Ben Hutchings: FOSS activity in March 2024
https://www.decadent.org.uk/ben/blog/2024/04/01/foss-activity-in-march-2024.html
April 1, 2024, 2:51 PM
I updated the Linux (4.19) package for buster to upstream version
4.19.311, but I did not make an upload this month.
I triaged recent CVE IDs assigned for kernel security issues, and
queried
some
duplicate
and
trivial
issues, which have now been rejected.
I reviewed and applied a fix for klibc’s inet_pton()
function. I
then
added some test cases for it,
and
made
further
fixes....
--------------------
Colin Watson: Free software activity in March 2024
https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-03.html
April 1, 2024, 1:10 PM
My Debian contributions this month were all
sponsored by Freexian.
Python team:
I updated
zope.testrunner to 6.4.
I fixed a build failure in
celery-haystack-ng, which included an
upstream change to stop using
d2to1.
I backported an upstream change to fix a build failure in
python-json-log-formatter.
I updated python-typing-extensions to 4.10.0 to fix a build
failure.
I updated wcwidth to 0.2.13 to fix a build
failure, which included rewriting
the Debian patches to update-table...
--------------------
Simon Josefsson: Towards reproducible minimal source code tarballs? On *-src.tar.gz
https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/
April 1, 2024, 10:28 AM
While the work to analyze the xz backdoor is in progress, several ideas have been suggested to improve the entire software supply chain ecosystem. Some of those ideas are good, some of the ideas are at best irrelevant and harmless, and some suggestions are plain bad. I’d like to attempt to formalize one idea (remains to be see in which category it belongs), which have been discussed before, but the context in which the idea can be appreciated have not been as clear as it is today.
Reprod...
--------------------
Arturo Borrero González: Kubecon and CloudNativeCon 2024 Europe summary
https://ral-arturo.org/2024/04/01/kubecon.html
April 1, 2024, 9:00 AM
This blog post shares my thoughts on attending Kubecon and CloudNativeCon 2024 Europe in Paris. It was my third time at
this conference, and it felt bigger than last year’s in Amsterdam. Apparently it had an impact on public transport. I
missed part of the opening keynote because of the extremely busy rush hour tram in Paris.
On Artificial Intelligence, Machine Learning and GPUs
Talks about AI, ML, and GPUs were everywhere this year. While it wasn’t my main interest, I did learn about GP...
--------------------
Junichi Uekawa: Learning about xz and what is happening is fascinating.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-1.html.en#2024-Apr-1-07:02:00
March 31, 2024, 10:02 PM
Learning about xz and what is happening is fascinating. The scope of potential exploit is very large. The Open source software space is filled with many unmaintained and unreviewed software.
--------------------
Russell Coker: Links March 2024
https://etbe.coker.com.au/2024/03/31/links-march-2024/
March 31, 2024, 12:51 PM
Bruce Schneier wrote an interesting blog post about his workshop on reimagining democracy and the unusual way he structured it [1]. It would be fun to have a security conference run like that!
Matthias write an informative blog post about Wayland “Wayland really breaks things… Just for now” which links to a blog debate about the utility of Wayland [2]. Wayland seems pretty good to me.
Cory Doctorow wrote an insightful article about the AI bubble comparing it to previous bubbles [3].
Charle...
--------------------
Steinar H. Gunderson: xz backdooring
http://blog.sesse.net/blog/tech/2024-03-30-11-39_xz_backdooring.html
March 30, 2024, 10:39 AM
Andres Freund found that xz-utils is backdoored,
but could not (despite the otherwise excellent analysis) get quite to the bottom of what the payload actually does.
What you would hope for to be posted by others: Further analysis of the payload.
What actually gets posted by others: “systemd is bad.”
Update: Good preliminary analysis....
--------------------
Raphaël Hertzog: Freexian is looking to expand its team with more Debian contributors
https://raphaelhertzog.com/2024/03/29/freexian-is-looking-to-expand-its-team-with-more-debian-contributors/
March 29, 2024, 3:13 PM
It’s been a while that I haven’t posted anything on my blog, the truth is that Freexian has been doing very well in the last years and that I have a hard time to allocate time to write articles or even to contribute to my usual Debian projects… the exception being debusine since that’s part of the Freexian work (have a look at our most recent announce!).
That being said, given Freexian’s growth and in the hope to reduce my workload, we are looking to extend our team with Debian m...
--------------------
Ravi Dwivedi: A visit to the Taj Mahal
