January 05, 2016

hackergotchi for Daniel Pocock

Daniel Pocock

hackergotchi for Benjamin Mako Hill

Benjamin Mako Hill

Celebrate Aaron Swartz in Seattle (or Atlanta, Chicago, Dallas, NYC, SF)

I’m organizing an event at the University of Washington in Seattle that involves a reading, the screening of a documentary film, and a Q&A about Aaron Swartz. The event coincides with the third anniversary of Aaron’s death and the release of a new book of Swartz’s writing that I contributed to.

aaronsw-tiob_bwcstw

The event is free and open the public and details are below:

WHEN: Wednesday, January 13 at 6:30-9:30 p.m.

WHERE: Communications Building (CMU) 120, University of Washington

We invite you to celebrate the life and activism efforts of Aaron Swartz, hosted by UW Communication professor Benjamin Mako Hill. The event is next week and will consist of a short book reading, a screening of a documentary about Aaron’s life, and a Q&A with Mako who knew Aaron well – details are below. No RSVP required; we hope you can join us.

Aaron Swartz was a programming prodigy, entrepreneur, and information activist who contributed to the core Internet protocol RSS and co-founded Reddit, among other groundbreaking work. However, it was his efforts in social justice and political organizing combined with his aggressive approach to promoting increased access to information that entangled him in a two-year legal nightmare that ended with the taking of his own life at the age of 26.

January 11, 2016 marks the third anniversary of his death. Join us two days later for a reading from a new posthumous collection of Swartz’s writing published by New Press, a showing of “The Internet’s Own Boy” (a documentary about his life), and a Q&A with UW Communication professor Benjamin Mako Hill – a former roommate and friend of Swartz and a contributor to and co-editor of the first section of the new book.

If you’re not in Seattle, there are events with similar programs being organized in Atlanta, Chicago, Dallas, New York, and San Francisco.  All of these other events will be on Monday January 11 and registration is required for all of them. I will be speaking at the event in San Francisco.

05 January, 2016 01:07AM by Benjamin Mako Hill

January 04, 2016

Stig Sandbeck Mathisen

Munin 3 packaging

The Munin project is moving slowly closer to a Munin 3 release. In parallel, the Debian packaging is changing, too.

The new web interface is looking much better than the traditional web-1.0 interface normally associated with munin.

New package layout

perl libraries

All the Munin perl libraries are placed in “libmunin-*-perl”, and split into separate packages, where the split is decided mostly on dependencies.

If you don’t want to monitor samba, or SNMP, or MySQL, there should be no need to have those libraries installed. That does mean more binary packages, on the other hand.

Munin master

Munin now runs as a standalone HTTPD, it no longer graphs from cron, nor does it run as CGI or FastCGI scripts.

The user “munin” grants read-write access, while the group “munin” grants read only access. The new web interface runs as the “munin-httpd” user, which is member of the “munin” group.

There is a “munin” service. For now, it runs rrdcached for the munin user and RRD directory.

munin node

The perl “munin-node” and the compiled “munin-node-c” should be interchangeable, and be able to run the same plugins.

Munin node, and Munin async node, should be wholly separate from the munin master. It should be possible to use the perl “munin-node” package, and the

munin plugins

The munin plugins are placed separate packages named “munin-plugins-*”. The split is based on monitoring subject, or dependencies. They depend on appropriate “libmunin-plugin-*-perl” packages

The “munin-plugins-c” package, which is is from the “munin-node-c” source, contains a number of compiled plugins which should use less resources than their shell, perl or python equivalents.

Plugins from other sources than “munin” must work similar to the ones from “munin”. More work on this is needed.

Testing

Late December 2015, I set up Jenkins, with jenkins-debian-glue to build packages, test with autopkgtest and and update my development apt repository on each commit. That helped developing and testing the new Munin packages.

The packages are not quite ready to upload to experimental, but they are continuously deployed to weed out bugs. They can be found in my packaging apt repo. (The usual non-guarantees apply, handle with care, keep away from small children, etc…)

Comments

Munin developers, packagers and users hang out on “#munin” on the OFTC network. Please drop by if you have questions or comments.

04 January, 2016 11:00PM

hackergotchi for Clint Adams

Clint Adams

Real world Cryptol

cryptol is now in testing.

If you hurry, you can contribute to upstream implementations of CAST5 and Twofish before Christmas this Thursday.

04 January, 2016 08:07PM

hackergotchi for Michal Čihař

Michal Čihař

Enca 1.17

Last version of Enca has been released more than year ago and now it's time for new release. There are various compatibility fixes which have been committed to the Git repository meanwhile.

If you don't know Enca, it is an Extremely Naive Charset Analyser. It detects character set and encoding of text files and can also convert them to other encodings using either a built-in converter or external libraries and tools like libiconv, librecode, or cstocs.

Full list of changes for 1.17 release:

  • Fixed conversion of GB2312 encoding with iconv
  • Fixed iconv conversion on OSX
  • Documentation improvements
  • Fixed execution of external converters with ACLs
  • Improved test coverage to 80%

Still enca is in maintenance mode only and I have no intentions to write new features. However there is no limitation to other contributors :-).

You can download from http://cihar.com/software/enca/.

Filed under: Enca English | 2 comments

04 January, 2016 02:45PM by Michal Čihař (michal@cihar.com)

Mike Gabriel

My FLOSS activities in December 2015

December 2015 was a month mainly dedicated to work for local contractors (local schools mainly) and my employer (University of Kiel, Git server migration).

At the end of the month I had the privilege of attending the 32c3 ([1]) where we had a little sprint for the Arctica Project. Thanks to my family and esp. to my wonderful wife for letting me attend this always fascinating event at the end of each year.

Horde Hacking

One of my local customers is really interested in using a non-gated-community mail provider, so he asked me to host his company's mail addresses on my mail company's server. Something I regularly don't offer (anymore) except for dear friends and very patient customers.

This customer sponsored several more work hours on hacking on the Kolab_Storage code in Horde and proposing bug fixes upstream [2,3,4,5,6,7,8]. Thanks for supporting my work on the Horde Groupware Framework. Thanks to Horde upstream maintainers (esp. Michael Rubinsky) for reacting on my bug submissions so promptly.

Debian and Debian LTS

Locally, I did a lot of work for our Debian Edu / Skolelinux customers again this months.

read more

04 January, 2016 12:17PM by sunweaver

hackergotchi for Bernd Zeimetz

Bernd Zeimetz

open-vm-tools updated

In January 2014 the open-vm-tools package was orphaned and I took the chance to take over the maintenance. Unfortunately the package is still not 100% in the shape I’d like to see it, but I’m getting closer. I have to say Thank You for a lot of good bug reports, especially for those use cases which are hard to test/reproduce for me (running Debian in a Windows-based VMware Workstation Player for example….).

At conova communications GmbH, the company I work for, we are using the package on all of our Debian VMs, both for customer and internal use. It is essential for us to have properly working open-vm-tools - not only to be able to shutdown the VM from VMware vCenter, but also because tools like vSphere Data Protection and Veeam depend on it. Good thing is that I can work on and test the package at work and breakages are detected early and fast normally.

Getting a good contact to the VMware upstream was easy and the developers there are helpful and reply pretty fast to their emails. Also as it seems there are finally “real” commits showing up in the open-vm-tools github repository again, not only huge single commits with a full release. It is not only nice to see that they are moving into the right direction again, but also this is really helpful in fixing (urgent) bugs before the next release of open-vm-tools - or to backport a fix to the versoin in stable/oldstable.

Since a few days we have open-vm-tools 10.0.5-3227872 in

  • testing & unstable
  • jessie-backports
  • wheezy-backports-sloppy

If you are using VMware ESX 5.5 or newer, you should upgrade to the backports versions. Same if you use a recent VMware player version.

Please note that since 10.0.0 the open-vm-dkms package is only necessary if you need the legacy vmxnet module. This is only the case if you are using very old VM hardware versions. vmxnet3 is shipped in the Debian kernel, so you don’t need to compile extra modules to use it. The vmhgfs module was replaced by a fuse-based implementation.

If you’d like to help maintaining the package, please send bugs/patches via the Debian BTS or even better - send pull requests for pkg-open-vm-tools. The repository is mirrored to git.bzed.at in case you want to avoid github.

04 January, 2016 10:06AM

hackergotchi for Alessio Treglia

Alessio Treglia

Enterprise Innovation in a Transformative Society

 

Recent article by professors Karim Lakhani and Marco Iansiti on the Harvard Business Review, “Digital Ubiquity: How Connection, Sensors and Data are Revolutionizing Business”, gave me the opportunity for interesting insights and considerations.

Digital technology evolution and the development of modern “Internet of Things” devices are introducing huge transformative effects within social inter-relationships and its business models. These effects can not be ignored if we want to perceive – with the right clarity and meaning – the innovation process that inevitably comes with it.

The three fundamental properties of digital technology…

<Read More…>

04 January, 2016 09:13AM by Fabio Marzocca

hackergotchi for Lunar

Lunar

Reproducible builds: week 36 in Stretch cycle

What happened in the reproducible builds effort between December 27th and January 2nd:

Infrastructure

dak now silently accepts and discards .buildinfo files (commit 1, 2), thanks to Niels Thykier and Ansgar Burchardt. This was later confirmed as working by Mattia Rizzolo.

Packages fixed

The following packages have become reproducible due to changes in their build dependencies: banshee-community-extensions, javamail, mono-debugger-libs, python-avro.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

Untested changes:

  • fltk1.1/1.1.10-20 by Aaron M. Ucko, currently FTBFS.
  • fltk1.3/1.3.3-5 by Aaron M. Ucko, currently FTBFS.

reproducible.debian.net

The testing distribution (the upcoming stretch) is now tested on armhf. (h01ger)

Four new armhf build nodes provided by Vagrant Cascandian were integrated in the infrastructer. This allowed for 9 new armhf builder jobs. (h01ger)

The RPM-based build system, koji, is now in unstable and testing. (Marek Marczykowski-Górecki, Ximin Luo).

Package reviews

131 reviews have been removed, 71 added and 53 updated in the previous week.

58 new FTBFS reports were made by Chris Lamb and Chris West.

New issues identified this week: nondeterminstic_ordering_in_gsettings_glib_enums_xml, nondeterminstic_output_in_warnings_generated_by_breathe, qt_translate_noop_nondeterminstic_ordering.

Misc.

Steven Chamberlain explained in length why reproducible cross-building across architectures mattered, and posted results of his tests comparing a stage1 debootstrapped chroot of linux-i386 once done from official Debian packages, the others cross-built from kfreebsd-amd64.

04 January, 2016 07:22AM

Mike Gabriel

MATE 1.12 landed in Debian unstable

Yesterday, I did a bundle upload of all MATE 1.12 related packages to Debian unstable. Packages are currently building for the 22 architectures supported by Debian, build status can be viewed on the DDPO page of the Debian MATE Packaging Team [1]

Again a big thanks to the packaging team. Martin Wimpress amongst others did a fabulous job in bumping all packages towards the 1.12 release series before the Christmas holidays. Over the holidays, I was able to review his work (99% perfect) and upload all binary packages to a staging repository.

@Martin Wimpress: It is really time that we make a DM (Debian Maintainer) out of you!!!

After testing all MATE 1.12 packages on a Debian unstable system, I decided to do a bundle upload yesterday.

Lessons learned about bundling Debian uploads

It absolutely makes sense to hold back package uploads of a project like the MATE desktop until all relevant packages are reviewed, pre-built and tested.

When releasing MATE packages via the team's packaging Git [2], there are normally two actions to be taken on a package release:

  • commit "upload to unstable (debian/<pkg-version>)
  • tag that commit with "Debian release <pkg-version>

When reviewing so many Git projects, it is always problematic that people commit something else during the review phase. Especially, if the review work involves many packages (i.e., Git packaging repos) and requires several days or even weeks to get finished.

read more

04 January, 2016 05:49AM by sunweaver

hackergotchi for Benjamin Mako Hill

Benjamin Mako Hill

The Boy Who Could Change the World: The Writings of Aaron Swartz

The New Press has published a new collection of Aaron Swartz’s writing called The Boy Who Could Change the World: The Writings of Aaron Swartz. I worked with Seth Schoen to introduce and help edit the opening section of book that includes Aaron’s writings on free culture, access to information and knowledge, and copyright. Seth and I have put our introduction online under an appropriately free license (CC BY-SA).

aaronsw_book_coverOver the last week, I’ve read the whole book again. I think the book really is a wonderful snapshot of Aaron’s thought and personality. It’s got bits that make me roll my eyes, bits that make me want to shout in support, and bits that continue to challenge me. It all makes me miss Aaron terribly. I strongly recommend the book.

Because the publication is post-humous, it’s meant that folks like me are doing media work for the book. In honor of naming the book their “progressive pick” of the week, Truthout has also published an interview with me about Aaron and the book.

Other folks who introduced and/or edited topical sections in the book are David Auerbach (Computers), David Segal (Politics), Cory Doctorow (Media), James Grimmelmann (Books and Culture), and Astra Taylor (Unschool). The book is introduced by Larry Lessig.

04 January, 2016 02:12AM by Benjamin Mako Hill

John Goerzen

Hiking a mountain with Ian Murdock

“Would you like to hike a mountain?” That question caught me by surprise. It was early in 2000, and I had flown to Tucson for a job interview. Ian Murdock was starting a new company, Progeny, and I was being interviewed for their first hire.

“Well,” I thought, “hiking will be fun.” So we rode a bus or something to the top of the mountain and then hiked down. Our hike was full of — well, everything. Ian talked about Tucson and the mountains, about his time as the Debian project leader, about his college days. I asked about the plants and such we were walking past. We talked about the plans for Progeny, my background, how I might fit in. It was part interview, part hike, part two geeks chatting. Ian had no HR telling him “you can’t go hiking down a mountain with a job candidate,” as I’m sure HR would have. And I am glad of it, because even 16 years later, that is still by far the best time I ever had at a job interview, despite the fact that it ruined the only pair of shoes I had brought along — I had foolishly brought dress shoes for a, well, job interview.

I guess it worked, too, because I was hired. Ian wanted to start up the company in Indianapolis, so over the next little while there was the busy work of moving myself and setting up an office. I remember those early days – Ian and I went computer shopping at a local shop more than once to get the first workstations and servers for the company. Somehow he had found a deal on some office space in a high-rent office building. I still remember the puzzlement on the faces of accountants and lawyers dressed up in suits riding in the elevators with us in our shorts and sandals, or tie-die, next to them.

Progeny’s story was to be a complicated one. We set out to rock the world. We didn’t. We didn’t set out to make lasting friendships, but we often did. We set out to accomplish great things, and we did some of that, too.

We experienced a full range of emotions there — elation when we got hardware auto-detection working well or when our downloads looked very popular, despair when our funding didn’t come through as we had hoped, being lost when our strategy had to change multiple times. And, as is the case everywhere, none of us were perfect.

