Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 2 hours 36 min ago

Steve Kemp: Free (orange) SMS alerts

5 August, 2014 - 17:56

In the past I used to pay for an email->SMS gateway, which was used to alert me about some urgent things. That was nice because it was bi-directional, and at one point I could restart particular services via sending SMS messages.

These days I get it for free, and for my own reference here is how you get to receive free SMS alerts via Orange, which is my mobile phone company. If you don't use Orange/EE this will probably not help you.

The first step is to register an Orange email-account, which can be done here:

Once you've done that you'll have an email address of the form, which is kinda-sorta linked to your mobile number. You'll sign in and be shown something that looks like webmail from the early 90s.

The thing that makes this interesting is that you can look in the left-hand menu and see a link called "SMS Alerts". Visit it. That will let you do things like set the number of SMSs you wish to receive a month (I chose "1000"), and the hours during which delivery will be made (I chose "All the time").

Anyway if you go through this dance you'll end up with an email address, and when an email arrives at that destination an SMS will be sent to your phone.

The content of the SMS will be the subject of the mail, truncated if necessary, so you can send a hello message to yourself like this:

echo "nop" | mail -s "Hello, urgent message is present"

Delivery seems pretty reliable, and I've scheduled the mailbox to be purged every week, to avoid it getting full: UsernameYour mobile number PasswordYour password

If you wished to send mail from this you can use, but I pity the fool who used their mobile phone company for their primary email address.

Ian Wienand: Finding out if you're a Rackspace instance

5 August, 2014 - 13:00

Different hosting providers do things slightly differently, so it's sometimes handy to be able to figure out where you are. Rackspace is based on Xen and their provided images should include the xenstore-ls command available. xenstore-ls vm-data will give you a handy provider and even region fields to let you know where you are.

function is_rackspace {
  if [ -f /usr/bin/xenstore-ls ]; then
      return 1

  /usr/bin/xenstore-ls vm-data | grep -q "Rackspace"

if is_rackspace; then
  echo "I am on Rackspace"

Other reading about how this works:

Dirk Eddelbuettel: BH release 1.54.0-3

5 August, 2014 - 11:23
A new release of our BH package providing Boost headers for use by R is now on the CRAN mirrors. This release is the third based on Boost 1.54.0.

At the request of the maintainer of the recent added RcppMLPACK package, it adds the Boost.Heap library. Boost.Heap implements priority queues which extend beyond the corresponding (and somewhat simpler) class in the STL. Key features of the Boost.Heap priority queues are mutability, iterators, ability to merge, stable sort, and comparison.

No other changes were made.

Changes in version 1.54.0-3 (2014-08-03)
  • Added Boost Heap library which will be needed by the next version of RcppMLPACK

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

Comments and suggestions are welcome via the mailing list or issue tracker at the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Ian Donnelly: New Release: Elektra 0.8.7

4 August, 2014 - 23:42

Hi Everybody!

I am very proud to inform you all that Elektra has just shipped a new release, version 0.8.7, with many great features and fixes!

First of all, I want to let you all know that a lot of work from my Google Summer of Code Project has made its way into this release. Elektra now includes support for a three way merge of KeySets! A special and sincere thanks goes out to Felix Berlakovich for helping me test this new merge feature and adding some great features to allow for different merge strategies and dealing with meta keys. You can try out the new merge features using the kdb merge command or by using the Elektra API. There is still work to be done with Merging and improving documentation (also look for some posts on this blog soon about the feature).

Additionally, thanks to Felix, we have technical previews for some new plug-ins. The new plug-ins are keytometa and ini. In short the keytometa plugin allows to convert normal keys to meta keys during the get operation and reverting this conversion during the set operation. The ini plugin is basically a rewrite of the simpleini plugin and makes use of the inih library.

Also there have been many improvements made to the glob plug-in. He even found some time to add a new script for bash tab completion which is located under scripts/kdb-bash-completion. To use it on debian just copy it to /etc/bash_completion.d/ and make sure it is executable.

Moreover, we fixed a lot of things with this newest release. Pino Toscano has been working on fixing up the Debian packages for Elektra but he has also fixed many other things along the way including fixing a lot of spelling errors, simplifying the RPATH setting, improvements to respecting $HOME and $TMPDIR, and improvements to some test cases. The kdb tool now does a better job of checking for subfolders that aren’t allow and it now makes sure to output warnings before errors so errors can more easily be seen. We have also improved some tests for kdb tool and some plugins as well as fixed compiler warnings on clang and gcc 4.9. We also made some fixes to kdb import and export for some storage plugins and fixed some bugs so that kdb run_all now works flawlessly.

There have also been a few tweaks to the API for this release, specifically in the C++ bindings.

There is now a delMeta() function for C++. The reason for this is that contrary to the C API, calling

key.setMeta("metaname", NULL)

does not delete the metadata, but stores the value “0″.

Additionally, we changed the arguments for isBelow, isDirectBelow, and isBelowSame for the C++ binding to be easier to understand and be more natural to use. Before this change, the C++ binding closely mirrored the C API which lead to an unintuitive behaviour.

