Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 2 hours 53 min ago

Markus Koschany: My Free Software Activities in January 2017

5 February, 2017 - 04:26

Welcome to Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games
  • In January 2017 we had the last chance to get new upstream releases into the next stable release of Debian 9 aka Stretch. Hence I packaged new versions of pygame-sdl2, renpy, fife, unknown-horizons, redeclipse and redeclipse-data and also backported Red Eclipse to Jessie.
  • I uploaded fifechan to unstable and applied an upstream patch to fix a segmentation fault (#852247) in Unknown Horizons.
  • Package cleanups and improvements: freeorion (#843538), I enabled support for mips64el again; I tidied up gtkatlantic, powermanga, lincity-ng, opencity and tecnoballz; I applied a patch from Reiner Herrman to make the build of netpanzer reproducible (#827150); In spring I changed the build-dependency of asciidoc to asciidoc-base (#850387) although it turned out later that this wasn’t strictly needed. I also removed ConvertUTF8 related code from spring because it might be non-free. I don’t think this is necessarily true but I didn’t want to argue with Lintian in this case.
  • I sponsored a new upstream release of pentobi for Juhani Numminen.
  • I backported minetest 0.4.5 to jessie-backports and fixed #851114, which I think was not really an issue since we already provide the font sources in Debian and Minetest depends on the respective package.
  • I triaged RC bug #847812 in pysolfc, provided a patch and reassigned the issue to src:pillow. Apparently this affected a lot more 32 bit applications written in Python.
Debian Java Debian LTS

This was my eleventh month as a paid contributor and I have been paid to work 12,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 16. January until 22. January I was in charge of our LTS frontdesk. I triaged security issues in imagemagick, wordpress, hesiod, opus, mysql-5.5, netbeans, groovy and zoneminder.
  • DLA-779-1. Issued a security update for Tomcat 7 fixing 1 CVE and a regression when running Tomcat with SecurityManager enabled.
  • DLA-761-2. Issued a regression update for python-bottle. (Debian bug #850176).
  • DLA-781-1 and DLA-781-2. Issued a security update for Asterisk fixing 2 CVE after I had prepared the package last month. Later Brad Barnett discovered a regression when using SIP communication and provided assistance with debugging the issue. I corrected this one in DLA-781-2.
  • DLA-792-1. Issued a security update for libphp-swiftmailer fixing 1 CVE.
  • DLA-793-1. Issued a security update for opus fixing 1 CVE.
  • DLA-794-1. Issued a security update for groovy fixing 1 CVE.
  • DLA-797-1. Issued a security update for mysql-5.5 fixing 10 CVE. The update was prepared by Lars Tangvald.
  • DLA-813-1. Issued a security update for wordpress fixing 9 CVE.
  • In xarchiver (#850103) I added binutils to the list of suggested packages, in  iftop (#850040) I applied a patch from Brian Russell and I packaged a new upstream release of mediathekview, a Java application to watch and download broadcasts from German television stations. I had to make some major packaging changes because the build system switched from Ant to Gradle but there were fewer issues than expected.

Chris Lamb: The ChangeLog #237: Reproducible Builds and Secure Software

5 February, 2017 - 03:39

I recently appeared on the Changelog podcast to talk about the Reproducible Builds project:

Whilst I am an avid podcast listener, this was actually my first podcast appearance. It was an curious and somewhat disconcerting feeling to be "just" talking to Adam and Jerod in the moment yet knowing all the time that anything and everything I said would be distributed more widely in the future.

Ross Gammon: My Monthly Update for January 2017

5 February, 2017 - 00:55

It has been a quiet start to the year due to work keeping me very busy. Most of my spare time (when not sitting shattered on the sofa) was spent resurrecting my old website from backups. My son had plenty of visitors coming to visit as well, which prompted me to restart work on my model railway in the basement. Last year I received a whole heap of track, and also a tunnel formation from a friend at work. I managed to finish the supporting structure for the tunnel, and connect one end of it to the existing track layout. The next step (which will be a bit harder) is to connect the other end of the tunnel into the existing layout. The basement is one of the favourite things for me to keep my son and his friends occupied when there is a visit. The railway and music studio are very popular with the little guests.

  • Packaged latest Gramps 4.2.5 release for Debian so that it will be part of the Stretch release.
  • Package latest abcmidi release so it too would be part of Stretch. The upstream author had changed his website, so it took a while to locate a tarball.
  • Tested my latest patches to convert to Qt5, but found another Qt4 – Qt5 change to take into account (SIGNAL function). I ran out of time to fully investigate that one, before Creepy was booted out of testing again. I am seriously considering the removal of from Debian, as the upstream maintainer does not seem very active any more, and I am a little tired of being upstream for a project that I don’t actually use myself. It was only because it was a reverse dependency of osm-gps-map that I originally got involved.
  • Started preparing a Gramps 5.2.5 backport for Jessie, but found that the tests I enabled in unstable were failing in the Jessie build. I need to investigate this further.
  • Announced the Ubuntu Studio 16.02.2 point release date on the Ubuntu Studio mailing lists asking for testers. The date subsequently got put back to February the 9th.
  • Upgraded my Ubuntu Studio machine from Wily to Xenial.
  • Resurrected my old Drupal Gammon One Name Study website. I used Drupal VM to get the site going again, before transferring it to the new webhost. It was originally a Drupal 7 site, and I did not have the required versions of Ansible & Vagrant on my Ubuntu Xenial machine, so the process was quite involved. I will blog about that separately, as it may be a useful lesson for others. As part of that, I started on a backport of vagrant, but found a bug which I need to follow up on.
  • Also managed to extract my old WordPress blog posts from the same machine that had the failed Drupal instance, and import them into this blog. I also learnt some stuff in that process that I will blog about at some point.
Plan status from last month & update for next month Debian

