CINXE.COM

<?xml version="1.0" encoding="utf-8"?> <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"> <html xmlns="http://www.w3.org/1999/xhtml" lang="en"> <head> <title>Planet Debian</title> <meta http-equiv="content-type" content="text/html; charset=utf-8" /> <meta name="generator" content="http://intertwingly.net/code/venus/" /> <link rel="stylesheet" href="common/planet.css" type="text/css" /> <link rel="icon" type="image/x-icon" href="common/favicon.ico" /> <link href="rss10.xml" rel="alternate" type="application/rss+xml" title="RSS 1.0 Feed" /> <link href="rss20.xml" rel="alternate" type="application/rss+xml" title="RSS 2.0 Feed" /> <link href="atom.xml" rel="alternate" type="application/atom+xml" title="Atom Feed" /> <script type="text/javascript" src="common/hide.js"></script> <script type="text/javascript">  </script> </head> <body> <div id="header"> <div id="upperheader"> <div id="logo"> <a href="https://www.debian.org/" title="Debian Home"><img src="common/Pics/openlogo-50.png" alt="Debian" width="50" height="61" /></a> </div> <p class="section"><a href="/">planet</a></p> </div> <div id="navbar"> <p class="hidecss"><a href="#inner">Skip Quicknav</a></p> <ul> <li><a href="https://www.debian.org/intro/about">About Debian</a></li> <li><a href="https://www.debian.org/distrib/">Getting Debian</a></li> <li><a href="https://www.debian.org/support">Support</a></li> <li><a href="https://www.debian.org/devel/">Developers' Corner</a></li> </ul> </div> <p id="breadcrumbs"><a href="https://planet.debian.org/">Planet Debian</a></p> </div> <div id="content"> <h1>November 26, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="https://www.linux.it/~ema/" title="Emanuele Rocca">Emanuele Rocca</a> <script type="text/javascript">  </script> </h2> <div id="https://www.linux.it/~ema/posts/building-debian-packages-the-right-way/" class="https://www.linux.it/~ema/posts/building-debian-packages-the-right-way/"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.linux.it/~ema/posts/building-debian-packages-the-right-way/">Building Debian packages The Right Way</a> </h3> <div class="content"> <div class="paragraph"> <p>There is more than one way to do it, but it seems that The Right Way to build Debian packages today is using <a href="https://wiki.debian.org/sbuild">sbuild</a> with the <a href="https://manpages.debian.org/unstable/util-linux/unshare.1.en.html">unshare</a> backend. The most common backend before the rise of unshare was <a href="https://manpages.debian.org/unstable/schroot/schroot.1.en.html">schroot</a>.</p> </div> <div class="paragraph"> <p>The official Debian Build Daemons <a href="https://lists.debian.org/debian-devel-announce/2024/11/msg00002.html">have recently transitioned to using sbuild with unshare</a>, providing a strong motivation to consider making the switch. Additionally the new approach means: (1) no need to configure schroot, and (2) no need to run the build as root.</p> </div> <div class="paragraph"> <p>Here are my notes about moving to the new setup, for future reference and in case they may be useful to others.</p> </div> <div class="paragraph"> <p>First I installed the required packages:</p> </div> <div class="listingblock"> <div class="content"> <pre>apt install sbuild mmdebstrap uidmap</pre> </div> </div> <div class="paragraph"> <p>Then I created the following script to update my chroots every night:</p> </div> <div class="listingblock"> <div class="content"> <pre>#!/bin/bash for arch in arm64 armhf armel; do HOME=/tmp mmdebstrap --quiet --arch=$arch --include=ca-certificates --variant=buildd unstable \ ~/.cache/sbuild/unstable-$arch.tar http://127.0.0.1:3142/debian done</pre> </div> </div> <div class="paragraph"> <p>In the script, I’m calling <code>mmdebstrap</code> with <code>--quiet</code> because I don’t want to get any output on succesful execution. The script is running in cron with email notifications, and I only want to get a message if something goes south. I’m setting <code>HOME=/tmp</code> for a similar reason: the unshare user does not have access to my actual home directory, and by default dpkg tries to use <code>$HOME/.dpkg.cfg</code> as the configuration file. By overriding <code>HOME</code> I avoid the following message to standard error:</p> </div> <div class="listingblock"> <div class="content"> <pre>dpkg: warning: failed to open configuration file '/home/ema/.dpkg.cfg' for reading: Permission denied</pre> </div> </div> <div class="paragraph"> <p>Then I added the following to my sbuild configuration file (<code>~/.sbuildrc</code>):</p> </div> <div class="listingblock"> <div class="content"> <pre>$chroot_mode = 'unshare'; $unshare_tmpdir_template = '/dev/shm/tmp.sbuild.XXXXXXXXXX';</pre> </div> </div> <div class="paragraph"> <p>The first option sets the sbuild backend to unshare, whereas <code>unshare_tmpdir_template</code> is needed on Bookworm to ensure that the build process runs in memory rather than on disk for performance reasons. Starting with Trixie, <code>/tmp</code> is by default a tmpfs so the setting won’t be needed anymore.</p> </div> <div class="paragraph"> <p>Packages for different architectures can now be built as follows:</p> </div> <div class="listingblock"> <div class="content"> <pre># Tarball used: ~/.cache/sbuild/unstable-arm64.tar $ sbuild --dist=unstable hello # Tarball used: ~/.cache/sbuild/unstable-armhf.tar $ sbuild --dist=unstable --arch=armhf hello</pre> </div> </div> <div class="paragraph"> <p>If you have any comments or suggestions about any of this, <a href="https://www.linux.it/~ema/contacts/">please let me know</a>.</p> </div> </div> <p class="date"> <a href="https://www.linux.it/~ema/posts/building-debian-packages-the-right-way/">26 November, 2024 08:34AM</a> by Emanuele Rocca (ema@linux.it) </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://blog.sandroknauss.de/"> <img class="face" src="heads/hefee.png" width="80" height="72" alt="hackergotchi for Sandro Knauß" /> </a> <h2 class="planet-title"> <a href="https://blog.sandroknauss.de/" title="Decrypted Mind: Articles About Debian">Sandro Knauß</a> <script type="text/javascript">  </script> </h2> <div id="https://blog.sandroknauss.de/akademy-2024/" class="https://blog.sandroknauss.de/akademy-2024/"> <div class="entry"> <h3 class="entry-title"> <a href="https://blog.sandroknauss.de/akademy-2024/">Akademy 2024 in Würzburg</a> </h3> <div class="content"> <p>In order to prepare for the Akademy I started some days before to give my Librem 5 ( an Open Hardware Phone) another try and ended up with a non starting Plasma 6. Actually this issue was known already, but hasn't been addressed. In the end I reached the Akademy with my Librem 5 having phosh installed (which is Gnome based), in order to have something working.</p> <p>I met Bushan and Bart who took care and the issue was fixed two days later I could finally install Plasma 6 on it. The last time I tested my Librem 5 with Plasma 5 it felt sluggish and not well working. But this time I was impressed how well the system reacts. Sure there are some things here and there, but in the bigger picture it is quite useable. One annoying issue is that the camera is only working with one app and the other issue is the battery capacity, you have to charge it once a day. Because of missing a QR reader that can use the camera, getting data to the phone was quite challenging. Unfortunately the conference Wifi separated the devices and I couldn't use KDE Connect to transfer data. In the end the only way to import data was taking five photos from the QR Code to import my D-Ticket to Itinerary.</p> <p>With a device with Plasma Mobile, it directly was used for a experiment: How well does Dolphin works on a Plasma Mobile device. Together with Felix Ernst we tried it out and were quite impressed, that Dolphin does work very well on Plasma Mobile, after some simple modifications on the UI. That resulted in a patch to add a mobile UI for Dolphin <a href="https://invent.kde.org/system/dolphin/-/merge_requests/826">!826</a>.</p> <p>With more time to play with my Librem 5 I also found an bug in KWeather, that is missing a Refresh option, when used in a Plasma Mobile environment <a href="https://bugs.kde.org/show_bug.cgi?id=493656">#493656</a>.</p> <p>Akademy is a good place to identify and solve some issues. It is always like that, you chat with someone and they can tell you who to ask to answer the concrete question and in the end you can solve things, that seems unsolvable in the beginning.</p> <p>There was also time to look into the travelling app Itinerary. A lot people are faced with a lot of real world issues, when not in their home town. Itinerary is the best traveling apps I know about. It can import nearly every ticket you have and can get location information from restaurant websites and allow routing to that place. It does add many useful information, while traveling like current delays, platform changes, live updates for elevator, weather information at the destination, a station map and all those features with strong focus on privacy.</p> <p>In detail I found some small things to improve:</p> <ul> <li><p>If you search for a bus ride and enter the correct name for the bus stop, it will still add some walk from and to the station. The issue here is that we use different backends and not all backends share the same geo coordinate. That's why Itinerary needs to add some heuristics to delete those paths. <img alt="walk to and from the bus stop" src="https://blog.sandroknauss.de/akademy-2024/itinerary_walk.png" /></p> </li> <li><p>Instead of displaying just a small station map of one bus stop in the inner city, it showed complete Würzburg inner city, as there is one big park around the inner city (named "Ringpark").</p> </li> <li>Würzburg has a quite big bus station but the platform information were missing in the map, so we tweaked the CSS to display the platform. To be sure, that we don't fix only Würzburg, we also looked at Greifswald and Aix-en-Provence if they are following the same name scheme.</li> </ul> <p>I additionally learned that it has a lot of details that helps people who have special needs. That is the reason why Daniel Kraut wants to get Itinerary available for iOS. As spoken out, that Daniel wants to reach this goal, others already started to implement the first steps to build apps for iOS.</p> <p>This year I was volunteering in helping out at Akademy. For me it was a lot of fun to meet everyone at the infodesk or help the speakers setup the beamer and microphone. It is also a good opportunity to meet many new faces and get in contact with them. I see also room for improvement. As we were quite busy at the Welcome Event to get out the badges to everyone, I couldn't answer the questions from newcomers, as the queue was too long. I propose that some people volunteer to be available for questions from newcomers. Often it is hard for newcomers to get their first contact(s) in a new community. There is a lot of space for improvement to make it easier for newcomers to join. Some ideas in my head are: Make an event for the newcomers to get them some links into the community and show that everyone is friendly. The tables at the BoFs should make a circle, so everyone can see each other. It was also hard for me to understand everyone as they mostly spoken towards the front. And then BoFs are sometimes full of very specific words and if you are not already deep in the topic you are lost. I can see the problem, on the one side BoFs are also the place where the person that knows the topic already wants to get things done. On the other side new comers join BoFs, are overwhelmed by to many new words get frustrated and think, that they are not welcome. Maybe at least everyone should present itself with name and ask new faces, why they joined the BoF to help them joining.</p> <p>I'm happy, that the food provided for the attendees was very delicious and that I'm not the only one mostly vegetarian with a big amount to be vegan.</p> <p>At the conference the KDE Eco initiation really caught me, as I see a lot of new possibilities in giving more reasons to switch to an Open Source system. The talk from Natalie was great to see how pupils get excited about Open Source and also help their grandparents to move to a Linux system. As I also will start to work as a teacher, I really got ideas what I can do at school. Together with Joseph and Nicole, we finally started to think about how to drive an exploration on what kind of old hardware is still KDE software running. The ones with the oldest hardware will get an old KDE shirt. For more information see <a href="https://invent.kde.org/teams/eco/opt-green/-/issues/40">#40</a>.</p> <p>The conference was very motivating for me, I also had still energy at the evening to do some Debian packaging and finally pushed kweathercore to Debian and started to work on KWeather. Now I'm even more interested in the KDE apps focusing the mobile world, as I now have some hardware that can actually use those apps.</p> <p>I really enjoyed the workshop how to contribute to Qt by Volker Hilsheimer, especially the way how Volker explained things in a very friendly way, answered every question, sometime postponed some questions but came back to them later. All in all I now have a good overview how Qt is doing development and how I can fix bugs.</p> <p>The daytrip to Rothenburg ob der Tauber was very interesting for me. It was the first time I visited the village. But in my memory it feels like I know the village already. I grew up with reading a lot of comic albums including the good SiFi comic album series "Yoku Tsuno" created by the Belgian writer Roger Leloup. Yoku Tsuno is an electronics engineer, raised in Japan but now living in Belgium. In "On the edge of life" she helps her friend Ingard, who actually lives in Rothenburg. Leloup invested a lot of time to travel to make the make his drawings as accurate as possible.</p> <p><img alt="a comic page with Yoko Tsuno in Rothenburg ob der Tauber" src="https://blog.sandroknauss.de/akademy-2024/yoko_rothenburg-750x726.png" /></p> <p>In order to not have a hard cut from Akademy to normal life, I had a lunch with Carlos, to discuss KDE Neon and how we can improve the interaction with Debian. In the future this should have less friction and make both communities work together more smoothly. Additionally as I used to develop on KDEPIM with the help of Docker images based on Neon I ask for a meta kf6 dev meta package. That should help to get rid of most hand written lists of dev packages in the Docker file in order to make it more simple for new contributors to start hacking on KDEPIM.</p> <p>The rest of the day I finally found time to do the normal tourist stuff: Going to the Wine bridge and having a walk to the castle of Würzburg. Unfortunately you hear a lot of car noises up there, but I could finally relaxe in a Japanese designed garden.</p> <p>Finally at Saturday I started my trip back. The trains towards Eberswalde are broken and I needed to find alternative routing. I got a little bit nervous, as it was the first time I travelled with my Librem 5 and Itinerary only and needed to reach the next train in less than two mins. With the indoor maps provided, I could prepare my run through the train station so I reached successfully my next train.</p> <p>By the way, also if you only only use KDE software, I would recommend everyone to join Akademy ;)</p> </div> <p class="date"> <a href="https://blog.sandroknauss.de/akademy-2024/">26 November, 2024 12:00AM</a> by Sandro Knauß </p> </div> </div> </div> <h1>November 24, 2024</h1> <div class="channel"> <a href="http://blog.sesse.net/"> <img class="face" src="heads/sesse.png" width="74" height="85" alt="hackergotchi for Steinar H. Gunderson" /> </a> <h2 class="planet-title"> <a href="http://blog.sesse.net/" title="Steinar H. Gunderson">Steinar H. Gunderson</a> <script type="text/javascript">  </script> </h2> <div id="http://blog.sesse.net/blog/tech/2024-11-24-23-27_plocate_1_1_23_released.html" class="http://blog.sesse.net/blog/tech/2024-11-24-23-27_plocate_1_1_23_released.html"> <div class="entry"> <h3 class="entry-title"> <a href="http://blog.sesse.net/blog/tech/2024-11-24-23-27_plocate_1_1_23_released.html">plocate 1.1.23 released</a> </h3> <div class="content"> <p>I've just released version 1.1.23 of <a href="https://plocate.sesse.net/">plocate</a>, almost a year after 1.1.22. The changes are mostly around the systemd unit this time, but perhaps more interestingly is that this is the first release where I don't have the majority of patches; in fact, I don't have any patches at all. All of them came from contributors, many of them through the “just do git push to send me a patch email” interface.</p> <p>I guess this means that I'll need to actually start streamlining my “git am” workflow… it gets me every time. :-)</p> </div> <p class="date"> <a href="http://blog.sesse.net/blog/tech/2024-11-24-23-27_plocate_1_1_23_released.html">24 November, 2024 10:27PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://edwardbetts.com/feed_rss_created.xml" title="">Edward Betts</a> <script type="text/javascript">  </script> </h2> <div id="https://edwardbetts.com/blog/a-mini-adventure-at-minidebconf-toulouse/" class="https://edwardbetts.com/blog/a-mini-adventure-at-minidebconf-toulouse/"> <div class="entry"> <h3 class="entry-title"> <a href="https://edwardbetts.com/blog/a-mini-adventure-at-minidebconf-toulouse/">A mini adventure at MiniDebConf Toulouse</a> </h3> <div class="content"> <h1 id="a-mini-adventure-at-minidebconf-toulouse">A mini adventure at MiniDebConf Toulouse</h1> <p>Last week, I ventured to Toulouse, for a delightful mix of coding, conversation, and crepes at <a href="https://wiki.debian.org/DebianEvents/fr/2024/Toulouse">MiniDebConf Toulouse</a>, part of the broader <a href="https://capitoledulibre.org/">Capitole du Libre conference</a>, akin to the more well-known <a href="https://en.wikipedia.org/wiki/FOSDEM">FOSDEM</a> but with a distinctly French flair.</p> <p>This was my fourth and final MiniDebConf of the year.</p> <p><img alt="no jet bridge" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/no_jet_bridge.jpg" /></p> <p>My trek to Toulouse was seamless. I hopped on a bus from my home in Bristol to the airport, then took a short flight. I luxuriated in seat 1A, making me the first to disembark—a mere ten minutes later, I was already on the bus heading to my hotel.</p> <h2 id="exploring-the-pink-city">Exploring the Pink City</h2> <p><img alt="pink" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/pink.jpg" /></p> <p><img alt="img 29" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241118_073600454.jpg" /></p> <p><img alt="duck shop" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/la_canarderie.jpg" /></p> <p>Once settled, I wasted no time exploring the charms of Toulouse. Just a short stroll from my hotel, I found myself beside a tranquil canal, its waters mirroring the golden hues of the trees lining its banks. Autumn in Toulouse painted the city in warm oranges and reds, creating a picturesque backdrop that was a joy to wander through. Every corner of the street revealed more of the city's rich cultural tapestry and striking architecture. Known affectionately as 'La Ville Rose' (The Pink City) for its unique terracotta brickwork, Toulouse captivated me with its blend of historical allure and vibrant modern life.</p> <h2 id="minidebcamp">MiniDebCamp</h2> <p><img alt="FabLab sign" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/fablab_sign.jpg" /></p> <p><img alt="laptop setup" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/laptop_setup.jpg" /></p> <p>Prior to the main event, the MiniDebCamp provided two days of hacking at <a href="https://artilect.fr/">Artilect FabLab</a>—a space as creative as it was welcoming. It was a pleasure to reconnect with familiar faces and forge new friendships.</p> <h2 id="culinary-delights">Culinary delights</h2> <p><img alt="lunch 1" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241114_120950197.jpg" /></p> <p><img alt="img 14" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241115_121046396.jpg" /></p> <p><img alt="img 15" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241115_121048745.jpg" /></p> <p><img alt="img 16" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241115_121051060.jpg" /></p> <p><img alt="img 17" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241115_121053183.jpg" /></p> <p><img alt="cakes" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241114_120943389.jpg" /></p> <p>The hospitality was exceptional. Our lunches boasted a delicious array of quiches, an enticing charcuterie board, and a superb selection of cheeses, all perfectly complemented by exquisite petite fours. Each item was not only a feast for the eyes but also a delight for the palate.</p> <h2 id="wine-and-cheese">Wine and cheese</h2> <p><img alt="wine and cheese 1" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/wine_and_cheese_1.jpg" /></p> <p><img alt="wine and cheese 2" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/wine_and_cheese_2.jpg" /></p> <p>Leftovers from these gourmet feasts fuelled our impromptu cheese and wine party on Thursday evening—a highlight where informal chats blended seamlessly with serious software discussions.</p> <h2 id="the-river-at-night">The river at night</h2> <p><img alt="night river 1" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241113_181805670.jpg" /></p> <p><img alt="night river 2" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241114_195254165.jpg" /></p> <p><img alt="night river 3" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241114_195304174.jpg" /></p> <p><img alt="night river 4" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241114_195934574.jpg" /></p> <p>The enchantment of Toulouse doesn't dim with the setting sun; instead, it transforms. My evening strolls took me along the banks of the Garonne, under a sky just turning from twilight to velvet blue. The river, a dark mirror, perfectly reflected the illuminated grandeur of the city's architecture. Notably, the dome of the <a href="https://en.wikipedia.org/wiki/Hôpital_de_La_Grave">Hôpital de La Grave</a> stood out, bathed in a warm glow against the night sky. This architectural gem, coupled with the soft lights of the bridge and the serene river, created a breathtaking scene that was both tranquil and awe-inspiring.</p> <h2 id="capitole-du-libre">Capitole du Libre</h2> <p><img alt="making crepes" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/making_crepes.jpg" /></p> <p>The MiniDebConf itself, part of the larger Capitole du Libre event, was a fantastic immersion into the world of free software. Unlike the ticket-free FOSDEM, this conference required QR codes for entry and even had bag searches, adding an unusual layer of security for a software conference.</p> <p>Highlights included the crepe-making by the organisers, reminiscent of street food scenes from larger festivals. The availability of crepes for MiniDebConf attendees and the presence of food trucks added a festive air, albeit with the inevitable long queues familiar to any festival-goer.</p> <h2 id="velotoulouse">vélôToulouse</h2> <p><img alt="bike" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/bike.jpg" /></p> <p><img alt="cyclocity" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/cyclocity.jpg" /></p> <p>The city's <a href="https://velotoulouse.tisseo.fr/">bike rental system</a> was a boon—easy to use with handy bike baskets perfect for casual city touring. I chose pedal power over electric, finding it a pleasant way to navigate the streets and absorb the city's vibrant atmosphere.</p> <h2 id="markets">Markets</h2> <p><img alt="market" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/market.jpg" /></p> <p><img alt="flatbreads" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/flatbreads.jpg" /></p> <p>Toulouse's markets were a delightful discovery. From a spontaneous visit to a market near my hotel upon arrival, to cycling past bustling marketplaces, each day presented new local flavours and crafts to explore.</p> <p>The <a href="https://en.wikipedia.org/wiki/Za'atar">Za'atar flatbread</a> from a Syrian stall was a particularly memorable lunch pick.</p> <h2 id="la-brasserie-les-arcades">La brasserie Les Arcades</h2> <p><img alt="img 25" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241117_154629340.jpg" /></p> <p><img alt="img 26" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241117_161745843.jpg" /></p> <p><img alt="img 27" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241117_190824847.jpg" /></p> <p>Our conference wrapped up with a spontaneous gathering at La Brasserie Les Arcades in Place du Capitole. Finding a café that could accommodate 30 of us on a Sunday evening without a booking felt like striking gold. What began with coffee and ice cream smoothly transitioned into dinner, where I enjoyed a delicious braised duck leg with green peppercorn sauce. This meal rounded off the trip with lively conversations and shared experiences.</p> <h2 id="the-journey-back-home">The journey back home</h2> <p><img alt="img 30" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241118_074432773.jpg" /></p> <p><img alt="img 31" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241118_093612068.jpg" /></p> <p><img alt="img 32" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241118_100249404.jpg" /></p> <p><img alt="img 33" src="https://edwardbetts.com/../../img/MiniDebConf_Toulouse_2024/PXL_20241118_105457861.jpg" /></p> <p>Returning from Toulouse, I found myself once again in seat 1A, offering the advantage of being the first off the plane, both on departure and arrival. My flight touched down in Bristol ahead of schedule, and within ten minutes, I was on the A1 bus, making my way back into the heart of Bristol.</p> <h2 id="anticipating-debconf-25-in-brittany">Anticipating DebConf 25 in Brittany</h2> <p>My trip to Toulouse for MiniDebConf was yet another fulfilling experience; the city was delightful, and the talks were insightful. While I frequently travel, these journeys are more about continuous learning and networking than escape. The food in Toulouse was particularly impressive, a highlight I've come to expect and relish on my trips to France. Looking ahead, I'm eagerly anticipating <a href="https://debconf25.debconf.org/">DebConf in Brest next year</a>, especially the opportunity to indulge once more in the excellent French cuisine and beverages.</p> </div> <p class="date"> <a href="https://edwardbetts.com/blog/a-mini-adventure-at-minidebconf-toulouse/">24 November, 2024 12:42PM</a> </p> </div> </div> </div> <h1>November 22, 2024</h1> <div class="channel"> <a href="https://www.hezmatt.org/~mpalmer/blog/"> <img class="face" src="heads/mpalmer.png" width="55" height="70" alt="hackergotchi for Matthew Palmer" /> </a> <h2 class="planet-title"> <a href="https://www.hezmatt.org/~mpalmer/blog/" title="Brane Dump">Matthew Palmer</a> <script type="text/javascript">  </script> </h2> <div id="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/your-release-process-sucks.html" class="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/your-release-process-sucks.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/your-release-process-sucks.html">Your Release Process Sucks</a> </h3> <div class="content"> <p>For the past decade-plus, every piece of software I write has had one of two release processes.</p> <p>Software that gets deployed directly onto servers (websites, mostly, but also the infrastructure that runs <a href="https://pwnedkeys.com">Pwnedkeys</a>, for example) is deployed with nothing more than <code>git push prod main</code>. I’ll talk more about that some other day.</p> <p>Today is about the release process for everything else I maintain – Rust / Ruby libraries, standalone programs, and so forth. To release those, I use the following, extremely intricate process:</p> <ol> <li> <p>Create an <em>annotated</em> git tag, where the name of the tag is the software version I’m releasing, and the annotation is the release notes for that version.</p> </li> <li> <p>Run <code>git release</code> in the repository.</p> </li> <li> <p>There is no step 3.</p> </li> </ol> <p>Yes, it absolutely is that simple. And if your release process is any more complicated than that, then you are suffering unnecessarily.</p> <p>But don’t worry. I’m from the Internet, and I’m here to help.</p> <h1 id="sidebar-annotated-what-now">Sidebar: “annotated what-now?!?”</h1> <p>The annotated tag is one git’s best-kept secrets. They’ve been available in git for practically forever (I’ve been using them since at least 2014, which is “practically forever” in software development), yet almost everyone I mention them to has never heard of them.</p> <p>A “tag”, in git parlance, is a repository-unique named label that points to a single commit (as identified by the commit’s SHA1 hash). Annotating a tag is simply associating a block of free-form text with that tag.</p> <p>Creating an annotated tag is simple-sauce: <code>git tag -a tagname</code> will open up an editor window where you can enter your annotation, and <code>git tag -a -m "some annotation" tagname</code> will create the tag with the annotation “some annotation”. Retrieving the annotation for a tag is straightforward, too: <code>git show tagname</code> will display the annotation along with all the other tag-related information.</p> <p>Now that we know all about annotated tags, let’s talk about how to use them to make software releases <em>freaking awesome</em>.</p> <h1 id="step-1-create-the-annotated-git-tag">Step 1: Create the Annotated Git Tag</h1> <p>As I just mentioned, creating an annotated git tag is pretty simple: just add a <code>-a</code> (or <code>--annotate</code>, if you enjoy typing) to your <code>git tag</code> command, and <em>WHAM!</em> annotation achieved.</p> <p>Releases, though, typically have unique and ever-increasing version numbers, which we want to encode in the tag name. Rather than having to look at the existing tags and figure out the next version number ourselves, we can have software do the hard work for us.</p> <p>Enter: <a href="https://github.com/mpalmer/git-version-bump"><code>git-version-bump</code></a>. This straightforward program takes one mandatory argument: <code>major</code>, <code>minor</code>, or <code>patch</code>, and bumps the corresponding version number component in line with <a href="https://semver.org">Semantic Versioning</a> principles. If you pass it <code>-n</code>, it opens an editor for you to enter the release notes, and when you save out, the tag is automagically created with the appropriate name.</p> <p>Because the program is called <code>git-version-bump</code>, you can call it as a <code>git</code> command: <code>git version-bump</code>. Also, because <code>version-bump</code> is long and unwieldy, I have it aliased to <code>vb</code>, with the following entry in my <code>~/.gitconfig</code>:</p> <pre>[alias] vb = version-bump -n </pre> <p>Of course, you don’t <em>have</em> to use <code>git-version-bump</code> if you don’t want to (although why wouldn’t you?). The important thing is that the <em>only</em> step you take to go from “here is our current codebase in <code>main</code>” to “everything as of <em>this</em> commit is version X.Y.Z of this software”, is the creation of an annotated tag that records the version number being released, and the metadata that goes along with that release.</p> <h1 id="step-2-run-git-release">Step 2: Run <code>git release</code></h1> <p>As I said earlier, I’ve been using this release process for over a decade now. So long, in fact, that when I started, <em>GitHub Actions didn’t exist</em>, and so a lot of the things you’d delegate to a CI runner these days had to be done locally, or in a more ad-hoc manner on a server somewhere.</p> <p>This is why step 2 in the release process is “run <code>git release</code>”. It’s because historically, you can’t do everything in a CI run. Nowadays, most of my repositories have this in the <code>.git/config</code>:</p> <pre>[alias] release = push --tags </pre> <p>Older repositories which, for one reason or another, haven’t been updated to the new hawtness, have various other aliases defined, which run more specialised scripts (usually just <code>rake release</code>, for Ruby libraries), but they’re slowly dying out.</p> <p>The reason why I still have this alias, though, is that it <em>standardises</em> the release process. Whether it’s a Ruby gem, a Rust crate, a bunch of protobuf definitions, or whatever else, I run the same command to trigger a release going out. It means I don’t have to think about how I do it for <em>this</em> project, because every project does it exactly the same way.</p> <h1 id="the-wiring-behind-the-button">The Wiring Behind the Button</h1> <blockquote> <p>It wasn’t the button that was the problem. It was the miles of wiring, the hundreds of miles of cables, the circuits, the relays, the machinery. The engine was a massive, sprawling, complex, mind-bending nightmare of levers and dials and buttons and switches. You couldn’t just slap a button on the wall and expect it to work. But there should be a button. A big, fat button that you could press and everything would be fine again. Just press it, and everything would be back to normal.</p> <ul> <li>Red Dwarf: Better Than Life</li> </ul> </blockquote> <p>Once you’ve accepted that your release process should be as simple as creating an annotated tag and running one command, you do need to consider what happens <em>afterwards</em>. These days, with the near-universal availability of CI runners that can do anything you need in an isolated, reproducible environment, the work required to go from “annotated tag” to “release artifacts” can be scripted up and left to do its thing.</p> <p>What that looks like, of course, will probably vary greatly depending on what you’re releasing. I can’t really give universally-applicable guidance, since I don’t know your situation. All I can do is provide some of my open source work as inspirational examples.</p> <p>For starters, let’s look at a simple Rust crate I’ve written, called <a href="https://crates.io/crates/strong-box"><code>strong-box</code></a>. It’s a straightforward crate, that provides ergonomic and secure cryptographic functionality inspired by the likes of NaCl. As it’s just a crate, <a href="https://github.com/mpalmer/strong-box/blob/main/.github/workflows/release.yml">its release script</a> is very straightforward. Most of the complexity is working around Cargo’s inelegant mandate that crate version numbers are specified in a TOML file. Apart from that, it’s just a matter of building and uploading the crate. Easy!</p> <p>Slightly more complicated is <a href="https://github.com/mpalmer/action-validator"><code>action-validator</code></a>. This is a Rust CLI tool which validates GitHub Actions and Workflows (how very meta) against a published JSON schema, to make sure you haven’t got any syntax or structural errors. As not everyone has a Rust toolchain on their local box, the release process helpfully build binaries for several common OSes and CPU architectures that people can download if they choose. The <a href="https://github.com/mpalmer/action-validator/blob/main/.github/workflows/release.yml">release process</a> in this case is somewhat larger, but not particularly complicated. Almost half of it is actually scaffolding to build an experimental WASM/NPM build of the code, because someone seemed rather keen on that.</p> <p>Moving away from Rust, and stepping up the meta another notch, we can take a look at the release process for <a href="https://github.com/mpalmer/git-version-bump"><code>git-version-bump</code></a> itself, my Ruby library and associated CLI tool which started me down the “Just Tag It Already” rabbit hole many years ago. In this case, since gemspecs are very amenable to programmatic definition, the <a href="https://github.com/mpalmer/git-version-bump/blob/main/.github/workflows/release.yml">release process</a> is practically trivial. Remove the boilerplate and workarounds for GitHub Actions bugs, and you’re left with about three lines of actual commands.</p> <p>These approaches can certainly scale to larger, more complicated processes. I’ve recently implemented annotated-tag-based releases in a proprietary software product, that produces Debian/Ubuntu, RedHat, <em>and</em> Windows packages, as well as Docker images, and it takes all of the information it needs from the annotated tag. I’m confident that this approach will successfully serve them as they expand out to build AMIs, GCP machine images, and whatever else they need in their release processes in the future.</p> <h2 id="objection-your-honour">Objection, Your Honour!</h2> <p>I can hear the howl of the “but, actuallys” coming over the horizon even as I type. People have a lot of Big Feelings about why this release process won’t work for them. Rather than overload this article with them, I’ve created <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/invalid-excuses-why-your-release-process-sucks.html">a companion article</a> that enumerates the objections I’ve come across, and answers them. I’m also <a href="https://tobermorytech.com">available for consulting</a> if you’d like a personalised, professional opinion on your specific circumstances.</p> <h1 id="dvd-bonus-feature-pre-releases">DVD Bonus Feature: Pre-releases</h1> <p>Unless you’re addicted to surprises, it’s good to get early feedback about new features and bugfixes before they make it into an official, general-purpose release. For this, you can’t go past the pre-release.</p> <p>The major blocker to widespread use of pre-releases is that cutting a release is usually a pain in the behind. If you’ve got to edit changelogs, and modify version numbers in a dozen places, then you’re entirely justified in thinking that cutting a pre-release for a customer to test that bugfix that only occurs in their environment is too much of a hassle.</p> <p>The thing is, once you’ve got releases building from annotated tags, making pre-releases on every push to <code>main</code> becomes practically trivial. This is mostly due to another fantastic and underused Git command: <code>git describe</code>.</p> <p>How <code>git describe</code> works is, basically, that it finds the most recent commit that has an associated annotated tag, and then generates a string that contains that tag’s name, plus the number of commits between that tag and the current commit, with the current commit’s hash included, as a bonus. That is, imagine that three commits ago, you created an annotated release tag named <code>v4.2.0</code>. If you run <code>git describe</code> now, it will print out <code>v4.2.0-3-g04f5a6f</code> (assuming that the current commit’s SHA starts with <code>04f5a6f</code>).</p> <p>You might be starting to see where this is going. With a bit of light massaging (essentially, removing the leading <code>v</code> and replacing the <code>-</code>s with <code>.</code>s), that string can be converted into a version number which, in most sane environments, is considered “newer” than the official <code>4.2.0</code> release, but will be superceded by the next actual release (say, <code>4.2.1</code> or <code>4.3.0</code>). If you’re already injecting version numbers into the release build process, injecting a <em>slightly different</em> version number is no work at all.</p> <p>Then, you can easily build release artifacts for <em>every</em> commit to <code>main</code>, and make them available somewhere they won’t get in the way of the “official” releases. For example, in the proprietary product I mentioned previously, this involves uploading the Debian packages to a separate component (<code>prerelease</code> instead of <code>main</code>), so that users that want to opt-in to the prerelease channel simply modify their <code>sources.list</code> to change <code>main</code> to <code>prerelease</code>. Management have been extremely pleased with the easy availability of pre-release packages; they’ve been gleefully installing them willy-nilly for testing purposes since I rolled them out.</p> <p>In fact, even while I’ve been writing this article, I was asked to add some debug logging to help track down a particularly pernicious bug. I added the few lines of code, committed, pushed, and went back to writing. A few minutes later (next week’s job is to cut that in-process time by at least half), the person who asked for the extra logging ran <code>apt update; apt upgrade</code>, which installed the newly-built package, and was able to progress in their debugging adventure.</p> <p>Continuous Delivery: It’s Not Just For Hipsters.</p> <h1 id="informative">“+1, Informative”</h1> <p>Hopefully, this has spurred you to commit your immortal soul to the Church of the Annotated Tag. You may tithe by <a href="https://ko-fi.com/tobermorytech">buying me a refreshing beverage</a>. Alternately, if you’re <em>really</em> keen to adopt more streamlined release management processes, <a href="https://tobermorytech.com">I’m available for consulting engagements</a>.</p> </div> <p class="date"> <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/your-release-process-sucks.html">22 November, 2024 08:15PM</a> by Matt Palmer (mpalmer@hezmatt.org) </p> </div> </div> </div> <h1></h1> <div class="channel"> <div id="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/invalid-excuses-why-your-release-process-sucks.html" class="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/invalid-excuses-why-your-release-process-sucks.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/invalid-excuses-why-your-release-process-sucks.html">Invalid Excuses for Why Your Release Process Sucks</a> </h3> <div class="content"> <p>In my <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/your-release-process-sucks.html">companion article</a>, I made the bold claim that your release process should consist of no more than two steps:</p> <ol> <li> <p>Create an annotated Git tag;</p> </li> <li> <p>Run a single command to trigger the release pipeline.</p> </li> </ol> <p>As I have been on the Internet for more than five minutes, I’m aware that a great many people will have a great many objections to this simple and straightforward idea. In the interests of saving them a lot of wear and tear on their keyboards, I present this list of common reasons why these objections are invalid.</p> <p>If you have an objection I don’t cover here, the comment box is down the bottom of the article. If you think you’ve got a <em>real</em> stumper, <a href="https://tobermorytech.com">I’m available for consulting engagements</a>, and if you turn out to have a release process which cannot feasibly be reduced to the above two steps for legitimate technical reasons, I’ll waive my fees.</p> <h2 id="but-i-automatically-generate-my-release-notes-from-commit-messages">“But I automatically generate my release notes from commit messages!”</h2> <p>This one is <em>really</em> easy to solve: have the release note generation tool feed directly into the annotation. Boom! Headshot.</p> <h2 id="but-all-these-files-need-to-be-edited-to-make-a-release">“But all these files need to be edited to make a release!”</h2> <p>No, they absolutely don’t. But I can see why you might <em>think</em> you do, given how inflexible some packaging environments can seem, and since “that’s how we’ve always done it”.</p> <h3 id="language-packages">Language Packages</h3> <p>Most languages require you to encode the version of the library or binary in a file that you want to revision control. This is teh suck, but I’m yet to encounter a situation that can’t be worked around some way or another.</p> <p>In Ruby, for instance, <code>gemspec</code> files are actually executable Ruby code, so I call code (that’s part of <code>git-version-bump</code>, as an aside) to calculate the version number from the git tags. The Rust build tool, Cargo, uses a TOML file, which isn’t as easy, but <a href="https://github.com/mpalmer/scrape-ct-log/blob/53b9afc9bc1e222db7afb0bb7c78ecb5c3acf6d9/.github/workflows/release.yml#L48">a small amount of release automation</a> is used to take care of that.</p> <h3 id="distribution-packages">Distribution Packages</h3> <p>If you’re building Linux distribution packages, you can easily apply similar automation faffery. For example, Debian packages take their metadata from the <code>debian/changelog</code> file in the build directory. Don’t keep that file in revision control, though: build it at release time. Everything you need to construct a Debian (or RPM) changelog is in the tag – version numbers, dates, times, authors, release notes. Use it for much good.</p> <h3 id="the-dreaded-changelog">The Dreaded Changelog</h3> <p>Finally, there’s the <code>CHANGELOG</code> file. If it’s maintained during the development process, it typically has an archive of all the release notes, under version numbers, with an “Unreleased” heading at the top. It’s one more place to remember to have to edit when making that “preparing release X.Y.Z” commit, and it is a gift to the Demon of Spurious Merge Conflicts if you follow the policy of “every commit must add a changelog entry”.</p> <p>My solution: just burn it to the ground. Add a line to the top with a link to wherever the contents of annotated tags get published (such as GitHub Releases, if that’s your bag) and never open it ever again.</p> <h2 id="but-i-need-to-know-other-things-about-my-release-too">“But I need to know <em>other</em> things about my release, too!”</h2> <p>For some reason, you might think you need some other metadata about your releases. You’re <em>probably</em> wrong – it’s amazing how much information you can obtain or derive from the humble tag – so think creatively about your situation before you start making unnecessary complexity for yourself.</p> <p>But, on the off chance you’re in a situation that legitimately needs some extra release-related information, here’s the secret: <em>structured annotation</em>. The annotation on a tag can be literally any sequence of octets you like. How that data is interpreted is up to you.</p> <p>So, require that annotations on release tags use some sort of structured data format (say YAML or TOML – or even XML if you hate your release manager), and mandate that it contain whatever information you need. You can make sure that the annotation has a valid structure and contains all the information you need with an <code>update</code> hook, which can reject the tag push if it doesn’t meet the requirements, and you’re sorted.</p> <h2 id="but-i-have-multiple-packages-in-my-repo-with-different-release-cadences-and-versions">“But I have multiple packages in my repo, with different release cadences and versions!”</h2> <p>This one is common enough that I just refer to it as “the monorepo drama”. Personally, I’m not a huge fan of monorepos, but you do you, boo. Annotated tags can still handle it just fine.</p> <p>The trick is to include the package name being released in the tag name. So rather than a release tag being named <code>vX.Y.Z</code>, you use <code>foo/vX.Y.Z</code>, <code>bar/vX.Y.Z</code>, and <code>baz/vX.Y.Z</code>. The release automation for each package just triggers on tags that match the pattern for that particular package, and limits itself to those tags when figuring out what the version number is.</p> <h2 id="but-we-dont-semver-our-releases">“But we don’t semver our releases!”</h2> <p>Oh, that’s easy. The tag pattern that marks a release doesn’t <em>have</em> to be <code>vX.Y.Z</code>. It can be anything you want.</p> <p>Relatedly, there is a (rare, but existent) need for packages that don’t really have a conception of “releases” in the traditional sense. The example I’ve hit most often is automatically generated “bindings” packages, such as protobuf definitions. The source of truth for these is a bunch of <code>.proto</code> files, but to be useful, they need to be packaged into code for the various language(s) you’re using. But those packages need versions, and while someone <em>could</em> manually make releases, the best option is to build new per-language packages automatically every time any of those definitions change.</p> <p>The versions of those packages, then, can be datestamps (I like something like <code>YYYY.MM.DD.N</code>, where <code>N</code> starts at <code>0</code> each day and increments if there are multiple releases in a single day).</p> <p>This process allows all the code that needs the definitions to declare the minimum version of the definitions that it relies on, and everything is kept in sync and tracked almost like magic.</p> <h1 id="th-th-th-th-thats-all-folks">Th-th-th-th-that’s all, folks!</h1> <p>I hope you’ve enjoyed this bit of mild debunking. Show your gratitude by <a href="https://ko-fi.com/tobermorytech">buying me a refreshing beverage</a>, or <a href="https://tobermorytech.com">purchase my professional expertise</a> and I’ll answer all of your questions and write all your CI jobs.</p> </div> <p class="date"> <a href="https://www.hezmatt.org/~mpalmer/blog/2024/11/23/invalid-excuses-why-your-release-process-sucks.html">22 November, 2024 08:15PM</a> by Matt Palmer (mpalmer@hezmatt.org) </p> </div> </div> </div> <h1>November 20, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="https://diziet.dreamwidth.org/" title="Ian Jackson">Ian Jackson</a> <script type="text/javascript">  </script> </h2> <div id="https://diziet.dreamwidth.org/19151.html" class="https://diziet.dreamwidth.org/19151.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://diziet.dreamwidth.org/19151.html">The Rust Foundation's 2nd bad draft trademark policy</a> </h3> <div class="content"> <p>tl;dr: The Rust Foundation’s new trademark policy still forbids unapproved modifications: this would <strong>forbid</strong> both <strong>the Rust Community’s own development work(!)</strong> and normal Free Software distribution practices. <a name="cutid1"></a> </p><p> </p><h3><a name="background">Background</a></h3> <p>In April 2023 <a href="https://diziet.dreamwidth.org/14929.html">I wrote</a> about the Rust Foundation’s ham-fisted and misguided attempts to update the Rust trademark policy. This <a href="https://blog.rust-lang.org/inside-rust/2023/04/12/trademark-policy-draft-feedback.html">turned into drama</a>. </p><h3><a name="the-new-draft">The new draft</a></h3> <p>Recently, the Foundation published a <a href="https://drive.usercontent.google.com/download?id=1hjTx11Fb-4W7RQLmp3R8BLDACc7zxIpG&export=download">new draft</a>. It’s considerably less bad, but the most serious problem, which I identified last year, remains. </p><p>It prevents redistribution of modified versions of Rust, without pre-approval from the Rust Foundation. (Subject to some limited exceptions.) The people who wrote this evidently haven’t realised that distributing modified versions is how free software development works. Ie, <strong>the draft Rust trademark policy even forbids making a github branch for an MR to contribute to Rust!</strong> </p><p>It’s also very likely unacceptable to Debian. Rust is still on track to repeat the <a href="https://en.wikipedia.org/wiki/Iceweasel">Firefox/Iceweasel debacle</a>. </p><p>Below is a copy of my formal response to the <a href="https://blog.rust-lang.org/2024/11/06/trademark-update.html">consultation</a>. The consultation closes at 07:59:00 UTC tomorrow (21st November), ie, at the end of today (Wednesday) US Pacific time, so if you want to reply, do so quickly. </p><h3><a name="my-consultation-response">My consultation response</a></h3> <blockquote><p>Hi. My name is Ian Jackson. I write as a Rust contributor and as a Debian Developer with first-hand experience of Debian’s approach to trademarks. (But I am not a member of the Debian Rust Packaging Team.) </p><p>Your form invites me to state any blocking concerns. I’m afraid I have one: </p><p>PROBLEM </p><p>The policy on distributing modified versions of Rust (page 4, 8th bullet) is far too restrictive. </p><p>PROBLEM - ASPECT 1 </p><p>On its face the policy forbids making a clone of the Rust repositories on a git forge, and pushing a modified branch there. That <em>is</em> publicly distributing a modified version of Rust. </p><p>I.e., the current policy forbids the Rust’s community’s own development workflow! </p><p>PROBLEM - ASPECT 2 </p><p>The policy also does not meet the needs of Software-Freedom-respecting downstreams, including community Linux distributions such as Debian. </p><p>There are two scenarios (fuzzy, and overlapping) which provide a convenient framing to discuss this: </p><p>Firstly, in practical terms, Debian may need to backport bugfixes, or sometimes other changes. Sometimes Debian will want to pre-apply bugfixes or changes that have been contributed by users, and are intended eventually to go upstream, but are not included upstream in official Rust yet. This is a routine activity for a distribution. The policy, however, forbids it. </p><p>Secondly, Debian, as a point of principle, requires the ability to diverge from upstream if and when Debian decides that this is the right choice for Debian’s users. The freedom to modify is a key principle of Free Software. This includes making changes that the upstream project disapproves of. Some examples of this, where Debian has made changes, that upstream do not approve of, have included things like: removing user-tracking code, or disabling obsolescence “timebombs” that stop a particular version working after a certain date. </p><p>Overall, while alignment in values between Debian and Rust seems to be very good right now, modifiability it is a matter of non-negotiable principle for Debian. The 8th bullet point on page 4 of the PDF does not give Debian (and Debian’s users) these freedoms. </p><p>POSSIBLE SOLUTIONS </p><p>Other formulations, or an additional permission, seem like they would be able to meet the needs of both Debian <em>and</em> Rust. </p><p>The first thing to recognise is that forbidding modified versions is probably not necessary to prevent language ecosystem fragmentation. Many other programming languages are distributed under fully Free Software licences without such restrictive trademark policies. (For example, Python; I’m sure a thorough survey would find many others.) </p><p>The scenario that would be most worrying for Rust would be “embrace - extend - extinguish”. In projects with a copyleft licence, this is not a concern, but Rust is permissively licenced. However, one way to address this would be to add an additional permission for modification that permits distribution of modified versions <em>without permission, but if the modified source code is also provided, under the original Rust licence</em>. </p><p>I suggest therefore adding the following 2nd sub-bullet point to the 8th bullet on page 4: </p><ul><li>changes which are shared, in source code form, with all recipients of the modified software, and publicly licenced under the same licence as the official materials. </li></ul> <p>This means that downstreams who fear copyleft have the option of taking Rust’s permissive copyright licence at face value, but are limited in the modifications they may make, unless they rename. Conversely downstreams such as Debian who wish to operate as part of the Free Software ecosystem can freely make modifications. </p><p>It also, obviously, covers the Rust Community’s own development work. </p><p>NON-SOLUTIONS </p><p>Some upstreams, faced with this problem, have offered Debian a special permission: ie, said that it would be OK for <em>Debian</em> to make modifications that <em>Debian</em> wants to. But Debian will not accept any Debian-specific permissions. </p><p>Debian could of course rename their Rust compiler. Debian has chosen to rename in the past: infamously, a similar policy by Mozilla resulted in Debian distributing Firefox under the name Iceweasel for many years. This is a PR problem for everyone involved, and results in a good deal of technical inconvenience and makework. </p><p>“Debian could seek approval for changes, and the Rust Foundation would grant that approval quickly”. This is unworkable on a practical level - requests for permission do not fit into Debian’s workflow, and the resulting delays would be unacceptable. But, more fundamentally, Debian rightly insists that it must have the freedom to make changes that the Foundation do not approve of. (For example, if a future Rust shipped with telemetry features Debian objected to.) </p><p>“Debian and Rust could compromise”. However, Debian is an ideological as well as technological project. The principles I have set out are part of Debian’s Foundation Documents - they are core values for Debian. When Debian makes compromises, it does so very slowly and with great deliberation, using its slowest and most heavyweight constitutional governance processes. Debian is not likely to want to engage in such a process for the benefit of one programming language. </p><p>“Users will get Rust from upstream”. This is currently often the case. Right now, Rust is moving very quickly, and by Debian standards is very new. As Rust becomes more widely used, more stable, and more part of the infrastructure of the software world, it will need to become part of standard, stable, reliable, software distributions. That means Debian. </p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><p></p></blockquote><p>(The consultation was a Google Forms page with a single text field, so the formatting isn’t great. I have edited the formatting very lightly to avoid rendering bugs here on my blog.)