Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 1 hour 8 min ago

Lucy Wayland: The Red Shoes

1 January, 2017 - 23:49

Just been watching the video for Kate Bush “The Red Shoes” (I have actually seen the 1948 film). I came to a strange realisation. Activism, especially LGBTQ activism, is like the Red Shoes. When you put them on, you dance their dance, and you can never take them off.

I wonder how many other people have had this happen to them, and understand.

Junichi Uekawa: Tried writing an app with WebAudio.

1 January, 2017 - 19:26
Tried writing an app with WebAudio. I haven't found a way to easily write musical things with this, and so far I have only saw raw Hz and msec waiting kind of APIs. Feels pretty raw. My test app that asks you what note was played is here.

Joey Hess: p2p dreams

1 January, 2017 - 10:59

In one of the good parts of the very mixed bag that is "Lo and Behold: Reveries of the Connected World", Werner Herzog asks his interviewees what the Internet might dream of, if it could dream.

The best answer he gets is along the lines of: The Internet of before dreamed a dream of the World Wide Web. It dreamed some nodes were servers, and some were clients. And that dream became current reality, because that's the essence of the Internet.

Three years ago, it seemed like perhaps another dream was developing post-Snowden, of dissolving the distinction between clients and servers, connecting peer-to-peer using addresses that are also cryptographic public keys, so authentication and encryption and authorization are built in.

Telehash is one hopeful attempt at this, others include snow, cjdns, i2p, etc. So far, none of them seem to have developed into a widely used network, although any of them still might get there. There are a lot of technical challenges due to the current Internet dream/nightmare, where the peers on the edges have multiple barriers to connecting to other peers.

But, one project has developed something similar to the new dream, almost as a side effect of its main goals: Tor's onion services.

I'd wanted to use such a thing in git-annex, for peer-to-peer sharing and syncing of git-annex repositories. On November 13th, I started building it, using Tor, and I'm releasing it concurrently with this blog post.

git-annex's Tor support replaces its old hack of tunneling git protocol over XMPP. That hack was unreliable (it needed a TCP on top of XMPP layer) but worse, the XMPP server could see all the data being transferred. And, there are fewer large XMPP servers these days, so fewer users could use it at all. If you were using XMPP with git-annex, you'll need to switch to either Tor or a server accessed via ssh.

Now git-annex can serve a repository as a Tor onion service, and that can then be accessed as a git remote, using an url like tor-annex::tungqmfb62z3qirc.onion:42913. All the regular git, and git-annex commands, can be used with such a remote.

Tor has a lot of goals for protecting anonymity and privacy. But the important things for this project are just that it has end-to-end encryption, with addresses that are public keys, and allows P2P connections. Building an anonymous file exchange on top of Tor is not my goal -- if you want that, you probably don't want to be exchanging git histories that record every edit to the file and expose your real name by default.

Building this was not without its difficulties. Tor onion services were originally intended to run hidden websites, not to connect peers to peers, and this kind of shows..

Tor does not cater to end users setting up lots of Onion services. Either root has to edit the torrc file, or the Tor control port can be used to ask it to set one up. But, the control port is not enabled by default, so you still need to su to root to enable it. Also, it's difficult to find a place to put the hidden service's unix socket file that's writable by a non-root user. So I had to code around this, with a git annex enable-tor that su's to root and sets it all up for you.

One interesting detail about the implementation of the P2P protocol in git-annex is that it uses two Free monads to build up actions. There's a Net monad which can be used to send and receive protocol messages, and a Local monad which allows only the necessary modifications to files on disk. Interpreters for Free monad actions can chose exactly which actions to allow for security reasons.

For example, before a peer has authenticated, the P2P protocol is being run by an interpreter that refuses to run any Local actions whatsoever. Other interpreters for the Net monad could be used to support other network transports than Tor.

When when two peers are connected over Tor, one knows it's talking to the owner of a particular onion address, but the other peer knows nothing about who's talking to it, by design. This makes authentication harder than it would be in a P2P system with a design like Telehash. So git-annex does its own authentication on top of Tor.

With authentication, users would need to exchange absurdly long addresses (over 150 characters) to connect their repositories. One very convenient thing about using XMPP was that a user would have connections to their friend's accounts, so it was easy to share with them. Exchanging long addresses is too hard.

This is where Magic Wormhole saved the day. It's a very elegant way to get any two peers in touch with each other, and the users only have to exchange a short code phrase, like "2-mango-delight", which can only be used once. Magic Wormhole makes some security tradeoffs for this simplicity. It's got vulnerabilities to DOS attacks, and its MITM resistance could be improved. But I'm lucky it came along just in time.

So, it takes only installing Tor and Magic Wormhole, running two git-annex commands, and exchanging short code phrases with a friend, perhaps over the phone or in an encrypted email, to get your git-annex repositories connected and syncing over Tor. See the documentation for details. Also, the git-annex webapp allows setting the same thing up point-and-click style.

The Tor project blog has throughout December been featuring all kinds of projects that are using Tor. Consider this a late bonus addition to that. ;)

I hope that Tor onion services will continue to develop to make them easier to use for peer-to-peer systems. We can still dream a better Internet.

This work was made possible by all my supporters on Patreon.

Russ Allbery: Review: Secrets of Productive People

1 January, 2017 - 10:54

Review: Secrets of Productive People, by Mark Forster

Publisher: Teach Yourself Copyright: 2015 ISBN: 1-4736-0885-6 Format: Kindle Pages: 289

Regular readers of my reviews will know that Mark Forster is my favorite writer on time management and productivity. That's mostly because of his flexible toolkit approach that talks about theory and overall goals and then describes multiple ways to get there, rather than presenting a single system that will solve all your problems. There are a lot of writers who explain productivity tips and tricks or describe systems that work for them. There are fewer who can explain why those tricks work (and why they sometimes don't work), and even fewer who can put them into a meaningful analytical framework for thinking about productivity.

Forster has several books, but they're a mixed bag. His clearest and most coherent book prior to this one was Do It Tomorrow. Secrets of Productive People is organized differently, chopped up in to small bite-sized chunks with synopses to an extent that it felt a bit choppy to me, but apart from that it's the closest I've seen to an updating of Do It Tomorrow. His other books can be slight (The Pathway to Awesomeness) or downright weird (How to Make Your Dreams Come True). I still have a soft spot for Do It Tomorrow, and I like how it was organized a bit better than this one, but I think Secrets of Productive People has become my new recommendation for where to start with Forster.

Secrets of Productive People is divided into five sections: The basics of productivity, the productive attitude, productive projects, aids to productivity, and productivity in action. Each part is divided into several small chapters, which open with a generous helping of quotes about some productivity topic (and I'm going to go back and save some of those), present some easily-digestible related set of thoughts (usually with an exercise), and conclude with a summary. Each chapter is about the length of a long blog post. I think this structure interferes with developing an idea at greater length, but it does make for good reading material in an environment where you're regularly interrupted or only have five or ten minutes.

I think I've mentioned in every review that Forster won me over by being willing to talk about the problems with attempting to do too much, not just presenting a system to allow one to accomplish more. Some other books, such as David Allen's famous Getting Things Done, seem to assume you already know what you need to get done, or will easily be able to figure that out when you think for a while, and just need a system to manage all the things you've decided to do. Forster takes the opposite approach, and this book is the clearest yet on this point: most productivity problems are not from being insufficiently efficient, but from doing the wrong things and too many things. You don't need more time; everyone gets the same amount of time. You need to do the right things with the time you have, and that usually means doing fewer things.

Readers of Forster's previous books will recognize many of the themes here. Some of the techniques from Do It Tomorrow and some of the exercises from Get Everything Done show up again here. But Forster has streamlined and focused the advice, discarded some things, made his task management recommendations less elaborate and more focused, and spends much more time hammering home the point that the only prioritization that really matters is whether you commit to doing something or don't.

The specific task management system he recommends here is one of the variations he's been talking about in his blog and is much simpler than the Do It Tomorrow system: pick five tasks, work on them until you've finished three of them, and then refill to five tasks. I've been using it since reading this book, replacing one of Forster's more elaborate systems from his blog, and it's surprisingly effective. He breaks down in some detail why this works and how to extract additional useful feedback information from it, and now I want to do some of the additional exercises he describes. (That said, I'm still dubious about his advice to not keep any larger to-do list and only rely on your analysis at the time of refilling the list to decide what to do. I use this system with a supplemental, longer list of ideas for future tasks, and that works better for me, although I do have to fight forming a sense of obligation about the things on the longer list. David Allen still has a point that if you don't write down a complete inventory of the things you're worrying about, your brain will try to obsess over them to keep from forgetting them.)

