Planet Debian

Subscribe to Planet Debian feed
Planet Debian - http://planet.debian.org/
Updated: 29 min 47 sec ago

Uwe Kleine-König: Installing Debian Stretch on an Omnia Turris

9 November, 2016 - 03:56

Recently I got "my" Omnia Turris and it didn't take long to replace the original firmware with Debian.

If you want to reproduce, here is what you have to do:

Open the case of the Omnia Turris, connect the hacker pack (or an RS232-to-TTL adapter) to access the U-Boot prompt (see Turris Omnia: How to use the "Hacker pack"). Then download the installer and device tree:

# cd /srv/tftp
# wget https://d-i.debian.org/daily-images/armhf/daily/netboot/vmlinuz
# wget https://d-i.debian.org/daily-images/armhf/daily/netboot/initrd.gz
# wget https://www.kleine-koenig.org/tmp/armada-385-turris-omnia.dtb

(The latter is not included yet in Debian, but I'm working on that.)

and after connecting the Omnia Turris's WAN to a dhcp managed network start it in U-Boot:

dhcp
setenv serverip 192.168.1.17
tftpboot 0x01000000 vmlinuz
tftpboot 0x02000000 armada-385-turris-omnia.dtb
tftpboot 0x03000000 initrd.gz
bootz 0x01000000 0x03000000:$filesize 0x02000000

With 192.168.1.17 being the IPv4 of the machine you have the tftp server running.

I suggest to use btrfs as rootfs because that works well with U-Boot. Before finishing the installation put the dtb in the rootfs as /boot/dtb.

To then boot into Debian do in U-Boot:

setenv mmcboot=btrload mmc 0 0x01000000 boot/vmlinuz\; btrload mmc 0 0x02000000 boot/dtb\; btrload mmc 0 0x03000000 boot/initrd.img\; bootz 0x01000000 0x03000000:$filesize 0x02000000
setenv bootargs console=ttyS0,115200 rootfstype=btrfs rootdelay=2 root=/dev/mmcblk0p1 rootflags=commit=5 rw
saveenv
boot

Known issues:

  • rtc doesn't work (workaround: mw 0xf10184a0 0xfd4d4cfa in U-Boot)
  • SFP and switch don't work, MAC addresses are random
  • wifi fails to probe

If you have problems, don't hesitate to contact me.

Jonathan Carter: A few impressions of DebConf 16 in Cape Town

9 November, 2016 - 03:01

DebConf16 Group Photo by Jurie Senekal.

DebConf16

Firstly, thanks to everyone who came out and added their own uniqueness and expertise to the pool. The feedback received so far has been very positive and I feel that the few problems we did experience was dealt with very efficiently. Having a DebConf in your hometown is a great experience, consider a bid for hosting a DebConf in your city!

DebConf16 Open Festival (5 August)

The Open Festival (usually Debian Open Day) turned out pretty good. It was a collection of talks, a job fair, and some demos of what can be done with Debian. I particularly liked Hetzner’s stand. I got to show off some 20 year old+ Super Mario skills and they had some fun brain teasers as well. It’s really great to see a job stand that’s so interactive and I think many companies can learn from them.

At #Debconf? Join the #HetznerSA #Supermariobros challenge and stand a chance to win a case of #Leagueofbeers pic.twitter.com/DpkOj6wmZb

— HetznerSA Careers (@HetznerCareers) July 2, 2016

The demo that probably drew the most attention was from my friend Georg who demoed some LulzBot Mini 3D Printers. They really seem to love Debian which is great!

LulzBot Mini #3Dprinters were on the scene at @DebConf Open Festival in South Africa. We’re powered by @debian! pic.twitter.com/AOBS64ZtiJ

— LulzBot (@lulzbot3D) July 13, 2016

DebConf (6 August to 12 August)

If I try to write up all my thoughts and feeling about DC16, I’ll never get this post finished. Instead, here as some tweets from DebConf that other have written:

@o0karen0o delivering today’s #DebConf16 keynote pic.twitter.com/hG1wD5MBhH

— Michael Banck (@mbanck) July 3, 2016

 

Great to see Sicelo Mhlongo speaking about issues using @debian in Swaziland #debconf16 pic.twitter.com/U6z7HA8zd5

— Neil McGovern (@nmcgovern) July 7, 2016

 

What happened at #DebConf16 yesterday? Sandstorm Principles talking about the freedom to choose #software #sandbox pic.twitter.com/ltYaw3dAmP

— Obsidian Systems (@obsidianza) July 5, 2016

 

All @DebConf end with similar feelings: we’re an incredible crowd working together for a incredibly important cause. https://t.co/DYuUWT5eKt

— Didier Raboud (@OdyX_) July 9, 2016

 

My congratulations to the #DebConf video team. As usual, they are doing an amazing work at #DebConf16
— Marcelo Santana (@mgsantana) July 8, 2016

Day Trip

We had 3 day trips:

Brought to you by

DebConf16 Orga Team.

See you in Montréal!

DebConf17 dates:

  • DebCamp:  31 July to 4 August 2017
  • DebConf: 6 August to 12 August 2017
  • More details on the DebConf Wiki.

The DC17 sponsorship brochure contains a good deal of information, please share it with anyone who might be interested in sponsoring DebConf!

Media

Dirk Eddelbuettel: anytime 0.1.0: New features, some fixes

8 November, 2016 - 08:24

A new release of anytime is now on CRAN following the four releases in September and October.

anytime aims to convert anything in integer, numeric, character, factor, ordered, ... format to POSIXct (or Date) objects -- and does so without requiring a format string. See the anytime page for a few examples.

Release 0.1.0 adds several new features. New functions utctime() and utcdate() parse to coordinated universal time (UTC). Several new formats were added. Digit-only formats like 'YYYYMMDD' with or without 'HHMMSS' (or even with fractional secodns 'HHMMSS.ffffff') are supported more thoroughly. Some examples:

R> library(anytime)
R> anytime("20161107 202122")   ## all digits
[1] "2016-11-07 20:21:22 CST"
R> utctime("2016Nov07 202122")  ## UTC parse example
[1] "2016-11-07 14:21:22 CST"
R> 

The NEWS file summarises the release:

Changes in anytime version 0.1.0 (2016-11-06)
  • New functions utctime() and utcdate() were added to parse input as coordinated universal time; the functionality is also available in anytime() and anydate() via a new argument asUTC (PR #22)

  • New (date)time format for RFC822-alike dates, and expanded existing datetime formats to all support fractional seconds (PR #21)

  • Extended functionality to support not only ‘YYYYMMDD’ (without a separator, and not covered by Boost) but also with ‘HHMM’, ‘HHMMSS’ and ‘HHMMSS.ffffff’ (PR #30 fixing issue #29)

  • Extended functionality to support ‘HHMMSS[.ffffff]’ following other date formats.

  • Documentation and tests have been expanded; typos corrected

  • New (unexported) helper functions setTZ, testOutput, setDebug

  • The testFormat (and testOutput) functions cannot be called under RStudio (PR #27 fixing issue #25).

