advogato

Posts to be exported to the free software community at Advogato.

Review, approve chromium, gnome-terminal and radeontop screenshots. Disgusted to see the level of creativity GPL violators have. Words of encouragement on #debian-mentors. Pleased to see Tails reproducible builds funding by Mozilla. Point out build dates in versions leads to non-reproducible builds. Point out apt-file search to someone looking for a binary of kill. Review wiki RecentChanges. Alarmingly windy. Report important Debian bug #828215 against unattended-upgrades. Clean up some code in check-all-the-things and work on fixing Debian bug #826089. Wind glorious wind! Much clearer day, nice view of the mountain. More check-all-the-things code clean up and finish up fixing Debian bug #826089. Twinkling city lights and more wind. Final code polish during dinner/discussion. Wandering in the wind amongst the twinklies. Whitelisted one user in the wiki anti-spam system. Usual spam reporting.

Posted Sun Jun 26 19:31:25 2016 Tags: advogato

Review wiki RecentChanges since my bookmark. Usual spam reporting. Mention microG on #debian-mobile. Answer pkg-config question on #debian-mentors. Suggest using UUIDs in response to a debian-arm query. Reported Debian bug #828103 against needrestart. A giant yellow SOS crane between the balcony hacklab and a truly misty city. Locate the 2014 Debian & stuff podcast on archive.org. Poke the SPARC porters in response to a suggestion on debian-www. Mention systemctl daemon-reload wrt buildd service changes. Automate updating some extension lists from check-all-the-things. Reported wishlist Debian bug #828128 against debsources. Engage lizard mode! Wish for better display technology. Nice vegetarian food with nice folks and interesting discussions with interesting locals. Polish and release check-all-the-things. Close bugs I forgot to close in the changelog. Add link to debian-boot on Debootstrap wiki page. Notice first mockup of a theme for Debian stretch. Answer a question about package naming on #debian-mentors. Discuss the future of cross compilation on Debian. Notice a talk about FOSSology & update a wiki page. Mention AsteroidOS and MaruOS on the mobile wiki page. Contemplate how close to the FSDG Debian might be and approaches to improving that.

Posted Sat Jun 25 19:49:32 2016 Tags: advogato

Hating jetlag based headache. Disturbed to see the Brexit result. Review wiki RecentChanges. Answer some questions about Launchpad on #debian-mentors. Whitelisted one user in the wiki anti-spam system. Reviewed and sponsored yamllint 1.2.2-1 upload. Noted OFSET repo is broken and updated Freeduc info. Noted the Epidemic-Linux website is having database issues. Noted that Facebook finally completely dropped their RSS feeds, dropped Facebook RSS feed URL generation from the Debian derivatives census scripts and notified the affected derivatives. Cleared up Tanglu hash sum mismatches again. Minor changes to Planet Debian derivatives. Enjoyed the photos from Valessio. Hazy city away from the mountain and tablecloth clouds flowing over the mountain on the way to a pub lunch. Jet lag headaches seem to be subsiding thankfully. Ping someone generating a bounce when changing their SSH key. Mention autorevision and other suggestions in an IRC discussion about mesa & reproducible builds. Review some DebConf16 announcements and add minor fix. Push out some TODO items to check-all-the-things. Ask for a dd-list for the GCC 6 transition. Usual spam reporting throughout the day via manual List-Archive copy-paste, feeding mboxen to my report-spam-debian-lists and report-spam-debian-bugs scripts and manual BTS clicks. Usual wondering why there isn't an RFC for MUA spam reporting. Disturbed by the sudden appearance of an astronautess in the orga room but placated by a plentiful supply of crisps. Ask x32 folks about debian-x32.org vs x32 on ports.d.o. Glad to just avoid the room shuffle dance. Finish mime support for check-all-the-things. Disappointed that piz.za does not actually resolve. Amused by pollito's virtual tour of UTC. Completely stuffed full of Butleritos.

