Planet Debian

Syndicate content
Planet Debian - http://planet.debian.org/
Updated: 3 hours 14 min ago

Phil Hands: The future arrived, again!

Wed, 2015-03-04 17:04

I am reminded by Gunnar's wonderful news that I have been very remiss in publishing my own.

Mathilda Sophie Hands, our second daughter, was delivered on the 9th of January.

Her arrival was a little more interesting than we'd have preferred (with Gunde being suddenly diagnosed with HELLP Syndrome), but all has turned out well, with Gunde bouncing back to health surprisingly quickly, and Mathilda going from very skinny to positively chubby in a few short weeks, so no harm done.

Today Mathilda produced her first on-camera smile.

It's lovely when they start smiling. It seems to signal that there's a proper little person beginning to take shape.

Categories: FLOSS Project Planets

Simon Josefsson: EdDSA and Ed25519 goes to IETF

Wed, 2015-03-04 09:30

After meeting Niels Möller at FOSDEM and learning about his Ed25519 implementation in GNU Nettle, I started working on a simple-to-implement description of Ed25519. The goal is to help implementers of various IETF (and non-IETF) protocols add support for Ed25519. As many are aware, OpenSSH and GnuPG has support for Ed25519 in recent versions, and OpenBSD since the v5.5 May 2014 release are signed with Ed25519. The paper describing EdDSA and Ed25519 is not aimed towards implementers, and does not include test vectors. I felt there were room for improvement to get wider and more accepted adoption.

Our work is published in the IETF as draft-josefsson-eddsa-ed25519 and we are soliciting feedback from implementers and others. Please help us iron out the mistakes in the document, and point out what is missing. For example, what could be done to help implementers avoid side-channel leakage? I don’t think the draft is the place for optimized and side-channel free implementations, and it is also not the place for a comprehensive tutorial on side-channel free programming. But maybe there is a middle ground where we can say something more than what we can do today. Ideas welcome!

Categories: FLOSS Project Planets

Clint Adams: As one might expect, a white person responded to him.

Wed, 2015-03-04 09:19

“I think poor black people and white intellectuals using the same model is pretty telling, actually: the two most isolated sides of the spectrum,” he said.

Categories: FLOSS Project Planets

Zlatan Todorić: Interviews with FLOSS developers: Paul Wise

Wed, 2015-03-04 06:11

After starting with Joey Hess, we continue with Paul Wise. What makes his star to shine are many things such as being a DSA (Debian System Administrator), a helpful hand on mailings list, encouraging people to join Debian teams but most of all - he has encyclopedia knowledge on Debian as a whole which he gladly shares with anyone who asks (very fast response on IRC channels). It is almost impossible for any single person to count all Debian teams, work and places - to know most of those things, you can image the vast knowledge which Paul has. The legend says that his brain has better and faster search engine algorithm on Debian related queries than all other engines combined. So lets see what he has to share with world.

me: Who are you?

pabs: Paul Wise (pabs) and I have to say that I'm no-where near as knowledgeable as your intro suggests.

me: How did you start programming?

pabs: Messing around with fractals and graphics things in MS BASIC.

me: How would you now advise others to start programming?

pabs: Pick an issue in a tool you use, investigate how the tool works and how you can change it, fix that and contribute the change back to the project that created that tool. In the process you will learn skills, interact with the community and contribute to the project.

me: Setup of your development machine?

pabs: Lenovo Thinkpad with external monitor, Debian testing and some tweaks

me What is your preferable language (for hacking)? Why? How do you compare it to other languages?

pabs: I currently prefer Python for its readability. It still has some rough edges though the documentation covers them fairly well. I generally pick up new languages when working on projects written in them. Haskell is next on the horizon due to Nikki and the Robots.

me: Describe your current most memorable situation as software developer/hacker?

pabs: I had a great time creating fractals in BASIC, learning about the Mandelbrot set, L-systems and more. My days and nights of hacking on frhed (a GPLed hex editor for Windows) to help me cheat at Civilisation were pretty memorable. frhed led to my work on reverse engineering the CHM file format (a documentation format for Windows programs). A stand-out moment during my time with Debian was hacking on the derivates census patch generation code during the Debian UK BBQ weekend, surrounded by geeks playing Portal, cooking things, hacking on Debian and generally having a good time (thanks Steve!).

me: Some memorable moments from Debian conferences?

pabs: There are so many; meeting Debian folks, playing Mao once and then never again, late night games of werewolf, both delectably delicious and hideously disgusting cheeses, fried insects, day trips to beautiful landscapes, inspiring keynotes, exciting BoFs, secret IRC channels for planning surprise birthday parties, blue hair, wet air, blocks of fried cheese, a vast quantity of icecream, pants, geeks in the surf, volcanoes, hiking, a wonderful view, a uni-cycling stormtrooper & more.

