Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 50 min 29 sec ago

Mike Gabriel: Debian Edu FAI

3 October, 2019 - 14:24

Over the past month I worked on re-scripting the installation process of a Debian Edu system (minimal installation profile and workstation installation profile for now) by utilizing FAI [1].

My goal on this is to get the Debian Edu FAI config space into Debian bullseye (as package: debian-edu-fai) and provide an easy setup method for the FAI installation server on an existing Debian Edu site.

Note: I do not intend to bootstrap a complete Debian Edu site via FAI. The use case is: get your Debian Edu main server up and running, add host faiserver.intern and install all your the site's client systems via this FAI installation server.

Debian Edu Installation Methods (until today)

Currently, we only have a D-I based installation method (over PXE or ISO image) at hand with several disadvantages:

  • requires interaction
  • not really customizable
  • comparingly slow (now that I have seen FAI do these things)

All of the above problems can be solved by installing Debian Edu via a FAI configuration.

Debian Edu Installation via FAI ( This rocks so much!!! )

As you may guess, but I need to repeat the above (because I am so excited about it), here are the advantages of installing Debian Edu via FAI:

  • Debian Edu installation via FAI is incredibly fast
  • Customization: drop in some more files into the FAI config space and you have a customized setup. [2]
  • FAI supports zero-click installs, so no more interaction is required except from booting via PXE
  • FAI supports stuffing the FAI installation bootstrap system into a bootable ISO image
Get it!

The whole setup process of a FAI server on a Debian Edu network still requires some documentation and testing, but the config space for FAI, I have already provided on Debian's GitLab server:

Have fun with this and provide feedback, if you try this out. Thanks!


References and Footnotes
  • [1]
  • [2] For our local "IT-Zukunft Schule" project I added several FAI config extensions without having to touch the Debian Edu FAI configuration files.

Gunnar Wolf: Presenting a webinar: Privacy and anonymity: Requisites for individuals' security online

2 October, 2019 - 23:55

I was invited by the Mexican Chapter of the Internet Society (ISOC MX) to present a webinar session addressing the topics that motivated the project I have been involved for the past two years — And presenting some results, what we are doing, where we are heading.

ISOC's webinars are usually held via the Zoom platform. However, I felt it directly adversarial to what we are doing; we don't need to register with a videoconference provider if we can use Jitsi! So, the webinar will be held at Of course, I am aware that if we reach a given threshold, Jitsi will stop giving a quality service — So I will also mirror it to a "YouTube live" thingy. I am not sure if this will be the right URL, but I think it will be here.

Of course, I will later download the video and publish it in a site that tracks users less than YouTube :-]

So, if you are interested — See you there on 2019.10.16, 19:00 (GMT-5).

AttachmentSize webinario1609FINAL.jpg134.71 KB

Mike Gabriel: My Work on Debian LTS/ELTS (September 2019)

2 October, 2019 - 21:23

In September 2019, I have worked on the Debian LTS project for 11 hours (of 12 hours planned) and on the Debian ELTS project for another 2 hours (of 12 hours planned) as a paid contributor. I have given back the 10 ELTS hours, but will keep the 1 LTS hour and move it over to October. As I will be gone on family vacation during two weeks of Octobre I have reduced my workload for the coming months accordingly (10 hours LTS, 5 hours ELTS).

LTS Work
  • Patch review on qemu (regarding DLA-1927-1)
  • Perform regression tests on previous LTS uploads of 389-ds-base (see [1,2] for results/statements)
  • Upload netty 3.2.6.Final-2+deb8u1 to jessie-security (DLA-1941-1 [3]), fixing 1 CVE
  • Triage nghttp2, probably not affected by CVE-2019-9511 and CVE-2019-9513. The code base is really different around the passages where the fixing patches have been applied by upstream. I left a comment in dla-needed.txt plus asked for a second opinion. [4]
  • Go over all 2019 LTS announcements in the webwml.git repository and ping LTS team members (including myself) on missing webwml DLAs.
  • Upload phpbb3 3.0.12-5+deb8u4 to jessie-security (DLA-1942-1 [5]), fixing 1 (or 2) CVE(s). Regarding the phpbb3 upload, Sylvain Beucler and I are currently discussing [6] whether CVE-2019-13376 got actually fixed with this upload or not. There will be some sort of follow-up announcement on this matter soon.
  • Upload netty 3.2.6.Final-2+deb7u1 to wheezy-lts (ELA-168-1 [7]), fixing 1 CVE

Ben Hutchings: Debian LTS work, September 2019

1 October, 2019 - 21:00

I was assigned 20 hours of work by Freexian's Debian LTS initiative and worked all those hours this month.

I prepared and, after review, released Linux 3.16.74, including various security and other fixes. I then rebased the Debian package onto that. I uploaded that with a small number of other fixes and issued DLA-1930-1.

I backported the latest security update for Linux 4.9 from stretch to jessie and issued DLA-1940-1 for that.

Mike Gabriel: Install ActivInspire Smart Board Software on Debian 10

1 October, 2019 - 20:17

From one of my customers, I received the request to figure out an installation pathway for ActivInspire, the Promethean smart board software suite. ActivInspire is offered as DEB builds for Ubuntu 18.04. On a Debian 10 (aka buster) system the installation requires some hack-around (utilizing packages from Debian jessie LTS).

Here is the quick-n-dirty recipe:

APT Key for "Promethean Ltd <>"

The APT key you need for downloading packages from Promethean's package archive can be obtained like this:

$ gpg --search-keys 0x300035F2484C6FED
$ gpg --export -a 0x300035F2484C6FED | sudo apt-key add -

Afterwards, you should find the key added to APT's GnuPG keyring. Verify that:

$ sudo apt-key adv --fingerprint D3CDA26CC37F568DD4A8DE68300035F2484C6FED
Executing: /tmp/user/0/apt-key-gpghome.HMo8gCMGUG/ --fingerprint D3CDA26CC37F568DD4A8DE68300035F2484C6FED
pub   rsa4096 2017-03-02 [SC]
      D3CD A26C C37F 568D D4A8  DE68 3000 35F2 484C 6FED
uid        [ unbekannt ] PrometheanLtd <>
sub   rsa4096 2017-03-02 [E]
Tweak APT's Installation Sources

Next, add the below lines to a new file called /etc/apt/sources.list.d/promethean.list. The software will require to grab some packages (e.g. libssl1.0.0) from Debian jessie:

deb jessie main non-free contrib
deb jessie/updates main contrib non-free
deb bionic non-oss oss

Note that security support for Debian jessie LTS will end on 23rd June 2020. Until then, you should be safe with package dependencies from Debian jessie LTS, after that you are on your own. (One might try to grab libssl1.0.0 from Ubuntu 18.04, which should receive security support until April 2023).

Install ActivDriver and ActivTools

Now you can install the ActivInspire smart board sofware:

$ sudo apt install activdriver activtools
Optional: Disable jessie Package Source again

If you are scared of more packages pouring in from Debian jessie LTS, you can safely comment out the lines in /etc/apt/sources.lists.d/promethean.list again now that the smart board software has been installed. (You will not get security updates then anymore for packages that activdriver and activtools pulled in from Debian jessie LTS, though).


That things worked out here does not mean that they will work for you. Neither is this an official Promethean post / documentation. Don't ping me for support on this, unless you are ready to book me for commercial support.

Have fun!
Mike Gabriel (aka sunweaver at

Junichi Uekawa: From today, value added tax rate increased in Japan.

1 October, 2019 - 18:01
From today, value added tax rate increased in Japan. First time with variable tax rate depending on how you consume it, inside the restaurant or outside.

Abhijith PA: Debian packaging session

1 October, 2019 - 11:37

Hello web,

Last week I conducted a workshop on Debian packaging at MES College of Engineering, Kuttipuram in accordance with Frisbee 19, yearly conference by IEEE cell of this college. Thanks to Anupa from ICFOSS who contacted and arranged me to take this session. I was accompanied by Subin and Abhijith from FOSSers. The time span was from 9:30 AM to 04:30 PM. Since it was a big time slot we took from the Free software evangelism –> GNU/Linux –> Debian –> how contributing to community projects can help your career.