</p><p></p><p></p><p></p><p></p><p></p><p></p><p></p><br /><br /><img alt="comment count unavailable" height="12" src="https://www.dreamwidth.org/tools/commentcount?user=diziet&ditemid=19151" style="vertical-align: middle;" width="30" /> comments </div> <p class="date"> <a href="https://diziet.dreamwidth.org/19151.html">20 November, 2024 12:50PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://etbe.coker.com.au" title="etbe – Russell Coker">Russell Coker</a> <script type="text/javascript">  </script> </h2> <div id="https://etbe.coker.com.au/2024/11/20/solving-spam-phishing-corporations/" class="https://etbe.coker.com.au/2024/11/20/solving-spam-phishing-corporations/"> <div class="entry"> <h3 class="entry-title"> <a href="https://etbe.coker.com.au/2024/11/20/solving-spam-phishing-corporations/">Solving Spam and Phishing for Corporations</a> </h3> <div class="content"> <h2>Centralisation and Corporations</h2> <p>An advantage of a medium to large company is that it permits specialisation. For example I’m currently working in the IT department of a medium sized company and because we have standardised hardware (Dell Latitude and Precision laptops, Dell Precision Tower workstations, and Dell PowerEdge servers) and I am involved in fixing all Linux compatibility issues on that I can fix most problems in a small fraction of the time that I would take to fix on a random computer. There is scope for a lot of debate about the extent to which companies should standardise and centralise things. But for computer problems which can escalate quickly from minor to serious if not approached in the correct manner it’s clear that a good deal of centralisation is appropriate.</p> <p>For people doing technical computer work such as programming there’s a large portion of the employees who are computer hobbyists who like to fiddle with computers. But if the support system is run well even they will appreciate having computers just work most of the time and for a large portion of the failures having someone immediately recognise the problem, like the issues with NVidia drivers that I have documented so that first line support can implement workarounds without the need for a lengthy investigation.</p> <p>A big problem with email in the modern Internet is the prevalence of Phishing scams. The current corporate approach to this is to send out test Phishing email to people and then force computer security training on everyone who clicks on them. One problem with this is that attackers only need to fool one person on one occasion and when you have hundreds of people doing something on rare occasions that’s not part of their core work they will periodically get it wrong. When every test Phishing run finds several people who need extra training it seems obvious to me that this isn’t a solution that’s working well. I will concede that the majority of people who click on the test Phishing email would probably realise their mistake if asked to enter the password for the corporate email system, but I think it’s still clear that this isn’t a great solution.</p> <p>Let’s imagine for the sake of discussion that everyone in a company was 100% accurate at identifying Phishing email and other scam email, if that was the case would the problem be solved? I believe that even in that hypothetical case it would not be a solved problem due to the wasted time and concentration. People can spend minutes determining if a single email is legitimate. On many occasions I have had relatives and clients forward me email because they are unsure if it’s valid, it’s great that they seek expert advice when they are unsure about things but it would be better if they didn’t have to go to that effort. What we ideally want to do is centralise the anti-Phishing and anti-spam work to a small group of people who are actually good at it and who can recognise patterns by seeing larger quantities of spam. When a spam or Phishing message is sent to 600 people in a company you don’t want 600 people to individually consider it, you want one person to recognise it and delete/block all 600. If 600 people each spend one minute considering the matter then that’s 10 work hours wasted!</p> <h2>The Rationale for Human Filtering</h2> <p>For personal email human filtering usually isn’t viable because people want privacy. But corporate email isn’t private, it’s expected that the company can read it under certain circumstances (in most jurisdictions) and having email open in public areas of the office where colleagues might see it is expected. You can visit gmail.com on your lunch break to read personal email but every company policy (and common sense) says to not have actually private correspondence on company systems.</p> <p>The amount of time spent by reception staff in sorting out such email would be less than that taken by individuals. When someone sends a spam to everyone in the company instead of 500 people each spending a couple of minutes working out whether it’s legit you have one person who’s good at recognising spam (because it’s their job) who clicks on a “remove mail from this sender from all mailboxes” button and 500 messages are deleted and the sender is blocked.</p> <p>Delaying email would be a concern. It’s standard practice for CEOs (and C*Os at larger companies) to have a PA receive their email and forward the ones that need their attention. So human vetting of email can work without unreasonable delays. If we had someone checking all email for the entire company probably email to the senior people would never get noticeably delayed and while people like me would get their mail delayed on occasion people doing technical work generally don’t have notifications turned on for email because it’s a distraction and a fast response isn’t needed. There are a few senders where fast response is required, which is mostly corporations sending a “click this link within 10 minutes to confirm your password change” email. Setting up rules for all such senders that are relevant to work wouldn’t be difficult to do.</p> <h2>How to Solve This</h2> <p>Spam and Phishing became serious problems over 20 years ago and we have had 20 years of evolution of email filtering which still hasn’t solved the problem. The vast majority of email addresses in use are run by major managed service providers and they haven’t managed to filter out spam/phishing mail effectively so I think we should assume that it’s not going to be solved by filtering. There is talk about what “AI” technology might do for filtering spam/phishing but that same technology can product better crafted hostile email to avoid filters.</p> <p>An additional complication for corporate email filtering is that some criteria that are used to filter personal email don’t apply to corporate mail. If someone sends email to me personally about millions of dollars then it’s obviously not legit. If someone sends email to a company then it could be legit. Companies routinely have people emailing potential clients about how their products can save millions of dollars and make purchases over a million dollars. This is not a problem that’s impossible to solve, it’s just an extra difficulty that reduces the efficiency of filters.</p> <p>It seems to me that the best solution to the problem involves having all mail filtered by a human. A company could configure their mail server to not accept direct external mail for any employee’s address. Then people could email files to colleagues etc without any restriction but spam and phishing wouldn’t be a problem. The issue is how to manage inbound mail. One possibility is to have addresses of the form it+russell.coker@example.com (for me as an employee in the IT department) and you would have a team of people who would read those mailboxes and forward mail to the right people if it seemed legit. Having addresses like it+russell.coker means that all mail to the IT department would be received into folders of the same account and they could be filtered by someone with suitable security level and not require any special configuration of the mail server. So the person who read the is mailbox would have a folder named russell.coker receiving mail addressed to me. The system could be configured to automate the processing of mail from known good addresses (and even domains), so they could just put in a rule saying that when Dell sends DMARC authenticated mail to is+$USER it gets immediately directed to $USER. This is the sort of thing that can be automated in the email client (mail filtering is becoming a common feature in MUAs).</p> <p>For a FOSS implementation of such things the server side of it (including extracting account data from a directory to determine which department a user is in) would be about a day’s work and then an option would be to modify a webmail program to have extra functionality for approving senders and sending change requests to the server to automatically direct future mail from the same sender. As an aside I have previously worked on a project that had a modified version of the Horde webmail system to do this sort of thing for challenge-response email and adding certain automated messages to the allow-list.</p> <h2>The Change</h2> <p>One of the first things to do is configuring the system to add every recipient of an outbound message to the allow list for receiving a reply. Having a script go through the sent-mail folders of all accounts and adding the recipients to the allow lists would be easy and catch the common cases.</p> <p>But even with processing the sent mail folders going from a working system without such things to a system like this will take some time for the initial work of adding addresses to the allow lists, particularly for domain wide additions of all the sites that send password confirmation messages. You would need rules to direct inbound mail to the old addresses to the new style and then address a huge amount of mail that needs to be categorised. If you have 600 employees and the average amount of time taken on the first day is 10 minutes per user then that’s 100 hours of work, 12 work days. If you had everyone from the IT department, reception, and executive assistants working on it that would be viable. After about a week there wouldn’t be much work involved in maintaining it. Then after that it would be a net win for the company.</p> <h2>The Benefits</h2> <p>If the average employee spends one minute a day dealing with spam and phishing email then with 600 employees that’s 10 hours of wasted time per day. Effectively wasting one employee’s work! I’m sure that’s the low end of the range, 5 minutes average per day doesn’t seem unreasonable especially when people are unsure about phishing email and send it to Slack so multiple employees spend time analysing it. So you could have 5 employees being wasted by hostile email and avoiding that would take a fraction of the time of a few people adding up to less than an hour of total work per day.</p> <p>Then there’s the training time for phishing mail. Instead of having every employee spend half an hour doing email security training every few months (that’s 300 hours or 7.5 working weeks every time you do it) you just train the few experts.</p> <p>In addition to saving time there are significant security benefits to having experts deal with possibly hostile email. Someone who deals with a lot of phishing email is much less likely to be tricked.</p> <h2>Will They Do It?</h2> <p>They probably won’t do it any time soon. I don’t think it’s expensive enough for companies yet. Maybe government agencies already have equivalent measures in place, but for regular corporations it’s probably regarded as too difficult to change anything and the costs aren’t obvious. I have been unsuccessful in suggesting that managers spend slightly more on computer hardware to save significant amounts of worker time for 30 years.</p> <div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list"> <p>Related posts:</p><ol> <li><a href="https://etbe.coker.com.au/2006/08/16/blocking-spam/" rel="bookmark" title="blocking spam">blocking spam</a> <small>There are two critical things that any anti-spam system must...</small></li> <li><a href="https://etbe.coker.com.au/2008/12/12/please-turn-off-your-spam-protection/" rel="bookmark" title="Please Turn off Your Spam Protection">Please Turn off Your Spam Protection</a> <small>Hi, I’d like to send an email from a small...</small></li> <li><a href="https://etbe.coker.com.au/2007/09/02/a-new-spam-trick/" rel="bookmark" title="A New Spam Trick">A New Spam Trick</a> <small>One item on my todo list is to set up...</small></li> </ol> </div> </div> <p class="date"> <a href="https://etbe.coker.com.au/2024/11/20/solving-spam-phishing-corporations/">20 November, 2024 05:22AM</a> by etbe </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="https://arnaudr.io/" title="Arnaud R - planet-debian">Arnaud Rebillout</a> <script type="text/javascript">  </script> </h2> <div id="https://arnaudr.io/2024/11/20/installing-an-older-ansible-version-via-pipx/" class="https://arnaudr.io/2024/11/20/installing-an-older-ansible-version-via-pipx/"> <div class="entry"> <h3 class="entry-title"> <a href="https://arnaudr.io/2024/11/20/installing-an-older-ansible-version-via-pipx/">Installing an older Ansible version via pipx</a> </h3> <div class="content"> <h2>Latest Ansible requires Python 3.8 on the remote hosts</h2> <p>... and therefore, hosts running Debian Buster are now unsupported.</p> <p>Monday, I updated the system on my laptop (Debian Sid), and I got the latest version of <code>ansible-core</code>, <code>2.18</code>:</p> <div class="highlight"><pre><span></span><code>$<span class="w"> </span>ansible<span class="w"> </span>--version<span class="w"> </span><span class="p">|</span><span class="w"> </span>head<span class="w"> </span>-1 ansible<span class="w"> </span><span class="o">[</span>core<span class="w"> </span><span class="m">2</span>.18.0<span class="o">]</span> </code></pre></div> <p>To my surprise, Ansible started to fail with some remote hosts:</p> <blockquote> <p>ansible-core requires a minimum of Python version 3.8. Current version: 3.7.3 (default, Mar 23 2024, 16:12:05) [GCC 8.3.0]</p> </blockquote> <p>Yep, I do have to work with hosts running Debian Buster (aka. oldoldstable). While Buster is old, it's still out there, and it's still supported via <a href="https://www.freexian.com/blog/extended-lts-for-debian-10/">Freexian’s Extended LTS</a>.</p> <p>How are we going to keep managing those machines? Obviously, we'll need an older version of Ansible.</p> <h2>Pipx to the rescue</h2> <h3>TL;DR</h3> <div class="highlight"><pre><span></span><code><span class="nv">pipx</span><span class="w"> </span><span class="nv">install</span><span class="w"> </span><span class="o">--</span><span class="k">include</span><span class="o">-</span><span class="nv">deps</span><span class="w"> </span><span class="nv">ansible</span><span class="o">==</span><span class="mi">10</span>.<span class="mi">6</span>.<span class="mi">0</span> <span class="nv">pipx</span><span class="w"> </span><span class="nv">inject</span><span class="w"> </span><span class="nv">ansible</span><span class="w"> </span><span class="nv">dnspython</span><span class="w"> </span>#<span class="w"> </span><span class="k">for</span><span class="w"> </span><span class="nv">community</span>.<span class="nv">general</span>.<span class="nv">dig</span> </code></pre></div> <h3>Installing Ansible via pipx</h3> <p>Lately I discovered <a href="https://pipx.pypa.io/">pipx</a> and it's incredibly simple, so I thought I'd give it a try for this use-case.</p> <p>Reminder: <code>pipx</code> allows users to install Python applications in isolated environments. In other words, it doesn't make a mess with your system like <code>pip</code> does, and it doesn't require you to learn how to setup Python virtual environments by yourself. It doesn't ask for root privileges either, as it installs everything under <code>~/.local/</code>.</p> <p>First thing to know: <code>pipx install ansible</code> won't cut it, it doesn't install the whole Ansible suite. Instead we need to use the <code>--include-deps</code> flag in order to install all the Ansible commands.</p> <p>The output should look something like that:</p> <div class="highlight"><pre><span></span><code>$<span class="w"> </span>pipx<span class="w"> </span>install<span class="w"> </span>--include-deps<span class="w"> </span><span class="nv">ansible</span><span class="o">==</span><span class="m">10</span>.6.0 <span class="w"> </span>installed<span class="w"> </span>package<span class="w"> </span>ansible<span class="w"> </span><span class="m">10</span>.6.0,<span class="w"> </span>installed<span class="w"> </span>using<span class="w"> </span>Python<span class="w"> </span><span class="m">3</span>.12.7 <span class="w"> </span>These<span class="w"> </span>apps<span class="w"> </span>are<span class="w"> </span>now<span class="w"> </span>globally<span class="w"> </span>available <span class="w"> </span>-<span class="w"> </span>ansible <span class="w"> </span>-<span class="w"> </span>ansible-community <span class="w"> </span>-<span class="w"> </span>ansible-config <span class="w"> </span>-<span class="w"> </span>ansible-connection <span class="w"> </span>-<span class="w"> </span>ansible-console <span class="w"> </span>-<span class="w"> </span>ansible-doc <span class="w"> </span>-<span class="w"> </span>ansible-galaxy <span class="w"> </span>-<span class="w"> </span>ansible-inventory <span class="w"> </span>-<span class="w"> </span>ansible-playbook <span class="w"> </span>-<span class="w"> </span>ansible-pull <span class="w"> </span>-<span class="w"> </span>ansible-test <span class="w"> </span>-<span class="w"> </span>ansible-vault <span class="k">done</span>!<span class="w"> </span>✨<span class="w"> </span>🌟<span class="w"> </span>✨ </code></pre></div> <p>Note: at the moment <code>10.6.0</code> is the latest release of the <code>10.x</code> branch, but make sure to check <a href="https://pypi.org/project/ansible/#history">https://pypi.org/project/ansible/#history</a> and install whatever is the latest on this branch. The <code>11.x</code> branch doesn't work for us, as it's the branch that comes with ansible-core 2.18, and we don't want that.</p> <p>Next: do NOT run <code>pipx ensurepath</code>, even though pipx might suggest that. This is not needed. Instead, check your <code>~/.profile</code>, it should contain these lines:</p> <div class="highlight"><pre><span></span><code><span class="c1"># set PATH so it includes user's private bin if it exists</span> <span class="k">if</span><span class="w"> </span><span class="o">[</span><span class="w"> </span>-d<span class="w"> </span><span class="s2">"</span><span class="nv">$HOME</span><span class="s2">/.local/bin"</span><span class="w"> </span><span class="o">]</span><span class="w"> </span><span class="p">;</span><span class="w"> </span><span class="k">then</span> <span class="w"> </span><span class="nv">PATH</span><span class="o">=</span><span class="s2">"</span><span class="nv">$HOME</span><span class="s2">/.local/bin:</span><span class="nv">$PATH</span><span class="s2">"</span> <span class="k">fi</span> </code></pre></div> <p>Meaning: <code>~/.local/bin/</code> should <em>already</em> be in your path, unless it's the first time you installed a program via <code>pipx</code> and the directory <code>~/.local/bin/</code> was just created. If that's the case, you have to log out and log back in.</p> <p>Now, let's open a new terminal and check if we're good:</p> <div class="highlight"><pre><span></span><code>$<span class="w"> </span>which<span class="w"> </span>ansible /home/me/.local/bin/ansible $<span class="w"> </span>ansible<span class="w"> </span>--version<span class="w"> </span><span class="p">|</span><span class="w"> </span>head<span class="w"> </span>-1 ansible<span class="w"> </span><span class="o">[</span>core<span class="w"> </span><span class="m">2</span>.17.6<span class="o">]</span> </code></pre></div> <p>Yep! And that's working already, I can use Ansible with Buster hosts again.</p> <p>What's cool is that we can run <code>ansible</code> to use this specific Ansible version, but we can also run <code>/usr/bin/ansible</code> to run the latest version that is installed via APT.</p> <h3>Injecting Python dependencies needed by collections</h3> <p>Quickly enough, I realized something odd, apparently the plugin <code>community.general.dig</code> didn't work anymore. After some research, I found a one-liner to test that:</p> <div class="highlight"><pre><span></span><code><span class="x"># Works with APT-installed Ansible? Yes!</span> <span class="x">$ /usr/bin/ansible all -i localhost, -m debug -a msg="</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'dig'</span><span class="o">,</span> <span class="s1">'debian.org./A'</span><span class="o">)</span> <span class="cp">}}</span><span class="x">"</span> <span class="x">localhost | SUCCESS => {</span> <span class="x"> "msg": "151.101.66.132,151.101.2.132,151.101.194.132,151.101.130.132"</span> <span class="x">}</span> <span class="x"># Works with pipx-installed Ansible? No!</span> <span class="x">$ ansible all -i localhost, -m debug -a msg="</span><span class="cp">{{</span> <span class="nv">lookup</span><span class="o">(</span><span class="s1">'dig'</span><span class="o">,</span> <span class="s1">'debian.org./A'</span><span class="o">)</span> <span class="cp">}}</span><span class="x">"</span> <span class="x">localhost | FAILED! => {</span> <span class="x"> "msg": "An unhandled exception occurred while running the lookup plugin 'dig'.</span> <span class="x"> Error was a <class 'ansible.errors.AnsibleError'>, original message: The dig</span> <span class="x"> lookup requires the python 'dnspython' library and it is not installed."</span> <span class="x">}</span> </code></pre></div> <p>The issue here is that we need <code>python3-dnspython</code>, which is installed on my system, but is not installed within the pipx virtual environment. It seems that the way to go is to inject the required dependencies in the venv, which is (again) super easy:</p> <div class="highlight"><pre><span></span><code>$<span class="w"> </span>pipx<span class="w"> </span>inject<span class="w"> </span>ansible<span class="w"> </span>dnspython <span class="w"> </span>injected<span class="w"> </span>package<span class="w"> </span>dnspython<span class="w"> </span>into<span class="w"> </span>venv<span class="w"> </span>ansible <span class="k">done</span>!<span class="w"> </span>✨<span class="w"> </span>🌟<span class="w"> </span>✨ </code></pre></div> <p>Problem fixed! Of course you'll have to iterate to install other missing dependencies, depending on which Ansible external plugins are used in your playbooks.</p> <h2>Closing thoughts</h2> <p>Hopefully there's nothing left to discover and I can get back to work! If there's more quirks and rough edges, drop me an email so that I can update this blog post.</p> <p>Let me also credit another useful blog post on the matter: <a href="https://unfriendlygrinch.info/posts/effortless-ansible-installation/">https://unfriendlygrinch.info/posts/effortless-ansible-installation/</a></p> </div> <p class="date"> <a href="https://arnaudr.io/2024/11/20/installing-an-older-ansible-version-via-pipx/">20 November, 2024 12:00AM</a> by Arnaud Rebillout </p> </div> </div> </div> <h1>November 19, 2024</h1> <div class="channel"> <a href="https://blog.aurel32.net/"> <img class="face" src="heads/aurel32.png" width="65" height="85" alt="hackergotchi for Aurelien Jarno" /> </a> <h2 class="planet-title"> <a href="https://blog.aurel32.net/" title="Aurélien Jarno">Aurelien Jarno</a> <script type="text/javascript">  </script> </h2> <div id="https://blog.aurel32.net/ai-crawlers-should-be-smarter.html" class="https://blog.aurel32.net/ai-crawlers-should-be-smarter.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://blog.aurel32.net/ai-crawlers-should-be-smarter.html">AI crawlers should be smarter</a> </h3> <div class="content"> <p>It would be fantastic if all those AI companies dedicated some time to make their web crawlers smarter (what about using AI?). Noawadays most of them still stupidly follow every link on a Git frontend.</p> <p><strong>Hint</strong>: Changing the display options does not provide more training data!</p> </div> <p class="date"> <a href="https://blog.aurel32.net/ai-crawlers-should-be-smarter.html">19 November, 2024 10:31PM</a> by aurel32 </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://melissawen.github.io/" title="Wen.onweb">Melissa Wen</a> <script type="text/javascript">  </script> </h2> <div id="https://melissawen.github.io/blog/2024/11/19/summary-display-kms-meeting-xdc2024" class="https://melissawen.github.io/blog/2024/11/19/summary-display-kms-meeting-xdc2024"> <div class="entry"> <h3 class="entry-title"> <a href="https://melissawen.github.io/blog/2024/11/19/summary-display-kms-meeting-xdc2024">Display/KMS Meeting at XDC 2024: Detailed Report</a> </h3> <div class="content"> <p>XDC 2024 in Montreal was another fantastic gathering for the Linux Graphics community. It was again a great time to immerse in the world of graphics development, engage in stimulating conversations, and learn from inspiring developers.</p> <p>Many <a href="https://igalia.com/">Igalia</a> colleagues and I participated in the conference again, delivering multiple talks about our work on the Linux Graphics stack and also organizing the Display/KMS meeting. This blog post is a detailed report on the Display/KMS meeting held during this XDC edition.</p> <p><strong>Short on Time?</strong></p> <ol> <li>Catch the lightning talk summarizing the meeting here (you can even speed up 2x):</li> </ol> <ol> <li>For a quick written summary, scroll down to the TL;DR section.</li> </ol> <h2 id="tldr">TL;DR</h2> <p>This meeting took 3 hours and tackled a variety of topics related to DRM/KMS (Linux/DRM Kernel Modesetting):</p> <ul> <li><strong>Sharing Drivers Between V4L2 and KMS:</strong> Brainstorming solutions for using a single driver for devices used in both camera capture and display pipelines.</li> <li><strong>Real-Time Scheduling:</strong> Addressing issues with non-blocking page flips encountering sigkills under real-time scheduling.</li> <li><strong>HDR/Color Management:</strong> Agreement on merging the current proposal, with NVIDIA implementing its special cases on VKMS and adding missing parts on top of Harry Wentland’s (AMD) changes.</li> <li><strong>Display Mux:</strong> Collaborative design discussions focusing on compositor control and cross-sync considerations.</li> <li><strong>Better Commit Failure Feedback:</strong> Exploring ways to equip compositors with more detailed information for failure analysis.</li> </ul> <hr /> <h2 id="bringing-together-linux-display-developers-in-the-xdc-2024">Bringing together Linux display developers in the XDC 2024</h2> <p>While I didn’t present a talk this year, I co-organized a Display/KMS meeting (with Rodrigo Siqueira of AMD) to build upon the momentum from the <a href="https://events.pages.igalia.com/linuxdisplaynexthackfest/">2024 Linux Display Next hackfest</a>. The meeting was attended by around 30 people in person and 4 remote participants.</p> <p><a href="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-room-2.jpg" title="Display/KMS meeting room with around 30 in-person participants, a large screen with remote participants and Jonas Adahl on the stage."><img alt="" src="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-room-2.jpg" /></a></p> <p><strong>Speakers:</strong> Melissa Wen (Igalia) and Rodrigo Siqueira (AMD)</p> <p><strong>Link:</strong> https://indico.freedesktop.org/event/6/contributions/383/</p> <p><strong>Topics:</strong> Similar to the hackfest, the meeting agenda was built over the first two days of the conference and mixed talks follow-up with new ideas and ongoing community efforts.</p> <p>The final agenda covered five topics in the scheduled order:</p> <ol> <li>How to share drivers between V4L2 and DRM for bridge-like components (new topic);</li> <li>Real-time Scheduling (problems encountered after the Display Next hackfest);</li> <li>HDR/Color Management (ofc);</li> <li>Display Mux (from Display hackfest and XDC 2024 talk, bringing AMD and NVIDIA together);</li> <li>(Better) Commit Failure Feedback (continuing the last minute topic of the Display Next hackfest).</li> </ol> <h2 id="unpacking-the-topics">Unpacking the Topics</h2> <p>Similar to the hackfest, the meeting agenda evolved over the conference. During the 3 hours of meeting, I coordinated the room and discussion rounds, and Rodrigo Siqueira took notes and also contacted key developers to provide a detailed report of the many topics discussed.</p> <p><a href="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-summary.jpg" title="Melissa Wen and Rodrigo Siqueira presents a lightning talk that summarizes the Display/KMS meeting - with some slides."><img alt="" src="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-summary.jpg" /></a></p> <p>From his notes, let’s dive into the key discussions!</p> <h3 id="how-to-share-drivers-between-v4l2-and-kms-for-bridge-like-components">How to share drivers between V4L2 and KMS for bridge-like components.</h3> <p>Led by <em>Laurent Pinchart</em>, we delved into the challenge of creating a unified driver for hardware devices (like scalers) that are used in both camera capture pipelines and display pipelines.</p> <ul> <li><strong>Problem Statement:</strong> How can we design a single kernel driver to handle devices that serve dual purposes in both V4L2 and DRM subsystems?</li> <li><strong>Potential Solutions:</strong> <ol> <li><em>Multiple Compatible Strings:</em> We could assign different compatible strings to the device tree node based on its usage in either the camera or display pipeline. However, this approach might raise concerns from device tree maintainers as it could be seen as a layer violation.</li> <li><em>Separate Abstractions:</em> A single driver could expose the device to both DRM and V4L2 through separate abstractions: drm-bridge for DRM and V4L2 subdev for video. While simple, this approach requires maintaining two different abstractions for the same underlying device.</li> <li><em>Unified Kernel Abstraction:</em> We could create a new, unified kernel abstraction that combines the best aspects of drm-bridge and V4L2 subdev. This approach offers a more elegant solution but requires significant design effort and potential migration challenges for existing hardware.</li> </ol> </li> </ul> <h3 id="real-time-scheduling-challenges">Real-Time Scheduling Challenges</h3> <p>We have discussed real-time scheduling during <a href="https://events.pages.igalia.com/linuxdisplaynexthackfest/">this year Linux Display Next hackfest</a> and, during the XDC 2024, <em>Jonas Adahl</em> brought up issues uncovered while progressing on this front.</p> <ul> <li><strong>Context:</strong> Non-blocking page-flips can, on rare occasions, take a long time and, for that reason, get a sigkill if the thread doing the atomic commit is a real-time schedule.</li> <li><strong>Action items</strong>: <ul> <li>Explore alternative backtraces during the busy wait (e.g., ftrace).</li> <li>Investigate the maximum thread time in busy wait to reproduce issues faced by compositors. Tools like RTKit (mutter) can be used for better control (Michel Dänzer can help with this setup).</li> </ul> </li> </ul> <h3 id="hdrcolor-management">HDR/Color Management</h3> <p>This is a well-known topic with ongoing effort on all layers of the Linux Display stack and has been discussed online and in-person in conferences and meetings over the last years.</p> <p>Here’s a breakdown of the key points raised at this meeting:</p> <ul> <li><strong><a href="https://www.youtube.com/watch?v=623tXWWz9lc">Talk: Color operations for Linux color pipeline on AMD devices</a></strong>: In the previous day, Alex Hung (AMD) presented the implementation of this API on AMD display driver.</li> <li><strong>NVIDIA Integration</strong>: While they agree with the overall proposal, NVIDIA needs to add some missing parts. Importantly, they will implement these on top of Harry Wentland’s (AMD) proposal. Their specific requirements will be implemented on VKMS (Virtual Kernel Mode Setting driver) for further discussion. This VKMS implementation can benefit compositor developers by providing insights into NVIDIA’s specific needs.</li> <li><strong>Other vendors</strong>: There is a version of the KMS API applied on Intel color pipeline. Apart from that, other vendors appear to be comfortable with the current proposal but lacks the bandwidth to implement it right now.</li> <li><strong>Upstream Patches</strong>: The relevant upstream patches were can be found <a href="https://lore.kernel.org/dri-devel/20241003200129.1732122-1-harry.wentland@amd.com/">here</a>. <em>[As humorously notes, this series is eagerly awaiting your “Acked-by” (approval)]</em></li> <li><strong>Compositor Side</strong>: The compositor developers have also made significant progress. <ul> <li>KDE has already implemented and validated the API through <a href="https://invent.kde.org/plasma/kwin/-/commits/work/zamundaaa/drm-colorop">an experimental implementation in Kwin</a>.</li> <li>Gamescope currently uses a driver-specific implementation but has <a href="https://github.com/ValveSoftware/gamescope/pull/1309">a draft</a> that utilizes the generic version. However, some work is still required to fully transition away from the driver-specific approach. <em>AP: work on porting gamescope to KMS generic API</em></li> <li>Weston has also begun exploring implementation, and we might see something from them by the end of the year.</li> </ul> </li> <li><strong>Kernel and Testing</strong>: The kernel API proposal is well-refined and meets the DRM subsystem requirements. Thanks to <em>Harry Wentland</em> effort, we already have <a href="https://gitlab.freedesktop.org/hwentland/igt-gpu-tools/-/merge_requests/1">the API attached to two hardware vendors</a> and <a href="https://gitlab.freedesktop.org/hwentland/linux/-/merge_requests/5">IGT tests</a>, and, thanks to <em>Xaver Hugl</em>, a compositor implementation in place.</li> </ul> <p>Finally, there was a strong sense of agreement that the current proposal for HDR/Color Management is ready to be merged. In simpler terms, everything seems to be working well on the technical side - all signs point to merging and “shipping” the DRM/KMS plane color management API!</p> <p><a href="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-summary-2.jpg" title="Melissa Wen summarizes the HDR/Color Management discussions in the Display/KMS meeting."><img alt="" src="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-summary-2.jpg" /></a></p> <h3 id="display-mux">Display Mux</h3> <p>During the meeting, <em>Daniel Dadap</em> led a brainstorming session on the design of the display mux switching sequence, in which the compositor would arm the switch via sysfs, then send a modeset to the outgoing driver, followed by a modeset to the incoming driver.</p> <ul> <li><strong>Context:</strong> <ul> <li>During this year Linux Display Next hackfest, Mario Limonciello (AMD) introduced the topic and led a discussion on <a href="https://cloud.igalia.com/s/7Z5xdAQiN5pz6GC">Display Mux</a>.</li> <li>Daniel Dadap (NVIDIA) retook this discussion with the <a href="https://www.youtube.com/watch?v=gTTKmLa0urU">XDC 2024 talk: Dynamic Switching of Display Muxes on Hybrid GPU Systems</a>.</li> </ul> </li> <li><strong>Key Considerations:</strong> <ul> <li><em>HPD Handling:</em> There was a general consensus that disabling HPD can be part of the sequence for internal panels and we don’t need to focus on it here.</li> <li><em>Cross-Sync:</em> Ensuring synchronization between the compositor and the drivers is crucial. The compositor should act as the “drm-master” to coordinate the entire sequence, but how can this be ensured?</li> <li><em>Future-Proofing:</em> The design should not assume the presence of a mux. In future scenarios, direct sharing over DP might be possible.</li> </ul> </li> <li><strong>Action points:</strong> <ul> <li><em>Sharing DP AUX:</em> Explore the idea of sharing DP AUX and its implications.</li> <li><em>Backlight</em>: The backlight definition represents a problem in the mux switch context, so we should explore some of the current specs available for that.</li> </ul> </li> </ul> <p><a href="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-room.jpg" title="The Display/KMS meeting room with Daniel Dadap and Harry Wentland discussing about Display Mux."><img alt="" src="https://raw.githubusercontent.com/melissawen/melissawen.github.io/refs/heads/master/img/xdc2024/xdc2024-display-meeting-room.jpg" /></a></p> <h3 id="towards-better-commit-failure-feedback">Towards Better Commit Failure Feedback</h3> <p>In the last part of the meeting, <em>Xaver Hugl</em> asked for better commit failure feedback.</p> <ul> <li><strong>Problem description:</strong> Compositors currently face challenges in collecting detailed information from the kernel about commit failures. This lack of granular data hinders their ability to understand and address the root causes of these failures.</li> </ul> <p>To address this issue, we discussed <strong>several potential improvements</strong>:</p> <ul> <li><em>Direct Kernel Log Access:</em> One idea is to directly load relevant kernel logs into the compositor. This would provide more detailed information about the failure and potentially aid in debugging.</li> <li><em>Finer-Grained Failure Reporting:</em> We also explored the possibility of separating atomic failures into more specific categories. Not all failures are critical, and understanding the nature of the failure can help compositors take appropriate action.</li> <li><em>Enhanced Logging:</em> Currently, the dmesg log doesn’t provide enough information for user-space validation. Raising the log level to capture more detailed information during failures could be a viable solution.</li> </ul> <p>By implementing these improvements, we aim to equip compositors with the necessary tools to better understand and resolve commit failures, leading to a more robust and stable display system.</p> <h2 id="a-big-thank-you">A Big Thank You!</h2> <p>Huge thanks to Rodrigo Siqueira for these detailed meeting notes. Also, Laurent Pinchart, Jonas Adahl, Daniel Dadap, Xaver Hugl, and Harry Wentland for bringing up interesting topics and leading discussions. Finally, thanks to all the participants who enriched the discussions with their experience, ideas, and inputs, especially Alex Goins, Antonino Maniscalco, Austin Shafer, Daniel Stone, Demi Obenour, Jessica Zhang, Joan Torres, Leo Li, Liviu Dudau, Mario Limonciello, Michel Dänzer, Rob Clark, Simon Ser and Teddy Li.</p> <p>This collaborative effort will undoubtedly contribute to the continued development of the Linux display stack.</p> <p><strong>Stay tuned for future updates!</strong></p> </div> <p class="date"> <a href="https://melissawen.github.io/blog/2024/11/19/summary-display-kms-meeting-xdc2024">19 November, 2024 01:00PM</a> </p> </div> </div> </div> <h1>November 18, 2024</h1> <div class="channel"> <a href="http://dirk.eddelbuettel.com/blog"> <img class="face" src="heads/dirk.png" width="65" height="90" alt="hackergotchi for Dirk Eddelbuettel" /> </a> <h2 class="planet-title"> <a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <script type="text/javascript">  </script> </h2> <div id="http://dirk.eddelbuettel.com/blog/2024/11/18#rcpparmadillo_14.2.0-1" class="http://dirk.eddelbuettel.com/blog/2024/11/18#rcpparmadillo_14.2.0-1"> <div class="entry"> <h3 class="entry-title"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/18#rcpparmadillo_14.2.0-1">RcppArmadillo 14.2.0-1 on CRAN: New Upstream Minor</a> </h3> <div class="content"> <p><img alt="armadillo image" src="http://dirk.eddelbuettel.com/images/armadillo_logo_two.png" style="float: left; margin: 10px 10px 10px 0;" /></p> <p><a href="https://arma.sourceforge.net/">Armadillo</a> is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. <a href="https://dirk.eddelbuettel.com/code/rcpp.armadillo.html">RcppArmadillo</a> integrates this library with the <a href="https://www.r-project.org">R</a> environment and language–and is widely used by (currently) 1191 other packages on <a href="https://cran.r-project.org">CRAN</a>, downloaded 37.2 million times (per the partial logs from the cloud mirrors of CRAN), and the <a href="https://doi.org/10.1016/j.csda.2013.02.005">CSDA paper</a> (<a href="https://cran.r-project.org/package=RcppArmadillo/vignettes/RcppArmadillo-intro.pdf">preprint / vignette</a>) by Conrad and myself has been cited 603 times according to Google Scholar.</p> <p><a href="https://conradsanderson.id.au/">Conrad</a> released a minor version 14.2.0 a few days ago after we spent about two weeks with several runs of reverse-dependency checks covering corner cases. After a short delay at <a href="https://cran.r-project.org">CRAN</a> due to a false positive on a test, a package failing tests we also failed under the previous version, and some concern over new deprecation warnings _whem using the headers directly as _e.g. <a href="https://cran.r-project.org/package=mlpack">mlpack R package</a> does we are now on <a href="https://cran.r-project.org">CRAN</a>. I noticed a missing feature under large ‘64bit word’ (for large floating-point matrices) and added an exporter for <code>icube</code> going to <code>double</code> to support the 64-bit integer range (as we already did, of course, for vectors and matrices). Changes since the last <a href="https://cran.r-project.org">CRAN</a> release are summarised below.</p> <blockquote> <h4 id="changes-in-rcpparmadillo-version-14.2.0-1-2024-11-16">Changes in RcppArmadillo version 14.2.0-1 (2024-11-16)</h4> <ul> <li><p>Upgraded to Armadillo release 14.2.0 (Smooth Caffeine)</p> <ul> <li><p>Faster handling of symmetric matrices by <code>inv()</code> and <code>rcond()</code></p></li> <li><p>Faster handling of hermitian matrices by <code>inv()</code>, <code>rcond()</code>, <code>cond()</code>, <code>pinv()</code>, <code>rank()</code></p></li> <li><p>Added <code>solve_opts::force_sym</code> option to <code>solve()</code> to force the use of the symmetric solver</p></li> <li><p>More efficient handling of compound expressions by <code>solve()</code></p></li> </ul></li> <li><p>Added exporter specialisation for <code>icube</code> for the <code>ARMA_64BIT_WORD</code> case</p></li> </ul> </blockquote> <p>Courtesy of my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, there is a <a href="https://dirk.eddelbuettel.com/cranberries/2024/11/18/#RcppArmadillo_14.2.0-1">diffstat report</a> relative to previous release. More detailed information is on the <a href="https://dirk.eddelbuettel.com/code/rcpp.armadillo.html">RcppArmadillo page</a>. Questions, comments etc should go to the <a href="https://lists.r-forge.r-project.org/cgi-bin/mailman/listinfo/rcpp-devel">rcpp-devel mailing list</a> off the <a href="https://r-forge.r-project.org/projects/rcpp/">Rcpp R-Forge</a> page.</p> <p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at GitHub</a>.</p> <p style="font-size: 80%; font-style: italic;"> This post by <a href="https://dirk.eddelbuettel.com">Dirk Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a> blog. Please report excessive re-aggregation in third-party for-profit settings. </p><p></p> </div> <p class="date"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/18#rcpparmadillo_14.2.0-1">18 November, 2024 10:31PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://wp.c9h.org/cj"> <img class="face" src="heads/cj.png" width="65" height="85" alt="hackergotchi for C.J. Collier" /> </a> <h2 class="planet-title"> <a href="https://wp.c9h.org/cj" title="debian – Clerical Rigor">C.J. Collier</a> <script type="text/javascript">  </script> </h2> <div id="https://wp.c9h.org/cj/?p=2011" class="https://wp.c9h.org/cj/?p=2011"> <div class="entry"> <h3 class="entry-title"> <a href="https://wp.c9h.org/cj/?p=2011">Managing HPE SAS Controllers</a> </h3> <div class="content"> <p>Notes to self. And anyone else who might find them useful. Following are some ssacli commands which I use infrequently enough that they fall out of cache. This may repeat information in other blogs, but since I search my posts first when commands slip my mind, I thought I’d include them here, too.</p> <p><a href="https://cmdref.net/hardware/proliant/hpacucli.html">hpacucli</a> is the wrong command. Use <a href="https://support.hpe.com/connect/s/softwaredetails?language=en_US&collectionId=MTX-0cb3f808e2514d3d&tab=releaseNotes">ssacli</a> instead.</p> <pre>$ KR='/usr/share/keyrings/hpe.gpg' $ for fingerprint in \ 882F7199B20F94BD7E3E690EFADD8D64B1275EA3 \ 57446EFDE098E5C934B69C7DC208ADDE26C2B797 \ 476DADAC9E647EE27453F2A3B070680A5CE2D476 ; do \ curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${fingerprint}" \ | gpg --no-default-keyring --keyring "${KR}" --import ; \ done $ gpg --list-keys --no-default-keyring --keyring "${KR}" /usr/share/keyrings/hpe.gpg --------------------------- pub rsa2048 2012-12-04 [SC] [expired: 2022-12-02] 476DADAC9E647EE27453F2A3B070680A5CE2D476 uid [ expired] Hewlett-Packard Company RSA (HP Codesigning Service) pub rsa2048 2014-11-19 [SC] [expired: 2024-11-16] 882F7199B20F94BD7E3E690EFADD8D64B1275EA3 uid [ expired] Hewlett-Packard Company RSA (HP Codesigning Service) - 1 pub rsa2048 2015-12-10 [SCEA] [expires: 2025-12-07] 57446EFDE098E5C934B69C7DC208ADDE26C2B797 uid [ unknown] Hewlett Packard Enterprise Company RSA-2048-25 $ echo "deb [signed-by=${KR}] http://downloads.linux.hpe.com/SDR/repo/mcp bookworm/current non-free" \ | sudo dd of=/etc/apt/sources.list.d status=none $ sudo apt-get update $ sudo apt-get install -y -qq ssacli > /dev/null 2>&1 $ sudo ssacli <b>ctrl all show status</b> HPE Smart Array P408i-p SR Gen10 in Slot 3 Controller Status: OK Cache Status: OK Battery/Capacitor Status: OK $ sudo ssacli <b>ctrl all show detail</b> HPE Smart Array P408i-p SR Gen10 in Slot 3 Bus Interface: PCI Slot: 3 Serial Number: PFJHD0ARCCR1QM RAID 6 Status: Enabled Controller Status: OK Hardware Revision: B Firmware Version: 2.65 Firmware Supports Online Firmware Activation: True Driver Supports Online Firmware Activation: True Rebuild Priority: High Expand Priority: Medium Surface Scan Delay: 3 secs Surface Scan Mode: Idle Parallel Surface Scan Supported: Yes Current Parallel Surface Scan Count: 1 Max Parallel Surface Scan Count: 16 Queue Depth: Automatic Monitor and Performance Delay: 60 min Elevator Sort: Enabled Degraded Performance Optimization: Disabled Inconsistency Repair Policy: Disabled Write Cache Bypass Threshold Size: 1040 KiB Wait for Cache Room: Disabled Surface Analysis Inconsistency Notification: Disabled Post Prompt Timeout: 15 secs Cache Board Present: True Cache Status: OK Cache Ratio: 10% Read / 90% Write Configured Drive Write Cache Policy: Disable Unconfigured Drive Write Cache Policy: Default Total Cache Size: 2.0 Total Cache Memory Available: 1.8 Battery Backed Cache Size: 1.8 No-Battery Write Cache: Disabled SSD Caching RAID5 WriteBack Enabled: True SSD Caching Version: 2 Cache Backup Power Source: Batteries Battery/Capacitor Count: 1 Battery/Capacitor Status: OK SATA NCQ Supported: True Spare Activation Mode: Activate on physical drive failure (default) Controller Temperature (C): 53 Cache Module Temperature (C): 43 Capacitor Temperature (C): 40 Number of Ports: 2 Internal only Encryption: Not Set Express Local Encryption: False Driver Name: smartpqi Driver Version: Linux 2.1.18-045 PCI Address (Domain:Bus:Device.Function): 0000:11:00.0 Negotiated PCIe Data Rate: PCIe 3.0 x8 (7880 MB/s) Controller Mode: Mixed Port Max Phy Rate Limiting Supported: False Latency Scheduler Setting: Disabled Current Power Mode: MaxPerformance Survival Mode: Enabled Host Serial Number: 2M20040D1Q Sanitize Erase Supported: True Sanitize Lock: None Sensor ID: 0 Location: Capacitor Current Value (C): 40 Max Value Since Power On: 42 Sensor ID: 1 Location: ASIC Current Value (C): 53 Max Value Since Power On: 55 Sensor ID: 2 Location: Unknown Current Value (C): 43 Max Value Since Power On: 45 Sensor ID: 3 Location: Cache Current Value (C): 43 Max Value Since Power On: 44 Primary Boot Volume: None Secondary Boot Volume: None $ sudo ssacli <b>ctrl all show config</b> HPE Smart Array P408i-p SR Gen10 in Slot 3 (sn: PFJHD0ARCCR1QM) Internal Drive Cage at Port 1I, Box 2, OK Internal Drive Cage at Port 2I, Box 2, OK Port Name: 1I (Mixed) Port Name: 2I (Mixed) Array A (SAS, Unused Space: 0 MB) logicaldrive 1 (1.64 TB, RAID 6, OK) physicaldrive 1I:2:1 (port 1I:box 2:bay 1, SAS HDD, 300 GB, OK) physicaldrive 1I:2:2 (port 1I:box 2:bay 2, SAS HDD, 1.2 TB, OK) physicaldrive 1I:2:3 (port 1I:box 2:bay 3, SAS HDD, 300 GB, OK) physicaldrive 1I:2:4 (port 1I:box 2:bay 4, SAS HDD, 1.2 TB, OK) physicaldrive 2I:2:5 (port 2I:box 2:bay 5, SAS HDD, 300 GB, OK) physicaldrive 2I:2:6 (port 2I:box 2:bay 6, SAS HDD, 300 GB, OK) physicaldrive 2I:2:7 (port 2I:box 2:bay 7, SAS HDD, 1.2 TB, OK) physicaldrive 2I:2:8 (port 2I:box 2:bay 8, SAS HDD, 1.2 TB, OK) SEP (Vendor ID HPE, Model Smart Adapter) 379 (WWID: 51402EC013705E88, Port: Unknown) $ sudo ssacli <b>ctrl slot=3 pd 2I:2:7 show detail</b> HPE Smart Array P408i-p SR Gen10 in Slot 3 Array A physicaldrive 2I:2:7 Port: 2I Box: 2 Bay: 7 Status: OK Drive Type: Data Drive Interface Type: SAS Size: 1.2 TB Drive exposed to OS: False Logical/Physical Block Size: 512/512 Rotational Speed: 10000 Firmware Revision: U850 Serial Number: KZGN1BDE WWID: 5000CCA01D247239 Model: HGST HUC101212CSS600 Current Temperature (C): 46 Maximum Temperature (C): 51 PHY Count: 2 PHY Transfer Rate: 6.0Gbps, Unknown PHY Physical Link Rate: 6.0Gbps, Unknown PHY Maximum Link Rate: 6.0Gbps, 6.0Gbps Drive Authentication Status: OK Carrier Application Version: 11 Carrier Bootloader Version: 6 Sanitize Erase Supported: False Shingled Magnetic Recording Support: None Drive Unique ID: 5000CCA01D247238 </pre> <div class="twitter-share"><a class="twitter-share-button" href="https://twitter.com/intent/tweet?url=https%3A%2F%2Fwp.c9h.org%2Fcj%2F%3Fp%3D2011&via=cjamescollier">Tweet</a></div> </div> <p class="date"> <a href="https://wp.c9h.org/cj/?p=2011">18 November, 2024 07:21PM</a> by C.J. Collier </p> </div> </div> </div> <div class="channel"> <a href="http://debblog.philkern.de/"> <img class="face" src="heads/pkern.png" width="69" height="85" alt="hackergotchi for Philipp Kern" /> </a> <h2 class="planet-title"> <a href="http://debblog.philkern.de/" title="Philipp Kern's Debian blog">Philipp Kern</a> <script type="text/javascript">  </script> </h2> <div id="https://debblog.philkern.de/2024/11/debianorg-now-supports-security-key.html" class="https://debblog.philkern.de/2024/11/debianorg-now-supports-security-key.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://debblog.philkern.de/2024/11/debianorg-now-supports-security-key.html">debian.org now supports Security Key-backed SSH keys</a> </h3> <div class="content"> <p>debian.org's infrastructure now supports using Security Key-backed SSH keys. DDs (and guests) can use the mail gateway to add SSH keys of the types sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com to their LDAP accounts.</p><p>This was done in support of hardening our infrastructure: Hopefully we can require these hardware-backed keys for sensitive machines in the future, to have some assertion that it is a human that is connecting to them.<br /></p><p>As some of us shell to machines a little too often, I also wrote a small <a href="https://github.com/pkern/sshca" target="_blank">SSH CA</a> that issues short-lived certificates (<a href="https://dsa.debian.org/user/ssh/" target="_blank">documentation</a>). It requires the user to login via SSH using an SK-backed key and then issues a certificate that is valid for less than a day. For cases where you need to frequently shell to a machine or to a lot of machines at once that should be a nice compromise of usability vs. security.</p><p>The capabilities of various keys differ a lot and it is not always easy to determine what feature set they support. Generally SK-backed keys work with FIDO U2F keys, if you use the ecdsa key type. Resident keys (i.e. keys stored on the token, to be used from multiple devices) require FIDO2-compatible keys. <span style="font-family: courier;">no-touch-required</span> is its own maze, e.g. the flag is not properly restored today when pulling the public key from a resident key. The latter is also one reason for writing my own CA.</p><p>Someone<span class="BxUVEf ILfuVd" lang="de"><span class="hgKElc"><b><sup>TM</sup></b></span></span> should write up a matrix on what is supported where and how. In the meantime it is probably easiest to generate an ed25519 key - or if that does not work an ecdsa key - and make a backup copy of the resulting on-disk key file. And copy that around to other devices (or OSes) that require access to the key.<span class="BxUVEf ILfuVd" lang="de"><span class="hgKElc"><b><sup><br /></sup></b></span></span></p> </div> <p class="date"> <a href="https://debblog.philkern.de/2024/11/debianorg-now-supports-security-key.html">18 November, 2024 04:43PM</a> by Philipp Kern (noreply@blogger.com) </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="https://www.eyrie.org/~eagle/" title="Eagle's Path">Russ Allbery</a> <script type="text/javascript">  </script> </h2> <div id="https://www.eyrie.org/~eagle/reviews/books/0-593-33641-0.html" class="https://www.eyrie.org/~eagle/reviews/books/0-593-33641-0.