will use an interim version of drat which I pushed out yesterday (after fixing a bug noticed when pushing the very new RcppAPT package).

      For the following, all we assume (apart from having a package to publish) is that you have a drat directory setup within your git / GitHub repository. This is not an onerous restriction. First off, you don't have to use git or GitHub to publish via drat: local file stores and other web servers work just as well (and are documented). GitHub simply makes it easiest. Second, bootstrapping one is trivial: just fork my drat GitHub repository and then create a local clone of the fork.

      There is one additional requirement: you need a gh-pages branch. Using the fork-and-clone approach ensures this. Otherwise, if you know your way around git you already know how to create a gh-pages branch.

      Enough of the prerequisities. And on towards real fun. Let's ensure we are in the gh-pages branch:

      edd@max:~/git/drat(master)$ git checkout gh-pages
      Switched to branch 'gh-pages'
      Your branch is up-to-date with 'origin/gh-pages'.

      Publish: Run one drat command to insert a package

      Now, let us assume you have a package to publish. In my case this was version of drat itself as it contains a fix for the very command I am showing here. So if you want to run this, ensure you have this version of drat as the CRAN version is currently behind at release 0.0.1 (though I plan to correct that in the next few days).

      To publish an R package into a code repository created via drat running on a drat GitHub repository, just run insertPackage(packagefile) which we show here with the optional commit=TRUE. The path to the package can be absolute are relative; the easists is often to go up one directory from the sources to where R CMD build ... has created the package file.

      edd@max:~/git$ Rscript -e 'library(drat); insertPackage("drat_0.0.1.2.tar.gz", commit=TRUE)'
      [gh-pages 0d2093a] adding drat_0.0.1.2.tar.gz to drat
       3 files changed, 2 insertions(+), 2 deletions(-)
       create mode 100644 src/contrib/drat_0.0.1.2.tar.gz
      Counting objects: 7, done.
      Delta compression using up to 8 threads.
      Compressing objects: 100% (7/7), done.
      Writing objects: 100% (7/7), 7.37 KiB | 0 bytes/s, done.
      Total 7 (delta 1), reused 0 (delta 0)
         206d2fa..0d2093a  gh-pages -> gh-pages

      You can equally well run this as insertPackage("drat_0.0.1.2.tar.gz"), then inspect the repo and only then run the git commands add, commit and push. Also note that future versions of drat will most likely support git operations directly by relying on the very promising git2r package. But this just affect package internals, the user-facing call of e.g. insertPackage("drat_0.0.1.2.tar.gz", commit=TRUE) will remain unchanged.

      And in a nutshell that really is all there is to it. With the newly drat-ed package pushed to your GitHub repository with a single function call), it is available via the automatically-provided gh-pages webserver access to anyone in the world. All they need to do is to point R's package management code (which is built into R itself and used for e.g._ CRAN and BioConductor R package repositories) to the new repo---and that is also just a single drat command. We showed this in the first blog post and may expand on it again in a follow-up.

      So in summary, that really is all there is to it. After a one-time setup / ensuring you are on the gh-pages branch, all it takes is a single function call from the drat package to publish your package to your drat GitHub repository.

      This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

      23 February, 2015 02:04AM

      February 22, 2015

      hackergotchi for Rogério Brito

      Rogério Brito

      User-Agent strings and privacy

      I just had my hands on some mobile devices (a Samsung's Galaxy Tab S 8.4", an Apple's iPad mini 3, and my no-name tablet that runs Android).

      I got curious to see how the different browsers identify themselves to the world via their User agent strings and I must say that each browser's string reveals a lot about both the browser makers and their philosophies regarding user privacy.

      Here is a simple table that I compiled with the information that I collected (sorry if it gets too wide):