Subin introduced Debian history, philosophy and release processes to the students. I started with a hello world program packaging and later to ruby gem packaging with gem2deb. Abhijith helped students who got stuck while packaging. At the end of the session we did a small quiz and gifted them with debian stickers and conference merchandises.

Thanks to the volunteers for setting up the prerequisites.

Norbert Preining: 10 years in Japan

1 October, 2019 - 11:06

Exactly 10 years ago, on October 1, 2009, I started my work at the Japan Advanced Institute of Science and Technology (JAIST), arriving the previous day in a place not completely unknown, but with a completely different outlook: I had a position as Associate Professor, and somehow was looking forward to an interesting and challenging time. Much has changed since then, and I thought a bit of reflection is necessary

Four years ago I wrote a similar blog, 6 years in Japan. Rereading it today it, there is a considerable overlap:

6 years later I am still here at the JAIST, but things have changed considerably, and my future is even less clear than 6 years ago.

How true it was back then, what did I know that within a few months after posting this, the JAIST, in a move to promote internationalization, has purged all but one western foreigner from the faculty (outside the English department), and I found myself unemployed, with a new-born child, not knowing what to do and where to go. It relates cleanly to the paragraph on The biggest disappointment. How much can I laugh now looking at what I considered my biggest disappointment back then, and how I felt half a year later.

The biggest disappoinment

Asked today about the biggest disappointment, it would be clearly the Japanese academic environment. I have never seen such selfish and reckless scientist – maybe better careless – having no interest in the fate of colleagues with whom they have worked for years. Having found myself with a new-born child in unemployment in Japan, guess how many of my colleagues dared to even once ask how I am doing!? The answer is an impressive zero, naught.

Comparing this with the academic environment in which I have grown up in Vienna, I was left dumbfounded: Till now I try to search for work places for those that have been employed in my projects, the group in Vienna always tried to help each other even in hard times, bridging over holes by shifting between projects. I can’t imagine any of my colleagues from my home university to not even ask a colleague in troubles.

Well that is Japan academics, I lost every trust and faith in them.

The happiest thing

Back then I wrote that despite many hardships, the happiest thing was that I found a lovely, beautiful, and caring wife. To topple that, we got a lovely (and lively, but also challenging, at times nasty, etc etc) daughter that changed our life considerably. The three+ years since she is with us, many things got considerably more difficult, and bringing up a child brings out cultural differences and disagreements much more than living in two. But the love and fun we are receiving from our time together is for sure the happiest thing (for now, until I write another blog in 10 years?).

Present and future

After loosing my job at JAIST, and six months of unemployment, a lucky coincidence gifted me with a great job at an IT company in Tokyo, that allows me to work remotely from my home. I am incredibly thankful to everyone there who helped made this happen. It is a complete new world for me. After 25 years in academics being thrown into a Japanese company (all Japanese, I am the only foreigner), with business meetings, client support, etc was something unexpected for me. Maybe I count it as one of the big achievements that I manage to function properly in this kind of environment.

I still try to keep up my research work, publishing articles every year, and as far as possible attending conferences. My OSS activities haven’t changed a lot, and I try to keep up with the projects for which I am responsible.

What the future brings is even less unclear: Now that we have to think about the education of our daughter, moving is getting more and more a point of discussion. I really detest Japanese education system, in particular junior high school which I consider a childhood and personality killer. OTOH, we have settled into a very nice place here in Ishikawa, and at my age moving is getting more and more burdensome, not to speak of another job change. So I feel torn between returning to Europe, or remaining here in Japan. Let us see what the future brings.

Russ Allbery: Review: This Is How You Lose the Time War

1 October, 2019 - 10:06

Review: This Is How You Lose the Time War, by Amal El-Mohtar & Max Gladstone

Publisher: Saga Copyright: 2019 ISBN: 1-5344-3101-2 Format: Kindle Pages: 200

Red is the most effective operative of the Agency. She darts through time's threads, finds threats to the future, eliminates them, and delights in the work. She rarely encounters the operatives of her enemy directly; they prefer painstaking work in the shadows. But there is one opponent who has a different style. Audacious. Risky.

In the midst of a dead battlefield, Red finds a letter.

Blue is Garden's operative, moving from mission to mission, exerting exactly the right pressure or force at a critical moment to shift the strands of the future. She decided to leave a letter taunting her adversary, but also expressing gratitude at the challenge, the requirement that she give the war her full attention, the relief from boredom. She wasn't sure whether to expect a reply, but she received one.

This Is How You Lose the Time War is an epistolary novel, told in short action sequences by Red or Blue followed by the inevitable discovered letter. At first, they taunt each other and delight in their victories while expressing admiration of their opponent. Blue has the smoother and more comfortable writing style. Red has to research the form of letters and writes like a conversation, sharp and informal. Both threaten and tease the other with the consequences if their superiors discover this exchange.

In word play, cultural references, sincerely-shared preferences, open curiosity, and audacious puns, the letters turn into something more than a taunting game.

The time war is a long-standing SF trope. This one reminds me the most of Fritz Leiber's The Big Time: a two-sided war between far-future civilizations, neither of which are clearly superior in either capabilities or morality. Unlike Leiber's Spiders and Snakes, though, El-Mohtar and Gladstone's Agency and Garden have some solid world-building behind them. Red's Agency is technological, cybernetic, and run by what feels like machine intelligence. Blue's Garden is the biological flip-side, a timeline of crafted life culminating in stars with eyes and a living universe, focus on growth and poison, absorbing and reshaping. To the reader, they alternate between incomprehensible and awful, although Red and Blue are comfortable with their sides at the start. Don't expect detailed or believable descriptions of the technology of either side; this is well into "indistinguishable from magic" territory throughout.

Despite its nature as a time travel story, the plot structure of this story is straightforward and somewhat predictable. You're unlikely to be surprised by the outcome; the enjoyment is in how the story gets there. The relationship didn't quite ring true to me, mostly because it develops so quickly, although some of that has to be forgiven for the format. (I have some experience with epistolary relationships; they're much more rambling and involve far, far more words than this one does.) But the letters themselves are playful, delightful, and occasionally moving, and the resolution, although expected, delivers on the emotional hooks the story was setting up.

I wasn't blown away by this, partly I think because it's too tight, focused, and stylized. Red and Blue are the only true characters in the story and the only people who feel real, which undermines the world-building and means the story can't sprawl into its surroundings or let the reader imagine other ways of living in this world. At 200 pages, it's more of a novella than a novel, and it's structured with the single-minded thrust of short fiction. The dynamic between the two characters is well-done, but there is a limit to how much characterization one can do with only a single other character to interact with. Since Red and Blue can define themselves only in relation to each other, they felt two-dimensional and I was unable to fully embrace either of them as a character.

That said, I read the whole story in an afternoon and did not regret it. I have a weakness for epistolary stories that this satisfied nicely. It hit, at least for me, the sweet spot of recognizing most of the cultural references while being surprised I recognized them, which was oddly satisfying. And the whole book is worth it for the growing tendency they both have for seeing and writing about each other's colors in everything.

I think this is more of an afternoon's entertainment than something you'll remember for a long time, but if you like time travel stories or characters writing letters to each other, recommended.

Rating: 7 out of 10

John Goerzen: Connecting A Physical DEC vt420 to Linux

1 October, 2019 - 04:59
John and Oliver trip to Vintage Computer Festival Midwest 2019. Oliver playing Zork on the Micro PDP-11

Inspired by a weekend visit to Vintage Computer Festival Midwest at which my son got to play Zork on an amber console hooked up to a MicroPDP-11 running 2BSD, I decided it was time to act on my long-held plan to get a real old serial console hooked up to Linux.

Not being satisfied with just doing it for the kicks, I wanted to make it actually usable. 30-year-old DEC hardware meets Raspberry Pi. I thought this would be pretty easy, but it turns out is was a lot more complicated than I realized, involving everything from nonstandard serial connectors to long-standing kernel bugs!

