Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 1 hour 33 min ago

Elizabeth Ferdman: 8 Week Progress Update for PGP Clean Room

31 January, 2017 - 07:00

During the last few weeks, I learned about internationalization in bash and did a lot of refactoring/decomposing of the UI code, making the code a lot more DRY.


This intro to Internationalization in Bash from the Linux Journal and this Slackware doc put me on the road to internationalizing the UI code I had written thus far.

Instead of hardcoding strings into the whiptail commands, like this:

PRIMARY_UID=$(whiptail --inputbox "$PRIMARY_UID_TEXT_EN" 8 78 --title "$PRIMARY_UID_TITLE_EN" 3>&1 1>&2 2>&3)

I set up a Message Catalog in a Portable Object file for English: en.po. The .po file contains msgid-msgstr key-value pairs:

msgstr ""
"Please specify how long the key should be valid.\n"
"\t   0 = key does not expire\n"
"\t <n> = key expires in n days\n"
"\t<n>w = key expires in n weeks\n"
"\t<n>m = key expires in n months\n"
"\t<n>y = key expires in n years"

msgstr "Primary UID"

To make these .po files usable in a script, use the Linux utility msgfmt to turn .po files into Message Object files:

mkdir -p $HOME/project/locale/en_US/LC_MESSAGES/
msgfmt -o $HOME/project/locale/en_US/LC_MESSAGES/ po/en.po

Now that we have a Message Object file, we can access the key value pairs in a script using the gettext command. Pass the name of the msgid as a string to get back the localized natural language string:

whiptail_yesno() {	
	whiptail --yesno "$(gettext $1)" $DIMENS --title "$(gettext $2)"
	return $?


In order for this to work, though, it’s important to export some environmental variables before running gettext. Mine look like:

export TEXTDOMAINDIR=$HOME/gpg-helper-scripts/locale
export TEXTDOMAIN=ui-strings
export LANG=en_US.UTF-8


├─ gpg/
│    ├─
│    ├─
├─ whiptail/
│    ├─
│    ├─
│    ├─
│    ├─
├─ po/
│    ├─ en.po
├─ locale/
│    ├─ en_US/LC_MESSAGES/
├─ details/
│    ├─ gpg-algos
│    ├─ smartcard-workflow

While setting up whiptail functions I learned that one does not simply return values in bash. With the help of another Linux Journal article, I came up with:

whiptail_password() {
	result=$(whiptail --passwordbox "$(gettext $2)" $DIMENS --title "$(gettext $3)" 3>&1 1>&2 2>&3)
	eval $__resultvar="'$result'"

to store user input as variables while keeping the code DRY.

I also looked a little bit at Google’s Shell Style Guide, gave my files better names and organized the directory structure.


I was curious about the correct abbreviations, key lengths and usages for all of the gpg2.1.16 supported algorithms so I created a reference in details/gpg-algos that will come in handy for validating the user’s input for different types of keys.

…Moving Forward…

Now that the code is much more readable, I can think more about the UI and the options that I want to include:

Lots more options could be added here.. Let me know your ideas.

Thanks for reading!

Marc 'Zugschlus' Haber: openssh authorized_keys "restrict" option lessens worries

31 January, 2017 - 01:00

Starting with OpenSSH 7.2, a new “restrict” option for authorized_keys lines has become available. It sets all available restrictions that the current OpenSSH version can do (like no-agent-forwarding, no-x11-forwarding etc). One can individually turn on those features again by corresponding new options.

This saves one from sorrows when a new capability of OpenSSH is introduced through an update which is enabled by default, since one has to remember that restricted authorized_keys lines are in unse and then to manually add the restrictions.

On the downside, Debian jessie and CentOS 7 don’t have a recent enough OpenSSH. So we’ll have to continue worrying about new features being inadvertendly enabled for a while.

P.S.: Yes, I haven’t blogged about Linux and Debian in English in a while.

Bits from Debian: Savoir-faire Linux Platinum Sponsor of DebConf17

31 January, 2017 - 00:00

We are very pleased to announce that Savoir-faire Linux has committed support to DebConf17 as a Platinum sponsor.

"Debian acts as a model for both Free Software and developer communities. Savoir-faire Linux promotes both vision and values of Debian. Indeed, we believe that it's an essential piece, in a social and political way, to the freedom of users using modern technological systems", said Cyrille Béraud, president of Savoir-faire Linux.

Savoir-faire Linux is a Montreal-based Free/Open-Source Software company with offices in Quebec City, Toronto, Paris and Lyon. It offers Linux and Free Software integration solutions in order to provide performance, flexibility and independence for its clients. The company actively contributes to many free software projects, and provide mirrors of Debian, Ubuntu, Linux and others.

Savoir-faire Linux was present at DebConf16 program with a talk about Ring, its GPL secure and distributed communication system. Ring package was accepted in Debian testing during DebCamp in 2016 and will be part of Debian Stretch. OpenDHT, the distributed hash table implementation used by Ring, also appeared in Debian experimental during last DebConf.

With this commitment as Platinum Sponsor, Savoir-faire Linux contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software helping to strengthen the community that continues to collaborate on Debian projects throughout the rest of the year.

Thank you very much Savoir-faire Linux, for your support of DebConf17!

Become a sponsor too!

DebConf17 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through, and visit the DebConf17 website at

Bits from Debian: Savoir-faire Linux Platinum Sponsor of DebConf17

30 January, 2017 - 23:50

We are very pleased to announce that Savoir-faire Linux has committed support to DebConf17 as a Platinum sponsor.