I still remember the excitement after we published our first release on the Internet. Our little server that could got pegged at 100Mb of outbound bandwidth (that was something for a small company in those days.) The moment must have meant something, because I still have the mrtg chart from that day on my computer, 15 years later.

Progeny's Bandwidth Chart

We made a good Linux distribution, an excellent Debian derivative, but commercial success did not flow from it. In the succeeding months, Ian and the company tried hard to find a strategy that would stick and make our big break. But that never happened. We had several rounds of layoffs when hoped-for funding never materialized. Ian eventually lost control of the company, and despite a few years of Itanium contract work after I left, closed for good.

Looking back, Progeny was life — compressed. During the good times, we had joy, sense of accomplishment, a sense of purpose at doing something well that was worth doing. I had what was my dream job back then: working on Debian as I loved to do, making the world a better place through Free Software, and getting paid to do it. And during the bad times, different people at Progeny experienced anger, cynicism, apathy, sorrow for the loss of our friends or plans, or simply a feeling to soldier on. All of the emotions, good or bad, were warranted in their own way.

Bruce Byfield, one of my co-workers at Progeny, recently wrote a wonderful memoriam of Ian. He wrote, “More than anything, he wanted to repeat his accomplishment with Debian, and, naturally he wondered if he could live up to his own expectations of himself. That, I think, was Ian’s personal tragedy — that he had succeeded early in life, and nothing else he did with his life could quite measure up to his expectations and memories.”

Ian was not the only one to have some guilt over Progeny. I, for years, wondered if I should have done more for the company, could have saved things by doing something more, or different. But I always came back to the conclusion I had at the time: that there was nothing I could do — a terribly sad realization.

In the years since, I watched Ubuntu take the mantle of easy-to-install Debian derivative. I saw them reprise some of the ideas we had, and even some of our mistakes. But by that time, Progeny was so thoroughly forgotten that I doubt they even realized they were doing it.

I had long looked at our work at Progeny as a failure. Our main goal was never accomplished, our big product never sold many copies, our company eventually shuttered, our rock-the-world plan crumpled and forgotten. And by those traditional measurements, you could say it was a failure.

But I have come to learn in the years since that success is a lot more that those things. Success is also about finding meaning and purpose through our work. As a programmer, success is nailing that algorithm that lets the application scale 10x more than before, or solving that difficult problem. As a manager, success is helping team members thrive, watching pieces come together on projects that no one person could ever do themselves. And as a person, success comes from learning from our experiences, and especially our mistakes. As J. Michael Straczynski wrote in a Babylon 5 episode, loosely paraphrased: “Maybe this experience will be a good lesson. Too bad it was so painful, but there ain’t no other kind.”

The thing about Progeny is this – Ian built a group of people that wanted to change the world for the better. We gave it our all. And there’s nothing wrong with that.

Progeny did change the world. As us Progeny alumni have scattered around the country, we benefit from the lessons we learned there. And many of us were “different”, sort of out of place before Progeny, and there we found others that loved C compilers, bootloaders, and GPL licenses just as much as we did. We belonged, not just online but in life, and we went on to pull confidence and skill out of our experience at Progeny and use them in all sorts of ways over the years.

And so did Ian. Who could have imagined the founder of Debian and Progeny would one day lead the cause of an old-guard Unix turning Open Source? I run ZFS on my Debian system today, and Ian is partly responsible for that — and his time at Progeny is too.

So I can remember Ian, and Progeny, as a success. And I leave you with a photo of my best memento from the time there: an original unopened boxed copy of Progeny Linux.

IMG_6197_v1

04 January, 2016 01:15AM by John Goerzen

January 03, 2016

Carl Chenet

Russ Allbery

control-archive 1.7.0

First new release in a while. There haven't been a lot of changes to Usenet hierarchies. The primary change is more aggressive dropping of control messages for reserved hierarchies, mostly to suppress pointless email to news administrators.

There were also the following hierarchy updates:

  • wpg.* no longer has an active maintainer
  • Update metadata and PGP key for dictator.*

These changes are already live on the ftp.isc.org control.ctl file. You can get the latest version from the control-archive distribution page.

03 January, 2016 10:43PM

hackergotchi for Gregor Herrmann

Gregor Herrmann

RC bugs 2015/53

& another round of RC bug fixes, still related to the perl 5.22 transition (& yay, 5.22 is in testing since some days!):

  • #808209 – amanda-common: "amanda-common: Depends on virtual package "perl5" which will is gone with perl/5.22"
    replace perl5 dependencies, NMU with maintainer's approval
  • #808321 – votca-csg-scripts: "votca-csg-scripts: Depends on virtual package "perl5" which will is gone with perl/5.22"
    fix dependency, upload to DELAYED/3
  • #809192 – src:libterm-termkey-perl: "libterm-termkey-perl: FTBFS: 05flags.t: Non-zero wait status: 11"
    set TERM for tests (pkg-perl)
  • #809198 – maildirsync: "maildirsync broken with perl 5.22"
    add upstream patch, upload to DELAYED/3
  • #809583 – src:libgenome-model-tools-music-perl: "libgenome-model-tools-music-perl: FTBFS: use Genome::Model::Tools::Music::Survival': Can't use 'defined(@array)"
    fix 'defined(@array)' error (pkg-perl)

03 January, 2016 08:59PM

hackergotchi for Lunar

Lunar

Reproducible builds: week 35 in Stretch cycle

What happened in the reproducible builds effort between December 20th to December 26th:

Toolchain fixes

Mattia Rizzolo rebased our experimental versions of debhelper (twice!) and dpkg on top of the latest releases.

Reiner Herrmann submited a patch for mozilla-devscripts to sort the file list in generated preferences.js files.

To be able to lift the restriction that packages must be built in the same path, translation support for the __FILE__ C pre-processor macro would also be required. Joerg Sonnenberger submitted a patch back in 2010 that would still be useful today.

Chris Lamb started work on providing a deterministic mode for debootstrap.

Packages fixed

The following packages have become reproducible due to changes in their build dependencies: bouncycastle, cairo-dock-plug-ins, darktable, gshare, libgpod, pafy, ruby-redis-namespace, ruby-rouge, sparkleshare.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

Patches submitted which have not made their way to the archive yet:

reproducible.debian.net

Statistics for package sets are now visible for the armhf architecture. (h01ger)

The second build now has a longer timeout (18 hours) than the first build (12 hours). This should prevent wasting resources when a machine is loaded. (h01ger)

Builds of Arch Linux packages are now done using a tmpfs. (h01ger)

200 GiB have been added to jenkins.debian.net (thanks to ProfitBricks!) to make room for new jobs. The current count is at 962 and growing!

diffoscope development

Aside from some minor bugs that have been fixed, a one-line change made huge memory (and time) savings as the output of transformation tool is now streamed line by line instead of loaded entirely in memory at once.

disorderfs development

Andrew Ayer released disorderfs version 0.4.2-1 on December 22th. It fixes a memory corruption error when processing command line arguments that could cause command line options to be ignored.

Documentation update

Many small improvements for the documentation on reproducible-builds.org sent by Georg Koppen were merged.

Package reviews

666 (!) reviews have been removed, 189 added and 162 updated in the previous week.

151 new fail to build from source reports have been made by Chris West, Chris Lamb, Mattia Rizzolo, and Niko Tyni.

New issues identified: unsorted_filelist_in_xul_ext_preferences, nondeterminstic_output_generated_by_moarvm.

Misc.

Steven Chamberlain drew our attention to one analysis of the Juniper ScreenOS Authentication Backdoor: “Whilst this may have been added in source code, it was well-disguised in the disassembly and just 7 instructions long. I thought this was a good example of the current state-of-the-art, and why we'd like our binaries and eventually, installer and VM images reproducible IMHO.

Joanna Rutkowska has mentioned possible ways for Qubes to become reproducible on their development mailing-list.

03 January, 2016 07:57PM

Niels Thykier

Tor enabled MTA

As I posted earlier, I have migrated to use tor on my machine.  Though I had a couple of unsolved issues back then.  One of them being my Mail Transport Agent (MTA) did not support tor.

A regular user might not have a lot of use for a MTA on their laptop.  However, it is needed for a lot of Debian development scripts (bts, mass-bug, nmudiff), if they are to file/manipulate bugs for you.

I have some requirements for my MTA

  • tor support (or at least “torsocks”-able)
  • support end-to-end encryption with my provider (STARTTLS)
  • verify that it is talking to my provider.
  • rewrite my “From” if it is not correct (otherwise the mail will just be rejected)
  • support the auth mechanisms of my provider
  • it should be simple to configure

I also have some non-requirements:

  • Local mail delivery is not required
  • The MTA will not be used as a general mail relay.
    • One target relay
    • No relaying from other hosts
  • Mail delivery queue is nice to have but not a strict requirement.

Originally, I used postfix, which supported most of these requirements.  Except:

  • My attempt to make it use tor failed.  The best suggestion I found was to divert its smtp handler and then replace it with a torsocks call to the original handler.  Sadly, it just seg. faulted.
  • While postfix is almost certainly able to verify it is talking with my provider, I never got it configured to do that.  In the end, postfix was to complicated for what I was ready to put up with.

 

Per suggestion of Jakub Wilk, I tried msmtp, which turned out do what I wanted.

  • There is a trivial config file example to start with.  I did not need to read any manuals or extended documentation to figure out what they were doing.
  • You probably also want to specify tls_priorities (assuming msmtp is linked against gnutls)
    • A code dive suggests it defaults to “NORMAL:-VERS-SSL3.0″ if not set.  It is probably not too bad, but could be better. :)
    • From a quick look at the gnutls manual “PFS:%PROFILE_<name>” seems like decent value (requires gnutls >= 3.2.4 and that your provider has decent/modern SSL setup).
    • You probably want to have a look at the values for the %PROFILE_<name> before deciding on one.
  • The msmtp program supports connecting through SOCKS proxies and even has a sample config snippet for using it with tor.
    • Of course, by the time I had discovered that I had already been using “torsocks /usr/sbin/sendmail” a couple of times.  :)

The only feature I will probably miss is having a local queue, which can be rate limited.  But all in all, I am quite happy with it so far. :)


Filed under: Debian

03 January, 2016 12:55PM by Niels Thykier

Russ Allbery

podlators 4.04

Now that I've fixed the major test suite problems with podlators, failure reports are now (mostly) useful. There's still the occasional failure to create a directory for temporary files, which I think is just a problem with the testing system, but Windows test failures revealed an actual test suite bug.

This release also merges the changes made for merging podlators into blead Perl, which were relatively minor, and changes the package metadata to point to GitHub as the repository. That seems to be the growing convention in the Perl community and makes it easier for people to submit pull requests. I'm still maintaining my own public repository, but Git makes it easy to replicate things in multiple places. (Bug tracking will remain in the CPAN RT.)

You can get the latest release from the podlators distribution page.

03 January, 2016 06:31AM

hackergotchi for Amaya Rodrigo

Amaya Rodrigo

If we have seen further

If we have seen further it is by standing on the shoulders of giants.
You are very dearly missed, Ian. You were one of those giants.

03 January, 2016 02:06AM

Iustin Pop

Orcas Island day trip, June 2015

I just finished going through my last set of pending-review pictures from 2015, so I'm starting 2016 with a post about the past.

In June 2015 I travelled to Seattle/Kirkland area for work purposes, and took advantage of a weekend to plan some more outdoors stuff. After looking around on maps, I settled on the San Juan islands, so I started looking at hiking possibilities, and in the end Orcas island looked the best choice - all the others had much lower elevations.

So, early in the morning, I started driving from Kirkland to Anacortes ferry terminal. The drive itself is quite nice: after getting past the more populated areas, passing Everett, the the view are very nice, especially in the early morning hours and with very few traffic.

At Anacortes, there was already a small queue, fortunately I had a pre-ordered ticket, and there was not much to do until the ferry arrived except to look forward at the day, and hope that the weather will stay nice. On the ferry then, crossing the straits and enjoying the very nice views:

Perfect blue Catching the morning wind

The ferry stops at Orcas (is it a town or just the terminal), and the next stop is Eastsound town. I pre-planned here a stop to get a second mini-breakfast: however, I misjudged what the portion sizes are and got myself a maxi-cinnamon roll at Caffe Olga:

Second breakfast :)

At least I knew I wasn't going to be hungry for a while :)

Driving on, briefly stopping at Cascade Lake (I also stopped on the way back, the view is nice), then reaching the parking at the Twin Lakes trail on the shore of Mountain Lake. Good think I arrived somewhat early—the parking was quite full already. I also got a bit confused on which way the hike starts, since it's not well marked, but after that I started the hike. It's also possible to drive up to Mount Constitution, but that's just lame; hiking from the base it's quite easy, if you find how to start the hike. Anyway:

Starting to climb Finished the steepest part

At one point, one meets this particular sign:

Which way now?

Beware—the Little Summit is not to be missed! After ~40 minutes of hiking, with some parts a tiny bit strenuous, the view is really breathtaking. It's definitely worth stopping by, as the view is (IMHO) nicer than the view from the top of Mt. Constitution:

Wow!

The reason I say this is better is because you look towards ocean, whereas later the view is back towards the continent. And looking towards the big ocean is just perfect! Plus, the many small island, fully covered with forest are also nice.

Onwards then towards the peak of Mount Constitution. You cross the "ridge" of the island, and your view shifts to the other side. Which means you see back to the Mountain Lake where the hike starts:

Loocking back towards the start

Here the path is more exposed, not through tall forest like at the beginning:

Watching the horizon

Right before reaching the peak, you pass through an interesting forest:

A different kind of forest

And then you're finally reaching the peak. Compared to Switzerland, it's very much not impressive (730m), but nevertheless, being so close to the ocean results in some very nice views:

Couldn't have asked for better weather

You can go into the small tower, and read through the history of the location, including the personal life of Robert Moran (shipbuilder), who retired in 1905 to Orcas island to live what (his doctors said to be) his last months, and who instead ended living until 1943. Not bad! To be filled under "too much stress is bad, nature is good" heading, I think.

After eating a small packed lunch, I started back. At the beginning the forest is similar to the one back at the beginning of the hike, but then, as you reach the level of lakes, it is slightly different. More tall (old?) trees, more moss and ferns:

Afternoon sun in the forest

I passed briefly by the Twin Lakes, which were interesting (lots of submerged trunks), and then finally on the Twin Lakes trail back to the start. The views of Mountain Lake from here are also nice, especially in the less harsh afternoon sun:

Reached Mountain Lake How did those trees get there?

And then the hike was over. I still had some time to spend before the ferry I had a ticket on was scheduled, so I drove down to Olga town, as I was curious what was at the end of "Olga Road". Not much, but again nice views, and this very picturesque pier:

Nice pier in Olga

And then it was back to the ferry, waiting in line, getting on the ferry, and crossing back:

Goodbye Orcas!

