Andreas Rönnquist: Status update for Allegro packaging in Debian
https://www.gusnan.se/blog/programming/status-update-for-allegro-packaging-in-debian/
April 15, 2024, 4:10 PM
I have mailed to a Debian bug on allegro4.4 describing my reasoningregarding the allegro libraries – in short, allegro4.4 is pretty muchdead upstream, and my interest was basically to keep alex4 (which iscool) in Debian, but since it migrated to non-free, my interest inallegro4.4 has waned. So, if anybody would like to still see allegro4.4in Debian, please step up now and help out. Since it is dead upstream,my reasoning is that it is better to remove it from Debian if nomaintainer who wants to...
--------------------
Petter Reinholdtsen: Time to move orphaned Debian packages to git
https://people.skolelinux.org/pere/blog/Time_to_move_orphaned_Debian_packages_to_git.html
April 14, 2024, 7:30 AM
There are several packages in Debian without a associated git
repository with the packaging history. This is unfortunate and it
would be nice if more of these would do so. Quote a lot of these are
without a maintainer, ie listed as maintained by the
'Debian
QA Group' place holder. In fact, 438 packages have this property
according to UDD (SELECT source FROM sources WHERE release = 'sid'
AND (vcs_url ilike '%anonscm.debian.org%' OR vcs_browser ilike
'%anonscm.debian.org%' or vcs_url IS NULL OR...
--------------------
Simon Josefsson: Reproducible and minimal source-only tarballs
https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/
April 13, 2024, 4:44 PM
With the release of Libntlm version 1.8 the release tarball can be reproduced on several distributions. We also publish a signed minimal source-only tarball, produced by git-archive which is the same format used by Savannah, Codeberg, GitLab, GitHub and others. Reproducibility of both tarballs are tested continuously for regressions on GitLab through a CI/CD pipeline. If that wasn’t enough to excite you, the Debian packages of Libntlm are now built from the reproducible minimal source-only tar...
--------------------
Paul Tagliamonte: Domo Arigato, Mr. debugfs
https://notes.pault.ag/debugfs/
April 13, 2024, 1:27 PM
Years ago, at what I think I remember was DebConf 15, I hacked for a while
on debhelper to
write build-ids to debian binary control files,
so that the build-id (more specifically, the ELF note
.note.gnu.build-id) wound up in the Debian apt archive metadata.
I’ve always thought this was super cool, and seeing as how Michael Stapelberg
blogged
some great pointers around the ecosystem, including the fancy new debuginfod
service, and the
find-dbgsym-packages
helper, which uses these same headers, ...
--------------------
Russell Coker: Software Needed for Work
https://etbe.coker.com.au/2024/04/13/software-needed-for-work/
April 13, 2024, 7:08 AM
When I first started studying computer science setting up a programming project was easy, write source code files and a Makefile and that was it. IRC was the only IM system and email was the only other communications system that was used much. Writing Makefiles is difficult but products like the Borland Turbo series of IDEs did all that for you so you could just start typing code and press a function key to compile and run (F5 from memory).
Over the years the requirements and expectations of com...
--------------------
Scarlett Gately Moore: Kubuntu: Noble Numbat Beta available! Qt6 snaps coming soon.
https://www.scarlettgatelymoore.dev/kubuntu-noble-numbat-beta-available-qt6-snaps-coming-soon/
April 12, 2024, 7:29 PM
It has been a very busy couple of weeks as we worked against some major transitions and a security fix that required a rebuild of the $world. I am happy to report that against all odds we have a beta release! You can read all about it here: https://kubuntu.org/news/kubuntu-24-04-beta-released/ Post beta freeze I have already begun pushing our fixes for known issues today. A big one being our new branding! Very exciting times in the Kubuntu world.
In the snap world I will be using my free time...
--------------------
NOKUBI Takatsugu: mailman3-web error when upgrading to bookworm
http://blog.daionet.gr.jp/knok-e/2024/04/12/mailman3-web-error-when-upgrading-to-bookworm/
April 12, 2024, 1:34 PM
I tried to upgrade bullseye machien to bookworm, so I got the following error:
File “/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py”, line 5, infrom django.contrib.auth.views import redirect_to_loginFile “/usr/lib/python3/dist-packages/django/contrib/auth/views.py”, line 20, infrom django.utils.http import (ImportError: cannot import name ‘url_has_allowed_host_and_scheme’ from ‘django.utils.http’ (/usr/lib/python3/dist-packages/django/utils/http.py)
During ha...