"Debian acts as a model for both Free Software and developer communities. Savoir-faire Linux promotes both vision and values of Debian. Indeed, we believe that it's an essential piece, in a social and political way, to the freedom of users using modern technological systems", said Cyrille Béraud, president of Savoir-faire Linux.

Savoir-faire Linux is a Montreal-based Free/Open-Source Software company with offices in Quebec City, Toronto, Paris and Lyon. It offers Linux and Free Software integration solutions in order to provide performance, flexibility and independence for its clients. The company actively contributes to many free software projects, and provide mirrors of Debian, Ubuntu, Linux and others.

Savoir-faire Linux was present at DebConf16 program with a talk about Ring, its GPL secure and distributed communication system. Ring package was accepted in Debian testing during DebCamp in 2016 and will be part of Debian Stretch. OpenDHT, the distributed hash table implementation used by Ring, also appeared in Debian experimental during last DebConf.

With this commitment as Platinum Sponsor, Savoir-faire Linux contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software helping to strengthen the community that continues to collaborate on Debian projects throughout the rest of the year.

Thank you very much Savoir-faire Linux, for your support of DebConf17!

Become a sponsor too!

DebConf17 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through, and visit the DebConf17 website at

Michal &#268;iha&#345;: See you at FOSDEM

30 January, 2017 - 20:30

This has become sort of tradition for me, but still worth mentioning - I'm going to to FOSDEM this weekend.

This time I have no talk (I somehow failed to submit anything in time), but still I'm there to meet people and listen to some talks. As I've agreed to help Software Freedom Conservancy on stand (in the H building), it's quite likely that you will find me there. You will also have unique chance to grab phpMyAdmin stickers at this stand.

Also if you spot somebody wearing Weblate t-shirt, then it's most likely me ;-).

Filed under: Debian English phpMyAdmin SUSE Weblate | 0 comments

Shirish Agarwal: Different strokes

30 January, 2017 - 19:35

Statutory warning – It’s a long read.

I start by sharing I regret, I did not hold onto the Budget and Economics 101 blog post for one more day. I had been holding/thinking on to it for almost couple of weeks before posting, if I had just waited a day more, I would have been able to share an Indian Express story . While I thought that the work for the budget starts around 3 months before the budget, I came to learn from that article that it takes 6 months. As can be seen in the article, it is somewhat of a wasted opportunity, part of it probably due to the Government (irrespective of any political party, dynasty etc.) mismanagement.

What has not been stated in the article is what I had shared earlier, reading between the lines, it seems that the Government isn’t able to trust what it hears from its advisers and man on the street. Unlike Chanakya and many wise people before him who are credited with advising about good governance, that a good king is one who goes out in disguise, learns how his/er subjects are surviving, seeing what ills them and taking or even not taking corrective steps after seeing the problem from various angles. Of course it’s easier said then done, though lot of Indian kings did try and ran successful provinces. There were also some who were more interested in gambling, women and threw/frittered away their kingdoms.

The 6-month things while not being said in the Express article is probably more about checking and re-checking figures and sources to make sure they are able to read whatever pattern the various Big Businesses, Industry, Social Welfare schemes and people are saying I guess. And unless mass digitalization as well as overhaul of procedures, Right to Information (RTI) happens, don’t see any improvement in the way the information is collected, interpreted and shared with the public at large.

It would also require people who are able to figure out how things work sharing the inferences (right or wrong) through various media so there is discussion about figures and policy-making. Such researchers and their findings are sadly missing in Indian public discourses and only found in glossy coffee table books :(.

One of the most basic question for instance is, How much of any policy should be based on facts and figures and how much giving fillip to products and services needed in short to medium term ?

Also how much morality should play a part in Public Policy ?

Surprisingly, or probably not, most Indian budgets are populist by nature with some scientific basis but most of the times there is no dialog about how the FM came to some conclusion or Policy-making. I am guessing a huge part of that has also to do with basic illiteracy as well as Economic and Financial Illiteracy.

Just to share a well-known world-over example, one of the policies where the Government of India has been somewhat lethargic is wired broadband penetration. As have shared umpteen times, while superficially broadband penetration is happening, most of the penetration is the unreliable and more expensive mobile broadband penetration.

While this may come as a shock to many of the users of technology, BSNL, a Government company who provides broadband for almost 70-80% of the ADSL wired broadband subscribers gives 50:1 contention ratio to its customers.

One can now understand the pathetic speeds along with very old copper wiring (20 odd years) on which the network is running. The idea/idiom of running network using duct-tape seems pretty apt in here

Now, the Government couple of years ago introduced FFTH Fiber-to-the-home but because the charges are so high, it’s not going anywhere. The Government could say 10% discount in your Income Tax rates if you get FFTH. This would force people to get FFTH and would also force BSNL to clean up its act. It has been documented that a percentage increase in broadband equals a similar percentage rise in GDP.

Having higher speeds of broadband would mean better quality of streaming video as well as all sorts of remote teaching and sharing of ideas which will give a lot of fillip to all sorts of IT peripherals in short, medium and long-term as well. Not to mention, all the software that will be invented/coded to take benefit of all that speed.

Although, realistically speaking I am cynical that the Government would bring something like this

Moving on –

Another interesting story which I had shared was a bit about World History

Now the Economist sort of confirmed how things are in Pakistan. What is and was interesting that the article is made by a politically left-leaning magazine which is for globalization, business among other things .

So, there seem to be only three options, either I and the magazine are correct or we both are reading it wrong.