The productive projects section told me some things I needed to hear about time commitments. Projects take regular, focused attention, and starting numerous things without giving them that attention is much worse than doing far fewer things but doing them regularly and reliably. I think Forster's coaching on focus and persistence is very valuable; the trick, of course, is building up your willpower for it and learning to say no. This is in-line with recent psychological analysis of multi-tasking and its various negative effects. The working to-do list capped at five things provides enough variety to mentally shift gears if one runs out of steam on some specific project while maintaining enough focus to not leave things behind half-done.

The productivity aids section provides a more random collection of tips and tricks, many of which I've seen before in his previous books. I've mostly not tried these, so can't say much about how effective they are, but Forster's ideas almost always sound interesting and plausible.

I thought the weakest part of the book was the last section, on applied productivity. Here, Forster takes various life areas (exercise, parenting, finances, writing, etc.) and talks about how the principles of this book can be applied to them. Each area could be a book in itself, and the short essay format of these chapters doesn't do justice to large topics. The result is a rather repetitive section that just stresses analysis, metrics, and repeated, focused attention — all valid points, but ones you can pick up from the previous chapters. I don't think these case studies added much value.

Do It Tomorrow is still my favorite Forster book to read, but I think Secrets of Productive People is now the best and most polished overview of his time management and productivity approach. If you're interested in this topic and not already sick of Forster from my previous recommendations, this would be a great place to start. I got a lot out of it even with all the time management reading I've previously done, and will probably re-read sections of it and try more of the exercises.

Rating: 9 out of 10

Sam Hartman: 2016

1 January, 2017 - 07:49
I was in such a different place at the beginning of 2016: I was poised to continue to work to help the world find love. Professionally, I was ready to make a much needed transition and find new projects to work on.

The year 2016 sucked. It feels like the year was filled with many different versions of the universe saying "Not interested in what you have to offer." At the beginning of the year, I had the energy to try and reach across large disagreements and help find common ground even when compromise was not possible. Now, my blog lies fallow because I cannot find the strength to be vulnerable enough to write what I would choose to say. Certainly a lot of the global changes of the last year have felt like a strong rejection of the world I'd like to see. However, many of the rejections have been personal. Beyond that, most of the people who stood as pillars of support in my life, together helping me find the strength to be vulnerable, are no longer available.

When the universe sends such strong messages, it's a good idea to ask whether you are on the right path. I certainly have discovered training I need and things I need to improve in order to avoid making costly mistakes that hurt others. However, among the rejections were clear demonstrations of the value of reaching out with love and compassion. Besides, this is what I'm called to do. It's what I want to do. I certainly will not force it on anyone. But it looks like the next few years may be a hard struggle to find pockets of people interested in that work, finding people who will choose love even in the current world, along with some difficult training to learn from challenges of the last year.

Amongst all this, my life if filled with love. There are new connections even as old connections are strained. There is always the hope of finding new ways to connect when the old ones are no longer right. I will rebuild and regain safety. I have the tools to do that. The process is just long and complicated.

Enrico Zini: Links for January 2017

1 January, 2017 - 06:00
systemd: Masking units [archive]
A good explanation of the three level of "stopping" a service in systemd, with a focus on masking.
How Skype fixes security vulnerabilities
«This post describes my fruitless effort to convince Microsoft employees that Their service is vulnerable, and the humiliation one has to go through should One’s account be blocked by a hacker. This is a story of ignorance, pain and Despair.»
Mapping the Shadows of New York City: Every Building, Every Block
«You’re looking at a map of all of the shadows produced by thousands of buildings in New York City over the course of one day. This inverted view tells the story of the city’s skyline at the ground level.»

Steve Kemp: So I'm gonna start doing arduino-things

1 January, 2017 - 00:15

Since I've got a few weeks off I've decided I need to find a project, or two, to occupy me. Happily the baby is settling in well, mostly he sleeps for 4-5 hours, then eats, before the cycle repeats. It could have been so much worse.

My plan is to start exploring Arduino-related projects. It has been years since I touched hardware, with the exception of building a new PC for myself every 12-48 months.

There are a few "starter kits" you can buy, consisting of a board, and some discrete components such as a bunch of buttons, an LCD-output screen, some sensors (pressure, water, tilt), etc.

There are also some nifty little pre-cooked components you can buy such as:

The appeal of the former is that I can get the hang of marrying hardware with software, and the appeal of the latter is that the whole thing is pre-built, so I don't need to worry about anything complex. Looking over similar builds people have made, the process is more akin to building with Lego than real hardware-assembling.

So, for the next few weeks my plan is to :

  • Explore the various sensors, and tutorials, via the starter-kit.
  • Wire the MP3-playback device to a wireless D1-mini-board.
    • Which will allow me to listen to (static) music stored on an SD-card.
    • And sending "next", "previous", "play", "volume-up", etc, via a mobile.

The end result should be that I will be able to listen to music in my living room. Albeit in a constrained fashion (if I want to change the music I'll have to swap out the files on the SD-card). But it's something that's vaguely useful, and something that I think is within my capability, even as a beginner.

I'm actually not sure what else I could usefully do, but I figured I could probably wire up a vibration sensor to another wireless board. The device can sit on the top of my washing machine:

  • If vibration is sensed move into the "washing is on" state.
    • If vibration stops after a few minutes move into the "washing machine done" state.
      • Send a HTTP GET-request, which will trigger an SMS/similar.

There's probably more to it than that, but I expect that a simple vibration sensor will be sufficient to allow me to get an alert of some kind when the washing machine is ready to be emptied - and I don't need to poke inside the guts of the washing machine, nor hang reed-switches off the door, etc.

Anyway the only downside to my plan is that no doubt shipping the toys from AliExpress will take 2-4 weeks. Oops.

Jonathan McDowell: IMDB Top 250: Complete. Sort of.

31 December, 2016 - 23:01

Back in 2010, inspired by Juliet, I set about doing 101 things in 1001 days. I had various levels of success, but one of the things I did complete was the aim of watching half of the IMDB Top 250. I didn’t stop at that point, but continued to work through it at a much slower pace until I realised that through the Queen’s library I had access to quite a few DVDs of things I was missing, and that it was perfectly possible to complete the list by the end of 2016. So I did.

I should point out that I didn’t set out to watch the list because I’m some massive film buff. It was more a mixture of watching things that I wouldn’t otherwise choose to, and also watching things I knew were providing cultural underpinnings to films I had already watched and enjoyed. That said, people have asked for some sort of write up when I was done. So here are some random observations, which are almost certainly not what they were looking for.

My favourite film is not in the Top 250

First question anyone asks is “What’s your favourite film?”. That depends a lot on what I’m in the mood for really, but fairly consistently my answer is The Hunt for Red October. This has never been in the Top 250 that I’ve noticed. Which either says a lot about my taste in films, or the Top 250, or both. Das Boot was in the list and I would highly recommend it (but then I like all submarine movies it seems).

The Shawshank Redemption is overrated

I can’t recall a time when The Shawshank Redemption was not top of the list. It’s a good film, and I’ve watched it many times, but I don’t think it’s good enough to justify its seemingly unbroken run. I don’t have a suggestion for a replacement, however.

The list is constantly changing

I say I’ve completed the Top 250, but that’s working from a snapshot I took back in 2010. Today the site is telling me I’ve watched 215 of the current list. Last night it was 214 and I haven’t watched anything in between. Some of those are films released since 2010 (in particular new releases often enter high and then fall out of the list over a month or two), but the current list has films as old as 1928 (The Passion of Joan of Arc) that weren’t there back in 2010. So keeping up to date is not simply a matter of watching new releases.

The best way to watch the list is terrestrial TV

There were various methods I used to watch the list. Some I’d seen in the cinema when they came out (or was able to catch that way anyway - the QFT showed Duck Soup, for example). Netflix and Amazon Video had some films, but overall a very disappointing percentage. The QUB Library, as previously mentioned, had a good number of DVDs on the list (especially the older things). I ended up buying a few (Dial M for Murder on 3D Bluray was well worth it; it’s beautifully shot and unobtrusively 3D), borrowed a few from friends and ended up finishing off the list by a Lovefilm one month free trial. The single best source, however, was UK terrestrial TV. Over the past 6 years Freeview (the free-to-air service here) had the highest percentage of the list available. Of course this requires some degree of organisation to make sure you don’t miss things.

Films I enjoyed

Not necessarily my favourite, but things I wouldn’t have necessarily watched and was pleasantly surprised by. No particular order, and I’m leaving out a lot of films I really enjoyed but would have got around to watching anyway.