Before the change the API did the following:

Key (“user/config/key/below”).isBelow (Key (“user/config”)) == false
Key (“user/config/key/below”).isBelow (Key (“user/config/key/below/deeper”)) == true

That is because the first argument in the C API is the object itself in the C++ API.
The attribute “of being below” the key in question (the object) refers to the second key in the C API.
While this makes some sense for the C API, it definitely does not for the C++ API.

Now the API behaves as follows (as intuitively expected):

Key (“user/config/key/below”).isBelow (Key (“user/config”)) == true
Key (“user/config/key/below”).isBelow (Key (“user/config/key/below/deeper”)) == false

We even had time for a bunch of documentation changes. We now have a tutorial for contextual values to GitHub so developers can start using contextual values with Elektra. We also included a specification for metadata and a better specification for contracts.

There is even a little bit of extra news to share. We now use GitHub for active development of Elektra. We have adopted its issue tracker for issues. Also, now pull requests automatically get built by the server to see if the merge would brake the build and whether it passes all the tests. We are also in the process of updating a lot of our documentation and READMEs to use Markdown so they can be viewed easily on GitHub. Also, Raffael Pancheri has been making really great progress on a qt-gui for Elektra. There is still work to be done but it looks great and is coming along nicely.

You can download the release now from Markus’ site:

size: 1566800
md5sum: 4996df62942791373b192c793d912b4c
sha1: 00887cc8edb3dea1bc110f69ea64f6b700c29402
sha256: 698ebd41d540eb0c6427c17c13a6a0f03eef94655fbd40655c9b42d612ea1c9b

Also there are packages already ready for some distributions:

There is a lot of ongoing work to fix the Debian packages and I will post about it on this blog when they are good to go!

Enjoy the new release!
-Ian S. Donnelly

Konstantinos Margaritis: SIMD book, "Sponsored by ARM"!

4 August, 2014 - 18:58

Ok, took a while but I got the final word about this and can announce that the sponsor who donated 500 EUR to the Indiegogo campaign was ARM itself! I have to thank my friends at ARM@Cambridge and especially Dr Monika Biddulph, General Manager, Partner Enablement Group at ARM. When the book goes to print you can be sure it will include "Sponsored by ARM" somewhere! :)

Also a friendly reminder that even if the campaign is over, I still welcome the support in the form of preorders/sponsorships.

Russ Allbery: Review: Parasite

4 August, 2014 - 13:15

Review: Parasite, by Mira Grant

Series: Parasitology #1 Publisher: Orbit Copyright: October 2013 ISBN: 0-316-21893-6 Format: Kindle Pages: 504

It's 2027, and a company named Symbogen has revolutionized medicine and health. They manufacture a genetically-engineered parasite based on a tapeworm that can stabilize and protect the health of just about anyone. It can synthesize medication, fix chronic medical problems, and be adapted to different conditions. (Yes, I know biological systems don't work this way. That's not going to be the only suspension of disbelief problem.) This has made Symbogen one of the most powerful corporations in the country, aided by the skill at marketing and self-promotion shown by one of the founders.

Sal, the protagonist of the novel, is one of Symbogen's most famous success stories. Sally was the victim of a horrible car crash that put her into an apparently irreversible coma. But as her family was debating whether to turn off life support, she woke up. She had no memory of her previous life at all, and had to relearn fine motor control, reading, and many other skills. She was essentially a new person. But she was alive; her symbiont had saved her.

When the story proper starts, Sal is still a ward of her parents. She has generally adult skills despite still struggling with reading, but she still has occasional attacks and is under intensive monitoring by Symbogen. That means periodic mandatory appointments with Symbogen, which she hates, but she's otherwise started building a life for herself: a job in an animal shelter, an interest in exotic predatory plants, and, most notably, a boyfriend. There are things about her life she doesn't like, and she wants to be free of Symbogen, but she doesn't have a bad life. But then a mysterious illness begins sweeping through the population, causing people to go blank, apparently lose their minds, and then start attacking those near them.

Some of you have doubtless already figured out the key plot revelation. It's not hard; even if you didn't from the summary, you will probably figure it out shortly into the book. And therein lies a large problem with this novel: it's hopelessly predictable. Creepy evil corporation that supposedly has your best interests at heart, check. Plucky mad scientist opposition who understands exactly what's going on, check. Well-meaning but heavy-handed government agents who try to get involved but mostly make everything worse, check. (Although it's unusual to have those agents as part of the protagonist's family, and I thought that added some additional depth.) Mostly clueless protagonist sucked into the plot and becoming critical to its resolution, check. Very few readers are going to be surprised by this story.

This is not, by itself, a fatal flaw. Predictable story structures can carry satisfying variations, or introduce the reader to enjoyable characters. And I think Grant manages both here.

