Debian is a trademark of Software in the Public Interest, Inc. This site is operated independently in the spirit of point three of the Debian Social Contract which tells us We will not hide problems.

Feeds

December 04, 2024

hackergotchi for Bits from Debian

Bits from Debian

"Ceratopsian" will be the default theme for Debian 13

The theme "Ceratopsian" by Elise Couper has been selected as the default theme for Debian 13 "trixie". The theme is inspired by Trixie's (the fictional character from Toy Story) frill and is also influenced by a previously used theme called "futurePrototype" by Alex Makas.

Ceratopsian wallpaper. Click to see the whole theme proposal

Ceratopsian Website banner. Click to see the whole theme proposal

After the Debian Desktop Team made the call for proposing themes, a total of six choices were submitted. The desktop artwork poll was open to the public, and we received 2817 responses ranking the different choices, of which Ceratopsian has been ranked as the winner among them.

We'd like to thank all the designers that have participated and have submitted their excellent work in the form of wallpapers and artwork for Debian 13.

Congratulations, Elise, and thank you very much for your contribution to Debian!

04 December, 2024 12:30PM by Jonathan Carter

December 03, 2024

Antoine Beaupré

Why I should be running Debian unstable right now

So a common theme on the Internet about Debian is so old. And right, I am getting close to the stage that I feel a little laggy: I am using a bunch of backports for packages I need, and I'm missing a bunch of other packages that just landed in unstable and didn't make it to backports for various reasons.

I disagree that "old" is a bad thing: we definitely run Debian stable on a fleet of about 100 servers and can barely keep up, I would make it older. And "old" is a good thing: (port) wine and (any) beer needs time to age properly, and so do humans, although some humans never seem to grow old enough to find wisdom.

But at this point, on my laptop, I am feeling like I'm missing out. This page, therefore, is an evolving document that is a twist on the classic NewIn game. Last time I played seems to be #newinwheezy (2013!), so really, I'm due for an update. (To be fair to myself, I do keep tabs on upgrades quite well at home and work, which do have their share of "new in", just after the fact.)

New packages to explore

Those tools are shiny new things available in unstable or perhaps Trixie (testing) already that I am not using yet, but I find interesting enough to list here.

  • backdown: clever file deduplicator
  • broot: a TUI file manager with ncdu and magit-like features
  • codesearch: search all of Debian's source code (tens of thousands of packages) from the commandline! (see also dcs-cli, not in Debian)
  • dasel: JSON/YML/XML/CSV parser, similar to jq, but different syntax, not sure I'd grow into it, but often need to parse YML like JSON and failing
  • fyi: notify-send replacement
  • git-subrepo: git-submodule replacement I am considering
  • gpg-from-sq: Sequoia (Rust!) wrapper for GnuPG, might be able to replace everything but gpg-agent! currently at least missing send-keys, card-status, performance improvements on key listings, and quick-gen-key, but those can all be accessed through the gpg-from-gpg, and all work in progress
  • gtklock: swaylock replacement with bells and whistles, particularly interested in showing time, battery and so on
  • hyprland: possible Sway replacement, but there are rumors of a toxic community (rebuttal, I haven't reviewed either in detail), so approach carefully)
  • kooha: simple screen recorder with audio support, currently using wf-recorder which is a more.. minimalist option
  • linescroll: rate graphs on live logs, mostly useful on servers though
  • memray: Python memory profiler
  • ruff: faster Python formatter and linter, flake8/black/isort replacement, alas not mypy/LSP unfortunately, designed to be ran alongside such a tool, which is not possible in Emacs eglot right now, but is possible in lsp-mode
  • sfwbar: pretty status bar, may replace waybar, which i am somewhat unhappy with (my UTC clock disappears randomly)
  • shoutidjc: streaming workstation, currently using butt but it doesn't support HTTPS correctly
  • spytrap-adb: cool spy gear
  • syslog-summary: log summarizer, one of many of the kind, but made by Lars, so it must be good
  • trippy: trippy network analysis tool, kind of an improved MTR
  • yubikey-touch-detector: notifications for when I need to touch my YubiKey

New packages I won't use

Those are packages that I have tested because I found them interesting, but ended up not using, but I think people could find interesting anyways.

  • kew: surprisingly fast music player, parsed my entire library (which is huge) instantaneously and just started playing (I still use Supersonic, for which I maintain a flatpak on my Navidrome server)
  • mdformat: good markdown formatter, think black or gofmt but for markdown), but it didn't actually do what I needed, and it's not quite as opinionated as it should (or could) be)

Backports already in use

Those are packages I already use regularly, which have backports or that can just be installed from unstable:

  • asn: IP address forensics
  • diffr: improved git diffs - i typically have this in magit, but this is useful when calling git diff directly in a shell, which i still do sometimes - riff is similar but not in Debian, and there's also git-delta that's only in trixie
  • markdownlint: markdown linter, I use that a lot
  • poweralertd: pops up "your battery is almost empty" messages
  • sway-notification-center: used as part of my status bar, yet another status bar basically, a little noisy, stuck in a libc dep update
  • tailspin: used to color logs

Out of date packages

Those are packages that are in Debian stable (Bookworm) already, but that are somewhat lacking and could benefit from an upgrade.

Last words

If you know of cool things I'm missing out of, then by all means let me know!

That said, overall, this is a pretty short list! I have most of what I need in stable right now, and if I wasn't a Debian developer, I don't think I'd be doing the jump now. But considering how easier it is to develop Debian (and how important it is to test the next release!), I'll probably upgrade soon.

Previously, I was running Debian testing (which why the slug on that article is why-trixie), but now I'm actually considering just running unstable on my laptop directly anyways. It's been a long time since we had any significant instability there, and I can typically deal with whatever happens, except maybe when I'm traveling, and then it's easy to prepare for that (just pin testing).

03 December, 2024 04:26PM

Russ Allbery

Review: Astrid Parker Doesn't Fail

Review: Astrid Parker Doesn't Fail, by Ashley Herring Blake

Series: Bright Falls #2
Publisher: Berkley Romance
Copyright: November 2022
ISBN: 0-593-33644-5
Format: Kindle
Pages: 365

Astrid Parker Doesn't Fail is a sapphic romance novel and a sequel to Delilah Green Doesn't Care. This is a romance style of sequel, which means that it spoils the previous book but involves a different set of protagonists, one of whom was a supporting character in the previous novel.

I suppose the title is a minor spoiler for Delilah Green Doesn't Care, but not one that really matters.

Astrid Parker's interior design business is in trouble. The small town of Bright Falls doesn't generate a lot of business, and there are limits to how many dentist office renovations that she's willing to do. The Everwood Inn is her big break: Pru Everwood has finally agreed to remodel and, even better, Innside America wants to feature the project. The show always works with local designers, and that means Astrid. National TV exposure is just what she needs to turn her business around and avoid an unpleasant confrontation with her domineering, perfectionist mother.

Jordan Everwood is an out-of-work carpenter and professional fuck-up. Ever since she lost her wife, nothing has gone right either inside or outside of her head. Now her grandmother is renovating the favorite place of her childhood, and her novelist brother had the bright idea of bringing her to Bright Falls to help with the carpentry work. The remodel and the HGTV show are the last chance for the inn to stay in business and stay in the family, and Jordan is terrified that she's going to fuck that up too. And then she dumps coffee all over the expensive dress of a furious woman in a designer dress because she wasn't watching where she was going, and that woman turns out to be the designer of the Everwood Inn renovation. A design that Jordan absolutely loathes.

The reader met Astrid in Delilah Green Doesn't Care (which you definitely want to read first). She's a bit better than she was there, but she's still uptight and unhappy and determined not to think too hard about why. When Jordan spills coffee down her favorite dress in their first encounter, shattering her fragile professional calm, it's not a meet-cute. Astrid is awful to her. Her subsequent regret, combined with immediately having to work with her and the degree to which she finds Jordan surprisingly attractive (surprising in part because Astrid thinks she's straight), slowly crack open Astrid's too-controlled life.

This book was, once again, just compulsively readable. I read most of it the same day that I started it, staying up much too late, and then finished it the next day. It also once again made me laugh in delight at multiple points. I am a sucker for stories about someone learning how to become a better person, particularly when it involves a release of anxiety, and oh my does Blake ever deliver on that. Jordan's arc is more straightforward than Astrid's — she just needs to get her confidence back — but her backstory is a lot more complex than it first appears, including a morally ambiguous character who I would hate in person but who I admired as a deft and tricky bit of characterization.

The characters from Delilah Green Doesn't Care of course play a significant role. Delilah in particular is just as much of a delight here as she was in the first book, and I enjoyed seeing the development of her relationship with her step-sister. But the new characters, both the HGTV film crew and the Everwoods, are also great. I think Blake has a real knack for memorable, distinct supporting characters that add a lot of depth to the main romance plot.

I thought this book was substantially more sex-forward than Delilah Green Doesn't Care, with some lust at first or second sight, a bit more physical description of bodies, and an extended section in the middle of the book that's mostly about sex. If this is or is not your thing in romance novels, you may have a different reaction to this book than the previous one.

There is, unfortunately, another third-act break-up, and this one annoyed me more than the one in Delilah Green Doesn't Care because it felt more unnecessary and openly self-destructive. The characters felt like they were headed towards a more sensible and less dramatic resolution, and then that plot twist caught me by surprise in an unpleasant way. After two books, I'm getting the sense that Blake has a preferred plot arc, at least in this series, and I wish she'd varied the story structure a bit more. Still, the third-act conflict was somewhat believable and the resolution was satisfying enough to salvage it.

If it weren't for some sour feelings about the shape of that plot climax, I would have said that I liked this book even better than Delilah Green Doesn't Care, and that's a high bar. This series is great, and I will definitely be reading the third one. I'm going to be curious how that goes since it's about Iris, who so far has worked better for me as a supporting character than a protagonist. But Blake has delivered compulsively readable and thoroughly enjoyable books twice now, so I'm definitely here for the duration.

If you like this sort of thing, I highly recommend this whole series.

Followed by Iris Kelly Doesn't Date in the romance series sense, but as before this book is a complete story with a satisfying ending.

Rating: 9 out of 10

03 December, 2024 03:26AM

December 02, 2024

hackergotchi for Bits from Debian

Bits from Debian

Bits from the DPL

This is bits from DPL for November.

MiniDebConf Toulouse

I had the pleasure of attending the MiniDebConf in Toulouse, which featured a range of engaging talks, complementing those from the recent MiniDebConf in Cambridge. Both events were preceded by a DebCamp, which provided a valuable opportunity for focused work and collaboration.

DebCamp

During these events, I participated in numerous technical discussions on topics such as maintaining long-neglected packages, team-based maintenance, FTP master policies, Debusine, and strategies for separating maintainer script dependencies from runtime dependencies, among others. I was also fortunate that members of the Publicity Team attended the MiniDebCamp, giving us the opportunity to meet in person and collaborate face-to-face.

Independent of the ongoing lengthy discussion on the Debian Devel mailing list, I encountered the perspective that unifying Git workflows might be more critical than ensuring all packages are managed in Git. While I'm uncertain whether these two questions--adopting Git as a universal development tool and agreeing on a common workflow for its use--can be fully separated, I believe it's worth raising this topic for further consideration.

Attracting newcomers

In my own talk, I regret not leaving enough time for questions--my apologies for this. However, I want to revisit the sole question raised, which essentially asked: Is the documentation for newcomers sufficient to attract new contributors? My immediate response was that this question is best directed to new contributors themselves, as they are in the best position to identify gaps and suggest improvements that could make the documentation more helpful.

That said, I'm personally convinced that our challenges extend beyond just documentation. I don't get the impression that newcomers are lining up to join Debian only to be deterred by inadequate documentation. The issue might be more about fostering interest and engagement in the first place.

My personal impression is that we sometimes fail to convey that Debian is not just a product to download for free but also a technical challenge that warmly invites participation. Everyone who respects our Code of Conduct will find that Debian is a highly diverse community, where joining the project offers not only opportunities for technical contributions but also meaningful social interactions that can make the effort and time truly rewarding.

In several of my previous talks (you can find them on my talks page –just search for "team," and don't be deterred if you see "Debian Med" in the title; it's simply an example), I emphasized that the interaction between a mentor and a mentee often plays a far more significant role than the documentation the mentee has to read. The key to success has always been finding a way to spark the mentee's interest in a specific topic that resonates with their own passions.

Bug of the Day

In my presentation, I provided a brief overview of the Bug of the Day initiative, which was launched with the aim of demonstrating how to fix bugs as an entry point for learning about packaging. While the current level of interest from newcomers seems limited, the initiative has brought several additional benefits.

I must admit that I'm learning quite a bit about Debian myself. I often compare it to exploring a house's cellar with a flashlight –you uncover everything from hidden marvels to things you might prefer to discard. I've also come across traces of incredibly diligent people who have invested their spare time polishing these hidden treasures (what we call NMUs). The janitor, a service in Salsa that automatically updates packages, fits perfectly into this cellar metaphor, symbolizing the ongoing care and maintenance that keep everything in order. I hadn't realized the immense amount of silent work being done behind the scenes--thank you all so much for your invaluable QA efforts.

Reproducible builds

It might be unfair to single out a specific talk from Toulouse, but I'd like to highlight the one on reproducible builds. Beyond its technical focus, the talk also addressed the recent loss of Lunar, whom we mourn deeply. It served as a tribute to Lunar's contributions and legacy. Personally, I've encountered packages maintained by Lunar and bugs he had filed. I believe that taking over his packages and addressing the bugs he reported is a meaningful way to honor his memory and acknowledge the value of his work.

Advent calendar bug squashing

I’d like to promote an idea originally introduced by Thorsten Alteholz, who in 2011 proposed a Bug Squashing Advent Calendar for the Debian Med team. (For those unfamiliar with the concept of an Advent Calendar, you can find an explanation on Wikipedia.) While the original version included a fun graphical element —which we’ve had to set aside due to time constraints (volunteers, anyone?)— we’ve kept the tradition alive by tackling one bug per day from December 1st to 24th each year. This initiative helps clean up issues that have accumulated over the year.

Regardless of whether you celebrate the concept of Advent, I warmly recommend this approach as a form of continuous bug-squashing party for every team. Not only does it contribute to the release readiness of your team’s packages, but it’s also an enjoyable and bonding activity for team members.

Best wishes for a cheerful and productive December

Andreas.

02 December, 2024 11:00PM by Andreas Tille

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

anytime 0.3.10 on CRAN: Multiple Enhancements

A new release of the anytime package arrived on CRAN today—the first is well over four years. The package is fairly feature-complete, and code and functionality remain mature and stable, of course.

anytime is a very focused package aiming to do just one thing really well: to convert anything in integer, numeric, character, factor, ordered, … input format to either POSIXct (when called as anytime) or Date objects (when called as anydate) – and to do so without requiring a format string as well as accomodating different formats in one input vector. See the anytime page, or the GitHub repo for a few examples, and the beautiful documentation site for all documentation.

This release slowly matured over four years. It combines a number of strictly internal repository maintenance such as changes to continuous integration with small enhancements (adding for example some new formats, responding better to an error condition, dealing with logical input as an error) with a relaxation of the C++ compilation standard. While we once needed C++11, it is now a constraint as as R itself is quite proactive (the last two releases defaulted already to C++17, suitable compiler permitting) we can now relax this constraint. The documentation site is new, as some other small changes. See the full list of changes which follows.

Changes in anytime version 0.3.10 (2024-12-02)

  • A new documentation site was added.

  • Continuous Integration now uses run.sh from r-ci with bspm

  • Logical input vectors are now recognised as an error (#121)

  • Additional dot-separated format '%Y.%m.%d' is supported

  • Other small updates were made throughout the package

  • No longer set a C++ compilation standard as the default choices by R are sufficient for the package

  • Switch Rcpp include file to Rcpp/Lightest

  • We recommend ~/.R/Makevars compiler flag options -Wno-ignored-attributes -Wno-nonnull -Wno-parentheses

  • The tinytest runner was simplified

  • NA values from conversion now trigger a warning

Courtesy of my CRANberries, there is also a diffstat report of changes relative to the previous release. The issue tracker tracker off the GitHub repo can be use for questions and comments. More information about the package is at the package page, the GitHub repo and the documentation site. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

02 December, 2024 10:01PM

hackergotchi for Jonathan Dowland

Jonathan Dowland

jungle/acid/etc

I thought it had been a full year since I last shared a playlist, but it's been two! I had a plan to produce more, but it seems I haven't. Instead here's a few tracks I've discovered recently which share a common theme.

In August I stumbled across a Sound on Sound video interviewing Pete Cannon, who creates authentically old-school Jungle music using tools and techniques from the time, including AKAI samplers and the Commodore Amiga computer.

Here's three tracks that I found since then. Some 8-bit Amiga-jungle,

by

some slower-paced acid house from someone ostensibly based on Whitley Bay,

by

and a darker piece I heard on the radio.

by

02 December, 2024 10:00PM

hackergotchi for Junichi Uekawa

Junichi Uekawa

Graph for my furusato tax.

Graph for my furusato tax. Exceeding 150-man will inevitably exceed 50-man limit for Ichiji-shotoku. So added some rough calculation there. graph.

02 December, 2024 05:39AM by Junichi Uekawa

Russ Allbery

Review: Long Live Evil

Review: Long Live Evil, by Sarah Rees Brennan

Series: Time of Iron #1
Publisher: Orbit
Copyright: July 2024
ISBN: 0-316-56872-4
Format: Kindle
Pages: 433

Long Live Evil is a portal fantasy (or, arguably more precisely, a western take on an isekai villainess fantasy) and the first book of a series. If the author's name sounds familiar, it's possibly because of In Other Lands, which got a bunch of award nominations in 2018, She has also written a lot of other YA fantasy, but this is her first adult epic fantasy novel.

Rae is in the hospital, dying of cancer. Everything about that experience, from the obvious to the collapse of her friendships, absolutely fucking sucks. One of the few bright points is her sister's favorite fantasy series, Time of Iron, which her sister started reading to her during chemo sessions. Rae mostly failed to pay attention until the end of the first book and the rise of the Emperor. She fell in love with the brooding, dangerous anti-hero and devoured the next two books. The first book was still a bit hazy, though, even with the help of a second dramatic reading after she was too sick to read on her own.

This will be important later.

After one of those reading sessions, Rae wakes up to a strange woman in her hospital room who offers her an option. Rather than die a miserable death that bankrupts her family, she can go through a door to Eyam, the world of Time of Iron, and become the character who suits her best. If she can steal the Flower of Life and Death from the imperial greenhouse on the one day a year that it blooms, she will wake up, cured. If not, she will die. Rae of course goes through, and wakes in the body of Lady Rahela, the Beauty Dipped in Blood, the evil stepsister. One of the villains, on the night before she is scheduled to be executed.

Rae's initial panic slowly turns to a desperate glee. She knows all of these characters. She knows how the story will turn out. And she has a healthy body that's not racked with pain. Maybe she's not the heroine, but who cares, the villains are always more interesting anyway. If she's going to be cast as the villain, she's going to play it to the hilt. It's not like any of these characters are real.

Stories in which the protagonists are the villains are not new (Nimona and Hench come to mind just among books I've reviewed), but they are having a moment. Assistant to the Villain by Hannah Nicole Maehrer came out last year, and this book and Django Wexler's How to Become the Dark Lord and Die Trying both came out this year. This batch of villain books all take different angles on the idea, but they lean heavily on humor. In Long Live Evil, that takes the form of Rae's giddy embrace of villainous scheming, flouncing, and blatant plot manipulation, along with her running commentary on the various characters and their in-story fates.

The setup here is great. Rae is not only aware that she's in a story, she knows it's full of cliches and tropes. Some of them she loves, some of them she thinks are ridiculous, and she isn't shy about expressing both of those opinions. Rae is a naturally dramatic person, and it doesn't take her long to lean into the opportunities for making dramatic monologues and villainous quips, most of which involve modern language and pop culture references that the story characters find baffling and disconcerting.

Unfortunately, the base Time of Iron story is, well, bad. It's absurd grimdark epic fantasy with paper-thin characters and angst as a central character trait. This is clearly intentional for both in-story and structural reasons. Rae enjoys it precisely because it's full of blood and battles and over-the-top brooding, malevolent anti-heroes, and Rae's sister likes the impossibly pure heroes who suffer horrible fates while refusing to compromise their ideals. Rae is also about to turn the story on its head and start smashing its structure to try to get herself into position to steal the Flower of Life and Death, and the story has to have a simple enough structure that it doesn't get horribly confusing once smashed. But the original story is such a grimdark parody, and so not my style of fantasy, that I struggled with it at the start of the book.

This does get better eventually, as Rae introduces more and more complications and discovers some surprising things about the other characters. There are several delightful twists concerning the impossibly pure heroine of the original story that I will not spoil but that I thought retroactively made the story far more interesting. But that leads to the other problem: Rae is both not very good at scheming, and is flippant and dismissive of the characters around her. These are both realistic; Rae is a young woman with cancer, not some sort of genius mastermind, and her whole frame for interacting with the story is fandom discussions and arguments with her sister. Early in the book, it's rather funny. But as the characters around her start becoming more fleshed out and complex, Rae's inability to take them seriously starts to grate. The grand revelation to Rae that these people have their own independent existence comes so late in the book that it's arguably a spoiler, but it was painfully obvious to everyone except Rae for hundreds of pages before it got through Rae's skull.

Those are my main complaints, but there was a lot about this book that I liked. The Cobra, who starts off as a minor villain in the story, is by far the best character of the book. He's not only more interesting than Rae, he makes everyone else in the book, including Rae, more interesting characters through their interactions. The twists around the putative heroine, Lady Rahela's stepsister, are a bit too long in coming but are an absolute delight. And Key, the palace guard that Rae befriends at the start of the story, is the one place where Rae's character dynamic unquestionably works. Key anchors a lot of Rae's scenes, giving them a sense of emotional heft that Rae herself would otherwise undermine.

The narrator in this book does not stick with Rae. We also get viewpoint chapters from the Cobra, the Last Hope, and Emer, Lady Rahela's maid. The viewpoints from the Time of Iron characters can be a bit eye-roll-inducing at the start because of how deeply they follow the grimdark aesthetic of the original story, but by the middle of the book I was really enjoying the viewpoint shifts. This story benefited immensely from being seen from more angles than Rae's chaotic manipulation. By the end of the book, I was fully invested in the plot line following Cobra and the Last Hope, to the extent that I was a bit disappointed when the story would switch back to Rae.

I'm not sure this was a great book, but it was fun. It's funny in places, but I ended up preferring the heartfelt parts to the funny parts. It is a fascinating merger of gleeful fandom chaos and rather heavy emotional portrayals of both inequality and the experience of terminal illness. Rees Brennan is a stage four cancer survivor and that really shows; there's a depth, nuance, and internal complexity to Rae's reactions to illness, health, and hope that feels very real. It is the kind of book that can give you emotional whiplash; sometimes it doesn't work, but sometimes it does.

One major warning: this book ends on a ridiculous cliffhanger and does not in any sense resolve its main plot arc. I found this annoying, not so much because of the wait for the second volume, but because I thought this book was about the right length for the amount of time I wanted to spend in this world and wish Rees Brennan had found a way to wrap up the story in one book. Instead, it looks like there will be three books. I'm in for at least one more, since the story was steadily getting better towards the end of Long Live Evil, but I hope the narrative arc survives being stretched out across that many words.

This one's hard to classify, since it's humorous fantasy on the cover and in the marketing, and that element is definitely present, but I thought the best parts of the book were when it finally started taking itself seriously. It's metafictional, trope-subverting portal fantasy full of intentional anachronisms that sometimes fall flat and sometimes work brilliantly. I thought the main appeal of it would be watching Rae embrace being a proper villain, but then the apparent side characters stole the show. Recommended, but you may have to be in just the right mood.

Content notes: Cancer, terminal illness, resurrected corpses, wasting disease, lots of fantasy violence and gore, and a general grimdark aesthetic.