  • Clint Eastwood films - Gran Torino and Million Dollar Baby were both excellent but neither would have appealed to me at first glance. I hated Unforgiven though.
  • Jimmy Stewart. I’m not a fan of It’s a Wonderful Life (which I’d already watched because it’s Lister’s favourite film), but Harvey is obviously the basis of lots of imaginary friend movies and Rear Window explained a Simpsons episode (there were a lot of Simpsons episodes explained by watching the list).
  • Spaghetti Westerns. I wouldn’t have thought they were my thing, but I really enjoyed the Sergio Leone films (A Fistful of Dollars etc.). You can see where Tarantino gets a lot of his inspiration.
  • Foreign language films. I wouldn’t normally seek these out. And in general it seems I cannot get on with Italian films (except Life is Beautiful), but Amores Perros, Amelie and Ikiru were all better than expected.
  • Kind Hearts and Coronets. For some reason I didn’t watch this until almost the end; I think the title always put me off. Turned out to be very enjoyable.
Films I didn’t enjoy

I’m sure these mark me out as not being a film buff, but there are various things I would have turned off if I’d caught them by accident rather than setting out to watch them.

I’ve kept the full list available, if you’re curious.

Chris Lamb: Free software activities in December 2016

31 December, 2016 - 17:40

Here is my monthly update covering what I have been doing in the free software world (previous month):

  • Celebrated my 10-year anniversary of contributing to Debian.
  • Made a number of improvements to AptFS, my FUSE-based filesystem that provides a view on unpacked Debian source packages as regular folders, including move from the popen2 Python module to subprocess and correcting the parsing of package lists.
  • Corrected an UnboundLocalError exception in the Finnish social security number generator in faker, a tool to generate test data in Python applications. (#441)
  • Made a small change to (my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds on every code change) to fix an issue with malformed YAML.
  • Added the ability to specify the clone target to gbp-import-dsc etc. in git-buildpackage, a tool to build Debian packages using Git. (commit)
  • Filed three issues against the Redis key-value database:
    • Tests fail on the alpha architecture due to "memory efficiency". (#3666)
    • Please update hiredis (#3687)
    • Correct "whenever" typo. (#3652)
Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to permit verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

This month:

I also made the following changes to our tooling:


diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • Optimisations:
    • Avoid unnecessary string manipulation writing --text output (~20x speedup).
    • Avoid n iterations over archive files (~8x speedup).
    • Don't analyse .deb s twice when comparing .changes files (2x speedup).
    • Avoid shelling out to colordiff by implementing color support directly.
    • Memoize calls to distutils.spawn.find_executable to avoid excessive stat(1) syscalls.
  • Progress bar:
    • Show current file / ELF section under analysis etc. in progress bar.
    • Move the --status-fd output to use JSON and to include the current filename.
  • Code tidying:
    • Split out the client so that it can be released separately on PyPI.
    • Completely rework the diffoscope and diffoscope.comparators modules, grouping similar utilities into their own modules, etc.
  • Miscellaneous:
    • Update dex_expected_diffs test to ensure compatibility with enjarify ≥ 1.0.3.
    • Ensure that running from Git will always use that checkout's Python modules.
    • Add a simple profiling framework.


strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.

  • Makefile.PL: Change NAME argument to a Perl package name.
  • Ensure our binaries are available in autopkgtest tests.

trydiffoscope is a web-based version of the diffoscope in-depth and content-aware diff utility. Continued thanks to Bytemark for sponsoring the hardware.

  • Show progress bar and position in queue, etc. (#25 & #26)
  • Promote command-line client with PyPI instructions.
  • Increase comparison time limit to 90 seconds. is my experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them.

  • Added support for version 0.2 .buildinfo files. (#15)

Debian Debian LTS

This month I have been paid to work 13½ hours on Debian Long Term Support (LTS). In that time I did the following:

  • "Frontdesk" duties, triaging CVEs, etc.
  • Issued DLA 733-1 for openafs, fixing an information leak vulnerability. Due to incomplete initialization or clearing of reused memory, directory objects could contain 'dead' directory entry information.
  • Issued DLA 734-1 for mapserver closing an information leakage vulnerability.
  • Issued DLA 737-1 for roundcube preventing arbitrary remote code execution by sending a specially crafted email.
  • Issued DLA 738-1 for spip patching a cross-site scripting (XSS) vulnerability.
  • Issued DLA 740-1 for libgsf fixing a null pointer deference exploit via a crafted .tar file.
Debian Uploads
  • redis:
    • 3.2.5-5 — Add RunTimeDirectory=redis to systemd .service files.
    • 3.2.5-6 — Add missing Depends on lsb-base for /lib/lsb/init-functions usage in redis-sentinel's initscript.
    • 3.2.6-1 — New upstream release.
    • 4.0-1 & 4.0-rc2-1 — New upstream experimental releases.
  • aptfs: 0.9-1 & 0.10-1 — New upstream releases.
Debian bugs filed

I filed 29 FTBFS bugs against a7xpg, conntrack-tools, factory-boy, faker, glimpse, gunroar, hexchat-otr, jackson-datatype-guava, jalview, jquery, kodi-pvr-mythtv, leap-cli, libbio-graphics-perl, libparanoid-perl, libsass-python, metastudent-data, node-temporary, node-yargs, python-requests-unixsocket, python-restless, ruby-bunny, ruby-github-markup, ruby-rabl, sagenb-export, seaborn, soapdenovo2, titanion, ufw & vagrant-cachier.

I additionally filed 2 bugs for packages that access the internet during build against fence-agents & lua-geoip.

Debian FTP Team

As a Debian FTP assistant I ACCEPTed 107 packages: android-platform-libcore, compiz, debian-edu, dehydrated, dh-cargo, gnome-shell-extension-pixelsaver, golang-1.8, golang-github-btcsuite-btcd-btcec, golang-github-elithrar-simple-scrypt, golang-github-pelletier-go-toml, golang-github-restic-chunker, golang-github-weaveworks-mesh, golang-google-genproto, igmpproxy, jimfs, kpmcore, libbio-coordinate-perl, libdata-treedumper-oo-perl, libdate-holidays-de-perl, libpgobject-type-bytestring-perl, libspecio-library-path-tiny-perl, libterm-table-perl, libtext-hogan-perl, lighttpd, linux, linux-signed, llmnrd, lua-geoip, lua-sandbox-extensions, lua-systemd, node-cli-cursor, node-command-join, node-death, node-detect-indent, node-domhandler, node-duplexify, node-end-of-stream, node-first-chunk-stream, node-from2, node-glob-stream, node-has-binary, node-inquirer, node-interpret, node-is-negated-glob, node-is-unc-path, node-lazy-debug-legacy, node-lazystream, node-load-grunt-tasks, node-merge-stream, node-object-assign-sorted, node-orchestrator, node-pkg-up, node-resolve-from, node-resolve-pkg, node-rx, node-sorted-object, node-stream-shift, node-streamtest, node-string.prototype.codepointat, node-strip-bom-stream, node-through2-filter, node-to-absolute-glob, node-unc-path-regex, node-vinyl, openzwave, openzwave-controlpanel, pcb-rnd, pd-upp, pg-partman, postgresql-common, pybigwig, python-acora, python-cartopy, python-codegen, python-efilter, python-flask-sockets, python-intervaltree, python-jsbeautifier, python-portpicker, python-pretty-yaml, python-protobix, python-sigmavirus24-urltemplate, python-sqlsoup, python-tinycss, python-watson-developer-cloud, python-zc.customdoctests, python-zeep, r-cran-dbitest, r-cran-dynlm, r-cran-mcmcpack, r-cran-memoise, r-cran-modelmetrics, r-cran-plogr, r-cran-prettyunits, r-cran-progress, r-cran-withr, ruby-clean-test, ruby-gli, ruby-json-pure, ruby-parallel, rustc, sagemath, sbuild, scram, sidedoor, toolz & yabasic.

I additionally filed 4 RC bugs against packages that had incomplete debian/copyright files against jimfs, compiz, python-efilter & ruby-json-pure.

Sean Whitton: Burkeman on time management

31 December, 2016 - 15:34

Burkeman: Why time management is ruining our lives

Over the past semester I’ve been trying to convince one graduate student and one professor in my department to use Inbox Zero to get a better handle on their e-mail inboxes. The goal is not to be more productive. The two of them get far more academic work done than I do. However, both of them are far more stressed than I am. And in the case of the graduate student, I have to add items to my own to-do list to chase up e-mails that I’ve sent him, which only spreads this stress and tension around.