Seanan McGuire, both as herself and under her Mira Grant pseudonym, tends to write damaged and struggling characters. Both her Newsflesh and October Daye series feature protagonists that have been hurt badly, but are coping and muddling through in their own ways. In Parasite, I think she takes a more daring and intriguing approach: a protagonist that other people in the story perceive as damaged and struggling, but who actually isn't. Sal is not a badly injured Sally, and she's quite a bit healthier than those around her think she is. Her thought processes don't work quite the same as those around her, but that's not because she's hurt. That's because she's a different person. This makes Parasite partly a novel about identity, about Sal claiming ownership of her own life. Grant drags this out longer than I wish she had, but I liked the idea. In Sal, she strikes a good balance between gratitude and genuine affection for her family and the need to become her own person unconstrained by other people's expectations.

As with the Newsflesh series, Grant uses quotes and excerpts from interviews to fill in the world background: a few at the start of each chapter, and more around each part boundary. I like this technique, and Grant uses it well. By the end of the book, the Rolling Stone interview with the head of Symbogen has added a lot of insight into how Symbogen manages its public relations.

Grant also throws in a few of her trademark dangerously off-beat characters: hyper-competent, wise-cracking, but eerily skewed. I loved those in Blackout and I loved Tansy and Dr. Cale here. (Adam was much less successful.) A whole book from Tansy's perspective wouldn't work, since she needs Sal as a straight woman, but I thought she stole every scene she was in.

However, I agree wholeheartedly with Tansy on another point: Sal is remarkably, irritatingly dim about what is apparently intended to be the critical revelation of the book. I won't state it outright; given its significant presence in the final scene, apparently it is intended to be a spoiler. But I figured it out about 50 pages into the book. Grant telegraphs this revelation heavily, and Tansy considers it painfully obvious (with quite a bit of justification). But Sal doesn't figure it out for the entire book, ignores all the signs, and is apparently willfully blind. In a book written from the first-person perspective by an otherwise-reliable narrator, this is highly annoying. It significantly undermined my enjoyment of the book. I spent much of the novel ahead of the narrator in my understanding of the plot and waiting, in vain, for her to get on with it already.

That unfortunately makes Parasite a mixed bag. I really liked many of the characters, and I think Grant did some interesting things with family dynamics and with claiming one's own identity. But this is undermined by a very predictable plot, the protagonist deciding to be dumber than a sack of hammers about a critical plot point, and some rather dubious world logic. (For example, why is Sal terrified of bad driving? It makes sense as a post-traumatic stress reaction... except it's a critical point to her characterization that she never went through that stress.) Sometimes I wanted to like this book and sometimes I wanted to shake it, and sometimes I felt both reactions at the same time.

I like Grant's writing and characterization well enough that I will probably read the sequel, but this is more like the later books in the Newsflesh series than it is like the spectacular Feed. Worth reading, at least for me, but it could have been better.

Rating: 7 out of 10

Bits from Debian: DebConf14 - schedule available

4 August, 2014 - 05:25

Debconf14 will be held in three weeks in Portland, OR, USA and we're happy to announce that the schedule is already available. Of course, it is still possible for some minor changes to happen!

DebConf will open on Saturday, August 23 with the Welcome talk followed by two highlighted talks:

  • Debian in the Dark Ages of Free Software by Stefano Zacchiroli, former Debian Project Leader. Stefano will speak about the achievements realized by Free Software communities in the past years, and how now, despite the visible success, this freedom is being threatened by the current technology trends, and how can Debian help to preserve the so well deserved freedom.

  • Weapons of the Geek by Biella Coleman, cultural anthropologist, who researches, writes, and teaches on computer hackers and digital activism will share with us part of her research, explaining how online communities can have a big impact on world politics today.

There will also be also a plethora of social events, such as our traditional cheese and wine party, our group photo and our day trip.

The complete schedule can be found at:

DebConf talks will be broadcast live on the Internet when possible, and videos of the talks will be published on the web along with the presentation slides.

Dirk Eddelbuettel: Introducing sanitizers 0.1.0

4 August, 2014 - 05:01
A new package sanitizers is now on CRAN. It provides test cases for Address Sanitizers, and Undefined Behaviour Sanitizers. These are two recent features of both g++ and clang++, and described in the Checking Memory Access section of the Writing R Extension manual.

I set up a new web page for the sanitizers package which illustrates their use case via pre-built Docker images, similar to what I presented at the end of my useR! 2014 keynote a few weeks ago.

So instead of repeating this over here, I invite you to read the detailed discussion on the sanitizers page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Steinar H. Gunderson: Visiting Assembly

3 August, 2014 - 23:44

I've wanted to visit Assembly in Finland for at least the last ten years, but various things (the latter years mostly lack of initiative :-) ) have gotten in the way. This year, however, I had received an invitation to come and see how they're doing things and how it compares to The Gathering (where I've been a crew member for the last fifteen years), and the opportunity was just too good to pass up. It ended a few hours ago, so here I am on an airport with some time to kill :-)

I don't intend to write a full partyreport, but I think there are a few things that should be said nevertheless. Assembly and TG are fundamentally very similar kinds of parties; large (3000 vs. 5000), mixed (mostly gamers, but far from pure game events) and dominated by male youth (average age 16–17 versus 18–19). However, despite the similarities, I came away with the impression that the two parties are surprisingly different in the details.