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.eyrie.org/~eagle/reviews/books/0-593-33641-0.html">Review: Delilah Green Doesn't Care</a> </h3> <div class="content"> <p>Review: <cite>Delilah Green Doesn't Care</cite>, by Ashley Herring Blake</p> <table> <tbody><tr> <td>Series:</td> <td>Bright Falls #1</td> </tr> <tr> <td>Publisher:</td> <td>Jove</td> </tr> <tr> <td>Copyright:</td> <td>February 2022</td> </tr> <tr> <td>ISBN:</td> <td>0-593-33641-0</td> </tr> <tr> <td>Format:</td> <td>Kindle</td> </tr> <tr> <td>Pages:</td> <td>374</td> </tr></tbody></table> <p> <cite>Delilah Green Doesn't Care</cite> is a sapphic romance novel. It's the first of a trilogy, although in the normal romance series fashion each book follows a different protagonist and has its own happy ending. It is apparently classified as romantic comedy, which did not occur to me while reading but which I suppose I can see in retrospect. </p> <p> Delilah Green got the hell out of Bright Falls as soon as she could and tried not to look back. After her father died, her step-mother lavished all of her perfectionist attention on her overachiever step-sister, leaving Delilah feeling like an unwanted ghost. She escaped to New York where there was space for a queer woman with an acerbic personality and a burgeoning career in photography. Her estranged step-sister's upcoming wedding was not a good enough reason to return to the stifling small town of her childhood. The pay for photographing the wedding was, since it amounted to three months of rent and trying to sell photographs in galleries was not exactly a steady living. So back to Bright Falls Delilah goes. </p> <p> Claire never left Bright Falls. She got pregnant young and ended up with a different life than she expected, although not a bad one. Now she's raising her daughter as a single mom, running the town bookstore, and dealing with her unreliable ex. She and Iris are Astrid Parker's best friends and have been since fifth grade, which means she wants to be happy for Astrid's upcoming wedding. There's only one problem: the groom. He's a controlling, boorish ass, but worse, Astrid seems to turn into a different person around him. Someone Claire doesn't like. </p> <p> Then, to make life even more complicated, Claire tries to pick up Astrid's estranged step-sister in Bright Falls's bar without recognizing her. </p> <p> I have a lot of things to say about this novel, but here's the core of my review: I started this book at 4pm on a Saturday because I hadn't read anything so far that day and wanted to at least start a book. I finished it at 11pm, having blown off everything else I had intended to do that evening, completely unable to put it down. </p> <p> It turns out there is a specific type of romance novel protagonist that I absolutely adore: the sarcastic, confident, no-bullshit character who is willing to pick the fights and say the things that the other overly polite and anxious characters aren't able to get out. Astrid does not react well to criticism, for reasons that are far more complicated than it may first appear, and Claire and Iris have been dancing around the obvious problems with her surprise engagement. As the title says, Delilah thinks she doesn't care: she's here to do a job and get out, and maybe she'll get to tweak her annoying step-sister a bit in the process. But that also means that she is unwilling to play along with Astrid's obsessively controlling mother or her obnoxious fiance, and thus, to the barely disguised glee of Claire and Iris, is a direct threat to the tidy life that Astrid's mother is trying to shoehorn her daughter into. </p> <p> This book is a great example of why I prefer sapphic romances: I think this character setup would not work, at least for me, in a heterosexual romance. Delilah's role only works if she's a woman; if a male character were the sarcastic conversational bulldozer, it would be almost impossible to avoid falling into the gender stereotype of a male rescuer. If this were a heterosexual romance trying to avoid that trap, the long-time friend who doesn't know how to directly confront Astrid would have to be the male protagonist. That could work, but it would be a tricky book to write without turning it into a story focused primarily on the subversion of gender roles. Making both protagonists women dodges the problem entirely and gives them so much narrative and conceptual space to simply be themselves, rather than characters obscured by the shadows of societal gender rules. </p> <p> This is also, at it's core, a book about friendship. Claire, Astrid, and Iris have the sort of close-knit friend group that looks exclusive and unapproachable from the outside. Delilah was the stereotypical outsider, mocked and excluded when they thought of her at all. This, at least, is how the dynamics look at the start of the book, but Blake did an impressive job of shifting my understanding of those relationships without changing their essential nature. She fleshes out all of the characters, not just the romantic leads, and adds complexity, nuance, and perspective. And, yes, past misunderstanding, but it's mostly not the cheap sort that sometimes drives romance plots. It's the misunderstanding rooted in remembered teenage social dynamics, the sort of misunderstanding that happens because communication is incredibly difficult, even more difficult when one has no practice or life experience, and requires knowing oneself well enough to even know what to communicate. </p> <p> The encounter between Delilah and Claire in the bar near the start of the book is cornerstone of the plot, but the moment that grabbed me and pulled me in was Delilah's first interaction with Claire's daughter Ruby. That was the point when I knew these were characters I could trust, and Blake never let me down. I love how Ruby is handled throughout this book, with all of the messy complexity of a kid of divorced parents with her own life and her own personality and complicated relationships with both parents that are independent of the relationship their parents have with each other. </p> <p> This is not a perfect book. There's one prank scene that I thought was excessively juvenile and should have been counter-productive, and there's one tricky question of (nonsexual) consent that the book raises and then later seems to ignore in a way that bugged me after I finished it. There is a third-act breakup, which is not my favorite plot structure, but I think Blake handles it reasonably well. I would probably find more niggles and nitpicks if I re-read it more slowly. But it was utterly engrossing reading that exactly matched my mood the day that I picked it up, and that was a fantastic reading experience. </p> <p> I'm not much of a romance reader and am not the traditional audience for sapphic romance, so I'm probably not the person you should be looking to for recommendations, but this is the sort of book that got me to immediately buy all of the sequels and start thinking about a re-read. It's also the sort of book that dragged me back in for several chapters when I was fact-checking bits of my review. Take that recommendation for whatever it's worth. </p> <p> Content note: Reviews of <cite>Delilah Green Doesn't Care</cite> tend to call it steamy or spicy. I have no calibration for this for romance novels. I did not find it very sex-focused (I have read genre fantasy novels with more sex), but there are several on-page sex scenes if that's something you care about one way or the other. </p> <p> Followed by <cite>Astrid Parker Doesn't Fail</cite>. </p> <p>Rating: 9 out of 10</p> </div> <p class="date"> <a href="https://www.eyrie.org/~eagle/reviews/books/0-593-33641-0.html">18 November, 2024 04:20AM</a> </p> </div> </div> </div> <h1>November 17, 2024</h1> <div class="channel"> <div id="https://www.eyrie.org/~eagle/reviews/books/0-6454658-4-4.html" class="https://www.eyrie.org/~eagle/reviews/books/0-6454658-4-4.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.eyrie.org/~eagle/reviews/books/0-6454658-4-4.html">Review: Dark Deeds</a> </h3> <div class="content"> <p>Review: <cite>Dark Deeds</cite>, by Michelle Diener</p> <table> <tbody><tr> <td>Series:</td> <td>Class 5 #2</td> </tr> <tr> <td>Publisher:</td> <td>Eclipse</td> </tr> <tr> <td>Copyright:</td> <td>January 2016</td> </tr> <tr> <td>ISBN:</td> <td>0-6454658-4-4</td> </tr> <tr> <td>Format:</td> <td>Kindle</td> </tr> <tr> <td>Pages:</td> <td>340</td> </tr></tbody></table> <p> <cite>Dark Deeds</cite> is the second book of the self-published Class 5 science fiction romance series. It is a sequel to <a href="https://www.eyrie.org/~eagle/reviews/books/0-9924559-3-6.html"><cite>Dark Horse</cite></a> and will spoil the plot of that book, but it follows the romance series convention of switching to a new protagonist in the same universe and telling a loosely-connected story. </p> <p> Fiona, like Rose in the previous book, was kidnapped by the Tecran in one of their Class 5 ships, although that's not entirely obvious at the start of the story. The book opens with her working as a slave on a Garmman trading ship while its captain works up the nerve to have her killed. She's spared this fate when the ship is raided by Krik pirates. Some brave fast-talking, and a touch of honor among thieves, lets her survive the raid and be rescued by a pursuing Grih battleship, with a useful electronic gadget as a bonus. </p> <p> The author uses the nickname "Fee" for Fiona throughout this book and it was like nails on a chalkboard every time. I had to complain about that before getting into the review. </p> <p> If you've read <cite>Dark Horse</cite>, you know the formula: lone kidnapped human woman, major violations of the laws against mistreatment of sentient beings that have the Grih furious on her behalf, hunky Grih starship captain who looks like a space elf, all the Grih are fascinated by her musical voice, she makes friends with a secret AI... Diener found a formula that worked well enough that she tried it again, and it would not surprise me if the formula repeated through the series. You should not go into this book expecting to be surprised. </p> <p> That said, the formula <em>did</em> work the first time, and it largely does work again. I thoroughly enjoyed <cite>Dark Horse</cite> and wanted more, and this is more, delivered on cue. There are worse things, particularly if you're a Kindle Unlimited reader (I am not) and are therefore getting new installments for free. The Tecran fascination with kidnapping human women is explained sufficiently in Fiona's case, but I am mildly curious how Diener will keep justifying it through the rest of the series. (Maybe the formula will change, but I doubt it.) </p> <p> To give Diener credit, this is not a straight repeat of the first book. Fiona is similar to Rose but not identical; Rose had an unshakable ethical calm, and Fiona is more of a scrapper. The Grih are not stupid and, given the amount of chaos Rose unleashed in the previous book, treat the sudden appearance of <em>another</em> human woman with a great deal more caution and suspicion. Unfortunately, this also means far less of my favorite plot element of the first book: the Grih being constantly scandalized and furious at behavior the protagonist finds sadly unsurprising. </p> <p> Instead, this book has quite a bit more action. <cite>Dark Horse</cite> was mostly character interactions and tense negotiations, with most of the action saved for the end. <cite>Dark Deeds</cite> replaces a lot of the character work with political plots and infiltrating secret military bases and enemy ships. The AI (named Eazi this time) doesn't show up until well into the book and isn't as much of a presence as Sazo. Instead, there's a lot more of Fiona being drafted into other people's fights, which is entertaining enough while it's happening but which wasn't as delightful or memorable as Rose's story. </p> <p> The writing continues to be serviceable but not great. It's a bit cliched and a bit awkward. </p> <p> Also, Diener uses paragraph breaks for emphasis. </p> <p> It's hard to stop noticing it once you see it. </p> <p> Thankfully, once the story gets going and there's more dialogue, she tones that down, or perhaps I stopped noticing. It's that kind of book (and that kind of series): it's a bit rough to get started, but then there's always something happening, the characters involve a whole lot of wish-fulfillment but are still people I like reading about, and it's the sort of unapologetic "good guys win" type of light science fiction that is just the thing when one simply wants to be entertained. Once I get into the book, it's easy to overlook its shortcomings. </p> <p> I spent <cite>Dark Horse</cite> knowing roughly what would happen but wondering about the details. I spent <cite>Dark Deeds</cite> fairly sure of the details and wondering when they would happen. This wasn't as fun of an experience, but the details were still enjoyable and I don't regret reading it. I am hoping that the next book will be more of a twist, or will have a character more like Rose (or at least a character with a better nickname). Sort of recommended if you liked <cite>Dark Horse</cite> and really want more of the same. </p> <p> Followed by <cite>Dark Minds</cite>, which I have already purchased. </p> <p>Rating: 6 out of 10</p> </div> <p class="date"> <a href="https://www.eyrie.org/~eagle/reviews/books/0-6454658-4-4.html">17 November, 2024 05:55AM</a> </p> </div> </div> </div> <h1>November 14, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="https://reproducible-builds.org/blog/" title="reproducible-builds.org">Reproducible Builds</a> <script type="text/javascript">  </script> </h2> <div id="https://reproducible-builds.org/news/2024/11/14/reproducible-builds-mourns-the-passing-of-lunar/" class="https://reproducible-builds.org/news/2024/11/14/reproducible-builds-mourns-the-passing-of-lunar/"> <div class="entry"> <h3 class="entry-title"> <a href="https://reproducible-builds.org/news/2024/11/14/reproducible-builds-mourns-the-passing-of-lunar/">Reproducible Builds mourns the passing of Lunar</a> </h3> <div class="content"> <p class="lead">The Reproducible Builds community sadly announces it has lost its founding member.</p> <p>Jérémy Bobbio <em>aka</em> ‘Lunar’ passed away on Friday November 8th in palliative care in Rennes, France.</p> <p>Lunar was instrumental in starting the Reproducible Builds project in 2013 as a loose initiative within the <a href="https://debian.org/">Debian</a> project. Many of <a href="https://lists.debian.org/debian-devel-announce/2015/02/msg00007.html">our earliest status reports</a> were written by him and many of our <a href="https://diffoscope.org/">key tools in use today</a> are based on his design.</p> <p>Lunar was a resolute opponent of surveillance and censorship, and he possessed an unwavering energy that fueled his work on Reproducible Builds and <a href="https://torproject.org">Tor</a>. Without Lunar’s far-sightedness, drive and commitment to enabling teams around him, Reproducible Builds and free software security would not be in the position it is in today. His contributions will not be forgotten, and his high standards and drive will continue to serve as an inspiration to us as well as for the other <a href="https://linuxfr.org/news/deces-de-lunar-un-hacktiviste-pedagogue">high-impact projects he was involved in</a>.</p> <p>Lunar’s creativity, insight and kindness were often noted. He will be greatly missed.</p> <p><br /></p> <p><a href="https://lunar.anargeek.net/"><img alt="" src="https://reproducible-builds.org/images/news/2024-11-14-reproducible-builds-mourns-passing-lunar/1.jpg" /></a></p> <p class="small">Other tributes:</p> <ul class="small"> <li><a href="https://lunar.anargeek.net/"><strong>Anargeek.net</strong></a> [FR]</li> <li><a href="https://lwn.net/Articles/997775/">LWN</a></li> <li><a href="https://www.debian.org/News/2024/20241119">Debian</a></li> <li><a href="https://upsilon.cc/~zack/blog/posts/2024/11/In_memory_of_Lunar/">Stefano Zacchiroli</a></li> <li><a href="https://linuxfr.org/news/deces-de-lunar-un-hacktiviste-pedagogue">Linuxfr.org</a> [FR]</li> <li><a href="https://www.softwareheritage.org/2024/11/15/remembering-lunar/">Software Heritage</a></li> <li><a href="https://reproducible-builds.org/docs/history/">A history of the Reproducible Builds project</a></li> </ul> </div> <p class="date"> <a href="https://reproducible-builds.org/news/2024/11/14/reproducible-builds-mourns-the-passing-of-lunar/">14 November, 2024 03:00PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="http://upsilon.cc/~zack/blog/planet-debian/" title="blog/planet-debian">Stefano Zacchiroli</a> <script type="text/javascript">  </script> </h2> <div id="http://upsilon.cc/~zack/blog/posts/2024/11/In_memory_of_Lunar/" class="http://upsilon.cc/~zack/blog/posts/2024/11/In_memory_of_Lunar/"> <div class="entry"> <h3 class="entry-title"> <a href="http://upsilon.cc/~zack/blog/posts/2024/11/In_memory_of_Lunar/">In memory of Lunar</a> </h3> <div class="content"> <h1>In memory of Lunar</h1> <p>I've had the incredible fortune to share the geek path of <a href="https://lunar.anargeek.net/">Lunar</a> through life on multiple occasions. First, in <a href="https://www.debian.org">Debian</a>, beginning some 15+ years ago, where we were fellow developers and participated in many <a href="https://www.debconf.org/">DebConf</a> editions together.</p> <p>Then, on the deontology committee of <a href="https://nos-oignons.net/">Nos Oignons</a>, a non-profit organization initiated by Lunar to operate <a href="https://www.torproject.org/">Tor</a> relays in France. This was with the goal of diversifying relay operators and increasing access to censorship-resistance technology for everyone in the world. It was something truly innovative and unheard of at the time in France.</p> <p>Later, as a member of the steering committee of <a href="https://reproducible-builds.org/">Reproducible Builds</a>, a project that Lunar brought to widespread geek popularity with a seminal <a href="https://penta.debconf.org/dc13_schedule/events/1063.en.html">"Birds of a Feather" session at DebConf13</a> (and then many other talks with fellow members of the project in the years to come). A decade later, Reproducible Builds is having a major impact throughout the software industry, primarily due to growing fears about the security of the software supply chain.</p> <p>Finally, we had the opportunity to recruit Lunar a couple of years ago at <a href="https://www.softwareheritage.org/">Software Heritage</a>, where he insisted on working until he was able to, as part of a team he loved, and that loved him back. In addition to his numerous technical contributions to the initiative, he also facilitated our first ever multi-day team seminar. The event was so successful that it has been confirmed as a long-awaited yearly recurrence by all team members.</p> <p>I fondly remember one of the last conversations I had with Lunar, a few months ago, when he told me how proud he was not only of having started Nos Oignons and contributed to the ignition of Reproducible Builds, but specifically about the fact that both initiatives were now thriving without being dependent on him. He was likely thinking about a future world without him, but also realizing how impactful his activism had been on the past and present world.</p> <p>Lunar changed the world for the better and left behind a trail of love and fond memories.</p> <p>Che la terra ti sia lieve, compagno.</p> <p>--- Zack</p> </div> <p class="date"> <a href="http://upsilon.cc/~zack/blog/posts/2024/11/In_memory_of_Lunar/">14 November, 2024 01:56PM</a> </p> </div> </div> </div> <h1>November 13, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="https://etbe.coker.com.au" title="etbe – Russell Coker">Russell Coker</a> <script type="text/javascript">  </script> </h2> <div id="https://etbe.coker.com.au/2024/11/13/modern-sleep/" class="https://etbe.coker.com.au/2024/11/13/modern-sleep/"> <div class="entry"> <h3 class="entry-title"> <a href="https://etbe.coker.com.au/2024/11/13/modern-sleep/">Modern Sleep</a> </h3> <div class="content"> <p><a href="https://blog.jeujeus.de/blog/hardware/laptops-will-not-sleep-anymore/">Julius wrote an insightful blog post about the “modern sleep” issue with Windows [1]</a>. Basically Microsoft decided that the right way to run laptops is to never entirely sleep, which uses more battery but gives better options for waking up and doing things. I agree with Microsoft in concept and this is something that is a problem that can be solved. A phone can run for 24+ hours without ever fully sleeping, a laptop has a more power hungry CPU and peripherals but also has a much larger battery so it should be able to do the same. Some of the reviews for Snapdragon Windows laptops claim up to 22 hours of actual work without charging! So having suspend not really stop the system should be fine.</p> <p>The ability of a phone to never fully sleep is a change in quality of the usage experience, it means that you can access it and immediately have it respond and it means that all manner of services can be checked for new updates which may require a notification to the user. The XMPP protocol (AKA Jabber) was invented in 1999 which was before laptops were common and Instant Message systems were common long before then. But using Jabber or another IM system on a desktop was a very different experience to using it on a laptop and using it on a phone is different again. The “modern sleep” allows laptops to act like phones in regard to such messaging services. Currently I have Matrix IM clients running on my Android phone and Linux laptop, if I get a notification that takes much typing for a response then I get out my laptop to respond. If I had an ARM based laptop that never fully shut down I would have much less need for Matrix on a phone.</p> <p>Making “modern sleep” popular will lead to more development of OS software to work with it. For Linux this will hopefully mean that regular Linux distributions (as opposed to Android which while running a Linux kernel is very different to Debian etc) get better support for such things and therefore become more usable on phones. Debian on a Librem 5 or PinePhonePro isn’t very usable due to battery life issues.</p> <p>A laptop with an LTE card can be used for full mobile phone functionality. With “modern sleep” this is a viable option. I am tempted to make a laptop with LTE card and bluetooth headset a replacement for my phone. Some people will say “what if someone tries to call you when it’s not convenient to have your laptop with you”, my response is “what if people learn to not expect me to answer the phone at any time as they managed that in the 90s”. Seriously SMS or Matrix me if you want an instant response and if you want a long chat schedule it via SMS or Matrix.</p> <p><a href="https://www.dell.com/community/en/conversations/xps/faq-modern-standby/647fa2d5f4ccf8a8de87e727">Dell has some useful advice about how to use their laptops (and probably most laptops from recent times) in this regard [2]</a>. You can’t close the lid before unplugging the power cable you have to unplug first and then close. You shouldn’t put a laptop in a sealed bag for travel either. This is a terrible situation, you can put a tablet in a bag and don’t need to take any special precautions when unplugging and laptops should work the same. The end result of what Microsoft, Dell, Intel, and others are doing will be good but they are making some silly design choices along the way! I blame Intel mostly for selling laptop CPUs with TDPs >40W!</p> <p>For an amusing take on this <a href="https://www.youtube.com/watch?v=OHKKcd3sx2c">Linus Tech Tips has a video about being forced to use MacBooks by Microsoft’s implementation of Modern Sleep [3]</a>.</p> <p>I’ll try out some ARM laptops in the near future and blog about how well they work on Debian.</p> <ul> <li>[1]<a href="https://blog.jeujeus.de/blog/hardware/laptops-will-not-sleep-anymore/"> https://blog.jeujeus.de/blog/hardware/laptops-will-not-sleep-anymore/</a> </li><li>[2]<a href="https://www.dell.com/community/en/conversations/xps/faq-modern-standby/647fa2d5f4ccf8a8de87e727"> https://tinyurl.com/2b7mxaj7</a></li> <li>[3]<a href="https://www.youtube.com/watch?v=OHKKcd3sx2c"> https://www.youtube.com/watch?v=OHKKcd3sx2c</a></li> </ul> <div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list"> <p>Related posts:</p><ol> <li><a href="https://etbe.coker.com.au/2011/09/09/modern-laptops-suck/" rel="bookmark" title="Modern Laptops Suck">Modern Laptops Suck</a> <small>One of the reasons why I’m moving from a laptop...</small></li> <li><a href="https://etbe.coker.com.au/2012/02/13/cooling-thinkpad/" rel="bookmark" title="Cooling a Thinkpad">Cooling a Thinkpad</a> <small>Late last year I wrote about the way that modern...</small></li> <li><a href="https://etbe.coker.com.au/2007/10/12/cheap-laptops-for-children/" rel="bookmark" title="Cheap Laptops for Children">Cheap Laptops for Children</a> <small>I was recently browsing an electronics store and noticed some...</small></li> </ol> </div> </div> <p class="date"> <a href="https://etbe.coker.com.au/2024/11/13/modern-sleep/">13 November, 2024 10:10AM</a> by etbe </p> </div> </div> </div> <h1>November 12, 2024</h1> <div class="channel"> <a href="https://veronneau.org/"> <img class="face" src="heads/pollo.png" width="65" height="70" alt="hackergotchi for Louis-Philippe Véronneau" /> </a> <h2 class="planet-title"> <a href="https://veronneau.org/" title="Louis-Philippe Véronneau">Louis-Philippe Véronneau</a> <script type="text/javascript">  </script> </h2> <div id="https://veronneau.org/montreals-debian-stuff-november-2024.html" class="https://veronneau.org/montreals-debian-stuff-november-2024.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://veronneau.org/montreals-debian-stuff-november-2024.html">Montreal's Debian & Stuff - November 2024</a> </h3> <div class="content"> <p>Our Debian User Group met on November 2nd after a somewhat longer summer hiatus than normal. It was lovely to see a bunch of people again and to be able to dedicate a whole day to hacking :)</p> <p>Here is what we did:</p> <p><strong>lavamind:</strong></p> <ul> <li>reproduced <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084038"><code>puppetdb</code> FTBFS #1084038</a> and reported the issue upstream</li> <li>uploaded a new upstream version for <code>pgpainless</code> (1.6.8-1)</li> <li>uploaded a new revision for <code>ruby-moneta</code> (1.6.0-3)</li> <li>sent an inquiry to the backports team about <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081696">#1081696</a></li> </ul> <p><strong>pollo:</strong></p> <ul> <li>reviewed & merged many <code>lintian</code> merge requests, clearing out most of the queue</li> <li>uploaded a new <code>lintian</code> release (1.120.0)</li> <li>worked on unblocking the revival of <code>lintian.debian.org</code> (many thanks to anarcat and pkern)</li> <li>apparently (kindly) told people to rtfm at least 4 times :)</li> </ul> <p><strong>anarcat:</strong></p> <ul> <li>figured out he still can't figure out how to do 3D printing and should probably just delegate these prints, currently in his wishlist:<ul> <li><a href="https://www.kv4p.com/">k4vp VHF HT radio case</a> (fits on your phone)</li> <li><a href="https://dl2man.de/">(tr)uSDX HF radio</a> (fits in your hand!)</li> <li><a href="https://www.printables.com/model/548864-framework-expansion-card-holder">framework expansion card holder</a> (fits in my bag!)</li> <li><a href="https://www.thingiverse.com/thing:3064039">Ortlieb QUICK-LOCK1 compatible inserts</a> (fits on my bike?)</li> </ul> </li> <li>fixed an <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1086219">RC bug</a> in <code>python-ulid</code></li> <li>sponsored <code>fuzzel</code> 1.11.1+ds-2 upload, resolving a <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085245">FTBFS on non-x86 arches</a></li> <li>tried to move the <code>sigal</code> packaging forward a little, <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=879239">failing in obscure pybuild land</a></li> </ul> <p><strong>LeLutin:</strong></p> <ul> <li><a href="https://lists.debian.org/debian-ruby/2024/11/msg00000.html">opened an RFS</a> on the ruby team mailing list for the new upstream version of <code>ruby-necromancer</code></li> <li>worked on packaging the new upstream version of <code>ruby-pathspec</code></li> </ul> <p><strong>tvaz:</strong></p> <ul> <li>did AM (Application Manager) work</li> </ul> <p><strong>tassia:</strong></p> <ul> <li>explored the <a href="https://www.debian.org/devel/debian-jr/">Debian Jr. project</a> (website, wiki, mailing list, salsa repositories)</li> <li>played a few games for Nico's entertainment :-)</li> <li>built and tested a Debian Jr. live image</li> </ul> <h2>Pictures</h2> <p>This time around, we went back to <a href="https://foulab.org">Foulab</a>. Thanks for hosting us!</p> <p>As always, the hacklab was full of interesting stuff and I took a few (bad) pictures for this blog post:</p> <p><img alt="Two old video cameras and a 'My First Sony' tape recorder" src="https://veronneau.org/media/blog/2024-11-13/recording_tools.jpg" style="margin-left: 15%;" title="Two old video cameras and a 'My First Sony' tape recorder" width="70%" /> <img alt="An ALP HT-286 machine with a very large 'turbo' button" src="https://veronneau.org/media/blog/2024-11-13/turbo_button.jpg" style="margin-left: 15%;" title="An ALP HT-286 machine with a very large 'turbo' button" width="70%" /> <img alt="A New Hampshire 'IPROUTE' vanity license plate" src="https://veronneau.org/media/blog/2024-11-13/iproute.jpg" style="margin-left: 15%;" title="A New Hampshire 'IPROUTE' vanity license plate" width="70%" /></p> </div> <p class="date"> <a href="https://veronneau.org/montreals-debian-stuff-november-2024.html">12 November, 2024 11:45PM</a> by Louis-Philippe Véronneau </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://notes.pault.ag/"> <img class="face" src="heads/paultag.png" width="65" height="85" alt="hackergotchi for Paul Tagliamonte" /> </a> <h2 class="planet-title"> <a href="https://notes.pault.ag/" title="Paul's Notes">Paul Tagliamonte</a> <script type="text/javascript">  </script> </h2> <div id="https://notes.pault.ag/complex-for-whom/" class="https://notes.pault.ag/complex-for-whom/"> <div class="entry"> <h3 class="entry-title"> <a href="https://notes.pault.ag/complex-for-whom/">Complex for Whom?</a> </h3> <div class="content"> <p>In basically every engineering organization I’ve ever regarded as particularly high functioning, I’ve sat through one specific recurring conversation which is not – a conversation about “complexity”. Things are good or bad because they are or aren’t complex, architectures needs to be redone because it’s too complex – some refactor of whatever it is won’t work because it’s too complex. You may have even been a part of some of these conversations – or even been the one advocating for simple light-weight solutions. I’ve done it. Many times.</p> <aside class="right"> When I was writing this, I had a flash-back to a over-10 year old post by <code>mjg59</code> about <a href="https://mjg59.dreamwidth.org/2414.html">LightDM</a>. It would be a mistake not to link it here. </aside> <p>Rarely, if ever, do we talk about complexity within its rightful context – complexity <strong>for whom</strong>. <u>Is a solution complex because it’s complex for the end user? Is it complex if it’s complex for an API consumer? Is it complex if it’s complex for the person maintaining the API service? Is it complex if it’s complex for someone outside the team maintaining it to understand?</u> Complexity within a problem domain I’ve come to believe, is fairly zero-sum – there’s a fixed amount of complexity in the problem to be solved, and you can choose to either solve it, or leave it for those downstream of you to solve that problem on their own.</p> <aside class="left"> Although I believe there is a fixed amount of complexity in the lower bound of a problem, you always have the option to change the problem you're solving! </aside> <p>That being said, while I believe there is a <em>lower</em> bound in complexity to contend with for a problem, I do not believe there is an <em>upper</em> bound to the complexity of solutions possible. It is always possible, and in fact, very likely that teams create problems for themselves while trying to solve a problem. The rest of this post is talking to the lower bound. When getting feedback on an early draft of this blog post, I’ve been informed that Fred Brooks coined a term for what I call “lower bound complexity” – “Essential Complexity”, in the paper “<a href="https://www.cs.unc.edu/techreports/86-020.pdf">No Silver Bullet—Essence and Accident in Software Engineering</a>”, which is a better term and can be used interchangeably.</p> <h1 id="complexity-culture">Complexity Culture</h1> <p>In a large enough organization, where the team is high functioning enough to have and maintain trust amongst peers, members of the team will specialize. People will begin to engage with subsets of the work to be done, and begin to have their efficacy measured against that part of the organization’s problems. Incentives shift, and over time it becomes increasingly likely that two engineers may have two very different priorities when working on the same system together. Someone accountable for uptime and tasked with responding to outages will begin to resist changes. Someone accountable for rapidly delivering features will resist gates between them and their users. Companies (either wittingly or unwittingly) will deal with this by tasking engineers with both production (feature development) and operational tasks (maintenance), so the difference in incentives isn’t usually as bad as it <em>could</em> be.</p> <aside class="left"> The events depicted in this movie are fictitious. Any similarity to any person living or dead is merely coincidental. </aside> <p>When we get a bunch of folks from far-flung corners of an organization in a room, fire up a slide deck and throw up some aspirational to-be architecture diagram in order to get a sign-off to solve some problem (be it someone needs a credible promotion packet, new feature needs to get delivered, or the system has begun to fail and needs fixing), the initial reaction will, more often than I’d like, start to devolve into a discussion of how this is going to introduce a bunch of complexity, going to be hard to maintain, why can’t you make it <em>less complex</em>?</p> <aside class="right"> In a high functioning environment, this is a mostly healthy impulse, coming from a good place, and genuinely intended to prevent problems for the whole organization by reducing non-essental complexity. That is good. I'm talking about a conversation discussing removing lower-limit complexity. </aside> <p>Right around here is when I start to try and contextualize the conversation happening around me – understand what complexity is that being discussed, and understand who is taking on that burden. Think about who <em>should</em> be owning that problem, and work through the tradeoffs involved. Is it best solved here, or left to consumers (be them other systems, developers, or users). Should something become an API call’s optional param, taking on all the edge-cases and on, or should users have to implement the logic using the data you return (leaving everyone else to take on all the edge-cases and maintenance)? Should you process the data, or require the user to preprocess it for you?</p> <aside class="left"> <a href="https://layeraleph.com/">Carla Geisser</a> described this as being reminicent of the technique outlined in "<a href="https://web.mit.edu/saltzer/www/publications/endtoend/endtoend.pdf">end to end arguments in system design</a>", which she uses to think about where complexity winds up in a system. It's an extremely good parallel. </aside> <p>Frequently it’s right to make an active and explicit decision to simplify and leave problems to be solved downstream, since they may not actually need to be solved – or perhaps you expect consumers will want to own the specifics of <em>how</em> the problem is solved, in which case you leave lots of documentation and examples. Many other times, especially when it’s something downstream consumers are likely to hit, it’s best solved internal to the system, since the only thing that can come of leaving it unsolved are bugs, frustration and half-correct solutions. This is a grey-space of tradeoffs, not a clear decision tree. No one wants the software manifestation of a katamari ball or a junk drawer, nor does anyone want a half-baked service unable to handle the simplest use-case.</p> <h1 id="head-in-sand-as-a-service">Head-in-sand as a Service</h1> <p>Popoffs about how complex something is, are, to a first approximation, best understood as meaning “complicated for the person making comments”. A lot of the <code>#thoughtleadership</code> believe that an AWS hosted EKS <code>k8s</code> cluster running images built by CI talking to an AWS hosted PostgreSQL RDS is not complex. They’re right. Mostly right. This is less complex – less complex <em>for them</em>. It’s not, however, without complexity and its own tradeoffs – it’s just complexity that <strong>they do not have to deal with</strong>. Now they don’t have to maintain machines that have pesky operating systems or hard drive failures. They don’t have to deal with updating the version of <code>k8s</code>, nor ensuring the backups work. No one has to push some artifact to prod manually. Deployments happen unattended. You click a button and get a cluster.</p> <p>On the other hand, developers outside the ops function need to deal with troubleshooting CI, debugging access control rules encoded in turing complete YAML, permissions issues inside the cluster due to whatever the fuck a service mesh is, everyone needs to learn how to use some <code>k8s</code> tools they only actually use during a bad day, likely while doing some <code>x.509</code> troubleshooting to connect to the cluster (an internal only endpoint; just port forward it) – not to mention all sorts of rules to route packets to their project (a single repo’s binary being run in 3 containers on a single vm host).</p> <aside class="right"> Truly i'm not picking on k8s here; I do genuinely believe it when I say EKS is less complex for me to operate well; that's kinda the whole point. </aside> <p>Beyond that, there’s the invisible complexity – complexity on the interior of a service you depend on. I think about the dozens of teams maintaining the EKS service (which is either run on EC2 instances, or alternately, EC2 instances in a trench coat, moustache and even more shell scripts), the RDS service (also EC2 and shell scripts, but this time accounting for redundancy, backups, availability zones), scores of hypervisors pulled off the shelf (<code>xen</code>, <code>kvm</code>) smashed together with the ones built in-house (<code>firecracker</code>, <code>nitro</code>, etc) running on hardware that has to be refreshed and maintained continuously. Every request processed by network ACL rules, AWS IAM rules, security group rules, using IP space announced to the internet wired through IXPs directly into ISPs. I don’t even want to begin to think about the complexity inherent in how those switches are designed. <em>Shitloads</em> of complexity to solve problems you may or may not have, or even know you had.</p> <aside class="left"> Do I care about invisible complexity? Generally, no. I don't. It's not my problem and they don't show up to my meetings. </aside> <p><strong>What’s more complex? An app running in an in-house 4u server racked in the office’s telco closet in the back running off the office Verizon line, or an app running four hypervisors deep in an AWS datacenter? Which is more complex <em>to you</em>? What about <em>to your organization</em>? <em>In total</em>? Which is more prone to failure? Which is more secure? Is the complexity good or bad? What type of Complexity can you manage effectively? Which threaten the system? Which threaten your users?</strong></p> <h1 id="complexivibes">COMPLEXIVIBES</h1> <p>This extends beyond Engineering. Decisions regarding “what tools are we able to use” – be them existing contracts with cloud providers, CIO mandated SaaS products, a list of the only permissible open source projects – will incur costs in terms of expressed “complexity”. Pinning open source projects to a fixed set makes SBOM production “less complex”. Using only one SaaS provider’s product suite (even if its terrible, because it has all the types of tools you need) makes accreditation “less complex”. If all you have is a contract with <em>Pauly T’s lowest price technically acceptable artisinal cloudary and haberdashery</em>, the way you pay for your compute is “less complex” for the CIO shop, though you will find yourself building your own hosted database template, mechanism to spin up a k8s cluster, and all the operational and technical burden that comes with it. Or you won’t and make it everyone else’s problem in the organization. Nothing you can do will solve for the fact that you <em>must</em> now deal with this problem <em>somewhere</em> because it was less complicated for the business to put the workloads on the existing contract with a cut-rate vendor.</p> <p>Suddenly, the decision to “reduce complexity” because of an existing contract vehicle has resulted in a huge amount of technical risk and maintenance burden being onboarded. Complexity you would otherwise externalize has now been taken on internally. With a large enough organizations (specifically, in this case, i’m talking about you, bureaucracies), this is largely ignored or accepted as normal since the personnel cost is understood to be free to everyone involved. Doing it this way is more expensive, more work, less reliable and less maintainable, and yet, somehow, is, in a lot of ways, “less complex” to the organization. It’s particularly bad with bureaucracies, since screwing up a contract will get you into much more trouble than delivering a broken product, leaving basically no reason for anyone to care to fix this.</p> <p>I can’t shake the feeling that for every story of <a href="https://mjw.wtf/weaver-a-tale-of-technical-policy.html">technical mandates gone awry</a>, somewhere just out of sight there’s a decisionmaker optimizing for what they believe to be the least amount of complexity – least hassle, fewest unique cases, most consistency – as they can. They freely offload complexity from their accreditation and risk acceptance functions through mandates. They will never have to deal with it. That does not change the fact that <em>someone does</em>.</p> <h1 id="tcdr-too-complex-didnt-review">TC;DR (TOO COMPLEX; DIDN’T REVIEW)</h1> <p>We wish to rid ourselves of systemic Complexity – after all, complexity is bad, simplicity is good. Removing upper-bound own-goal complexity (“accidental complexity” in Brooks’s terms) is important, but once you hit the lower bound complexity, the tradeoffs become zero-sum. Removing complexity from one part of the system means that somewhere else – maybe outside your organization or in a non-engineering function must grow it back. Sometimes, the opposite is the case, such as when a previously manual business processes is automated. Maybe that’s a good idea. Maybe it’s not. All I know is that what doesn’t help the situation is conflating complexity with everything we don’t like – legacy code, maintenance burden or toil, cost, delivery velocity.</p> <ul> <li><strong>Complexity is not the same as proclivity to failure.</strong> The most reliable systems I’ve interacted with are unimaginably complex, with layers of internal protection to prevent complete failure. This has its own set of costs which other people <a href="https://how.complexsystems.fail/">have written about extensively</a>.</li> <li><strong>Complexity is not cost.</strong> Sometimes the cost of taking all the complexity in-house is less, for whatever value of cost you choose to use.</li> <li><strong>Complexity is not absolute.</strong> Something simple from one perspective may be wildly complex from another. The impulse to burn down complex sections of code is helpful to have generally, but <a href="https://en.wiktionary.org/wiki/Chesterton%27s_fence">sometimes things are complicated for a reason</a>, even if that reason exists outside your codebase or organization.</li> <li><strong>Complexity is not something you can remove without introducing complexity elsewhere.</strong> Just as not making a decision is a decision itself; choosing to require someone else to deal with a problem rather than dealing with it internally is a choice that needs to be considered in its full context.</li> </ul> <aside class="left"> After reviewing an early draft of this post, <a href="https://layeraleph.com/">Mikey Dickerson</a> described what I was trying to say here back to me as "if you squeeze one part of the water balloon it goes somewhere else", which is a metaphor I've become attached to. </aside> <aside class="right"> Mikey also described these asides as being a Dr. Bronner's label, which I'll own. </aside> <p>Next time you’re sitting through a discussion and someone starts to talk about all the complexity about to be introduced, I want to pop up in the back of your head, politely asking <em>what does complex mean in this context</em>? Is it lower bound complexity? Is this complexity desirable? Is what they’re saying mean something along the lines of I don’t understand the problems being solved, or does it mean something along the lines of this problem <em>should</em> be solved elsewhere? Do they believe this will result in more work for them in a way that you don’t see? Should this not solved at all by changing the bounds of what we should accept or redefine the understood limits of this system? Is the perceived complexity a result of a decision elsewhere? Who’s taking this complexity on, or more to the point, is failing to address complexity required by the problem leaving it to others? Does it impact others? How specifically? What are you not seeing?</p> <p>What <em>can</em> change?</p> <p><em>What should change</em>?</p> </div> <p class="date"> <a href="https://notes.pault.ag/complex-for-whom/">12 November, 2024 08:21PM</a> </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="http://sven.stormbind.net/blog/" title="a blog">Sven Hoexter</a> <script type="text/javascript">  </script> </h2> <div id="http://sven.stormbind.net/blog/posts/fluxcd_validate_flux-system_ks/" class="http://sven.stormbind.net/blog/posts/fluxcd_validate_flux-system_ks/"> <div class="entry"> <h3 class="entry-title"> <a href="http://sven.stormbind.net/blog/posts/fluxcd_validate_flux-system_ks/">fluxcd: Validate flux-system Root Kustomization</a> </h3> <div class="content"> <p>Not entirely sure how people use <a href="https://fluxcd.io/">fluxcd</a>, but I guess most people have something like a <code>flux-system</code> flux kustomization as the root to add more flux kustomizations to their kubernetes cluster. Here all of that is living in a monorepo, and as we're all humans people figure out different ways to break it, which brings the reconciliation of the flux controllers down. Thus we set out to do some pre-flight validations.</p> <p>Note1: We do not use flux variable substitutions for those root kustomizations, so if you use those, you've to put additional work into the validation and pipe things through <code>flux envsubst</code>.</p> <h1>First Iteration: Just Run kustomize Like Flux Would Do It</h1> <p>With a folder structure where we've a <code>cluster</code> folder with subfolders per cluster, we just run a for loop over all of them:</p> <pre><code>for CLUSTER in ${CLUSTERS}; do pushd clusters/${CLUSTER} # validate if we can create and build a flux-system like kustomization file kustomize create --autodetect --recursive if ! kustomize build . -o /dev/null 2> error.log; then echo "Error building flux-system kustomization for cluster ${CLUSTER}" cat error.log fi popd done </code></pre> <h1>Second Iteration: Make Sure Our Workload Subfolder Have a kustomization.yaml</h1> <p>Next someone figured out that you can delete some yaml files from a workload subfolder, including the <code>kustomization.yaml</code>, but not all of them. That left around a resource definition which lacks some other referenced objects, but is still happily included into the root kustomization by <code>kustomize create</code> and flux, which of course did not work.</p> <p>Thus we started to catch that as well in our growing for loop:</p> <pre><code>for CLUSTER in ${CLUSTERS}; do pushd clusters/${CLUSTER} # validate if we can create and build a flux-system like kustomization file kustomize create --autodetect --recursive if ! kustomize build . -o /dev/null 2> error.log; then echo "Error building flux-system kustomization for cluster ${CLUSTER}" cat error.log fi # validate if we always have a kustomization file in folders with yaml files for CLFOLDER in $(find . -type d); do test -f ${CLFOLDER}/kustomization.yaml && continue test -f ${CLFOLDER}/kustomization.yml && continue if [[ $(find ${CLFOLDER} -maxdepth 1 $ -name '*.yaml' -o -name '*.yml' $ -type f|wc -l) != 0 ]]; then echo "Error Cluster ${CLUSTER} folder ${CLFOLDER} lacks a kustomization.yaml" fi done popd done </code></pre> <p>Note2: I shortened those snippets to the core parts. In our case some things are a bit specific to how we implemented the execution of those checks in GitHub action workflows. Hope that's enough to transport the idea of what to check for.</p> </div> <p class="date"> <a href="http://sven.stormbind.net/blog/posts/fluxcd_validate_flux-system_ks/">12 November, 2024 02:19PM</a> </p> </div> </div> </div> <div class="channel"> <a href="https://blog.james.rcpt.to"> <img class="face" src="heads/jeb.png" width="120" height="120" alt="hackergotchi for James Bromberger" /> </a> <h2 class="planet-title"> <a href="https://blog.james.rcpt.to" title="Linux – JEB's Blog">James Bromberger</a> <script type="text/javascript">  </script> </h2> <div id="https://blog.james.rcpt.to/2024/11/12/my-own-little-server/" class="https://blog.james.rcpt.to/2024/11/12/my-own-little-server/"> <div class="entry"> <h3 class="entry-title"> <a href="https://blog.james.rcpt.to/2024/11/12/my-own-little-server/">My own little server</a> </h3> <div class="content"> In 2004, I was living in London, and decided it was time I had my own little virtual private server somewhere online. As a Debian developer since the start of 2000, it had to be Debian, and it still is… This was before “cloud” as we know it today. Virtual Private Servers (VPS) was a … <a class="more-link" href="https://blog.james.rcpt.to/2024/11/12/my-own-little-server/">Continue reading<span class="screen-reader-text"> "My own little server"</span></a> </div> <p class="date"> <a href="https://blog.james.rcpt.to/2024/11/12/my-own-little-server/">12 November, 2024 12:34PM</a> by james </p> </div> </div> </div> <div class="channel"> <a href="https://www.freexian.com/tags/planet-debian/"> <img class="face" src="heads/freexian.png" width="215" height="101" alt="hackergotchi for Freexian Collaborators" /> </a> <h2 class="planet-title"> <a href="https://www.freexian.com/tags/planet-debian/" title="planet-debian on Freexian">Freexian Collaborators</a> <script type="text/javascript">  </script> </h2> <div id="https://www.freexian.com/blog/debian-lts-report-2024-10/" class="https://www.freexian.com/blog/debian-lts-report-2024-10/"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.freexian.com/blog/debian-lts-report-2024-10/">Monthly report about Debian Long Term Support, October 2024 (by Roberto C. Sánchez)</a> </h3> <div class="content"> <img src="https://www.freexian.com/images/debian-lts-logo.png" style="float: right;" /> <p>Like each month, have a look at the work funded by <a href="https://www.freexian.com/lts/debian/">Freexian’s Debian LTS offering</a>.</p> <h3 id="debian-lts-contributors">Debian LTS contributors</h3> <p>In October, 20 contributors have been paid to work on <a href="https://wiki.debian.org/LTS">Debian LTS</a>, their reports are available:</p> <ul> <li><a href="https://people.debian.org/~abhijith/reports/LTS_ELTS-October-2024.txt">Abhijith PA</a> did 6.0h (out of 7.0h assigned and 7.0h from previous period), thus carrying over 8.0h to the next month.</li> <li><a href="https://lists.debian.org/debian-lts/2024/11/msg00016.html">Adrian Bunk</a> did 15.0h (out of 87.0h assigned and 13.0h from previous period), thus carrying over 85.0h to the next month.</li> <li><a href="https://lists.debian.org/debian-lts/2024/10/msg00062.html">Arturo Borrero Gonzalez</a> did 10.0h (out of 10.0h assigned).</li> <li><a href="https://lists.debian.org/debian-lts/2024/10/msg00065.html">Bastien Roucariès</a> did 20.0h (out of 20.0h assigned).</li> <li>Ben Hutchings did 4.0h (out of 0.0h assigned and 4.0h from previous period).</li> <li><a href="https://chris-lamb.co.uk/posts/free-software-activities-in-october-2024#debian-lts">Chris Lamb</a> did 18.0h (out of 18.0h assigned).</li> <li><a href="https://lists.debian.org/debian-lts/2024/11/msg00000.html">Daniel Leidert</a> did 29.0h (out of 26.0h assigned and 3.0h from previous period).</li> <li><a href="https://people.debian.org/~pochu/lts/reports/2024-10.txt">Emilio Pozuelo Monfort</a> did 60.0h (out of 23.5h assigned and 36.5h from previous period).</li> <li><a href="https://lists.debian.org/msgid-search/?m=ALksYLxcsYCGqp2G@debian.org">Guilhem Moulin</a> did 7.5h (out of 19.75h assigned and 0.25h from previous period), thus carrying over 12.5h to the next month.</li> <li><a href="https://lists.debian.org/debian-lts/2024/11/msg00015.html">Lee Garrett</a> did 15.25h (out of 0.0h assigned and 60.0h from previous period), thus carrying over 44.75h to the next month.</li> <li><a href="https://people.debian.org/~kanashiro/debian/lts/reports/2024-10.txt">Lucas Kanashiro</a> did 10.0h (out of 10.0h assigned and 10.0h from previous period), thus carrying over 10.0h to the next month.</li> <li>Markus Koschany did 40.0h (out of 40.0h assigned).</li> <li><a href="https://inguza.com/report/debian-long-term-support-work-2024-october">Ola Lundqvist</a> did 14.5h (out of 6.5h assigned and 17.5h from previous period), thus carrying over 9.5h to the next month.</li> <li><a href="https://people.debian.org/~roberto/lts_elts_reports/2024-10.txt">Roberto C. Sánchez</a> did 9.75h (out of 24.0h assigned), thus carrying over 14.25h to the next month.</li> <li><a href="https://people.debian.org/~santiago/lts-elts-reports/report-2024-10.txt">Santiago Ruano Rincón</a> did 23.5h (out of 25.0h assigned), thus carrying over 1.5h to the next month.</li> <li><a href="https://lists.debian.org/debian-lts/2024/10/msg00059.html">Sean Whitton</a> did 6.25h (out of 1.0h assigned and 5.25h from previous period).</li> <li><a href="https://stefanorivera.com/posts/2024/11/01/lts-elts-report-for-october-2024/">Stefano Rivera</a> did 1.0h (out of 0.0h assigned and 10.0h from previous period), thus carrying over 9.0h to the next month.</li> <li><a href="https://lists.debian.org/debian-lts/2024/11/msg00002.html">Sylvain Beucler</a> did 9.5h (out of 16.0h assigned and 44.0h from previous period), thus carrying over 50.5h to the next month.</li> <li><a href="http://blog.alteholz.eu/2024/11/my-debian-activities-in-october-2024/">Thorsten Alteholz</a> did 11.0h (out of 11.0h assigned).</li> <li><a href="https://lists.debian.org/debian-lts/2024/11/msg00005.html">Tobias Frost</a> did 10.5h (out of 12.0h assigned), thus carrying over 1.5h to the next month.</li> </ul> <h3 id="evolution-of-the-situation">Evolution of the situation</h3> <p>In October, we have released <a href="https://lists.debian.org/debian-lts-announce/2024/10/threads.html">35 DLAs</a>.</p> <p>Some notable updates prepared in October include denial of service vulnerability fixes in <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00028.html">nss</a>, regression fixes in <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00013.html">apache2</a>, multiple fixes in <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00011.html">php7.4</a>, and new upstream releases of <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00034.html">firefox-esr</a>, <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00018.html">openjdk-17</a>, and <a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00020.html">opendk-11</a>.</p> <p>Additional contributions were made for the stable Debian 12 bookworm release by several LTS contributors. Arturo Borrero Gonzalez prepared a parallel update of nss, Bastien Roucariès prepared a parallel update of apache2, and Santiago Ruano Rincón prepared updates of activemq for both LTS and Debian stable.</p> <p>LTS contributor Bastien Roucariès undertook a code audit of the cacti package and in the process discovered three new issues in node-dompurity, which were reported upstream and resulted in the assignment of three new CVEs.</p> <p>As always, the LTS team continues to work towards improving the overall sustainability of the free software base upon which Debian LTS is built. We thank our many committed sponsors for their ongoing support.</p> <h3 id="thanks-to-our-sponsors">Thanks to our sponsors</h3> <p>Sponsors that joined recently are in bold.</p> <ul> <li>Platinum sponsors: <ul> <li><a href="https://www.global.toshiba/ww/top.html">Toshiba Corporation</a> (for 109 months)</li> <li><a href="https://cip-project.org">Civil Infrastructure Platform (CIP)</a> (for 77 months)</li> <li><a href="https://vyos.io">VyOS Inc</a> (for 41 months)</li> </ul> </li> <li>Gold sponsors: <ul> <li><a href="https://www.roche.com/about/business/diagnostics.htm">Roche Diagnostics International AG</a> (for 119 months)</li> <li><a href="https://www.akamai.com/">Akamai - Linode</a> (for 113 months)</li> <li><a href="http://www.babiel.com">Babiel GmbH</a> (for 103 months)</li> <li><a href="https://www.plathome.com">Plat’Home</a> (for 102 months)</li> <li><a href="https://www.cineca.it">CINECA</a> (for 77 months)</li> <li><a href="http://www.ox.ac.uk">University of Oxford</a> (for 59 months)</li> <li><a href="https://deveryware.com">Deveryware</a> (for 46 months)</li> <li><a href="https://www.edf.fr">EDF SA</a> (for 31 months)</li> <li><a href="https://www.dataport.de">Dataport AöR</a> (for 6 months)</li> <li><a href="https://home.cern/">CERN</a> (for 4 months)</li> </ul> </li> <li>Silver sponsors: <ul> <li><a href="http://www.domainnameshop.com">Domeneshop AS</a> (for 124 months)</li> <li><a href="http://www.nantesmetropole.fr/">Nantes Métropole</a> (for 118 months)</li> <li><a href="http://www.univention.de">Univention GmbH</a> (for 110 months)</li> <li><a href="http://portail.univ-st-etienne.fr/">Université Jean Monnet de St Etienne</a> (for 110 months)</li> <li><a href="https://ribboncommunications.com/">Ribbon Communications, Inc.</a> (for 104 months)</li> <li><a href="https://www.exonet.nl">Exonet B.V.</a> (for 94 months)</li> <li><a href="https://www.lrz.de">Leibniz Rechenzentrum</a> (for 88 months)</li> <li><a href="https://www.diplomatie.gouv.fr">Ministère de l’Europe et des Affaires Étrangères</a> (for 72 months)</li> <li><a href="https://www.cloudways.com">Cloudways by DigitalOcean</a> (for 61 months)</li> <li><a href="https://dinahosting.com">Dinahosting SL</a> (for 59 months)</li> <li><a href="https://www.bauermedia.com">Bauer Xcel Media Deutschland KG</a> (for 53 months)</li> <li><a href="https://platform.sh">Platform.sh SAS</a> (for 53 months)</li> <li><a href="https://www.moxa.com">Moxa Inc.</a> (for 47 months)</li> <li><a href="https://sipgate.de">sipgate GmbH</a> (for 45 months)</li> <li><a href="https://ovhcloud.com">OVH US LLC</a> (for 43 months)</li> <li><a href="https://www.tilburguniversity.edu/">Tilburg University</a> (for 43 months)</li> <li><a href="https://www.gsi.de">GSI Helmholtzzentrum für Schwerionenforschung GmbH</a> (for 34 months)</li> <li><a href="https://www.soliton.co.jp">Soliton Systems K.K.</a> (for 31 months)</li> <li><a href="https://www.cesky-hosting.cz/">THINline s.r.o.</a> (for 7 months)</li> <li><strong><a href="https://www.cph.dk">Copenhagen Airports A/S</a></strong></li> </ul> </li> <li>Bronze sponsors: <ul> <li><a href="http://www.evolix.fr">Evolix</a> (for 124 months)</li> <li><a href="http://www.seznam.cz">Seznam.cz, a.s.