Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 19 min 2 sec ago

Marco d'Itri: Debian support for libxcrypt

5 January, 2020 - 09:18

glibc 2.29-7 and libxcrypt 1:4.4.10-10 today entered Debian testing: crypt(3) and the other related library functions in libcrypt from now on will be provided by libxcrypt instead of glibc.

After 18 months of packaging work, Debian finally supports modern password hashing methods like yescrypt: the details about them are documented in crypt(5).

For the time being there is still no support for libxcrypt in our release of PAM, but hopefully the Debian maintainer will update the package soon and this will allow using yescrypt by default.

If you want to test now the new algorithms then you can generate a password using my mkpasswd program and copy it to /etc/shadow:

# echo "marco:$(echo 12345 | mkpasswd --stdin)" | chpasswd --encrypted

Russ Allbery: podlators 4.14

5 January, 2020 - 06:29

podlators provides the Pod::Man and Pod::Text conversion modules for Perl. This release is a minor bug-fix release, mostly correcting a test suite problem with old versions of Pod::Simple. The user-visible change is to document that parse_lines and parse_string_document expect raw bytes, not decoded characters.

The other change in this release is internal. I finally finished refactoring the test suite, so now all parts of the test suite use separate snippet files and modern coding style, so it should be more maintainable in the future.

You can get the latest release from CPAN or from the podlators distribution page.

Shirish Agarwal: Indian Economy, NPR, NRC and Crowd Control Part – II

5 January, 2020 - 05:14
Protests and their history

A Happy New Year to all. While I would have loved to start on a better note, situations are the way they are. Before starting with the prickly process of NPR, NRC let me just focus on the protests themselves. Now protests either in India or abroad are not a new thing. While thinking on this, I found one of the modern, medieval recorded entries of protests to be in 12th century Paris, and just like most strikes, this one was for rights of liberty, freedom and price increase. The famous or infamous University of Paris strike 1229 , There have been so many strikes and protests worldwide which changed the world, in recent memory the protests against American involvement in Vietnam , The Montgomery bus boycott by Rosa Parks , the protests that I became aware in South Africa, UCT about Rhodes must fall movement . I would be forever grateful to Bernelle for sharing with us the protests that had happened the year before near the Sarah Bartman Hall. Closer home i.e. in India, we have had a rich history of protests especially during the Colonial period and the Indian Freedom movement, as well as afterwards, i.e. after india became free. Whether it was the Navnirman Andolan or the Great Bombay Textile Strike which actually led to industries moving out of Mumbai. My idea of sharing above strikes and protests has been that protests are not a new thing in India and have been part of India socio-political culture throughout its history. I am sure there were also protests during the medieval period but not going that far as it would not add value to the post currently. It may be a good idea to share about that in some other blog post perhaps.

The protests against NPR, NRC and CAA

So, let’s start with what these acronyms are and why people are protesting are against it . The first acronym is National Population Register (NPR) . Now while the Government says that NPR is nothing but the census which is done by GOI every year, there is a difference. There are few things which make it different from earlier years, those are, birth certificates, ‘date and birth of parents’ and ‘last place of residence’ . The problem starts and ends with these two points for NPR apart from biometric information which again has issues, both for rich and poor alike . Let me explain what is the problem therein, using my own use-case or history which probably can be multiplied by probably millions of people of my age and lesser and elder to me.

Now one could ask naively, what is wrong in birth certificates, in theory and today’s day and age, perhaps not, but everything has a context and a time and place. While I was born in Pune, in 1975, the Registration and Births Act had been recently passed in 1969. So neither the Municipal Corporation of that time was active and nor was that a statutory requirement in those times. To add to that, she had to go at least 10-15 times to the Municipal Corporation in order to secure my birth certificate even though there was no name. This brings to another issue, in those times, almost till date, the mortality rate of newborns have been high. While we have statistics of the last 20 odd years which do show some change, one can only guess what the infant mortality rates would have been in the 60’s and the 70’s . Apart from that, most deliveries happened at home with a mid-wife rather than in a nursing home. This is still the norm today in many cities and hinterland as well. Recently, there was news of 100 babies who died in Kota, Rajasthan. While earlier they were being given clean chits, it seems most neonatal units which should house only one child were housing three children. Hence the large number of deaths. Probably, most of the parents were poor and the administration while showing that each child was given a separate neonatal unit were put together. The corruption whether in Indian public or private hospitals deserves its own blog post. I had shared some of it in the blog post no country for women or doctors.

But that apart, in those days because babies died, many children didn’t get the name till s/he was of kinder-garden, school going age. In my situation was a bit more different and difficult as my parents had separated and there was possibility that my father may go for a custody battle which never happened. Now apart from proving my own identity even though I have all the papers, I might still need to procure more, I would need papers or documentation proving the relationship between mother and I . Now I can’t produce father because he is no more apart from his death certificate, with my mother, I would have to get and submit most probably a DNA test which is expensive to say the least. I know of some labs who also charge depending upon many genetic markers you are looking for, the more the better and costs go up like that. Now here itself two questions arise with the NPR itself.

a. How many children would have proper birth certificates, more so the ones who live either below poverty line or just above ? Many of them don’t have roof over their head or have temporary shelters, where would they have place to get and put such documents. Also, as many of them cannot either read or write, they are usually suspicious of Government papers (and with good reason) . Time and again, the Government of the day has promised one thing and done another. Mostly to do with property rights and exclusion. Why to go far, just a few days back Sonam wangchuck, the engineer, who shared his concerns about Ladakh and the fragile ecosystem of Ladakh in Himalayas due to unchecked ‘development’ as been promised by the Prime Minister bringing it par to Delhi. Sadly, many people do not know that Himalayas is the youngest geologically speaking while the oldest are in South Africa (thanks to Debconf for that bit of info. as well.) . While they celebrate the political freedom from Kashmir, they do have concerns as being with Kashmir, they enjoyed land rights and rights to admission to Indians and foreigners alike, this they have now lost. A region which is predominantly buddhist in nature is being introduced to sex tourism and massage parlours which are not needed. If possible, people should see Mr. Wangchuk’s talk on Ted talks or any of the work the gentleman has done but this is getting off-topic here.

b. What about people of my age or above me. Would all of us would become refugees in our own lands ? What about those who go from place to place for work ? What about Government servants themselves ? Those who work in Central Government, many of them have and are supposed to change places every 3-4 years. My grandfather (from mother’s side) toured all of India due to his job. My mother also got transferred a few times, although I stayed in Pune. This puts up questions which make it difficult for many to answer if they were to do it truthfully as nobody would have full papers. There are also no guarantees that just having the right papers would make it right. It is very much possible that the ‘babu’ or beareaucrat sitting at the other end would demand money. I am sure there was lot of black money generated during NRC in Assam. This would happen at NPR stage itself.

c. The third question is what would happen to those who are unable to prove their citizenship at the beginning itself. They probably would need to go to court of law. What happens to their job, property and life as it is. As it is, most businesses have a slack of 40-50%, this will become more pronounced. Would we be stateless citizens in our own land ?


Somehow, let’s say you managed to have yourself included in NPR, it doesn’t mean that you will be included in NRC or National Register of Citizens. For this, one may have to rinse and repeat. They may ask more invasive questions as never before. The possible exploitation of people by the state would be as never seen before. Most of the majority in India think of Germany and how it became an industrious house and they think, they became industrious because they persecuted Jews. In fact, I believe it was the opposite. As have shared before on the blog itself, numerous times, if the Jews had been part of Germany, Germany may have prospered many times over. If the Jews could make Israel so powerful, where would Germany would have been today ? Also not many people know about the Marshall Plan which perhaps laid the foundation of the European Union as we know today but that may be part of another blog post, another day. I would probably do a part III as there are still aspects of the whole issue which I haven’t touched upon. I might do it tomorrow or few days after. Till later.

Iustin Pop: System load and ping latency strangeness

5 January, 2020 - 04:55

So, instead of a happy new year post or complaining about Debian’s mailing list threads (which make me very sad), here’s an interesting thing (I think).

Having made some changes to the local network recently, I was surprised at the variability in ping latency on the local network but also to localhost! I thought, well, such is Linux, yada yada, it’s a kernel build with CONFIG_NO_HZ_IDLE=y, etc. However looking at the latency graph an hour ago showed something strange: latencies stabilised… and then later went bad again. Huh?