Before the 5th February 2017 Debian Stretch hard freeze I hope to:

For the Debian Stretch release:


  • Finish the Gramps 5.2.5 backport for Jessie.
  • Package all the latest upstream versions of my Debian packages, and upload them to Experimental to keep them out of the way of the Stretch release.
  • Begin working again on all the new stuff I want packaged in Debian.
  • Finish the ubuntustudio-lightdm-theme, ubuntustudio-default-settings transition including an update to the ubuntustudio-meta packages. – Still to do (actually started today)
  • Reapply to become a Contributing Developer. – Still to do
  • Start working on an Ubuntu Studio package tracker website so that we can keep an eye on the status of the packages we are interested in. – Started
  • Start testing & bug triaging Ubuntu Studio packages. – Still to do
  • Test Len’s work on ubuntustudio-controls – Still to do
  • Try and resurrect my old Gammon one-name study Drupal website from a backup and push it to the new GoONS Website project. – Done
  • Give JMRI a good try out and look at what it would take to package it. – In progress
  • Also look at OpenPLC for simulating the relay logic of real railway interlockings (i.e. a little bit of the day job at home involving free software – fun!).

Jonathan Dowland: Blinkenlights, part 2

5 February, 2017 - 00:17

To start with configuring my NAS to use the new blinkenlights, I thought I'd start with a really easy job: I plug in my iPod, a script runs to back it up, then the iPod gets unmounted. It's one of the simpler jobs to start with because the iPod is a simple block device and there's no encryption in play. For now, I'm also going to assume the LED Is going to be used exclusively for this job. In the future I will want many independent jobs to perhaps use the LED to signal things and figuring out how that will work is going to be much harder.

I'll skip over the journey and go straight to the working solution. I have a systemd job that is used to invoke a sync from the iPod as follows:

ExecStart=/bin/mount /media/ipod
ExecStart=/usr/local/bin/blinkstick --index 1 --limit 10 --set-color 33c280
ExecStart=/usr/bin/rsync ...
ExecStop=/bin/umount /media/ipod
ExecStop=/usr/local/bin/blinkstick --index 1 --limit 10 --set-color green



/media/ipod is a classic mount configured in /etc/fstab. I've done this rather than use the newer systemd .mount units which sadly don't give you enough hooks for running things after unmount or in the failure case. This feels quite unnatural, much more "systemdy" would be to Requires= the mount unit, but I couldn't figure out an easy way to set the LED to green after the unmount. I'm sure it's possible, but convoluted.

The first blinkstick command sets the LED to a colour to indicate "in progress". I explored some of the blinkstick tool's options for a fading or throbbing colour but they didn't work very well. I'll take another look in the future. After the LED is set, the backup job itself runs. The last blinkstick command, which is only run if the previous umount has succeeded, sets the LED to indicate "safe to unplug".

The WantedBy here instructs systemd that when the iPod device-unit is activated, it should activate my backup service. I can refer to the iPod device-unit using this name based on the partition's UUID; this is not the canonical device name that you see if you run systemctl but it's much shorter and crucially its stable, the canonical name depends on exactly where you plugged it in and what other devices might have been connected at the same time.

If something fails, a second unit blinkstick-fail.service gets activated. This is very short:

ExecStart=/usr/local/bin/blinkstick --index 1 --limit 50 --set-color red

This simply sets the LED to be red.

Again it's a bit awkward that in 2 cases I'm setting the LED with a simple Exec but in the third I have to activate a separate systemd service: this seems to be the nature of the beast. At least when I come to look at concurrent jobs all interacting with the LED, the failure case should be simple: red trumps any other activity, user must go and check what's up.

Thorsten Alteholz: My Debian Activities in January 2017

4 February, 2017 - 23:27

FTP assistant

This month I only marked 146 packages for accept and rejected 25 packages. I only sent 3 emails to maintainers asking questions.

Nevertheless I could pass a big mark. All in all I accepted more than 10000 packages now!

Debian LTS

This was my thirty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 12.75h. During that time I did uploads of

  • [DLA 805-1] bind9 security update for three CVEs
  • [DLA 806-1] zoneminder security update for one CVE

Unfortunately the upload of jasper had to be postponed, as there is no upstream fix for most of the open CVEs yet.
I also suggested to mark th slum-llnl CVE as , as the patch would be too invasive. Further I did another week of frontdesk work.

Last but not least I took care of about 140 items of the TODO list[1]. Ok, it was not that much work, but the enormous number is impressing :-). I also had a look at [2] and filed bugs against two packages. Within hours the maintainers responded to that bugs, clarified everything to mark the CVEs as not-affected and nobody has to care about them anymore. This is a good example of how the knowledge of the maintainer can help the security teams! So, if you have some time left, have a look at [3] and take care of something.