Selecting a Terminal — And Finding Parts

I wanted something in amber for that old-school feel. Sadly I didn’t have the forethought to save any back in the 90s when they were all being thrown out, because now they’re rare and can be expensive. Search eBay and pretty soon you find a scattering of DEC terminals, the odd Bull or Honeywell, some Sperrys, and assorted oddballs that don’t speak any kind of standard protocol. I figured, might as well get a vt, since we’re still all emulating them now, 40+ years later. Plus, my old boss from my university days always had stories about DEC. I wish he were still around to see this.

I selected the vt420 because I was able to find them, and it has several options for font size, letting more than 24 lines fit on a screen.

Now comes the challenge: most of the vt420s never had a DB25 RS-232 port. The VT420-J, an apparently-rare international model, did, but it is exceptionally rare. The rest use a DEC-specific port called the MMJ. Thankfully, it is electrically compatible with RS-232, and I managed to find the DEC H8571-J adapter as well as a BC16E MMJ cable that I need.

I also found a vt510 (with “paperwhite” instead of amber) in unknown condition. I purchased it, and thankfully it is also working. The vt510 is an interesting device; for that model, they switched to using a PS/2 keyboard connector, and it can accept either a DEC VT keyboard or a PC keyboard. It also supports full key remapping, so Control can be left of A as nature intended. However, there’s something about amber that is just so amazing to use again.

Preparing the Linux System

I thought I would use a Raspberry Pi as a gateway for this. With built-in wifi, that would let me ssh to other machines in my house without needing to plug in a serial cable – I could put the terminal wherever. Alternatively, I can plug in a USB-to-serial adapter to my laptop and just plug the terminal into it when I want. I wound up with a Raspberry Pi 4 kit that included some heatsinks.

I had two USB-to-serial adapters laying around: a Keyspan USA-19HS and a Digi I/O Edgeport/1. I started with the Keyspan on a Raspberry Pi 4 on the grounds that I didn’t have the needed Edgeport/1 firmware file laying about already. The Raspberry Pi does have serial capability integrated, but it doesn’t use RS-232 voltages and there have been reports of it dropping characters sometimes, so I figured the easy path would be a USB adapter. That turned out to be only partially right.

Serial Terminals with systemd

I have never set up a serial getty with systemd — it has, in fact, been quite a long while since I’ve done anything involving serial other than the occasional serial console (which is a bit different purpose).

It would have taken a LONG time to figure this out, but thanks to an article about the topic, it was actually pretty easy in the end. I didn’t set it up as a serial console, but spawning a serial getty did the trick. I wound up modifying the command like this:

ExecStart=-/sbin/agetty -8 -o '-p -- \\u' %I 19200 vt420

The vt420 supports speeds up to 38400 and the vt510 supports up to 115200bps. However, neither can process plain text at faster than 19200 so there is no point to higher speeds. And, as you are about to see, they can’t necessarily even muster 19200 all the time.

Flow Control: Oh My

The unfortunate reality with these old terminals is that the processor in them isn’t actually able to keep up with line speeds. Any speed above 4800bps can exceed processor capabilities when “expensive” escape sequences are sent. That means that proper flow control is a must. Unfortunately, the vt420 doesn’t support any form of hardware flow control. XON/XOFF is all it’ll do. Yeah, that stinks.

So I hooked the thing up to my desktop PC with a null-modem cable, and started to tinker. I should be able to send a Ctrl-S down the line and the output from the pi should immediately stop. It didn’t. Huh. I verified it was indeed seeing the Ctrl-S (open emacs, send Ctrl-S, and it goes into search mode). So something, somehow, was interfering.

After a considerable amount of head scratching, I finally busted out the kernel source. I discovered that the XON/XOFF support is part of the serial driver in Linux, and that — ugh — the keyspan serial driver never actually got around to implementing it. Oops. That’s a wee bit of a bug. I plugged in the Edgeport/1 instead of the Keyspan and magically XON/XOFF started working.

Well, for a bit.

You see, flow control is a property of the terminal that can be altered by programs on a running system. It turns out that a lot of programs have opinions about it, and those opinions generally run along the lines of “nobody could possibly be using XON/XOFF, so I’m going to turn it off.” Emacs is an offender here, but it can be configured. Unfortunately, the most nasty offender here is ssh, which contains this code that is ALWAYS run when using a pty to connect to a remote system (which is for every interactive session):

tio.c_iflag &= ~(ISTRIP | INLCR | IGNCR | ICRNL | IXON | IXANY | IXOFF);

Yes, so when you use ssh, your local terminal no longer does flow control. If you are particularly lucky, the remote end may recognize your XON/XOFF characters and process them. Unfortunately, the added latency and buffering in going through ssh and the network is likely to cause bursts of text to exceed the vt420’s measly 100-ish-byte buffer. You just can’t let the remote end handle flow control with ssh. I managed to solve this via GNU Screen; more on that later.

The vt510 supports hardware flow control! Unfortunately, it doesn’t use CTS/RTS pins, but rather DTR/DSR. This was a reasonably common method in the day, but appears to be totally unsupported in Linux. Bother. I see some mentions that FreeBSD supports DTR/DSR flow (dtrflow and dsrflow in stty outputs). It definitely looks like the Linux kernel has never plumbed out the reaches of RS-232 very well. It should be possible to build a cable to swap DTR/DSR over to CTS/RTS, but since the vt420 doesn’t support any of this anyhow, I haven’t bothered.

Character Sets

Back when the vt420 was made, it was pretty hot stuff that it was one of the first systems to support the new ISO-8859-1 standard. DEC was rather proud of this. It goes without saying that the terminal knows nothing of UTF-8.

Nowadays, of course, we live in a Unicode world. A lot of software crashes on ISO-8859-1 input (I’m looking at you, Python 3). Although I have old files from old systems that have ISO-8859-1 encoding, they are few and far between, and UTF-8 rules the roost now.

I can, of course, just set LANG=en_US and that will do — well, something. man, for instance, renders using ISO-8859-1 characters. But that setting doesn’t imply that any layer of the tty system actually converts output from UTF-8 to ISO-8859-1. For instance, if I have a file with a German character in it and use ls, nothing is going to convert it from UTF-8 to ISO-8859-1.

GNU Screen also, as it happens, mostly solves this.

GNU Screen to the rescue, somewhat

It turns out that GNU Screen has features that can address both of these issues. Here’s how I used it.

First, in my .bashrc, I set this:

if [ `tty` = "/dev/ttyUSB0" ]; then
stty -iutf8
export LANG=en_US
export MANOPT="-E ascii"

Then, in my .screenrc, I put this:

defflow on
defencoding UTF-8

This tells screen that the default flow control mode is on, and that the default encoding for the pty that screen creates is UTF-8. It determines the encoding for the physical terminal for the environment, and correctly figures it to be ISO-8859-1. It then maps between the two! Yes!

My little ssh connecting script then does just this:

exec screen ssh "$@"

Which nicely takes care of the flow control issue and (most of) the encoding issue. I say “most” because now things like man will try to render with fancy em-dashes and the like, which have no representation in iso8859-1, so they come out as question marks. (Setting MANOPT=”-E ascii” fixes this) But no matter, it works to ssh to my workstation and read my email! (mu4e in emacs)

What screen doesn’t help with are things that have no ISO-8859-1 versions; em-dashes are the most frequent problems, and are replaced with unsightly question marks.

termcaps, terminfos, and weird things

So pretty soon you start diving down the terminal rabbit hole, and you realize there’s a lot of weird stuff out there. For instance, one solution to the problem of slow processors in terminals was padding: ncurses would know how long it would take the terminal to execute some commands, and would send it NULLs for that amount of time. That calculation, of course, requires knowledge of line speed, which one wouldn’t have in this era of ssh. Thankfully the vt420 doesn’t fall into that category.