      Device Browser User-Agent String
      Samsung Galaxy Tab S Firefox 35.0 Mozilla/5.0 (Android; Tablet; rv:35.0) Gecko/35.0 Firefox/35.0
      Samsung Galaxy Tab S Firefox 35.0.1 Mozilla/5.0 (Android; Tablet; rv:35.0.1) Gecko/35.0.1 Firefox/35.0.1
      Samsung Galaxy Tab S Android's 4.4.2 stock browser Mozilla/5.0 (Linux; Android 4.4.2; en-gb; SAMSUNG SM-T700 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Version/1.5 Chrome/28.0.1500.94 Safari/537.36
      Samsung Galaxy Tab S Updated Chrome Mozilla/5.0 (Linux; Android 4.4.2; SM-T700 Build/KOT49H) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/40.0.2214.109 Safari/537.36
      Vanilla tablet Android's 4.1.1 stock browser Mozilla/5.0 (Linux; U; Android 4.1.1; en-us; TB1010 Build/JRO03H) AppleWebKit/534.30 (KHTML, like Gecko) Version/4.0 Safari/534.30
      Vanilla tablet Firefox 35.0.1 Mozilla/5.0 (Android; Tablet; rv:35.0.1) Gecko/35.0.1 Firefox/35.0.1
      iPad Safari's from iOS 8.1.3 Mozilla/5.0 (iPad; CPU OS 8_1_3 like Mac OS X) AppleWebKit/600.1.4 (KHTML, like Gecko) Version/8.0 Mobile/12B466 Safari/600.1.4
      Notebook Debian's Iceweasel 35.0.1 Mozilla/5.0 (X11; Linux x86_64; rv:35.0) Gecko/20100101 Firefox/35.0 Iceweasel/35.0.1

      So, briefly looking at the table above, you can tell that the stock Android browser reveals quite a bit of information: the model of the device (e.g., SAMSUNG SM-T700 or TB1010) and even the build number (e.g., Build/KOT49H or Build/JRO03H)! This is super handy for malicious websites and I would say that it leaks a lot of possibly undesired information.

      The iPad is similar, with Safari revealing the version of the iOS that it is running. It doesn't reveal, though, the language that the user is using via the UA string (it probably does via other HTTP fields).

      Chrome is similar to the stock Android browser here, but, at least, it doesn't reveal the language of the user. It does reveal the version of Android, including the patch-level (that's a bit too much, IMVHO).

      I would say that the winner respecting privacy of the users among the browsers that I tested is Firefox: it conveys just the bare minimum, not differentiating from a high-end tablet (Samsung's Galaxy Tab S with 8 cores) and a vanilla tablet (with 2 cores). Like Chrome, Firefox still reveals a bit too much in the form of the patch-level. It should be sufficient to say that it is version 35.0 even if the user has 35.0.1 installed.

      The bonus points with Firefox is that it is also available on F-Droid, in two versions: as Firefox itself and as Fennec.

      22 February, 2015 11:54PM

      Hideki Yamane

      New laptop ThinkPad E450

      I've got a new laptop, Lenovo ThinkPad E450.

      • CPU: Intel Core i5 (upgraded)
      • Mem: 8GB (upgraded, one empty slot, can up to 16GB)
      • HDD: 500GB
      • LCD: FHD (1920x1080, upgraded)
      • wifi: 802.11ac (upgraded, Intel 7265 BT ACBGN)
      nice,  it was less than $600 $500.

      Well, probably you know about Superfish issue with Lenovo Laptop, but it didn't affect to me because first thing when I got it is replacing HDD with another empty one, and did fresh install Debian Jessie (of course).

      22 February, 2015 05:55AM by Hideki Yamane (

      February 21, 2015

      Francesca Ciceri

      Dudes in dresses, girls in trousers

      "As long as people still think of people like me as "a dude in a dress" there is a lot work to do to fight transphobia and gain tolerance and acceptance."

      This line in Rhonda's most recent blogpost broke my heart a little, and sparked an interesting conversation with her about the (perceived?) value of clothes, respect and identity.

      So, guess what? Here's a pic of a "girl in trousers". Just because.

      MadameZou in her best James Dean impersonation

      (Sorry for the quality: couldn't find my camera and had to use a phone. Also, I don't own a binder, so I used a very light binding)

      21 February, 2015 06:03PM

      Dominique Dumont

      Performance improvement for ‘cme check dpkg’


      Thanks to Devel::NYTProf, I’ve realized that Module::CoreList was used in a not optimal way (to say the least) in Config::Model::Dpkg::Dependency when checking the dependency between Perl packages. (Note that only Perl packages with many dependencies were affected by this lack of performance)

      After a rework, the performance are much better. Here’s an example comparing check time before and after the modification of libconfig-model-dpkg-perl.

      With libconfig-model-dpkg-perl 2.059:
      $ time cme check dpkg
      Using Dpkg
      loading data
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      checking data
      check done

      real 0m10.235s
      user 0m10.136s
      sys 0m0.088s

      With libconfig-model-dpkg-perl 2.060:
      $ time cme check dpkg
      Using Dpkg
      loading data
      Reading package lists... Done
      Building dependency tree
      Reading state information... Done
      checking data
      check done

      real 0m1.565s
      user 0m1.468s
      sys 0m0.092s


      All in all, a 8x performance improvement on the dependency check.

      Note that, due to the freeze, the new version of libconfig-model-dpkg-perl is available only in experimental.