Other stuff

This month I sponsored a new round of sidedoor and printrun. After advocating Dara Adib to become Debian Maintainer, I hope my activities as sponsor can be reduced again :-).

Further I uploaded another version of setserial, but as you can see in #850762 it does not seem to satisfy everybody. I also uploaded new upstream versions of duktape and pipexec.

As I didn’t do any DOPOM in December I adopted two packages in January: pescetti and salliere. I dedicate those uploads to my aunt Birgit, who was a passionate bridge player. You will never be forgotten.

Niels Thykier: The stretch freeze is coming

4 February, 2017 - 20:53

The soft freeze has been on going for almost a month now and the full stretch freeze will start tomorrow night (UTC).  It has definitely been visible in the number of unblock requests that we have received so far.  Fortunately, we are no where near the rate of the jessie freeze.  At the moment, all unblock requests are waiting for the submitter (either for a clarification or an upload).

Looking at stretch at a glance (items are in no particular order):

Secure boot support

Currently, we are blocked on two items:

  • We do not have signing done yet for the boot packages (not even manual signing).
  • Our shim is not yet signed, so no hardware would be trusting our boot chain out of the box.

After they are done, we are missing a handful of uploads to provide a signed bootloader etc. plus d-i and some infrastructure bits need to be updated. At the moment, we are waiting for a handful of key people/organisations to move on their part. As such, there is not a lot you can do to assist here (unless you are already involved in the work).
On the flip side, if both of these items are resolved soon, there is a good chance that we can support secure boot in stretch.See bug#820036 and blockers for more information on the remaining items.

Where can you help with the release?

At the moment, the best you can do is to:

  • Test (packages, upgrades, etc.) and report bugs
  • File bugs against release-notes for issues that should be documented
  • Fix RC bugs (please see the next section)


Release Critical Bug report

The UDD bugs interface currently knows about the following release critical bugs:

  • In Total: 1148 (Including 193 bugs affecting key packages)
    • Affecting stretch: 294 (key packages: 158)
      That’s the number we need to get down to zero before the release. They can be split in two big categories:

      • Affecting stretch and unstable: 232 (key packages: 134)
        Those need someone to find a fix, or to finish the work to upload a fix to unstable:

        • 30 bugs are tagged ‘patch’. (key packages: 21)
          Please help by reviewing the patches, and (if you are a DD) by uploading them.
        • 17 bugs are marked as done, but still affect unstable. (key packages: 5)
          This can happen due to missing builds on some architectures, for example. Help investigate!
        • 185 bugs are neither tagged patch, nor marked done. (key packages: 108)
          Help make a first step towards resolution!
      • Affecting stretch only: 62 (key packages: 24)
        Those are already fixed in unstable, but the fix still needs to migrate to stretch. You can help by submitting unblock requests for fixed packages, by investigating why packages do not migrate, or by reviewing submitted unblock requests.

        • 36 bugs are in packages that are unblocked by the release team. (key packages: 14)
        • 26 bugs are in packages that are not unblocked. (key packages: 10)

Filed under: Debian, Release-Team

Holger Levsen: Going to FOSDEM after switching away from Debian

4 February, 2017 - 03:21

So last weekend I attended in Brno and together with Dennis Gilmore gave a talk about Reproducible Builds and Fedora (Slides) which was fun and - I think - pretty well received.

Then on the following Tuesday, so three days ago, after using Debian as the primary OS on my primary computer for more than two decades, I finally made the long anticipated switch and I must say, so far I'm really happy with my new environment, even though I'm not yet again using a tiled window manager (but instead Xfce), cannot yet do all the things I could do before and even have to reconfigure a VM twice and restart another to get back wireless network after suspend and resume…

So what have I done? Nothing too dramatic: I've switched to Qubes OS and now I'm running Debian jessie and stretch and Fedora and Whonix on my primary computer, just not as my primary OS

IOW: hardware is basically software and while I want the red pill, who knows what's really inside the box?

If you have no idea what I'm talking about, this intro about Qubes OS might be helpful. Or you dive directly into this six year old post, where Joanna Rutkowska described how she partitioned her digital life using Qubes.

I'm not sure where this journey will lead me to, but I'm confident this is the right direction. And in case you wondered, I'll keep working on Debian, as far as I know now

Benjamin Mako Hill: New Dataset: Five Years of Longitudinal Data from Scratch

4 February, 2017 - 03:01

Scratch is a block-based programming language created by the Lifelong Kindergarten Group (LLK) at the MIT Media Lab. Scratch gives kids the power to use programming to create their own interactive animations and computer games. Since 2007, the online community that allows Scratch programmers to share, remix, and socialize around their projects has drawn more than 16 million users who have shared nearly 20 million projects and more than 100 million comments. It is one of the most popular ways for kids to learn programming and among the larger online communities for kids in general.

Front page of the Scratch online community ( during the period covered by the dataset.

Since 2010, I have published a series of papers using quantitative data collected from the database behind the Scratch online community. As the source of data for many of my first quantitative and data scientific papers, it’s not a major exaggeration to say that I have built my academic career on the dataset.