This is all measured via smokeping, which calls fping 10 times in a row, and records both average and spread of the values. For “stable”, I’m talking here about a somewhat even split between 10µsec and 15µsec (for the 10-ping average), with very consistent values, and everything between 20µsec and 45µsec, which is a lot.

For the local-lan host, it’s either consistently 200µsec vs 200-300µsec with high jitter (outliers up to 1ms). This is very confusing.

The timing of the “stable” periods aligned with times when I was running heavy disk I/O. Testing quickly confirmed this:

  • idle system: localhost : 0.03 0.04 0.04 0.03 0.03 0.03 0.03 0.03 0.03 0.03
  • pv /dev/md-raid5-of-hdds: localhost : 0.02 0.01 0.01 0.01 0.01 0.01 0.03 0.03 0.03 0.02
  • pv /dev/md-raid5-of-ssds: localhost : 0.03 0.01 0.01 0.01 0.01 0.02 0.02 0.02 0.02 0.02
  • with all CPUs at 100%, via stress -c $N: localhost : 0.02 0.00 0.01 0.00 0.01 0.01 0.01 0.01 0.01 0.01
  • with CPUs idle, but with governor performance so there’s no frequency transition: localhost : 0.01 0.15 0.03 0.03 0.03 0.03 0.03 0.03 0.03 0.03

So, this is not CPU frequency transitions, at least as seen by Linux. This is purely CPU load, and, even stranger, it’s about single core load. Running the following in parallel:

  • taskset -c 8 stress -c 1 and
  • taskset -c 8 fping -C 10 localhost

Results in the awesome values of:

localhost : 0.01 0.01 0.00 0.00 0.00 0.00 0.00 0.00 0.00 0.01

Now, that is what I would expect :) Even more interesting, running stress on a different CPU (any different CPU) seems to improve things, but only by half (using ping which has better resolution).

To give a more graphical impression of the latencies involved (staircase here is due to fping resolution bug, mentioned below):

Smokeping: localhost Smokeping: host on local net Localhost CPU usage

Note that plain I/O wait (the section at the top) doesn’t affect latency; only actual CPU usage, as seen at Fri 02:00-03:00 and then later 11:00-21:00 and (much higher) Sat 10:15-20:00.

If you squint, you can even correlate lower CPU usage on Fri 16:00-21:00 to slightly increased latencies.

Localhost CPU frequency caling

Does this all really matter? Not really, not in any practical sense. Would I much prefer clean, stable ping latencies? Very much so.

I’ve read the documentation on no HZ, which tells me I should be rebooting about 20 or 30 times with all kinds of parameter combinations and kernel builds, and that’s a bit too much from my free time. So maybe someone has some idea about this, would be very happy to learn what I can tune to make my graphs nicer :)

I’ve also tested ping from another host to this host, and high CPU usage results in lower latencies. So it seems to be not user-space related, but rather kernel latencies?!

I’ve also thought this might be purely an fping issue; however, I can clearly reproduce it simply by watching ping localhost which running (or not) stress -c $N; the result is ~10-12µsec vs. ~40µsec.

Thanks in advance for any hints.

Thorsten Alteholz: My Debian Activities in December 2019

5 January, 2020 - 02:15

FTP master

This month I accepted 450 packages and rejected 61. The overall number of packages that got accepted was 481.

Debian LTS

This was my sixty sixth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 16.5h. During that time I did LTS uploads of:

  • [DLA 2035-1] libpgf security update for one CVE
  • [DLA 2039-1] libvorbis security update for two CVEs
  • [DLA 2040-1] harfbuzz security update for one CVE
  • [DLA 2043-1] gdk-pixbuf security update for five CVEs
  • [DLA 2043-2] gdk-pixbuf regression update
  • [DLA 2047-1] cups security update for one CVE
  • [DLA 2050-1] php5 security update for four CVEs
  • [DLA 2052-1] libbsd security update for one CVE
  • [DLA 2055-1] igraph security update for one CVE

Last but not least I did some days of frontdesk duties and started to work on the sqlite3 package.

Debian ELTS

This month was the nineteenth ELTS month.

During my allocated time I uploaded:

  • ELA-202-1 for gdk-pixbuf
  • ELA-202-2 for gdk-pixbuf
  • ELA-204-1 for php5

I also did some days of frontdesk duties.

Other stuff

This month I uploaded new upstream versions of …

I improved packaging of …

As nobody really used them, I removed the lam4 and mpich2 version of meep. Now only the serial version, the openmpi- and the mpi-default-version are available. Please complain in case you need one of the other versions again.

I also uploaded all meep packages, libctl and mpb to unstable.

On my Go challenge I uploaded the source-only versions of golang-github-boj-redistore, golang-github-dchest-uniuri, golang-github-jackc-fake, golang-github-joyent-gocommon, golang-github-mattetti-filebuffer, golang-github-nrdcg-goinwx, golang-github-pearkes-dnsimple, golang-github-soniah-dnsmadeeasy, golang-github-vultr-govultr, golang-github-zorkian-go-datadog-api.
New Go packages I uploaded were: golang-github-hashicorp-terraform-svchost, golang-github-apparentlymart-go-cidr, golang-github-bmatcuk-doublestar, golang-github-cactus-go-statsd-client, golang-github-corpix-uarand, golang-github-cyberdelia-heroku-go

Jonathan Carter: Free Software Activities (2019-12)

4 January, 2020 - 18:34

A lot has happened in Debian recently, I wrote seperate blog entries about that but haven’t had the focus to finish them up, maybe I’ll do that later this month. In the meantime, here are some uploads I’ve done during the month of December…

Debian packaging work

2019-12-02: Upload package calamares (3.2.17-1) to Debian unstable.

2019-12-03: Upload package calamares ( to Debian unstable.

2019-12-04: Upload package python3-flask-caching to Debian unstable.

2019-12-04: File removal request for python3-flask-cache (BTS: #946139).

2019-12-04: Upload package gamemode (1.5~git20190812-107d469-3) to Debian unstable.

2019-12-11: Upload package gnome-shell-extension-draw-on-your-screen (5-1) to Debian unstable.

2019-12-11: Upload package xabacus (8.2.3-1) to Debian unstable.

2019-12-11: Upload package gnome-shell-extension-gamemode (4-1) to Debian unstable.

2019-12-11: Upload package gamemode (1.5~git20190812-107d469-4) to Debian unstable.

Debian package sponsoring/reviewing

2019-12-02: Sponsor package scrcpy (1.11+ds-1) for Debian unstable ( request).

2019-12-03: Sponsor package python3-portend (2.6-1) for Debian unstable (Python team request).

2019-12-04: Merge MR#1 for py-postgresql (DPMT).

2019-12-04: Merge MR#1 for pyphen (DPMT).

2019-12-04: Merge MR#1 for recommonmark (DPMT).

2019-12-04: Merge MR#1 for python-simpy3 (DPMT).

2019-12-04: Merge MR#1 for gpxpy (DPMT).

2019-12-04: Sponsor package gpxpy (1.3.5-2) (Python team request).

2019-12-04: Merge MR#1 for trac-subcomponents (DPMT).

2019-12-04: Merge MR#1 for debomatic (PAPT).

2019-12-04: Merge MR#1 for archmage (PAPT).

2019-12-04: Merge MR#1 for ocrfeeder (PAPT).

2019-12-04: Sponsor package python3-tempura (1.14.1-2) for Debian unstable (Python team request).

2019-12-04: Sponsor package python-sabyenc (4.0.1-1) for Debian experimental (Python team request).

2019-12-04: Sponsor package python-yenc (0.4.0-7) for Debian unstable (Python team request).

2019-12-05: Sponsor package python-gntp (1.0.3-1) for Debian unstable (Python team request).

2019-12-05: Sponsor package python-cytoolz (0.10.1-1) for Debian unstable (Python team request).

2019-12-22: Sponsor package mwclient (0.10.0-2) for Debian unstable (Python team request).

2019-12-22: Sponsor package hyperlink (19.0.0-1) for Debian unstable (Python team request).

2019-12-22: Sponsor package drf-generators (0.4.0-1) for Debian unstable (Python team request).

2019-12-22: Sponsor package python-mongoengine (0.18.2-1) for Debian unstable (Python team request).

2019-12-22: Sponsor package libcloud (2.7.0-1) for Debian unstable (Python team request).

2019-12-22: Sponsor package pep8-naming (0.9.1-1) for Debian unstable (Python team request).

