Language Selection

English French German Italian Portuguese Spanish

Planet Debian

Syndicate content
Planet Debian - https://planet.debian.org/
Updated: 2 hours 20 min ago

Holger Levsen: 20200803-debconf5

Monday 3rd of August 2020 10:13:34 PM
DebConf5

This tshirt is 15 years old and from DebConf5. It still looks quite nice!

DebConf5 was my 3rd DebConf and took place in Helsinki, or rather Espoo, in Finland.

This was one of my most favorite DebConfs (though I basically loved them all) and I'm not really sure why, I guess it's because of the kind of community at the event. We stayed in some future dorms of the universtity, which were to be first used by some European athletics chamopionship and which we could use even before that, guests zero. Being in Finland there were of course saunas in the dorms, which we frequently used and greatly enjoyed. Still, one day we had to go on a trip to another sauna in the forest, because of course you cannot visit Finland and only see one sauna. Or at least, you should not.

Another aspect which increased community bonding was that we had to authenticate using 802.10 (IIRC, please correct me) which was an authentication standard mostly used for wireless but which also works for wired ethernet, except that not many had used it on Linux before. Thus quite some related bugs were fixed in the first days of DebCamp...

Then my powerpc ibook also decided to go bad, so I had to remove 30 screws to get the harddrive out and 30 screws back in, to not have 30 screws laying around for a week. Then I put the harddrive into a spare (x86) laptop and only used my /home partition and was very happy this worked nicely. And then, for travelling back, I had to unscrew and screw 30 times again. (I think my first attempt took 1.5h and the fourth only 45min or so Back home then I bought a laptop where one could remove the harddrive using one screw.

Oh, and then I was foolish during the DebConf5 preparations and said, that I could imagine setting up a team and doing video recordings, as previous DebConfs mostly didn't have recordings and the one that had, didn't have releases of them...

And so we did videos. And as we were mostly inexperienced we did them the hard way: during the day we recorded on tape and then when the talks were done, we used a postprocessing tool called 'cinelerra' and edited them. And because Eric Evans was on the team and because Eric worked every night almost all night, all nights, we managed to actually release them all when DebConf5 was over. I very well remember many many (23 or 42) Debian people cleaning the dorms thoroughly (as they were brand new..) and Eric just sitting somewhere, exhausted and watching the cleaners. And everybody was happy Eric was idling there, cause we knew why. In the aftermath of DebConf5 Ben Hutchings then wrote videolink (removed from sid in 2013) which we used to create video DVDs of our recordings based on a simple html file with links to the actual videos.

There were many more memorable events. The boat ride was great. A pirate flag appeared. One night people played guitar until very late (or rather early) close to the dorms, so at about 3 AM someone complained about it, not in person, but on the debian-devel mailinglist. And those drunk people playing guitar, replied immediatly on the mailinglist. And then someone from the guitar group gave a talk, at 9 AM, and the video is online... (It's a very slowwwwwww talk.)

If you haven't been to or close to the polar circles it's almost impossible to anticipate how life is in summer there. It get's a bit darker after midnight or rather after 1 AM and then at 3 AM it get's light again, so it's reaaaaaaally easy to miss the night once and it's absolutly not hard to miss the night for several nights in a row. And then I shared a room with 3 people who all snore quite loud...

There was more. I was lucky to witness the first (or second?) cheese and whine party which at that time took place in a dorm room with, dunno 10 people and maybe 15 kinds of cheese. And, of course, I met many wonderful people there, to mention a few I'll say Jesus, I mean mooch or data, Amaya and p2. And thanks to some bad luck which turned well, I also had my first time ever Sushi in Helsinki.

And and and. DebConfs are soooooooo good! I'll stop here as I originally planned to only write a paragraph or two about each and there are quite some to be written!

Oh, and as we all learned, there are probably no mosquitos in Helsinki, just in Espoo. And you can swim naked through a lake and catch a taxi on the other site, with no clothes and no money, no big deal. (And you might not believe it, but that wasn't me. I cannot swim that well.)

Giovanni Mascellani: Bye bye Python 2!

Monday 3rd of August 2020 07:00:00 PM

And so, today, while I was browsing updates for my Debian unstable laptop, I noticed that aptitude wouldn't automatically upgrade python2 and related packages (I don't know why, and at this point don't care). So I decided to dare: I removed the python2 package to see what the dependency solver would have proposed me. It turned out that there was basically nothing I couldn't live without.

