Language Selection

English French German Italian Portuguese Spanish

Debian

Syndicate content
Planet Debian - https://planet.debian.org/
Updated: 3 hours 41 min ago

Ben Hutchings: Linux Plumbers Conference 2019, part 2

Friday 20th of September 2019 11:09:28 PM

Here's the second chunk of notes I took at Linux Plumbers Conference earlier this month. Part 1 covered the Distribution kernels track.

Kernel Debugging Tools BoF

Moderators: George Wilson and Serapheim Dimitropoulos from Delphix; Omar Sandoval from Facebook

Details: https://linuxplumbersconf.org/event/4/contributions/539/

Problem: ability to easily anlyse failures in production (live system) or post-mortem (crash dump).

Debuggers need to:

  • Get consistent stack traces
  • Traverse and pretty-print memory structures
  • Easily introduce, extend. combine commands

Most people present use crash; one mentioned crash-python (aka pycrash) and one uses kgdb.

Pain points:

  • Tools not keeping up with kernel changes
  • Poor scripting support in crash

crash-python is a Python layer on top of a gdb fork. Uses libkdumpfile to decode compressed crash-dumps.

drgn (aka Dragon) is a debugger-as-a-library. Excels in introspectiion of live systems and crash-dumps, and covers both kernel and user-space. It can be extended through Python. As a library it can be imported and used from the Python REPL.

sdb is Deplhix's front-end to drgn, providing a more shell-like interactive interface. Example of syntax:

> modules | filter obj.refcnt.counter > 10 | member name

Currently it doesn't always have good type information for memory. A raw virtual address can be typed using the "cast" command in a pipeline. Hoping that BTF will allow doing better.

Allows defining pretty-print functions, though it appears these have to be explciitly invoked.

Answering tough questions:

  • Can I see any stacks with a specific function in? (bpftrace can do that on a live system, but there's no similar facility for crash dumps.)
  • What I/O is currently being issued?
  • Which files are currently being written?

Some discussion around the fact that drgn has a lot of code that's dependent on kernel version, as internal structures change. How can it be kept in sync with the kernel? Could some of that code be moved into the kernel tree?

Omar (I think) said that his approach was to make drgn support multiple versions of structure definitions.

Q: How does this scale to the many different kernel branches that are used in different distributions and different hardware platforms?

A: drgn will pick up BTF structure definitions. When BTF is available the code only needs to handle addition/removal of members it accesses.

Brendan Gregg made a plea to distro maintainers to enable BTF. (CONFIG_DEBUG_INFO_BTF).

Wayland BoF

Moderator: Hans de Goede of Red Hat

Details: https://linuxplumbersconf.org/event/4/contributions/533/

Pain points and missing pieces with Wayland, or specifically GNOME Shell:

  • GNOME Shell is slower
  • Synergy doesn't work(?) - needs to be in the compositor
  • With Nvidia proprietary driver, mutter and native Wayland clients get GPU acceleration but X clients don't
  • No equivalent to ssh -X. Pipewire goes some way to the solution. The whole desktop can be remoted over RDP which can be tunnelled over SSH.
  • No remote login protocol like XDMCP
  • No Xvfb equivalent
  • Various X utilities that grab hot-keys don't have equivalents for Wayland
  • Not sure if all X's video acceleration features are implemented. Colour format conversion and hardware scaling are implemented.
  • Pointer movement becomes sluggish after a while (maybe related to GC in GNOME Shell?)
  • Performance, in general. GNOME Shell currently has to work as both a Wayland server and an X compositor, which limits the ability to optimise for Wayland.
IoT from the point of view of view of a generic and enterprise distribution

Speaker: Peter Robinson of Red Hat

Details: https://linuxplumbersconf.org/event/4/contributions/439/

The good

Can now use u-boot with UEFI support on most Arm hardware. Much easier to use a common kernel on multiple hardware platforms, and UEFI boot can be assumed.

The bad

"Enterprise" and "industrial" IoT is not a Raspberry Pi. Problems result from a lot of user-space assuming the world is an RPi.

Is bluez still maintained? No user-space releases for 15 months! Upstream not convinced this is a problem, but distributions now out of synch as they have to choose between last release and arbitrary git snapshot.

Wi-fi and Bluetooth firmware fixes (including security fixes) missing from linux-firmware.git. RPi Foundation has improved Bluetooth firmware for the chip they use but no-one else can redistribute it.

Lots of user-space uses /sys/class/gpio, which is now deprecated and can be disabled in kconfig. libgpiod would abstract this, but has poor documentation. Most other GPIO libraries don't work with new GPIO UAPI.

Similar issues with IIO - a lot of user-space doesn't use it but uses user-space drivers banging GPIOs etc. libiio exists but again has poor documentation.

For some drivers, even newly added drivers, the firmware has not been added to linux-firmware.git. Isn't there a policy that it should be? It seems to be an unwritten rule at present.

Toolchain track

Etherpad: https://etherpad.net/p/LPC2019_TC/timeslider#5767

Security feature parity between GCC and Clang

Speaker: Kees Cook of Google

Details: https://linuxplumbersconf.org/event/4/contributions/398/

LWN article: https://lwn.net/Articles/798913/

Analyzing changes to the binary interface exposed by the Kernel to its modules

Speaker: Dodji Seketeli of Red Hat

Details: https://linuxplumbersconf.org/event/4/contributions/399/

Wrapping system calls in glibc

Speakers: Maciej Rozycki of WDC

Details: https://linuxplumbersconf.org/event/4/contributions/397/

LWN article: https://lwn.net/Articles/799331/

Bernhard R. Link: Firefox 69 dropped support for <keygen>

Friday 20th of September 2019 07:46:29 PM
With version 69, firefox removed the support for the <keygen> feature to easily deploy TLS client certificates.
It's kind of sad how used I've become to firefox giving me less and less reasons to use it...

Enrico Zini: Upgrading LineageOS 14 to 16

Friday 20th of September 2019 02:18:44 PM

The LineageOS updater notified me that there will be no more updates for LineageOS 14, because now development on my phone happens on LineageOS 16, so I set aside some time and carefully followed the upgrade instructions.

I now have a phone with Lineageos 16, but the whole modem subsystem does not work.

Advice on #lineageos was that "the wiki instructions are often a bit generic.. offical thread often has the specific details".

Official thread is here, and the missing specific detail was "Make sure you had Samsung's Oreo firmware bootloader and modem before installing this.".

It looks like nothing ever installed firmware updates, since the Android that came with my phone ages ago. I can either wipe everything and install a stock android to let it do the upgrade, then replace it with LineageOS, or try a firmware upgrade.

This link has instructions for firmware upgrades using haimdall, which is in Debian, instead of Odin, which is in Windows.

Finding firmwares is embarassing. They only seem to be available from links on shady download sites, or commercial sites run by who knows whom. I verify sha256sums on LineageOS images, F-Droid has reproducible builds, but at the base of this wonderful stack there's going to be a blob downloaded off some forum on the internet.

In this case, this link points to some collection of firmware blobs.

I downloaded the pack and identified the ones for my phone, then unpacked the tar files and uncompressed the lz4 blobs.

With heimdall, I identified the mapping from partition names to blob names:

heimdall print-pit --no-reboot

Then I did the flashing:

heimdall flash --resume --RADIO modem.bin --CM cm.bin --PARAM param.bin --BOOTLOADER sboot.bin

The first time flashing didn't work, and I got stuck in download mode. This explains how to get out of download mode (power + volume down for 10s).

Second attempt worked fine, and now I have a working phone again:

heimdall flash --RADIO modem.bin --CM cm.bin --PARAM param.bin --BOOTLOADER sboot.bin

Louis-Philippe Véronneau: Praise Be CUPS Driverless Printing

Thursday 19th of September 2019 04:30:13 PM

Last Tuesday, I finally got to start updating $work's many desktop computers to Debian Buster. I use Puppet to manage them remotely, so major upgrades basically mean reinstalling machines from scratch and running Puppet.

Over the years, the main upgrade hurdle has always been making our very large and very complicated printers work on Debian. Unsurprisingly, the blog posts I have written on that topic are very popular and get me a few 'thank you' emails per month.

I'm very happy to say, thanks to CUPS Driverless Printing (CUPS 2.2.2+), all those trials and tribulations are finally over. Printing on Buster just works. Yes yes, even color booklets printed on 11x17 paper folded in 3 stapled in the middle.