The third and last option is that the United States realize that Pakistan can no longer be trusted as Pakistan is siding more and more with Chinese and Russians, hence the article. Atlhough it seems a somewhat far-fetched idea as I don’t see the magazine getting any brownie points with President Trump. Unless, ‘The Economist’ becomes more hawkish, more right-wingish due to the new establishment.

I can’t claim to have any major political understanding or expertise but it does seem that Pakistan is losing friends. Even UAE have been cautiously building bridges with us. Now how this will play out in the medium to long-term depends much on the personal equations of the two heads of state, happenings in geopolitics around the world and the two countries, decisions they take, it is a welcome opportunity as far they (the Saudis) have funds they want to invest and India can use those investments to make new infrastructure.

Now, I need a bit of help of Java and VCS (Version control system) experts . There is a small game project called Mars-Sim. I asked probably a few more questions than I should have and the result was that I was made a member of the game team even though I had shared with them that I’m a non-coder.

I think such a game is important as it’s foss. Both the game itself is foss as well as its build-tools with a basic wiki. Such a game would be useful not only to Debian but all free software distributions.

Journeying into the game

Unfortunately, the game as it is currently, doesn’t work with openjdk8 but private conversations with the devs. have shared they will work on getting it to work on OpenJDK 9 which though is sometime away.

Now as it is a game, I knew it would have multiple multimedia assets. It took me quite sometime to figure out where most of the multimedia assets are.

I was shocked to find that there aren’t any tool/s in Debian as well a GNU/Linux to know about types of content is there inside a directory and its sub-directories.

I framed it in a query and found a script as an answer . I renamed the script to (for lack of imagination of better name).

After that, I downloaded a snapshot of the head of the project from where it shows a link to download the snapshot.

unzipped it and then ran the script on it –

[$] bash mars-sim-code-3846-trunk
theme: 1770
dtd: 31915
py: 10815
project: 5627
JPG: 762476
fxml: 59490
vm: 876
dat: 15841044
java: 13052271
store: 1343
gitignore: 8
jpg: 3473416
md: 5156
lua: 57
gz: 1447
desktop: 281
wav: 83278
1: 2340
css: 323739
frag: 471
svg: 8948591
launch: 9404
index: 11520
iml: 27186
png: 3268773
json: 1217
ttf: 2861016
vert: 712
ogg: 12394801
prefs: 11541
properties: 186731
gradle: 611
classpath: 8538
pro: 687
groovy: 2711
form: 5780
txt: 50274
xml: 794365
js: 1465072
dll: 2268672
html: 1676452
gif: 38399
sum: 23040
(none): 1124
jsx: 32070

It gave me some idea of what sort of file were under the repository. I do wish the script defaulted to showing file-sizes in KB if not MB to better assess how the directory is made up but not a big loss .

The above listing told me that at the very least theme, JPG, dat, wav, png, ogg and lastly gif files.

For lack of better tools and to get an overview of where those multimedia assets used ncdu –

┌─[shirish@debian] - [~/games/mars-sim-code-3846-trunk] - [10210]
└─[$] ncdu mars-sim/

--- /home/shirish/games/mars-sim-code-3846-trunk/mars-sim --------------------------------------------------------------------------------------
46.2 MiB [##########] /mars-sim-ui
15.2 MiB [### ] /mars-sim-mapdata
8.3 MiB [# ] /mars-sim-core
2.1 MiB [ ] /mars-sim-service
500.0 KiB [ ] /mars-sim-main
188.0 KiB [ ] /mars-sim-android
72.0 KiB [ ] /mars-sim-network
16.0 KiB [ ] pom.xml
12.0 KiB [ ] /.settings
4.0 KiB [ ]
4.0 KiB [ ] mars-sim.iml
4.0 KiB [ ] .project

I found that all the media is distributed randomly and posted a ticket about it. As I’m not even a java newbie, could somebody look at mokun’s comment and help out please ?

On the same project, there has been talk of migrating to

Now whatever little I know of git, it makes a copy of the whole repository under .git/ folder/directory so having multimedia assets under git is a bad, bad idea, as each multimedia binary format file would be unique and no possibility of diff. between two binary files even though they may be the same file with some addition or subtraction from earlier version.

I did file a question but am unhappy with the answers given. Can anybody give some definitive answers if they have been able to do how I am proposing , if yes, how did they go about it ?

And lastly –

America was founded by immigrants. Everybody knows the story about American Indians, the originals of the land were over-powered by the European settlers. So any claim, then and now that immigration did not help United States is just a lie.

This came due to a conversation on #debconf by andrewsh –

[18:37:06] I’d be more than happy myself to apply for an US tourist not transit visa when I really need it, as a transit visa isn’t really useful, is just as costly as a tourist visa, and nearly as difficult to get as a tourist visa
[18:37:40] I’m not entirely sure I wish to transit through the US in its Trumplandia incarnation either
[18:38:07] likely to be more difficult and unfun

FWIW I am in complete agreement with Andrew’s assessment of how it might be with foreigners. It has been on my mind and thoughts for quite some time although andrewsh put it eloquently.

But as always I’m getting ahead of myself.

The conversation is because debconf this year would be in Canada. For many a cheap flight, one of the likely layovers/stopover can be the United States.

I actually would have gone one step further, even if it was cheap transit visa, it would equally be unfun as it would discriminate.