https://ravidwivedi.in/posts/taj-mahal/
March 29, 2024, 10:13 AM
Note: The currency used in this post is Indian Rupees, which was around 83 INR for 1 US Dollar as that time.
I and my friend Badri visited the Taj Mahal this month. Taj Mahal is one of the main tourist destinations in India and does not need an introduction, I guess. It is in Agra, in the state of Uttar Pradesh, 188 km from Delhi by train. So, I am writing a post documenting useful information for people who are planning to visit Taj Mahal. Feel free to ask me questions about visiting the Taj Ma...
--------------------
Patryk Cisek: Sanoid on TrueNAS
https://prezu.ca/post/sanoid_on_truenas/
March 29, 2024, 1:18 AM
syncoid to TrueNAS In my homelab, I have 2 NAS systems:
Linux (Debian) TrueNAS Core (based on FreeBSD) On my Linux box, I use Jim Salter’s sanoid to periodically take snapshots of my ZFS pool. I also want to have a proper backup of the whole pool, so I use syncoid to transfer those snapshots to another machine. Sanoid itself is responsible only for taking new snapshots and pruning old ones you no longer care about....
--------------------
Reproducible Builds (diffoscope): diffoscope 262 released
https://diffoscope.org/news/diffoscope-262-released/
March 29, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 262. This version includes the following changes:
[ Chris Lamb ]
* Factor out Python version checking in test_zip.py. (Re: #362)
* Also skip some zip tests under 3.10.14 as well; a potential regression may
have been backported to the 3.10.x series. The underlying cause is still to
be investigated. (Re: #362)
You find out more by visiting the project homepage....
--------------------
Joey Hess: the vulture in the coal mine
http://joeyh.name/blog/entry/the_vulture_in_the_coal_mine/
March 28, 2024, 10:37 PM
Turns out that VPS provider Vultr's
terms of service
were quietly changed some time ago to give them a "perpetual, irrevocable"
license to use content hosted there in any way, including modifying it and
commercializing it "for purposes of providing the Services to you."
This is very similar to changes that
Github made to their TOS in 2017.
Since then, Github has been
rebranded as "The world’s leading AI-powered developer platform".
The language in their TOS now clearly lets them use content s...
--------------------
Scarlett Gately Moore: Kubuntu, KDE Report. In Loving Memory of my Son.
https://www.scarlettgatelymoore.dev/kubuntu-kde-report-in-loving-memory-of-my-son/
March 28, 2024, 5:54 PM
Personal:
As many of you know, I lost my beloved son March 9th. This has hit me really hard, but I am staying strong and holding on to all the wonderful memories I have. He grew up to be an amazing man, devoted christian and wonderful father. He was loved by everyone who knew him and will be truly missed by us all. I have had folks ask me how they can help. He left behind his 7 year old son Mason. Mason was Billy’s world and I would like to make sure Mason is taken care of. I have set up a ...
--------------------
Steinar H. Gunderson: git grudge
http://blog.sesse.net/blog/tech/2024-03-27-18-56_git_grudge.html
March 27, 2024, 5:56 PM
Small teaser:
Probably won't show up in aggregators (try this link instead).
--------------------
Emmanuel Kasper: Adding a private / custom Certificate Authority to the firefox trust store
https://00formicapunk00.wordpress.com/2024/03/26/adding-a-private-custom-certificate-authority-to-the-firefox-trust-store/
March 26, 2024, 6:43 PM
Today at $WORK I needed to add the private company Certificate Authority (CA) to Firefox, and I found the steps were unnecessarily complex.
Time to blog about that, and I also made a Debian wiki article of that post, so that future generations can update the information, when Firefox 742 is released on Debian 17.
The cacert certificate authority is not included in Debian and Firefox, and is thus a good example of adding a private CA.
Note that this does not mean I specifically endorse that CA.
...
--------------------
Jonathan Dowland: a bug a day
https://jmtd.net/log/a_bug_a_day/
March 25, 2024, 4:58 PM
I recently became a maintainer of/committer to IkiWiki,
the software that powers my site. I also took over maintenance of the Debian
package. Last week I cut a new upstream point release, 3.20200202.4, and a
corresponding Debian package upload, consisting only of a handful of
low-hanging-fruit patches from other people, largely to exercise both
processes.
I've been discussing IkiWiki's maintenance situation with some other users for
a couple of years now. I've also weighed up the pros and cons ...
--------------------
Valhalla's Things: Piecepack and postcard boxes
https://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/index.html
March 25, 2024, 12:00 AM
Posted on March 25, 2024


