Matthew Palmer: How I Tripped Over the Debian Weak Keys Vulnerability
https://www.hezmatt.org/~mpalmer/blog/2024/04/09/how-i-tripped-over-the-debian-weak-keys-vuln.html
April 9, 2024, 12:00 AM
Those of you who haven’t been in IT for far, far too long might not know that next month will be the 16th(!) anniversary of the disclosure of what was, at the time, a fairly earth-shattering revelation: that for about 18 months, the Debian OpenSSL package was generating entirely predictable private keys.
The recent xz-stential threat (thanks to @nixCraft for making me aware of that one), has got me thinking about my own serendipitous interaction with a major vulnerability.
Given that the stat...
--------------------
Bastian Blank: Python dataclasses for Deb822 format
https://bblank.thinkmo.de/python-dataclasses-deb822.html
April 8, 2024, 5:00 PM
Python includes some helping support for classes that are designed to just hold some data and not much more: Data Classes.
It uses plain Python type definitions to specify what you can have and some further information for every field.
This will then generate you some useful methods, like __init__ and __repr__, but on request also more.
But given that those type definitions are available to other code, a lot more can be done.
There exists several separate packages to work on data classes.
For ex...
--------------------
Thorsten Alteholz: My Debian Activities in March 2024
http://blog.alteholz.eu/2024/04/my-debian-activities-in-march-2024/
April 7, 2024, 11:56 AM
FTP master
This month I accepted 147 and rejected 12 packages. The overall number of packages that got accepted was 151.
If you file an RM bug, please do check whether there are reverse dependencies as well and file RM bugs for them. It is annoying and time-consuming when I have to do the moreinfo dance.
Debian LTS
This was my hundred-seventeenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded:
[...
--------------------
John Goerzen: Facebook is Censoring Stories about Climate Change and Illegal Raid in Marion, Kansas
https://changelog.complete.org/archives/10657-facebook-is-censoring-stories-about-illegal-raid-in-marion-kansas
April 6, 2024, 2:00 PM
It is, sadly, not entirely surprising that Facebook is censoring articles critical of Meta.
The Kansas Reflector published an artical about Meta censoring environmental articles about climate change — deeming them “too controversial”.
Facebook then censored the article about Facebook censorship, and then after an independent site published a copy of the climate change article, Facebook censored it too.
The CNN story says Facebook apologized and said it was a mistake and was fixing it.
Colo...
--------------------
Junichi Uekawa: Trying to explain analogue clock.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-6.html.en#2024-Apr-6-12:37:09
April 6, 2024, 3:37 AM
Trying to explain analogue clock. It's hard to
explain. Tried adding some things for affordance, and it is
still not enough. So it's not obvious which arm is the hour
and which arm is the minute.
analog clock
--------------------
Paul Wise: FLOSS Activities March 2024
http://bonedaddy.net/pabs3/log/2024/04/06/floss-activities/
April 5, 2024, 11:24 PM
Focus
This month I didn't have any particular focus.
I just worked on issues in my info bubble.
Changes
gt:
use standard systemd usb-gadget.target
SWH docs:
add FAQ item
reportbug:
allow overriding auto-applied tags
Debian BTS usertags:
fix up Ubuntu, porter, 64-bit time_t usertags
Debian wiki pages:
AutoGeneratedFiles
(1
2),
DebianDay
(2024),
Exploits,
GSoC,
gsoc,
Hardware/Wanted,
LTS/Development,
Ports/riscv64,
Sprints
(2024/DebianMed),
Statistics,
Year
Issues
Features in
SWH
(1
2),
sw...
--------------------
Dirk Eddelbuettel: RcppArmadillo 0.12.8.2.0 on CRAN: Upstream Fix
http://dirk.eddelbuettel.com/blog/2024/04/05#rcpparmadillo_0.12.8.2.0
April 5, 2024, 10:12 PM
Armadillo is a powerful
and expressive C++ template library for linear algebra and scientific
computing. It aims towards a good balance between speed and ease of use,
has a syntax deliberately close to Matlab, and is useful for algorithm
development directly in C++, or quick conversion of research code into
production environments. RcppArmadillo
integrates this library with the R environment and language–and is
widely used by (currently) 1136 other packages on CRAN, downloaded 33.5 million
tim...