--------------------
Freexian Collaborators: Monthly report about Debian Long Term Support, March 2024 (by Roberto C. Sánchez)
https://www.freexian.com/blog/debian-lts-report-2024-03/
April 12, 2024, 12:00 AM
Like each month, have a look at the work funded by Freexian’s Debian LTS offering.
Debian LTS contributors
In March, 19 contributors have been paid to work on Debian
LTS, their reports are available:
Abhijith PA
did 0.0h (out of 10.0h assigned and 4.0h from previous period), thus carrying over 14.0h to the next month.
Adrian Bunk
did 59.5h (out of 47.5h assigned and 52.5h from previous period), thus carrying over 40.5h to the next month.
Bastien Roucariès
did 22.0h (out of 20.0h assigned and...
--------------------
Freexian Collaborators: Debian Contributions: SSO Authentication for jitsi.debian.social, /usr-move updates, and more! (by Utkarsh Gupta)
https://www.freexian.com/blog/debian-contributions-03-2024/
April 12, 2024, 12:00 AM
Contributing to Debian
is part of Freexian’s mission. This article
covers the latest achievements of Freexian and their collaborators. All of this
is made possible by organizations subscribing to our
Long Term Support contracts and
consulting services.
P.S. We’ve completed over a year of writing these blogs. If you have any
suggestions on how to make them better or what you’d like us to cover, or any
other opinions/reviews you might have, et al, please let us know by dropping an
email to u...
--------------------
Reproducible Builds (diffoscope): diffoscope 264 released
https://diffoscope.org/news/diffoscope-264-released/
April 12, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 264. This version includes the following changes:
[ Chris Lamb ]
* Don't crash on invalid zipfiles, even if we encounter 'badness'
through through the file. (Re: #1068705)
[ FC (Fay) Stegerman ]
* Add note when there are duplicate entries in ZIP files.
(Closes: reproducible-builds/diffoscope!140)
[ Vagrant Cascadian ]
* Add an external tool reference for GNU Guix for zipdetails.
You find out more by vis...
--------------------
Jonathan McDowell: Sorting out backup internet #1: recursive DNS
https://www.earth.li/~noodles/blog/2024/04/backup-internet-rdns.html
April 11, 2024, 5:41 PM
I work from home these days, and my nearest office is over 100 miles away, 3 hours door to door if I travel by train (and, to be honest, probably not a lot faster given rush hour traffic if I drive). So I’m reliant on a functional internet connection in order to be able to work. I’m lucky to have access to Openreach FTTP, provided by Aquiss, but I worry about what happens if there’s a cable cut somewhere or some other long lasting problem. Worst case I could tether to my work phone, or try...
--------------------
Reproducible Builds: Reproducible Builds in March 2024
https://reproducible-builds.org/reports/2024-03/
April 11, 2024, 4:49 PM
Welcome to the March 2024 report from the Reproducible Builds project! In our reports, we attempt to outline what we have been up to over the past month, as well as mentioning some of the important things happening more generally in software supply-chain security. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.
Table of contents:
Arch Linux minimal container userland now 100% reproducible
Validating Debian’s build infrastru...
--------------------
Russell Coker: ML Training License
https://etbe.coker.com.au/2024/04/11/ml-training-license/
April 11, 2024, 11:30 AM
Last year a Debian Developer blogged about writing Haskell code to give a bad result for LLMs that were trained on it. I forgot who wrote the post and I’d appreciate the URL if anyone has it.
I respect such technical work to enforce one’s legal rights when they aren’t respected by corporations, but I have a different approach.
As an aside the Fosdem lecture “Fortify AI against regulation, litigation and lobotomies” is interesting on this topic [1], it’s what inspired me to write abou...
--------------------
Wouter Verhelst: OpenSC and the Belgian eID
https://grep.be/blog//en/computer/eID/OpenSC_and_the_Belgian_eID/
April 11, 2024, 9:33 AM
Getting the Belgian eID to work on Linux
systems should be fairly easy, although some people do struggle with it.
For that reason, there is a lot of third-party documentation out there
in the form of blog posts, wiki pages, and other kinds of things.