</a> (for 124 months)</li> <li><a href="http://intevation.de">Intevation GmbH</a> (for 121 months)</li> <li><a href="http://linuxhotel.de">Linuxhotel GmbH</a> (for 121 months)</li> <li><a href="https://waays.fr">Daevel SARL</a> (for 120 months)</li> <li><a href="http://bitfolk.com">Bitfolk LTD</a> (for 119 months)</li> <li><a href="http://www.megaspace.de">Megaspace Internet Services GmbH</a> (for 119 months)</li> <li><a href="http://www.greenbone.net">Greenbone AG</a> (for 118 months)</li> <li><a href="http://numlog.fr">NUMLOG</a> (for 118 months)</li> <li><a href="http://www.wingo.ch/">WinGo AG</a> (for 117 months)</li> <li><a href="https://www.entrouvert.com/">Entr’ouvert</a> (for 108 months)</li> <li><a href="https://adfinis.com">Adfinis AG</a> (for 106 months)</li> <li><a href="https://www.tesorion.nl/">Tesorion</a> (for 101 months)</li> <li><a href="http://www.allogarage.fr">GNI MEDIA</a> (for 100 months)</li> <li><a href="http://www.legi.grenoble-inp.fr">Laboratoire LEGI - UMR 5519 / CNRS</a> (for 100 months)</li> <li><a href="http://bearstech.com">Bearstech</a> (for 92 months)</li> <li><a href="http://lihas.de">LiHAS</a> (for 92 months)</li> <li><a href="http://www.catalyst.net.nz">Catalyst IT Ltd</a> (for 87 months)</li> <li><a href="http://www.supagro.fr">Supagro</a> (for 82 months)</li> <li><a href="https://demarcq.net">Demarcq SAS</a> (for 81 months)</li> <li><a href="https://www.univ-grenoble-alpes.fr">Université Grenoble Alpes</a> (for 67 months)</li> <li><a href="https://www.touchweb.fr">TouchWeb SAS</a> (for 59 months)</li> <li><a href="https://www.spin-ag.de">SPiN AG</a> (for 56 months)</li> <li><a href="https://www.corefiling.com">CoreFiling</a> (for 52 months)</li> <li><a href="http://www.isc.cnrs.fr">Institut des sciences cognitives Marc Jeannerod</a> (for 47 months)</li> <li><a href="https://www.osug.fr/">Observatoire des Sciences de l’Univers de Grenoble</a> (for 43 months)</li> <li><a href="https://www.werfen.com">Tem Innovations GmbH</a> (for 38 months)</li> <li><a href="https://wordfinder.pro">WordFinder.pro</a> (for 37 months)</li> <li><a href="https://www.resif.fr">CNRS DT INSU Résif</a> (for 36 months)</li> <li><a href="https://www.alterway.fr">Alter Way</a> (for 29 months)</li> <li><a href="https://math.univ-lyon1.fr">Institut Camille Jordan</a> (for 19 months)</li> <li><a href="http://www.sobis.com/">SOBIS Software GmbH</a> (for 4 months)</li> </ul> </li> </ul> </div> <p class="date"> <a href="https://www.freexian.com/blog/debian-lts-report-2024-10/">12 November, 2024 12:00AM</a> by Roberto C. Sánchez </p> </div> </div> </div> <h1>November 11, 2024</h1> <div class="channel"> <a href="http://dirk.eddelbuettel.com/blog"> <img class="face" src="heads/dirk.png" width="65" height="90" alt="hackergotchi for Dirk Eddelbuettel" /> </a> <h2 class="planet-title"> <a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <script type="text/javascript">  </script> </h2> <div id="http://dirk.eddelbuettel.com/blog/2024/11/11#rcppspdlog_0.0.19" class="http://dirk.eddelbuettel.com/blog/2024/11/11#rcppspdlog_0.0.19"> <div class="entry"> <h3 class="entry-title"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/11#rcppspdlog_0.0.19">RcppSpdlog 0.0.19 on CRAN: New Upstream, New Features</a> </h3> <div class="content"> <p>Version 0.0.19 of <a href="https://github.com/eddelbuettel/rcppspdlog">RcppSpdlog</a> arrived on <a href="https://cran.r-project.org">CRAN</a> early this morning and has been uploaded to Debian. <a href="https://dirk.eddelbuettel.com/code/rcpp.spdlog.html">RcppSpdlog</a> bundles <a href="https://github.com/gabime/spdlog">spdlog</a>, a wonderful header-only C++ logging library with all the bells and whistles you would want that was written by <a href="https://github.com/gabime">Gabi Melman</a>, and also includes <a href="https://github.com/fmtlib/fmt">fmt</a> by <a href="https://github.com/vitaut">Victor Zverovich</a>. You can learn more at the nice <a href="https://eddelbuettel.github.io/rcppspdlog/">package documention</a> site.</p> <p>This releases updates the code to the version 1.15.0 of <a href="https://github.com/gabime/spdlog">spdlog</a> which was released on Saturday, and contains <a href="https://github.com/fmtlib/fmt">fmt</a> 11.0.2. It also contains a contributed PR which allows use <code>std::format</code> under C++20, bypassing <code>fmt</code> (with some post-merge polish too), and another PR correcting a documentation double-entry.</p> <p>The NEWS entry for this release follows.</p> <blockquote> <h4 id="changes-in-rcppspdlog-version-0.0.19-2024-11-10">Changes in RcppSpdlog version 0.0.19 (2024-11-10)</h4> <ul> <li><p>Support use of <code>std::format</code> under C++20 via opt-in define instead of <code>fmt</code> (Xanthos Xanthopoulos in <a href="https://github.com/eddelbuettel/rcppspdlog/pull/19">#19</a>)</p></li> <li><p>An erroneous duplicate log=level documentation level was removed (Contantinos Giachalis in <a href="https://github.com/eddelbuettel/rcppspdlog/pull/20">#20</a>)</p></li> <li><p>Upgraded to upstream release spdlog 1.15.0 (Dirk in <a href="https://github.com/eddelbuettel/rcppspdlog/pull/21">#21</a>)</p></li> <li><p>Partially revert / simplify <code>src/formatter.cpp</code> accomodating both <a href="https://github.com/eddelbuettel/rcppspdlog/pull/19">#19</a> and previous state (Dirk in <a href="https://github.com/eddelbuettel/rcppspdlog/pull/21">#21</a>)</p></li> </ul> </blockquote> <p>Courtesy of my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, there is also a <a href="https://dirk.eddelbuettel.com/cranberries/2024/11/11/#RcppSpdlog_0.0.19">diffstat report</a>. More detailed information is on the <a href="https://dirk.eddelbuettel.com/code/rcpp.spdlog.html">RcppSpdlog page</a>, or the <a href="https://eddelbuettel.github.io/rcppspdlog/">package documention site</a>. If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at GitHub</a>.</p> <p style="font-size: 80%; font-style: italic;"> This post by <a href="https://dirk.eddelbuettel.com">Dirk Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a> blog. Please report excessive re-aggregation in third-party for-profit settings. </p><p></p> </div> <p class="date"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/11#rcppspdlog_0.0.19">11 November, 2024 05:47PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://gwolf.org"> <img class="face" src="heads/gwolf.png" width="69" height="83" alt="hackergotchi for Gunnar Wolf" /> </a> <h2 class="planet-title"> <a href="https://gwolf.org" title="Gunnar Wolf - Nice grey life">Gunnar Wolf</a> <script type="text/javascript">  </script> </h2> <div id="https://gwolf.org/2024/11/why-academics-under-share-research-data-a-social-relational-theory.html" class="https://gwolf.org/2024/11/why-academics-under-share-research-data-a-social-relational-theory.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://gwolf.org/2024/11/why-academics-under-share-research-data-a-social-relational-theory.html">Why academics under-share research data - A social relational theory</a> </h3> <div class="content"> <blockquote> This post is a review for <a href="https://www.computingreviews.com/">Computing Reviews</a> for <em><a href="https://asistdl.onlinelibrary.wiley.com/doi/10.1002/asi.24938">Why academics under-share research data - A social relational theory</a></em> , a article published in <em><a href="https://www.computingreviews.com/review/review_review.cfm?review_id=147839&listname=todaysissuearticle">Journal of the Association for Information Science and Technology</a></em> </blockquote> <p>As an academic, I have cheered for and welcomed the open access (OA) mandates that, slowly but steadily, have been accepted in one way or another throughout academia. It is now often accepted that public funds means public research. Many of our universities or funding bodies will demand that, with varying intensities–sometimes they demand research to be published in an OA venue, sometimes a mandate will only “prefer” it. Lately, some journals and funder bodies have expanded this mandate toward open science, requiring not only research outputs (that is, articles and books) to be published openly but for the data backing the results to be made public as well. As a person who has been involved with free software promotion since the mid 1990s, it was natural for me to join the OA movement and to celebrate when various universities adopt such mandates.</p> <p>Now, what happens after a university or funder body adopts such a mandate? Many individual academics cheer, as it is the “right thing to do.” However, the authors observe that this is not really followed thoroughly by academics. What can be observed, rather, is the slow pace or “feet dragging” of academics when they are compelled to comply with OA mandates, or even an outright refusal to do so. If OA and open science are close to the ethos of academia, why aren’t more academics enthusiastically sharing the data used for their research? This paper finds a subversive practice embodied in the refusal to comply with such mandates, and explores an hypothesis based on Karl Marx’s productive worker theory and Pierre Bourdieu’s ideas of symbolic capital.</p> <p>The paper explains that academics, as productive workers, become targets for exploitation: given that it’s not only the academics’ sharing ethos, but private industry’s push for data collection and industry-aligned research, they adapt to technological changes and jump through all kinds of hurdles to create more products, in a result that can be understood as a neoliberal productivity measurement strategy. Neoliberalism assumes that mechanisms that produce more profit for academic institutions will result in better research; it also leads to the disempowerment of academics as a class, although they are rewarded as individuals due to the specific value they produce.</p> <p>The authors continue by explaining how open science mandates seem to ignore the historical ways of collaboration in different scientific fields, and exploring different angles of how and why data can be seen as “under-shared,” failing to comply with different aspects of said mandates. This paper, built on the social sciences tradition, is clearly a controversial work that can spark interesting discussions. While it does not specifically touch on computing, it is relevant to Computing Reviews readers due to the relatively high percentage of academics among us.</p> </div> <p class="date"> <a href="https://gwolf.org/2024/11/why-academics-under-share-research-data-a-social-relational-theory.html">11 November, 2024 02:53PM</a> </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="https://vincent.bernat.ch/en" title="Vincent Bernat">Vincent Bernat</a> <script type="text/javascript">  </script> </h2> <div id="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins" class="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins"> <div class="entry"> <h3 class="entry-title"> <a href="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins">Customize Caddy's plugins with Nix</a> </h3> <div class="content"> <p><a href="https://caddyserver.com/" title="Caddy Web Server">Caddy</a> is an open-source web server written in Go. It handles TLS certificates automatically and comes with a simple configuration syntax. Users can extend its functionality through <a href="https://caddyserver.com/docs/modules/" title="All registered Caddy plugins">plugins</a><sup id="fnref-plugins"><a class="footnote-ref" href="https://vincent.bernat.ch#fn-plugins">1</a></sup> to add features like <a href="https://github.com/mholt/caddy-ratelimit" title="HTTP rate limiting module for Caddy">rate limiting</a>, <a href="https://github.com/caddyserver/cache-handler" title="Distributed HTTP caching module for Caddy">caching</a>, and <a href="https://github.com/invzhi/caddy-docker-upstreams" title="Docker dynamic upstreams for Caddy">Docker integration</a>.</p> <p>While <em>Caddy</em> is available in <a href="https://github.com/NixOS/nixpkgs/blob/master/pkgs/by-name/ca/caddy/package.nix">Nixpkgs</a>, adding extra plugins is not simple.<sup id="fnref-simple"><a class="footnote-ref" href="https://vincent.bernat.ch#fn-simple">2</a></sup> The compilation process needs Internet access, which <a href="https://zero-to-nix.com/concepts/hermeticity" title="Zero to Nix: hermeticity">Nix denies during build</a> to ensure <a href="https://zero-to-nix.com/concepts/reproducibility" title="Zero to Nix: reproducibility">reproducibility</a>. When trying to build the following derivation using <a href="https://github.com/caddyserver/xcaddy" title="Build Caddy with plugins">xcaddy</a>, a tool for building Caddy with plugins, it fails with this error: <code>dial tcp: lookup proxy.golang.org on [::1]:53: connection refused</code>.</p> <div class="language-nix codehilite"><pre><span></span><span class="p">{</span> pkgs <span class="p">}:</span> pkgs<span class="o">.</span>stdenv<span class="o">.</span>mkDerivation <span class="p">{</span> <span class="ss">name</span> <span class="o">=</span> <span class="s2">"caddy-with-xcaddy"</span><span class="p">;</span> <span class="ss">nativeBuildInputs</span> <span class="o">=</span> <span class="k">with</span> pkgs<span class="p">;</span> <span class="p">[</span> go xcaddy cacert <span class="p">];</span> <span class="ss">unpackPhase</span> <span class="o">=</span> <span class="s2">"true"</span><span class="p">;</span> <span class="ss">buildPhase</span> <span class="o">=</span> <span class="s s-Multiline">''</span> <span class="s s-Multiline"> xcaddy build --with github.com/caddy-dns/powerdns@v1.0.1</span> <span class="s s-Multiline"> ''</span><span class="p">;</span> <span class="ss">installPhase</span> <span class="o">=</span> <span class="s s-Multiline">''</span> <span class="s s-Multiline"> mkdir -p $out/bin</span> <span class="s s-Multiline"> cp caddy $out/bin</span> <span class="s s-Multiline"> ''</span><span class="p">;</span> <span class="p">}</span> </pre></div> <p>Fixed-output derivations are an exception to this rule and get network access during build. They need to specify their output hash. For example, the <code>fetchurl</code> function produces a fixed-output derivation:</p> <div class="language-nix codehilite"><pre><span></span><span class="p">{</span> stdenv<span class="p">,</span> fetchurl <span class="p">}:</span> stdenv<span class="o">.</span>mkDerivation <span class="k">rec</span> <span class="p">{</span> <span class="ss">pname</span> <span class="o">=</span> <span class="s2">"hello"</span><span class="p">;</span> <span class="ss">version</span> <span class="o">=</span> <span class="s2">"2.12.1"</span><span class="p">;</span> <span class="ss">src</span> <span class="o">=</span> fetchurl <span class="p">{</span> <span class="ss">url</span> <span class="o">=</span> <span class="s2">"mirror://gnu/hello/hello-</span><span class="si">${</span>version<span class="si">}</span><span class="s2">.tar.gz"</span><span class="p">;</span> <span class="ss">hash</span> <span class="o">=</span> <span class="s2">"sha256-jZkUKv2SV28wsM18tCqNxoCZmLxdYH2Idh9RLibH2yA="</span><span class="p">;</span> <span class="p">};</span> <span class="p">}</span> </pre></div> <p>To create a fixed-output derivation, you need to set the <a href="https://nix.dev/manual/nix/2.22/language/advanced-attributes.html#adv-attr-outputHash"><code>outputHash</code> attribute</a>. The example below shows how to output <em>Caddy</em>’s source code, with some plugin enabled, as a fixed-output derivation using <code>xcaddy</code> and <code>go mod vendor</code>.</p> <div class="language-nix codehilite"><pre><span></span>pkgs<span class="o">.</span>stdenvNoCC<span class="o">.</span>mkDerivation <span class="k">rec</span> <span class="p">{</span> <span class="ss">pname</span> <span class="o">=</span> <span class="s2">"caddy-src-with-xcaddy"</span><span class="p">;</span> <span class="ss">version</span> <span class="o">=</span> <span class="s2">"2.8.4"</span><span class="p">;</span> <span class="ss">nativeBuildInputs</span> <span class="o">=</span> <span class="k">with</span> pkgs<span class="p">;</span> <span class="p">[</span> go xcaddy cacert <span class="p">];</span> <span class="ss">unpackPhase</span> <span class="o">=</span> <span class="s2">"true"</span><span class="p">;</span> <span class="ss">buildPhase</span> <span class="o">=</span> <span class="s s-Multiline">''</span> <span class="s s-Multiline"> export GOCACHE=$TMPDIR/go-cache</span> <span class="s s-Multiline"> export GOPATH="$TMPDIR/go"</span> <span class="s s-Multiline"> XCADDY_SKIP_BUILD=1 TMPDIR="$PWD" \</span> <span class="s s-Multiline"> xcaddy build v</span><span class="si">${</span>version<span class="si">}</span><span class="s s-Multiline"> --with github.com/caddy-dns/powerdns@v1.0.1</span> <span class="s s-Multiline"> (cd buildenv* && go mod vendor)</span> <span class="s s-Multiline"> ''</span><span class="p">;</span> <span class="ss">installPhase</span> <span class="o">=</span> <span class="s s-Multiline">''</span> <span class="s s-Multiline"> mv buildenv* $out</span> <span class="s s-Multiline"> ''</span><span class="p">;</span> <span class="hll"> <span class="ss">outputHash</span> <span class="o">=</span> <span class="s2">"sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc="</span><span class="p">;</span> </span><span class="hll"> <span class="ss">outputHashAlgo</span> <span class="o">=</span> <span class="s2">"sha256"</span><span class="p">;</span> </span><span class="hll"> <span class="ss">outputHashMode</span> <span class="o">=</span> <span class="s2">"recursive"</span><span class="p">;</span> </span><span class="p">}</span> </pre></div> <p>With a fixed-output derivation, it is up to us to ensure the output is always the same:</p> <ul> <li>we ask <code>xcaddy</code> to not compile the program and keep the source code,<sup id="fnref-xcaddy"><a class="footnote-ref" href="https://vincent.bernat.ch#fn-xcaddy">3</a></sup></li> <li>we pin the version of Caddy we want to build, and</li> <li>we pin the version of each requested plugin.</li> </ul> <p>You can use this derivation to override the <code>src</code> attribute in <code>pkgs.caddy</code>:</p> <div class="language-nix codehilite"><pre><span></span>pkgs<span class="o">.</span>caddy<span class="o">.</span>overrideAttrs <span class="p">(</span>prev<span class="p">:</span> <span class="p">{</span> <span class="ss">src</span> <span class="o">=</span> pkgs<span class="o">.</span>stdenvNoCC<span class="o">.</span>mkDerivation <span class="p">{</span> <span class="cm">/* ... */</span> <span class="p">};</span> <span class="ss">vendorHash</span> <span class="o">=</span> <span class="no">null</span><span class="p">;</span> <span class="ss">subPackages</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">"."</span> <span class="p">];</span> <span class="p">});</span> </pre></div> <p>Check out the complete example in the <a href="https://github.com/vincentbernat/caddy-nix/blob/main/examples/xcaddy-src/flake.nix">GitHub repository</a>. To integrate into a <a href="https://zero-to-nix.com/concepts/flakes" title="Zero to Nix: flakes">Flake</a>, add <code>github:vincentbernat/caddy-nix</code> as an overlay:</p> <div class="language-nix codehilite"><pre><span></span><span class="p">{</span> <span class="ss">inputs</span> <span class="o">=</span> <span class="p">{</span> nixpkgs<span class="o">.</span><span class="ss">url</span> <span class="o">=</span> <span class="s2">"nixpkgs"</span><span class="p">;</span> flake-utils<span class="o">.</span><span class="ss">url</span> <span class="o">=</span> <span class="s2">"github:numtide/flake-utils"</span><span class="p">;</span> caddy<span class="o">.</span><span class="ss">url</span> <span class="o">=</span> <span class="s2">"github:vincentbernat/caddy-nix"</span><span class="p">;</span> <span class="p">};</span> <span class="ss">outputs</span> <span class="o">=</span> <span class="p">{</span> self<span class="p">,</span> nixpkgs<span class="p">,</span> flake-utils<span class="p">,</span> caddy <span class="p">}:</span> flake-utils<span class="o">.</span>lib<span class="o">.</span>eachDefaultSystem <span class="p">(</span>system<span class="p">:</span> <span class="k">let</span> <span class="ss">pkgs</span> <span class="o">=</span> <span class="nb">import</span> nixpkgs <span class="p">{</span> <span class="k">inherit</span> system<span class="p">;</span> <span class="ss">overlays</span> <span class="o">=</span> <span class="p">[</span> caddy<span class="o">.</span>overlays<span class="o">.</span>default <span class="p">];</span> <span class="p">};</span> <span class="k">in</span> <span class="p">{</span> <span class="ss">packages</span> <span class="o">=</span> <span class="p">{</span> <span class="ss">default</span> <span class="o">=</span> pkgs<span class="o">.</span>caddy<span class="o">.</span>withPlugins <span class="p">{</span> <span class="ss">plugins</span> <span class="o">=</span> <span class="p">[</span> <span class="s2">"github.com/caddy-dns/powerdns@v1.0.1"</span> <span class="p">];</span> <span class="ss">hash</span> <span class="o">=</span> <span class="s2">"sha256-F/jqR4iEsklJFycTjSaW8B/V3iTGqqGOzwYBUXxRKrc="</span><span class="p">;</span> <span class="p">};</span> <span class="p">};</span> <span class="p">});</span> <span class="p">}</span> </pre></div> <div class="admonition"> <p class="admonition-title">Update (2024-11)</p> <p>This flake won’t work with Nixpkgs 24.05 or older because it relies on <a href="https://github.com/nixOS/nixpkgs/commit/eed069a5bc40ba4d871de7700c7eb8d592e98cb6">this commit</a> to properly override the <code>vendorHash</code> attribute.</p> </div> <div class="footnote"> <hr /> <ol> <li id="fn-plugins"> <p>This article uses the term “plugins,” though Caddy documentation also refers to them as “modules” since they are implemented as Go modules. <a class="footnote-backref" href="https://vincent.bernat.ch#fnref-plugins" title="Jump back to footnote 1 in the text">↩︎</a></p> </li> <li id="fn-simple"> <p>This is a <a href="https://github.com/NixOS/nixpkgs/issues/14671" title="caddy: add all addons #14671">feature request</a> since quite some time. A <a href="https://github.com/NixOS/nixpkgs/pull/317881" title="caddy: add support for compiling with Caddy modules (plugins) #317881">proposed solution</a> has been rejected. The one described in this article is a bit different and I have proposed it in another <a href="https://github.com/NixOS/nixpkgs/pull/358586" title="caddy: add suport for compiling Caddy with plugins #358586">pull request</a>. <a class="footnote-backref" href="https://vincent.bernat.ch#fnref-simple" title="Jump back to footnote 2 in the text">↩︎</a></p> </li> <li id="fn-xcaddy"> <p>This is not perfect: if the source code produced by <code>xcaddy</code> changes, the hash would change and the build would fail. <a class="footnote-backref" href="https://vincent.bernat.ch#fnref-xcaddy" title="Jump back to footnote 3 in the text">↩︎</a></p> </li> </ol> </div> </div> <p class="date"> <a href="https://vincent.bernat.ch/en/blog/2024-caddy-nix-plugins">11 November, 2024 07:35AM</a> by Vincent Bernat </p> </div> </div> </div> <h1>November 10, 2024</h1> <div class="channel"> <a href="http://dirk.eddelbuettel.com/blog"> <img class="face" src="heads/dirk.png" width="65" height="90" alt="hackergotchi for Dirk Eddelbuettel" /> </a> <h2 class="planet-title"> <a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <script type="text/javascript">  </script> </h2> <div id="http://dirk.eddelbuettel.com/blog/2024/11/10#inline_0.3.20" class="http://dirk.eddelbuettel.com/blog/2024/11/10#inline_0.3.20"> <div class="entry"> <h3 class="entry-title"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/10#inline_0.3.20">inline 0.3.20: Mostly Maintenance</a> </h3> <div class="content"> <p>A new release of the <a href="https://cran.r-project.org/package=inline">inline</a> package got to <a href="https://cran.r-project.org">CRAN</a> today marking the first release in three and half years. <a href="https://cran.r-project.org/package=inline">inline</a> facilitates writing code <em>in-line</em> in simple string expressions or short files. The package was used quite extensively by <a href="https://www.rcpp.org">Rcpp</a> in the very early days before <a href="https://cloud.r-project.org/web/packages/Rcpp/vignettes/Rcpp-attributes.pdf">Rcpp Attributes</a> arrived on the scene providing an even better alternative for its use cases. <a href="https://cran.r-project.org/package=inline">inline</a> is still used by <a href="https://cran.r-project.org/package=rstan">rstan</a> and a number of other packages.</p> <p>This release was tickled by changing in r-devel just this week, and the corresponding ‘please fix or else’ email I received this morning. <code>R_NO_REMAP</code> is now the default in r-devel, and while we had already converted most (old-style) calls into the API to using the now mandatory <code>Rf_</code> prefix, the package contained few remaining cases in examples as well as one in code generation. The release also contains a helpful contributed PR making an error message a little clearer, plus several small and common maintenance changed around continuous integration, package layout and the repository.</p> <p>The <code>NEWS</code> extract follows and details the changes some more.</p> <blockquote> <h4 id="changes-in-inline-version-0.3.20-2024-11-10">Changes in inline version 0.3.20 (2024-11-10)</h4> <ul> <li><p>Error message formatting is improved for <code>compileCode</code> (Alexis Derumigny in <a href="https://github.com/eddelbuettel/inline/pull/25">#25</a>)</p></li> <li><p>Switch to using Authors@R, other general packaging maintenance for continuous integration and repository</p></li> <li><p>Use <code>Rf_</code> in a handful of cases as R-devel now mandates it</p></li> </ul> </blockquote> <p>Thanks to my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, you can also look at a <a href="https://dirk.eddelbuettel.com/cranberries/2024/11/10/#inline_0.3.20">diff to the previous release</a> Questions, comments etc should go to the <a href="https://lists.r-forge.r-project.org/cgi-bin/mailman/listinfo/rcpp-devel">rcpp-devel mailing list</a> off the <a href="https://r-forge.r-project.org/projects/rcpp/">R-Forge page</a>. Bugs reports are welcome at the <a href="https://github.com/RcppCore/Rcpp/issues">GitHub issue tracker as well</a> (where one can also search among open or closed issues).</p> <p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at GitHub</a>.</p> <p style="font-size: 80%; font-style: italic;"> This post by <a href="https://dirk.eddelbuettel.com">Dirk Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a> blog. Please report excessive re-aggregation in third-party for-profit settings. </p><p></p> </div> <p class="date"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/10#inline_0.3.20">10 November, 2024 07:29PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://reproducible-builds.org/blog/" title="reproducible-builds.org">Reproducible Builds</a> <script type="text/javascript">  </script> </h2> <div id="https://reproducible-builds.org/reports/2024-10/" class="https://reproducible-builds.org/reports/2024-10/"> <div class="entry"> <h3 class="entry-title"> <a href="https://reproducible-builds.org/reports/2024-10/">Reproducible Builds in October 2024</a> </h3> <div class="content"> <p><a href="https://reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/reproducible-builds.png#right" /></a></p> <p><strong>Welcome to the October 2024 report from the <a href="https://reproducible-builds.org">Reproducible Builds</a> project.</strong></p> <p>Our reports attempt to outline what we’ve been up to over the past month, highlighting news items from elsewhere in tech where they are related. As ever, if you are interested in contributing to the project, please visit our <a href="https://reproducible-builds.org/contribute/"><em>Contribute</em></a> page on our website.</p> <p><strong>Table of contents:</strong></p> <ol> <li><a href="https://reproducible-builds.org/blog/index.rss#beyond-bitwise-equality-for-reproducible-builds">Beyond bitwise equality for Reproducible Builds?</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#two-ways-to-trustworthy-at-seagl-2024">‘Two Ways to Trustworthy’ at SeaGL 2024</a></li> <li><a href="https://reproducible-builds.org/blog/number-of-cores-affected-android-compiler-output">Number of cores affected Android compiler output</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#on-our-mailing-list">On our mailing list…</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#diffoscope">diffoscope</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#izzyondroid-passed-25-reproducible-apps">IzzyOnDroid passed 25% reproducible apps</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#distribution-work">Distribution work</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#website-updates">Website updates</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#reproducibility-testing-framework">Reproducibility testing framework</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#supply-chain-security-at-open-source-summit-eu">Supply-chain security at Open Source Summit EU</a></li> <li><a href="https://reproducible-builds.org/blog/index.rss#upstream-patches">Upstream patches</a></li> </ol> <hr /> <h3 id="beyond-bitwise-equality-for-reproducible-builds">Beyond bitwise equality for Reproducible Builds?</h3> <p><a href="https://doi.org/10.48550/arXiv.2410.08427"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/paper-2410-08427.png#right" /></a></p> <p>Jens Dietrich, Tim White, of Victoria University of Wellington, New Zealand along with Behnaz Hassanshahi and Paddy Krishnan of Oracle Labs Australia published a paper entitled “<a href="https://doi.org/10.48550/arXiv.2410.08427"><em>Levels of Binary Equivalence for the Comparison of Binaries from Alternative Builds</em></a>”:</p> <blockquote> <p>The availability of multiple binaries built from the same sources creates new challenges and opportunities, and raises questions such as: “Does build A confirm the integrity of build B?” or “Can build A reveal a compromised build B?”. To answer such questions requires a notion of equivalence between binaries. We demonstrate that <strong>the obvious approach based on bitwise equality has significant shortcomings</strong> in practice, and that there is value in opting for alternative notions. We conceptualise this by introducing levels of equivalence, inspired by clone detection types.</p> </blockquote> <p>A <a href="https://arxiv.org/pdf/2410.08427v1">PDF</a> of the paper is freely available.</p> <p><br /></p> <h3 id="two-ways-to-trustworthy-at-seagl-2024">‘<em>Two Ways to Trustworthy</em>’ at <a href="https://seagl.org/">SeaGL</a> 2024</h3> <p><a href="https://pretalx.seagl.org/2024/talk/W73ACM/"><img alt="" src="https://reproducible-builds.org/images/reports/2023-11/seagl.png#right" /></a></p> <p>On Friday 8th November, Vagrant Cascadian will present a talk entitled <a href="https://pretalx.seagl.org/2024/talk/W73ACM/"><em>Two Ways to Trustworthy</em></a> at <a href="https://seagl.org/">SeaGL</a> in Seattle, WA.</p> <p>Founded in 2013, SeaGL is a free, grassroots technical summit dedicated to spreading awareness and knowledge about free source software, hardware and culture. Vagrant’s talk:</p> <blockquote> <p>[…] delves into how two project[s] approaches fundamental security features through Reproducible Builds, Bootstrappable Builds, code auditability, etc. to improve trustworthiness, allowing independent verification; trustworthy projects require little to no trust.</p> <p>Exploring the challenges that each project faces due to very different technical architectures, but also contextually relevant social structure, adoption patterns, and organizational history should provide a good backdrop to understand how different approaches to security might evolve, with real-world merits and downsides.</p> </blockquote> <p><br /></p> <h3 id="number-of-cores-affected-android-compiler-output">Number of cores affected Android compiler output</h3> <p>Fay Stegerman <a href="https://tech.lgbt/@obfusk/113403959098151861">wrote</a> that the cause of the <a href="https://reproducible-builds.org/reports/2024-09/#android-toolchain-core-count-issue-reported">Android toolchain bug from September’s report</a> that she <a href="https://issuetracker.google.com/issues/366412380">reported to the Android issue tracker</a> has been found and the bug has been fixed.</p> <blockquote> <p>the D8 Java to <a href="https://source.android.com/docs/core/runtime/dex-format">DEX</a> compiler (part of the Android toolchain) eliminated a redundant field load if running the class’s static initialiser was known to be free of side effects, which ended up accidentally depending on the sharding of the input, which is dependent on the number of CPU cores used during the build.</p> </blockquote> <p>To make it easier to understand the bug and the patch, Fay also made a <a href="https://gist.github.com/obfusk/83822140509dad4148b14bba41adf008">small example</a> to illustrate when and why the optimisation involved is valid.</p> <p><br /></p> <h3 id="on-our-mailing-list">On our mailing list…</h3> <p>On <a href="https://lists.reproducible-builds.org/listinfo/rb-general/">our mailing list</a> this month:</p> <ul> <li> <p>Following-up to previous work, James Addison informed the list that the recently-released <a href="https://www.sphinx-doc.org/en/master/">Sphinx</a> documentation generator includes <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-October/003562.html">improvements to the next copyright notice substitutions</a>.</p> </li> <li> <p>Pol Dellaiera wrote to the list in order to <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-October/003560.html">seek advice around introducing the concept of reproducibility</a> to computer science Masters students at the <a href="https://web.umons.ac.be/">University of Mons, Belgium</a>.</p> </li> <li> <p>James Addison also followed-up to a <a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-September/003530.html">previous thread on “<code class="language-plaintext highlighter-rouge">CONFIG_MODULE_SIG</code> and the unreproducible Linux Kernel”</a> to add: “I wonder whether it would be possible to use the Linux kernel’s <a href="https://docs.kernel.org/admin-guide/LSM/ipe.html">Integrity Policy Enforcement</a> to deploy a policy that would prevent loading of anything except a set of expected kernel modules.” [<a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-October/003553.html">…</a>]</p> </li> <li> <p>There were also two informative replies from <a href="https://dwheeler.com/">David Wheeler</a> to a broad-based discussion on Reproducible Builds being defined in various standards. [<a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-October/003550.html">…</a>][<a href="https://lists.reproducible-builds.org/pipermail/rb-general/2024-October/003551.html">…</a>]</p> </li> </ul> <p><br /></p> <h3 id="diffoscope"><a href="https://diffoscope.org"><em>diffoscope</em></a></h3> <p><a href="https://diffoscope.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/diffoscope.png#right" /></a></p> <p><a href="https://diffoscope.org">diffoscope</a> is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues. This month, Chris Lamb made the following changes, including preparing and uploading versions <code class="language-plaintext highlighter-rouge">279</code>, <code class="language-plaintext highlighter-rouge">280</code>, <code class="language-plaintext highlighter-rouge">281</code> and <code class="language-plaintext highlighter-rouge">282</code> to Debian:</p> <ul> <li>Ignore errors when listing <code class="language-plaintext highlighter-rouge">.ar</code> archives (<a href="https://bugs.debian.org/1085257"><code class="language-plaintext highlighter-rouge">#1085257</code></a>). [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/e0e10c41">…</a>]</li> <li>Don’t try and test with <code class="language-plaintext highlighter-rouge">systemd-ukify</code> in the Debian stable distribution. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/0736b361">…</a>]</li> <li>Drop <code class="language-plaintext highlighter-rouge">Depends</code> on the deprecated <code class="language-plaintext highlighter-rouge">python3-pkg-resources</code> (<a href="https://bugs.debian.org/1083362"><code class="language-plaintext highlighter-rouge">#1083362</code></a>). [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/997c6adb">…</a>]</li> </ul> <p>In addition, Jelle van der Waa added support for <a href="https://wiki.archlinux.org/title/Unified_kernel_image">Unified Kernel Image</a> (UKI) files. [<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/9d5b5d32">…</a>][<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/2d7f54bf">…</a>][<a href="https://salsa.debian.org/reproducible-builds/diffoscope/commit/153d6185">…</a>] Furthermore, Vagrant Cascadian updated <em>diffoscope</em> in <a href="https://guix.gnu.org/">GNU Guix</a> to version 282. [<a href="https://debbugs.gnu.org/74072">…</a>][<a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=d6f775c30c6f47e174f6110d1089edc6315600e4">…</a>]</p> <p><br /></p> <h3 id="izzyondroid-passed-25-reproducible-apps"><a href="https://apt.izzysoft.de/fdroid/">IzzyOnDroid</a> passed 25% reproducible apps</h3> <p><a href="https://apt.izzysoft.de/fdroid/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/izzyondroid.png#right" /></a></p> <p>The <a href="https://apt.izzysoft.de/fdroid/">IzzyOnDroid</a> project has reached a good milestone by <a href="https://floss.social/@IzzyOnDroid/113350034406251501">reaching over 25%</a> of the ~1,200 Android apps provided by their repository (of official APKs built by the original application developers) having been <a href="https://codeberg.org/IzzyOnDroid/rbtlog">confirmed to be reproducible by a rebuilder</a>.</p> <p><br /></p> <h3 id="distribution-work">Distribution work</h3> <p><a href="https://debian.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/debian.png#right" /></a></p> <p>In Debian this month:</p> <ul> <li> <p>Holger Levsen <a href="https://tracker.debian.org/news/1581399/accepted-devscripts-2242-source-into-unstable/">uploaded <code class="language-plaintext highlighter-rouge">devscripts</code> version 2.24.2</a>, including many changes to the <code class="language-plaintext highlighter-rouge">debootsnap</code>, <code class="language-plaintext highlighter-rouge">debrebuild</code> and <code class="language-plaintext highlighter-rouge">reproducible-check</code> scripts. This is the first time that <code class="language-plaintext highlighter-rouge">debrebuild</code> actually works (using <code class="language-plaintext highlighter-rouge">sbuild</code>’s <code class="language-plaintext highlighter-rouge">unshare</code> backend). As part of this, Holger also fixed an issue in the <code class="language-plaintext highlighter-rouge">reproducible-check</code> script where a typo in the code led to incorrect results [<a href="https://salsa.debian.org/debian/devscripts/-/commit/4b3cf6bfbb3940700aab407879bf411c58b97847">…</a>]</p> </li> <li> <p>Recently, a news entry was added to <a href="http://snapshot.debian.org/"><em>snapshot.debian.org</em></a>’s homepage, describing the recent changes that made the system stable again:</p> <blockquote> <p>The new server has no problems keeping up with importing the full archives on every update, as each run finishes comfortably in time before it’s time to run again. [While] the new server is the one doing all the importing of updated archives, the <a href="https://snapshot.debian.org/">HTTP interface</a> is being served by both the new server and one of the VM’s at <a href="https://www.leaseweb.com/">LeaseWeb</a>.</p> </blockquote> <p>The entry list a number of specific updates surrounding the API endpoints and rate limiting.</p> </li> <li> <p>Lastly, 12 reviews of Debian packages were added, 3 were updated and 18 were removed this month adding to <a href="https://tests.reproducible-builds.org/debian/index_issues.html">our knowledge about identified issues</a>.</p> </li> </ul> <p><a href="https://fedoraproject.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/fedora.png#right" /></a></p> <p>Elsewhere in distribution news, Zbigniew Jędrzejewski-Szmek performed another rebuild of <a href="https://fedoraproject.org">Fedora</a> 42 packages, with the headline result being that <a href="https://in.waw.pl/~zbyszek/fedora/builds-f42-with-add-det-4.x.summary.txt">91% of the packages are reproducible</a>. Zbigniew also <a href="https://lists.fedoraproject.org/archives/list/devel@lists.fedoraproject.org/thread/67ICWGGE3TUPG5RH32GZAXICO4T5BXFG/">reported a reproducibility problem with QImage</a>.</p> <p><a href="https://www.opensuse.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/opensuse.png#right" /></a></p> <p>Finally, in openSUSE, Bernhard M. Wiedemann <a href="https://lists.opensuse.org/archives/list/factory@lists.opensuse.org/thread/NRT3XWO4ZRSIMAPSHD7HVSD5Z62WQWAA/">published another report</a> for that distribution.</p> <p><br /></p> <h3 id="website-updates">Website updates</h3> <p><a href="https://reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/website.png#right" /></a></p> <p>There were an <em>enormous</em> number of improvements made to our website this month, including:</p> <ul> <li> <p>Alba Herrerias:</p> <ul> <li>Improve consistency across distribution-specific guides. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/12826f09">…</a>]</li> <li>Fix a number of links on the <em>Contribute</em> page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/1274584d">…</a>]</li> </ul> </li> <li> <p>Chris Lamb:</p> <ul> <li>Correct the name of <a href="https://www.cip-project.org/">Civil Infrastructure Platform</a> name and update image on the <a href="https://reproducible-builds.org/who/projects/"><em>Projects</em></a> page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/e53ecbc7">…</a>]</li> <li>Update broken link on the <a href="https://reproducible-builds.org/docs/value-initialization/"><em>Value Initialization</em></a> page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/56f708d7">…</a>]</li> <li>Try and make pipeline/branch builds of the website easier to browse. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/8bff7574">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/df01bf5f">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/a3faf5be">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/0c735ea6">…</a>]</li> </ul> </li> <li> <p><code class="language-plaintext highlighter-rouge">hulkoba</code></p> <ul> <li>Contribute to the new ‘<a href="https://reproducible-builds.org/success-stories/">Success stories</a>’ page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/4ca4e410">…</a>]</li> </ul> </li> <li> <p>James Addison:</p> <ul> <li>Huge and significant work on a (as-yet-merged) quickstart guide to be linked from the homepage [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/30d226e0">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6ccad0f4">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/aeb73a4a">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5ee3ac46">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/8e8f7d55">…</a>]</li> <li>On the <a href="https://reproducible-builds.org/">homepage</a>, link directly to the <a href="https://reproducible-builds.org/who/projects">Projects</a> subpage. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ca047d2e">…</a>]</li> <li>Relocate “dependency-drift” notes to the <a href="https://reproducible-builds.org/docs/volatile-inputs/">Volatile inputs</a> page. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/63d58e09">…</a>]</li> </ul> </li> <li> <p>Ninette Adhikari:</p> <ul> <li>Add a brand new ‘<a href="https://reproducible-builds.org/success-stories/">Success stories</a>’ page that “highlights the success stories of Reproducible Builds, showcasing real-world examples of projects shipping with verifiable, reproducible builds”. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/12f4df01">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/ddc6df7c">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/6b3dba82">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/19a17974">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/28d82a04">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/115ed658">…</a>]</li> </ul> </li> <li> <p>Pol Dellaiera:</p> <ul> <li>Update the website’s <code class="language-plaintext highlighter-rouge">README</code> page for building the website under <a href="https://nixos.org/">NixOS</a>. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/5428366d">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/f90aba5c">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/13a338ab">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/b9e51c38">…</a>][<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/39598567">…</a>]</li> <li>Add a new academic paper citation. [<a href="https://salsa.debian.org/reproducible-builds/reproducible-website/commit/62aa449b">…</a>]</li> </ul> </li> </ul> <p>Lastly, Holger Levsen filed an extensive issue detailing a request to <a href="https://salsa.debian.org/reproducible-builds/reproducible-website/-/issues/59">create an overview of recommendations and standards</a> in relation to reproducible builds.</p> <p><br /></p> <h3 id="reproducibility-testing-framework">Reproducibility testing framework</h3> <p><a href="https://tests.reproducible-builds.org/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/testframework.png#right" /></a></p> <p>The Reproducible Builds project operates a comprehensive testing framework running primarily at <a href="https://tests.reproducible-builds.org"><em>tests.reproducible-builds.org</em></a> in order to check packages and other artifacts for reproducibility. In October, a number of changes were made by Holger Levsen, including:</p> <ul> <li>Add a basic <code class="language-plaintext highlighter-rouge">index.html</code> for <code class="language-plaintext highlighter-rouge">rebuilderd</code>. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/2fdfe56c1">…</a>]</li> <li>Update the <code class="language-plaintext highlighter-rouge">nginx.conf</code> configuration file for <code class="language-plaintext highlighter-rouge">rebuilderd</code>. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/e43de52e2">…</a>]</li> <li>Document how to use a rescue system for Infomaniak’s OpenStack cloud. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/254f86399">…</a>]</li> <li>Update usage info for two particular nodes. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/fbf8d89a4">…</a>]</li> <li>Fix up a version skew check to fix the name of the <code class="language-plaintext highlighter-rouge">riscv64</code> architecture. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/8eae72e56">…</a>]</li> <li>Update the <code class="language-plaintext highlighter-rouge">rebuilderd</code>-related TODO. [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/6a383397b">…</a>]</li> </ul> <p>In addition, Mattia Rizzolo added a new IP address for the <code class="language-plaintext highlighter-rouge">inos5</code> node [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/5cea8f4a8">…</a>] and Vagrant Cascadian brought 4 <code class="language-plaintext highlighter-rouge">virt</code> nodes back online [<a href="https://salsa.debian.org/qa/jenkins.debian.net/commit/114838df4">…</a>].</p> <p><br /></p> <h3 id="supply-chain-security-at-open-source-summit-eu">Supply-chain security at <a href="https://events.linuxfoundation.org/open-source-summit-europe/">Open Source Summit EU</a></h3> <p><a href="https://events.linuxfoundation.org/open-source-summit-europe/"><img alt="" src="https://reproducible-builds.org/images/reports/2024-10/OSS-EU-2024.png#right" /></a></p> <p>The <a href="https://events.linuxfoundation.org/open-source-summit-europe/">Open Source Summit EU</a> took place recently, and covered plenty of topics related to supply-chain security, including:</p> <ul> <li><a href="https://www.youtube.com/watch?v=EyzFZYeSj5g&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=124">Public Sector & OpenSSF: Principles for Package Repository Security</a></li> <li><a href="https://www.youtube.com/watch?v=-GFcUgT77oE&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=114">The Model Openness Framework: Promoting Completeness and Openness for Reproducibility, Transparency and Usability in AI</a></li> <li><a href="https://www.youtube.com/watch?v=ZT3XdMF6U5A&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=106">Structured Scorecard Results: Tailor Your Own Supply-Chain Security Policies</a></li> <li><a href="https://www.youtube.com/watch?v=ICrlIlWAiGA&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=103">Lightning Talk: Elephant in the Room: How Supply Chain Security Standards Are Not Standard and What to Do About It</a></li> <li><a href="https://www.youtube.com/watch?v=mHjsaDDkbKo&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=102">Lightning Talk: Charting the Course for Secure Software Supply Chain with Guac-AI-Mole!</a></li> <li><a href="https://www.youtube.com/watch?v=Gk0LDi05KRg&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=100">TPMs, Merkle Trees and TEEs: Enhancing SLSA with Hardware-Assisted Build Environment Verification</a></li> <li><a href="https://www.youtube.com/watch?v=nSQ3rsaqpaQ&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=47">Accountability Taxonomy for AI Software Bill of Materials</a></li> <li><a href="https://www.youtube.com/watch?v=154gKafXhnc&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=33">Securing Your Supply Chain with an Open Source Ecosystem</a></li> <li><a href="https://www.youtube.com/watch?v=cLPZ7dYndH0&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=30">OSS Supply Chain Threats and Why You Need a Holistic Security Strategy</a></li> <li><a href="https://www.youtube.com/watch?v=b_ImE70Vhd8&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=28">A Step Closer to in-Toto’lly Secure: Using in-Toto and OPA Gatekeeper to Verify Artifact Integrity</a></li> <li><a href="https://www.youtube.com/watch?v=6EPROzPfqD8&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=26">Panel Discussion: Improving Supply Chain Integrity with OpenSSF Technologies</a></li> <li><a href="https://www.youtube.com/watch?v=1LTqB4czzEs&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=142">Case Study: 10+ Years of Developing an SBOM System and the Dos and Don’ts</a></li> <li><a href="https://www.youtube.com/watch?v=4rA9JOESvL8&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=182">SBOM in SaaS Environments: An Update</a></li> <li><a href="https://www.youtube.com/watch?v=eCSeIEdMbCw&list=PLbzoR-pLrL6poagnac0dQuTXcmNvUHVOj&index=179">Securing Git Repositories with Gittuf</a></li> </ul> <p><br /></p> <h3 id="upstream-patches">Upstream patches</h3> <p>The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of such patches, including:</p> <ul> <li> <p>Bernhard M. Wiedemann</p> <ul> <li><a href="https://build.opensuse.org/request/show/1206032"><code class="language-plaintext highlighter-rouge">apache-ivy</code></a> (<code class="language-plaintext highlighter-rouge">.zip</code> modification time)</li> <li><a href="https://github.com/ccache/ccache/pull/1525"><code class="language-plaintext highlighter-rouge">ccache</code></a> (build failure)</li> <li><a href="https://github.com/hughsie/colord/issues/174"><code class="language-plaintext highlighter-rouge">colord</code></a> (CPU)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231368"><code class="language-plaintext highlighter-rouge">efivar</code></a> (CPU/march=native)</li> <li><a href="https://build.opensuse.org/request/show/1206278"><code class="language-plaintext highlighter-rouge">gsl</code></a> (no check)</li> <li><a href="https://lists.libcamera.org/pipermail/libcamera-devel/2024-October/045731.html"><code class="language-plaintext highlighter-rouge">libcamera</code></a> (date/copyright year)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231580"><code class="language-plaintext highlighter-rouge">libreoffice</code></a> (possible rpm/build toolchain corruption bug)</li> <li><a href="https://github.com/getmoto/moto/pull/8218"><code class="language-plaintext highlighter-rouge">moto</code></a> (<code class="language-plaintext highlighter-rouge">.gz</code> modification time)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231667"><code class="language-plaintext highlighter-rouge">openssl-1_1</code></a> (date-related issue)</li> <li><a href="https://github.com/pygraphviz/pygraphviz/pull/544"><code class="language-plaintext highlighter-rouge">python-pygraphviz</code></a> (benchmark)</li> <li><a href="https://github.com/sphinx-gallery/sphinx-gallery/pull/1385"><code class="language-plaintext highlighter-rouge">sphinx/python-pygraphviz</code></a> (benchmark)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231254"><code class="language-plaintext highlighter-rouge">python-panel</code></a> (<code class="language-plaintext highlighter-rouge">package.lock</code> has random port)</li> <li><a href="https://build.opensuse.org/request/show/1207574"><code class="language-plaintext highlighter-rouge">python-propcache</code></a> (random temporary path)</li> <li><a href="https://github.com/python/cpython/pull/125261"><code class="language-plaintext highlighter-rouge">python314</code></a> (<code class="language-plaintext highlighter-rouge">.gz</code>-related modification time)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231548"><code class="language-plaintext highlighter-rouge">rusty_v8</code></a> (random <code class="language-plaintext highlighter-rouge">.o</code> files)</li> <li><a href="https://build.opensuse.org/request/show/1205217"><code class="language-plaintext highlighter-rouge">scapy</code></a> (date)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1231620"><code class="language-plaintext highlighter-rouge">wine</code></a> (parallelism)</li> <li><a href="https://github.com/kgoldman/ibmtss/commit/3a17ac01bea73d3568272d61b895a16a0bd85440"><code class="language-plaintext highlighter-rouge">ibmtss</code></a> (<a href="https://sourceforge.net/p/ibmtpm20tss/tickets/49/">FTBFS-2026</a>)</li> <li><a href="https://github.com/schrodinger/pymol-open-source/pull/404"><code class="language-plaintext highlighter-rouge">pymol</code></a> (date)</li> <li><a href="https://github.com/pandas-dev/pandas/issues/60078"><code class="language-plaintext highlighter-rouge">pandas</code></a> (ASLR)</li> <li><a href="https://github.com/ChrisTitusTech/linutil/pull/869"><code class="language-plaintext highlighter-rouge">linutil</code></a> (drop date)</li> <li><a href="https://build.opensuse.org/request/show/1218747"><code class="language-plaintext highlighter-rouge">lsof</code></a> (<a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1232425">also filed in openSUSE</a>: <code class="language-plaintext highlighter-rouge">uname -r</code> in <code class="language-plaintext highlighter-rouge">LSOF_VSTR</code>)</li> <li><a href="https://codeberg.org/schilytools/schilytools/pulls/81"><code class="language-plaintext highlighter-rouge">schily</code></a> (<a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1232434">also filed in openSUSE</a>: <code class="language-plaintext highlighter-rouge">uname -r</code>)</li> <li><a href="https://bugzilla.opensuse.org/show_bug.cgi?id=1232550"><code class="language-plaintext highlighter-rouge">superlu</code></a> (nocheck)</li> <li><a href="https://github.com/util-linux/util-linux/issues/3259"><code class="language-plaintext highlighter-rouge">util</code></a> (random test failure)</li> <li><a href="https://tracker.ceph.com/issues/68778"><code class="language-plaintext highlighter-rouge">ceph</code></a> (year-2038 variation from embedded boost)</li> </ul> </li> <li> <p>Chris Lamb:</p> <ul> <li><a href="https://bugs.debian.org/1085097">#1085097</a> filed against <a href="https://tracker.debian.org/pkg/python-roborock"><code class="language-plaintext highlighter-rouge">python-roborock</code></a>.</li> <li><a href="https://bugs.debian.org/1085280">#1085280</a> filed against <a href="https://tracker.debian.org/pkg/pywayland"><code class="language-plaintext highlighter-rouge">pywayland</code></a>.</li> <li><a href="https://bugs.debian.org/1085283">#1085283</a> filed against <a href="https://tracker.debian.org/pkg/readsb"><code class="language-plaintext highlighter-rouge">readsb</code></a>.</li> <li><a href="https://bugs.debian.org/1085381">#1085381</a> filed against <a href="https://tracker.debian.org/pkg/xraylarch"><code class="language-plaintext highlighter-rouge">xraylarch</code></a>.</li> </ul> </li> <li> <p>James Addison:</p> <ul> <li><a href="https://bugs.debian.org/1085112">#1085112</a> filed against <a href="https://tracker.debian.org/pkg/distro-info"><code class="language-plaintext highlighter-rouge">distro-info</code></a>.