Overall, it was a day well spent, part different, part similar to last year's mostly road trip. Definitely recommended if you're in the area, and there are a couple of other hikes on Orcas Island, plus all the other islands which make up the San Juans.

However, traffic on the way back was not that awesome :/ Small price though!

03 January, 2016 01:47AM

hackergotchi for Benjamin Mako Hill

Benjamin Mako Hill

Access Without Empowerment (LibrePlanet 2015 Keynote)

At LibrePlanet 2015 (the FSF’s annual conference), I gave a talk called “Access Without Empowerment” as one of the conference keynote addresses. As I did for my 2013 LibrePlanet talk, I’ve edited together a version that includes the slides and I’ve posted it online in WebM and on YouTube.

Here’s the summary written up in the LibrePlanet program:

The free software movement has twin goals: promoting access to software through users’ freedom to share, and empowering users by giving them control over their technology. For all our movement’s success, we have been much more successful at the former. I will use data from free software and from several related movements to explain why promoting empowerment is systematically more difficult than promoting access and I will explore how our movement might address the second challenge in the future.

In related news, registration is open for LibrePlanet 2016 and that it’s free for FSF members. If you’re not an FSF member, the FSF annual fundraiser is currently going on so now would be a great time to join.

03 January, 2016 12:01AM by Benjamin Mako Hill

January 02, 2016

hackergotchi for Daniel Pocock

Daniel Pocock

The great life of Ian Murdock and police brutality in context

Tributes:

Over the last week, people have been saying a lot about the wonderful life of Ian Murdock and his contributions to Debian and the world of free software. According to one news site, a San Francisco police officer, Grace Gatpandan, has been doing the opposite, starting a PR spin operation, leaking snippets of information about what may have happened during Ian's final 24 hours. Sadly, these things are now starting to be regurgitated without proper scrutiny by the mainstream press (note the erroneous reference to SFGate with link to SFBay.ca, this is mainstream media at its best).

The report talks about somebody "trying to break into a residence". Let's translate that from the spin-doctor-speak back to English: it is the silly season, when many people have a couple of extra drinks and do silly things like losing their keys. "a residence", or just his own home perhaps? Doesn't the choice of words make the motive sound so much more sinister? Nobody knows the full story, so snippets of information like this are not helpful.

Did they really mean to leave people with the impression that one of the greatest visionaries of Silicon Valley was also a cat burglar? That somebody who spent his life giving selflessly and generously for the benefit of the whole world (his legacy is far greater than Steve Jobs, as Debian comes with no strings attached) spends the Christmas weekend taking things from other people's houses in the dark of the night?

If having a few drinks and losing your keys in December is such a sorry state to be in, many of us could potentially be framed in the same terms at some point in our lives. That is one of the reasons I feel so compelled to write this: it is not just Ian who has suffered an injustice here, somebody else could be going through exactly the same experience at the moment you are reading this. Any of us could end up facing an assault as brutal as the tweets imply at some point in the future. At least I can console myself that as a privileged white male, the risk to myself is much lower than for those with mental illness, the homeless, transgender, Muslim or black people but as Ian appears to have discovered, that risk is still very real.

The story reports that officers made a decision to detain Ian on the grounds that he "matched the description of the person trying to break in". This also seems odd. If he had weapons or drugs or he was known to police that would have almost certainly been emphasized. Is it right to rush in and deprive somebody of their liberties without first giving them an opportunity to identify themselves and possibly confirm if they had a reason to be there?

The report goes on, "he was belligerent", "he became violent", "banging his head" all by himself. How often do you see intelligent and successful people like Ian Murdock spontaneously harming themselves in that way? How often do you see reports that somebody "banged their head", all by themselves of course, during some encounter with law enforcement? Does Ms Gatpandan really expect us to believe it is merely coincidence? Do the police categorically deny they ever gave a suspect a shove in the back, or tripped a suspect's legs such that he fell over or just made a mistake?

If any person was genuinely trying to spontaneously inflict a head injury on himself, as the police have suggested, why wouldn't the police leave them in the hospital or other suitable care? Do they really think that when people are displaying signs of such distress, rounding them up and taking them to jail will be in their best interests?

Now, I'm not suggesting that there was a pre-meditated conspiracy to harm Ian personally. Police may have been at the end of a long shift (and it is a disgrace that many US police are not paid for their overtime) or just had a rough experience with somebody far more sinister. On the other hand, there may have been a mistake, gaps in police training or an inappropriate use of a procedure that is not always justified, like a strip search, that causes profound suffering for many victims.

A select number of US police forces have been shamed around the world for a series of incidents of extreme violence in recent times, including the death of Michael Brown in Ferguson, shooting Walter Scott in the back, death of Freddie Gray in Baltimore and the attempts of Chicago's police to run an on-shore version of Guantanamo Bay. Beyond those highly violent incidents, the world has also seen the abuse of Ahmed Mohamed, the Muslim schoolboy arrested for his interest in electronics and in 2013, the suicide of Aaron Swartz which appears to be a direct consequence of the "Justice" department's obsession with him.

What have the police learned from all this bad publicity? Are they changing their methods, or just hiring more spin doctors? If that is their response, then doesn't it leave them with a big advantage over somebody like Ian who is now deceased?

Isn't it standard practice for some police to simply round up anybody who is a bit lost and write up a charge sheet for resisting arrest or assaulting an officer as insurance against questions about their own excessive use of force?

When British police executed Jean Charles de Menezes on a crowded tube train and realized they had just done something incredibly outrageous, their PR office went to great lengths to try and protect their image, even photoshopping images of Menezes to make him look more like some other suspect in a wanted poster. To this day, they continue to refer to Menezes as a victim of the terrorists, could they be any more arrogant? While nobody believes the police woke up that morning thinking "let's kill some random guy on the tube", it is clear they made a mistake and like many people (not just police), they immediately prioritized protecting their reputation over protecting the truth.

Nobody else knows exactly what Ian was doing and exactly what the police did to him. We may never know. However, any disparaging comments from the police should be viewed with some caution.

The horrors of incarceration

It would be hard for any of us to understand everything that somebody goes through when detained by the police. The recently released movie about The Stanford Prison Experiment may be an interesting place to start, a German version produced in 2001, Das Experiment, may be even better.

The United States has the largest prison population in the world and the second-highest per-capita incarceration rate. The system, and the police and prison officers who operate it, treat these people as packages on a conveyor belt, without even the most basic human dignity. Whether their encounter lasts for just a few hours or a decade, is it any surprise that something dies inside them when society is so cruel?

Worldwide, there is an increasing trend to make incarceration as degrading as possible. People may be innocent until proven guilty, but this hasn't stopped police in the UK from locking up and strip-searching over 4,500 children in a five year period, would these children go away feeling any different than if they had an encounter with Jimmy Saville or Rolf Harris? One can only wonder what they do to adults.

What all this boils down to is that people shouldn't really be incarcerated unless it is clear the danger they pose to society is greater than the danger they may face in a prison.

What can people do for Ian and for justice?

Now that the spin doctors have started trying to do a job on him, it would be great to try and fill the Internet with stories of the great things Ian has done for the world. Write whatever you feel about Ian's work and your own experience of Debian.

While the circumstances of the final tweets from his Twitter account are confusing, the tweets appear to be consistent with many other complaints about US law enforcement. Are there positive things that people can do in their community to help reduce the harm?

Sending books to prisoners (the UK tried to ban this) can make a difference. Treat them like humans, even if the system doesn't.

Recording incidents of police activities can also make a huge difference, such as the video of the shooting of Walter Scott or the UK police making a brutal unprovoked attack on a newspaper vendor. Don't just walk past a violent situation and assume the police are the good guys. People making recordings may find themselves in danger, it is recommended to use software that automatically duplicates each recording, preferably to the cloud, so that if the police ask you to delete a recording (why would they?), you can let them watch you delete it and still have a copy.

Can anybody think of awards that Ian Murdock should be nominated for, either in free software, computing or engineering in general? Some, like the prestigious Queen Elizabeth Prize for Engineering can't be awarded posthumously but others may be within reach. Come and share your ideas on the debian-project mailing list, there are already some here.

Best of all, Ian didn't just build software, he built an organization, Debian. Debian's principles have helped to unite many people from otherwise different backgrounds and carry on those principles even when Ian is no longer among us. Find out more, install it on your computer or even look for ways to participate in the project.

02 January, 2016 08:45PM by Daniel.Pocock

hackergotchi for Lunar

Lunar

Reproducible builds: week 33 in Stretch cycle

What happened in the reproducible builds effort between December 6th and December 12th:

Toolchain fixes

  • Steven Chamberlain uploaded makefs/20100306-6 which adds a -T flag which will clamp superblock and file timestamps to a given time in epoch format.
  • Emmanuel Bourg uploaded maven-debian-helper/2.0~exp3 which disable the timestamps and set the locale to en_US when generating the javadoc.

Reiner Herrmann rebased our experimental version of doxygen on version 1.8.9.1-6.

Chris Lamb submitted a patch to make the manpages generated by ruby-ronn reproducible by using the locale-agnostic %Y-%m-%d for the dates.

Daniel Kahn Gillmor took another shot at the issue of source path captured in DWARF symbols. A patch has been sent for review by GCC upstream to add the ability to read an environment variable with -fdebug-prefix-map.

Packages fixed

The following 24 packages have become reproducible due to changes in their build dependencies: gkeyfile-sharp, gprbuild, graphmonkey, gthumb, haskell-yi-language, ion, jackson-databind, jackson-dataformat-smile, jackson-dataformat-xml, jnr-ffi, libcommons-net-java, libproxy, maven-shared-utils, monodevelop-database, mydumper, ndesk-dbus, nini, notify-sharp, pixz, protozero, python-rtslib-fb, slurm-llnl, taglib-sharp, tomboy-latex.

The following packages became reproducible after getting fixed:

Some uploads fixed some reproducibility issues, but not all of them:

  • aptitude/0.7.5-1 by Manuel A. Fernandez Montecelo.
  • asc/2.6.1.0-1 by Markus Koschany.
  • grib-api/1.14.3-2 by Enrico Zini.
  • jacal/1b9-6 uploaded by Barak A. Pearlmutter, original patch by Chris Lamb.

These uploads might have fixed reproducibility issues but could not be tested yet:

Patches submitted which have not made their way to the archive yet:

  • #807159 on monit by Chris Lamb: add support for setting the build date using SOURCE_DATE_EPOCH (already fixed upstream).
  • #807161 on suomi-malaga by Chris Lamb: add support for setting the build date using SOURCE_DATE_EPOCH.
  • #807475 on glance by Chris Lamb: stop recording the number of CPUs on the build system.
  • #807605 on guiqwt by Chris Lamb: add support for setting the copyright year using SOURCE_DATE_EPOCH.

reproducible.debian.net

Files created with diffoscope now have diffoscope in their name instead debbindiff. (h01ger)

Hostnames of first and second build node are now recorded and shown in the build history. (Mattia Rizzolo)

Exchanges have started with F-Droid developers to better understand what would be required to test F-Droid applications. (h01ger)

A first small set of Fedora 23 packages is now also being tested while development on a new framework for testing RPMs in general has begun. A new Jenkins job has been added to set up to mock, the build system used by Fedora. Another new job takes care of testing RPMs from Fedora 23 on x86_64. So far only 151 packages from the buildsys-build group are tested (currently all unreproducible), but the plan is to build all 17,000 source packages in Fedora 23 and rawhide. The page presenting the results should also soon be improved. (h01ger, Dhiru Kholia)

For Arch Linux, all 2223 packages from the “extra” repository will also be tested from now on. Packages in “extra" are tested every four weeks, while those from “core” every week. Statistics are now displayed alongside the results. (h01ger)

jenkins.debian.net has been updated to jenkins-job-builder version 1.3.0. Many job configurations have been simplified and refactored using features of the new version. This was another milestone for the jenkins.debian.org migration. (Phil Hands, h01ger)

diffoscope development

Chris Lamb announced try.diffoscope.org: an online service that runs diffoscope on user provided files.

Screenshot of try.diffoscope.org

Improvements are welcome. The application is licensed under the AGPLv3.

On diffoscope itself, most pending patches have now been merged. Expect a release soon!

Most of the code implementing parallel processing has been polished. Sadly, unpacking archive is CPU-bound in most cases, so the current thread-only implementation does not offer much gain on big packages. More work is still require to also add concurrent processes.

Documentation update

Ximin Luo has started to write a specification for buildinfo files that could become a larger platform than the limited set of features that were thought so far for Debian .buildinfo.

Package reviews

113 reviews have been removed, 111 added and 56 updated in the previous week.

42 new FTBFS bugs were opened by Chris Lamb and Niko Tyni.

New issues identified this week: timestamps_in_documentation_generated_by_docbook_dbtimestamp, timestamps_in_sym_l_files_generated_by_malaga, timestamps_in_edj_files_generated_by_edje_cc.

Misc.

Chris Lamb presented reproducible builds at skroutz.gr.

02 January, 2016 06:24PM

Niels Thykier

“dput change-all-of-debian.changes”

Lucas Nussbaum recently did a blog post called “Debian is still changing“.  I found it a very welcome continuation of his previous blog post on the same topic.  I find the graphs very interesting and was very happy to learn that he included relative graphs this time.

Now I can with relatively ease say that 69% of all Debian packages are using a dh-style build (source).  We have another 15% using classic debhelper, which means that at least 84% of all packages uses debhelper directly.  Assuming all CDBS based packages rely on the “debhelper class”, we are at 99%!  The latter is certainly an assumption, although I suspect it is probably pretty accurate[1].

 

Now, it is very cute to have “world dominance”, but that is not my primary interest in these numbers.  Instead, we can use these numbers to determine that:

  • We can deploy changes to up to 99% of all source packages via existing debhelper tools
  • We can deploy changes to up to 84% of all sources packages via debhelper + CDBS if it requires a new debhelper tool.

Such as automatic dbgsym packages, indexable build-id from dbg(sym) packages via Packages files[2], and replacing maintscripts with ldconfig triggers. All of these changes happen to be changes that could be trivially deployed with very little risk and very high efficiency[3].  Notably, none of them required a compat bump (or a new debhelper tool).

Of course, I do not intend to say that every change can (or should) be deployed via debhelper and much less into an existing “dh_cmd”-tool.  Notably, dh_strip is reaching its breaking point for content.  And if we were to require a compat bump for your change, we can now at least see the adoption rate via lintian. :)

Nevertheless, it is nice to know that (politics aside) there is some agility in the Debian build system! :)

 

[1] I would very much love to see numbers to (dis)prove my assumption about CDBS + debhelper.  In fact, an absolute number of packages not using debhelper (indirectly) in Debian would be very intriguing.

[2] New fields by default end up the Packages file.  See e.g. the Packages.xz file on the debug mirror or your apt-cache via:

apt-cache show mscgen-dbgsym | grep ^Build-Ids

The latter assumes that you have the debug mirror in your sources list.