The graduate student sent me this essay by Oliver Burkeman about how these techniques can backfire, creating more stress, tension and anxiety. It seems to me that this happens when we think of these techniques as having anything to do with productivity. Often people will say “use this technique and you’ll be less stressed, more productive, and even more productive because you’re less stressed.” Why not just say “use this technique and you’ll be less anxious and stressed”? This is a refusal to treat lower anxiety as merely a means to some further end. People can autonomously set their own ends, and they’ll probably do a better job of this when they’re less anxious. Someone offering a technique to help with their sense of being overwhelmed need not tell them what to do with their new calm.

It might be argued that this response to Burkeman fails to address the huge sense of obligation that an e-mail inbox can generate. Perhaps the only sane response to this infinite to-do list is to let it pile up. If we follow a technique like Inbox Zero, don’t we invest our inbox with more importance than it has? Like a lot of areas of life, the issue is that the e-mails that will advance truly valuable projects and relationships, projects of both ourselves and of others, are mixed in with reams of stuff that doesn’t matter. We face this situation whenever we go into a supermarket, or wonder what to do during an upcoming vacation. In all these situations, we have a responsibility to learn how to filter the important stuff out, just as we have a responsibility to avoid reading celebrity gossip columns when we are scanning through a newspaper. Inbox Zero is a technique to do that filtering in the case of e-mail. Just letting our inbox pile up is an abdication of responsibility, rather than an intelligent response to a piece of technology that most of the world abuses.

Russ Allbery: Review: Magician's Gambit

31 December, 2016 - 10:34

Review: Magician's Gambit, by David Eddings

Series: The Belgariad #3 Publisher: Del Rey Copyright: June 1983 Printing: February 1990 ISBN: 0-345-33545-7 Format: Mass market Pages: 305

Magician's Gambit is the third book of the Belgariad, and although it's the best, you probably can't start here. Too much setup has already happened by this point of the story.

In retrospect, it's my memories of this book that led me to hang on to this series all these years and pick it up for a re-read. Garion has finally gotten past his whining (mostly), the party puts Ce'Nedra in a hole and leaves here there for a bunch of the book, and the characters finally do something concrete (and significant) in advancement of the plot. Eddings does a good job of avoiding the series problem of saving up all the climactic moments for the end of the story and instead adds a very good middle climax to the story that wraps up the main plot line of the first three books.

I think this is also the book that best displays the interestingly quirky ways that Eddings approaches the epic fantasy genre. (Now to figure out how to talk about them without spoiling the story....)

One of my favorite bits in this series is the dry voice in the back of Garion's head. I don't want to say too much about it, since discovering the nature of that voice slowly over the series is part of the fun. But this is the book where most of that mystery is revealed, and it's a rather different spin on the wise advisor trope. Garion has more than the usual number of mentor figures, and like many books of this type they function partly as plot devices to force the story down the correct path. One of the things that makes plot devices irritating is that they feel forced on the story from outside. Eddings here pulls a trick to embed that device inside the story, so it feels less like the hand of the author and more like an aspect of the mythology. I'm not sure it would work for everyone, and the execution isn't that sophisticated, but it's entertained me every time I read this series.

It helps that the voice is an interesting character in its own right, and one of the few characters in the book who takes Garion seriously and explains things to him. By comparison, Belgarath and Polgara are still annoyingly high-handed and uncommunicative (particularly Polgara).

Another highlight of this book is a lovely interlude in Belgarath's home, where we meet some of his colleagues (Beldin is a delight) and Garion finally starts experimenting with his own power. I mostly read this series for the supporting characters, not for Garion, who spends far too much time whining and most of the rest of the time being just neutrally there. But in this book Eddings finally gives him some moments of real awe and discovery, using one of my favorite approaches to the powerful chosen one character: making normally-hard things easy but normally-easy things unintuitive because they think about magic differently than anyone else. Most of the moments when Garion does something that shouldn't be possible are highlights.

We also get nearly the final characters for Garion's band, and they're good ones. Relg is mostly amusing in some of his later reactions to specific characters and is a bit tedious in this book, but Errand is a unique idea and one of my favorite characters of the series. He fits well with the tendency of this series to not take itself, or power, or mythology, too seriously. Eddings avoids the trap of making everything Significant and Fraught; characters snark and do things on a whim, power has funny side effects, and the most powerful object in the story is treated in a way that has one both laughing and flinching at the same time. (It's a nice twist on and homage to some of the trappings around the One Ring, while making it far more light-hearted.)

There are a few things I could complain about (the gender stereotyping between Garion and Ce'Nedra is so strong, for instance), but they're more minor here than in previous books. I enjoy reading about characters doing things they're very good at, and there's quite a lot of that here. (That said, I do feel like I should mention somewhere that one of the characters is very good at killing Murgos, who are supposedly human. I suppose it wouldn't be epic fantasy without a bit of casual genocide, and to be fair the Murgos in question are mostly trying to track down and kill the party, but the way that's played partly for laughs gets distasteful if one thinks about it too much.)

This series is at its best when it balances dramatic prophecy with irreverent poking, gives the protagonists moments of odd and very human joy (Garion's colt!), and celebrates the unlikely and unexpected collection of people (or fable characters) who are drawn together by the story. I think this book hits those notes well, and although the flaws of the previous books are still there, they're muted and don't get as much screen time. Instead, we get some fun foreshadowing, a sense of power and growth, a few moments of delight and awe, and a lot of the sort of exasperated wise-cracking common to experienced people who trust each other and are working together on something hard.

Magician's Gambit, and this whole series, will not be to everyone's taste, but it's the first book of the series I can comfortably recommend if you like this sort of thing.

Followed by Castle of Wizardry.

Rating: 8 out of 10

Antoine Beaupré: My free software activities, November and December 2016

31 December, 2016 - 05:00
Debian Long Term Support (LTS)

Those were 8th and 9th months working on Debian LTS started by Raphael Hertzog at Freexian. I had trouble resuming work in November as I had taken a long break during the month and started looking at issues only during the last week of November.

Imagemagick, again

I have, again, spent a significant amount of time fighting the ImageMagick (IM) codebase. About 15 more vulnerabilities were found since the last upload, which resulted in DLA-756-1 where I unfortunately forgot to mention that CVE-2016-8677 and CVE-2016-9559, something that was noticed by my colleague Roberto after the upload... More details about the upload are available in the announcement.

When you consider that I worked on IM back in october, which lead to an upload near the end of November covering around 80 more vulnerabilities, it doesn't look good for the project at all. Of the 15 vulnerabilities I worked on, only 6 had CVEs assigned and I had to request CVEs for the other 9 vulnerabilities plus 11 more that were still unassigned. This lead to the assignment of 25 distinct CVE identifiers as a lot of issues were found to be distinct enough to warrant their own CVEs.

One could also question how many of those issues affect the fork, Graphicsmagick. A lot of the vulnerabilities were found through fuzzing searches and the lack of a complete and public corpus for those issues makes me wonder if anyone actually tests those thoroughly. It's already hard enough to track issues withing IM itself, I can't imagine what it would be for the fork to keep track of those issues, especially since upstream doesn't systematically request CVEs for issues that they find, a questionable practice considering the number of issues we all need to keep track of.


I have also worked on the Nagios package and produced DLA 751-1 which fixed two fairly major issues (CVE-2016-9565 and CVE-2016-9566) that could allow remote root access under certain conditions. Fortunately, the restricted permissions setup by default in the Debian package made both exploits limited to information disclosure and privilege escalation if the debug log is enabled.

This says a lot about how Debian packaging can help in limiting the attack surface of certain vulnerabilities. It was also "interesting" to have to re-learn dpatch to add patches to the package: I regret not converting it to quilt, as the operation is simple and quilt is so much easier to use. This reminded me that the number of patching systems historically used in Debian is just staggering...


I had already worked on the package in November and continued the work in December, thanks to Raphael, which fixed a lot of issues with the test suite. I tried to wrap this up by fixing the build on armel and the test suite. Unfortunately, I had to stop again because I ran out of hours and the fips test suite was still failing, but fortunately Raphael was able to complete the work with DLA-759-1.

As things stand now, the package is in better shape than in other suites as the test suite (Debian bug #806639) and autopkgtest (Debian bug #806207) are still not shipped in the sid or stable releases.

Other work

For the second time, I forgot to formally assign myself a package before working on it, which meant that I wasted part of my hours working on the monit package. Those hours, of course, were not billed to the project. I still spent some time reviewing mejo's patch to ensure it was done properly and it turned out we both made similar patches working independently, always a good sign.

As I reported in my preliminary November report, I have also triaged issues in libxml2, ntp, openssl and tiff.

Finally, I should mention my short review of the phpMyAdmin upload.

Other free software work

One reason why I had so much trouble getting paid work done in November is that I was busy with unpaid work...

