Rocksolid Light

Welcome to Rocksolid Light

mail  files  register  newsreader  groups  login

Message-ID:  

core error - bus dumped

computers / Tech RSS Feeds / Planet Debian

SubjectAuthor
o Planet Debianrslight rss feeds

1
Planet Debian

<20bd12c3291857aa7e0f80983a0f97af@www.novabbs.org>

  copy mid

https://news.novabbs.org/computers/article-flat.php?id=707&group=rocksolid.feeds.tech#707

  copy link   Newsgroups: rocksolid.feeds.tech
Date: Tue, 23 Apr 2024 14:21:19 +0000
Subject: Planet Debian
From: usenet@novabbs.org (rslight rss feeds)
Newsgroups: rocksolid.feeds.tech
X-Rslight-Site: $2y$10$DTvTacaWOv4QJGWZYiWy8etOSj1CzHJqW1FG5Wffy0YEvXi/D1/Fm
X-Rslight-Posting-User: bcb44c4bfdc00840ca7de991b68926ba5a1543b9
Mime-Version: 1.0
Content-Type: text/plain; charset=utf-8; format=flowed
Content-Transfer-Encoding: 8bit
User-Agent: Rocksolid Light
Organization: Rocksolid Light
Message-ID: <20bd12c3291857aa7e0f80983a0f97af@www.novabbs.org>
 by: rslight rss feeds - Tue, 23 Apr 2024 14:21 UTC

Bits from Debian: Debian Project Leader Election 2024, Andreas Tille elected.
https://bits.debian.org/2024/04/dpl-elections-2024.html
April 22, 2024, 12:00 PM
The voting period for the Debian Project Leader election has ended. Please join
us in congratulating Andreas Tille as the new Debian Project Leader.
The new term for the project leader started on 2024-04-21.
369 of 1,010 Debian Developers voted using the Condorcet method.
More information about the results of the voting are available on the Debian Project Leader Elections 2024 page.
Many thanks all of our Developers for voting....
--------------------
Vincent Fourmond: QSoas version 3.3 is out
https://vince-debian.blogspot.com/2024/04/qsoas-version-33-is-out.html
April 22, 2024, 10:50 AM
Version 3.3 brings in new features, including reverse Laplace transforms and fits, pH fits, commands for picking points from a dataset, averaging points with the same X value, or perform singular value decomposition.
In addition to these new features, many previous commands were improved, like the addition of a bandcut filter in FFT filtering, better handling of the loading of files produced by QSoas itself, and a button to interrupt the processing of scripts.
There are a lot of other new fe...
--------------------
Russ Allbery: Review: The Stars, Like Dust
https://www.eyrie.org/~eagle/reviews/books/stars-like-dust.html
April 22, 2024, 2:22 AM
Review: The Stars, Like Dust, by Isaac Asimov