Posted Fri Jun 24 17:46:11 2016 Tags: advogato

Today is officially the first day of DebCamp 2016. The night wasn't as cold as I had feared. Woke at 5am for some reason. Noted the network still blocks port 6697 and 7000, worked around in IRC client configuration using 9999. Reply to network discussion to point that out. Minor changes to the empathy Debian RTC wiki page. Answer support@mentors.d.n bug email about shared company OpenPGP keys and suggest moving to individual keys. Review wiki RecentChanges. Comment on NetworkManager upstream bug #705545 that MAC address privacy is a complicated feature with many use cases. Warn another person that reporting Alioth to SpamCop does nothing and link to the unsubscription URL. Talk to Brown about IP address conflict sparc64 porters found with the setup of notker (sparc64 build machine). Filed Debian wishlist bug #827944 against at asking for support for using an editor to write at jobs. Woke up properly, discussed spam over breakfast. Notice Point Linux in the Distrowatch feed and invite them to the derivatives census. Point out reproducible builds in a discussion about source-only uploads. Commented that I encountered evolution upstream crash bug #680471 again. Reported gnome-shell upstream crash bug #767969. Joined the tour around the campus, enjoyed the view from the outdoor hacklab at the top of the hill. Confirmed that "Monkey Gland" from the pub menu is not in fact derived from monkeys in any way. Noted that Pollito did not eat chicken from the buffet. Beat head against VPN/SIP/WebRTC for a while but oncoming jetlag put me out of business for some hours. Pointed out the future Packages.gz removal in favour of Packages.xz to the popcon developers.

Posted Thu Jun 23 21:16:41 2016 Tags: advogato

Landed late due to technical delays. Mountains! Mountains are everywhere! Beautiful sunny day with clear blue skies. Ran into Valessio as I was shown to my room. Wandered around the campus for a bunch of hours. Ate an all you can eat yum buffet lunch at the pub. Wandered down the hill and ended up on the train and wandering around a lake with lilies in a park. Arriving back at UCT we ran into a beer mission along with some wonderful arriving folks. The warm DebConf nervous centre was quite inviting and soon had plentiful beer, pizza and discussion.

Posted Wed Jun 22 16:34:18 2016 Tags: advogato

Become a Software Freedom Conservancy Supporter!

The GPL is not magic pixie dust. It does not work by itself.
The first step is to choose a copyleft license for your code.
The next step is, when someone fails to follow that copyleft license, it must be enforced
and its a simple fact of our modern society that such type of work
is incredibly expensive to do and incredibly difficult to do.

-- Bradley Kuhn, in FaiF episode 0x57

As the Debian Website used to imply, public domain and permissively licensed software can lead to the production of more proprietary software as people discover useful software, extend it and or incorporate it into their hardware or software products. Copyleft licenses such as the GNU GPL were created to close off this avenue to the production of proprietary software but such licenses are not enough. With the ongoing adoption of Free Software by individuals and groups, inevitably the community's expectations of license compliance are violated, usually out of ignorance of the way Free Software works, but not always. As Karen and Bradley explained in FaiF episode 0x57, copyleft is nothing if no-one is willing and able to stand up in court to protect it. The reality of today's world is that legal representation is expensive, difficult and time consuming. With gpl-violations.org in hiatus until some time in 2016, the Software Freedom Conservancy (a tax-exempt charity) is the major defender of the Linux project, Debian and other groups against GPL violations. In March the SFC supported a lawsuit by Christoph Hellwig against VMware for refusing to comply with the GPL in relation to their use of parts of the Linux kernel. Since then two of their sponsors pulled corporate funding and conferences blocked or cancelled their talks. As a result they have decided to rely less on corporate funding and more on the broad community of individuals who support Free Software and copyleft. So the SFC has launched a campaign to create a community of folks who stand up for copyleft and the GPL by supporting their work on promoting and supporting copyleft and Free Software.