Rating: 7 out of 10

02 December, 2024 05:26AM

December 01, 2024

hackergotchi for Guido Günther

Guido Günther

Free Software Activities November 2024

Another short status update of what happened on my side last month. The larger blocks are the Phosh 0.43 release, the initial file chooser portal, phosh-osk-stub now handling digit, number, phone and PIN input purpose via special layouts as well as Phoc mostly catching up with wlroots 0.18 and the current development version targeting 0.19.

phosh

  • When taking a screenshot via keybinding or power button long press save screenshots to clipboard and disk (MR)
  • Robustify Screenshot CI job (MR)
  • Update CI pipeline (MR)
  • Fix notifications banners that aren't tall enough not being shown (MR). Another 4y old bug hopefully out of the way.
  • Add rfkill mock and docs (MR). Useful for HKS testing.
  • Release 0.43~rc1 and 0.43
  • Drop libsoup workaround (MR)
  • Ensure notification only takes its actual height (MR)

phoc

  • Move wlroots 0.18 update forward (MR). Needs a bit more work before we can make it default.
  • Catch up with wlroots development branch (MR) allowing us to test current wlroots again.
  • Some of the above already applies to main so schedule it for 0.44 (MR)

phosh-mobile-settings

  • Don't mark release notes as translatable to save some i18n effort (MR)
  • Release 0.43~rc1 and 0.43.0

libphosh-rs

phosh-osk-stub

  • Add layouts for PIN, number and phone input purpose (MR)
  • Release 0.43~rc1
  • Ensure translation get picked up, various cleanups and release 0.43.0 (MR)
  • Make desktop file match app-id (MR)

phosh-tour

  • Fix typo and reduce number of strings to translate (MR)
  • Add translator comments (MR). This, the above and additional fixes in p-m-s were prompted by i18n feedback from Alexandre Franke, thanks a lot!
  • Release 0.43.0

pfs

  • Initial version of the adaptive file chooser dialog using gtk-rs. See demo.
  • Allow to activate via double click (for non-touch use) (MR)

xdg-desktop-portal-phosh

  • Use pfs to provide a file chooser portal (MR)

meta-phosh

  • Slightly improve point release handling (MR)
  • Improve string freeze announcements and add phosh-tour (MR)

Debian

  • Upload Phosh 0.43.0~rc1 and 0.43.0 (MR, MR, MR, MR, MR, MR, MR, MR, MR, MR, MR)
  • meta-phosh: Add Recommend: for xdg-desktop-portal-phosh (MR)
  • phosh-osk-data got accepted, create repo, brush up packaging and upload to unstable (MR
  • phosh-osk-stub: Recommend data packager (MR
  • Phosh: drop reverts (MR)
  • varnam-schemes: Fix autopkgtest (MR)
  • varnam-schemes: Improve packaging (MR)
  • Prepare govarnam 1.9.1 (MR)

Calls

  • ussd: Set input purpose and switch to AdwDialog (MR, Screenshot)

libcall-ui

  • Drop libhandy leftover (MR)

git-buildpackage

  • Improve docs and cleanup markdown (MR)
  • Mention gbp push in intro (MR)
  • Use application instead of productname entities to improve reading flow (MR)

wlroots

  • Drop mention of wlr_renderer_begin_with_buffer (MR)

python-dbusmock

  • Add mock for gsd-rfkill (MR)

xdg-spec

  • Sync notification categories with the portal spec (MR)
  • Add categories for SMS (MR)
  • Add a pubdate so it's clear the specs aren't stale (MR) (got fixed in a different and better way, thanks Matthias!)

ashpd

  • Allow to set filters in file chooser portal demo (MR)

govarnam

  • Robustify file generation (MR)

varnam-schemes

  • Unbreak tests on non intel/amd architectures (e.g. arm64) (MR)

Reviews

This is not code by me but reviews I did on other peoples code. The list is incomplete, but I hope to improve on this in the upcoming months. Thanks for the contributions!

  • flathub: livi runtime and gst update (MR)
  • phosh: Split linters into their own test suite (MR)
  • phosh; QuickSettings follow-up (MR)
  • phosh: Accent color fixes (MR)
  • phosh: Notification animation (MR)
  • phosh: end-session dialog timeout fix (MR)
  • phosh: search daemon (MR)
  • phosh-ev: Migrate to newer gtk-rs and async_channel (MR)
  • phosh-mobile-settings: Update gmobile (MR)
  • phosh-mobile-settings: Make panel-switcher scrollable (MR)
  • phosh-mobile-settings: i18n comments (MR)
  • gbp doc updates (MR)
  • gbp handle suite names with number prefix (MR)
  • Debian libvirt dependency changes (MR
  • Chatty: misc improvements (MR
  • iio-sensor-proxy: buffer driver without trigger (MR)
  • gbp doc improvements (MR)
  • gbp: More doc improvements (MR)
  • gbp: Clean on failure (MR)
  • gbp: DEP naming consistency (MR)

Help Development

If you want to support my work see donations. This includes a list of hardware we want to improve support for. Thanks a lot to all current and past donors.

Comments?

Join the Fediverse thread

01 December, 2024 06:55PM

hackergotchi for Colin Watson

Colin Watson

Free software activity in November 2024

Most of my Debian contributions this month were sponsored by Freexian.

You can also support my work directly via Liberapay.

Conferences

I attended MiniDebConf Toulouse 2024, and the MiniDebCamp before it. Most of my time was spent with the Freexian folks working on debusine; Stefano gave a talk about its current status with a live demo (frantically fixed up over the previous couple of days, as is traditional) and with me and others helping to answer questions at the end. I also caught up with some people I haven’t seen in ages, ate a variety of delicious cheeses, and generally had a good time. Many thanks to the organizers and sponsors!

After the conference, Freexian collaborators spent a day and a half doing some planning for next year, and then went for an afternoon visiting the Cité de l’espace.

Rust team

I upgraded these packages to new upstream versions, as part of upgrading pydantic and rpds-py:

  • rust-archery
  • rust-jiter (noticing an upstream test bug in the process)
  • rust-pyo3 (fixing CVE-2024-9979)
  • rust-pyo3-build-config
  • rust-pyo3-ffi
  • rust-pyo3-macros
  • rust-pyo3-macros-backend
  • rust-regex
  • rust-regex-automata
  • rust-regex
  • rust-serde
  • rust-serde-derive
  • rust-serde-json
  • rust-speedate
  • rust-triomphe

Python team

Last month, I mentioned that we still need to work out what to do about the multipart vs. python-multipart name conflict in Debian (#1085728). We eventually managed to come up with an agreed plan; Sandro has uploaded a renamed binary package to experimental, and I’ve begun work on converting reverse-dependencies (asgi-csrf, fastapi, python-curies, and starlette done so far). There’s a bit more still to do, but I expect we can finish it soon.

I fixed problems related to adding Python 3.13 support in:

I fixed some packaging problems that resulted in failures any time we add a new Python version to Debian:

I fixed other build/autopkgtest failures in:

I packaged python-quart-trio, needed for a new upstream version of python-urllib3, and contributed a small packaging tweak upstream.

I backported a twisted fix that caused problems in other packages, including breaking debusine‘s tests.

I disentangled some upstream version confusion in python-catalogue, and upgraded to the current upstream version.

I upgraded these packages to new upstream versions:

Other small fixes

I contributed Incus support to needrestart upstream.

In response to Helmut’s Cross building talk at MiniDebConf Toulouse, I fixed libfilter-perl to support cross-building (5b4c2e10, f9788c27).

I applied a patch to move aliased files from / to /usr in iprutils (#1087733).

I adjusted debconf to use the new /usr/lib/apt/apt-extracttemplates path (#1087523).

I upgraded putty to 0.82.

01 December, 2024 03:00PM by Colin Watson

hackergotchi for Daniel Pocock

Daniel Pocock

Gerry ‘The Monk’ Hutch: criminals vs geeks, multinationals vs Ireland

Looking at the statistics for Dublin Central, there are 7,000 more preference transfers to be distributed and Gerry 'the Monk' Hutch has a lead of 800 votes over the candidate in fifth place. If the Monk gets another 300 votes from the transfers, Sherlock, in fifth place, would need another 1,100 votes to overtake and displace the Monk.

A lot of people don't fill in the whole ballot paper so it is not clear if Sherlock can get enough transfers to catch up.

Why did over 3,000 people give their first vote to a criminal but only 27 people gave their first vote to a software engineer who attempts to answer today's most critical questions about social control media's impact on children and the rise of AI? With so many tech workers in Ireland, why didn't they rally around one of their own?

The question about tech worker votes is easier to answer with facts that can be checked. Quite simply, many of the tech workers are not Irish citizens. They are a combination of European citizens and people from Brazil, India and further afield. The European citizens, for example, from Poland or Spain, are entitled to vote in the European elections but they are not entitled to vote in the national elections. Many people from countries like Brazil or India come to Ireland on a student visa to complete a masters degree, they are living in estates like Citywest on the edge of the city and they end up working as contractors for some of the large multinationals. Some of them are employed directly while many are employed as contractors. This makes it much harder to estimate their role in the economy. For various reasons, including the time they lose commuting, the silos created by their employment, their social circles and the neighborhoods where they live, we don't see these people participating in the open source eco-system or other voluntary pursuits.

On the question of people voting for Gerry 'the Monk' Hutch, this was already hinted at in my previous blog. The Monk received an enormous amount of free publicity due to his criminal record. If I speak to friends from France or other countries, they all seem to know that there is a criminal in the Irish election. International awareness of the Monk's history seems to be far higher than awareness that more significant figures, like the leader of Australia's opposition party, is a former detective and the British Prime Minister is a former Director of the Crown Prosecution Service.

For any Irish police (Gardai) who find this infatuation with a gangster unpalatable, Australia has offered them asylum.

Every few hours, the election officials stand up on a stage and give people an update on the progress of vote counting. As the names of the candidates are read out, their supporters cheer. Each time the name "Hutch, Gerard" is announced, there is silence. Despite spending all Saturday afternoon at the count center, I could not identify one person affiliated with the Monk.

While nobody cheers for him, everybody has something to say about it. His strong performance sends a message. The voters' message is not exactly clear but it is disparaging for everybody else in the room. One interpretation of the message is that Irish voters couldn't tell the difference between a politican and a criminal. Perhaps some people are so unhappy that they think a criminal could do better than the status quo. Or maybe the 3,000 people who voted Monk are all about to leave for Australia or the US anyway and this was their idea of a prank.

Whichever interpretation you choose, I had the perception that many people in Ireland's political elite did feel both insulted and undervalued both from the pro-Monk media bias and the voters' verdict. For some of the other candidates, the thought of finishing on only 27 votes like me would have been more bearable than the fact that they polled lower than the 3,000 votes achieved by the Monk.

From the Monk to the poisoned chalice

About a week ago, I wrote my own observations on the likely impact when US multinationals shift their corporation tax back to the US. On Tuesday, an official from the incoming Trump administration confirmed Ireland is a specific target and on Wednesday, two days before voting, the Irish government admitted that even if only three of the top multinationals stop paying Irish tax, the state will lose ten billion euros in revenue.

Candidates spent three weeks on the campaign trail promising to spend money but in reality, they will have to cut expenditures almost immediately. The promises from the campaign, for example, the cross-party support for the Western rail link are still fresh in the minds of voters.

Given the potential tax revenue shortfalls were announced in the week of the vote, I feel this created a war-time voting mentality. When voters face great uncertainty from things far away, like Ukraine, Gaza, Lebanon and Donald Trump, the voters tend to prefer the status quo and the larger parties.

We can see this in practice in various ways: except for the Monk, the campaigns of other high profile independent candidates generally fizzled out at the ballot box. The same logic explains the decimation of the Greens party. The Greens were a member of the previous coalition, having a minister in the ruling government gave them a lot of publicity but now they have lost almost all their seats. The communist party may win more seats than the Greens. When the country-at-war or world-at-war mentality is at the forefront of voters' minds, they may simply see the eco-policies of the Greens as a luxury that can be put on hold for another five years until the next election.

Yet in this particular case, the crisis Ireland faces is a crisis of having all our eggs in one basket with the corporate tax revenues of multinationals from a single country, the USA. The two large center right parties that Ireland votes for have created that situation and they have been complacent in spending the money year in and year out without working to diversify income streams for the state. Gravitating to the large well-known center right parties feels like a contradiction because it is a reward to the parties who created the problem.

Ironically, the same multinationals in the tech sector who have provided this tax revenue pre-Trump are also responsible for the problems of social control media and fake news that have negatively impacted the very same election campaign.

Looking towards the future: tax will be optional, for some

Wouldn't it be nice if tax was optional?

In fact, such situations do arise and they are not necessarily good for the state.

When paying tax is optional, the very large tax payers can exert even more influence. For example, if a multinational has a choice of paying their taxes in one of three countries and all three countries provide a similar tax rate, the multinational may seek to influence each of those countries to 'win' the taxes. As an example, the countries competing for that revenue may be encouraged to become even more dependent on the multinationals by putting all the state IT infrastructure into cloud services provided by the same companies.

A different type of multinational, Philip Morris, has their international headquarters in Vaud, Switzerland. For some years, they chose to optionally pay the church taxes. At some point they simply changed their mind and stopped paying that tax. It was odd to hear church leaders complaining about the loss of revenue from a tobacco company.

If it comes to pass that Gerry Hutch is elected, will we see him lobbying for the legalization and taxation of any other substances on Irish territory?

01 December, 2024 08:00AM

hackergotchi for Junichi Uekawa

Junichi Uekawa

Lots of travel and back to Tokyo.

Lots of travel and back to Tokyo. Then I got sick. Trying to work on my bass piece, but it's really hard and I am having hard time getting to a reasonable shape. Discussions on Debconf 2026 bid. Hoping it will materialize soon.

01 December, 2024 06:36AM by Junichi Uekawa

Russ Allbery

Review: Unexploded Remnants

Review: Unexploded Remnants, by Elaine Gallagher

Publisher: Tordotcom
Copyright: 2024
ISBN: 1-250-32522-6
Format: Kindle
Pages: 111

Unexploded Remnants is a science fiction adventure novella. The protagonist and world background would support an episodic series, but as of this writing it stands alone. It is Elaine Gallagher's first professional publication.

Alice is the last survivor of Earth: an explorer, information trader, and occasional associate of the Archive. She scouts interesting places, looks for inconsistencies in the stories the galactic civilizations tell themselves, and pokes around ruins for treasure. As this story opens, she finds a supposedly broken computer core in the Alta Sidoie bazaar that is definitely not what the trader thinks it is. Very shortly thereafter, she's being hunted by a clan of dangerous Delosi while trying to decide what to do with a possibly malevolent AI with frightening intrusion abilities.

This is one of those stories where all the individual pieces sounded great, but the way they were assembled didn't click for me. Unusually, I'm not entirely sure why. Often it's the characters, but I liked Alice well enough. The Lewis Carroll allusions were there but not overdone, her computer agent Bugs is a little too much of a Warner Brothers cartoon but still interesting, and the world building has plenty of interesting hooks. I certainly can't complain about the pacing: the plot moves briskly along to a somewhat predictable but still adequate conclusion. The writing is smooth and competent, and the world is memorable enough that I'm still thinking about it.

And yet, I never connected with this story. I think it may be because both Alice and the tight third-person narrator tend towards breezy confidence and matter-of-fact descriptions. Alice does, at times, get scared or angry, but I never felt those emotions. They were just events that were described to me. There wasn't an emotional hook, a place where the character grabbed me, and so it felt like everything was happening at an odd remove. The advantage of this approach is that there are no overwrought emotional meltdowns or brooding angstful protagonists, just an adventure story about a competent and thoughtful character, but I think I wanted a bit more emotional involvement than I got.

The world background is the best part and feels like it could be part of a larger series. The Milky Way is connected by an old, vast, and only partly understood network of teleportation portals, which had cut off Earth for unknown reasons and then just as mysteriously reactivated when Alice, then Andrew, drunkenly poked at a standing stone while muttering an old prayer in Gaelic. The Archive spent a year sorting out her intellectual diseases (capitalism was particularly alarming) and giving her a fresh start with a new body. Humanity subsequently destroyed itself in a paroxysm of reactionary violence, leaving Alice a free agent, one of a kind in a galaxy of dizzying variety and forgotten history.

Gallagher makes great use of the weirdness of the portal network to create a Star Wars style of universe: the focus is more on the diversity of the planets and alien species than on a coherent unifying structure. The settings of this book are not prone to Planet of the Hats problems. They instead have the contrasts that one would get if one dropped portals near current or former Earth population centers and then took a random walk through them (or, in other words, what playing GeoGuessr on a world map feels like). I liked this effect, but I have to admit that it also added to that sense of sliding off the surface of the story. The place descriptions were great bits of atmosphere, but I never cared about them. There isn't enough emotional coherence to make them memorable.

One of the more notable quirks of this story is the description of ideologies and prejudices as viral memes that can be cataloged, cured, and deployed like weapons. This is a theme of the world-building as well: this society, or at least the Archive-affiliated parts of it, classifies some patterns of thought as potentially dangerous but treatable contagious diseases. I'm not going to object too much to this as a bit of background and characterization in a fairly short novella stuffed with a lot of other world-building and plot, but there's was something about treating ethical systems like diseases that bugged me in much the same way that medicalization of neurodiversity bugs me. I think some people will find that sense of moral clarity relaxing and others will find it vaguely irritating, and I seem to have ended up in the second group.

Overall, I would classify this as an interesting not-quite-success. It felt like a side story in a larger universe, like a story that would work better if I already knew Alice from other novels and had an established emotional connection with her. As is, I would not really recommend it, but there are enough good pieces here that I would be interested to see what Gallagher does next.

Rating: 6 out of 10

01 December, 2024 03:10AM

hackergotchi for Sandro Knauß

Sandro Knauß

QML Dependency tracking in Debian

Tracking library dependencies work in Debian to resolve from symbols usage to a library and add this to the list of dependencies. That is working for years now. The KDE community nowadays create more and more QML based applications. Unfortunately QML is a interpreted language, this means missing QML dependencies will only be an issue at runtime.

To fix this I created dh_qmldeps, that searches for QML dependencies at build time and will fail if it can't resolve the QML dependency.

Me didn't create an own QML interpreter, just using qmlimportscanner behind the scenes and process the output further to resolve the QML modules to Debian packages.

The workflow is like follows:

The package compiles normally and split to the binary packages. Than dh_qmldeps scans through the package content to find QML content ( .qml files, or qmldirfor QML modules). All founded files will be scanned by qmlimportscanner, the output is a list of depended QML modules. As QML modules have a standardized file path, we can ask the Debian system, which packages ship this file path. We end up with a list of Debian packages in the variable ${qml6:Depends}. This variable can be attached to the list of dependencies of the scanned package. A maintainer can also lower some dependencies to Recommends or Suggest, if needed.

You can find the source code on salsa and usage documentation you can find on https://qt-kde-team.pages.debian.net/dh_qmldeps.html.

The last weeks I now enabled dh_qmldeps for newly every package, that creates a QML6 module package. So the first bugs are solved and it should be usable for more packages.

By scanning with qmlimportscanner trough all code, I found several non-existing QML modules:

  • import QtQuick3DPrivate qt6-multimedia - no Private QML module QTBUG-131753.
  • import QtQuickPrivate qt6-graphs - no Private QML module QTBUG-131754.
  • import QtQuickTimeline qt6-quicktimeline - the correct QML name is QtQuick.Timeline QTBUG-131755.
  • import QtQuickControls2 qt6-webengine - looks like a porting bug as the QML6 modules name is QtQuick.Controls QTBUG-131756.
  • import QtGraphicalEffects kquickimageeditor - the correct name is for QML6 is qt5compat.graphicaleffects, properly as it is an example nobody checks it kquickimageeditor!7.

YEAH - the first milestone is reached. We are able to simply handle QML modules.

But QML applications there is still room for improvement. In apps the QML files are inside the executable. Additionally applications create internal QML modules, that are shipped directly in the same executable. I still search for a good way to analyse an executable to get a list of internal QML modules and a list of included QML files. Any ideas are welcomed :)

As workaround dh_qmldeps scans currently all QML files inside the application source code.

01 December, 2024 12:00AM by Sandro Knauß

November 30, 2024

Dima Kogan

Strava track filtering validation

After years of seeing people's strava tracks, I became convinced that they insufficiently filter the data, resulting in over-estimating the effort. Today I did a bit of lazy analysis, and half-confirmed this: in the one case I looked at, strava reported reasonable elevation gain numbers, but greatly overestimated the distance traveled.

I looked at a single gps track of a long bike ride. This was uploaded to strava manually, as a .gpx file. I can imagine that different things happen if you use the strava app or some device that integrates with the service (the filtering might happen before the data hits the server, and the server could decide to not apply any more filtering).

I processed the data with a simple hysteretic filter, ignoring small changes in position and elevation, trying out different thresholds in the process. I completely ignore the timestamps, and only look at the differences between successive points. This handles the usual GPS noise; it does not handle GPS jumps, which I completely ignore in this analysis. Ignoring these would produce inflated elevation/gain numbers, but I'm working with a looong track, so hopefully this is a small effect.

Clearly this is not scientific, but it's something.

The code

Parsing .gpx is slow (this is a big file), so I cache that into a .vnl: 

import sys
import gpxpy

filename_in  = 'INPUT.gpx'
filename_out = 'OUTPUT.gpx'

with open(filename_in, 'r') as f:
    gpx = gpxpy.parse(f)

f_out = open(filename_out, 'w')

tracks = gpx.tracks
if len(tracks) != 1:
    print("I want just one track", file=sys.stderr)
    sys.exit(1)
track = tracks[0]

segments = track.segments
if len(segments) != 1:
    print("I want just one segment", file=sys.stderr)
    sys.exit(1)
segment = segments[0]

time0 = segment.points[0].time
print("# time lat lon ele_m")
for p in segment.points:
    print(f"{(p.time - time0).seconds} {p.latitude} {p.longitude} {p.elevation}",
          file = f_out)

And I process this data with the different filters (this is a silly Python loop, and is slow): 

#!/usr/bin/python3

import sys
import numpy as np
import numpysane as nps
import gnuplotlib as gp
import vnlog
import pyproj

geod = None
def dist_ft(lat0,lon0, lat1,lon1):

    global geod
    if geod is None:
        geod = pyproj.Geod(ellps='WGS84')
    return \
        geod.inv(lon0,lat0, lon1,lat1)[2] * 100./2.54/12.




f = 'OUTPUT.gpx'

track,list_keys,dict_key_index = \
    vnlog.slurp(f)

t      = track[:,dict_key_index['time' ]]
lat    = track[:,dict_key_index['lat'  ]]
lon    = track[:,dict_key_index['lon'  ]]
ele_ft = track[:,dict_key_index['ele_m']] * 100./2.54/12.