Unfortunately, some of this documentation is simply wrong. Written by
people who played around with things until it kind of worked, sometimes
you get a situation where something that used to work in the past (but
wasn't really necessary) now stoppe...
--------------------
Ian Jackson: Why we’ve voted No to CfD for Derril Water solar farm
https://diziet.dreamwidth.org/18394.html
April 9, 2024, 9:38 PM
ceb and I are members of the Derril Water Solar Park cooperative.
We were recently invited to vote on whether the coop should bid for a Contract for Difference, in a government green electricity auction.
We’ve voted No.
“Green electricity” from your mainstream supplier is a lie
Ripple
Contracts for Difference
Ripple and CfD
Voting No
“Green electricity” from your mainstream supplier is a lie
For a while ceb and I have wanted to contribute directly to green energy provision. This isn�...
--------------------
Gunnar Wolf: Think outside the box • Welcome Eclipse!
https://gwolf.org/2024/04/think-outside-the-box-welcome-eclipse.html
April 9, 2024, 4:38 PM
Now that we are back from our six month period in Argentina, we
decided to adopt a kitten, to bring more diversity into our
lives. Perhaps this little girl will teach us to think outside the
box!
Yesterday we witnessed a solar eclipse — Mexico City was not in the
totality range (we reached ~80%), but it was a great experience to go
with the kids. A couple dozen thousand people gathered for a massive
picnic in las islas, the main area inside our university campus.
Afterwards, we went br...
--------------------
Matthew Palmer: How I Tripped Over the Debian Weak Keys Vulnerability
https://www.hezmatt.org/~mpalmer/blog/2024/04/09/how-i-tripped-over-the-debian-weak-keys-vuln.html
April 9, 2024, 12:00 AM
Those of you who haven’t been in IT for far, far too long might not know that next month will be the 16th(!) anniversary of the disclosure of what was, at the time, a fairly earth-shattering revelation: that for about 18 months, the Debian OpenSSL package was generating entirely predictable private keys.
The recent xz-stential threat (thanks to @nixCraft for making me aware of that one), has got me thinking about my own serendipitous interaction with a major vulnerability.
Given that the stat...
--------------------
Bastian Blank: Python dataclasses for Deb822 format
https://bblank.thinkmo.de/python-dataclasses-deb822.html
April 8, 2024, 5:00 PM
Python includes some helping support for classes that are designed to just hold some data and not much more: Data Classes.
It uses plain Python type definitions to specify what you can have and some further information for every field.
This will then generate you some useful methods, like __init__ and __repr__, but on request also more.
But given that those type definitions are available to other code, a lot more can be done.
There exists several separate packages to work on data classes.
For ex...
--------------------
Thorsten Alteholz: My Debian Activities in March 2024
http://blog.alteholz.eu/2024/04/my-debian-activities-in-march-2024/
April 7, 2024, 11:56 AM
FTP master
This month I accepted 147 and rejected 12 packages. The overall number of packages that got accepted was 151.
If you file an RM bug, please do check whether there are reverse dependencies as well and file RM bugs for them. It is annoying and time-consuming when I have to do the moreinfo dance.
Debian LTS
This was my hundred-seventeenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded:
[...
--------------------
John Goerzen: Facebook is Censoring Stories about Climate Change and Illegal Raid in Marion, Kansas
https://changelog.complete.org/archives/10657-facebook-is-censoring-stories-about-illegal-raid-in-marion-kansas
April 6, 2024, 2:00 PM
It is, sadly, not entirely surprising that Facebook is censoring articles critical of Meta.
The Kansas Reflector published an artical about Meta censoring environmental articles about climate change — deeming them “too controversial”.
Facebook then censored the article about Facebook censorship, and then after an independent site published a copy of the climate change article, Facebook censored it too.
The CNN story says Facebook apologized and said it was a mistake and was fixing it.
Colo...
--------------------
Junichi Uekawa: Trying to explain analogue clock.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-6.html.en#2024-Apr-6-12:37:09
April 6, 2024, 3:37 AM
Trying to explain analogue clock. It's hard to
explain. Tried adding some things for affordance, and it is
still not enough. So it's not obvious which arm is the hour
and which arm is the minute.
analog clock
--------------------
Paul Wise: FLOSS Activities March 2024
http://bonedaddy.net/pabs3/log/2024/04/06/floss-activities/
April 5, 2024, 11:24 PM
Focus
This month I didn't have any particular focus.