[3] Efficiency here being features people rarely override/disable.


Filed under: Debhelper, Debian

02 January, 2016 12:28PM by Niels Thykier

hackergotchi for Iain R. Learmonth

Iain R. Learmonth

Adventures at London Luton

Continuing on my journey home, once again I was asked to step into the full-body scanner. This time I was certain that I didn't want to use it, I was so angry last time that I had been forced into it that I actually threw up.

It wasn't until I was in tears and asking them to take my bags off the plane, planning to take the train instead, that they gave me the manual pat-down.

"Voluntary" apparently has a different meaning to the one I'm familiar with here.

02 January, 2016 10:32AM by Iain R. Learmonth

hackergotchi for Steve Kemp

Steve Kemp

Restoring my system .. worked

A while back I wrote about some issues with converting a two-disk RAID system to a one-disk system, but just to recap:

  • We knew were were moving to Finland.
  • The shared/main computer we used in the UK was old and slow.
  • A new computer in Finland would be more expensive than it should be.
  • Equally transporting a big computer from the UK would also be silly.

In the end we bought a small form-factor PC, with only a single drive and I moved one of the two drives from the old machine into it. Then converted it to run happily with only a single drive, and not email every day to say "device missing".

So there things stood, we had a desktop with a single drive, and I ensured that I took full daily backup via attic.

Over Chrismas the two-year old drive failed. To the extent I couldn't even get it to be recognized by the BIOS, and thus couldn't pull data off it. Time to test my backups in anger! I bought a new drive, installed a minimal installation of the Jessie release of Debian onto the system, and then ran:

 cd /
 .. restore latest backup ..

Two days later I'd pulled 1.3Tb over the network, and once I fixed up grub, /etc/fstab, and a couple of niggles it all just worked. Rebooted to make sure the temporary.home hostname, etc, was all gone and life was good.

Restored backup! No errors! No data-loss! Perfect!

The backup-script I use every day was very very good at making sure nothing was missed:

attic create --stats --checkpoint-interval=7200 attic@${remote}:/attic/storage::${host}-$(date +%Y-%m-%d-%H)
  --exclude=/proc      \
  --exclude=/sys       \
  --exclude=/run       \
  --exclude=/dev       \
  --exclude=/tmp       \
  --exclude=/var/tmp   \
  --exclude=/var/log   \
  /

In other news I published my module for controlling the new smart lights I've bought

02 January, 2016 07:00AM

hackergotchi for Iain R. Learmonth

Iain R. Learmonth

Fun in Hamburg Airport

Today I'm travelling home from 32c3, back to Aberdeen via London from Hamburg Airport. My experience passing through security to get to the gates this morning has angered me to the point that I had to vent.

They have full-body scanners installed, which in my opinion are a massive invasion of my personal privacy. As I approached the security checkpoint, I noticed a sign where it stated that use of the scanner was not mandatory and that a manual screening process was available.

Once I'd loaded my bags into the trays, I asked the security officer how to opt for the manual screening at which point I was told it was not available due to a lack of staff.

I was forced to allow for an intimate scan to take place or miss my flight. I'm not really in a position to be making alternative arrangements for travel and so I had to submit but it has left me outraged.

Privacy is about the ability to choose what I share and who I share it with. This was meant to be a right protected by the ECHR, but I guess human rights are outdated now we're entering 2016.

Bring on the dystopian future!

02 January, 2016 04:19AM by Iain R. Learmonth

hackergotchi for Junichi Uekawa

Junichi Uekawa

2015 added a new family member.

2015 added a new family member. That meant that I needed a new approach to working and my personal life. What awaits 2016?

02 January, 2016 01:01AM by Junichi Uekawa

January 01, 2016

Russ Allbery

2015 Book Reading in Review

2015 was another very busy year, but one of stabilization, rebuilding, and recovery. I got through the ramp-up period with my new job, found a better role inside the company for my personal talents and preferences, and ended the year on a professional high note. I also moved, to a place I like much better. It was a year for taking things as they come, focusing on priorities, letting other things slip, and being realistic about how much I can do.

All of that, plus quite a lot of company, a business trip, and a few other unexpected distractions, meant less reading than I would have preferred. However, I did catch up completely on review writing, which is another happy sign of stabilization. Reviews came in spotty bursts, but they did come.

The only explicit reading goal I'm making for 2016 is to read more than I did in 2015. I'm still working out the best priorities and schedule for me, and finding the best work/life balance points, so a predictable reading schedule will have to wait a while longer.

The below statistics are confined to the books I reviewed in 2015, but thanks to significant catch-up work, I've only read one book that I have not yet reviewed (and I finished that one on December 31st). That book will be counted in 2016.

Once again, the year saw two 10 out of 10 books, and once again, my favorite book of the year was written by Ann Leckie. The conclusion of the Imperial Radch trilogy, Ancillary Mercy, is as good or better than the start. The second book of the trilogy, Ancillary Sword, was also among my 2015 reviews and got 9 out of 10. I highly recommend the entire trilogy, beginning with Ancillary Justice (my book of the year in 2014), to anyone who hasn't read it.

The second 10 out of 10 was non-fiction: Randall Munroe's What If? collection, featuring some material from the web site feature that accompanies xkcd and some original material. These are longer essays exploring interesting bits of science, math, and guesswork in the context of hypothetical questions that usually become surprisingly destructive. As the review says, try a few samples from the web site and see if this is your thing. I loved it.

Despite my continuing low reading totals, this was a year full of fiction stand-outs. Becky Chambers's The Long Way to a Small, Angry Planet was the surprise of the year for me: a heart-warming, delightful story of chosen family. Jo Walton's My Real Children was less of a surprise because I already knew she is an excellent writer, but it was probably the best-written book I read all year. In turns sad, thoughtful, and determined, it's slice-of-life fiction so good that it overcame my normal dislike of that subject matter. Other fiction highlights are parts of series: the first two Steerswomen books by Rosemary Kirstein (The Steerswoman and The Outskirter's Secret), which dance between fantasy and scientific discovery, and Seanan McGuire's One Salt Sea, the best of all the October Daye books I've read.

In non-fiction, the other book that stands out is Jenny Lawson's Let's Pretend This Never Happened. This combination of memoir and stand-up comedy in book form is one of the funniest things I've read, and it mixes that humor with self-awareness and generous openness. It's a book about being a little crazy and a lot anxious, finding ways to cope by laughing at yourself, and inviting the rest of the world to join in.

Finally, Sydney Padua's The Thrilling Adventures of Lovelace and Babbage straddles the line between fiction and non-fiction, but certainly deserves a place in the year-end round-up. Full of great art, humor, steampunk, footnotes galore, and numerous forms of geekery, it's a collection I've been waiting for since Padua's very occasional comic got its moment of Internet fame.

The full analysis includes some additional personal reading statistics, probably only of interest to me.

01 January, 2016 11:54PM

hackergotchi for Mehdi Dogguy

Mehdi Dogguy

In memoriam: Ian Murdock

It is with great sadness that I learned of the passing of Ian Murdock. I have never had the chance to meet him. Several persons testify for his kindness and talent. We will always remember him. His legacy influences our lives everyday!

Looking at his latest blog posts, he seemed a bit nostalgic about Debian and still very proud of it.

Later, he wrote about how he came to find Linux and the importance of telling the story of hackers of his generation. In his memory, I'll reread Stephen Levy’s Hackers for the nth time too.

When (if?) his webserver will shut down, you will still be able to read his past blog posts using the archived version of his website or a static mirror that has been set up.

RIP Ian.

01 January, 2016 10:02PM by Mehdi (noreply@blogger.com)

hackergotchi for Bdale Garbee

Bdale Garbee

Term Limited

I woke up this morning and realized that for the first time since 17 April 2001, I am no longer a member of the Debian Technical Committee.

My departure from the committee is a consequence of the Debian General Resolution "limiting the term of the technical committee members" that was passed amending the Debian Constitution nearly a year ago. As the two longest-serving members, both over the term limit, Steve Langasek and I completed our service yesterday.

In early March 2015, I stepped down from the role of chairman after serving in that role for the better part of a decade, to help ensure a smooth transition. Don Armstrong is now serving admirably in that role, I have the utmost respect for the remaining members of the TC, and the process of nominating replacements for the two now-vacant seats is already well underway.

So, for the Debian project as a whole, today is really a non-event... which is exactly as it should be! Debian has been a part of my life since 1994, and I sincerely hope to be able to remain involved for many years to come!

01 January, 2016 06:39PM

Thorsten Alteholz

My Debian Activities in December 2015

FTP assistant

Due to Christmas, I only marked 254 packages for accept and rejected 17 of them. I had to send 14 emails to maintainers.

Squeeze LTS

This was my eighteenth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

As other members of the LTS team had to give back some hours of their workload, this month my initial workload of 18.25h had been increased to 21.25h. Altogether I uploaded those DLAs:

  • [DLA 370-1] bind9 security update
  • [DLA 373-1] libxml2 security update
  • [DLA 375-1] libpng security update

I also started to work on CVEs for packages t-coffee and pitivi, only to recognize that the versions in Squeeze are not affected. Further I prepared patches for passenger and srtp but I could not test them yet, so an upload will be in January.

This month I also experienced something strange. Due to the upload of the new version of mysql, I had to process a package for squeeze-lts in NEW. I seldom see a package, that creates so much “red” output from lintian. I assume this always happens when an “old” package will be checked by the latest lintian and is a good sign for all the development within Debian.

I also tested Raphaels patch for #796784 and could confirm that everything works as expected.

Unfortunately the php5 upload must be delayed until Januar.

This month I also had another week of frontdesk duties.

Other stuff

The Advent season is over and the Debian Med Advent Calendar is full to bursting. The incredible number of 150 bugs have been closed this year!

Due to the GSL transition a new upload of all meep packages had to be done and all in all I could close #748822, #807210, #807212, #807213, #807214, #807215 and #807747.

01 January, 2016 06:05PM by alteholz

Zlatan Todorić

Thank you ancenstor

When I found out that our founding father died it really was hard for me. I took it like a real man. I cried and then I choose to write a blog post.

I never met Ian, but he changed my life with his humble but great decision some 22 years ago. Not only mine. He changed many of us. He empowered us, he gave us something we didn't have before. Without Debian I would never be person I am today and I am happy to say that I am still growing with incredible pace everyday. Every. Single. Day.

We all are Ian and we will continue to keep up the fire on the torch. I can say one thing, in coming decades and centuries society is gonna get better and I am sure it will be because of Debian. Debian community will overtake the world because we are not only universal OS, we are social movement for better life where many of people I love found their home. You know, the swirl is the gear that keeps one awesome family keep going on and growing every single day. And I can be proud to say, I lived in time where Ian made a choice that changed the world.

Thank you founding father, you will be remembered and celebrated forever.

01 January, 2016 04:23PM by Zlatan Todoric

Niels Thykier

Debian, please plan for Stretch

In the 4th quarter of 2016, we will freeze Debian Stretch.  If you are hoping to do any larger changes for Stretch, please consider starting on them now.  This also includes features that need to be in APT/dpkg (etc.) in Stretch, so we can start using them for Buster.

Even something as “trivial” as the automatic dbgsym packages took over 8 months to “complete” (from the prototype was announced in April).  I call it “trivial” because:

  • The specs were simple and were fairly easy to implement
    • Not to mention, the basic idea was already implemented before in e.g. Ubuntu (albeit differently).
  • The chosen implementation only had 3 primary tools affected that truly blocked deploying dbgsym packages in Debian.
    • dak
    • debhelper
    • dpkg
  • I have yet to hear anyone being against the idea itself.
    • There were some concerns about various implementation details.  Fortunately almost all of them had trivial or “obvious” solutions.
  • We could deploy dbgsym packages immediately once the primary tools had been patched in/for unstable.
    • Compared to Multi-Arch, Build-Profiles etc., where we had to wait till the next release before using the feature.
    • It also meant we could immediately test that the feature worked as intended (rather than discovering bugs post release).

NB: There were certainly other parties involved.  But these were the most important ones.

Mind you, the dbgsym saga is not complete yet.  We are still lacking support for migrating dbgsym packages to testing (and, by extension, the next stable release as well).  Meanwhile, you can pull the dbgsym packages from snapshot.debian.org.

 

In summary: If you want a larger change to land in Debian Stretch, please start already now. :)


Filed under: Debian, Release-Team

01 January, 2016 02:52PM by Niels Thykier

Russ Allbery

Review: One Salt Sea

Review: One Salt Sea, by Seanan McGuire

Series: October Daye #5
Publisher: DAW
Copyright: September 2011
ISBN: 1-101-54760-X
Format: Kindle
Pages: 368

This is the fifth book of the October Daye series. It's the best book of the series to date, at least in my opinion, but this is a series with a substantial cast and political complications. You could probably start here and work out things on the fly, since each story is largely self-contained, but much of the emotional resonance would be lost.

As expected for this series, Toby's life doesn't have much time to stabilize after the events of Late Eclipses. This time, though, the initial threat is less personal and more political. The children of the rulers of the Duchy of Saltmist have been kidnapped, and war between Saltmist and the Kingdom of the Mists (Toby's home) is very near. All that stands in the way of horrible casualties, of fae that can scarce afford more death, is Toby's desperate detective work.

Toby's confidence and belief in her own abilities has been growing steadily throughout this series. One of my favorite themes in fiction is someone who doesn't really believe in themselves but tries anyway, because they couldn't live with themselves if they didn't, and discovers they're more capable than they thought. In this series, I think that works best when Toby is less scared and more angry, which is very true in One Salt Sea. That's one reason why I liked this book better than either An Artificial Night or Late Eclipses.

Another is that I love the politics and the depth of world-building and lore that McGuire brings to this series, and One Salt Sea is a showcase of both. We get the Undersea Duchy of Saltmist, which comes from both different traditions and different fae than the series so far. We get a plot that combines political maneuvering with a more traditional detective story than the last few books. We get more hidden traditions, past alliances and enmity that Toby didn't know about, and further development of Toby's own abilities. She has to tug hard on some threads, move between levels of the fae world, and draw on her network for uniquely fae forms of forensic analysis. I thoroughly enjoyed it, particularly the rocks. (You'll know what I mean when you get to that part.)

But the best thing about this book, by far, is the Luidaeg.

I've mentioned in reviews of previous books that the Luidaeg is my favorite character of the series. One Salt Sea just cements that. This is the deepest that the Luidaeg has been involved in a story: she gives Toby her mission at the start, substantial help along the way, and is deeply involved in the ending. We even learn some of her own background, and some of her own worries and pain. (And foreshadowing that there's more of this to come, which I'm eagerly looking forward to.) She's moved from a strange ally through a cautious friend to some combination of aunt and mother to Toby, while always staying her irascible and occasionally painful self. The bits with her in this book are the best so far, and there are a lot of them. It's a delightful reading experience.