@nps.broadcast_define( ( (), ()),
                       (2,))
def filter_track(ele_hysteresis_ft,
                 dxy_hysteresis_ft):

    dist        = 0.0
    ele_gain_ft = 0.0

    lon_accepted = None
    lat_accepted = None
    ele_accepted = None

    for i in range(len(lat)):

        if ele_accepted is not None:
            dxy_here  = dist_ft(lat_accepted,lon_accepted, lat[i],lon[i])
            dele_here = np.abs( ele_ft[i] - ele_accepted )

            if dxy_here < dxy_hysteresis_ft and dele_here < ele_hysteresis_ft:
                continue

            if ele_ft[i] > ele_accepted:
                ele_gain_ft += dele_here;

            dist += np.sqrt(dele_here * dele_here +
                            dxy_here  * dxy_here)

        lon_accepted = lon[i]
        lat_accepted = lat[i]
        ele_accepted = ele_ft[i]

    # lose the last point. It simply doesn't matter

    dist_mi = dist / 5280.
    return np.array((ele_gain_ft, dist_mi))




Nele_hysteresis_ft    = 20
ele_hysteresis0_ft    = 5
ele_hysteresis1_ft    = 100
ele_hysteresis_ft_all = np.linspace(ele_hysteresis0_ft,
                                    ele_hysteresis1_ft,
                                    Nele_hysteresis_ft)

Ndxy_hysteresis_ft = 20
dxy_hysteresis0_ft = 5
dxy_hysteresis1_ft = 1000
dxy_hysteresis_ft  = np.linspace(dxy_hysteresis0_ft,
                                 dxy_hysteresis1_ft,
                                 Ndxy_hysteresis_ft)


# shape (Nele,Ndxy,2)
gain,distance = \
    nps.mv( filter_track( nps.dummy(ele_hysteresis_ft_all,-1),
                          dxy_hysteresis_ft),
            -1,0 )


# Stolen from mrcal
def options_heatmap_with_contours( plotoptions, # we update this on output

                                   *,
                                   contour_min           = 0,
                                   contour_max,
                                   contour_increment     = None,
                                   do_contours           = True,
                                   contour_labels_styles = 'boxed',
                                   contour_labels_font   = None):
    r'''Update plotoptions, return curveoptions for a contoured heat map'''

    gp.add_plot_option(plotoptions,
                       'set',
                       ('view equal xy',
                        'view map'))

    if do_contours:
        if contour_increment is None:
            # Compute a "nice" contour increment. I pick a round number that gives
            # me a reasonable number of contours

            Nwant = 10
            increment = (contour_max - contour_min)/Nwant

            # I find the nearest 1eX or 2eX or 5eX
            base10_floor = np.power(10., np.floor(np.log10(increment)))

            # Look through the options, and pick the best one
            m   = np.array((1., 2., 5., 10.))
            err = np.abs(m * base10_floor - increment)
            contour_increment = -m[ np.argmin(err) ] * base10_floor

        gp.add_plot_option(plotoptions,
                           'set',
                           ('key box opaque',
                            'style textbox opaque',
                            'contour base',
                            f'cntrparam levels incremental {contour_max},{contour_increment},{contour_min}'))

        if contour_labels_font is not None:
            gp.add_plot_option(plotoptions,
                               'set',
                               f'cntrlabel format "%d" font "{contour_labels_font}"' )
        else:
            gp.add_plot_option(plotoptions,
                               'set',
                               f'cntrlabel format "%.0f"' )

        plotoptions['cbrange'] = [contour_min, contour_max]

        # I plot 3 times:
        # - to make the heat map
        # - to make the contours
        # - to make the contour labels
        _with = np.array(('image',
                          'lines nosurface',
                          f'labels {contour_labels_styles} nosurface'))
    else:
        gp.add_plot_option(plotoptions, 'unset', 'key')
        _with = 'image'

    using = \
        f'({dxy_hysteresis0_ft}+$1*{float(dxy_hysteresis1_ft-dxy_hysteresis0_ft)/(Ndxy_hysteresis_ft-1)}):' + \
        f'({ele_hysteresis0_ft}+$2*{float(ele_hysteresis1_ft-ele_hysteresis0_ft)/(Nele_hysteresis_ft-1)}):3'
    plotoptions['_3d']     = True
    plotoptions['_xrange'] = [dxy_hysteresis0_ft,dxy_hysteresis1_ft]
    plotoptions['_yrange'] = [ele_hysteresis0_ft,ele_hysteresis1_ft]
    plotoptions['ascii']   = True # needed for using to work

    gp.add_plot_option(plotoptions, 'unset', 'grid')

    return \
        dict( tuplesize=3,
              legend = "", # needed to force contour labels
              using = using,
              _with=_with)




contour_granularity = 1000
plotoptions = dict()
curveoptions = \
    options_heatmap_with_contours( plotoptions, # we update this on output
                                   # round down to the nearest contour_granularity
                                   contour_min = (np.min(gain) // contour_granularity)*contour_granularity,
                                   # round up to the nearest contour_granularity
                                   contour_max = ((np.max(gain) + (contour_granularity-1)) // contour_granularity) * contour_granularity,
                                   do_contours = True)
gp.add_plot_option(plotoptions, 'unset', 'key')
gp.add_plot_option(plotoptions, 'set', 'size square')
gp.plot(gain,
        xlabel  = "Distance hysteresis (ft)",
        ylabel  = "Elevation hysteresis (ft)",
        cblabel = "Elevation gain (ft)",
        wait = True,
        **curveoptions,
        **plotoptions,
        title    = 'Computed gain vs filtering parameters')


contour_granularity = 10
plotoptions = dict()
curveoptions = \
    options_heatmap_with_contours( plotoptions, # we update this on output
                                   # round down to the nearest contour_granularity
                                   contour_min = (np.min(distance) // contour_granularity)*contour_granularity,
                                   # round up to the nearest contour_granularity
                                   contour_max = ((np.max(distance) + (contour_granularity-1)) // contour_granularity) * contour_granularity,
                                   do_contours = True)
gp.add_plot_option(plotoptions, 'unset', 'key')
gp.add_plot_option(plotoptions, 'set', 'size square')
gp.plot(distance,
        xlabel  = "Distance hysteresis (ft)",
        ylabel  = "Elevation hysteresis (ft)",
        cblabel = "Distance (miles)",
        wait = True,
        **curveoptions,
        **plotoptions,
        title    = 'Computed distance vs filtering parameters')

Results: gain

Strava says the gain was 46307ft. The analysis says:

strava-gain.png

strava-gain-zoom.png

These show the filtered gain for different values of the distance and gain hysteresis thresholds. The same data is shown at diffent zoom levels. There's no sweet spot, but we get 46307ft with a reasonable amount of filtering. Maybe 46307ft is a bit low even.

Results: distance

Strava says the distance covered was 322 miles. The analysis says:

strava-distance.png

strava-distance-zoom.png

Once again, there's no sweet spot, but we get 322 miles only if we apply no filtering at all. That's clearly too high, and is not reasonable. From the map (and from other people's strava routes) the true distance is closer to 305 miles. Why those people's strava numbers are more believable is anybody's guess.

30 November, 2024 10:48PM by Dima Kogan

Enrico Zini

New laptop setup

My new laptop Framework (Framework Laptop 13 DIY Edition (AMD Ryzen™ 7040 Series)) arrived, all the hardware works out of the box on Debian Stable, and I'm very happy indeed.

This post has the notes of all the provisioning steps, so that I can replicate them again if needed.

Installing Debian 12

Debian 12's installer just worked, with Secure Boot enabled no less, which was nice.

The only glitch is an argument with the guided partitioner, which was uncooperative: I have been hit before by a /boot partition too small, and I wanted 1G of EFI and 1G of boot, while the partitioner decided that 512Mb were good enough. Frustratingly, there was no way of changing that, nor I found how to get more than 1G of swap, as I wanted enough swap to fit RAM for hybernation.

I let it install the way it pleased, then I booted into grml for a round of gparted.

The tricky part of that was resizing the root btrfs filesystem, which is in an LV, which is in a VG, which is in a PV, which is in LUKS. Here's a cheatsheet.

Shrink partitions:

  • mount the root filesystem in /mnt
  • btrfs filesystem resize 6G /mnt
  • umount the root filesystem
  • lvresize -L 7G vgname/lvname
  • pvresize --setphysicalvolumesize /dev/mapper/pvname 8G
  • cryptsetup resize --device-size 9G name

note that I used an increasing size because I don't trust that each tool has a way of representing sizes that aligns to the byte. I'd be happy to find out that they do, but didn't want to find out the hard way that they didn't.

Resize with gparted:

Move and resize partitions at will. Shrinking first means it all takes a reasonable time, and you won't have to wait almost an hour for a terabyte-sized empty partition to be carefully moved around. Don't ask me why I know.

Regrow partitions:

  • cryptsetup resize name
  • pvresize /dev/mapper/pvname
  • lvresize -L 100% vgname/lvname
  • mount the root filesystem in /mnt
  • btrfs filesystem resize max /mnt
  • umount the root filesystem

Setup gnome

When I get a new laptop I have a tradition of trying to make it work with Gnome and Wayland, which normally ended up in frustration and a swift move to X11 and Xfce: I have a lot of long-time muscle memory involved in how I use a computer, and it needs to fit like prosthetics. I can learn to do a thing or two in a different way, but any papercut that makes me break flow and I cannot fix will soon become a dealbreaker.

This applies to Gnome as present in Debian Stable.

General Gnome settings tips

I can list all available settings with:

gsettings list-recursively

which is handy for grepping things like hotkeys.

I can manually set a value with:

gsettings set <schema> <key> <value>

and I can reset it to its default with:

gsettings reset <schema> <key>

Some applications like Gnome Terminal use "relocatable schemas", and in those cases you also need to specify a path, which can be discovered using dconf-editor:

gsettings set <schema>:<path> <key> <value>

Install appindicators

First thing first: app install gnome-shell-extension-appindicator, log out and in again: the Gnome Extension manager won't see the extension as available until you restart the whole session.

I have no idea why that is so, and I have no idea why a notification area is not present in Gnome by default, but at least now I can get one.

Fix font sizes across monitors

My laptop screen and monitor have significantly different DPIs, so:

gsettings set org.gnome.mutter experimental-features "['scale-monitor-framebuffer']"

And in Settings/Displays, set a reasonable scaling factor for each display.

Disable Alt/Super as hotkey for the Overlay

Seeing all my screen reorganize and reshuffle every time I accidentally press Alt leaves me disoriented and seasick:

gsettings set org.gnome.mutter overlay-key ''

Focus-follows-mouse and Raise-or-lower

My desktop is like my desktop: messy and cluttered. I have lots of overlapping window and I switch between them by moving the focus with the mouse, and when the visible part is not enough I have a handy hotkey mapped to raise-or-lower to bring forward what I need and send back what I don't need anymore.

Thankfully Gnome can be configured that way, with some work:

  • In gnome-shell settings, keyboard, shortcuts, windows, set "Raise window if covered, otherwise lower it" to "Super+Escape"
  • In gnome-tweak-tool, Windows, set "Focus on Hover"

This almost worked, but sometimes it didn't do what I wanted, like I expected to find a window to the front but another window disappeared instead. I eventually figured that by default Gnome delays focus changes by a perceivable amount, which is evidently too slow for the way I move around windows.

The amount cannot be shortened, but it can be removed with:

gsettings set org.gnome.shell.overrides focus-change-on-pointer-rest false

Mouse and keyboard shortcuts

Gnome has lots of preconfigured sounds, shortcuts, animations and other distractions that I do not need. They also either interfere with key combinations I want to use in terminals, or cause accidental window moves or resizes that make me break flow, or otherwise provide sensory overstimulation that really does not work for me.

It was a lot of work, and these are the steps I used to get rid of most of them.

Disable Super+N combinations that accidentally launch a questionable choice of programs:

for i in `seq 1 9`; do gsettings set org.gnome.shell.keybindings switch-to-application-$i '[]'; done

Gnome-Shell settings:

  • Multitasking:
    • disable hot corner
    • disable active edges
    • set a fixed number of workspaces
    • workspaces on all displays
    • switching includes apps from current workspace only
  • Sound:
    • disable system sounds
  • Keyboard
    • Compose Key set to Caps Lock
    • View and Customize Shortcuts:
      • Launchers
        • launch help browser: remove
      • Navigation
        • move to workspace on the left: Super+Left
        • move to workspace on the right: Super+Right
        • move window one monitor …: remove
        • move window one workspace to the left: Shift+Super+Left
        • move window one workspace to the right: Shift+Super+Right
        • move window to …: remove
        • switch system …: remove
        • switch to …: remove
        • switch windows …: disabled
      • Screenshots
        • Record a screenshot interactively: Super+Print
        • Take a screenshot interactively: Print
        • Disable everything else
      • System
        • Focus the active notification: remove
        • Open the applcation menu: remove
        • Restore the keyboard shortctus: remove
        • Show all applications: remove
        • Show the notification list: remove
        • Show the overvire: remove
        • Show the run command prompt: remove (the default Gnome launcher is not for me) Super+F2 (or remove to leave it to the terminal)
      • Windows
        • Close window: remove
        • Hide window: remove
        • Maximize window: remove
        • Move window: remove
        • Raise window if covered, otherwise lower it: Super+Escape
        • Resize window: remove
        • Restore window: remove
        • Toggle maximization state: remove
    • Custom shortcuts
      • xfrun4, launching xfrun4, bound to Super+F2
  • Accessibility:
    • disable "Enable animations"

gnome-tweak-tool settings:

  • Keyboard & Mouse
    • Overview shortcut: Right Super. This cannot be disabled, but since my keyboard doesn't have a Right Super button, that's good enough for me. Oddly, I cannot find this in gsettings.
  • Window titlebars
    • Double-Click: Toggle-Maximize
    • Middle-Click: Lower
    • Secondary-Click: Menu
  • Windows
    • Resize with secondary click

Gnome Terminal settings:

Thankfully 10 years ago I took notes on how to customize Gnome Terminal, and they're still mostly valid:

  • Shortcuts

    • New tab: Super+T
    • New window: Super+N
    • Close tab: disabled
    • Close window: disabled
    • Copy: Super+C
    • Paste: Super+V
    • Search: all disabled
    • Previous tab: Super+Page Up
    • Next tab: Super+Page Down
    • Move tab…: Disabled
    • Switch to tab N: Super+Fn (only available after disabling overview)

    • Switch to tab N with Alt+Fn cannot be configured in the UI: Alt+Fn is detected as simply Fn. It can however be set with gsettings:

      sh for i in `seq 1 12`; do gsettings set org.gnome.Terminal.Legacy.Keybindings:/org/gnome/terminal/legacy/keybindings/ switch-to-tab-$i "<Alt>F$i"; done

  • Profile

    • Text
      • Sound: disable terminal bell

Other hotkeys that got in my way and had to disable the hard way:

for n in `seq 1 12`; do gsettings set org.gnome.mutter.wayland.keybindings switch-to-session-$n '[]'; done
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-down '[]'
gsettings set org.gnome.desktop.wm.keybindings move-to-workspace-up '[]'
gsettings set org.gnome.desktop.wm.keybindings panel-main-menu '[]'
gsettings set org.gnome.desktop.interface menubar-accel '[]'

Note that even after removing F10 from being bound to menubar-accel, and after having to gsetting binding to F10 as is:

$ gsettings list-recursively|grep F10
org.gnome.Terminal.Legacy.Keybindings switch-to-tab-10 '<Alt>F10'

I still cannot quit Midnight Commander using F10 in a terminal, as that moves the focus in the window title bar. This looks like a Gnome bug, and a very frustrating one for me.

Appearance

Gnome-Shell settings:

  • Appearance:
    • dark mode

gnome-tweak-tool settings:

  • Fonts
    • Antialiasing: Subpixel
  • Top Bar
    • Clock/Weekday: enable (why is this not a default?)

Gnome Terminal settings:

  • General
    • Theme variant: Dark (somehow it wasn't picked by up from the system settings)
  • Profile
    • Colors
      • Background: #000

Other decluttering and tweaks

Gnome Shell Settings:

  • Search
    • disable application search
  • Removable media
    • set everything to "ask what to do"
  • Default applications
    • Web: Chromium
    • Mail: mutt
    • Calendar: khal is not sadly an option
    • Video: mpv
    • Photos: Geequie

Set a delay between screen blank and lock: when the screen goes blank, it is important for me to be able to say "nope, don't blank yet!", and maybe switch on caffeine mode during a presentation without needing to type my password in front of cameras. No UI for this, but at least gsettings has it:

gsettings set org.gnome.desktop.screensaver lock-delay 30

Extensions

I enabled the Applications Menu extension, since it's impossible to find less famous applications in the Overview without knowing in advance how they're named in the desktop. This stole a precious hotkey, which I had to disable in gsettings:

gsettings set org.gnome.shell.extensions.apps-menu apps-menu-toggle-menu '[]'

I also enabled:

  • Removable Drive Menu: why is this not on by default?
  • Workspace Indicator
  • Ubuntu Appindicators (apt install gnome-shell-extension-appindicator and restart Gnome)

I didn't go and look for Gnome Shell extentions outside what is packaged in Debian, as I'm very wary about running JavaScript code randomly downloaded from the internet with full access over my data and desktop interaction.

I also took care of checking that the Gnome Shell Extensions web page complains about the lacking "GNOME Shell integration" browser extension, because the web browser shouldn't be allowed to download random JavaScript from the internet and run it with full local access.

Yuck.

Run program dialog

The default run program dialog is almost, but not quite, totally useless to me, as it does not provide completion, not even just for executable names in path, and so it ends up being faster to open a new terminal window and type in there.

It's possible, in Gnome Shell settings, to bind a custom command to a key. The resulting keybinding will now show up in gsettings, though it can be located in a more circuitous way by grepping first, and then looking up the resulting path in dconf-editor:

gsettings list-recursively|grep custom-key
org.gnome.settings-daemon.plugins.media-keys custom-keybindings ['/org/gnome/settings-daemon/plugins/media-keys/custom-keybindings/custom0/']

I tried out several run dialogs present in Debian, with sad results, possibly due to most of them not being tested on wayland:

  • fuzzel does not start
  • gmrun is gtk2, last updated in 2016, but works fine
  • kupfer segfaults as I type
  • rofi shows, but can't get keboard input
  • shellex shows a white bar at top of the screen and lots of errors on stderr
  • superkb wants to grab the screen for hotkeys
  • synapse searched news on the internet as I typed, which is a big no for me
  • trabucco crashes on startup
  • wofi works but looks like very much an acquired taste, though it has some completion that makes it more useful than Gnome's run dialog
  • xfrun4 (package xfce4-appfinder) struggles on wayland, being unable to center its window and with the pulldown appearing elsewhere in the screen, but it otherwise works

Both gmrun and xfrun4 seem like workable options, with xfrun4 being customizable with convenient shortcut prefixes, so xfrun4 it is.

TODO

  • Figure out what is still binding F10 to menu, and what I can do about it
  • Figure out how to reduce the size of window titlebars, which to my taste should be unobtrusive and not take 2.7% of vertical screen size each. There's a minwaita theme which isn't packaged in Debian. There's a User Theme extension, and then the whole theming can of worms to open. For another day.
  • Figure out if Gnome can be convinced to resize popup windows? Take the Gnome Terminal shortcut preferences for example: it takes ⅓ of the vertical screen and can only display ¼ of all available shortcuts, and I cannot find a valid reason why I shouldn't be allowed to enlarge it vertically.
  • Figure out if I can place shortcut launcher icons in the top panel, and how

I'll try to update these notes as I investigate.

Conclusion so far

I now have something that seems to work for me. A few papercuts to figure out still, but they seem manageable.

It all feels a lot harder than it should be: for something intended to be minimal, Gnome defaults feel horribly cluttered and noisy to me, continuosly getting in the way of getting things done until tamed into being out of the way unless called for. It felt like a device that boots into flashy demo mode, which needs to be switched off before actual use.

Thankfully it can be switched off, and now I have notes to do it again if needed.

gsettings oddly feels to me like a better UI than the interactive settings managers: it's more comprehensive, more discoverable, more scriptable, and more stable across releases. Most of the Q&A I found on the internet with guidance given on the UI was obsolete, while when given with gsettings command lines it kept being relevant. I also have the feeling that these notes would be easier to understand and follow if given as gsettings invocations instead of descriptions of UI navigation paths.

At some point I'll upgrade to Trixie and reevaluate things, and these notes will be a useful checklist for that.

Fingers crossed that this time I'll manage to stay on Wayland. If not, I know that Xfce is still there for me, and I can trust it to be both helpful and good at not getting in the way of my work.

30 November, 2024 08:13PM

hackergotchi for Daniel Pocock

Daniel Pocock

Understanding Irish general election 2024 results Dublin Bay South

Counting staff have conducted initial tallies of the ballot papers and these confirm my predictions from the blog post yesterday.

Personally, I'm not in contention to win a place in the Dáil. The big positive outcome for my campaign is the increased interest in my blogs about the adverse impact of social control media and some of the other things that are going wrong at the intersection of technology and society. Unlike last time I ran for public office, it does not look like I finished last again.

Yesterday I commented on one of the minor candidates from the communist-trotskyist PBP. Many people were amused that I frustrated the campaign of a communist. Nonetheless, that was not my intention. My only intention was to demonstrate the hypocrisy of communists using social control media platforms that enrich billionaires in a foreign country. Nonetheless, it is interesting to see that the communist increased her share of the votes from three percent to four percent. At the same time, the Green party vote fell as they were running with a different candidate. In general, the left votes were divided and fighting against each other and none of them appear to be able win a seat. That is a loss for the left as one seat was previously held by the Greens.

Kate O'Connell previously served as a local representative for the party Fine Gael and this time she ran as an independent. The media showed a big interest in her campaign. Her previous status and her media profile haven't helped her attain the number of first preference votes required to be in contention for one of the four seats.

Nonetheless, Kate achieved about 4.5% of the vote and this demonstrates how much harder it was for other independents who have little or no public profile at all.

Many people have commented on my €17,000 electricity bill. This is the type of scandal that is so unusual that it would normally appear in a news report even if there was not an election in progress. The media have known about the bill for a week but chosen not to report on it. This adds to the perception of many people that the media has been very selective in reporting on the existing political parties and not providing any space for new candidates and the issues we raise.

One of the issues people raised with me during the campaign was the status of the Sandymount Baths. Despite Dublin's incredible shoreline, the Baths have been derelict for over 100 years. Coincidentally, many people comment that the same two parties have taken turns to govern Ireland over the same period of 100 years.

The only independent candidate who did get significant media attention for free is the high profile bank robber Gerry Hutch. He is in fourth position after the first tally and this means there is a real possibility that he will win a seat. He could miss out on the seat if the preference transfers from other candidates all work against him to help one of the candidates in fifth or sixth positions to rise up into the fourth position and displace him. If that happens, he may miss out on the seat by a very slim margin. It may come down to just one hundred votes. People who acquired Gerry 'The Monk' Hutch domain names may share some of the responsibility if he misses out on a seat by such a small margin.

The election created a huge interest in my blog posts about inconvenient truths in the days before voting. It is interesting to see that the heightened interest in my blog has continued in the time since the polls closed.

30 November, 2024 03:30PM

Russell Coker

November 29, 2024

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

RcppAPT 0.0.10: Maintenance

A new version of the RcppAPT package arrived on CRAN earlier today. RcppAPT connects R to the C++ library behind the awesome apt, apt-get, apt-cache, … commands (and their cache) which powering Debian, Ubuntu and other derivative distributions.

RcppAPT allows you to query the (Debian or Ubuntu) package dependency graph at will, with build-dependencies (if you have deb-src entries), reverse dependencies, and all other goodies. See the vignette and examples for illustrations.

This release moves the C++ compilation standard from C++11 to C++17. I had removed the setting for C++11 last year as compilation ‘by compiler default’ worked well enough. But the version at CRAN still carried, which started to lead to build failures on Debian unstable so it was time for an update. And rather than implicitly relying on C++17 as selected by the last two R releases, we made it explicit. Otherwise a few of the regular package and repository updates have been made, but no new code or features were added The NEWS entries follow.

Changes in version 0.0.10 (2024-11-29)

  • Package maintenance updating continuous integration script versions as well as coverage link from README, and switching to Authors@R

  • C++ compilation standards updated to C++17 to comply with libapt-pkg

Courtesy of my CRANberries, there is also a diffstat report for this release. A bit more information about the package is available here as well as at the GitHub repo. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

29 November, 2024 08:19PM

hackergotchi for Daniel Pocock

Daniel Pocock

Watching Irish general election 2024 results

As an independent candidate I'm not expecting to get too many votes. Ireland is a country where traditions are very strong and people gravitate to the parties and candidates they grew up with. On top of that, my campaign was subject to distortion and obfuscation in Google search results. I will be happy if I get more than 5 votes but even that is not certain. In the last election, some independent candidates only got 23 votes each.

There is still time for people to go and vote now before the polling stations close.

The candidates with fewer votes are eliminated in earlier rounds of counting. Counting begins at 9am on Saturday, 30 November and the first eliminations will become clear some time around lunchtime.

The most interesting results to look for

One of the hot topics in the news was the candidacy of Gerry 'the Monk' Hutch. Being famous can sometimes be a good thing in elections. The jockey Nina Carberry won a seat in the European Parliament on her first attempt due to her high profile sporting career.

Voters may have sympathy for the Monk after I registered all his most likely domain names, along with those of other candidates. On the other hand, if the Monk misses out on a seat in the Dáil by only a small number of votes, for example, if he is 10 votes below the candidate who takes the final seat, people may attribute the loss to the fact that he could not get those domain names for himself.

Fortunately I know some good hideouts in Australia.

In the movie Mad Max, organized crime gangs ride around on motorcycles and the police unit responsible for catching them is the Main Force Patrol (MFP). The MFP car park in the movie is actually the University of Melbourne's South Lawn Car Park. The adjacent buildings are Electrical Engineering and Law.

Mad Max at University of Melbourne

 

Mad Max

 

Mad Max

 

Win or lose, I'm glad that my campaign prompted some discussions about the role of the Internet and social control media in society.