I just worked on issues in my info bubble.
Changes
gt:
use standard systemd usb-gadget.target
SWH docs:
add FAQ item
reportbug:
allow overriding auto-applied tags
Debian BTS usertags:
fix up Ubuntu, porter, 64-bit time_t usertags
Debian wiki pages:
AutoGeneratedFiles
(1
2),
DebianDay
(2024),
Exploits,
GSoC,
gsoc,
Hardware/Wanted,
LTS/Development,
Ports/riscv64,
Sprints
(2024/DebianMed),
Statistics,
Year
Issues
Features in
SWH
(1
2),
sw...
--------------------
Dirk Eddelbuettel: RcppArmadillo 0.12.8.2.0 on CRAN: Upstream Fix
http://dirk.eddelbuettel.com/blog/2024/04/05#rcpparmadillo_0.12.8.2.0
April 5, 2024, 10:12 PM
Armadillo is a powerful
and expressive C++ template library for linear algebra and scientific
computing. It aims towards a good balance between speed and ease of use,
has a syntax deliberately close to Matlab, and is useful for algorithm
development directly in C++, or quick conversion of research code into
production environments. RcppArmadillo
integrates this library with the R environment and language–and is
widely used by (currently) 1136 other packages on CRAN, downloaded 33.5 million
tim...
--------------------
Bits from Debian: apt install dpl-candidate: Sruthi Chandran
https://bits.debian.org/2024/04/dpl-interview-SruthiChandran.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The DPL is the official representative of representative of The Debian Project tasked with managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served...
--------------------
Bits from Debian: apt install dpl-candidate: Andreas Tille
https://bits.debian.org/2024/04/dpl-interview-AndresTille.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The Project Leader is the official representative of The Debian Project tasked with
managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served 4 ter...
--------------------
Emanuele Rocca: PGP keys on Yubikey, with a side of Mutt
https://www.linux.it/~ema/posts/pgp-keys-on-yubikey/
April 5, 2024, 1:22 PM
Here are my notes about copying PGP keys to external hardware devices such as
Yubikeys. Let me begin by saying that the gpg tools are pretty bad at this.
MAKE A COUPLE OF BACKUPS OF ~/.gnupg/ TO DIFFERENT ENCRYPTED USB STICKS
BEFORE YOU START. GPG WILL MESS UP YOUR KEYS. SERIOUSLY.
For example, would you believe me if I said that saving changes results in
the removal of your private key? Well
check this
out.
Now that you have multiple safe, offline backups of your keys, here are my notes.
...
--------------------
Reproducible Builds (diffoscope): diffoscope 263 released
https://diffoscope.org/news/diffoscope-263-released/
April 5, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 263. This version includes the following changes:
[ Chris Lamb ]
* Add support for the zipdetails(1) tool included in the Perl distribution.
Thanks to Larry Doolittle et al. for the pointer to this tool.
* Don't use parenthesis within test "skipping…" messages; PyTest adds its own
parenthesis, so we were ending up with double nested parens.
* Fix the .epub tests after supporting zipdetails(1).
* Update co...
--------------------
John Goerzen: The xz Issue Isn’t About Open Source
https://changelog.complete.org/archives/10642-the-xz-issue-isnt-about-open-source
April 4, 2024, 10:07 PM
You’ve probably heard of the recent backdoor in xz. There have been a lot of takes on this, most of them boiling down to some version of:
The problem here is with Open Source Software.
I want to say not only is that view so myopic that it pushes towards the incorrect, but also it blinds us to more serious problems.
Now, I don’t pretend that there are no problems in the FLOSS community. There have been various pieces written about what this issue says about the FLOSS community (usually with...
--------------------
Lukas Märdian: Netplan v1.0 paves the way to stable, declarative network management
https://blog.slyon.de/2024/04/04/netplan-v1-0-paves-the-way-to-stable-declarative-network-management/
April 4, 2024, 3:39 PM
New “netplan status –diff” subcommand, finding differences between configuration and system state
As the maintainer and lead developer for Netplan, I’m proud to announce the general availability of Netplan v1.0 after more than 7 years of development efforts. Over the years, we’ve so far had about 80 individual contributors from around the globe. This includes many contributions from our Netplan core-team at Canonical, but also from other big corporations such as Microsoft or Deutsch...