  • More robust support for non-finite values such as NA, NaN or Inf (Fixing issue #16)

Courtesy of CRANberries, there is a comparison to the previous release. More information is on the anytime page.

For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Dirk Eddelbuettel: gettz 0.0.3

8 November, 2016 - 08:19

A minor release 0.0.3 of gettz arrived on CRAN two days ago.

gettz provides a possible fallback in situations where Sys.timezone() fails to determine the system timezone. That can happen when e.g. the file /etc/localtime somehow is not a link into the corresponding file with zoneinfo data in, say, /usr/share/zoneinfo.

This release adds a second #ifdef to permit builds on Windows for the previous R release (ie r-oldrel-windows). No new code, or new features.

Courtesy of CRANberries, there is a comparison to the previous release.

More information is on the gettz page. For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Daniel Pocock: Quickstart SDR with gqrx, GNU Radio and the RTL-SDR dongle

8 November, 2016 - 02:56

Software Defined Radio (SDR) provides many opportunities for both experimentation and solving real-world problems. It is not exactly a new technology but it has become significantly more accessible due to the increases in desktop computing power (for performing the DSP functions) and simultaneous reduction in the cost of SDR hardware.

Thanks to the availability of a completely packaged gqrx and GNU Radio solution, you can now get up and running in less than half an hour and spending less than fifty dollars/pounds/euros.

We provided a full demo of the Debian Hams gqrx solution at Mini DebConf Vienna (video) and hope to provide a similar demo at MiniDebConf Cambridge on the coming weekend of 12-13 November.

gqrx is also available for Fedora users.

Choosing hardware

There are many different types of hardware, ranging from the low-cost RTL-SDR USB dongles to full duplex multi-transceiver systems.

My recommendation is to start with an RTL-SDR dongle due to extremely low cost, this will give you an opportunity to reflect on the opportunities of this technology before putting money into one of the transceivers and their accessories. The RTL-SDR dongle also benefits from being a small self-contained solution that you can carry around and experiment with or demo just about anywhere.

Important: Don't buy the cheapest generic RTL TV/radio receivers. It is absolutely essential to buy one of the units that has been explicitly promoted for SDR. These typically have a temperature compensated crystal oscillator (TCXO) which is absolutely essential for the reception of narrowband voice and digital signals. Without this, it is only possible to receive wideband broadcash FM radio and TV channels.

For those who want to try it out with us at MiniDebConf Cambridge, Technofix has UK stock (online ordering), they are about £26.

Getting gqrx up and running fast

Note: to avoid the wrong kernel module being loaded automatically, it is recoemmended that you don't connect the RTL-SDR dongle before you install the packages. If you did already connect it, you may need to reboot or rmmod dvb_usb_rtl28xxu.

If you are using a Debian jessie system, you can get all the necessary packages from jessie-backports.

If you haven't already enabled backports, you can do so with a command like this:


$ sudo echo "deb http://ftp.ch.debian.org/debian jessie-backports main" >> /etc/apt/sources.list

Make sure your local index is updated and then install the necessary packages:


$ sudo apt-get update
$ sudo apt-get install -t jessie-backports gqrx-sdr rtl-sdr

Running it for the first time

Once the packages are installed, connect the RTL-SDR dongle to the computer and then start the gqrx GUI from a terminal:


$ gqrx

If the GUI fails to appear, look carefully at the error messages. It may be that the wrong kernel module has been loaded.

The properties window appears, select the RTL-SDR dongle:

Now the main screen will appear. Choose the wideband FM mode "WFM (mono)" and change the frequency to a value in the FM broadcast band such as 100MHz. Click the "Power on" button in the top left corner, just under the "File" menu, to start reception. Click in the middle of a strong signal to tune to that station. If you don't hear anything, check the squelch setting (it should be more negative than the signal strength value) and increase the Gain control at the bottom right hand side of the window.

Looking for ham / amateur radio signals

A popular band for hams is between 144 - 148 MHz (in some countries only a subset of this band is used). This is referred to as the two-meter band, as that is the wavelength at this frequency.

Hams often use the narrowband FM mode in this band, especially with repeater stations. Change the "Mode" setting from "WFM" to "Narrow FM" and change the frequency to a value in the middle of the band. Look for signals in the radio spectrum and click on them to hear them.

If you are not sure which part of the band to look in, search for the two-meter band plan for your country/region and look for the repeater output frequencies in the band plan.

Jaldhar Vyas: New Laptop / Problems with Windows part 896,324

8 November, 2016 - 02:01

I had mentioned previously that I had been forced to purchase a new laptop. I decided that I didn't want another Thinkpad. The Lenovo ones no longer have the high quality they had in the IBM days and while support is still pretty good by todays dismal standards it's not worth the premium price. (If I'm buying it with my own money that is.) I had heard good thing about Dells' Linux support so I looked into their offerings and ended up buying a Precision 7510. Mind you this model came with Windows 7 installed but I didn't mind. As I wanted to install Debian according to my own specs anyway, I was ok with just knowing that the hardware would be compatible. So I prepared a Jessie USB installation stick (This model doesn't have a CD/DVD drive.) and shrunk down the Windows installation (but not deleted it altogether for reasons to be explained below.)

At this point it is traditional to give a long, tortured account of how Heaven and Earth had to be moved to get Linux installed. But that is a thing of the past. The combination of good hardware and the excellent work of the debian-installer team, made the setup a breeze with only a couple of minor bumps in the road. One is that the kernel on the Jessie cd was not quite up to snuff. Downloading 4.6.0 from backports did the trick. Post-install, to get the most out of my nifty new 4K display, I needed the latest, alas non-free, nvidia-drivers. And for stable wifi (I always install over ethernet for this reason) I had to install the firmware-iwlwifi package. Everything else—even my printer—either "just worked" or needed only minor fiddling around.

Having used this machine for a while, the biggest problem I have is with the keyboard. It is nowhere near as tactile and comfortable to use as the old IBM Thinkpads. Even Lenovo Thinkpad keyboards are better. I'm a hunt-and-peck type myself but it is annoying. I think a real touch typist would hate it. The cursor and home, end, page up, page down etc. keys are in the wrong place and home and end are actually function keys. There is a pointer and a trackpad and two sets of mouse buttons which seems like a waste of space. In fact much space is wasted everywhere, space which could be used to improve the keyboard. Other than that I like it. The battery life is not the best but fairly good. It's a bit heavier than I was used to but I've gotten used to it. Although I didn't go with the SSD option, it is not that noisy; again you can get used to it. All in all, I think it is worth it for the price.


I installed Debian but I only really use it as a base to run VMWare Workstation. I occasionally have to support software across multiple platforms but I don't want the hassle or expense of multiple computers so I have Windows (the original installation upgraded to Windows 10) and Mac OS X running in VMs. Plus I have another VM running Kubuntu LTS for my day to day computing, another Debian install running sid for packaging, and Minix. Backups are as simple as making a snapshot of the VM. If something accidently gets screwed up, I can easily revert it back to a known good state. Ideally, I would like to replace VMWare with a free solution such as qemu or virtualbox etc. but as far as I know VMWare is far ahead in emulation capabilities (OpenGL support for example.) which is vital for efficiently using the proprietary OS's.