--------------------
Bits from Debian: apt install dpl-candidate: Sruthi Chandran
https://bits.debian.org/2024/04/dpl-interview-SruthiChandran.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The DPL is the official representative of representative of The Debian Project tasked with managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served...
--------------------
Bits from Debian: apt install dpl-candidate: Andreas Tille
https://bits.debian.org/2024/04/dpl-interview-AndresTille.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The Project Leader is the official representative of The Debian Project tasked with
managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served 4 ter...
--------------------
Emanuele Rocca: PGP keys on Yubikey, with a side of Mutt
https://www.linux.it/~ema/posts/pgp-keys-on-yubikey/
April 5, 2024, 1:22 PM
Here are my notes about copying PGP keys to external hardware devices such as
Yubikeys. Let me begin by saying that the gpg tools are pretty bad at this.
MAKE A COUPLE OF BACKUPS OF ~/.gnupg/ TO DIFFERENT ENCRYPTED USB STICKS
BEFORE YOU START. GPG WILL MESS UP YOUR KEYS. SERIOUSLY.
For example, would you believe me if I said that saving changes results in
the removal of your private key? Well
check this
out.
Now that you have multiple safe, offline backups of your keys, here are my notes.
...
--------------------
Reproducible Builds (diffoscope): diffoscope 263 released
https://diffoscope.org/news/diffoscope-263-released/
April 5, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 263. This version includes the following changes:
[ Chris Lamb ]
* Add support for the zipdetails(1) tool included in the Perl distribution.
Thanks to Larry Doolittle et al. for the pointer to this tool.
* Don't use parenthesis within test "skipping…" messages; PyTest adds its own
parenthesis, so we were ending up with double nested parens.
* Fix the .epub tests after supporting zipdetails(1).
* Update co...
--------------------
John Goerzen: The xz Issue Isn’t About Open Source
https://changelog.complete.org/archives/10642-the-xz-issue-isnt-about-open-source
April 4, 2024, 10:07 PM
You’ve probably heard of the recent backdoor in xz. There have been a lot of takes on this, most of them boiling down to some version of:
The problem here is with Open Source Software.
I want to say not only is that view so myopic that it pushes towards the incorrect, but also it blinds us to more serious problems.
Now, I don’t pretend that there are no problems in the FLOSS community. There have been various pieces written about what this issue says about the FLOSS community (usually with...
--------------------
Lukas Märdian: Netplan v1.0 paves the way to stable, declarative network management
https://blog.slyon.de/2024/04/04/netplan-v1-0-paves-the-way-to-stable-declarative-network-management/
April 4, 2024, 3:39 PM
New “netplan status –diff” subcommand, finding differences between configuration and system state
As the maintainer and lead developer for Netplan, I’m proud to announce the general availability of Netplan v1.0 after more than 7 years of development efforts. Over the years, we’ve so far had about 80 individual contributors from around the globe. This includes many contributions from our Netplan core-team at Canonical, but also from other big corporations such as Microsoft or Deutsch...
--------------------
Bits from Debian: proxmox Platinum Sponsor of DebConf24
https://bits.debian.org/2024/04/proxmox-platinum-debconf24.html
April 3, 2024, 11:17 PM
We are pleased to announce that Proxmox
has committed to sponsor DebConf24 as a
Platinum Sponsor.
Proxmox provides powerful and user-friendly open-source server software.
Enterprises of all sizes and industries use Proxmox solutions to deploy
efficient and simplified IT infrastructures, minimize total cost of ownership,
and avoid vendor lock-in. Proxmox also offers commercial support, training
services, and an extensive partner ecosystem to ensure business continuity
for its customers. Proxmox ...
--------------------
Guido Günther: Free Software Activities March 2024
https://honk.sigxcpu.org/con/Free_Software_Activities_March_2024.html
April 3, 2024, 10:12 AM
A short status update of what happened on my side last month. I spent
quiet a bit of time reviewing new, code (thanks!) as well as
maintenance to keep things going but we also have some improvements:
Phosh
Release phosh 0.37.0
Add support for progress indicator and counts to lockscreen launcher entries: Merge request,
Demo using Phosh-EV's charge status as example (Merge request)
Fix 5G with MM: Merge Request
Doc updates: Merge Request
Drop builtin session support Merge request
Support gnome-...