A major time hole for me was trying to tackle the service, which had been offline since August when I started looking at the project in November. After a thorough evaluation of the available codebases, I figured the problem space wasn't so hard and it was worth trying to do a cleanroom implementation. The result is a tool called debmans.

It took, obviously, way longer than I expected, as I experimented with Python libraries I had been keeping an eye on for a while. For the commanline interface, I used the click library, which is really a breeze to use, but a bit heavy for smaller scripts. For a web search service prototype, I looked at flask, which was also very interesting, as it is light and simple enough to use that I could get started quickly. It also, surprisingly, fares pretty well in the global TechEmpower benchmarking tests.

Debmans is the first project for which I have tried the CII Best Practices Badge program, an interesting questionnaire to review best practices in software engineering. It is an excellent checklist for new and old projects I recommend everyone get familiar with.

I still need to complete my work on Debmans: as I write this, I couldn't get access to the new server the DSA team setup for this purpose. It was a bit of a frustrating experience to wait for all the bits to get into place while I had a product ready to test. In the end, the existing manpages maintainer decided to deploy the existing codebase on the new server while the necessary dependencies are installed and accesses are granted. There's obviously still a bunch of work to be done for this to be running in production so I have postponed all this work to January.

My hope is that this tool can be reused by other distributions, but after talking with Ubuntu folks, I am not holding my breath: it seems everyone has something that is "good enough" and that they don't want to break it...


I spent a good chunk of time giving a kick in the Monkeysign project, with the 2.2.2 release, which features contributions from two other developers, which may be a record.

I am especially happy to have adopted a new code of conduct - it has been an interesting process to adapt the code of conduct for such a relatively small project. Monkeysign is becoming a bit of a template on how to do things properly for my Python projects: documentation on including a code of conduct, support and contribution information, and so on.

LWN publishing

As you may have noticed if you follow this blog at all, I have started publishing articles for the LWN magazine, filed here under the lwn tag. It is a way for me to actually get paid for some of my blogging work that used to be done for free. Those reports, for example, take up a significant amount of my time and are done without being paid. Converting parts of this work into paid work is part of my recent effort to reduce the amount of time I spend on the computer.

An funny note: I always found the layout of the site to be a bit odd, until I looked at my articles posted there in a different web browser, which didn't have my normal ad blocker configuration. It turns out LWN uses ads, and Google ones at that, which surprised me. I definitely didn't want to publish my work under Google ads, and will never do so on this blog. But it seems fair that, since I get paid for this work, there is some sort of revenue stream associated with it. If you prefer to see my work without ads, you can wait for it to be published here or become a subscriber which allows you to get rid of the ads.

Debian packaging

I have added a few packages to the Debian archive:

  • magic-wormhole: easy file-transfer tool, co-maintained with Jamie Rollins
  • slop: screenshot tool
  • xininfo: utility used by teiler
  • teiler (currently in NEW): GUI for screenshot and screencast tools

I have also updated sopel and atheme-services.

Other work

Against my better judgment, I worked again on the borg project, this time to try and improve the documentation. I generated a surprising 18 commits of documentation during that time, mainly to fix display issues and streamline the documentation. My final attempt at refactoring the docs eventually failed, unfortunately, again reminding me of the difficulty I have in collaborating on that project.

Github also tells me that I have opened 19 issues in 14 different repositories in November, a mind-boggling number of projects if you ask me. I would like to particularly bring your attention to the linkchecker project which seems to be dead upstream and for which I am looking for collaborators in order to create a healthy fork.

Finally, I started working on reviving the stressant project and changing all my passwords, stay tuned for more!

Chris Lamb: My favourite books of 2016

31 December, 2016 - 01:51

Whilst I managed to read almost sixty books in 2016 here are ten of my favourites in no particular order.

Disappointments this year include Stewart Lee's Content Provider (nothing like his stand-up), Christopher Hitchens' And Yet (his best essays are already published) and Heinlein's Stranger in a Strange Land (great exposition, bizarre conclusion).

The worst book I finished, by far, was Mark Edward's Follow You Home.

Animal QC

Gary Bell, QC

Subtitled My Preposterous Life, this rags-to-riches story about a working-class boy turned eminent lawyer would be highly readable as a dry and factual account but I am compelled to include it here for its extremely entertaining style of writing.

Full of unsurprising quotes that take one unaware: would you really expect a now-Queen's Counsel to "heartily suggest that if you find yourself suffering from dysentery in foreign climes you do not medicate it with lobster thermidor and a bottle of Ecuadorian red?"

A real good yarn.

So You've Been Publically Shamed

Jon Ronson

The author was initially recommended to me by Brad but I believe I started out with the wrong book. In fact, I even had my doubts about this one, prematurely judging from the title that it was merely cashing-in on a fairly recent internet phenomenon — like his more recent shallow take on Trump and the alt-Right — but in the end I read Publically Shamed thrice in quick succession.

I would particularly endorse the audiobook version: Ronson's deadpan drawl suits his writing perfectly.

The Obstacle is the Way

Ryan Holiday

Whilst everyone else appears to be obligated to include Ryan's recent Ego is the Enemy in their Best of 2016 lists I was actually taken by his earlier "introduction by stealth" to stoic philosophy.

Certainly not your typical self-help book, this is "a manual to turn to in troubling times".

Returning to this work at least three times over the year — even splashing out on the audiobook at some point — I feel like I learned a great deal, although it is now difficult to pinpoint exactly what. Perhaps another read in 2017 is thus in order…

Layer Cake

J.J. Connolly

To judge a book in comparison to the film is to do both a disservice, but reading the book of Layer Cake really underscored just how well the film played to the strengths of that medium.

All of the aspects that would not have worked had been carefully excised from the screenplay, ironically leaving more rewarding "layers" for readers attempting the book. A parallel adaption here might be No Country for Old Men - I would love to read (or write) a comparative essay between these two adaptions although McCarthy's novel is certainly the superior source material.


Sam Harris

I've absorbed a lot of Sam Harris's œuvre this year in the form of his books but moreover via his compelling podcast. I'm especially fond of Waking Up on spirituality without religion and would rank that as my favourite work of his.

Lying is a comparatively short read, more of a long essay in fact, where he argues that we can radically simplify our lives by merely telling the truth in situations where others invariably lie. Whilst it would take a brave soul to adopt his approach his case is superlatively well-argued and a delight to read.

Letters from a Stoic


Great pleasure is to be found not only in keeping up an old and established friendship but also in beginning and building up a new one.

Reading this in a beautifully svelte hardback, I tackled a randomly-chosen letter per day rather than attempting to read it cover-to-cover. Breaking with a life-long tradition, I even decided to highlight sections in pen so I could return to them at ease.

I hope it's not too hackneyed to claim I gained a lot from "building up" a relationship with this book. Alas, it is one of those books that is too easy to recommend given that it might make one appear wise and learned, but if you find yourself in a slump, either in life or in your reading habits, it certainly has my approval.

Solo: A James Bond Novel

William Boyd

I must have read all of the canonical Fleming novels as a teenager and Solo really rewards anyone who has done so. It would certainly punish anyone expecting a Goldeneye or at least be a little too foreign to be enjoyed.

Indeed, its really a pastiche of these originals, both in terms of the time period, general tone (Bond is more somber; more vulnerable) and in various obsessions of Fleming's writing, such as the overly-detailed description of the gambling and dining tables. In this universe, 007's restaurant expenses probably contributed signifcantly to the downfall of the British Empire, let alone his waistline.

Bond flicking through a ornithological book at one point was a cute touch…

The Subtle Art of Not Giving A F*ck

Mark Manson

Certainly a wildcard to include here and not without its problems, The Subtle Art… is a curious manifesto on how to approach life. Whilst Manson expouses an age-old philosophy of grounding yourself and ignoring the accumulation of flatscreen TVs, etc. he manages to do so in a fresh and provocative "21st-centry gonzo" style.

Highly entertaining, at one point the author posits an alternative superhero ("Disappointment Panda") that dishes out unsolicited and uncomfortable truths to strangers before simply walking away: "You know, if you make more money, that’s not going to make your kids love you," or: "What you consider friendship is really just your constant attempts to impress people."


The Fourth Protocol

Frederick Forsyth

I have a crystal-clear memory from my childhood of watching a single scene from a film in the dead of night: Pierce Brosnan sets a nuclear device to detonate after he can get away but a double-crossing accomplice surreptitiously brings the timetable forward in order that the bomb also disposes of him…

Anyway, at some point whilst reading The Fourth Protocol it dawned on me that this was that book. I might thus be giving the book more credit due to this highly satisfying connection but I think it stands alone as a superlative political page-turner and is still approachable outside the machinations of the Cold War.