Things were going swimmingly until a few days ago which brings me to part two of this post. I booted into the Windows 10 VM only to be greeted by a message from the Windows boot manager that "A component of the operating system has expired." I tried going back to a snapshot from September (when this definitely was working) but I still got the same thing. A bit of googling revealed this has happened to others and the advice seemed to be to reset the computers date and reinstall Windows 10. It took several tries but I finally got that done, completed the task I needed to do and shut it down. At the end of the day I shut the whole laptop down and thought no more of it.

The next day I boot up and...where is grub? It seems that during the Windows reinstall, it had overwritten grub with the Windows boot loader. And while grub is nice enough to add an entry for Windows when detected, Windows does not extend the same courtesy to Linux. Ok time to bring out my trusty USB stick again and reinstall grub. Oops I've wiped it off to store other things. No matter, download another image and do it again. Reboot and...back in Windows. Fiddle around in the EFI settings until I can get it to boot from USB.

Now i'm in the shell provided by debian-installer so I can mount and chroot my Linux partition and reinstall grub. Except no I can't because it is Luks encrypted. Ok apt-get install cryptsetup, open it with my passphrase and now I can mount the partion, chroot into and reinstall grub. Except no I can't because it is a logical volume group. Back to apt-get, install lvm2, vgscan (because of course I've forgotten the name of the group,) vgchange and now I can mount, chroot, etc. etc. Except no I can't.

# mount /dev/mapper/vg00-root /mnt
# chroot /mnt
# grub-install /dev/sda
error: cannot find a device for /boot/grub (is /dev mounted?).

sigh

# mount /dev/sda5 /boot
special device /dev/sda5 does not exist.

Well, /dev is mounted but it does indeed not contain a device called sda5.

# /etc/init.d/udev start
udev requires a mounted procfs.  not started.

Very well then.

# mount -t proc none /proc
# /etc/init.d/udev start

Nope. proc needs sysfs.

# mount -t sysfs none /sys
# /etc/init.d/udev start

Still no. You get a warning about how it is a bad idea to run udev from an interactive shell and there is still not /dev/sda5. Time to start googling again. It turns out what I should have done is open another shell from the installer environment and do...

# mount --bind /dev/ /mnt/dev

Now I can mount /boot/grub and reinstall grub and it should all work right?

I should be so lucky. Ok back to square one. I now did what I should have done in the first place and searched the Debian wiki. Sure enough there is a page which deals exactly with my predicament. Finally I get everything installed correctly and triumphantly reboot into Linux.

Of course now Windows doesn't work again...

Reproducible builds folks: Reproducible Builds: week 80 in Stretch cycle

8 November, 2016 - 00:17

What happened in the Reproducible Builds effort between Sunday October 30 and Saturday November 5 2016:

Upcoming events
  • Chris Lamb and Holger Levsen will be presenting at MiniDebConfCambridge 2016 in Cambridge, United Kingdom on November 10th-13th.

  • Vagrant Cascadian will be presenting Introduction to Reproducible Builds at the SeaGL.org Conference in Seattle, USA on November 12th.

  • The next IRC meeting will be held on November 15th.

  • Reproducible Debian Hackathon - A small hackathon organized in Boston, USA on December 3rd and 4th. If you are interested in attending, please contact Valerie Young (spectranaut in the #debian-reproducible IRC channel on irc.oftc.net.)

  • The second Reproducible Builds World Summit will be held in Berlin, Germany on December 13th-15th.

Reproducible work in other projects Bugs filed Reviews of unreproducible packages

81 package reviews have been added, 14 have been updated and 43 have been removed in this week, adding to our knowledge about identified issues.

3 issue types have been updated:

1 issue type has been removed:

1 issue type has been updated:

Weekly QA work

During of reproducibility testing, some FTBFS bugs have been detected and reported by:

  • Chris Lamb (17)
diffoscope development
  • diffoscope 62 was uploaded to unstable by Mattia Rizzolo:

    • Add rudimentary support for OpenDocumentFormat files. (Michel Messerschmidt)
    • Detect JSON order-only differences and print them nicely. (Mattia Rizzolo)
buildinfo.debian.net development tests.reproducible-builds.org

Reproducible Debian:

  • With thanks to Profitbricks continued sponsorship, Holger setup two new amd64 build nodes (and the associated Jenkins jobs) with 15/16 cores and 48GB RAM each for a total of four such amd64 nodes to double the build capacity of our amd64 build network.
Misc.

Also with thanks to Profitbricks sponsoring the "hardware" resources, Holger created a 13 core machine with 24GB RAM and 100GB SSD based storage so that Ximin can do further tests and development on GCC and other software on a fast machine.

This week's edition was written by Chris Lamb, Ximin Luo, Vagrant Cascadian, Holger Levsen and reviewed by a bunch of Reproducible Builds folks on IRC.

Petter Reinholdtsen: How to talk with your loved ones in private

7 November, 2016 - 16:25

A few days ago I ran a very biased and informal survey to get an idea about what options are being used to communicate with end to end encryption with friends and family. I explicitly asked people not to list options only used in a work setting. The background is the uneasy feeling I get when using Signal, a feeling shared by others as a blog post from Sander Venima about why he do not recommend Signal anymore (with feedback from the Signal author available from ycombinator). I wanted an overview of the options being used, and hope to include those options in a less biased survey later on. So far I have not taken the time to look into the individual proposed systems. They range from text sharing web pages, via file sharing and email to instant messaging, VOIP and video conferencing. For those considering which system to use, it is also useful to have a look at the EFF Secure messaging scorecard which is slightly out of date but still provide valuable information.

So, on to the list. There were some used by many, some used by a few, some rarely used ones and a few mentioned but without anyone claiming to use them. Notice the grouping is in reality quite random given the biased self selected set of participants. First the ones used by many:

Then the ones used by a few.

Then the ones used by even fewer people

And finally the ones mentioned by not marked as used by anyone. This might be a mistake, perhaps the person adding the entry forgot to flag it as used?

Given the network effect it seem obvious to me that we as a society have been divided and conquered by those interested in keeping encrypted and secure communication away from the masses. The finishing remarks from Aral Balkan in his talk "Free is a lie" about the usability of free software really come into effect when you want to communicate in private with your friends and family. We can not expect them to allow the usability of communication tool to block their ability to talk to their loved ones.

Note for example the option IRC w/OTR. Most IRC clients do not have OTR support, so in most cases OTR would not be an option, even if you wanted to. In my personal experience, about 1 in 20 I talk to have a IRC client with OTR. For private communication to really be available, most people to talk to must have the option in their currently used client. I can not simply ask my family to install an IRC client. I need to guide them through a technical multi-step process of adding extensions to the client to get them going. This is a non-starter for most.