me: How do you see future of Debian development?

pabs: I hope we will continue to exist and uphold our principles for the foreseeable future. I don't have any crystal balls though.

me: You recently became member of Debian DSA - what is that like, what roles do you have and what tasks are in front of DSA?

pabs: We wrote a bit of text about that for DPN recently.

me: You have large knowledge on Debian and you share it with anyone who wants to know more. What motivates you to do so?

pabs: I want the operating system I personally rely on to exist into the future, helping folks work on and join Debian can help with that.

me: Why should developers and users join Debian community? What makes Debian a great and happy place?

pabs: Every Debian contributor has different reasons for joining the community. Personally the Social Contract, the DFSG and the spirit and culture behind them are the main reason to be involved. I also like our many efforts towards technical excellence and correctness. Of course I've made a number of good friends over the years, especially as a result of attending DebConf every year since 2007.

me: You are member of Debian publicity team which writes Debian news - do you need more people to join that team and how can they start?

pabs: Since there is an infinite amount of work to do, pretty much every part of Debian always needs help, that includes the publicity team. We published a post about ways to help here.

me: If someone wants to contribute to Debian in terms of packaging, can they do it anonymously (for example over Tor network, does Debian have .onion address)?

pabs: Due to Debian's penchant for transparency it is harder but there are definitely package maintainers who have built up a reputation for good work under a pseudonym over the years and become Debian contributors as a result. I'm not aware of completely anonymous package maintainers but there are definitely people who file bugs using one-off pseudonyms, which is almost the same thing as anonymously. There are definitely Debian contributors and members who use Tor while contributing to Debian. In fact, as Debian is very highly dependent on OpenPGP and the best practices for OpenPGP include refreshing your keyring slowly over Tor, so probably quite a number of Debian contributors use Tor. As far as I know Debian itself does not run any Tor relays or onion services.

me: What are places that non-packaging developers and people could join and help spread Debian even more?

pabs: There are many ways to help Debian, including non-technical ones. Unfortunately our web page about helping Debian isn't quite up-to-date with all of them but a few more are to volunteer at DebConf, helo with artwork requests, speak about Debian at events or even come up with ideas for projects. Whatever skills you have, Debian can probably make use of them. If you aren't sure where to start, jump on the debian-mentors mailing list or IRC channel and we can probably guide you to the right place within Debian. Don't worry about not being skilled enough, everyone starts somewhere.

me: How do you see Debian will manage webapps?

pabs: Personally I prefer locally installed software, standard data formats and standard data transfer protocols to the wild webapps world but I understand they are becoming very popular to produce and use due to the ubiquity of the web browser platform. Antonio Terceiro is mentoring a project for this year's newcomer mentorship programs (outreachy/gsoc) that aims to improve support for installing web apps on Debian installations. I hope it succeeds as it could help make Debian more popular on servers and home servers in particular.

me: How would you advise Debian (and other FLOSS users) to setup their machine in terms of security and anonymity?

pabs: All technology has upsides and downsides. I would advise anyone to analyse their situation and protect themselves accordingly. For example if you have a bad memory, full disk encryption, which is based on pass-phrases might lead to data loss and physical security might be a better choice for protecting your data. The right choices around technology are very much a personal thing.

me: Is it better to setup xmonad (because it is Haskell based WM) with small dependency chain or GNOME (because it is getting sandboxed apps) in term of security and privacy implications?

pabs: Again, the right choices around technology are very much a personal thing. Due to the design of X11, both of these are approximately equivalent from a window-manager security properties point of view, that is to say, pretty bad. Wayland is one of the possible X11 successors and offers much better security properties. GNOME folks are working on switching to Wayland. Ultimately though it comes down to how each person uses their window manager and which software they run under it.

me: Should Debian join Tor project as distro that installs Tor relays by default - should it offer that as option in installer in Debian 9?

pabs: Running a Tor relay requires a reasonably fast and reliable Internet connection and should be a conscious decision on behalf of the sysadmin for a computer so Debian probably shouldn't install them by default. If tasksel gets support for installing tasks from Debian Pure Blends, then we could add a Tor relay task to the Debian Sanctuary Pure Blend.

me: Have you ever considered joining initiatives such as FreedomBox?

pabs: I was quite moved by Eben Moglen's talk at DebConf10 in New York and the resulting BoF. It seemed like a very ambitious project but I didn't really have the knowledge, skills or time to contribute yet.

me: Are you a gamer? Valve Steam games are offered for free to Debian Developers - do you use steam and play Valve games? Your thoughts on Steam and non-free Linux gaming?

pabs: I play computer games occasionally, all from Debian main or ones that I'm packaging. 0ad is my current go-to for a bit of gaming. I don't have any experience with Steam or non-free games on Linux.

me: Is there something you would change in FLOSS ecosystem?

pabs: Various folks have highlighted new and ongoing challenges for the FLOSS ecosystem in various places in recent years.