Xerox Altalink C8045 and Canon imageRUNNER ADVANCE C5550i

Although by default the Xerox Altalink C8045 comes with IPP Everywhere enabled, I wasn't able to print in color until I enabled AirPrint. I also had to update the printer to firmware version 101.002.008.274001 to make the folding and stapling features more stable.

As for the Canon imageRUNNER ADVANCE C5550i, it seems it doesn't support IPP Everywhere. After enabling AirPrint manually, everything worked perfectly.

Both printers now work wonderfully with all our computers, without the need to resort to strange (and broken) proprietary drivers or aweful 32bit libraries.

Note that if you run a firewall locally, you will need to open port 5353 UDP for machines to resolve .local addresses via mDNS. This had me bumped for a while.

Praises

Packaging CUPS and all the related CUPS bits for Debian isn't an easy task. I'm so glad I don't have to touch that side of CUPS. Three cheers to Didier Raboud, Till Kamppeter and to the Debian Printing Team.

Many, many thanks to Brian Potkin for the work he did to document CUPS Driverless printing and AirPrint on the Debian wiki. If we ever meet, I definitely owe you a pint.

Finally, well, thanks to Apple. (I never thought I'd ever say that)

  1. That took me a few hours. Yes. 

Thomas Lange: FAI 5.8.7 and new ISO images using Debian 10

Thursday 19th of September 2019 03:01:42 PM

The new FAI release 5.8.7 now supports apt keys in files called package_config/CLASS.gpg. Before we only supported .asc files. fai-mirror has a new option -V, which checks if variables are used in package_config/ and uses variable definitions from class/.var.

I've also created new ISO images, which now install Debian 10 by default. They are available from

https://fai-project.org/fai-cd

If you need a newer kernel, checkout the FAI.me service which can also build ISO images using the kernel from backports which currently is 5.2.

FAI

Rapha&#235;l Hertzog: Freexian’s report about Debian Long Term Support, August 2019

Thursday 19th of September 2019 10:04:27 AM

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In August, 212.5 work hours have been dispatched among 13 paid contributors. Their reports are available:

  • Adrian Bunk got 8h assigned (plus 18 extra hours from July), but did nothing, thus he is carrying over 26h to September.
  • Ben Hutchings did 20 hours (out of 20 hours allocated).
  • Brian May did 10 hours (out of 10 hours allocated).
  • Chris Lamb did 18 hours (out of 18 hours allocated).
  • Emilio Pozuelo Monfort did 31 hours (out of 21.75h assigned plus 14.5 extra hours from July), thus he is carrying over 5.25h to September).
  • Hugo Lefeuvre did 30.5 hours (out of 21.75 hours allocated, plus 8.75 extra hours from July).
  • Jonas Meurer did 0.5 hours (out of 10, thus carrying 9.5h to September).
  • Markus Koschany did 21.75 hours (out of 21.75 hours allocated).
  • Mike Gabriel did 24 hours (out of 21.75 hours allocated plus 10 extra hours from July, thus carrying over 7.75h to September).
  • Ola Lundqvist got 8h assigned (plus 8 extra hours from August), but did nothing and gave back 8h, thus he is carrying over 8h to September.
  • Roberto C. Sanchez did 8 hours (out of 8 hours allocated).
  • Sylvain Beucler did 21.75 hours (out of 21.75 hours allocated).
  • Thorsten Alteholz did 21.75 hours (out of 21.75 hours allocated).
Evolution of the situation

August was more or less a normal month, a bit still affected by summer in the area where most contributors live: so one contributor is still taking a break (thus we only had 13, not 14), two contributors were distracted by summer events and another one is still in training.

It’s been a while that we haven’t welcomed a new LTS sponsors. Nothing worrisome at this point as few sponsors are stopping, but after 5 years, some have moved on so it would be nice to keep finding new ones as well. We are still at 215 hours sponsored by month.

The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 39 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Louis-Philippe Véronneau: Archiving 20 years of online content

Thursday 19th of September 2019 04:00:00 AM

Last Spring at work I was tasked with archiving all of the digital content made by Association pour une Solidarité Syndicale Étudiante (ASSÉ), a student union federation that was planned to shut down six months later.

Now that I've done it, I have to say it was quite a demanding task: ASSÉ was founded in 2001 and neither had proper digital archiving policies nor good web practices in general.

The goal was not only archiving those web resources, but also making sure they were easily accessible online too. I thus decided to create a meta site regrouping and presenting all of them.

All in all, I archived:

  • a Facebook page
  • a Twitter account
  • a YouTube account
  • multiple ephemeral websites
  • old handcrafted PHP4 websites that I had to partially re-write
  • a few crummy Wordpress sites
  • 2 old phpBB Forum using PHP3
  • a large Mailman2 mailing list
  • a large Yahoo! Group mailing list

Here are the three biggest challenges I faced during this project:

The Twitter API has stupid limitations

The Twitter API won't give you more than an account's last 3000 posts. When you need to automate the retrieval of more than 5500 tweets, you know you're entering a world of pain.

Long story short, I ended up writing this crummy shell script to parse the HTML, statify all the Twitter links and push the resulting code to a Wordpress site using Ozh' Tweet Archive Theme. The URL list was generated using the ArchiveTeam's web crawler.

Of course, once done I made the Wordpress into a static website. I personally think the result looks purty.

Here's the shell script I wrote - displayed here for archival purposes only. Let's pray I don't ever have to do this again. Please don't run this, as it might delete your grandma.

cat $1 | while read line do # get the ID id=$(echo $line | sed 's@https://mobile.twitter.com/.\+/status/@@') # download the whole HTML page html=$(curl -s $line) # get the date date=$(echo "$html" | grep -A 1 '<div class="metadata">' | grep -o "[0-9].\+20[0-9][0-9]" | sed 's/ - //' | date -f - +"%F %k:%M:%S") # extract the tweet tweet=$(echo "$html" | grep '<div class="dir-ltr" dir="ltr">') # we strip the HTML tags for the title title=$(echo $tweet | sed -e 's/<[^>]*>//g') # get CSV list of tags tags=$(echo "$tweet" | grep -io "\#[a-z]\+" | sed ':a;N;$!ba;s/\n/,/g') # get a CSV list of links links=$(echo "$tweet" | grep -Po "title=\"http.*?>" | sed 's/title=\"//; s/">//' | sed ':a;N;$!ba;s/\n/,/g') # get a CSV list of usernames usernames=$(echo "$tweet" | grep -Po ">\@.*?<" | sed 's/>//; s/<//' | sed ':a;N;$!ba;s/\n/,/g') image_link=$(echo "$html" | grep "<img src=\"https://pbs.twimg.com/media/" | sed 's/:small//') # remove twitter cruft tweet=$(echo $tweet | sed 's/<div class="dir-ltr" dir="ltr"> /<p>/' | perl -pe 's@<a href="/hashtag.*?dir="ltr">@<span class="hashtag hashtag_local">@g') # expand links if [ ! -z $links ] then IFS=',' read -ra link <<< "$links" for i in "${link[@]}" do tweet=$(echo $tweet | perl -pe "s@<a href=\"*.+?rel=\"nofollow noopener\"dir=\"ltr\"data-*.+?</a>@<a href='$i'>$i</a>@") done fi # replace hashtags by links if [ ! -z $tags ] then IFS=',' read -ra tag <<< "$tags" for i in "${tag[@]}" do plain=$(echo $i | sed -e 's/#//') tweet=$(echo $tweet | sed -e "s@$i@#<a href=\"https://oiseau.asse-solidarite.qc.ca/index.php/tag/$plain\">$plain@") done fi # replace usernames by links if [ ! -z $usernames ] then IFS=',' read -ra username <<< "$usernames" for i in "${username[@]}" do plain=$(echo $i | sed -e 's/\@//') tweet=$(echo $tweet | perl -pe "s@<a href=\"/$plain.*?</a>@<span class=\"username username_linked\">\@<a href=\"https://twitter.com/$plain\">$plain</a></span>@i") done fi # replace images tweet=$(echo $tweet | perl -pe "s@<a href=\"http://t.co*.+?data-pre-embedded*.+?</a>@<span class=\"embed_image embed_image_yes\">$image_link</span>@") echo $tweet | sudo -u twitter wp-cli post create - --post_title="$title" --post_status="publish" --tags_input="$tag" --post_date="$date" > tmp post_id=$(grep -Po "[0-9]{4}" tmp) sudo -u twitter wp-cli post meta add $post_id ozh_ta_id $id echo "$post_id created" rm tmp done Does anyone ever update phpBBs?

What's worse than a phpBB forum? Two phpBB 2.0.x forums using PHP3 and last updated in 2006.