Tags: madeof:bits, craft:cartonnage




This article has been originally posted on November 4, 2023, and has
been updated (at the bottom) since.
Thanks to All Saints’ Day, I’ve just had a 5 days weekend. One of those
days I woke up and decided I absolutely needed a cartonnage box for the
cardboard and linocut piecepack I’ve been working on for quite some
time.
I started drawing a plan with measures before breakfas...
--------------------
Anuradha Weeraman: Testing again
https://weeraman.com/testing-again/
March 24, 2024, 3:29 PM
123
--------------------
Anuradha Weeraman: This is a test
https://weeraman.com/this-is-a-test/
March 24, 2024, 3:26 PM
Testing 1 2 3
--------------------
Niels Thykier: debputy v0.1.21
https://people.debian.org/~nthykier/blog/2024/debputy-v0-1-21.html
March 24, 2024, 2:30 PM
Earlier today, I have just released debputy version 0.1.21
to Debian unstable. In the blog post, I will highlight some
of the new features.
Package boilerplate reduction with automatic relationship substvar
Last month, I started a discussion on rethinking how we do
relationship substvars such as the ${misc:Depends}. These
generally ends up being boilerplate runes in the form of
Depends: ${misc:Depends}, ${shlibs:Depends} where you
as the packager has to remember exactly which runes apply
to you...
--------------------
Marco d'Itri: CISPE's call for new regulations on VMware
https://blog.bofh.it/debian/id_469
March 24, 2024, 12:52 PM
A few days ago CISPE, a trade association of European cloud providers, published a press release complaining about the new VMware licensing scheme and asking for regulators and legislators to intervene.
But VMware does not have a monopoly on virtualization software: I think that asking regulators to interfere is unnecessary and unwise, unless, of course, they wish to question the entire foundations of copyright. Which, on the other hand, could be an intriguing position that I would support...
...
--------------------
Jacob Adams: Regular Reboots
https://tookmund.com/2024/03/regular-reboot
March 24, 2024, 12:00 AM
Uptime is often considered a measure of system reliability,
an indication that the running software is stable and can be counted on.
However, this hides the insidious build-up of state throughout the system as
it runs, the slow drift from the expected to the strange.
As Nolan Lawson highlights in an excellent post entitled
Programmers are bad at managing state,
state is the most challenging part of programming.
It’s why “did you try turning it off and on again” is a classic tech support
...
--------------------
Dirk Eddelbuettel: littler 0.3.20 on CRAN: Moar Features!
http://dirk.eddelbuettel.com/blog/2024/03/23#littler-0.3.20
March 23, 2024, 10:06 PM
The twentyfirst release of littler as a
CRAN package
landed on CRAN just now, following in the now eighteen year history (!!)
as a package started by Jeff in 2006, and joined
by me a few weeks later.
littler
is the first command-line interface for R as it predates
Rscript. It allows for piping as well for shebang
scripting via #!, uses command-line arguments more
consistently and still starts
faster. It also always loaded the methods package which
Rscript only began to do in recent years.
little...
--------------------
Bits from Debian: New Debian Developers and Maintainers (January and February 2024)
https://bits.debian.org/2024/03/new-developers-2024-02.html
March 23, 2024, 3:00 PM
The following contributors got their Debian Developer accounts in the last two months:
Carles Pina i Estany (cpina)
Dave Hibberd (hibby)
Soren Stoutner (soren)
Daniel Gröber (dxld)
Jeremy Sowden (azazel)
Ricardo Ribalda Delgado (ribalda)
The following contributors were added as Debian Maintainers in the last two months:
Joachim Bauch
Ananthu C V
Francesco Ballarin
Yogeswaran Umasankar
Kienan Stewart
Congratulations!...
--------------------
Kentaro Hayashi: How about allocating more buildd resource for armel and armhf?
https://kenhys.hatenablog.jp/entry/2024/03/23/211515
March 23, 2024, 12:15 PM
This article is cross-posting from grow-your-ideas. This is just an idea.
salsa.debian.org
The problem
According to Developer Machines [1],
current buildd machines are like this:
armel: 4 buildd (4 for arm64/armhf/armel)
armhf: 7 buildd (4 for arm64/armhf/armel and 3 for armhf only)
[1] https://db.debian.org/machines.cgi
In contrast to other buildd architectures, these instances are quite a few and it seems that
it causes a shortage of buildd resourses. (e.g. during mass transition, giv...
--------------------
Erich Schubert: Do not get Amazon Kids+ or a Fire HD Kids
https://www.vitavonni.de/blog/202403/20240323amazon-kids-has-no-whitelist.html
March 23, 2024, 10:15 AM
The Amazon Kids “parental controls” are extremely insufficient, and I strongly advise against getting any of the Amazon Kids series.
The initial permise (and some older reviews) look okay: you can set some time limits, and you can disable anything that requires buying.
With the hardware you get one year of the “Amazon Kids+” subscription, which includes a lot of interesting content such as books and audio,
but also some apps. This seemed attractive: some learning apps, some decent games...
--------------------
Valhalla's Things: Forgotten Yeast Bread - Sourdough Edition
https://blog.trueelena.org/blog/2024/03/23-forgotten_yeast_bread_sourdough_edition/index.html
March 23, 2024, 12:00 AM
Posted on March 23, 2024