But it does have a ton of modes. The Emacs On Terminal page discusses some of the interesting bits: 7-bit or 8-bit control characters, no ESC key, Alt key not working, etc, etc. I believe some of these are addressed by the vt510 (at least in PC mode). I wonder whether Emacs or vim keybindings would be best here…

Helpful Resources

Jonathan McDowell: Life with a Yubikey

1 October, 2019 - 02:33

At the past two DebConfs Thomas Goirand of infomaniak has run a workshop on using a Yubikey, and been generous enough to provide a number of devices for Debian folk. Last year I was fortunate enough to get hold of one of the devices on offer.

My primary use for the device is to hold my PGP key. Generally my OpenPGP hardware token of choice is the Gnuk, which features a completely Free software stack and an open hardware design, but the commonly available devices suffer from being a bit more fragile than I’d like to regularly carry around with me. The Yubikey has a much more robust design, being a slim plastic encapsulated device. I finally set it up properly with my PGP key last November, and while I haven’t attached it to my keyring I’ve been carrying it with me regularly.

Firstly, it’s been perfectly fine from a physical robustness point of view. I don’t worry about it being in my pocket with keys or change, it gets thrown into my bag at the end of the day when I go home, it kicks around my desk and occasionally gets stuff dropped on it. I haven’t tried to break it deliberately and I’m not careless with it, but it’s not treated with kid gloves. And it’s still around nearly a year later. So that’s good.

Secondly, I find my initial expected use case (holding my PGP subkeys and using the auth subkey for SSH access) is the major use I have for the key. I occasionally use the signing subkey for doing Debian uploads, I rarely use the encryption subkey, but I use the auth subkey most days. I’ve also setup U2F for any site I use that supports it, but generally once I’m logged in there on trusted machines I don’t need to regularly re-use it. It’s nice to have though, and something the Gnuk doesn’t offer.

On the down side, I still want a device that requires a physical key press for any signing operation. My preferred use case is leaving the key plugged into the machine to handle SSH logins, but the U2F use case seems to be to insert the key only when needed, and then press the key. OpenPGP operation with the Yubikey doesn’t require a physical touch. I get round some of this by enabling the confirm option with gpg-agent, but I’d still be happier with something on the token itself. The Yubikey also doesn’t do ECC keys, but it does do 4096-bit RSA so it’s not terrible, just results in larger keys than ideal.

Overall I’m happy with the device, and grateful to Thomas and infomaniak for providing me with it, though I’m hopeful about a new version of the Gnuk with a more robust form factor/casing. (If you’re looking for discussion on how to setup the token with GPG subkeys then I recommend Thomas’ presentation from 2018, which covers all the steps required.)

Ben Hutchings: Kernel Recipes 2019, part 1

1 October, 2019 - 00:28

This conference only has a single track, so I attended almost all the talks. All of them were recorded and videos should be available soon. This time I didn't take notes but I've summarised all the talks I attended.

ftrace: Where modifying a running kernel all started

Speaker: Steven Rostedt

Details and slides:

This talk explains how the kernel's function tracing mechanism (ftrace) works, and describes some of its development history.

It was quite interesting, but you probably don't need to know this stuff unless you're touching the ftrace implementation.

Analyzing changes to the binary interface exposed by the Kernel to its modules

Speaker: Dodji Seketeli


The upstream kernel does not have a stable ABI (or API) for use by modules, but OS distributors often want to support the use of out-of-tree modules by ensuring that at least some subset of the kernel ABI remains stable within a given OS release.

Currently the kernel build process generates a "version" or "CRC" for each exported symbol by parsing the relevant type definitions. There is a load-time ABI check based on comparing these, and distributors can compare them at build time to detect ABI breaks. However this doesn't work that well and it's hard to work out what caused a change.

The speaker develops the "libabigail" library and tools. These can extract ABI definitions from standard debug information (DWARF), and then analyse and compare ABIs for different versions of a shared libraries, or of the Linux kernel and modules. They are likely to replace the kernel's current symbol versioning approach at some point. He talked about the capabilities of libabigail, plans for improving it, and some limitations of C ABI checkers.

BPF at Facebook

Speaker: Alexei Starovoitov

Details and slides:

The Berkeley Packet Filter (BPF) is a simple virtual machine implemented by several kernels. It allows user-space to add code that runs in kernel context, without compromising the integrity of the kernel.

In recent years Linux has extended this virtual machine architecture to create eBPF, which is expressive enough to be targeted by general-purpose compilers such as Clang and (in the near future) gcc. eBPF can be used for filtering network packets (the original purpose of BPF), tracing events, and many other purposes.

The speaker talked about practical experiences using eBPF with tracing at Facebook. These mainly involved investigating performance problems. He also talked about the difficulties of doing this on production servers without developer tools installed, and how this is being addressed.

Kernel hacking behind closed doors

Speaker: Thomas Gleixner

Details and slides:

The speaker talked about how kernel developers and hardware vendors have been handling speculative execution vulnerabilities, and the friction between how the vendors' preferred process and the usual kernel development processes.

He described the mailing list manager he wrote to support discussion of security issues with a long embargo period, which sends and receives encrypted messages in both S/MIME and PGP/MIME formats (depending on the subscriber).

Finally he talked about the process that has been settled on for handling future issues of this time with minimal legal paperwork.

This was somewhat marred by a lawyer joke and a generally combative attitude to hardware vendors.

What To Do When Your Device Depends on Another One

Speaker: Rafael Wysocki

Details and slides:

The Linux device model represents all devices as a simple hierarchy. Driver binding and unbinding (probe/remove), and power management operations, are sequenced based on the assumption that a device only depends on its parent in the device model.

On PCs, additional dependencies are often hidden behind abstractions such as ACPI, so that Linux does not need to be aware of them. On most embedded systems, however, such abstractions are usually missing and Linux does need to be aware of additional dependencies.

(A few years ago, the device driver core gained support for an error code from probe (-EPROBE_DEFER) that indicates that some dependency is not yet bound, and causes the device to be re-probed later. But this is an incomplete, stop-gap solution.)

The speaker described the new "device links" API which provides a way to record additional dependencies in the device model. The device driver core will use this information to sequence operations on multiple devices correctly.

Metrics are money

Speaker: Aurélien Rougemont


The speaker talked about several instances from his experience where system metrics were used to justify buying or rejecting new hardware. In some cases, these metrics were not accurate or consistent, which could lead to bad decisions. He made a plea for better documentation of metrics reported by the Linux kernel.

No NMI? No Problem! – Implementing Arm64 Pseudo-NMI

Speaker: Julien Thierry


Linux typically uses Non-Maskable Interrupts (NMIs) for Performance Monitoring Unit (PMU) interrupts. NMIs are (almost) never disabled, so this allows interrupt handlers and other code that runs with interrupts disabled to be profiled accurately. On architectures that do not have NMIs, typically Linux can use the highest interrupt priority for this instead, and only mask the lower priorities.

On the Arm architecture, there is no NMI but there are two architectural interrupt priority levels (IRQ and FIQ). However on 64-bit Arm systems FIQ is typically reserved to system firmware so Linux only uses IRQ. This results in inaccurate profiling.

The speaker described the implementation of a pseudo-NMI for 64-bit Arm. This is done by leaving IRQs enabled on the CPU and masking them selectively on the Arm generic interrupt controller (GIC), which supports many more priority levels. However this effectively requires GIC v3 or v4 because these operations are prohibitively slow on earlier versions.

Marvels of Memory Auto-configuration (SPD)

Speaker: Jean Delvare

Details and slides:

The speaker talked about the history of standardised DRAM modules (SIMMs and DIMMs) and how system firmware can detect them and find out their size and timing requirements.

DIMMs expose this information through Serial Presence Detect (SPD) which until recently used standard 256-byte I²C EEPROMs.

For the latest generation of DIMMs (DDR4), the configuration information can be larger than 256 bytes and a new interface was required. Jean described and criticised this interfaces.

He also talked about the Linux drivers and utilities that can be used to read the SPD EEPROMs.

Sylvain Beucler: RenPyWeb - one year

1 October, 2019 - 00:01

One year ago I posted a little entry in Ren'Py Jam 2018, which was the first-ever Ren'Py game directly playable in the browser

Big thanks to Ren'Py's author who immediately showed full support for the project, and to all the other patrons who joined the effort!