Series:
Galactic Empire #2


Publisher:
Fawcett Crest


Copyright:
1950, 1951


Printing:
June 1972


Format:
Mass market


Pages:
192

The Stars, Like Dust is usually listed as the first book in
Asimov's lesser-known Galactic Empire Trilogy since it takes place before
Pebble in the Sky. Pebble in the
Sky was published first, though, so I count it as the second book. It is...
--------------------
Bastian Venthur: Help needed: creating a WSDL file to interact with debbugs
https://venthur.de/2024-04-20-wsdl-for-debbugs.html
April 20, 2024, 11:45 AM
I am upstream and Debian package maintainer of
python-debianbts, which is a Python library that allows for
querying Debian’s Bug Tracking System (BTS). python-debianbts is used by
reportbug, the standard tool to report bugs in Debian, and therefore the glue
between the reportbug and the BTS.
debbugs, the software that powers Debian’s BTS, provides a SOAP
interface for querying the BTS. Unfortunately, SOAP is not a very popular
protocol anymore, and I’m facing the second migration to anothe...
--------------------
Louis-Philippe Véronneau: Montreal's Debian & Stuff - March 2024
https://veronneau.org/montreals-debian-stuff-march-2024.html
April 19, 2024, 9:45 PM
Time really flies when you are really busy you have fun! Our Montréal
Debian User Group met on Sunday March 31st and I only just found the time to
write our report :)
This time around, 9 of us we met at EfficiOS's offices1 to
chat, hang out and work on Debian and other stuff!
Here is what we did:
pollo:
did some clerical work for the DebConf videoteam
tried to book a plane ticket for DC24
triaged #1067620 (dependency problem with whipper)
closed #1067121 (flaky test in supysonic)
closed #10655...
--------------------
Reproducible Builds (diffoscope): diffoscope 265 released
https://diffoscope.org/news/diffoscope-265-released/
April 19, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 265. This version includes the following changes:
[ Chris Lamb ]
* Ensure that tests with "&gt;=" version constraints actually print the
corresponding tool name. (Closes: reproducible-builds/diffoscope#370)
* Prevent odt2txt tests from always being skipped due to an impossibly new
version requirement. (Closes: reproducible-builds/diffoscope#369)
* Avoid nested parens-in-parens when printing "skipping…" me...
--------------------
Jonathan McDowell: Sorting out backup internet #2: 5G modem
https://www.earth.li/~noodles/blog/2024/04/backup-internet-5g.html
April 18, 2024, 5:21 PM
Having setup recursive DNS it was time to actually sort out a backup internet connection. I live in a Virgin Media area, but I still haven’t forgiven them for my terrible Virgin experiences when moving here. Plus it involves a bigger contractual commitment. There are no altnets locally (though I’m watching youfibre who have already rolled out in a few Belfast exchanges), so I decided to go for a 5G modem. That gives some flexibility, and is a bit easier to get up and running.
I started by p...
--------------------
Thomas Koch: Minimal overhead VMs with Nix and MicroVM
https://blog.koch.ro/posts/2024-03-17-minimal-vms-nix-microvm.html
April 18, 2024, 3:27 PM
Posted on March 17, 2024


Tags: debian, free software, nix

Joachim Breitner wrote about a Convenient sandboxed development environment and thus reminded me to blog about MicroVM. I’ve toyed around with it a little but not yet seriously used it as I’m currently not coding.
MicroVM is a nix based project to configure and run minimal VMs. It can mount and thus reuse the hosts nix store inside the VM and thus has a very small disk footprint. I use MicroVM on a debian system...
--------------------
Thomas Koch: Rebuild search with trust
https://blog.koch.ro/posts/2024-01-20-rebuild-search-with-trust.html
April 18, 2024, 3:27 PM
Posted on January 20, 2024


Tags: debian, free software, life, search, decentralization

Finally there is a thing people can agree on:
2023-08-28, OSNews: The end of the Googleverse
2023-07-28, Cory Doctorow: Microincentives and Enshittification
2023-10-03, Cory Doctorow: Google’s enshittification memos
2024-01-15, Tim Bray: Mourning Google
Apparently, Google Search is not good anymore. And I’m not the only one thinking about decentralization to fix it:
Honey I federat...
--------------------
Thomas Koch: Using nix package manager in Debian
https://blog.koch.ro/posts/2024-01-16-using-nix-package-manager-in-debian.html
April 18, 2024, 3:27 PM
Posted on January 16, 2024


Tags: debian, free software, nix, life

The nix package manager is available in Debian since May 2020. Why would one use it in Debian?
learn about nix
install software that might not be available in Debian
install software without root access
declare software necessary for a user’s environment inside $HOME/.config
Especially the last point nagged me every time I set up a new Debian installation. My emacs configuration and my Desktop setup expe...
--------------------
Thomas Koch: Chromium gtk-filechooser preview size
https://blog.koch.ro/posts/2024-01-09-chromium-gtk-filechooser-preview-size.html
April 18, 2024, 3:27 PM
Posted on January 9, 2024


Tags: debian, free software, life

I wanted to report this issue in chromiums issue tracker, but it gave me:
“Something went wrong, please try again later.”
Ok, then at least let me reply to this askubuntu question. But my attempt to signup with my launchpad account gave me:
“Launchpad Login Failed. Please try logging in again.”
I refrain from commenting on this to not violate some code of conduct.
So this is what I wanted to write:
G...
--------------------
Thomas Koch: Good things come ... state folder
https://blog.koch.ro/posts/2024-01-02-good-things-state-folder.html
April 18, 2024, 3:27 PM
Posted on January 2, 2024