      All the best

      Tagged: Config::Model, debian, dpkg, package

      21 February, 2015 03:09PM by dod

      hackergotchi for Vasudev Kamath

      Vasudev Kamath

      Running Plan9 using 9vx - using vx32 sandboxing library

      Now a days I'm more and more attracted towards Plan9, an Operating System meant to be the successor of UNIX and created by same people who created original UNIX. I'm always baffled by the simplicity of Plan9. Sadly Plan9 never took off for whatever reasons.

      I've been for a while trying to run Plan9, I ran Plan9 on Raspberry Pi model B using 9pi, but I couldn't experiment with it more due to some restrictions in my home setup.

      I installed original Plan9 4th Edition from Bell labs (now part of Alcatel-Lucent), I will write about it in on different post. But running virtual machine on my system is again PITA as system is already old (3 and half year). I came across the 9vx which is port of Plan9 for FreeBSD, Linux and Mac OSX by Russ Cox.

      I downloaded original 9vx version 0.9.12 from Russ's page linked above. The archive contains a Plan9 rootfs along with precompiled 9vx binaries for Linux, FreeBSD and Mac OS X. I ran the Linux binary but it crashed.

      ./9vx.Linux -u glenda

      I was seeing some illegal instruction error in dmesg. I didn't bother to do more investigation.

      A bit of googling showed me Arch Linux's wiki page on 9vx. I got errors trying to compile the original vx32 from rsc's repository but later saw that AUR 9vx package is built from different repository forked from rsc's found here.

      I cloned the repository to local and compiled it, I don't really remember if I had installed any additional packages. But if you get error you will know what additional thing is required. After compilation the 9vx binary is found inside src/9vx/9vx. I used this newly compiled 9vx to run the the rootfs I downloaded from Russ's website.

      9vx -u glenda -r /path/to/extracted/9vx-0.9.12/

      This launches Plan9 and allows you to work inside Plan9. The good part is its not resource hungry and still looks like you have a VM running with Plan9 on it.

      But there seems to be a better way to do this directly from plan9 iso from bell labs. It can be found on 9fans list. Now I'm going to try that out too :-). And in next post I will share my experience of using Plan9 on Qemu.

      21 February, 2015 07:02AM by copyninja

      February 20, 2015

      Richard Hartmann

      Release Critical Bug report for Week 08

      The UDD bugs interface currently knows about the following release critical bugs:

      • In Total: 1069 (Including 188 bugs affecting key packages)
        • Affecting Jessie: 147 (key packages: 114) That's the number we need to get down to zero before the release. They can be split in two big categories:
          • Affecting Jessie and unstable: 96 (key packages: 81) Those need someone to find a fix, or to finish the work to upload a fix to unstable:
            • 23 bugs are tagged 'patch'. (key packages: 19) Please help by reviewing the patches, and (if you are a DD) by uploading them.
            • 2 bugs are marked as done, but still affect unstable. (key packages: 0) This can happen due to missing builds on some architectures, for example. Help investigate!
            • 71 bugs are neither tagged patch, nor marked done. (key packages: 62) Help make a first step towards resolution!
          • Affecting Jessie only: 51 (key packages: 33) Those are already fixed in unstable, but the fix still needs to migrate to Jessie. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.
            • 34 bugs are in packages that are unblocked by the release team. (key packages: 22)
            • 17 bugs are in packages that are not unblocked. (key packages: 11)

      How do we compare to the Squeeze and Wheezy release cycles?

      Week Squeeze Wheezy Jessie
      43 284 (213+71) 468 (332+136) 319 (240+79)
      44 261 (201+60) 408 (265+143) 274 (224+50)
      45 261 (205+56) 425 (291+134) 295 (229+66)
      46 271 (200+71) 401 (258+143) 427 (313+114)
      47 283 (209+74) 366 (221+145) 342 (260+82)
      48 256 (177+79) 378 (230+148) 274 (189+85)
      49 256 (180+76) 360 (216+155) 226 (147+79)
      50 204 (148+56) 339 (195+144) ???
      51 178 (124+54) 323 (190+133) 189 (134+55)
      52 115 (78+37) 289 (190+99) 147 (112+35)
      1 93 (60+33) 287 (171+116) 140 (104+36)
      2 82 (46+36) 271 (162+109) 157 (124+33)
      3 25 (15+10) 249 (165+84) 172 (128+44)
      4 14 (8+6) 244 (176+68) 187 (132+55)
      5 2 (0+2) 224 (132+92) 175 (124+51)
      6 release! 212 (129+83) 161 (109+52)
      7 release+1 194 (128+66) 147 (106+41)
      8 release+2 206 (144+62) 147 (96+51)
      9 release+3 174 (105+69)
      10 release+4 120 (72+48)
      11 release+5 115 (74+41)
      12 release+6 93 (47+46)
      13 release+7 50 (24+26)
      14 release+8 51 (32+19)
      15 release+9 39 (32+7)
      16 release+10 20 (12+8)
      17 release+11 24 (19+5)
      18 release+12 2 (2+0)