One year later, RenPyWeb is officially integrated in Ren'Py with a one-click build, performances improved, countless little fixes to the Emscripten technology stack provided stability, and more than 60 games of all sizes were published for the web.

What's next? I have plans to download resources on-demand (rather than downloading the whole game on start-up), to improve support for mobile browsers, and of course to continue the myriad of little changes that make RenPyWeb more and more robust. I'm also wondering about making our web stack more widely accessible to Pygame, so as to bring more devs in the wonderful world of python-in-the-browser and improve the tech ecosystem - let me know if you're interested.

Hoping to see great new Visual Novels on the web this coming year

Scarlett Gately Moore: Akademy! 2019 Edition

30 September, 2019 - 23:12
KDE Akademy 2019


I am happy to report yet another successful KDE Akademy! This will make my 5th Akademy This year akademy was held in beautiful Milan, Italy. As usual we had so many great talks, you can read all about them here:

My trip was shortened again due to flight availability, but I still got in some great BoF sessions. We were able to achieve some tasks and goals with the Fundraising Working Group. I hung out with the Neon team for a few, and it was decided I will continue the Debian merge and continue to keep the delta between Debian and neon as minimal as possible. This helps all deb based distributions in the end. I was also happy to see snaps are coming along nicely! There was a great BoF on user support, where we discussed trying to get users connected with the people that can answer questions. I believe we landed on Discourse, we are on the technical stage of making that happen.

The core of what makes Akademy so important is the networking of course. I was able to see many old friends and meet many new ones. I was so happy to see so many new faces this year! With each year our bunch has become more and more diverse, which is always a good thing. Face to face collaboration is very important in an environment where we mostly see text all day.

Until next year! Happy hacking and see you all around in the interwebs.


P.S. Stay tuned and I will have another post with everything I have been up to in the last year.


Related posts:
  1. Another successful Akademy! Neon team BoF, snappy and more.
  2. KDE Akademy 2018
  3. I’m going to Akademy! Neon team and more..

Chris Lamb: Free software activities in September 2019

30 September, 2019 - 22:53

Here is my monthly update covering what I have been doing in the free software world during September 2019 (previous month):

  • Attended the launch event of OpenUK, a new organisation with the purpose of supporting the growth of free software, hardware and data. It was hosted at the House of Commons of the United Kingdom and turned out to be quite the night to be attending Parliament.

  • As part of my duties of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthy meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics, policy etc.

  • Made a number of changes to my tickle-me-email library to implement Gettings Things Done-like behaviours in IMAP inboxes including:

    • Add support for a sendmail-like command. [...]
    • Don't require specifying the target of sent items in the send-later command [...] and decode messages correctly for the same command [...].
  • Opened pull requests to make the build reproducible in:

  • Opened a pull request for the memcached distributed memory object caching system to... correct the spelling of "ensure". [...]

  • More work on the Lintian static analysis tool for Debian packages, releasing versions 2.20.0, 2.21.0, 2.22.0, 2.23.0 & 2.24.0 as well as:

Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws almost all software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

The initiative is proud to be a member project of the Software Freedom Conservancy, a not-for-profit 501(c)(3) charity focused on ethical technology and user freedom.

Conservancy acts as a corporate umbrella, allowing projects to operate as non-profit initiatives without managing their own corporate structure. If you like the work of the Conservancy or the Reproducible Builds project, please consider becoming an official supporter.

This month I:

I also made the following changes to our tooling:


diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • New features:

    • Add /srv/diffoscope/bin to the Docker image path. (#70 [...]
    • When skipping tests due to the lack of installed tool, print the package that might provide it. [...]
    • Update the "no progressbar" logging message to match the parallel "missing tlsh module" warnings. [...]
    • Update "requires foo" messages to clarify that they are referring to Python modules. [...]
  • Testsuite updates

    • The test_libmix_differences ELF binary test requires the xxd tool. (#940645)
    • Build the OCaml test input files on-demand rather than shipping them with the package in order to prevent test failures with OCaml 4.08. (#67)
    • Also conditionally skip the identification and "no differences" tests as we require the Ocaml compiler to be present when building the test files themselves. (#940471)
    • Rebuild our test squashfs images to exclude the character device as they requires root or fakeroot to extract. (#65) [...]
  • Code cleanups, including dropping some unnecessary control flow [...], dropping unnecessary pass statements [...] and dropping explicitly inheriting from object class as it unnecessary in Python 3 [...].

Debian Debian LTS

This month I have worked 18 hours on Debian Long Term Support (LTS) and 12 hours on its sister Extended LTS project.

You can find out more about the projects via the following video:

  • redis (5.0.6-1) — New upstream release

  • python-django:

  • aptfs:

    • 1.0.0:
      • Port to Python 3.x. (#936131)
      • Move to a native package and import external Debian packaging from into this repository.
      • Add a pyproject.toml and apply the black source code formatter to the source tree.
      • Drop TODO file; we use our code hosting platform's issue tracker now.
    • 1.0.1 — Fix opening/reading of files after Python 3.x migration.
  • gunicorn:

    • 19.9.0-2 — Drop support for Python 2.x; the gunicorn package now provides the Python 3.x version. (#936679)
    • 19.9.0-3 — Port autopkgtests to Python 3.x.
    • 19.9.0-4 — Add a /usr/bin/gunicorn3 → /usr/bin/gunicorn compatibility symlink. (#939409)
  • installation-birthday (13):

    • Don't use the deprecated platform library. (#940803)
    • Add a gitlab-ci.yml.
    • Misc coding updates, inculding use the logging module's own string interpolation, not inheriting from object etc.
  • libfiu:

    • 1.00-1:

    • 1.00-2 — Also drop Python 2 support in the autopkgtests.

    • 1.00-3 — Patch the upstream Makefile to not build the Python 2.x bindings to ensure the tests pass.

  • memcached:

    • 1.5.17-1:
      • Adopt package. (#939425)
      • New upstream release. (#924584#939337#879797#835456#789835)
      • Source /etc/default/memcached in /etc/init.d/memcached. (#934542)
      • Add a Pre-Depends on ${misc:Pre-Depends} to ensure a correct dependency on init-system-helpers for the --skip-systemd-native flag.
      • Install README.damemtop to /usr/share/doc/memcached instead of under /usr/share/memcached
    • 1.5.17-2:
      • In the systemd .service file, specify a PIDFile under /run.
      • Add missing ${perl:Depends} to binary dependencies.
    • 1.5.18-1 — New upstream release

New upstream releases of bfs (1.5.1-1), django-auto-one-to-one (3.2.0-1), python-daiquiri (1.6.0-1), python-hiredis (1.0.0-1) and python-redis (3.3.7-1).

Finally, I sponsored uploads of adminer (4.7.3-1) and python-pyocr (0.7.2-1).

FTP Team

As a Debian FTP assistant I ACCEPTed 33 packages: crypto-policies, firmware-tomu, gdmd, golang-github-bruth-assert, golang-github-paypal-gatt, golang-github-rivo-uniseg, golang-github-xlab-handysort, golang-gopkg-libgit2-git2go.v28, icingaweb2-module-audit, icingaweb2-module-boxydash, icingaweb2-module-businessprocess, icingaweb2-module-cube, icingaweb2-module-director, icingaweb2-module-eventdb, icingaweb2-module-graphite, icingaweb2-module-map, icingaweb2-module-nagvis, icingaweb2-module-pnp, icingaweb2-module-statusmap, icingaweb2-module-x509, lazygit, ldh-gui-suite, meep, minder, node-solid-jose, ocaml-charinfo-width, ocaml-stdcompat, ppxfind, ppxlib, printrun, python-securesystemslib, sshesame & tpm2-initramfs-tool.

I additionally filed 6 RC bugs against packages that had potentially-incomplete debian/copyright files against crypto-policies, golang-github-paypal-gatt, icingaweb2-module-graphite, icingaweb2-module-statusmap, minder & printrun.

Jonathan Carter: Free Software Activities (2019-09)

30 September, 2019 - 20:27

It’s been a busy month on a personal level so there’s a bunch of my Debian projects that have been stagnant this month, I hope to fix that over October/November.