The perhaps most immediately notable from my point of view is that Assembly has had a stronger demoscene following; this is partially because TG has a time slot that conflicts with another very popular demoparty (first Mekka & Symposium, then Breakpoint and now Revision) and partially for other reasons I won't go into here. Of course, this shows in the quality of the entries in the competitions; I'd be thrilled if we had this kind of turnout at TG. This is, naturally, among the easier things to notice as an outsider; everybody knows that Assembly is one of the big parties to watch every year if you want to know what's going on in the demoscene.

A bigger surprise was that there are very interesting differences in organizing. (One would think this shouldn't go unnoticed, but it seems that very few people from TG-crew go visit Assembly and the other way around.) In particular, where TG-crew is an organization that's formally rebuilt from scratch every year or every two years (the board of KANDU selects five organizers after application, those select chiefs after application, and the chiefs select crew members after application), ASM-crew seems to be based around continuity and personal relations—very few people seem to be picked by open application, and people stay around for a long time. (This is not to say that TG-crew is an organization in constant flux; like I said, I've been part of it for fifteen years!)

I think both models have their merits; someone from the social sciences would probably have a field day comparing them in much greater detail than I have. But I'm fairly certain that if I get the chance to go again, I'll try to dig a fair bit deeper.

I don't know if I'll be at Assembly next year, but it was definitely a party I enjoyed, even though I knew few people and got to knew even fewer new ones. Being in the compostudio for 1k and 4k was a new and interesting challenge, and seeing the compos live was great (although of course it destroys the traditional AsmTV watching on my own TV at home, which I've always enjoyed!). Seeing Boozembly was… well, OK, now I've seen Boozembly.

Thanks to Lauri Kangas of the livecrew for the invitation! If anybody from the Assembly organizing group happens to read this, please do come to TG or Solskogen next year. I'm sure we can learn a lot from each other. :-)

Holger Levsen: 20140803-torbrowser-launcher

3 August, 2014 - 20:52
About torbrowser-launcher in all current Debian distros plus some thoughts and scripts for running it more securely

So, torbrowser-launcher 0.1.2-1 is now in sid (only that version has the script examples discussed below), and 0.1.1-2(~bpo70+1) are in jessie and wheezy-backports.

Originally Jacob Appelbaum packaged torbrowser-launcher, then Ulrike Uhlig stepped in and fixed some major bugs, I sponsored her uploads and somehow the idea emerged to team maintain the package, so pkg-anonymity-tools was founded. So far it's only used for having a mailing list which is used for the Maintainer: field of the torbrowser-launcher package. But we invite all maintainers of anonymity related packages to join the team! Currently there ain't even a Debian teams wiki page about it (it would be great if YOU could fix that!), so that will probably be the next thing that will happen. As for version control we intend to use the collab-maint project on alioth. So joining the team is not done by joining the alioth project (technically you can do this, but it's rather pointless), but rather by putting the pkg-anonymity-tools mailing list into the Maintainer: field of your package (and you and other people into the Uploaders: field) and subscribing to that very mailing list. Once more packages are maintained that way we'll need to see whether we'll need more mailing lists (eg one specific for commit notifications) or if we rely on client side filtering only or what else should be done.

The example scripts (available in /usr/share/doc/torbrowser-launcher/examples in the package from sid or in git) show how to run torbrowser-launcher, confined with AppArmor, in Xephyr (a virtual Xserver running on another Xserver) as another user. This, using AppArmor and Xephyr, shall have two effects:

  • the browser process (and it's subprocesses) can - thanks to AppArmor confinement - only access a tiny part of the filesystem
  • the real Xserver is not exposed to the browser application, so hopefully that application cannot exploit bugs to grab keyboard input from other applications.

Does that really help? Feedback welcome.

Full quote of /usr/share/doc/torbrowser-launcher/examples/README:

torbrowser-launcher launcher scripts

These scripts are intended to run torbrowser-launcher (and thus torbrowser) as
another user in an Xephyr window server running inside your normal Xorg

They assume the following packages are installed:

- torbrowser-launcher
- apparmor
- xserver-xephyr, awesome
- sudo, slay, psmisc

AppArmor should be enabled, but doesn't have to. I followed the HowTo from, which can be summed up as just adding one
parameter to the kernel to enable it, followed by a reboot.

Using Apparmor has the advantage that the browser process cannot most of the
filesystem, eg saving downloads only works in ~/.torbrowser/tbb/x86_64/tor-browser_en-US/Desktop/

On wheezy, I'm using backports for torbrowser-launcher and apparmor.

The scripts assume they have been copied to /usr/local/bin/ and that there is
a user called "foo" (for running the actuall torbrowser(-launcher) process,
and that the current user has sudo rights for the following commands:

- sudo -i -u foo /usr/local/bin/tbb-l-wrapper
- sudo slay foo

There are two scripts, tbb-in-xephyr and tbb-l-wrapper. Only tbb-in-xephyr is
to be called directly and will result in torbrowser running in Xephyr.