Something that I would like to highlight that does not get talked about enough is the choices we make around our digital artefacts. This is the discussion around "preferred form for modification" or "source". The "source" for a particular digital artefact is a deliberate choice on behalf of the authors. Often generated files are distributed alongside the "source" without any instructions for reproducing the generated files from the "source". It sometimes happens that FLOSS contributors forget to distriute what they have chosen as "source", instead just distributing the generated files. This is a fairly well known issue but still happens. What isn't thought about quite as much is that the choice of "source" has consequences for future development possibilities of that "source". Some forms of "source" are more expressive than others, can be modified in a wider variety of ways and are better choices in general. Sometimes the consequences of choosing less expressive forms are mild and other times they are quite important. I hope more people will start to think about these choices. Some examples where, in my opinion, various people could have made better choices are listed in the mail I sent to the games team list last year.

Another thing I would like to highlight is the work that organisations like Software Freedom Conservancy and Software in the Public Interest do to protect, defend, promote and support FLOSS projects. It is very important work that needs our interest and support.

me: Can FLOSS world create great alternatives to Viber, Dropbox, WhatsUp, Facebook, Skype and other non-free services?

pabs: I think that the FLOSS world has already created alternatives to all of those. The success of non-free services doesn't take these alternatives away but it does mean some of them are less useful because some of them are the kind of tools that become more useful with a larger amount of people using them. I don't know what it would take for the FLOSS alternatives to achieve similar success as network effects are hard to overcome. Hopefully mako is right and the network effects are overrated.

me: Your thoughts and compare Cloud, IaaS, PaaS, SaaSS? To what should the FLOSS world pay more attention and energy?

pabs: Initially I dismissed these as buzzwords and a threat to Free Software. These days I view them as potential opportunities for Free Software. Cloud-related technologies such as OpenStack and virtual machines can make private compute farm hardware more flexible and useful to their owners. IaaS providers can be used to run Debian more simply and cheaply and therefore bring Debian to more people than possible with hardware. PaaS providers can be used to run Free Software services. SaaSS can be based entirely on Free Software and respect users. Of course, just like running Free Software on hardware (proprietary or libre), cloud technology, IaaS, PaaS and SaaSS all come with downsides. The FLOSS world should aim to inform users of our software of these downsides. For example, the Debian installer could note that it is running on Intel CPUs with a proprietary BIOS and various proprietary software running, that it is running on a mobile phone with a locked bootloader, that it is running in a Xen VM on machines owned by Amazon. Free Software services could note they are running on Google App Engine etc. Free Software web browsers, chat clients etc could note when they are connecting to proprietary network services. All these notes could inform users about the downsides present in the particular situation encountered. There is also much work to be done making it easier to run Free Software on top of or use Free Software to connect to all manner of platforms from lowRISC to UEFI to VMware to Google App Engine to GitHub to Facebook. The more places Free Software can reach, the more people will be exposed to the philosophy behind it and the more potential there is for folks to join the community. While co-option of the FLOSS world is a dangerous certainty, co-option of proprietary platforms might be able to expand the reach of the philosophy behind Free Software.

me: Your thoughts on Purism (the open hardware laptop initiative that got recently funded on CrowdSupply)?

pabs: I don't know enough about that to comment but personally I am more interested in a laptop based on a libre CPU architecture. The RISC-V ISA and the lowRISC project seems to be one of the more promising possibilities at this point in time.

me: Did you watch Citizenfour - comments on it?

pabs: I've seen the trailer and look forward to watching it at some point, I read there might be a screening at DebConf15.


Categories: FLOSS Project Planets

Daniel Pocock: Wrong day or wrong volcano?

Tue, 2015-03-03 14:12

On our last visit to Chile, we stayed in Pucon for a few days and went to climb the Villarrica volcano:

It is demanding (1500 meter rise in elevation from the bus stop, crampons must be worn on the glacier) but the view is breathtaking. While we were there, another nearby volcano erupted.

Today, Villarrica Volcano had its turn:

Categories: FLOSS Project Planets

Carl Chenet: Backup Checker 1.2 : verify remote backups

Mon, 2015-03-02 18:00

Follow me on Identi.ca  or Twitter  or Diaspora*

Backup Checker is a command line software developed in Python 3.4, allowing users to verify the integrity of archives (tar,gz,bz2,lzma,zip,tree of files) and the state of the files inside an archive in order to find corruptions or intentional of accidental changes of states or removal of files inside an archive.