Tags: debian, free software, life

Just a little while ago (10 years) I proposed the addition of a state folder to the XDG basedir specification and expanded the article XDGBaseDirectorySpecification in the Debian wiki. Recently I learned, that version 0.8 (from May 2021) of the spec finally includes a state folder.
Granted, I wasn’t the first to have this idea (2009), nor the one who actually made it happen.
Now, please go ahead and use it! Tha...
--------------------
Russ Allbery: Review: Unseen Academicals
https://www.eyrie.org/~eagle/reviews/books/0-06-233500-6.html
April 18, 2024, 2:37 AM
Review: Unseen Academicals, by Terry Pratchett

Series:
Discworld #37


Publisher:
Harper


Copyright:
October 2009


Printing:
November 2014


ISBN:
0-06-233500-6


Format:
Mass market


Pages:
517

Unseen Academicals is the 37th Discworld novel and includes many of
the long-standing Ankh-Morpork cast, but mostly as supporting characters.
The main characters are a new (and delightful) bunch with their own
co...
--------------------
Samuel Henrique: Hello World
https://samueloph.dev/blog/hello-world/
April 18, 2024, 12:00 AM
This is my very first post, just to make sure everything is working as expected.
Made with Zola and the Abridge theme.
--------------------
Petter Reinholdtsen: RAID status from LSI Megaraid controllers in Debian
https://people.skolelinux.org/pere/blog/RAID_status_from_LSI_Megaraid_controllers_in_Debian.html
April 17, 2024, 3:00 PM
I am happy to report that
the megactl package,
useful to fetch RAID status when using the LSI Megaraid controller,
now is available in Debian. It passed NEW a few days ago, and is now
available in
unstable, and probably showing up in testing in a weeks time. The
new version should provide Appstream hardware mapping and should
integrate nicely with isenkram.
As usual, if you use Bitcoin and want to show your support of my
activities, please send Bitcoin donations to my address
15oWEoG9dUPovwmU...
--------------------
Dirk Eddelbuettel: RcppArmadillo 0.12.8.2.1 on CRAN: Micro Fix
http://dirk.eddelbuettel.com/blog/2024/04/16#rcpparmadillo_0.12.8.2.1
April 17, 2024, 2:00 AM
Armadillo is a powerful
and expressive C++ template library for linear algebra and scientific
computing. It aims towards a good balance between speed and ease of use,
has a syntax deliberately close to Matlab, and is useful for algorithm
development directly in C++, or quick conversion of research code into
production environments. RcppArmadillo
integrates this library with the R environment and language–and is
widely used by (currently) 1135 other packages on CRAN, downloaded 33.7 million
tim...
--------------------
Andreas Rönnquist: Status update for Allegro packaging in Debian
https://www.gusnan.se/blog/programming/status-update-for-allegro-packaging-in-debian/
April 15, 2024, 4:10 PM
I have mailed to a Debian bug on allegro4.4 describing my reasoning regarding the allegro libraries – in short, allegro4.4 is pretty much dead upstream, and my interest was basically to keep alex4 (which is cool) in Debian, but since it migrated to non-free, my interest in allegro4.4 has waned. So, if anybody would like to still see allegro4.4 in Debian, please step up now and help out. Since it is dead upstream, my reasoning is that it is better to remove it from Debian if no maintainer who w...
--------------------
Petter Reinholdtsen: Time to move orphaned Debian packages to git
https://people.skolelinux.org/pere/blog/Time_to_move_orphaned_Debian_packages_to_git.html
April 14, 2024, 7:30 AM
There are several packages in Debian without a associated git
repository with the packaging history. This is unfortunate and it
would be nice if more of these would do so. Quote a lot of these are
without a maintainer, ie listed as maintained by the
'Debian
QA Group' place holder. In fact, 438 packages have this property
according to UDD (SELECT source FROM sources WHERE release = 'sid'
AND (vcs_url ilike '%anonscm.debian.org%' OR vcs_browser ilike
'%anonscm.debian.org%' or vcs_url IS NULL OR...
--------------------
Simon Josefsson: Reproducible and minimal source-only tarballs
https://blog.josefsson.org/2024/04/13/reproducible-and-minimal-source-only-tarballs/
April 13, 2024, 4:44 PM