If you support Free Software, like what the SFC do, agree with their compliance principles, are happy about their successes in 2015, work on a project that is an SFC member and or just want to stand up for copyleft, please join Christopher Allan Webber, Carol Smith, Jono Bacon, myself and others in becoming a supporter. For the next week your donation will be matched by an anonymous donor. Please also consider asking your employer to match your donation or become a sponsor of SFC. Don't forget to spread the word about your support for SFC via email, your blog and or social media accounts.

Posted Fri Nov 27 03:48:35 2015 Tags: advogato

Don't worry, they can't cope with our atmosphere.

Alien on the ground

Perhaps they are just playing dead. Don't turn your back if you see one.

Folks may want to use this alien in free software. The original photo is available on request. To the extent possible under law, I have waived all copyright and related or neighboring rights to this work. The alien has signed a model release. An email or a link to this page would be appreciated though.

Posted Mon Jun 29 08:29:36 2015 Tags: advogato

Continuing the #newinjessie game:

There are a number of development and QA tools that are new in jessie:

  • autorevision: store VCS meta-data in your release tarballs and use it during build
  • git-remote-bzr: bidirectional interaction with Bzr repositories for git users
  • git-remote-hg: bidirectional interaction with Mercurial repositories for git users
  • corekeeper: dump core files when ELF programs crash and send you mail
  • adequate: check installed Debian packages for various issues
  • duck: check that the URLs in your Debian package are still alive
  • codespell: search your code for spelling errors and fix them
  • iwyu: include only the headers you use to reduce compilation time
  • clang-modernize: modernise your C++ code to use C++11
  • shellcheck: check shell scripts for potential bugs
  • bashate: check shell scripts for stylistic issues
  • libb-lint-perl: check Perl code for potential bugs and style issues
  • epubcheck: validate your ePub docs against the standard
  • i18nspector: check the work of translators for common issues
Posted Tue May 5 05:10:06 2015 Tags: advogato dev newinjessie qa

Process Identifiers (PIDs) are a scarce resource. On Linux they are only 15 bits by default. The Process Identifier Preservation Society (PIPS) aims to reduce abuse and wastage of the PID space. To join the society please read the following advice.

Common issues

Several languages generally allow you to run all your code in one process. Some of the code that you might want to incorporate or use is not available in the form of ELF libraries or language specific libraries but only in the form of ELF binaries or interpreted scripts. As a result using additional PID space is sometimes unavoidable. Many languages have multiple methods of starting external processes and usually some of them waste PID space by running commands in a shell. You can avoid those methods or use the exec builtin to preserve the shell PID. It might be tempting to explicitly use shell in languages that don't allow implicit shell use but that just wastes extra PIDs.

Several languages allow you to fork one process into two, this uses an extra PID and is to be avoided unless necessary.

Shell

Programs written in the shell languages use a lot of PIDs. Even shells that have a lot of shell builtins (like busybox sh) appear to use the PID space by forking a child process. To join PIPS you should just stop writing programs in shell or use as many builtins as possible and use exec to preserve PIDs.

Init

Several init systems are written in or use shell extensively and thus eat huge bowls of PIDs for breakfast. To join the PIPS you should switch away from sysvinit, openrc, init=/bin/sh etc.

C/C++

The common issues section applies to the C/C++ language. To join PIPS you should rewrite your code to use fork()+exec(), g_spawn*() or libpipeline instead of the g_spawn_command_line*(), system() and popen() functions.

Perl

The common issues section applies to the Perl language. To join PIPS you should rewrite your code to avoid backticks and only pass arrays to the system(), open(), open2(), open3() functions.

PHP

The common issues section applies to the PHP language. To join PIPS you should rewrite your code to use pcntl_exec() instead of backticks, exec(), system(), passthru(), shell_exec(), popen() and proc_open(). Apparently pcntl_exec() is disabled by default on Debian and pcntl_* are often unavailable so you should just not spawn processes. You could also just drop PHP already.

Python

The common issues section applies to the Python language. To join PIPS you should rewrite your code to use the subprocess module and avoid passing shell=True to the subprocess.Popen() function. The os.system(), os.popen() functions and the commands module all run their commands in a shell, wasting PID space. The popen2 module requires passing arrays instead of strings in order to avoid the command being run in a shell.