I had to resort to unholy methods just to be able to get those things running again to be able to wget the crap out of them.

By the way, the magic wget command to grab a whole website looks like this:

wget --mirror -e robots=off --page-requisites --adjust-extension -nv --base=./ --convert-links --directory-prefix=./ -H -D www.foo.org,foo.org http://www.foo.org/

Depending on the website you are trying to archive, you might have to play with other obscure parameters. I sure had to. All the credits for that command goes to Koumbit's wiki page on the dark arts of website statification.

Archiving mailing lists

mailman2 is pretty great. You can get a dump of an email list pretty easily and mailman3's web frontend, the lovely hyperkitty, is well, lovely. Importing a legacy mailman2 mbox went without a hitch thanks to the awesome hyperkitty_import importer. Kudos to the Debian Mailman Team for packaging this in Debian for us.

But what about cramming a Yahoo! Group mailing list in hyperkitty? I wouldn't recommend it. After way too many hours spent battling character encoding errors I just decided people that wanted to read obscure emails from 2003 would have to deal with broken accents and shit. But hey, it kinda works!

Oh, and yes, archiving a Yahoo! Group with an old borken Perl script wasn't an easy task. Hell, I kept getting blacklisted by Yahoo! for scraping too much data to their liking. I ended up patching together the results of multiple runs over a few weeks to get the full mbox and attachments.

By the way, if anyone knows how to tell hyperkitty to stop at a certain year (i.e. not display links for 2019 when the list stopped in 2006), please ping me.

Shirish Agarwal: Dissonance, Rakhigiri, one-party system

Tuesday 17th of September 2019 10:23:51 PM

I heard the term dissonance or Cognitive dissonance about a year, year and a half back. This is the strategy that BJP used to win in 2014 and in 2019. How much part did EVM’s play and how much part did the cognitive dissonance work is hard to tell and define but both have made irreperable damage to not just the economy, social fabric, institutions, the constitution but the idea of India itself. India, the country which has thousands of different cultures, castes, are for one reason or the other put into hate which seems to have no end. But before going into the politics, let me share one beautiful video which got played on social media and also quickly forgotten.

Dhol Tasha in Ganesh Chaturthi

The gentleman playing that drum is Mr. Greg Ellis. While we had Ganesh Chaturthi just a while back, the most laid-back I have seen in my whole 40+ years. While there were other dhol tasha plays which played for e.g. these two videos

and

I do like the first one though which represents what is and used to be call jugalbandi. This is where two artists talk to each other having conversation while playing their instruments. For e.g. Zakir Hussain Sahab and Shivamani and many others. but that perhaps is a story for another day.

The Science and Politics of the 4500 year old Rakhigarhi woman.

This story was broken couple of weeks back. The best way or person to perhaps explain it in plain english would perhaps be Shekhar Gupta . From the discussions you see it is much heated and contested topic.

The study that was done can be found at https://reich.hms.harvard.edu/sites/reich.hms.harvard.edu/files/inline-files/2019_Cell_ShindeNarasimhan_Rakhigarhi.pdf and https://reich.hms.harvard.edu/sites/reich.hms.harvard.edu/files/inline-files/2019_Science_NarasimhanPatterson_CentralSouthAsia.pdf . In fact you can see whole series of papers on the same topic https://reich.hms.harvard.edu/publications . Now the Indian nationalist narrative movement is that Aryan migration does not take place while others say it’s the opposite. One can look at a bit more background on the story in the Indian Express article which came a few months before, before the whole controversy erupted.

One of the best things that has happened is the ability to get the DNA from a 4500 year old specimen. This is Priya Moorani’s github repo. which helped them get the genome data. I am sure some of the Debian folks may be interested in such kind of forensic anthropology. I know I had shared bits of its previously as well but it didn’t fit well with me as I had hadn’t shared the whole narrative behind it and the positions that people have taken.

The Economy

The Economy is in a bad shape in India is in a bad shape is not a hidden thing anymore but India Inc. had been keeping quiet. Apart from Ratan Tata and Mahindra who quipped about the R-word (Recession) only two ladies seems to be able a spade, a spade and both of them called on it on NDTV . Both these ladies are wealth-creators and have made India proud, one of them even benefiting from the rupee crash but even then their heart in the right place.

The Madame above is Ms. Kiran Majumdar Shaw who is a billionaire who makes her money selling generic active pharmaceutical ingredients and other bio products to advanced countries. Businessworld had done stories on pharmaceutical development, engineering about 6-7 years back when it was an emerging industry and lot of startups had come into the field. While it is a pretty competitive field with about 60 odd companies and biocon itself shedding quite a bit of its price on the stock exchange and still she has the guts to criticize the Modi Govt.

The other is Shobhana Kamineni of Apollo Hospitals, which is in superspeciality hospitals. Both the ladies are into medicine field and both are in the high-risk and high-reward game and still they are able to speak their mind. What is and was shocking for many of us is the kind of numbers she had shared of people emigrating to elsewhere in the last 5 odd years which perhaps wasn’t the case before. In fact, couple of days back both Indian Express and the Wire ran stories showing how millionaires and billionaires are moving out of the country. This hasn’t happened in a day but over a 5 year period. While people are saying that the money is being spent on trael and education, in fact it is due to tax harrassment and structural issues in the broader economy that wealth-creators are leaving. Of course for the rest of us it is the Hindu-Muslim topics but that is another story altogether.

The Hindu-Muslim polarization

When I talk to most of the Bhakts or people who have a militant belief of the way BJP is going, one of the questions I ask is, who are these muslims, are they the ones who came from Arab or are these converted Muslims, Christians, Buddhists, Sikhs etc. Most of them were and our own people who choose to convert to a religion because they saw upward mobility in that religion. So in a way the whole debate collapses. The saddest part is whether it is Hindu-Muslim polarization or Hindu-Sikh polarization it is always one brother beating the other. Also, studies showed that in the 2002 Gujarat riots, the ones who took part in the riots were from the lowest strata of the society because by killing the Muslims, they got prestige and money in the society. While I’m sure I have shared the studies before on the site, but if not shared, please let me know and will update the same accordingly. It is somewhere in my bookmarks somewhere

Bits from Debian: New Debian Developers and Maintainers (July and August 2019)

Tuesday 17th of September 2019 03:30:00 PM

The following contributors got their Debian Developer accounts in the last two months:

  • Keng-Yu Lin (kengyu)
  • Judit Foglszinger (urbec)

The following contributors were added as Debian Maintainers in the last two months:

  • Hans van Kranenburg
  • Scarlett Moore

Congratulations!

Antoine Beaupré: FSF resignations

Tuesday 17th of September 2019 02:58:00 PM

I have been hesitant in renewing my membership to the Free Software Foundation for a while, but now I never want to deal with the FSF until Richard Stallman, president and founder of the free software movement, resigns. So, like many people and organizations, I have written this letter to cancel my membership. (Update: RMS resigned before I even had time to send this letter, but I publish here to share my part of this story.)

My encounters with a former hero

I had the (mis)fortune of meeting rms in person a few times in my life. The first time was at an event we organized for his divine visit to Montreal in 2005. I couldn't attend the event myself, but I had the "privilege" of having dinner with rms later during the week. Richard completely shattered any illusion I had about him as a person. He was arrogant, full of himself, and totally uninterested in the multitude of young hackers he was meeting in his many travels, apart from, of course, arguing with them about proper wording and technicalities. Even though we brought him to the fanciest vegetarian restaurant in town, he got upset because the restaurant was trying to make "fake meat" meals. Somehow my hero, who wrote the GNU manifesto that inspired me to make free software a life goal, has spoiled a delicious meal by being such an ungrateful guest. I would learn later that Stallman has rock star level requirements, with "vegetarian meals served just so" being only one exception out of many. (I don't mind vegetarians of course: I've been a vegetarian for more than 20 years now, but I will never refuse vegetarian food given to me.)

The second time was less frustrating: it was in 2006 during the launch of the GPLv3 discussion draft, an ambitious project to include the community in the rewrite of the GPLv2. Even though I was deeply interested in the legal implications of the changes, everything went a bit over my head and I felt left out of a process that was supposedly designed to include legal geeks like me. At best, I was able to assist Stallman's assistant as she skidded over icy Boston sidewalks with a stereotypical (and maybe a little machismo, I must admit) Canadian winter assurance. At worst, I burned liters of fuel to drive me and some colleagues over the border to see idols speak on a stage.