I would like to be able to do video phone calls, audio phone calls, exchange instant messages and share files with my loved ones, without being forced to share with people I do not know. I do not want to share the content of the conversations, and I do not want to share who I communicate with or the fact that I communicate with someone. Without all these factors in place, my private life is being more or less invaded.

Shirish Agarwal: The long tail in a common’s man journey to debconf16

7 November, 2016 - 05:38

I was going to put a technical post but saw the discussion of one of the meetings of the debconf meets and decided to share a novice’s travel experience.

Before I start here’s the discussion log http://meetbot.debian.net/debconf-team/2016/debconf-team.2016-10-20-20.01.log.html

and specifically this part which hit me –

20:36:52 DLange: $100 CAD is a lot for some, but you’d only need it if you won’t sleep in sponsored accom, which arguably is acceptable.
20:37:04 it would, pollo, fixed sponsorship sum for everybody and allocation of rooms completely decoupled. Hotel gets the money from everybody and the “base fee” from DebConf.
20:37:15 people who can’t afford also have special needs and may be uncomfortable in sharing rooms. That’s quite frequently in our community. Managing each case will be much more complicated.
20:37:31 tvaz: we could set aside budget for such special needs, for sure.
20:37:43 I’m talking about managing each case
20:37:46 tvaz: yes, but we’ll have the special cases no matter what.
20:37:48 yes, and the special cases need to be catered for regardless of how everybody else is housed
20:38:06 tvaz: room allocation already includes this.
20:38:19 people having to expose their personal problems to have us permitting them staying in the hotel
20:38:23 that’s just too weird

It just goes on. I dunno whether I’m weird or not or the experience I would share is just normal, this I would leave for you to decide.

As have shared before, some friends of mine from the free software community had cajoled me last year to apply for debconf bursary (debconf15), which surprisingly got approved, but as it was late and my pre-conceived myths/notions of visas taking a looooong time decided not to go further. Many things take a long time to happen in the Indian bureaucratic maze. For instance have been in a civil case for almost a decade now among other things so know and accept that things take their own sweet time otherwise known as ‘Indian patience’

Anyways, did the application and again, surprise, surprise this time too I was approved. Luckily, had done the application for bursary early so was a bit positive on the visa-front. There was a goof-up at the embassay but thanks to people at travel.stackexchange.com where I asked quite a few questions, I was a bit informed and travel was relatively hassle-free. Internally though, I was nervous as hell. I had been feeling like a ‘conman’ or a ‘fraud’ or being an ‘imposter’ because I knew before-hand that the project is so huge and had done the mistake of putting up a talk and a workshop where the big guns would be, which again was accepted (not good). The only thing I was thinking of as a saving grace is that there might be some newbies who don’t know about the project at all (on Open Day) and hopefully I could help with that but as you will see, even there I was fully inadequate.

Anyways, I live in Pune which is around 3.5 hours from Mumbai (BOM) from where international flights take off. While Pune has an Airport, due to defence considerations, there cannot be much improvement either for domestic or International carriers. There have been attempts to have an exclusive civilian Airport for a long time (almost a decade) and would still take a decade or more.

Anyways, hence had decided to take an early morning train from Pune to Mumbai, change couple of locals and finally land up at the Mumbai International Airport. Hind-sight as they say is 50:50, while I do have friends in Mumbai, I also found about a homestay which is closer to the Airport and still relatively budget-friendly.

Anyways, met few friends but as was paranoid about missing connections found myself in front of the Airport at 20:00 hrs. with about 7 hours + to go before my flight. While there is nothing to do around the airport rather than hanging around, just hung around outside the airport as knew that inside the airport will be chilling and once you go in, you cannot come out or at least it’s an inconvenience to the security therein. The International Airport in on three levels, the basement is for vehicles, the first level to receive International and Domestic passengers and the upper-most level exclusively for people flying internationally. This again, came to know when I tried to enter into the ones meant for Domestic and International Passengers coming into the city.

Anyways, came to the check-in counter at around 02:00 hrs, did the security thing and just had to wait as the flight was of 0400 hrs (from my limited search experience, the cheapest flights are at such times when nobody else (i.e.civilized people) wants to fly). Entered Doha around 5:15 Doha time and saw a much much bigger airport than either the Mumbai International Airport or/and the Delhi International Airport . While I have written some negative stuff about Doha, there were two positives that I am sure, I had forgotten to share –

a. There were no transit Visa Fees that I had to pay. Most countries and airports I researched have something called transit visa and that can really get expensive, so saved money on that.

b. The free ride into the city and back with voluntary tipping the driver or/and guide (approx. 3-4 hours)

While the second from what I could tell/know is a gimmick, this is something I wish other countries and airports emulate.

There are hotels in the airport and I could have had hotel accommodation if I had booked a slightly more expensive ticket, roughly INR 5k/- each way which would have given me a bit more legroom as well as stay as my layover was more than 24 hours. Had to make do with recliners and chairs which are not really comfortable. There were only a couple of waiting rooms on air-side which had a view of the aircraft and hence were a bit more pleasing than those which were on the land-side and were fully blocked without a view. I wish there was a map of the Airport from within the Airport as even with the single terminal it is really easy to get lost.

Anyways, somehow the day and night went by and took my second flight and reached Cape Town, South Africa. Throughout the journey had been stressed as had to be awake at all times and make sure that nothing gets stolen. Having attendants at toilets were also good so that there is no possibility of any violence there. So it had been 2 days, no shower and no sleep.

Anyways, reached the venue. Throughout the travel there was quite a bit of unnamed fear which I later came to know after seeing Dr. Ramanujan’s ‘The Man who knew Infinity‘ . It was/is the fear or unknown, while in the movie it is articulated as fear of crossing seven seas, symbolically it is the fear or unknown.

Now while I was dead tired, I still pushed myself as I didn’t want to have the effects of jet lag interfere with the normal sleeping and waking patterns. I did freshen myself but didn’t allow myself the luxury of the bath-tub as I knew that if I went in, I would not come out that day. Met all the people, learnt who’s who, where things are happening etc. and slowly night came. Night came and I was so-looking forward to sleep but sleep was not to be. I later learnt it could be either of the two reasons, it could either have been ‘travel-induced insomnia‘ or/and what is known as the first night effect‘.

It was only on the second day when I was in bath-tub for about 2/3 hours I could feel the tension leaving my body. I finally realized that I am in Cape Town, South Africa and could enjoy and be surprised at seeing birds within few feet of me .

Now I don’t know whether I’m the only weird/paranoid one, I do know that it would not have been easier for me at least for the first night as I was turning and twisting throughout the night. I opened the lights, read for some time hoping for sleep to take over but that didn’t work. Tried quite a few things but sleep didn’t come. If I had been sleeping with other people I dunno how they would have reacted. I myself am a light sleeper (most of the time) and if I had sleep coming and somebody else acted or been the way I was, I wouldn’t been able to sleep. However much you try, whatever is the natural reaction is, will be. There are still some bits to share but that would be in part 2.