Please Vote [1] Daniel POCOCK

 

Daniel Pocock

 

Daniel Pocock

 

Vote [1] Daniel POCOCK

Gerry Hutch, the Monk

29 November, 2024 05:00PM

Brigid Purcell (PBP): generation Z, unteachable children, how will they govern in ten years?

After securing the domain names of some of my rivals in Dublin Bay South, I tried to contact each of them and reassure them that they would not have a big problem getting them at the end of the voting and using them in future.

Elections are a stressful time for everybody and I wanted to demonstrate good sportsmanship and not see rivals losing sleep over this particular issue.

Personally, I used each of the domains to make some political points about social control media and hypocrisy but the domains have no long term value for me. I cancel the auto-renewal on them and 12 months after the registration date, each domain will expire and then whoever acts fastest can register them.

Out of all the rival candidates I contacted, they were all quite happy to find out that they could get a domain name without being blackmailed by anonymous cybersquatters, except for one person who didn't demonstrate any patience whatsoever.

Brigid Purcell, from the socialist-communist PBP went to all her social media accounts to complain about "middle aged men". I'm ignoring everything else in the discussion except that phrase. When a candidate makes a generalization like that it will be noticed by all the other middle-aged men who are deciding how to vote.

Young women from the same background as Brigid get excited and side with her. But those women were going to vote for Brigid anyway. I'm sure she would do a good job of talking about the problems they experience in life but that is only half the job of being an elected representative. What about all the other 70,000 people who live in Dublin Bay South? What Brigid has demonstrated illustrates how generation-Z have been raised in social media silos. Social media silos have not prepared these people for some of the situations they will face in real life. Employers complain about very talented people from generation Z who come to a job interview and do everything correctly up to the point where, out of habit, they take out their mobile phone and start trying to look something up or ask their friends.

I met another woman the same age as Brigid recently. She had graduated as a teacher, worked as a teacher for one year and then quit. She summarized her decision with one word: "unteachable". She mentioned that the children of today are being raised by social media rather than parents.

Older generations of school teachers are saying the same thing. They are quitting, whether it is in Ireland or in Australia. Here is a quote from the Australian case study:

During her time as a relief teacher in 2022, she noticed more boys talking about Andrew Tate in class.

Shaming by either gender is a big factor. Brigid has chosen to give me a put-down in front of her fans without even finding out what I might have to say. Andrew Tate's generalizations about women and Brigid's generalization about middle-aged men feel like opposite sides of the same coin. The problem is not the age or gender, the problem is the manner in which people rush to their social media account to shame somebody they never met.

During my time in student politics, I met many socialist-communists like Brigid so I know that it is unlikely she has any money and I would be wasting my time if I tried to blackmail her. When I contacted her like all the other candidates, I was simply going to give her the domains for free when we meet at the count center on Saturday.

If I sent the domain transfer passwords to a stranger by email there is a big risk they could end up in the hands of her boyfriend or a volunteer. Many women believe they own their domain names right up to the day they break up with their boyfriend. Then they find out that the domain names are managed through a foreign company in the US and there is nothing that they can do. In these situations, where the woman has spent time building a business on the domain name, the now ex-boyfriend really can do some blackmail before handing it over.

Having heard of many cases like this, I always want to do proper due-diligence, for example, to speak to the new owner of a domain in person or by telephone and make sure they understand the value of the domain transfer key at the moment I hand it over. Brigid rushed to judge me based on my age and gender and so she did not gain anything from my prior experience on the topic.

The other group of middle-aged men we need to worry about are the public servants, heads of government departments and agencies who have to come in to Leinster House from time to time and sit in a room with politicians posing tricky questions. Some of the public service bosses are middle-aged women but in general they are middle-aged men. When more people from Generation Z are elected into public office, I really hope they don't make the same mistake as Brigid. If they refuse to talk to people from older generations or if they humiliate public servants in front of their social media fans we can expect a lot of the public servants will quit, just like the school teachers who are quitting today. The Government will have to offer even higher salary packages for replacements to take leadership roles in the public service.

Fact checking

Take a look at the statistics from previous elections. If previous statistics are anything to go by, neither Brigid or I have a very high chance of being elected. In the 2021 by-election, Brigid had less than a thousand votes, about three percent.

Therefore, fighting with each other is rather pointless and a waste of time. Brigid would increase her chance of election if she focused on the issues that differentiate her party from Hazel Chu, the female candidate for the Greens.

She could gain votes by asking other minor candidates to support her as a second preference.

However, other candidates will be afraid to discuss preference-swapping with somebody if they feel that every attempt at negotiation will be leaked on social media.

29 November, 2024 03:00PM

hackergotchi for Bits from Debian

Bits from Debian

Debian welcomes its new Outreachy interns

Outreachy logo

Debian continues participating in Outreachy, and we're excited to announce that Debian has selected two interns for the Outreachy December 2024 - March 2025 round.

Patrick Noblet Appiah will work on Automatic Indi-3rd-party driver update, mentored by Thorsten Alteholz.

Divine Attah-Ohiemi will work on Making the Debian main website more attractive by switching to HuGo as site generator, mentored by Carsten Schoenert, Subin Siby and Thomas Lange.

Congratulations and welcome Patrick Noblet Appiah and Divine Attah-Ohiemi!

From the official website: Outreachy provides three-month internships for people from groups traditionally underrepresented in tech. Interns work remotely with mentors from Free and Open Source Software (FOSS) communities on projects ranging from programming, user experience, documentation, illustration and graphical design, to data science.

The Outreachy programme is possible in Debian thanks to the efforts of Debian developers and contributors who dedicate their free time to mentor students and outreach tasks, and the Software Freedom Conservancy's administrative support, as well as the continued support of Debian's donors, who provide funding for the internships.

Join us and help extend Debian! You can follow the work of the Outreachy interns reading their blogs (they are syndicated in Planet Debian), and chat with us in the #debian-outreach IRC channel and mailing list.

29 November, 2024 12:22PM by Nilesh Patra

Debian welcomes its new Outreachy interns

Outreachy logo

Debian continues participating in Outreachy, and we're excited to announce that Debian has selected two interns for the Outreachy December 2024 - March 2025 round.

Patrick Noblet Appiah will work on Automatic Indi-3rd-party driver update, mentored by Thorsten Alteholz.

Divine Attah-Ohiemi will work on Making the Debian main website more attractive by switching to HuGo as site generator, mentored by Carsten Schoenert, Subin Siby and Thomas Lange.

Congratulations and welcome Patrick Noblet Appiah and Divine Attah-Ohiemi!

From the official website: Outreachy provides three-month internships for people from groups traditionally underrepresented in tech. Interns work remotely with mentors from Free and Open Source Software (FOSS) communities on projects ranging from programming, user experience, documentation, illustration and graphical design, to data science.

The Outreachy programme is possible in Debian thanks to the efforts of Debian developers and contributors who dedicate their free time to mentor students and outreach tasks, and the Software Freedom Conservancy's administrative support, as well as the continued support of Debian's donors, who provide funding for the internships.

Join us and help extend Debian! You can follow the work of the Outreachy interns reading their blogs (they are syndicated in Planet Debian), and chat with us in the #debian-outreach IRC channel and mailing list.

29 November, 2024 09:00AM by Nilesh Patra

Russ Allbery

Review: The Duke Who Didn't

Review: The Duke Who Didn't, by Courtney Milan

Series: Wedgeford Trials #1
Publisher: Femtopress
Copyright: September 2020
ASIN: B08G4QC3JC
Format: Kindle
Pages: 334

The Duke Who Didn't is a Victorian romance novel, the first of a loosely-connected trilogy in the romance sense of switching protagonists between books. It's self-published, but by Courtney Milan, so the quality of the editing and publishing is about as high as you will see for a self-published novel.

Chloe Fong has a goal: to make her father's sauce the success that it should be. His previous version of the recipe was stolen by White and Whistler and is now wildly popular as Pure English Sauce. His current version is much better. In a few days, tourists will come from all over England to the annual festival of the Wedgeford Trials, and this will be Chloe's opportunity to give the sauce a proper debut and marketing push. There is only the small matter of making enough sauce and coming up with a good name. Chloe is very busy and absolutely does not have time for nonsense. Particularly nonsense in the form of Jeremy Yu.

Jeremy started coming to the Wedgeford Trials at the age of twelve. He was obviously from money and society, obviously enough that the villagers gave him the nickname Posh Jim after his participation in the central game of the trials. Exactly how wealthy and exactly which society, however, is something that he never quite explained, at first because he was having too much fun and then because he felt he'd waited too long. The village of Wedgeford was thriving under the benevolent neglect of its absent duke and uncollected taxes, and no one who loved it had any desire for that to change. Including Jeremy, the absent duke in question.

Jeremy had been in love with Chloe for years, but the last time he came to the Trials, Chloe told him to stop pursuing her unless he could be serious. That was three years and three Trials ago, and Chloe was certain Jeremy had made his choice by his absence. But Jeremy never forgot her, and despite his utter failure to become a more serious person, he is determined to convince her that he is serious about her. And also determined to finally reveal his identity without breaking everything he loves about the village. Somehow.

I have mentioned in other reviews that I mostly read sapphic instead of heterosexual romance because the gender roles in heterosexual romance are much more likely to irritate me. It occurred to me that I was probably being unfair to the heterosexual romance genre, I hadn't read nearly widely enough to draw any real conclusions, and I needed to find better examples. I've followed Courtney Milan occasionally on social media (for reasons unrelated to her novels) for long enough to know that she was unlikely to go for gender essentialism, and I'd been meaning to try one of her books for a while. Hence this novel.

It is indeed not gender-essentialist. Neither Chloe nor Jeremy fit into obvious gender boxes. Chloe is the motivating force in the novel and many of their interactions were utterly charming. But, despite that, the gender roles still annoyed me in ways that are entirely not the fault of this book. I'm not sure I can even put a finger on something specific. It's a low-grade, pervasive feeling that men do one type of thing and women do a different type of thing, and even if these characters don't stick to that closely, it saturates the vibes. (Admittedly, a Victorian romance was probably not the best choice when I knew this was my biggest problem with genre heterosexual romance. It was just what I had on hand.)

The conceit of the Wedgeford Trials series is that the small village of Wedgeford in England, through historical accident, ended up with an unusually large number of residents with Chinese ancestry. This is what I would call a "believable outlier": there was not such a village so far as I know, but there could well have been. At the least, there were way more people with non-English ancestry, including east Asian ancestry, in Victorian England than modern readers might think. There is quite a lot in this novel about family history, cultural traditions, immigration, and colonialism that I'm wholly unqualified to comment on but that was fascinating to read about and seemed (as one would expect from Milan) adroitly written.

As for the rest of the story, The Duke Who Didn't is absolutely full of banter. If your idea of a good time with a romance novel is teasing, word play, mock irritation, and endless verbal fencing as a way to avoid directly confronting difficult topics, you will be in heaven. Jeremy is one of those people who is way too much in his own head and has turned his problems into a giant ball of anxiety, but who is good at being the class clown, and therefore leans heavily on banter and making people laugh (or blush) as a way of avoiding whatever he's anxious about. I thought the characterization was quite good, but I admit I still got a bit tired of it. 350 pages is a lot of banter, particularly when the characters have some serious communication problems they need to resolve, and to fully enjoy this book you have to have a lot of patience for Jeremy's near-pathological inability to be forthright with Chloe.

Chloe's most charming characteristic is that she makes lists, particularly to-do lists. Her ideal days proceed as an orderly process of crossing things off of lists, and her way to approach any problem is to make a list. This is a great hook, and extremely relatable, but if you're going to talk this much about her lists, I want to see the lists! Chloe is all about details; show me the details! This book does not contain anywhere close to enough of Chloe's lists. I'm not sure there was a single list in this book that the reader both got to see the details of and that made it to more than three items. I think Chloe would agree that it's pointless to talk about the concept of lists; one needs to commit oneself to making an actual list.

This book I would unquestioningly classify as romantic comedy (which given my utter lack of familiarity with romance subgenres probably means that it isn't). Jeremy's standard interaction style with anyone is self-deprecating humor, and Chloe is the sort of character who is extremely serious in ways that strike other people as funny. Towards the end of the book, there is a hilarious self-aware subversion of a major romance novel trope that even I caught, despite my general lack of familiarity with the genre. The eventual resolution of Jeremy's problem of hidden identity caught me by surprise in that way where I should have seen it all along, and was both beautifully handled and quite entertaining.

All the pieces are here for a great time, and I think a lot of people would love this book. Somehow, it still wasn't quite my thing; I thoroughly enjoyed parts of it, but I don't find myself eager to read another. I'm kind of annoyed at myself that it didn't pull me in, since if I'd liked this I know where to find lots more like it. But ah well.

If you like banter-heavy heterosexual romance that is very self-aware about its genre without devolving into metafiction, this is at least worth a try.

Followed in the romance series way by The Marquis Who Mustn't, but this is a complete story with a satisfying ending.

Rating: 7 out of 10

29 November, 2024 06:32AM

November 28, 2024

hackergotchi for Daniel Pocock

Daniel Pocock

Why you should follow my RSS or Atom feed, Irish elections, everybody wins

When it comes to politics, the journey is important too, even if the outcome is unpredictable and sometimes utterly dismal.

The campaign has served its purpose already though. We have fresh evidence about censorship. People have been taking screenshots of the Google search results. You can't look at these search results and not feel that they have been hand-crafted by somebody who resents the prospect of people voting for me.

The word "ELIMINATED" has appeared in capital letters high in the search results, but that actually refers to the process of eliminating candidates one-by-one during counting in the last elections. No candidates have been eliminated in this election.

One of the main highlights of this campaign was the distribution of a leaflet to every home in the region. Forty thousand households received the leaflet. Several people have spoken to me about electricity bills but not one has a bill as big as mine, €17,000.

Regardless of whether I win or lose, in the next few days I'm going to publish fresh details about the secret expulsions in GNOME Foundation and more about the social engineering attacks in Debian, especially the cases where some kind of privilege escalation has been successful.

To make sure you don't miss key stories like this, if you want to bypass the social media filtering and advertising, please use an RSS or Atom feed reader to follow blogs like this.

Vote [1] Daniel POCOCK

Daniel Pocock

 

If you care about democracy, don't let yourself be fooled by Google and the lawyerstalking.

Please Vote [1] Daniel POCOCK

 

Daniel Pocock

 

Daniel Pocock

 

Vote [1] Daniel POCOCK

28 November, 2024 08:00PM

hackergotchi for Bits from Debian

Bits from Debian

New Debian Developers and Maintainers (September and October 2024)

The following contributors got their Debian Developer accounts in the last two months:

  • Joachim Bauch (fancycode)
  • Alexander Kjäll (capitol)
  • Jan Mojžíš (janmojzis)
  • Xiao Sheng Wen (atzlinux)

The following contributors were added as Debian Maintainers in the last two months:

  • Alberto Bertogli
  • Alexis Murzeau
  • David Heilderberg
  • Xiyue Deng
  • Kathara Sasikumar
  • Philippe Swartvagher

Congratulations!

28 November, 2024 05:00PM by Jean-Pierre Giraud

not Gerry 'The Monk' Hutch

8GB Swiss Archive offered to Irish voters by Dáil candidate

Swiss women Pascale Koster and Albane de Ziegler at law firm Walder Wyss signed a document demanding that an open source software volunteer publish self-deprecating insults on his blog. Moreover, the rude women made this demand after the volunteer's father died. Mr Pocock doesn't take orders from cyberbullies like that. Instead of publishing the insults they wrote for him, he is publishing an 8GB archive from Switzerland for Irish voters to consider as they go to the polls tomorrow. The link is below.

By way of background, the volunteer Daniel Pocock is a highly respected Debian Developer. In 2017, on the anniversary of the Easter rising, the Free Software Fellowship elected Mr Pocock as their representative. Yet a subgroup of German and Swiss fellows became incredibly frustrated with Mr Pocock's success and attack him ever since then.

Mr Pocock made a number of blog posts exposing corruption and modern slavery when multinationals penetrate volunteer communities.

Two judicial processes have found that Mr Pocock and his family were victims of harassment. The Zurich black cat trial in 2018 gave Mr Pocock's family CHF 10,000 (equivalent to EUR 10,000) and the WeMakeFedora dispute in 2022 found Mr Pocock was a victim of harassment.

The multinationals failed to listen to these verdicts and keep throwing more and more money at corrupt lawyers and judges to attack volunteers.

Mr Pocock simply started writing blogs about the corrupt lawyers and judges, the Swiss JuristGate affair.

The racist lawyers Pascale Koster and Albane de Ziegler signed this document insisting that Mr Pocock publish self-deprecating insults after his father died. Instead, he is publishing the 8GB archive.

Pascale Koster, Albane de Ziegler

 

Pascale Koster, Albane de Ziegler

 

If people have concerns about what is in this 8GB archive, ask the racist Swiss women why they are lawyerstalking a volunteer after the death of his father.

Access the 8GB archive using IPFS

IPFS was used to share information about the referendum in Catalonia and it is being used again today to support Irish democracy.

Please download the IPFS Desktop software.

For background information about the IPFS peer-to-peer network please see the InterPlanetary File System (IPFS) page on Wikipedia.

After installing the IPFS desktop, simply cut and paste or click the Content ID (CID) to access the 8GB archive from Switzerland.

Click to Download 8GB Swiss_Archive.7z (encrypted) with IPFS Desktop

Content ID: [ QmastD22PqBw6m2Q3VHiyKP5DCnijPURjudeWg8guBvJKi ] (to copy and paste into IPFS Desktop)

Inside the IPFS desktop software, right click the folder and select the option to Pin important file-sharing content like this so that it is forced to keep a local copy on your hard disk even when you are offline.

Release of the encryption key on 5 December 2024

If you want this to happen, please Vote [1] Daniel POCOCK

If the Irish people choose to elect Mr Pocock to the Dáil, Mr Pocock will release the encryption key for the 8GB Swiss Archive on International Volunteer Day, 5 December 2024.

The opening of the archive, like the opening of a Christmas present, will be celebrated with ceremonies around Ireland and around the world. If you would like to organize an event in a local pub, community center or campus environment, please promote your event using whichever online platforms you prefer and use the words Debian Swiss Archive in the title of your event. People can use these keywords to search for events nearby.

Googlists undermining Mr Pocock's campaign

Google search results are wrongly suggesting that Mr Pocock was eliminated. In fact, no candidates have been eliminated. This is more proof that multinationals are interfering in our democracy.

 

Daniel Pocock

 

If you care about democracy, don't let yourself be fooled by Google and the lawyerstalking. Please Vote [1] Daniel POCOCK

Respect for volunteers

Mr Pocock has been doing voluntary work with amateur radio and free, open source software since he was 14 years old. Sinister people on social media who try to steal the reputation of a volunteer are stealing that person's life. Their gossip campaigns, theft of reputations are far worse than the sinister men who steal money from banks. Here is the certificate from Mr Pocock's amateur radio license, he started doing voluntary work when he was 14.

Daniel Pocock, radio amateur

Vote [1] Daniel POCOCK

Please remember to discuss the Pocock campaign with your friends and promote it widely.

Mr Pocock's nomination page gives a lot of detail about his policies, unique skills and experience so you are voting for a lot more than what is hidden in this 8GB Swiss Archive.

Vote [1] Daniel POCOCK

 

Daniel Pocock

 

Daniel Pocock

 

Vote [1] Daniel POCOCK

28 November, 2024 11:30AM

November 26, 2024

Swiss JuristGate

GCHQ puzzles & FINMA Swiss secrets solved by the Irish

Each year the British spies at GCHQ share a puzzle in a Christmas card.

In 2016, an Irishman called David McBryan found the solution to the British puzzle.

In Septmeber 2023, FINMA, the Swiss financial regulator, published a dossier about the JuristGate affair. They redacted the names of the enterprises. They redacted the dates in the dossier.

When Gaelle Jeanmonod published the document, she wrote "PTP" in the filename:

FINMA filename

The CLB used the acronym "PTP" in their filename too.

Daniel Pocock, Irish-Swiss-Australian found the link between the dossier and the JuristGate scandal. He published the first detailed blog about the scandal.

FINMA filename

 

Julie Krattinger

26 November, 2024 11:00AM

Conférence latine des Batonniers warned lawyers in Cantonal bar associations FR, BE, GE, JU, NE, TI, VD and VS

We found a document in the Wayback Machine.

According to the file, Julie Krattinger (ODA VD) created the document 28 april 2021.

She wrote the acronym "PTP" in the filename. Parreaux, Thiébaud & Partners = PTP

Nicolas Gillard, President of the Conférence latine des Batonniers signed the document.

The bar association of Canton Geneva published the document on their web site and then it disappeared. Why?

We found the proof thanks to the Wayback Machine.

After several years of free publicity in the French side of Switzerland (Romandy), the name of Parreaux, Thiébaud & Partners was well known in the region of Romandy.

Communication to members of bar associations

To all members of cantonal bar associations in FR, BE, GE, JU, NE, TI, VD et VS

Parreaux, Thiébaud & Partners

Dear sisters, Dear brothers,

Various members of the bar associations have contacted us because of the company Parreaux, Thiébaud & Partners and informed us that said company has approached them.

The Geneva Bar Association has already taken legal action against this company.

Parreaux, Thiébaud & Partners presents itself as a law firm, claiming to be a “law firm”. It is not a law firm. This company also claims to be “the best legal protection in Switzerland”. It is not legal protection insurance and this company is not on the list of insurance companies authorised by FINMA.

We would like to draw your attention to the fact that a partnership with a company giving the appearance that the lawyer is practising as such within it may pose problems with regard to the duty of structural independence within the meaning of Art. 8 para. 1 let. d LLCA (ATF 145 II 229 c. 6). Furthermore, partnering with a company that advertises beyond objective facts, in order to indirectly benefit from this advertising, could also pose problems with regard to professional rules (art. 12 let. d LLCA).

For these reasons, we therefore recommend that you do not respond to requests from Parreaux, Thiébaud & Partners.

With lawyerly hugs and kisses,

For the Conférence latine des Bâtonniers

Julie Krattinger Julie Krattinger

26 November, 2024 10:00AM

hackergotchi for Sandro Knauß

Sandro Knauß

Akademy 2024 in Würzburg

In order to prepare for the Akademy I started some days before to give my Librem 5 ( an Open Hardware Phone) another try and ended up with a non starting Plasma 6. Actually this issue was known already, but hasn't been addressed. In the end I reached the Akademy with my Librem 5 having phosh installed (which is Gnome based), in order to have something working.

I met Bushan and Bart who took care and the issue was fixed two days later I could finally install Plasma 6 on it. The last time I tested my Librem 5 with Plasma 5 it felt sluggish and not well working. But this time I was impressed how well the system reacts. Sure there are some things here and there, but in the bigger picture it is quite useable. One annoying issue is that the camera is only working with one app and the other issue is the battery capacity, you have to charge it once a day. Because of missing a QR reader that can use the camera, getting data to the phone was quite challenging. Unfortunately the conference Wifi separated the devices and I couldn't use KDE Connect to transfer data. In the end the only way to import data was taking five photos from the QR Code to import my D-Ticket to Itinerary.

With a device with Plasma Mobile, it directly was used for a experiment: How well does Dolphin works on a Plasma Mobile device. Together with Felix Ernst we tried it out and were quite impressed, that Dolphin does work very well on Plasma Mobile, after some simple modifications on the UI. That resulted in a patch to add a mobile UI for Dolphin !826.

With more time to play with my Librem 5 I also found an bug in KWeather, that is missing a Refresh option, when used in a Plasma Mobile environment #493656.

Akademy is a good place to identify and solve some issues. It is always like that, you chat with someone and they can tell you who to ask to answer the concrete question and in the end you can solve things, that seems unsolvable in the beginning.

There was also time to look into the travelling app Itinerary. A lot people are faced with a lot of real world issues, when not in their home town. Itinerary is the best traveling apps I know about. It can import nearly every ticket you have and can get location information from restaurant websites and allow routing to that place. It does add many useful information, while traveling like current delays, platform changes, live updates for elevator, weather information at the destination, a station map and all those features with strong focus on privacy.