2019-12-23: Sponsor package python-django-braces (1.13.0-2) for Debian unstable (Python team request).

Elana Hashman: KubeCon NA 2019 Talk Resources

4 January, 2020 - 12:00

At KubeCon + CloudNativeCon North America 2019, I co-presented "Weighing a Cloud: Measuring Your Kubernetes Clusters" with Han Kang. Here's some links and resources related to my talk, for your reference.

Weighing a Cloud: Measuring Your Kubernetes Clusters Related readings

I'm including these documents for reference to add some context around what's currently happening (as of 2019Q4) in the Kubernetes instrumentation SIG and wider ecosystem.

Note that GitHub links are pinned to their most recent commit to ensure they will not break; if you want the latest version, make sure to switch the branch to "master".

Kurt Kremitzki: November and December Update for FreeCAD & Debian Science

3 January, 2020 - 10:25

Hello again! This new year's update announces some interesting new beginnings for the FreeCAD project, though it's a little short since I got some much needed vacation time over the last two months.


OpenFOAM on One Core? Only 92 Hours! (for mipsel)

In November a strange bug was found in the OpenFOAM package which led to only one core being used during builds, even though the logs reported an N core build. In the worst case scenario, on the mipsel architecture, this led to an increase in build times from 17 to 92 hours! I did some troubleshooting on this but found it a bit difficult since OpenFOAM uses a bespoke build system called wmake. I found myself wishing for the simplicity of CMake, and found there was an experimental repo implementing support for it but it didn't seem to work out of the box or with a bit of effort. I wonder if there's any consideration amongst OpenFOAM developers in moving away from wmake?

Anyway, OpenFOAM ended up getting removed from Debian Testing, but thankfully Adrian Bunk identified the problem, which is that the environment variable MAKEFLAGS was getting set to 'w' for some reason, and thus falling through the wmake code block that set up a proper parallel build for OpenFOAM. So, unsatisfyingly, as a workaround I uploaded the latest OpenFOAM version, 1906.191111, with unexport MAKEFLAGS. It would be nice to find an explanation, but I didn't spend much more time digging.

So, to end on the good news, the newest bugfix version of the OpenFOAM 1906 release, from November 11th 2019, is available for use going into 2020!

Trip to FOSDEM 2020 and MiniDebCamp at the Hackerspace Brussels

It was a bit last minute, but I finally decided to attend FOSDEM 2020. I had balked a bit at the cost since flights from the US are around $900, but decided it would be an important opportunity for FreeCAD developers and community to get together and possibly do some important work. Thankfully, Yorik and other senior FreeCAD developers thought it would be a good use of the project's Bountysource money to cover the cost of one ticket, split in half between myself and sliptonic, a developer from Missouri. He focuses on the Path workbench and FreeCAD in CAM applications, an area I'm interested in moving into as I now have such machining equipment available to me through my local ATX Hackerspace. The three of us will be giving a talk, "Open-source design ecosystems around FreeCAD", at 11:20 on Saturday, so please come by and say hi if you're able to!

I'll be staying for a few days before and after FOSDEM, including attending the MiniDebCamp at Hackerspace Bruxelles on Thursday & Friday, interested in anything Debian/FreeCAD related, so I look forward to getting a lot of work done indeed!

Looking at BRL-CAD for Debian

Lead developer Mike Muuss works on the XM-1 tank in BRL‑CAD on a PDP‑11/70 computer system, circa 1980.

For the past several summers, FreeCAD has participated in the Google Summer of Code program under an umbrella organization led by Sean Morrison of BRL-CAD. BRL-CAD is a very interesting bit of software with a long history, in fact the oldest known public version-controlled codebase in the world still under development, dating back to 1983-12-16 00:10:31 UTC. It is inspired by the development ideas of the era, a sort of UNIX philosophy for CAD, made up of many small tools doing one thing well and meant to be used in a normal UNIXy way, being piped into one another and so forth, with a unifying GUI using those tools. Since it's made up of BSD/LGPL licensed code, it ought to be available as part of the Debian Science toolkit, where it may be useful for FreeCAD as an included alternative CAD kernel to the currently exclusive OpenCASCADE. For example, fillets in OpenCASCADE are somewhat buggy and unmaintainably implemented such that an upstream rewrite is the only hope for long-term improvement. BRL-CAD could potentially improve FreeCAD in areas like this.

It turns out a Debian Request for Packaging bug for BRL-CAD has been open since 2005. I plan to close it! It turns out there's already existing Debian packaging work, too, though it's quite a few years old and thus some adaptation still is required.

PySide 2 and KDE Maintenance in Debian

Recently, FreeCAD has been unbuildable in Debian Sid because of issues related to PySide 2 and the Python 3.8 migration. This is complicated by the fact that the upstream fix has been released but in version 5.14.0, which builds fine with Qt 5.14, although Sid currently has 5.12. Furthermore, the PySide 2 package itself isn't building at the moment either! Since FreeCAD depends on PySide 2 and Qt, and I use the Qt-based KDE as my desktop, it seems like taking on maintenance of PySide 2 is something I should do to get started in this realm. However, the Qt/KDE Team's packaging practices and tools are rather different than the ones I'm used to for Science Team packages. This makes sense: Science Team packages are very often a single Git repo, but Qt5 for example is really 44 Git submodules smushed together. As such, things are a bit different! Once I get things taken care of for the package, I will try to write up some notes to help others interested in getting started, especially since KDE packaging could use some help.

FreeCAD Sysadmin Woes Begone: DigitalOcean Sponsorship

I'm very happy to announce that the FreeCAD project is now among the many open source software sponsorships by DigitalOcean.

One of the first things I did when interested in FreeCAD was to try to take on the responsibility of maintaining the project's infrastructure, since that would free up time for people to work on FreeCAD itself. FreeCAD's 17 years old now, and some of our infrastructure stack is about as dated. However, it isn't easy to just move things, I had to get things up to speed first and try to minimize disruption, so it's been a slow process. I'll go into more details in a technical blog post on the matter after I've finished our migration, hopefully by the end of this month, including details on our new setup, with the goal of allowing people to get set up with a dev environment of our project tools so you can do some hacking on things yourself and help out if possible.

Thanks for your support

I appreciate any feedback you might have.

You can get in touch with me via Twitter @thekurtwk.

If you'd like to donate to help support my work, there are several methods available on my site.

Ben Hutchings: Debian LTS work, December 2019

2 January, 2020 - 23:24

I was assigned 16.5 hours of work by Freexian's Debian LTS initiative and carried over 3.75 hours from November. I worked all 20.25 hours this month.

I prepared and, after review, released Linux 3.16.79. I rebased the Debian package onto 3.16.79 and sent out a request for testing.

I also released Linux 3.16.80, but haven't yet rebased the Debian package onto this.

Jonathan Dowland: Linux Desktop

2 January, 2020 - 22:29

Happy New Year!

It's been over two years since writing back on the Linux desktop, and I've had this draft blog post describing my desktop setup sitting around for most of that time. I was reminded of it by two things recently: an internal work discussion about "the year of the linux desktop" (or similar), and upon discovering that the default desktop choice for the current Debian release ("Buster") uses Wayland, and not the venerable X. (I don't think that's a good idea).

I already wrote a little bit about my ethos and some particulars, so I'll not repeat myself here. The version of GNOME I am using is 3.30.2. I continue to rely upon Hide Top Bar, but had to disable TopIcons Plus which proved unstable. I use the Arc Darker theme to shrink window title bars down to something reasonable (excepting GTK3 apps that insist on stuffing other buttons into that region).

Although I mostly remove or hide things, I use one extension to add stuff: Suspend Button, to add a distinct "Suspend" button. The GNOME default was, and seem to remain, to offer only a "Power off" button, which seems ludicrous to me.

I spend a lot of time inside of Terminals. I use GNOME terminal, but I disable or hide tabs, the menubar and the scrollbar. Here's one of my top comfort tips for working in terminals: I set the default terminal size to 120x32, up from 80x24. It took me a long time to realise that I habitually resized every terminal I started.

I've saved the best for last: The Put Windows GNOME shell extension allows you to set up keyboard shortcuts for moving and resizing the focussed window to different regions of the desktop. I disable the built-in shortcuts for "view splits" and rely upon "Put Windows" instead, which is much more useful: with the default implementation, once "snapped", you can't resize windows (widen or narrow them) unless you first "unsnap" them. But sometimes you don't want a 50/50 split. "Put Windows" doesn't have that restriction; but it also lets you cycle between different (user-configurable) splits: I use something like 50/50, 30/70, 70/30. It also lets you move things to corners as well as sides, and also top/bottom splits, which is very useful for comparing spreadsheets (as I pointed out eight years ago).