About couple of years back, a friend of mine while explaining what “visa” is, put it rather succinctly –

the visa officer looks at only 3 things –

a. Your financial position – something which tells that you can take care of your financial needs if things go south –

b. You are not looking to settle there unlawfully

c. You are not a criminal.

While costs do matter, what is disturbing more is the form of extremism being displayed therein. While Indians from the South Asian continent in US have been largely successful, love to be in peace (one-off incidents do and will happen anywhere) if I had to take a transit or tourist visa in this atmosphere, it would leave a bad taste in the mouth.

When one of my best friends is a Muslim, 20% of the population in India is made of Muslims and 99% of the time both of us co-exist in peace I simply can’t take any alternative ideology. Even in Freakonomics 2.0 the authors when they shared that it’s less than 0.1 percent of Muslims who are engaged in terrorist activities, if they were even 1 percent than all the world’s armed forces couldn’t fight them and couldn’t keep anyone safe. Which simply means that 99.99% of even all Muslims are good.

This resonates strongly with me for number of reasons. One of my uncles in early to late 80’s had an opportunity for work to visit Russia for official work. He went there and there were Secret Police after him all the time. While he didn’t know it, I later read it, that it was SOP (Standard Operating Procedure) when all and any foreigners came visiting the country, and not just foreigners, they had spies for their own citizens. Russka a book I read several years ago explained the paranoia beautifully.

While U.S. in those days was a more welcoming place for him.

I am thankful as well as find it strange that Canada and States have such different visa procedures. While Canada would simply look at the above things, probably discreetly inquire about you if you have been a bad boy/girl in any way and then make a decision which is fine. For United States, even for a transit visa I probably would have to go to Interview where my world view would probably be in conflict with the current American world view.

Interestingly, while I was looking at conversations on the web and one thing that is missing there is that nobody has talked about intelligence community. What Mr. Trump is saying in not so many words is that our intelligence even with all the e-mails we monitor and everything we do, we still can’t catch you. It almost seems like giving a back-handed compliment to the extremists saying you do a better job than our intelligence community.

This doesn’t mean that States doesn’t have interesting things to give to the world, Star Trek conventions, Grand Canyon (which probably would require me more than a month or more to explore even a little part), NASA, Intel, AMD, SpaceX, CES (when it’s held) and LPC (Linux Plumber’s conference where whose who come to think of roadmap for GNU/Linux). What I wouldn’t give to be a fly in the wall when LPC, CES happens in the States.

What I actually found very interesting is that in the current Canadian Government, if what I read and heard is true, then Justin Trudeau, the Prime Minister of Canada made 50 of his cabinet female. Just like in the article, studies even in Indian parliament have shown that when women are in power, questions about social justice, equality, common good get asked and policies made. If I do get the opportunity to be part of debconf, I would like to see, hear, watch, learn how the women cabinet is doing things. I am assuming that reporting and analysis standards of whatever decisions are more transparent and more people are engaged in the political process to know what their elected representatives are doing.

One another interesting point I came to know is that Canada is home to bicycling paths. While I stopped bicycling years ago as it has been becoming more and more dangerous to bicycle here in Pune as there is no demarcation for cyclists, I am sure lot of Canadians must be using this opportunity fully.

Lastly, on the debconf preparation stage, things have started becoming a bit more urgent and hectic. From a monthly IRC meet, it has now become a weekly meet. Both the wiki and the website are slowly taking up shape. is a nice way to know/see progress of the activities happening .

One important decision that would be taken today is where people would stay during debconf. There are options between on-site and two places around the venue, one 1.9 km around, the other 5 km. mark. Each has its own good and bad points. It would be interesting to see which place gets selected and why.

Filed under: Miscellenous Tagged: #budget, #Canada, #debconf organization, #discrimination, #Equal Opportunity, #Fiber, #svn, #United States, #Version Control, Broadband, Git, Pakistan, Subversion

Francois Marier: Creating a home music server using mpd

30 January, 2017 - 13:20

I recently setup a music server on my home server using the Music Player Daemon, a cross-platform free software project which has been around for a long time.

Basic setup

Start by installing the server and the client package:

apt install mpd mpc

then open /etc/mpd.conf and set these:

music_directory    "/path/to/music/"
bind_to_address    ""
bind_to_address    "/run/mpd/socket"
zeroconf_enabled   "yes"
password           "Password1"

before replacing the alsa output:

audio_output {
   type    "alsa"
   name    "My ALSA Device"

with a pulseaudio one:

audio_output {
   type    "pulse"
   name    "Pulseaudio Output"

In order for the automatic detection (zeroconf) of your music server to work, you need to prevent systemd from creating the network socket:

systemctl stop mpd.service
systemctl stop mpd.socket
systemctl disable mpd.socket

otherwise you'll see this in /var/log/mpd/mpd.log:

zeroconf: No global port, disabling zeroconf

Once all of that is in place, start the mpd daemon:

systemctl start mpd.service

and create an index of your music files:

MPD_HOST=Password1@/run/mpd/socket mpc update

while watching the logs to notice any files that the mpd user doesn't have access to:

tail -f /var/log/mpd/mpd.log

I also added the following in /etc/logcheck/ignore.server.d/local-mpd to silence unnecessary log messages in logcheck emails:

^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[1\]: Started Music Player Daemon.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[1\]: Stopped Music Player Daemon.$
^\w{3} [ :0-9]{11} [._[:alnum:]-]+ systemd\[1\]: Stopping Music Player Daemon...$

and created a cronjob in /etc/cron.d/mpd-francois to update the database daily and stop the music automatically in the evening:

# Refresh DB once a day
5 1 * * *  mpd  MPD_HOST=Password1@/run/mpd/socket /usr/bin/mpc --quiet update
# Think of the neighbours
0 22 * * 0-4  mpd  MPD_HOST=Password1@/run/mpd/socket /usr/bin/mpc --quiet stop
0 23 * * 5-6  mpd  MPD_HOST=Password1@/run/mpd/socket /usr/bin/mpc --quiet stop

To let anybody on the local network connect, I opened port 6600 on the firewall (/etc/network/iptables.up.rules since I'm using Debian's iptables-apply):

-A INPUT -s -p tcp --dport 6600 -j ACCEPT

Then I looked at the long list of clients on the mpd wiki.