With the release of Libntlm version 1.8 the release tarball can be reproduced on several distributions. We also publish a signed minimal source-only tarball, produced by git-archive which is the same format used by Savannah, Codeberg, GitLab, GitHub and others. Reproducibility of both tarballs are tested continuously for regressions on GitLab through a CI/CD pipeline. If that wasn’t enough to excite you, the Debian packages of Libntlm are now built from the reproducible minimal source-only tar...
--------------------
Paul Tagliamonte: Domo Arigato, Mr. debugfs
https://notes.pault.ag/debugfs/
April 13, 2024, 1:27 PM
Years ago, at what I think I remember was DebConf 15, I hacked for a while
on debhelper to
write build-ids to debian binary control files,
so that the build-id (more specifically, the ELF note
.note.gnu.build-id) wound up in the Debian apt archive metadata.
I’ve always thought this was super cool, and seeing as how Michael Stapelberg
blogged
some great pointers around the ecosystem, including the fancy new debuginfod
service, and the
find-dbgsym-packages
helper, which uses these same headers, ...
--------------------
Russell Coker: Software Needed for Work
https://etbe.coker.com.au/2024/04/13/software-needed-for-work/
April 13, 2024, 7:08 AM
When I first started studying computer science setting up a programming project was easy, write source code files and a Makefile and that was it. IRC was the only IM system and email was the only other communications system that was used much. Writing Makefiles is difficult but products like the Borland Turbo series of IDEs did all that for you so you could just start typing code and press a function key to compile and run (F5 from memory).
Over the years the requirements and expectations of com...
--------------------
Scarlett Gately Moore: Kubuntu: Noble Numbat Beta available! Qt6 snaps coming soon.
https://www.scarlettgatelymoore.dev/kubuntu-noble-numbat-beta-available-qt6-snaps-coming-soon/
April 12, 2024, 7:29 PM
It has been a very busy couple of weeks as we worked against some major transitions and a security fix that required a rebuild of the $world. I am happy to report that against all odds we have a beta release! You can read all about it here: https://kubuntu.org/news/kubuntu-24-04-beta-released/ Post beta freeze I have already begun pushing our fixes for known issues today. A big one being our new branding! Very exciting times in the Kubuntu world.
In the snap world I will be using my free time...
--------------------
NOKUBI Takatsugu: mailman3-web error when upgrading to bookworm
http://blog.daionet.gr.jp/knok-e/2024/04/12/mailman3-web-error-when-upgrading-to-bookworm/
April 12, 2024, 1:34 PM
I tried to upgrade bullseye machien to bookworm, so I got the following error:
File “/usr/lib/python3/dist-packages/django/contrib/auth/mixins.py”, line 5, infrom django.contrib.auth.views import redirect_to_loginFile “/usr/lib/python3/dist-packages/django/contrib/auth/views.py”, line 20, infrom django.utils.http import (ImportError: cannot import name ‘url_has_allowed_host_and_scheme’ from ‘django.utils.http’ (/usr/lib/python3/dist-packages/django/utils/http.py)
During ha...
--------------------
Freexian Collaborators: Monthly report about Debian Long Term Support, March 2024 (by Roberto C. Sánchez)
https://www.freexian.com/blog/debian-lts-report-2024-03/
April 12, 2024, 12:00 AM
Like each month, have a look at the work funded by Freexian’s Debian LTS offering.
Debian LTS contributors
In March, 19 contributors have been paid to work on Debian
LTS, their reports are available:
Abhijith PA
did 0.0h (out of 10.0h assigned and 4.0h from previous period), thus carrying over 14.0h to the next month.
Adrian Bunk
did 59.5h (out of 47.5h assigned and 52.5h from previous period), thus carrying over 40.5h to the next month.
Bastien Roucariès
did 22.0h (out of 20.0h assigned and...
--------------------
Freexian Collaborators: Debian Contributions: SSO Authentication for jitsi.debian.social, /usr-move updates, and more! (by Utkarsh Gupta)
https://www.freexian.com/blog/debian-contributions-03-2024/
April 12, 2024, 12:00 AM
Contributing to Debian
is part of Freexian’s mission. This article
covers the latest achievements of Freexian and their collaborators. All of this
is made possible by organizations subscribing to our
Long Term Support contracts and
consulting services.
P.S. We’ve completed over a year of writing these blogs. If you have any
suggestions on how to make them better or what you’d like us to cover, or any