So, bye bye Python 2. It was a long ride and I loved programming with you. But now it's the turn of your younger brother.

$ python bash: python: comando non trovato

(guess what "comando non trovato" means?)

And thanks to all those who made this possible!

Sylvain Beucler: Debian LTS and ELTS - July 2020

Monday 3rd of August 2020 01:52:10 PM

Here is my transparent report for my work on the Debian Long Term Support (LTS) and Debian Extended Long Term Support (ELTS), which extend the security support for past Debian releases, as a paid contributor.

In July, the monthly sponsored hours were split evenly among contributors depending on their max availability - I was assigned 25.25h for LTS (out of 30 max; all done) and 13.25h for ELTS (out of 20 max; all done).

We shifted suites: welcome Stretch LTS and Jessie ELTS. The LTS->ELTS switch happened at the start of the month, but the oldstable->LTS switch happened later (after finalizing and flushing proposed-updates to a last point release), causing some confusion but nothing major.

ELTS - Jessie

  • New local build setup
  • ELTS buildds: request timezone harmonization
  • Reclassify in-progress updates from jessie-LTS to jessie-ELTS
  • python3.4: finish preparing update, security upload ELA 239-1
  • net-snmp: global triage: bisect CVE-2019-20892 to identify affected version, jessie/stretch not-affected
  • nginx: global triage: clarify CVE-2013-0337 status; locate CVE-2020-11724 original patch and regression tests, update MITRE
  • nginx: security upload ELA-247-1 with 2 CVEs

LTS - Stretch

  • Reclassify in-progress/needed updates from stretch/oldstable to stretch-LTS
  • rails: upstream security: follow-up on CVE-2020-8163 (RCE) on upstream bug tracker and create pull request for 4.x (merged), hence getting some upstream review
  • rails: global security: continue coordinating upload in multiple Debian versions, prepare fixes for common stretch/buster vulnerabilities in buster
  • rails: security upload DLA-2282 fixing 3 CVEs
  • python3.5: security upload DLA-2280-1 fixing 13 pending non-critical vulnerabilities, and its test suite
  • nginx: security upload DLA-2283 (cf. common ELTS work)
  • net-snmp: global triage (cf. common ELTS work)
  • public IRC monthly team meeting
  • reach out to clarify the intro from last month's report, following unsettled feedback during meeting

Documentation/Scripts

  • ELTS/README.how-to-release-an-update: fix typo
  • ELTS buildd: attempt to diagnose slow perfs, provide comparison with Debian and local builds
  • LTS/Meetings: improve presentation
  • SourceOnlyUpload: clarify/de-dup pbuilder doc
  • LTS/Development: reference build logs URL, reference proposed-updates issue during dists switch, reference new-upstream-versioning discussion, multiple jessie->stretch fixes and clean-ups
  • LTS/Development/Asan: drop wheezy documentation
  • Warn about jruby mis-triage
  • Provide feedback for ksh/CVE-2019-14868
  • Provide feedback for condor update
  • LTS/TestsSuites/nginx: test with new request smuggling test cases

Enrico Zini: Toxic positivity links

Sunday 2nd of August 2020 10:00:00 PM
The Oppression of the Positivity Movement politics privilege archive.org 2020-08-03 “That which we do not bring to consciousness appears in our lives as fate.” — Carl Jung The Tyrannical Culture of Positivity health privilege archive.org 2020-08-03 Emotional support of others can take the form of surface-level consolation. But compassion means being willing to listen and feel, even when it's uncomfortable. How Positive Thinking Can Do More Harm Than Good health privilege archive.org 2020-08-03 Ultimately, the driving force behind the “power of positive thinking” meme is the word “power.” But what about those whose bodies are not powerful? What about those who are vulnerable? What about those who are tired, isolated, and struggling? What about those who are ill? What about those who lack Toxic Positivity - Tanglaw Mental Health — hindsight is so 2020 health privilege archive.org 2020-08-03 I have often been dismissive or unhelpful when someone close to me was dealing with painful circumstances, having learned to “accentuate the positive.” In the more recent past, I have recognized these behavioral patterns as part of what some mental health professionals term, “toxic positivity.” Toxic Positivity: The Dark Side of Positive Vibes health privilege archive.org 2020-08-03 Toxic positivity is the overgeneralization of a happy, optimistic state resulting in the denial & invalidation of the authentic human emotional experience.