"Put Windows" really works marvels and entirely replaces SizeUp that I loved on Mac.

Tim Retout: Blog Posts

2 January, 2020 - 19:59

Sylvain Beucler: Debian LTS and ELTS - December 2019

2 January, 2020 - 17:18

Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

In December, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 16.5h for LTS (out of 30 max) and 16.5h for ELTS (max).

This is less than usual, AFAICS due to having more team members requesting more hours (while I'm above average), and less unused hours given back (or given back too late).

ELTS - Wheezy

  • libonig: finish work started in November:
  • CVE-2019-19203/libonig: can't reproduce, backport non-trivial likely to introduce bugs,
  • CVE-2019-19012,CVE-2019-19204,CVE-2019-19246/libonig: security upload
  • libpcap: attempt to recap vulnerabilities mismatch (possibly affecting ELA-173-1/DLA-1967-1); no follow-up from upstream
  • CVE-2019-19317,CVE-2019-19603,CVE-2019-19645/sqlite3: triage: not-affected (development version only)
  • CVE-2019-1551/openssl: triage: not-affected; discuss LTS triage rationale
  • CVE-2019-14861,CVE-2019-14870/samba: triage: not-affected
  • CVE-2019-19725/sysstat: triage: not-affected (vulnerable code introduced in v11.7.1)
  • CVE-2019-15845,CVE-2019-16201,CVE-2019-16254,CVE-2019-16255/ruby1.9.1: security upload

LTS - Jessie

  • CVE-2019-19012,CVE-2019-19204,CVE-2019-19246/libonig: shared work with ELTS, security upload
  • libpcap: shared work with ELTS
  • libav: finish work started in November:
  • CVE-2018-18829/libav: triage: postponed (libav-specific issue, no patch)
  • CVE-2018-11224/libav: triage: postponed (libav-specific issue, no patch)
  • CVE-2017-18247/libav: triage: ignored (not reproducible, no targeted patch)
  • CVE-2017-18246/libav: triage: ignored (not reproducible)
  • CVE-2017-18245/libav: reproduce, track down fix in ffmpeg
  • CVE-2017-18244/libav: triage: ignored (not reproducible)
  • CVE-2017-18243/libav: triage: ignored (not reproducible)
  • CVE-2017-18242/libav: triage: ignored (not reproducible)
  • CVE-2017-17127/libav: reproduce, track down fix in ffmpeg
  • CVE-2016-9824/libav: triage: ignored: usan (undefined sanitized) warning only, no patch
  • CVE-2016-9823/libav: triage: ignored: usan (undefined sanitized) warning only, no patch
  • CVE-2016-5115/libav: triage: postpone due different (indirect mplayer) vulnerability and lack of time
  • CVE-2017-17127,CVE-2017-18245,CVE-2018-19128,CVE-2018-19130,CVE-2019-14443,CVE-2019-17542/libav: security upload


Russ Allbery: 2019 Book Reading in Review

2 January, 2020 - 03:44

In 2019, I finished and reviewed 40 books, the same as in 2018. Technically, I read two more books than 2018, since I've finished two books (one just before midnight) that I've not yet reviewed, but I'll stick with counting only those books for which I've published a review. I did a little bit better this year in spreading my reading out over the year instead of only reading on vacation. Finding time to write reviews was another matter; apologies for the flood of catch-up reviews in the last week of December.

I met both of my reading goals for last year — maintaining my current reading pace and catching up on award winners and nominees — but only barely in both cases. 2020 will bring schedule and life changes for me, and one of my goals is to carve out more room for daily reading.

I have 10 out of 10 ratings to two books this year, one fiction and one non-fiction. The novel was Arkady Martine's exceptional debut A Memory Called Empire, which is one of the best science fiction novels I've read. It's populated with a fully imagined society, wonderful characters, political maneuvering, and a thoughtful portrayal of the cultural impact of empire and colonialism. I can hardly wait for the sequel.

The non-fiction book was On the Clock by Emily Guendelsberger, a brilliant piece of investigative journalism that looks at the working conditions of the modern American working class through the lens of an Amazon warehouse job, a call center, and a McDonald's. If you want to understand how work and life feels to the people taking the brunt of the day-to-day work in the United States, I cannot recommend it highly enough. These jobs are not what they were ten or twenty years ago, and the differences may not be what you expect.

The novels that received 9 out of 10 ratins from me in 2019 were The Calculating Stars by Mary Robinette Kowal, and The Shell Seekers by Rosamunde Pilcher. Kowal's novel is the best fictional portrayal of anxiety that I've ever read (with bonus alternate history space programs!) and fully deserves its Hugo, Nebula, and Locus awards. Pilcher's novel is outside of my normal genres, a generational saga with family drama and some romance. It was a very satisfying vacation book, a long, sprawling drama that one can settle into and be assured that the characters will find a way to do the right thing.

On the non-fiction side, I gave a 9 out of 10 rating to Bad Blood, John Carreyou's almost-unbelievable story of the rise and fall of Theranos, the blood testing company that reached a $10 billion valuation without ever having a working product. And, to close out the year, I gave a 9 out of 10 rating to Benjamin Dreyer's Dreyer's English, a collection of advice on the English language from a copy editor. If you love reading books about punctuation trivia or grammatical geeking, seek this one out.

The full analysis includes some additional personal reading statistics, probably only of interest to me.

Balasankar 'Balu' C: FOSS contributions in 2019

1 January, 2020 - 13:00


I have been interested in the concept of Freedom - both in the technical and social ecosystems for almost a decade now. Even though I am not a harcore contributor or anything, I have been involved in it for few years now - as an enthusiast, a contributor, a mentor, and above all an evangelist. Since 2019 is coming to an end, I thought I will note down what all I did last year as a FOSS person.


My job at GitLab is that of a Distribution Engineer. In simple terms, I have to deal with anything that a user/customer may use to install or deploy GitLab. My team maintains the omnibus-gitlab packages for various OSs, docker image, AWS AMIs and Marketplace listings, Cloud Native docker images, Helm charts for Kubernetes, etc.

My job description is essentially dealing with the above mentioned tasks only, and as part of my day job I don’t usually have to write and backend Rails/Go code. However, I also find GitLab as a good open source project and have been contributing few features to it over the year. Few main reasons I started doing this are

  1. An opportunity to learn more Rails. GitLab is a pretty good project to do that, from an engineering perspective.
  2. Most of the features I implemented are the ones I wanted from GitLab, the product. The rest are technically simpler issues with less complexity(relates to the point above, regarding getting better at Rails).
  3. I know the never-ending dilemma our Product team goes through to always maintain the balance of CE v/s EE features in every release, and prioritizing appropriate issues from a mountain of backlog to be done on each milestone. In my mind, it is easier for both them and me if I just implemented something rather than asked them to schedule it to be done by a backend team, so that I cane enjoy the feature. To note, most of the issues I tackled already had Accepting Merge Requests label on them, which meant Product was in agreement that the feature was worthy of having, but there were issues with more priority to be tackled first.

So, here are the features/enhancements I implemented in GitLab, as an interested contributor in the selfish interest of improving my Rails understanding and to get features that I wanted without much waiting:

  1. Add number of repositories to usage ping data
  2. Provide an API endpoint to get GPG signature of a commit
  3. Add ability to set project path and name when forking a project via API
  4. Add predefined CI variable to provide GitLab FQDN
  5. Ensure changelog filenames have less than 99 characters
  6. Support notifications to be fired for protected branches also
  7. Set X-GitLab-NotificationReason header in emails that are sent due to explicit subscription to an issue/MR
  8. Truncate recommended branch name to a sane length
  9. Support passing CI variables as push options
  10. Add option to configure branches for which emails should be sent on push
Swathanthra Malayalam Computing

I have been a volunteer at Swathanthra Malayalam Computing for almost 8 years now. Most of my contributions are towards various localization efforts that SMC coordinates. Last year, my major contributions were improving our fonts build process to help various packaging efforts (well, selfish reason - I wanted my life as the maintainer of Debian packages to be easier), implementing CI based workflows for various projects and helping in evangelism.