--------------------
Joey Hess: reflections on distrusting xz
http://joeyh.name/blog/entry/reflections_on_distrusting_xz/
April 3, 2024, 8:48 AM
Was the ssh backdoor the only goal that "Jia Tan" was pursuing
with their multi-year operation against xz?
I doubt it, and if not, then every fix so far has been incomplete,
because everything is still running code written by that entity.
If we assume that they had a multilayered plan, that their every action was
calculated and malicious, then we have to think about the full threat
surface of using xz. This quickly gets into nightmare scenarios of the
"trusting trust" variety.
What if xz cont...
--------------------
Arnaud Rebillout: Firefox: Moving from the Debian package to the Flatpak app (long-term?)
https://arnaudr.io/2024/04/03/firefox-moving-from-the-debian-package-to-the-flatpak-app-long-term/
April 3, 2024, 12:00 AM
First, thanks to Samuel Henrique for giving notice of recent Firefox
CVEs in Debian
testing/unstable.
At the time I didn't want to upgrade my system (Debian Sid) due to the ongoing
t64 transition transition,
so I decided I could install the Firefox Flatpak app instead, and why not stick
to it long-term?
This blog post details all the steps, if ever others want to go the same road.
Flatpak Installation
Disclaimer: this section is hardly anything more than a copy/paste of the
official documentatio...
--------------------
Dirk Eddelbuettel: ulid 0.3.1 on CRAN: New Maintainer, Some Polish
http://dirk.eddelbuettel.com/blog/2024/04/02#ulid-0.3.1
April 2, 2024, 11:14 PM
Happy to share that ulid is now
(back) on CRAN. It provides
universally unique identifiers that are lexicographically sortable,
which improves over the more well-known uuid generators.
ulid is a
neat little package put together by Bob
Rudis a few years ago. It had recently drifted off CRAN so I offered to brush it up
and re-submit it. And as tooted
earlier today, it took just over an hour to finish that (after the
lead up work I had done, including prior email with CRAN in the loop,
the repo tra...
--------------------
Sven Hoexter: PKIX: pathLen Constrain on Root Certificates
http://sven.stormbind.net/blog/posts/pkix_pathlen_rootca/
April 2, 2024, 7:07 PM
I recently came a cross a x509 P(rivate)KI Root Certificate which had
a pathLen constrain set on the (self signed) Root Certificate.
Since that is not commonly seen I looked a bit around to get a
better understanding about how the pathLen basic constrain
should be used.
Primary source is
RFC 5280 section 4.2.1.9
The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit (Section 4.2.1.3). In this case, it gi...
--------------------
Bits from Debian: Bits from the DPL
https://bits.debian.org/2024/04/bits-from-the-dpl-april.html
April 2, 2024, 5:00 PM
Dear Debianites
This morning I decided to just start writing Bits from DPL and send
whatever I have by 18:00 local time. Here it is, barely proof read,
along with all it's warts and grammar mistakes! It's slightly long and
doesn't contain any critical information, so if you're not in the mood,
don't feel compelled to read it!
Get ready for a new DPL!
Soon, the voting period will start to elect our next DPL, and my time
as DPL will come to an end. Reading the questions posted to the new
candidate...
--------------------
Ben Hutchings: FOSS activity in March 2024
https://www.decadent.org.uk/ben/blog/2024/04/01/foss-activity-in-march-2024.html
April 1, 2024, 2:51 PM
I updated the Linux (4.19) package for buster to upstream version
4.19.311, but I did not make an upload this month.
I triaged recent CVE IDs assigned for kernel security issues, and
queried
some
duplicate
and
trivial
issues, which have now been rejected.
I reviewed and applied a fix for klibc’s inet_pton()
function. I
then
added some test cases for it,
and
made
further
fixes....
--------------------
Colin Watson: Free software activity in March 2024
https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-03.html
April 1, 2024, 1:10 PM
My Debian contributions this month were all
sponsored by Freexian.
Python team:
I updated
zope.testrunner to 6.4.
I fixed a build failure in
celery-haystack-ng, which included an
upstream change to stop using
d2to1.
I backported an upstream change to fix a build failure in
python-json-log-formatter.
I updated python-typing-extensions to 4.10.0 to fix a build
failure.
I updated wcwidth to 0.2.13 to fix a build
failure, which included rewriting
the Debian patches to update-table...