Holger Levsen: 20200802-debconf4

Sunday 2nd of August 2020 05:40:54 PM
DebConf4

This tshirt is 16 years old and from DebConf4. Again, I should probably wash it at 60 celcius for once...

DebConf4 was my 2nd DebConf and took place in Porto Alegre, Brasil.

Like many DebConfs, it was a great opportunity to meet people: I remember sitting in the lobby of the venue and some guy asked me what I did in Debian and I told him about my little involvements and then asked him what he was doing, and he told me he wanted to become involved in Debian again, after getting distracted away. His name was Ian Murdock...

DebConf4 also had a very cool history session in the hallway track (IIRC, but see below) with Bdale Garbee, Ian Jackson and Ian Murdock and with a young student named Biella Coleman busy writing notes.

That same hallway also saw the kickoff meeting of the Debian Women project, though sadly today http://tinc.debian.net ("there's no cabal") only shows an apache placeholder page and not a picture of that meeting.

DebCon4 was also the first time I got a bit involved in preparing DebConf, together with Jonas Smedegaard I've set up some computers there, using FAI. I had no idea that this was the start of me contributing to DebConfs for text ten years.

And of course I also saw some talks, including one which I really liked, which then in turn made me notice there were no people doing video recordings, which then lead to something...

I missed the group picture of this one. I guess it's important to me to mention it because I've met very wonderful people at this DebConf... (some mentioned in this post, some not. You know who you are!)

Afterwards some people stayed in Porto Alegre for FISL, where we saw Lawrence Lessing present Creative Commons to the world for the first time. On the flight back I sat next to a very friendly guy from Poland and we talked almost the whole flight and then we never saw each other again, until 15 years later in Asia...

Oh, and then, after DebConf4, I used IRC for the first time. And stayed in the #debconf4 IRC channel for quite some years

Finally, DebConf4 and more importantly FISL, which was really big (5000 people?) and after that, the wizard of OS conference in Berlin (which had a very nice talk about Linux in different places in the world, illustrating the different states of 'first they ignore you, then they laugh at you, then they fight you, then you win'), made me quit my job at a company supporting Windows- and Linux-setups as I realized I'd better start freelancing with Linux-only jobs. So, once again, my life would have been different if I would not have attended these events!

Note: yesterdays post about DebConf3 was thankfully corrected twice. This might well happen to this post too!

Enrico Zini: Libreoffice presentation tips

Sunday 2nd of August 2020 01:00:00 PM
Snap guides

Dragging from the rulers does not always create snap guides. If it doesn't, click on the slide background, "Snap guides", "Insert snap guide". In my case, after the first snap guide was manually inserted, it was possible to drag new one from the rulers.

Master slides How to edit a master slide
  • Show master slides side pane
  • Right click on master slide
  • Edit Master...
  • An icon appears in the toolbar: "Close Master View"
  • Apply to all slides might not apply to the first slide created as the document was opened
Change styles in master slide

Do not change properties of text by selecting placeholder text in the Master View. Instead, open the Styles and formatting sidebar, and edit the styles in there.

This means the style changes are applied to pages in all layouts, not just the "Title, Content" layout that is the only one editable in the "Master View".

How to duplicate a master slide

There seems to be no feature implemented for this, but you can do it, if you insist:

  • Save a copy of the document
  • Rename the master slide
  • Drag a slide, that uses the renamed master slide, from the copy of the document to the original one

It's needed enough that someone made a wikihow: https://www.wikihow.com/Copy-a-LibreOffice-Impress-Master-Slide archive.org

How to change the master slide for a layout that is not "Title, Content"

I could not find a way to do it, but read on for a workaround.

I found an ask.libreoffice.org question that went unanswered.

I asked on #libreoffice on IRC and got no answer:

Hello. I'm doing the layout for a presentation in impress, and I can edit all sorts of aspects of the master slide. It seems that I can only edit the "Title, Content" layout of the master slide, though. I'd like to edit, for example, the "Title only" layout so that the title appears in a different place than the top of the page. Is it possible to edit specific layouts in a master page?

In the master slide editor it seems impossible to select a layout, for example.

Alternatively I tried creating multiple master slides, but then if I want to create a master slide for a title page, there's no way to remove the outline box, or the title box.