  1. Ensuring all our fonts build with Python3
  2. Ensuring all our fonts have proper appstream metadata files
  3. Add an FAQ page to Malayalam Speech Corpus
  4. Add release workflow using CI for Magisk font module

I have been a Debian contributor for almost 8 years, became a Debian Maintainer 3 years after my first stint with Debian, and have been a Debian Developer for 2 years. My activities as a Debian contributor this year are:

  1. Continuing maintenance of fonts-smc-* and hyphen-indic packages.
  2. Packaging of gopass password manager. This has been going on very slow.
  3. Reviewing and sponsoring various Ruby and Go packages.
  4. Help GitLab packaging efforts, both as a Debian Developer and a GitLab employee.
Other FOSS projects

In addition to the main projects I am a part of, I contributed to few FOSS last year, either due to personal interest, or as part of my job. They are:

  1. Calamares - I initiated and spearheaded the localization of Calamares installer to Malayalam language. It reached 100% translated status within a month.
  2. Chef
    1. Fix openSUSE Leap and SLES detection in Chef Ohai 14
    2. Make runit service’s control commands configurable in Chef Runit cookbook
  3. Mozilla - Being one of the Managers for Malayalam Localization team of Mozilla, I helped coordinate localizations of various projects, interact with Mozilla staff for the community in clarifying their concerns, getting new projects added for localization etc.

I also gave few talks regarding various FOSS topics that I am interested/knowledgeable in during 2019. List and details can be found at the talks page.

Overall, I think 2019 was a good year for the FOSS person in me. Next year, I plan to be more active in Debian because from the above list I think that is where I didn’t contribute as much as I wanted.

Junichi Uekawa: Happy new year.

1 January, 2020 - 12:21
Happy new year. Last year I kept on practicing piano. I started Tea. Wondering what awaits.

Russ Allbery: Review: Woman on the Edge of Time

1 January, 2020 - 11:19

Review: Woman on the Edge of Time, by Marge Piercy

Publisher: Ballantine Copyright: 1976 Printing: 2016 ISBN: 0-307-75639-4 Format: Kindle Pages: 419

Woman on the Edge of Time opens with Connie (Consuela) Ramos's niece Dolly arriving at the door of her tiny apartment with a bloody face. Her pimp, the cause of the bloody face, shows up mere moments later with a doctor to terminate Dolly's pregnancy. After a lot of shouting and insults, Connie breaks a glass bottle across Geraldo's face, resulting in her second involuntary commitment to a mental institution.

The first time was shortly after the love of her life was arrested for shoplifting and, in an overwhelmed moment, she hit her young daughter. That time, she felt she deserved everything that happened to her, not that it made much difference. Her daughter disappeared into the foster care system and she ended up on welfare, unable to get a job. She did get out of the institution, though. That's more of a question this time.

The other difference in Connie's life is that Luciente has made contact with her. Luciente is apparently from the future, appears in Connie's apartment, speaks an odd dialect, and is both horrified and fascinated by the New York City of Connie's time. She is also able to bring Connie mentally into the future, to a community called Mouth-of-Mattapoisett, which has no insane asylums, welfare, capitalism, pimps, condescending social workers, pollution, or the other plagues of Connie's life.

Woman on the Edge of Time sets a utopia against a dystopia, but the dystopia is 1970s America seen through the life of a poor Mexican-American woman. The Mattapoisett sections follow the classical utopia construction with Connie as the outside visitor to whom the utopia is explained. The present-day sections are a parade of horrors as Connie attempts to survive institutionalization, preserve a shred of dignity, and navigate the system well enough to be able to escape it. At first, these two environments are simply juxtaposed, but about two-thirds of the way through the book it becomes clear that Luciente's future is closely linked to, and closely influenced by, Connie's present.

I wanted to like this book, but I struggled with it. It took me about two months to read it, and I kept putting it down and reading something else instead. I'm finding it hard to put my finger on why it didn't work for me, but I think most of the explanation is Connie.

Piercy commits fully in this story to making Connie an ordinary person. Her one special characteristic is her ability to receive Luciente's psychic contact from the future, and to reach out in return. Otherwise, she's an average person who has lived a very hard life, who is struggling with depression and despair, and whose primary reaction to the events of the book is a formless outrage mixed with self-pity. This is critical to the conclusion of the story, and it's a powerful political statement: Ordinary people can affect the world, their decisions matter, and you don't have to be anyone special to fight oppression.

Unfortunately, this often makes the Mattapoisett sections, which are the best part of this book, frustrating to read. Not only does Connie not ask the questions about the future utopia that I wanted to ask, but she also reacts to most of the social divergences with disgust, outrage, or lasting confusion. This too I think is an intentional authorial choice — a true course correction in our world isn't also going to be comfortable and familiar, all of us will disagree with some of those choices, and Connie is not someone who grew up reading utopian literature — but it adds a lot of negative emotion to what is otherwise a positive celebration of how much better humanity can be. The people of Mattapoisett are endlessly patient with Connie in ways that also highlight strengths of their society, but I frequently found myself wanting to read a different story about Luciente, Jackrabbit, and the others without Connie there to recoil from the most drastic changes or constantly assume the worst of their customs.

I felt like I understood Connie and empathized with her, but I didn't like her. It's hard to read books where you don't like the main character.

The present-day scenes are an endless sequence of nightmares. Connie has a couple of friends inside the institution, who are also just trying to survive, but is otherwise entirely alone. Her niece tries occasionally, but is so strung out on drugs that she can't hold a coherent train of thought. Every figure of authority in the book treats Connie with contempt. All medical staff treat the patients like animals; the best that any of them can hope for is to be treated like a tolerable but ugly pet. I fully believe this was accurate for at least some facilities in some places, but it's soul-crushing to read about at length. I found myself slogging through those sections of the book, waiting for another interlude in Mattapoisett where at least I could enjoy the utopian world-building and relax a bit around happy characters.

This is, to be clear, effective at conveying the political point that Piercy is making. It's striking to read about Connie's horrific life and realize that it would be far worse today. Outside of the institution, she was living on long-term welfare, something that no longer exists in the United States. There are essentially no more mental institutions of the type in which she was held today; we closed them all in the 1980s and dumped all the residents on the streets. As Piercy points out in her forward, this is not an improvement. Today, Connie would either be homeless or in prison, her circumstances would be even worse than they were in the book, and even this plot would not be possible.

It's hard to know what to say about books that say true things with the level of anger and revulsion that our world warrants and do not give the reader the comfortable wrapping of characters with room to be happy. There is little Piercy says here that's wrong, and it's something we should hear, but apart from the Mattapoisett interludes I found it miserable to read. I read partly for escapism and for a break from dwelling on the unfolding horrors of the news cycle, so I struggle with books that feel like an extension of the day-to-day reporting on how awfully we treat our fellow humans. This is a problem I have with much of 1970s feminist SF: The books are incandescently angry, and rightfully so, about problems that are largely unfixed fifty years later, and I come away deeply depressed by humans as a species.

The heart of this book is the carefully-constructed Mattapoisett utopia, which says fascinating things about parenting, ecological balance, interpersonal relationships, communal living, personal property and its appropriate place in society, and governance structures. Piercy does cheat with some psychic empathy and some semi-magical biology, but most of what she describes would be possible with our current technology. I've not talked much about that in this review because the other parts of the book hit me so strongly, but this is a very interesting utopia. If you like analyzing and thinking about alternative ways of living, this is thought-provoking stuff.

I can see why other people liked this book better than I did, and I have great respect for its political goal and for Piercy's utopian world-building. It wasn't the book for me, but it might be for you.

Rating: 5 out of 10

Paul Wise: FLOSS Activities December 2019

1 January, 2020 - 08:18
Changes Issues Review Administration
  • Debian wiki: whitelist email addresses, help with auth issues
  • FOSSJobs: forwarding jobs, approving jobs
  • Respond to queries from Debian users and developers on the mailing lists and IRC

Some of the lintian-brush issues, the devscripts tagpending issue and the libpst work were sponsored by my employer. All other work was done on a volunteer basis.

Utkarsh Gupta: Debian Activities for December 2019

1 January, 2020 - 07:16

Here’s my (third) monthly update about the activities I’ve done in Debian this December.