Finally, I somehow got tangled up with rms in a hallway conversation about open hardware and wireless chipsets at LibrePlanet 2017, the FSF's yearly conference. I forgot the exact details, but we were debating whether or not legislation that forbids certain wireless chipsets to be open was legitimate or not.

(For some reason, rms has ambiguous opinions about "hardware freedom" and sees a distinction between software that runs on a computer (as "in the CPU") and software that is embedded in the hardware, etched into electronic circuits. The fact that this is a continuum that has various in-between incarnations ("firmware", ASIC, FPGA) seems to escape his analysis. But that is besides the point here.)

We "debated" this for a while, but for people who don't know, debating with rms is a little bit like talking with a three year old: they have their deeply rooted opinion, they might recognize you have one as well (if your lucky), but they will generally ignore whatever it is you non-sensical adult are saying because it's incomprehensible anyways. With a three year old, it's kind of hilarious (until they spill an bottle full of vanilla on the floor), but with an adult, it's kind of aggravating and makes you feel like an idiot for even trying.

I mention this anecdote because it's a good example of how Stallman doesn't think rules apply to him. Simple, informal rules like listening to people you're talking to seem like basic courtesy, but rms is above such mundane things. If this was just a hallway conversation, I wouldn't mind that much: after all, I don't need to talk to Richard Stallman. But at LibrePlanet (and in fact anywhere), he believes it is within his prerogative to interrupt any discussion or talk around him . I was troubled by the FSF's silence on Eric Schultz's request for safety at Libre Planet: while I heard the FSF privately reached out to Eric, nothing seemed to have been done to curb Stallman's attitude in public. This is the reason why I haven't returned to Boston for LibrePlanet since then, even though I have dear friends that live there and were deeply involved in the organization.

The final straw before this week's disclosurse was an event in Quebec city where Stallman was speaking at a conference. A friend of mine asked a question involving his daughter as an example user. Stallman responded to the question by asking my friend if he could meet his (underage) daughter, with obvious obscene undertones. Everyone took this as a joke, but, in retrospect, it was just horrible and I had come to conclude that Stallman was now a liability to the free software movement. I just didn't know what to do back then. I wish I had done something.

Why I am resigning from the FSF

Those events at LibrePlanet were the first reason why I haven't renewed my membership yet. But now I want to formally cancel my membership with the FSF because its president went over his usual sexism and weird pedophilia justification from the past. I first treated those as an abhorrent eccentricity or at best an unfortunate intellectual posture, but rms has gone way beyond this position now. Now rms has joined the rank of rape apologists in the Linux kernel development community, an inexcusable position in our community that already struggles too much with issues of inclusion, respect, and just being nice with each other. I am not going to go into details that are better described by this courageous person, but needless to say that this kind of behavior is inexcusable from anyone, and particularly from an historical leader. Stallman did respond to the accusations, but far from issuing an apology, he said his statements were "mischaracterised"; something that looks to me like a sad caricature.

I do not want to have anything to do with the FSF anymore. I don't know if they would be able to function without Stallman, and frankly at this point, I don't care: they have let this gone on for too long. I know how much rms contributed to the free software movement: he wrote most of Emacs, GCC and large parts of the GNU system so many people use on their desktops. I am grateful for that work, but that was a long time ago and this is now. As others have said, we don't need to replace rms. We need a world where such leaders are not necessary, because rock stars too easily become abusers.

Stallman is just the latest: our community is filled with obnoxious leaders like this. It seems our community leaders are (among other things) either assholes, libertarian gun freaks, or pedophilia apologists and sexists. We tolerate their abuse because we somehow believe they are technically exceptional. They aren't: they're just hard-working and privileged. But even if they would be geniuses, but as selamie says:

For a moment, let’s assume that someone like Stallman is truly a genius. Truly, uniquely brilliant. If that type of person keeps tens or even hundreds of highly intelligent but not ‘genius’ people out of science and technology, then they are hindering our progress despite the brilliance.

Or, as Banksy says:

We don't need any more heroes.

We just need someone to take out recycling.

I wish Stallman would just retire already. He's done enough good work for a lifetime, now he's bound to just do more damage.

Update: Richard Stallman resigned from the FSF and from MIT ("due to pressure on MIT and me"), still dodging responsability and characterizing the problem as "a series of misunderstandings and mischaracterizations". Obviously, this man cannot be reformed and we need to move on. Those events happened before I even had time to actually send this letter to the FSF, so I guess I might renew my membership after all. I'll hold off until LibrePlanet, however, we'll see what happens there... In the meantime, I'll see how I can help my friends left the FSF because they must be living through hell now.

Molly de Blanc: Thinkers

Tuesday 17th of September 2019 09:16:17 AM

Free and open source software, ethical technology, and digital autonomy have a number of great thinkers, inspiring leaders, and hard working organizations. I see two discussions occurring now that I feel the need to address: What will we do next? Who will our new great leader be?

The thing is, we don’t need to do something new next, and we don’t need to find new leader.

Organizations and individuals have been doing amazing work in our sphere for more than thirty years. We only need to look at the works of groups like Public Labs, OpenStreetMap, and Wikimedia to see where the future of our work lies: applying the principles of user freedom to create demonstrable change, build equity, and fight for justice. I am positively inspired by the GNOME community and their dedication to building software for people in every country, of every ability, and of every need. Outreachy and projects and companies that participate in Outreachy internships are working hard to build the future of community that we want to see.

Deb Nicholson recently reminded me that we cannot build a principled future where people are excluded from the process of building it. She also pointed out that once we’ve have a techno-utopia, it will include everyone, because it needs to. This utopia is built on ideas, but it is also built by plumbers — by people doing work on the ground with those ideas.

Deb Nicholson is another inspiration to me. I’ve been lucky enough to know her since 2010, when she graciously began to mentor me. I now consider her both a mentor and a dear friend. Her ideas are innovative, her principles hard, and her vision wide.

Deb is one of the many  people who have helped and continue to help shape my ideas, teach me things. Allison Randall, Asheesh Laroia, Christopher Lemmer-Webber, Daniel Khan Gilmore, Elana Hashman, Gabriella Coleman, Jeffrey Warren, Karen Sandler, Karl Fogel, Stefano Zacchiroli — these are just a few of the individuals who have been necessary figures in my life.

We don’t need to find new leaders and thinkers because they’re already here. They’ve been here, thinking, writing, speaking, and doing for years.

What we need to do is listen to their voices.

As I see people begin to discuss the next president of the Free Software Foundation, they do so in a context of asking who will be leading the free software movement. The free software movement is more than the FSF and it’s more than any given individual. We don’t need to go in search of the next leader, because there are leaders who work every day not just for our digital rights, but for a better world. We don’t need to define a movement by one man, nor should we do so. We instead need to look around us and listen to what is already happening.

Steve Kemp: A slack hack

Monday 16th of September 2019 09:00:00 PM

So recently I've been on-call, expected to react to events around the clock. Of course to make it more of a challenge alerts are usually raised via messages to a specific channel in slack which come from a variety of sources. Let's pretend I'm all retro/hip and I'm using IRC instead.

Knowing what I'm like I knew there was essentially zero chance a single beep on my phone, from the slack/irc app, would wake me up. So I spent a couple of hours writing a simple bot:

  • Connect to the server.
  • Listen for messages.
  • When an alert is posted in the channel:
    • Trigger a voice-call via the twilio API.

That actually worked out really, really, really well. Twilio would initiate a call to my mobile which absolutely would, could, and did wake me up. I did discover a problem pretty quickly though; too many phone-calls!

Imagine something is broken. Imagine a notice goes to your channel, and then people start replying to it:

Some Bot: Help! Stuff is broken! I'm on Fire!! :fire: :hot: :boom: Colleague Bob: Is this real? Colleague Ann: Can you poke Chris? Colleage Chris: Oh dears, woe is me.

The first night I was on call I got a phone call. Then another. Then another. Even I replied to the thread/chat to say "Yeah I'm on it". So the next step was to refine my alerting:

  • If there is a message in the channel
    • Which is not from Bob
    • Which is not from Steve
    • Which is not from Ann
    • Which is not from Chris
    • Which doesn't contain the text "common false-positive"
    • Which doesn't contain the text "backup completed"
  • Then make a phone-call.

Of course the next problem was predictable enough, so the rules got refined:

  • If the time is between 7PM and 7AM raise the alert.
  • Unless it is the weekend in which case we alert regardless of the time of day.

So I had a growing set of rules. All encoded in my goloang notification application. I moved some of them to JSON (specificially a list of users/messages to ignore) but things like the time of day were harder to move.