My work around has been to create multiple master slides, one for each layout. For a title layout, I moved the outline box into a corner, and one has to remove it manually after create a new slide.

There seems to be no way of changing the position of elements not found in the "Title, Content" layout, like "Subtitle". On the other hand, given that one's working with an entirely different master slide, one can abuse the outline box as a subtitle.

Note that if you later decide to change a style element for all the slides, you'll need to go propagate the change to the "Styles and Formatting" menu of all master slides you're using.

Andrew Cater: Debian 10.5 media testing - 202001082250 - last few debian-live images being tested for amd64 - Calamares issue - Post 5 of several.

Sunday 2nd of August 2020 12:59:49 PM
Last few debian-live images being tested for amd64. We have found a bug with the debian-live Gnome flavour. This specifically affects installs after booting from the live media and then installing to the machine using  the Calamares installer found on the desktop. The bug was introduced as a fix for one issue that has produced further buggy behaviour as a result.

Fixes are known - we've had highvoltage come and debug them with us - but will not be put out with this release but will wait for the 10.6 release which will allow for a longer time for debugging overall.
You can still run from the live-media, you can still install with the standard Debian installers found in the menu of the live-media disk - this is _only_ a limited time issue with the Calamares installer. At this point in the release cycle, it's been judged better to release the images as they are - with known and documented issues - than to try and debug them in a hurry and risk damaging or delaying a stable point release.

Enrico Zini: Gender, inclusive communities, and dragonflies

Sunday 2nd of August 2020 09:32:10 AM

From https://en.wikipedia.org/wiki/Dragonfly#Sex_ratios:

Sex ratios

The sex ratio of male to female dragonflies varies both temporally and spatially. Adult dragonflies have a high male-biased ratio at breeding habitats. The male-bias ratio has contributed partially to the females using different habitats to avoid male harassment.

As seen in Hine's emerald dragonfly (Somatochlora hineana), male populations use wetland habitats, while females use dry meadows and marginal breeding habitats, only migrating to the wetlands to lay their eggs or to find mating partners.

Unwanted mating is energetically costly for females because it affects the amount of time that they are able to spend foraging.

Molly de Blanc: busy busy

Saturday 1st of August 2020 09:15:24 PM

I’ve been working with Karen Sandler over the past few months on the first draft of the Declaration of Digital Autonomy. Feedback welcome, please be constructive. It’s a pretty big deal for me, and feels like the culmination of a lifetime of experiences and the start of something new.

We talked about it at GUADEC and HOPE. We don’t have any other talks scheduled yet, but are available for events, meetups, dinner parties, and b’nai mitzvahs.

Andrew Cater: Debian 10.5 media testing - 202008012055 - post 4 of several

Saturday 1st of August 2020 09:01:30 PM
We've more or less finished testing on the Debian install images. Now moving on to the debian-live images. Bugs found and being triaged live as I type. Lots of typing and noises in the background of the video conference. Now at about 12-14 hours in on this for some of the participants. Lots of good work still going on, as ever.

Andrew Cater: Debian 10.5 media testing - pause for supper - 202001081715 - post 3 of several

Saturday 1st of August 2020 05:37:10 PM
Various of the folk doing this have taken a food break until 1900 local. A few glitches, a few that needed to be tried over again - but it's all going fairly well.
It is likely that at least one of the CD images will be dropped. The XFCE desktop install CD for i386 is now too large to fit on CD media. The netinst .iso files / the DVD 1 file / any of the larger files available via Jigdo will all help you achieve the same result.

There are relatively few machines that are i386 architecture only - it might be appropriate for people to use 64 bit amd64 from this point onwards as pure i386 machines are now approaching ten years old as a minimum. If you do need a graphical user environment for a pure i386 machine, it can be installed by using an expert install or using tasksel in the installation process.

Holger Levsen: 20200801-debconf3

Saturday 1st of August 2020 05:28:28 PM
DebConf3

This tshirt is 17 years old and from DebConf3. I should probably wash it at 60 celcius for once...