--------------------
Bits from Debian: Proxmox Platinum Sponsor of DebConf24
https://bits.debian.org/2024/04/proxmox-platinum-debconf24.html
April 3, 2024, 11:17 PM
We are pleased to announce that Proxmox
has committed to sponsor DebConf24 as a
Platinum Sponsor.
Proxmox provides powerful and user-friendly open-source server software.
Enterprises of all sizes and industries use Proxmox solutions to deploy
efficient and simplified IT infrastructures, minimize total cost of ownership,
and avoid vendor lock-in. Proxmox also offers commercial support, training
services, and an extensive partner ecosystem to ensure business continuity
for its customers. Proxmox ...
--------------------
Guido Günther: Free Software Activities March 2024
https://honk.sigxcpu.org/con/Free_Software_Activities_March_2024.html
April 3, 2024, 10:12 AM
A short status update of what happened on my side last month. I spent
quiet a bit of time reviewing new, code (thanks!) as well as
maintenance to keep things going but we also have some improvements:
Phosh
Release phosh 0.37.0
Add support for progress indicator and counts to lockscreen launcher entries: Merge request,
Demo using Phosh-EV's charge status as example (Merge request)
Fix 5G with MM: Merge Request
Doc updates: Merge Request
Drop builtin session support Merge request
Support gnome-...
--------------------
Joey Hess: reflections on distrusting xz
http://joeyh.name/blog/entry/reflections_on_distrusting_xz/
April 3, 2024, 8:48 AM
Was the ssh backdoor the only goal that "Jia Tan" was pursuing
with their multi-year operation against xz?
I doubt it, and if not, then every fix so far has been incomplete,
because everything is still running code written by that entity.
If we assume that they had a multilayered plan, that their every action was
calculated and malicious, then we have to think about the full threat
surface of using xz. This quickly gets into nightmare scenarios of the
"trusting trust" variety.
What if xz cont...
--------------------
Arnaud Rebillout: Firefox: Moving from the Debian package to the Flatpak app (long-term?)
https://arnaudr.io/2024/04/03/firefox-moving-from-the-debian-package-to-the-flatpak-app-long-term/
April 3, 2024, 12:00 AM
First, thanks to Samuel Henrique for giving notice of recent Firefox
CVEs in Debian
testing/unstable.
At the time I didn't want to upgrade my system (Debian Sid) due to the ongoing
t64 transition transition,
so I decided I could install the Firefox Flatpak app instead, and why not stick
to it long-term?
This blog post details all the steps, if ever others want to go the same road.
Flatpak Installation
Disclaimer: this section is hardly anything more than a copy/paste of the
official documentatio...
--------------------
Dirk Eddelbuettel: ulid 0.3.1 on CRAN: New Maintainer, Some Polish
http://dirk.eddelbuettel.com/blog/2024/04/02#ulid-0.3.1
April 2, 2024, 11:14 PM
Happy to share that ulid is now
(back) on CRAN. It provides
universally unique identifiers that are lexicographically sortable,
which improves over the more well-known uuid generators.
ulid is a
neat little package put together by Bob
Rudis a few years ago. It had recently drifted off CRAN so I offered to brush it up
and re-submit it. And as tooted
earlier today, it took just over an hour to finish that (after the
lead up work I had done, including prior email with CRAN in the loop,
the repo tra...
--------------------
Sven Hoexter: PKIX: pathLen Constrain on Root Certificates
http://sven.stormbind.net/blog/posts/pkix_pathlen_rootca/
April 2, 2024, 7:07 PM
I recently came a cross a x509 P(rivate)KI Root Certificate which had
a pathLen constrain set on the (self signed) Root Certificate.
Since that is not commonly seen I looked a bit around to get a
better understanding about how the pathLen basic constrain
should be used.
Primary source is
RFC 5280 section 4.2.1.9
The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit (Section 4.2.1.3). In this case, it gi...
--------------------
Bits from Debian: Bits from the DPL
https://bits.debian.org/2024/04/bits-from-the-dpl-april.html
April 2, 2024, 5:00 PM
Dear Debianites
This morning I decided to just start writing Bits from DPL and send
whatever I have by 18:00 local time. Here it is, barely proof read,
along with all it's warts and grammar mistakes! It's slightly long and
doesn't contain any critical information, so if you're not in the mood,
don't feel compelled to read it!