In detail I found some small things to improve:

  • If you search for a bus ride and enter the correct name for the bus stop, it will still add some walk from and to the station. The issue here is that we use different backends and not all backends share the same geo coordinate. That's why Itinerary needs to add some heuristics to delete those paths. walk to and from the bus stop

  • Instead of displaying just a small station map of one bus stop in the inner city, it showed complete W端rzburg inner city, as there is one big park around the inner city (named "Ringpark").

  • W端rzburg has a quite big bus station but the platform information were missing in the map, so we tweaked the CSS to display the platform. To be sure, that we don't fix only W端rzburg, we also looked at Greifswald and Aix-en-Provence if they are following the same name scheme.

I additionally learned that it has a lot of details that helps people who have special needs. That is the reason why Daniel Kraut wants to get Itinerary available for iOS. As spoken out, that Daniel wants to reach this goal, others already started to implement the first steps to build apps for iOS.

This year I was volunteering in helping out at Akademy. For me it was a lot of fun to meet everyone at the infodesk or help the speakers setup the beamer and microphone. It is also a good opportunity to meet many new faces and get in contact with them. I see also room for improvement. As we were quite busy at the Welcome Event to get out the badges to everyone, I couldn't answer the questions from newcomers, as the queue was too long. I propose that some people volunteer to be available for questions from newcomers. Often it is hard for newcomers to get their first contact(s) in a new community. There is a lot of space for improvement to make it easier for newcomers to join. Some ideas in my head are: Make an event for the newcomers to get them some links into the community and show that everyone is friendly. The tables at the BoFs should make a circle, so everyone can see each other. It was also hard for me to understand everyone as they mostly spoken towards the front. And then BoFs are sometimes full of very specific words and if you are not already deep in the topic you are lost. I can see the problem, on the one side BoFs are also the place where the person that knows the topic already wants to get things done. On the other side new comers join BoFs, are overwhelmed by to many new words get frustrated and think, that they are not welcome. Maybe at least everyone should present itself with name and ask new faces, why they joined the BoF to help them joining.

I'm happy, that the food provided for the attendees was very delicious and that I'm not the only one mostly vegetarian with a big amount to be vegan.

At the conference the KDE Eco initiation really caught me, as I see a lot of new possibilities in giving more reasons to switch to an Open Source system. The talk from Natalie was great to see how pupils get excited about Open Source and also help their grandparents to move to a Linux system. As I also will start to work as a teacher, I really got ideas what I can do at school. Together with Joseph and Nicole, we finally started to think about how to drive an exploration on what kind of old hardware is still KDE software running. The ones with the oldest hardware will get an old KDE shirt. For more information see #40.

The conference was very motivating for me, I also had still energy at the evening to do some Debian packaging and finally pushed kweathercore to Debian and started to work on KWeather. Now I'm even more interested in the KDE apps focusing the mobile world, as I now have some hardware that can actually use those apps.

I really enjoyed the workshop how to contribute to Qt by Volker Hilsheimer, especially the way how Volker explained things in a very friendly way, answered every question, sometime postponed some questions but came back to them later. All in all I now have a good overview how Qt is doing development and how I can fix bugs.

The daytrip to Rothenburg ob der Tauber was very interesting for me. It was the first time I visited the village. But in my memory it feels like I know the village already. I grew up with reading a lot of comic albums including the good SiFi comic album series "Yoku Tsuno" created by the Belgian writer Roger Leloup. Yoku Tsuno is an electronics engineer, raised in Japan but now living in Belgium. In "On the edge of life" she helps her friend Ingard, who actually lives in Rothenburg. Leloup invested a lot of time to travel to make the make his drawings as accurate as possible.

a comic page with Yoko Tsuno in Rothenburg ob der Tauber

In order to not have a hard cut from Akademy to normal life, I had a lunch with Carlos, to discuss KDE Neon and how we can improve the interaction with Debian. In the future this should have less friction and make both communities work together more smoothly. Additionally as I used to develop on KDEPIM with the help of Docker images based on Neon I ask for a meta kf6 dev meta package. That should help to get rid of most hand written lists of dev packages in the Docker file in order to make it more simple for new contributors to start hacking on KDEPIM.

The rest of the day I finally found time to do the normal tourist stuff: Going to the Wine bridge and having a walk to the castle of W端rzburg. Unfortunately you hear a lot of car noises up there, but I could finally relaxe in a Japanese designed garden.

Finally at Saturday I started my trip back. The trains towards Eberswalde are broken and I needed to find alternative routing. I got a little bit nervous, as it was the first time I travelled with my Librem 5 and Itinerary only and needed to reach the next train in less than two mins. With the indoor maps provided, I could prepare my run through the train station so I reached successfully my next train.

By the way, also if you only only use KDE software, I would recommend everyone to join Akademy ;)

26 November, 2024 12:00AM by Sandro Knauß

November 25, 2024

Michael McGrath

Cybertorture in Ireland and the European Union

In February 2020, The Guardian reported on work undertaken by Prof Nils Melzer, United Nations Special Rapporteur on Torture and Other Cruel, Inhuman or Degrading Treatment or Punishment concerning the subject of Cybertorture.

People were quick to prove the phenomena is real by creating fake web sites to mock the term cybertorture.

Mr Pocock, on the other hand, began meticulously researching the evidence in distributed online communities, such as the open source developer community creating the Debian GNU/Linux software. Mr Pocock has created a detailed index of the incidents in the high-stress Debianist environment.

Based on this research, Mr Pocock is creating a series of blog posts to explore the cybertorture phenomena in general terms.

Mr Pocock elaborates on the experience his family suffered:

Carla began cutting herself and suffered from an eating disorder at the age of 14 years.

A significant percentage of women with these challenges have been victims of harassment or abuse during adolescence.

In 2018, rogue participants in the Debian ecosystem began spreading rumors of harassment and abuse around our family. Neither of us consented to those public references to harassment and abuse.

They have clearly taken something that would be very painful for any family and twisted it inside out to cause extreme distress.

Some of these Debianist cyberbullies engage in these attacks for sadistic pleasure. Other members of the group do this for political reasons.

The evidence is clear, they wanted to block my candidacy in the election of the Debian Project Leader so they had to make up a story that sounded really horrible. The online lynch mobs followed the gossip blindly. There is no collective conscience in groups like this. It is like gang rape with words.

Given the nature of such problems that traverse multiple family members, it is impossible for the victims of these gossip campaigns to defend ourselves publicly without also compromising the privacy of family members. Effectively, by creating malicious gossip about harassment and paying dishonest and racist women to sook, they are blackmailing me to reveal that Carla suffers from this since adolescence.

The evidence shows that Google has knowingly funded groups that behave like this and Google employees are active in the vendettas.

In the UK, which has left the European Union, the parliament at Westminster described these people as digital gangsters. The Irish Times poses the question: "Are Digital Gangsters damaging Ireland Inc's reputation?". Clearly, they damage the reputations of anybody who refuses to roll over for them.

25 November, 2024 11:15PM

November 24, 2024

hackergotchi for Steinar H. Gunderson

Steinar H. Gunderson

plocate 1.1.23 released

I've just released version 1.1.23 of plocate, almost a year after 1.1.22. The changes are mostly around the systemd unit this time, but perhaps more interestingly is that this is the first release where I don't have the majority of patches; in fact, I don't have any patches at all. All of them came from contributors, many of them through the “just do git push to send me a patch email” interface.

I guess this means that I'll need to actually start streamlining my “git am” workflow… it gets me every time. :-)

24 November, 2024 10:27PM

November 22, 2024

hackergotchi for Matthew Palmer

Matthew Palmer

Your Release Process Sucks

For the past decade-plus, every piece of software I write has had one of two release processes.

Software that gets deployed directly onto servers (websites, mostly, but also the infrastructure that runs Pwnedkeys, for example) is deployed with nothing more than git push prod main. I’ll talk more about that some other day.

Today is about the release process for everything else I maintain – Rust / Ruby libraries, standalone programs, and so forth. To release those, I use the following, extremely intricate process:

  1. Create an annotated git tag, where the name of the tag is the software version I’m releasing, and the annotation is the release notes for that version.

  2. Run git release in the repository.

  3. There is no step 3.

Yes, it absolutely is that simple. And if your release process is any more complicated than that, then you are suffering unnecessarily.

But don’t worry. I’m from the Internet, and I’m here to help.

Sidebar: “annotated what-now?!?”

The annotated tag is one git’s best-kept secrets. They’ve been available in git for practically forever (I’ve been using them since at least 2014, which is “practically forever” in software development), yet almost everyone I mention them to has never heard of them.

A “tag”, in git parlance, is a repository-unique named label that points to a single commit (as identified by the commit’s SHA1 hash). Annotating a tag is simply associating a block of free-form text with that tag.

Creating an annotated tag is simple-sauce: git tag -a tagname will open up an editor window where you can enter your annotation, and git tag -a -m "some annotation" tagname will create the tag with the annotation “some annotation”. Retrieving the annotation for a tag is straightforward, too: git show tagname will display the annotation along with all the other tag-related information.

Now that we know all about annotated tags, let’s talk about how to use them to make software releases freaking awesome.

Step 1: Create the Annotated Git Tag

As I just mentioned, creating an annotated git tag is pretty simple: just add a -a (or --annotate, if you enjoy typing) to your git tag command, and WHAM! annotation achieved.

Releases, though, typically have unique and ever-increasing version numbers, which we want to encode in the tag name. Rather than having to look at the existing tags and figure out the next version number ourselves, we can have software do the hard work for us.

Enter: git-version-bump. This straightforward program takes one mandatory argument: major, minor, or patch, and bumps the corresponding version number component in line with Semantic Versioning principles. If you pass it -n, it opens an editor for you to enter the release notes, and when you save out, the tag is automagically created with the appropriate name.

Because the program is called git-version-bump, you can call it as a git command: git version-bump. Also, because version-bump is long and unwieldy, I have it aliased to vb, with the following entry in my ~/.gitconfig:

[alias]
    vb = version-bump -n

Of course, you don’t have to use git-version-bump if you don’t want to (although why wouldn’t you?). The important thing is that the only step you take to go from “here is our current codebase in main” to “everything as of this commit is version X.Y.Z of this software”, is the creation of an annotated tag that records the version number being released, and the metadata that goes along with that release.

Step 2: Run git release

As I said earlier, I’ve been using this release process for over a decade now. So long, in fact, that when I started, GitHub Actions didn’t exist, and so a lot of the things you’d delegate to a CI runner these days had to be done locally, or in a more ad-hoc manner on a server somewhere.

This is why step 2 in the release process is “run git release”. It’s because historically, you can’t do everything in a CI run. Nowadays, most of my repositories have this in the .git/config:

[alias]
    release = push --tags

Older repositories which, for one reason or another, haven’t been updated to the new hawtness, have various other aliases defined, which run more specialised scripts (usually just rake release, for Ruby libraries), but they’re slowly dying out.

The reason why I still have this alias, though, is that it standardises the release process. Whether it’s a Ruby gem, a Rust crate, a bunch of protobuf definitions, or whatever else, I run the same command to trigger a release going out. It means I don’t have to think about how I do it for this project, because every project does it exactly the same way.

The Wiring Behind the Button

It wasn’t the button that was the problem. It was the miles of wiring, the hundreds of miles of cables, the circuits, the relays, the machinery. The engine was a massive, sprawling, complex, mind-bending nightmare of levers and dials and buttons and switches. You couldn’t just slap a button on the wall and expect it to work. But there should be a button. A big, fat button that you could press and everything would be fine again. Just press it, and everything would be back to normal.

  • Red Dwarf: Better Than Life

Once you’ve accepted that your release process should be as simple as creating an annotated tag and running one command, you do need to consider what happens afterwards. These days, with the near-universal availability of CI runners that can do anything you need in an isolated, reproducible environment, the work required to go from “annotated tag” to “release artifacts” can be scripted up and left to do its thing.

What that looks like, of course, will probably vary greatly depending on what you’re releasing. I can’t really give universally-applicable guidance, since I don’t know your situation. All I can do is provide some of my open source work as inspirational examples.

For starters, let’s look at a simple Rust crate I’ve written, called strong-box. It’s a straightforward crate, that provides ergonomic and secure cryptographic functionality inspired by the likes of NaCl. As it’s just a crate, its release script is very straightforward. Most of the complexity is working around Cargo’s inelegant mandate that crate version numbers are specified in a TOML file. Apart from that, it’s just a matter of building and uploading the crate. Easy!

Slightly more complicated is action-validator. This is a Rust CLI tool which validates GitHub Actions and Workflows (how very meta) against a published JSON schema, to make sure you haven’t got any syntax or structural errors. As not everyone has a Rust toolchain on their local box, the release process helpfully build binaries for several common OSes and CPU architectures that people can download if they choose. The release process in this case is somewhat larger, but not particularly complicated. Almost half of it is actually scaffolding to build an experimental WASM/NPM build of the code, because someone seemed rather keen on that.

Moving away from Rust, and stepping up the meta another notch, we can take a look at the release process for git-version-bump itself, my Ruby library and associated CLI tool which started me down the “Just Tag It Already” rabbit hole many years ago. In this case, since gemspecs are very amenable to programmatic definition, the release process is practically trivial. Remove the boilerplate and workarounds for GitHub Actions bugs, and you’re left with about three lines of actual commands.

These approaches can certainly scale to larger, more complicated processes. I’ve recently implemented annotated-tag-based releases in a proprietary software product, that produces Debian/Ubuntu, RedHat, and Windows packages, as well as Docker images, and it takes all of the information it needs from the annotated tag. I’m confident that this approach will successfully serve them as they expand out to build AMIs, GCP machine images, and whatever else they need in their release processes in the future.

Objection, Your Honour!

I can hear the howl of the “but, actuallys” coming over the horizon even as I type. People have a lot of Big Feelings about why this release process won’t work for them. Rather than overload this article with them, I’ve created a companion article that enumerates the objections I’ve come across, and answers them. I’m also available for consulting if you’d like a personalised, professional opinion on your specific circumstances.

DVD Bonus Feature: Pre-releases

Unless you’re addicted to surprises, it’s good to get early feedback about new features and bugfixes before they make it into an official, general-purpose release. For this, you can’t go past the pre-release.

The major blocker to widespread use of pre-releases is that cutting a release is usually a pain in the behind. If you’ve got to edit changelogs, and modify version numbers in a dozen places, then you’re entirely justified in thinking that cutting a pre-release for a customer to test that bugfix that only occurs in their environment is too much of a hassle.

The thing is, once you’ve got releases building from annotated tags, making pre-releases on every push to main becomes practically trivial. This is mostly due to another fantastic and underused Git command: git describe.

How git describe works is, basically, that it finds the most recent commit that has an associated annotated tag, and then generates a string that contains that tag’s name, plus the number of commits between that tag and the current commit, with the current commit’s hash included, as a bonus. That is, imagine that three commits ago, you created an annotated release tag named v4.2.0. If you run git describe now, it will print out v4.2.0-3-g04f5a6f (assuming that the current commit’s SHA starts with 04f5a6f).

You might be starting to see where this is going. With a bit of light massaging (essentially, removing the leading v and replacing the -s with .s), that string can be converted into a version number which, in most sane environments, is considered “newer” than the official 4.2.0 release, but will be superceded by the next actual release (say, 4.2.1 or 4.3.0). If you’re already injecting version numbers into the release build process, injecting a slightly different version number is no work at all.

Then, you can easily build release artifacts for every commit to main, and make them available somewhere they won’t get in the way of the “official” releases. For example, in the proprietary product I mentioned previously, this involves uploading the Debian packages to a separate component (prerelease instead of main), so that users that want to opt-in to the prerelease channel simply modify their sources.list to change main to prerelease. Management have been extremely pleased with the easy availability of pre-release packages; they’ve been gleefully installing them willy-nilly for testing purposes since I rolled them out.

In fact, even while I’ve been writing this article, I was asked to add some debug logging to help track down a particularly pernicious bug. I added the few lines of code, committed, pushed, and went back to writing. A few minutes later (next week’s job is to cut that in-process time by at least half), the person who asked for the extra logging ran apt update; apt upgrade, which installed the newly-built package, and was able to progress in their debugging adventure.

Continuous Delivery: It’s Not Just For Hipsters.

“+1, Informative”

Hopefully, this has spurred you to commit your immortal soul to the Church of the Annotated Tag. You may tithe by buying me a refreshing beverage. Alternately, if you’re really keen to adopt more streamlined release management processes, I’m available for consulting engagements.

22 November, 2024 09:25PM by Matt Palmer (mpalmer@hezmatt.org)

Invalid Excuses for Why Your Release Process Sucks

In my companion article, I made the bold claim that your release process should consist of no more than two steps:

  1. Create an annotated Git tag;

  2. Run a single command to trigger the release pipeline.

As I have been on the Internet for more than five minutes, I’m aware that a great many people will have a great many objections to this simple and straightforward idea. In the interests of saving them a lot of wear and tear on their keyboards, I present this list of common reasons why these objections are invalid.

If you have an objection I don’t cover here, the comment box is down the bottom of the article. If you think you’ve got a real stumper, I’m available for consulting engagements, and if you turn out to have a release process which cannot feasibly be reduced to the above two steps for legitimate technical reasons, I’ll waive my fees.

“But I automatically generate my release notes from commit messages!”

This one is really easy to solve: have the release note generation tool feed directly into the annotation. Boom! Headshot.

“But all these files need to be edited to make a release!”

No, they absolutely don’t. But I can see why you might think you do, given how inflexible some packaging environments can seem, and since “that’s how we’ve always done it”.

Language Packages

Most languages require you to encode the version of the library or binary in a file that you want to revision control. This is teh suck, but I’m yet to encounter a situation that can’t be worked around some way or another.

In Ruby, for instance, gemspec files are actually executable Ruby code, so I call code (that’s part of git-version-bump, as an aside) to calculate the version number from the git tags. The Rust build tool, Cargo, uses a TOML file, which isn’t as easy, but a small amount of release automation is used to take care of that.

Distribution Packages

If you’re building Linux distribution packages, you can easily apply similar automation faffery. For example, Debian packages take their metadata from the debian/changelog file in the build directory. Don’t keep that file in revision control, though: build it at release time. Everything you need to construct a Debian (or RPM) changelog is in the tag – version numbers, dates, times, authors, release notes. Use it for much good.

The Dreaded Changelog

Finally, there’s the CHANGELOG file. If it’s maintained during the development process, it typically has an archive of all the release notes, under version numbers, with an “Unreleased” heading at the top. It’s one more place to remember to have to edit when making that “preparing release X.Y.Z” commit, and it is a gift to the Demon of Spurious Merge Conflicts if you follow the policy of “every commit must add a changelog entry”.

My solution: just burn it to the ground. Add a line to the top with a link to wherever the contents of annotated tags get published (such as GitHub Releases, if that’s your bag) and never open it ever again.

“But I need to know other things about my release, too!”

For some reason, you might think you need some other metadata about your releases. You’re probably wrong – it’s amazing how much information you can obtain or derive from the humble tag – so think creatively about your situation before you start making unnecessary complexity for yourself.

But, on the off chance you’re in a situation that legitimately needs some extra release-related information, here’s the secret: structured annotation. The annotation on a tag can be literally any sequence of octets you like. How that data is interpreted is up to you.

So, require that annotations on release tags use some sort of structured data format (say YAML or TOML – or even XML if you hate your release manager), and mandate that it contain whatever information you need. You can make sure that the annotation has a valid structure and contains all the information you need with an update hook, which can reject the tag push if it doesn’t meet the requirements, and you’re sorted.

“But I have multiple packages in my repo, with different release cadences and versions!”

This one is common enough that I just refer to it as “the monorepo drama”. Personally, I’m not a huge fan of monorepos, but you do you, boo. Annotated tags can still handle it just fine.

The trick is to include the package name being released in the tag name. So rather than a release tag being named vX.Y.Z, you use foo/vX.Y.Z, bar/vX.Y.Z, and baz/vX.Y.Z. The release automation for each package just triggers on tags that match the pattern for that particular package, and limits itself to those tags when figuring out what the version number is.

“But we don’t semver our releases!”

Oh, that’s easy. The tag pattern that marks a release doesn’t have to be vX.Y.Z. It can be anything you want.

Relatedly, there is a (rare, but existent) need for packages that don’t really have a conception of “releases” in the traditional sense. The example I’ve hit most often is automatically generated “bindings” packages, such as protobuf definitions. The source of truth for these is a bunch of .proto files, but to be useful, they need to be packaged into code for the various language(s) you’re using. But those packages need versions, and while someone could manually make releases, the best option is to build new per-language packages automatically every time any of those definitions change.

The versions of those packages, then, can be datestamps (I like something like YYYY.MM.DD.N, where N starts at 0 each day and increments if there are multiple releases in a single day).

This process allows all the code that needs the definitions to declare the minimum version of the definitions that it relies on, and everything is kept in sync and tracked almost like magic.

Th-th-th-th-that’s all, folks!

I hope you’ve enjoyed this bit of mild debunking. Show your gratitude by buying me a refreshing beverage, or purchase my professional expertise and I’ll answer all of your questions and write all your CI jobs.

22 November, 2024 09:25PM by Matt Palmer (mpalmer@hezmatt.org)

not Gerry 'The Monk' Hutch

Who snatched GerryHutch.com, GerryHutch.ie & TheMonk.ie?

When Gerry Hutch released his video this week, he wasn't able to publish it on a web site bearing his own domain name. These names were all proactively registered by Daniel Pocock, a candidate for Dublin Bay South who has worked as a consultant for a number of banks. Pocock wants to promote the work of HUTCH Hussein, who is a leading figure in Australian politics.

The domain names / web sites concerned are GerryHutch.com, GerryHutch.ie, GerardHutch.com, GerardHutch.ie and TheMonk.ie. TheMonk.com was already taken by a business in another country.

Oddly enough, Mr Pocock has also collected the domain name AlanShatter.com, the high-profile independent Alan Shatter who formerly served as Minister for Defence and Minister for Justice. Will we see a class action law suit in the UDRP where Ireland's most notorious criminal teams up with a former justice minister to get their respective names back?

Daniel Pocock is a Debian Developer. What is a Debian Developer?

The Monk started his career doing jumpovers, robbing banks and stores by jumping over the counter. Mr Pocock has run steeplechases in athletics.

Daniel Pocock, London

Mr Hutch arrived at the office of the returning officer on a scooter. Daniel Pocock arrived the next day on a BMW Motorrad F800 GT and parked in the same place:

Gerry Hutch, the Monk

 

Daniel Pocock

 

Daniel Pocock

 

The frugal lifestyle helped Mr Hutch gain the nickname Monk.

Nobody is more concerned with the safety and security of Dublin's citizens than Mr Pocock.

In this section of an interview with Ali Bracken from the Independent, the Monk talks about cleaning up Dublin and they finish with a comment about Donald Trump:

 

Daniel Pocock is sincere about cleaning up Dublin. He was in the middle of the Dublin riots of November 2023 and he posted a detailed report with photos. Today, he goes one step further publishing videos. This was recorded in Parliament Street. We can see the riot police advancing south towards the Dublin Castle, reclaiming sections of the city fifty meters at a time and putting out spot fires as they proceed.

 

Here is another video:

 

Similarities between murder of David Byrne and the GNOME Foundation attack on Sonny Piers

The wikipedia page about David Byrne tells us the following:

At the weigh-in there was an organised armed attack; the match was cancelled after the shooting. There were at least four attackers with masks, army-style helmets and flak jackets, two of whom were disguised as members of the Garda Emergency Response Unit and armed with AK-47 assault rifles. An associate of the Kinahan cartel, David Byrne (34) was shot dead; security sources said that the gang had intended to kill others.

Earlier this year, some masked employees of the GNOME Foundation created an anonymous account in the GNOME Foundation Discourse forum and used it to anonymously post a character assassin hit on Sonny Piers, an elected volunteer. The kill:

The GNOME Foundation Board voted to remove Sonny Piers as a member of the Board of Directors for cause, at a Special Meeting on May 17th, 2024, following the procedure outlined in the GNOME Bylaws, and remove him from all committees. Effective May 25th, 2024, his seat is now vacant, and in accordance with the Bylaws will be filled for the remainder of its term by an appointment made by the Board.

A Code of Conduct complaint was also made against Sonny Piers. The Foundation is engaged in a mediation process with him, which is still ongoing and so we are unable to share more information at this time.