DebConf3 was my first DebConf and took place in Oslo, Norway, in 2003. I was very happy to be invited, like any Debian contributor at that time, and that Debian would provide food and accomodation for everyone. Accomodation was sleeping on the floor in some classrooms of an empty school and I remember having tasted grasshoppers provided by a friendly Gunnar Wolf there, standing in line on the first day with the SSH maintainer (OMG!1 (update: I originally wrote here that it wasn't Colin back then, but Colin mailed me to say that he was indeed maintaining SSH even back then, so I've met a previous maintainer there)) and meeting the one Debian person I had actually worked with before: Thomas Lange or MrFAI (update: Thomas also mailed me and said this was at DebConf5). In Oslo I also was exposed to Skolelinux / Debian Edu for the first time, saw a certain presentation from the FTP masters and also noticed some people recording the talks, though as I learned later these videos were never released to the public. And there was this fiveteen year old called Toresbe, who powered on the PDP's which were double his age. And then actually made use of them. And and and.

I'm very happy I went to this DebConf. Without going my Debian journey would have been very different today. Thanks to everyone who made this such a welcoming event. Thanks to anyone who makes any event welcoming!

Andrew Cater: Debian 10.5 media testing - continuing quite happily - 202001081320 - post 2 of several

Saturday 1st of August 2020 05:24:03 PM
We've now settled into a reasonable rhythm: RattusRattus and Isy and Sledge all working away hard in Cambridge: Schweer in Germany and me here in Cheltenham.
Lots of chat backwards and forwards and a good deal of work being done, as ever.
It's really good to be back in the swing of it and we owe thanks to folk for setting up infrastructure for us to use for video chat, which makes a huge difference: even though I know what they're like, it's still good to see my colleagues.

Andrew Cater: Debian 10.5 media testing process started 202008011145 - post 1 of several.

Saturday 1st of August 2020 01:01:52 PM
The media testing process has started slightly late. There will be a _long_ testing process over much of the day: the final media image releases are likely to be at about 0200-0300UTC tomorrow.
Just settling in for a long day of testing: as ever, it's good to be chatting with my Debian colleagues in Cambridge and with Schweer in Germany. It's going to be a hot one - 30 Celsius (at least) and high humidity for all of us.
EDIT: Corrected for UTC :)

Andrew Cater: Debian 10.5 Buster point release 20200801 - all of the fixes :)

Saturday 1st of August 2020 11:13:56 AM
The point release is happening today for Debian Buster 10.5. This is an important release because it incorporates all the recent security fixes from the latest GRUB / Secure Boot "Boothole" security problems.
Behind the scenes, there has been a lot of work to get this right: a release subject to an embargo to allow all the Linux releases to co-ordinate this as far as possible, lots of consistent effort, lots of cooperation - the very best of Free/Libre/Open Source working together.
Secure Boot shims are signed with a different key to go to upstream this time around: in due course, when revocation of old, insecure code happens to plug the security hole, older media may be deny-listed. All the updates for all the affected packages (listed in https://www.debian.org/security/2020-GRUB-UEFI-SecureBoot/ ) are included in this release.

This has been a major wake-up call: the work behind the scenes has meant that each affected Linux distribution will be in a much better position going forward and working together is always good.

Utkarsh Gupta: FOSS Activites in July 2020

Saturday 1st of August 2020 09:00:00 AM

Here’s my (tenth) monthly update about the activities I’ve done in the F/L/OSS world.

Debian

This was my 17th month of contributing to Debian. I became a DM in late March last year and a DD last Christmas! \o/

Well, this month I didn’t do a lot of Debian stuff, like I usually do, however, I did a lot of things related to Debian (indirectly via GSoC)!

Anyway, here are the following things I did this month:

Uploads and bug fixes: Other $things:
  • Mentoring for newcomers.
  • FTP Trainee reviewing.
  • Moderation of -project mailing list.
  • Sponsored php-twig for William, ruby-growl, ruby-xmpp4r, and uby-uniform-notifier for Cocoa, sup-mail for Iain, and node-markdown-it for Sakshi.
GSoC Phase 2, Part 2!

In May, I got selected as a Google Summer of Code student for Debian again! \o/
I am working on the Upstream-Downstream Cooperation in Ruby project.

The first three blogs can be found here:

Also, I log daily updates at gsocwithutkarsh2102.tk.