Get ready for a new DPL!
Soon, the voting period will start to elect our next DPL, and my time
as DPL will come to an end. Reading the questions posted to the new
candidate...
--------------------
Ben Hutchings: FOSS activity in March 2024
https://www.decadent.org.uk/ben/blog/2024/04/01/foss-activity-in-march-2024.html
April 1, 2024, 2:51 PM
I updated the Linux (4.19) package for buster to upstream version
4.19.311, but I did not make an upload this month.
I triaged recent CVE IDs assigned for kernel security issues, and
queried
some
duplicate
and
trivial
issues, which have now been rejected.
I reviewed and applied a fix for klibc’s inet_pton()
function. I
then
added some test cases for it,
and
made
further
fixes....
--------------------
Colin Watson: Free software activity in March 2024
https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-03.html
April 1, 2024, 1:10 PM
My Debian contributions this month were all
sponsored by Freexian.
Python team:
I updated
zope.testrunner to 6.4.
I fixed a build failure in
celery-haystack-ng, which included an
upstream change to stop using
d2to1.
I backported an upstream change to fix a build failure in
python-json-log-formatter.
I updated python-typing-extensions to 4.10.0 to fix a build
failure.
I updated wcwidth to 0.2.13 to fix a build
failure, which included rewriting
the Debian patches to update-table...
--------------------
Simon Josefsson: Towards reproducible minimal source code tarballs? On *-src.tar.gz
https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/
April 1, 2024, 10:28 AM
While the work to analyze the xz backdoor is in progress, several ideas have been suggested to improve the software supply chain ecosystem. Some of those ideas are good, some of the ideas are at best irrelevant and harmless, and some suggestions are plain bad. I’d like to attempt to formalize two ideas, which have been discussed before, but the context in which they can be appreciated have not been as clear as it is today.
Reproducible tarballs. The idea is that published source tarballs s...
--------------------
Arturo Borrero González: Kubecon and CloudNativeCon 2024 Europe summary
https://ral-arturo.org/2024/04/01/kubecon.html
April 1, 2024, 9:00 AM
This blog post shares my thoughts on attending Kubecon and CloudNativeCon 2024 Europe in Paris. It was my third time at
this conference, and it felt bigger than last year’s in Amsterdam. Apparently it had an impact on public transport. I
missed part of the opening keynote because of the extremely busy rush hour tram in Paris.
On Artificial Intelligence, Machine Learning and GPUs
Talks about AI, ML, and GPUs were everywhere this year. While it wasn’t my main interest, I did learn about GP...
--------------------
Junichi Uekawa: Learning about xz and what is happening is fascinating.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-1.html.en#2024-Apr-1-07:02:00
March 31, 2024, 10:02 PM
Learning about xz and what is happening is fascinating. The scope of potential exploit is very large. The Open source software space is filled with many unmaintained and unreviewed software.
--------------------
Russell Coker: Links March 2024
https://etbe.coker.com.au/2024/03/31/links-march-2024/
March 31, 2024, 12:51 PM
Bruce Schneier wrote an interesting blog post about his workshop on reimagining democracy and the unusual way he structured it [1]. It would be fun to have a security conference run like that!
Matthias write an informative blog post about Wayland “Wayland really breaks things… Just for now” which links to a blog debate about the utility of Wayland [2]. Wayland seems pretty good to me.
Cory Doctorow wrote an insightful article about the AI bubble comparing it to previous bubbles [3].
Charle...
--------------------
Steinar H. Gunderson: xz backdooring
http://blog.sesse.net/blog/tech/2024-03-30-11-39_xz_backdooring.html
March 30, 2024, 10:39 AM
Andres Freund found that xz-utils is backdoored,
but could not (despite the otherwise excellent analysis) get quite to the bottom of what the payload actually does.
What you would hope for to be posted by others: Further analysis of the payload.
What actually gets posted by others: “systemd is bad.”
Update: Good preliminary analysis....
--------------------
Raphaël Hertzog: Freexian is looking to expand its team with more Debian contributors
https://raphaelhertzog.com/2024/03/29/freexian-is-looking-to-expand-its-team-with-more-debian-contributors/
March 29, 2024, 3:13 PM
It’s been a while that I haven’t posted anything on my blog, the truth is that Freexian has been doing very well in the last years and that I have a hard time to allocate time to write articles or even to contribute to my usual Debian projects… the exception being debusine since that’s part of the Freexian work (have a look at our most recent announce!).