The assassins disguised as members of the Garda Emergency Response Unit remind us of people in free / open source software organizations who give themselves big titles, pretending to be police so they can denounce their political rivals.

We can see that Gerry 'The Monk' Hutch had a very public trial by jury. Sonny Piers was subject to a secret trial, with secret evidence for secret crimes. In Debian, we've seen people can be punished like this simply for using a word like "wayward".

The Universal Declaration of Human Rights, point 1 tells us that everybody is equal. Why do some people get such extraordinary punishments for using the wrong word but Ireland's most notorious criminal can run for the Dáil?

Social control media companies have been described as digital gangsters. The Irish Times poses the question:

Are 'digital gangsters' damaging Ireland Inc's reputation?

Daniel Pocock believes in equality. If elected, he will show equal concern about traditional Irish gangstering and digital gangstering.

Here is that video of Daniel Pocock at the United Nations Forum on Business and Human Rights, it is recorded in 2018 and he correctly anticipated the risk of somebody like Elon Musk taking over Twitter:

Garda have suggested people ask the Monk where he got the funds to pay for his campaign. Pocock admits getting his first file server from a Cardinal.

Garda have been watching the Monk since he was ten years old. Pocock used to row every morning with one of the most distinguished members of Victoria Police sitting in the seat behind him and watching his every move:

Daniel Pocock

Vote [1] Daniel POCOCK

Voters have a choice. If you would like to vote for a professional who can think about the things that mainstream candidates overlook Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

22 November, 2024 09:00PM

Gerry 'The Monk' Hutch

The Hutch: there can be only one

Luke "Ming" Flanagan is one of Ireland's most successful independent candidates ever. Ming regularly shares advice with those who want to follow in his footsteps. He recently told The Irish Times:

‘The one thing you’ve got to do is be remembered in politics’

When news reports appeared about Gerry Hutch, a.k.a. The Monk entering politics, Daniel Pocock, candidate for Dublin Bay South remembered his old friend Hutch Hussein, formerly President of the Victorian state branch of the Australian Labor Party.

Is there room for two Hutches in the world of politics?

Putting it in the context of Ming's advice, Hutch's wikipedia entry captures the things Hutch Hussein is remembered for:

Hatice "Hutch" Hussein is an Australian feminist, activist, and social worker. She served as the elected State President of the Victorian branch of the Australian Labor Party (ALP) between 2016 and 2019. Upon taking this role, she became the first President in the party's 125-year history to be from an ethnic minority background, from a Muslim background, and from the LGBT community.

Another wikipedia page reminds us that the Hutch-Kinahan feud is an "ongoing" feud and that:

Special Crime Task Force was created within the national Drugs and Organised Crime Bureau (DOCB) to combat crime gangs, especially the Kinahan and Hutch gangs. Manned by at least 10 gardaí and three sergeants, the task force was scheduled to close in 2021; however, despite at least 18 people being killed in the feud, their success in preventing 50 other murder attempts means it will continue operating.

What are friends for? Daniel Pocock has registered all permutations of Hutch domains like GerryHutch.com and GerryHutch.ie to uphold the good name of Hutch Hussein.

For those who want to know more about The Monk, Mr Pocock has registered TheMonk.ie for good measure. Don't forget to read it before you vote on 29 November 2024.

Here are some videos of Hutch Hussein and Daniel Pocock:

Hutch Hussein speaks to Australian Fabian Society, June 2018

Daniel Pocock at the UN Forum on Business and Human Rights, November 2018

Mr Pocock makes the point that social control media gives activists like Hutch Hussein a false sense of empowerment. People have come to see the truth in this during 2024 as Elon Musk's Twitter / X appeared to help one US election candidate more than the other. The Guardian newspaper recently decided to stop using the Twitter / X platform.

Mr Pocock's point is equally valid for all enterprises, whether they be political parties, non-profits, small businesses or whatever.

Let's not forget Operation Trojan Shield, whereby the secure messaging app ANOM was really controlled by the FBI and Australian Federal Police (AFP). Social control media is really not much better than this and unlike an app operated by the police, social control media can sell information about their users to just about anybody.

Read more about TheMonk.ie and then remember to ...

Vote [1] Daniel POCOCK

Voters have a choice. If you would like to vote for a professional who can think about the things that mainstream candidates overlook Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

22 November, 2024 03:30PM

Alan Shatter

Dual citizens, Alan Shatter, Michael Danby & Israel

Alan Shatter resigned from the party Fine Gael some years ago and is making a return as an independent candidate for Dublin Rathdown.

Like candidates in neighboring Dublin Bay South, Mr Shatter wasn't fast enough to recover his old domain names. The domain name AlanShatter.ie has been taken by cybersquatters and they are trying to sell it to the highest bidder.

Somehow the cybersquatters lost interest in Mr Shatter's original domain name AlanShatter.com and it has been secured by Daniel Pocock, independent candidate for Dublin Bay South. The original Alan Shatter web site can be viewed here.

Mr Shatter is the only political leader who has simultaneously served as Ireland's Minister of Defence and Minister of Justice. Ironically, Mr Pocock used to be in the committee of the Elwood branch of the Australian Labor Party. The local member of federal parliament was Michael Danby.

Ireland's political system is very permissive of dual citizens while Australia's system requires dual citizens to renounce any additional citizenships if they are elected to public office. Everybody who identifies as Jewish is entitled to citizenship of Israel. It is interesting to note that while Michael Danby was in the Australian parliament for twenty one years, he was never accepted as a minister, as a member of the cabinet.

Danby had been editor of the Australia-Israel Review and after leaving parliament, he took another job with a Jewish cultural organization in Israel. This emphasizes the challenges that dual-citizens face when they are stretched between multiple communities.

Danby's father was a German Jew who fled to Australia after the Kristallnacht. Coincidentally, Daniel Pocock's birthday, 9 November, is the anniversary of the Kristallnacht and Pocock is sympathetic to all victims of totalitarianism, wherever they are.

Alan Shatter is a lawyer and so he has a much deeper understanding than most of us when it comes to some of the more significant legal questions about Israel and Palestine. It would be interesting to hear his feedback on these topics during the campaign:

On 22 May 2024, the Irish state formally recognized the State of Palestine. This is a dramatic change from the time when Mr Shatter was chariperson of the Irish Parliaments Foreign Affairs Committee.

On 24 May 2024, the International Court of Justice made an order against Israel with reference to genocide.

On 26 May 2024, the first pro-Israel rally took place in Dublin and Shatter was pictured speaking in front of the Israeli flag:

Alan Shatter, Israel, Ireland

On 21 November 2024, the International Criminal Court issued a warrant for the arrest of leadership figures on both sides of the dispute, both the Israeli president and the Hamas leadership.

Decisions like these stand a head and shoulders above many of the other day-to-day stories of tragedy that appear in the news.

More significantly, Irish troops are currently stationed in Lebanon as peacekeepers and Israel ordered them to leave. Where does Mr Shatter stand in a situation like that? It is not an easy situation for any Irish-Israeli citizen.

During the MEP election campaign period in April and May 2024, Mr Pocock was fortunate to meet some of the Irish servicemen and their families having their leaving drinks before deployment to Lebanon. For the safety of the men and the families, the photo has been redacted. These were the drinks:

Irish peacekeepers, Lebanon

 

 

Ask the right questions

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

Daniel Pocock is ready to ask the difficult questions.

Pocock is not a dual-citizen any more. He acquired a third citizenship.

Activists on all sides of the dispute, whether they are supporters of Palestine or supporters of Israel, would be wise to contemplate Mr Pocock's concern about social control media giving them a false sense of empowerment:

Daniel Pocock is ready to ask the difficult questions.

Vote [1] Daniel POCOCK

22 November, 2024 12:00PM

Kate O'Connell

Gloves are off in Dublin Bay South

Kate O'Connell was a member of Fine Gael for many years. In 2016 she was the Fine Gael candidate and she won a seat. In the 2020 election Fine Gael fielded two candidates and O'Connell just missed out on winning one of the four seats. Kate subsequently graduated from Fine Gael and now she is running as an independent in 2024.

The domain name KateOConnell.com has been taken by cybersquatters and they are offering it for sale at a price of $4,999. The domain name KateOConnell.ie was available and obtained by rival candidate Daniel Pocock for €15.

Every candidate who receives a vote of more than one quarter of the quota is entitled to have their campaign expenses reimbursed, up to a certain limit. Therefore, if Kate has the cash to pay the expense and if she is confident of getting enough votes then she could give the $4,999 ransom to the blackmailer selling kateoconnell.com and reclaim the expense from public funds. The blackmailer wins and the taxpayer loses.

Kate O'Connell

While Daniel Pocock was busy submitting his nomination Kate, who runs a small business, demonstrated her entrepreneurial side by making off with Pocock's motorbike:

Kate O'Connell

When Gerry Hutch, a.k.a. The Monk submitted his nomination, news reports showed him parking his scooter in the same place the day before and putting a lock on it. Why do you need to lock your vehicle when you are a crime boss and everybody is supposed to be afraid of you? Surely people know that scooter belongs to the leader of the Hutch Gang and nobody touches it. Nonetheless, Mr Hutch locks the scooter, even when it is parked outside the office of the sheriff.

Gerry Hutch, The Monk, Scooter, nomination

Kate O'Connell's wikipedia page goes into more detail about her interactions with her former party, Fine Gael and also the Catholic Church:

In October 2016 O'Connell responded to comments by the Archbishop of Dublin Diarmuid Martin that TDs should remember their faith when legislating for abortion in Ireland by stating "I don't see why the archbishop's views are in any way relevant. I don't see why Archbishop Martin should be getting involved in women's health issues. It is the same as asking my four-year-old. They [the Church] are entitled to their opinion, but I don't put any weight in them. I don't see what involvement the Catholic Church should have in women's health issues".

In the world of open source / free software, we would say that this is a woman who doesn't obey the Code of Conduct and the cool kids would go off and have a big sook about "harassment" every time she opens her mouth.

Mr Pocock was a mentor in programs like Outreach Program for Women (Outreachy) and he admitted hoping to find talented female candidates who would also be willing to speak their mind. In 2017 he awarded such an internship to Renata D'Avila from Brazil. While most of the interns were in their first job, Renata had formerly worked as a school teacher and then re-trained as a software developer. Being about 30 years old, she was no longer as naive as the 20 year-olds Debian was hoping to recruit in the program. Renata came to the mini-DebConf in Brazil and spoke to the Debian men the same way she would speak to naughty schoolchildren:

After having met some of the candidates, Mr Pocock has made the following observations about Kate O'Connell:

I don't know everything that Kate stands for and I suspect I may not even agree with her on everything. However, she was the only other candidate who immediately asked for my number [2] vote when she realized I was running against her.

Donald Trump told us clearly that American companies in Ireland will be asked to pay their taxes in America at a lower tax rate. Many Irish politicians will be taken by surprise when the revenue they took for granted just disappears. Read the hard facts about this lost revenue on my blog.

We need a new generation of TDs who can think on our feet. Kate, a small business owner, demonstrated with her immediate request for my number [2] vote the same lightning reflexes that helped me seize her domain, along with the domains of our rivals.

Kate demonstrated an outspoken response to the role of men in women's lives. The role of social control media is far worse than anything the church has ever done. Therefore, the fact that she has made social control media a key part of her campaign, without even creating a normal website, demonstrates that she is selling her soul and the souls of her supporters to the clerics of Silicon Valley. These platforms are designed to give strong female leaders like Kate a false sense of empowerment. Artificial intelligence and algorithms will always be one step ahead of her.

Mr Pocock has been consistent in sharing this message with independent leaders around the world. Here is the video from the UN Forum on Business and Human Rights. Ever since then, Mr Pocock's family was subject to stalking and gossip campaigns from the social control media cliques:

Good news, Pocock knew just where to find his motorbike again, right outside Kate's pharmacy:

Kate O'Connell, Daniel Pocock

Look at all the bikes. Bike sheds are a major issue in Dublin right now.

Kate has used her business premises to display election advertising. Mr Pocock wants to ban the election posters but such a ban wouldn't apply to private premises like this. Kate appears a little bit smarter than the FG and FF candidates who put their posters on the ESB poles.

Voters have a choice. If you would like to vote for a professional who can think about the things that mainstream candidates overlook Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

22 November, 2024 11:00AM

hackergotchi for Norbert Preining

Norbert Preining

CafeOBJ 1.6.2 released

We have released version 1.6.2 of CafeOBJ, an algebraic specification and verification language.
cafeobj-logo

It has been a long time since we made a formal release. There has been an internal release that really never got published, and just to rectify this, plus a few changes, a new release was made.

In this release, we also switched away from providing ACL based builds, since the SBCL based builds are more stable and completely open-source based. Furthermore, 32bit builds for Windows and Linux are also now stopped.

Detailed changes:

  • make a public release of the internal version 1.6.1
  • change grouping of operators.
  • :init makes a new goal
  • Optimize introduced axiom
  • :init command behaves like :defined one
  • Fix wrong contradiction check
  • Fix :init as <Label> causes exception
  • Fix diagnostic messages of regularity check.

Please see the download page for the source release, binary packages, and installation instructions.

To quote from our README:

CafeOBJ is a new generation algebraic specification and programming language. As a direct successor of OBJ, it inherits all its features (flexible mix-fix syntax, powerful typing system with sub-types, and sophisticated module composition system featuring various kinds of imports, parameterised modules, views for instantiating the parameters, module expressions, etc.) but it also implements new paradigms such as rewriting logic and hidden algebra, as well as their combination.

Availability

Binary packages for Linux, MacOS, and Windows are already available, in 64 bit and based on SBCL. All downloads can be found at the CafeOBJ download page. The source code can also be found on the download page, or directly from here: cafeobj-1.6.2.tar.gz.

Homebrew already carries the most recent version, as does the Arch Linux AUR cafeobj package. Updates to the Macports will probably stop.

Bug reports

If you find a bug, have suggestions, or complains, please open an issue at the Github issue page.

For other inquiries, please use info@cafeobj.org

22 November, 2024 08:55AM by Norbert Preining

November 21, 2024

Chris Andrews

Brigid Purcell

Socialism with a touch of communism

Brigid Purcell is a woman and she is one of the youngest candidates but that doesn't exclude her from the same scrutiny as her competitors. Feedback can only help a candidate improve both now and in future elections.

Purcell has a few videos and here are the key points. People Before Profit present themselves as socialists but some of their ideas are veering on communism, like this comment about a state-owned construction company:

Brigid contested the by-election in 2021 and therefore she could have been more well prepared and registered her domain name long ago. She failed to take the key domain names BrigidPurcell.com and BrigidPurcell.ie and now Daniel Pocock, a rival candidate, has got them.

Like other candidates, Brigid hopes to claim public funds to pay for the posters she is putting up all over Dublin Bay South. The posters promote social control media accounts, therefore, People Before Profit add to the net worth of Silicon Valley billionaires. That is a huge contradiction.

Here Brigid talks about being a minimum wage worker and I'm sure these comments resonate with every minimum wage worker throughout Ireland:

Check out Daniel Pocock's recordings of such behavior in voluntary organizations affiliated to Google and other difficult environments.

Nonetheless, by using social control media for her campaign Brigid is giving power to billionaires in Silicon Valley. Brigid is giving power to a lot of privileged white men who work in the social control media ecosystem. Every minute Brigid spends on social control media is unpaid work adding to the share price of Meta and X. Every friend she connects with through these platforms increases the value of those networks and their share prices based on the theory proposed by Metcalfe's law.

Therefore, by building up social control media, People Before Profit are augmenting the capital accounts of billionaires. Those same billionaires have the power to manipulate their message in very subtle ways or in a very big way at any time. Artificial Intelligence is only going to make it more difficult.

Daniel Pocock is the only candidate building a campaign without social control media. Vote [1] Daniel POCOCK.

Brigid goes on to ask more young people to register to vote in the region where they live and not where their parents live:

Mr Pocock encourages young people to go a step further beyond enrolling to vote: it is vital for young people to get involved in election campaigns, to attending hustings, to organize events for the candidates on campus, to invite the more unusual candidates, to attend party branch meetings as guests and ask the candidates difficult questions. Don't rely on the reports that appear on the television, news web sites and social control media as all of those things are very carefully scripted by public relations experts.

Here we can see Mr Pocock at the UN Forum on Business and Human Rights in 2018. He speaks about social control media giving people like Brigid Purcell a false sense of empowerment:

Pocock is willing to go to the Dáil and ask the difficult questions about artificial intelligence, the economy and jobs. To solve housing problems in Dublin, we need to find win-win situations where landlords and tenants both have some positive outcomes.

The two main questions people ask Mr Pocock when he is canvassing are "are you related to the rugby player, Senator David Pocock?" and ...

you asked: "when are the posters coming down?"

Daniel Pocock, David Pocock

Vast sums of public money are wasted on these posters which encourage people to visit social control media pages controlled by foreign billionaires.

Voters have a choice. If you would like to vote for original ideas to manage the rules of engagement between artificial intelligence, our businesses and our jobs then please Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

21 November, 2024 07:30PM

Nick Delehanty

Dog age my web site

Nick Delehanty is a corporate lawyer who worked inside the state system, left to set up a dog day care business, Barkleys Doggie Daycare and wants to change the system that he formerly worked in.

It looks like a dog ate Nick's web site and the domain name has been taken over by rival candidate Daniel Pocock. Coincidentally, Pocock worked at the other Barclays in Canary Wharf.

The domain name NickDelehanty.com is run by somebody else and has no relation to the Nick Delehanty competing in the Irish general election. Therefore, it was crucial for Nick to secure NickDelehanty.ie and he failed to do so.

Many candidates, like Nick, want to change the system. Many candidates simultaneously promise to get social control media under control and protect the children. But you can't always change the system from within, whether it is the state or the menace of social control media, candidates who want to change these things need to break out of them first.

Candidates who try to run their entire campaign within social control media and without a web site are only advancing the cause of the billionaires who run those platforms.

The Guardian learnt that the hard way. After the election of Donald Trump, The Guardian newspaper declared they will no longer post on Elon Musk's X / Twitter platform. But it was too little, too late.

Daniel Pocock is the only candidate who is competing without any social control media accounts. If you want something a bit different, you have to vote for it.

Vote [1] Daniel POCOCK

Visit the blog of Daniel Pocock for more details about policy and how you can help.

Nick has spent a lot of time and money putting up posters. Like most candidates, he will try to reclaim the cost of posters from public funds.

The two main questions people ask Mr Pocock when he is canvassing are "are you related to the rugby player, Senator David Pocock?" and ...

you asked: "when are the posters coming down?"

Daniel Pocock, David Pocock

Daniel Pocock wants to ban the posters.

Vote [1] Daniel POCOCK

The tech industry, globally, is having a huge impact on our salaries, our savings, our small businesses and our national economy. Pocock is one of the few people from the industry who can see the big picture and wants to work on your side as your TD for Dublin Bay South.

Visit the blog of Daniel Pocock for more details about policy and how you can help.

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK for Dublin Bay South

21 November, 2024 05:00PM

Alan Shatter

Inheritance Tax Reform Campaign in Ireland

On 17 September 2024, the Irish Times reported Alan Shatter hasn’t “given thought” to election bid as he seeks revolt over inheritance tax.

There are many things that can be said for and against each type of tax.

Four days later, on 21 September 2024, The Journal used a loaded question in a headline, asking FactCheck: Is it true that only about 3% of people pay tax on inheritance in Ireland?

The Journal’s article does not mention the word inflation even once.

Some of the big concerns about inheritance tax:

  • the threshold doesn’t automatically increase with inflation
  • the privacy of a testator’s will means that beneficiaries do not always have a lot of certainty about their inheritance, therefore, they can not fully plan their affairs around it
  • in most cases, the time of death will not be known very clearly in advance and this also makes it difficult for beneficiaries to plan their affairs around the tax. Example: parent dies unexpectedly aged 50 and their daughter, who has just had a baby, has committed all their cash to extending their home so they have no disposable cash to pay the inheritance tax bill.
  • parents who die in unforeseen circumstances at a young age may not have had the opportunity to transfer assets pre-emptively to children who are still very young
  • while some taxes, like USC, are earmarked for specific services and we can measure how well the government provides those services, it is harder to state whether the government is efficient in their use of funds from inheritance tax

21 November, 2024 04:00PM

Jim O'Callaghan

Fine Gael & Fianna Fáil in power again

Emma Blain, Jim O'Callaghan, James Geoghegan

At each election, the ESB sends a kind warning to all the candidates and political parties reminding them that risky behavior, like erecting signs on the power poles, is not safe for volunteers.

With so many poles in the streets, how can we recognize the poles to avoid?

There are three clues: a yellow warning triangle, a Fine Gael poster and a Fianna Fáil poster. If you see those three things together, it is definitely the wrong pole.

While Fine Gael & Fianna Fáil were barking up the wrong ESB pole, Daniel Pocock registered their Internet domain names.

The domain names for Emma Blain (.com), Fine Gael, Emma Blain (.ie), Fine Gael and Jim O'Callaghan (.ie), Fianna Fáil are now operated by an independent candidate.

Daniel Pocock supports the abolition of election posters in future elections.

The two main questions people ask Mr Pocock when he is canvassing are "are you related to the rugby player, Senator David Pocock?" and ...

you asked: "when are the posters coming down?"

Daniel Pocock, David Pocock

Vast sums of public money are wasted on these posters which encourage people to visit social control media pages controlled by foreign billionaires.

If they spend so much public money and volunteer time on erecting these posters, why didn't they even bother to put a website address on them?

Checking the whois records, we can see that Mr Pocock only acquired the domains after the close of nominations. That is well after these parties had chosen their candidates. Mr Pocock did not prevent them registering the domains themselves. Mrs Blain, who is already a council member, didn't attempt to register the domain and Mr O'Callaghan previously owned the domain jimocallaghan.ie and failed to renew it.

If they can't renew an Internet domain, how can they protect your kids from Google? Do you really want both of these parties in power together again? (excuse the pun) Or do you want independent candidates in the Dáil who can look over their shoulders and help them do better?

Voters have a choice. If you would like to vote for a professional who can think about the things that mainstream candidates overlook Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

21 November, 2024 01:00PM

Emma Blain

Barking up the wrong ESB pole

Emma Blain, Jim O'Callaghan, James Geoghegan

At each election, the ESB sends a kind warning to all the candidates and political parties reminding them that risky behavior, like erecting signs on the power poles, is not safe for volunteers.

With so many poles in the streets, how can we recognize the poles to avoid?

There are three clues: a yellow warning triangle, a Fine Gael poster and a Fianna Fáil poster. If you see those three things together, it is definitely the wrong pole.

While Fine Gael & Fianna Fáil were barking up the wrong ESB pole, Daniel Pocock registered their Internet domain names.

The domain names for Emma Blain (.com), Fine Gael, Emma Blain (.ie), Fine Gael and Jim O'Callaghan (.ie), Fianna Fáil are now operated by an independent candidate.

Daniel Pocock supports the abolition of election posters in future elections.

The two main questions people ask Mr Pocock when he is canvassing are "are you related to the rugby player, Senator David Pocock?" and ...

you asked: "when are the posters coming down?"

Daniel Pocock, David Pocock

Vast sums of public money are wasted on these posters which encourage people to visit social control media pages controlled by foreign billionaires.

If they spend so much public money and volunteer time on erecting these posters, why didn't they even bother to put a web site address on them?

Checking the whois records, we can see that Mr Pocock only acquired the domains after the close of nominations. That is well after these parties had chosen their candidates. Mr Pocock did not prevent them registering the domains themselves. Mrs Blain, who is already a council member, didn't attempt to register the domain and Mr O'Callaghan previously owned the domain jimocallaghan.ie and failed to renew it.

If they can't renew an Internet domain, how can they protect your kids from Google? Do you really want both of these parties in power together again? (excuse the pun) Or do you want independent candidates in the Dáil who can look over their shoulders and help them do better?

Voters have a choice. If you would like to vote for a professional who can think about the things that mainstream candidates overlook Vote [1] DANIEL POCOCK and remember to follow Daniel Pocock's blog at DanielPOCOCK.com

Daniel Pocock, Dublin Bay South

Vote [1] Daniel POCOCK

21 November, 2024 01:00PM

November 20, 2024

Ian Jackson

The Rust Foundation's 2nd bad draft trademark policy

tl;dr: The Rust Foundation’s new trademark policy still forbids unapproved modifications: this would forbid both the Rust Community’s own development work(!) and normal Free Software distribution practices.