Java

The common issues section applies to the Java language. To join PIPS you should rewrite your code to use ProcessBuilder or only pass arrays of strings to Runtime.getRuntime().exec().

Haskell

The common issues section applies to the Haskell language. To join PIPS you should only ever pass a RawCommand to createProcess and never use the shell, system, runCommand or runInteractiveCommand functions from the System.Process and System.Cmd libraries.

OCaml

The common issues section applies to the OCaml language. To join PIPS you should rewrite your code to use fork+exec or the create_process* wrappers instead of system, open_process, open_process_in, open_process_out and open_process_full.

Go

Go allows running external processes but doesn't allow you to waste PID space by running commands in shell. Avoid explicitly running the shell though.

Rust

Rust allows running external processes but doesn't allow you to waste PID space by running commands in shell. Avoid explicitly running the shell though.

Erlang

The common issues section applies to the Erlang language. To join PIPS you should rewrite your code to use erlang:open_port({spawn_executable, ...}, ...) instead of os:cmd or the other options to erlang:open_port.

Node.js

The common issues section applies to the Node.js language. To join PIPS you should rewrite your code to use the child_process.execFile() function (or other child_process functions) instead of child_process.exec().

Julia

Julia allows running external processes but doesn't allow you to waste PID space by running commands in shell. It emulates a lot of shell features instead. Avoid explicitly running the shell though.

Dart

The common issues section applies to the Dart language. To join PIPS simply do not enable the runInShell parameter of the Process object.

PS

Let me know if I missed something in one of these languages. You should also do most of the above to avoid shell metacharacter injection attacks that usually allow arbitrary code execution. Dear language authors, don't allow running external processes in shell, kthxbye!

Posted Mon Feb 17 03:38:47 2014 Tags: advogato humour

I think that hexadecimal is a fairly poor pre-encoding for information exchange via data to speech and speech to data engines (aka voice boxes, brains and fingers). Reading out and typing long strings of hexadecimal digits at OpenPGP keysignings is tedious and annoying.

There have been some experiments using photography and QR codes for this, which I think is pretty cool but not always practical since not everyone has a camera and QR code software installed.

An alternative to this might be to pre-encode using a different scheme that encodes to less words in English speech. Diceware is one possibility that I recently experimented with. Diceware is a password generation scheme that encodes data from a random number generator (aka some dice) using a list of 7776 words. Each word thus represents a 5 digit number in base 6. Diceware is mainly used for generating strong and easier to remember passwords. So Diceware is the coupling between a non-digital random number generator and an interesting encoding scheme.

Below are my fingerprints in Diceware and Hexadecimal form. The Diceware form is longer to type at 69 characters, 40 for hex. The Diceware form has the advantage that it is only 16 words to say while the hexadecimal form is 40. I don't know if this will be more practical than hex but I can almost remember my entire fingerprint after reading it a few times so hopefully that will translate to practical use. A rough script for encoding your fingerprint in the Diceware encoding is available but I haven't implemented the reverse yet. I would be glad if someone could check it for correctness.

Diceware:    frame maze bear usgs deter wag prissy bush hoyt mayo upton child indy
Hexadecimal: 610B 28B5 5CFC FE45 EA1B  563B 3116 BA5E 9FFA 69A3

If you want to discuss this topic and try it out in person and attempt to understand my accent, I'll be at DebConf13 and OHM2013. Some downsides that I can think of are accents, multiple spellings and the inclusion of non-words and special characters in the wordlist. These can be solved by using a different wordlist created specifically for OpenPGP fingerprint exchange that only includes suitable words.

Update: there is a standard called PGP Word List that is much better than Diceware for this purpose. It maps 256 words to individual bytes, with different lists for odd and even bytes. Unfortunately it doesn't appear to be supported by GnuPG or signing-party.

This post was inspired by the screenshots for RedPhone. You can comment on this post on debian-project.

Posted Fri Jun 28 05:42:59 2013 Tags: advogato openpgp usability