That being said, given Freexian’s growth and in the hope to reduce my workload, we are looking to extend our team with Debian m...
--------------------
Ravi Dwivedi: A visit to the Taj Mahal
https://ravidwivedi.in/posts/taj-mahal/
March 29, 2024, 10:13 AM
Note: The currency used in this post is Indian Rupees, which was around 83 INR for 1 US Dollar as that time.
I and my friend Badri visited the Taj Mahal this month. Taj Mahal is one of the main tourist destinations in India and does not need an introduction, I guess. It is in Agra, in the state of Uttar Pradesh, 188 km from Delhi by train. So, I am writing a post documenting useful information for people who are planning to visit Taj Mahal. Feel free to ask me questions about visiting the Taj Ma...
--------------------
Patryk Cisek: Sanoid on TrueNAS
https://prezu.ca/post/sanoid_on_truenas/
March 29, 2024, 1:18 AM
syncoid to TrueNAS In my homelab, I have 2 NAS systems:
Linux (Debian) TrueNAS Core (based on FreeBSD) On my Linux box, I use Jim Salter’s sanoid to periodically take snapshots of my ZFS pool. I also want to have a proper backup of the whole pool, so I use syncoid to transfer those snapshots to another machine. Sanoid itself is responsible only for taking new snapshots and pruning old ones you no longer care about....
--------------------
Reproducible Builds (diffoscope): diffoscope 262 released
https://diffoscope.org/news/diffoscope-262-released/
March 29, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 262. This version includes the following changes:
[ Chris Lamb ]
* Factor out Python version checking in test_zip.py. (Re: #362)
* Also skip some zip tests under 3.10.14 as well; a potential regression may
have been backported to the 3.10.x series. The underlying cause is still to
be investigated. (Re: #362)
You find out more by visiting the project homepage....
--------------------
Joey Hess: the vulture in the coal mine
http://joeyh.name/blog/entry/the_vulture_in_the_coal_mine/
March 28, 2024, 10:37 PM
Turns out that VPS provider Vultr's
terms of service
were quietly changed some time ago to give them a "perpetual, irrevocable"
license to use content hosted there in any way, including modifying it and
commercializing it "for purposes of providing the Services to you."
This is very similar to changes that
Github made to their TOS in 2017.
Since then, Github has been
rebranded as "The world’s leading AI-powered developer platform".
The language in their TOS now clearly lets them use content s...
--------------------
Scarlett Gately Moore: Kubuntu, KDE Report. In Loving Memory of my Son.
https://www.scarlettgatelymoore.dev/kubuntu-kde-report-in-loving-memory-of-my-son/
March 28, 2024, 5:54 PM
Personal:
As many of you know, I lost my beloved son March 9th. This has hit me really hard, but I am staying strong and holding on to all the wonderful memories I have. He grew up to be an amazing man, devoted christian and wonderful father. He was loved by everyone who knew him and will be truly missed by us all. I have had folks ask me how they can help. He left behind his 7 year old son Mason. Mason was Billy’s world and I would like to make sure Mason is taken care of. I have set up a ...
--------------------
Steinar H. Gunderson: git grudge
http://blog.sesse.net/blog/tech/2024-03-27-18-56_git_grudge.html
March 27, 2024, 5:56 PM
Small teaser:
Probably won't show up in aggregators (try this link instead).
--------------------
Emmanuel Kasper: Adding a private / custom Certificate Authority to the firefox trust store
https://00formicapunk00.wordpress.com/2024/03/26/adding-a-private-custom-certificate-authority-to-the-firefox-trust-store/
March 26, 2024, 6:43 PM
Today at $WORK I needed to add the private company Certificate Authority (CA) to Firefox, and I found the steps were unnecessarily complex.
Time to blog about that, and I also made a Debian wiki article of that post, so that future generations can update the information, when Firefox 742 is released on Debian 17.
The cacert certificate authority is not included in Debian and Firefox, and is thus a good example of adding a private CA.
Note that this does not mean I specifically endorse that CA.
...