The official website suggests two clients which are available in Debian and Ubuntu:

Both of them work well, but haven't had a release since 2011, even though there is some activity in 2013 and 2015 in their respective source control repositories.

Ario has a simpler user interface but gmpc has cover art download working out of the box, which is why I might stick with it.

In both cases, it is possible to configure a polipo proxy so that any external resources are fetched via Tor.


On Android, I got these two to work:

I picked M.A.L.P. since it includes a nice widget for the homescreen.


On iOS, these are the most promising clients I found:

since MPoD and MPaD don't appear to be available on the AppStore anymore.

Dimitri John Ledkov: 2017 is the new 1984

30 January, 2017 - 05:23
1984: Library EditionNovel by George Orwell, cover picture by Google Search resultI am scared.
I am petrified.
I am confused.
I am sad.
I am furious.
I am angry.

28 days later I shall return from NYC.

I hope.

Jonathan McDowell: BelFOSS 2017

30 January, 2017 - 05:18

On Friday I attended the second BelFOSS conference. I’d spoken about my involvement with Debian at the conference last year, which seemed to be well received. This year I’d planned to just be a normal attendee, but ended up roped in at a late stage to be part of a panel discussing various licensing issues. I had a thoroughly enjoyable day - there were many great speakers, and plenty of opportunity for interesting chats with other attendees.

The conference largely happens through the tireless efforts of Jonny McCullagh, though of course many people are involved in bringing it together. It’s a low budget single day conference which has still managed to fill its single track attendee capacity both years, and attract more than enough speakers. Last year Red Hat and LPI turned up, this year Matt Curry from Allstate’s Arizona office appeared, but in general it’s local speakers talking to a local audience. This is really good to see - I don’t think Jonny would object at all if he managed to score a `big name’ speaker, but one of his aims is to get students interested and aware of Free Software, and I think it helps a lot that the conference allows them to see that it’s actively in use in lots of aspects of the industry here in Northern Ireland.

Here’s hoping that BelFOSS becomes an annual fixture in the NI tech calendar!

Sam Hartman: Network Audio Visualization: Network Modeling

30 January, 2017 - 02:36
Previously, I wrote about my project to create an audio depiction of network traffic. In this second post, I explore how I model aspects of the network that will be captured in the audio representation. Before getting started, I'll pass along a link. This is not the first time someone has tried to put sound to packets flying through the ether: I was pointed at Peep. I haven't looked at Peep, but will do so after I finish my own write up. Not being an academic, I feel no obligation to compare and contrast my work to others:-)
I started with an idea of what I'd like to hear. One of my motivations was to explore some automated updates we run at work. So, I was hoping to capture the initial DNS and ARP traffic as the update discovered the systems it would contact. Then I was hoping to capture the ssh and other traffic of the actual update.
To Packet or Stream
One of the simplest things to do would simply be to model network packets. For DNS I chose that approach. I was dubious that a packet-based model would capture the aspects of TCP streams I typically care about. I care about the source and destination (both address and port) of course. However I also care about how much traffic is being carried over the stream and the condition of the stream. Are there retransmits? Are there a bunch of unanswered SYNs? But I don't care about the actual distribution of packets. Also, a busy TCP stream can generate thousands of packets a second. I doubted my ability to distinguish thousands of sounds a second at all, especially while trying to convey enough information to carry stream characteristics like overall traffic volume.
So, for TCP, I decided to model some characteristics of streams rather than individual packets.
For DNS, I decided to represent individual requests/replies.
I came up with something clever for ARPP. There, I model the request/reply as an outstanding request. A lot of unanswered ARPs can be a sign of a scan or a significant problem. The mornful sound of a TCP stream trailing off into an unanswered ARP as the cache times out on a broken network is certainly something I'd like to capture. So, I track when an ARP request is sent and when/if it is answered.
Sound or Music
I saw two approaches. First, I could use some sound to represent streams. As an example, a running diesel engine could make a great representation of a stream. The engine speed could represent overall traffic flow. There are many opportunities for detuning the engine to represent various problems that can happen with a stream. Perhaps using stereo separation and slightly different fundamental frequencies I could even represent a couple of streams and still be able to track them.
However, at least with me as a listener, that's not going to scale to a busy network. The other option I saw was to try and create melodic music with various musical phrases modified as conditions within the stream or network changed. That seemed a lot harder to do, but humans are good at listening to complicated music.
I ended up deciding that at least for the TCP streams, I was going to try and produce something more musical than sound. I was nervous: I kept having visions of a performance of "Peter and the Wolf" with different instruments representing all the characters that somehow went dreadfully wrong.
As an aside, the decision to approach music rather than sound depended heavily on what I was trying to capture. If I'm modeling more holistic properties of a system--for example, total network traffic without splitting into streams--I think parameterized sounds would be a better approach.
The decision to approach things musically affected the rest of the modeling. Somehow I was going to need to figure out notes to play. I'd already rejected the idea of modeling packets, so I wouldn't simply be able to play notes when a packet arrived.
Energy Decay
As I played with various options, I realized that the critical challenge would be figuring out how to focus the listener's attention on the important aspects of what was going on. Clutter was the great enemy. My job would be figuring out how to spend sound wisely. When something interesting happened, that part of the model should get more focus--more of the listener's energy.
Soon I found myself thinking a lot about managing the energy of network streams. I imagined streams getting energy when something happened, and spending that energy to convey that interesting event to the listener. Energy needed to accumulate fast enough that even low-traffic streams could be noticed. Energy needed to be spent fast enough that old events were not taking listener focus from new, interesting things going on. However, if the energy were spent slow enough, then network events could be smoothed out to give a better picture of the stream rather than individual packets.
This concept of managing some decaying quantity and managing the rate of decay proved useful at multiple levels of the model.
Two Layer Model
I started with a python script that parses tcpdump output. It associates a packet with a stream and batches packets together to avoid overloading other parts of the system.
The output of this script are stream events. Events include a source and destination address, a stream ID, traffic in each direction, and any special events on the stream.
For DNS, the script just outputs packet events. For ARP, the script outputs request start, reply, and timeout events. There's some initial support for UDP, but so far that doesn't make sound.
Right now, FINs are modeled, but SYNs and the interesting TCP conditions aren't directly modeled. If you get retransmissions you'll notice because packet flow will decrease. However, I'd love to explicitly sound retransmissions. I also think a window filling as an application fails to read is important. I imagine either narrowing a band-pass filter to clamp the audio bandwidth available to a stream with a full window. Or perhaps taking it the other direction and adding an echo.
The next layer down tracks the energy of each stream. But that, and how I map energy into music, is the topic of the next post.