The major feature of this new version is the ability of Backup Checker to use Unix streams. Using classic Unix tools like OpenSSH or wget, Backup Check is able to verify a remote tar.{gz,bz2,xz} archive. The following example verifies a tar.gz archive located on remote server through SSH:

$ ssh -q server "cat /tmp/backup.tar.gz" | ./backupchecker.py -c . -

Another short example with the FTP protocol, to verify a tar.bz2 archive located on a remote server through FTP:

$ wget --quiet -O - ftp://user:pass@server/backup.tar.gz | ./backupchecker.py -c . -

Moreover in this release, a new option –configuration-name allows the user to define a custome name for the files generated by Backup Checker (default is defined from the name of the archive using the -g or -G options).

It is a major step for Backup Checker. It is indeed easier and easier to use Backup Checker in your own scripts, allowing to fully automate your backup controls.

Several companies now use Backup Checker to secure their backups. Let us know if we can help you.

As usual, any feedback is welcome, through bug reports, emails of the author or comments on this blog.


Categories: FLOSS Project Planets

Jonathan Dowland: Debian and Docker

Mon, 2015-03-02 16:34

I've been playing around with Debian and Docker a little bit. I found Joey Hess' post about Docker trust interesting reading, in particular this advice:

I'd recommend only trusting docker images you build yourself. I have some docker images published somewhere that are built with 100% straight debootstrap with no modifications (...) But I'm not going to link to them, because again, you should only trust docker images you built yourself.

On that advice, I did exactly that. I've pushed the basic scripts I used to build my images to github:jmtd/debian-docker. Suggestions welcome!

However, I am planning to share the images I build, at least for my own convenience, on the Docker repository. I'm hoping to publish some PGP-signed sums somewhere so you could verify the binary images on the Docker registry if you so wish.

The three images I'm currently maintaining are:

  • jmtd/debian:buildd: a sid image, variant buildd, to use as the base for package builds
  • jmtd/debian:wheezy: a minbase wheezy
  • jmtd/debian:wheezy-i386: a minbase wheezy, i386

(note: I haven't pushed them all yet.)

With docker 1.5.x at least, the i386 image works fine on amd64 hosts. I've used it as the basis for running wine and Windows binaries. I might push a wine image if I generalise it enough to be more useful.

The Docker folks recommend using Debian as a base image because it's a small size (approx. 163M for my base image, 85.01M for the semi-official one: See Joey's blog for some of the differences) but with a good set of tools. I wondered whether I could leverage the efforts of the Emdebian project to get an even smaller base image.

Unfortunately, the Emdebian project discontinued their 'Grip' project midway through last year. A basic Emdebian grip install is a fair bit smaller than the equivalent wheezy image, but once you've applied security updates most of the difference is lost. I suspect that some of Emdebian's minimisation techniques would be useful and applicable for shrinking Docker base images.

Categories: FLOSS Project Planets

Zlatan Todorić: Debian priglavci

Mon, 2015-03-02 15:36

Mom and Debian is an awesome combination. :)

Categories: FLOSS Project Planets

Wouter Verhelst: NBD 3.9

Mon, 2015-03-02 14:39

I just released NBD 3.9

When generating the changelog, I noticed that 3.8 happened two weeks shy of a year ago, which is far too long. As a result, the new release has many new features:

  • AF_UNIX support
  • New "treefiles" mode, which exports a gazillion of page-sized files; useful for exporting things which are stored on an SSHFS or amazon AWS (trough FUSE) or similar, where every write causes an upload to the backend storage
  • New "cowdir" option, allowing to specify where copy-on-write files are written.
  • Minor changes so that nbd-client can now also be compiled for the Android platform. This required removal of the -swap command line option, which requires the mlockall() system call, unavailable on Android.
  • Protocol update: a reserved bit is used to avoid sending the 124 bytes of useless data at the beginning of the negotiation. The change is implemented so that things will still work with clients not supporting this option, however.
  • gznbd is now built by the same build system, rather than a separate one. Note however that gznbd is still unmaintained; it should be considered a "contrib" feature.
  • "nbd-server -V" will now output the nbd-server version number.
  • Fixed test suite on non-GNU getopt() implementations
  • Various fixes found through Coverity and the clang static analyzer, and lots of other minor things too small to mention here.

Get it at the usual place.

Categories: FLOSS Project Planets

DebConf team: Inviting speakers to DebConf15 (Posted by René Mayorga)

Mon, 2015-03-02 13:00

Last year for the DebConf edition that took place in Portland, we had some invited speakers that helped bring a different point of view to the matters discussed during the conference. This year we would like to do this again.

If you would like to suggest inviting someone that would not regularly attend DebConf, the DebConf Content Team encourages you to do that now. We will stop accepting new suggestions on 10 March 2015.

You can follow the simple procedure described on the Inviting Speakers page in the DebConf’s Wiki

Please keep in mind that we don’t promise to bring to Heidelberg everyone that is suggested. The final list of invited speakers will depend on the speakers’ availability and our limited budget.

Categories: FLOSS Project Planets

Michal Čihař: Gammu 1.35.0

Mon, 2015-03-02 12:00

Gammu 1.35.0 has been just released. This is just bugfix release to fix some major issues introduced in 1.34.0.