--------------------
Jonathan Dowland: a bug a day
https://jmtd.net/log/a_bug_a_day/
March 25, 2024, 4:58 PM
I recently became a maintainer of/committer to IkiWiki,
the software that powers my site. I also took over maintenance of the Debian
package. Last week I cut a new upstream point release, 3.20200202.4, and a
corresponding Debian package upload, consisting only of a handful of
low-hanging-fruit patches from other people, largely to exercise both
processes.
I've been discussing IkiWiki's maintenance situation with some other users for
a couple of years now. I've also weighed up the pros and cons ...
--------------------
Valhalla's Things: Piecepack and postcard boxes
https://blog.trueelena.org/blog/2023/11/04-piecepack_and_postcard_boxes/index.html
March 25, 2024, 12:00 AM
Posted on March 25, 2024


Tags: madeof:bits, craft:cartonnage




This article has been originally posted on November 4, 2023, and has
been updated (at the bottom) since.
Thanks to All Saints’ Day, I’ve just had a 5 days weekend. One of those
days I woke up and decided I absolutely needed a cartonnage box for the
cardboard and linocut piecepack I’ve been working on for quite some
time.
I started drawing a plan with measures before breakfas...
--------------------
Anuradha Weeraman: Testing again
https://weeraman.com/testing-again/
March 24, 2024, 3:29 PM
123
--------------------
Anuradha Weeraman: This is a test
https://weeraman.com/this-is-a-test/
March 24, 2024, 3:26 PM
Testing 1 2 3
--------------------
Niels Thykier: debputy v0.1.21
https://people.debian.org/~nthykier/blog/2024/debputy-v0-1-21.html
March 24, 2024, 2:30 PM
Earlier today, I have just released debputy version 0.1.21
to Debian unstable. In the blog post, I will highlight some
of the new features.
Package boilerplate reduction with automatic relationship substvar
Last month, I started a discussion on rethinking how we do
relationship substvars such as the ${misc:Depends}. These
generally ends up being boilerplate runes in the form of
Depends: ${misc:Depends}, ${shlibs:Depends} where you
as the packager has to remember exactly which runes apply
to you...
--------------------
Marco d'Itri: CISPE's call for new regulations on VMware
https://blog.bofh.it/debian/id_469
March 24, 2024, 12:52 PM
A few days ago CISPE, a trade association of European cloud providers, published a press release complaining about the new VMware licensing scheme and asking for regulators and legislators to intervene.
But VMware does not have a monopoly on virtualization software: I think that asking regulators to interfere is unnecessary and unwise, unless, of course, they wish to question the entire foundations of copyright. Which, on the other hand, could be an intriguing position that I would support...
...
--------------------
Jacob Adams: Regular Reboots
https://tookmund.com/2024/03/regular-reboot
March 24, 2024, 12:00 AM
Uptime is often considered a measure of system reliability,
an indication that the running software is stable and can be counted on.
However, this hides the insidious build-up of state throughout the system as
it runs, the slow drift from the expected to the strange.
As Nolan Lawson highlights in an excellent post entitled
Programmers are bad at managing state,
state is the most challenging part of programming.
It’s why “did you try turning it off and on again” is a classic tech support
...
--------------------
Dirk Eddelbuettel: littler 0.3.20 on CRAN: Moar Features!
http://dirk.eddelbuettel.com/blog/2024/03/23#littler-0.3.20
March 23, 2024, 10:06 PM
The twentyfirst release of littler as a
CRAN package
landed on CRAN just now, following in the now eighteen year history (!!)
as a package started by Jeff in 2006, and joined
by me a few weeks later.
littler
is the first command-line interface for R as it predates
Rscript. It allows for piping as well for shebang
scripting via #!, uses command-line arguments more
consistently and still starts
faster. It also always loaded the methods package which
Rscript only began to do in recent years.
little...
--------------------
Bits from Debian: New Debian Developers and Maintainers (January and February 2024)
https://bits.debian.org/2024/03/new-developers-2024-02.html
March 23, 2024, 3:00 PM
The following contributors got their Debian Developer accounts in the last two months:
Carles Pina i Estany (cpina)
Dave Hibberd (hibby)
Soren Stoutner (soren)
Daniel Gröber (dxld)
Jeremy Sowden (azazel)
Ricardo Ribalda Delgado (ribalda)
The following contributors were added as Debian Maintainers in the last two months:
Joachim Bauch
Ananthu C V
Francesco Ballarin
Yogeswaran Umasankar
Kienan Stewart
Congratulations!...
--------------------