McGuire also uses this story to clear up a plot element that's been lingering since the first book of the series, but that never worked emotionally for me. (I'm talking about this indirectly since it's a significant spoiler.) It's a great resolution, one with heft and emotion and hard choices and pain, and largely makes up for the showing rather than telling that we've gotten in the previous books, while also (at least I suspect) graciously shuffling that plot out of the way in future books. It's a good bit of series work and personal growth for Toby, and I think frees the series to focus on the bits I enjoy the most.

The ending of One Salt Sea hurts, but it's a good hurt, full of hard choices made well, bravery, and sacrifice. The best moments of this series have always had that, but I think this book is the most successful delivery of the whole package to date.

This has always been a solid urban fantasy series, but I think it's getting better as it goes along. One major reason is that McGuire doesn't seem to be running out of world-building oomph. In a lot of urban fantasy, particularly the werewolf and vampire sort, I feel like the lore gets thinner, more rehashed, and more mundane as the series ages. But McGuire is still introducing new elements, showing existing elements from new directions and in new light, and has been slowly building major puzzles around Toby's life and abilities that intrigue me. And, even more rare, the eventual revelations usually live up to the preceding tension. It's certainly a recipe to keep me reading.

Followed by Ashes of Honor.

Rating: 9 out of 10

01 January, 2016 02:45AM

hackergotchi for Norbert Preining

Norbert Preining

Best Wishes for 2016

Happy New Year 2016. I wish all the readers of this blog, and everyone else, a good start into 2016, may some of your wishes and hopes become true!

あけましておめでとうございます。このブログの読者の皆様も他の人も、皆に良い2016年になり、いくつかの希望と望みが実現しますように祈っています。

nengajo2015-web

01 January, 2016 01:13AM by Norbert Preining

hackergotchi for Matthew Garrett

Matthew Garrett

The current state of boot security

I gave a presentation at 32C3 this week. One of the things I said was "If any of you are doing seriously confidential work on Apple laptops, stop. For the love of god, please stop." I didn't really have time to go into the details of that at the time, but right now I'm sitting on a plane with a ridiculous sinus headache and the pseudoephedrine hasn't kicked in yet so here we go.

The basic premise of my presentation was that it's very difficult to determine whether your system is in a trustworthy state before you start typing your secrets (such as your disk decryption passphrase) into it. If it's easy for an attacker to modify your system such that it's not trustworthy at the point where you type in a password, it's easy for an attacker to obtain your password. So, if you actually care about your disk encryption being resistant to anybody who can get temporary physical possession of your laptop, you care about it being difficult for someone to compromise your early boot process without you noticing.

There's two approaches to this. The first is UEFI Secure Boot. If you cryptographically verify each component of the boot process, it's not possible for a user to compromise the boot process. The second is a measured boot. If you measure each component of the boot process into the TPM, and if you use these measurements to control access to a secret that allows the laptop to prove that it's trustworthy (such as Joanna Rutkowska's Anti Evil Maid or my variant on the theme), an attacker can compromise the boot process but you'll know that they've done so before you start typing.

So, how do current operating systems stack up here?

Windows: Supports UEFI Secure Boot in a meaningful way. Supports measured boot, but provides no mechanism for the system to attest that it hasn't been compromised. Good, but not perfect.

Linux: Supports UEFI Secure Boot[1], but doesn't verify signatures on the initrd[2]. This means that attacks such as Evil Abigail are still possible. Measured boot isn't in a good state, but it's possible to incorporate with a bunch of manual work. Vulnerable out of the box, but can be configured to be better than Windows.

Apple: Ha. Snare talked about attacking the Apple boot process in 2012 - basically everything he described then is still possible. Apple recently hired the people behind Legbacore, so there's hope - but right now all shipping Apple hardware has no firmware support for UEFI Secure Boot and no TPM. This makes it impossible to provide any kind of boot attestation, and there's no real way you can verify that your system hasn't been compromised.

Now, to be fair, there's attacks that even Windows and properly configured Linux will still be vulnerable to. Firmware defects that permit modification of System Management Mode code can still be used to circumvent these protections, and the Management Engine is in a position to just do whatever it wants and fuck all of you. But that's really not an excuse to just ignore everything else. Improving the current state of boot security makes it more difficult for adversaries to compromise a system, and if we ever do get to the point of systems which aren't running any hidden proprietary code we'll still need this functionality. It's worth doing, and it's worth doing now.

[1] Well, except Ubuntu's signed bootloader will happily boot unsigned kernels which kind of defeats the entire point of the exercise
[2] Initrds are built on the local machine, so we can't just ship signed images

comment count unavailable comments

01 January, 2016 12:48AM

Stein Magnus Jodal

December contributions

The following is a short summary of my open source work in December, following up on my first report in November.

Debian

Mopidy

  • The feature/gst1 branch: Finished porting Mopidy from GStreamer 0.10 to PyGI and GStreamer 1.x. Merge of the branch is currently blocked on a single test failure (test_gapless) and issues with transitioning from one track to another with Mopidy-Spotify, which is the only backend using an appsrc for playback.

    The goal is for this branch to be part of Mopidy 1.2, which I hope to have in Debian/Ubuntu before the Ubuntu 16.04 import freeze February 18.

  • The feature/py3-compat branch: I’ve worked quite a bit on this private branch, frequently rebased on top of feature/gst1. Currently Mopidy starts without any crashes on Python 3 and the test suite is down to 262 failed and 1841 passed tests.

    My current thinking, is that this will become part of a Mopidy 2.0 release, which will support both Python 2.7 and 3.4+. As soon as most of Mopidy’s extension ecosystem supports Python 2+3, a new Mopidy major release (3.0?) will drop Python 2 support.

  • Merged a bunch of pull requests, both targeting the 1.1.2 bug fix release and the 1.2 feature release.

01 January, 2016 12:00AM

December 31, 2015

hackergotchi for Laura Arjona Reina

Laura Arjona Reina

Thanks Ian, thanks Debian

I didn’t know Ian Murdock but the news about his passing left me with a very strange and sad feeling, because he started the project that creates the tool that I use every day in my work, and everyday in my communication with my family and friends, and everyday for anything computer related… It’s like if somebody puts a treasure in your hands and you got distracted looking at it and when you head up to look at the person and say ‘Thank you’, he’s gone…

And, in the last years, Debian for me is not just ‘my favorite tool’, I’ve been slowly getting involved in the community, known some people here and there, been able to put some work to try to improve some small parts, been able to work with other people as a team, and I’ve been touched many times admiring how the Debianers work, how they talk and write, how they behave to each other and to the ones that reach the community for first time, and to the world, since most of the communication and work is public… I’ve felt myself helped, welcomed, encouraged, empowered. Not only in my computer related skills or the improved capabilities of my humble hardware. I’ve felt myself helped, welcomed, encouraged and empowered in important areas of my life (understanding other points of view, caring about the ones that don’t speak aloud, enjoying diversity and becoming flexible to make it flourish, making friends…). And I like to think that I try to emulate that and help, welcome, encourage, empower others too… I’m learning.

Thanks Ian, for this alive and growing treasure that is Debian (the OS, the community), and thanks Debian, for the past, present and future miracles.


Filed under: My experiences and opinion Tagged: Communities, Contributing to libre software, Debian, English, Moving into free software

31 December, 2015 08:06PM by larjona

hackergotchi for Chris Lamb

Chris Lamb

Free software activities in December 2015

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):

Debian

My work in the Reproducible Builds project was also covered in more depth in Lunar's weekly reports (#31, #32, #33, #34).

LTS


This month I have been paid to work 12 hours on Debian Long Term Support (LTS). In that time I did the following:

  • Issued DLA 363-1 for libphp-phpmailer fixing a header injection vulnerability.
  • Issued DLA 365-1 for foomatic-filters correcting a shell injection vulnerability.
  • Issued DLA 369-1 for pygments fixing an issue shell injection vulnerability.
  • Issued DLA 374-1 for cacti to fix an SQL injection vulnerability.
  • Did some futher investigation of CVE-2011-5325 in busybox.

Uploads

  • python-django (1.9) — New upstream release.
  • redis (3.0.6) — New upstream stable release. I additionally backported this package to Debian stable.
  • redis (3.2~rc1) — Uploaded upstream's "testing/next" branch to experimental for testing.
  • gunicorn (19.4.1) — New upstream release.

Patches contributed


I also filed FTBFS bugs against acpid, android-platform-frameworks-base, antlr3, artemis, beignet, bisonc++, bobcat, bustle, cargo, checkbox-ng, code2html, cplay, datanommer.commands, dcmtkpp, debci, diffutils, diod, django-restricted-resource, docker-libkv, doomsday, dvdauthor, dwww, elasticsearch, elki, flask-script, freeipa, fso-frameworkd, funny-manpages, ggcov, ghc-mod, gmpc-plugins, gparted, gs-collections, guacamole-server, guncat, haskell-concrete-typerep, haskell-geniplate, haskell-nats, haskell-x509-util, hawtbuf, heimdal, htsjdk, inspircd, jboss-xnio, jenkins-winstone, jpeginfo, jruby-openssl, kaffeine, kdbg, ktp-accounts-kcm, kuser, libcommons-cli-java, libcommons-openpgp-java, libconfig-model-lcdproc-perl, libdata-faker-perl, libexplain, libgettext-commons-java, libgtk2-ex-printdialog-perl, libmoops-perl, libnet-frame-perl, libsendmail-milter-perl, libupnp, libuv, libvpx, liwc, m4, maven2, meep-mpich2, nagios-plugin-check-multi, natlog, netpipe, ocserv, ogre-1.8, orthanc-dicomweb, perspectives-extension, php-mail, php-pinba, phpseclib, pkg-haskell-tools, plastimatch, plexus-compiler, plexus-compiler-1.0, python-acme, python-crontab, python-cs, python-csscompressor, python-debian, python-distutils-extra, python-django-compressor, python-django-openstack-auth, python-django-tagging, python-pygit2, python-pyramid, python-pywcs, python-releases, python-shade, python-statsd, python-tasklib, python-tasklib, python-webm, python-websockets, regina-normal, rinetd, roboptim-core, rpm2html, rpm2html, ruby-factory-girl, ruby-fogbugz, ruby-i18n-inflector, ruby-loofah, ruby-protected-attributes, ruby-rack-contrib, ruby-rufus-scheduler, ruby-sanitize, ruby-sidetiq, ruby-sinatra, scsh-0.6, shogun, sleekxmpp, slugimage, spatial4j, sqwebmail-de, trac-announcer, ttt, txaws, umbrello, wine-gecko-2.21, xboxdrv, xfonts-wqy, xserver-xorg-video-openchrome, yorick & yoshimi.

31 December, 2015 11:05AM

hackergotchi for Raphaël Hertzog

Raphaël Hertzog

My Free Software Activities in December 2015

My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it’s one of the best ways to find volunteers to work with me on projects that matter to me.

Debian LTS

This month I have been paid to work 21.25 hours on Debian LTS. During this time I worked on the following things:

  • Sent a first patch and later an updated patch to modify DAK so that it can send the accept/reject mails to the signer of the upload instead of the maintainer. Details in #796784.
  • Uploaded MySQL 5.5 compabitility fixes for phpmyadmin and postfix-policyd so that we could release MySQL 5.5 as an upgrade option MySQL 5.1 (see DLA 359-1).
  • Released DLA 361-1 on bouncycastle after having gotten the green light from upstream.
  • Released DLA 362-1 on dhcpd fixing three CVE.
  • Released DLA 366-1 on arts fixing one CVE.
  • Released DLA 367-1 on kdelibs fixing one CVE.
  • Handled the LTS frontdesk for a whole week.
  • Sponsored the upload of foomatic-filters for DLA 371-1.
  • Filed #808256 and #808257 to get libnsbmp/libnsgif removed. Both packages had recent CVE and were sitting unused in Debian since their introduction 6 years ago…
  • Released DLA 372-1 announcing the end of support of virtualbox-ose.
  • Updated git repository of debian-security-support to account for the former change and also took care of a few pending issues.
  • Released DLA 376-1 on mono to fix one CVE.
  • Added some initial DEP-8 tests to python-django that will help to ensure that a security update doesn’t break the package.

Distro Tracker

I put a big focus on tracker.debian.org work this month. I completed the switch of the mail interface from packages.qa.debian.org to tracker.debian.org and I announced the change on debian-devel-announce.

The changes resulted in a few problems that I quickly fixed (like #807073) and some other failures seen only by me and that were generated by weird spam messages (did you know that a subject can’t have a newline character but that it can be encoded and folded over multiple lines?).

Related to that I fixed some services so that they send their mails to tracker.debian.org directly instead of relying on the old emails (they get forwarded for now but it would be nice to be able to get rid of that forward). I updated (with the help of Lucas Nussbaum) the service that forwards the Launchpad bugs to the tracker, I sent a patch to update the @packages.debian.org aliases (not yet applied), I updated the configuration of all git commit notice scripts in the Alioth collab-maint and python-modules project (many remain to be done). I asked Ubuntu’s Merge-O-Matic to use the new emails as well (see LP 1525497). DAK and the Debian BTS still have to be updated, as of yet nobody reacted to my announce… last but not least I updated many wiki pages which duplicated the instructions to setup the commit notice sent to the PTS.

While on a good track I opted to tackle the long-standing RC bug that was plaguing tracker.debian.org (#789183), so I updated the codebase to rely on Twitter’s bootstrap v4 instead of v2. I had to switch to something else for the icons since glyphicons is no longer provided as part of bootstrap and the actual license for the standalone version was not suitable for use. I opted for Github’s Octicons. I made numerous little improvements while doing that (closing some bugs in the process) and I believe that the result is more pleasant to use.

I also did a lot of bug triage and fixed a few small issues like the incomplete architecture list (#793547), or fixing a page used only by people with javascript disabled that was not working. Or the invalid links for packages still using CVS (ugh, see #561228).

Misc packaging

Django. After having added DEP-8 tests (as part of my LTS work, see above), I discovered that the current version in unstable did not pass its test suite… so I filed the issue upstream (ticket 26016) and added the corresponding patch. And I encouraged others to update python-bcrypt in Debian to a newer version that would have worked with Django 1.9 (see #803096). I also fixed another small issue in Django (see ticket 26017 with my pull request that got accepted).

I asked the release managers to consider accepting the latest 1.7.x version in jessie (see #807654) but I have gotten zero answer so far. And I’m not the only one waiting an answer. It’s a bit of a sad situation… we still have a few weeks until the next point release but for once I do it in advance and I would love to have timely feedback.

Last but not least, I started the maintaining the current LTS release (1.8.x) in jessie-backports.

Tryton. I upgraded to Tryton 3.8 and discovered an issue that I filed in #806781. I sponsored 5 new tryton modules for Matthias Behrle (who is DM) as well as one security upload (for CVE-2015-0861).