--------------------
Simon Josefsson: Towards reproducible minimal source code tarballs? On *-src.tar.gz
https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/
April 1, 2024, 10:28 AM
While the work to analyze the xz backdoor is in progress, several ideas have been suggested to improve the entire software supply chain ecosystem. Some of those ideas are good, some of the ideas are at best irrelevant and harmless, and some suggestions are plain bad. I’d like to attempt to formalize one idea (remains to be see in which category it belongs), which have been discussed before, but the context in which the idea can be appreciated have not been as clear as it is today.
Reprod...
--------------------
Arturo Borrero González: Kubecon and CloudNativeCon 2024 Europe summary
https://ral-arturo.org/2024/04/01/kubecon.html
April 1, 2024, 9:00 AM
This blog post shares my thoughts on attending Kubecon and CloudNativeCon 2024 Europe in Paris. It was my third time at
this conference, and it felt bigger than last year’s in Amsterdam. Apparently it had an impact on public transport. I
missed part of the opening keynote because of the extremely busy rush hour tram in Paris.
On Artificial Intelligence, Machine Learning and GPUs
Talks about AI, ML, and GPUs were everywhere this year. While it wasn’t my main interest, I did learn about GP...
--------------------
Junichi Uekawa: Learning about xz and what is happening is fascinating.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-1.html.en#2024-Apr-1-07:02:00
March 31, 2024, 10:02 PM
Learning about xz and what is happening is fascinating. The scope of potential exploit is very large. The Open source software space is filled with many unmaintained and unreviewed software.
--------------------
Russell Coker: Links March 2024
https://etbe.coker.com.au/2024/03/31/links-march-2024/
March 31, 2024, 12:51 PM
Bruce Schneier wrote an interesting blog post about his workshop on reimagining democracy and the unusual way he structured it [1]. It would be fun to have a security conference run like that!
Matthias write an informative blog post about Wayland “Wayland really breaks things… Just for now” which links to a blog debate about the utility of Wayland [2]. Wayland seems pretty good to me.
Cory Doctorow wrote an insightful article about the AI bubble comparing it to previous bubbles [3].
Charle...
--------------------
Steinar H. Gunderson: xz backdooring
http://blog.sesse.net/blog/tech/2024-03-30-11-39_xz_backdooring.html
March 30, 2024, 10:39 AM
Andres Freund found that xz-utils is backdoored,
but could not (despite the otherwise excellent analysis) get quite to the bottom of what the payload actually does.
What you would hope for to be posted by others: Further analysis of the payload.
What actually gets posted by others: “systemd is bad.”
Update: Good preliminary analysis....
--------------------
Raphaël Hertzog: Freexian is looking to expand its team with more Debian contributors
https://raphaelhertzog.com/2024/03/29/freexian-is-looking-to-expand-its-team-with-more-debian-contributors/
March 29, 2024, 3:13 PM
It’s been a while that I haven’t posted anything on my blog, the truth is that Freexian has been doing very well in the last years and that I have a hard time to allocate time to write articles or even to contribute to my usual Debian projects… the exception being debusine since that’s part of the Freexian work (have a look at our most recent announce!).
That being said, given Freexian’s growth and in the hope to reduce my workload, we are looking to extend our team with Debian m...
--------------------
Ravi Dwivedi: A visit to the Taj Mahal
https://ravidwivedi.in/posts/taj-mahal/
March 29, 2024, 10:13 AM
Note: The currency used in this post is Indian Rupees, which was around 83 INR for 1 US Dollar as that time.
I and my friend Badri visited the Taj Mahal this month. Taj Mahal is one of the main tourist destinations in India and does not need an introduction, I guess. It is in Agra, in the state of Uttar Pradesh, 188 km from Delhi by train. So, I am writing a post documenting useful information for people who are planning to visit Taj Mahal. Feel free to ask me questions about visiting the Taj Ma...
--------------------
Patryk Cisek: Sanoid on TrueNAS
https://prezu.ca/post/sanoid_on_truenas/
March 29, 2024, 1:18 AM
syncoid to TrueNAS In my homelab, I have 2 NAS systems:
Linux (Debian) TrueNAS Core (based on FreeBSD) On my Linux box, I use Jim Salter’s sanoid to periodically take snapshots of my ZFS pool. I also want to have a proper backup of the whole pool, so I use syncoid to transfer those snapshots to another machine. Sanoid itself is responsible only for taking new snapshots and pruning old ones you no longer care about....