I was able to do this work because I happened to be doing my masters in a research group that shared a physical space (“The Cube”) with LLK and because I was friends with Andrés Monroy-Hernández, who started in my masters cohort at the Media Lab. A year or so after we met, Andrés conceived of the Scratch online community and created the first version for his masters thesis project. Because I was at MIT and because I knew the right people, I was able to get added to the IRB protocols and jump through the hoops necessary to get access to the database.

Over the years, Andrés and I have heard over and over, in conversation and in reviews of our papers, that we were privileged to have access to such a rich dataset. More than three years ago, Andrés and I began trying to figure out how we might broaden this access. Andrés had the idea of taking advantage of the launch of Scratch 2.0 in 2013 to focus on trying to release the first five years of Scratch 1.x online community data (March 2007 through March 2012) — most of the period that the codebase he had written ran the site.

After more work than I have put into any single research paper or project, Andrés and I have published a data descriptor in Nature’s new journal Scientific Data. This means that the data is now accessible to other researchers. The data includes five years of detailed longitudinal data organized in 32 tables with information drawn from more than 1 million Scratch users, nearly 2 million Scratch projects, more than 10 million comments, more than 30 million visits to Scratch projects, and much more. The dataset includes metadata on user behavior as well the full source code for every project. Alongside the data is the source code for all of the software that ran the website and that users used to create the projects as well as the code used to produce the dataset we’ve released.

Releasing the dataset was a complicated process. First, we had navigate important ethical concerns about the the impact that a release of any data might have on Scratch’s users. Toward that end, we worked closely with the Scratch team and the the ethics board at MIT to design a protocol for the release that balanced these risks with the benefit of a release. The most important features of our approach in this regard is that the dataset we’re releasing is limited to only public data. Although the data is public, we understand that computational access to data is different in important ways to access via a browser or API. As a result, we’re requiring anybody interested in the data to tell us who they are and agree to a detailed usage agreement. The Scratch team will vet these applicants. Although we’re worried that this creates a barrier to access, we think this approach strikes a reasonable balance.

Beyond the the social and ethical issues, creating the dataset was an enormous task. Andrés and I spent Sunday afternoons over much of the last three years going column-by-column through the MySQL database that ran Scratch. We looked through the source code and the version control system to figure out how the data was created. We spent an enormous amount of time trying to figure out which columns and rows were public. Most of our work went into creating detailed codebooks and documentation that we hope makes the process of using this data much easier for others (the data descriptor is just a brief overview of what’s available). Serializing some of the larger tables took days of computer time.

In this process, we had a huge amount of help from many others including an enormous amount of time and support from Mitch Resnick, Natalie Rusk, Sayamindu Dasgupta, and Benjamin Berg at MIT as well as from many other on the Scratch Team. We also had an enormous amount of feedback from a group of a couple dozen researchers who tested the release as well as others who helped us work through through the technical, social, and ethical challenges. The National Science Foundation funded both my work on the project and the creation of Scratch itself.

Because access to data has been limited, there has been less research on Scratch than the importance of the system warrants. We hope our work will change this. We can imagine studies using the dataset by scholars in communication, computer science, education, sociology, network science, and beyond. We’re hoping that by opening up this dataset to others, scholars with different interests, different questions, and in different fields can benefit in the way that Andrés and I have. I suspect that there are other careers waiting to be made with this dataset and I’m excited by the prospect of watching those careers develop.

You can find out more about the dataset, and how to apply for access, by reading the data descriptor on Nature’s website.

Marc 'Zugschlus' Haber: insecssh

4 February, 2017 - 01:52

Yes, You Should Not discard cached ssh host keys without looking. An unexpected change of an ssh host key is always a reason to step back from the keyboard and think. However, there are situations when you know that a systems’ ssh host key has changed, for example when the system reachable under this host name has been redeployed, which happens increasingly often proportionally to the devopsness of your environment, or for example in test environments.

Later versions of ssh offer you the ssh-keygen -R command line to paste from the error message, so that you can abort the connection attempt, paste the command and reconnect again. This will still ask for confirmation of the new host key though.

Almost every sysadmin has an alias or wrapper to make handling of this situation easier. Solutions range from using “StrictHostKeyChecking no” and/or “UserKnownHostsFile /dev/null”, turning off this layer of securit altogether either globally or usually too broadly, to more-or-less sophisticated solutions that involve turning off know-host file hashing, parsing client output and/or grep-sed-awk magic. grml even comes with an insecssh script that is rather neat and that I used until I developed my own.

Later ssh versions (not including the 6.7 in Debian jessie, but the 7.4 in debian sid) do offer a -G command line option which will give access to configuration options after the complete client configurtion was processed. This will allow you to neatly get access to the actual hostname the ssh client will connect to. This can, in turn be used to obtain the IP address so that all traces of the host and its IP addresses can be removed from the known_hosts file before the actual connection is done.

The following script is the insecssh that I currently use. It only uses documented interfaces to the ssh client which I consider rather neat.