I figured I shouldn't be hardwiring these things. So last night put together a simple filter-library, an evaluation engine, in golang to handle them. Now I can load a script and filter things out much more dynamically. For example assume I have the following struct:

type Message struct { Author string Channel string Message string .. }

And an instance of that struct named message, I can run a user-written script against that object:

// Create a new eval-filter eval, er := evalfilter.New( "script goes here ..." ) // Run it against the "message" object out, err := eval.Run( message )

The logic of reacting now goes inside that script, which is hopefully easy to read - but more importantly can be edited without recompiling the application:

// // This is a filter script: // // return false means "do nothing". // return true means initiate a phone-call. // // // Ignore messages on channels that we don't care about // if ( Channel !~ "_alerts" ) { return false; } // // Ignore messages from humans who might otherwise write in our channels // of interest. // if ( Sender == "USER1" ) { return false; } // Steve if ( Sender == "USER2" ) { return true; } // Ann if ( Sender == "USER3" ) { return false; } // Bob // // Is it a weekend? Always alert. // if ( IsWeekend() ) { return true ; } // // OK so it is not a weekend. // // We only alert if 7pm-7am // // The WorkingHours() function returns `true` during working hours. // if ( WorkingHours() ) { return false ; } // // OK by this point we should raise a call: // // * The message was NOT from a colleague we've filtered out. // * The message is upon a channel with an `_alerts` suffix. // * It is not currently during working hours. // * And we already handled weekends by raising calls above. // return true ;

If the script returns true I initiate a phone-call. If the script returns false we ignore the message/event.

The alerting script itself is trivial, and probably non-portable, but the filtering engine is pretty neat. I can see a few more uses for it, even without it having nested blocks and a real grammar. So take a look, if you like:

Neil McGovern: GNOME relationship with GNU and the FSF

Monday 16th of September 2019 06:05:47 PM

On Saturday, I wrote an email to the FSF asking them to cancel my membership. Other people who I greatly respect are doing the same. This came after the president of the FSF made some pretty reprehensible remarks saying that the “most plausible scenario is that [one of Epstein’s underage victims] presented themselves as entirely willing” while being trafficked. This isn’t the only incident, but it is the straw that broke the camel’s back.

In my capacity as the Executive Director of the GNOME Foundation, I have also written to the FSF. One of the most important parts of my role is to think of the well being of our community and the GNOME mission. One of the GNOME Foundation’s strategic goals is to be an exemplary community in terms of diversity and inclusion. I feel we can’t continue to have a formal association with the FSF or the GNU project when its main voice in the world is saying things that hurt this aim.

I greatly admire the work of FSF staffers and volunteers, but have now reached the point of concluding that the greatest service to the mission of software freedom is for Richard to step down from FSF and GNU and let others continue in his stead. Should this not happen in a timely manner, then I believe that severing the historical ties between GNOME, GNU and the FSF is the only path forward.

Edit: I’ve also cross-posted this to the GNOME discourse instance.

Sven Hoexter: ansible scp_if_ssh: smart debugging

Monday 16th of September 2019 04:16:25 PM

I guess that is just one of the things you've to know, so maybe it helps someone else.

We saw some warnings in our playbook rollouts like

[WARNING]: sftp transfer mechanism failed on [192.168.23.42]. Use ANSIBLE_DEBUG=1 to see detailed information

They were actually reported for sftp and scp usage. If you look at the debug output it's not very helpful for the average user, similar if you go to verbose mode with -vvv. The later one at least helped to see parameters passed to sftp and scp, but you still see no error message. But if you set

scp_if_ssh: True

or

scp_if_ssh: False

you will suddenly see the real error message

fatal: [docker-023]: FAILED! => {"msg": "failed to transfer file to /home/sven/testme.txt /home/sven/ .ansible/tmp/ansible-tmp-1568643306.1439135-27483534812631/source:\n\nunknown option -- A\r\nusage: scp [-346BCpqrv] [-c cipher] [-F ssh_config] [-i identity_file]\n [-l limit] [-o ssh_option] [-P port] [-S program] source ... target\n"}

Lesson learned, as long as ansible is running in "smart" mode it will hide all error messages from the user. Now we could figure out that the culprit is the -A for AgentForwarding, which is for obvious reasons not available in sftp and scp. One can move it to group_vars ansible_ssh_extra_args. The best documentation regarding this, beside of the --help output, seems to be the commit message of 3ad9b4cba62707777c3a144677e12ccd913c79a8.

Sam Hartman: Free as in Sausage Making: Inside the Debian Project

Monday 16th of September 2019 02:30:18 AM

Recently, we’ve been having some discussion around the use of non-free software and services in doing our Debian work. In judging consensus surrounding a discussion of Git packaging, I said that we do not have a consensus to forbid the use of non-free services like Github. I stand behind that consensus call. Ian Jackson, who initially thought that I misread the consensus later agreed with my call.


I have been debating whether it would be wise for me as project leader to say more on the issue. Ultimately I have decided to share my thoughts. Yes, some of this is my personal opinion. Yet I think my thoughts resonate with things said on the mailing list; by sharing my thoughts I may help facilitate the discussion.


We are bound together by the Social Contract. Anyone is welcome to contribute to Debian so long as they follow the Social Contract, the DFSG, and the rest of our community standards. The Social Contract talks about what we will build (a free operating system called Debian). Besides SC #3 (we will not hide problems), the contract says very little about how we will build Debian.


What matters is what you do, not what you believe. You don’t even need to believe in free software to be part of Debian, so long as you’re busy writing or contributing to free software. Whether it’s because you believe in user freedom or because your large company has chosen Debian for entirely pragmatic reasons, your free software contributions are welcome.


I think that is one of our core strengths. We’re an incredibly diverse community. When we try to tie something else to what it means to be Debian beyond the quality of that free operating system we produce, judged by how it meets the needs of our users, we risk diminishing Debian. Our diversity serves the free software community well. We have always balanced pragmatic concerns against freedom. We didn’t ignore binary blobs and non-free firmware in the kernel, but we took the time to make sure we balanced our users’ needs for functional systems against their needs for freedom. By being so diverse, we have helped build a product that is useful both to people who care about freedom and other issues. Debian has been pragmatic enough that our product is wildly popular. We care enough about freedom and do the hard work of finding workable solutions that many issues of software freedom have become mainstream concerns with viable solutions.


Debian has always taken a pragmatic approach to its own infrastructure and to how Debian is developed. The Social Contract requires that the resulting operating system be 100% free software. But that has never been true of the Debian Project nor of our developers.



  • At the time the Social contract was adopted, uploading a package to Debian involved signing it with the non-free PGP version 2.6.3. It was years later that GnuPG became commonly used.

  • Debian developers of the day didn’t use non-free tools to sign the Social Contract. They didn’t digitally sign it at all. Yet their discussions used the non-free Qmail because people running the Debian infrastructure decided that was the best solution for the project’s mailing lists.


“That was then,” you say.



  • Today, some parts of security.debian.org redirect to security-cdn.debian.org, a non-free web service

  • Our recommended mirror (deb.debian.org) is backed by multiple non-free CDN web services.

  • Some day we may be using more non-free services. If trends in email handling continue, we may find that we need to use some non-free service to get the email we send accepted by major email providers. I know of no such plan in Debian today, but I know other organizations have faced similar choices.


Yet these choices to use non-free software and non-free services in the production of Debian have real costs. Many members of our community prefer to use free software. When we make these choices, we can make it harder for people to contribute to Debian. When we decline to use free software we may also be missing out on an opportunity to improve the free software community or to improve Debian itself. Ian eloquently describes the frustrations those who wish to use only free software face when faced with choices to use non-free services.


As alternatives to non-free software or services have become available, we as a project have consistently moved toward free options.


Normally, we let those doing the work within Debian choose whether non-free services or software are sufficiently better than the free alternatives that we will use them in our work. There is a strong desire to prefer free software and self-hosted infrastructure when that can meet our needs.


For individual maintainers, this generally means that you can choose the tools you want to do your Debian work. The resulting contributions to Debian must themselves be free. But if you want to go write all your Debian packaging in Visual Studio on Windows, we’re not going to stop you, although many of us will think your choices are unusual.