Debian LTS

This was my third month as a Debian LTS paid contributor.
I was assigned 16.50 hours and worked on the following things:

CVE Fixes and Announcements:
  • Issued DLA 2024-1, fixing CVE-2019-19617, for phpmyadmin.
    Details here:

    phpMyAdmin before 4.9.2 does not escape certain Git information, related to libraries/display_git_revision.lib.php and libraries/Footer.class.php.

    For Debian 8 “Jessie”, this has been fixed in 4:4.2.12-2+deb8u7.
    Furthermore, sent a patch to the Security team for fixing the same in Stretch.

  • Issued DLA 2025-1, fixing CVE-2017-17833 and CVE-2019-5544, for openslp-dfsg.
    Details here:

    OpenSLP releases in the 1.0.2 and 1.1.0 code streams have a heap-related memory corruption issue which may manifest itself as a denial-of-service or a remote code-execution vulnerability.
    OpenSLP as used in ESXi and the Horizon DaaS appliances has a heap overwrite issue. VMware has evaluated the severity of this issue to be in the critical severity range.

    For Debian 8 “Jessie”, this has been fixed in 1.2.1-10+deb8u2.

  • Issued DLA 2026-1, fixing CVE-2019-19630, for htmldoc.
    Details here:

    In HTMLDOC, there was a one-byte underflow in htmldoc/ps-pdf.cxx caused by a floating point math difference between GCC and Clang.

    For Debian 8 “Jessie”, this has been fixed in 1.8.27-8+deb8u1.
    Furthermore, sent a patch to the Security team for Stretch and Buster.

  • Issued DLA 2046-1, fixing CVE-2019-19479, for opensc.
    Details here:

    An issue was discovered in libopensc/card-setcos.c in OpenSC, which has an incorrect read operation during parsing of a SETCOS file attribute.

    For Debian 8 “Jessie”, this has been fixed in 0.16.0-3+deb8u2.

  • Triage luajit, python-oslo.utils, davical, sqlite3, phpmyadmin, openssl, htmldoc, and opensc for Jessie.

  • Pinged upstream of libexif, ruby-rack, and ruby-rack-cors for more clarification of the patches provided.

  • Clarified more about CVE-2019-1551/openssl triage to the Security Team and the Debian LTS ML.

  • Took a deeper look at CVE-2019-16782/ruby-rack; the patch itself introduces regression and induces a backdoor on its own. Notified the Security Team and the ML to avoid its upload.

  • Discuss the state of CVE-2019-19479/opensc with Roberto and process its upload. Also opened upstream issue out of frustration for “hiding” most of their report.

  • In midst of fixing test failures of ruby-rack-cores. And also WIP for ruby-excon.

Debian Uploads

Most importantly, I became a DD this month! \o/
Here’s my NM process. Many, many thanks to Thomas (zigo) for being so nice and patient! :D

New Version:
  • ruby-reverse-markdown ~ 1.3.0-1 (to unstable).
  • ruby-behance ~ 0.6.1-1 (to unstable).
  • ruby-unidecode ~ 1.0.0-1 (to unstable).
  • micro ~ 1.4.1-1 (to unstable).
  • golang-code.cloudfoundry-bytefmt ~ 0.0~git20190818.854d396-1 (to unstable).
Source-Only and Other Uploads:
  • micro ~ 1.4.1-2 (to unstable).
  • golang-github-flynn-json5 ~ 0.0~git20160717.7620272-2 (to unstable).
  • golang-github-zyedidia-pty ~ 1.1.1+git20180126.3036466-2 (to unstable).
  • golang-github-zyedidia-terminal ~ 0.0~git20180726.533c623-2 (to unstable).
  • golang-golang-x-text ~ 0.3.2-3 (to unstable).
  • golang-github-yuin-gopher-lua ~ 0.0~git20170915.0.eb1c729-4 (to unstable).
  • golang-github-sergi-go-diff ~ 1.0.0-2 (to unstable).
Bug Fixes:
  • #946859 for ruby-reverse-markdown (ITP).
  • #946895 for ruby-behance (ITP).
  • #946945 for ruby-unidecode (ITP).
  • #947724 for golang-code.cloudfoundry-bytefmt (ITP).
  • #889196 golang-github-yuin-gopher-lua.
  • #889209 for golang-github-sergi-go-diff.
Reviews and Sponsored Uploads:
  • easygen ~ 4.1.0-1 for Tong Sun.
  • node-webpack ~ 4.30.0-1 for Pirate Praveen.
  • node-timeago.js ~ 4.0.2-1 for Sakshi Sangwan.
  • Outreachy mentoring for GitLab project.
  • Grant DM access for easygen to Tong Sun.
  • Grant DM access for golang-github-danverbraganza-varcaser to Tong Sun.
  • Help James Montgomery for Golang packaging (wrt #945524).
  • Migrated all my -guest accounts and certificates to use my new, shiny account associated with the DD status.
  • With regards to this tweet, I assisted the following people:
    • Shubhank Saxena with 1:1 Hangouts call.
    • Shreya Gupta with 1:1 Hangouts call.
    • Eshaan Bansal with 1:1 Hangouts call.
      P.S. It was lovely to interact with such lovely people :)

Until next time.
:wq for today.

Chris Lamb: Favourite books of 2019

1 January, 2020 - 01:42

I managed to read 74 books in 2019 (up from 53 in 2018 and 50 in 2017) but here follows ten of my favourites this year, in no particular order.

Disappointments included The Seven Deaths of Evelyn Hardcastle (2018) which started strong but failed to end with a bang; all of the narrative potential energy tightly coiled in the exposition was lazily wasted in a literary æther like the "whimper" in the imagined world of T. S Eliot. In an adjacent category whilst I really enjoyed A Year in Provence (1989) last year, Toujours Provence (1991) did not outdo its predecessor but was still well worth the dégustation. I was less surprised to be let down by Jon Ronson's earliest available book, The Men Who Stare At Goats (2004), especially after I had watched the similarly off-key film of the same name, but it was at least intellectually satisfying to contrast the larval author of this work and comparing him the butterfly he is today but I couldn't recommend the experience to others who aren't fans of him now.

The worst book that I finished this year was Black Nowhere (2019), a painful attempt at a cyberthriller based on the story of the Silk Road marketplace. At many points I seriously pondered whether I was an unwitting participant in a form of distributed performance art or simply reading an ironic takedown of inexpensive modern literature.

As a slight aside, choosing which tomes to write about below was an interesting process but likely not for the reasons you might think; I found it difficult to write so publically anything interesting about some books that remain memorable to this day without essentially inviting silent censure or, worse still, the receipt of tedious correspondence due to their topics of contemporary politics or other vortexes of irrationality, assumed suspicion and outright hostility. (Given Orwell's maxim that "the only test of artistic merit is survival," I find this somewhat of disservice to my integrity, yet alone to the dear reader.)

In the Woods (2007), The Likeness (2008) & Faithful Place (2010)

Tana French

I always feel a certain smug pleasure attached to spotting those gaudy "Now a major TV series!" labels appearing upon novels I have already digested. The stickers do not merely adhere to the book themselves, but in a wider sense stick to myself too as if my own refined taste had been given approval and blessing of its correctness. Not unlike as if my favourite local restaurant had somehow been granted a Michelin star, the only problem then becomes the concomitant difficulty in artfully phrasing that one knew about it all along...

But the first thing that should probably be said about the books that comprise the Dublin Murder Squad ("Now a major TV series!") is the underlying scaffolding of the series: whilst the opening novel details Irish detectives Rob Ryan and Cassie Maddox investigating a murder it is told in from the first-person perspective of the former. However, the following book then not only recounts an entirely different Gardaí investigation it is told from the point of view of the latter, Cassie, instead. At once we can see how different (or not) the characters really are, how narrow (or not) their intepretation of events are, but moreover we get to enjoy replaying previous interaction between the two both, implicitly in our minds and even sometimes explicitly on the page. This fount of interest continues in the third of the series which is told from the viewpoint of a yet another character introduced in the second book and so forth.

I feel I could write a fair amount about these novels, but in the interest of brevity I will limit my encomium to the observation that the setting of Ireland never becomes a character itself, now curiously refreshing as most series feel the need to adopt this trope which overshot cliché some time ago. Authors, by all means set your conceits in well-trodded locations but please refrain from boasting or namedropping your knowledge at seemingly every opportunity (the best/worst example being Ben Aaronovitch's Rivers of London series or, by referencing street and pub names just a few too many times for comfort, Irvine Welsh's Edinburgh). Viewer's of the BBC Spooks series will likely know what I mean too - it isn't that the intelligence officers couldn't meet in the purview of St Paul's or under the watchful London Eye but the unlikelihood that all such clandestine conventicles would happen with the soft focus of yet another postcard-worthy landmark in the background forces at least this particular ex-Londoner of the plot somewhat.