</li> </ul> </li> <li> <p>Zbigniew Jędrzejewski-Szmek:</p> <ul> <li><a href="https://github.com/kovidgoyal/calibre"><code class="language-plaintext highlighter-rouge">calibre</code></a> (two sort issues) [<a href="https://github.com/kovidgoyal/calibre/pull/2483">…</a>][<a href="https://github.com/kovidgoyal/calibre/pull/2484">…</a>]</li> </ul> </li> </ul> <p><br /></p> <hr /> <p>Finally, If you are interested in contributing to the Reproducible Builds project, please visit our <a href="https://reproducible-builds.org/contribute/"><em>Contribute</em></a> page on our website. However, you can get in touch with us via:</p> <ul> <li> <p>IRC: <code class="language-plaintext highlighter-rouge">#reproducible-builds</code> on <code class="language-plaintext highlighter-rouge">irc.oftc.net</code>.</p> </li> <li> <p>Mastodon: <a href="https://fosstodon.org/@reproducible_builds">@reproducible_builds@fosstodon.org</a></p> </li> <li> <p>Mailing list: <a href="https://lists.reproducible-builds.org/listinfo/rb-general"><code class="language-plaintext highlighter-rouge">rb-general@lists.reproducible-builds.org</code></a></p> </li> <li> <p>Twitter: <a href="https://twitter.com/ReproBuilds">@ReproBuilds</a></p> </li> </ul> </div> <p class="date"> <a href="https://reproducible-builds.org/reports/2024-10/">10 November, 2024 06:26PM</a> </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="http://blog.alteholz.eu" title="planetdebian – blog.alteholz.eu">Thorsten Alteholz</a> <script type="text/javascript">  </script> </h2> <div id="http://blog.alteholz.eu/2024/11/my-debian-activities-in-october-2024/" class="http://blog.alteholz.eu/2024/11/my-debian-activities-in-october-2024/"> <div class="entry"> <h3 class="entry-title"> <a href="http://blog.alteholz.eu/2024/11/my-debian-activities-in-october-2024/">My Debian Activities in October 2024</a> </h3> <div class="content"> <h3><strong>FTP master</strong></h3> <p>This month I accepted 398 and rejected 22 packages. The overall number of packages that got accepted was 441.</p> <p></p><p>In case your RM bug is not closed within a month, you can assume that either the conversion of the subject of the bug email to the corresponding dak command did not work or you still need to take care of reverse dependencies. The dak command related to your removal bug can be found <a href="https://ftp-master.debian.org/removals.html">here</a>.</p> <p>Unfortunately the bahavior of some project members caused a decline of motivation of team members to work on these bugs. When I look at these bugs, I just copy and paste the above mentioned dak commands. If they don’t work, I don’t have the time to debug what is going wrong. So please read the docs and take care of it yourself. Please also keep in mind that you need to close the bug or set a moreinfo tag if you don’t want anybody to act on your removal bug.</p> <h3><strong>Debian LTS</strong></h3> <p></p><p>This was my hundred-twenty-fourth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. During my allocated time I uploaded or worked on:</p><p></p> <ul><li>[<a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00016.html">DLA 3925-1</a>] asterisk security update to fix two CVEs related to privilege escalation and DoS</li><li>[<a href="https://lists.debian.org/debian-lts-announce/2024/10/msg00031.html">DLA 3940-1</a>] xorg-server update to fix one CVE related to privilege escalation</li></ul> <p>Last but not least I did a week of FD this month and attended the monthly LTS/ELTS meeting.</p> <h3><strong>Debian ELTS</strong></h3> <p>This month was the seventy-fifth ELTS month. During my allocated time I uploaded or worked on: </p> <ul><li>[ELA-1198-1]cups security update for one CVE in Buster to fix the IPP attribute related CVEs. </li><li>[ELA-1199-1]cups security update for two CVEs in Stretch to fix the IPP attribute related CVEs</li><li>[ELA-1216-1]graphicsmagick security update for one CVE in Jessie</li><li>[ELA-1217-1]asterisk security update for two CVEs in Buster related to privilege escalation </li><li>[ELA-1218-1]asterisk security update for two CVEs in Stretch related to privilege escalation and DoS </li><li>[ELA-1223-1]xorg-server security update for one CVE in Jessie, Stretch and Buster related to privilege escalation</li></ul> <p> I also did a week of FD and attended the monthly LTS/ELTS meeting.</p> <h3><strong>Debian Printing</strong></h3> <p>Unfortunately I didn’t found any time to work on this topic.</p> <h3><strong>Debian Matomo</strong></h3> <p>Unfortunately I didn’t found any time to work on this topic.</p> <h3><strong>Debian Astro</strong></h3> <p>Unfortunately I didn’t found any time to work on this topic.</p> <h3><strong>Debian IoT</strong></h3> <p>This month I uploaded new upstream or bugfix versions of:</p> <ul><li>… <a href="https://tracker.debian.org/pywws">pywws</a> (yes, again this month)</li></ul> <h3><strong>Debian Mobcom</strong></h3> <p>This month I uploaded new packages or new upstream or bugfix versions of:</p> <ul><li>… <a href="https://tracker.debian.org/osmocom-dahdi-linux">osmocom-dahdi-linux</a> (package prepared by Nathan)</li><li>… <a href="https://tracker.debian.org/osmo-bts">osmo-bts</a></li></ul> <h3><strong>misc</strong></h3> <p>This month I uploaded new upstream or bugfix versions of:</p> <ul><li>… <a href="https://tracker.debian.org/mlat-client-adsbfi">mlat-client-adsbfi</a></li><li>… <a href="https://tracker.debian.org/mailio">mailio</a></li><li>… <a href="https://tracker.debian.org/readsb">readsb</a></li><li>… <a href="https://tracker.debian.org/pipexec">pipexec</a></li></ul> </div> <p class="date"> <a href="http://blog.alteholz.eu/2024/11/my-debian-activities-in-october-2024/">10 November, 2024 12:26AM</a> by alteholz </p> </div> </div> </div> <h1>November 09, 2024</h1> <div class="channel"> <a href="https://jmtd.net/log/"> <img class="face" src="heads/jmtd.png" width="65" height="85" alt="hackergotchi for Jonathan Dowland" /> </a> <h2 class="planet-title"> <a href="https://jmtd.net/log/" title="Jonathan Dowland's Weblog">Jonathan Dowland</a> <script type="text/javascript">  </script> </h2> <div id="https://jmtd.net/log/htmx/" class="https://jmtd.net/log/htmx/"> <div class="entry"> <h3 class="entry-title"> <a href="https://jmtd.net/log/htmx/">Progressively enhancing CGI apps with htmx</a> </h3> <div class="content"> <p>I was interested in learning about <a href="https://htmx.org">htmx</a>, so I used it to improve the experience of posting comments on my blog.</p> <p>It seems much of modern web development is structured around having a JavaScript program on the front-end (browser) which exchanges data encoded in JSON asynchronously with the back-end servers. <em>htmx</em> uses a novel (or throwback) approach: it asynchronously fetches snippets of HTML from the back-end, and splices the results into the live page. For example, a htmx-powered button may request a URI on the server, receive HTML in response, and then <em>the button itself would be replaced by the resulting HTML</em>, within the page.</p> <p>I experimented with incorporating it into an existing, old-school <a href="https://en.wikipedia.org/wiki/Common_Gateway_Interface">CGI</a> web app: <a href="https://jmtd.net/software/ikiwiki/">IkiWiki</a>, <a href="https://jmtd.net/log/a_bug_a_day/">which I became a co-maintainer of this year</a>, and powers <span class="selflink">my blog</span>. Throughout this project I referred to the excellent book <a href="https://pragprog.com/titles/mvhtmx/server-driven-web-apps-with-htmx/">Server-Driven Web Apps with htmx</a>.</p> <h3>Comment posting workflow</h3> <p>I really value blog comments, but the UX for posting them on my blog was a bit clunky. It went like this:</p> <ol> <li><p>you load a given page (such as this blog post), which is a static HTML document. There's a link to add a comment to the page.</p></li> <li><p>The link loads a new page which is generated dynamically and served back to you via CGI. This contains a HTML form for you to write your comment.</p></li> <li><p>The form submits to the server via HTTP POST. IkiWiki validates the form content. Various static pages (in particular the one you started on, in Step 1) are regenerated.</p></li> <li><p>the server response to the request in (3) is a HTTP 302 redirect, instructing the browser to go back to the page in Step 1.</p></li> </ol> <h3>First step: fetching a comment form</h3> <p>First, I wanted the "add a comment" link to present the edit box in the current page. This step was easiest: add four attributes to the "comment on this page" anchor tag:</p> <dl> <dt><code>hx-get="<CGI ENDPOINT GOES HERE>"</code></dt> <dd>suppresses the normal behaviour of the tag, so clicking on it doesn't load a new page.</dd> <dd><p>issues an asynchronous HTTP GET to the CGI end-point, which returns the full HTML document for the comment edit form</p></dd> <dt><code>hx-select=".editcomment form"</code></dt> <dd>extract the edit-comment form from within that document</dd> <dt><code>hx-swap=beforeend</code> and <code>hx-target=".addcomment"</code></dt> <dd>append (courtesy of <code>beforeend</code>) the form into the source page after the "add comment" anchor tag (<code>.addcomment</code>)</dd> </dl> <p>Now, clicking "comment on this page" loads in the edit-comment box below it without moving you away from the source page. All that without writing any new code!</p> <h3>Second step: handling previews</h3> <div class="image"> <a href="https://jmtd.net/log/htmx/preview.png"><img alt="The old Preview Comment page" class="img" height="207" src="https://jmtd.net/log/htmx/400x-preview.png" width="400" /></a> <p>The old Preview Comment page</p> </div> <p>In the traditional workflow, clicking on "Preview" loaded a new page containing the edit form (but not the original page or any existing comments) with a rendering of the comment-in-progress below it. I wasn't originally interested in supporting the "Preview" feature, but I needed to for reasons I'll explain later.</p> <p>Rather than load new pages, I wanted "Preview" to insert a rendering of the comment-in-progress being inserted into the current page's list of comments, marked up to indicate that it's a preview.</p> <p>IkiWiki provides some templates which you can override to customise your site. I've long overridden <code>page.tmpl</code>, the template used for all pages. I needed to add a new empty <code>div</code> tag in order to have a "hook" to target with the previewed comment.</p> <p>The rest of this was achieved with <em>htmx</em> attributes on the "Preview" button, similar to in the last step: <code>hx-post</code> to define a target URI when you click the button (and specify HTTP POST); <code>hx-select</code> to filter the resulting HTML and extract the comment; <code>hx-target</code> to specify where to insert it.</p> <p>Now, clicking "Preview" does not leave the current page, but fetches a rendering of your comment-in-progress, and splices it into the comment list, appropriately marked up to be clear it's a preview.</p> <h3>Third step: handling submitted comments</h3> <p>IkiWiki is highly configurable, and many different things could happen once you post a comment.</p> <p>On my personal blog, all comments are held for moderation before they are published. The page you were served after submitting a comment was rather bare-bones, a status message "Your comment will be posted after moderator review", without the original page content or comments.</p> <p>I wanted your comment to appear in the page immediately, albeit marked up to indicate it was awaiting review. Since the traditional workflow didn't render or present your comment to you, I had to cheat.</p> <h4>handling moderated comments</h4> <div class="image"> <a href="https://jmtd.net/log/htmx/moderated.png"><img alt="Moderation message upon submitting a comment" class="img" height="145" src="https://jmtd.net/log/htmx/400x-moderated.png" width="400" /></a> <p>Moderation message upon submitting a comment</p> </div> <p>One of my goals with this project was not to modify IkiWiki itself. I had to break this rule for moderated comments. When returning the "comment is moderated" page, IkiWiki uses HTTP status code 200, the same as for other scenarios. I wrote a <a href="http://source.ikiwiki.branchable.com/?p=source.git;a=commitdiff;h=42f8414a9d4e21108f3c28be5bc274e4389e61d2">tiny patch</a> to return HTTP 202 (Accepted, but not processed) instead.</p> <p>I now have to write some actual JavaScript. <em>htmx</em> emits the <code>htmx:beforeSwap</code> event after an AJAX call returns, but before the corresponding swap is performed. I wrote a function that is triggered on this event, filters for HTTP 202 responses, triggers the "Preview" button, and then alters the result to indicate a moderated, rather than previewed, comment. (That's why I bothered to implement previews). You can read the full function here: <a href="https://jmtd.net/js/jon.js">jon.js</a>.</p> <h3>Summary</h3> <p>I've done barely any front-end web development for years and I found working with <em>htmx</em> to be an enjoyable experience.</p> <p>You can leave a comment on this very blog post if you want to see it in action. I couldn't resist adding an easter egg: Brownie points if you can figure out what it is.</p> <p>Adding <em>htmx</em> to an existing CGI-based website let me improve one of the workflows in a gracefully-degrading way (without JavaScript, the old method will continue to work fine) without modifying the existing application itself (well, almost) and without having to write very much code of my own at all: nearly all of the configuration was declarative.</p> </div> <p class="date"> <a href="https://jmtd.net/log/htmx/">09 November, 2024 09:16PM</a> </p> </div> </div> </div> <h1>November 08, 2024</h1> <div class="channel"> <a href="http://blog.fai-project.org/"> <img class="face" src="heads/mrfai.png" width="76" height="100" alt="hackergotchi for Thomas Lange" /> </a> <h2 class="planet-title"> <a href="http://blog.fai-project.org/" title="FAI (Fully Automatic Installation) / Plan your Installation and FAI installs your Plan">Thomas Lange</a> <script type="text/javascript">  </script> </h2> <div id="http://blog.fai-project.org/posts/nis-usage-in-2024/" class="http://blog.fai-project.org/posts/nis-usage-in-2024/"> <div class="entry"> <h3 class="entry-title"> <a href="http://blog.fai-project.org/posts/nis-usage-in-2024/">Using NIS (Network Information Service) in 2024</a> </h3> <div class="content"> <p>The topic of this posting already tells you that an old Unix guy tells stories about old techniques.</p> <p>I'm a happy NIS (formerly YP) user since 30+ years. I started using it with SunOS 4.0, later using it with Solaris and with Linux since 1999.</p> <p>In the past, a colleague wasn't happyly using NIS+ when he couldn't log in as root after a short time because of some well known bugs and wrong configs. NIS+ was also much slower than my NIS setup. I know organisations using NIS for more than 80.000 user accounts in 2024.</p> <p>I know the security implications of NIS but I can live with them, because I manage all computers in the network that have access to the NIS maps. And NIS on Linux offers to use shadow maps, which are only accessible to the root account. My users are forced to use very long passwords.</p> <p>Unfortunately NIS support for the PAM modules was removed in Debian in pam 1.4.0-13, which means Debian 12 (bookworm) is lacking NIS support in PAM, but otherwise it is still supported. This only affects changing the NIS password via passwd. You can still authenticate users and use other NIS maps.</p> <p>But <code>yppasswd</code> is deprecated and you should not use it! If you use <code>yppasswd</code> it may generate a new password hash by using the old DES crypt algorithm, which is very weak and only uses the first 8 chars in your password. Do not use yppasswd any more! yppasswd only detects DES, MD5, SHA256 and SHA512 hashes, but for me and some colleagues it only creates weak DES hashes after a password change. yescrypt hashes which are the default in Debian 12 are not supported at all. The solution is to use the plain <code>passwd</code> program.</p> <p>On the NIS master, you should setup your NIS configuration to use /etc/shadow and /etc/passwd even if your other NIS maps are in <code>/var/yp/src</code> or similar. Make sure to have these lines in your /var/yp/Makefile:</p> <pre><code>PASSWD = /etc/passwd SHADOW = /etc/shadow </code></pre> <p>Call make once, and it will generate the shadow and passwd map. You may want to set the variable MINUID which defines which entries are not put into the NIS maps.</p> <p>On all NIS clients you still need the entries (for passwd, shadow, group,...) that point to the nis service. E.g.:</p> <pre><code>passwd: files nis systemd group: files nis systemd shadow: files nis </code></pre> <p>You can remove all occurences of "nis" in your /etc/pam.d/common-password file.</p> <p>Then you can use the plain <code>passwd</code> program to change your password on the NIS master. But this does not call make in /var/yp for updating the NIS shadow map.</p> <p>Let's use <code>inotify(7)</code> for that. First, create a small shell script <code>/usr/local/sbin/shadow-change</code>:</p> <pre><code>#! /bin/sh PATH=/usr/sbin:/usr/bin # only watch the /etc/shadow file if [ "$2" != "shadow" ]; then exit 0 fi cd /var/yp || exit 3 sleep 2 make </code></pre> <p>Then install the package incron.</p> <pre><code># apt install incron # echo root >> /etc/incron.allow # incrontab -e </code></pre> <p>Add this line:</p> <pre><code>/etc IN_MOVED_TO /usr/local/sbin/shadow-change $@ $# $% </code></pre> <p>It's not possible to use IN_MODIFY or watch other events on /etc/shadow directly, because the passwd command creates a /etc/nshadow file, deletes /etc/shadow and then moves nshadow to shadow. inotify on a file does not work after the file was removed.</p> <p>You can see the logs from incrond by using:</p> <pre><code># journalctl _COMM=incrond e.g. Oct 01 12:21:56 kueppers incrond[6588]: starting service (version 0.5.12, built on Jan 27 2023 23:08:49) Oct 01 13:43:55 kueppers incrond[6589]: table for user root created, loading Oct 01 13:45:42 kueppers incrond[6589]: PATH (/etc) FILE (shadow) EVENT (IN_MOVED_TO) Oct 01 13:45:42 kueppers incrond[6589]: (root) CMD ( /usr/local/sbin/shadow-change /etc shadow IN_MOVED_TO) </code></pre> <p>I've disabled the execution of yppasswd using dpkg-divert</p> <pre><code># dpkg-divert --local --rename --divert /usr/bin/yppasswd-disable /usr/bin/yppasswd chmod a-rwx /usr/bin/yppasswd-disable </code></pre> <p>Do not forget to limit the access to the shadow.byname map in <code>ypserv.conf</code> and general access to NIS in <code>ypserv.securenets</code>.</p> <p>I've also discovered the package <code>pamtester</code>, which is a nice package for testing your pam configs.</p> </div> <p class="date"> <a href="http://blog.fai-project.org/posts/nis-usage-in-2024/">08 November, 2024 12:32PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://www.freexian.com/tags/planet-debian/"> <img class="face" src="heads/freexian.png" width="215" height="101" alt="hackergotchi for Freexian Collaborators" /> </a> <h2 class="planet-title"> <a href="https://www.freexian.com/tags/planet-debian/" title="planet-debian on Freexian">Freexian Collaborators</a> <script type="text/javascript">  </script> </h2> <div id="https://www.freexian.com/blog/debian-contributions-10-2024/" class="https://www.freexian.com/blog/debian-contributions-10-2024/"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.freexian.com/blog/debian-contributions-10-2024/">Debian Contributions: October’s report (by Anupa Ann Joseph)</a> </h3> <div class="content"> <h1 id="debian-contributions-2024-10">Debian Contributions: 2024-10</h1> <p><a href="https://www.freexian.com/about/debian-contributions/">Contributing to Debian</a> is part of <a href="https://www.freexian.com/about/">Freexian’s mission</a>. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our <a href="https://www.freexian.com/lts/">Long Term Support contracts</a> and <a href="https://www.freexian.com/services/">consulting services</a>.</p> <h2 id="rebootstrap-by-helmut-grohne">rebootstrap, by Helmut Grohne</h2> <p>After significant changes earlier this year, the state of architecture cross bootstrap is normalizing again. More and more architectures manage to complete rebootstrap testing successfully again. Here are two examples of what kind of issues the bootstrap testing identifies.</p> <p>At some point, <code>libpng1.6</code> would fail to cross build on <code>musl</code> architectures whereas it would succeed on other ones failing to locate <code>zlib</code>. Adding <code>--debug-find</code> to the <code>cmake</code> invocation eventually revealed that it would fail to search in <code>/usr/lib/<triplet></code>, which is the default library path. This turned out to be a <a href="https://bugs.debian.org/1085507">bug in cmake</a> assuming that <a href="https://sources.debian.org/src/cmake/3.30.5-1/Modules/Platform/Linux-Initialize.cmake/">all linux systems use glibc</a>. <code>libpng1.6</code> also gained a <a href="https://bugs.debian.org/1086389">baseline violation</a> for <code>powerpc</code> and <code>ppc64</code> by enabling the use of AltiVec there.</p> <p>The <code>newt</code> package would fail to cross build for many 32-bit architectures whereas it would succeed for <code>armel</code> and <code>armhf</code> due to <code>-Wincompatible-pointer-types</code>. It turns out that this flag was turned into <code>-Werror</code> and it was compiling with a warning earlier. The actual <a href="https://bugs.debian.org/#1086133">problem</a> is a difference in signedness between <code>wchar_t</code> and <code>FriBidChar</code> (aka <code>uint32_t</code>) and actually affects native building on <code>i386</code>.</p> <h2 id="miscellaneous-contributions">Miscellaneous contributions</h2> <ul> <li>Helmut sent 35 patches for cross build failures.</li> <li>Stefano Rivera uploaded the Python 3.13.0 final release.</li> <li>Stefano continued to rebuild Python packages with C extensions using Python 3.13, to catch compatibility issues before the <a href="https://release.debian.org/transitions/html/python3.13-add.html">3.13-add transition</a> starts.</li> <li>Stefano uploaded new versions of a handful of Python packages, including: dh-python, objgraph, python-mitogen, python-truststore, and python-virtualenv.</li> <li>Stefano packaged a new release of <code>mkdocs-macros-plugin</code>, which required packaging a new Python package for Debian, <a href="https://ftp-master.debian.org/new/python-super-collections_0.5.3-1.html">python-super-collections</a> (now in NEW review).</li> <li>Stefano helped the <a href="https://mdcobr2024.mini.debconf.org/">mini-DebConf Online Brazil</a> get video infrastructure up and running for the event. Unfortunately, Debian’s online-DebConf setup has bitrotted over the last couple of years, and it eventually required new temporary Jitsi and Jibri instances.</li> <li>Colin Watson fixed a number of autopkgtest failures to get ansible back into testing.</li> <li>Colin fixed an <a href="https://bugs.debian.org/1041521">ssh client failure</a> in certain cases when using GSS-API key exchange, and added an integration test to ensure this doesn’t regress in future.</li> <li>Colin worked on the Python 3.13 transition, fixing problems related to it in 15 packages. This included upstream work in a number of packages (postgresfixture, python-asyncssh, python-wadllib).</li> <li>Colin upgraded 41 Python packages to new upstream versions.</li> <li>Carles improved <a href="https://salsa.debian.org/carlespina/po-debconf-manager">po-debconf-manager</a>: now it can create merge requests to Salsa automatically (created 17, new batch coming this month), imported almost all the packages with debconf translation templates whose VCS is Salsa (currently 449 imported), added statistics per package and language, improved command line interface options. Performed user support fixing different issues. Also prepared an abstract for the talk at MiniDebConf Toulouse.</li> <li>Santiago Ruano Rincón continued the organization work for the DebConf 25 conference, to be held in Brest, France. Part of the work relates to the initial edits of the sponsoring brochure. Thanks to Benjamin Somers who finalized the French and English versions.</li> <li>Raphaël forwarded a couple of <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1081661">zim</a> and <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1084662">hamster</a> bugs to the upstream developers, and tried to diagnose a delayed startup of gdm on his laptop (cf <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=1085633">#1085633</a>).</li> <li>On behalf of the Debian Publicity Team, Anupa interviewed 7 women from the Debian community, old and new contributors. The interview was published in <a href="https://bits.debian.org/2024/10/ada-lovelace-day-2024-interview-with-some-women-in-debian.html">Bits from Debian</a>.</li> </ul> </div> <p class="date"> <a href="https://www.freexian.com/blog/debian-contributions-10-2024/">08 November, 2024 12:00AM</a> by Anupa Ann Joseph </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="https://diffoscope.org/" title="diffoscope">Reproducible Builds (diffoscope)</a> <script type="text/javascript">  </script> </h2> <div id="https://diffoscope.org/news/diffoscope-283-released/" class="https://diffoscope.org/news/diffoscope-283-released/"> <div class="entry"> <h3 class="entry-title"> <a href="https://diffoscope.org/news/diffoscope-283-released/">diffoscope 283 released</a> </h3> <div class="content"> <p>The diffoscope maintainers are pleased to announce the release of diffoscope version <code class="language-plaintext highlighter-rouge">283</code>. This version includes the following changes:</p> <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ Martin Abente Lahaye ] * Fix crash when objdump is missing when checking .EFI files. </code></pre></div></div> <p>You find out more by <a href="https://diffoscope.org">visiting the project homepage</a>.</p> </div> <p class="date"> <a href="https://diffoscope.org/news/diffoscope-283-released/">08 November, 2024 12:00AM</a> </p> </div> </div> </div> <h1>November 07, 2024</h1> <div class="channel"> <a href="https://jmtd.net/log/"> <img class="face" src="heads/jmtd.png" width="65" height="85" alt="hackergotchi for Jonathan Dowland" /> </a> <h2 class="planet-title"> <a href="https://jmtd.net/log/" title="Jonathan Dowland's Weblog">Jonathan Dowland</a> <script type="text/javascript">  </script> </h2> <div id="https://jmtd.net/log/The_Fog/" class="https://jmtd.net/log/The_Fog/"> <div class="entry"> <h3 class="entry-title"> <a href="https://jmtd.net/log/The_Fog/">John Carpenter's "The Fog"</a> </h3> <div class="content"> <div class="centre"> <div class="image+centre"> <a href="https://jmtd.net/log/The_Fog/image1.jpg"><img alt="'The Fog' 7 inch vinyl record" class="img" height="225" src="https://jmtd.net/log/The_Fog/400x-image1.jpg" width="400" /></a> </div> </div> <p>A gift from my brother. Coincidentally I’ve had John Carpenter’s “Halloween” echoing around my my head for weeks: I’ve been deconstructing it and trying to learn to play it.</p> </div> <p class="date"> <a href="https://jmtd.net/log/The_Fog/">07 November, 2024 09:51AM</a> </p> </div> </div> </div> <h1>November 06, 2024</h1> <div class="channel"> <a href="https://bits.debian.org/"> <img class="face" src="heads/dwn.png" width="77" height="85" alt="hackergotchi for Bits from Debian" /> </a> <h2 class="planet-title"> <a href="https://bits.debian.org/" title="Bits from Debian">Bits from Debian</a> <script type="text/javascript">  </script> </h2> <div id="https://bits.debian.org/2024/11/bits-from-the-dpl-november.html" class="https://bits.debian.org/2024/11/bits-from-the-dpl-november.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://bits.debian.org/2024/11/bits-from-the-dpl-november.html">Bits from the DPL</a> </h3> <div class="content"> <p>Dear Debian community,</p> <p>this is Bits from DPL for October. In addition to a summary of my recent activities, I aim to include newsworthy developments within Debian that might be of interest to the broader community. I believe this provides valuable insights and foster a sense of connection across our diverse projects. Also, I welcome your feedback on the format and focus of these Bits, as community input helps shape their value.</p> <h1>Ada Lovelace Day 2024</h1> <p>As outlined in my platform, I'm committed to increasing the diversity of Debian developers. I hope the recent article celebrating Ada Lovelace Day 2024–featuring interviews with <a href="https://lists.debian.org/debian-women/2024/10/msg00000.html">women in Debian</a>–will serve as an inspiring motivation for more women to join our community.</p> <h1>MiniDebConf Cambridge</h1> <p>This was my first time attending the <a href="https://wiki.debian.org/DebianEvents/gb/2024/MiniDebConfCambridge">MiniDebConf in Cambridge</a>, hosted at the ARM building. I thoroughly enjoyed the welcoming atmosphere of both MiniDebCamp and MiniDebConf. It was wonderful to reconnect with people who hadn't made it to the last two DebConfs, and, as always, there was plenty of hacking, insightful discussions, and valuable learning.</p> <p>If you missed the recent MiniDebConf, there's a great opportunity to attend the next one in <a href="https://wiki.debian.org/DebianEvents/fr/2024/Toulouse">Toulouse</a>. It was recently decided to include a MiniDebCamp beforehand as well.</p> <h1>FTPmaster accepts MRs for DAK</h1> <p>At the recent MiniDebConf in Cambridge, I discussed potential enhancements for DAK to make life easier for both FTP Team members and developers. For those interested, the document "<a href="https://salsa.debian.org/ftp-team/dak/-/blob/master/docs/development.rst?ref_type=heads">Hacking on DAK</a>" provides guidance on setting up a local DAK instance and developing patches, which can be submitted as MRs.</p> <p>As a perfectly random example of such improvements some older MR, "<a href="https://salsa.debian.org/ftp-team/dak/-/merge_requests/270">Add commands to accept/reject updates from a policy queue</a>" might give you some inspiration.</p> <p>At MiniDebConf, we compiled an initial list of features that could benefit both the FTP Team and the developer community. While I had preliminary discussions with the FTP Team about these items, not all ideas had consensus. I aim to open a detailed, public discussion to gather broader feedback and reach a consensus on which features to prioritize.</p> <ul> <li>Accept+Bug report</li> </ul> <p>Sometimes, packages are rejected not because of DFSG-incompatible licenses but due to other issues that could be resolved within an existing package (as discussed in my DebConf23 BoF, "<a href="https://debconf23.debconf.org/talks/31-chatting-with-ftpmasters/">Chatting with ftpmasters</a>"[1]). During the "<a href="https://debconf24.debconf.org/talks/154-meet-the-ftpteam/">Meet the ftpteam</a>" BoF (<a href="https://salsa.debian.org/tille/dc24/-/blob/ftpmaster_bof_log/etherpad/txt/154-meet-the-ftpteam.txt?ref_type=heads">Log/transcription of the BoF can be found here</a>), for the moment until the MR gets accepted, a new option was proposed for FTP Team members reviewing packages in NEW: <em></em></p><p align="center"><em>Accept + Bug Report</em></p> This option would allow a package to enter Debian (in unstable or experimental) with an automatically filed RC bug report. The RC bug would prevent the package from migrating to testing until the issues are addressed. To ensure compatibility with the BTS, which only accepts bug reports for existing packages, a delayed job (24 hours post-acceptance) would file the bug.<p></p> <ul> <li>Binary name changes - for instance if done to experimental not via new</li> </ul> <p>When binary package names change, currently the package must go through the NEW queue, which can delay the availability of updated libraries. Allowing such packages to bypass the queue could expedite this process. A configuration option to enable this bypass specifically for uploads to experimental may be useful, as it avoids requiring additional technical review for experimental uploads.</p> <p>Previously, I believed the requirement for binary name changes to pass through NEW was due to a missing feature in DAK, possibly addressable via an MR. However, in discussions with the FTP Team, I learned this is a matter of team policy rather than technical limitation. I haven't found this policy documented, so it may be worth having a community discussion to clarify and reach consensus on how we want to handle binary name changes to get the MR sensibly designed.</p> <ul> <li>Remove dependency tree</li> </ul> <p>When a developer requests the removal of a package – whether entirely or for specific architectures – RM bugs must be filed for the package itself as well as for each package depending on it. It would be beneficial if the dependency tree could be automatically resolved, allowing either:</p> <div class="highlight"><pre><span></span><code><span class="n">a</span><span class="p">)</span> <span class="n">the</span> <span class="n">DAK</span> <span class="n">removal</span> <span class="n">tooling</span> <span class="n">to</span> <span class="n">remove</span> <span class="n">the</span> <span class="n">entire</span> <span class="n">dependency</span> <span class="n">tree</span> <span class="n">after</span> <span class="n">prompting</span> <span class="n">the</span> <span class="n">bug</span> <span class="n">report</span> <span class="n">author</span> <span class="k">for</span> <span class="n">confirmation</span><span class="p">,</span> <span class="ow">or</span> <span class="n">b</span><span class="p">)</span> <span class="n">the</span> <span class="n">system</span> <span class="n">to</span> <span class="n">auto</span><span class="o">-</span><span class="n">generate</span> <span class="n">corresponding</span> <span class="n">bug</span> <span class="n">reports</span> <span class="k">for</span> <span class="n">all</span> <span class="n">packages</span> <span class="ow">in</span> <span class="n">the</span> <span class="n">dependency</span> <span class="n">tree</span><span class="o">.</span> </code></pre></div> <p>The latter option might be better suited for implementation in an MR for reportbug. However, given the possibility of large-scale removals (for example, targeting specific architectures), having appropriate tooling for this would be very beneficial.</p> <p>In my opinion the proposed DAK enhancements aim to support both FTP Team members and uploading developers. I'd be very pleased if these ideas spark constructive discussion and inspire volunteers to start working on them--possibly even preparing to join the FTP Team.</p> <p>On the topic of ftpmasters: an ongoing discussion with SPI lawyers is currently reviewing the <a href="https://salsa.debian.org/tille/dc24/-/blob/ftpmaster_bof_log/etherpad/txt/154-meet-the-ftpteam.txt?ref_type=heads">non-US agreement established 22 years ago</a>. Ideally, this review will lead to a streamlined workflow for ftpmasters, removing certain hurdles that were originally put in place due to legal requirements, which were updated in 2021.</p> <h1>Contacting teams</h1> <p>My outreach efforts to Debian teams have slowed somewhat recently. However, I want to emphasize that anyone from a packaging team is more than welcome to reach out to me directly. My outreach emails aren't following any specific orders--just my own somewhat naïve view of Debian, which I'm eager to make more informed.</p> <p>Recently, I received two very informative responses: one from the Qt/KDE Team, which thoughtfully compiled input from several team members into a <a href="https://mensuel.framapad.org/p/4dp9h91jgh-aa34?lang=fr">shared document</a>. The other was from the Rust Team, where I received three quick, helpful replies–one of which included an invitation to their upcoming team meeting.</p> <h1>Interesting readings on our mailing lists</h1> <p>I consider the following threads on our mailing list some interesting reading and would like to add some comments.</p> <h2>Sensible languages for younger contributors</h2> <p>Though the discussion on <a href="https://lists.debian.org/debian-devel/2024/09/msg00268.html">debian-devel about programming languages</a> took place in September, I recently caught up with it. I strongly believe Debian must continue evolving to stay relevant for the future.</p> <p>"Everything must change, so that everything can stay the same." -- Giuseppe Tomasi di Lampedusa, The Leopard</p> <p>I encourage constructive discussions on integrating programming languages in our toolchain that support this evolution.</p> <h2>Concerns regarding the "Open Source AI Definition"</h2> <p>A recent thread on the debian-project list discussed the "<a href="https://lists.debian.org/debian-project/2024/10/msg00005.html">Open Source AI Definition</a>". This topic will impact Debian in the future, and we need to reach an informed decision. I'd be glad to see more perspectives in the discussions−particularly on finding a sensible consensus, understanding how FTP Team members view their delegated role, and considering whether their delegation might need adjustments for clarity on this issue.</p> <p>Kind regards Andreas.</p> </div> <p class="date"> <a href="https://bits.debian.org/2024/11/bits-from-the-dpl-november.html">06 November, 2024 11:00PM</a> by Andreas Tille </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://daniel-lange.com/"> <img class="face" src="heads/DLange.png" width="81" height="85" alt="hackergotchi for Daniel Lange" /> </a> <h2 class="planet-title"> <a href="https://daniel-lange.com/" title="Daniel Lange's blog">Daniel Lange</a> <script type="text/javascript">  </script> </h2> <div id="https://daniel-lange.com/archives/189-Weird-times-...-or-how-the-New-York-DEC-decided-the-US-presidential-elections.html" class="https://daniel-lange.com/archives/189-Weird-times-...-or-how-the-New-York-DEC-decided-the-US-presidential-elections.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://daniel-lange.com/archives/189-Weird-times-...-or-how-the-New-York-DEC-decided-the-US-presidential-elections.html">Weird times ... or how the New York DEC decided the US presidential elections</a> </h3> <div class="content"> <p>November 2024 will be known as the time when killing <a href="https://en.wikipedia.org/wiki/Peanut_(squirrel)">peanut, a pet squirrel,</a> by the New York State <abbr title="Department of Environmental Conservation">DEC</abbr> swung the US presidential elections and shaped history forever.</p> <p>The hundreds of millions of dollars spent on each side, the tireless campaigning by the candidates, the celebrity endorsements ... all made for an open race for months. Investments evened each other out.</p> <p>But an <a href="https://www.youtube.com/watch?v=z1X4cQ9UiOk" title="TMZ interview with the pet owner Mark Longo on his porn business"><abbr title="A website that offers subscriptions to porn with a social community touch">OnlyFans</abbr> producer</a> showing people an overreaching, bureaucracy driven State raiding his home to confiscate a pet squirrel and kill it ... swung enough voters to decide the elections.</p> <p>That is what we need to understand in times of instant worldwide publication and a mostly attention driven economy: Human fates, elections, economic cycles and wars can be decided by people killing squirrels.</p> <p><img alt="" class="serendipity_image_center" height="795" src="https://daniel-lange.com/uploads/entries/Peanut_and_his_owner_Mark_Longo.jpg" title="Peanut, the squirrel, and his owner Mark Longo" width="624" /></p> <p>RIP, <a href="https://www.instagram.com/peanut_the_squirrel12/" title="Mark Longo's Instagram page for Peanut, the squirrel">peanut</a>.</p> <p><em>P.S.:</em> Trump Media & Technology Group Corp. (DJT) stock is up 30% pre-market.</p> </div> <p class="date"> <a href="https://daniel-lange.com/archives/189-Weird-times-...-or-how-the-New-York-DEC-decided-the-US-presidential-elections.html">06 November, 2024 09:15AM</a> by Daniel Lange </p> </div> </div> </div> <div class="channel"> <a href="http://www.braincells.com/debian/"> <img class="face" src="heads/jaldhar.png" width="104" height="102" alt="hackergotchi for Jaldhar Vyas" /> </a> <h2 class="planet-title"> <a href="http://www.braincells.com/debian/" title="La Salle Debain">Jaldhar Vyas</a> <script type="text/javascript">  </script> </h2> <div id="https://www.braincells.com/debian/index.html" class="https://www.braincells.com/debian/index.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.braincells.com/debian/index.html">Making America Great Again</a> </h3> <div class="content"> <article> <article> <h3>Making America Great Again</h3> <p><img alt="Justice For Peanut" id="justiceforpeanut" src="https://www.braincells.com/debian/images/peanut.jpg" /></p> <p>Some interesting takeaways (With the caveat that exit polls are not completely accurate and we won't have the full picture for days.)</p> <ul> <li><p>President Trump seems to have won the popular vote which no Republican has done I believe since Reagan.</p></li> <li><p>Apparently women didn't particularly care about abortion (CNN said only 14% considered it their primary issue) There is a noticable divide but it is single versus married not women versus men per se.</p></li> <li><p>Hispanics who are here legally voted against Hispanics coming here illegally. Latinx's didn't vote for anything because they don't exist.</p></li> <li><p>The infamous MSG rally joke had no effect on the voting habits of Puerto Ricans. </p></li> <li><p>Republicans have taken the Senate and if trends continue as they are will retain control of the House of Representatives.</p></li> <li><p>President Biden may have actually been a better candidate than Border Czar Harris.</p></li> </ul> </article></article> </div> <p class="date"> <a href="https://www.braincells.com/debian/index.html">06 November, 2024 07:11AM</a> </p> </div> </div> </div> <h1>November 04, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="https://ravidwivedi.in/posts/" title="Posts on Ravi's Blog">Ravi Dwivedi</a> <script type="text/javascript">  </script> </h2> <div id="https://ravidwivedi.in/posts/kenya-trip/" class="https://ravidwivedi.in/posts/kenya-trip/"> <div class="entry"> <h3 class="entry-title"> <a href="https://ravidwivedi.in/posts/kenya-trip/">Asante Kenya for a Good Time</a> </h3> <div class="content"> <p>In September of this year, I visited Kenya to attend the <a href="https://ravidwivedi.in/posts/sotm-2024/">State of the Map conference</a>. I spent six nights in the capital Nairobi, two nights in Mombasa, and one night on a train. I was very happy with the visa process being <a href="https://ravidwivedi.in/posts/kenya-visa-process/">smooth and quick</a>. Furthermore, I stayed at the Nairobi Transit Hotel with other attendees, with Ibtehal from Bangladesh as my roommate. One of the memorable moments was the time I spent at a local coffee shop nearby. We used to go there at midnight, despite the grating in the shops suggesting such adventures were unsafe. Fortunately, nothing bad happened, and we were rewarded with a fun time with the locals.</p> <figure><img src="https://ravidwivedi.in/images/kenya/coffee-shop.jpg" width="500" /> <h4>The coffee shop Ibtehal and me used to visit during the midnight</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/grating-at-a-chemist-shop.jpg" width="500" /> <h4>Grating at a chemist shop in Mombasa, Kenya</h4> </figure> <p>The country lies on the equator, which might give the impression of extremely hot temperatures. However, Nairobi was on the cooler side (10–25 degrees Celsius), and I found myself needing a hoodie, which I bought the next day. It also served as a nice souvenir, as it had an outline of the African map printed on it.</p> <p>I also bought a Safaricom SIM card for 100 shillings and recharged it with 1000 shillings for 8 GB internet with 5G speeds and 400 minutes talk time.</p> <h2 id="a-visit-to-nairobis-historic-cricket-ground">A visit to Nairobi’s Historic Cricket Ground</h2> <p>On this trip, I got a unique souvenir that can’t be purchased from the market—a cricket jersey worn in an ODI match by a player. The story goes as follows: I was roaming around the market with my friend Benson from Nairobi to buy a Kenyan cricket jersey for myself, but we couldn’t find any. So, Benson had the idea of visiting the Nairobi Gymkhana Club, which used to be Kenya’s main cricket ground. It has hosted some historic matches, including the 2003 World Cup match in which Kenya <a href="https://www.espncricinfo.com/series/icc-world-cup-2002-03-61124/kenya-vs-sri-lanka-26th-match-65258/full-scorecard">beat</a> the mighty Sri Lankans and the record for the <a href="https://www.espncricinfo.com/series/kca-centenary-tournament-1996-97-60990/pakistan-vs-sri-lanka-6th-match-66057/full-scorecard">fastest</a> ODI century by Shahid Afridi in just 37 balls in 1996.</p> <p>Although entry to the club was exclusively for members, I was warmly welcomed by the staff. Upon reaching the cricket ground, I met some Indian players who played in Kenyan leagues, as well as <a href="https://www.espncricinfo.com/cricketers/lucas-oluoch-440162">Lucas Oluoch</a> and <a href="https://www.espncricinfo.com/cricketers/dominic-wesonga-315051">Dominic Wesonga</a>, who have represented Kenya in ODIs. When I expressed interest in getting a jersey, Dominic agreed to send me pictures of his jersey. I liked his jersey and collected it from him. I gave him 2000 shillings, an amount suggested by those Indian players.</p> <figure><img src="https://ravidwivedi.in/images/kenya/players-at-ground.jpg" width="500" /> <h4>Me with players at the Nairobi Gymkhana Club</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/cricket-pitch.jpg" width="500" /> <h4>Cricket pitch at the Nairobi Gymkhana Club</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/cricket-ground.jpg" width="500" /> <h4>A view of the cricket ground inside the Nairobi Gymkhana Club</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/scoreboard-at-narobi-gymkhana-club.jpg" width="500" /> <h4>Scoreboard at the Nairobi Gymkhana cricket ground</h4> </figure> <h2 id="giraffe-center-in-nairobi">Giraffe Center in Nairobi</h2> <p>Kenya is known for its safaris and has <a href="https://en.wikipedia.org/wiki/List_of_national_parks_of_Kenya">no shortage of national parks</a>. In fact, Nairobi is the only capital in the world with a national park. I decided not to visit one, as most of them were expensive and offered multi-day tours, and I didn’t want to spend that much time in the wildlife.</p> <p>Instead, I went to the Giraffe Center in Nairobi with Pragya and Rabina. The ticket cost 1500 Kenyan shillings (1000 Indian rupees). In Kenya, matatus - shared vans, usually decorated with portraits of famous people and play rap songs - are the most popular means of public transport. Reaching the Giraffe Center from our hotel required taking five matatus, which cost a total of 150 shillings, and a 2 km walk. The journey back was 90 shillings, suggesting that we didn’t find the most efficient route to get there. At the Giraffe Center, we fed giraffes and took photos.</p> <figure><img src="https://ravidwivedi.in/images/kenya/notorious-big.jpg" width="500" /> <h4>A matatu with a Notorious BIG portrait.</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/inside-the-giraffe-center.jpg" width="500" /> <h4>Inside the Giraffe Center</h4> </figure> <h2 id="train-ride-from-nairobi-to-mombasa">Train ride from Nairobi to Mombasa</h2> <p>I took a train from Nairobi to Mombasa. The train is known as the “<a href="https://en.wikipedia.org/wiki/Mombasa-Nairobi_Standard_Gauge_Railway">SGR Train</a>,” where “SGR” refers to “Standard Gauge Railway.” The journey was around 500 km. M-Pesa was the only way to make payment for pre-booking the train ticket, and I didn’t have an M-Pesa account. Pragya’s friend Mary helped facilitate the payment. I booked a second-class ticket, which cost 1500 shillings (1000 Indian rupees).</p> <p>The train was scheduled to depart from Nairobi at 08:00 hours in the morning and arrive in Mombasa at 14:00 hours. The security check at the station required scanning our bags and having them sniffed by sniffer dogs. I also fell victim to a scam by a security official who offered to help me get my ticket printed, only to later ask me to get him some coffee, which I politely declined.</p> <p>Before boarding the train, I was treated to some stunning views at the Nairobi Terminus station. It was a seating train, but I wished it were a sleeper train, as I was sleep-deprived. The train was neat and clean, with good toilets. The train reached Mombasa on time at around 14:00 hours.</p> <figure><img src="https://ravidwivedi.in/images/kenya/nairobi-terminus.jpg" width="500" /> <h4>SGR train at Nairobi Terminus.</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/sgr-interior.jpg" width="500" /> <h4>Interior of the SGR train</h4> </figure> <h2 id="arrival-in-mombasa">Arrival in Mombasa</h2> <figure><img src="https://ravidwivedi.in/images/kenya/mombasa-terminus.jpg" width="500" /> <h4>Mombasa Terminus station.</h4> </figure> <p>Mombasa was a bit hotter than Nairobi, with temperatures reaching around 30 degrees Celsius. However, that’s not too hot for me, as I am used to higher temperatures in India. I had booked a hostel in the Old Town and was searching for a hitchhike from the Mombasa Terminus station. After trying for more than half an hour, I took a matatu that dropped me 3 km from my hostel for 200 shillings (140 Indian rupees). I tried to hitchhike again but couldn’t find a ride.</p> <p>I think I know why I couldn’t get a ride in both the cases. In the first case, the Mombasa Terminus was in an isolated place, so most of the vehicles were taxis or matatus while any noncommercial cars were there to pick up friends and family. If the station were in the middle of the city, there would be many more car/truck drivers passing by, thus increasing my possibilities of getting a ride. In the second case, my hostel was at the end of the city, and nobody was going towards that side. In fact, many drivers told me they would love to give me a ride, but they were going in some other direction.</p> <p>Finally, I took a tuktuk for 70 shillings to reach my hostel, Tulia Backpackers. It was 11 USD (1400 shillings) for one night. The balcony gave a nice view of the Indian Ocean. The rooms had fans, but there was no air conditioning. Each bed also had mosquito nets. The place was walking distance of the famous <a href="https://en.wikipedia.org/wiki/Fort_Jesus">Fort Jesus</a>. Mombasa has had more Islamic influence compared to Nairobi and also has many Hindu temples.</p> <figure><img src="https://ravidwivedi.in/images/kenya/balcony-at-tulia.jpg" width="500" /> <h4>The balcony at Tulia Backpackers Hostel had a nice view of the ocean.</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/room-in-tulia.jpg" width="500" /> <h4>A room inside the hostel with fans and mosquito nets on the beds</h4> </figure> <h2 id="visiting-white-sandy-beaches-and-getting-a-hitchhike">Visiting White Sandy Beaches and Getting a Hitchhike</h2> <p>Visiting Nyali beach marked my first time ever at a white sand beach. It was like 10 km from the hostel. The next day, I visited Diani Beach, which was 30 km from the hostel. Going to Diani Beach required crossing a river, for which there’s a free ferry service every few minutes, followed by taking a matatu to Ukunda and then a tuk-tuk. The journey gave me a glimpse of the beautiful countryside of Kenya.</p> <figure><img src="https://ravidwivedi.in/images/kenya/nyali-beach.jpg" width="500" /> <h4>Nyali beach is a white sand beach</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/ferry.jpg" width="500" /> <h4>This is the ferry service for crossing the river.</h4> </figure> <p>During my return from Diani Beach to the hostel, I was successful in hitchhiking. However, it was only a 4 km ride and not sufficient to reach Ukunda, so I tried to get another ride. When a truck stopped for me, I asked for a ride to Ukunda. Later, I learned that they were going in the same direction as me, so I got off within walking distance from my hostel. The ride was around 30 km. I also learned the difference between a truck ride and a matatu or car ride. For instance, matatus and cars are much faster and cooler due to air conditioning, while trucks tend to be warmer because they lack it. Further, the truck was stopped at many checkpoints by the police for inspections as it carried goods, which is not the case with matatus. Anyways, it was a nice experience, and I am grateful for the ride. I had a nice conversation with the truck drivers about Indian movies and my experiences in Kenya.</p> <figure><img src="https://ravidwivedi.in/images/kenya/diani-beach.jpg" width="500" /> <h4>Diani beach is a popular beach in Kenya. It is a white sand beach.</h4> </figure> <figure><img src="https://ravidwivedi.in/images/kenya/selfie-with-truck-drivers.jpg" width="500" /> <h4>Selfie with truck drivers who gave me the free ride</h4> </figure> <h2 id="back-to-nairobi">Back to Nairobi</h2> <p>I took the SGR train from Mombasa back to Nairobi. This time I took the night train, which departs at 22:00 hours, reaching Nairobi at around 04:00 in the morning. I could not sleep comfortably since the train only had seater seats.</p> <p>I had booked the Zarita Hotel in Nairobi and had already confirmed if they allowed early morning check-in. Usually, hotels have a fixed checkout time, say 11:00 in the morning, and you are not allowed to stay beyond that regardless of the time you checked in. But this hotel checked me in for 24 hours. Here, I paid in US dollars, and the cost was 12 USD.</p> <h2 id="almost-got-stuck-in-kenya">Almost Got Stuck in Kenya</h2> <p>Two days before my scheduled flight from Nairobi back to India, I heard the news that the airports in Kenya were <a href="https://www.bbc.co.uk/news/articles/c3rdg13z1j7o">closed</a> due to the strikes. Rabina and Pragya had their flight back to Nepal canceled that day, which left them stuck in Nairobi for two additional days. I called Sahil in India and found out during the conversation that the strike was <a href="https://www.reuters.com/world/africa/strike-kenyas-main-airport-causing-flight-delays-cancellations-kenya-airways-2024-09-11/">called off</a> in the evening. It was a big relief for me, and I was fortunate to be able to fly back to India without any changes to my plans.</p> <figure><img src="https://ravidwivedi.in/images/kenya/newspapers.jpg" width="500" /> <h4>Newspapers at a stand in Kenya covering news on the airport closure</h4> </figure> <h2 id="experience-with-locals">Experience with locals</h2> <p>I had no problems communicating with Kenyans, as everyone I met knew English to an extent that could easily surpass that of big cities in India. Additionally, I learned a few words from Kenya’s most popular local language, Swahili, such as “Asante,” meaning “thank you,” “Jambo” for “hello,” and “Karibu” for “welcome.” Knowing a few words in the local language went a long way.</p> <p>I am not sure what’s up with haggling in Kenya. It wasn’t easy to bring the price of souvenirs down. I bought a fridge magnet for 200 shillings, which was the quoted price. On the other hand, it was much easier to bargain with taxis/tuktuks/motorbikes.</p> <p>I stayed at three hotels/hostels in Kenya. None of them had air conditioners. Two of the places were in Nairobi, and they didn’t even have fans in the rooms, while the one in Mombasa had only fans. All of them had good Wi-Fi, except Tulia where the internet overall was a bit shaky.</p> <p>My experience with the hotel staff was great. For instance, we requested that the Nairobi Transit Hotel cancel the included breakfast in order to reduce the room costs, but later realized that it was not a good idea. The hotel allowed us to revert and even offered one of our missing breakfasts during dinner.</p> <p>The staff at Tulia Backpackers in Mombasa facilitated the ticket payment for my train from Mombasa to Nairobi. One of the staff members also gave me a lift to the place where I could catch a matatu to Nyali Beach. They even added an extra tea bag to my tea when I requested it to be stronger.</p> <h2 id="food">Food</h2> <p>At the Nairobi Transit Hotel, a Spanish omelet with tea was served for breakfast. I noticed that Spanish omelette appeared on the menus of many restaurants, suggesting that it is popular in Kenya. This was my first time having this dish. The milk tea in Kenya, referred to by locals as “white tea,” is lighter than Indian tea (they don’t put a lot of tea leaves).</p> <figure><img src="https://ravidwivedi.in/images/kenya/spanish-omlette.jpg" width="500" /> <h4>Spanish Omelette served in breakfast at Nairobi Transit Hotel</h4> </figure> <p>I also sampled ugali with eggs. In Mombasa, I visited an Indian restaurant called New Chetna and had a buffet thali there twice.</p> <figure><img src="https://ravidwivedi.in/images/kenya/ugali-with-eggs.jpg" width="500" /> <h4>Ugali with eggs.</h4> </figure> <h2 id="tips-for-exchanging-money">Tips for Exchanging Money</h2> <p>In Kenya, I exchanged my money at forex shops a couple of times. I received good exchange rates for bills larger than 50 USD. For instance, 1 USD on xe.com was 129 shillings, and I got 128.3 shillings per USD (a total of 12,830 shillings) for two 50 USD notes at an exchange in Nairobi, while 127 shillings, which was the highest rate at the banks. On the other hand, for smaller bills such as a one US dollar note, I would have got 125 shillings. A passport was the only document required for the exchange, and they also provided a receipt.