HOSTNAME=$(ssh -G “$@” | grep ‘^hostname ' | awk ‘{print $2}’)
while [ -n “$CNAME” ]; do
  CNAME=$(dig +short +search -t CNAME “$HOSTNAME”)
  if [ -n “$CNAME” ]; then
IP4ADDRESS=$(dig +short +search -t A “$HOSTNAME”)
IP6ADDRESS=$(dig +short +search -t AAAA “$HOSTNAME”)


[ -n “$HOSTNAME” ] && ssh-keygen -R “$HOSTNAME”
[ -n “$IP4ADDRESS” ] && ssh-keygen -R “$IP4ADDRESS”
[ -n “$IP6ADDRESS” ] && ssh-keygen -R “$IP6ADDRESS”

ssh -oStrictHostKeyChecking=no -oVisualHostKey=yes “$@”

Ugliness results from the necessity of following CNAMEs manually since there is - to my knowlegde (educate me!) - no command line utility that has the output simplicity and selection powers of dig which can automatically follow CNAMEs without relying on the recursor having the CNAME cached or not.

Use this script if you know that a host has changed its host key. It will first zap all knowledge of the previous host key from known_hosts and then invoke the ssh client with the given arguments from its command line, with options added so that you’ll see the new host key in random art and that you don’t need to manually confirm the new host key.

Jonathan Dowland: Blinkenlights!

3 February, 2017 - 22:35


Late last year, I was pondering how one might add a status indicator to a headless machine like my NAS to indicate things like failed jobs.

After a brief run through of some options (a USB-based custom device; a device pretending to be a keyboard attached to a PS/2 port; commandeering the HD activity LED; commandeering the PC speaker wire) I decided that I didn't have the time to learn the kind of skills needed to build something at that level and opted to buy a pre-assembled programmable USB thing instead, called the BlinkStick.

Little did I realise that my friend Jonathan McDowell thought that this was an interesting challenge and actually managed to design, code and build something! Here's his blog post outlining his solution and here's his code on github (or canonically)

Even thought I've bought the blinkstick, given Jonathan's efforts (and the bill of materials) I'm going to have to try and assemble this for myself and give it a go. I've also managed to borrow an Arduino book from a colleague at work.

Either way, I still have some work to do on the software/configuration side to light the LEDs up at the right time and colour based on the jobs running on the NAS and their state.

Sven Hoexter: chromium --enable-remote-extensions

3 February, 2017 - 20:31

From time to time I've to use chromium for creepy stuff like lifesize video sharing with document sharing. The document sharing requires a chromium extensions. Suddenly that stopped working today and I could not reinstall the extension. After trying a lot of stuff I had a look at the debian changelog and found out about:

chromium --enable-remote-extensions

See also #851927.

Dirk Eddelbuettel: RPushbullet 0.3.0

3 February, 2017 - 18:54

A major new update of the RPushbullet package is now on CRAN. RPushbullet interfacing the neat Pushbullet service for inter-device messaging, communication, and more. It lets you easily send alerts like the one to the to your browser, phone, tablet, ... -- or all at once.

This release owes a lot to Seth Wenchel who was instrumental in driving several key refactorings. We now use the curl package instead of relying on system() calls to the binary. We also switched from RJSONIO to jsonlite. A new helper function to create the required resourcefile was added, and several other changes were made as detailed below in the extract from the NEWS.Rd file.

Changes in version 0.3.0 (2017-02-03)
  • The curl binary use was replaced by use of the curl package; several new helper functions added (PRs #30, #36 by Seth closing #29)

  • Use of RJSONIO was replaced by use of jsonlite (PR #32 by Seth closing #31)

  • A new function pbSetup was added to aid creating the resource file (PRs #34, #37 by Seth and Dirk)

  • The package intialization was refactored so that non-loading calls such as RPushbullet::pbPost(...) now work (#33 closing #26)

  • The test suite was updated and extended

  • The Travis script was updated use

  • DESCRIPTION, and other files were updated for current R CMD check standards

  • Deprecated parts such as 'type=address' were removed, and the documentation was updated accordingly.

  • Coverage support was added (in a 'on-demand' setting as automated runs would need a Pushbullet API token)

Courtesy of CRANberries, there is also a diffstat report for this release.

More details about the package are at the RPushbullet webpage and the RPushbullet GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Petter Reinholdtsen: A day in court challenging seizure of for #domstolkontroll

3 February, 2017 - 17:10

On Wednesday, I spent the entire day in court in Follo Tingrett representing the member association NUUG, alongside the member association EFN and the DNS registrar IMC, challenging the seizure of the DNS name It was interesting to sit in a court of law for the first time in my life. Our team can be seen in the picture above: attorney Ola Tellesbø, EFN board member Tom Fredrik Blenning, IMC CEO Morten Emil Eriksen and NUUG board member Petter Reinholdtsen.

The case at hand is that the Norwegian National Authority for Investigation and Prosecution of Economic and Environmental Crime (aka Økokrim) decided on their own, to seizure a DNS domain early last year, without following the official policy of the Norwegian DNS authority which require a court decision. The web site in question was a site covering Popcorn Time. And Popcorn Time is the name of a technology with both legal and illegal applications. Popcorn Time is a client combining searching a Bittorrent directory available on the Internet with downloading/distribute content via Bittorrent and playing the downloaded content on screen. It can be used illegally if it is used to distribute content against the will of the right holder, but it can also be used legally to play a lot of content, for example the millions of movies available from the Internet Archive or the collection available from Vodo. We created a video demonstrating legally use of Popcorn Time and played it in Court. It can of course be downloaded using Bittorrent.