Debian Handbook. I uploaded a new version to Debian Unstable and requested (to the release managers) the permission to upload a backport of it to jessie so that jessie has a version of the package that documents jessie and not wheezy… contrary to my other Django request, this one should be non-controversial but I also have had zero answer so far, see #807515.

Misc. I filed #808583 when sbuild stopped working with Perl 5.22. I handled #807860 on publican, I found the corresponding upstream ticket and discovered a work around with the help of upstream (see here).

Kali related work

I reported a bug to #debian-apt about apt miscalculating download size (ending up with 18 EB!) which resulted in a fix here in version 1.1.4. Installing a meta-package that needed more than 2GB was no longer possible without this fix and we have a kali-linux-all metapackage in that situation that gets regularly installed in a Jenkins test.

I added captcha support to Distro Tracker and enabled this feature on pkg.kali.org.

I filed #808863 against uhd-host because it was not possible to install the package in a systemd-nspawn’s managed chroot where /proc is read-only. And we started using this to test dist-upgrade from one version of Kali to the next…

Thanks

See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

31 December, 2015 10:51AM by Raphaël Hertzog

December 30, 2015

Bits from Debian

Debian mourns the passing of Ian Murdock

Ian Murdock

With a heavy heart Debian mourns the passing of Ian Murdock, stalwart proponent of Free Open Source Software, Father, Son, and the 'ian' in Debian.

Ian started the Debian project in August of 1993, releasing the first versions of Debian later that same year. Debian would go on to become the world's Universal Operating System, running on everything from embedded devices to the space station.

Ian's sharp focus was on creating a Distribution and community culture that did the right thing, be it ethically, or technically. Releases went out when they were ready, and the project's staunch stance on Software Freedom are the gold standards in the Free and Open Source world.

Ian's devotion to the right thing guided his work, both in Debian and in the subsequent years, always working towards the best possible future.

Ian's dream has lived on, the Debian community remains incredibly active, with thousands of developers working untold hours to bring the world a reliable and secure operating system.

The thoughts of the Debian Community are with Ian's family in this hard time.

His family has asked for privacy during this difficult time and we very much wish to respect that. Within our Debian and the larger Linux community condolences may be sent to in-memoriam-ian@debian.org where they will be kept and archived.

30 December, 2015 07:15PM by Ana Guerrero Lopez, Donald Norwood and Paul Tagliamonte

Debian lamenta el decés de l'Ian Murdock

Ian Murdock

Amb el cor compungit, Debian lamenta la pèrdua d'Ian Murdock, ferm partidari del programari lliure i de codi obert, pare, fill i l'"ian" a Debian.

L'Ian va començar el projecte Debian l'agost de 1993, i va publicar les primeres versions més tard el mateix any. Debian es convertiria en el sistema operatiu universal pel món, que funciona en tot tipus de dispositius, des de sistemes encastats fins a l'estació especial.

L'Ian es va centrar en crear una distribució i una cultura de comunitat que fessin el correcte, èticament o tècnica. Publicar quan estigui a punt i la ferma posició sobre la llibertat de programari són les regles d'or en el món del programari lliure i de codi obert.

La seva devoció per fer el correcte va guiar la seva feina, tant a Debian com els següents anys, sempre treballà per assolir el millor futur possible.

El somni de l'Ian està viu, la comunitat de Debian continua increïblement activa, amb milers de desenvolupadors que treballen innumerables hores per proporcionar un sistema operatiu segur i fiable.

Els pensaments de la comunitat de Debian són amb la família de l'Ian en aquests moments tant durs.

La seva família ens ha demanat privacitat en aquests moments difícils i volem respectar-ho. Des de Debian i des de la comunitat de Linux en general podem enviar mostres de condol a in-memoriam-ian@debian.org; seran guardades i arxivades.

30 December, 2015 07:15PM by Ana Guerrero Lopez, Donald Norwood i Paul Tagliamonte

Debian lamenta el fallecimiento de Ian Murdock

Ian Murdock

Con el corazón compungido, Debian lamenta el fallecimiento de Ian Murdock, firme partidario del software libre y abierto, padre, hijo y el 'ian' en Debian.

Ian empezó el proyecto en agosto de 1993, publicando la primera versión de Debian más tarde en el mismo año. Debian se convertiría así en el sistema operativo universal para el mundo, funcionando en cualquier dispositivo, desde sistemas embebidos hasta la estación espacial.

Ian se centró en crear una distribución y una cultura de comunidad que hiciera lo correcto tanto en lo ético como en lo técnico. Publicar cuando esté listo y una postura firme sobre la libertad de software son las reglas de oro en el mundo del software libre y de código abierto.

La devoción le guió en su trabajo, tanto en Debian como en los años posteriores, siempre trabajando hacia un futuro lo mejor posible.

El sueño de Debian está vivo, la comunidad permanece increíblemente activa con miles de desarrolladores que trabajan incontables horas para ofrecer un sistema operativo seguro y confiable.

La comunidad de Debian da el pésame a la familia en este momento tan difícil.

Su familia nos ha pedido discreción durante estos momentos difíciles y deseamos respetarlo. Desde dentro de Debian y de la amplia comunidad de Linux podemos expresar nuestras muestras de condolencia a in-memoriam-ian@debian.org, donde serán guardadas y archivadas.

30 December, 2015 07:00PM by Ana Guerrero Lopez, Donald Norwood y Paul Tagliamonte

hackergotchi for Francois Marier

Francois Marier

Linux kernel module options on Debian

Linux kernel modules often have options that can be set. Here's how to make use of them on Debian-based systems, using the i915 Intel graphics driver as an example.

To get the list of all available options:

modinfo -p i915

To check the current value of a particular option:

cat /sys/module/i915/parameters/enable_ppgtt

To give that option a value when the module is loaded, create a new /etc/modprobe.d/i915.conf file and put the following in it:

options i915 enable_ppgtt=0

and then re-generate the initial RAM disks:

update-initramfs -u -k all

Alternatively, that option can be set at boot time on the kernel command line by setting the following in /etc/default/grub:

GRUB_CMDLINE_LINUX="i915.enable_ppgtt=0"

and then updating the grub config:

update-grub2

30 December, 2015 05:25PM

Mike Gabriel

NEW: Arctica Project Mailing Lists

During our development sprint at 32c3 [1] and remote, we managed to get our--long awaited--mailing list server online:

Happy subscribing to those who are interested in remote desktop computing on Linux.

Disclaimer: Please note that the Arctica Project is still in its infancy and we hope to have first releases during the upcoming year. Also we actively and intensively continue maintenance of what was formerly known as NX (version 3) [2].

light+love
Mike

[1] https://events.ccc.de/category/32c3/ (traditionally down during the event)
[2] https://github.com/ArcticaProject/nx-libs

30 December, 2015 03:43PM by sunweaver

hackergotchi for Christoph Egger

Christoph Egger

Finally moving the Weblog

As of a few minutes ago, the old weblog on christoph-egger.org is past. I've added redirects for all the entries to the new one at weblog.siccegge.de.if you find any dead links please contact me so I can fix it up.

Note that comments are gone. I'll try to include the already present comments on the new blog some time in the future. Not sure if I will ever add a comment function again (though chronicle seems to have some support for that)

30 December, 2015 11:47AM

Craig Small

Forking processes and Gtk2

I made a change recently on the gjay program. gjay is a gtk program that basically analyzes your music and makes playlists. There is a gui frontend and a analyzer back-end and they communicate through a pipe.

One really useful debugging option gtk has is to make warnings fatal, so when gtk finds one it crashes at that point and you can use gdb to trap it. The flag is –g-fatal-warnings.  I have been updating gjay and initially it didn’t have this option, so I needed to add the gtk options, which is a simple one-liner.

But then gjay gave some odd errors about XCB. Often, but not every time gjay started on stderr the following cryptic messages appear:

[xcb] Unknown sequence number while processing queue
[xcb] Most likely this is a multi-threaded client and XInitThreads has not been called
[xcb] Aborting, sorry about that.
forktest: ../../src/xcb_io.c:274: poll_for_event: Assertion `!xcb_xlib_threads_sequence_lost' failed.

OK, so part of my init sequence was unhappy. The odd thing was it only appeared when I added the gtk options.  I narrowed it down with some test code which displayed the error but stripped all the other parts out.

  1. #include <gtk/gtk.h>
  2.  
  3. int main(int argc, char *argv[])
  4. {
  5.     GOptionContext *context;
  6.     GError *error;
  7.     pid_t pid;
  8.     GtkWidget *win;
  9.  
  10.     context = g_option_context_new("My test");
  11.     g_option_context_add_group (context, gtk_get_option_group (TRUE));
  12.     error = NULL;
  13.     if (!g_option_context_parse(context, &argc, &argv, &error))
  14.         return 1;
  15.     pid = fork();
  16.     if (pid < 0) 
  17.         return 1;
  18.     if (pid == 0) { //child
  19.         GMainLoop *loop;
  20.  
  21.         loop = g_main_new(FALSE);
  22.         g_main_run(loop);
  23.         return 0;
  24.     } else { // parent
  25.         if (gtk_init_check(&argc, &argv) == FALSE)
  26.             return 1;
  27.         win = gtk_window_new(GTK_WINDOW_TOPLEVEL);
  28.         gtk_widget_show(win);
  29.         gtk_main();
  30.     }
  31.     return 0;
  32. }

What we got going on here is a simple gtk program.  Line 11 with the gtk_get_option_group() was the line I added. The problem is that the child process is not quite setup and when the parent goes into gtk_main then you get those xcb errors.

The options need to be parsed before the fork, because one of the options is to not fork (it just runs the child code directly and uses stdout with no GUI).

Gjay is obviously a lot more complex than this, but follows the same pattern. There is the front-end looping through gtk_main and the back-end looping on g_main_run. The backend needs to use glib not gtk as there is a non-gui option which can be used.

The solution is actually (but not obviously to me) in the documentation for gtk_get_option_group. The parameter for that function “whether to open the default display when parsing the commandline arguments”.

Changing the TRUE to FALSE on line 11 stops XCB from complaining! The screen still appears fine but not more strange XCB messages.

30 December, 2015 11:01AM by Craig

hackergotchi for Steve Kemp

Steve Kemp

I joined the internet of things.

In my old flat I had a couple of simple radio-controlled switches, which allowed me to toggle power to a pair of standing lamps - one at each side of the bed. This was very lazy, but also really handy and I've always been curious about automation..

When it comes to automation there seems to be three main flavours:

X10

The original standard, with stuff produced by many vendors and good Linux support.

X10 supports two ways of sending/receiving commands - over the electrical wiring, and over RF.

Z-Wave

This is the newcomer, which despite that seems to be well-supported and extensible. It allows "measurements" to be sent/received in addition to the broadcast of events like "switch on", and "switch off".

Other systems - often lighting-centric

There are toy-things like the previously noted power-controlling things, there are also stand-alone devices from people like Philips with their philips hue system, but given how Philips recently crippled their devices to disable third-party bulbs I've no desire to use them.

One company caught my eye though, Osram make a smart lightbulb and mini-hub to work with it.

So I bought one of the osram lightify systems, consisting of a magic box and a pair of lightbulbs. The box connects to your wifi, and gets an IP address. The IP address is then used by the application on your mobile phone (i.e. the magic box does the magic, not the bulbs). The phone application can be used to trigger "on", "off", "dim", "brighter", and the various colour-changing commands, as you would expect.

You absolutely must use the phone-based application to do the setup, but after that the whole point was that I could automate things. I wanted to be able to setup my desktop computer to schedule events, and started hacking.

I've written a simple Perl module to let me discover bulbs, and turn them off and on. No doubt it'll be on CPAN in the near future, once I can pick a suitable name for it:

$ ol --bridge=192.168.10.136 --list
hall       MAC:8418260000d9c70c RGBW:255,255,255,255 STATE:On
kitchen    MAC:8418260000cb433b RGBW:255,255,255,255 STATE:On

$ ol --bridge=192.168.10.136 --off=kitchen

$ ol --bridge=192.168.10.136 --list
hall       MAC:8418260000d9c70c RGBW:255,255,255,255 STATE:On
kitchen    MAC:8418260000cb433b RGBW:255,255,255,255 STATE:Off

The only niggle was the fiddly pairing, and the lack of any decent documentation. The code I wrote was loosely based on the python project python-lightify written by Mikael Magnusson. Also worth noting that the bridge/magic-box only exposes a single port so you can find the device on your VLAN by nmapping for port 4000:

$ nmap -v 192.168.10.0/24 -p 4000

The device doesn't seem to allow any network setup at all - it only uses DHCP. So you might want to make sure it gets assigned a stable IP.

Anyway I'm going to bed. When I do so I'll turn the lights off with my mobile phone. Neat.

In the future I will look at more complex automation, and I think Z-wave is the way I'll go. Right now I'm in a rented flat so replacing wall-switches, etc, is something I can't do. But the systems I've looked at seem neat, and this current setup will keep me amused for several months!

30 December, 2015 07:03AM

Julian Andres Klode

APT 1.1.8 to 1.1.10 – going “faster”

Not only do I keep incrementing version numbers faster than ever before, APT also keeps getting faster. But not only that, it also has some bugs fixed and the cache is now checked with a hash when opening.

Important fix for 1.1.6 regression

Since APT 1.1.6, APT uses the configured xz compression level. Unfortunately, the default was set to 9, which requires 674 MiB of RAM, compared to the 94 MiB required at level 6.

This caused the test suite to fail on the Ubuntu autopkgtest servers, but I thought it was just some temporary hickup on their part, and so did not look into it for the 1.1.7, 1.1.8, and 1.1.9 releases.  When the Ubuntu servers finally failed with 1.1.9 again (they only started building again on Monday it seems), I noticed something was wrong.

Enter git bisect. I created a script that compiles the APT source code and runs a test with ulimit for virtual and resident memory set to 512 (that worked in 1.1.5), and let it ran, and thus found out the reason mentioned above.

The solution: APT now defaults to level 6.

New Features

APT 1.1.8 introduces /usr/lib/apt/apt-helper cat-file which can be used to read files compressed by any compressor understood by APT. It is used in the recent apt-file experimental release, and serves to prepare us for a future in which files on the disk might be compressed with a different compressor (such as LZ4 for Contents files, this will improve rred speed on them by factor 7).

David added a feature that enables servers to advertise that they do not want APT to download and use some Architecture: all contents when they include all in their list of architectures. This is to allow archives to drop Architecture: all packages from the architecture-specific content files, to avoid redundant data and (thus) improve the performance of apt-file.

Buffered writes

APT 1.1.9 introduces buffered writing for rred, reducing the runtime by about 50% on a slowish SSD, and maybe more on HDDs. The 1.1.9 release is a bit buggy and might mess up things when a write syscall is interrupted, this is fixed in 1.1.10.