Reproducible builds folks: Reproducible Builds: week 91 in Stretch cycle

30 January, 2017 - 01:18

What happened in the Reproducible Builds effort between Sunday January 15 and Saturday January 21 2017:

Media Coverage Upcoming Events
  • The Reproducible Build Zoo will be presented by Vagrant Cascadian at the Embedded Linux Conference in Portland, Oregon, February 22nd.

  • Dennis Gilmore and Holger Levsen will present on "Reproducible Builds and Fedora" at on February 27th.

  • Introduction to Reproducible Builds will be presented by Vagrant Cascadian at Scale15x in Pasadena, California, March 5th.

  • Verifying Software Freedom with Reproducible Builds will be presented by Vagrant Cascadian at Libreplanet2017 in Boston, March 25th-26th.

Toolchain development and fixes

Ximin Luo continued work on data formats, code, and test cases for SOURCE_PREFIX_MAP. He also continued to talk with the rustc team on the topic.

Chris Lamb submitted a patch to implement SOURCE_DATE_EPOCH for wordwarvi, a game which gave extra points to people who built it from source within one hour. This fixes Debian #786593.

Launchpad bug 1657704 was filed for them to start accepting buildinfo files.

Bugs filed Reviews of unreproducible packages

10 package reviews have been added, 149 have been updated and 153 have been removed in this week, adding to our knowledge about identified issues.

2 issue types have been updated:

Weekly QA work

During our reproducibility testing, the following FTBFS bugs have been detected and reported by:

  • Chris Lamb (3)
  • Ondřej Kobližek (1)
diffoscope development

diffoscope 69 was uploaded to unstable by Chris Lamb. It included contributions from:

  • Maria Glukhova:
  • Chris Lamb:
  • Mattia Rizzolo:
    • Deduplicate code for recognising file types based on RE_FILE_TYPE and RE_FILE_EXTENSION.
    • Improve code quality in tests.

Further development continued in Git, and will be released as version 70 next week:

  • Chris Lamb:
    • Add tests for --html-dir output and improve code quality elsewhere in tests.
    • Add markdown and reStructuredText output, as well as tests for these.
    • Improve software architecture of presenters.
    • Fix error-checking in the Haskell comparator.
  • James Clarke:
    • Haskell comparator: properly extract version from interface files.
  • Mattia Rizzolo:
    • Improve some documentation.
  • Brett Smith:
    • Improve documentation including --help output. website development
  • Brett Smith:
    • berlin2016: List Conservancy consistently as a participant.
  • Chris Lamb:
    • Add Valerie's talk to resources page.
  • Daniel Shahaf:
    • Improved the "How to chair a meeting" section.
  • Holger added arm64 to

  • Mattia improved our process for building the performance page so that stats for new architectures are computed correctly without manual intervention.

  • Holger enhanced the build node maintenance scripts to correctly detect if /dev/shm is mounted incorrectly (due to #851427) and deployed an /etc/rc.local startup script to all systems which works around it. As a result, jenkins_semaphore_setup_issue should be obsolete.

  • Mattia improved the diskspace monitoring visible at our munin page for the 44 nodes we're currently running.

  • Holger added 6GB more RAM to, for a total of 64GB RAM, to better cope with the new jobs due to `arm64. As usual, thanks to for the hardware resources enabling this work.


This week's edition was written by Ximin Luo, Vagrant Cascadian, Holger Levsen & Chris Lamb and reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Margarita Manterola: Decopy - Yet another debian/copyright helper

29 January, 2017 - 23:00

As every responsible maintainer should know, having an updated debian/copyright file is very important but can also take a significant amount of work. A lot of copy & pasting, a lot of manual corrections, and a lot of opportunity for human errors.