Known problems:

- dbus is not started, so some input methods won't work. (Personally I don't
  want/need dbus though, so I'm awaiting a solution to
- not everybody likes awesome as the window manager being used ;)

Ideas, questions and ToDo:

- maybe all of this functionality could be integrated into.
  torbrowser-launcher itself, just writing this in shell was so easy.
- or for the time being, merge these two scripts into one, doing both,
  depending on how its called. Also make them run from everywhere.
- run this in an unprivileged LXC container, which is also apparmor confined.
- (when) does this double confinement make sense?
- use a more sensible named default user (instead of foo).
- there should really be an option, so torbrowser-launcher doesn't detach
  itself, so that this "while;ps fax|grep" hack can go away.
- ship an usable sudoers.d example too.
- support for more users / instances

Feedback welcome, especially accompanied by patches! 

Dimitri John Ledkov: What is net neutrality?

3 August, 2014 - 12:30
Sorry, the web page you have requested is not available through your internet connection.We have received an order from the Courts requiring us to prevent access to this site in order to help protect against Lex Julia Majestatis infridgement.If you are a home broadband customer, for more information on why certain web pages are blocked, please click here.If you are a business customer, or are trying to view this page through your company's internet connection, please click here. ∞

Junichi Uekawa: Linkig binaries.

3 August, 2014 - 09:04
Linkig binaries. Having come back to old boost code that I had, Boost binaries seem to require -lboost_system linked in. Hmm, wonder when that started happening.

Don Armstrong: ErgoDox keyboard assembly

3 August, 2014 - 01:46

I routinely use a Kinesis Advantage Pro keyboard, which is a split, ergonomic keyboard with thumb clusters that uses brown cherryMX switches. Over the thirteen years that I've been using it, I've become a huge fan of this style of keyboard. However, I have two major annoyances with the Kinesis. First, while the firmware is good, remapping the keys is complicated and producing more complicated keyboard layouts with layers and keycodes that are not present in the original layout is not possible. Secondly, the interconnect between the main key wells and the controller board in the middle occasionally fails, and requires disassembly and occasional re-tinning of the circuit board interconnect connector.

1 About a year ago, I became aware of the ErgoDox keyboard, which is a keyboard design which mimics the kinesis to some degree, but with completely separated key halves (useful, because I'm substantially bigger than the average human), programmable firmware (so I can finally have the layers and missing keys) and with slightly more elegant interconnects (TRRS cables). Unfortunately, at the time I first heard about it (and other custom keyboards), making it required sourcing circuit boards, parts, and finding someone to cut a case for the keyboard. Then, a few months ago, I learned about MassDrop, a company who puts together groups of people to do buys of products at near-wholesale level prices, and their offer of all of the parts to build an ErgoDox. After waiting for a group buy of the keyboard to become available, I put in an order, and received the parts two months later.

Over a few hours yesterday, I learned how to do surface mount soldering of the 78 diodes (one for each key), and finished assembling and flashing the firmware. This morning, I fixed up the few key bindings that I needed to be productive, and viola, my laptop at home now has a brand new ergonomic keyboard.

Raphaël Hertzog: My Free Software Activities in July 2014

2 August, 2014 - 05:13

This is my monthly summary of my free software related activities. If you’re among the people who made a donation to support my work (548.59 €, thanks everybody!), then you can learn how I spent your money. Otherwise it’s just an interesting status update on my various projects.

Distro Tracker

Now that is live, people reported bugs (on the new pseudo-package that I requested) faster than I could fix them. Still I spent many, many hours on this project, reviewing submitted patches (thanks to Christophe Siraut, Joseph Herlant, Dimitri John Ledkov, Vincent Bernat, James McCoy, Andrew Starr-Bochicchio who all submitted some patches!), fixing bugs, making sure the code works with Django 1.7, and started the same with Python 3.

I added a tox.ini so that I can easily run the test suite in all 4 supported environments (created by tox as virtualenv with the combinations of Django 1.6/1.7 and Python 2.7/3.4).

Over the month, the git repository has seen 73 commits, we fixed 16 bugs and other issues that were only reported over IRC in #debian-qa. With the help of Enrico Zini and Martin Zobel, we enabled the possibility to login via (Debian’s official SSO) so that Debian developers don’t even have to explicitly create their account.

As usual more help is needed and I’ll gladly answer your questions and review your patches.

Misc packaging work

Publican. I pushed a new upstream release of publican and dropped a useless build-dependency that was plagued by a difficult to fix RC bug (#749357 for the curious, I tried to investigate but it needs major work for make 4.x compatibility).

GNOME 3.12. With gnome-shell 3.12 hitting unstable, I had to update gnome-shell-timer (and filed an upstream ticket at the same time), a GNOME Shell extension to start some run-down counters.

Django 1.7. I packaged python-django 1.7 release candidate 1 in experimental (found a small bug, submitted a ticket with a patch that got quickly merged) and filed 85 bugs against all the reverse dependencies to ask their maintainers to test their package with Django 1.7 (that we want to upload before the freeze obviously). We identified a pain point in upgrade for packages using South and tried to discuss it with upstream, but after closer investigation, none of the packages are really affected. But the problem can hit administrators of non-packaged Django applications.