Cache generation improvements

APT 1.1.9 and APT 1.1.10 improve the cache generation algorithms in several ways: Switching a lookup table from std::map to std::unordered_map, providing an inline isspace_ascii() function, and inlining the tolower_ascii() function which are tiny functions that are called a lot.

APT 1.1.10 also switches the cache’s hash function to the DJB hash function and increases the default hash table sizes to the smallest prime larger than 15000, namely 15013. This reduces the average bucket size from 6.5 to 4.5. We might increase this further in the future.

Checksum for the cache, but no more syncs

Prior to APT 1.1.10 writing the cache was a multi-part process:

  1. Write the the cache to a temporary file with the dirty bit set to true
  2. Call fsync() to sync the cache
  3. Write a new header with the dirty bit set to false
  4. Call fsync() to sync the new header
  5. (Rename the temporary file to the target name)

The last step was obviously not needed, as we could easily live with an intact cache that has its dirty field set to false, as we can just rebuild it.

But what matters more is step 2. Synchronizing the entire 40 or 50 MB takes some time. On my HDD system, it consumed 56% of the entire cache generation time, and on my SSD system, it consumed 25% of the time.

APT 1.1.10 does not sync the cache at all. It now embeds a hashsum (adler32 for performance reasons) in the cache. This helps ensure that no matter what parts of the cache are written in case of some failure somewhere, we can still detect a failure with reasonable confidence (and even more errors than before).

This means that cache generation is now much faster for a lot of people. On the bad side, commands like apt-cache show that previously took maybe 10 ms to execute can now take about 80 ms.

Please report back on your performance experience with 1.1.10 release, I’m very interested to see if that works reasonably for other people. And if you have any other idea how to solve the issue, I’d be interested to hear them (all data needs to be written before the header with dirty=0 is written, but we don’t want to sync the data).

Future work

We seem to have a lot of temporary (?) std::string objects during the cache generation, accounting for about 10% of the run time. I’m thinking of introducing a string_view class similar to the one proposed for C++17 and make use of that.

I also thought about calling posix_fadvise() before starting to parse files, but the cache generation process does not seem to spend a lot of its time in system calls (even with all caches dropped before the run), so I don’t think this will improve things.

If anyone has some other suggestions or patches for performance stuff, let me know.


Filed under: Debian, Ubuntu

30 December, 2015 01:05AM by Julian Andres Klode

hackergotchi for Clint Adams

Clint Adams

Oh what a night, late December 1963

24 Dec. 63

Dear Uncle Ron and Aunt Helen,

It has been quite awhile since I have written you folks. I am not too much of one for writing, and when I do write, I keep putting it off, and putting it off; and the next thing you know, the weeks turn into months and then the months into years.

I haven't sent any Christmas cards, so at this time I'll offer my best wishes for the season to you.

It is Christmas Eve and I am working tonight. I will also work New Year's eve and day. It really doesn't seem like Christmas here, and there isn't that much to do in the evening's; So I'm just as well off working.

As I had mentioned, I had intended to send you some coins from Korea but I believe that I put them in with a package that I had sent to Mom and told her to give them to you. In any event, here are some in this box.

The Korean coin with the 10 on it is 10 Won, and worth about $.0769. The large copper coin is Japanese ( 10 Yen) and about 2.8¢ Wait! I was wrong on the Korean coins.They are 10 Hwan which is the old money. When they Changed to Won, they made 10 Hwan equal to 1 Won. (Sounds confusing and tongue-tying, doesn't it?) So these 10 copper pieces with the 10 on them altogether are only worth 7¢/

The Viet Namese coins with the former president Diem picture on them are soon being taken out of circulation. ( Since he was overthrown and killed, they are going to replace the money also.) The small pieces marked 1 dong are 1 piastre; also called one Viet Namese dollar. 1 piastre is about .7¢. I also recall sending some coins home in my hold baggage. I'll tell Mom to look for them and give them to you.

Now that I look back on it, the year I spent in Korea wasn't bad. It was difficult at first having to work for an arrogant Jew boss, but after a few months I got out of his office and was on my own working directly for the army people ( U.S.) The country of Korea isn't too bad. As you can see on the coins they were in the year 4294 last year. It is surprising for a civilization to be that far along in years and still live under very primitive conditions. Going from Korea to Japan is like going from the dark ages into the future science fiction world. Those people are really progressing in Japan. I spent several days in Japan after I left Korea. Then I went to Honolulu for almost a month. Then I went back to Japan for Leave for 3 weeks and then down here to Viet Nam in October. They were building like crazy in Japan to get ready for the Olympics. Working 4 hours a day, 7 days a week on construction. You could drive into Tokyo early in the evening and return late in the night and find the road you had gone in on was now completely torn away. And downtown Tokyo is vey nice. Lots of modern building and just about any modern gadget you can think of.

I really like their cooking also. Their Kobe Beef is excellent. In this beef, the cattle are pampered from the time they are born until they are slaughtered. They massage them, feed them beer, and let them live a lazy life. I would really like to work a year or two in Japan. The hot baths and big tubs are also great. Only it is almost impossible to stand the hot temperatures that they can. Westerners always have to add quite a lot of cold water before they can get in the tub.

The Viet Namese people are much dirtier than the Japanese or Koreans. They don't have any hot baths here in Viet Nam. In fact, the majority of hotels ( built by the French) don't even have hot water in them. The Korean houses don't look like much from the outside, but inside they are spotlessly clean. The older Japanese buildings look nic efrom the outside and are also clean inside.

I am here in the town of Nha Trang. It is a small town on the coast of the China Sea. I like it here. My hotel is less than a hundred yards from the beach. We are now in the winter season also, but it just got a little cooler from having winds the past few weeks. This afternoon as we came to work there were all sorts of people in swimming.

Lobster is also plentiful here and I eat quite a bit of it. Most of the restaurant make a creamed corn soup with lots of chunks of crab meat in it. This is very good.

Being out here in Nha Trang, we missed the coup d'etat. Things were quiet here and the only way we knew what was happening was to listen to the radio and talk to our co-workers of our radio system in Saigon. When they lifted martial law and the curfew in Saigon, it took them several days later to follow suit here.

There seems to be a noticed improvement since the coup. The people in general seem much happier and there appears to be much more general activity going on.

Well, I guess that's about it for now. I think I may have some Korean Won notes back in my room and I'll check and enclose them if I can find them.

Say hello to Ira & family when you see them, and also to Aunt Marie if she is still there with you.

'Bye for now

Your nephew

PS The Viet Namese coins with 50 XU on them are ½ piastres.

30 December, 2015 12:29AM

December 29, 2015

Jose M. Calhariz

Preview of switchconf 0.0.15-1

Since the last version 0.0.9 on Debian, I have made some changes until version 0.0.14. The version 0.0.15 is only to include a fix for the new findutils. I thank you to Andreas Metzler for the fix and the prompt NMU.

The files are here, take notice about the replaced ~ in the original by _:

switchconf_0.0.15.orig.tar.xz switchconf_0.0.15-1_wip1.debian.tar.xz switchconf_0.0.15-1_wip1_all.deb

If you need the dsc file, just ask me.

Here comes the changelog since 0.0.9, without the lastest NMU:

switchconf (0.0.15-1~wip1) UNRELEASED; urgency=low

  * New upstream version:
    * Replace 'find -perm +1' by 'find -perm /1', thank you Andreas
      Metzler for the patch and the NMU.
  * Add systemd service file, thank you Felipe Sateler for reviewing it.
  * Bump standards-version to 3.9.6, no changes needed.
  * New maintainer email address.

 -- Jose M Calhariz <jose@calhariz.com>  Tue, 29 Dec 2015 19:59:07 +0000

switchconf (0.0.14-1) UNRELEASED; urgency=low

  * Force the use of bash, instead of a POSIX shell.

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Sun, 24 Aug 2014 04:37:04 +0100

switchconf (0.0.13-2) UNRELEASED; urgency=low

  * Add Homepage field pointing to alioth page of the project

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Sun, 02 Mar 2014 18:01:07 +0000

switchconf (0.0.13-1) wheezy; urgency=low

  * New upstream version:
    * Distribution tar is now compressed by xz
  * Change to source format 3.0 (quilt)

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Sun, 02 Mar 2014 15:56:31 +0000

switchconf (0.0.12-1) wheezy; urgency=low

  * Fixed some typos on switchconf

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Sun, 02 Mar 2014 15:39:09 +0000

switchconf (0.0.11-1) wheezy; urgency=low

  * New upstream version:
    * Makefile: add target dist-exp to build distribution files.
    * Add flag -f with the path to the configuration file.
  * Update debian/rules to version 0.24.
  * Update debian/control with new name and email address of Maintainer.
  * Update copyright.

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Sun, 16 Feb 2014 18:04:22 +0000

switchconf (0.0.10-1) UNRELEASED; urgency=low

  * New upstream version:
    * Fix return code on error.
    * Use syslog system to report errors.

 -- Jose M Calhariz <jose.calhariz@ist.utl.pt>  Thu, 16 Jan 2014 20:23:46 +0000

29 December, 2015 09:04PM by Jose M. Calhariz

hackergotchi for Daniel Pocock

Daniel Pocock

Real-Time Communication in FOSDEM 2016 main track

FOSDEM is nearly here and Real-Time Communications is back with a bang. Whether you are keen on finding the perfect privacy solution, innovative new features or just improving the efficiency of existing telephony, you will find plenty of opportunities at FOSDEM.

Main track

Saturday, 30 January, 17:00 Dave Neary presents How to run a telco on free software. This session is of interest to anybody building or running a telco-like service or any system administrator keen to look at a practical application of cloud computing with OpenStack.

Sunday, 31 January, 10:00 is my own presentation on Free Communications with Free Software. This session looks at the state of free communications, especially open standards like SIP, XMPP and WebRTC and practical solutions like DruCall (for Drupal), Lumicall (for Android) and much more.

Sunday, 31 January, 11:00 Guillaume Roguez and Adrien Béraud from Savoir-faire Linux present Building a peer-to-peer network for Real-Time Communication. They explain how their Ring solution, based on OpenDHT, can provide a true peer-to-peer solution.

and much, much more....

  • XMPP Summit 19 is on January 28 and 29, the Thursday and Friday before FOSDEM as part of the FOSDEM Fringe.
  • The FOSDEM Beer Night on Friday, 29 January provides a unique opportunity for Real-Time Communication without software
  • The Real-Time Lounge will operate in the K building over both days of FOSDEM, come and meet the developers of your favourite RTC projects
  • The Real-Time dev-room is the successor of the previous XMPP and Telephony dev-rooms. The Real-Time dev-room is in K.3.401 and the schedule will be announced shortly.

Volunteers and sponsors still needed

Please come and join the FreeRTC mailing list to find out more about ways to participate, the Saturday night dinner and other opportunities.

The FOSDEM team is still fundraising. If your company derives benefit from free software and events like FOSDEM, please see the sponsorship pages.

29 December, 2015 07:12PM by Daniel.Pocock

hackergotchi for David Bremner

David Bremner

Converting PDFs to DJVU

Today I was wondering about converting a pdf made from scan of a book into djvu, hopefully to reduce the size, without too much loss of quality. My initial experiments with pdf2djvu were a bit discouraging, so I invested some time building gsdjvu in order to be able to run djvudigital.

Watching the messages from djvudigital I realized that the reason it was achieving so much better compression was that it was using black and white for the foreground layer by default. I also figured out that the default 300dpi looks crappy since my source document is apparently 600dpi.

I then went back an compared djvudigital to pdf2djvu a bit more carefully. My not-very-scientific conclusions:

  • monochrome at higher resolution is better than coloured foreground
  • higher resolution and (a little) lossy beats lower resolution
  • at the same resolution, djvudigital gives nicer output, but at the same bit rate, comparable results are achievable with pdf2djvu.

Perhaps most compellingly, the output from pdf2djvu has sensible metadata and is searchable in evince. Even with the --words option, the output from djvudigital is not. This is possibly related to the error messages like

Can't build /Identity.Unicode /CIDDecoding resource. See gs_ciddc.ps .

It could well be my fault, because building gsdjvu involved guessing at corrections for several errors.

  • comparing GS_VERSION to 900 doesn't work well, when GS_VERSION is a 5 digit number. GS_REVISION seems to be what's wanted there.

  • extra declaration of struct timeval deleted

  • -lz added to command to build mkromfs

Some of these issues have to do with building software from 2009 (the instructions suggestion building with ghostscript 8.64) in a modern toolchain; others I'm not sure. There was an upload of gsdjvu in February of 2015, somewhat to my surprise. AT&T has more or less crippled the project by licensing it under the CPL, which means binaries are not distributable, hence motivation to fix all the rough edges is minimal.

Version kilobytes per page position in figure
Original PDF 80.9 top
pdf2djvu --dpi=450 92.0 not shown
pdf2djvu --monochrome --dpi=450 27.5 second from top
pdf2djvu --monochrome --dpi=600 --loss-level=50 21.3 second from bottom
djvudigital --dpi=450 29.4 bottom

djvu-compare.png

29 December, 2015 04:57PM

hackergotchi for Ben Hutchings

Ben Hutchings

Comparing dracut and initramfs-tools

initramfs-tools version 0.121~rc2 and dracut version 044+3-2 have moved most of what was in their main binary packages into a 'core' package (dracut-core, initramfs-tools-core), leaving only automation hooks in the main package. The core packages can be coinstalled without conflicts and without creating any initramfs images at installation time.

If you're been wondering how they compare but were afraid to break your system by overwriting your current working initramfs, now is the time to try the other option.

Testing dracut, for initramfs-tools users

  1. Install dracut-core from unstable.
  2. Make an alternate initramfs image by running:
    dracut /boot/initrd.img-$(uname -r).dracut
  3. Add an entry to the boot loader configuration that uses your current kernel and the alternate initramfs image. (In GRUB, you can do this interactively at boot time.)
  4. Reboot through the new boot entry.
  5. In case of problems, check the dracut(8) and dracut.conf(5) manual pages.

By default, dracut creates an initramfs suitable for the current hardware, which will not boot if you move the disk to a system that requires different drivers. This is controlled by the hostonly configuration variable or --hostonly command-line option.

Testing initramfs-tools, for dracut users

  1. Install initramfs-tools-core from experimental.
  2. Make an alternate initramfs image by running:
    mkinitramfs -o /boot/initrd.img-$(uname -r).i-t
  3. Add an entry to the boot loader configuration that uses your current kernel and the alternate initramfs image. (In GRUB, you can do this interactively at boot time.)
  4. Reboot through the new boot entry.
  5. In case of problems, check the mkinitramfs(8) and initramfs.conf(5) manual pages.

By default, initramfs-tools creates an initramfs suitable for most hardware, which will still boot if you move the disk to a system that requires different drivers. This is controlled by the MODULES configuration variable.