Filed under: Miscellenous Tagged: #air-travel, #Debconf16, #paranoia, #sleep

Russ Allbery: Review: Digger

7 November, 2016 - 01:49

Review: Digger, by Ursula Vernon

Publisher: Sofawolf Copyright: October 2013 ISBN: 1-936689-32-4 Format: Graphic novel Pages: 837

As Digger opens, the eponymous wombat is digging a tunnel. She's not sure why, or where to, since she hit a bad patch of dirt. It happens sometimes, underground: pockets of cave gas and dead air that leave one confused and hallucinating. But this one was particularly bad, it's been days, she broke into a huge cave system, and she's thoroughly lost. Tripping on an ammonite while running from voices in the dark finally helps her come mostly to her senses and start tunneling up, only to break out at the feet of an enormous statue of Ganesh. A talking statue of Ganesh.

Digger is a web comic that ran from 2005 to 2011. The archives are still on the web, so you can read the entire saga for free. Reviewed here is the complete omnibus edition, which collects the entire strip (previously published in six separate graphic novels containing two chapters each), a short story, a bonus story that was published in volume one, a bunch of random illustrated bits about the world background, author's notes from the web version, and all of the full-color covers of the series chapters (the rest of the work is in black and white). Publication of the omnibus was originally funded by a Kickstarter, but it's still available for regular sale. (I bought it normally via Amazon long after the Kickstarter finished.) It's a beautiful and durable printing, and I recommend it if you have the money to buy things you can read for free.

This was a very long-running web comic, but Digger is a single story. It has digressions, of course, but it's a single coherent work with a beginning, middle, and end. That's one of the impressive things about it. Another is that it's a fantasy work involving gods, magic, oracles, and prophecies, but it's not about a chosen one, and it's not a coming of age story. Digger (Digger-of-Needlessly-Complicated-Tunnels, actually, but Digger will do) is an utterly pragmatic wombat who considers magic to be in poor taste (as do all right-thinking wombats), gods to be an irritating underground obstacles that require care and extra bracing, and prophecies to not be worth the time spent listening to them. It's a bit like the famous Middle Earth contrast between the concerns of the hobbits and the affairs of the broader world, if the hobbits were well aware of the broader world, able to deal with it, but just thought all the magic was tacky and irritating.

Magic and gods do not, of course, go away just because one is irritated by them, and Digger eventually has to deal with quite a lot of magic and mythology while trying to figure out where home is and how to get back to it. However, she is drawn into the plot less by any grand danger to the world and more because she keeps managing to make friends with everyone, even people who hate each other. It's not really an explicit goal, but Digger is kind-hearted, sensible, tries hard to do the right thing, and doesn't believe in walking away from problems. In this world, that's a recipe for eventual alliances from everything from warrior hyenas to former pirate shrews, not to mention a warrior cult, a pair of trolls, and a very confused shadow... something. All for a wombat who would rather be digging out a good root cellar. (She does, at least, get a chance to dig out a good root cellar.)

The characters are the best part, but I love everything about this story. Vernon's black and white artwork isn't as detailed as, say, Dave Sim at his best, and some of the panels (particularly mostly dark ones) seemed a bit scribbly. But it's mostly large-panel artwork with plenty of room for small touches and Easter eggs (watch for the snail, and the cave fish graffiti that I missed until it was pointed out by the author's notes), and it does the job of telling the story. Honestly, I like the black and white panels better than the color chapter covers reproduced in the back. And the plot is solid and meaty, with a satisfying ending and some fantastic detours (particularly the ghosts).

I think my favorite bits, though, are the dialogue.

"Do you have any idea how long twelve thousand years is?"
"I know it's not long enough to make a good rock."

Digger is snarky in all the right ways, and sees the world in terms of tunnels, digging, and geology. Vernon is endlessly creative in how she uses that to create comebacks, sayings, analysis, and an entire culture.

This is one of the best long-form comics I've read: a solid fantasy story with great characters, reliably good artwork, a coherent plot arc, wonderful dialogue, a hard-working and pragmatic protagonist (who happens to be female), and a wonderfully practical sense of morality and ethics. I'm sorry it's over. If you've not already read it, I highly recommend it.

Remember tunnel 17!

Rating: 9 out of 10

Niels Thykier: Improvements in apt-file 3.1.2

6 November, 2016 - 15:13

Yesterday, I just uploaded apt-file 3.1.2 into unstable, which comes with a few things I would like to highlight.

 

  • We fixed an issue where apt-file would not show top-level files in source packages. (bug#676642). Thanks to Paul Wise for the proposed solution.
  • Paul Wise also fixed a bug where apt-file list -I dsc <source-pkg> would fail to list all files in the source package if said file was also in other packages.
  • We added –filter-suites / –filter-origins options that can be used to narrow the search space.  Example: apt-file search --filter-suites unstable lintian/checks/

You can also set defaults in the config file – if you want to always search in unstable, simply do:

# echo 'apt-file::Search-Filter::Suite "unstable";' >> /etc/apt/apt-file.conf

For the suite filter, either a code name (“sid”) or a suite name (“unstable”) will work.  Please note that the filters are case-sensitive – suites/code names generally use all lowercase, whereas origins appear to use title-case (i.e. “unstable” vs. “Debian”).

 


Filed under: apt-file, Debian

Russell Coker: Is a Thinkpad Still Like a Rolls-Royce

6 November, 2016 - 12:45

For a long time the Thinkpad has been widely regarded as the “Rolls-Royce of laptops”. Since 2003 one could argue that Rolls-Royce is no longer the Rolls-Royce of cars [1]. The way that IBM sold the Think business unit to Lenovo and the way that Lenovo is producing both Thinkpads and cheaper Ideapads is somewhat similar to the way the Rolls-Royce trademark and car company were separately sold to companies that are known for making cheaper cars.

Sam Varghese has written about his experience with Thinkpads and how he thinks it’s no longer the Rolls-Royce of laptops [2]. Sam makes some reasonable points to support this claim (one of which only applies to touchpad users – not people like me who prefer the Trackpoint), but I think that the real issue is whether it’s desirable to have a laptop that could be compared to a Rolls-Royce nowadays.

Support

The Rolls-Royce car company is known for great reliability and support as well as features that other cars lack (mostly luxury features). The Thinkpad marque (both before and after it was sold to Lenovo) was also known for great support. You could take a Thinkpad to any service center anywhere in the world and if the serial number indicated that it was within the warranty period it would be repaired without any need for paperwork. The Thinkpad service centers never had any issue with repairing a Thinkpad that lacked a hard drive just as long as the problem could be demonstrated. It was also possible to purchase an extended support contract at any time which covered all repairs including motherboard replacement. I know that not everyone had as good an experience as I had with Thinkpad support, but I’ve been using them since 1998 without problems – which is more than I can say for most hardware.

Do we really need great reliability from laptops nowadays? When I first got a laptop hardly anyone I knew owned one. Nowadays laptops are common. Having a copy of important documents on a USB stick is often a good substitute for a reliable laptop, when you are in an environment where most people own laptops it’s usually not difficult to find someone who will let you use theirs for a while. I think that there is a place for a laptop with RAID-1 and ECC RAM, it’s a little known fact that Thinkpads have a long history of supporting the replacement of a CD/DVD drive with a second hard drive (I don’t know if this is still supported) but AFAIK they have never supported ECC RAM.