There are several tools that help with this, but they all have their limitations. decopy is a newly uploaded tool (unfortunately too new for stretch) that aims to:

  • Detect as many licenses as possible
  • Parse both text and binary files
  • Minimize the work needed to keep the debian/copyright file up-to-date.

How to use it

In order to run it, after apt-get installing it, just go to a source package directory and run decopy in it. Depending on the size of the package, it might take a while (the thorough processing means that a lot of checking is going on). This will show you the generated debian/copyright file in stdout. If you want to store it and diff it against your current copyright file, use decopy --output /tmp/copyright.

There's more documentation in the README file.

Future changes

More licenses are coming, the intention is to support all licenses listed in the SPDX License List. Additionally, the analysis will be improved to prioritize looking for the most common licenses first, avoiding unnecessary delays.

More modes of operation are also coming. We are planning for a diff mode that shows you only the changes between the current copyright file and what the tool thinks should be there as well as an explain mode that will let the user know what the differences are in a more verbose manner.

Credits and source

Decopy was mainly written by Maximiliano Curia. I've added testing, documentation and packaging.

It's hosted in collab-maint, licensed under the ISC license. We would love to get more contributors for it :)

Elena 'valhalla' Grandi: Preseeding a debian installation on a libreboot computer

29 January, 2017 - 17:30
Preseeding a debian installation on a libreboot computer

Preseeding a debian installation from the standard installer is as easy as pressing ESC at the right time and pointing it to the url of your preseed file, right?

It is, except when you're using libreboot, and you never pass through that “right time”, because you are skipping the installer's grub.

So, for future reference, here is the right incantation to use at the command line that you get by pressing c at the libreboot menu:

linux (usb0)/install.amd/vmlinuz auto=true url=http://webserver/path/preseed.cfg
initrd (usb0)/install.amd/initrx

simple, once you've found it...

(ok, it took me less than one hour, but I don't want it to take another hour the next time)

#coreboot #libreboot #debian #preseed

Elena 'valhalla' Grandi: One Liberated Laptop

29 January, 2017 - 17:20
One Liberated Laptop

After many days of failed attempts, yesterday @Diego Roversi finally managed to setup SPI on the BeagleBone White¹, and that means that today at our home it was Laptop Liberation Day!

We took the spare X200, opened it, found the point we were on in the tutorial installing libreboot on x200, connected all of the proper cables on the clip³ and did some reading tests of the original bios.

While the tutorial mentioned a very conservative setting (512kHz), just for fun we tried to read it at different speed and all results up to 16384 kHz were equal, with the first failure at 32784 kHz, so we settled on using 8192 kHz.

Then it was time to customize our libreboot image with the right MAC address, and that's when we realized that the sheet of paper where we had written it down the last time had been put in a safe place… somewhere…

Luckily we also had taken a picture, and that was easier to find, so we checked the keyboard map², followed the instructions to customize the image, flashed the chip, partially reassembled the laptop, started it up and… a black screen, some fan noise and nothing else.

We tried to reflash the chip (nothing was changed), tried the us keyboard image, in case it was the better tested one (same results) and reflashed the original bios, just to check that the laptop was still working (it was).

It was lunchtime, so we stopped our attempts. As soon as we started eating, however, we realized that this laptop came with 3GB of RAM, and that surely meant "no matching pairs of RAM", so just after lunch we reflashed the first image, removed one dimm, rebooted and finally saw a gnu-hugging penguin!

We then tried booting some random live usb key we had around (failed the first time, worked the second and further one with no changes), and then proceeded to install Debian.

Running the installer required some attempts and a bit of duckduckgoing: parsing the isolinux / grub configurations from the libreboot menu didn't work, but in the end it was as easy as going to the command line and running:

linux (usb0)/install.amd/vmlinuz
initrd (usb0)/install.amd/initrd.gz

From there on, it was the usual debian installation and a well know environment, and there were no surprises. I've noticed that grub-coreboot is not installed (grub-pc is) and I want to investigate a bit, but rebooting worked out of the box with no issue.

Next step will be liberating my own X200 laptop, and then if you are around the @Gruppo Linux Como area and need a 16 pin clip let us know and we may bring everything to one of the LUG meetings⁴

¹ yes, white, and most of the instructions on the interwebz talk about the black, which is extremely similar to the white… except where it isn't

² wait? there are keyboard maps? doesn't everybody just use the us one regardless of what is printed on the keys? Do I *live* with somebody who doesn't? :D

³ the breadboard in the picture is only there for the power supply, the chip on it is a cheap SPI flash used to test SPI on the bone without risking the laptop :)

⁴ disclaimer: it worked for us. it may not work on *your* laptop. it may brick it. it may invoke a tentacled monster, it may bind your firstborn son to a life of servitude to some supernatural being. Whatever happens, it's not our fault.