29 December, 2015 04:50PM

hackergotchi for Neil Williams

Neil Williams

Experimenting with LXQt in Debian

LXQt is a Qt lightweight desktop – the Qt port of LXDE. Packages exist in Debian – albeit without a top level metapackage or task package to make installing it easier. So I wrote up a simple-ish vmdebootstrap call:


$ sudo vmdebootstrap --image lxqt.img --size=5G --package=lxqt-panel --package=libqt5xcbqpa5 --package=qterminal --package=openbox --package=xdm --package=lxqt-session --package=lxqt-about --package=lxqt-policykit --package=lxqt-globalkeys --package=lxqt-notificationd --package=lxqt-sudo --package=dbus-x11 --package=lxqt-admin --package=lxqt-runner --package=lxqt-config --package=task-desktop --package=locales --package=xserver-xorg-core --package=oxygen-icon-theme --grub --distribution=unstable --mirror=http://mirror.bytemark.co.uk/debian --configure-apt --enable-dhcp --serial-console --sudo --verbose --owner=neil --user='neil/neil'

(You’ll need to adapt the last two commands to be a real user.)

This uses xdm instead of lxdm as this tests LXQt without having any GTK+ dependencies installed. lxdm does give a nicer experience at the cost of needing GTK+. YMMV.

Note the explicit additions:--package=libqt5xcbqpa5 --package=dbus-x11 – as debootstrap does not follow Recommends, libqt5xcbqpa5 needs to be specified explicitly or the desktop will fail to start. dbus-x11 is also needed to get things working. task-desktop adds the Debian artwork and needs to be in the list of packages passed to debootstrap so that the Recommends of the task packages are not selected. (Note that I have so far failed to get LXQt to use the Debian artwork as a desktop background.)

So, what is it like? Well – alpha is how I might describe it. Not in terms of stability, more in terms of functionality. I do have a second install using lxdm which has been tweaked but it depends on your objective. If your aim is to not have GTK+ but not have KDE, then LXQt is a beginning only. In particular, if you really are intent on not having GTK+ at all, your choice of web browser is somewhat limited, to lynx. (There’s no bare Qt file manager in Debian – pcmanfm-qt depends on libfm-modules which uses GTK+ – nor a bare text editor despite this being one of the simplest examples of a QApplication). There is a large gap in the software availability which is Qt but not KDE, despite the power and flexibility of Qt itself. (I’ve written applications using Qt directly before, it is much more flexible and configurable than GTK+). So there would seem to be a reason why a metapackage and a task package do not yet exist, there is a lot more to do. I’m happy to mix GTK+ applications, so my test environment can use iceweasel, chromium, leafpad and thunar.

Overall, this was an interesting diversion prompted by a separate discussion about the merits and controversies of GTK+, GNOME etc.

I failed to work out why the icon theme works if lxdm was installed but not with xdm (so there’s a missing package but I’m not yet sure exactly which), so the screenshot is more bare than I expected.

lxqt-unstable

With iceweasel installed and various other tweaks:
lxqt-unstable-2

Finally, note #809339 – I have local changes which are being tested to use systemd-networkd but currently the masking of PredictableInterfaceNames as documented does not work, so some editing of /etc/network/interfaces.d/setup (or enable systemd-networkd yourself and add a suitable file to /etc/systemd/network/) will be needed to get a working network connection in the VM.

29 December, 2015 04:29PM by Neil Williams

hackergotchi for Ritesh Raj Sarraf

Ritesh Raj Sarraf

Device Mapper Multipath status in Debian

For Debian Jessie, the multipath support relied on sysvinit scripts. So, if you were using systemd, the level of testing would have been minimal.

At DebConf15, I got to meet many people whom I'd worked with, over emails, over the years. With every person, my ask was to use the SAN Storage stack in a test environement, and report bugs early. Not after the next release. This applies also to the usual downstream distribution projects.

That said, today, I spent time building a Root File System on SAN setup using the following stack, of the versions that'd be part of the next stable release:

  • Linux
  • Open-iSCSI Initiator
  • Device Mapper Multipath
  • LIO Target

I'm pretty happy that nothing much has changed in terms of setup, from what has already been documented in README.Debian files. The systemd integration has been very transparent.

But that is my first hand experience. I'm request all users of the above mentioned stack to build the setup and report issues, if any. Please do not wait for the last minute of the release/freeze.

root@debian-sanboot:~# systemctl status -l multipath-tools

● multipathd.service - Device-Mapper Multipath Device Controller

   Loaded: loaded (/lib/systemd/system/multipathd.service; enabled; vendor preset: enabled)

   Active: active (running) since Tue 2015-12-29 18:38:58 IST; 1min 23s ago

  Process: 246 ExecStartPre=/sbin/modprobe dm-multipath (code=exited, status=0/SUCCESS)

 Main PID: 260 (multipathd)

   Status: "running"

   CGroup: /system.slice/multipathd.service

           └─260 /sbin/multipathd -d -s


Dec 29 18:39:04 debian-sanboot multipathd[260]: sdb [8:16]: path added to devmap sanroot

Dec 29 18:39:04 debian-sanboot multipathd[260]: sdc: add path (uevent)

Dec 29 18:39:04 debian-sanboot multipathd[260]: sanroot: load table [0 16777216 multipath 0 0 3 1 service-time 0 1 1 8:16 1 service-time 0 1 1 8:0 1 service-time 0 1 1 8:32 1]

Dec 29 18:39:04 debian-sanboot multipathd[260]: sdc [8:32]: path added to devmap sanroot

Dec 29 18:39:04 debian-sanboot multipathd[260]: sdd: add path (uevent)

Dec 29 18:39:04 debian-sanboot multipathd[260]: sanroot: load table [0 16777216 multipath 0 0 4 1 service-time 0 1 1 8:16 1 service-time 0 1 1 8:32 1 service-time 0 1 1 8:48 1 service-time 0 1 1 8:0 1]

Dec 29 18:39:04 debian-sanboot multipathd[260]: sdd [8:48]: path added to devmap sanroot

Dec 29 18:39:13 debian-sanboot multipathd[260]: sanroot: sda - directio checker reports path is up

Dec 29 18:39:13 debian-sanboot multipathd[260]: 8:0: reinstated

Dec 29 18:39:13 debian-sanboot multipathd[260]: sanroot: remaining active paths: 4
 
root@debian-sanboot:~# multipath -ll

sanroot (36001405ead943c8222140268e019ba49) dm-0 LIO-ORG,IBLOCK

size=8.0G features='0' hwhandler='0' wp=rw

|-+- policy='service-time 0' prio=1 status=active

| `- 4:0:0:0 sdb 8:16 active ready running

|-+- policy='service-time 0' prio=1 status=enabled

| `- 3:0:0:0 sdc 8:32 active ready running

|-+- policy='service-time 0' prio=1 status=enabled

| `- 5:0:0:0 sdd 8:48 active ready running

`-+- policy='service-time 0' prio=1 status=enabled

  `- 2:0:0:0 sda 8:0  active ready running

 

root@debian-sanboot:~# iscsiadm -m session

tcp: [1] 172.16.20.40:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot (non-flash)

tcp: [2] 172.16.20.41:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot (non-flash)

tcp: [3] 172.16.20.42:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot (non-flash)

tcp: [4] 172.16.20.43:3260,1 iqn.2003-01.org.linux-iscsi.debian.sanboot (non-flash)

 

root@debian-sanboot:~# mount | grep sanroot

/dev/mapper/sanroot on / type ext4 (rw,relatime,errors=remount-ro,stripe=8191,data=ordered)

 

Categories: 

Keywords: 

Like: 

29 December, 2015 01:28PM by Ritesh Raj Sarraf

Stefano Zacchiroli

Shuttleworth Foundation Flash Grant - 2015 report

1 year of Shuttleworth Foundation Flash Grant

As announced last year, starting January 2015 I've benefited from a "Flash Grant" kindly awarded to me by the Shuttleworth Foundation. This post reports publicly about how I've used the money to promote Free Software via my own activism, over the period January-December 2015.

I'm lucky to have a full-time academic job that provides me with a salary and basic computer hardware. But Free Software not being the only focus of my job, it gets difficult at times to get travel funding to specific Free Software events. So that is what I've mostly used the grant money for: attend Free Software events that I wouldn't have been able to attend otherwise.

On grant money I've attended LibrePlanet 2015 (2015-03-19-boston-libreplanet label in the financial reports below), where I've given the talk Distributions and the Free "Cloud", and FSFE's LLW 2015 (2015-04-15-barcelona-fsfe-legal) workshop. Furthermore I've used the grant to reimburse otherwise not reimbursed out of pocket expenses in a trip to San Francisco (2015-11-06-san-francisco-gsoc+osi) that have been otherwise sponsored by Google (to attend the Summer of Code Mentor Summit) and OSI (to attend a F2F meeting of the Board of Directors). Finally, I've used grant money to offer lunch to invited lecturers in my master-level Free Software class at the university (label 2015-foss-class).

Actual financial reports are reported below, in ledger format. It should be noted that, contrary to the usual expected 6-month duration of flash grants, I've used only about half the grant amount over a 12-month period; I do not plan to pocket what remains, but rather keep on using it over the next year, reporting again publicly at the end of the period. Also, I did not breakdown further out of pocket expenses, but they invariably stand for public transport tickets and meals.

Balance sheet

Overall:

         1966,11 EUR  Assets:Funds
        -4052,52 EUR  Equity:Opening balances
         2086,41 EUR  Expenses
           15,90 EUR    Bank:Commissions
          424,00 EUR    Conference:Registration
           56,50 EUR    Teaching:Speaker-invitation
         1590,01 EUR    Travel
          249,02 EUR      Lodgement
          562,51 EUR      Out-of-pocket
          778,48 EUR      Plane
--------------------
                   0

Breakdown by purpose:

  • 2015-03-19-boston-libreplanet

            -1265,22 EUR  Assets:Funds
         1265,22 EUR  Expenses
          424,00 EUR    Conference:Registration
          841,22 EUR    Travel
          213,38 EUR      Out-of-pocket
          627,84 EUR      Plane
--------------------
                   0

  • 2015-04-15-barcelona-fsfe-legal

             -479,66 EUR  Assets:Funds
          479,66 EUR  Expenses:Travel
          249,02 EUR    Lodgement
           80,00 EUR    Out-of-pocket
          150,64 EUR    Plane
--------------------
                   0

  • 2015-11-06-san-francisco-gsoc+osi

             -269,13 EUR  Assets:Funds
          269,13 EUR  Expenses:Travel:Out-of-pocket
--------------------
                   0

  • 2015-foss-class

              -56,50 EUR  Assets:Funds
           56,50 EUR  Expenses:Teaching:Speaker-invitation
--------------------
                   0

Journal

2014-12-03 Shuttleworth Foundation flash grant                                    Equity:Opening balances                     -4052,52 EUR    -4052,52 EUR
                                                                                  Assets:Funds                                 4052,52 EUR               0

2014-12-04 bank commissions on incoming transfer                                  Expenses:Bank:Commissions                      15,90 EUR       15,90 EUR
                                                                                  Assets:Funds                                  -15,90 EUR               0

2014-12-24 plane tickets Paris-Boston round trip to attend LibrePlanet 2015       Expenses:Travel:Plane                         627,84 EUR      627,84 EUR
                                                                                  Assets:Funds                                 -627,84 EUR               0

2015-01-02 LibrePlanet 2015 registration + travel fund contribution               Expenses:Conference:Registration              424,00 EUR      424,00 EUR
                                                                                  Assets:Funds                                 -424,00 EUR               0

2015-03-02 plane tickets Paris-Barcelona round trip to attend LLW 2015            Expenses:Travel:Plane                         150,64 EUR      150,64 EUR
                                                                                  Assets:Funds                                 -150,64 EUR               0

2015-03-19 lunch with invited speaker for lecture about FOSS release management   Expenses:Teaching:Speaker-invitation           28,00 EUR       28,00 EUR
                                                                                  Assets:Funds                                  -28,00 EUR               0

2015-03-25 lunch with invited speaker for lecture about FOSS business models      Expenses:Teaching:Speaker-invitation           28,50 EUR       28,50 EUR
                                                                                  Assets:Funds                                  -28,50 EUR               0

2015-04-03 LibrePlanet 2015 out of pocket expenses                                Expenses:Travel:Out-of-pocket                 213,38 EUR      213,38 EUR
                                                                                  Assets:Funds                                 -213,38 EUR               0

2015-04-15 LLW 2015 out of pocket expenses                                        Expenses:Travel:Out-of-pocket                  80,00 EUR       80,00 EUR
                                                                                  Assets:Funds                                  -80,00 EUR               0

2015-05-06 hotel in Barcelona for LLW 2015 (3 nights)                             Expenses:Travel:Lodgement                     249,02 EUR      249,02 EUR
                                                                                  Assets:Funds                                 -249,02 EUR               0

2015-11-29 OSI F2F Fall 2015 out of pocket expenses                               Expenses:Travel:Out-of-pocket                 269,13 EUR      269,13 EUR
                                                                                  Assets:Funds                                 -269,13 EUR               0

29 December, 2015 01:04PM

Mike Gabriel

Jolla has received financing to continue the development of Sailfish OS

The force re-awakens. Jolla has received financing to continue the development of Sailfish OS.

For futher reading, see...
https://blog.jolla.com/jolla-back-business/

People, please consider switching over to the Jolla phone and (hopefully) to the upcoming Jolla tablet.

Stop using gated community [1] products [2,3]. The efforts done by Jolla on non-gated mobiled hardware is essential and should be supported by buying those products (i.e., help generating revenue). Providing Jolla with financial support can be one means of helping open-sourcing the Sailfish OS UIX developed by Jolla.

I wish everyone reading this a good transition into 2016 and a fine 'Twelfth Night' (German: Rauhnächte) period.

light+love from 32c3 [4]
Mike

[1] https://media.ccc.de/v/32c3-7550-opening_event#video
[2] http://www.apple.com/iphone/
[3] http://www.android.com/
[4] https://streaming.media.ccc.de/32c3/

29 December, 2015 10:38AM by sunweaver

Antoine Beaupré

Bridging Ikiwiki and Twitter with Python and feed2tweet

Typical:

  1. find new interesting software (feed2tweet)
  2. try it out, file two issues:
  3. itch enough that i need to scratch it and file 3 pull requests to ask for forgiveness:

All fairly trivial, but it allowed me to make a simple cronjob to post my Ikiwiki blog posts straight out to my Twitter account. It's basically abusing my RSS feed to bridge with Twitter: the most boring and annoying part is setting up a new app, pasting the credentials in the config file and then running the thing in a cron job.

But in the end, I really ended up spending one more hour at a time when I should be really sleeping, scratching an itch that I didn't have before I started working on this thing in the first place.

Coincidentally, I requested to be added to Python Planet, looks like a fun place...

29 December, 2015 07:03AM