Anyway, highly recommend. I believe I have three more in this series, all firmly on my 2020 list.

The Ministry of Truth (2019)

Dorian Lynskey

It should hopefully come as no surprise to anyone that I would read this "biography" of George Orwell's Nineteen Eighty-Four (NB. not "1984"...) after a number of Orwell-themed travel posts this year (Marrakesh, Hampstead, Paris, Southwold, Ipswich, etc.).

Timed to coincide with the book's publication 70 years ago, Lynskey celebrates its platinum anniversary with an in-depth view into the book's literary background in the dystopian fiction of the preceding generation including Yevgeny Zamyatin's 1921 We and H. G. Well's output more generally. It is a bête noire of mine that the concepts in the original book are taken too literally by most (as if by pointing out the lack of overt telescreens somehow discredits the work or — equally superficially in analysis — has been "proven right" by the prevalence of the FAANGs throughout our culture) but Lynskey does no such thing and avoids this stubbornly sophomoric and narrow view of Nineteen... and does not neglect the wider, more delicate and more interesting topics such as the slippage between deeds, intentions, thoughts, veracity and language.

Thorough and extremely comprehensive, this biography remains a wonderfully easy read and is recommended to all interested in one of the most influencial novels of the 20th century and furthermore should not be considered the exclusive domain of lovers of trivial Orwellania, not withstanding that such folks will undoubtably find something charming in Lynskey's research in any case: Who knew that the original opening paragraph of this book was quite so weak? Or a misprint resulted in an ambiguous ending...? This book shouldn't just make you want to read the novel again, it will likely pique your interest into delving deeper into Orwell’s writing for yourself. And if you don't, Big Brother is...

City of the Dead (2011) & The Bohemian Highway (2013)

Sara Gran

Imagine a Fleabag with more sass, more drug abuse, and — absent the first person narrative — thankfully hold the oft-distracting antics with the fourth wall. Throw in the perceptive insight of Sherlock and finish with the wistful and mystical notes of a Haruki Murakami novel and you've got Claire DeWitt, our plucky protagonist.

In post-Katrani New Orleans, where we lay our scene, this troubled private detective has been tasked with looking for a local prosecutor who has been missing since the hurricane. Surprisingly engrossing and trenchant, my only quibble with the naked, fast-paced and honest writing of City of the Dead is that the ends of chapters are far too easily signposted as the tone of the prose changes in a reliable manner, disturbing the unpredictability of the rest of the text.

The second work I include here (The Bohemian Highway) is almost on-par with the first with yet more of Claire's trenchant observations about herself and society (eg. "If you hate yourself enough, you’ll start to hate anyone who reminds you of you", etc.). However, it was quite the disappointment to read the third in this series (The Infinite Blacktop (2018) which had almost all the aforementioned ingredients but somehow fell far, far short of the target. Anyway, if someone has not optioned the rights for an eight-part television series of the first two novels, I would be willing to go at least, say, 90:10 in with you.

Never Split the Difference (2016)

Chris Voss

I was introduced to Chris Voss earlier in the year via an episode of The Tim Ferriss Show (and if that wasn't enough of a eyebrow-raising introduction he was just on an episode of Lance Armstrong's own podcast...) but regardless of its Marmite-esque route into my world I could not help but be taken hostage by this former FBI negotiator's approach to Negotiating as if Your Life Depended On It, as its subtitle hyperbolically claims.

My initial interest in picking up this how-to-negotiate volume lied much deeper than its prima facie goal of improving my woefully-lacking skills as I was instead intellectually curious about the socio-anthropology and to learn more about various facets of human connections and communication in general. However, the book mixes its "pop psych" with remarkably simple and highly practical tips for all levels of negotiations. Many of these arresting ideas, at least in the Voss school, are highly counter-intuitive yet he argues for them all persuasively, generally preferring well-reasoned argument over relying on the langue du bois of the "amygdala" and other such concepts borrowed superficial from contemporary psychology that will likely be rendered the phrenology of the early 21st-century anyway.

Whilst the book's folksy tone and exhale-inducing approach to pedagogy will put many off (I thought I left academia and its "worksheets" a long time ago…) it certainly passes the primary test of any book of negotiation: it convinced me.

The Way Inn (2014) & Plume (2019)

Will Wiles

I really enjoyed this authors take on modern British culture but I am unsure if I could really communicate exactly why. However, I am certain that I couldn't explain what his position really is beyond using misleading terms such as "surreal" or "existential" because despite these labels implying an inchoate and nebulous work I also found it simultaneously sharp and cuttingly incisive.

Outlining the satirical and absurd plot of The Way Inn would do little to communicate the true colour palette of the volume too (our self-absorbed protagonist attends corporate conferences on the topic, of course, of conferences themselves) but in both of these books Wiles ruthlessly avoiding all of the tired takedowns of contemporary culture, somehow finding new ways to critique our superficial and ersatz times.

The second of Wiles' that I read this year, Plume, was much darker and even sinister in feel but remains peppered with enough microscopic observations on quotidian life ("the cloying chemical reek of off-brand energy drinks is a familiar part of the rush-hour bouquet"...) that somehow made it more, and not less, harrowing in tone. You probably need to have lived in the UK to get the most out of this, but I would certainly recommend it.

Chasing the Scream (2015)

Johann Hari

It is commonplace enough to find RT ≠ endorsement in a Twitter biography these days but given that Hari's book documents a Search For The Truth About Addiction I am penning this review with more than a soupçon of trepidation. As in, if it would be premature to assume that if someone has chosen to read something then they are implicitly agreeing with its contents it would also be a similar error to infer that reader is looking for the same answers. This is all to say that I am not outing myself as an addict here, but then again, this is precisely what an addict would say...

All throat clearing aside, I got much from reading Johann Hari's book which, I think, deliberately does not attempt to break new ground in any of the large area it surveys and prefers to offer a holistic view of the war on drug [prohibition] through a series of long vignettes and stories about others through the lens of Hari himself on his own personal journey.

Well-written and without longueur, Hari is careful to not step too close to the third-rail of the medication—mediation debate as the most effective form of treatment. This leads to some equivocation at points but Hari's narrative-based approach generally lands as being more honest than many similar contemporary works that cede no part of the complex terrain to anything but their prefered panacea, all deliciously ironic given his resignation from the Independent newspaper in 2011. Thus acting as a check against the self-assured tones of How to Change Your Mind (2018) and similar, Chasing the Scream can be highly recommended quite generally but especially for readers in this topic area.

The Sellout (2016)

Paul Beatty

"I couldn't put it down…" is the go-to cliché for literature so I found it amusing to catch myself in quite-literally this state at times. Winner of the 2016 Man Booker Prize, the first third of this were perhaps the most engrossing and compulsive reading experience I've had since I started "seriously" reading.

This book opens in medias res within the Supreme Court of the United States where the narrator lights a spliff under the table. As the book unfolds, it is revealed that this very presence was humbly requested by the Court due to his attempt to reinstate black slavery and segregation in his local Los Angeles neighbourhood. Saying that, outlining the plot would be misleading here as it is far more the ad-hoc references, allusions and social commentary that hang from this that make this such an engrossing work.

The tranchant, deep and unreserved satire might perhaps be merely enough for an interesting book but where it got really fascinating to me (in a rather inside baseball manner) is how the latter pages of the book somehow don't live up the first 100. That appears like a straight-up criticism, but this flaw is actually part of this book's appeal to me — what actually changed in these latter parts? It's not overuse of the idiom or style and neither is it that it strays too far from the original tone or direction, but I cannot put my finger on why which has meant the book sticks to this day in my mind. I can almost, just almost, imagine a devilish author such as Paul deliberately crippling one's output for such an effect…

Now, one cannot unreservedly recommend this book. The subject matter itself, compounded by being dealt with in such an flippant manner will be unpenetrable to many and deeply offensive to others, but if you can see your way past that then you'll be sure to get something—whatever that may be—from this work.