The Partner

John Grisham

After indulging in a bit too much non-fiction and an aborted attempt at The Ministry of Fear, I turned to a few so-called lower-brow writers such as Jeffrey Archer, etc.

However, it was The Partner that turned out to be a real page-turner for somewhat undefinable reasons. Alas, it appears the rest of the author's output is unfortunately in the same vein (laywers, etc.) so I am hesitant to immediately begin others but judging from various lists online I am glad I approached this one first.

Shogun: The First Novel of the Asian saga

James Clavell

Despite its length, I simply couldn't resist returning to Shogun this year although it did fatigue me to the point that I have still yet to commence on its sequel, Tai-Pan.

Like any good musical composition, one is always rewarded by returning to a book and I took great delight in uncovering more symbolism throughout (such as noticing that one of the first words Blackthorne learns in Japanese is "truth") but also really savouring the tragic arcs that run throughout the novel, some beautiful phrases ("The day seemed to lose its warmth…") and its wistful themes of inevitability and karma.

Andreas Metzler: I am wondering …

30 December, 2016 - 23:37

I am wondering how many years it is going to take me to stop expecting snow below 2000m in December. This has now been the third year in a row with basically zero snow until christmas up to the top of the mountains around here. (And this year it is not going to change anymore, there might be a tiny bit of snow on January 3, but not enough to ride a board on.) I should have grown accustomed to it, but I have not managed yet, it still feels like a let-down.

some illustrations.

Shirish Agarwal: Mausaji, Samosaji

30 December, 2016 - 15:55

Mausaji, Never born — Never died, Always in the heart.

Dear Friends,

I have shared a few times that I had a privileged childhood. I never had led a hand-to-mouth existence but more than that I was privileged to have made the acquaintance of ‘Jaipur wale Mausaji’ while I was very young. I have been called miserly by my cousin sisters whenever they write letters to me and I don’t answer simply because whatever I feel for them, words feel inadequate and meaningless. The same thing applies in this as well. I am sharing few bits here as there are too many memories of a golden past which will not let me go till I have shared a few of them.

First let me start by sharing the relation I had with him. By relation he was my mother’s-sister’s husband. In English, he would probably be termed as ‘Maternal Uncle’ although he was much more than that. My one of the first remembrances of him was during ‘Madhu Didi’s ‘ Shaadi (marriage). Madhu Didi is uncle’s daughter and I would have been a impish 4-5 year old at the time. This was the first time I was gonna be part of ‘The Great North Indian Wedding’ and I didn’t know what was in store for me as I had grown in Pune.

I remember finishing my semester tests and mummy taking me to Pune Station. I was just excited that I would be travelling somewhere and had no clue what would be happening. We landed in Agra, took another train and landed in Jaipur in the middle of the night at their home at Sangram Colony.

While I had known few of the cousins, I was stumped to see so many cousins jumping out of everywhere. The look on my face was one of stupefaction and surprise . The only thing which would closely resemble that would be Bilbo’s 111st Birthday party in Lord of the Rings (Part 1). In fact, by a curious quirk/twist of fate, I came to know of a Naniji or somebody like that who by relation was far elder to me, while she was either my age or below my age. As was customary, had to bow down sheepishly.

As a somewhat alone boy, to be thrown in this rambunctious bunch and be the babe in the woods, I was quickly chopped and eaten up but had no complaints. I would get into trouble onto a drop of a hat. While Mausiji would threaten me, Mausaji would almost always defend me. While Mausiji could see through me, the twinkle in Mausaji’s eyes used to tell me that while he knew what I was upto, for reasons unknown, he would always defend me.

Mausaji’s Sangram Colony’s house became my cricket ground, football ground and all and any ground to play and be. Mausaji and his brothers used to live near each other and the lane they had, had hardly any vehicles on it, so all the cousins could play all they want with me being the longest, perhaps unconsciously trying either to make for lost time or knowing/unknowing this was too good to last. Today’s Pokemon generation might not be able to get it but that’s alright.

They also had a beautiful garden where Mausiji used to grow vegetables. While playing, we sometimes used to hurt her veggies (unconsciously) or just have shower with the garden hose. Mausaji used to enjoy seeing our antics. One of the relatives even had a dog who used to join in the fun sometimes. When mummy and Mausiji expressed concern about the dog biting, Mausaji would gently brush it aside.

One of the other things in Didi’s marriage is we got a whole lot of sweets. While Mausiji tried to keep us in check with sweets, both Manish Bhaiya and Mausaji used to secrete sweets from time to time. When I was hungry and used to steal food (can’t wait till the appointed time) either Bhaiya or Mausaji would help me with the condition I would have to take the blame if and when we got caught as we invariably did.

Mausaji’s house had a basement where all the secreted sweets and food used to get in. Both me and Manish Bhaiya would be there and we would have a riot in ourselves. We would enjoy the adrenaline when we were ‘stealing’ the food. As I was pretty young, I was crazy about the Tom and Jerry cartoons that used to come on Television that time. I and Bhaiya used to act like Jerry and/or his cronies while Mausiji would invariably be the Tom with Mausaji all-knowing about it but acting as a mere bystander. I remember him egging me for many of the antics I would do and get in trouble in but as shared would also be defended by him.

The basement was also when I was becoming a teenager where Manish Bhaiya showed me ‘his collection’ and we had a heart-to-heart about birds and bees. While whatever little I had known till that time was from school-friends and my peers at school and I didn’t know what was right or wrong. Bhaiya clarified lot of things, concepts which I was either clueless or confused about. When I look back now, it is possible that Mausaji might have instructed Bhaiya to be my tutor as I used to be somewhat angry and lash out by the confusing times.

As we used to go there for part of holidays, I remember doing all sorts of antics to make sure I would get an extra day, an extra hour to be there. I never used to understand why we had to go to meet the other relatives when all the fun I could have was right there only, couldn’t Mummy know/see that I used to enjoy the most here.

Mausaji was a ‘clothier’ as we understand the term today and a gentleman to the core. He was the co-owner of Rajputana Cloth Store in Jaipur. Many VIP’s as well as regular people used to visit him for getting clothes designed and stitched under his watchful eyes. I never saw him raise his voice against any of the personnel working under him and used to be a thorough gentleman to one and all. Later, as I grew up I came to know and see that people would phone up and just ask him to do the needful. He would get the right cloth, stitch it right and people used to trust him for that. He was such an expert on cloth and type of clothes, that by mere touch he could talk/share about what sort of cloth it is.

One of his passions was driving and from the money he had saved, he had got an Ambassador Car. Every day or every other day or whenever he felt like it, he used to take either the gang or me with mummy or me with anybody else. Each ride used to be an adventure in itself, with a start – beginning and an end. I always used to watch out for the car-rides as I knew we would get sweets or something as well as he would regale us with stories about a place here and there. There was a childlike curiosity and interest in him which was infectious to one and all.

The only weakness that he had was he liked to drink wine once in a while. When I was a kid, I was never able to give him company, only few years back, for the first time I was able to share wine with him which was also a memory I treasure. Those who know him closely knew the many up and downs that he went through, but as a gentleman he never let on the hurts he had or didn’t curse his fate or anything else that we do when things go bad from our perspective.

While there is much to write about him, it will not accomplish anything that is not known about him. I’ll add with the private joke that was between him and me. When I was little, I used to call him Mausaji, Samosaji for a) I liked Samosa and b) Samosa has a bit thick skin outside and underneath it’s all gravy. In reality though, he was butter all the way.

I miss you Mausaji and wish I could turn the clock back and come with Mummy to visit both Mausiji and you. I hope your new journey takes you to even further heights than this life. Savouring the memories – mummy and I, hope we meet you again in some new Avataar

Filed under: Miscellenous Tagged: #antics, #growing up, #holidays, #Manish Bhiaya, #Mausaji, #Sangram Colony

Russ Allbery: Review: Queen of Sorcery

30 December, 2016 - 08:38

Review: Queen of Sorcery, by David Eddings

Series: The Belgariad #2 Publisher: Del Rey Copyright: November 1982 Printing: March 1992 ISBN: 0-345-33565-1 Format: Mass market Pages: 322

Queen of Sorcery is the second book in the Belgariad, which is a "one story in five books" sort of series. You could probably take a chance on skipping Pawn of Prophecy, since it's not a very good book, but some parts of the story may be confusing without it.

We're now getting into the part of the series where I can start saying some nice things about it, so I should put that in context and not get expectations too high.