      Graphical overview of bug stats thanks to azhag:

      20 February, 2015 07:32PM by Richard 'RichiH' Hartmann

      hackergotchi for Rhonda D'Vine

      Rhonda D'Vine

      Queer-Positive Songs

      Just recently I stumbled upon one of these songs again and thought to myself: Are there more out there? With these songs I mean songs that could from its lyrics be considered queer-positive. Lyrics that cointain parts that speak about queer topics. To get you an idea of what I mean here are three songs as examples:

      • Saft by Die Fantastischen Vier: The excert from the lyrics I am refering to is: "doch im Grunde sucht jeder Mann eine Frau // Wobei so mancher Mann besser mit Männern kann // und so manche Frau lässt lieber Frauen ran" ("but basically every man looks for a woman // though some man prefer men // and some women prefer women").
      • Liebe schmeckt gut by Grossstadtgeflüster: Here the lyrics go like "Manche lieben sich selber // manche lieben unerkannt // manche drei oder fünf" ("some love themself // some love in secrecy // some three or five"). For a stereo sound version of the song watch this video instead, but I love the video. :)
      • Mein schönstes Kleid by Früchte des Zorns: This song is so much me. It starts off with "Eines Tages werd ich aus dem Haus geh'n und ich trag mein schönstes Kleid" ("One day I'll go out and I'll wear my most beautiful dress" sung by a male voice). I was made aware of it after the Poetry Night at debconf12 in Nicaragua. As long as people still think of people like me as "a dude in a dress" there is a lot work to do to fight transphobia and gain tolerance and acceptance.

      Do you have further examples for me? I know that I already mentioned another one in my blog entry about Garbage for a start. I am aware that there probably are dedicated bands that out of their own history do a lot songs in that direction, but I also want to hear about songs in which it is only mentioned in a side note and not made the central topic of the whole song, making it an absolutely normal random by-note.

      Like always, enjoy—and I'm looking forward to your suggestions!

      /music | permanent link | Comments: 17 | Flattr this

      20 February, 2015 04:05PM by Rhonda

      hackergotchi for David Bremner

      David Bremner

      Dear Lenovo, it's not me, it's you.

      I've been a mostly happy Thinkpad owner for almost 15 years. My first Thinkpad was a 570, followed by an X40, an X61s, and an X220. There might have been one more in there, my archives only go back a decade. Although it's lately gotten harder to buy Thinkpads at UNB as Dell gets better contracts with our purchasing people, I've persevered, mainly because I'm used to the Trackpoint, and I like the availability of hardware service manuals. Overall I've been pleased with the engineering of the X series.

      Over the last few days I learned about the installation of the superfish malware on new Lenovo systems, and Lenovo's completely inadequate response to the revelation. I don't use Windows, so this malware would not have directly affected me (unless I had the misfortune to use this system to download installation media for some GNU/Linux distribution). Nonetheless, how can I trust the firmware installed by a company that seems to value its users' security and privacy so little?

      Unless Lenovo can show some sign of understanding the gravity of this mistake, and undertake not to repeat it, then I'm afraid you will be joining Sony on my list of vendors I used to consider buying from. Sure, it's only a gross income loss of $500 a year or so, if you assume I'm alone in this reaction. I don't think I'm alone in being disgusted and angered by this incident.

      20 February, 2015 02:00PM

      hackergotchi for Wouter Verhelst

      Wouter Verhelst

      LOADays 2015

      Looks like I'll be speaking at LOADays again. This time around, at the suggestion of one of the organisers, I'll be speaking about the Belgian electronic ID card, for which I'm currently employed as a contractor to help maintain the end-user software. While this hasn't been officially confirmed yet, I've been hearing some positive signals from some of the organisers.

      So, under the assumption that my talk will be accepted, I've started working on my slides. The intent is to explain how the eID middleware works (in general terms), how the Linux support is supposed to work, and what to do when things fail.

      If my talk doesn't get rejected at the final hour, I will continue my uninterrupted "speaker at loadays" streak, which has started since loadays' first edition...

      20 February, 2015 10:47AM