(edit: added tags)

#coreboot #libreboot

Noah Meyerhans: Call for testing: Stretch cloud images on AWS

29 January, 2017 - 04:50

Following up on Steve McIntyre's writeup of the Debian Cloud Sprint that took place in Seattle this past November, I'm pleased to announce the availability of preliminary Debian stretch AMIs for Amazon EC2. Pre-generated images are available in all public AWS regions, or you can use FAI with the fai-cloud-images configuration tree to generate your own images. The pre-generated AMIs were created on 25 January, shortly after Linux 4.9 entered stretch, and their details follow:

ami-6d017002 ap-south-1 ami-cc5540a8 eu-west-2 ami-43401925 eu-west-1 ami-870edfe9 ap-northeast-2 ami-812266e6 ap-northeast-1 ami-932e4aff sa-east-1 ami-34ce7350 ca-central-1 ami-9f6dd8fc ap-southeast-1 ami-829295e1 ap-southeast-2 ami-42448a2d eu-central-1 ami-98c9348e us-east-1 ami-57361332 us-east-2 ami-03386563 us-west-1 ami-7a27991a us-west-2

As with the current jessie images, these use a default username of 'admin', with access controlled by the ssh key named in the ec2 run-instances invocation. They're intended to provide a reasonably complete Debian environment without too much bloat. IPv6 addressing should be supported in an appropriately configured VPC environment.

These images were build using Thomas Lange's FAI, which has been used for over 15 years for provisioning all sorts of server, workstation, and VM systems, but which only recently was adapted for use generating cloud disk images. It has proven to be well suited to this task though, and image creation is straightforward and flexible. I'll describe in a followup post the steps you can follow to create and customize your own AMIs based on our recipes. In the meantime, please do test these images! You can submit bug reports to the metapackage, and feedback is welcome via the debian-cloud mailing list or #debian-cloud on IRC.

Bits from Debian: Debian at FOSDEM 2017

28 January, 2017 - 19:00

On February 4th and 5th, Debian will be attending FOSDEM 2017 in Brussels, Belgium; a yearly gratis event (no registration needed) run by volunteers from the Open Source and Free Software community. It's free, and it's big: more than 600 speakers, over 600 events, in 29 rooms.

This year more than 45 current or past Debian contributors will speak at FOSDEM: Alexandre Viau, Bradley M. Kuhn, Daniel Pocock, Guus Sliepen, Johan Van de Wauw, John Sullivan, Josh Triplett, Julien Danjou, Keith Packard, Martin Pitt, Peter Van Eynde, Richard Hartmann, Sebastian Dröge, Stefano Zacchiroli and Wouter Verhelst, among others.

Similar to previous years, the event will be hosted at Université libre de Bruxelles. Debian contributors and enthusiasts will be taking shifts at the Debian stand with gadgets, T-Shirts and swag. You can find us at stand number 4 in building K, 1 B; CoreOS Linux and PostgreSQL will be our neighbours. See for more details.

We are looking forward to meeting you all!

Sven Hoexter: Am I a target now?

28 January, 2017 - 18:19

While reading the Tails 2.10 changelog I stumbled upon the fact that Tails now supports exFAT. Since Tails is Debian based I just checked the image and indeed it contains the fuse-exfat package. Do I've to assume that I've now another set of crosshairs on my back just because it's one possible maintainer you could attack to place malicious code into Tails? I'm not sure, and I'm also not sure if it would change much. I've always assumed to be a target just because I'm contributing to Debian, and because I'm working in IT operations. But to be honest so far my contributions to Debian are not on crucial packages and unexpected strange looking NMUs would always raise alarm bells for everyone.

BTW the exfat fuse driver package builds reproducible. Maybe a good opportunity to thank the reproducible build team for this effort!

Steve Kemp: So I've been playing with hardware

28 January, 2017 - 12:15

At the end of December I decided I was going to do hardware "things", and so far that has worked out pretty well.

One of the reasons I decided to play with Arduinos is that I assumed I could avoid all forms of soldering. I've done soldering often enough to know I can manage it, but not quite often enough that I feel comfortable doing so.

Unfortunately soldering has become a part of my life once again, as too many of the things I've been playing with have required pins soldering to them before I can connect them.

Soldering aside I've been having fun, and I have deployed several "real" projects in and around my flat. Perhaps the most interesting project shows the arrival time of the next tram to arrive at the end of my street:

That's simple, reliable, and useful. I have another project which needs to be documented which combineds a WeMos D1 and a vibration sensor - no sniggers - to generate an alert when the washing machine is done. Having a newborn baby around the place means that we have a lot of laundry to manage, and we keep forgetting that we've turned the washing machine on. Oops.

Anyway. Hardware. More fun than I expected. I've even started ordering more components for bigger projects.

I'll continue to document the various projects online, mostly to make sure I remember the basics:

Rhonda D'Vine: Icona Pop

27 January, 2017 - 20:22

Last fall I went to a Silent Disco event. You get wireless headphones, a DJane and a DJ were playing music on different channels, and you enjoy the time with people around who can't hear what you hear. It's a pretty funny experience, and it was one of the last warm sunny days. There I heard a song that was just in the mood for the moment, and made me looking up the band to listen more closely to them.

The band was Icona Pop, they have a mood enlighening pop sound that cheers you up. Here are the songs I want to present you today:

  • I Love It: The first song I heard from them, and I Love It!
  • Girlfriend: Sweet song, and probably part of the reason they are well received in the LGBTIQ community.
  • All Night: A song/video with a message.

Like always, enjoy!

/music | permanent link | Comments: 0 | Flattr this

Dirk Eddelbuettel: digest 0.6.12

27 January, 2017 - 18:55

A new release, now at version 0.6.12, of the digest package is now on CRAN and in Debian.

The digest creates hash digests of arbitrary R objects (using the 'md5', 'sha-1', 'sha-256', 'crc32', 'xxhash' and 'murmurhash' algorithms) permitting easy comparison of R language objects.

This release extends sha1 digest methods to even more types, thanks to another contribution by Thierry Onkelinx.

CRANberries provides the usual summary of changes to the previous version.

For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้