My first Thinkpad cost $3,800. In modern money that would be something like $7,000 or more. For that price you really want something that’s well supported to protect the valuable asset. Sam complains about his new Thinkpad costing more than $1000 and needing to be replaced after 2.5 years. Mobile phones start at about $600 for the more desirable models (IE anything that runs Pokemon Go) and the new Google Pixel phones range from $1079 to $1,419. Phones aren’t really expected to be used for more than 2.5 years. Phones are usually impractical to service in any way so for most of the people who read my blog (who tend to buy the more expensive hardware) they are pretty much a disposable item costing $600+. I previously wrote about a failed Nexus 5 and the financial calculations for self-insuring an expensive phone [3]. I think there’s no way that a company can provide extended support/warranty while making a profit and offering a deal that’s good value to customers who can afford to self-insure. The same applies for the $499 Lenovo Ideapad 310 and other cheaper Lenovo products. Thinkpads (the higher end of the Lenovo laptop range) are slightly more expensive than the most expensive phones but they also offer more potential for the user to service them.

Features

My first Thinkpad was quite underpowered when compared to desktop PCs, it had 32M of RAM and could only be expanded to 96M at a time when desktop PCs could be expanded to 128M easily and 256M with some expense. It had a 800*600 display when my desktop display was 1280*1024 (37% of the pixels). Nowadays laptops usually start at about 8G of RAM (with a small minority that have 4G) and laptop displays start at about 1366*768 resolution (51% of the pixels in a FullHD display). That compares well to desktop systems and also is capable of running most things well. My current Thinkpad is a T420 with 8G of RAM and a 1600*900 display (69% of FullHD), it would be nice to have higher resolution but this works well and it was going cheap when I needed a new laptop.

Modern Thinkpads don’t have some of the significant features that older ones had. The legendary Butterfly Keyboard is long gone, killed by the wide displays that economies of scale and 16:9 movies have forced upon us. It’s been a long time since Thinkpads had some of the highest resolution displays and since anyone really cared about it (you only need pixels to be small enough that you can’t see them).

For me one of the noteworthy features of the Thinkpads has been the great keyboard. Mechanical keys that feel like a desktop keyboard. It seems that most Thinkpads are getting the rubbery keyboard design made popular by Apple. I guess this is due to engineering factors in designing thin laptops and the fact that most users don’t care.

Matthew Garrett has blogged about the issue of Thinkpad storage configured as “RAID mode” without any option to disable it [4]. This is an annoyance (which incidentally has been worked around) and there are probably other annoyances like it. Designing hardware and an OS are both complex tasks. The interaction between Windows and the hardware is difficult to get right from both sides and the people who design the hardware often don’t think much about Linux support. It has always been this way, the early Thinkpads had no Linux support for special IBM features (like fan control) and support for ISA-PnP was patchy. It is disappointing that Lenovo doesn’t put a little extra effort into making sure that Linux works well on their hardware and this might be a reason for considering another brand.

Service Life

I bought my curent Thinkpad T420 in October 2013 [5] It’s more than 3 years old and has no problems even though I bought it refurbished with a reduced warranty. This is probably the longest I’ve had a Thinkpad working well, which seems to be a data point against the case that modern Thinkpads aren’t as good.

I bought a T61 in February 2010 [6], it started working again (after mysteriously not working for a month in late 2013) and apart from the battery lasting 5 minutes and a CPU cooling problem it still works well. If that Thinkpad had cost $3,800 then I would have got it repaired, but as it cost $796 (plus the cost of a RAM upgrade) and a better one was available for $300 it wasn’t worth repairing.

In the period 1998 to 2010 I bought a 385XD, a 600E, a T21, a T43, and a T61 [6]. During that time I upgraded laptops 4 times in 12 years (I don’t have good records of when I bought each one). So my average Thinkpad has lasted 3 years. The first 2 were replaced to get better performance, the 3rd was replaced when an employer assigned me a Thinkpad (and sold it to be when I left), and 4 and 5 were replaced due to hardware problems that could not be fixed economically given the low cost of replacement.

Conclusion

Thinkpads possibly don’t have the benefits over other brands that they used to have. But in terms of providing value for the users it seems that they are much better than they used to be. Until I wrote this post I didn’t realise that I’ve broken a personal record for owning a laptop. It just keeps working and I hadn’t even bothered looking into the issue. For some devices I track how long I’ve owned them while thinking “can I justify replacing it yet”, but the T420 just does everything I want. The battery still lasts 2+ hours which is a new record too, with every other Thinkpad I’ve owned the battery life has dropped to well under an hour within a year of purchase.

If I replaced this Thinkpad T420 now it will have cost me less than $100 per year (or $140 per year including the new SSD I installed this year), that’s about 3 times better than any previous laptop! I wouldn’t feel bad about replacing it as I’ve definitely got great value for money from it. But I won’t replace it as it’s doing everything I want.

I’ve just realised that by every measure (price, reliability, and ability to run all software I want to run) I’ve got the best Thinkpad I’ve ever had. Maybe it’s not like a Rolls-Royce, but I’d much rather drive a 2016 Tesla than a 1980 Rolls-Royce anyway.

Related posts:

  1. Thinkpad T420 I’ve owned a Thinkpad T61 since February 2010 [1]. In...
  2. PC prices drop again! A few weeks ago Dell advertised new laptops for $849AU,...
  3. I Just Bought a new Thinkpad and the Lenovo Web Site Sucks I’ve just bought a Thinkpad T61 at auction for $AU796....

Russ Allbery: podlators 4.09

6 November, 2016 - 04:28

This package contains the Pod::Man and Pod::Text formatters for Perl.

This is a bug-fix release that fixes a long-standing problem with Pod::Text on EBCDIC systems. The code to handle non-breaking spaces and soft hyphens hard-coded the ASCII code points and deleted the open bracket character on EBCDIC systems.

The fix here adopts the same fix that was done in Pod::Simple (but with backward compatibility to older versions of Pod::Simple).

I also made a bit more progress on modernizing the test suite. All of the Pod::Man tests now use a modern coding style, and most of them have been moved to separate snippets, which makes it easier to look at the intended input and output and to create new tests.

You can get the latest version from the podlators distribution page.

Steinar H. Gunderson: Multithreaded OpenGL

6 November, 2016 - 03:11

Multithreading continues to be hard (although the alternatives are not really a lot better). While debugging a user issue in Nageru, I found and fixed a few races (mostly harmless in practice, though) in my own code, but also two issues that I filed patches for in Mesa. But that's not enough, it seems; there are still issues that are too subtle for me to figure out on-the-fly. But at least with those patches, I can use interlaced video sources in Nageru on Intel GPUs without segfaulting pretty much immediately. My laptop's GPU isn't fast enough to actually run the YADIF interlacer realtime in 1080p60, though, but it's nice at least not take the program down. (These things are super-sensitive to timing, of course, which is probably why I didn't see them when developing the feature a year or so ago.)