Whilst the daily updates are available at the above site^, I’ll breakdown the important parts of the later half of the second month here:

  • Marc Andre, very kindly, helped in fixing the specs that were failing earlier this month. Well, the problem was with the specs, but I am still confused how so. Anyway..
  • Finished documentation of the second cop and marked the PR as ready to be reviewed.
  • David reviewed and suggested some really good changes and I fixed/tweaked that PR as per his suggestion to finally finish the last bits of the second cop, RelativeRequireToLib.
  • Merged the PR upon two approvals and released it as v0.2.0!

Paul Wise: FLOSS Activities July 2020

Saturday 1st of August 2020 12:58:13 AM
Focus

This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes Issues Review Administration
  • Debian wiki: unblock IP addresses, approve accounts, reset email addresses
Communication Sponsors

The purple-discord, ifenslave and psqlodbc work was sponsored by my employer. All other work was done on a volunteer basis.

Junichi Uekawa: August and feels like it finally.

Saturday 1st of August 2020 12:54:04 AM
August and feels like it finally. July didn't feel like July and felt like June because it rained so much. This is summer.

Ben Hutchings: Debian LTS work, July 2020

Friday 31st of July 2020 10:40:00 PM

I was assigned 20 hours of work by Freexian's Debian LTS initiative, but only worked 5 hours this month and returned the remainder to the pool.

Now that Debian 9 'stretch' has entered LTS, the stretch-backports suite will be closed and no longer updated. However, some stretch users rely on the newer kernel version provided there. I prepared to add Linux 4.19 to the stretch-security suite, alongside the standard package of Linux 4.9. I also prepared to update the firmware-nonfree package so that firmware needed by drivers in Linux 4.19 will also be available in stretch's non-free section. Both these updates will be based on the packages in stretch-backports, but needed some changes to avoid conflicts or regressions for users that continue using Linux 4.9 or older non-Debian kernel versions. I will upload these after the Debian 10 'buster' point release.

Chris Lamb: Free software activities in July 2020

Friday 31st of July 2020 09:55:07 PM

Here is my monthly update covering what I have been doing in the free and open source software world during July 2020 (previous month):

  • Opened a pull request to make the build reproducible in PyERFA, a set of Python bindings for various astronomy-related utilities (#45), as well as one for PeachPy assembler to make the output of codecode/x86_64.py reproducible (#108).

SPI is a non-profit corporation that acts as a fiscal sponsor for organisations that develop open source software and hardware.
  • As part of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthly meetings and participated in various licensing and other discussions occurring on the internet, as well as the usual internal discussions regarding logistics and policy etc. This month, it was SPI's Annual General Meeting and the OSI has been running a number of remote strategy sessions for the board.

  • Fixed an issue in my tickle-me-email library that implements Getting Things Done (GTD)-like behaviours in IMAP inboxes to ensure that all messages have a unique Message-Id header. [...]

  • Reviewed and merged even more changes by Pavel Dolecek into my Strava Enhancement Suite, a Chrome extension to improve the user experience on the Strava athletic tracker.

  • Updated travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub, to use the Travis CI continuous integration platform) to fix a compatibility issue with the latest version of mk-build-deps. [...][...]


Lintian analyses Debian packages and reports bugs and policy violations. It contains automated checks for many aspects of Debian policy as well as checks for common errors.

For Lintian, the static analysis tool for Debian packages:

  • Update the regular expression to search for all the released versions in a .changes file. [...]

  • Avoid false-positives when matching sensible-utils utilities such as i3-sensible-pager. (#966022)

  • Rename the send-patch tag to patch-not-forwarded-upstream. [...]

  • Drop reminders from 26 tags that false-positives should be reported to Lintian as this is implicit in all our tags. [...]


§


Reproducible Builds

One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security. However, whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into ostensibly secure software during the various compilation and distribution processes.

The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.


Conservancy is not-for-profit 501(c)(3) charity focused on ethical technology and user freedom.

The project is proud to be a member project of the Software Freedom Conservancy. Conservancy acts as a corporate umbrella allowing projects to operate as non-profit initiatives without managing their own corporate structure. If you like the work of the Conservancy or the Reproducible Builds project, please consider becoming an official supporter.