Full list of changes:

  • Fixed encoding of UTF-8 for higher code points.
  • Improved provided udev rules.
  • Fixed possible lock while getting network status in SMSD.
  • Various localization updates.

You can download it from http://wammu.eu/download/.

I will not make any promises for future releases (if there will be any) as the tool is not really in active development.

Filed under: English Gammu Wammu | 0 comments | Flattr this!

Categories: FLOSS Project Planets

Robert Edmonds: Converting to --upstream-vcs-tag

Sun, 2015-03-01 17:36

Recently, the Google protobuf developers announced a migration of their project's source code from an svn repository to a git repository. Up until this point, the Debian protobuf package repository had only tracked upstream development by embedding upstream release tarballs using gbp import-orig with pristine-tar. It would be nice to smoothly migrate the packaging repository to additionally make use of the --upstream-vcs-tag option to gbp import-orig, the advantages of which have been well described by Russ Allbery.

This turned out to be harder than expected, so for reference I documented the steps I took below. Note that this packaging repository uses the default gbp import-orig repository layout, where upstream sources are placed on a branch named upstream, and the Debian branch is named master.

Add an upstream remote configured to track the upstream repository's master branch and tags.

$ git remote add --tags --track master upstream https://github.com/google/protobuf.git

The upstream remote shouldn't be confused with our upstream branch. Note that git-remotes are local to the repository, so the upstream remote should probably be documented in the debian/README.source file.

Fetch the upstream branch and tags.

$ git fetch upstream warning: no common commits remote: Counting objects: 5210, done. remote: Compressing objects: 100% (861/861), done. remote: Total 5210 (delta 3869), reused 5194 (delta 3855) Receiving objects: 100% (5210/5210), 3.57 MiB | 1.43 MiB/s, done. Resolving deltas: 100% (3869/3869), done. From https://github.com/google/protobuf * [new branch] master -> upstream/master * [new tag] v2.6.0 -> v2.6.0 $

We now have a git-remote upstream, a remote-tracking branch upstream/master which corresponds to the master branch that upstream makes releases from, and a release tag v2.6.0. Note that the remote-tracking branch upstream/master shouldn't be confused with our master branch.

Up until this point, our upstream branch has been synthetically generated by importing upstream's release tarballs with gbp import-orig. We need to merge this synthetic history with upstream/master. Unfortunately, I couldn't find a way to do this without using a temporary branch.

$ git checkout -b tmp upstream/master Branch tmp set up to track remote branch master from upstream. Switched to a new branch 'tmp' $ git merge -s ours -m \ "Merge the original 'upstream' branch with upstream's new master branch" upstream Merge made by the 'ours' strategy. $ git checkout upstream Switched to branch 'upstream' Your branch is up-to-date with 'origin/upstream'. $ git merge --ff-only tmp Updating 7ed940b..9ba221e Fast-forward CHANGES.txt | 49 +- COPYING.txt => LICENSE | 0 Makefile.am | 64 +- Makefile.in | 1041 -- README.txt => README.md | 49 +- [...many more lines...] $ git branch -D tmp Deleted branch tmp (was 5f18f02). $

There are now an additional 400 or so commits on our upstream branch, corresponding to the new git repository history published by upstream.

Import the 2.6.0 release tarball against the upstream v2.6.0 tag, using the --upstream-vcs-tag option.

$ git checkout master Switched to branch 'master' Your branch is up-to-date with 'origin/master'. $ gbp import-orig -u 2.6.0 --upstream-vcs-tag=v2.6.0 ~/debian/tarballs/protobuf_2.6.0.orig.tar.gz gbp:info: Importing '/home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz' to branch 'upstream'... gbp:info: Source package is protobuf gbp:info: Upstream version is 2.6.0 pristine-tar: committed protobuf_2.6.0.orig.tar.gz.delta to branch pristine-tar gbp:info: Merging to 'master' gbp:info: Successfully imported version 2.6.0 of /home/edmonds/debian/tarballs/protobuf_2.6.0.orig.tar.gz $

The upstream branch now contains a mixture of the original series of release tarball content imported by plain gbp import-orig and the upstream/master branch as published by upstream.

Updating the Debian packaging repository when new upstream releases occur only requires a git fetch to pull down upstream's updated git history and release tag and using the --upstream-vcs-tag option when importing the release tarball with gbp import-orig.

Categories: FLOSS Project Planets

Dirk Eddelbuettel: drat 0.0.2: Improved Support for Lightweight R Repositories

Sun, 2015-03-01 10:39

A few weeks ago we introduced the drat package. Its name stands for drat R Archive Template, and it helps with easy-to-create and easy-to-use repositories for R packages. Two early blog posts describe drat: First Steps Towards Lightweight Repositories, and Publishing a Package.