Upload sponsoring: This month, when sponsoring package uploads for Debian, I prioritised Python team uploads above uploads (where I usually spend my reviewing attention). The Python 2 deprecation is turning out to be a lot of work so I think the Python team can do with a lot more support from everyone at this point.

DebConf: I resigned from the DebConf Committee, I might consider joining again if there’s a position open again in the future. I’m not going to DC20 so it seems like a good are to cut back a bit to help me focus more on my technical projects. I’ll still be involved in the DebConf team. Over the next DebConf cycle I’ll still be involved in bursaries and want to cover a whole bunch of documentation and policy improvements that are sorely needed. I also want to finish up the ToeTally integration with Voctomix for the video team and hopefully try it out at a minidebconf within the next year.

Debian Live: calamares-settings-debian has been updated for bullseye, although as of this time we don’t have new images available with that yet. I started looking in to the vmdebootstrap deprecation, it’s going to be more work than I originally thought, so there’s a good possibility we might be switching to FAI for generating live images. I have a script called debmower that works ok and creates good images, but it’s a somewhat hacky shell script and if I ever had the time to rewrite it in Python I might propose that too, but unfortunately finding the time too maintain more things is hard. Isabelle Simpkins created testing artwork so that Debian testing images are easier to differentiate from the last stable release. These will be replaced in Debian as soon as the next release artwork is available.

Activity log:

2019-09-09: Upload package gdisk (1.0.4-2) to debian unstable (Adopting package, closes #939421).

2019-09-09: Upload package calamares (3.2.13-1) to debian unstable.

2019-09-09: Upload package gnome-shell-extension-dash-to-panel (23-1) to debian unstable.

2019-09-09: Upload package toot (0.23.1) to debian unstable.

2019-09-09: File upstream bug for toot crash when launching in tui mode (Toot #124).

2019-09-10: Upload package bluefish (2.2.10-2) to debian unstable (Adopting package, Closes: #922891, #936220).

2019-09-10: Seek feedback on bugs #844449, #852733.

2019-09-11: File removal of pythonqt from debian unstable (BTS: #940025).

2019-09-11: Orphan package golang-gopkg-flosch-pongo2.v3 (BTS: #940030).

2019-09-16: Upload package python3-aniso8601 (8.0.0-1) to debian unstable.

2019-09-16: Upload package gnome-shell-extension-remove-dropdown-arrows (12-1) to debian unstable.

2019-09-16: Upload package bluefish (2.10-3) to debian unstable.

2019-09-16: Upload package gnome-shell-extension-move-clock (1.01-2) to debian unstable.

2019-06-16: Upload package tanglet (1.5.4-2) to debian unstable.

2019-09-16: Upload package gdisk (1.0.4-3) to debian unstable.

2019-09-16: Upload package tetzle (2.1.4+dfsg1-3) to debian unstable.

2019-09-16: Upload package bcachefs-tools (0.1+git20190829.aa2a42b-1~exp1) to debian unstable.

2019-09-16: Review package python-flask-jwt-extended (3.21.0-1) (needs some work) ( request).

2019-09-16: Sponsor package flask-jwt-simple (0.0.3-1) for debian unstable ( request, RFS: #940102).

2019-09-16: Sponsor package python3-fastentrypoints (0.12-1) for debian experimental ( request, RFS: #934054).

2019-09-16: Sponsor package python3-netsnmpagent (0.6.0-1) for debian experimental ( request, RFS: #934056).

2019-09-16: Review package pydevd (1.6.1+git20190712.1267523+dfsg) ( request), recommend that another reviewer give it a second pass.

2019-09-16: Sponsor package python3-aiosqlite (0.10.0-1) for debian unstable ( request, RFS: #927702).

2019-09-16: Upload package python3-flask-silk (0.2-14) to debian unstable.

2019-09-16: Sponsor package membernator (1.0.1-1) for debian unstable (Python team request).

2019-09-16: Sponsor package cosmiq (1.6.0-1) for debian unstable ( request).

2019-09-16: Sponsor package micropython (1.11-1) for debian unstable ( request, RFS: #939189).

2019-09-16: Sponsor package oomd (0.1.0-1) for debian unstable ( request, RFS: #939096).

2019-09-16: Sponsor package python3-enc (0.4.0-5) for debian unstable (Python team request).

2019-09-16: Review package pcapy () (needs some more work) (Python team request).

2019-09-16: Review package impacket () (needs some more work) (Python team request).

2019-09-16: Sponsor package python-guizero (1.0.0+dfgs1-1) (Python team request).

2019-09-17: Sponsor package sentry-python (0.9..5-2) for debian unstable (Python team request).

2019-09-17: Sponsor package supysonic (0.4.1-1) for debian unstable (Python team request).

2019-09-17: Sponsor package python3-aiohttp-wsgi (0.8.2-2) for debian unstable (Python team request).

2019-09-17: Sponsor package python3-onedrivesdk (1.1.8-1) for debian experimental (Python team request).

2019-09-17: Review package python3-ptvsd (4.3.0+dfsg-1) (needs some more work) (Python team request).

2019-09-17: Review package python3-flask-jwt-extended (3.21.0-1) (needs some more work) (Python team request).

2019-09-17: Review package python3-pydevd (1.7.1+dfsg-1) (needs some more work) (Python team request).

2019-09-17: Sponsor package python3-bidict (0.18.2-1) for debian unstable (Python team request).

2019-09-18: Upload package python3-enc (0.4.0-4) to debian unstable.

2019-09-18: Sponsor package python3-pydevd (1.7.1+dfsg1) for debian unstable (Python team request).

2019-09-18: Sponsor package python-aiohttp (3.6.0-1) for debian unstable (Python team request).

2019-09-18: Review package py-postgresql (1.2.1+git20180803.ef7b9a9-1) (needs some more work) (Python team request).

2019-09-18: Review package irker (2.18+dfsg-4) (needs some more work) (Python team request).

2019-09-18: Sponsor package py-postgresql (1.2.1+git20180803.ef7b9a9-1) for debian unstable (Python team request).

2019-09-18: Upload package irker (2.18+dfsg-4) to debian unstable (team upload / Python team sponsor request).

2019-09-18: Sponsor package sphinx-autodoc-typehints (1.8.0-1) for debian unstable (Python team request).

2019-09-18: Sponsor package python3-sentry-sdk (0.12.0-1) for debian unstable (Python team request).

2019-09-19: Review package vonsh (1.0) (needs some more work) ( request).

2019-09-19: Upload package live-tasks (11.0.1) to debian unstable (Closes: #932780, #936953, #934522).

2019-09-19: Upload package python3-flask-autoindex (0.6.2-2) to debian unstable (Closes: #936523).

2019-09-19: Upload package python3-flask-autoindex (0.6.2-3) to debian unstable (Re-opens: #936523).

2019-09-20: Upload package gamemode (1.5~git20190812-107d469-1~exp1) to debian experimental.

2019-09-20: Upload package gnome-shell-extension-remove-dropdown-arrows (13-1) to debian unstable.

2019-09-20: Sponsor package django-sortedm2m (2.0.0dfsg.1-1) for debian experimental (Python team request).

2019-09-20: Sponsor package python3-anosql (1.0.1-1) for debian unstable (Python team request).

2019-09-23: Upload package gnome-shell-extension-disconnect-wifi (21-1~exp1) to debian experimental.

2019-09-23: Upload package toot (0.24.0-1) to debian unstable.

2019-09-23: Upload package gamemode (1.5~git20190812-107d469-1~exp2) to debian experimental.

2019-09-23: Review package python3-pympler () (needs some more work) (Python team request).

2019-09-23: Close previously fixed bug #914044 in tuxpaint.

2019-09-23: Upload package kpmcore (4.0.0-1~exp1) to debian experimental.

2019-09-23: Upload package kpmcore (4.0.0-1~exp2) to debian experimental.

2019-09-25: Sponsor package assaultcube-data ( for debian unstable ( request).