This month, I:



§


Diffoscope
diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

Elsewhere in our tooling, I made the following changes to diffoscope, including preparing and uploading versions 150, 151, 152, 153 & 154 to Debian:

  • New features:

    • Add support for flash-optimised F2FS filesystems. (#207)
    • Don't require zipnote(1) to determine differences in a .zip file as we can use libarchive. [...]
    • Allow --profile as a synonym for --profile=-. [...]
    • Increase the minimum length of the output of strings(1) to eight characters to avoid unnecessary diff noise. [...]
    • Drop some legacy argument styles: --exclude-directory-metadata and --no-exclude-directory-metadata have been replaced with --exclude-directory-metadata={yes,no}. [...]
  • Bug fixes:

    • Pass the absolute path when extracting members from SquashFS images as we run the command with working directory in a temporary directory. (#189)
    • Correct adding a comment when we cannot extract a filesystem due to missing libguestfs module. [...]
    • Don't crash when listing entries in archives if they don't have a listed size such as hardlinks in ISO images. (#188)
  • Output improvements:

    • Strip off the file offset prefix from xxd(1) and show bytes in groups of 4. [...]
    • Don't emit javap not found in path if it is available in the path but it did not result in an actual difference. [...]
    • Fix ... not available in path messages when looking for Java decompilers that used the Python class name instead of the command. [...]
  • Logging improvements:

    • Add a bit more debugging info when launching libguestfs. [...]
    • Reduce the --debug log noise by truncating the has_some_content messages. [...]
    • Fix the compare_files log message when the file does not have a literal name. [...]
  • Codebase improvements:

    • Rewrite and rename exit_if_paths_do_not_exist to not check files multiple times. [...][...]
    • Add an add_comment helper method; don't mess with our internal list directly. [...]
    • Replace some simple usages of str.format with Python 'f-strings' [...] and make it easier to navigate to the main.py entry point [...].
    • In the RData comparator, always explicitly return None in the failure case as we return a non-None value in the success one. [...]
    • Tidy some imports [...][...][...] and don't alias a variable when don't end up it and use _ instead. [...]
    • Clarify the use of a separate NullChanges quasi-file to represent missing data in the Debian package comparator [...] and clarify use of a 'null' diff in order to remember an exit code. [...]
  • Misc:


§



Debian

In Debian, I made the following uploads this month:


§


Debian LTS

This month I have worked 18 hours on Debian Long Term Support (LTS) and 12 for the Extended LTS project. This included:

You can find out more about the project via the following video:

More in Tux Machines

Red Hat and Fedora Leftovers

           
  • The Red Hat story
  •        
  • Fedora Community Blog monthly summary: July 2020

    This is the second in what I hope to make a monthly series summarizing the past month on the Community Blog. Please leave a comment below to let me know what you think. Stats In July, we published 20 posts. The site had 6,463 visits from 4,128 unique viewers. 

  • Fedora rawhide – fixed bugs 2020/07
  • Red Hat Virtualization: The now and the next

    We’re excited to announce that Red Hat Virtualization 4.4, the latest update to our mature and trusted virtualization solution for traditional virtual machine (VM)-based workloads, will be generally available this week. As the established virtualization landscape shifts towards cloud-native technologies, Red Hat Virtualization has continued to provide the ability for businesses to deploy, configure and manage traditional workloads. With this latest release, Red Hat Virtualization is now rebased to Red Hat Enterprise Linux 8.2 and offers a more seamless integration with Red Hat OpenShift, providing a solution that can launch the next-generation of cloud-native applications while providing a foundation for VMs today. From traditional to cloud-native, virtualization here and now Red Hat is uniquely positioned to provide virtualization solutions for both traditional and containerized applications. With Red Hat Virtualization, we remain committed to providing customers robust and stable datacenter virtualization based upon KVM.  Based on RHEL 8.2, Red Hat Virtualization 4.4 inherits all of the stability, performance and security improvements that you trust for your most business critical workloads while adding new capabilities that make it even easier to manage a large virtual environment. We’ve also  improved observability with new dashboards for the Data Warehouse (DWH) showing performance and capacity of all your critical inventory. This leads to actionable results with unique analysis and trends of which workloads need attention, and when you need to add more hardware. Other improvements for virtualization admin include easier network configuration with NetworkManager. 

  • Creating an enterprise service request bridge between ServiceNow ITOM and Red Hat Ansible Tower

    At Keyva, we see clients in all phases of their automation journey. Some organizations are just starting out and automating domain lifecycle tasks, such as provisioning firewall rules or automating server builds, while others may be well down the path of creating self-service IT capabilities. In most cases, regardless of where a team is on its journey, they eventually want to arrive at the point where they can provide self-service IT capabilities to the teams and users that want to consume them.  At a basic level, self-service IT requests require two primary pieces of functionality: a request portal and automated request fulfillment. Let’s briefly look at both components.