And my take is that if you want to store Debian packages on Github, you can do that too. But if you do that, you will be making it harder for many Debian contributors to contribute to your packages. As Ian discussed, even if you listen to the BTS, you will create two classes of contributors: those who are comfortable with your tools and those who are not. Perhaps you’ve considered this already. Perhaps you value making things easier for yourself or for interacting with an upstream community on Github over making it easier for contributors who want to use only free tools. Traditionally in Debian, we’ve decided that the people doing the work generally get to make that decision. Some day perhaps we’ll decide that all Debian packaging needs to be done in a VCS hosted on Debian infrastructure. And if we make that decision, we will almost certainly choose a free service to host. We’re not ready to make that change today.


So, what can you do if you want to use only free tools?



  • You could take Ian’s original approach and attempt to mandate project policy. Yet each time we mandate such policy, we will drive people and their contributions away. When the community as a whole evaluates such efforts we’ll need to ask ourselves whether the restriction is worth what we will lose. Sometimes it is. But unsurprisingly in my mind, Debian often finds a balance on these issues.


  • You could work to understand why people use Github or other non-free tools. As you take the time to understand and value the needs of those who use non-free services, you could ask them to understand and value your needs. If you identify gaps in what free software and services offer, work to fix those gaps.


  • Specifically in this instance, I think that setting up easy ways to bidirectionally mirror things between Github and services like Salsa could really help.



Conclusions

  1. We have come together to make a free operating system. Everything else is up for debate. When we shut down that debate—when we decide there is one right answer—we risk diluting our focus and diminishing ourselves.

  2. We and the entire free software community win through the Debian Project’s diversity.

  3. Freedom within the Debian Project has never been simple. Throughout our entire history we’ve used non-free bits in the sausage making, even though the result consists (and can be built from) entirely free bits.

  4. This complexity and diversity is part of what allows us to advocate for software freedom more successfully. Over time, we have replaced non-free software that we use with free alternatives, but those decisions are nuanced and ever-changing.

Shirish Agarwal: Freedom, Chandrayaan 2 and Corporations in Space.

Sunday 15th of September 2019 09:15:36 PM

Today will be a longish blogpost so please excuse if you do not want to read a long article.

While today is my birthday, I don’t feel at all like celebrating. When 8 million Kashmiris are locked down in Kashmir and 19 million to be sent in detention camp, the number may increase, how one one feel happy? Sadly, many people disregard that illegal immigration is everywhere. Whether it is UK or US, Indians too have illegally immigrated. If you look at the comments either in US or UK papers is just as toxic as you would find in twitter in India. Most of the people are uninformed of the various reasons that people choose to take a dangerous path to make home a new country. Alliances are also divided because the children grow up in another culture and then they will be ‘corrupted’ especially if women are sent back to India. The situation in India have never been as similar as they are today, see this from Najam Sethi, an internationally known left-leaning journalist
https://www.youtube.com/watch?v=OCcrobZMy7A
and similarly you can see how Indian and US Investigative journalism is having a slow death in both India and U.S.
https://www.youtube.com/watch?v=65P44plUCng

You can also see how similar the societies are going into with this conversations
https://www.youtube.com/watch?v=ieWZi4gm_yE
https://www.youtube.com/watch?v=g_1oJui2Zq8

There are good moments too as can be seen here –

People going to Ganesh Visarjan and Muharram, Hyderabad.

We always say we are better than Pakistan but we seem to be going down to the same road and that can’t be good. Forget politics, even human right issues are not being tackled sensitively by our Supreme Court. Just today there came an incident involving one of the victims of the Muzaffarpur Shelter Home being allegedlly raped in a moving car. The case has been pending in the Supreme Court for quite sometime but no action being taken so far. Journalists either in Uttar Pradesh or Haryana are being booked for showing the truth. I have been trying to engage with people from across the political divide, i.e. the ones who support BJP. Majority of them are don’t have jobs and this is the only way they can get their frustration out. Also the dissonance in political message is such they feel that their jobs are being taken by outsiders. Ironically the Ministers get away with saying things like ‘North Indians lack qualifications’ . It shows lack of empathy on the Minister’s part. If they are citizens of the state, then it is the state’s responsibility of making sure they are skilled. If they are not skilled, then it is the Central Government and State Governments responsibility. Most of the States in the North are governed by BJP. I could share more but then it will all be about BJP only and nothing about the Chandrayaan 2 mission.

Chandrayaan 2 and Corporate Interests

Before we get to Chandrayaan 2, there are few interesting series I want to talk about, share about. The first one is AltBalaji’s Mission Over Mars which in some ways is similar to Mars 6-part series Docu-drama made by National Geographic and lot of movies, books etc. read over years. In both these and other books, movies etc. it has been shown how Corporate Interests win over science and exploration which the motives of such initiatives were and are. The rich become richer and richer while the poor become more poorer.

There has been also lot of media speculation that ISRO should be privatized similar to how NASA is and people saying that NASA’s importance has not lessened even though they couldn’t have been more wrong. Take the Space Launch System . It was first though of in the 2010 after the NASA Authorization Act of 2010 came into being. When it was shared or told it was told that it would be ready somewhere in 2016. Now it seems it won’t be ready until 2025. And who is responsible for this, the same company which has been responsible for lot of bad news in the international aviation business Boeing. The auditor’s report for NASA while blaming NASA for oversight also blames Boeing for not doing things right. And from what we have come to know that in the american system of self-regulation leaves much to be desired. More so, when an ex-employee of Boeing is exercising his fifth Amendment rights which raises the suspicion that there is more than just simply an oversight issue. Boeing also is a weapons manufacturer but that’s another story altogether. For people interested in the arms stuff, a wired article published 2 years back gives enough info. as to how America is good bad or Arms sale.

I know the whole thing gives a rather complex picture but that is the nature of things. The only thing I would say is we should be very careful in privatizing ISRO as the same issues are bound to happen sooner or later, the more private and non-transparent things become. We, the common citizens would never come to know if any sort of national or industrial espionage is happening and of course all profits would be of corporates while losses will be public as seen can be nowadays. Doesn’t leave a good taste in the mouth.

Vikram Lander

Now while the jury is still out as to what happened or might have happened and we hope that Vikram does connect within the 14 days there are lots of theories as to what could have gone wrong. While I’m no expert, I do find it hard to take the statement that probably ISRO saw an image of Chandrayaan 2 lander, at least not a single image has been released in the public. What ISRO has shared in its updates is that it located a lander which doesn’t tell much. While the Chandrayaan 2 orbitor started at 100 km. lunar orbit it probably would have some deviations to make sure that the orbiter itself doesn’t get into Moon’s gravity and crash-lands on the moon itself. The lens which probably would have been used would be to take panaromic shots and not telescopic in nature. As to what happened, we just don’t know as of yet. There are probably a dozen or two probabilities. One of the most simplest explanation to my mind could be some space rock could have crashed into the lander when it was landing. The dark side of the moon has more impacts than the one which we face so it’s entirely possible that the lander got hit by a space rock or lava. From what little I have been able to learn, the lander doesn’t seem to have any A.I. to manoeuver if such a scenario happens. Also any functioning A.I. would probably need more energy and for space missions energy, weight, electrical interference, contamination are all issues that Space Agencies have to deal with it. The other is of course, sensor failure, wrong calculation or a rough spot where it landed and broke the antennae. Till ISRO doesn’t share more details with us, we have only conjecture to help us.

Chandrayaan 2 Imaging

While we await news about the lander, would be curious to know about the images that Chandrayaan 2 is getting. Sadly, none of the images have made it to the public domain as of yet. Whether the images are in FITS or RAW format and whatever spectrum, (Chandrayaan 2 is going to image in a wide range of spectrum.) . Like Spirit and Opportunity did for NASA, I hope ISRO does show renderings of Moon as captured by the Orbitor, even though its lifeless so people, especially children get enthused about getting into Space Sciences .

Molly de Blanc: Free software activities (August 2019)

Sunday 15th of September 2019 02:34:38 PM

August was really marked by traveling too much. I took the end of the month off from non-work activities in order to focus on GUADEC and GUADEC-follow up.

Personal

  • The Debian Community Team (CT) had a meeting where we discussed some of our activities, including potential new team members!
  • CT team members went on VAC, so we took a bit of a break in the second half of the month.
  • The OSI standing committee and board had meetings.
  • I handled some paperwork in my capacity as president.
  • I had regular meetings with the OSI general manager.
  • I gave a keynote at FrOSCon on “Open source citizenship for everyone!” TL;DR: We have rights and responsibilities as people participating in free software and the open source ecosystem — “we” here includes corporate actors.
  • I bought a really sweet pair of GNOME socks. Do recommend.