Tags: madeof:atoms, craft:cooking, craft:baking, craft:bread



Yesterday I had planned a pan sbagliato for today, but I also had
quite a bit of sourdough to deal with, so instead of mixing a bit of of
dry yeast at 18:00 and mixing it with some additional flour and water at
21:00, at around maybe 20:00 I substituted:
100 g firm sourdough;
33 g flour;
66 g water.
Then I briefly woke up in the middle of the night and pour...
--------------------
Reproducible Builds (diffoscope): diffoscope 261 released
https://diffoscope.org/news/diffoscope-261-released/
March 22, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 261. This version includes the following changes:
[ Chris Lamb ]
* Don't crash if we encounter an .rdb file without an equivalent .rdx file.
(Closes: #1066991)
* In addition, don't identify Redis database dumps (etc.) as GNU R database
files based simply on their filename. (Re: #1066991)
* Update copyright years.
You find out more by visiting the project homepage....
--------------------
Ian Jackson: How to use Rust on Debian (and Ubuntu, etc.)
https://diziet.dreamwidth.org/18122.html
March 21, 2024, 9:47 PM
tl;dr: Don’t just apt install rustc cargo. Either do that and make sure to use only Rust libraries from your distro (with the tiresome config runes below); or, just use rustup.
Don’t do the obvious thing; it’s never what you wantQ. Download and run whatever code from the internet?
Option 1: WTF, no I don’t want curl|bash
Option 2: Biting the curl|bash bulletPrivilege separation
OMG what a mess
Don’t do the obvious thing; it’s never what you want
Debian ships a Rust compiler, a...
--------------------
Ravi Dwivedi: Thailand Trip
https://ravidwivedi.in/posts/thailand-trip/
March 21, 2024, 8:45 PM
This post is the second and final part of my Malaysia-Thailand trip. Feel free to check out the Malaysia part here if you haven’t already. Kuala Lumpur to Bangkok is around 1500 km by road, and so I took a Malaysian Airlines flight to travel to Bangkok. The flight staff at the Kuala Lumpur only asked me for a return/onward flight and Thailand immigration asked a few questions but did not check any documents (obviously they checked and stamped my passport ;)). The currency of Thailand is the Th...
--------------------
Dirk Eddelbuettel: ciw 0.0.2 on CRAN: Updates
http://dirk.eddelbuettel.com/blog/2024/03/20#ciw_0.0.2
March 20, 2024, 1:18 PM
A first revision of the still only one-week old (at CRAN) package ciw has been
released to CRAN! It provides
is a single (efficient) function incoming() (now along with
an alias ciw()) which summarises the state of the incoming
directories at CRAN. I happen
to like having these things at my (shell) fingertips, so it goes along
with (still draft) wrapper
ciw.r that will be part of the next littler release.
For example, when I do this right now as I type this, I see
(typically less than one second...
--------------------
Jonathan Dowland: aerc email client
https://jmtd.net/log/aerc/
March 20, 2024, 10:38 AM
I started looking at aerc, a new Terminal mail client, in
around 2019. At that time it was promising, but ultimately not ready yet for me, so
I put it away and went back to neomutt which I have been
using (in one form or another)   all century.
These days, I use neomutt as an IMAP client which is perhaps what it's worst
at: prior to that, and in common with most users (I think), I used it to read
local mail, either fetched via offlineimap or
directly on my mail server. I switched to using it a...
--------------------
Iustin Pop: Corydalis 2024.12.0 released
https://k1024.org/posts/2024/2024-03-20-corydalis-v2024.12/
March 20, 2024, 12:20 AM
I’ve been working for the past few weeks on Corydalis, and was in no
hurry to make a release, but last evening I found the explanation for
a really, really, really annoying issue: unintended “zooming” on touch
interfaces in the image viewer. Or more precisely, I found this post
from 2015 (9 years ago!):
https://webkit.org/blog/5610/more-responsive-tapping-on-ios/ and I
finally understood things. And decided this was the best choice for
cutting a new release.
Of course, the release contains...
--------------------
Colin Watson: apt install everything?
https://www.chiark.greenend.org.uk/~cjwatson/blog/ubuntu-install-everything.html
March 19, 2024, 7:05 AM
On Mastodon, the
question came up of
how Ubuntu would deal with something like the npm install
everything situation. I replied:
Ubuntu is curated, so it probably wouldn’t get this far. If it did, then
the worst case is that it would get in the way of CI allowing other
packages to be removed (again from a curated system, so people are used to
removal not being self-service); but the release team would have no
hesitation in removing a package like this to fix that, and it certainly
wouldn’...
--------------------
Joey Hess: policy on adding AI generated content to my software projects
http://joeyh.name/blog/entry/policy_on_adding_AI_generated_content_to_my_software_projects/
March 18, 2024, 8:54 PM
I am eager to incorporate your AI generated code into my software.
Really!
I want to facilitate making the process as easy as possible. You're already
using an AI to do most of the hard lifting, so why make the last step hard? To
that end, I skip my usually extensive code review process for your AI generated
code submissions. Anything goes as long as it compiles!
Please do remember to include "(AI generated)" in the description of your
changes (at the top), so I know to skip my usual review pr...
--------------------
Simon Josefsson: Apt archive mirrors in Git-LFS
https://blog.josefsson.org/2024/03/18/apt-archive-mirrors-in-git-lfs/
March 18, 2024, 4:15 PM
My effort to improve transparency and confidence of public apt archives continues. I started to work on this in “Apt Archive Transparency” in which I mention the debdistget project in passing. Debdistget is responsible for mirroring index files for some public apt archives. I’ve realized that having a publicly auditable and preserved mirror of the apt repositories is central to being able to do apt transparency work, so the debdistget project has become more central to my project than I th...
--------------------
Christoph Berg: vcswatch and git --filter
https://www.df7cb.de/blog/2024/vcswatch-git-filter.html
March 18, 2024, 12:45 PM
Debian is running a "vcswatch"
service that keeps track of the status of all packaging repositories that have a
Vcs-Git
(and other VCSes) header set and shows which repos might need a package upload to push pending changes out.
Naturally, this is a lot of data and the scratch partition on qa.debian.org
had to be expanded several times, up to 300 GB in the last iteration.
Attempts to reduce that size using shallow clones (git clone --depth=50)
did not result more than a few percent of space save...
--------------------
Gunnar Wolf: After miniDebConf Santa Fe
https://gwolf.org/2024/03/after-minidebconf-santa-fe.html
March 18, 2024, 4:00 AM
Last week we held our promised miniDebConf in Santa Fe City, Santa Fe province,
Argentina — just across the river from Paraná, where I have spent almost six
beautiful months I will never forget.

Around 500 Kilometers North from Buenos Aires, Santa Fe and Paraná are separated
by the beautiful and majestic Paraná river, which flows from Brazil, marks the
Eastern border of Paraguay, and continues within Argentina as the heart of the
litoral region of the country, until it merges with th...
--------------------
Thomas Koch: Minimal overhead VMs with Nix and MicroVM
https://blog.koch.ro/posts/2024-03-17-minimal-vms-nix-microvm.html
March 17, 2024, 10:13 AM
Posted on March 17, 2024


Tags: debian, free software, nix

Joachim Breitner wrote about a Convenient sandboxed development environment and thus reminded me to blog about MicroVM. I’ve toyed around with it a little but not yet seriously used it as I’m currently not coding.
MicroVM is a nix based project to configure and run minimal VMs. It can mount and thus reuse the hosts nix store inside the VM and thus has a very small disk footprint. I use MicroVM on a debian system...
--------------------
Thomas Koch: Rebuild search with trust
https://blog.koch.ro/posts/2024-01-20-rebuild-search-with-trust.html
March 17, 2024, 10:13 AM
Posted on January 20, 2024