  • Powering digital transformation at Royal Bank of Canada with Red Hat platforms

    Enterprises across the globe are looking to transform their operations and services to better align with current conditions. To succeed, they also need to adopt the latest technologies. Even the most traditional businesses - such as banks and financial institutions - need to use innovative approaches to deliver leading-edge solutions to their clients and partners.   As our customers begin to evaluate their digital transformation options, they are looking for a trusted partner to work with and a proven infrastructure platform to innovate upon. These are  often the key factors for success. Take Royal Bank of Canada (RBC), for instance. RBC is in the top 10 of global banks with over 86,000 employees and a complex IT environment.  As a leader in technology and innovation, RBC has been at the forefront of digital transformation. The bank has been recognized with multiple industry awards and honors, and continues to innovate to better serve their customers.

Is the Python Community Becoming Toxic?

The Python community is amazing. I started learning Python over 15 years ago and the community was almost always very supportive in helping me figure things out. However, the past few years there seems to have been a shift. I’m not sure if it’s just because Python has grown so much in popularity or if it’s something more basic, such as people becoming more sensitive about things. Whatever it is, the community seems to be heading away from what it once was. I first started thinking about this during Brett Cannon’s PyCon keynote about his experiences in the open-source community and how we need to be nice to each other. Too many people think they can be rude when requesting features or bug fixes. But he also mentioned that maintainers also need to have a good attitude and not drive away potential new contributors. A couple months after this keynote was when Guido Van Rossum, creator of the Python language, suddenly retired as the head of Python. At the time, the reason given was that there was so much acrimony and fighting over PEP 572 that he stepped down early. This year we saw multiple members of the PyTest team drop out of the project. While Reddit and StackOverflow remain very popular, in my experience I have found them to be difficult to break into. The Reddit Python community, while very large and diverse, is full of trolls and the moderators don’t seem to follow Reddit’s own rules. I personally have had problems simply posting articles on there while others I know have been harassed because their project wasn’t deemed to be “Pythonic” enough. The PySimpleGUI project has been demonized repeatedly there, for example. Read more

Linux 5.9: close_range(), Keem Bay, and FSGSBASE

  • Linux 5.9 Set To Bring "Close_Range" System Call - Coordinated With FreeBSD Developers

    The close_range() system call is intended to allow efficiently closing a range of file descriptors (or all file descriptors) of the calling task. This system call was devised in cooperation with FreeBSD developers.  FreeBSD developers merged their compatible close_range system call all the way back in April 2019 while now for Linux 5.9 in August 2020 this system call is deemed ready for inclusion. 

  • Linux 5.9 Adds Intel "Keem Bay" Support, 8 Snapdragon Smartphones, AMD EthanolX BMC, Old Tegra Tablets

    There are many ARM changes coming to Linux 5.9, including support for Intel's Keem Bay.  Keem Bay is the Intel SoC by way of their Movidius acquisition that is built for edge AI computing. Keem Bay is a SoC built with Arm Cortex A53 processors and an Intel Movidius VPU. Intel acquired Movidius in 2016 and has continued advancing their low-power, computer vision hardware. Intel published a DRM driver for Keem Bay and other driver changes while the pull request being talked about today is the actual ARM platform enablement.  Along with Keem Bay, new Arm SoC families being supported by the mainline Linux 5.9 kernel are Microchip SparX5 and Mediatek Infinity3 / Mercury5. 

  • After 5 Years, FSGSBASE Support Finally Ready For Linux To Enhance AMD/Intel Performance

    The Linux kernel work for making use of the x86_64 FSGSBASE instruction since Intel Ivy Bridge and since then AMD CPUs also is set to finally land with the in-development Linux 5.9 kernel. The FSGSBASE support has the possibility of helping Intel/AMD CPU performance especially in areas like context switching that had been hurt badly by Spectre/Meltdown and other CPU vulnerability mitigations largely on the Intel side.  Intel developers started the FSGSBASE Linux support around five years ago but never got through in getting it mainlined. Microsoft's Linux kernel engineer then a few months back decided to take up the work to try to get it mainlined as even Microsoft found value in the performance benefits. 

Today in Techrights