Professional

  • The LAS sponsorship team met and handled the creation of some important paperwork, and discussed fundraising strategy for the event.
  • I attended the GNOME Advisory Board meeting, where I got to meet and speak with the Foundation Board and the Advisory Board about activities over the past year, plans for the future, and the needs of the communities of AdBoard members. It was really educational and a lot of fun.
  • I attended my first GUADEC! it was amazing. I wrote a trip report over on the GNOME Engagement Blog.
  • At GUADEC, I spent some time helping out with basic operations, including keeping time in sessions.
  • We, the staff and board, did a Q&A at the Annual General Meeting.
  • I drank a lot of coffee. Like, a lot.

Dirk Eddelbuettel: pinp 0.0.9: Real Fix and Polish

Sunday 15th of September 2019 01:46:00 PM

Another pinp package release! pinp allows for snazzier one or two column Markdown-based pdf vignettes, and is now used by a few packages. A screenshot of the package vignette can be seen below. Additional screenshots are at the pinp page.

This release comes exactly one week (i.e. the minimal time to not earn a NOTE) after the hot-fix release 0.0.8 which addressed breakage on CRAN tickled by changed in TeX Live. After updating the PNAS style LaTeX macros, and avoiding the issue with an (older) custom copy of titlesec, we now have the real fix, thanks to the eagle-eyed attention of Javier Bezos. The error, as so often, was simple and ours: we had left a stray \makeatother in pinp.cls where it may have been in hiding for a while. A very big Thank You! to Javier for spotting it, to Norbert for all his help and to James for double-checking on PNAS.

The good news in all of this is that the package is now in better shape than ever. The newer PNAS style works really well, and I went over a few of our extensions (such as papersize support for a4 as well as letter), direct on/off off a Draft watermark, a custom subtitle and more—and they all work consistently. So happy vignette or paper writing!

The NEWS entry for this release follows.

Changes in pinp version 0.0.9 (2019-09-15)
  • The processing error first addressed in release 0.0.8 is now fixed by removing one stray command; many thanks to Javier Bezos.

  • The hotfix of also installing titlesec.sty has been reverted.

  • Processing of the 'papersize' and 'watermark' options was updated.

Courtesy of CRANberries, there is a comparison to the previous release. More information is on the tint page. For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Didier Raboud: miniDebConf19 Vaumarcus – Oct 25-27 2019 – Call for Presentations

Sunday 15th of September 2019 12:06:35 PM
Talks wanted We’re opening the Call for Presentations for the miniDebConf19 Vaumarcus now, until October 20, so please contribute to the MiniDebConf by proposing a talk, workshop, birds of feather (BoF) session, etc, directly on the Debian wiki: /Vaumarcus/TalkSubmissions We are aiming for talks which are somehow related to Debian or Free Software in general, see the wiki for subject suggestions. We expect submissions and talks to be held in English, as this is the working language in Debian and at this event. Registration is also still open; through the Debian wiki: Vaumarcus/Registration. Debian Sprints are welcome The place is ideal for a 2 days’ sprint; so we encourage teams to assemble and gather in Vaumarcus! More sponsors and more hands wanted We’re looking for more sponsors willing to help making this event possible; to help making it easier for anyone interested to attend. Things are on a good track, but we need more help. Specifically, Attendee support would benefit from more hands. Get in touch We gather on the #debian.ch channel on irc.debian.org and on the debian-switzerland@lists.debian.org list. For more private matters, talk to minidebconf19@debian.ch! Thank you already! Sponsors Supporters See ya! We’re looking forward to seeing a lot of you in Vaumarcus! (This was also sent to debian-devel-announce@l.d.o, amongst other lists)

Matthew Garrett: It's time to talk about post-RMS Free Software

Saturday 14th of September 2019 11:57:34 AM
Richard Stallman has once again managed to demonstrate incredible insensitivity[1]. There's an argument that in a pure technical universe this is irrelevant and we should instead only consider what he does in free software[2], but free software isn't a purely technical topic - the GNU Manifesto is nakedly political, and while free software may result in better technical outcomes it is fundamentally focused on individual freedom and will compromise on technical excellence if otherwise the result would be any compromise on those freedoms. And in a political movement, there is no way that we can ignore the behaviour and beliefs of that movement's leader. Stallman is driving away our natural allies. It's inappropriate for him to continue as the figurehead for free software.

But I'm not calling for Stallman to be replaced. If the history of social movements has taught us anything, it's that tying a movement to a single individual is a recipe for disaster. The FSF needs a president, but there's no need for that person to be a leader - instead, we need to foster an environment where any member of the community can feel empowered to speak up about the importance of free software. A decentralised movement about returning freedoms to individuals can't also be about elevating a single individual to near-magical status. Heroes will always end up letting us down. We fix that by removing the need for heroes in the first place, not attempting to find increasingly perfect heroes.

Stallman was never going to save us. We need to take responsibility for saving ourselves. Let's talk about how we do that.

[1] There will doubtless be people who will leap to his defense with the assertion that he's neurodivergent and all of these cases are consequences of that.

(A) I am unaware of a formal diagnosis of that, and I am unqualified to make one myself. I suspect that basically everyone making that argument is similarly unqualified.
(B) I've spent a lot of time working with him to help him understand why various positions he holds are harmful. I've reached the conclusion that it's not that he's unable to understand, he's just unwilling to change his mind.

[2] This argument is, obviously, bullshit

comments

More in Tux Machines

Some nice widgets for your Plasma desktop

Plasma is an extremely extensible, flexible desktop environment, and it lets you customize and change anything and everything to the tiniest detail. You can go about mimicking other desktops and systems as you please, limited only by your imagination and patience. If you want a Mac-like look or a Unity look, you can. So I thought, I should revisit my old Plasma widgets article and explore some fresh applets out there, to see what else you can do here. Indeed, there are lots of hidden goodies lurking beneath the surface, and if you're curious, you will discover fresh tools and features that can make the Plasma desktop experience even more enjoyable. Read more

Security Leftovers

  • Security updates for Wednesday

    Security updates have been issued by Debian (apache2 and unbound), Fedora (opendmarc, runc, and sudo), openSUSE (epiphany, GraphicsMagick, and libopenmpt), Oracle (kernel and sudo), Red Hat (java-1.8.0-openjdk, jss, kernel, kernel-rt, and kpatch-patch), SUSE (crowbar-core, crowbar-openstack, grafana, novnc, openstack-keystone, openstack-neutron, openstack-neutron-lbaas, openstack-nova, openstack-tempest, python-pysaml2, python-urllib3, rubygem-chef, rubygem-easy_diff, sleshammer, libpcap, sudo, and tcpdump), and Ubuntu (aspell and libsdl1.2).

  • Cybersecurity Awareness Month: Increasing our self-awareness so we can improve security

    October has been National Cybersecurity Awareness Month since 2004. According to staysafeonline.org, this initiative was started by the National Cybersecurity Alliance and the US Department of Homeland Security to help all Americans stay safe and secure when online. This month is usually marked with a significant uptick in cybersecurity outreach and training. It’s also the one month of the year when you can get a significant amount of cybersecurity swag such as webcam covers, mugs, and pens. This event has an outward focus to raise awareness of security globally, Many other events have come into existence along with this. For example, there are numerous electronics recycling events that now occur in October where people can securely dispose of their old computers. Some municipalities have extended this to include safe disposal of old prescription medications, paints, and other hazardous materials. Recent events in the greater technology community, specifically the resignation of Richard Stallman from both MIT and the Free Software Foundation, have become character foils that show us that while we have come a long way, we still have a long way ahead of us to improve.

  • Michael Tremer/IPFire: On quadrupling throughput of our Quality of Service

    There have been improvements to our Quality of Service (or QoS) which have made me very excited. Our QoS sometimes was a bottleneck. Enabling it could cut your bandwidth in half if you were unlucky. That normally was not a problem for larger users of IPFire, because if you are running a 1 Gigabit/s connection, you would not need any QoS in the first place, or your hardware was fast enough to handle the extra load. For the smaller users this was, however, becoming more and more of a problem. Smaller systems like the IPFire Mini Appliance are designed to be small (the clue is in the name) and to be very energy-efficient. And they are. They are popular with users with a standard DSL connection of up to 100 Megabit/s which is very common in Germany. You have nothing to worry about here. But if you are lucky to have a faster Internet connection, then this hardware and others that we have sold before might be running out of steam. There is only so much you can get out of them.