Diary of a Somebody (2019)

Brian Bilston

The nom de plume of the "unofficial poet laureate of Twitter", Brian Bilston is an insufferable and ineffectual loser who decides to write a poem every day for a year. A cross between the cringeworthiness of Alan Partridge and the wit and wordplay of Spike Milligan, the eponymous protagonist documents his life after being "decruited" from his job.

Halfway through this book I came to the realisation that I was technically reading a book of poetry for fun, but far from being Yeats, Auden or The Iliad, "Brian" tends to pen verse along the lines of:

No, it's not Tennyson and "plot" ties itself up a little too neatly at the end, but I smiled out loud too many times whilst reading this book to not include it here.

Stories of Your Life and Others (2014) & Exhalation (2019)

Ted Chiang

This compilation has been enjoying a renaissance in recent years due the success of the film Arrival (2016) which based on on the fourth and titular entry in this amazing collection. Don't infer too much from that however as whilst this is prima facie just another set of sci-fi tales, it is science fiction in the way that Children of Men is, rather than Babylon 5.

A well-balanced mixture of worlds are evoked throughout with a combination of tales that variously mix the Aristotelian concepts of spectacle (opsis), themes (dianoia), character (ethos) and dialogue (lexis), perhaps best expressed practically in that some stories were extremely striking at the time — one even leading me to rebuff an advance at a bar — and a number were not as remarkable at the time yet continue to occupy my idle thoughts.

The opening tale which reworks the Tower of Babel into a construction project probably remains my overall favourite, but the Dark Materials-esque world summoned in Seventy-Two Letters continues to haunt my mind and lips of anyone else who has happened to come across it, perhaps becoming the quite-literal story of my life for a brief period. Indeed it could be said that, gifted as a paperback, whilst the whole collection followed me around across a number of locales, it continues to follow me — figuratively speaking that is — to this day.

Highly recommended to all readers but for those who enjoy discussing books with others it would more than repay any investment.

Operation Mincemeat (2010)

Ben MacIntyre

In retrospect it is almost obvious that the true story of an fictitious corpse whose invented love letters, theatre life and other miscellania stuffed into the pockets of a calculatingly creased Captain's uniform would make such a captivating tale. Apparently drowned and planted into the sea off Huelva in 1943, this particular horse was not exactly from Troy but was rather a Welsh vagrant called Glyndwr who washed up — or is that washed out? — on the Andalusian shoreline along with information on a feigned invasion of Sicily in an attempt to deceive the Wehrmacht. However, this would be to grosslly misprice Ben MacIntyre's ability to not get in the way of telling the story as well the larger picture about the bizarre men who concocted the scheme and the bizarre world they lived in.

In such a Bond-like plot where even Ian Fleming (himself a genuine British naval officer) makes an appearance it seems prudent to regularly recall yet again that truth can be stranger than fiction, but the book does fall foul of the usual sin of single-issue WW2 books in overestimating the importance in the larger context of a conflict. (Indeed, as a diversionary challenge to the reader of this review I solicit suggestions for any invention, breakthrough or meeting that has not been identified as "changing the course of World War II". Victor Davis Hanson rather handsomeley argues in his 2017 The Second World Wars that is best approached as multiple wars, anyway…)

Likely enjoyed by those not typically accustomed to reading non-fiction history, this is genuinely riveting account nonetheless and well worth the reading.

Jonathan McDowell: Free Software Activities for 2019

1 January, 2020 - 01:20

As a reader of Planet Debian I see a bunch of updates at the start of each month about what people are up to in terms of their Free Software activities. I’m not generally active enough in the Free Software world to justify a monthly report, and this year in particular I’ve had a bunch of other life stuff going on, but I figured it might be interesting to produce a list of stuff I did over the course of 2019. I’m pleased to note it’s longer than I expected.


I’m not a big conference attendee; I’ve never worked somewhere that paid travel/accommodation for Free Software conferences so I end up covering these costs myself. That generally means I go to local things and DebConf. This year was no exception to that; I attended BelFOSS, an annual free software conference held in Belfast, as well as DebConf19 in Curitiba, Brazil. (FOSDEM was at an inconvenient time this year for me, or I’d have made it to that as well.)


Most of my contributions to Free software happen within Debian.

As part of the Data Protection Team I responded to various minor requests for advice from within the project.

The Debian Keyring was possibly my largest single point of contribution. We’re in a roughly 3 month rotation of who handles the keyring updates, and I handled 2019.03.24, 2019.06.25, 2019.08.23, 2019.09.24 + 2019.12.23.

For Debian New Members I handled a single applicant, Marcio de Souza Oliveira, as an application manager. I had various minor conversations throughout the year as part of front desk.

I managed to get binutils-xtensa-lx106 + gcc-xtensa-lx106 packages (1 + 1) for cross building ESP8266 firmware uploaded in time for the buster release, as well as several updates throughout the year (2, 3 + 2, 3, 4). There was a hitch over some disagreements on the package naming, but it conforms with the generally accepted terms used for this toolchain.

Last year I ended up fixing an RC bug in ghdl, so this year having been the last person to touch the package I did a couple of minor uploads (0.35+git20181129+dfsg-3, 0.35+git20181129+dfsg-4). I’m no longer writing any VHDL as part of my job so my direct interest in this package is limited, but I’ll continue to try and fix the easy things when I have time.

Although I requested the package I originally uploaded it for, l2tpns, to be removed from Debian (#929610) I still vaguely maintain libcli, which saw a couple of upstream driven uploads (1.10.0-1, 1.10.2-1).

OpenOCD is coming up to 3 years since its last stable release, but I did a couple (0.10.0-5, 0.10.0-6) of minor uploads this year. I’ve promised various people I’ll do a snapshot upload and I’ll try to get that into experimental at some point. libjaylink, a dependency, also saw a couple of minor uploads (0.1.0-2, 0.1.0-3).

I pushed an updated version of libtorrent into experimental (0.13.8-1), as a pre-requisite for getting rtorrent updated. Once that had passed through NEW I uploaded 0.13.8-2 and then rtorrent 0.9.8-1.

The sigrok project produced a number of updates, sigrok-firmware-fx2lafw 0.1.7-1, libsigrok 0.5.2-1 + libsigrokdecode 0.5.3-1.

sdcc was the only package I did sponsored uploads of this year - (3.8.0+dfsg-2, 3.8.0+dfsg-3). I don’t have time to take over maintainership of this package fully, but sigrok-firmware-fx2lafw depends on it to build so I upload for Gudjon and try to help him out a bit.

Personal projects

In terms of personal projects I finally pushed my ESP8266 Clock to the outside world (and wrote it up). I started learning Go and as part of that wrote gomijia, a tool to passively listen for Bluetooth LE broadcasts from Xiaomi Mijia devices and transmits them over MQTT. I continued to work on onak, my OpenPGP key server, adding support for the experimental v5 key format, dkg’s abuse resistant keystore proposal and finally merged in support for signature verification. It’s due a release, but the documentation really needs improved before I’d be happy to do that.


Back when picolibc was newlib-nano I had a conversation with Keith Packard about getting the ESP8266 newlib port (largely by Max Filippov based on the Tensilica work) included. Much time has passed since then, but I finally got time to port this over and test it this month. I’m hopeful the picolibc-xtensa-lx106-elf package will appear in Debian at some point in the next few months.


As part of my work at Titan IC I did some work on Snort3, largely on improving its support for hardware offload accelerators (ignore the fact my listed commits were all last year, Cisco generally do a bunch of squashed updates to the tree so the original author doesn’t always show).

Software in the Public Interest

While I haven’t sat on the board of SPI since 2015 I’m still the primary maintainer of the membership website (with Martin Michlmayr as the other active contributor). The main work carried out this year was fixing up some issues seen with the upgrade from Stretch to Buster.


I talked about my home automation, including my use of Home Assistant, at NIDC 2019, and again at DebConf with more emphasis on the various aspects of Debian that I’ve used throughout the process. I had a couple of other sessions at DebConf with the Data Protection and Keyring teams. I did a brief introduction to Reproducible Builds for BLUG in October.


I had a one liner accepted to systemd to make my laptop keyboard work out of the box. I fixed up Xilinx XRT to be able to build .debs for Debian (rather than just Ubuntu), have C friendly header files and clean up some GCC 8.3 warnings. I submitted a fix to Home Assistant to accept 202 as a successful REST notification response. And I had a conversation on IRC which resulted in a tmux patch to force detach (literally I asked how do to this thing and I think Colin had whipped up a patch before the conversation was even over).


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้