As usual, NVIDIA's proprietary drivers seem to be near-flawless in this regard. I'm starting to think maybe it's about massive amounts of QA resources.

Russ Allbery: Review: The Just City

6 November, 2016 - 01:32

Review: The Just City, by Jo Walton

Series: Thessaly #1 Publisher: Tor Copyright: 2014 Printing: January 2015 ISBN: 0-7653-3266-3 Format: Hardcover Pages: 368

The premise for The Just City is easy to state: The time-traveling goddess Athene (Athena) decides to organize and aid an attempt to create the society described in Plato's Republic. She chooses Thera (modern Santorini) before the eruption, as a safe place where this experiment wouldn't alter history. The elders of the city are seeded by people throughout history who at some point prayed to Athene, wanting to live in the Republic. The children of the age of ten that Plato suggested starting with are purchased as slaves from various points in history and transported by Athene to the island.

Apollo, shaken and confused by Daphne wanting to turn into a tree rather than sleep with him, finds out about this experiment as Athene tries to explain the concept of consent to him. He decides that becoming human for a while might help him learn about volition and equal significance, and that this is the perfect location. He's one of the three viewpoint characters. The others are two women: one (Maia) from Victorian times who prayed to Athene in a moment of longing for the tentative sexual equality of the Republic and was recruited as one of the elders, and another (Simmea) who is bought as a slave and becomes one of the children.

I should admit up-front that I've never read Plato's Republic, or indeed much of Plato at all, just small bits for classes. The elders (and of course the gods) all have, and are attempting to stick quite closely to Plato's outline of the ideal city. The children haven't, though, so the book is quite readable for people like me who only remember a few vague aspects of Plato's vision from school. The reader learns the principles alongside Simmea.

One of Walton's strengths is taking a science fiction concept, putting real people into it, and letting the quotidian mingle with the fantastic. Simmea is my favorite character here: her journey to the city is deeply traumatic, but the opportunity she gets there is incredible and unforeseen, and she comes to love the city while still understanding, and arguing about, its possible flaws. Maia is nearly as successful; Walton does a good job with committee debates and discussions, avoids coming down too heavily on the drama, and shows a believable picture of people with very different backgrounds and beliefs coming together to flesh out the outlines of something they all agree with, or at least want to try.

I found Apollo less engaging as a character, partly because I never quite understood his motives or his weird failure to understand the principles of consent. Walton doesn't portray him as either hopelessly arrogant or hopelessly narcissistic, which would have been easy outs, but in avoiding those two obvious explanations for his failures of empathy, I felt like she left him with an odd and unexplained hole in his personality. He's a weirdly passive half-character for much of the book, although he does develop a bit more towards the end (which was probably the point).

Half the fun of this book is working out what the Republic would be like in practice, and what breakdowns and compromises would happen as soon as you put real people in it. Athene obviously has to do a bit of cheating to make a utopia invented as an intellectual exercise work out in practice, plus a bit more for comfort (electricity and indoor plumbing, for instance). The most substantial cheat is robots to replace slaves and do quite a bit that slaves couldn't. Birth control (something Plato obviously never would have thought of) is another notable cheat; it's postulated to be an ancient method since lost, but even if that existed, there's no way it would be this reliable. But otherwise, the society mostly works, and Walton shows enough of the arguing and mechanics to make that believable, while still avoiding infodumps and boring descriptions. It's neatly done, although I'm still a bit dubious that the elders from later eras would have put up with the primitive conditions with this little complaint.

The novel needs a plot, of course, and that's the other half of the fun. I can't talk about this in any detail without spoiling the book, since the plot only kicks in about halfway through once the setup and character introductions are complete. That makes it hard to explain why I found this a bit less successful, although parts of it are brilliant.

What worked for me is the growth of Simmea and her friends as students and philosophers, the arguments and discussions (and their growing enthusiasm for argument and discussion), and the way Greek mythology is woven subtly and undramatically into the story. It really does feel like sitting in on ancient Greek philosophical arguments and experiments, and by that measure Walton has succeeded admirably in her goal.

What didn't work for me was the driving conflict of the story, once it's introduced. I can't describe it without spoilers, but it's an old trope in science fiction and one with little scientific basis. It may seem weird to argue that point in a book with time-traveling Greek gods, a literal Lethe, and a Greek idea of souls, but those are mythological background material. The SF trope is something about which I have personal expertise and which simply doesn't work that way, and I had a harder time getting past that than alternate metaphysical properties. It threw me out of the book a bit. I see why Walton chose the conflict she did, but I felt like she could have gotten to the same place in the plot, admittedly with more difficulty, by using some of the more dubious aspects of Plato's long-term plan plus some other obstacles that were already built into the world. This more direct approach added a bit of SF-style analysis of the unknown that seemed weirdly at odds with the rest of the story (even if the delight of one of the characters is endearing).

That complaint aside, I really enjoyed reading this book. Apollo didn't entirely work for me, but all of the other characters are excellent, and Walton keeps the story moving at a comfortable clip. Given the amount of description required, particularly for an audience that may not have read the Republic, a lesser writer could have easily slipped into the infodump trap. Walton never does.

Fair warning, though: The Just City does end on a cliffhanger, and is in no way a standalone novel. You will probably want to have the sequel on hand.

Followed by The Philosopher Kings.

Rating: 7 out of 10

Russ Allbery: Fall haul post

6 November, 2016 - 01:20

It's been a while since I've done one of these.

danah boyd — It's Complicated (non-fiction)
Jeffrey A. Carver — Eternity's End (sff)
Becky Chambers — A Closed and Common Orbit (sff)
Stephen Deas — The Adamantine Palace (sff)
Robert Heinlein — The Green Hills of Earth / The Menace from Earth (sff)
Robert Heinlein — Revolt in 2100 / Methuselah's Children (sff)
Marjorie M. Liu — The Iron Hunt (sff)
Larry Niven — The Ringworld Engineers (sff)
Don Norman — The Design of Everyday Things (non-fiction)
Kurt Vonnegut — Slaughterhouse-Five (sff)
Jo Walton — Necessity (sff)
Eileen Wilks — Tempting Danger (sff)

I picked up some extra used books since I was placing a book order to pick up Necessity anyway, and fleshed out my early Heinlein novels mostly out of curiousity. I've already reviewed The Design of Everyday Things, which I got from the work book club.

Clint Adams: TWO EVERETT MEN, FIVE I. W. W. DEAD; FIFTY WOUNDED

5 November, 2016 - 20:47

Two Everett citizens were killed and a score wounded, several seriously, this afternoon when the steamer Verona drew up to the City dock and attempted to land its crowd of almost 200 I. W. W. Sheriff McRae tried to parley with them. A shot was fired from the boat at the sheriff and a general battle followed. The Verona backed away from the wharf and returned to Seattle. On arrival there the I.W.W. crowd was arrested, five were found to be dead and about 30 wounded.