Background

In April 2023 I wrote about the Rust Foundation’s ham-fisted and misguided attempts to update the Rust trademark policy. This turned into drama.

The new draft

Recently, the Foundation published a new draft. It’s considerably less bad, but the most serious problem, which I identified last year, remains.

It prevents redistribution of modified versions of Rust, without pre-approval from the Rust Foundation. (Subject to some limited exceptions.) The people who wrote this evidently haven’t realised that distributing modified versions is how free software development works. Ie, the draft Rust trademark policy even forbids making a github branch for an MR to contribute to Rust!

It’s also very likely unacceptable to Debian. Rust is still on track to repeat the Firefox/Iceweasel debacle.

Below is a copy of my formal response to the consultation. The consultation closes at 07:59:00 UTC tomorrow (21st November), ie, at the end of today (Wednesday) US Pacific time, so if you want to reply, do so quickly.

My consultation response

Hi. My name is Ian Jackson. I write as a Rust contributor and as a Debian Developer with first-hand experience of Debian’s approach to trademarks. (But I am not a member of the Debian Rust Packaging Team.)

Your form invites me to state any blocking concerns. I’m afraid I have one:

PROBLEM

The policy on distributing modified versions of Rust (page 4, 8th bullet) is far too restrictive.

PROBLEM - ASPECT 1

On its face the policy forbids making a clone of the Rust repositories on a git forge, and pushing a modified branch there. That is publicly distributing a modified version of Rust.

I.e., the current policy forbids the Rust’s community’s own development workflow!

PROBLEM - ASPECT 2

The policy also does not meet the needs of Software-Freedom-respecting downstreams, including community Linux distributions such as Debian.

There are two scenarios (fuzzy, and overlapping) which provide a convenient framing to discuss this:

Firstly, in practical terms, Debian may need to backport bugfixes, or sometimes other changes. Sometimes Debian will want to pre-apply bugfixes or changes that have been contributed by users, and are intended eventually to go upstream, but are not included upstream in official Rust yet. This is a routine activity for a distribution. The policy, however, forbids it.

Secondly, Debian, as a point of principle, requires the ability to diverge from upstream if and when Debian decides that this is the right choice for Debian’s users. The freedom to modify is a key principle of Free Software. This includes making changes that the upstream project disapproves of. Some examples of this, where Debian has made changes, that upstream do not approve of, have included things like: removing user-tracking code, or disabling obsolescence “timebombs” that stop a particular version working after a certain date.

Overall, while alignment in values between Debian and Rust seems to be very good right now, modifiability it is a matter of non-negotiable principle for Debian. The 8th bullet point on page 4 of the PDF does not give Debian (and Debian’s users) these freedoms.

POSSIBLE SOLUTIONS

Other formulations, or an additional permission, seem like they would be able to meet the needs of both Debian and Rust.

The first thing to recognise is that forbidding modified versions is probably not necessary to prevent language ecosystem fragmentation. Many other programming languages are distributed under fully Free Software licences without such restrictive trademark policies. (For example, Python; I’m sure a thorough survey would find many others.)

The scenario that would be most worrying for Rust would be “embrace - extend - extinguish”. In projects with a copyleft licence, this is not a concern, but Rust is permissively licenced. However, one way to address this would be to add an additional permission for modification that permits distribution of modified versions without permission, but if the modified source code is also provided, under the original Rust licence.

I suggest therefore adding the following 2nd sub-bullet point to the 8th bullet on page 4:

  • changes which are shared, in source code form, with all recipients of the modified software, and publicly licenced under the same licence as the official materials.

This means that downstreams who fear copyleft have the option of taking Rust’s permissive copyright licence at face value, but are limited in the modifications they may make, unless they rename. Conversely downstreams such as Debian who wish to operate as part of the Free Software ecosystem can freely make modifications.

It also, obviously, covers the Rust Community’s own development work.

NON-SOLUTIONS

Some upstreams, faced with this problem, have offered Debian a special permission: ie, said that it would be OK for Debian to make modifications that Debian wants to. But Debian will not accept any Debian-specific permissions.

Debian could of course rename their Rust compiler. Debian has chosen to rename in the past: infamously, a similar policy by Mozilla resulted in Debian distributing Firefox under the name Iceweasel for many years. This is a PR problem for everyone involved, and results in a good deal of technical inconvenience and makework.

“Debian could seek approval for changes, and the Rust Foundation would grant that approval quickly”. This is unworkable on a practical level - requests for permission do not fit into Debian’s workflow, and the resulting delays would be unacceptable. But, more fundamentally, Debian rightly insists that it must have the freedom to make changes that the Foundation do not approve of. (For example, if a future Rust shipped with telemetry features Debian objected to.)

“Debian and Rust could compromise”. However, Debian is an ideological as well as technological project. The principles I have set out are part of Debian’s Foundation Documents - they are core values for Debian. When Debian makes compromises, it does so very slowly and with great deliberation, using its slowest and most heavyweight constitutional governance processes. Debian is not likely to want to engage in such a process for the benefit of one programming language.

“Users will get Rust from upstream”. This is currently often the case. Right now, Rust is moving very quickly, and by Debian standards is very new. As Rust becomes more widely used, more stable, and more part of the infrastructure of the software world, it will need to become part of standard, stable, reliable, software distributions. That means Debian.

(The consultation was a Google Forms page with a single text field, so the formatting isn’t great. I have edited the formatting very lightly to avoid rendering bugs here on my blog.)



comment count unavailable comments

20 November, 2024 12:50PM

Russell Coker

Solving Spam and Phishing for Corporations

Centralisation and Corporations

An advantage of a medium to large company is that it permits specialisation. For example I’m currently working in the IT department of a medium sized company and because we have standardised hardware (Dell Latitude and Precision laptops, Dell Precision Tower workstations, and Dell PowerEdge servers) and I am involved in fixing all Linux compatibility issues on that I can fix most problems in a small fraction of the time that I would take to fix on a random computer. There is scope for a lot of debate about the extent to which companies should standardise and centralise things. But for computer problems which can escalate quickly from minor to serious if not approached in the correct manner it’s clear that a good deal of centralisation is appropriate.

For people doing technical computer work such as programming there’s a large portion of the employees who are computer hobbyists who like to fiddle with computers. But if the support system is run well even they will appreciate having computers just work most of the time and for a large portion of the failures having someone immediately recognise the problem, like the issues with NVidia drivers that I have documented so that first line support can implement workarounds without the need for a lengthy investigation.

A big problem with email in the modern Internet is the prevalence of Phishing scams. The current corporate approach to this is to send out test Phishing email to people and then force computer security training on everyone who clicks on them. One problem with this is that attackers only need to fool one person on one occasion and when you have hundreds of people doing something on rare occasions that’s not part of their core work they will periodically get it wrong. When every test Phishing run finds several people who need extra training it seems obvious to me that this isn’t a solution that’s working well. I will concede that the majority of people who click on the test Phishing email would probably realise their mistake if asked to enter the password for the corporate email system, but I think it’s still clear that this isn’t a great solution.

Let’s imagine for the sake of discussion that everyone in a company was 100% accurate at identifying Phishing email and other scam email, if that was the case would the problem be solved? I believe that even in that hypothetical case it would not be a solved problem due to the wasted time and concentration. People can spend minutes determining if a single email is legitimate. On many occasions I have had relatives and clients forward me email because they are unsure if it’s valid, it’s great that they seek expert advice when they are unsure about things but it would be better if they didn’t have to go to that effort. What we ideally want to do is centralise the anti-Phishing and anti-spam work to a small group of people who are actually good at it and who can recognise patterns by seeing larger quantities of spam. When a spam or Phishing message is sent to 600 people in a company you don’t want 600 people to individually consider it, you want one person to recognise it and delete/block all 600. If 600 people each spend one minute considering the matter then that’s 10 work hours wasted!

The Rationale for Human Filtering

For personal email human filtering usually isn’t viable because people want privacy. But corporate email isn’t private, it’s expected that the company can read it under certain circumstances (in most jurisdictions) and having email open in public areas of the office where colleagues might see it is expected. You can visit gmail.com on your lunch break to read personal email but every company policy (and common sense) says to not have actually private correspondence on company systems.

The amount of time spent by reception staff in sorting out such email would be less than that taken by individuals. When someone sends a spam to everyone in the company instead of 500 people each spending a couple of minutes working out whether it’s legit you have one person who’s good at recognising spam (because it’s their job) who clicks on a “remove mail from this sender from all mailboxes” button and 500 messages are deleted and the sender is blocked.

Delaying email would be a concern. It’s standard practice for CEOs (and C*Os at larger companies) to have a PA receive their email and forward the ones that need their attention. So human vetting of email can work without unreasonable delays. If we had someone checking all email for the entire company probably email to the senior people would never get noticeably delayed and while people like me would get their mail delayed on occasion people doing technical work generally don’t have notifications turned on for email because it’s a distraction and a fast response isn’t needed. There are a few senders where fast response is required, which is mostly corporations sending a “click this link within 10 minutes to confirm your password change” email. Setting up rules for all such senders that are relevant to work wouldn’t be difficult to do.

How to Solve This

Spam and Phishing became serious problems over 20 years ago and we have had 20 years of evolution of email filtering which still hasn’t solved the problem. The vast majority of email addresses in use are run by major managed service providers and they haven’t managed to filter out spam/phishing mail effectively so I think we should assume that it’s not going to be solved by filtering. There is talk about what “AI” technology might do for filtering spam/phishing but that same technology can product better crafted hostile email to avoid filters.

An additional complication for corporate email filtering is that some criteria that are used to filter personal email don’t apply to corporate mail. If someone sends email to me personally about millions of dollars then it’s obviously not legit. If someone sends email to a company then it could be legit. Companies routinely have people emailing potential clients about how their products can save millions of dollars and make purchases over a million dollars. This is not a problem that’s impossible to solve, it’s just an extra difficulty that reduces the efficiency of filters.

It seems to me that the best solution to the problem involves having all mail filtered by a human. A company could configure their mail server to not accept direct external mail for any employee’s address. Then people could email files to colleagues etc without any restriction but spam and phishing wouldn’t be a problem. The issue is how to manage inbound mail. One possibility is to have addresses of the form it+russell.coker@example.com (for me as an employee in the IT department) and you would have a team of people who would read those mailboxes and forward mail to the right people if it seemed legit. Having addresses like it+russell.coker means that all mail to the IT department would be received into folders of the same account and they could be filtered by someone with suitable security level and not require any special configuration of the mail server. So the person who read the is mailbox would have a folder named russell.coker receiving mail addressed to me. The system could be configured to automate the processing of mail from known good addresses (and even domains), so they could just put in a rule saying that when Dell sends DMARC authenticated mail to is+$USER it gets immediately directed to $USER. This is the sort of thing that can be automated in the email client (mail filtering is becoming a common feature in MUAs).

For a FOSS implementation of such things the server side of it (including extracting account data from a directory to determine which department a user is in) would be about a day’s work and then an option would be to modify a webmail program to have extra functionality for approving senders and sending change requests to the server to automatically direct future mail from the same sender. As an aside I have previously worked on a project that had a modified version of the Horde webmail system to do this sort of thing for challenge-response email and adding certain automated messages to the allow-list.

The Change

One of the first things to do is configuring the system to add every recipient of an outbound message to the allow list for receiving a reply. Having a script go through the sent-mail folders of all accounts and adding the recipients to the allow lists would be easy and catch the common cases.

But even with processing the sent mail folders going from a working system without such things to a system like this will take some time for the initial work of adding addresses to the allow lists, particularly for domain wide additions of all the sites that send password confirmation messages. You would need rules to direct inbound mail to the old addresses to the new style and then address a huge amount of mail that needs to be categorised. If you have 600 employees and the average amount of time taken on the first day is 10 minutes per user then that’s 100 hours of work, 12 work days. If you had everyone from the IT department, reception, and executive assistants working on it that would be viable. After about a week there wouldn’t be much work involved in maintaining it. Then after that it would be a net win for the company.

The Benefits

If the average employee spends one minute a day dealing with spam and phishing email then with 600 employees that’s 10 hours of wasted time per day. Effectively wasting one employee’s work! I’m sure that’s the low end of the range, 5 minutes average per day doesn’t seem unreasonable especially when people are unsure about phishing email and send it to Slack so multiple employees spend time analysing it. So you could have 5 employees being wasted by hostile email and avoiding that would take a fraction of the time of a few people adding up to less than an hour of total work per day.

Then there’s the training time for phishing mail. Instead of having every employee spend half an hour doing email security training every few months (that’s 300 hours or 7.5 working weeks every time you do it) you just train the few experts.

In addition to saving time there are significant security benefits to having experts deal with possibly hostile email. Someone who deals with a lot of phishing email is much less likely to be tricked.

Will They Do It?

They probably won’t do it any time soon. I don’t think it’s expensive enough for companies yet. Maybe government agencies already have equivalent measures in place, but for regular corporations it’s probably regarded as too difficult to change anything and the costs aren’t obvious. I have been unsuccessful in suggesting that managers spend slightly more on computer hardware to save significant amounts of worker time for 30 years.

Related posts:

  1. blocking spam There are two critical things that any anti-spam system must...
  2. Please Turn off Your Spam Protection Hi, I’d like to send an email from a small...
  3. A New Spam Trick One item on my todo list is to set up...

20 November, 2024 05:22AM by etbe

Arnaud Rebillout

Installing an older Ansible version via pipx

Latest Ansible requires Python 3.8 on the remote hosts

... and therefore, hosts running Debian Buster are now unsupported.

Monday, I updated the system on my laptop (Debian Sid), and I got the latest version of ansible-core, 2.18:

$ ansible --version | head -1
ansible [core 2.18.0]

To my surprise, Ansible started to fail with some remote hosts:

ansible-core requires a minimum of Python version 3.8. Current version: 3.7.3 (default, Mar 23 2024, 16:12:05) [GCC 8.3.0]

Yep, I do have to work with hosts running Debian Buster (aka. oldoldstable). While Buster is old, it's still out there, and it's still supported via Freexian’s Extended LTS.

How are we going to keep managing those machines? Obviously, we'll need an older version of Ansible.

Pipx to the rescue

TL;DR

pipx install --include-deps ansible==10.6.0
pipx inject ansible dnspython    # for community.general.dig

Installing Ansible via pipx

Lately I discovered pipx and it's incredibly simple, so I thought I'd give it a try for this use-case.

Reminder: pipx allows users to install Python applications in isolated environments. In other words, it doesn't make a mess with your system like pip does, and it doesn't require you to learn how to setup Python virtual environments by yourself. It doesn't ask for root privileges either, as it installs everything under ~/.local/.

First thing to know: pipx install ansible won't cut it, it doesn't install the whole Ansible suite. Instead we need to use the --include-deps flag in order to install all the Ansible commands.

The output should look something like that:

$ pipx install --include-deps ansible==10.6.0
  installed package ansible 10.6.0, installed using Python 3.12.7
  These apps are now globally available
    - ansible
    - ansible-community
    - ansible-config
    - ansible-connection
    - ansible-console
    - ansible-doc
    - ansible-galaxy
    - ansible-inventory
    - ansible-playbook
    - ansible-pull
    - ansible-test
    - ansible-vault
done! ✨ 🌟 ✨

Note: at the moment 10.6.0 is the latest release of the 10.x branch, but make sure to check https://pypi.org/project/ansible/#history and install whatever is the latest on this branch. The 11.x branch doesn't work for us, as it's the branch that comes with ansible-core 2.18, and we don't want that.

Next: do NOT run pipx ensurepath, even though pipx might suggest that. This is not needed. Instead, check your ~/.profile, it should contain these lines:

# set PATH so it includes user's private bin if it exists
if [ -d "$HOME/.local/bin" ] ; then
    PATH="$HOME/.local/bin:$PATH"
fi

Meaning: ~/.local/bin/ should already be in your path, unless it's the first time you installed a program via pipx and the directory ~/.local/bin/ was just created. If that's the case, you have to log out and log back in.

Now, let's open a new terminal and check if we're good:

$ which ansible
/home/me/.local/bin/ansible

$ ansible --version | head -1
ansible [core 2.17.6]

Yep! And that's working already, I can use Ansible with Buster hosts again.

What's cool is that we can run ansible to use this specific Ansible version, but we can also run /usr/bin/ansible to run the latest version that is installed via APT.

Injecting Python dependencies needed by collections

Quickly enough, I realized something odd, apparently the plugin community.general.dig didn't work anymore. After some research, I found a one-liner to test that:

# Works with APT-installed Ansible? Yes!
$ /usr/bin/ansible all -i localhost, -m debug -a msg="{{ lookup('dig', 'debian.org./A') }}"
localhost | SUCCESS => {
    "msg": "151.101.66.132,151.101.2.132,151.101.194.132,151.101.130.132"
}

# Works with pipx-installed Ansible? No!
$ ansible all -i localhost, -m debug -a msg="{{ lookup('dig', 'debian.org./A') }}"
localhost | FAILED! => {
  "msg": "An unhandled exception occurred while running the lookup plugin 'dig'.
  Error was a <class 'ansible.errors.AnsibleError'>, original message: The dig
  lookup requires the python 'dnspython' library and it is not installed."
}

The issue here is that we need python3-dnspython, which is installed on my system, but is not installed within the pipx virtual environment. It seems that the way to go is to inject the required dependencies in the venv, which is (again) super easy:

$ pipx inject ansible dnspython
  injected package dnspython into venv ansible
done! ✨ 🌟 ✨

Problem fixed! Of course you'll have to iterate to install other missing dependencies, depending on which Ansible external plugins are used in your playbooks.

Closing thoughts

Hopefully there's nothing left to discover and I can get back to work! If there's more quirks and rough edges, drop me an email so that I can update this blog post.

Let me also credit another useful blog post on the matter: https://unfriendlygrinch.info/posts/effortless-ansible-installation/

20 November, 2024 12:00AM by Arnaud Rebillout

November 18, 2024

hackergotchi for Dirk Eddelbuettel

Dirk Eddelbuettel

RcppArmadillo 14.2.0-1 on CRAN: New Upstream Minor

armadillo image

Armadillo is a powerful and expressive C++ template library for linear algebra and scientific computing. It aims towards a good balance between speed and ease of use, has a syntax deliberately close to Matlab, and is useful for algorithm development directly in C++, or quick conversion of research code into production environments. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 1191 other packages on CRAN, downloaded 37.2 million times (per the partial logs from the cloud mirrors of CRAN), and the CSDA paper (preprint / vignette) by Conrad and myself has been cited 603 times according to Google Scholar.

Conrad released a minor version 14.2.0 a few days ago after we spent about two weeks with several runs of reverse-dependency checks covering corner cases. After a short delay at CRAN due to a false positive on a test, a package failing tests we also failed under the previous version, and some concern over new deprecation warnings _whem using the headers directly as _e.g. mlpack R package does we are now on CRAN. I noticed a missing feature under large ‘64bit word’ (for large floating-point matrices) and added an exporter for icube going to double to support the 64-bit integer range (as we already did, of course, for vectors and matrices). Changes since the last CRAN release are summarised below.

Changes in RcppArmadillo version 14.2.0-1 (2024-11-16)

  • Upgraded to Armadillo release 14.2.0 (Smooth Caffeine)

    • Faster handling of symmetric matrices by inv() and rcond()

    • Faster handling of hermitian matrices by inv(), rcond(), cond(), pinv(), rank()

    • Added solve_opts::force_sym option to solve() to force the use of the symmetric solver

    • More efficient handling of compound expressions by solve()

  • Added exporter specialisation for icube for the ARMA_64BIT_WORD case

Courtesy of my CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the Rcpp R-Forge page.

If you like this or other open-source work I do, you can sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

18 November, 2024 10:31PM

hackergotchi for C.J. Adams-Collier

C.J. Adams-Collier

Managing HPE SAS Controllers

Notes to self. And anyone else who might find them useful. Following are some ssacli commands which I use infrequently enough that they fall out of cache. This may repeat information in other blogs, but since I search my posts first when commands slip my mind, I thought I’d include them here, too.

hpacucli is the wrong command. Use ssacli instead.

$ KR='/usr/share/keyrings/hpe.gpg'
$ for fingerprint in \
  882F7199B20F94BD7E3E690EFADD8D64B1275EA3 \
  57446EFDE098E5C934B69C7DC208ADDE26C2B797 \
  476DADAC9E647EE27453F2A3B070680A5CE2D476 ; do \
    curl "https://keyserver.ubuntu.com/pks/lookup?op=get&search=0x${fingerprint}" \
      | gpg --no-default-keyring --keyring "${KR}" --import ; \
  done
$ gpg --list-keys --no-default-keyring --keyring "${KR}" 
/usr/share/keyrings/hpe.gpg
---------------------------
pub   rsa2048 2012-12-04 [SC] [expired: 2022-12-02]
      476DADAC9E647EE27453F2A3B070680A5CE2D476
uid           [ expired] Hewlett-Packard Company RSA (HP Codesigning Service)

pub   rsa2048 2014-11-19 [SC] [expired: 2024-11-16]
      882F7199B20F94BD7E3E690EFADD8D64B1275EA3
uid           [ expired] Hewlett-Packard Company RSA (HP Codesigning Service) - 1

pub   rsa2048 2015-12-10 [SCEA] [expires: 2025-12-07]
      57446EFDE098E5C934B69C7DC208ADDE26C2B797
uid           [ unknown] Hewlett Packard Enterprise Company RSA-2048-25 
$ echo "deb [signed-by=${KR}] http://downloads.linux.hpe.com/SDR/repo/mcp bookworm/current non-free" \
  | sudo dd of=/etc/apt/sources.list.d status=none
$ sudo apt-get update
$ sudo apt-get install -y -qq ssacli > /dev/null 2>&1
$ sudo ssacli ctrl all show status

HPE Smart Array P408i-p SR Gen10 in Slot 3
   Controller Status: OK
   Cache Status: OK
   Battery/Capacitor Status: OK

$ sudo ssacli ctrl all show detail
HPE Smart Array P408i-p SR Gen10 in Slot 3
   Bus Interface: PCI
   Slot: 3
   Serial Number: PFJHD0ARCCR1QM
   RAID 6 Status: Enabled
   Controller Status: OK
   Hardware Revision: B
   Firmware Version: 2.65
   Firmware Supports Online Firmware Activation: True
   Driver Supports Online Firmware Activation: True
   Rebuild Priority: High
   Expand Priority: Medium
   Surface Scan Delay: 3 secs
   Surface Scan Mode: Idle
   Parallel Surface Scan Supported: Yes
   Current Parallel Surface Scan Count: 1
   Max Parallel Surface Scan Count: 16
   Queue Depth: Automatic
   Monitor and Performance Delay: 60  min
   Elevator Sort: Enabled
   Degraded Performance Optimization: Disabled
   Inconsistency Repair Policy: Disabled
   Write Cache Bypass Threshold Size: 1040 KiB
   Wait for Cache Room: Disabled
   Surface Analysis Inconsistency Notification: Disabled
   Post Prompt Timeout: 15 secs
   Cache Board Present: True
   Cache Status: OK
   Cache Ratio: 10% Read / 90% Write
   Configured Drive Write Cache Policy: Disable
   Unconfigured Drive Write Cache Policy: Default
   Total Cache Size: 2.0
   Total Cache Memory Available: 1.8
   Battery Backed Cache Size: 1.8
   No-Battery Write Cache: Disabled
   SSD Caching RAID5 WriteBack Enabled: True
   SSD Caching Version: 2
   Cache Backup Power Source: Batteries
   Battery/Capacitor Count: 1
   Battery/Capacitor Status: OK
   SATA NCQ Supported: True
   Spare Activation Mode: Activate on physical drive failure (default)
   Controller Temperature (C): 53
   Cache Module Temperature (C): 43
   Capacitor Temperature  (C): 40
   Number of Ports: 2 Internal only
   Encryption: Not Set
   Express Local Encryption: False
   Driver Name: smartpqi
   Driver Version: Linux 2.1.18-045
   PCI Address (Domain:Bus:Device.Function): 0000:11:00.0
   Negotiated PCIe Data Rate: PCIe 3.0 x8 (7880 MB/s)
   Controller Mode: Mixed
   Port Max Phy Rate Limiting Supported: False
   Latency Scheduler Setting: Disabled
   Current Power Mode: MaxPerformance
   Survival Mode: Enabled
   Host Serial Number: 2M20040D1Q
   Sanitize Erase Supported: True
   Sanitize Lock: None
   Sensor ID: 0
      Location: Capacitor
      Current Value (C): 40
      Max Value Since Power On: 42
   Sensor ID: 1
      Location: ASIC
      Current Value (C): 53
      Max Value Since Power On: 55
   Sensor ID: 2
      Location: Unknown
      Current Value (C): 43
      Max Value Since Power On: 45
   Sensor ID: 3
      Location: Cache
      Current Value (C): 43
      Max Value Since Power On: 44
   Primary Boot Volume: None
   Secondary Boot Volume: None