Misc stuff. I filed a few bugs (#754282 against git-import-orig –uscan, #756319 against wnpp to see if someone would be willing to package loomio), reviewed an updated package for django-ratelimit in #755611, made a non-maintainer upload of mairix (without prior notice) to update the package to a new upstream release and bring it to modern packaging norms (Mako failed to make an upload in 4 years so I just went ahead and did what I would have done if it were mine).

Kali work resulting in Debian contributions

Kali wants to switch from being based on stable to being based on testing so I did try to setup britney to manage a new kali-rolling repository and encountered some problems that I reported to debian-release. Niels Thykier has been very helpful and even managed to improve britney thanks to the very specific problem that the kali setup triggered.

Since we use reprepro, I did write some Python wrapper to transform the HeidiResult file in a set of reprepro commands but at the same time I filed #756399 to request proper support of heidi files in reprepro. While analyzing britney’s excuses file, I also noticed that the Kali mirrors contains many source packages that are useless because they only concern architectures that we don’t host (and I filed #756523 filed against reprepro). While trying to build a live image of kali-rolling, I noticed that libdb5.1 and db5.1-util were still marked as priority standard when in fact Debian already switched to db5.3 and thus should only be optional (I filed #756623 against

When doing some upgrade tests from kali (wheezy based) to kali-rolling (jessie based) I noticed some problems that were also affecting Debian Jessie. I filed #756629 against libfile-fcntllock-perl (with a patch), and also #756618 against texlive-base (missing Replaces header). I also pinged Colin Watson on #734946 because I got a spurious base-passwd prompt during upgrade (that was triggered because schroot copied my unstable’s /etc/passwd file in the kali chroot and the package noticed a difference on the shell of all system users).


See you next month for a new summary of my activities.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Ian Donnelly: How-To: Write a Plug-In (Part 1, The Basics)

2 August, 2014 - 03:19

Hi Everybody!

For the first part of my Plug-In tutorial, I am going to cover the basic overview of an elektra plug-in. This post just explains the basic format and functions of an Elektra plug-in, specifically a storage plug-in (this will be the focus of my tutorial).

All plug-ins use the same basic interface. This interface consists of five basic functions, elektraPluginOpen, elektraPluginGet, elektraPluginSet, elektraPluginError, and elektraPluginClose. The developer replaces ‘Plugin’ with the name of their plugin. So in the case of my plugin, the names of these functions would be elektraLineOpen(), elektraLineGet(), elektraLineSet(), elektraLineError(), and elektraLineClose(). Additionally, there is one more function called ELEKTRA_PLUGIN_EXPORT(plugin), where once again ‘Plugin” should be replaced with the name of the plug-in, this time in lower-case. So for my line plugin this function would be ELEKTRA_PLUGIN_EXPORT(line).

The KDB relies on the first five functions for interacting with configuration files stored in the key database.  Calls for kdbGet() and kdbClose() will call the functions elektraPluginGet() and elektraPluginClose() respectively for the plugin that was used to mount the configuration data. kdbSet() calls elektraPluginSet() but also elektraPluginError() when an error occurs. elektraPluginOpen() is called before the first call to elektraPluginGet() or elektraPluginSet(). These functions serve different purposes that allow the plug-in to work:

  • elektraPluginOpen() is designed to allow each plug-in to do initialization if necessary.
  • elektraPluginGet() is designed to turn information from a configuration file into a usable KeySet, this is technically the only function that is REQUIRED in a plug-in.
  • elektraPluginSet() is designed to store the information from the keyset back into a configuration file.
  • elektraPluginError() is designed to allow proper rollback of operations if needed and is called if any plugin fails during the set operation. This allows exception-safety.
  • elektraPluginClose() is used to free resources that might be required for the plug-in.
  • ELEKTRA_PLUGIN_EXPORT(Plugin) simply lets Elektra know that the plug-in exists and what the name of the above functions are.

Most simply put: most plug-ins consist of five major functions, elektraPluginOpen(), elektraPluginClose(), elektraPluginGet(), elektraPluginSet(), and ELEKTRA_EXPORT_PLUGIN(Plugin).

Because remembering all these functions can be cumbersome, we provide a skeleton plugin in order to easily create a new plugin. The skeleton plugin is called “template” and a new plugin can be created by calling the copy-template script. For example for my plugin I called

../../scripts/copy-template line

from within the plugins directory. Afterwards two important things are left to be done:

  1. remove all functions (and their exports) from the plugin that are not needed. For example not every plugin actually makes use of the elektraPluginOpen() function.
  2. provide a basic contract as described above

After these two steps your plugin is ready to be compiled, installed and mounted for the first time. Have a look at the mount tutorial for details on howto do this.

So Part 1 of the tutorial covers the implementation details for a plug-in. Next up will be Part 2, which will cover the theory behind contracts in Elektra as well as how to implement them.

Ian S. Donnelly

Gunnar Wolf: Wow. Just rejected an editorial offer...