</p> <p>A good piece of advice for travelers is to keep 50 USD or larger bills for exchanging into the local currency while saving the smaller US dollar bills for accommodation, as many hotels and hostels accept payment in US dollars (in addition to Kenyan shillings).</p> <h2 id="missed-malindi-and-lamu">Missed Malindi and Lamu</h2> <p>There were more places on my to-visit list in Kenya. But I simply didn’t have time to cover them, as I don’t like rushing through places, especially in a foreign country where there is a chance of me underestimating the amount of time it takes during transit. I would have liked to visit at least one of <a href="https://en.wikivoyage.org/wiki/Kilifi">Kilifi</a>, <a href="https://en.wikivoyage.org/wiki/Malindi#Watamu_beaches">Watamu</a> or <a href="https://en.wikivoyage.org/wiki/Malindi">Malindi</a> beaches. Further, <a href="https://en.wikivoyage.org/wiki/Lamu">Lamu</a> seemed like a unique place to visit as it has no cars or motorized transport; the only options for transport are boats and donkeys.</p> <p>That’s it for now. Meet you in the next one :)</p> </div> <p class="date"> <a href="https://ravidwivedi.in/posts/kenya-trip/">04 November, 2024 07:25PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="http://sven.stormbind.net/blog/" title="a blog">Sven Hoexter</a> <script type="text/javascript">  </script> </h2> <div id="http://sven.stormbind.net/blog/posts/gcp_clouddns_https_ipv6hint/" class="http://sven.stormbind.net/blog/posts/gcp_clouddns_https_ipv6hint/"> <div class="entry"> <h3 class="entry-title"> <a href="http://sven.stormbind.net/blog/posts/gcp_clouddns_https_ipv6hint/">Google CloudDNS HTTPS Records with ipv6hint</a> </h3> <div class="content"> <p>I naively provisioned an HTTPS record at Google CloudDNS like this via terraform:</p> <pre><code>resource "google_dns_record_set" "testv6" { name = "testv6.some-domain.example." managed_zone = "some-domain-example" type = "HTTPS" ttl = 3600 rrdatas = ["1 . alpn=\"h2\" ipv4hint=\"198.51.100.1\" ipv6hint=\"2001:DB8::1\""] } </code></pre> <p>This results in a permanent diff because the Google CloudDNS API seems to parse the record content, and stores the ipv6hint expanded (removing the <code>::</code> notation) and in all lowercase as <code>2001:db8:0:0:0:0:0:1</code>. Thus to fix the permanent diff we've to use it like this:</p> <pre><code>resource "google_dns_record_set" "testv6" { name = "testv6.some-domain.example." managed_zone = "some-domain-example" type = "HTTPS" ttl = 3600 rrdatas = ["1 . alpn=\"h2\" ipv4hint=\"198.51.100.1\" ipv6hint=\"2001:db8:0:0:0:0:0:1\""] } </code></pre> <p>Guess I should be glad that they already support HTTPS records natively, and not bicker too much about the implementation details.</p> </div> <p class="date"> <a href="http://sven.stormbind.net/blog/posts/gcp_clouddns_https_ipv6hint/">04 November, 2024 01:11PM</a> </p> </div> </div> </div> <h1>November 03, 2024</h1> <div class="channel"> <a href="http://blog.sesse.net/"> <img class="face" src="heads/sesse.png" width="74" height="85" alt="hackergotchi for Steinar H. Gunderson" /> </a> <h2 class="planet-title"> <a href="http://blog.sesse.net/" title="Steinar H. Gunderson">Steinar H. Gunderson</a> <script type="text/javascript">  </script> </h2> <div id="http://blog.sesse.net/blog/tech/2024-11-03-11-48_ultimate_rules_as_a_service.html" class="http://blog.sesse.net/blog/tech/2024-11-03-11-48_ultimate_rules_as_a_service.html"> <div class="entry"> <h3 class="entry-title"> <a href="http://blog.sesse.net/blog/tech/2024-11-03-11-48_ultimate_rules_as_a_service.html">Ultimate rules as a service</a> </h3> <div class="content"> <p>Since <a href="https://rules.wfdf.sport/">WFDF</a> changed their ultimate rules web site to be less-than-ideal (in the name of putting everything into Wordpress…), I made my own, at <a href="https://www.urules.org/">urules.org</a>. It was a fun journey; I've never fiddled with <a href="https://web.dev/explore/progressive-web-apps">PWAs</a> before, and I was a bit surprised how low-level it all was. I assumed that since my page is just a bunch of HTML files and ~100 lines of JS, I could just bundle that up—but no, that is something they expect a framework to do for you.</p> <p>The only primitive you get is seemingly that you can fire up your own background service worker (JS running in its own, locked-down context) and that gets to peek at every HTTP request done and possibly intercept it. So you can use a <a href="https://developer.mozilla.org/en-US/docs/Web/API/Cache">Web Cache</a> (seemingly a separate concept from web local storage?), insert stuff into that, and then query it to intercept requests. It doesn't feel very elegant, perhaps?</p> <p>It <em>is</em> a bit neat that I can use this to make my own bundling, though. All the pages and images (painfully converted to SVG to save space and re-flow for mobile screens, mostly by simply drawing over bitmaps by hand in Inkscape) are stuck into a JSON dictionary, compressed using the slowest compressor I could find and then downloaded as a single 159 kB bundle. It makes the site actually sort of weird to navigate; since it pretty quickly downloads the bundle in the background, everything goes offline and the speed of loading new pages just feels… off somehow. As if it's not a Serious Web Page if there's no load time.</p> <p>Of course, this <em>also</em> means that I couldn't cache PNGs, because have you ever <em>tried</em> to have non-UTF-8 data in a JSON sent through N layers of JavaScript? :-)</p> </div> <p class="date"> <a href="http://blog.sesse.net/blog/tech/2024-11-03-11-48_ultimate_rules_as_a_service.html">03 November, 2024 10:48AM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="https://honk.sigxcpu.org/con/"> <img class="face" src="heads/agx.png" width="100" height="100" alt="hackergotchi for Guido Günther" /> </a> <h2 class="planet-title"> <a href="https://honk.sigxcpu.org/con/" title="Colors of Noise - Entries tagged planetdebian">Guido Günther</a> <script type="text/javascript">  </script> </h2> <div id="https://honk.sigxcpu.org/con/Free_Software_Activities_October_2024.html" class="https://honk.sigxcpu.org/con/Free_Software_Activities_October_2024.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://honk.sigxcpu.org/con/Free_Software_Activities_October_2024.html">Free Software Activities October 2024</a> </h3> <div class="content"> <p>Another short status update of what happened on my side last month. Besides a <a href="https://phosh.mobi/releases/rel-0.42.1/">phosh bugfix release</a> improving text input and selection was a prevalent pattern again resulting in improvements in the compositor, the OSK and some apps.</p> <h2><a href="https://gitlab.gnome.org/World/Phosh/phosh">phosh</a></h2> <ul> <li>Install gir (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1542/diffs">MR</a>). Needed for e.g. Debian to properly package the Rust bindings.</li> <li>Try harder to find an app icon when showing notifications (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1546">MR</a>)</li> <li>Add a simple Pomodoro timer plugin (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1547">MR</a>)</li> <li>Small screenshot manager fixes (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1551">MR</a>)</li> <li>Tweak portals configuration (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1552">MR</a>)</li> <li>Consistent focus style on lock screen and settings (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1554">MR</a>). Improves the visual appearance as the dotted focus frame doesn't match our otherwise colored focus frames</li> <li>Don't focus buttons in settings (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1556">MR</a>). Improves the visual appearance as attention isn't drawn to the button focus.</li> <li>Close Phosh's settings when activating a Settings panel (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1557">MR</a>)</li> </ul> <h2><a href="https://gitlab.gnome.org/World/Phosh/phoc">phoc</a></h2> <ul> <li>Improve cursor and cursor theme handling, hide mouse pointer by default (<a href="https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/591">MR</a>)</li> <li>Don't submit empty preedit (<a href="https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/592">MR</a>)</li> <li>Fix flickering selection bubbles in GTK4's text input fields (<a href="https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/593">MR</a>)</li> <li>Backport two more fixes and release 0.41.1 (<a href="https://gitlab.gnome.org/World/Phosh/phoc/-/merge_requests/596">MR</a>)</li> </ul> <h2><a href="https://gitlab.gnome.org/World/Phosh/phosh-mobile-settings">phosh-mobile-settings</a></h2> <ul> <li>Allow to select default text completer (<a href="https://gitlab.gnome.org/World/Phosh/phosh-mobile-settings/-/merge_requests/161">MR</a>, <a href="https://gitlab.gnome.org/World/Phosh/phosh-mobile-settings/-/merge_requests/163">MR</a>)</li> <li>Don't crash when we fail to load a pref plugin (<a href="https://gitlab.gnome.org/World/Phosh/phosh-mobile-settings/-/merge_requests/162">MR</a>)</li> </ul> <h2><a href="https://gitlab.gnome.org/World/Phosh/phosh">libphosh-rs</a></h2> <ul> <li>Update with current gir and allow to use status pages (<a href="https://gitlab.gnome.org/guidog/libphosh-rs/-/merge_requests/18">MR</a>)</li> <li>Expose screenshot manager and build without warnings (<a href="https://gitlab.gnome.org/guidog/libphosh-rs/-/merge_requests/19">MR</a>). (Improved further by a follow up MR from Sam)</li> <li>Fix clippy warnings and add clippy to CI (<a href="https://gitlab.gnome.org/guidog/libphosh-rs/-/merge_requests/20">MR</a>)</li> </ul> <h2><a href="https://gitlab.gnome.org/guidog/phosh-osk-stub">phosh-osk-stub</a></h2> <ul> <li>presage: Always set predictors (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/merge_requests/160">MR</a>). Avoids surprises with unwanted predictors.</li> <li>Install completer information (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/merge_requests/162">MR</a>)</li> <li>Handle overlapping touch events (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/issues/41">MR</a>). This should improve fast typing.</li> <li>Allow plain <code>ctrl</code> and <code>alt</code> in the shortcuts bar (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/merge_requests/165">MR</a></li> <li>Use Adwaita background color to make the OSK look more integrated (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/merge_requests/166">MR</a>)</li> <li>Use StyleManager to support accent colors (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/merge_requests/167">MR</a>)</li> <li>Fix emoji section selection in RTL locales (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/issues/44">MR</a>)</li> <li>Don't submit empty preedit (<a href="https://gitlab.gnome.org/guidog/phosh-osk-stub/-/issues/49">MR</a>). Helps to better preserve text selections.</li> </ul> <h2><a href="https://gitlab.gnome.org/guidog/phosh-osk-data">phosh-osk-data</a></h2> <ul> <li>Add scripts to build word corpus from Wikipedia data (<a href="https://gitlab.gnome.org/guidog/phosh-osk-data/-/merge_requests/1/diffs">MR</a>) See <a href="https://data.phosh.mobi/osk-data/0.42.0/presage/">here</a> for the data.</li> </ul> <h2>xdg-desktop-portal-phosh</h2> <ul> <li>Release 0.42~rc1 (<a href="https://gitlab.gnome.org/guidog/xdg-desktop-portal-phosh/-/merge_requests/5">MR</a>)</li> <li>Fix HighContrast (<a href="https://gitlab.gnome.org/guidog/xdg-desktop-portal-phosh/-/merge_requests/6">MR</a>)</li> </ul> <h2>Debian</h2> <ul> <li>Collect some of the QCom workarounds in a package (<a href="https://salsa.debian.org/agx/qcom-workarounds">MR</a>). This is not meant to go into Debian proper but it's nicer than doing all the mods by hand and forgetting which files were modified.</li> <li>q6voiced: Fix service configuration (<a href="https://salsa.debian.org/erebion/q6voiced/-/merge_requests/2">MR</a>)</li> <li>chatty: Enable clock test again (<a href="https://salsa.debian.org/DebianOnMobile-team/chatty/-/merge_requests/46">MR</a>), and then unbreak translations (<a href="https://gitlab.gnome.org/World/Chatty/-/merge_requests/1443">MR</a>)</li> <li>phosh: Ship gir for libphosh-rs (<a href="https://salsa.debian.org/DebianOnMobile-team/phosh/-/merge_requests/95">MR</a>)</li> <li>phoc: Backport input method related fix (<a href="https://salsa.debian.org/DebianOnMobile-team/phoc/-/merge_requests/55">MR</a>)</li> <li>Upload initial package of phosh-osk-data: <a href="https://ftp-master.debian.org/new/phosh-osk-data_0.42.0~rc1-1.html">Status in NEW</a></li> <li>Upload initial package of xdg-desktop-portal-pohsh: <a href="https://ftp-master.debian.org/new/xdg-desktop-portal-phosh_0.42~rc1-1.html">Status in NEW</a></li> <li>Backport phosh-osk-stub abbrev fix (<a href="https://salsa.debian.org/DebianOnMobile-team/phosh-osk-stub/-/merge_requests/24">MR</a></li> <li>phoc: Update to 0.42.1 (<a href="https://salsa.debian.org/DebianOnMobile-team/phoc/-/merge_requests/56">MR</a></li> <li>mobile-tweaks: Enable zram on Librem 5 and PP (<a href="https://salsa.debian.org/DebianOnMobile-team/mobile-tweaks/-/merge_requests/19">MR</a>)</li> </ul> <h2>ModemManager</h2> <ul> <li>Some further work on the Cell Broadcast to address comments <a href="https://gitlab.freedesktop.org/mobile-broadband/ModemManager/-/merge_requests/1095">MR</a>)</li> </ul> <h2>Calls</h2> <ul> <li>Further improve daemon mode (<a href="https://gitlab.gnome.org/GNOME/calls/-/merge_requests/760">MR</a>) (mentioned last month already but got even simpler)</li> </ul> <h2>GTK</h2> <ul> <li>Handle <code>Gtk{H,V}Separator</code> when migrating UI files to GTK4 (<a href="https://gitlab.gnome.org/GNOME/gtk/-/merge_requests/7800">MR</a>)</li> </ul> <h2>feedbackd</h2> <ul> <li>Modernize README a bit (<a href="https://source.puri.sm/Librem5/feedbackd/-/merge_requests/145">MR</a>)</li> </ul> <h2>Chatty</h2> <ul> <li>Use special event for SMS (<a href="https://gitlab.gnome.org/World/Chatty/-/merge_requests/1440">MR</a>)</li> <li>Another QoL fix when using OSK (<a href="https://gitlab.gnome.org/World/Chatty/-/merge_requests/1441">MR</a>)</li> <li>Fix printing time diffs on 32bit architectures (<a href="https://gitlab.gnome.org/World/Chatty/-/merge_requests/1442">MR</a>)</li> </ul> <h2>libcmatrix</h2> <ul> <li>Use endpoints for authenticated media (<a href="https://source.puri.sm/Librem5/libcmatrix/-/merge_requests/103">MR</a>). Needed to support v1.11 servers.</li> </ul> <h2>phosh-ev</h2> <ul> <li>Switch to GNOME 47 runtime (<a href="https://gitlab.gnome.org/guidog/phosh-ev/-/merge_requests/4">MR</a>)</li> </ul> <h2>git-buildpackage</h2> <ul> <li>Don't use deprecated pkg-resources (<a href="https://salsa.debian.org/agx/git-buildpackage/-/merge_requests/5">MR</a>)</li> </ul> <h2>Unified push specification</h2> <ul> <li>Expand on DBus activation a bit (<a href="https://codeberg.org/UnifiedPush/specifications/pulls/5">MR</a>)</li> </ul> <h2>swipeGuess</h2> <ul> <li>Small build improvement and mention phosh-osk-stub (<a href="https://git.sr.ht/~earboxer/swipeGuess/commit/de5b1fd5c8f5e2979bbd14f90db46b34f1d708ea">Commit</a>)</li> </ul> <h2>wlr-clients</h2> <ul> <li>Fix <code>-o</code> option and add help output (<a href="https://gitlab.freedesktop.org/wlroots/wlr-clients/-/merge_requests/4">MR</a>)</li> </ul> <h2><a href="https://gitlab.gnome.org/World/iotas">iotas</a> (Note taking app)</h2> <ul> <li>Don't take focus with header bar buttons (<a href="https://gitlab.gnome.org/World/iotas/-/merge_requests/251">MR</a>). Makes typing faster (as the OSK won't hide) and thus using the header bar easier</li> </ul> <h2><a href="https://gitlab.com/schmiddi-on-mobile/flare">Flare</a> (Signal app)</h2> <ul> <li>Don't take focus when sending messages, adding emojis or attachments (<a href="https://gitlab.com/schmiddi-on-mobile/flare/-/merge_requests/156/diffs">MR</a>). Makes typing faster (as the OSK won't hide) and thus using those buttons easier</li> </ul> <h2>xdg-desktop-portal</h2> <ul> <li>Use categories that work for both xdg-spec and the portal (<a href="https://github.com/flatpak/xdg-desktop-portal/pull/1500">MR</a>)</li> </ul> <h2>Reviews</h2> <p>This is not code by me but reviews on other peoples code. The list is fairly incomplete, hope to improve on this in the upcoming months:</p> <ul> <li>phosh-tour: add first login mode (<a href="https://gitlab.gnome.org/World/Phosh/phosh-tour/-/merge_requests/39">MR</a>)</li> <li>phosh: Animate swipe closing notifications (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1513">MR</a>)</li> <li>iio-sensor-proxy: Report correct value on claim (<a href="https://gitlab.freedesktop.org/hadess/iio-sensor-proxy/-/merge_requests/382">MR</a>)</li> <li>iio-sensor-proxy: face-{up,down} (<a href="https://gitlab.freedesktop.org/hadess/iio-sensor-proxy/-/merge_requests/384">MR</a>)</li> <li>phosh-mobile-settings: Squeekboad scaling (<a href="https://gitlab.gnome.org/World/Phosh/phosh-mobile-settings/-/merge_requests/157">MR</a>)</li> <li>libcmatrix: Misc cleanups/fixes (<a href="https://source.puri.sm/Librem5/libcmatrix/-/merge_requests/102">MR</a>)</li> <li>phosh: Notification separator improvements (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1549">MR</a></li> <li>phosh: Accent colors (<a href="https://gitlab.gnome.org/World/Phosh/phosh/-/merge_requests/1533">MR</a></li> </ul> <h1>Help Development</h1> <p>If you want to support my work see <a href="https://honk.sigxcpu.org/piki/donations/">donations</a>. This includes a list of hardware we want to improve support for. Thanks a lot to all current and past donors.</p> </div> <p class="date"> <a href="https://honk.sigxcpu.org/con/Free_Software_Activities_October_2024.html">03 November, 2024 10:17AM</a> </p> </div> </div> </div> <div class="channel"> <a href="http://www.netfort.gr.jp/~dancer/diary/202411.html.en"> <img class="face" src="heads/dancer.png" width="75" height="97" alt="hackergotchi for Junichi Uekawa" /> </a> <h2 class="planet-title"> <a href="http://www.netfort.gr.jp/~dancer/diary/202411.html.en" title="Dancer's daily hackings">Junichi Uekawa</a> <script type="text/javascript">  </script> </h2> <div id="http://www.netfort.gr.jp/~dancer/diary/daily/2024-Nov-3.html.en#2024-Nov-3-18:24:16" class="http://www.netfort.gr.jp/~dancer/diary/daily/2024-Nov-3.html.en#2024-Nov-3-18:24:16"> <div class="entry"> <h3 class="entry-title"> <a href="http://www.netfort.gr.jp/~dancer/diary/daily/2024-Nov-3.html.en#2024-Nov-3-18:24:16">Doing more swimming in everyday life for the past few months.</a> </h3> <div class="content"> Doing more swimming in everyday life for the past few months. Seems like I am keeping that up. <p></p> </div> <p class="date"> <a href="http://www.netfort.gr.jp/~dancer/diary/daily/2024-Nov-3.html.en#2024-Nov-3-18:24:16">03 November, 2024 09:24AM</a> by Junichi Uekawa </p> </div> </div> </div> <h1>November 02, 2024</h1> <div class="channel"> <a href="http://dirk.eddelbuettel.com/blog"> <img class="face" src="heads/dirk.png" width="65" height="90" alt="hackergotchi for Dirk Eddelbuettel" /> </a> <h2 class="planet-title"> <a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <script type="text/javascript">  </script> </h2> <div id="http://dirk.eddelbuettel.com/blog/2024/11/02#rcpp_1.0.13-1" class="http://dirk.eddelbuettel.com/blog/2024/11/02#rcpp_1.0.13-1"> <div class="entry"> <h3 class="entry-title"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/02#rcpp_1.0.13-1">Rcpp 1.0.13-1 on CRAN: Hot Fix</a> </h3> <div class="content"> <p><img alt="rcpp logo" src="https://dirk.eddelbuettel.com/images/rcpp-logo-blue-dial.png" style="float: left; margin: 10px 10px 0px 0px;" width="200" /></p> <p>A hot-fix release 1.0.13-1, consisting of two small PRs relative to the last regular <a href="https://cran.r-project.org">CRAN</a> release <a href="https://dirk.eddelbuettel.com/blog/2024/07/17#rcpp_1.0.13">1.0.13</a>, just arrived on <a href="https://cran.r-project.org">CRAN</a>. When we prepared <a href="https://dirk.eddelbuettel.com/blog/2024/07/17#rcpp_1.0.13">1.0.13</a>, we included a change related to the ‘tightening’ of the C API of R itself. Sadly, we pinned an expected change to ‘comes with next (minor) release 4.4.2’ rather than now ‘next (normal aka major) release 4.5.0’. And now that R 4.4.2 is out (as of two days ago) we accidentally broke building against the header file with that check. Whoops. Bugs happen, and we are truly sorry—but this is now addressed in 1.0.13-1.</p> <p>The normal (bi-annual) release cycle will resume with 1.0.14 slated for January. As you can see from the <a href="https://github.com/RcppCore/Rcpp/blob/master/inst/NEWS.Rd">NEWS file</a> of the development branch, we have a number of changes coming. You can safely access that release candidate version, either off the default branch at github or via r-universe artifacts.</p> <p>The list below details all changes, as usual. The only other change concerns the now-mandatory use of Authors@R.</p> <blockquote> <h4 id="changes-in-rcpp-release-version-1.0.13-1-2024-11-01">Changes in Rcpp release version 1.0.13-1 (2024-11-01)</h4> <ul> <li><p>Changes in Rcpp API:</p> <ul> <li>Use read-only <code>VECTOR_PTR</code> and <code>STRING_PTR</code> only with with R 4.5.0 or later (Kevin in <a href="https://github.com/RcppCore/Rcpp/pull/1342">#1342</a> fixing <a href="https://github.com/RcppCore/Rcpp/issues/1341">#1341</a>)</li> </ul></li> <li><p>Changes in Rcpp Deployment:</p> <ul> <li>Authors@R is now used in DESCRIPTION as mandated by CRAN</li> </ul></li> </ul> </blockquote> <p>Thanks to my <a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a>, you can also look at a <a href="https://dirk.eddelbuettel.com/cranberries/2024/11/02/#Rcpp_1.0.13-1">diff to the previous release</a> Questions, comments etc should go to the <a href="https://lists.r-forge.r-project.org/cgi-bin/mailman/listinfo/rcpp-devel">rcpp-devel mailing list</a> off the <a href="https://r-forge.r-project.org/projects/rcpp/">R-Forge page</a>. Bugs reports are welcome at the <a href="https://github.com/RcppCore/Rcpp/issues">GitHub issue tracker as well</a> (where one can also search among open or closed issues).</p> <p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at GitHub</a>.</p> <p style="font-size: 80%; font-style: italic;"> This post by <a href="https://dirk.eddelbuettel.com">Dirk Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a> blog. Please report excessive re-aggregation in third-party for-profit settings. </p><p></p> </div> <p class="date"> <a href="http://dirk.eddelbuettel.com/blog/2024/11/02#rcpp_1.0.13-1">02 November, 2024 09:13PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://etbe.coker.com.au" title="etbe – Russell Coker">Russell Coker</a> <script type="text/javascript">  </script> </h2> <div id="https://etbe.coker.com.au/2024/11/02/more-about-yoga-gen3/" class="https://etbe.coker.com.au/2024/11/02/more-about-yoga-gen3/"> <div class="entry"> <h3 class="entry-title"> <a href="https://etbe.coker.com.au/2024/11/02/more-about-yoga-gen3/">More About the Yoga Gen3</a> </h3> <div class="content"> <p><a href="https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/">Two months ago I bought a Thinkpad X1 Yoga Gen3 [1]</a>. I’m still very happy with it, the screen is a great improvement over the FullHD screen on my previous Thinkpad. I have yet to discover what’s the best resolution to have on a laptop if price isn’t an issue, but it’s at least 1440p for a 14″ display, that’s 210DPI. The latest Thinkpad X1 Yoga is the 7th gen and has up to 3840*2400 resolution on the internal display for 323DPI. Apple apparently uses the term “Retina Display” to mean something in the range of 250DPI to 300DPI, so my current laptop is below “Retina” while the most expensive new Thinkpads are above it.</p> <p>I did some tests on external displays and found that this Thinkpad along with a Dell Latitude of the same form factor and about the same age can only handle one 4K display on a Thunderbolt dock and one on HDMI. On Reddit u/Carlioso1234 pointed out <a href="https://psref.lenovo.com/syspool/Sys/PDF/ThinkPad/ThinkPad_X1_Yoga_3rd_Gen/ThinkPad_X1_Yoga_3rd_Gen_Spec.PDF">this specs page which says it supports a maximum of 3 displays including the built in TFT [2]</a>. The Thunderbolt/USB-C connection has a maximum resolution of 5120*2880 and the HDMI port has a maximum of 4K. The latest Yoga can support four displays total which means 2*5K over Thunderbolt and one 4K over HDMI. It would be nice if someone made a 8000*2880 ultrawide display that looked like 2*5K displays when connected via Thunderbolt. It would also be nice if someone made a 32″ 5K display, currently they all seem to be 27″ and I’ve found that even for 4K resolution 32″ is better than 27″.</p> <p>With the typical configuration of Linux and the BIOS the Yoga Gen3 will have it’s touch screen stop working after suspend. I have confirmed this for stylus use but as the finger-touch functionality is broken I couldn’t confirm that. On r/thinkpad <a href="https://www.reddit.com/r/thinkpad/comments/1blpy20/comment/kw7se2l/?context=3">u/p9k told me how to fix this problem [3]</a>. I had to set the BIOS to Win 10 Sleep aka Hybrid sleep and then put the following in /etc/systemd/system/thinkpad-wakeup-config.service :</p> <pre># https://www.reddit.com/r/thinkpad/comments/1blpy20/comment/kw7se2l/?context=3 [Unit] Description=Workarounds for sleep wakeup source for Thinkpad X1 Yoga 3 After=sysinit.target After=systemd-modules-load.service [Service] Type=oneshot ExecStart=/bin/sh -c "echo 'enabled' > /sys/devices/platform/i8042/serio0/power/wakeup" ExecStart=/bin/sh -c "echo 'enabled' > /sys/devices/platform/i8042/serio1/power/wakeup" ExecStart=/bin/sh -c "echo 'LID' > /proc/acpi/wakeup" [Install] WantedBy=multi-user.target</pre> <p>Now it works fine, for stylus at least. I still get kernel error messages like the following which don’t seem to cause problems:</p> <pre>wacom 0003:056A:5146.0005: wacom_idleprox_timeout: tool appears to be hung in-prox. forcing it out.</pre> <p>When it wasn’t working I got the above but also kernel error messages like:</p> <pre>wacom 0003:056A:5146.0005: wacom_wac_queue_insert: kfifo has filled, starting to drop events</pre> <p>This change affected the way suspend etc operate. Now when I connect the laptop to power it will leave suspend mode. I’ve configured KDE to suspend when the lid is closed and there’s no monitor connected.</p> <ul> <li>[1]<a href="https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/"> https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/</a></li> <li>[2]<a href="https://psref.lenovo.com/syspool/Sys/PDF/ThinkPad/ThinkPad_X1_Yoga_3rd_Gen/ThinkPad_X1_Yoga_3rd_Gen_Spec.PDF"> https://tinyurl.com/2cvq6qts</a></li> <li>[3]<a href="https://www.reddit.com/r/thinkpad/comments/1blpy20/comment/kw7se2l/?context=3"> https://tinyurl.com/26ho6vxk</a></li> </ul> <div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list"> <p>Related posts:</p><ol> <li><a href="https://etbe.coker.com.au/2024/01/29/thinkpad-x1-yoga-gen3/" rel="bookmark" title="Thinkpad X1 Yoga Gen3">Thinkpad X1 Yoga Gen3</a> <small>I just bought myself a Thinkpad X1 Yoga Gen3 for...</small></li> <li><a href="https://etbe.coker.com.au/2024/07/23/more-5120x2160-monitor/" rel="bookmark" title="More About Kogan 5120*2160 Monitor">More About Kogan 5120*2160 Monitor</a> <small>On the 18th of May I blogged about my new...</small></li> <li><a href="https://etbe.coker.com.au/2018/09/11/thinkpad-x1-carbon-gen-6/" rel="bookmark" title="Thinkpad X1 Carbon Gen 6">Thinkpad X1 Carbon Gen 6</a> <small>In February I reviewed a Thinkpad X1 Carbon Gen 1...</small></li> </ol> </div> </div> <p class="date"> <a href="https://etbe.coker.com.au/2024/11/02/more-about-yoga-gen3/">02 November, 2024 08:05AM</a> by etbe </p> </div> </div> </div> <div class="channel"> <div id="https://etbe.coker.com.au/2024/11/02/moving-between-devices/" class="https://etbe.coker.com.au/2024/11/02/moving-between-devices/"> <div class="entry"> <h3 class="entry-title"> <a href="https://etbe.coker.com.au/2024/11/02/moving-between-devices/">Moving Between Devices</a> </h3> <div class="content"> <p>I previously <a href="https://etbe.coker.com.au/2024/04/26/convergence-vs-transference/">wrote about the possibility of transferring work between devices as an alternative to “convergence” (using a phone or tablet as a desktop) [1]</a>. This idea has been implemented in some commercial products already.</p> <p><a href="https://www.youtube.com/watch?v=IhYDtLzmRQI">MrWhosTheBoss made a good YouTube video reviewing recent Huawei products [2]</a>. At 2:50 in that video he shows how you can link a phone and tablet, control one from the other, drag and drop of running apps and files between phone and tablet, mirror the screen between devices, etc. He describes playing a video on one device and having it appear on the other, I hope that it actually launches a new instance of the player app as the Google Chromecast failed in the market due to remote display being laggy. At 7:30 in that video he starts talking about the features that are available when you have multiple Huawei devices, starting with the ability to move a Bluetooth pairing for earphones to a different device.</p> <p>At 16:25 he shows what Huawei is doing to get apps going including allowing apk files to be downloaded and creating what they call “Quick Apps” which are instances of a web browser configured to just use one web site and make it look like a discrete app, we need something like this for FOSS phone distributions – does anyone know of a browser that’s good for it?</p> <p>Another thing that we need is to have an easy way of transferring open web pages between systems. Chrome allows sending pages between systems but it’s proprietary, limited to Chrome only, and also takes an unreasonable amount of time. KDEConnect allows sharing clipboard contents which can be used to send URLs that can then be pasted into a browser, but the process of copy URL, send via KDEConnect, and paste into other device is unreasonably slow. The design of Chrome with a “Send to your devices” menu option from the tab bar is OK. But ideally we need a “Send to device” for all tabs of a window as well, we need it to run from free software and support using your own server not someone else’s server (AKA “the cloud”). Some of the KDEConnect functionality but using a server rather than direct connection over the same Wifi network (or LAN if bridged to Wifi) would be good.</p> <p>What else do we need?</p> <ul> <li>[1]<a href="https://etbe.coker.com.au/2024/04/26/convergence-vs-transference/"> https://etbe.coker.com.au/2024/04/26/convergence-vs-transference/</a></li> <li>[2]<a href="https://www.youtube.com/watch?v=IhYDtLzmRQI"> https://www.youtube.com/watch?v=IhYDtLzmRQI</a></li> </ul> <div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list"> <p>Related posts:</p><ol> <li><a href="https://etbe.coker.com.au/2024/04/26/convergence-vs-transference/" rel="bookmark" title="Convergence vs Transference">Convergence vs Transference</a> <small>I previously wrote a blog post titled Considering Convergence [1]...</small></li> <li><a href="https://etbe.coker.com.au/2011/09/08/laptop-to-cloud-lifestyle/" rel="bookmark" title="Moving from a Laptop to a Cloud Lifestyle">Moving from a Laptop to a Cloud Lifestyle</a> <small>My Laptop History In 1998 I bought my first laptop,...</small></li> <li><a href="https://etbe.coker.com.au/2012/03/23/cheap-nas-devices-suck/" rel="bookmark" title="Cheap NAS Devices Suck">Cheap NAS Devices Suck</a> <small>There are some really good Network Attached Storage (NAS) devices...</small></li> </ol> </div> </div> <p class="date"> <a href="https://etbe.coker.com.au/2024/11/02/moving-between-devices/">02 November, 2024 08:03AM</a> by etbe </p> </div> </div> </div> <div class="channel"> <div id="https://etbe.coker.com.au/2024/11/02/what-is-workstation/" class="https://etbe.coker.com.au/2024/11/02/what-is-workstation/"> <div class="entry"> <h3 class="entry-title"> <a href="https://etbe.coker.com.au/2024/11/02/what-is-workstation/">What is a Workstation?</a> </h3> <div class="content"> <p>I recently had someone describe a Mac Mini as a “workstation”, which I strongly disagree with. The <a href="https://en.wikipedia.org/wiki/Workstation">Wikipedia page for Workstation [1]</a> says that it’s a type of computer designed for scientific or technical use, for a single user, and would commonly run a multi-user OS.</p> <p>The Mac Mini runs a multi-user OS and is designed for a single user. The issue is whether it is for “scientific or technical use”. A Mac Mini is a nice little graphical system which could be used for CAD and other engineering work. But I believe that the low capabilities of the system and lack of expansion options make it less of a workstation.</p> <p>The latest versions of the Mac Mini (to be officially launched next week) have up to 64G of RAM and up to 8T of storage. That is quite decent compute power for a small device. For comparison the HP ML 110 Gen9 workstation I’m currently using was released in 2021 and has 256G of RAM and has 4 * 3.5″ SAS bays so I could easily put a few 4TB NVMe devices and some hard drives larger than 10TB. The HP Z640 workstation I have was released in 2014 and has 128G of RAM and 4*2.5″ SATA drive bays and 2*3.5″ SATA drive bays. Previously I had a Dell PowerEdge T320 which was released in 2012 and had 96G of RAM and 8*3.5″ SAS bays.</p> <p>In CPU and GPU power the recent Mac Minis will compare well to my latest workstations. But they compare poorly to workstations from as much as 12 years ago for RAM and storage. Which is more important depends on the task, if you have to do calculations on 80G of data with lots of scans through the entire data set then a system with 64G of RAM will perform very poorly and a system with 96G and a CPU less than half as fast will perform better. A Dell PowerEdge T320 from 2012 fully loaded with 192G of RAM will outperform a modern Mac Mini on many tasks due to this and the T420 supported up to 384G.</p> <p>Another issue is generic expansion options. I expect a workstation to have a number of PCIe slots free for GPUs and other devices. The T320 I used to use had a PCIe power cable for a power hungry GPU and I think all the T320 and T420 models with high power PSUs supported that.</p> <p>I think that a usable definition of a “workstation” is a system having a feature set that is typical of servers (ECC RAM, lots of storage for RAID, maybe hot-swap storage devices, maybe redundant PSUs, and lots of expansion options) while also being suitable for running on a desktop or under a desk. The Mac Mini is nice for running on a desk but that’s the only workstation criteria it fits. I think that ECC RAM should be a mandatory criteria and any system without it isn’t a workstation. That excludes most Apple hardware. The Mac Mini is more of a thin-client than a workstation.</p> <p>My main workstation with ECC RAM could run 3 VMs that each have more RAM than the largest Mac Mini that will be sold next week.</p> <p>If 32G of non-ECC RAM is considered enough for a “workstation” then you could get an Android phone that counts as a workstation – and it will probably cost less than a Mac Mini.</p> <ul> <li>[1] <a href="https://en.wikipedia.org/wiki/Workstation"> https://en.wikipedia.org/wiki/Workstation</a></li> </ul> <div class="yarpp yarpp-related yarpp-related-rss yarpp-template-list"> <p>Related posts:</p><ol> <li><a href="https://etbe.coker.com.au/2023/04/10/btrfs-rebuild-time/" rel="bookmark" title="BTRFS Rebuild Time">BTRFS Rebuild Time</a> <small>In February I replaced a Dell T320 server with a...</small></li> <li><a href="https://etbe.coker.com.au/2012/08/28/ssd-workstation/" rel="bookmark" title="SSD for a Workstation">SSD for a Workstation</a> <small>SSDs have been dropping in price recently so I just...</small></li> <li><a href="https://etbe.coker.com.au/2023/02/12/t320-idrac-failure-hp-z640/" rel="bookmark" title="T320 iDRAC Failure and new HP Z640">T320 iDRAC Failure and new HP Z640</a> <small>The Dell T320 Almost 2 years ago I made a...</small></li> </ol> </div> </div> <p class="date"> <a href="https://etbe.coker.com.au/2024/11/02/what-is-workstation/">02 November, 2024 05:03AM</a> by etbe </p> </div> </div> </div> <h1>November 01, 2024</h1> <div class="channel"> <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/"> <img class="face" src="heads/cjwatson.png" width="70" height="82" alt="hackergotchi for Colin Watson" /> </a> <h2 class="planet-title"> <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/" title="Colin Watson's blog - planet-debian">Colin Watson</a> <script type="text/javascript">  </script> </h2> <div id="https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-10.html" class="https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-10.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-10.html">Free software activity in October 2024</a> </h3> <div class="content"> <p>Almost all of my Debian contributions this month were <a href="https://www.freexian.com/about/debian-contributions/">sponsored</a> by Freexian.</p> <p>You can also support my work directly via <a href="https://liberapay.com/cjwatson">Liberapay</a>.</p> <h2>Ansible</h2> <p>I noticed that <a href="https://www.ansible.com/">Ansible</a> had fallen out of Debian testing due to autopkgtest failures. This seemed like a problem worth fixing: in common with many other people, we use Ansible for configuration management at Freexian, and it probably wouldn’t make our sysadmins too happy if they upgraded to trixie after its release and found that Ansible was gone.</p> <p>The problems here were really just slogging through test failures in both the <code>ansible-core</code> and <code>ansible</code> packages, but their test suites are large and take a while to run so this took some time. I was able to contribute a few small fixes to various upstreams in the process:</p> <ul> <li><a href="https://github.com/ansible/ansible/pull/84129">test: Make git archive prefix fit in 32-bit <code>ssize_t</code></a> (though upstream went for a different approach)</li> <li><a href="https://github.com/ansible-collections/community.grafana/pull/406">test: replace more deprecated <code>assertEquals</code></a></li> <li><a href="https://github.com/ansible-collections/community.mongodb/pull/684">Fix import error on Python 3.13</a></li> <li><a href="https://github.com/ansible-collections/cloud.common/pull/162">Make <code>test_start_daemon_with_no_mock</code> less flaky</a></li> </ul> <p>This should now get back into testing tomorrow.</p> <h2>OpenSSH</h2> <p>Martin-Éric Racine <a href="https://github.com/jtesta/ssh-audit/issues/291">reported</a> that <code>ssh-audit</code> didn’t list the <code>ext-info-s</code> feature as being available in Debian’s OpenSSH 9.2 packaging in bookworm, contrary to what OpenSSH upstream said on their <a href="https://www.openssh.com/specs.html">specifications page</a> at the time. I spent some time looking into this and realized that upstream was mistakenly saying that implementations of <code>ext-info-c</code> and <code>ext-info-s</code> were added at the same time, while in fact <code>ext-info-s</code> was added rather later. <code>ssh-audit</code> now has clearer output, and the OpenSSH maintainers have corrected their specifications page.</p> <p>I looked into a <a href="https://bugs.debian.org/1041521">report</a> of an <code>ssh</code> failure in certain cases when using <span class="caps">GSS</span>-<span class="caps">API</span> key exchange (which is a Debian patch). Once again, having <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-05.html">integration tests</a> was a huge win here: the affected scenario is quite a fiddly one, but I was able to set it up in the <a href="https://salsa.debian.org/ssh-team/openssh/-/blob/master/debian/tests/ssh-gssapi">test</a>, and thereby make sure it doesn’t regress in future. It still took me a couple of hours to get all the details right, but in the past this sort of thing took me much longer with a much lower degree of confidence that the fix was correct.</p> <p>On upstream’s <a href="https://lists.mindrot.org/pipermail/openssh-unix-dev/2024-October/041682.html">advice</a>, I cherry-picked some key exchange fixes needed for big-endian architectures.</p> <h2>Python team</h2> <p>I packaged <a href="https://bugs.debian.org/1085206">python-evalidate</a>, needed for a new upstream version of buildbot.</p> <p>The Python 3.13 transition rolls on. I fixed problems related to it in <a href="https://bugs.debian.org/1084575">htmlmin</a>, <a href="https://bugs.debian.org/1084718">humanfriendly</a>, <a href="https://bugs.debian.org/1082143">postgresfixture</a> (<a href="https://code.launchpad.net/~cjwatson/postgresfixture/py313/+merge/474603">contributed upstream</a>), <a href="https://bugs.debian.org/1084621">pylint</a>, <a href="https://bugs.debian.org/1084679">python-asyncssh</a> (<a href="https://github.com/ronf/asyncssh/pull/697">contributed upstream</a>), <a href="https://bugs.debian.org/1082235">python-oauthlib</a>, <a href="https://bugs.debian.org/1084589">python3-simpletal</a>, <a href="https://bugs.debian.org/1084610">quodlibet</a>, <a href="https://bugs.debian.org/1082339">zope.exceptions</a>, and <a href="https://bugs.debian.org/1081541">zope.interface</a>.</p> <p>A trickier Python 3.13 issue involved the <code>cgi</code> module. Years ago I <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/lp-python3.html">ported zope.publisher to the multipart module</a> because <code>cgi.FieldStorage</code> was broken in some situations, and as a result I got a <a href="https://github.com/python/peps/pull/2306">recommendation</a> into Python’s <a href="https://peps.python.org/pep-0594/">“dead batteries” <span class="caps">PEP</span> 594</a>. Unfortunately there turns out to be a <a href="https://github.com/pypa/packaging-problems/issues/818">name conflict between multipart and python-multipart on PyPI</a>; python-multipart upstream has been <a href="https://github.com/Kludex/python-multipart/pull/166">working to disentangle this</a>, though we still need to <a href="https://bugs.debian.org/1085728">work out what to do in Debian</a>. All the same, I needed to fix <a href="https://bugs.debian.org/1082280">python-wadllib</a> and multipart seemed like the best fit; I <a href="https://code.launchpad.net/~cjwatson/wadllib/+git/wadllib/+merge/474861">contributed a port upstream</a> and temporarily copied multipart into Debian’s python-wadllib source package to allow its tests to pass. I’ll come back and fix this properly once we sort out the multipart vs. python-multipart packaging.</p> <p>tzdata <a href="https://tracker.debian.org/news/1573095/accepted-tzdata-2024b-3-source-into-unstable/">moved</a> some timezone definitions to tzdata-legacy, which has broken a number of packages. I added tzdata-legacy build-dependencies to <a href="https://bugs.debian.org/1086253">alembic</a> and <a href="https://bugs.debian.org/1086374">python-icalendar</a> to deal with this in those packages, though there are still some other instances of this left.</p> <p>I tracked down an <a href="https://bugs.debian.org/1084385">nltk regression</a> that caused build failures in many other packages.</p> <p>I fixed Rust crate versioning issues in <a href="https://bugs.debian.org/1084322">pydantic-core</a>, <a href="https://bugs.debian.org/1084329">python-bcrypt</a>, and <a href="https://bugs.debian.org/1081875">python-maturin</a> (mostly fixed by Peter Michael Green and Jelmer Vernooĳ, but it needed a little extra work).</p> <p>I fixed other build failures in <a href="https://bugs.debian.org/1052826">entrypoints</a>, <a href="https://bugs.debian.org/1082685">mayavi2</a>, <a href="https://bugs.debian.org/1052793">python-pyvmomi</a> (mostly fixed by Alexandre Detiste, but it needed a little extra work), and <a href="https://bugs.debian.org/1018589">python-testing.postgresql</a> (ditto).</p> <p>I fixed <a href="https://bugs.debian.org/1080724">python3-simpletal</a> to tolerate future versions of dh-python that will drop their dependency on python3-setuptools.</p> <p>I fixed broken symlinks in <a href="https://bugs.debian.org/988773">python-treq</a>.</p> <p>I removed (build-)depends on python3-pkg-resources from <a href="https://bugs.debian.org/1083301">alembic</a>, <a href="https://bugs.debian.org/1083309">autopep8</a>, <a href="https://bugs.debian.org/1083325">buildbot</a>, <a href="https://bugs.debian.org/1083331">celery</a>, <a href="https://bugs.debian.org/1083398">flufl.enum</a>, <a href="https://bugs.debian.org/1083400">flufl.lock</a>, <a href="https://bugs.debian.org/1083685">python-public</a>, <a href="https://bugs.debian.org/1083718">python-wadllib</a> (<a href="https://code.launchpad.net/~cjwatson/wadllib/+git/wadllib/+merge/474798">contributed upstream</a>), <a href="https://bugs.debian.org/1083732">pyvisa</a>, <a href="https://bugs.debian.org/1083757">routes</a>, <a href="https://bugs.debian.org/1083983">vulture</a>, and <a href="https://bugs.debian.org/1084003">zodbpickle</a> (<a href="https://github.com/zopefoundation/zodbpickle/pull/99">contributed upstream</a>).</p> <p>I upgraded astroid, asyncpg (fixing a <a href="https://bugs.debian.org/1081995">Python 3.13 failure</a> and a <a href="https://bugs.debian.org/1084240">build failure</a>), buildbot (noticing an <a href="https://github.com/buildbot/buildbot/pull/8137">upstream test bug</a> in the process), dnsdiag, frozenlist, netmiko (fixing a <a href="https://bugs.debian.org/1084527">Python 3.13 failure</a>), psycopg3, pydantic-settings, pylint, python-asyncssh, python-bleach, python-btrees, python-cytoolz, python-django-pgtrigger, python-django-test-migrations, python-gssapi, python-icalendar, python-json-log-formatter, python-pgbouncer, python-pkginfo, python-plumbum, python-stdlib-list, python-tokenize-rt, python-treq (fixing a <a href="https://bugs.debian.org/1084541">Python 3.13 failure</a>), python-typeguard, python-webargs (fixing a <a href="https://bugs.debian.org/1082393">build failure</a>), pyupgrade, <a href="https://bugs.debian.org/1084175">pyvisa</a>, <a href="https://bugs.debian.org/1084176">pyvisa-py</a> (fixing a <a href="https://bugs.debian.org/1084620">Python 3.13 failure</a>), toolz, twisted, vulture, waitress (fixing <a href="https://bugs.debian.org/1086467"><span class="caps">CVE</span>-2024-49768</a> and <a href="https://bugs.debian.org/1086468"><span class="caps">CVE</span>-2024-49769</a>), wtf-peewee, wtforms, zodbpickle, zope.exceptions, zope.interface, zope.proxy, zope.security, and zope.testrunner to new upstream versions.</p> <p>I tried to fix a <a href="https://bugs.debian.org/1081851">regression</a> in python-scruffy, but I need testing feedback.</p> <p>I requested removal of <a href="https://bugs.debian.org/1018588">python-testing.mysqld</a>.</p> </div> <p class="date"> <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-10.html">01 November, 2024 12:19PM</a> by Colin Watson </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://www.eyrie.org/~eagle/" title="Eagle's Path">Russ Allbery</a> <script type="text/javascript">  </script> </h2> <div id="https://www.eyrie.org/~eagle/reviews/books/overdue-returns.html" class="https://www.eyrie.org/~eagle/reviews/books/overdue-returns.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://www.eyrie.org/~eagle/reviews/books/overdue-returns.html">Review: Overdue and Returns</a> </h3> <div class="content"> <p>Review: <cite>Overdue and Returns</cite>, by Mark Lawrence</p> <table> <tbody><tr> <td>Publisher:</td> <td>Mark Lawrence</td> </tr> <tr> <td>Copyright:</td> <td>June 2023</td> </tr> <tr> <td>Copyright:</td> <td>February 2024</td> </tr> <tr> <td>ASIN:</td> <td>B0C9N51M6Y</td> </tr> <tr> <td>ASIN:</td> <td>B0CTYNQGBX</td> </tr> <tr> <td>Format:</td> <td>Kindle</td> </tr> <tr> <td>Pages:</td> <td>99</td> </tr></tbody></table> <p> <cite>Overdue</cite> is a stand-alone novelette in the <a href="https://www.eyrie.org/~eagle/reviews/books/0-593-43793-4.html">Library Trilogy universe</a>. <cite>Returns</cite> is a collection of two stories, the novelette "Returns" and the short story "About Pain." All of them together are about the length of a novella, so I'm combining them into a single review. </p> <p> These are ancillary stories in the same universe as the novels, but not necessarily in the same timeline. (Trying to fit "About Pain" into the novel timeline will give you a headache and I am choosing to read it as author's fan fiction.) I'm guessing they're part of the new fad for releasing short fiction on Amazon to tide readers over and maintain interest between books in a series, a fad about which I have mixed feelings. Given the total lack of publisher metadata in either the stories or on Amazon, I'm assuming they were self-published even though the novels are published by Ace, but I don't know that for certain. </p> <p> There are spoilers for <a href="https://www.eyrie.org/~eagle/reviews/books/0-593-43793-4.html"><cite>The Book That Wouldn't Burn</cite></a>, so don't read these before that novel. There are no spoilers for <a href="https://www.eyrie.org/~eagle/reviews/books/0-593-43796-9.html"><cite>The Book That Broke the World</cite></a>, and I don't think the reading order would matter. </p> <p> I found all three of these stories irritating and thuddingly trite. "Returns" is probably the best of the lot in terms of quality of storytelling, but I intensely dislike the structural implications of the nature of the book at its center and am therefore hoping that it's non-canonical. </p> <p> I would not waste your time with these even if you are enjoying the novels. </p> <p> <strong>"Overdue"</strong>: Three owners of the same bookstore at different points in time have encounters with an albino man named Yute who is on a quest. One of the owners is trying to write a book, one of them is older, depressed, and closed off, and one of them has regular conversations with her sister's ghost. The nature of the relationship between the three is too much of a spoiler, but it involves similar shenanigans as <cite>The Book That Wouldn't Burn</cite>. </p> <p> Lawrence uses my least favorite resolution of benign ghost stories. The story tries very hard to sell it as a good thing, but I thought it was cruel and prefer fantasy that rejects both branches of that dilemma. Other than that, it was fine, I guess, although the moral was delivered with all of the subtlety of the last two minutes of a Saturday morning cartoon. (5) </p> <p> <strong>"Returns"</strong>: Livira returns a book deep inside the library and finds that she can decipher it, which leads her to a story about Yute going on a trip to recover another library book. This had a lot of great Yute lines, plus I always like seeing Livira in exploration mode. The book itself is paradoxical in a causality-destroying way, which is handwaved away as literal magic. I liked this one the best of the three stories, but I hope the world-building of the main series does not go in this direction and I'm a little afraid it might. (6) </p> <p> <strong>"About Pain"</strong>: A man named Holden runs into a woman named Clovis at the gym while carrying a book titled <cite>Catcher</cite> that his dog found and that he's returning to the library. I thoroughly enjoy Clovis and was happy to read a few more scenes about her. Other than that, this was fine, I guess, although it is a story designed to deliver a point and that point is one that appears in every discussion of classics and re-reading that has ever happened on the Internet. Also, I know I'm being grumpy, but Lawrence's puns with authors and character names are chapter-epigraph amusing but not short-story-length funny. Yes, yes, his name is Holden, we get it. (5) </p> <p>Rating: 5 out of 10</p> </div> <p class="date"> <a href="https://www.eyrie.org/~eagle/reviews/books/overdue-returns.html">01 November, 2024 04:11AM</a> </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="http://bonedaddy.net/pabs3/log/" title="Log">Paul Wise</a> <script type="text/javascript">  </script> </h2> <div id="http://bonedaddy.net/pabs3/log/2024/11/01/floss-activities/" class="http://bonedaddy.net/pabs3/log/2024/11/01/floss-activities/"> <div class="entry"> <h3 class="entry-title"> <a href="http://bonedaddy.net/pabs3/log/2024/11/01/floss-activities/">FLOSS Activities October 2024</a> </h3> <div class="content"> <h1 id="focus">Focus</h1> <p>This month I didn't have any particular focus. I just worked on issues in my info bubble.</p> <h1 id="changes">Changes</h1> <ul> <li>ArchiveBot: <a href="https://github.com/ArchiveTeam/ArchiveBot/pull/583">improve dashboard filtering</a></li> <li>Debian wiki pages: <a href="https://wiki.debian.org/ArmPorts?action=diff&rev1=19&rev2=20">ArmPorts</a>, <a href="https://wiki.debian.org/Exploits?action=diff&rev1=38&rev2=39">Exploits</a></li> </ul> <h1 id="issues">Issues</h1> <ul> <li>FLOSS license needed for <a href="https://github.com/Two9A/ThreadTree/issues/3">ThreadTree</a></li> <li>Features in ThreadTree (<a href="https://github.com/Two9A/ThreadTree/issues/2">1</a> <a href="https://github.com/Two9A/ThreadTree/issues/4">2</a> <a href="https://github.com/Two9A/ThreadTree/issues/5">3</a> <a href="https://github.com/Two9A/ThreadTree/issues/6">4</a> <a href="https://github.com/Two9A/ThreadTree/issues/7">5</a>), <a href="https://github.com/systemd-cron/systemd-cron/issues/152">systemd-cron</a></li> <li>Warnings in <a href="https://bugs.debian.org/1083203">kraft</a>, <a href="https://bugs.debian.org/1083204">python3-pypandoc</a></li> </ul> <h1 id="sponsors">Sponsors</h1> <p>All work was done on a volunteer basis.</p> </div> <p class="date"> <a href="http://bonedaddy.net/pabs3/log/2024/11/01/floss-activities/">01 November, 2024 12:57AM</a> </p> </div> </div> </div> <div class="channel"> <h2 class="planet-title"> <a href="https://taavi.wtf/posts/" title="Blog on Taavi Väänänen">Taavi Väänänen</a> <script type="text/javascript">  </script> </h2> <div id="https://taavi.wtf/posts/cloud-vps-custom-domains/" class="https://taavi.wtf/posts/cloud-vps-custom-domains/"> <div class="entry"> <h3 class="entry-title"> <a href="https://taavi.wtf/posts/cloud-vps-custom-domains/">Custom domains on the Wikimedia Cloud VPS web proxy</a> </h3> <div class="content"> <p>The <a href="https://wikitech.wikimedia.org/wiki/Help:Using_a_web_proxy_to_reach_Cloud_VPS_servers_from_the_internet">shared web proxy</a> used on <a href="https://wikitech.wikimedia.org/wiki/Portal:Cloud_VPS">Wikimedia Cloud VPS</a> now has technical support for <a href="https://wikitech.wikimedia.org/wiki/Help:Using_a_web_proxy_to_reach_Cloud_VPS_servers_from_the_internet#Vanity_domains">using arbitrary domains</a> (and not just <code>wmcloud.org</code> subdomains) in proxy names. I think this is a good example of how software slowly evolves over time as new requirements emerge, with each new addition building on top of the previous ones.</p> <p>According to the <a href="https://wikitech.wikimedia.org/w/index.php?title=Help:Using_a_web_proxy_to_reach_Cloud_VPS_servers_from_the_internet&action=history">edit history</a> on Wikitech, the web proxy service has its origins in 2012, although the current idea where you create a proxy and map it to a specific instance and port was only introduced a year later. (Before that, it just directly mapped the subdomain to the VPS instance with the same name).</p> <p>There were some smaller changes in the coming years like the migration to <a href="https://wikitech.wikimedia.org/wiki/Acme-chief">acme-chief</a> for TLS certificate management, but the overall logic stayed very similar until 2020 when the <code>wmcloud.org</code> domain was introduced. That was implemented by adding a config option listing all possible domains, so future domain additions would be as simple as adding the new domain to that list in the configuration.</p> <p>Then the changes start becoming more frequent:</p> <ul> <li>In 2022, for my <a href="https://taavi.wtf/posts/cloud-vps-terraform/">Terraform support project</a>, a bunch of logic, including the list of supported backend domains was moved from the frontend code to the backend. This also made it possible to dynamically change which projects can use which domains suffixes for their proxies.</li> <li>Then, early this year, I added support for zones restricted to a single project, because we wanted to use the proxy for the <code>*.svc.toolforge.org</code> Toolforge infrastructure domains instead of coming up with a new system for that use case. This also added suport for using different TLS certificates for different domains so that we would not have to have a single giant certificate with all the names.</li> <li>Finally, the last step was to add two new features to the proxy system: support for adding a proxy at the <a href="https://en.wikipedia.org/wiki/Subdomain">apex</a> of a domain, as well as support for domains that are not managed in Designate (the Cloud VPS/OpenStack auth DNS service). In addition, we needed a bit of config to ensure <a href="https://letsencrypt.org/docs/challenge-types/#http-01-challenge">http-01</a> challenges get routed to the acme-chief instance.