--------------------
Reproducible Builds (diffoscope): diffoscope 262 released
https://diffoscope.org/news/diffoscope-262-released/
March 29, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 262. This version includes the following changes:
[ Chris Lamb ]
* Factor out Python version checking in test_zip.py. (Re: #362)
* Also skip some zip tests under 3.10.14 as well; a potential regression may
have been backported to the 3.10.x series. The underlying cause is still to
be investigated. (Re: #362)
You find out more by visiting the project homepage....
--------------------
Joey Hess: the vulture in the coal mine
http://joeyh.name/blog/entry/the_vulture_in_the_coal_mine/
March 28, 2024, 10:37 PM
Turns out that VPS provider Vultr's
terms of service
were quietly changed some time ago to give them a "perpetual, irrevocable"
license to use content hosted there in any way, including modifying it and
commercializing it "for purposes of providing the Services to you."
This is very similar to changes that
Github made to their TOS in 2017.
Since then, Github has been
rebranded as "The world’s leading AI-powered developer platform".
The language in their TOS now clearly lets them use content s...
--------------------
Scarlett Gately Moore: Kubuntu, KDE Report. In Loving Memory of my Son.
https://www.scarlettgatelymoore.dev/kubuntu-kde-report-in-loving-memory-of-my-son/
March 28, 2024, 5:54 PM
Personal:
As many of you know, I lost my beloved son March 9th. This has hit me really hard, but I am staying strong and holding on to all the wonderful memories I have. He grew up to be an amazing man, devoted christian and wonderful father. He was loved by everyone who knew him and will be truly missed by us all. I have had folks ask me how they can help. He left behind his 7 year old son Mason. Mason was Billy’s world and I would like to make sure Mason is taken care of. I have set up a ...
--------------------
Steinar H. Gunderson: git grudge
http://blog.sesse.net/blog/tech/2024-03-27-18-56_git_grudge.html
March 27, 2024, 5:56 PM
Small teaser:
Probably won't show up in aggregators (try this link instead).
--------------------
Emmanuel Kasper: Adding a private / custom Certificate Authority to the firefox trust store
https://00formicapunk00.wordpress.com/2024/03/26/adding-a-private-custom-certificate-authority-to-the-firefox-trust-store/
March 26, 2024, 6:43 PM
Today at $WORK I needed to add the private company Certificate Authority (CA) to Firefox, and I found the steps were unnecessarily complex.
Time to blog about that, and I also made a Debian wiki article of that post, so that future generations can update the information, when Firefox 742 is released on Debian 17.
The cacert certificate authority is not included in Debian and Firefox, and is thus a good example of adding a private CA.
Note that this does not mean I specifically endorse that CA.
...
--------------------
Jonathan Dowland: a bug a day
https://jmtd.net/log/a_bug_a_day/
March 25, 2024, 4:58 PM
I recently became a maintainer of/committer to IkiWiki,
the software that powers my site. I also took over maintenance of the Debian
package. Last week I cut a new upstream point release, 3.20200202.4, and a
corresponding Debian package upload, consisting only of a handful of
low-hanging-fruit patches from other people, largely to exercise both
processes.
I've been discussing IkiWiki's maintenance situation with some other users for
a couple of years now. I've also weighed up the pros and cons ...
--------------------
Valhalla's Things: Piecepack and postcard boxes
https://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/index.html
March 25, 2024, 12:00 AM
Posted on March 25, 2024


Tags: madeof:bits, craft:cartonnage




This article has been originally posted on November 4, 2023, and has
been updated (at the bottom) since.
Thanks to All Saints’ Day, I’ve just had a 5 days weekend. One of those
days I woke up and decided I absolutely needed a cartonnage box for the
cardboard and linocut piecepack I’ve been working on for quite some
time.
I started drawing a plan with measures before breakfas...
--------------------
Anuradha Weeraman: Testing again
https://weeraman.com/testing-again/
March 24, 2024, 3:29 PM
123
--------------------
Anuradha Weeraman: This is a test
https://weeraman.com/this-is-a-test/
March 24, 2024, 3:26 PM
Testing 1 2 3
--------------------
Niels Thykier: debputy v0.1.21
https://people.debian.org/~nthykier/blog/2024/debputy-v0-1-21.html
March 24, 2024, 2:30 PM
Earlier today, I have just released debputy version 0.1.21
to Debian unstable. In the blog post, I will highlight some
of the new features.