A new version 0.0.2 is now on CRAN. It adds several new features:

  • beginnings of native git support via the excellent new git2r package,
  • a new helper function to prune a repo of older versions of packages (as R repositories only show the newest release of a package),
  • improved core functionality in inserting a package, and adding a repo.

Courtesy of CRANberries, there is a comparison to the previous release. More detailed information is on the drat page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Categories: FLOSS Project Planets

Thorsten Alteholz: My Debian Activities in February 2015

Sun, 2015-03-01 09:02

FTP assistant

Processing the new queue got off the ground again. This month I marked 154 packages for accept and rejected 20 packages.

Some emails I got were rather funny and people are very creative when trying to interpret the license of upstream. But hey, most of the time upstream has a reason to choose a specific wording. You can try to interpret those words, but don’t waste your time. Better ask upstream about their intention and whether this fits into the world of Debian. It only sounds strange when upstream publishes their stuff under licenseA and wants to distribute their files under licenseB but insists on keeping the wording of licenseA. That’s life!

Squeeze LTS

This was my eighth month that I did some work for the Squeeze LTS initiative, started by Raphael Hertzog at Freexian.

This month I got assigned a workload of 14.5h and I spent these hours to upload new versions of:

  • [DLA-145-2] php5 regression update
  • [DLA 146-1] krb5 security update
  • [DLA 150-1] unzip security update
  • [DLA 151-1] libxml2 security update
  • [DLA 162-1] e2fsprogs security update

For whatever reason, the DLA-145-2 didn’t reach debian-lts-announce. As the listmaster didn’t find any reason for this (at least the other emails all appeared), I think there has been some extraterrestrial influence (“The Truth Is Out There”).

Anyway, I also worked on an upload for binutils, but one patch is a real 100kB-beast. Meanwhile I am down to only one regression in one source file, so I hope that there will be an upload in March.

I also uploaded one DLA for libgtk2-perl ([DLA 161-1] libgtk2-perl security update although no LTS sponsor indicated any interest.

Other packages

I didn’t do any work on other packages, but looking at the bug count, the number of bugs has increased. So, sorry, if you sent in a bug report and I didn’t answer. It is not forgotten.

Donations

After adding some micro payment buttons to my blog in January, I already got a donation of 20€ in February. I really appreciate this and I feel vindicated that my contributions to Debian are still useful.

Categories: FLOSS Project Planets

Ben Hutchings: Debian LTS work, February 2015

Sat, 2015-02-28 16:39

This was my third month working on Debian LTS, and the first where I actually uploaded packages. I also worked on userland packages for the first time.

In the middle of February I finished and uploaded a security update for the kernel package (linux-2.6 version 2.6.32-48squeeze11, DLA 155-1). I decided not to include the fix for CVE-2014-9419 and the large FPU/MMX/SSE/AVX state management changes it depends on, as they don't seem to be worth the risk.

The old patch system used in linux-2.6 in squeeze still frustrates me, but I committed a script in the kernel subversion repository to simplify adding patches to it. This might be useful to any other LTS team members working on it.

In the past week I uploaded security updates for cups (version 1.4.4-7+squeeze7, DLA 159-1) and sudo (1.7.4p4-2.squeeze.5, DLA 160-1). My work on the cups package was slowed down by its reliance on dpatch, which thankfully has been replaced in later versions. sudo is a more modern quilt/debhelper package, but upstream has an odd way of building manual pages. In the version used in squeeze the master format is Perl POD, while in wheezy it's mandoc, but in both cases the upstream source includes pre-generated manual pages and doesn't rebuild them by default. debian/rules is supposed to fix this but doesn't (#779363), so I had to regenerate 'by hand' and fold the changes into the respective patches.

Finally, I started work on addressing the many remaining security issues in eglibc. Most of the patches applied to wheezy were usable with minimal adjustment, but I didn't have time left to perform any meaningful testing. I intend to upload what I've done to people.debian.org for testing by interested parties and then make an upload early in March (or let someone else on the LTS or glibc team do so).

Update: I sent mail about the incomplete eglibc update to the debian-lts list.

Categories: FLOSS Project Planets

Petter Reinholdtsen: The Citizenfour documentary on the Snowden confirmations to Norway

Sat, 2015-02-28 16:10

Today I was happy to learn that the documentary Citizenfour by Laura Poitras finally will show up in Norway. According to the magazine Montages, a deal has finally been made for Cinema distribution in Norway and the movie will have its premiere soon. This is great news. As part of my involvement with the Norwegian Unix User Group, me and a friend have tried to get the movie to Norway ourselves, but obviously we were too late and Tor Fosse beat us to it. I am happy he did, as the movie will make its way to the public and we do not have to make it happen ourselves. The trailer can be seen on youtube, if you are curious what kind of film this is.