Tags: debian, free software, life, search, decentralization

Finally there is a thing people can agree on:
2023-08-28, OSNews: The end of the Googleverse
2023-07-28, Cory Doctorow: Microincentives and Enshittification
2023-10-03, Cory Doctorow: Google’s enshittification memos
2024-01-15, Tim Bray: Mourning Google
Apparently, Google Search is not good anymore. And I’m not the only one thinking about decentralization to fix it:
Honey I federat...
--------------------
Thomas Koch: Using nix package manager in Debian
https://blog.koch.ro/posts/2024-01-16-using-nix-package-manager-in-debian.html
March 17, 2024, 10:13 AM
Posted on January 16, 2024


Tags: debian, free software, nix, life

The nix package manager is available in Debian since May 2020. Why would one use it in Debian?
learn about nix
install software that might not be available in Debian
install software without root access
declare software necessary for a user’s environment inside $HOME/.config
Especially the last point nagged me every time I set up a new Debian installation. My emacs configuration and my Desktop setup expe...
--------------------
Thomas Koch: Chromium gtk-filechooser preview size
https://blog.koch.ro/posts/2024-01-09-chromium-gtk-filechooser-preview-size.html
March 17, 2024, 10:13 AM
Posted on January 9, 2024


Tags: debian, free software, life

I wanted to report this issue in chromiums issue tracker, but it gave me:
“Something went wrong, please try again later.”
Ok, then at least let me reply to this askubuntu question. But my attempt to signup with my launchpad account gave me:
“Launchpad Login Failed. Please try logging in again.”
I refrain from commenting on this to not violate some code of conduct.
So this is what I wanted to write:
G...
--------------------
Thomas Koch: Good things come ... state folder
https://blog.koch.ro/posts/2024-01-02-good-things-state-folder.html
March 17, 2024, 10:13 AM
Posted on January 2, 2024