I did not quite know what to expect from a day in court. The government held on to their version of the story and we held on to ours, and I hope the judge is able to make sense of it all. We will know in two weeks time. Unfortunately I do not have high hopes, as the Government have the upper hand here with more knowledge about the case, better training in handling criminal law and in general higher standing in the courts than fairly unknown DNS registrar and member associations. It is expensive to be right also in Norway. So far the case have cost more than NOK 70 000,-. To help fund the case, NUUG and EFN have asked for donations, and managed to collect around NOK 25 000,- so far. Given the presentation from the Government, I expect the government to appeal if the case go our way. And if the case do not go our way, I hope we have enough funding to appeal.

From the other side came two people from Økokrim. On the benches, appearing to be part of the group from the government were two people from the Simonsen Vogt Wiik lawyer office, and three others I am not quite sure who was. Økokrim had proposed to present two witnesses from The Motion Picture Association, but this was rejected because they did not speak Norwegian and it was a bit late to bring in a translator, but perhaps the two from MPA were present anyway. All seven appeared to know each other. Good to see the case is take seriously.

If you, like me, believe the courts should be involved before a DNS domain is hijacked by the government, or you believe the Popcorn Time technology have a lot of useful and legal applications, I suggest you too donate to the NUUG defense fund. Both Bitcoin and bank transfer are available. If NUUG get more than we need for the legal action (very unlikely), the rest will be spend promoting free software, open standards and unix-like operating systems in Norway, so no matter what happen the money will be put to good use.

If you want to lean more about the case, I recommend you check out the blog posts from NUUG covering the case. They cover the legal arguments on both sides.

Pau Garcia i Quiles: Almost at FOSDEM. Video volunteers?

3 February, 2017 - 15:23

I am boarding my flight to Brussels to attend FOSDEM.

The Desktops DevRoom will be a blast again this year. While I have been in charge of it for 6? years already, the last two (since my twins) were born I had organized remotely and local duties were carried on by the Desktops DevRoom team (thank you Christophe Fergeau, Philippe Caseiro and others!).

I am anxious at meeting old friends again. I will be at the beer event today.
Video streaming will be available and thanks to the Video Team. If you want to help, please contact us in the mailing list, or directly at the devroom.

Also, this year will be the first for me using the job corner to recruit: my company (everis) is recruiting globally for many open positions. Drop us a mail at with your CV, desired position and location (we have direct presence in 13 countries and indirect in 40 countries) and I will make sure it reaches the right inbox.

intrigeri: First Tails beta release based on Stretch

3 February, 2017 - 06:44

Today, I have released the first beta for Tails 3.0, that will be the first version of Tails based on Debian 9 (Stretch).

Our automated test suite pretends it works pretty well and matches our safety expectations. I'm inclined to trust it. But as we learned after porting Tails to Squeeze, Wheezy and Jessie: quick, exploratory testing of pre-releases will not identify all the remaining regressions.

So this time I'm trying to change this narrative a bit. I have committed to provide security updates for the 3.0~ series, just like we do for stable versions of Tails. This was the only missing bit to make me feel comfortable asking my fellow Tails contributors to upgrade to Tails 3.0~beta1 for their daily usage.

I hope this helps us release a great Tails 3.0 on June 13… and a better Debian Stretch too: the more early users of Tails based on Stretch, the more chances they identify a few annoying regressions in Stretch before it's called stable :)

For details, see the official announcement.

Next step: FOSDEM. And then, back to organizing an event that aims at improving both social and technical aspects of Debian (to be announced in about a week, stay tuned); because the way we get organized and how power is distributed matter.

Steinar H. Gunderson: Not going to FOSDEM—but a year of Nageru

3 February, 2017 - 06:29

It's that time of the year :-) And FOSDEM is fun. But this year I won't be going; there was a scheduling conflict, and I didn't really have anything new to present (although I probably could have shifted around priorities to get something).

But FOSDEM 2017 also means there's a year since FOSDEM 2016, where I presented Nageru, my live video mixer. And that's been a pretty busy year, so I thought I'd do a live cap from high up above.

First of all, Nageru has actually been used in production—we did Solskogen and Fyrrom, and both gave invaluable input. Then there have been some non-public events, which have also been useful.

The Nageru that's in git right now is evolved considerably from the 1.0.0 that was released last year. diffstat shows 19660 insertions and 3543 deletions; that's counting about 2500 lines of vendored headers, though. Even though I like deleting code much more than adding it, the doubling (from ~10k to ~20k lines) represents a significant amount of new features:

1.1.x added support for non-Intel GPUs. 1.2.x added support for DeckLink input cards (through Blackmagic's proprietary drivers), greatly increasing hardware support, and did a bunch of small UI changes. 1.3.x added x264 support that's strong enough that Nageru has really displaced VLC as my go-to tool for just video-signal-to-H.264-conversion (even though it feels overkill), and also added hotplug support. 1.4.x added multichannel audio support including support for MIDI controllers, and also a disk space indicator (because when you run out of disk during production without understanding that's what happens, it really sucks), and brought extensive end-user documentation. And 1.5.x, in development right now, will add HDMI/SDI output, which, like all the previous changes, requires various rearchitecting and fixing.