2 August, 2014 - 00:32

Yes, I've been bragging about the Operating Systems book all over... Today, a colleague handed me a phone call from somebody at Editorial Patria, a well known educational editorial in Mexico. They are looking for material similar to what I wrote, but need the material to be enfocado a competencias — Focused on skills, a pedagogic fashion.

I was more than interested, of course. As it currently stands, I am very happy that our book is being used already at three universities in three countries (by the different authors) and have heard other people saying they would recommend it, and of course I'm interested in making our work have as big an impact as possible. Of course, we'd have to modify several aspects of the book to cater to the skills focus... But it would be great to have the book available at commercial bookstores. After all, university editions are never as widely circulated as commercial ones.

I had just one hard request to accept this: Our work must be distributed under a free licensing. Explicitly allow book photocopies and electronic distribution (didn't get into the "and modification" part, but I would eventually get there ;-) )

And... Of course, the negotiation immediately fell down. Editorials, this person says, live from selling individual books. She says she was turned down by another university professor and for another subject this same week.

So, yes, I took the opportunity to explain things as I (and the people that think as I do — Fortunately, not so few) see them. Yes, of course, editorials have to make a living. But text books are often photocopied as it is. Who buys a book? Whoever needs it. On one hand, if somebody will be using a book throughout a semester and it's reasonably priced (say, up to 3×cost of photocopies), they will probably buy it because it just works better (it is more comfortable to use and nicer to read).

If a teacher likes the explanation for a particular topic, it should be completely legal for him to distribute photocopies (or digital copies) of the specific material — And quite probably, among the students, more than one will end up appreciating the material enough to go look for the book in the library. And, as I have done throughout my life, if I read (in copies, electronically or in a library) a book I like... Quite probably I will go buy it.

So... Of course, she insisted it was against their corporate policy. I insisted on my explanation. I hope they meet many stubborn teachers refusing to distribute books under a non-free licensing. I hope I contributed to making a dent in an industry that must change. Yes, a very very small dent, but one that helps them break free from their obsolete mindset ;-)

(But yes, I don't know how long I will regret not being part of their very nice catalog of science and engineering books) ;-) )

Russell Coker: More BTRFS Fun

1 August, 2014 - 18:41

I wrote a BTRFS status report yesterday commenting on the uneventful use of BTRFS recently [1].

Early this morning the server that stores my email (which had 93 days uptime) had a filesystem related problem. The root filesystem became read-only and then the kernel message log filled with unrelated messages so there was no record of the problem. I’m now considering setting up rsyslogd to log the kernel messages to a tmpfs filesystem to cover such problems in future. As RAM is so cheap it wouldn’t matter if a few megs of RAM were wasted by that in normal operation if it allowed me to extract useful data when something goes really wrong. It’s really annoying to have a system in a state where I can login as root but not find out what went wrong.

After that I tried 2 kernels in the 3.14 series, both of which had kernel BUG assertions related to Xen networking and failed to network correctly, I filed Debian Bug #756714. Fortunately they at least had enough uptime for me to run a filesystem scrub which reported no errors.

Then I reverted to kernel 3.13.10 but the reboot to apply that kernel change failed. Systemd was unable to umount the root filesystem (maybe because of a problem with Xen) and then hung the system instead of rebooting, I filed Debian Bug #756725. I believe that if asked to reboot a system there is no benefit in hanging the system with no user space processes accessible. Here are some useful things that systemd could have done:

  1. Just reboot without umounting (like “reboot -nf” does).
  2. Pause for some reasonable amount of time to give the sysadmin a possibility of seeing the error and then rebooting.
  3. Go back to a regular runlevel, starting daemons like sshd.
  4. Offer a login prompt to allow the sysadmin to login as root and diagnose the problem.

Options 1, 2, and 3 would have saved me a bit of driving. Option 4 would have allowed me to at least diagnose the problem (which might be worth the drive).

Having a system on the other side of the city which has no remote console access just hang after a reboot command is not useful, it would be near the top of the list of things I don’t want to happen in that situation. The best thing I can say about systemd’s operation in this regard is that it didn’t make the server catch fire.

Now all I really know is that 3.14 kernels won’t work for my server, 3.13 will cause problems that no-one can diagnose due to lack of data, and I’m now going to wait for it to fail again. As an aside the server has ECC RAM and it’s hardware is known to be good, so I’m sure that BTRFS is at fault.

Related posts:

  1. BTRFS Status March 2014 I’m currently using BTRFS on most systems that I can...
  2. BTRFS Status April 2014 Since my blog post about BTRFS in March [1] not...
  3. BTRFS vs LVM For some years LVM (the Linux Logical Volume Manager) has...

Russell Coker: Links July 2014

31 July, 2014 - 21:38

Dave Johnson wrote an interesting article for Salon about companies ripping off the tax system by claiming that all their income is produced in low tax countries [1].

Seb Lee-Delisle wrote an insightful article about how to ask to get paid to speak [2]. I should do that.

Daniel Pocock wrote an informative article about the reConServer simple SIP conferencing server [3]. I should try it out, currently most people I want to conference with are using Google Hangouts, but getting away from Google is a good thing.