Tags: debian, free software, life

Just a little while ago (10 years) I proposed the addition of a state folder to the XDG basedir specification and expanded the article XDGBaseDirectorySpecification in the Debian wiki. Recently I learned, that version 0.8 (from May 2021) of the spec finally includes a state folder.
Granted, I wasn’t the first to have this idea (2009), nor the one who actually made it happen.
Now, please go ahead and use it! Tha...
--------------------
Patryk Cisek: OpenPGP Paper Backup
https://prezu.ca/post/openpgp-paper-backup/
March 15, 2024, 9:42 PM
openpgp-paper-backup I’ve been using OpenPGP through GnuPG since early 2000’. It’s an essential part of Debian Developer’s workflow. We use it regularly to authenticate package uploads and votes. Proper backups of that key are really important.
Up until recently, the only reliable option for me was backing up a tarball of my ~/.gnupg offline on a set few flash drives. This approach is better than nothing, but it’s not nearly as reliable as I’d like it to be....
--------------------
Gregor Herrmann: teamwork in practice
https://info.comodo.priv.at/blog/teamwork_in_practice.html
March 14, 2024, 10:10 PM
teamwork, or: why I love the Debian Perl Group:
elbrus has introduced a (very untypical) package into the
Debian Perl Group in 2022.
after changes of the default compiler options
(-Werror=implicit-function-declaration) in debian, it didn't
build any more & received an RC bug.
because I sometimes like challenges, I had a look at it & cobbled together
a patch. as I hardly speak any C, I sent my notes to the bug report
& (implictly) asked for help. – & went out to meet a
friend...
--------------------
Matthew Garrett: Digital forgeries are hard
https://mjg59.dreamwidth.org/69507.html
March 14, 2024, 9:11 AM
Closing arguments in the trial between various people and Craig Wright over whether he's Satoshi Nakamoto are wrapping up today, amongst a bewildering array of presented evidence. But one utterly astonishing aspect of this lawsuit is that expert witnesses for both sides agreed that much of the digital evidence provided by Craig Wright was unreliable in one way or another, generally including indications that it wasn't produced at the point in time it claimed to be. And it's fascinating reading t...
--------------------
Dirk Eddelbuettel: ciw 0.0.1 on CRAN: New Package!
http://dirk.eddelbuettel.com/blog/2024/03/13#ciw_0.0.1
March 14, 2024, 12:03 AM
Happy to share that ciw is now on CRAN! I had tooted a little bit
about it, e.g., here.
What it provides is a single (efficient) function
incoming() which summarises the state of the incoming
directories at CRAN. I happen
to like having these things at my (shell) fingertips, so it goes along
with (still draft) wrapper
ciw.r that will be part of the next littler release.
For example, when I do this right now as I type this, I see
edd@rob:~$ ciw.r
Folder Name T...
--------------------
Freexian Collaborators: Monthly report about Debian Long Term Support, February 2024 (by Roberto C. Sánchez)
https://www.freexian.com/blog/debian-lts-report-2024-02/
March 14, 2024, 12:00 AM
Like each month, have a look at the work funded by Freexian’s Debian LTS offering.
Debian LTS contributors
In February, 18 contributors have been paid to work on Debian
LTS, their reports are available:
Abhijith PA
did 10.0h (out of 14.0h assigned), thus carrying over 4.0h to the next month.
Adrian Bunk
did 13.5h (out of 24.25h assigned and 41.75h from previous period), thus carrying over 52.5h to the next month.
Bastien Roucariès
did 20.0h (out of 20.0h assigned).
Ben Hutchings
did 2.0h (ou...
--------------------
Russell Coker: The Shape of Computers
https://etbe.coker.com.au/2024/03/13/shape-computers/
March 13, 2024, 12:16 PM
Introduction
There have been many experiments with the sizes of computers, some of which have stayed around and some have gone away. The trend has been to make computers smaller, the early computers had buildings for them. Recently for come classes computers have started becoming as small as could be reasonably desired. For example phones are thin enough that they can blow away in a strong breeze, smart watches are much the same size as the old fashioned watches they replace, and NUC type comput...
--------------------
Freexian Collaborators: Debian Contributions: Upcoming Improvements to Salsa CI, /usr-move, packaging simplemonitor, and more! (by Utkarsh Gupta)
https://www.freexian.com/blog/debian-contributions-02-2024/
March 13, 2024, 12:00 AM
Contributing to Debian
is part of Freexian’s mission. This article