  • The City Of Baltimore Blew Off A $76,000 Ransomware Demand Only To Find Out A Bunch Of Its Data Had Never Been Backed Up [Ed: Windows]

    The City of Baltimore was hit with a ransomware attack in May of this year. Criminals using remodeled and rebranded NSA exploits (EternalBlue) knocked out a "majority" of the city's servers and crippled many of its applications. More details didn't surface until September when the city's government began reshuffling the budget to cover the expenses of recovering from the attack.

Games: AI War 2, Dominus Galaxia, Sipho, Lonely Mountains: Downhill and More

  • AI War 2, the massive RTS game confirmed for launch on October 22

    Arcen Games have now fully confirmed that October 22 is the final launch date for AI War 2 to leave Early Access. This is the sequel to the critically acclaimed AI War: Fleet Command released back in 2009, which eventually came to Linux too later in 2014. The release of AI War 2 is going to mark 10 years since the original! Funded on Kickstarter back in 2016 with the help of around 2,545 backers. AI War 2 is a grand strategy RTS hybrid against an overwhelming, inhuman enemy who has conquered the galaxy. The enemy has made only a single error: underestimating you. You must steal as much technology as you can, take enough territory to fortify your bases and launch your last stand.

  • Dominus Galaxia, a 4x strategy game heavily inspired by Master of Orion 1 has a Linux demo up

    Their aim with Dominus Galaxia is to be an upgraded spiritual successor to the original Master of Orion, they said to think of it like if Master of Orion 2 was a proper sequel and not a "a radical re-imagining". It's currently crowdfunding on Kickstarter which has 10 days to go with nearly 50% of the funding needed, with a bit of a stretch it may be able to make it. Just recently, they put up a full demo of the game with Linux support on itch.io.

  • Creature building action and survival game 'Sipho' adds some fun new zooids for your monstrosity

    Swim, kill, adapt and hopefully survive. That's the aim of the game in Sipho and the recent update adds in some new pieces for you to unlock to build your horrific sea creature with. It's such a strange game, blending together furious action with a creature builder where you unlock different parts and species. Based on real science, inspired by the Siphonophorae with your creature being built with zooids, an animal that forms part of a colony that all move together.

  • No Linux version of Lonely Mountains: Downhill yet due to IL2CPP in Unity

    Megagon Industries have now confirmed the status of Lonely Mountains: Downhill for Linux and currently it's not good news. This is a game that was funded on Kickstarter, that had Linux as a platform for release. If this sounds familiar, it's because we wrote about this game recently where the developer seemed a bit confused on the Linux version and they weren't clear on what they were doing.

  • Project RIP, a new FPS released recently with Linux support and it looks action-packed

    Fight off waves of demons in Project RIP from developer Storming Tech, a new Unreal Engine first-person shooter that has Linux support. This is the same developer who also made Escape Legacy: Ancient Scrolls, an escape room puzzle game which also seemed quite good.

  • The Northgard free Conquest expansion is launching October 22

    The huge free Conquest expansion for the strategy game Northgard is now confirmed to be releasing on October 22. As announced before this free update is going to include a new standalone game mode, which can be played solo or in co-op. Offering up a series of missions, offering a what they claim is "100+" hours of extra possible play time. The missions don't seem to be linked, offering up something new each time with specific victory conditions and rule sets.

  • The impressively smooth roguelike Jupiter Hell has a big AI upgrade and a first sale

    ChaosForge continue advancing their turn-based shooter roguelike shooter Jupiter Hell, with another big update now available. A big focus has been on the AI to actually make it a bit smarter. Humanoid enemies will now attempt to take cover and not always run in a straight line at you, which can make it a little more difficult for sure. Most enemies will also react to noise you and other NPCs make. The demon-like enemies will now track you by smell, so you can't hide from them. You might find the need to retreat more often, to find a better position.

Red Hat and Fedora: syslog-ng, Ansible, Libinput and Fedora Community

  • syslog-ng in two words at One Identity UNITE: reduce and simplify

    UNITE is the partner and user conference of One Identity, the company behind syslog-ng. This time the conference took place in Phoenix, Arizona where I talked to a number of American business customers and partners about syslog-ng. They were really enthusiastic about syslog-ng and emphasized two major reasons why they use syslog-ng or plan to introduce it to their infrastructure: syslog-ng allows them to reduce the log data volume and greatly simplify their infrastructure by introducing a separate log management layer. [...] When you collect log messages to a central location using syslog-ng, you can archive all of the messages there. If you add a new log analysis application to your infrastructure, you can just point syslog-ng at it and forward the necessary subset of log data there. Life at both security and operations in your environment becomes easier, as there is only a single software to check for security problems and distribute on your systems instead of many.

  • Ansible vs Terraform vs Juju: Fight or cooperation?

    Ansible vs Terraform vs Juju vs Chef vs SaltStack vs Puppet vs CloudFormation – there are so many tools available out there. What are these tools? Do I need all of them? Are they fighting with each other or cooperating? The answer is not really straightforward. It usually depends on your needs and the particular use case. While some of these tools (Ansible, Chef, StaltStack, Puppet) are pure configuration management solutions, the others (Juju, Terraform, CloudFormation) focus more on services orchestration. For the purpose of this blog, we’re going to focus on Ansible vs Terraform vs Juju comparison – the three major players which have dominated the market. [...] Contrary to both Ansible and Terraform, Juju is an application modelling tool, developed and maintained by Canonical. You can use it to model and automate deployments of even very complex environments consisting of various interconnected applications. Examples of such environments include OpenStack, Kubernetes or Ceph clusters. Apart from the initial deployment, you can also use Juju to orchestrate deployed services too. Thanks to Juju you can backup, upgrade or scale-out your applications as easily as executing a single command. Like Terraform, Juju uses a declarative approach, but it brings it beyond the providers up to the applications layer. You can not only declare a number of machines to be deployed or number of application units, but also configuration options for deployed applications, relations between them, etc. Juju takes care of the rest of the job. This allows you to focus on shaping your application instead of struggling with the exact routines and recipes for deploying them. Forget the “How?” and focus on the “What?”.

  • libinput's bus factor is 1

    Let's arbitrarily pick the 1.9.0 release (roughly 2 years ago) and look at the numbers: of the ~1200 commits since 1.9.0, just under 990 were done by me. In those 2 years we had 76 contributors in total, but only 24 of which have more than one commit and only 6 contributors have more than 5 commits. The numbers don't really change much even if we go all the way back to 1.0.0 in 2015. These numbers do not include the non-development work: release maintenance for new releases and point releases, reviewing CI failures [1], writing documentation (including the stuff on this blog), testing and bug triage. Right now, this is effectively all done by one person. This is... less than ideal. At this point libinput is more-or-less the only input stack we have [2] and all major distributions rely on it. It drives mice, touchpads, tablets, keyboards, touchscreens, trackballs, etc. so basically everything except joysticks.

  • Contribute to Fedora Magazine

    Do you love Linux and open source? Do you have ideas to share, enjoy writing, or want to help run a blog with over 60k visits every week? Then you’re at the right place! Fedora Magazine is looking for contributors. This article walks you through various options of contributing and guides you through the process of becoming a contributor.

  • Fabiano Fidêncio: Libosinfo (Part I)

    Libosinfo is the operating system information database. As a project, it consists of three different parts, with the goal to provide a single place containing all the required information about an operating system in order to provision and manage it in a virtualized environment.

  • Τι κάνεις FOSSCOMM 2019

    When the students visited our Fedora booth, they were excited to take some Fedora gifts, especially the tattoo sticker. I was asking how many of them used Fedora, and most of them were using Ubuntu, Linux Mint, Kali Linux and Elementary OS. It was an opportunity to share the Fedora 30 edition and give the beginner’s guide that the Fedora community wrote in a little book. Most of them enjoyed taking photos with the Linux frame I did in Edinburgh... [...] I was planning to teach the use of the GTK library with C, Python, and Vala. However, because of the time and the preference of the attendees, we only worked with C. The workshop was supported by Alex Angelo who also traduced some of my expressions in Greek. I was flexible in using different Operating Systems such as Linux Mint, Ubuntu, Kubuntu among other distros. There were only two users that used Fedora. Almost half of the audience did not bring a laptop, and then I grouped in groups to work together. I enjoyed to see young students eager to learn, they took their own notes, and asked questions. You might see the video of the workshop that was recorded by the organizers.

  • Extending the Minimization objective

    Earlier this summer, the Fedora Council approved the first phase of the Minimization objective. Minimization looks at package dependencies and tries to minimize the footprint for a variety of use cases. The first phase resulted in the development of a feedback pipeline, a better understanding of the problem space, and some initial ideas for policy improvements.