The Belgariad as a series is fully invested in the stock symbols and stereotypes of Tolkien-derivative fantasy. White is good; black is bad. West is good; east is bad. People are very neatly divided into countries, and national traits are exceptionally strong. The Murgos, the people who serve (although "under the thumb of" would be more accurate, Eddings doesn't spend much time thinking about the difference) the Big Bad of the series, are basically orcs, for all that they're theoretically human. With an unsympathetic reading, it's very easy to see the echos of the Yellow Peril in the war between the west and the east, including the standard trope of fractious, arguing, and diverse western kingdoms against a unified horde from the east. (To be fair, Eddings does undermine the unity a bit with the Nadraks later in the series, and my recollection is that the Mallorean, a follow-on series, undermines it even further.)

Given that, I've been trying to figure out why I had fond memories of this series and enjoyed this re-read, since that normally isn't my thing. There are a few elements that are best talked about in the context of the next book, but one element shows up here as the party of heroes, finishing their forced detour in Cherek, head south through Arendia. Eddings is aware that he's stereotyping each nation of people in this world and embraces it so thoroughly that it stops feeling like stereotypes and starts feeling more like a fable.

The Arends are a great example. Arendia is pure medieval fantasy world (even more so than the rest of this world). There are knights in castles, large forests reserved for noble hunting, and miserable serfs. The Arends, apart from the serfs, are full of tales of glory and honor, are impulsive and loyal to a fault, and are in the midst of a simmering internal war that's just barely not broken into open fighting. But the Arends know that they have an unhealthy obsession with honor, know that they constantly get themselves into trouble by being absolutist about honor and far too impulsive, and can't seem to help themselves. They bemoan the war while being apparently unable to do anything that would bring it to an end.

If you think of them as people, none of this makes much sense. If you think of them as talking animals in a fable, aware of their natures but still governed by them, it starts to strangely work. When they're isolated from their society by joining the protagonists' party (the early part of this series mostly involves collecting people, for reasons explained later in the series, while following the trail of a thief), the characters of Eddings's world start developing a bit more nuance and depth. But even then, it's more within the bounds that one would expect in a long fable, and falls a bit short of human growth. The lion might learn something from the badger, but the lion is still a lion.

With that frame, the first half of this book is rather entertaining. Eddings is taking the stereotype of the noble knight from a typical Arthurian romance and treating it like a class of animal in a fable, which I think is subtly delightful. There's even a doomed love triangle (a very chaste one, which is a reminder that this series was probably targeted at YA readers). The reader joins the primary characters in a sense of bemused exasperation. (Well, Garion takes the doomed love triangle much too seriously, but he's young).

Unfortunately, the second half of this book is not one of the finest moments in this series. It's mostly a duet of whining.

The first half of the whining comes from Garion, who finally discovers one of the many things about himself that's been obvious to the readers since the middle of the first book, and then promptly develops one of the worst cases of pathetic angst you'll encounter. The people who have been lying to him and keeping secrets from him are now all eager to teach him, which grates almost as much, whereas he's determined to never use his abilities. It makes me think the worst of absolutely everyone involved, and it all happens in one of the most depressing and disgusting settings of the book.

The second half of the whining comes from Ce'Nedra, who is by far my least favorite character of this series. She's intended to be an obnoxious, spoiled, imperious brat, and also runs headlong into gender roles in this series, which means she's a living mass of irritation and gender stereotypes, made worse by the fact that the protagonists mostly tolerate her and Garion's reactions to her nonsense are also whiny and obnoxious. It's not my favorite bit of reading. Ce'Nedra does get marginally better later in the series, but she's at her worst here, at the same time Garion is at his worst, which makes the last half of this book a real chore. The only real plus side is that the voice in the back of Garion's head gets a few great moments, but more on that in the next book where it starts playing a prominent role.

I should note here that Eddings isn't a complete disaster on gender in this series. There are a lot of unexamined stereotypes, but there are also a lot of examined ones, and it's obvious in places that he's trying. Polgara is a major character, women get some agency in this story, and they at least appear (which is never a given in Tolkien-derivative fantasy). But it's pretty obvious that gender roles start from a "men are from Mars, women are from Venus" set of expectations and then run into Eddings's general tendency to exaggerate all such divisions to fable levels, which in places isn't pretty.

And, well, there are all-female giggly dryads who have to capture men to reproduce and who have a euphoric reaction to chocolate. That's a thing that happens. So you may or may not want to agree with me about the completeness of the disaster. Adjust expectations accordingly.

If Queen of Sorcery had stuck with the tone of the first half of the book, I would say that it was doing something oddly interesting and showing some of the charm that made me want to re-read this series. Unfortunately, the second half of the book is a bit of a disaster, full of characters acting in ways that makes them very hard to like. Still, I plowed through this book in a couple nights of reading, so there's something here that draws one through the story. And the next book of the series is considerably better.

Followed by Magician's Gambit.

Rating: 6 out of 10

Philipp Kern: Automating the installation of Debian on z/VM instances

30 December, 2016 - 05:50
I got tired of manually fetching installation images via either FTP or by manually transferring files to z/VM to test s390x installs. Hence it was about time to automate it. Originally I wanted to instrument an installation via vmcp from another instance on the same host but I figured that I cannot really rely on a secondary instance when I need it and went the s3270/x3270-script way instead.

The resulting script isn't something I'm particularly proud of, especially as it misses error handling that really should be there. But this is not expect – instead you operate on whole screens of data and z/VM is not particularly helpful in telling you that you just completed your logon either. Anyway, it seems to work for me. It downloads the most recent stable or daily image if they are not present yet, uploads them via DFT to CMS and makes sure that the installation does not terminate when the script disconnects. Sadly DFT is pretty slow, so I'm stuck with 70 kB/s and about five minutes of waiting until kernel and initrd are finally uploaded. Given that installations themselves are usually blazingly fast on System z, I'm not too annoyed by that, though.

I previously wrote about a parmfile example that sets enough options to bring debian-installer to the point of a working network console via SSH without further prompting. It's a little unfortunate that s390-netdevice needs to be preseeded with the hardware addresses of the network card in all cases, even if only one is available. I should go and fix that. For now this means that the parmfile will be dependent on the actual VM system definition. With that in mind there is an example script in the same gist that writes out a parmfile and then calls the reinstall script mentioned above. Given that debian-installer now supports HTTPS (so far only in the daily images) you can even do a reasonably secure bootstrapping of the network console credentials and preseeding settings.

If you put this pretty generic preseed configuration file onto a securely accessible webserver and reference it from the parmfile, you can also skip the more tedious questions at the beginning of debian-installer. A secure transport is encouraged as preseed files can do anything to your installation process. Unfortunately it seems that there is no way to preseed SSH keys for the resulting installation yet, neither for the created user nor for root. So I haven't achieved my desired target of a fully automated installation just yet. Debian's Jenkins setup just went with insecure defaults, but given that my sponsored VMs are necessarily connected to the public Internet that seemed like a bad idea to me. I suppose one way out would be to IP/password ACL the preseed file. Another one to somehow get SSH key support into user-setup.

Sven Hoexter: Out of the comfort zone: OpenSuSE support for an ordinary user - f*ck my morals

29 December, 2016 - 23:31

A friend of mine choose for $reasons to install the latest OpenSuSE 42.2 release as his new laptop operating system. It's been a while that I had contact with the SuSE Linux distribution. Must be around 12 years or so. The unsual part here is that I've to support a somewhat eccentric, but mostly ordinary user of computers. And to my surprise it's still hard to just plug in your existing stuff and expect it work. I've done so many dirty things to this installation in the last three days, my system egineering heart is bleeding.

printing with a Canon Pixma iP100 printer

This is a small portable Canon printer, about four years old. It provides a decent quality and its main strength is that it's small and really portable. Sadly the gutenprint driver just pushes through a blank page. No ink wasted on it at all. So the only reasonable other choice was a four year old binary rpm package provided by Canon. It has a file dependency on "" which is no longer available in recent GNU/Linux distributions. So I cheated and

- unpacked the tarball
- installed the rpm from the "packages" folder
zypper install cnijfilter-common-3.70-1.x86_64.rpm cnijfilter-ip100series-3.70-1.x86_64.rpm
... and choose to ignore the missing file dependency on
ln -s /usr/lib64/ /usr/lib64/
- re-ran the ./ which registered the printer with cups and does whatever else
  magic is included in 1906 lines of shell.

To my surprise this driver still works and provides the expected quality. Though it's just a question of time until this setup will break. Be it an incompatible ABI change in libtiff or another lib in use by those Canon provided tools.