$ sudo ssacli ctrl all show config

HPE Smart Array P408i-p SR Gen10 in Slot 3  (sn: PFJHD0ARCCR1QM)



   Internal Drive Cage at Port 1I, Box 2, OK



   Internal Drive Cage at Port 2I, Box 2, OK


   Port Name: 1I (Mixed)

   Port Name: 2I (Mixed)

   Array A (SAS, Unused Space: 0  MB)

      logicaldrive 1 (1.64 TB, RAID 6, OK)

      physicaldrive 1I:2:1 (port 1I:box 2:bay 1, SAS HDD, 300 GB, OK)
      physicaldrive 1I:2:2 (port 1I:box 2:bay 2, SAS HDD, 1.2 TB, OK)
      physicaldrive 1I:2:3 (port 1I:box 2:bay 3, SAS HDD, 300 GB, OK)
      physicaldrive 1I:2:4 (port 1I:box 2:bay 4, SAS HDD, 1.2 TB, OK)
      physicaldrive 2I:2:5 (port 2I:box 2:bay 5, SAS HDD, 300 GB, OK)
      physicaldrive 2I:2:6 (port 2I:box 2:bay 6, SAS HDD, 300 GB, OK)
      physicaldrive 2I:2:7 (port 2I:box 2:bay 7, SAS HDD, 1.2 TB, OK)
      physicaldrive 2I:2:8 (port 2I:box 2:bay 8, SAS HDD, 1.2 TB, OK)

   SEP (Vendor ID HPE, Model Smart Adapter) 379  (WWID: 51402EC013705E88, Port: Unknown)

$ sudo ssacli ctrl slot=3 pd 2I:2:7 show detail

HPE Smart Array P408i-p SR Gen10 in Slot 3

   Array A

      physicaldrive 2I:2:7
         Port: 2I
         Box: 2
         Bay: 7
         Status: OK
         Drive Type: Data Drive
         Interface Type: SAS
         Size: 1.2 TB
         Drive exposed to OS: False
         Logical/Physical Block Size: 512/512
         Rotational Speed: 10000
         Firmware Revision: U850
         Serial Number: KZGN1BDE
         WWID: 5000CCA01D247239
         Model: HGST    HUC101212CSS600
         Current Temperature (C): 46
         Maximum Temperature (C): 51
         PHY Count: 2
         PHY Transfer Rate: 6.0Gbps, Unknown
         PHY Physical Link Rate: 6.0Gbps, Unknown
         PHY Maximum Link Rate: 6.0Gbps, 6.0Gbps
         Drive Authentication Status: OK
         Carrier Application Version: 11
         Carrier Bootloader Version: 6
         Sanitize Erase Supported: False
         Shingled Magnetic Recording Support: None
         Drive Unique ID: 5000CCA01D247238

18 November, 2024 07:21PM by C.J. Collier

hackergotchi for Philipp Kern

Philipp Kern

debian.org now supports Security Key-backed SSH keys

debian.org's infrastructure now supports using Security Key-backed SSH keys. DDs (and guests) can use the mail gateway to add SSH keys of the types sk-ecdsa-sha2-nistp256@openssh.com and sk-ssh-ed25519@openssh.com to their LDAP accounts.

This was done in support of hardening our infrastructure: Hopefully we can require these hardware-backed keys for sensitive machines in the future, to have some assertion that it is a human that is connecting to them.

As some of us shell to machines a little too often, I also wrote a small SSH CA that issues short-lived certificates (documentation). It requires the user to login via SSH using an SK-backed key and then issues a certificate that is valid for less than a day. For cases where you need to frequently shell to a machine or to a lot of machines at once that should be a nice compromise of usability vs. security.

The capabilities of various keys differ a lot and it is not always easy to determine what feature set they support. Generally SK-backed keys work with FIDO U2F keys, if you use the ecdsa key type. Resident keys (i.e. keys stored on the token, to be used from multiple devices) require FIDO2-compatible keys. no-touch-required is its own maze, e.g. the flag is not properly restored today when pulling the public key from a resident key. The latter is also one reason for writing my own CA.

SomeoneTM should write up a matrix on what is supported where and how. In the meantime it is probably easiest to generate an ed25519 key - or if that does not work an ecdsa key - and make a backup copy of the resulting on-disk key file. And copy that around to other devices (or OSes) that require access to the key.

18 November, 2024 04:43PM by Philipp Kern (noreply@blogger.com)

Russ Allbery

Review: Delilah Green Doesn't Care

Review: Delilah Green Doesn't Care, by Ashley Herring Blake

Series: Bright Falls #1
Publisher: Jove
Copyright: February 2022
ISBN: 0-593-33641-0
Format: Kindle
Pages: 374

Delilah Green Doesn't Care is a sapphic romance novel. It's the first of a trilogy, although in the normal romance series fashion each book follows a different protagonist and has its own happy ending. It is apparently classified as romantic comedy, which did not occur to me while reading but which I suppose I can see in retrospect.

Delilah Green got the hell out of Bright Falls as soon as she could and tried not to look back. After her father died, her step-mother lavished all of her perfectionist attention on her overachiever step-sister, leaving Delilah feeling like an unwanted ghost. She escaped to New York where there was space for a queer woman with an acerbic personality and a burgeoning career in photography. Her estranged step-sister's upcoming wedding was not a good enough reason to return to the stifling small town of her childhood. The pay for photographing the wedding was, since it amounted to three months of rent and trying to sell photographs in galleries was not exactly a steady living. So back to Bright Falls Delilah goes.

Claire never left Bright Falls. She got pregnant young and ended up with a different life than she expected, although not a bad one. Now she's raising her daughter as a single mom, running the town bookstore, and dealing with her unreliable ex. She and Iris are Astrid Parker's best friends and have been since fifth grade, which means she wants to be happy for Astrid's upcoming wedding. There's only one problem: the groom. He's a controlling, boorish ass, but worse, Astrid seems to turn into a different person around him. Someone Claire doesn't like.

Then, to make life even more complicated, Claire tries to pick up Astrid's estranged step-sister in Bright Falls's bar without recognizing her.

I have a lot of things to say about this novel, but here's the core of my review: I started this book at 4pm on a Saturday because I hadn't read anything so far that day and wanted to at least start a book. I finished it at 11pm, having blown off everything else I had intended to do that evening, completely unable to put it down.

It turns out there is a specific type of romance novel protagonist that I absolutely adore: the sarcastic, confident, no-bullshit character who is willing to pick the fights and say the things that the other overly polite and anxious characters aren't able to get out. Astrid does not react well to criticism, for reasons that are far more complicated than it may first appear, and Claire and Iris have been dancing around the obvious problems with her surprise engagement. As the title says, Delilah thinks she doesn't care: she's here to do a job and get out, and maybe she'll get to tweak her annoying step-sister a bit in the process. But that also means that she is unwilling to play along with Astrid's obsessively controlling mother or her obnoxious fiance, and thus, to the barely disguised glee of Claire and Iris, is a direct threat to the tidy life that Astrid's mother is trying to shoehorn her daughter into.

This book is a great example of why I prefer sapphic romances: I think this character setup would not work, at least for me, in a heterosexual romance. Delilah's role only works if she's a woman; if a male character were the sarcastic conversational bulldozer, it would be almost impossible to avoid falling into the gender stereotype of a male rescuer. If this were a heterosexual romance trying to avoid that trap, the long-time friend who doesn't know how to directly confront Astrid would have to be the male protagonist. That could work, but it would be a tricky book to write without turning it into a story focused primarily on the subversion of gender roles. Making both protagonists women dodges the problem entirely and gives them so much narrative and conceptual space to simply be themselves, rather than characters obscured by the shadows of societal gender rules.

This is also, at it's core, a book about friendship. Claire, Astrid, and Iris have the sort of close-knit friend group that looks exclusive and unapproachable from the outside. Delilah was the stereotypical outsider, mocked and excluded when they thought of her at all. This, at least, is how the dynamics look at the start of the book, but Blake did an impressive job of shifting my understanding of those relationships without changing their essential nature. She fleshes out all of the characters, not just the romantic leads, and adds complexity, nuance, and perspective. And, yes, past misunderstanding, but it's mostly not the cheap sort that sometimes drives romance plots. It's the misunderstanding rooted in remembered teenage social dynamics, the sort of misunderstanding that happens because communication is incredibly difficult, even more difficult when one has no practice or life experience, and requires knowing oneself well enough to even know what to communicate.

The encounter between Delilah and Claire in the bar near the start of the book is cornerstone of the plot, but the moment that grabbed me and pulled me in was Delilah's first interaction with Claire's daughter Ruby. That was the point when I knew these were characters I could trust, and Blake never let me down. I love how Ruby is handled throughout this book, with all of the messy complexity of a kid of divorced parents with her own life and her own personality and complicated relationships with both parents that are independent of the relationship their parents have with each other.

This is not a perfect book. There's one prank scene that I thought was excessively juvenile and should have been counter-productive, and there's one tricky question of (nonsexual) consent that the book raises and then later seems to ignore in a way that bugged me after I finished it. There is a third-act breakup, which is not my favorite plot structure, but I think Blake handles it reasonably well. I would probably find more niggles and nitpicks if I re-read it more slowly. But it was utterly engrossing reading that exactly matched my mood the day that I picked it up, and that was a fantastic reading experience.

I'm not much of a romance reader and am not the traditional audience for sapphic romance, so I'm probably not the person you should be looking to for recommendations, but this is the sort of book that got me to immediately buy all of the sequels and start thinking about a re-read. It's also the sort of book that dragged me back in for several chapters when I was fact-checking bits of my review. Take that recommendation for whatever it's worth.

Content note: Reviews of Delilah Green Doesn't Care tend to call it steamy or spicy. I have no calibration for this for romance novels. I did not find it very sex-focused (I have read genre fantasy novels with more sex), but there are several on-page sex scenes if that's something you care about one way or the other.

Followed by Astrid Parker Doesn't Fail.

Rating: 9 out of 10

18 November, 2024 04:20AM

Software Freedom Institute

November 14, 2024

Reproducible Builds

Reproducible Builds mourns the passing of Lunar

The Reproducible Builds community sadly announces it has lost its founding member.

Jérémy Bobbio aka ‘Lunar’ passed away on Friday November 8th in palliative care in Rennes, France.

Lunar was instrumental in starting the Reproducible Builds project in 2013 as a loose initiative within the Debian project. Many of our earliest status reports were written by him and many of our key tools in use today are based on his design.

Lunar was a resolute opponent of surveillance and censorship, and he possessed an unwavering energy that fueled his work on Reproducible Builds and Tor. Without Lunar’s far-sightedness, drive and commitment to enabling teams around him, Reproducible Builds and free software security would not be in the position it is in today. His contributions will not be forgotten, and his high standards and drive will continue to serve as an inspiration to us as well as for the other high-impact projects he was involved in.

Lunar’s creativity, insight and kindness were often noted. He will be greatly missed.


Other tributes:

14 November, 2024 03:00PM

Swiss JuristGate

Edouard Bolleter & PME Magazine news report reads like paid advertising

A news report by Edouard Bolleter of PME Magazine.

He has written a news report that feels like a paid advertisement.

He wrote "a legal services insurance unlimited for the private individuals and the small businesses" and later on "We are the only insurer to accept businesses marked like a risk, those who are most frequently rejected by the legal expenses insurance market".

Monsieur Bolleter does not ask any difficult questions. The journalists in Switzerland are afraid of criminal prosecution/persecution for writing any inconvenient truths.

If it seems to good to be true, it probably is.

The law office who wants to democratize the law

No, jurists are not only for big companies! The proof is Real-Protect, an unlimited legal services insurance for the private individuals and small businesses.

Edouard Bolleter, 20.07.2018

Mathieu Parreaux, employee and co-founder of the law office Parreaux, Thiébaud & Partners, launched Real-Protect, whose terribly democratic concept and startup spirit should appeal to the bosses of French-speaking SMEs. The young company offers unlimited legal protection for individuals and businesses. The firm is made up of general lawyers (more than 10 people) and works with a network of partner lawyers registered with the Geneva, Vaud, Valais, Fribourg and Neuchâtel Bars. Real-Protect already has 450 clients with rates starting at 24.90 francs per month.

75% of clients are small businesses

Originality of the approach: any client can receive legal advice, orally or in writing, and without limits. “We are the only ones to accept companies labeled as being at risk, which are most often rejected by legal protection insurers on the market. These are primarily companies active in real estate. Paradoxically, we are also the only legal protection to enter into the matter when it comes to attacking the opposing party. These different points allow us to welcome everyone,” defends Mathieu Parreaux.

In addition to legal protection, the firm meets the tailor-made needs of SMEs, which represent 75% of its clientele. “Starting a business requires funds and 99% of SMEs start their business without contracts or general conditions, or with models taken from the internet, which is extremely dangerous. Whether they are partnerships or capital companies, we structure our prices according to their budget in order to allow them to build solid legal positions from the start,” explains Mathieu Parreaux.

The service is indeed targeted at SMEs with corporate law, contract law, tax law or prosecution law. “Our entire legal apparatus is built to support SMEs from A to Z, advising them on their structure, drafting their contracts, general conditions, etc. And also for more specific questions, in the event of a merger, acquisition, or transformation of companies,” concludes the lawyer.

14 November, 2024 02:00PM

Edouard Bolleter & PME Magazine news report reads like paid advertising

A news report by Edouard Bolleter of PME Magazine.

He has written a news report that feels like a paid advertisement.

He wrote "a legal services insurance unlimited for the private individuals and the small businesses" and later on "We are the only insurer to accept businesses marked like a risk, those who are most frequently rejected by the legal expenses insurance market".

Monsieur Bolleter does not ask any difficult questions. The journalists in Switzerland are afraid of criminal prosecution/persecution for writing any inconvenient truths.

If it seems to good to be true, it probably is.

The law office who wants to democratize the law

No, jurists are not only for big companies! The proof is Real-Protect, an unlimited legal services insurance for the private individuals and small businesses.

Edouard Bolleter, 20.07.2018

Mathieu Parreaux, employee and co-founder of the law office Parreaux, Thiébaud & Partners, launched Real-Protect, whose terribly democratic concept and startup spirit should appeal to the bosses of French-speaking SMEs. The young company offers unlimited legal protection for individuals and businesses. The firm is made up of general lawyers (more than 10 people) and works with a network of partner lawyers registered with the Geneva, Vaud, Valais, Fribourg and Neuchâtel Bars. Real-Protect already has 450 clients with rates starting at 24.90 francs per month.

75% of clients are small businesses

Originality of the approach: any client can receive legal advice, orally or in writing, and without limits. “We are the only ones to accept companies labeled as being at risk, which are most often rejected by legal protection insurers on the market. These are primarily companies active in real estate. Paradoxically, we are also the only legal protection to enter into the matter when it comes to attacking the opposing party. These different points allow us to welcome everyone,” defends Mathieu Parreaux.

In addition to legal protection, the firm meets the tailor-made needs of SMEs, which represent 75% of its clientele. “Starting a business requires funds and 99% of SMEs start their business without contracts or general conditions, or with models taken from the internet, which is extremely dangerous. Whether they are partnerships or capital companies, we structure our prices according to their budget in order to allow them to build solid legal positions from the start,” explains Mathieu Parreaux.

The service is indeed targeted at SMEs with corporate law, contract law, tax law or prosecution law. “Our entire legal apparatus is built to support SMEs from A to Z, advising them on their structure, drafting their contracts, general conditions, etc. And also for more specific questions, in the event of a merger, acquisition, or transformation of companies,” concludes the lawyer.

14 November, 2024 02:00PM

Stefano Zacchiroli

In memory of Lunar

In memory of Lunar

I've had the incredible fortune to share the geek path of Lunar through life on multiple occasions. First, in Debian, beginning some 15+ years ago, where we were fellow developers and participated in many DebConf editions together.

Then, on the deontology committee of Nos Oignons, a non-profit organization initiated by Lunar to operate Tor relays in France. This was with the goal of diversifying relay operators and increasing access to censorship-resistance technology for everyone in the world. It was something truly innovative and unheard of at the time in France.

Later, as a member of the steering committee of Reproducible Builds, a project that Lunar brought to widespread geek popularity with a seminal "Birds of a Feather" session at DebConf13 (and then many other talks with fellow members of the project in the years to come). A decade later, Reproducible Builds is having a major impact throughout the software industry, primarily due to growing fears about the security of the software supply chain.

Finally, we had the opportunity to recruit Lunar a couple of years ago at Software Heritage, where he insisted on working until he was able to, as part of a team he loved, and that loved him back. In addition to his numerous technical contributions to the initiative, he also facilitated our first ever multi-day team seminar. The event was so successful that it has been confirmed as a long-awaited yearly recurrence by all team members.

I fondly remember one of the last conversations I had with Lunar, a few months ago, when he told me how proud he was not only of having started Nos Oignons and contributed to the ignition of Reproducible Builds, but specifically about the fact that both initiatives were now thriving without being dependent on him. He was likely thinking about a future world without him, but also realizing how impactful his activism had been on the past and present world.

Lunar changed the world for the better and left behind a trail of love and fond memories.

Che la terra ti sia lieve, compagno.

--- Zack

14 November, 2024 01:56PM

November 13, 2024

Russell Coker

Modern Sleep

Julius wrote an insightful blog post about the “modern sleep” issue with Windows [1]. Basically Microsoft decided that the right way to run laptops is to never entirely sleep, which uses more battery but gives better options for waking up and doing things. I agree with Microsoft in concept and this is something that is a problem that can be solved. A phone can run for 24+ hours without ever fully sleeping, a laptop has a more power hungry CPU and peripherals but also has a much larger battery so it should be able to do the same. Some of the reviews for Snapdragon Windows laptops claim up to 22 hours of actual work without charging! So having suspend not really stop the system should be fine.

The ability of a phone to never fully sleep is a change in quality of the usage experience, it means that you can access it and immediately have it respond and it means that all manner of services can be checked for new updates which may require a notification to the user. The XMPP protocol (AKA Jabber) was invented in 1999 which was before laptops were common and Instant Message systems were common long before then. But using Jabber or another IM system on a desktop was a very different experience to using it on a laptop and using it on a phone is different again. The “modern sleep” allows laptops to act like phones in regard to such messaging services. Currently I have Matrix IM clients running on my Android phone and Linux laptop, if I get a notification that takes much typing for a response then I get out my laptop to respond. If I had an ARM based laptop that never fully shut down I would have much less need for Matrix on a phone.

Making “modern sleep” popular will lead to more development of OS software to work with it. For Linux this will hopefully mean that regular Linux distributions (as opposed to Android which while running a Linux kernel is very different to Debian etc) get better support for such things and therefore become more usable on phones. Debian on a Librem 5 or PinePhonePro isn’t very usable due to battery life issues.

A laptop with an LTE card can be used for full mobile phone functionality. With “modern sleep” this is a viable option. I am tempted to make a laptop with LTE card and bluetooth headset a replacement for my phone. Some people will say “what if someone tries to call you when it’s not convenient to have your laptop with you”, my response is “what if people learn to not expect me to answer the phone at any time as they managed that in the 90s”. Seriously SMS or Matrix me if you want an instant response and if you want a long chat schedule it via SMS or Matrix.

Dell has some useful advice about how to use their laptops (and probably most laptops from recent times) in this regard [2]. You can’t close the lid before unplugging the power cable you have to unplug first and then close. You shouldn’t put a laptop in a sealed bag for travel either. This is a terrible situation, you can put a tablet in a bag and don’t need to take any special precautions when unplugging and laptops should work the same. The end result of what Microsoft, Dell, Intel, and others are doing will be good but they are making some silly design choices along the way! I blame Intel mostly for selling laptop CPUs with TDPs >40W!

For an amusing take on this Linus Tech Tips has a video about being forced to use MacBooks by Microsoft’s implementation of Modern Sleep [3].

I’ll try out some ARM laptops in the near future and blog about how well they work on Debian.

Related posts:

  1. Modern Laptops Suck One of the reasons why I’m moving from a laptop...
  2. Cooling a Thinkpad Late last year I wrote about the way that modern...
  3. Cheap Laptops for Children I was recently browsing an electronics store and noticed some...

13 November, 2024 10:10AM by etbe

Nazi.Compare

Alexander Wirt (formorer), Wayward people & Debian censorship

Every few days somebody asks me what was the wayward word or comment that snowballed into Debian's $120,000 legal bills.

We know that in the case of Dr Norbert Preining, he was punished for using the word "it" as a pronoun for a person. Dr Preining's native language is not English and he doesn't live in a country where English has a significant role.

Back in the day, the German administration we came to know as Nazis was obsessed with both censorship and the micro-managing of language. Even in choosing a word for journalists ( schriftleiter) they were very conscious of the implications of the word that they chose.

When we talk about the Nazis in English, sometimes we use the original German word and sometimes we use an English word. For example, the Germans used the phrase Endlösung der Judenfrage and in English we translate it as Final Solution to the Jewish question. There was no "question" (fragen) as such, the phrase simply obfuscates the reference to genocide.

Alexander Wirt (formorer), an employee of NetApp, is one of the Debian mailing list censors. His role could be thought of like those journalists and newspaper editors who agreed to become trained and registered as good schriftleiter.

The word wayward is used in various contexts. For example, in an article about the racist Utopia, they tell us who would be exterminated and it wasn't just the Jews and gypsies:

These included, on the one hand, members of their own 'Aryan race' who they considered weak or wayward (such as the 'congenitally sick', the 'asocial', and homosexuals), and on the other those who were defined as belonging to 'foreign races'.

The word wayward is a very general adjective that can be used in many contexts. For example, it has also been used to describe people who are ethnically Jewish but don't identify as such:

Wayward Jews, God-fearing Gentiles, or Curious Pagans? Jewish Normativity and the Sambathions

... At stake was whether these people were Jews and the ways in which diaspora Jews and their host communities influenced one another ...

Back in the day, it looks like being wayward, whether Jewish or LGBT, would attract undue attention from the state.

Now, in some groups like Debian, it appears the LGBT agitators have taken things to the opposite extreme. Even referring to a wayward horse that I saw escaping last week would get me in trouble, just as this reference to wayward communication caused a knee-jerk fascist reaction from Debian censorship.

Is there some secret list of words that we are not allowed to use any more? When I heard about the defamation of Sonny Piers by GNOME fascism and their refusal to tell us why they attacked him, I wondered if it was something trivial like this, did Sony use a word like "it" or "wayward" without permission?

When a family, workplace or community works like this, where people are attacked for things they had no way to anticipate, we use the metaphor that you feel like you are walking on eggshells. Metaphors have been banned too.

Subject: Re: Your attitude on debian mailinglists
Date: Sat, 29 Dec 2018 14:59:04 +0100
From: Alexander Wirt <formorer@formorer.de>
To: Daniel Pocock <daniel@pocock.pro>
CC: listmaster@lists.debian.org

[ ... snip various iterations of threats and blackmail ... ]

> Hi Alex,
> 
> Please tell me which email and which insults you are referring to
<5c987a44-b6c6-ce21-020c-9402940f2fde@pocock.pro>

That is exactly that type of mail I was talking about. Starting with the subject and continueing with the body. 
I don't want to get too much into details, but phrases like
"sustained this state of hostility" or "wayward" are not acceptable.
Especially since I asked you to cool down and step back a bit. 
Alex

Alexander wants to create a fake community where everybody pretends to be happy all the time, even when we are targeted with insults, threats, plagiarism and other offences by the people who think they are holier-than-thou.

13 November, 2024 09:00AM