The whistle blower Edward Snowden really deserve political asylum here in Norway, but I am afraid he would not be safe.

Categories: FLOSS Project Planets

Zlatan Todorić: Interviews with FLOSS developers: Joey Hess

Sat, 2015-02-28 15:40

Edit: Now translated to Chinese. Thanks zhang wei!

There is really hardly a better way to open a series of interviewing with developers behind Free Libre Open Source Software project, then with incredible mind such as Joey Hess. To write his contributions to Free software ecosystem, especially in Debian, would be a book by itself. His impact exceeds even his projects - people literally follow his blog posts to see what he is doing and how is he living. A hacker from cabin. If you really need to have a picture of true hacker, then Joey is the one. As this isn't a book I will just mention few projects that he has been behind - git-annex, ikiwiki, etckeeper, debian installer, parts of dpkg, debhelper, devscripts, taskel. So without further waiting here it is.

me: Who are you?

joeyh: I'm Joey -- https://joeyh.name/

me: How did you start programming?

joeyh: Atari 130XE which came with BASIC and a boring word processor and not much else. No other friends had one, so the only way to get software was to type in demo programs from manual and then begin to change and write my own. So, the easy way to learn. Also some Logo in school.

me: How would you now advise others to start programming?

joeyh: Difficult question, it seems much harder to get an intimate understanding of things than when I started, and much harder to be motivated to program when there's so much stuff easily available. Maybe simple bare-metal systems like Arduino coupled with real-world interaction are the answer.

I've recently been mentoring my nephew who is learning python and Python the Hard Way has gotten him far impressively fast.

me: Setup of your development machine?

joeyh: Lenovo laptop de-spywared with Debian unstable, xmonad, xfce, vim.

me: Your thoughts on Purism (the open hardware laptop initiative that got recently funded on CrowdSupply)?

joeyh: I don't know much about that one, but it seems that consumer level hardware has gotten so low quality, and so closed and untrustworthy that it makes sense to either build alternatives that are open, or pick out, as a community, the stuff we can adapt to our needs and concentrate on it. Several projects are trying, I hope they succeed.

me: How do you see future of Debian development?

joeyh: Well, I've mostly stopped worrying about it. If you look back at my presentations at the past 2 or 3 DebConfs, you'll find my best thoughts on the matter.

me: You retired as Debian developer - do you intend sometime soon to come back and/or do you plan to join some other communities?

joeyh: It would be glorious to come back, wouldn't it? But I don't think I will. Can't step in the same river twice, and all.

Instead, Debian will probably have to put up with me as an annoying upstream author who doesn't ship tarballs, but does ship debian/ directories, and as a bug reporter who enjoys reporting amusing bugs like -0 NaN.

I seem to have more time to spend in other online communities since I left Debian, but in a more diffuse way. Maybe that's just what it's like, to be involved in Free Software but not in the embrace of a big project like Debian.

me: Some memorable moments from Debian conferences?

joeyh: There are so many! Picnicing on berries and tamales at the Portland farmer's market right outside the venue; rainbows and bonfire in Switzerland after crazy busy days; impromptu pipe organ repair in a weird night venue in Edinburgh; walking through Porto Alegre at night with Ian Murdock and how humble he was about what he'd started; hacking all night in Spain; failing to sleep through midnight sun and incessent partying Finland; hanging out in the hotel lobby in Atlanta where we designed Build-Depends.

me: Are you a gamer? Valve Steam games are offered for free to Debian Developers - do you use steam and play Valve games?

joeyh: I've played through Half Life and Portal, but nethack has claimed more of my time. I mostly enjoy short, indie games, or games that tell us something new about the medium of games, A recent favorite was A Dark Room.

But really, I have more pure fun playing real world Tabletop games with friends, like Carcassanne Discovery and Hive.

In March, I am going to try to write a roguelike game in one week, in Haskell, for the Seven Day Roguelike Challenge and I'll be blogging about my progress daily.

me: You are nowdays a Haskell hacker (git-annex) - what would you like to say about this language and how does it compare to Python, C, JavaScript, Ruby and Perl?

joeyh: Not just git-annex; all my current projects are written in Haskell.

I think it's amazing how much we expect programmers to keep in their heads while writing code. Is that buffer going to overflow? Is changing the value of that global variable going to break some other part of the code? Is that input sanitized yet? Did that interface change? Haskell solves some of these outright, but more, it makes you start noticing this kind of pervasive issue, and it provides ways to completely eliminate a class of problems from your code.