2019-09-25: Sponsor package assaultcube ( for debian unstable ( request).

2019-09-25: Review package cpupower-gui (0.7.0-1) (needs some more work) ( request).

2019-09-25: Sponsor package pympler (0.7+dfsg1-1~exp1) for debian experimental (Python team request).

2019-09-25: Sponsor package sentry-python (0.12.2-1) for debian unstable (Python team request).

2019-09-25: Sponsor package python-aiohttp (3.6.1-1) for debian unstable (Python team request).

2019-09-25: Upload package calamares-settings-debian (11.0.1-1) to debian unstable.

2019-09-25: Merge MR#2 for live-wrapper (Debian BTS: #866183).

2019-09-25: File bug #941131 against (“Make oustanding MRs more visible in DDPO pages).

2019-09-25: Sponsor package color-theme-modern (0.0.2+4.g42a7926-1) for debian unstable (RFS: #905246) ( request).

2019-09-26: Sponsor package python3-flask-jwt-extended for debian unstable (RFS:#940075) ( request).

2019-09-26: Upload package tuxpaint (0.9.24~git20190922-f7d30d-1~exp1) to debian experimental.

2019-09:26: Review package python3-in-toto (0.4.0-1) (needs some more work) ( request).

2019-09:30: Forward Calamares bug #941301 “write two random seeds to locations for urandom init script and systemd-random-seed service” to upstream bug #1252.

2019-09-30: Sponsor package color-theme-modern (0.0.2+4.g42a7926-1) for debian unstable (RFS: #905246) ( request).

Sylvain Beucler: Debian LTS and ELTS - September 2019

30 September, 2019 - 20:27

Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

In September, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 23.75h for LTS (out of 30 max) and 20h for ELTS (max).

I was again able to factor out some time between LTS and ELTS.

The qemu update required more testing than I expected, as it's used with lots of different CPU and disk backends.

ELTS - Wheezy

  • CVE-2019-13626/libsdl1.2: triage: mark postponed so it doesn't stay in the triage list
  • freetype: CVE-2015-9381,CVE-2015-9382,CVE-2015-9383 security upload
  • freetype: de-dup TEMP-0773084-4AB1FB / CVE-2014-9659
  • CVE-2019-13232/unzip: regression update (zipbomb)
  • CVE-2019-5481/curl: triage: not-affected
  • CVE-2019-1549/openssl: triage: not-affected
  • CVE-2019-16163/libonig: security upload
  • CVE-2019-2180/cups: triage: was fixed prior CVE assignment, no other significant vulnerability to fix, no upload
  • tomcat7: investigate upgrading to upstream stable version, so as to fix the currently failing testsuite; decide not to when realizing that means applying all upstream changes since 2012
  • CVE-2019-3689/nfs-utils: triage, contact package maintainer
  • CVE-2019-16935/python*: help Ola triage and assess severity

LTS - Jessie

  • freetype: CVE-2015-9381,CVE-2015-9382,CVE-2015-9383 security upload
  • radare2: triage: clarify status, add reference to ML discussion about its support
  • unzip: untriage: false-positive
  • CVE-2019-16163/libonig: security upload
  • qemu:
    • check status of unpublished prepared update for CVE-2016-5126,CVE-2016-5403,CVE-2017-9375,CVE-2017-15124,CVE-2019-12155
    • CVE-2017-11334: triage: clarify, keep postponed (known regression)
    • CVE-2017-13672: triage: ignored: minor issue, guest root DoS, too complex to backport
    • CVE-2017-15124: re-triage: ignored: identify regression in proposed update, too complex to backport; reference complementary VNC/SASL patch
    • CVE-2018-19665: triage: ignored: still no sanctioned patch, bluetooth subsystem deprecated
    • CVE-2018-15746: triage: ignored: non-default configuration, requires backported kernel and libseccomp
    • CVE-2019-12067: triage: postponed: no sanctioned patch
    • setup physical jessie box, test extensively (Xen, KVM, virt-manager/gnome-boxes, VNC, Spice, Windows, LVM, VirtIO, iSCSI...)
    • call for testing
    • security upload: pending update -CVE-2017-15124 +CVE-2019-12068,CVE-2019-13164,CVE-2019-14378,CVE-2019-15890


  • ASAN (Address Sanitizer): fix missing option and document limitations
  • tomcat: notes from last month about testing tomcat
  • qemu: summarize qemu top use cases
  • bin/contact-maintainers: fix Python 2 code leftover
  • Point out that the training / new member process could be more visible

Norbert Preining: TeX Live/Debian updates 20190930

30 September, 2019 - 17:27

TeX Live 2019 has seen already many updates since the initial upload to Debian, most of which I have never reported about. Today I have uploaded a new set of packages, based on the tlnet archives of 20190930.

The long list of updates is only from the last bunch, but contains a huge amount of stuff. If I would need to pick one interesting change that it is the introduction of development versions of LaTeX made accessible and testable.

Now for the full list of updates and new packages. Enjoy!

New packages

bxghost, circuit-macros, esindex, latex-amsmath-dev, latex-tools-dev, practicalreports, simpleoptics, step,

Updated packages

acro, algobox, almendra, amsmath, arara, axodraw2, babel, babel-french, beebe, biblatex, biblatex-apa, biblatex-bath, biblatex-oxref, biblatex-phys, bundledoc, caption, cellprops, checkcites, chemformula, chemmacros, circuitikz, clojure-pamphlet, ctanbib, datatool, datetime2-scottish, datetime2-serbian, ddphonism, derivative, dtk, ducksay, duckuments, ebgaramond-maths, e-french, etoolbox, exsheets, extract, filecontents, filecontentsdef, fncylab, gatherenum, glossaries, gnuplottex, harftex, hvfloat, hyperref, iodhbwm, ipaex, japanese-otf-uptex, japanese-otf-uptex-nonfree, jfmutil, jlreq, keyfloat, l3backend, l3build, l3experimental, l3kernel, latex-base-dev, latexbug, latexconfig, latex-graphics-dev, latexindent, libertinus-otf, listings, luaotfload, luatexja, luaxml, lwarp, marcellus, mathastext, mathfam256, mismath, newverbs, nicematrix, ocgx2, pdfpages, perltex, plantuml, platex-tools, plautopatch, poemscol, poormanlog, practicalreports, pythontex, scontents, skdoc, snapshot, spacingtricks, statistics, step, tagging, tcolorbox, testidx, tetex, tex4ht, texinfo, textcase, titlesec, tokcycle, tracklang, tuda-ci, unicode-math, updmap-map, upmethodology, uptex-base, xfakebold, xindex, xint, xits,

Russ Allbery: Haul post

30 September, 2019 - 09:53

It's been quite a while since I made one of these, and I... may have been supporting a lot of authors financially despite my huge to-read pile.

Louisa Alcott — Little Women (mainstream)
Louisa Alcott — Good Wives (mainstream)
Louisa Alcott — Little Men (mainstream)
Louisa Alcott — Jo's Boys (mainstream)
Ilona Andrews — Sweep of the Blade (sff)
Rachel Elise Barkow — Prisoners of Politics (nonfiction)
Becky Chambers — To Be Taught, If Fortunte (sff)
James Clear — Atomic Habits (nonfiction)
Michael Collins — Carrying the Fire (nonfiction)
Aliette de Bodard — In the Vanisher's Palace (sff)
Paul Dolan — Happy Ever After (nonfiction)
Benjamin Dreyer — Dreyer's English (nonfiction)
Amal El-Mohtar & Max Gladstone — This is How You Lose the Time War (sff)
Max Gladstone — Empress of Forever (sff)
Emily Guendelsberger — On the Clock (nonfiction)
Alix E. Harrow — The Ten Thousand Doors of January (sff)
Linda Hirshman — Reckoning (nonfiction)
Mike Isaac — Super Pumped (nonfiction)
E.K. Johnston — The Afterward (sff)
Jodi Kantor — She Said (nonfiction)
Guy Gavriel Kay — A Brightness Long Ago (sff)
Sarah Kendzior — The View from Flyover Country (nonfiction)
T. Kingfisher — Minor Mage (sff)
Karoliina Korhonen — Finnish Nightmares 2 (graphic novel)
Karoliina Korhonen — Matti in the Wallet (graphic novel)
Mary Robinette Kowal — The Fated Sky (sff)
Yoon Ha Lee — Hexarchate Stories (sff)
Mark Manson — The Subtle Art of Not Giving a F*ck (nonfiction)
Laurie J. Marks — Air Logic (sff)
Randall Munroe — How To (graphic novel)
Terry Pratchett — Lords and Ladies (sff)
Karl Schroeder — Stealing Worlds (sff)
Ryk E. Spoor — Challenges of the Deeps (sff)
J. Michael Straczynski — Becoming Superman (nonfiction)
P.L. Travers — Mary Poppins (children's)
P.L. Travers — Mary Poppins Comes Back (children's)
P.L. Travers — Mary Poppins Opens the Door (children's)
P.L. Travers — Mary Poppins in the Park (children's)
Jo Walton — Lent (sff)

Phew. I'm coming up on a vacation during which I'll have tons of time to read, but I still am buying books rather faster than reading them. Oh well, money into the pockets of authors, which is always a good thing.