Of course, there are lots of things that haven't changed as well; the basic UI remains the same, including the way the theme (governing the look-and-feel of the finished video stream) works. The basic design has proved sound, and I don't think I would change a lot if I were to design something like 1.0.0 again. As a small free software project, you have to pick your battles, and I'm certainly glad I didn't start out doing something like network support (or a distributed architecture in general, really).

So what's for the next year of Nageru? It's hard to say, and it will definitely depend on the concrete needs of events. A hot candidate (since I might happen to need it) is chroma keying, although good keying is hard to get right and this needs some research. There's also been some discussion around other concrete features, but I won't name them until a firm commitment has been made; priorities can shift around, and it's important to stay flexible.

So, enjoy FOSDEM! Perhaps I'll return with a talk in 2018. In the meantime, I'll preparing the stream for the 2017 edition of Fyrrom, and I know for sure there will be more events, more features and more experiences to be had. And, inevitably, more bugs. :-)

Vincent Fourmond: Extended dataset generation possibilities of QSoas

3 February, 2017 - 04:58
While the main focus of QSoas is the processing of experimental data, it also features commands to generate (calculate) datasets. The command generate-buffer creates a dataset of equally spaced points (you can change their number using the option /samples) between to limiting values, as below:

QSoas> generate-buffer -2 2

By default, the values are taken equal to . However, generate-buffer also takes an optional formula to directly set the values:

QSoas> generate-buffer -10 10 sin(x)

From version 2.0, it is possible to generate several datasets in a row using the /number option, and to color them using the /style option (but only since version 2.1). Each dataset is generated according to the formula, and number is a special number that starts at 0 and increases by 1 for each dataset. Here's what I used to generate the picture on the right:

QSoas> generate-buffer -2 2 sin(PI*x)**(number+1) /number=30 /style=red-to-blue
About QSoasQSoas is an open source data analysis program that focuses on flexibility and powerful fitting capacities. It is described in Fourmond, Anal. Chem., 2016, 88 (10), pp 5050–5052.

Shirish Agarwal: The $100 used laptop and getting riled up.

3 February, 2017 - 03:03

Lenovo-ThinkPad-T500 – Source – Wikimedia commons

I was reading a thread on phoronix where a student was sharing that it is or can be expensive to get even a used laptop and he shared his predicament and was hammered a bit for it to some going to the extent of questioning his life-choices.

While I’m not a student it still triggered something in me. I am not dirt poor but neither am I insanely rich. The same questions he has, similar questions I have had. While in his case he is probably in his early to late 20’s, I am pushing 40. Most of the money I make goes in for everyday purchases, veggies, house-rent, electricity, landline, broadband and cell phone bills. What little is left is most of the time kept for a rainy day as there is no Government pension.

From what I have heard and read on the web, in the west specifically in the States, if I buy a used laptop, I usually get a 6 months – 1 year warranty . Here, while you could get a used laptop for around INR 10k there is no warranty/guarantee, so I never get into that. It’s ‘buyer’s beware’ all the time.

For people who like/want FOSS or specifically something like Free DOS (like me), I had to wait for almost 6 years to get a model I was happy with, with the specs. I was ok with.

Was really lucky enough to get a Thinkpad T440 with 8 GB of RAM for around INR 80k/- with Free DOS.

The specs –

T440 Core I 5 (4300) / Dos (NEW MODEL)


Intel Core i5 – 4300M (2.5 GHz / 3 MB / 5 GT/s) / Intel QM87 Chipset / Integrated 802.11 n WIFI LAN + Bluetooth 4.0 / 8GB DDR III Memory (2 DIMM SLOT) / 500 GB SATA HDD @ 7200 RPM / 14.0 HDy / FPR / Dos / 2 USB , VGA Port , RJ 45 Port /GB LAN /Track Point with 5 button Glass Touch Pad /Stereo Speakers with Dolby Enhanced Audio / 6 Cell Battery /Approx 2.14KG/

While it is/was actually pretty expensive but then wanted something which can take a beating, deal with all the heat, noise and dust (specifically where I live, right in the middle of the city).

The reason I used the word lucky is that now there is no model in the T-series range which has FreeDOS on it. Of course, I hopefully will use it for another 4-5 years at the very least depending on how much it cooperates with me, I have heard that Thinkpads function for a long period of time even in dusty environments so banking on that.

What probably pissed me is the condensing note in the comment, how does he know what pressures an another individual might be in. It’s almost like saying “You are refugee because you made a wrong life choice” or something to that effect which again is stupid.

I actually feel/felt embarrassed to bring this up as I truly am lucky to be safe, secure, have food on the table, am able to sleep on a bed at night, have a workstation AND a laptop, have somewhat of a sound mind and a body which is able to move around without any hassles. Add to that, incredibly as it may sound, was also able to see another country for a few days

In relation to people being persecuted and having to run off to save their own lives or even people living on the streets, I am actually living in luxury. While I can’t go through life feeling guilty for all the good things that have happened with me, I do feel disgusted when I see some people put blinding statements like that.

One of the biggest reasons that GNU/Linux and Debian in particular gelled with me was that it’s incredibly flexible and generous. Nobody tells me which packages I should or shouldn’t have. I do right things, good, I do something wrong, an opportunity to learn and hopefully learn from my mistakes. In either case, one of the most forgiving kind of system to learn and hack on.