Package boilerplate reduction with automatic relationship substvar
Last month, I started a discussion on rethinking how we do
relationship substvars such as the ${misc:Depends}. These
generally ends up being boilerplate runes in the form of
Depends: ${misc:Depends}, ${shlibs:Depends} where you
as the packager has to remember exactly which runes apply
to you...
--------------------
Marco d'Itri: CISPE's call for new regulations on VMware
https://blog.bofh.it/debian/id_469
March 24, 2024, 12:52 PM
A few days ago CISPE, a trade association of European cloud providers, published a press release complaining about the new VMware licensing scheme and asking for regulators and legislators to intervene.
But VMware does not have a monopoly on virtualization software: I think that asking regulators to interfere is unnecessary and unwise, unless, of course, they wish to question the entire foundations of copyright. Which, on the other hand, could be an intriguing position that I would support...
...
--------------------
Jacob Adams: Regular Reboots
https://tookmund.com/2024/03/regular-reboot
March 24, 2024, 12:00 AM
Uptime is often considered a measure of system reliability,
an indication that the running software is stable and can be counted on.
However, this hides the insidious build-up of state throughout the system as
it runs, the slow drift from the expected to the strange.
As Nolan Lawson highlights in an excellent post entitled
Programmers are bad at managing state,
state is the most challenging part of programming.
It’s why “did you try turning it off and on again” is a classic tech support
...
--------------------
Dirk Eddelbuettel: littler 0.3.20 on CRAN: Moar Features!
http://dirk.eddelbuettel.com/blog/2024/03/23#littler-0.3.20
March 23, 2024, 10:06 PM
The twentyfirst release of littler as a
CRAN package
landed on CRAN just now, following in the now eighteen year history (!!)
as a package started by Jeff in 2006, and joined
by me a few weeks later.
littler
is the first command-line interface for R as it predates
Rscript. It allows for piping as well for shebang
scripting via #!, uses command-line arguments more
consistently and still starts
faster. It also always loaded the methods package which
Rscript only began to do in recent years.
little...
--------------------
Bits from Debian: New Debian Developers and Maintainers (January and February 2024)
https://bits.debian.org/2024/03/new-developers-2024-02.html
March 23, 2024, 3:00 PM
The following contributors got their Debian Developer accounts in the last two months:
Carles Pina i Estany (cpina)
Dave Hibberd (hibby)
Soren Stoutner (soren)
Daniel Gröber (dxld)
Jeremy Sowden (azazel)
Ricardo Ribalda Delgado (ribalda)
The following contributors were added as Debian Maintainers in the last two months:
Joachim Bauch
Ananthu C V
Francesco Ballarin
Yogeswaran Umasankar
Kienan Stewart
Congratulations!...
--------------------
Kentaro Hayashi: How about allocating more buildd resource for armel and armhf?
https://kenhys.hatenablog.jp/entry/2024/03/23/211515
March 23, 2024, 12:15 PM
This article is cross-posting from grow-your-ideas. This is just an idea.
salsa.debian.org
The problem
According to Developer Machines [1],
current buildd machines are like this:
armel: 4 buildd (4 for arm64/armhf/armel)
armhf: 7 buildd (4 for arm64/armhf/armel and 3 for armhf only)
[1] https://db.debian.org/machines.cgi
In contrast to other buildd architectures, these instances are quite a few and it seems that
it causes a shortage of buildd resourses. (e.g. during mass transition, giv...
--------------------
Erich Schubert: Do not get Amazon Kids+ or a Fire HD Kids
https://www.vitavonni.de/blog/202403/20240323amazon-kids-has-no-whitelist.html
March 23, 2024, 10:15 AM
The Amazon Kids “parental controls” are extremely insufficient, and I strongly advise against getting any of the Amazon Kids series.
The initial permise (and some older reviews) look okay: you can set some time limits, and you can disable anything that requires buying.
With the hardware you get one year of the “Amazon Kids+” subscription, which includes a lot of interesting content such as books and audio,
but also some apps. This seemed attractive: some learning apps, some decent games...