covers the latest achievements of Freexian and their collaborators. All of this
is made possible by organizations subscribing to our
Long Term Support contracts and
consulting services.
/usr-move, by Helmut Grohne
Much of the work was spent on handling interaction with time time64 transition
and sending patches for mitigating fallout. The set of packages relevant to
debootstrap is mostly converted and the patches for glibc and ...
--------------------
Russell Coker: Android vs FOSS Phones
https://etbe.coker.com.au/2024/03/12/android-vs-foss-phones/
March 12, 2024, 10:35 AM
To achieve my aims regarding Convergence of mobile phone and PC [1] I need something a big bigger than the 4G of RAM that’s in the PinePhone Pro [2]. The PinePhonePro was released at the end of 2021 but has a SoC that was first released in 2016. That SoC seems to compare well to the ones used in the Pixel and Pixel 2 phones that were released in the same time period so it’s not a bad SoC, but it doesn’t compare well to more recent Android devices and it also isn’t a great fit for the non...
--------------------
Dirk Eddelbuettel: digest 0.6.35 on CRAN: New xxhash code
http://dirk.eddelbuettel.com/blog/2024/03/11#digest_0.6.35
March 11, 2024, 11:23 PM
Release 0.6.35 of the digest package
arrived at CRAN today and has
also been uploaded to Debian
already.
digest
creates hash digests of arbitrary R objects. It can use a number
different hashing algorithms (md5, sha-1,
sha-256, sha-512, crc32,
xxhash32, xxhash64, murmur32,
spookyhash, blake3,crc32c – and
now also xxh3_64 and xxh3_128), and enables
easy comparison of (potentially large and nested) R language objects as
it relies on the native serialization in R. It is a mature and
widely-used p...
--------------------
Joachim Breitner: Convenient sandboxed development environment
https://www.joachim-breitner.de/blog/812-Convenient_sandboxed_development_environment
March 11, 2024, 8:39 PM
I like using one machine and setup for everything, from serious development work to hobby projects to managing my finances. This is very convenient, as often the lines between these are blurred. But it is also scary if I think of the large number of people who I have to trust to not want to extract all my personal data. Whenever I run a cabal install, or a fun VSCode extension gets updated, or anything like that, I am running code that could be malicious or buggy.
In a way it is surprising and r...
--------------------
Evgeni Golov: Remote Code Execution in Ansible dynamic inventory plugins
https://www.die-welt.net/2024/03/remote-code-execution-in-ansible-dynamic-inventory-plugins/
March 11, 2024, 8:00 PM
I had reported this to Ansible a year ago (2023-02-23), but it seems this is considered expected behavior, so I am posting it here now.
TL;DR
Don't ever consume any data you got from an inventory if there is a chance somebody untrusted touched it.
Inventory plugins
Inventory plugins allow Ansible to pull inventory data from a variety of sources.
The most common ones are probably the ones fetching instances from clouds like Amazon EC2
and Hetzner Cloud or the ones talking to tools like Foreman.
F...
--------------------
Thorsten Alteholz: My Debian Activities in February 2024
http://blog.alteholz.eu/2024/03/my-debian-activities-in-february-2024/
March 10, 2024, 12:22 PM
FTP master
This month I accepted 242 and rejected 42 packages. The overall number of packages that got accepted was 251.
This was just a short month and the weather outside was not really motivating. I hope it will be better in March.
Debian LTS
This was my hundred-sixteenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded:
[DLA 3739-1] libjwt security update for one CVE to fix some ‘constant-ti...
--------------------
Vasudev Kamath: Cloning a laptop over NVME TCP
https://copyninja.in/blog/clone_laptop_nvmet.html
March 10, 2024, 11:45 AM
Recently, I got a new laptop and had to set it up so I could start using it. But
I wasn't really in the mood to go through the same old steps which I had
explained in this post earlier. I was complaining about
this to my colleague, and there came the suggestion of why not copy the entire
disk to the new laptop. Though it sounded like an interesting idea to me, I had
my doubts, so here is what I told him in return.
I don't have the tools to open my old laptop and connect the new disk over
USB to...
--------------------
Valhalla's Things: Low Fat, No Eggs, Lasagna-ish
https://blog.trueelena.org/blog/drafts/low_fat_no_eggs_lasagna_ish/index.html
March 10, 2024, 12:00 AM
Posted on March 10, 2024