François Marier wrote an informative post about hardening ssh servers [4].

S. E. Smith wrote an interesting article “I Am Tired of Hearing Programmers Defend Gender Essentialism [5].

Bert Archer wrote an insightful article about lazy tourism [6]. His initial example of “love locks” breaking bridges was a bit silly (it’s not difficult to cut locks off a bridge) but his general point about lazy/stupid tourism is good.

Daniel Pocock wrote an insightful post about new developments in taxis, the London Taxi protest against Uber, and related changes [7]. His post convinced me that Uber is a good thing and should be supported. I checked the prices and unfortunately Uber is more expensive than normal taxis for my most common journey.

Cory Doctorow wrote an insightful article for The Guardian about the moral issues related to government spying [8].

The Verge has an interesting review of the latest Lytro Lightbox camera [9]. Not nearly ready for me to use, but interesting technology.

Prospect has an informative article by Kathryn Joyce about the Protestant child sex abuse scandal in the US [10]. Billy Graham’s grandson is leading the work to reform churches so that they protect children instead of pedophiles. Prospect also has an article by Kathryn Joyce about Christians home-schooling kids to try and program them to be zealots and how that hurts kids [11].

The Daily Beast has an interesting article about the way that the extreme right wing in the US are trying to kill people, it’s the right wing death panel [12].

Jay Michaelson wrote an informative article for The Daily Beast about right-wing hate groups in the US who promote the extreme homophobic legislation in Russia and other countries [13]. It also connects to the Koch brothers who seem to be associated with most evil. Elias Isquith wrote an insightful article for Salon about the current right-wing obsession with making homophobic discrimination an issue of “religious liberty” will hurt religious people [14]. He also describes how stupid the right-wing extremists are in relation to other issues too. has a really great comic explaning the economics of Social Security in the US [15]. They also have a comic explaining the TPP which is really good [16]. They sell a comic book about economics which I’m sure is worth buying. We need to have comics explaining all technical topics, it’s a good way of conveying concepts. When I was in primary school my parents gave me comic books covering nuclear physics and other science topics which were really good.

Mia McKenzie wrote an insightful article for about dealing with racist white teachers [17]. I think that it would be ideal to have a school dedicated to each minority group with teachers from that group.

Related posts:

  1. Links July 2013 Wayne Mcgregor gave an interesting TED talk about the creative...
  2. Links May 2014 Charmian Gooch gave an interesting TED talk about her efforts...
  3. Links June 2014 Russ Albery wrote an insightful blog post about trust, computer...

Craig Small: Linux Capabilities

31 July, 2014 - 20:58

I was recently updating some code that uses fping. Initially it used exec() that was redirected to a temporary file but I changed it to use popen.  While it had been a while since I’ve done this sort of thing, I do recall there was an issue with running popen on setuid binary.  A later found it is mainly around setuid scripts which are very problematic and there are good reasons why you don’t do this.

Anyhow, the program worked fine which surprised me. Was fping setuid root to get the raw socket?

$ ls -l /usr/bin/fping
-rwxr-xr-x 1 root root 31464 May  6 21:42 /usr/bin/fping

It wasn’t which at first all I thought “ok, so that’s why popen is happy”. The way that fping and other programs work is they bind to a raw socket. This socket sits below the normal type sockets such as the ones used for TCP and UDP and normal users cannot use them by default. So how did fping work it’s magic and get access to this socket? It used Capabilities.


Previously getting privileged features had a big problem; it was an all or nothing thing. You want access to a raw socket? Sure, be setuid but that means you also could, for example, read any file on the system or set passwords. Capabilites provide a way of giving programs some better level of access, but not a blank cheque.

The tool getcap is the way of determining what capabilities are found on a file. These capabilities are attributes on the file which, when the file is run, turn into capabilities or extra permissions. fping has the capability cap_net_raw+ep applied to it. This gives access to the RAW and PACKET sockets which is what fping needs. The +ep after the capability name means it is an Effective and Permitted capability, which describes what happens with child processes and dropping privileges.

I hadn’t seen these Capabilities before. They are a nice way to give your programs the access they need, but limiting the risk of something going wrong and having a rouge program running as root.

Related articles

Steve Kemp: luonnos viesti - 31 heinäkuu 2014

31 July, 2014 - 20:54

Yesterday I spent a while looking at the Debian code search site, an enormously useful service allowing you to search the code contained in the Debian archives.

The end result was three trivial bug reports:

#756565 - lives

Insecure usage of temporary files.

A CVE-identifier should be requested.

#756566 - libxml-dt-perl

Insecure usage of temporary files.

A CVE-identifier has been requested by Salvatore Bonaccorso, and will be added to my security log once allocated.

756600 - xcfa

Insecure usage of temporary files.

A CVE-identifier should be requested.

Finding these bugs was a simple matter of using the code-search to look for patterns like "system.*>.*%2Ftmp".

Perhaps tomorrow somebody else would like to have a go at looking for backtick-related operations ("`"), or the usage of popen.

Tomorrow I will personally be swimming in a loch, which is more fun than wading in code..


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้