There's a whole mess of non-fiction in there, since I've been in a mood of queuing up a lot of interesting-looking non-fiction to read. (I've resisted grabbing even more.) You might be able to tell that I've never made the transition to getting samples and only buying the book if the sample looks good. Or, for that matter, stopping reading a book if I'm not liking it.

There are also several new releases in there, which will probably be vacation reading, and a couple of books that I've already read but haven't written reviews of yet.

Shirish Agarwal: India doesn’t need women or doctors

30 September, 2019 - 07:38

This is again going to be a long one hence I want to start by sharing some positive news first. Few days back, a vlogger Dhruv Rathee made a vlog review about Jatayu nature and park open in Kerala.

Now, why is it important and good. While it is a profitable initiative, it has been made by private money at the cost of INR 100 crores. It has been built which was a degraded barren land surrounded by forest. While one could argue that even such lands should not be disturbed and one perhaps might be right about that, the research I found seem to be inconclusive. I was looking at one study sometime back in which two adjacent plots of land were taken, both degraded, barren patches of land . One land was left alone while the other had some sort of stable, with animals in it, horses, pigs, donkey etc. and they left the land pretty much besides coming at intervals to see if the animal feed was good enough of them, veteniary medical checkups etc. At the end of couple of years, they checked the micro-nutrients of the soil to see which had more mico-nutrients. It was found out that the ones which had the animals was more fertile and had slightlly more/better ecosystem than the one which was left. IIRC, they published the result in some magazine like ‘Nature’ or some such peer-reviewed publication and other scientists were apply to replicate the results with varying degrees of success. While I remember the simplified version I am sure it is far more complex than I have described. One of the best things they have shared in the review, that the land has been leased from the State Govt. for a period of 30 years after which it will given back to the State of Kerala.

FWIW, Jatayu is the name of a mythological bird taken from Ramayana. Instead of wasting 3000 crores of taxpayer’s money for one single statue and instead invested in in health, education, safe drinking water, employment generation etc. it would have enriched not just the people benefiting from it, but also made x times productivity growth as it has been proved time and again that any improvement in people’s lives not just makes them better, but also enhances countries growth as well. I have given the number X as right now India has 0 people in its Statistical Commisson as the last two full-time membes resigned couple of years back. The only somewhat factual numbers that are in India are provided by CMIE which is a private institution and obviously doesn’t have neither the funds nor the reach that a Government body can. CMIE does share some interesting facts and figures but that probably is a story for another day. For those who might want to visit Jatayu can visit Jayatu Center website for the same. The image shared above is taken from website and is copyrighted to them.

No Country for Women

While I have written on this topic a few times before, each time an incident happens and I feel do we really deserve women ? Many a times when a woman (young or old) goes to the police she is asked to present evidence. Now a young woman who was persistently blackmailed, raped by a person of the ruling party, a ‘Swami’ , a nomenclature reserved for a seer who is supposed to be beyond temptation presented 45 videos of the gentleman to the police. She also leaked couple in social media so that the videos don’t disappear into thin air and she and her family doesn’t get killed as was attempted in Unnao rape case. It is only because the facts came in public that the MLA accused in the Unnao rape case got expelled from the ruling partt, In fact, even the killers in Nirbhaya Rape case , even they haven’t been hanged.

Paper Clipping of Chinmayanand Rape Case

The sad part part is that in this case, even after evidence she has been asked to produce two witnesses who would say that she has been raped. I haven’t ever heard a more bizarre story while siding with the seer who has claimed that she was extorting money from him. The list goes just goes on and on, there were 6 women journalists who claimed sexual harassment against MJ Akbar. The case is on-going in the Supreme High Court where it will be heard now after Dusshera holidays. The last hearing was done on 9th September and will start anytime after 20th October when the Supreme Court starts. And there are several more cases, like the Kathua case rape, the Muzaffarpur Shelter home case, the case goes on and on. Sadly, we don’t even have latest stats as there are no statisticians in Indian Govt. and the only report we have is the 2016 NCRB report which does show the trend that there is rising crime in India. It is party to joblessness which is rampant, and partly perhaps of our conservative mindset towards sex, sex-education .

There were two good movies made in India on the subject, one which sank in Bollywood without a trace called Khandaani Shafakhana which more or less only talked about erectile dysfunction and tried to make few jokes about it. There was Vicky Donor which talked about sperm donation which did good business a while back. The movie which touched my heart recently was though was the malyalam movie called Peranmbu starring ever-green star Mammooty. While I don’t speak Malyalam, you may get the movie on netflix or Amazon prime with english subs. While I don’t want to give the whole story of the movie, there is one scene in which Mammooty visits a woman so he can hire a male escort for his daughter and gets slapped. Many people, especially boys didn’t like that scene and said why he had to go there, but as a viewer if you see the movie from a father’s eyes he did what any sane father who loves his child will do. While at the end, they didn’t give any solution to the issue or it got censored, when you see the movie you can imagine the plight of such children’s fathers, relatives etc. It is sad when such movies which make you think aren’t even part of the national discourse then how are people to grow their consciousness, their humanity. When I hear of such incidents as above, I genuinely, does India really need women ? Shouldn’t women coming from other countries to India be given travel advisories stating that they should either have black belt in Karate or some defence techniques and carry a deadly weapon with them all times to defend themselves from us. It seems we, Indian men have no control

No Country for Doctors

India doesn’t seem to be a country for doctors as well. In 2017, in BRD Hospital at Gorakpur 63 children died due to oxygen supply issues. For this, four doctors and couple of staff were held responsible for their deaths. Dr. Kafeel Khan, Dr. RK Misra, Dr. Purnima Misra, Dr. Satish, Gajanand Jaiwal (pharmacist), Uday Pratap Sharma (Junior Clerk). All of them were put into jail. Few days back, only the three doctors have been put out on bail, all the others are still in jail. Now one of the local newspapers, Janata Ka reporter had done detailed investigative story which shows that the problems or issues were at top. In fact when they were appraised of the facts, Dr. Khan and all the accused together actually somehow scrapped together 500 oxygen cylinders out of their own money. This is when it was found out that the doctors were not paid salaries of 2-3 months. In fact, it has been a perennial issue and because of that more than 50-60% of the hospital staff posts were vacant, due to lack of money. When you see such news and reports, you feel that why doctors should study medicine after paying such high fees and practise in India. They should migrate to US and UK as many of their brethren do. They get better wages, better social security. Neither IMA came to their rescue nor anybody else. It was only local people, the patients, people who knew them and struggled for it. IMA has its own share of issues and politiking but that is perhaps best suited for another date. No wonder that the number of doctors emigrating overseas has risen and people do not want to go to remote posts. When motivated cases like these can happen in cities, then what hope the doctor has of justice or anything in villages. In fact, most doctors nowadays in India have multiple heatlh conditions due to work-related stresses and other things. It is by no perchance that we are most depressed country on earth. Not really the validation we are looking for, right.


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้