For example http://joeyh.name/blog/entry/making_propellor_safer_with_GADTs_and_type_families/. The class of bugs I avoided there had never affected my code even once, but it was still worth preventing that whole class of bugs, so I don't have to worry about them ever again.

me: Would you suggest Haskell as first language to learn especially for those that have an itch for mathematics?

joeyh: I think that can work well. Or it can go other the way -- I had an affinity to mathematics when I was young, but it got knocked out of me in the way that happens to many people, and languages like perl and C don't do much to make you want to learn more about higher-order math. I've been picking up a bit more here and there via Haskell.

me: How do you compare your productivity in Haskell compared to your Perl days?

joeyh: It's very different; I'm a very different programmer now. I probably would bang out quick hacks more quickly when I was writing Perl. But, they tended to stay quick hacks. Now, I might take a little longer to get there, but the code seems a lot more solid, while also being more malleable to turn into larger or different programs.

I'm also a lot more drawn toward writing software libraries.

me: Can you describe your philosophy of life (you live in cabin, in forest, using a lot of solar power - many people are intrigued (including myself) what drives you towards that kind of life and how does it impact your overall quality of life and happiness. Looking the todays modern predator capitalistic society, in which you could easily earn more then $10.000 a month, you seem to be an anarchist and very humble human)?

joeyh: I want to build worthwhile things that might last. Which is super hard in the world of software, both because it's hard to think far ahead at all, and because most jobs don't emphasize that kind of real value. I've been lucky and bootstrapped up to a point where I've been able to work full time on free software for years, and I'm willing to forgo a lot to continue that.

Living in the woods without modern conveniences is great, because it's quiet and you can think as much as you like; the internet is just as close as it is anywhere else (maybe a bit slower); and when you've spent too much time quietly thinking you'll need to go chop wood, or haul water, or jump in the river to cool off, depending on the season.

(Humble? Like most programmers, I am internally a flaming tower of ego...)


Vote on Hacker News

Categories: FLOSS Project Planets

Mathieu Parent: Hello Planet Debian

Sat, 2015-02-28 13:05

After more than five years of being a Debian developer, here is my first post on Planet Debian!

I currently maintain 165 packages. My focus has changed since 2009, but those are still mostly sysadmin packages:

  • ctdb (under the pkg-samba umbrella), the clustered database used by samba
  • c-icap and c-icap-modules: a c-icap server mostly useful with squid and providing url blacklists and antivirus filtering
  • pkg-php-tools: easy packaging of PHP packages (PEAR, PECL and Composer) as .deb
  • 124 php-horde* (Horde) packages: A groupware and webmail, written in PHP
  • 12 PHP PEAR, Composer, or PECL packages (those are Horde dependencies)
  • I’m mostly maintaining alone the above packages. Any help is appreciated!
  • python-ceres, graphite-carbon and graphite-web: Graphite is an high performance monitoring and graphing software. Jonas Genannt is maintaining the packages well and I only do review
  • 20 shinken packages : a monitoring solution, compatible with nagios configuration files and written in python. Thibault Cohen is doing most of the packaging, and I give advice
  • svox: The TTS from Android (unfortunately non-free because of missing or outdated sources). This is now under the Debian Accessibility Team umbrella
  • kolabadmin: this is the last remaining piece from my former pkg-kolab membership (unfortunately kolab server won’t be in jessie, you can help the team for Stretch)

Now that the first post is online, I will try to keep up!


Categories: FLOSS Project Planets

Dirk Eddelbuettel: RcppEigen 0.3.2.4.0

Sat, 2015-02-28 09:34

A new release of RcppEigen is now on CRAN and in Debian. It synchronizes the Eigen code with the 3.2.4 upstream release, and updates the RcppEigen.package.skeleton() package creation helper to use the kitten() function from pkgKitten for enhanced package creation.

The NEWS file entry follows.

Changes in RcppEigen version 0.3.2.4.0 (2015-02-23)
  • Updated to version 3.2.4 of Eigen

  • Update RcppEigen.package.skeleton() to use pkgKitten if available

Courtesy of CRANberries, there is also a diffstat report for the most recent release.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Categories: FLOSS Project Planets

Gunnar Wolf: Welcome to the world, little ones!

Sat, 2015-02-28 08:26

Welcome little babies!

Yesterday night, we entered the hospital. Nervous, heavy, and... Well, would we ever be ready? As ready as we could.

A couple of hours later, Alan and Elena Wolf Daichman became individuals on their own right. As is often the case in the case of twins, they were brought to this world after a relatively short preparation (34 weeks, that's about 7.5 months). At 1.820 and 1.980Kg, they are considerably smaller than either of the parents... But we will be working on that!

Regina is recovering from the operation, the babies are under observation. As far as we were told, they seem to be quite healthy, with just minor issues to work on during neonatal care. We are waiting for our doctors to come today and allow us to spend time with them.

And as for us... It's a shocking change to finally see the so long expected babies. We are very very very happy... And the new reality is hard to grasp, to even begin understanding :)

PS- Many people have told me that my blog often errors out under load. I expect it to happen today :) So, if you cannot do it here, there are many other ways to contact us. Use them! :)

Categories: FLOSS Project Planets