</li> </ul> </div> <p class="date"> <a href="https://taavi.wtf/posts/cloud-vps-custom-domains/">01 November, 2024 12:00AM</a> by Taavi Väänänen (hi@taavi.wtf) </p> </div> </div> </div> <h1>October 31, 2024</h1> <div class="channel"> <a href="https://gwolf.org"> <img class="face" src="heads/gwolf.png" width="69" height="83" alt="hackergotchi for Gunnar Wolf" /> </a> <h2 class="planet-title"> <a href="https://gwolf.org" title="Gunnar Wolf - Nice grey life">Gunnar Wolf</a> <script type="text/javascript">  </script> </h2> <div id="https://gwolf.org/2024/10/do-you-have-a-minute.html" class="https://gwolf.org/2024/10/do-you-have-a-minute.html"> <div class="entry"> <h3 class="entry-title"> <a href="https://gwolf.org/2024/10/do-you-have-a-minute.html">Do you have a minute..?</a> </h3> <div class="content"> <p><a href="https://gwolf.org/files/2024-10/pirata.jpg"><img alt="Do you have a minute...?" src="https://gwolf.org/files/2024-10/pirata.400.jpg" title="Do you have a minute...?" /></a></p> <p>…to talk about the so-called “Intellectual Property”?</p> </div> <p class="date"> <a href="https://gwolf.org/2024/10/do-you-have-a-minute.html">31 October, 2024 10:07PM</a> </p> </div> </div> </div> <h1>October 30, 2024</h1> <div class="channel"> <a href="http://dirk.eddelbuettel.com/blog"> <img class="face" src="heads/dirk.png" width="65" height="90" alt="hackergotchi for Dirk Eddelbuettel" /> </a> <h2 class="planet-title"> <a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <script type="text/javascript">  </script> </h2> <div id="http://dirk.eddelbuettel.com/blog/2024/10/29#gcbd_0.2.7" class="http://dirk.eddelbuettel.com/blog/2024/10/29#gcbd_0.2.7"> <div class="entry"> <h3 class="entry-title"> <a href="http://dirk.eddelbuettel.com/blog/2024/10/29#gcbd_0.2.7">gcbd 0.2.7 on CRAN: More Mere Maintenance</a> </h3> <div class="content"> <p>Another pure maintenance release 0.2.7 of the <a href="https://github.com/eddelbuettel/gcbd">gcbd</a> package is now on <a href="https://cran.r-project.org">CRAN</a>. The <a href="https://github.com/eddelbuettel/gcbd">gcbd</a> proposes a benchmarking framework for LAPACK and BLAS operations (as the library can exchanged in a plug-and-play sense on suitable OSs) and records result in local database. Its original motivation was to also compare to GPU-based operations. However, as it is both challenging to keep CUDA working packages on <a href="https://cran.r-project.org">CRAN</a> providing the basic functionality appear to come and go so testing the GPU feature can be challenging. The main point of <a href="https://github.com/eddelbuettel/gcbd">gcbd</a> is now to actually demonstrate that ‘yes indeed’ we can just swap BLAS/LAPACK libraries without any change to R, or R packages. The ‘configure / rebuild R for xyz’ often seen with ‘xyz’ being Goto or MKL is simply plain wrong: you <em>really</em> can just swap them (on proper operating systems, and R configs – see the package vignette for more). But nomatter how often we aim to correct this record, it invariably raises its head another time.</p> <p>This release accommodates a <a href="https://cran.r-project.org">CRAN</a> change request as we were referencing the (now only suggested) package <code>gputools</code>. As hinted in the previous paragraph, it was once on <a href="https://cran.r-project.org">CRAN</a> but is not right now so we adjusted our reference.</p> <p><a href="https://dirk.eddelbuettel.com/cranberries/">CRANberries</a> also provides a diffstat report <a href="https://dirk.eddelbuettel.com/cranberries/2024/10/29#gcbd_0.2.7">for the latest release</a>.</p> <p>If you like this or other open-source work I do, you can <a href="https://github.com/sponsors/eddelbuettel">sponsor me at GitHub</a>.</p> <p style="font-size: 80%; font-style: italic;"> This post by <a href="https://dirk.eddelbuettel.com">Dirk Eddelbuettel</a> originated on his <a href="https://dirk.eddelbuettel.com/blog/">Thinking inside the box</a> blog. Please report excessive re-aggregation in third-party for-profit settings. </p><p></p> </div> <p class="date"> <a href="http://dirk.eddelbuettel.com/blog/2024/10/29#gcbd_0.2.7">30 October, 2024 01:10AM</a> </p> </div> </div> </div> <h1>October 28, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="http://sven.stormbind.net/blog/" title="a blog">Sven Hoexter</a> <script type="text/javascript">  </script> </h2> <div id="http://sven.stormbind.net/blog/posts/rant_gke_networkpolicy/" class="http://sven.stormbind.net/blog/posts/rant_gke_networkpolicy/"> <div class="entry"> <h3 class="entry-title"> <a href="http://sven.stormbind.net/blog/posts/rant_gke_networkpolicy/">GKE version 1.31.1-gke.1678000+ is a baddy</a> </h3> <div class="content"> <p>Just a "warn your brothers" for people foolish enough to use GKE and run on the Rapid release channel.</p> <p>Update from version <code>1.31.1-gke.1146000</code> to <code>1.31.1-gke.1678000</code> is causing trouble whenever <code>NetworkPolicy</code> resources and a <code>readinessProbe</code> (or health check) are configured. As a workaround we started to remove the <code>NetworkPolicy</code> resources. E.g. when kustomize is involved with a patch like this:</p> <pre><code>- patch: |- $patch: delete apiVersion: "networking.k8s.io/v1" kind: NetworkPolicy metadata: name: dummy target: kind: NetworkPolicy </code></pre> <p>We tried to update to the latest version - right now <code>1.31.1-gke.2008000</code> - which did not change anything. Behaviour is pretty much erratic, sometimes it still works and sometimes the traffic is denied. It also seems that there is some relevant fix in <code>1.31.1-gke.1678000</code> because that is now the oldest release of 1.31.1 which I can find in the regular and rapid release channels. The last known good version <code>1.31.1-gke.1146000</code> is not available to try a downgrade.</p> </div> <p class="date"> <a href="http://sven.stormbind.net/blog/posts/rant_gke_networkpolicy/">28 October, 2024 04:43PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <a href="http://blog.fai-project.org/"> <img class="face" src="heads/mrfai.png" width="76" height="100" alt="hackergotchi for Thomas Lange" /> </a> <h2 class="planet-title"> <a href="http://blog.fai-project.org/" title="FAI (Fully Automatic Installation) / Plan your Installation and FAI installs your Plan">Thomas Lange</a> <script type="text/javascript">  </script> </h2> <div id="http://blog.fai-project.org/posts/faime-30000/" class="http://blog.fai-project.org/posts/faime-30000/"> <div class="entry"> <h3 class="entry-title"> <a href="http://blog.fai-project.org/posts/faime-30000/">30.000 FAIme jobs created in 7 years</a> </h3> <div class="content"> <p>The number of FAIme jobs has reached 30.000. Yeah!<br /> At the end of this November the <a href="https://fai-project.org/FAIme">FAIme web service</a> for building customized ISOs turns 7 years old. It had reached 10.000 jobs in March 2021 and 20.000 jobs were reached in June 2023. A nice increase of the usage.</p> <p>Here are some statistics for the jobs processed in 2024:</p> <h4>Type of jobs</h4> <table> <tbody><tr> <td>3%</td> <td> </td> <td>cloud image</td> </tr> <tr> <td>11%</td> <td> </td> <td>live ISO</td> </tr> <tr> <td>86%</td> <td> </td> <td>install ISO</td> </tr> </tbody></table> <h4>Distribution</h4> <table> <tbody><tr> <td>2%</td> <td> </td> <td>bullseye</td> </tr> <tr> <td>8%</td> <td> </td> <td>trixie</td> </tr> <tr> <td>12%</td> <td> </td> <td>ubuntu 24.04</td> </tr> <tr><td>78%</td> <td> </td> <td>bookworm</td> </tr> </tbody></table> <h4>Misc</h4> <ul> <li> 18% used a custom postinst script</li> <li> 11% provided their ssh pub key for passwordless root login</li> <li> 50% of the jobs didn't included a desktop environment at all, the others used GNOME, XFCE or KDE or the Ubuntu desktop the most.</li> <li>The biggest ISO was a FAIme job which created a live ISO with a desktop and some additional packages This job took 30min to finish and the resulting ISO was 18G in size.</li> </ul> <h2>Execution Times</h2> <p>The cloud and live ISOs need more time for their creation because the FAIme server needs to unpack and install all packages. For the install ISO the packages are only downloaded. The amount of software packages also affects the build time. Every ISO is build in a VM on an old 6-core E5-1650 v2. Times given are calculated from the jobs of the past two weeks.</p> <table> <tbody><tr> <td><b>Job type</b></td> <td> </td> <td><b>Avg</b></td> <td> </td> <td><b>Max</b></td> </tr> <tr> <td>install no desktop</td> <td> </td> <td>1 min</td> <td> </td> <td>2 min</td> </tr> <tr> <td>install GNOME</td> <td> </td> <td>2 min</td> <td> </td> <td>5 min</td> </tr> </tbody></table> <p>The times for Ubuntu without and with desktop are one minute higher than those mentioned above.</p> <table> <tbody><tr> <td><b>Job type</b></td> <td> </td> <td><b>Avg</b></td> <td> </td> <td><b>Max</b></td> </tr> <tr> <td>live no desktop</td> <td> </td> <td>4 min</td> <td> </td> <td>6 min</td> </tr> <tr> <td>live GNOME</td> <td> </td> <td>8 min</td> <td> </td> <td>11 min</td> </tr> </tbody></table> <p>The times for cloud images are similar to live images.</p> <h2>A New Feature</h2> <p>For a few weeks now, the system has been showing the number of jobs ahead of you in the queue when you submit a job that cannot be processed immediately.</p> <h2>The Next Milestone</h2> <p>At the end of this years the FAI project will be 25 years old. If you have a success story of your FAI usage to share please post it to the <a href="https://lists.uni-koeln.de/mailman/listinfo/linux-fai/">linux-fai mailing list</a> or send it to me. Do you know the <a href="https://fai-project.org/questionnaire/">FAI questionnaire</a> ? A lot of reports are already <a href="https://fai-project.org/reports/">available</a>.</p> <p>Here's an <a href="https://blog.fai-project.org/posts/fai-5.9/">overview</a> what happened in the past 20 years in the FAI project.</p> <h2>About FAIme</h2> <p>FAIme is the service for building your own customized ISO via a web interface. You can create an installation or live ISO or a cloud image. Several Debian releases can be selected and also Ubuntu server or Ubuntu desktop installation ISOs can be customized. Multiple options are available like selecting a desktop and the language, adding your own package list, choosing a partition layout, adding a user, choosing a backports kernel, adding a postinst script and some more.</p> </div> <p class="date"> <a href="http://blog.fai-project.org/posts/faime-30000/">28 October, 2024 11:57AM</a> </p> </div> </div> </div> <h1>October 27, 2024</h1> <div class="channel"> <h2 class="planet-title"> <a href="http://www.enricozini.org/tags/pdo" title="Enrico Zini: posts with tag pdo">Enrico Zini</a> <script type="text/javascript">  </script> </h2> <div id="http://www.enricozini.org/blog/2024/python/typing-decorators-for-class-members-with-optional-arguments" class="http://www.enricozini.org/blog/2024/python/typing-decorators-for-class-members-with-optional-arguments"> <div class="entry"> <h3 class="entry-title"> <a href="http://www.enricozini.org/blog/2024/python/typing-decorators-for-class-members-with-optional-arguments">Typing decorators for class members with optional arguments</a> </h3> <div class="content"> <blockquote> <p>This looks straightforward and is far from it. I expect tool support will improve in the future. Meanwhile, this blog post serves as a step by step explanation for what is going on in code that I'm about to push to my team.</p> </blockquote> <p>Let's take this relatively straightforward python code. It has a function printing an int, and a decorator that makes it argument optional, taking it from a global default if missing:</p> <div class="codehilite"><pre><span></span><code><span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">):</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapped</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="n">fiddle</span> <span class="o">=</span> <span class="n">Fiddle</span><span class="p">()</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mocked</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Mocked answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">with</span> <span class="n">mock</span><span class="o">.</span><span class="n">patch</span><span class="o">.</span><span class="n">object</span><span class="p">(</span><span class="n">Fiddle</span><span class="p">,</span> <span class="s2">"print"</span><span class="p">,</span> <span class="n">autospec</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">side_effect</span><span class="o">=</span><span class="n">mocked</span><span class="p">):</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> </code></pre></div> <p>It works nicely as expected:</p> <div class="codehilite"><pre><span></span><code>$ python3 test0.py Answer: 12 Answer: 42 Mocked answer: 12 Mocked answer: None </code></pre></div> <p>It lacks <code>functools.wraps</code> and typing, though. Let's add them.</p> <h2>Adding functools.wraps</h2> <p>Adding a simple <code>@functools.wraps</code>, mock unexpectedly stops working:</p> <div class="codehilite"><pre><span></span><code># python3 test1.py Answer: 12 Answer: 42 Mocked answer: 12 Traceback (most recent call last): File "/home/enrico/lavori/freexian/tt/test1.py", line 42, in <module> fiddle.print() File "<string>", line 2, in print File "/usr/lib/python3.11/unittest/mock.py", line 186, in checksig sig.bind(*args, **kwargs) File "/usr/lib/python3.11/inspect.py", line 3211, in bind return self._bind(args, kwargs) ^^^^^^^^^^^^^^^^^^^^^^^^ File "/usr/lib/python3.11/inspect.py", line 3126, in _bind raise TypeError(msg) from None TypeError: missing a required argument: 'value' </code></pre></div> <p>This is the new code, with explanations and a fix:</p> <div class="codehilite"><pre><span></span><code><span class="c1"># Introduce functools</span> <span class="kn">import</span> <span class="nn">functools</span> <span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">):</span> <span class="nd">@functools</span><span class="o">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="c1"># Fix:</span> <span class="c1"># del wrapped.__wrapped__</span> <span class="k">return</span> <span class="n">wrapped</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">):</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="n">fiddle</span> <span class="o">=</span> <span class="n">Fiddle</span><span class="p">()</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mocked</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Mocked answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">with</span> <span class="n">mock</span><span class="o">.</span><span class="n">patch</span><span class="o">.</span><span class="n">object</span><span class="p">(</span><span class="n">Fiddle</span><span class="p">,</span> <span class="s2">"print"</span><span class="p">,</span> <span class="n">autospec</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">side_effect</span><span class="o">=</span><span class="n">mocked</span><span class="p">):</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="c1"># mock's autospec uses inspect.getsignature, which follows __wrapped__ set</span> <span class="c1"># by functools.wraps, which points to a wrong signature: the idea that</span> <span class="c1"># value is optional is now lost</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> </code></pre></div> <h2>Adding typing</h2> <p>For simplicity, from now on let's change <code>Fiddle.print</code> to match its wrapped signature:</p> <div class="codehilite"><pre><span></span><code> <span class="c1"># Give up with making value not optional, to simplify things :(</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> </code></pre></div> <h3>Typing with ParamSpec</h3> <div class="codehilite"><pre><span></span><code><span class="c1"># Introduce typing, try with ParamSpec</span> <span class="kn">import</span> <span class="nn">functools</span> <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">TYPE_CHECKING</span><span class="p">,</span> <span class="n">ParamSpec</span><span class="p">,</span> <span class="n">Callable</span> <span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="n">P</span> <span class="o">=</span> <span class="n">ParamSpec</span><span class="p">(</span><span class="s2">"P"</span><span class="p">)</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">:</span> <span class="n">Callable</span><span class="p">[</span><span class="n">P</span><span class="p">,</span> <span class="kc">None</span><span class="p">])</span> <span class="o">-></span> <span class="n">Callable</span><span class="p">[</span><span class="n">P</span><span class="p">,</span> <span class="kc">None</span><span class="p">]:</span> <span class="c1"># Using ParamSpec we forward arguments, but we cannot use them!</span> <span class="nd">@functools</span><span class="o">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapped</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> </code></pre></div> <p>mypy complains inside the wrapper, because while we forward arguments we don't constrain them, so we can't be sure there is a <code>value</code> in there:</p> <div class="codehilite"><pre><span></span><code>test2.py:17: error: Argument 2 has incompatible type "int"; expected "P.args" [arg-type] test2.py:19: error: Incompatible return value type (got "_Wrapped[P, None, [Any, int | None], None]", expected "Callable[P, None]") [return-value] test2.py:19: note: "_Wrapped[P, None, [Any, int | None], None].__call__" has type "Callable[[Arg(Any, 'self'), DefaultArg(int | None, 'value')], None]" </code></pre></div> <h3>Typing with Callable</h3> <p>We can use explicit Callable argument lists:</p> <div class="codehilite"><pre><span></span><code><span class="c1"># Introduce typing, try with Callable</span> <span class="kn">import</span> <span class="nn">functools</span> <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">TYPE_CHECKING</span><span class="p">,</span> <span class="n">Callable</span><span class="p">,</span> <span class="n">TypeVar</span> <span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="n">A</span> <span class="o">=</span> <span class="n">TypeVar</span><span class="p">(</span><span class="s2">"A"</span><span class="p">)</span> <span class="c1"># Callable cannot represent the fact that the argument is optional, so now mypy</span> <span class="c1"># complains if we try to omit it</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">:</span> <span class="n">Callable</span><span class="p">[[</span><span class="n">A</span><span class="p">,</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span><span class="p">],</span> <span class="kc">None</span><span class="p">])</span> <span class="o">-></span> <span class="n">Callable</span><span class="p">[[</span><span class="n">A</span><span class="p">,</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span><span class="p">],</span> <span class="kc">None</span><span class="p">]:</span> <span class="nd">@functools</span><span class="o">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">return</span> <span class="n">wrapped</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">if</span> <span class="n">TYPE_CHECKING</span><span class="p">:</span> <span class="n">reveal_type</span><span class="p">(</span><span class="n">Fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">)</span> <span class="n">fiddle</span> <span class="o">=</span> <span class="n">Fiddle</span><span class="p">()</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="c1"># !! Too few arguments for "print" of "Fiddle" [call-arg]</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mocked</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Mocked answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">with</span> <span class="n">mock</span><span class="o">.</span><span class="n">patch</span><span class="o">.</span><span class="n">object</span><span class="p">(</span><span class="n">Fiddle</span><span class="p">,</span> <span class="s2">"print"</span><span class="p">,</span> <span class="n">autospec</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">side_effect</span><span class="o">=</span><span class="n">mocked</span><span class="p">):</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> </code></pre></div> <p>Now mypy complains when we try to omit the optional argument, because Callable cannot represent optional arguments:</p> <div class="codehilite"><pre><span></span><code>test3.py:32: note: Revealed type is "def (test3.Fiddle, Union[builtins.int, None])" test3.py:37: error: Too few arguments for "print" of "Fiddle" [call-arg] test3.py:46: error: Too few arguments for "print" of "Fiddle" [call-arg] </code></pre></div> <p><a href="https://docs.python.org/3/library/typing.html#annotating-callables">typing's documentation</a> says:</p> <blockquote> <p>Callable cannot express complex signatures such as functions that take a variadic number of arguments, overloaded functions, or functions that have keyword-only parameters. However, these signatures can be expressed by defining a Protocol class with a <strong>call</strong>() method:</p> </blockquote> <p>Let's do that!</p> <h3>Typing with Protocol, take 1</h3> <div class="codehilite"><pre><span></span><code><span class="c1"># Introduce typing, try with Protocol</span> <span class="kn">import</span> <span class="nn">functools</span> <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">TYPE_CHECKING</span><span class="p">,</span> <span class="n">Protocol</span><span class="p">,</span> <span class="n">TypeVar</span><span class="p">,</span> <span class="n">Generic</span><span class="p">,</span> <span class="n">cast</span> <span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="n">A</span> <span class="o">=</span> <span class="n">TypeVar</span><span class="p">(</span><span class="s2">"A"</span><span class="p">,</span> <span class="n">contravariant</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Printer</span><span class="p">(</span><span class="n">Protocol</span><span class="p">,</span> <span class="n">Generic</span><span class="p">[</span><span class="n">A</span><span class="p">]):</span> <span class="k">def</span> <span class="fm">__call__</span><span class="p">(</span><span class="n">_</span><span class="p">,</span> <span class="bp">self</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="o">...</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">:</span> <span class="n">Printer</span><span class="p">[</span><span class="n">A</span><span class="p">])</span> <span class="o">-></span> <span class="n">Printer</span><span class="p">[</span><span class="n">A</span><span class="p">]:</span> <span class="nd">@functools</span><span class="o">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">return</span> <span class="n">cast</span><span class="p">(</span><span class="n">Printer</span><span class="p">,</span> <span class="n">wrapped</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="c1"># function has a __get__ method to generated bound versions of itself</span> <span class="c1"># the Printer protocol does not define it, so mypy is now unable to type</span> <span class="c1"># the bound method correctly</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">if</span> <span class="n">TYPE_CHECKING</span><span class="p">:</span> <span class="n">reveal_type</span><span class="p">(</span><span class="n">Fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">)</span> <span class="n">fiddle</span> <span class="o">=</span> <span class="n">Fiddle</span><span class="p">()</span> <span class="c1"># !! Argument 1 to "__call__" of "Printer" has incompatible type "int"; expected "Fiddle"</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mocked</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Mocked answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">with</span> <span class="n">mock</span><span class="o">.</span><span class="n">patch</span><span class="o">.</span><span class="n">object</span><span class="p">(</span><span class="n">Fiddle</span><span class="p">,</span> <span class="s2">"print"</span><span class="p">,</span> <span class="n">autospec</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">side_effect</span><span class="o">=</span><span class="n">mocked</span><span class="p">):</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> </code></pre></div> <p>New mypy complaints:</p> <div class="codehilite"><pre><span></span><code>test4.py:41: error: Argument 1 to "__call__" of "Printer" has incompatible type "int"; expected "Fiddle" [arg-type] test4.py:42: error: Missing positional argument "self" in call to "__call__" of "Printer" [call-arg] test4.py:50: error: Argument 1 to "__call__" of "Printer" has incompatible type "int"; expected "Fiddle" [arg-type] test4.py:51: error: Missing positional argument "self" in call to "__call__" of "Printer" [call-arg] </code></pre></div> <p>What happens with class methods, is that the function object has a <code>__get__</code> method that generates a bound versions of itself. Our Printer protocol does not define it, so mypy is now unable to type the bound method correctly.</p> <h3>Typing with Protocol, take 2</h3> <p>So... we add the function descriptor methos to our Protocol!</p> <p>A lot of this is taken from <a href="https://github.com/python/typing/discussions/1040">this discussion</a>.</p> <div class="codehilite"><pre><span></span><code><span class="c1"># Introduce typing, try with Protocol, harder!</span> <span class="kn">import</span> <span class="nn">functools</span> <span class="kn">from</span> <span class="nn">typing</span> <span class="kn">import</span> <span class="n">TYPE_CHECKING</span><span class="p">,</span> <span class="n">Protocol</span><span class="p">,</span> <span class="n">TypeVar</span><span class="p">,</span> <span class="n">Generic</span><span class="p">,</span> <span class="n">cast</span><span class="p">,</span> <span class="n">overload</span><span class="p">,</span> <span class="n">Union</span> <span class="kn">from</span> <span class="nn">unittest</span> <span class="kn">import</span> <span class="n">mock</span> <span class="n">default</span> <span class="o">=</span> <span class="mi">42</span> <span class="n">A</span> <span class="o">=</span> <span class="n">TypeVar</span><span class="p">(</span><span class="s2">"A"</span><span class="p">,</span> <span class="n">contravariant</span><span class="o">=</span><span class="kc">True</span><span class="p">)</span> <span class="c1"># We now produce typing for the whole function descriptor protocol</span> <span class="c1">#</span> <span class="c1"># See https://github.com/python/typing/discussions/1040</span> <span class="k">class</span> <span class="nc">BoundPrinter</span><span class="p">(</span><span class="n">Protocol</span><span class="p">):</span> <span class="sd">"""Protocol typing for bound printer methods."""</span> <span class="k">def</span> <span class="fm">__call__</span><span class="p">(</span><span class="n">_</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="sd">"""Bound signature."""</span> <span class="k">class</span> <span class="nc">Printer</span><span class="p">(</span><span class="n">Protocol</span><span class="p">,</span> <span class="n">Generic</span><span class="p">[</span><span class="n">A</span><span class="p">]):</span> <span class="sd">"""Protocol typing for printer methods."""</span> <span class="c1"># noqa annotations are overrides for flake8 being confused, giving either D418:</span> <span class="c1"># Function/ Method decorated with @overload shouldn't contain a docstring</span> <span class="c1"># or D105:</span> <span class="c1"># Missing docstring in magic method</span> <span class="c1">#</span> <span class="c1"># F841 is for vulture being confused:</span> <span class="c1"># unused variable 'objtype' (100% confidence)</span> <span class="nd">@overload</span> <span class="k">def</span> <span class="fm">__get__</span><span class="p">(</span> <span class="c1"># noqa: D105</span> <span class="bp">self</span><span class="p">,</span> <span class="n">obj</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">objtype</span><span class="p">:</span> <span class="nb">type</span><span class="p">[</span><span class="n">A</span><span class="p">]</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span> <span class="c1"># noqa: F841</span> <span class="p">)</span> <span class="o">-></span> <span class="n">BoundPrinter</span><span class="p">:</span> <span class="o">...</span> <span class="nd">@overload</span> <span class="k">def</span> <span class="fm">__get__</span><span class="p">(</span> <span class="c1"># noqa: D105</span> <span class="bp">self</span><span class="p">,</span> <span class="n">obj</span><span class="p">:</span> <span class="kc">None</span><span class="p">,</span> <span class="n">objtype</span><span class="p">:</span> <span class="nb">type</span><span class="p">[</span><span class="n">A</span><span class="p">]</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span> <span class="c1"># noqa: F841</span> <span class="p">)</span> <span class="o">-></span> <span class="s2">"Printer[A]"</span><span class="p">:</span> <span class="o">...</span> <span class="k">def</span> <span class="fm">__get__</span><span class="p">(</span> <span class="bp">self</span><span class="p">,</span> <span class="n">obj</span><span class="p">:</span> <span class="n">A</span> <span class="o">|</span> <span class="kc">None</span><span class="p">,</span> <span class="n">objtype</span><span class="p">:</span> <span class="nb">type</span><span class="p">[</span><span class="n">A</span><span class="p">]</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span> <span class="c1"># noqa: F841</span> <span class="p">)</span> <span class="o">-></span> <span class="n">Union</span><span class="p">[</span><span class="n">BoundPrinter</span><span class="p">,</span> <span class="s2">"Printer[A]"</span><span class="p">]:</span> <span class="sd">"""Implement function descriptor protocol for class methods."""</span> <span class="k">def</span> <span class="fm">__call__</span><span class="p">(</span><span class="n">_</span><span class="p">,</span> <span class="bp">self</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="sd">"""Unbound signature."""</span> <span class="k">def</span> <span class="nf">with_default</span><span class="p">(</span><span class="n">f</span><span class="p">:</span> <span class="n">Printer</span><span class="p">[</span><span class="n">A</span><span class="p">])</span> <span class="o">-></span> <span class="n">Printer</span><span class="p">[</span><span class="n">A</span><span class="p">]:</span> <span class="nd">@functools</span><span class="o">.</span><span class="n">wraps</span><span class="p">(</span><span class="n">f</span><span class="p">)</span> <span class="k">def</span> <span class="nf">wrapped</span><span class="p">(</span><span class="bp">self</span><span class="p">:</span> <span class="n">A</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">if</span> <span class="n">value</span> <span class="ow">is</span> <span class="kc">None</span><span class="p">:</span> <span class="n">value</span> <span class="o">=</span> <span class="n">default</span> <span class="k">return</span> <span class="n">f</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">return</span> <span class="n">cast</span><span class="p">(</span><span class="n">Printer</span><span class="p">,</span> <span class="n">wrapped</span><span class="p">)</span> <span class="k">class</span> <span class="nc">Fiddle</span><span class="p">:</span> <span class="c1"># function has a __get__ method to generated bound versions of itself</span> <span class="c1"># the Printer protocol does not define it, so mypy is now unable to type</span> <span class="c1"># the bound method correctly</span> <span class="nd">@with_default</span> <span class="k">def</span> <span class="nf">print</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="p">:</span> <span class="nb">int</span> <span class="o">|</span> <span class="kc">None</span> <span class="o">=</span> <span class="kc">None</span><span class="p">)</span> <span class="o">-></span> <span class="kc">None</span><span class="p">:</span> <span class="k">assert</span> <span class="n">value</span> <span class="ow">is</span> <span class="ow">not</span> <span class="kc">None</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="n">fiddle</span> <span class="o">=</span> <span class="n">Fiddle</span><span class="p">()</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> <span class="k">def</span> <span class="nf">mocked</span><span class="p">(</span><span class="bp">self</span><span class="p">,</span> <span class="n">value</span><span class="o">=</span><span class="kc">None</span><span class="p">):</span> <span class="nb">print</span><span class="p">(</span><span class="s2">"Mocked answer:"</span><span class="p">,</span> <span class="n">value</span><span class="p">)</span> <span class="k">with</span> <span class="n">mock</span><span class="o">.</span><span class="n">patch</span><span class="o">.</span><span class="n">object</span><span class="p">(</span><span class="n">Fiddle</span><span class="p">,</span> <span class="s2">"print"</span><span class="p">,</span> <span class="n">autospec</span><span class="o">=</span><span class="kc">True</span><span class="p">,</span> <span class="n">side_effect</span><span class="o">=</span><span class="n">mocked</span><span class="p">):</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">(</span><span class="mi">12</span><span class="p">)</span> <span class="n">fiddle</span><span class="o">.</span><span class="n">print</span><span class="p">()</span> </code></pre></div> <p>It works! It's typed! And mypy is happy!</p> </div> <p class="date"> <a href="http://www.enricozini.org/blog/2024/python/typing-decorators-for-class-members-with-optional-arguments">27 October, 2024 03:46PM</a> </p> </div> </div> </div> <h1>October 26, 2024</h1> <div class="channel"> <a href="https://blog.einval.com"> <img class="face" src="heads/sledge2.png" width="59" height="72" alt="hackergotchi for Steve McIntyre" /> </a> <h2 class="planet-title"> <a href="https://blog.einval.com" title="Steve's blog">Steve McIntyre</a> <script type="text/javascript">  </script> </h2> <div id="https://blog.einval.com/2024/10/26#Cambridge-2024" class="https://blog.einval.com/2024/10/26#Cambridge-2024"> <div class="entry"> <h3 class="entry-title"> <a href="https://blog.einval.com/2024/10/26#Cambridge-2024">Mini-Debconf in Cambridge, October 10-13 2024</a> </h3> <div class="content"> <p><a href="https://photos.einval.com/gallery/2024_miniconf/aan"><img alt="Group photo" src="https://photos.einval.com/albums/2024_miniconf/aan.sized.jpg" /></a></p> <p>Again this year, <a href="http://www.arm.com/">Arm</a> offered to host us for a <a href="https://wiki.debian.org/DebianEvents/gb/2024/MiniDebConfCambridge">mini-debconf</a> in Cambridge. Roughly 60 people turned up on 10-13 October to the Arm campus, where they made us really welcome. They even had some Debian-themed treats made to spoil us!</p> <p><a href="https://photos.einval.com/gallery/2024_miniconf/aak"><img alt="Cakes" src="https://photos.einval.com/albums/2024_miniconf/aak.sized.jpg" /></a></p> <h2>Hacking together</h2> <p><a href="https://photos.einval.com/gallery/2024_miniconf/aaa"><img alt="minicamp" src="https://photos.einval.com/albums/2024_miniconf/aaa.sized.jpg" /></a></p> <p>For the first two days, we had a "mini-debcamp" with disparate group of people working on all sorts of things: Arm support, live images, browser stuff, package uploads, etc. And (as is traditional) lots of people doing last-minute work to prepare slides for their talks.</p> <h2>Sessions and talks</h2> <p><a href="https://photos.einval.com/gallery/2024_miniconf/aaj"><img alt="Secure Boot talk" src="https://photos.einval.com/albums/2024_miniconf/aaj.sized.jpg" /></a></p> <p>Saturday and Sunday were two days devoted to more traditional conference sessions. Our talks covered a typical range of Debian subjects: a DPL "Bits" talk, an update from the Release Team, live images. We also had some wider topics: handling your own data, what to look for in the upcoming Post-Quantum Crypto world, and even me talking about the ups and downs of Secure Boot. Plus a random set of lightning talks too! :-)</p> <h2>Video team awesomeness</h2> <p><a href="https://photos.einval.com/gallery/2024_miniconf/aam"><img alt="Video team in action" src="https://photos.einval.com/albums/2024_miniconf/aam.sized.jpg" /></a></p> <p>Lots of volunteers from the DebConf video team were on hand too (both on-site and remotely!), so our talks were both streamed live and recorded for posterity - see the links from the individual talk pages in the wiki, or <a href="http://meetings-archive.debian.net/pub/debian-meetings/2024/MiniDebConf-Cambridge/">http://meetings-archive.debian.net/pub/debian-meetings/2024/MiniDebConf-Cambridge/</a> for the full set if you'd like to see more.</p> <h2>A great time for all</h2> <p>Again, the mini-conf went well and feedback from attendees was very positive. Thanks to all our helpers, and of course to our sponsor: <a href="http://www.arm.com/">Arm</a> for providing the venue and infrastructure for the event, and all the food and drink too!</p> <p>Photo credits: Andy Simpkins, Mark Brown, Jonathan Wiltshire. Thanks!</p> </div> <p class="date"> <a href="https://blog.einval.com/2024/10/26#Cambridge-2024">26 October, 2024 08:54PM</a> </p> </div> </div> </div> <h1>October 25, 2024</h1> <div class="channel"> <a href="https://jmtd.net/log/"> <img class="face" src="heads/jmtd.png" width="65" height="85" alt="hackergotchi for Jonathan Dowland" /> </a> <h2 class="planet-title"> <a href="https://jmtd.net/log/" title="Jonathan Dowland's Weblog">Jonathan Dowland</a> <script type="text/javascript">  </script> </h2> <div id="https://jmtd.net/log/synths/model-d/" class="https://jmtd.net/log/synths/model-d/"> <div class="entry"> <h3 class="entry-title"> <a href="https://jmtd.net/log/synths/model-d/">Behringer Model-D (synths I didn't buy)</a> </h3> <div class="content"> <p>Whilst researching what synth to buy, I learned of the Behringer<sup id="fnref:1"><a href="https://jmtd.net/log/#fn:1" rel="footnote">1</a></sup> Model-D<sup id="fnref:2"><a href="https://jmtd.net/log/#fn:2" rel="footnote">2</a></sup>: a 2018 clone of the 1970 Moog Minimoog, in a desktop form factor.</p> <div class="image"> <a href="https://commons.wikimedia.org/wiki/File:Behringer_Model_D_7843.jpg"><img alt="Behringer Model-D" class="img" height="274" src="https://jmtd.net/log/synths/model-d/400x-model-d.jpg" width="400" /></a> <p>Behringer Model-D</p> </div> <p>In common with the original Minimoog, it's a monophonic analogue synth, featuring three audible oscillators<sup id="fnref:3"><a href="https://jmtd.net/log/#fn:3" rel="footnote">3</a></sup> , Moog's famous 12-ladder filter and a basic envelope generator. The model-d has lost the keyboard from the original and added some patch points for the different stages, enabling some slight re-routing of the audio components.</p> <div class="centre"> <div class="image"> <a href="https://commons.wikimedia.org/wiki/File:Minimoog.JPG"><img alt="1970 Moog Minimoog" class="img" height="231" src="https://jmtd.net/log/synths/model-d/400x-minimoog.jpg" width="400" /></a> <p>1970 Moog Minimoog</p> </div> </div> <p>Since I was focussing <a href="https://jmtd.net/log/synths/microfreak/">on more fundamental, back-to-basics instruments</a>, this was very appealing to me. I'm very curious to find out what's so compelling about the famous Moog sound. The relative lack of features feels like an advantage: less to master. The additional patch points makes it a little more flexible and offer a potential gateway into the world of modular synthesis. The Model-D is also very affordable: about £ 200 GBP. I'll never own a real Moog.</p> <p>For this to work, I would need to supplement it with some other equipment. I'd need a keyboard (or press the Micron into service as a controller); I would want some way of recording and overdubbing (same as with any synth). There are no post-mix effects on the Model-D, such as delay, reverb or chorus, so I may also want something to add those.</p> <p>What stopped me was partly the realisation that there was little chance that a perennial beginner, such as I, could eek anything novel out of a synthesiser design that's 54 years old. Perhaps that shouldn't matter, but it gave me pause. Whilst the Model-D has patch points, I don't have anything to connect to them, and I'm firmly wanting to avoid the Modular Synthesis money pit. The lack of effects, and polyphony could make it hard to live-sculpt a tone.</p> <p>I started characterizing the Model-D as the "heart" choice, but it seemed wise to instead go for a "head" choice.</p> <p>Maybe another day!</p> <div class="footnotes"> <hr /> <ol> <li id="fn:1"> There's a whole other blog post of material I could write about Behringer and their clones of classic synths, some long out of production, and others, not so much. But, I decided to skip on that for now.<a href="https://jmtd.net/log/#fnref:1" rev="footnote">↩</a></li> <li id="fn:2"> taken from the fact that the Minimoog was a productised version of Moog's fourth internal prototype, the model D.<a href="https://jmtd.net/log/#fnref:2" rev="footnote">↩</a></li> <li id="fn:3"> 2 oscillators is more common in modern synths<a href="https://jmtd.net/log/#fnref:3" rev="footnote">↩</a></li> </ol> </div> </div> <p class="date"> <a href="https://jmtd.net/log/synths/model-d/">25 October, 2024 03:56PM</a> </p> </div> </div> </div> <h1></h1> <div class="channel"> <h2 class="planet-title"> <a href="https://diffoscope.org/" title="diffoscope">Reproducible Builds (diffoscope)</a> <script type="text/javascript">  </script> </h2> <div id="https://diffoscope.org/news/diffoscope-282-released/" class="https://diffoscope.org/news/diffoscope-282-released/"> <div class="entry"> <h3 class="entry-title"> <a href="https://diffoscope.org/news/diffoscope-282-released/">diffoscope 282 released</a> </h3> <div class="content"> <p>The diffoscope maintainers are pleased to announce the release of diffoscope version <code class="language-plaintext highlighter-rouge">282</code>. This version includes the following changes:</p> <div class="language-plaintext highlighter-rouge"><div class="highlight"><pre class="highlight"><code>[ Chris Lamb ] * Ignore errors when listing .ar archives. (Closes: #1085257) * Update copyright years. </code></pre></div></div> <p>You find out more by <a href="https://diffoscope.org">visiting the project homepage</a>.</p> </div> <p class="date"> <a href="https://diffoscope.org/news/diffoscope-282-released/">25 October, 2024 12:00AM</a> </p> </div> </div> </div> <h1>October 24, 2024</h1> <div class="channel"> <a href="https://00formicapunk00.wordpress.com"> <img class="face" src="heads/manu.png" width="65" height="85" alt="hackergotchi for Emmanuel Kasper" /> </a> <h2 class="planet-title"> <a href="https://00formicapunk00.wordpress.com" title="floss – formicapunk">Emmanuel Kasper</a> <script type="text/javascript">  </script> </h2> <div id="https://00formicapunk00.wordpress.com/2024/10/24/back-to-blogging-and-running-a-feed-reader-as-a-containerized-systemd-service/" class="https://00formicapunk00.wordpress.com/2024/10/24/back-to-blogging-and-running-a-feed-reader-as-a-containerized-systemd-service/"> <div class="entry"> <h3 class="entry-title"> <a href="https://00formicapunk00.wordpress.com/2024/10/24/back-to-blogging-and-running-a-feed-reader-as-a-containerized-systemd-service/">back to blogging and running a feed reader as a containerized systemd service</a> </h3> <div class="content"> <div class="wp-block-jetpack-markdown"><p>After reading about <a href="https://www.earth.li/~noodles/blog/2022/12/setting-up-freshrss-subdirectory.html">Jonathan McDowell feed reader install</a> and the <a href="https://bringback.blog/">back to blogging initiative</a>, I decided to install a feed reader to follow all those nice blog posts. With a feed reader you can compose your own feed of news based on blog posts, websites, mastodon toots. And then you are independant from ad oriented ranking algorithms of social networks.</p> <p>Since Jonathan used <a href="https://www.freshrss.org/">FreshRSS</a> as a feed reader, I started with the same software. On a quick glance on its github page, it sounded like a good project:</p> <ul> <li>active contributions</li> <li>different channels for <em>stable</em> and <em>latest</em> version of the software</li> <li>container images pointing to the <em>stable</em> release</li> <li>support multiple databases for storage, including PostgreSQL</li> <li>correct documentation mentioning security caveats</li> </ul> <p>I prefer to do the container image installation using podman since:</p> <ul> <li>upgrades from FreshRSS are easy to do and can be done separately from operating system upgrades</li> <li>I do not mess my based operating system with php (subjective) and in case of a compromized freshrss, the freshrss/apache install would be still restrained to its <a href="https://opensource.com/article/21/8/container-linux-technology">own Linux namespaces</a>, separated from the rest of the system.</li> </ul> <p>Podman is image compatible with Docker as they both implement the OCI runtime specification, and have a nearly identical command line interface. This installation will be done on a Debian server, but should work too on any Linux distribution.</p> <h2>Initial setup</h2> <ul> <li>start a container image based on the start command provided by the FreshRSS project. The <strong><code>podman</code></strong> command line is nearly identical to the <strong><code>docker</code></strong> command line, excepts that <strong><code>podman</code></strong> expects the fully qualified domain name associated with the container image, and I chose to run the freshrss container on the localhost interface only. I also use a defined version tag, because using the <code>latest</code> tag makes it complicated to track which exact ersion I have installed.</li> </ul> <pre><code># podman pull docker.io/freshrss/freshrss:1.20.1 # podman run --detach --restart unless-stopped --log-opt max-size=10m \ --publish 127.0.0.1:8081:80 \ --env TZ=Europe/Paris \ --env 'CRON_MIN=1,31' \ --volume freshrss_data:/var/www/FreshRSS/data \ --volume freshrss_extensions:/var/www/FreshRSS/extensions \ --name freshrss \ docker.io/freshrss/freshrss:1.20.1 </code></pre> <ul> <li>verify where the podman volumes have been created. This is where the user data of freshrss will be stored.</li> </ul> <pre><code># podman volume ls # podman volume inspect freshrss_data </code></pre> <ul> <li>now that freshrss is installed, you can start its configuration wizard at localhost:8081. You should keep the default sqlite choice</li> <li>finally after running the wizard, you can login again and add some feeds</li> <li>verify that your config has been stored outside the container, and inside the volume (so that it will not be erased in case of upgrages)</li> </ul> <pre><code># ls -l /var/lib/containers/storage/volumes/freshrss_data/_data/users/ </code></pre> <ul> <li>verify the state of sqlite database</li> </ul> <pre><code>echo '.tables'| sqlite3 /var/lib/containers/storage/volumes/freshrss_data/_data/users/<your freshrss user>/db.sqlite category entry entrytag entrytmp feed tag </code></pre> <h2>Going with FreshRSS in Production</h2> <p>Podman has this very nice feature that it can generate a systemd unit from a running container, and use systemd to start a container on boot. This is in contrary to docker where the docker daemon does the stop/start of containers on boot. I prefer the systemd approach as it treats containers the same way as other system services.</p> <p>Once the freshrss container is running we can generate a systemd unit of it with:</p> <pre><code># podman generate systemd --new --name freshrss | tee /etc/systemd/system/container-freshrss.service </code></pre> <p>Let’s stop the container we started previously, and use systemd to manage it:</p> <pre><code># podman stop freshrss # systemctl enable --now container-freshrss.service </code></pre> <p>We can verify that we have a listening socket on the localhost interface, on the source port 8081</p> <pre><code># systemctl status container-freshrss.service ... # ss --listening --numeric --process '( sport = 8081 )' Netid State Recv-Q Send-Q Local Address:Port Peer Address:Port Process tcp LISTEN 0 4096 127.0.0.1:8081 0.0.0.0:* users:(("conmon",pid=4464,fd=5)) </code></pre> <p>Nota Bene: <strong><code>conmon (8)</code></strong> is the process managing the network namespace in which fresh-rss is running, hence it is displayed as the process owning the listening socket</p> <h2>Exposing FreshRSS to the external world</h2> <p>We have now a running service, but we need to make it reachable from the internet. The simplest, classical way, is to create a subdomain and a VirtualHost configured as a reverse proxy to access the service at 127.0.0.1:8081. Fortunately the FreshRSS authors have documented this setup in <a href="https://github.com/FreshRSS/FreshRSS/tree/edge/Docker#alternative-reverse-proxy-using-apache">https://github.com/FreshRSS/FreshRSS/tree/edge/Docker#alternative-reverse-proxy-using-apache</a> and those steps are no different from a standard application behind a web reverse proxy.</p> <h2>Upgrading freshrss container to a newer version</h2> <p>A documentation showing how to install a piece of software is nothing when it does not show how to upgrade that said software. Installing is easy, upgrading is where the challenge is. Fortunately to the good stateless design of freshrss (everything is in the sqlite database, which is backed by a non-epheremal volume in our setup), switchting versions is a peace of cake.</p> <pre><code># podman pull docker.io/freshrss/freshrss:1.20.2 # systemctl stop container-freshrss.service # sed -i 's,docker.io/freshrss/freshrss:1.20.1,docker.io/freshrss/freshrss:1.20.2,' /etc/systemd/system/container-freshrss.service # systemctl daemon-reload # systemctl start container-freshrss.service </code></pre> <p>If you need to rollback, you just need to revert version numbers in the instruction above.</p> <h2>Enjoy your own reader feed !</h2> <p>I will add the following feeds of blogs I like, let us see if I follow them better with a feed reader !</p> </div> <p></p> </div> <p class="date"> <a href="https://00formicapunk00.wordpress.com/2024/10/24/back-to-blogging-and-running-a-feed-reader-as-a-containerized-systemd-service/">24 October, 2024 07:33PM</a> by Manu </p> </div> </div> </div> </div> <div id="sidebar"> <h1>Search</h1> <form method="GET" action="https://planet-search.debian.org/cgi-bin/search.cgi"> <input type="text" name="terms" value=""> </form> <hr /> <p> A complete feed is available in any of your favourite syndication formats linked by the buttons below. </p> <p> <a href="rss10.xml"><img class="button" src="common/rss10.png" width="80" height="15" alt="[RSS 1.0 Feed]"></a> <a href="rss20.xml"><img class="button" src="common/rss20.png" width="80" height="15" alt="[RSS 2.0 Feed]"></a> <a href="atom.xml"><img class="button" src="common/atom.png" width="80" height="15" alt="[Atom Feed]"></a> <a href="foafroll.xml"><img class="button" src="common/foaf.png" width="80" height="15" alt="[FOAF Subscriptions]"></a> <a href="opml.xml"><img class="button" src="common/opml.png" width="80" height="15" alt="[OPML Subscriptions]"></a> <a href="http://www.catb.org/hacker-emblem/"><img class="button" src="common/hacker.png" width="80" height="15" alt="[Hacker]"></a> <a href="https://www.intertwingly.net/code/venus/"><img class="button" src="common/planet.png" width="80" height="15" alt="[Planet]"></a> </p> <p> Last updated: 27 Nov 2024 14:00<br>All times are UTC.<br> Contact: <a href="mailto:planet@debian.org">Debian Planet Maintainers</a> </p> <h2>Planetarium</h2> <ul> <li><a href="https://planet.debian.org/">Planet Debian</a></li> <li><a href="https://planet.debian.org/deriv/">Planet Debian Derivatives</a></li> <li><a href="https://planet.debian.org/es/">Planet Debian Spanish</a></li> <li><a href="https://planet.debian.org/fr/">Planet Debian French</a></li> </ul> <div id="unhide-all" style="display:none;"> <h2>Hidden Feeds</h2> <p>You currently have hidden entries. <a href="#" onClick="excludeNone(); return false">Show all</a></p> </div> <h2>Subscriptions</h2> <ul> <li><a href="" title=""></a> <a href="">(feed)</a></li> <li><a href="https://abhijithpa.in/" title="Abhijith PA | അഭിജിത്ത് പി എ">Abhijith PA</a> <a href="https://abhijithpa.in/feed.debian.xml">(feed)</a></li> <li><a href="https://ajadi-abiola.github.io/" title="Abiola Ajadi">Abiola Ajadi</a> <a href="https://ajadi-abiola.github.io/feed.xml">(feed)</a></li> <li><a href="http://adam.rosi-kessel.org/weblog" title="The Substantially Similar Weblog">Adam Rosi-Kessel</a> <a href="http://adam.rosi-kessel.org/weblog/feed">(feed)</a></li> <li><a href="https://foolcontrol.org" title="FoolControl: Phear the penguin">Adnan Hodzic</a> <a href="https://foolcontrol.org/?feed=rss2">(feed)</a></li> <li><a href="https://deaddabe.fr/" title="deaddabe - debian">Agathe Porte</a> <a href="https://deaddabe.fr/feeds/tag.debian.atom.xml">(feed)</a></li> <li><a href="http://aigarius.com/categories/debian-planet/" title="Aigarius Blog (Posts about Debian-planet)">Aigars Mahinovs</a> <a href="https://aigarius.com/categories/debian-planet.atom">(feed)</a></li> <li><a href="https://blogs.igalia.com/berto" title="Debian – The world won't listen">Alberto García</a> <a href="https://blogs.igalia.com/berto/category/debian/feed/">(feed)</a></li> <li><a href="http://codergals.github.io/" title="Coder Gals">Albiona Hoti</a> <a href="https://codergals.github.io/feed.xml">(feed)</a></li> <li><a href="http://alerios-en.blogspot.com/" title="alerios (english version)">Alejandro Rios P.</a> <a href="http://alerios-en.blogspot.com/atom.xml">(feed)</a></li> <li><a href="https://log.alexm.org" title="debian – my $log;">Alex Muntada</a> <a href="https://log.alexm.org/category/debian/feed/">(feed)</a></li> <li><a href="https://blog.snow-crash.org/tags/debian/" title="debian on a place called home">Alexander Wirt</a> <a href="https://blog.snow-crash.org/tags/debian/index.xml">(feed)</a></li> <li><a href="https://alexandreviau.ca/blog/" title="Alexandre Viau's blog">Alexandre Viau</a> <a href="https://alexandreviau.ca/blog/index.xml">(feed)</a></li> <li><a href="https://blog.creekorful.org/" title="Aloïs Micard">Aloïs Micard</a> <a href="https://blog.creekorful.org/index.xml">(feed)</a></li> <li><a href="https://ekaia.org/" title="Ana Guerrero Lopez - planet-debian">Ana Beatriz Guerrero Lopez</a> <a href="https://ekaia.org/blog/feed/planet-debian.rss">(feed)</a></li> <li><a href="https://moonkin.github.io/" title="Moonkin’s blog">Anastasia Tsikoza</a> <a href="https://moonkin.github.io/feed.xml">(feed)</a></li> <li><a href="https://activelow.net/tags/pdo/" title="pdo on Active Low">Andreas Bombe</a> <a href="https://activelow.net/tags/pdo/index.xml">(feed)</a></li> <li><a href="http://www.bebt.de/blog/debian" title="nutmeg's blog">Andreas Metzler</a> <a href="https://www.bebt.de/blog/debian/rss.xml">(feed)</a></li> <li><a href="https://www.gusnan.se/blog" title="Debian – Gusnans blog">Andreas Rönnquist</a> <a href="http://www.gusnan.se/blog/category/Debian/feed/">(feed)</a></li> <li><a href="http://schuldei.blogspot.com/" title="schuldei.org">Andreas Schuldei</a> <a href="http://schuldei.blogspot.com/atom.xml">(feed)</a></li> <li><a href="http://andreeleidenfrost.blogspot.com/" title="Andree&#39;s Debian &amp; General Musings">Andree Leidenfrost</a> <a href="http://andreeleidenfrost.blogspot.com/atom.xml">(feed)</a></li> <li><a href="http://libcxx-gsoc.blogspot.com/" title="GSoC 2012 libc++ porting blog">Andrej Belym</a> <a href="http://libcxx-gsoc.