Tags: madeof:atoms, craft:cooking



A few notes on what we had for lunch, to be able to repeat it after the
summer.
There were a number of food intolerance related restrictions which meant
that the traditional lasagna recipe wasn’t an option; the result still
tasted good, but it was a bit softer and messier to take out of the pan
and into the dishes.
On Saturday afternoon we made fresh no-egg pasta with 200 g (durum)
f...
--------------------
Iustin Pop: Finally learning some Rust - hello photo-backlog-exporter!
https://k1024.org/posts/2024/2024-03-09-learning-rust-finally/
March 9, 2024, 10:30 PM
After 4? 5? or so years of wanting to learn Rust, over the past 4 or
so months I finally bit the bullet and found the motivation to write
some Rust. And the subject.
And I was, and still am, thoroughly surprised. It’s like someone took
Haskell, simplified it to some extents, and wrote a systems language
out of it. Writing Rust after Haskell seems easy, and pleasant, and you:
don’t have to care about unintended laziness which causes memory
“leaks” (stuck memory, more like).
don’t have ...
--------------------
Reproducible Builds: Reproducible Builds in February 2024
https://reproducible-builds.org/reports/2024-02/
March 9, 2024, 4:53 PM
Welcome to the February 2024 report from the Reproducible Builds project! In our reports, we try to outline what we have been up to over the past month as well as mentioning some of the important things happening in software supply-chain security.
Reproducible Builds at FOSDEM 2024
Core Reproducible Builds developer Holger Levsen presented at the main track at FOSDEM on Saturday 3rd February this year in Brussels, Belgium. However, that wasn’t the only talk related to Reproducible Builds...
--------------------
Valhalla's Things: Elastic Neck Top Two: MOAR Ruffles
https://blog.trueelena.org/blog/2024/03/09-elastic_neck_top_two_moar_ruffles/index.html
March 9, 2024, 12:00 AM
Posted on March 9, 2024


Tags: madeof:atoms, craft:sewing, FreeSoftWear




After making my Elastic Neck Top
I knew I wanted to make another one less constrained by the amount of
available fabric.
I had a big cut of white cotton voile, I bought some more swimsuit
elastic, and I also had a spool of n°100 sewing cotton, but then I
postponed the project for a while I was working on other things.
Then FOSDEM 2024 arrived, I was going to remote it, a...
--------------------