While speaking of mistakes, could somebody look at #849684 . It almost feels like a tennis match going between the maintainers concerned. While I don’t have the technical skills to ascertain who’s right and who is not, it would be nice if some cooler heads can make sense and see if a way could be found out. Can somebody help ?

Filed under: Miscellenous Tagged: #debian, #Life Choices, #Thinkpad440, laptop

Guido Günther: Debian Fun in January 2017

2 February, 2017 - 23:48
Debian LTS

November marked the 21st month I contributed to Debian LTS under the Freexian umbrella. I had 8 hours allocated which I used for:

  • the first half of a LTS front desk week
  • updating icedove 45.6.0 resulting in DLA-782-1 fixing 8 CVEs
  • releasing DLA-783-1 for XEN, the actual update was provided by credativ
  • testing the bind9 update prepared by Thorsten Alteholz
  • fixing 8 CVEs in imagemagick resulting in DLA-807-1.
  • work on recent qemu CVEs
Other Debian stuff
  • Usual bunch of libvirt and related uploads
  • Uploaded git-buildpackage 0.8.10 to to experimental and unstable fixing (among other things) a long standing bug when using multiple tarballs with filters and pristine-tar as well as making generated orig tarballs reproducible so one gets identical tarballs even without pristine-tar.
  • Ran a gbp import-dsc of unstable and filed bugs for cases where pristine-tar would not import the package. Started to look into git-apply errors.
Some other Free Software activites
  • libplanfahr: switched the example to python3 and made it parse arguments without date as "today":

    $ ./run python examples/ --when=21:00 Essen Gelsenkirchen
    Loaded provider de_db
    Start: Essen Hbf
    End: Gelsenkirchen Hbf
    Trip #1
           Start:     Essen Hbf
           Departure: 2017-02-02 21:18
           Delay:     0
           End:       Gelsenkirchen Hbf
           Arrival:   2017-02-02 21:26
           Delay:     0
           Switches:  0
    Trip #2
           Start:     Essen Hbf
           Departure: 2017-02-02 21:22
           Delay:     0
           End:       Gelsenkirchen Hbf
           Arrival:   2017-02-02 21:33
           Delay:     0
           Switches:  0
    Trip #3
           Start:     Essen Hbf
           Departure: 2017-02-02 21:44
           Delay:     0
           End:       Gelsenkirchen Hbf
           Arrival:   2017-02-02 21:52
           Delay:     0
           Switches:  0
  • Proposed a workaround to rbvmomi to massively speedup cloning under certain conditions when using CachedOVFDeployer

  • Proposed a fix to unbreak ansible's zypper module on first installations
  • Made ausroller use git-buildpackage from pypi on non Debian based distros
  • Made further progess on the Merkur board clones

Urvika Gola: Outreachy- Week 6 & 7 Progress

2 February, 2017 - 23:07

Working with Date, Calendar, SimpleDateFormat   in Android.

As I mentioned In my last blog, I would talk about how I used Calendar and Date classes for the user to designate silent mode by setting time constraints and weekdays, in Lumicall.

Date class to used to interpret dates as year, month, day, hour, minute, and second values.

I had to compare whether the current time falls between Start Time and End Time specified by the user. So that, silent mode can be enabled within that time frame.

I used Calendar Class to get the current hour in 24-Hour format and minute.

 Calendar now = Calendar.getInstance();

 int hour = now.get(Calendar.HOUR_OF_DAY);  

 int minute = now.get(Calendar.MINUTE);

Now, Since the user enters the Time in EditText Widgets, the values were retrieved as strings.
String hhStart, mmStart, hhEnd, mmEnd store these values from Edit text widgets.

To interpret these strings as a representation of a date and time, we need to parse it

A “Date” class object’s format looks like-

Since, I was only interested in fetching the HH:MM values, i.e the fourth field in the format,

To set and compare only the HH:MM values, Android provides lovely, SimpleDateFormat class to access the particular value we want in the Date object.
To access the year, use letter Y
To access the time zone, use letter z
To access the Hour and minute, we use letter H and m.

SimpleDateFormat simpleDateFormat= new SimpleDateFormat(“HH:mm”, Locale.ENGLISH);

Date currentTime = parseDate(hour + ":" + minute)

Date timeCompareOne = parseDate(hhStart +”:”+mmStart);  

Date timeCompareTwo = parseDate(hhEnd +”:”+mmEnd);

Rest everything in the date object are values set by default. Eg, Year 1970. Which we din’t set / access , hence did not change.

To check if the start time is before the current time. And the endtime is after the current time, 

if(timeCompareOne.before(currentTime) && timeCompareTwo.after(currentTime))


Switch on the silent mode;


Added a try catch block to handle the exception which will arise if the SimpleDateFormat.parse method is unable to parse the given Java String.

public Date parseDate(String date)  
return inputParser.parse(date);
catch (java.text.ParseException e)  
return new Date(0);  

Comparing Time? Done!
Now to check whether the selected weekday in the checkboxes matches the current week day,

Calendar calendar = Calendar.getInstance(); 

int day = calendar.get(Calendar.DAY_OF_WEEK); 

If it’s sunday, value returned by calendar.get(Calendar.DAY_OF_WEEK) is 1, if monday, 2 and so on..
Weekdays compared too!

Thanks for reading,


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้