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="https://blog.shadura.me/" title="Andrej’s notes">Andrej Shadura</a> <a href="https://blog.shadura.me/atom.xml">(feed)</a></li> <li><a href="http://flosslinuxblog.blogspot.com/" title="FLOSSLinux">Andrew Cater</a> <a href="http://flosslinuxblog.blogspot.com/atom.xml">(feed)</a></li> <li><a href="http://blog.andrew.net.au" title="Diary of a geek">Andrew Pollock</a> <a href="http://blog.andrew.net.au/planetdebian/index.rss">(feed)</a></li> <li><a href="https://blog.koipond.org.uk" title="Debian – Koipond">Andy Simpkins</a> <a href="https://blog.koipond.org.uk/archives/tag/debian/feed">(feed)</a></li> <li><a href="https://anisakuci.com/" title="Anisa Kuci">Anisa Kuci</a> <a href="https://anisakuci.com/feed.xml">(feed)</a></li> <li><a href="https://anarc.at/tag/debian-planet/" title="pages tagged debian-planet">Antoine Beaupré</a> <a href="https://anarc.at/tag/debian-planet/index.rss">(feed)</a></li> <li><a href="https://gladk.de/tags/debian/" title="debian on gladk.de">Anton Gladky</a> <a href="https://gladk.de/tags/debian/index.xml">(feed)</a></li> <li><a href="https://terceiro.xyz/" title="Antonio Terceiro">Antonio Terceiro</a> <a href="https://terceiro.xyz/feed.xml">(feed)</a></li> <li><a href="https://antti-juhani.kaijanaho.fi/newblog" title="Debian – Antti-Juhani Kaijanaho">Antti-Juhani Kaijanaho</a> <a href="https://antti-juhani.kaijanaho.fi/newblog/archives/tag/debian/feed">(feed)</a></li> <li><a href="https://weeraman.com/" title="Anuradha Weeraman">Anuradha Weeraman</a> <a href="https://weeraman.com/rss/">(feed)</a></li> <li><a href="https://arianit2.wordpress.com" title="debian – Arianit's Blog">Arianit Dobroshi</a> <a href="https://arianit2.wordpress.com/tag/debian/feed/">(feed)</a></li> <li><a href="https://arnaudr.io/" title="Arnaud R - planet-debian">Arnaud Rebillout</a> <a href="https://arnaudr.io/feeds/tags/planet-debian.atom.xml">(feed)</a></li> <li><a href="https://blogs.gnome.org/happyaron" title="Debian – True EDGE">Aron Xu</a> <a href="https://blogs.gnome.org/happyaron/category/debian/feed/rss/">(feed)</a></li> <li><a href="http://www.arthurbdiniz.com/" title="Arthur Diniz">Arthur Diniz</a> <a href="https://arthurbdiniz.com/feed.xml">(feed)</a></li> <li><a href="https://ral-arturo.org/" title="ral-arturo.org">Arturo Borrero González</a> <a href="https://ral-arturo.org/feed.xml">(feed)</a></li> <li><a href="https://athoscr.me/categories/debian/" title="Debian on /home/athos">Athos Ribeiro</a> <a href="https://athoscr.me/categories/debian/index.xml">(feed)</a></li> <li><a href="https://blog.aurel32.net/" title="Aurélien Jarno">Aurelien Jarno</a> <a href="https://blog.aurel32.net/feed">(feed)</a></li> <li><a href="http://noone.org/blog/English/Computer/Shell" title="Blogging is futile">Axel Beckert</a> <a href="http://noone.org/blog/English/index.rss">(feed)</a></li> <li><a href="https://ayoyimika.hashnode.dev" title="Ayoyimika">Ayoyimika Ajibade</a> <a href="https://ayoyimika.hashnode.dev/rss.xml">(feed)</a></li> <li><a href="https://balasankarc.in/" title="Balasankar C">Balasankar 'Balu' C</a> <a href="https://balasankarc.in/tech/feed.xml">(feed)</a></li> <li><a href="https://bblank.thinkmo.de/" title="Some Place for Me">Bastian Blank</a> <a href="https://bblank.thinkmo.de/feeds/sub-debian-planet.atom.xml">(feed)</a></li> <li><a href="https://venthur.de/" title="still don't have a title">Bastian Venthur</a> <a href="https://venthur.de/atom.xml">(feed)</a></li> <li><a href="http://www.gag.com/bdale/blog/index.html" title="Bits from the Basement">Bdale Garbee</a> <a href="https://gag.com/bdale/blog/index.rss">(feed)</a></li> <li><a href="https://www.decadent.org.uk/ben/blog/" title="Better living through software">Ben Hutchings</a> <a href="https://www.decadent.org.uk/ben/blog/index.atom">(feed)</a></li> <li><a href="https://overbenny.wordpress.com" title="Planet Debian – Overbenny's Blog">Benjamin Drung</a> <a href="https://overbenny.wordpress.com/category/planet-debian/feed/atom/">(feed)</a></li> <li><a href="" title="">Benjamin Kerensa</a> <a href="https://benjaminkerensa.com/category/debian/feed">(feed)</a></li> <li><a href="https://mako.cc/copyrighteous" title="copyrighteous">Benjamin Mako Hill</a> <a href="https://mako.cc/copyrighteous/feed">(feed)</a></li> <li><a href="https://bzed.de/categories/linux/" title="linux on linux & the mountains">Bernd Zeimetz</a> <a href="https://bzed.de/categories/linux/index.xml">(feed)</a></li> <li><a href="http://blog.brlink.eu/index.html" title="Bernhard R. Link">Bernhard R. Link</a> <a href="http://blog.brlink.eu/changelog.rss">(feed)</a></li> <li><a href="https://gabriellacoleman.org/blog" title="Interprete">Biella Coleman</a> <a href="https://gabriellacoleman.org/blog/?feed=rss2">(feed)</a></li> <li><a href="https://dev.to/warbilly" title="DEV Community: Billy Warren">Billy Warren</a> <a href="https://dev.to/feed/warbilly">(feed)</a></li> <li><a href="https://bisco.org/tags/debian/" title="debian on bisco.org">Birger Schacht</a> <a href="https://bisco.org/tags/debian/index.xml">(feed)</a></li> <li><a href="https://bits.debian.org/" title="Bits from Debian">Bits from Debian</a> <a href="https://bits.debian.org/feeds/feed.rss">(feed)</a></li> <li><a href="https://www.sommitrealweird.co.uk/blog/" title="The World of SommitRealWeird.">Brett Parker</a> <a href="https://www.sommitrealweird.co.uk/feeds/blog/">(feed)</a></li> <li><a href="https://bgoglin.livejournal.com/" title="Brice Goglin's Blog">Brice Goglin</a> <a href="https://bgoglin.livejournal.com/data/rss?tag=planet.d.o">(feed)</a></li> <li><a href="https://balintreczey.hu/blog" title="debian – Obsessed with reality">Bálint Réczey</a> <a href="https://balintreczey.hu/blog/tag/debian/feed/">(feed)</a></li> <li><a href="https://wp.c9h.org/cj" title="debian – Clerical Rigor">C.J. Collier</a> <a href="https://wp.colliertech.org/cj/?cat=17&feed=rss2">(feed)</a></li> <li><a href="https://chainofcommand.hashnode.dev" title="Angles and Braces">Caleb Adepitan</a> <a href="https://chainofcommand.hashnode.dev/rss.xml">(feed)</a></li> <li><a href="https://stringpiggy.hpd.io" title="debian – StringPiggy">Candy Tsai</a> <a href="https://stringpiggy.hpd.io/tag/debian/feed/">(feed)</a></li> <li><a href="https://admincarlchenet.wordpress.com" title="Carl Chenet">Carl Chenet</a> <a href="https://admincarlchenet.wordpress.com/category/debian/feed/">(feed)</a></li> <li><a href="http://bootdebian.blogspot.com/" title="Improve the Debian boot process - blog">Carlos Villegas</a> <a href="http://bootdebian.blogspot.com/atom.xml">(feed)</a></li> <li><a href="http://charles.plessy.org/Debian/planet/" title="Planet">Charles Plessy</a> <a href="https://charles.plessy.org/Debian/planet/index.en.rss">(feed)</a></li> <li><a href="https://crispygoth.livejournal.com/" title="ChrisB">Chris Butler</a> <a href="https://crispygoth.livejournal.com/data/rss?tag=planet">(feed)</a></li> <li><a href="https://chris-lamb.co.uk/blog/category/planet-debian" title="lamby: Items or syndication on Planet Debian.">Chris Lamb</a> <a href="https://chris-lamb.co.uk/blog/category/planet-debian/feed">(feed)</a></li> <li><a href="https://blog.lordsutch.com/" title="Signifying Nothing">Chris Lawrence</a> <a href="https://blog.lordsutch.com/feed/?topic=5&topic=12&topic=10&topic=49&author=1">(feed)</a></li> <li><a href="https://www.kvr.at/" title="Christian Kastner">Christian Kastner</a> <a href="https://www.kvr.at/rss.xml">(feed)</a></li> <li><a href="http://blog.spang.cc/tags/planet-debian/" title="tags/planet-debian">Christine Spang</a> <a href="http://blog.spang.cc/tags/planet-debian/index.rss">(feed)</a></li> <li><a href="https://www.df7cb.de/blog/tag/debian.html" title="Myon's Debian Blog">Christoph Berg</a> <a href="https://www.df7cb.de/blog/tag/debian.rss">(feed)</a></li> <li><a href="https://weblog.christoph-egger.org/" title="Christoph's last Weblog entries">Christoph Egger</a> <a href="https://weblog.christoph-egger.org//index.rss">(feed)</a></li> <li><a href="https://xana.scru.org" title="Yammering">Clint Adams</a> <a href="https://xana.scru.org/rivercrabbed-debian.atom">(feed)</a></li> <li><a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/" title="Colin Watson's blog - planet-debian">Colin Watson</a> <a href="https://www.chiark.greenend.org.uk/~cjwatson/blog/feeds/tag/planet-debian.atom.xml">(feed)</a></li> <li><a href="http://blog.taz.net.au" title="Errata">Craig Sanders</a> <a href="http://blog.taz.net.au/feed/">(feed)</a></li> <li><a href="http://mraw.org/blog/" title="KiBi’s blog">Cyril Brulebois</a> <a href="https://mraw.org/blog/index.rss">(feed)</a></li> <li><a href="https://mirrorlynx.livejournal.com/" title="Dan Weber">Dan Weber</a> <a href="https://mirrorlynx.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://dkg.fifthhorseman.net/blog/" title="dkg's blog">Daniel Kahn Gillmor</a> <a href="https://dkg.fifthhorseman.net/blog/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://daniel-lange.com/" title="Daniel Lange's blog">Daniel Lange</a> <a href="https://daniel-lange.com/feeds/atom.xml">(feed)</a></li> <li><a href="https://www.wgdd.de/search/label/planet-debian" title="[erfahrungen, meinungen, halluzinationen]">Daniel Leidert</a> <a href="https://www.wgdd.de/feeds/posts/default/-/planet-debian">(feed)</a></li> <li><a href="http://tdi.github.io/" title="Blog">Dariusz Dwornikowski</a> <a href="https://tdi.github.io/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://www.foxk.it/blog/" title="Blogs on Foxk.it">Dave Hibberd</a> <a href="https://foxk.it/blog/index.xml">(feed)</a></li> <li><a href="https://www.cs.unb.ca/~bremner//blog/tags/planet/" title="blog/tags/planet">David Bremner</a> <a href="http://www.cs.unb.ca/~bremner/blog/tags/planet/index.rss">(feed)</a></li> <li><a href="https://david.kalnischkies.de/blog" title="apt-get a life">David Kalnischkies</a> <a href="https://david.kalnischkies.de/blog/index.rss">(feed)</a></li> <li><a href="https://damog.net/blog/tag/debian/" title="debian on David Moreno's blog">David Moreno</a> <a href="https://damog.net/blog/tag/debian/atom.xml">(feed)</a></li> <li><a href="https://gravityboy.livejournal.com/" title="To The Point Of Collapse">David Nusinow</a> <a href="https://gravityboy.livejournal.com/data/rss">(feed)</a></li> <li><a href="http://www.hanskalabs.net/" title="HanskaLabs (planet)">David Paleino</a> <a href="http://www.hanskalabs.net/categories/planet.xml">(feed)</a></li> <li><a href="http://planetwatson.co.uk/categories/planet-debian/" title="Entries for the category Planet Debian">David Watson</a> <a href="http://planetwatson.co.uk/feeds/categories/planet-debian">(feed)</a></li> <li><a href="http://dwgsoc09blog.blogspot.com/search/label/to-debian-gsoc" title="David Wendt's GSoC Updates Blog">David Wendt Jr.</a> <a href="http://dwgsoc09blog.blogspot.com/feeds/posts/default/-/to-debian-gsoc">(feed)</a></li> <li><a href="http://zinosat.blogspot.com/" title="Yeah!">Davide Viti</a> <a href="http://zinosat.blogspot.com/atom.xml">(feed)</a></li> <li><a href="" title="">DebConf team</a> <a href="https://bits.debian.org/tag/debconf.html">(feed)</a></li> <li><a href="https://debianbrasil.org.br/" title="Debian Brasil">Debian Brasil</a> <a href="https://debianbrasil.org.br/english-feed.xml">(feed)</a></li> <li><a href="https://java-team.pages.debian.net/gsoc-kotlin-blog/" title="Debian GSoC Kotlin project">Debian GSoC Kotlin project blog</a> <a href="https://java-team.pages.debian.net/gsoc-kotlin-blog/atom.xml">(feed)</a></li> <li><a href="http://java.debian.net/blog/" title="Debian Java News">Debian Java Packaging Team</a> <a href="https://java.debian.net/blog/atom.xml">(feed)</a></li> <li><a href="http://debianmed.blogspot.com/" title="Debian in Biology and Medicine">Debian Med</a> <a href="http://feeds.feedburner.com/DebianInBiologyAndMedicine">(feed)</a></li> <li><a href="https://bits.debian.org/dpl/" title="Debian Project Leader Blog">Debian Project Leader</a> <a href="https://bits.debian.org/dpl/feeds/feed.rss">(feed)</a></li> <li><a href="https://wordpress.debian.social" title="debian.social blog">Debian Social Team</a> <a href="https://wordpress.debian.social/feed/">(feed)</a></li> <li><a href="https://dsa.debian.org//dsablog/" title="Debian System Administrators' Blog">Debian Sysadmin Team</a> <a href="https://dsa.debian.org/dsablog/index.rss">(feed)</a></li> <li><a href="https://xmpp-team.pages.debian.net/blog/" title="Bits from the Debian XMPP Team">Debian XMPP Team</a> <a href="https://xmpp-team.pages.debian.net/blog/feeds/atom.xml">(feed)</a></li> <li><a href="https://debichem-team.pages.debian.net/" title="The debichem group">Debichem Team</a> <a href="https://debichem-team.pages.debian.net/feed.xml">(feed)</a></li> <li><a href="https://medium.com/@gajbhiyedeepanshu?source=rss-ff6d7d57bab6------2" title="Stories by Deepanshu on Medium">Deepanshu Gajbhiye</a> <a href="https://medium.com/@gajbhiyedeepanshu/feed">(feed)</a></li> <li><a href="https://blog.odyx.org" title="english – /var/log/OdyX">Didier Raboud</a> <a href="https://blog.odyx.org/tag/en/feed/">(feed)</a></li> <li><a href="http://notes.secretsauce.net" title="Dima Kogan">Dima Kogan</a> <a href="https://notes.secretsauce.net/index.xml">(feed)</a></li> <li><a href="http://blog.surgut.co.uk/search/label/debian-planet" title="Surgut">Dimitri John Ledkov</a> <a href="http://blog.surgut.co.uk/feeds/posts/default/-/debian-planet">(feed)</a></li> <li><a href="http://dirk.eddelbuettel.com/blog" title="Thinking inside the box">Dirk Eddelbuettel</a> <a href="https://dirk.eddelbuettel.com/blog/index.rss">(feed)</a></li> <li><a href="https://mitya57.me/weblog/" title="mitya57’s weblog - Planet">Dmitry Shachnev</a> <a href="https://mitya57.me/weblog/feeds/planet.atom.xml">(feed)</a></li> <li><a href="https://web.itu.edu.tr/celikd" title="helloworlditsme">Dogukan Celik</a> <a href="https://web.itu.edu.tr/celikd/feed/">(feed)</a></li> <li><a href="https://ddumont.wordpress.com" title="Dominique Dumont's Blog">Dominique Dumont</a> <a href="https://ddumont.wordpress.com/feed/">(feed)</a></li> <li><a href="https://www.donarmstrong.com/tags/debian/" title="pages tagged debian">Don Armstrong</a> <a href="https://www.donarmstrong.com/tags/debian/index.rss">(feed)</a></li> <li><a href="http://ramblingfoo.blogspot.com/" title="Rambling around foo">Eddy Petrișor</a> <a href="http://feeds.feedburner.com/RamblingFoo">(feed)</a></li> <li><a href="https://dhole.github.io/categories/debian/" title="debian on Dhole's blog">Eduard Sanou</a> <a href="https://dhole.github.io/categories/debian/index.xml">(feed)</a></li> <li><a href="https://eduardo.macan.eng.br" title="Eduardo Maçan">Eduardo Marcel Macan</a> <a href="https://eduardo.macan.eng.br/category/debian-en/feed/">(feed)</a></li> <li><a href="https://edwardbetts.com/" title="Edward Betts">Edward Betts</a> <a href="https://edwardbetts.com/feed_rss_created.xml">(feed)</a></li> <li><a href="https://hashman.ca/" title="hashman.ca">Elana Hashman</a> <a href="https://hashman.ca/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://www.linux.it/~ema/" title="Emanuele Rocca">Emanuele Rocca</a> <a href="https://www.linux.it/~ema/index.xml">(feed)</a></li> <li><a href="http://emilio.pozuelo.org" title="Planet Debian – Emilio Pozuelo Monfort's blog">Emilio Pozuelo Monfort</a> <a href="https://emilio.pozuelo.org/?cat=13&feed=atom">(feed)</a></li> <li><a href="https://00formicapunk00.wordpress.com" title="floss – formicapunk">Emmanuel Kasper</a> <a href="https://00formicapunk00.wordpress.com/tag/floss/feed/">(feed)</a></li> <li><a href="http://www.enricozini.org/tags/pdo" title="Enrico Zini: posts with tag pdo">Enrico Zini</a> <a href="https://www.enricozini.org/tags/pdo/index.rss">(feed)</a></li> <li><a href="https://eriberto.pro.br/blog" title="Planet en – Eriberto Blog">Eriberto Mota</a> <a href="http://eriberto.pro.br/blog/tag/planet-en/feed/">(feed)</a></li> <li><a href="https://ze-dinosaur.livejournal.com/" title="apparently I'm a dinosaur">Eric Dorland</a> <a href="https://ze-dinosaur.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://www.vitavonni.de/blog/" title="Techblogging">Erich Schubert</a> <a href="https://www.vitavonni.de/blog/feeds/en.atom">(feed)</a></li> <li><a href="https://www.ieugen.ro/" title="(defn Eugen-Stan [_] awesome)">Eugen Stan</a> <a href="https://www.ieugen.ro/feed.xml">(feed)</a></li> <li><a href="https://jackyf.livejournal.com/" title="JackYF's blog">Eugene V. Lyubimkin</a> <a href="https://jackyf.livejournal.com/data/rss?tag=debian-en">(feed)</a></li> <li><a href="https://www.die-welt.net/" title="die-welt.net">Evgeni Golov</a> <a href="https://www.die-welt.net/rss.xml">(feed)</a></li> <li><a href="http://web2unu.ro" title="Web2Unu Blog » Debian">Floris Stoica-Marcu</a> <a href="http://web2unu.ro/?feed=rss2&cat=2">(feed)</a></li> <li><a href="https://fottsia.wordpress.com" title="My outreachy project blog">Foteini Tsiami</a> <a href="https://fottsia.wordpress.com/feed/">(feed)</a></li> <li><a href="https://feeding.cloud.geek.nz/tags/debian/" title="pages tagged debian">François Marier</a> <a href="https://feeding.cloud.geek.nz/tags/debian/index.rss">(feed)</a></li> <li><a href="https://www.freexian.com/tags/planet-debian/" title="planet-debian on Freexian">Freexian Collaborators</a> <a href="https://www.freexian.com/tags/planet-debian/index.xml">(feed)</a></li> <li><a href="https://asylum.madhouse-project.org/blog/tags/.planet.debian/" title="Asylum Archives: .planet.debian">Gergely Nagy</a> <a href="https://asylum.madhouse-project.org/blog/tags/.planet.debian/atom.xml">(feed)</a></li> <li><a href="http://cateee.blogspot.com/" title="Cateee">Giacomo Catenazzi</a> <a href="http://cateee.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="https://www.giovannimascellani.eu/" title="Gio's Tilde - debian-planet">Giovanni Mascellani</a> <a href="https://www.giovannimascellani.eu/feeds/debian-planet.atom.xml">(feed)</a></li> <li><a href="https://www.iuculano.it/category/linux/debian/debian-planet-debian/" title="Debian Planet Archivi - Giuseppe">Giuseppe Iuculano</a> <a href="https://www.iuculano.it/category/debian-planet-debian/feed/">(feed)</a></li> <li><a href="https://info.comodo.priv.at/blog/" title="gregoa's blog - entries tagged planetdebian">Gregor Herrmann</a> <a href="https://info.comodo.priv.at/blog/tags/planetdebian/planetdebian.rss">(feed)</a></li> <li><a href="https://gcolpart.evolix.net/blog21" title="Debian – Gregory Colpart's blog">Gregory Colpart</a> <a href="https://gcolpart.evolix.net/blog21/category/debian/feed/">(feed)</a></li> <li><a href="https://honk.sigxcpu.org/con/" title="Colors of Noise - Entries tagged planetdebian">Guido Günther</a> <a href="https://honk.sigxcpu.org/con/tags/planetdebian/planetdebian.rss">(feed)</a></li> <li><a href="https://phosh.mobi/tags/planetdebian/" title="Planetdebian on Phosh">Guido Günther</a> <a href="https://phosh.mobi/tags/planetdebian/index.xml">(feed)</a></li> <li><a href="https://puida.xyz/tags/debian/index.xml" title="Debian on puida.xyz">Guilherme Puida Moreira</a> <a href="https://puida.xyz/tags/debian/index.xml">(feed)</a></li> <li><a href="https://gwolf.org" title="Gunnar Wolf - Nice grey life">Gunnar Wolf</a> <a href="https://gwolf.org/rss.xml">(feed)</a></li> <li><a href="http://stratusandtheswirl.blogspot.com/" title="stratus and the swirl">Gustavo Franco</a> <a href="http://feeds.feedburner.com/StratusAndTheSwirl">(feed)</a></li> <li><a href="http://grmontesino.blogspot.com/search/label/Debian" title="Gustavo's Blog">Gustavo R. Montesino</a> <a href="http://grmontesino.blogspot.com/feeds/posts/default/-/Debian/">(feed)</a></li> <li><a href="https://henrich-on-debian.blogspot.com/" title="Henrich plays with Debian">Hideki Yamane</a> <a href="https://henrich-on-debian.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="http://nibbles.halon.org.uk" title="Quick Nibbles » Debian">Héctor Orón Martínez</a> <a href="http://nibbles.halon.org.uk/category/tech/debian/feed/atom/">(feed)</a></li> <li><a href="https://irl.xyz/tags/planet-debian/" title="Planet Debian on IRL.XYZ">Iain R. Learmonth</a> <a href="https://irl.xyz/tags/planet-debian/index.xml">(feed)</a></li> <li><a href="https://diziet.dreamwidth.org/" title="Ian Jackson">Ian Jackson</a> <a href="https://diziet.dreamwidth.org/data/atom">(feed)</a></li> <li><a href="https://www.technovelty.org/" title="technovelty">Ian Wienand</a> <a href="https://www.technovelty.org/index.atom.xml">(feed)</a></li> <li><a href="http://genibel.org/blog/index.php/" title="Igor's blog">Igor Genibel</a> <a href="https://www.hotbot.fr">(feed)</a></li> <li><a href="https://blog.windfluechter.net" title="Debian – WindfluechterNet Blog">Ingo Juergensmann</a> <a href="https://blog.windfluechter.net/category/debian/feed/">(feed)</a></li> <li><a href="https://k1024.org" title="iustin - all posts">Iustin Pop</a> <a href="https://k1024.org/index.atom">(feed)</a></li> <li><a href="https://tookmund.com/" title="">Jacob Adams</a> <a href="https://tookmund.com/feed.xml">(feed)</a></li> <li><a href="http://www.braincells.com/debian/" title="La Salle Debain">Jaldhar Vyas</a> <a href="https://www.braincells.com/debian/index.rss">(feed)</a></li> <li><a href="https://blog.james.rcpt.to" title="Linux – JEB's Blog">James Bromberger</a> <a href="https://blog.james.rcpt.to/category/computing/linux/feed/">(feed)</a></li> <li><a href="https://jamessan.com/~jamessan//tags/planet-debian/" title="pages tagged planet-debian">James McCoy</a> <a href="https://jamessan.com/~jamessan/tags/planet-debian/index.rss">(feed)</a></li> <li><a href="https://www.sorced.com/" title="Sasquach wears a yellow hat">James Morrison</a> <a href="https://www.sorced.com/feeds/posts/default?alt=atom">(feed)</a></li> <li><a href="https://jvalleroy.me/wordpress" title="James Valleroy">James Valleroy</a> <a href="https://jvalleroy.me/wordpress/?feed=rss2">(feed)</a></li> <li><a href="https://current.workingdirectory.net/tags/debian/" title="debian on Website of Jamie McClelland">Jamie McClelland</a> <a href="https://current.workingdirectory.net/tags/debian/index.xml">(feed)</a></li> <li><a href="https://jaminyprabaharan.wordpress.com" title="">Jaminy Prabaharan</a> <a href="https://jaminyprabaharan.wordpress.com/feed/">(feed)</a></li> <li><a href="https://debianstuff.dittberner.info/" title="Debian Stuff @ dittberner.info">Jan Dittberner</a> <a href="https://debianstuff.dittberner.info/rss.xml">(feed)</a></li> <li><a href="https://log.cyconet.org/" title="Planet - Cyconet Blog">Jan Wagner</a> <a href="https://log.cyconet.org/tag/planet/rss/">(feed)</a></li> <li><a href="https://jbailey.livejournal.com/" title="Bright lights shining upwards obscures the stars...">Jeff Bailey</a> <a href="https://jbailey.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://www.licquia.org" title="The Licquia Blog">Jeff Licquia</a> <a href="http://www.licquia.org/feed/">(feed)</a></li> <li><a href="https://jeremy.bicha.net" title="Debian – Just Jeremy">Jeremy Bicha</a> <a href="https://jeremy.bicha.net/category/debian/feed/?mrss=off">(feed)</a></li> <li><a href="https://sophiejjj.wordpress.com" title="My journey of FOSS">Jingjie Jiang</a> <a href="https://sophiejjj.wordpress.com/feed/">(feed)</a></li> <li><a href="https://apebox.org/wordpress" title="debian – APEBOX.ORG">Jo Shields</a> <a href="https://apebox.org/wordpress/tag/debian/feed">(feed)</a></li> <li><a href="https://www.joachim-breitner.de/blog" title="nomeata’s mind shares">Joachim Breitner</a> <a href="https://www.joachim-breitner.de/blog/tag/English_feed.rss">(feed)</a></li> <li><a href="https://blog.ganneff.de/" title="Ganneff's Little Blog">Joerg Jaspert</a> <a href="https://blog.ganneff.de/atom.xml">(feed)</a></li> <li><a href="http://joeyh.name/blog/" title="see shy jo">Joey Hess</a> <a href="https://joeyh.name/blog/index.rss">(feed)</a></li> <li><a href="https://blog.mister-muffin.de/feed/None" title="Mister Muffin Blog">Johannes Schauer</a> <a href="https://blog.mister-muffin.de/feed/index.xml">(feed)</a></li> <li><a href="https://changelog.complete.org" title="The Changelog">John Goerzen</a> <a href="https://changelog.complete.org/feed">(feed)</a></li> <li><a href="https://blog.freesources.org//" title="mejo roaming">Jonas Meurer</a> <a href="https://blog.freesources.org/index.atom">(feed)</a></li> <li><a href="http://dr.jones.dk//blog/" title="blog">Jonas Smedegaard</a> <a href="https://dr.jones.dk/blog/index.en.atom">(feed)</a></li> <li><a href="https://jonathancarter.org" title="Jonathan Carter">Jonathan Carter</a> <a href="https://jonathancarter.org/feed/">(feed)</a></li> <li><a href="https://jmtd.net/log/" title="Jonathan Dowland's Weblog">Jonathan Dowland</a> <a href="https://jmtd.net/log/feed/">(feed)</a></li> <li><a href="https://www.earth.li/~noodles/blog/" title="Noodles' Emptiness">Jonathan McDowell</a> <a href="https://www.earth.li/~noodles/blog/feed.xml">(feed)</a></li> <li><a href="https://www.jwiltshire.org.uk" title="planet-debian – jwiltshire.org.uk">Jonathan Wiltshire</a> <a href="https://www.jwiltshire.org.uk/tag/planet-debian/feed/">(feed)</a></li> <li><a href="https://jawnsy.wordpress.com" title="Debian – Jawnsy’s Journal on Life, Software and Engineering">Jonathan Yu</a> <a href="https://jawnsy.wordpress.com/tag/debian/feed/">(feed)</a></li> <li><a href="https://jonnylamb.com" title="Planet Debian">Jonny Lamb</a> <a href="https://jonnylamb.com/category/planet-debian/feed/">(feed)</a></li> <li><a href="https://oskuro.net/blog" title="I still don't have a title">Jordi Mallach</a> <a href="https://oskuro.net/blog/?flav=rss">(feed)</a></li> <li><a href="http://josephbisch.com/tags/debian/" title="debian on Joseph Bisch">Joseph Bisch</a> <a href="http://josephbisch.com/tags/debian/index.xml">(feed)</a></li> <li><a href="https://np237.livejournal.com/" title="Joss's blog">Josselin Mouette</a> <a href="https://np237.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://gnucrash.wordpress.com" title="DebianPl – Alicatismo ilustrado.">Juan Luis Belmonte</a> <a href="https://gnucrash.wordpress.com/category/debianpl/feed/">(feed)</a></li> <li><a href="https://blog.jak-linux.org/post/" title="Posts on Blog of Julian Andres Klode">Julian Andres Klode</a> <a href="https://blog.jak-linux.org/post/index.xml">(feed)</a></li> <li><a href="http://silicone.homelinux.org" title="debian-planet – Silicone's web">Julien Viard de Galbert</a> <a href="http://silicone.homelinux.org/tag/debian-planet/feed/">(feed)</a></li> <li><a href="http://www.netfort.gr.jp/~dancer/diary/202411.html.en" title="Dancer's daily hackings">Junichi Uekawa</a> <a href="https://www.netfort.gr.jp/~dancer/diary/recententry-en.rdf">(feed)</a></li> <li><a href="http://blog.wooyd.org/" title="wiki">Jurij Smakov</a> <a href="http://blog.wooyd.org/index.rss">(feed)</a></li> <li><a href="https://teythoon.cryptobitch.de/" title="unprivileged user">Justus Winter</a> <a href="https://teythoon.cryptobitch.de/rss.xml">(feed)</a></li> <li><a href="https://www.carbon-project.org/" title="Cùran's life - Entries tagged debian">Kai Wasserbäch</a> <a href="https://www.carbon-project.org/tags/debian/debian.rss">(feed)</a></li> <li><a href="https://kalken.in/blog/" title="Blogs on Kalyani Kenekar">Kalyani Kenekar</a> <a href="https://kalken.in/blog/index.xml">(feed)</a></li> <li><a href="https://0x1f1f.wordpress.com" title="Localized Gujarati Geek">Kartik Mistry</a> <a href="https://0x1f1f.wordpress.com/feed/atom/">(feed)</a></li> <li><a href="https://kathara.in/blogs/" title="Blogs on Kathara Sasikumar">Kathara Sasikumar</a> <a href="https://kathara.in/blogs/index.xml">(feed)</a></li> <li><a href="https://outflux.net/blog" title="Debian – codeblog">Kees Cook</a> <a href="https://outflux.net/blog/archives/category/debian/feed/">(feed)</a></li> <li><a href="http://keithp.com/blog/" title="blog">Keith Packard</a> <a href="https://keithp.com/blog/index.rss">(feed)</a></li> <li><a href="https://kenhys.hatenablog.jp/archive/category/PlanetDebian" title="PlanetDebian - ひとりしずかに。">Kentaro Hayashi</a> <a href="https://kenhys.hatenablog.jp/rss/category/PlanetDebian">(feed)</a></li> <li><a href="https://blog.legoktm.com/" title="The Lego Mirror - debian">Kunal Mehta</a> <a href="https://blog.legoktm.com/feeds/tag-debian.atom.xml">(feed)</a></li> <li><a href="https://kwk.systems/blog/" title="Biosystems Engineering Blog (Posts about debian)">Kurt Kremitzki</a> <a href="https://www.kwk.systems/blog/categories/debian.xml">(feed)</a></li> <li><a href="https://www.roeckx.be/journal/" title="Kurt Roeckx's journal">Kurt Roeckx</a> <a href="https://www.roeckx.be/journal/index.rss">(feed)</a></li> <li><a href="https://larjona.wordpress.com" title="English – The bright side">Laura Arjona Reina</a> <a href="https://larjona.wordpress.com/tag/english/feed/">(feed)</a></li> <li><a href="http://allentiak.github.io/" title="Just a Blog">Leandro Doctors</a> <a href="https://allentiak.github.io/feed.xml">(feed)</a></li> <li><a href="https://leogg.wordpress.com" title="planet-debian – [comuNIdad]">Leandro Gómez</a> <a href="https://leogg.wordpress.com/category/planet-debian/feed/atom/">(feed)</a></li> <li><a href="https://costela.net" title="debian planet – costela.net">Leo 'costela' Antunes</a> <a href="https://costela.net/tag/debian-planet/feed/">(feed)</a></li> <li><a href="https://liorkaplan.wordpress.com" title="Free Software Universe">Lior Kaplan</a> <a href="https://liorkaplan.wordpress.com/feed/">(feed)</a></li> <li><a href="https://perezmeyer.com.ar/" title="Solo sé que se querer, que tengo Dios y tengo fe - planetdebian-en">Lisandro Damián Nicanor Pérez Meyer</a> <a href="https://perezmeyer.com.ar/blog/feeds/tags/planetdebian-en.atom.xml">(feed)</a></li> <li><a href="https://veronneau.org/" title="Louis-Philippe Véronneau">Louis-Philippe Véronneau</a> <a href="https://veronneau.org/feeds/languages/en.atom.xml">(feed)</a></li> <li><a href="https://kaeso.wordpress.com" title="planet-debian – Aquì estamos!">Luca Bruno</a> <a href="https://kaeso.wordpress.com/category/planet-debian/feed/atom/">(feed)</a></li> <li><a href="https://dktrkranz.wordpress.com" title="Planet Debian – Kranz Korner">Luca Falavigna</a> <a href="https://dktrkranz.wordpress.com/category/planet-debian/feed/atom/">(feed)</a></li> <li><a href="http://slackydeb.blogspot.com/search/label/gsoc" title="slackydeb">Luca Favatella</a> <a href="http://slackydeb.blogspot.com/feeds/posts/default/-/gsoc">(feed)</a></li> <li><a href="https://www.lucas-nussbaum.net/blog" title="PlanetDebian – Lucas Nussbaum's Blog">Lucas Nussbaum</a> <a href="https://www.lucas-nussbaum.net/blog/?feed=rss2&cat=13">(feed)</a></li> <li><a href="http://softwarelivre.org/lucianopc" title="Feed RSS do(a) Luciano Prestes Cavalcanti">Luciano Prestes Cavalcanti</a> <a href="http://softwarelivre.org/lucianopc/blog/feed">(feed)</a></li> <li><a href="https://blog.slyon.de" title="Debian – SlyBlog">Lukas Märdian</a> <a href="https://blog.slyon.de/category/debian/feed/">(feed)</a></li> <li><a href="http://blog.luke.wf/search/label/debian-planet" title="Luke W. Faraone">Luke Faraone</a> <a href="https://www.blogger.com/feeds/1354659632607599854/posts/default/-/debian-planet">(feed)</a></li> <li><a href="http://www.news.software.coop" title="Software Cooperative News » mjr">MJ Ray</a> <a href="https://mjr.towers.org.uk/blog/all.rss">(feed)</a></li> <li><a href="https://people.debian.org/~mafm/" title="Manuel A. Fernandez Montecelo :: Personal Debian page - planet-debian">Manuel A. Fernandez Montecelo</a> <a href="https://people.debian.org/~mafm/feeds/tag-planet-debian.atom.xml">(feed)</a></li> <li><a href="http://gonzo.dicp.de/~he/blog/" title="Marc's blog">Marc 'HE' Brockschmidt</a> <a href="http://gonzo.dicp.de/~he/blog/feeds/index.rss2">(feed)</a></li> <li><a href="https://mltplanet.livejournal.com/" title="Brezka">Marcela Tiznado</a> <a href="https://mltplanet.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://blog.bofh.it/" title="Md at debian.org">Marco d'Itri</a> <a href="https://blog.bofh.it/debian/?format=atom">(feed)</a></li> <li><a href="https://siamezzze.github.io/" title="Maria Glukhova">Maria Glukhova</a> <a href="https://siamezzze.github.io/feed.xml">(feed)</a></li> <li><a href="https://blog.sirena.org.uk/" title="Technicalities">Mark Brown</a> <a href="https://blog.sirena.org.uk/rss/">(feed)</a></li> <li><a href="http://mlalic.blogspot.com/" title="Marko Lalic">Marko Lalic</a> <a href="http://mlalic.blogspot.com/feeds/posts/default?alt=rss">(feed)</a></li> <li><a href="https://gambaru.de/blog" title="planetdebian – gambaru.de">Markus Koschany</a> <a href="https://gambaru.de/blog/tag/planetdebian/feed/">(feed)</a></li> <li><a href="https://www.cyrius.com/" title="Martin Michlmayr">Martin Michlmayr</a> <a href="https://www.cyrius.com/blog/feed/">(feed)</a></li> <li><a href="https://blog.zobel.ftbfs.de/" title="zobel's blog">Martin Zobel-Helas</a> <a href="https://blog.zobel.ftbfs.de/feed.xml">(feed)</a></li> <li><a href="http://q-funk.blogspot.com/" title="Funkyware: ITCetera">Martin-Éric Racine</a> <a href="http://q-funk.blogspot.com/atom.xml">(feed)</a></li> <li><a href="https://www.mhatta.org/" title="Masayuki Hatta">Masayuki Hatta</a> <a href="https://www.mhatta.org/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://mateusbellomo.wordpress.com" title="MateusBellomo">Mateus Bellomo</a> <a href="https://mateusbellomo.wordpress.com/feed/">(feed)</a></li> <li><a href="https://sathieu.wordpress.com" title="planetdebian – Sathieu: Computers and more">Mathieu Parent</a> <a href="https://sathieu.wordpress.com/tag/planetdebian/feed/">(feed)</a></li> <li><a href="https://matrix-team.pages.debian.net/blogue/" title="Matrix on Debian blog">Matrix on Debian blog</a> <a href="https://matrix-team.pages.debian.net/blogue/atom.xml">(feed)</a></li> <li><a href="https://mjg59.dreamwidth.org/" title="Matthew Garrett">Matthew Garrett</a> <a href="https://mjg59.dreamwidth.org/data/rss">(feed)</a></li> <li><a href="https://www.hezmatt.org/~mpalmer/blog/" title="Brane Dump">Matthew Palmer</a> <a href="https://www.hezmatt.org/~mpalmer/blog/rss.xml">(feed)</a></li> <li><a href="https://blog.tenstral.net" title="Debian – Ximions Blog">Matthias Klumpp</a> <a href="https://blog.tenstral.net/category/planet/planet-debian/feed">(feed)</a></li> <li><a href="https://smurf-debian.livejournal.com/" title="Debian Ramblings">Matthias Urlichs</a> <a href="https://smurf-debian.livejournal.com/data/rss">(feed)</a></li> <li><a href="http://0.0.0.0:4000" title="matthieu.io - Debian">Matthieu Caneill</a> <a href="https://matthieu.io/blog/feed/rss.debian.xml">(feed)</a></li> <li><a href="http://blog.dogguy.org/search/label/planetdebian" title="Crazy world...">Mehdi Dogguy</a> <a href="http://blog.dogguy.org/feeds/posts/default/-/planetdebian?alt=rss">(feed)</a></li> <li><a href="http://blog.alphascorpii.net/english" title="Comments from the rusty cage">Meike Reichle</a> <a href="http://blog.alphascorpii.net/english/index.rss">(feed)</a></li> <li><a href="https://melissawen.github.io/" title="Wen.onweb">Melissa Wen</a> <a href="https://melissawen.github.io/feed.xml">(feed)</a></li> <li><a href="http://mesutcaneng.blogspot.com/" title="Mesutcan Kurt's Blog Site">Mesutcan Kurt</a> <a href="http://mesutcaneng.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="https://abbbi.github.io//" title="Michael Ablassmeier">Michael Ablassmeier</a> <a href="https://abbbi.github.io/feed.xml">(feed)</a></li> <li><a href="http://ncommander.blogspot.com/" title="Notes from Underground ...">Michael Casadevall</a> <a href="https://www.blogger.com/feeds/4695702196537398257/posts/default">(feed)</a></li> <li><a href="http://www.credativ.us/blog/50" title="Michael Meskes's blog">Michael Meskes</a> <a href="https://www.credativ.com">(feed)</a></li> <li><a href="https://michael-prokop.at/blog" title="Debian – mikas blog">Michael Prokop</a> <a href="https://michael-prokop.at/blog/category/debian/feed/">(feed)</a></li> <li><a href="https://michael.stapelberg.ch/posts/tags/debian/" title="Michael Stapelbergs Website: posts tagged debian">Michael Stapelberg</a> <a href="https://michael.stapelberg.ch/posts/tags/debian/feed.xml">(feed)</a></li> <li><a href="https://mvogt.wordpress.com" title="Michael Vogt's blog">Michael Vogt</a> <a href="https://mvogt.wordpress.com/category/debian/feed/">(feed)</a></li> <li><a href="https://blog.cihar.com/archives/debian/" title="Michal Čihař's Weblog, posts tagged by Debian">Michal Čihař</a> <a href="https://blog.cihar.com/archives/debian/index.xml">(feed)</a></li> <li><a href="https://xerakko.livejournal.com/" title="Twin blog">Miguel Gea</a> <a href="https://xerakko.livejournal.com/data/rss">(feed)</a></li> <li><a href="http://www.debianslashrules.org//" title="debian/rules">Mike Beattie</a> <a href="http://www.debianslashrules.org/index.rss20">(feed)</a></li> <li><a href="https://sunweavers.net/blog/blog/1" title="sunweaver's blog">Mike Gabriel</a> <a href="https://sunweavers.net/blog/blog/1/feed">(feed)</a></li> <li><a href="https://glandium.org/blog" title="p.d.o – glandium.org">Mike Hommey</a> <a href="https://glandium.org/blog/?feed=rss2&cat=5&tag=en">(feed)</a></li> <li><a href="https://www.meebey.net/tags/planet-debian/" title="pages tagged planet-debian">Mirco Bauer</a> <a href="https://www.meebey.net/tags/planet-debian/index.rss">(feed)</a></li> <li><a href="https://morayallan.livejournal.com/" title="moray">Moray Allan</a> <a href="https://morayallan.livejournal.com/data/rss">(feed)</a></li> <li><a href="http://blog.daionet.gr.jp/knok-e" title="@knok blog-e">NOKUBI Takatsugu</a> <a href="http://blog.daionet.gr.jp/knok-e/feed/">(feed)</a></li> <li><a href="https://blog.halon.org.uk" title="Geek – Liberal Murmurs">Neil McGovern</a> <a href="https://blog.halon.org.uk/category/geek/feed/">(feed)</a></li> <li><a href="https://linux.codehelp.co.uk/" title="linux.codehelp.co.uk">Neil Williams</a> <a href="https://linux.codehelp.co.uk/blog.xml">(feed)</a></li> <li><a href="http://neuro.debian.net" title="NeuroDebian Insider">NeuroDebian</a> <a href="https://neuro.debian.net/feeds/for-debian-planet.xml">(feed)</a></li> <li><a href="http://nion.modprobe.de/blog/" title="nion's blog">Nico Golde</a> <a href="http://nion.modprobe.de/blog/feeds/index.rss1">(feed)</a></li> <li><a href="https://blog.olasd.eu" title="english – olasd's corner of the 'tubes">Nicolas Dandrimont</a> <a href="https://blog.olasd.eu/tag/english/feed">(feed)</a></li> <li><a href="https://people.debian.org/~nthykier/blog/" title="Things that I work on in Debian - pdo">Niels Thykier</a> <a href="https://people.debian.org/~nthykier/blog/feeds/pdo.atom.xml">(feed)</a></li> <li><a href="https://noah.meyerhans.us/categories/debian/" title="Noah Meyerhans - debian">Noah Meyerhans</a> <a href="https://noah.meyerhans.us/blog/categories/debian/index.xml">(feed)</a></li> <li><a href="https://elchipote.wordpress.com" title="planetdebian – el blog de n0rman">Norman García</a> <a href="https://elchipote.wordpress.com/category/planetdebian/feed/atom/">(feed)</a></li> <li><a href="http://www.milliways.fr/search/label/debian" title="Milliways">Obey Arthur Liu</a> <a href="http://www.milliways.fr/feeds/posts/default/-/debian">(feed)</a></li> <li><a href="https://gasuleg.github.io//" title="Gasuleg">Olivier Grégoire</a> <a href="https://gasuleg.github.io/feed.xml">(feed)</a></li> <li><a href="http://survex.com/~olly/blog" title="Olly's Blog">Olly Betts</a> <a href="https://survex.com/~olly/blog/index.atom">(feed)</a></li> <li><a href="http://ondrejcertik.blogspot.com/search/label/debian" title="Ondřej Čertík">Ondřej Čertík</a> <a href="http://ondrejcertik.blogspot.com/feeds/posts/default/-/debian">(feed)</a></li> <li><a href="http://goofying-with-debian.blogspot.com/" title="Goofying-with-Debian">Osamu Aoki</a> <a href="http://goofying-with-debian.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="http://pstorralba.blogspot.com/search/label/tech" title="Pablo S. Torralba">Pablo S. Torralba</a> <a href="http://pstorralba.blogspot.com/feeds/posts/default/-/tech">(feed)</a></li> <li><a href="https://www.linux-dev.org" title="Blog of Patrick">Patrick Matthäi</a> <a href="https://www.linux-dev.org/feed/">(feed)</a></li> <li><a href="https://prezu.ca/" title="Patryk's blog">Patryk Cisek</a> <a href="https://prezu.ca/index.xml">(feed)</a></li> <li><a href="https://www.elpauer.org" title="Debian – elpauer">Pau Garcia i Quiles</a> <a href="https://www.elpauer.org/?cat=17&feed=rss2">(feed)</a></li> <li><a href="https://blog.pault.ag/" title="Paul Tagliamonte">Paul Tagliamonte</a> <a href="https://blog.pault.ag/rss">(feed)</a></li> <li><a href="https://k3xec.com/" title="K3XEC">Paul Tagliamonte</a> <a href="https://k3xec.com/index.xml?_cache_bust=1705936052">(feed)</a></li> <li><a href="https://notes.pault.ag/" title="Paul's Notes">Paul Tagliamonte</a> <a href="https://notes.pault.ag/index.xml">(feed)</a></li> <li><a href="http://bonedaddy.net/pabs3/log/" title="Log">Paul Wise</a> <a href="https://bonedaddy.net/pabs3/log/index.rss">(feed)</a></li> <li><a href="http://paul.luon.net" title="Paul's Web Pages">Paul van Tilburg</a> <a href="https://paul.luon.net//journal/tags/debian-planet/index.xml">(feed)</a></li> <li><a href="http://phls.com.br" title="Blog de Paulo Santana - Debian">Paulo Henrique de Lima Santana</a> <a href="https://phls.com.br/feed-planetdebian-en.xml">(feed)</a></li> <li><a href="https://pavitkaur05.github.io/post/" title="Posts by Pavit Kaur">Pavit Kaur</a> <a href="https://pavitkaur05.github.io/post/index.xml">(feed)</a></li> <li><a href="http://www.lupin.org.uk/blog" title="Disconnected Mutterings of a Random Geek">Pete Nuttall</a> <a href="http://www.lupin.org.uk/blog/computing/index.rss">(feed)</a></li> <li><a href="https://www.palfrader.org/blog/" title="weasel's blog">Peter Palfrader</a> <a href="https://www.palfrader.org/blog/index.rss">(feed)</a></li> <li><a href="https://people.skolelinux.org/pere/blog/" title="Petter Reinholdtsen - Entries tagged english">Petter Reinholdtsen</a> <a href="https://people.skolelinux.org/pere/blog/tags/english/english.rss">(feed)</a></li> <li><a href="http://wiki.hands.com/chezfil/" title="chezfil">Phil Hands</a> <a href="https://wiki.hands.com/chezfil/index.rss">(feed)</a></li> <li><a href="http://debblog.philkern.de/" title="Philipp Kern's Debian blog">Philipp Kern</a> <a href="https://www.blogger.com/feeds/5048890463514304208/posts/default?alt=rss">(feed)</a></li> <li><a href="https://qendresahoti.wordpress.com" title="Qendresa's creative stories">Qendresa Hoti</a> <a href="https://qendresahoti.wordpress.com/feed/">(feed)</a></li> <li><a href="http://blog.lot-of-stuff.info//Blog/debian-planet/" title="Blog/debian-planet">Rémi Vanicat</a> <a href="https://blog.lot-of-stuff.info/Blog/debian-planet/index.atom">(feed)</a></li> <li><a href="https://raju.dev/" title="site">Raju Devidas</a> <a href="https://raju.dev/rss/">(feed)</a></li> <li><a href="https://raphaelhertzog.com" title="apt-get install debian-wizard">Raphaël Hertzog</a> <a href="https://raphaelhertzog.com/tag/debian/feed/">(feed)</a></li> <li><a href="https://rgeissert.blogspot.com/" title="Raphael's blog">Raphael Geissert</a> <a href="https://rgeissert.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="https://ravidwivedi.in/posts/" title="Posts on Ravi's Blog">Ravi Dwivedi</a> <a href="https://ravidwivedi.in/posts/index.xml">(feed)</a></li> <li><a href="http://tauware.blogspot.com/" title="random thoughts of a F/OSS Developer...">Reinhard Tartler</a> <a href="http://tauware.blogspot.com/atom.xml">(feed)</a></li> <li><a href="https://rsip22.github.io/blog/" title="Renata's blog">Renata D'Avila</a> <a href="https://rsip22.github.io/blog/feeds/all.rss.xml">(feed)</a></li> <li><a href="https://reproducible-builds.org/blog/" title="reproducible-builds.org">Reproducible Builds</a> <a href="https://reproducible-builds.org/blog/index.rss">(feed)</a></li> <li><a href="https://diffoscope.org/" title="diffoscope">Reproducible Builds (diffoscope)</a> <a href="https://diffoscope.org/feed.xml">(feed)</a></li> <li><a href="https://rhonda.deb.at/blog/" title="Rhonda's Blog">Rhonda D'Vine</a> <a href="https://rhonda.deb.at/blog/index.planet">(feed)</a></li> <li><a href="https://mones.livejournal.com/" title="Ricardo Mones">Ricardo Mones</a> <a href="https://mones.livejournal.com/data/rss?tag=debian">(feed)</a></li> <li><a href="http://suihkulokki.blogspot.com/search/label/debian" title="suihkulokki rambling">Riku Voipio</a> <a href="http://suihkulokki.blogspot.com/feeds/posts/default/-/debian">(feed)</a></li> <li><a href="http://blog.floopily.org" title="Stories from the land of Rob">Rob Taylor</a> <a href="http://blog.floopily.org/feed/">(feed)</a></li> <li><a href="http://blog.mycre.ws/" title="Robert Edmonds' blog">Robert Edmonds</a> <a href="https://blog.mycre.ws/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://ramcq.net" title="Robotic Tendencies">Robert McQueen</a> <a href="https://ramcq.net/feed/">(feed)</a></li> <li><a href="https://robertmh.wordpress.com" title="Thoughts of undetermined usefulness">Robert Millan</a> <a href="https://robertmh.wordpress.com/feed/">(feed)</a></li> <li><a href="https://siqueira.tech/" title="Siqueira">Rodrigo Siqueira</a> <a href="https://siqueira.tech/feed.xml">(feed)</a></li> <li><a href="http://cynic.cc/blog//tags/debian/" title="pages tagged debian">Rogério Brito</a> <a href="http://cynic.cc/blog/tags/debian/index.rss">(feed)</a></li> <li><a href="http://roland.entierement.nu/categories/en.html" title="In English">Roland Mas</a> <a href="http://roland.entierement.nu/categories/en.rss">(feed)</a></li> <li><a href="https://rperier.blogspot.com/search/label/debian" title="Romain Perier's blog">Romain Perier</a> <a href="https://rperier.blogspot.com/feeds/posts/default/-/debian">(feed)</a></li> <li><a href="https://rossgammon68.wordpress.com" title="Planet Debian – Ross Gammon's Blog">Ross Gammon</a> <a href="https://rossgammon68.wordpress.com/category/open-source/debian/planet-debian/feed/">(feed)</a></li> <li><a href="https://ruby-team.pages.debian.net/" title="The Ruby Team Pages">Ruby Team</a> <a href="https://ruby-team.pages.debian.net/feed.xml">(feed)</a></li> <li><a href="" title="">Rudy Godoy</a> <a href="https://blog.stone-head.org/category/debian/feed/">(feed)</a></li> <li><a href="https://www.eyrie.org/~eagle/" title="Eagle's Path">Russ Allbery</a> <a href="https://www.eyrie.org/~eagle/journal/index.rss">(feed)</a></li> <li><a href="https://etbe.coker.com.au" title="etbe – Russell Coker">Russell Coker</a> <a href="https://etbe.coker.com.au/feed/">(feed)</a></li> <li><a href="https://rak.ac/feeds/planet-debian.xml" title="Ryan Kavanagh's /dev/brain">Ryan Kavanagh</a> <a href="https://rak.ac/feeds/planet-debian.xml">(feed)</a></li> <li><a href="https://blog.sahilister.in/" title="sahilister's Reimagined Doodle">Sahil Dhiman</a> <a href="https://blog.sahilister.in/index.xml">(feed)</a></li> <li><a href="https://hartmans.dreamwidth.org/" title="Sam Hartman">Sam Hartman</a> <a href="https://hartmans.dreamwidth.org/data/atom">(feed)</a></li> <li><a href="https://samueloph.dev" title="Samuel Henrique (samueloph)">Samuel Henrique</a> <a href="https://samueloph.dev/atom.xml">(feed)</a></li> <li><a href="https://blog.sandroknauss.de/" title="Decrypted Mind: Articles About Debian">Sandro Knauß</a> <a href="https://blog.sandroknauss.de/categories/debian/feed.xml">(feed)</a></li> <li><a href="http://sandrotosi.blogspot.com/" title="Sandro Tosi">Sandro Tosi</a> <a href="http://feeds.feedburner.com/SandroTosi">(feed)</a></li> <li><a href="http://blog.manty.net/search/label/Debian" title="manty's blog">Santiago García Mantiñán</a> <a href="http://blog.manty.net/feeds/posts/default/-/Debian">(feed)</a></li> <li><a href="http://satyamz.github.io/" title="Category: Debian | Satyam Zode">Satyam Zode</a> <a href="https://satyamz.github.io/blog/categories/debian/atom.xml">(feed)</a></li> <li><a href="https://www.scarlettgatelymoore.dev" title="Open Source Software – Scarlett Gately Moore">Scarlett Gately Moore</a> <a href="https://www.scarlettgatelymoore.dev/category/open-source-software/feed/">(feed)</a></li> <li><a href="https://skitterman.wordpress.com" title="Debian – ScottK might have something to say …">Scott Kitterman</a> <a href="https://skitterman.wordpress.com/category/Debian/feed/">(feed)</a></li> <li><a href="https://spwhitton.name//blog/" title="Notes from the Library">Sean Whitton</a> <a href="https://spwhitton.name/blog/index.rss">(feed)</a></li> <li><a href="http://shnatsel.blogspot.com/search/label/planet-debian" title="Shnatsel&#39;s Old Blog">Sergey Davidoff</a> <a href="http://shnatsel.blogspot.com/feeds/posts/default/-/planet-debian">(feed)</a></li> <li><a href="https://blog.sergiodj.net/tags/debian/" title="Debian on Yet Another Me">Sergio Durigan Junior</a> <a href="https://blog.sergiodj.net/tags/debian/atom.xml">(feed)</a></li> <li><a href="https://blogops.mixinet.net/" title="Mixinet BlogOps">Sergio Talens-Oliag</a> <a href="https://blogops.mixinet.net/index.xml">(feed)</a></li> <li><a href="https://sandyleo26.wordpress.com" title="Sandyleo26’s Blog">Sha Liu</a> <a href="https://sandyleo26.wordpress.com/feed/">(feed)</a></li> <li><a href="https://blog.shanky.dev/" title="Shanky's Brainchild">Shashank Kumar</a> <a href="https://blog.shanky.dev/feeds/all.atom.xml">(feed)</a></li> <li><a href="http://bloc.eurion.net" title="Planet Debian – eurion.net">Siegfried Gevatter</a> <a href="https://bloc.eurion.net/archives/category/debian-planet/feed/">(feed)</a></li> <li><a href="http://sim590.github.io/" title="Simon Désaulniers">Simon Désaulniers</a> <a href="https://sim590.github.io/index.xml">(feed)</a></li> <li><a href="http://www.earth.li/~huggie/blog" title="Simon Huggins's blog">Simon Huggins</a> <a href="https://www.earth.li/~huggie/blog/tech/debian/planet/index.atom">(feed)</a></li> <li><a href="https://blog.josefsson.org" title="Simon Josefsson's blog">Simon Josefsson</a> <a href="https://blog.josefsson.org/feed/">(feed)</a></li> <li><a href="https://sfllaw.livejournal.com/" title="Simon Law’s Journal">Simon Law</a> <a href="https://sfllaw.livejournal.com/data/rss?tag=p.d.o">(feed)</a></li> <li><a href="http://smcv.pseudorandom.co.uk/" title="Background noise">Simon McVittie</a> <a href="https://smcv.pseudorandom.co.uk/feed.atom">(feed)</a></li> <li><a href="https://medium.com/@tsimonq2?source=rss-abe8950a00ea------2" title="Stories by Simon Quigley on Medium">Simon Quigley</a> <a href="https://medium.com/@tsimonq2/feed">(feed)</a></li> <li><a href="http://sjoerd.luon.net/blog/" title="Sjoerd Simons' blog">Sjoerd Simons</a> <a href="http://sjoerd.luon.net/blog/index.atom">(feed)</a></li> <li><a href="http://sonnenburgs.de/soeren/category/blog/" title="RSS feed">Soeren Sonnenburg</a> <a href="https://sonnenburgs.de/soeren/category/blog/feed">(feed)</a></li> <li><a href="http://home-sorina.blogspot.com/search/label/Debian" title="/home/sorina">Sorina Sandu</a> <a href="http://home-sorina.blogspot.com/feeds/posts/default/-/Debian">(feed)</a></li> <li><a href="http://upsilon.cc/~zack/blog/planet-debian/" title="blog/planet-debian">Stefano Zacchiroli</a> <a href="https://upsilon.cc/~zack/blog/planet-debian/index.rss">(feed)</a></li> <li><a href="https://jod.al" title="jod.al - debian">Stein Magnus Jodal</a> <a href="https://jod.al/tags/debian/atom.xml">(feed)</a></li> <li><a href="http://blog.sesse.net/" title="Steinar H. Gunderson">Steinar H. Gunderson</a> <a href="https://blog.sesse.net/blog/tech/?flav=rss">(feed)</a></li> <li><a href="https://stephan.lachnit.xyz/tags/debian/" title="Debian on Blog">Stephan Lachnit</a> <a href="https://stephan.lachnit.xyz/tags/debian/index.xml">(feed)</a></li> <li><a href="https://blog.steve.fi/" title="Steve Kemp's Blog">Steve Kemp</a> <a href="https://blog.steve.fi/index.rss">(feed)</a></li> <li><a href="http://web.dodds.net/~vorlon/wiki/blog/" title="blog">Steve Langasek</a> <a href="https://web.dodds.net/~vorlon/wiki/blog/index.rss">(feed)</a></li> <li><a href="https://blog.einval.com" title="Steve's blog">Steve McIntyre</a> <a href="https://blog.einval.com/index.rss">(feed)</a></li> <li><a href="https://pusling.com/blog" title="english – Blog :: Sune Vuorela">Sune Vuorela</a> <a href="https://pusling.com/blog/?feed=rss2&cat=3">(feed)</a></li> <li><a href="http://sven.stormbind.net/blog/" title="a blog">Sven Hoexter</a> <a href="https://sven.stormbind.net/blog/index.rss">(feed)</a></li> <li><a href="https://blog.beuc.net/tags/planet_debian/" title="pages tagged planet debian">Sylvain Beucler</a> <a href="https://blog.beuc.net/tags/planet_debian/index.atom">(feed)</a></li> <li><a href="http://sylvain.le-gall.net/blog/index.php?" title="Blog of Sylvain Le Gall">Sylvain Le Gall</a> <a href="https://sylvain.le-gall.net/blog/index.php?feed/atom">(feed)</a></li> <li><a href="https://sylvestre.ledru.info/blog/" title="Sylvestre's blog - Catégorie: "Debian"">Sylvestre Ledru</a> <a href="https://sylvestre.ledru.info/blog/xmlsrv/rss2.php?blog=5&cat=155">(feed)</a></li> <li><a href="https://taavi.wtf/posts/" title="Blog on Taavi Väänänen">Taavi Väänänen</a> <a href="https://taavi.wtf/posts/index.xml">(feed)</a></li> <li><a href="https://tanguy.ortolo.eu/blog/categorie2/debian" title="Tanguy Ortolo - Debian">Tanguy Ortolo</a> <a href="https://tanguy.ortolo.eu/blog/planet/debian.rss">(feed)</a></li> <li><a href="https://writefreely.debian.social/taowa/" title="taowa r.">Taowa</a> <a href="https://writefreely.debian.social/taowa/feed">(feed)</a></li> <li><a href="https://cascardo.eti.br/tags/debian/" title="pages tagged debian">Thadeu Lima de Souza Cascardo</a> <a href="https://cascardo.eti.br/tags/debian/index.atom">(feed)</a></li> <li><a href="https://theppitak.livejournal.com/" title="Theppitak Karoonboonyanan">Theppitak Karoonboonyanan</a> <a href="https://theppitak.livejournal.com/data/rss">(feed)</a></li> <li><a href="http://gsoc.sitedethib.com/" title="Bits from a GSoC student">Thibaut Girka</a> <a href="https://gsoc.sitedethib.com/index.rss">(feed)</a></li> <li><a href="https://teejeejee.livejournal.com/" title="teejeejee">Thomas Girard</a> <a href="https://teejeejee.livejournal.com/data/rss?tag=debian">(feed)</a></li> <li><a href="http://thomas.goirand.fr/blog" title="Zigo's blog">Thomas Goirand</a> <a href="http://thomas.goirand.fr/blog/?feed=rss2">(feed)</a></li> <li><a href="http://blog.fai-project.org/" title="FAI (Fully Automatic Installation) / Plan your Installation and FAI installs your Plan">Thomas Lange</a> <a href="https://blog.fai-project.org/index.rss">(feed)</a></li> <li><a href="http://blog.alteholz.eu" title="planetdebian – blog.alteholz.eu">Thorsten Alteholz</a> <a href="http://blog.alteholz.eu/tag/planetdebian/feed/">(feed)</a></li> <li><a href="http://tiago.acaia.ca/" title="❤ (planet-debian)">Tiago Bortoletto Vaz</a> <a href="https://qa.debian.org/developer.php?login=tiago&comaint=yes">(feed)</a></li> <li><a href="https://tianon.github.io/" title="Tianon's Ramblings">Tianon Gravi</a> <a href="https://ram.tianon.xyz/atom.xml">(feed)</a></li> <li><a href="https://retout.co.uk/" title="Tim Retout">Tim Retout</a> <a href="https://retout.co.uk/index.xml">(feed)</a></li> <li><a href="https://losca.blogspot.com/search/label/debian" title="Losca">Timo Jyrinki</a> <a href="https://losca.blogspot.com/feeds/posts/default/-/debian?alt=rss">(feed)</a></li> <li><a href="https://ttroxell.livejournal.com/" title="Work Blog">Todd Troxell</a> <a href="https://ttroxell.livejournal.com/data/rss">(feed)</a></li> <li><a href="https://err.no/personal/blog/" title="Blogs on Here be dragons">Tollef Fog Heen</a> <a href="https://err.no/personal/blog/index.xml">(feed)</a></li> <li><a href="http://dangel.im/blog/" title="Ulrichs blog - Debian">Ulrich Dangel</a> <a href="https://dangel.im/blog/debian.xml">(feed)</a></li> <li><a href="https://the.curlybracket.net/" title="curlybracket">Ulrike Uhlig</a> <a href="https://the.curlybracket.net/atom.xml">(feed)</a></li> <li><a href="https://urvikagola.wordpress.com" title="Urvika Gola">Urvika Gola</a> <a href="https://urvikagola.wordpress.com/feed/">(feed)</a></li> <li><a href="https://utkarsh2102.org/" title="utkarsh2102">Utkarsh Gupta</a> <a href="https://utkarsh2102.org/index.xml">(feed)</a></li> <li><a href="https://blog.kleine-koenig.org/ukl/" title="ukl's blog">Uwe Kleine-König</a> <a href="https://blog.kleine-koenig.org/ukl/feeds/all.atom.xml">(feed)</a></li> <li><a href="http://www.spectranaut.cc" title="Spectranaut (Valerie Young)">Valerie Young</a> <a href="https://spectranaut.cc/?tag=debian&feed=rss2">(feed)</a></li> <li><a href="https://blog.trueelena.org" title="Valhalla's things">Valhalla's Things</a> <a href="https://blog.trueelena.org/atom.xml">(feed)</a></li> <li><a href="https://copyninja.in/" title="Random Ramblings">Vasudev Kamath</a> <a href="https://copyninja.in/feeds/all.atom.xml">(feed)</a></li> <li><a href="https://vincent.bernat.ch/en" title="Vincent Bernat">Vincent Bernat</a> <a href="https://vincent.bernat.ch/en/blog/atom.xml">(feed)</a></li> <li><a href="https://vince-debian.blogspot.com/" title="YANUB: yet another (nearly) useless blog">Vincent Fourmond</a> <a href="https://vince-debian.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="http://vincentsanders.blogspot.com/" title="Vincents Random Waffle">Vincent Sanders</a> <a href="http://vincentsanders.blogspot.com/feeds/posts/default">(feed)</a></li> <li><a href="https://billblough.net/" title="Bill's Web Log - FLOSS">William (Bill) Blough</a> <a href="https://billblough.net/feeds/floss.atom.xml">(feed)</a></li> <li><a href="https://grep.be/blog//pd/" title="pd">Wouter Verhelst</a> <a href="https://grep.be/blog/pd/index.rss">(feed)</a></li> <li><a href="https://appaji.livejournal.com/" title="Morsels of life!">Y Giridhar Appaji Nag</a> <a href="https://appaji.livejournal.com/data/atom">(feed)</a></li> <li><a href="http://www.corsac.net/?cat=3" title="Corsac.net - Debian">Yves-Alexis Perez</a> <a href="https://www.corsac.net/rss.php?cat=debian">(feed)</a></li> <li><a href="https://zgrimshell.github.io/" title="i.am.z.grim.shell">Zlatan Todorić</a> <a href="https://zgrimshell.github.io/rss.xml">(feed)</a></li> <li><a href="https://people.debian.org/~intrigeri/blog/" title="intrigeri's blog">intrigeri</a> <a href="https://people.debian.org/~intrigeri/blog/index.rss">(feed)</a></li> <li><a href="https://vulns.xyz" title="vulns.xyz">kpcyrd</a> <a href="https://vulns.xyz/feed.xml">(feed)</a></li> <li><a href="https://loldebian.wordpress.com" title="loldebian: i can has a rc bug?">loldebian - Can I has a RC bug?</a> <a href="https://loldebian.wordpress.com/feed/">(feed)</a></li> </ul> </div> </body> </html>