Elizabeth Ferdman: Applying to Debian for Outreachy 2016

5 November, 2016 - 07:00

This year, Outreachy featured internships from organizations such as Debian, Fedora, GNOME, the Linux Kernel, Mozilla, Python, and Wikimedia, just to name a few. Each organization features mentored projects and in order to apply, applicants must contact the mentor, introduce themselves on the appropriate channels and make a small contribution to the project. After that, applicants might be required to fulfill additional tasks to demonstrate their abilities. Successful applicants will make quality contributions, communicate effectively with mentors, ask questions, fulfill tasks, help out their peers via mailing lists, and/or blog about their experience.

One of the projects I applied to was the Clean Room for PGP and X.509 (PKI) Key Management. The project aims to create a Live Disc that enables users to create and manage their PGP keys easily and securely, using a text-based UI. I’ve been a Debian user for about a year, but before applying to the project I didn’t know much about GnuPG or public key encryption. Since then, I’ve made some contributions and attended my first keysigning event in San Francisco featuring a lecture by Neal Walfield (more on that below).

For my initial contribution, Daniel Pocock, the mentor for this project, asked that I write a script that lists the USB flash devices connected to the system and specifies which device the system booted from. Here’s the bash script that I wrote, and that was enough to submit an application for Debian.

My next task was to write a dns hook script for the dehydrated project, a shell client for signing certificates with Let’s Encrypt (for free!). The script completes a dns challenge sent by the ACME-server by provisioning a TXT record for a given domain in order to prove ownership of the domain. I chose to write it in python and used the dnspython API. I posted my solution on github and there are many more here.

At the lecture, Neal talked about good practices for key creation and management. Here are a few of those points:

  • Don’t store your master key locally

  • Store your master key offline on a smartcard such as GnuK or NitroKey and store backups on a USB stick.

  • Neal mentioned that the OpenPGP card is not open hardware and according to this recent post neither is the Yubikey

  • To manage the key, use a dedicated offline computer such as a relatively cheap x40 or x60 Thinkpad (my two cents: use a Thinkpad like X200 or T400 flashed with Libreboot, which solves the proprietary firmware problem) and remove the wireless network card.

  • Use Tails which wipes memory on shutdown.

  • Use subkeys– an encryption subkey is automatically created with gpg2 --gen-key. Create an additional signing subkey.

  • Generate a secure passphrase for your master key using 5-12 words. Example: “pipe after harm horse split seize radar bulb”
  • Refresh your keys regularly for new preferences and revokation certificates. An alternative to gpg2 --refresh-keys is parcimonie, which uses tor and refreshes keys one at a time.

  • Don’t back up .gnupg/random_seed

  • More OpenPGP Best Practices

See the slides for Neal’s full presentation.

Elizabeth Ferdman: Applying to Debian for Outreachy 2016

5 November, 2016 - 07:00

This year, Outreachy featured internships from organizations such as Debian, Fedora, GNOME, the Linux Kernel, Mozilla, Python, and Wikimedia, just to name a few. Each organization features mentored projects and in order to apply, applicants must contact the mentor, introduce themselves on the appropriate channels and make a small contribution to the project. After that, applicants might be required to fulfill additional tasks to demonstrate their abilities. Successful applicants will make quality contributions, communicate effectively with mentors, ask questions, fulfill tasks, help out their peers via mailing lists, and/or blog about their experience.

One of the projects I applied to was the Clean Room for PGP and X.509 (PKI) Key Management. The project aims to create a Live Disc that enables users to create and manage their PGP keys easily and securely, using a text-based UI. I’ve been a Debian user for about a year, but before applying to the project I didn’t know much about GnuPG or public key encryption. Since then, I’ve made some contributions and attended my first keysigning event in San Francisco featuring a lecture by Neal Walfield (more on that below).

For my initial contribution, Daniel Pocock, the mentor for this project, asked that I write a script that lists the USB flash devices connected to the system and specifies which device the system booted from. Here’s the bash script that I wrote, and that was enough to submit an application for Debian.

My next task was to write a dns hook script for the dehydrated project, a shell client for signing certificates with Let’s Encrypt (for free!). The script completes a dns challenge sent by the ACME-server by provisioning a TXT record for a given domain in order to prove ownership of the domain. I chose to write it in python and used the dnspython API. I posted my solution on github and there are many more here.

At the lecture, Neal talked about good practices for key creation and management. Here are a few of those points:

  • Don’t store your master key locally

  • Store your master key offline on a smartcard such as GnuK or NitroKey and store backups on a USB stick.

  • Neal mentioned that the OpenPGP card is not open hardware and according to this recent post neither is the Yubikey

  • To manage the key, use a dedicated offline computer such as a relatively cheap x40 or x60 Thinkpad (my two cents: use a Thinkpad like X200 or T400 flashed with Libreboot, which solves the proprietary firmware problem) and remove the wireless network card.

  • Use Tails which wipes memory on shutdown.

  • Use subkeys– an encryption subkey is automatically created with gpg2 --gen-key. Create an additional signing subkey.

  • Generate a secure passphrase for your master key using 5-12 words. Example: “pipe after harm horse split seize radar bulb”
  • Refresh your keys regularly for new preferences and revokation certificates. An alternative to gpg2 --refresh-keys is parcimonie, which uses tor and refreshes keys one at a time.

  • Don’t back up .gnupg/random_seed

  • More OpenPGP Best Practices

See the slides for Neal’s full presentation.

Michal &#268;iha&#345;: Weblate 2.9

4 November, 2016 - 18:00

Slightly behind schedule (it should have been released in October), Weblate 2.9 is out today. This release brings Subversion support or improved zen mode.

Full list of changes:

  • Extended parameters for createadmin management command.
  • Extended import_json to be able to handle with existing components.
  • Added support for YAML files.
  • Project owners can now configure translation component and project details.
  • Use "Watched" instead of "Subscribed" projects.
  • Projects can be watched directly from project page.
  • Added multi language status widget.
  • Highlight secondary language if not showing source.
  • Record suggestion deletion in history.
  • Improved intuitivity of languages selection in profile.
  • Fixed showing whiteboard messages for component.
  • Keep preferences tab selected after saving.
  • Show source string comment more prominently.
  • Automatically install Gettext PO merge driver for Git repositories.
  • Added search and replace feature.
  • Added support for uploading visual context (screnshots) for translations.

If you are upgrading from older version, please follow our upgrading instructions.

You can find more information about Weblate on https://weblate.org, the code is hosted on Github. If you are curious how it looks, you can try it out on demo server. You can login there with demo account using demo password or register your own user. Weblate is also being used on https://hosted.weblate.org/ as official translating service for phpMyAdmin, OsmAnd, Aptoide, FreedomBox, Weblate itself and many other projects.

Should you be looking for hosting of translations for your project, I'm happy to host them for you or help with setting it up on your infrastructure.

Further development of Weblate would not be possible without people providing donations, thanks to everybody who have helped so far! The roadmap for next release is just being prepared, you can influence this by expressing support for individual issues either by comments or by providing bounty for them.

Filed under: Debian English phpMyAdmin SUSE Weblate | 0 comments

Pages

Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้