QGIS and gdal with ECW support

While the printer stuff is a rather common use case, having a map viewer for map files in the ECW format is the eccentric part. I found some hints on stackoverflow and subsequently that a non-free library is required and a specific build of gdal. Then QGIS should be able to work with ECW files. Lucky us there is at least a OpenSuSE repository for gdal and QGIS. So I did the following:

zypper addrepo
zypper install qgis

Then I had to download the non-free ECW SDK from - you'll and up with a '.bin' installer file. The installation process left me with "ERDAS-ECW_JPEG_2000_SDK-5.3.0" folder in my $HOME. I moved that one to /opt. Next step is adding the library to the ldconfig search path.

echo "/opt/ERDAS-ECW_JPEG_2000_SDK-5.3.0/Desktop_Read-Only/lib/x64/release/" > /etc/; ldconfig

Now it was "just" about rebuild gdal with ECW support. So I downloaded the required source packages with "zypper source-install gdal", edited the spec somewhere in "/usr/src/" to make the following modifications


added to the "./configure" invocation. And somewhere at the top we had to relax the requirement that all installed files have to be referenced inside the package.

%define _unpackaged_files_terminate_build 0

As a last step I had to "rpmbuild -ba" the package and force the installation via zypper once more, because this time we have a file depedency on the libecw stuff and it's obviously not listed in the rpm database. Last but not least I tried to put the gdal build on hold with

zypper addlock gdal libgdal20

to ensure it's not removed on the next update.

Other non-free tools

Beside of those two issues I had to install a range of other non-free tools, but currently they work without further issues or modifications. One is Teamviewer (i686 multiarch rpm) and the other one is XnViewMP. XnView is also able to show ECW files, but only the smaller ones. It crashes on bigger ones but that's also the case on Windows. Then there is also (required by some Italian map related websites) the ugly Adobe Flash Plugin for Firefox, but that one is sadly still a widespread issue. We also tried to try out the nvidia graphic drivers but at the moment we could only get the build in Intel card to work. Usually the preferred solution from my point of view but sometimes we see rendering glitches and I'm not sure if it's the driver or something else.

my personal take away

I hate to admit it but it's nothing extraordinary that was requested here. But still it took me the better part of two evenings to figure everything out. And even now it's not properly integrated and doomed to fail any day due to various updates and changes in the surounding ecosystem. I've full sympathy for every average user that would give up after two hours of research and try&error on this journey.

For the printer drivers I'm happy to blame Canon. The printer situation as a whole improved from my point of view during the last decade, but it's still a pain in the ass with the very short shelf life you usually see with consumer models.

For the ECW case one could discuss if it would be legally possible and helpful to do ugly dlopen() stuff to dynamcially load the shared libs. But then again someone has to make his hands dirty during the build and discussions about the legal use of header files will be the next chapter (hello Oracle). It's just ugly. Actually I know too little about the world of image formats to judge if someone has a good reason to keep this format commercial or not. From my personal point of view it's not useful and maybe even morally wrong.

Technically one could argue if it would make sense to keep a local copy of the gdal build in "/opt" and start QGIS with a modified library path to prefer the private gdal build. Not sure if that is any better. On the other hand there are evolving mechanism like flatpack that would ease the handling of such situations. Buth then again we would be catering non-free software. It feels a lot like giving up.

While my private working environment is except for firmware blobs free, I now created for someone a real "FrankenSuSE" to satisfy his everyday needs. On the one hand we now have another mostly satisfied user of a mostly free operating system. On the other hand that was only possible by adding a vast amount of non-free software. For sure we did not win the war, I'm not even sure if we've won a single battle here. It's just frustrating to see what is required to get someone up and running. With my personal attitude towards open source software it even feels wrong to invest so much time into fiddling with non-free components.

What is still missing

We currently lack an image viewer that allows us to print only a selection of an image, which is useful to print parts of a map. That usually works with XnView on Windows but does not work with the Linux version at the moment. I also tried gwenview and geeqie and had the same issue. Not sure if it's maybe a bug in XnView or one of the Qt parts (gwenview is also Qt based). I did not research that yet.

Reproducible builds folks: Reproducible Builds: week 87 in Stretch cycle

29 December, 2016 - 21:07

What happened in the Reproducible Builds effort between Sunday December 18 and Saturday December 24 2016:

Media coverage

100% Of The 289 Coreboot Images Are Now Built Reproducibly by Phoronix, with more details in German by

We have further reports on our Reproducible Builds World summit #2 in Berlin from Rok Garbas of NixOS as well as Clemens Lang of MacPorts

Debian infrastructure work

Dak now archives buildinfo files thanks to a patch from Chris Lamb. We also have mostly finalised a design of how they will be distributed by the Debian FTP mirror network which we will start implementing soon. This is great for the future of Debianb but unfortunately this also means that we won't have .buildinfo files for Stretch as Debian will not rebuild its source packages and because these binary packages currently in the archive were mostly built with dpkg > 1.18.11.

reprepro/5.0.0-1 has added support for dealing with .buildinfo files that are included in .changes files. (Closes: #843402)

Reproducible work in other projects

The Chromium project is now working on making their build process (mostly) deterministic.

Their motivation is to save both "[money] (less hardware is required) and developer time (reduced latency by having less work to do on the TS and CI)".

Unreproducible bugs filed Reviews of unreproducible packages

39 package reviews have been added, 75 have been updated and 44 have been removed in this week, adding to our knowledge about identified issues.

2 issue types have been updated:

Weekly QA work

During our reproducibility testing, some FTBFS bugs have been detected and reported by:

  • Adrian Bunk (1)
  • Chris Lamb (7)
  • Lucas Nussbaum (4)
diffoscope development

diffoscope 66 was uploaded to unstable by Chris Lamb. It included contributions from:

  • Emanuel Bronshtein:
    • Use ssh-keygen for comparing OpenSSH public keys
    • Use js-beautify as JavaScript code beautifier for .js files (with tests).
    • Many CSS & HTML improvements.
    • Change all HTTP URLs to HTTPS where applicable.
  • anthraxx:
    • Enable the use of ssh-keygen on Arch Linux.
  • Maria Glukhova:
    • Add detection of order-only difference in plain text format. (Closes: #848049)
    • Change icc-recognizing regexp to reflect changes in file type description. (Closes: #848814)
  • Chris Lamb:
    • Update tests for compatibility with enjarify >= 1.0.3. (Closes: #849142)
    • When skipping tests because the version of an external is too low, print the detected version.
    • Avoid unpacking packages twice when comparing .changes. (Closes: #843531)
    • Add a simple profiling framework (enabled via --profile).
    • Various code quality and reliability improvements.
    • Document how to sign PyPI uploads.
strip-nondeterminism development

strip-nondeterminism 0.029-1 was uploaded to unstable by Chris Lamb. It included no new content from this week, but rather included contributions from previous weeks.

reproducible-website development

The website is now also accessible via the URL.

  • Clemens Lang:
    • Add the definition of "reproducible", as drafted at the reproducible builds world summit in Berlin. Thanks to all participants in the sessions that worked these out!
  • Valerie R Young:
    • Force ordering of titles.
    • Various formatting improvements.
  • Holger Levsen:
  • Chris Lamb:
    • Various usability, style and wording improvements.
    • Add Debconf15, Skroutz.gz and MiniDebconfCambridge15 talks to resouces page.
  • We changed the data storage backend from a single sqlite3 database file (651 MB) to a PostgreSQL database. With this change we'll be able to scale a lot more and add testing of the arm64 architecture.
    • Valerie Young wrote most of the code, Mattia Rizzolo reviewed and helped improve the code and Holger deployed it and found some minor bugs which have been fixed.
  • We are now testing the arm64 architecture for all packages on all suites, arranged by Holger. Many thanks to codethink for providing us with access to eight 8-core arm64 machines with 64GB memory, which allows us to rebuild Debian very fast!

This week's edition was written by Ximin Luo, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC and the mailing lists.

Arturo Borrero González: My FLOSS activity in 2016

29 December, 2016 - 18:30

The year 2016, which is about to end, has been full of work and contributions to the FLOSS comunity.

Most of my focus goes to two important projects: Debian and Netfilter. This is no coincidence, since my main interests in the IT world are systems and networks.

Some numbers (no exhaustive count):

  • Netfilter patches/commits: ~60 contributions
  • Netfilter docs/wiki: ~20 contributions
  • Debian patches/commits: ~200 contributions
  • Debian package uploads: ~30 uploads (also some sponsored uploads)
  • Debian package maintenance: ~10 packages
  • Number of non-technical people migrated to linux: 2!!

I would like to note that most of my work is done in my spare time, and nobody is paying for it (with the exeption of the Suricata debian package).

My expectation for 2017 is to continue in this line, learn more and increment the quality of my contributions.

I’m especially proud of the the non-technical people who migrated to desktop linux due to my help. I’m targeting 2 or 3 more friends and relatives for 2017.

So, goodbye 2016! Exciting 2017 ahead.


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้