--------------------
Valhalla's Things: Forgotten Yeast Bread - Sourdough Edition
https://blog.trueelena.org/blog/2024/03/23-forgotten_yeast_bread_sourdough_edition/index.html
March 23, 2024, 12:00 AM
Posted on March 23, 2024


Tags: madeof:atoms, craft:cooking, craft:baking, craft:bread



Yesterday I had planned a pan sbagliato for today, but I also had
quite a bit of sourdough to deal with, so instead of mixing a bit of of
dry yeast at 18:00 and mixing it with some additional flour and water at
21:00, at around maybe 20:00 I substituted:
100 g firm sourdough;
33 g flour;
66 g water.
Then I briefly woke up in the middle of the night and pour...
--------------------
Reproducible Builds (diffoscope): diffoscope 261 released
https://diffoscope.org/news/diffoscope-261-released/
March 22, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 261. This version includes the following changes:
[ Chris Lamb ]
* Don't crash if we encounter an .rdb file without an equivalent .rdx file.
(Closes: #1066991)
* In addition, don't identify Redis database dumps (etc.) as GNU R database
files based simply on their filename. (Re: #1066991)
* Update copyright years.
You find out more by visiting the project homepage....
--------------------
Ian Jackson: How to use Rust on Debian (and Ubuntu, etc.)
https://diziet.dreamwidth.org/18122.html
March 21, 2024, 9:47 PM
tl;dr: Don’t just apt install rustc cargo. Either do that and make sure to use only Rust libraries from your distro (with the tiresome config runes below); or, just use rustup.
Don’t do the obvious thing; it’s never what you wantQ. Download and run whatever code from the internet?
Option 1: WTF, no I don’t want curl|bash
Option 2: Biting the curl|bash bulletPrivilege separation
OMG what a mess
Don’t do the obvious thing; it’s never what you want
Debian ships a Rust compiler, a...
--------------------
Ravi Dwivedi: Thailand Trip
https://ravidwivedi.in/posts/thailand-trip/
March 21, 2024, 8:45 PM
This post is the second and final part of my Malaysia-Thailand trip. Feel free to check out the Malaysia part here if you haven’t already. Kuala Lumpur to Bangkok is around 1500 km by road, and so I took a Malaysian Airlines flight to travel to Bangkok. The flight staff at the Kuala Lumpur only asked me for a return/onward flight and Thailand immigration asked a few questions but did not check any documents (obviously they checked and stamped my passport ;)). The currency of Thailand is the Th...
--------------------
Dirk Eddelbuettel: ciw 0.0.2 on CRAN: Updates
http://dirk.eddelbuettel.com/blog/2024/03/20#ciw_0.0.2
March 20, 2024, 1:18 PM
A first revision of the still only one-week old (at CRAN) package ciw has been
released to CRAN! It provides
is a single (efficient) function incoming() (now along with
an alias ciw()) which summarises the state of the incoming
directories at CRAN. I happen
to like having these things at my (shell) fingertips, so it goes along
with (still draft) wrapper
ciw.r that will be part of the next littler release.
For example, when I do this right now as I type this, I see
(typically less than one second...
--------------------
Jonathan Dowland: aerc email client
https://jmtd.net/log/aerc/
March 20, 2024, 10:38 AM
I started looking at aerc, a new Terminal mail client, in
around 2019. At that time it was promising, but ultimately not ready yet for me, so
I put it away and went back to neomutt which I have been
using (in one form or another)   all century.
These days, I use neomutt as an IMAP client which is perhaps what it's worst
at: prior to that, and in common with most users (I think), I used it to read
local mail, either fetched via offlineimap or
directly on my mail server. I switched to using it a...
--------------------
Iustin Pop: Corydalis 2024.12.0 released
https://k1024.org/posts/2024/2024-03-20-corydalis-v2024.12/
March 20, 2024, 12:20 AM
I’ve been working for the past few weeks on Corydalis, and was in no
hurry to make a release, but last evening I found the explanation for
a really, really, really annoying issue: unintended “zooming” on touch
interfaces in the image viewer. Or more precisely, I found this post
from 2015 (9 years ago!):
https://webkit.org/blog/5610/more-responsive-tapping-on-ios/ and I
finally understood things. And decided this was the best choice for
cutting a new release.
Of course, the release contains...
--------------------
Colin Watson: apt install everything?
https://www.chiark.greenend.org.uk/~cjwatson/blog/ubuntu-install-everything.html
March 19, 2024, 7:05 AM
On Mastodon, the
question came up of
how Ubuntu would deal with something like the npm install
everything situation. I replied:
Ubuntu is curated, so it probably wouldn’t get this far. If it did, then
the worst case is that it would get in the way of CI allowing other
packages to be removed (again from a curated system, so people are used to
removal not being self-service); but the release team would have no
hesitation in removing a package like this to fix that, and it certainly
wouldn’...
--------------------
Joey Hess: policy on adding AI generated content to my software projects
http://joeyh.name/blog/entry/policy_on_adding_AI_generated_content_to_my_software_projects/
March 18, 2024, 8:54 PM
I am eager to incorporate your AI generated code into my software.
Really!
I want to facilitate making the process as easy as possible. You're already
using an AI to do most of the hard lifting, so why make the last step hard? To
that end, I skip my usually extensive code review process for your AI generated
code submissions. Anything goes as long as it compiles!
Please do remember to include "(AI generated)" in the description of your
changes (at the top), so I know to skip my usual review pr...
--------------------
Simon Josefsson: Apt archive mirrors in Git-LFS
https://blog.josefsson.org/2024/03/18/apt-archive-mirrors-in-git-lfs/
March 18, 2024, 4:15 PM
My effort to improve transparency and confidence of public apt archives continues. I started to work on this in “Apt Archive Transparency” in which I mention the debdistget project in passing. Debdistget is responsible for mirroring index files for some public apt archives. I’ve realized that having a publicly auditable and preserved mirror of the apt repositories is central to being able to do apt transparency work, so the debdistget project has become more central to my project than I th...
--------------------
Christoph Berg: vcswatch and git --filter
https://www.df7cb.de/blog/2024/vcswatch-git-filter.html
March 18, 2024, 12:45 PM
Debian is running a "vcswatch"
service that keeps track of the status of all packaging repositories that have a
Vcs-Git
(and other VCSes) header set and shows which repos might need a package upload to push pending changes out.
Naturally, this is a lot of data and the scratch partition on qa.debian.org
had to be expanded several times, up to 300 GB in the last iteration.
Attempts to reduce that size using shallow clones (git clone --depth=50)
did not result more than a few percent of space save...
--------------------
Gunnar Wolf: After miniDebConf Santa Fe
https://gwolf.org/2024/03/after-minidebconf-santa-fe.html
March 18, 2024, 4:00 AM
Last week we held our promised miniDebConf in Santa Fe City, Santa Fe province,
Argentina — just across the river from Paraná, where I have spent almost six
beautiful months I will never forget.

Around 500 Kilometers North from Buenos Aires, Santa Fe and Paraná are separated
by the beautiful and majestic Paraná river, which flows from Brazil, marks the
Eastern border of Paraguay, and continues within Argentina as the heart of the
litoral region of the country, until it merges with th...
--------------------
Thomas Koch: Minimal overhead VMs with Nix and MicroVM
https://blog.koch.ro/posts/2024-03-17-minimal-vms-nix-microvm.html
March 17, 2024, 10:13 AM
Posted on March 17, 2024


Tags: debian, free software, nix

Joachim Breitner wrote about a Convenient sandboxed development environment and thus reminded me to blog about MicroVM. I’ve toyed around with it a little but not yet seriously used it as I’m currently not coding.
MicroVM is a nix based project to configure and run minimal VMs. It can mount and thus reuse the hosts nix store inside the VM and thus has a very small disk footprint. I use MicroVM on a debian system...
--------------------
Thomas Koch: Rebuild search with trust
https://blog.koch.ro/posts/2024-01-20-rebuild-search-with-trust.html
March 17, 2024, 10:13 AM
Posted on January 20, 2024


Tags: debian, free software, life, search, decentralization

Finally there is a thing people can agree on:
2023-08-28, OSNews: The end of the Googleverse
2023-07-28, Cory Doctorow: Microincentives and Enshittification
2023-10-03, Cory Doctorow: Google’s enshittification memos
2024-01-15, Tim Bray: Mourning Google
Apparently, Google Search is not good anymore. And I’m not the only one thinking about decentralization to fix it:
Honey I federat...
--------------------