other opinions/reviews you might have, et al, please let us know by dropping an
email to u...
--------------------
Reproducible Builds (diffoscope): diffoscope 264 released
https://diffoscope.org/news/diffoscope-264-released/
April 12, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 264. This version includes the following changes:
[ Chris Lamb ]
* Don't crash on invalid zipfiles, even if we encounter 'badness'
halfway through the file. (Re: #1068705)
[ FC (Fay) Stegerman ]
* Fix a crash when there are (invalid) duplicate entries in .zip files.
(Closes: #1068705)
* Add note when there are duplicate entries in ZIP files.
(Closes: reproducible-builds/diffoscope!140)
[ Vagrant Cascadi...
--------------------
Jonathan McDowell: Sorting out backup internet #1: recursive DNS
https://www.earth.li/~noodles/blog/2024/04/backup-internet-rdns.html
April 11, 2024, 5:41 PM
I work from home these days, and my nearest office is over 100 miles away, 3 hours door to door if I travel by train (and, to be honest, probably not a lot faster given rush hour traffic if I drive). So I’m reliant on a functional internet connection in order to be able to work. I’m lucky to have access to Openreach FTTP, provided by Aquiss, but I worry about what happens if there’s a cable cut somewhere or some other long lasting problem. Worst case I could tether to my work phone, or try...
--------------------
Reproducible Builds: Reproducible Builds in March 2024
https://reproducible-builds.org/reports/2024-03/
April 11, 2024, 4:49 PM
Welcome to the March 2024 report from the Reproducible Builds project! In our reports, we attempt to outline what we have been up to over the past month, as well as mentioning some of the important things happening more generally in software supply-chain security. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.
Table of contents:
Arch Linux minimal container userland now 100% reproducible
Validating Debian’s build infrastru...
--------------------
Russell Coker: ML Training License
https://etbe.coker.com.au/2024/04/11/ml-training-license/
April 11, 2024, 11:30 AM
Last year a Debian Developer blogged about writing Haskell code to give a bad result for LLMs that were trained on it. I forgot who wrote the post and I’d appreciate the URL if anyone has it.
I respect such technical work to enforce one’s legal rights when they aren’t respected by corporations, but I have a different approach.
As an aside the Fosdem lecture “Fortify AI against regulation, litigation and lobotomies” is interesting on this topic [1], it’s what inspired me to write abou...
--------------------
Wouter Verhelst: OpenSC and the Belgian eID
https://grep.be/blog//en/computer/eID/OpenSC_and_the_Belgian_eID/
April 11, 2024, 9:33 AM
Getting the Belgian eID to work on Linux
systems should be fairly easy, although some people do struggle with it.
For that reason, there is a lot of third-party documentation out there
in the form of blog posts, wiki pages, and other kinds of things.
Unfortunately, some of this documentation is simply wrong. Written by
people who played around with things until it kind of worked, sometimes
you get a situation where something that used to work in the past (but
wasn't really necessary) now stoppe...
--------------------
Ian Jackson: Why we’ve voted No to CfD for Derril Water solar farm
https://diziet.dreamwidth.org/18394.html
April 9, 2024, 9:38 PM
ceb and I are members of the Derril Water Solar Park cooperative.
We were recently invited to vote on whether the coop should bid for a Contract for Difference, in a government green electricity auction.
We’ve voted No.
“Green electricity” from your mainstream supplier is a lie
Ripple
Contracts for Difference
Ripple and CfD
Voting No
“Green electricity” from your mainstream supplier is a lie
For a while ceb and I have wanted to contribute directly to green energy provision. This isn�...
--------------------
Gunnar Wolf: Think outside the box • Welcome Eclipse!
https://gwolf.org/2024/04/think-outside-the-box-welcome-eclipse.html
April 9, 2024, 4:38 PM
Now that we are back from our six month period in Argentina, we
decided to adopt a kitten, to bring more diversity into our
lives. Perhaps this little girl will teach us to think outside the
box!
Yesterday we witnessed a solar eclipse — Mexico City was not in the
totality range (we reached ~80%), but it was a great experience to go
with the kids. A couple dozen thousand people gathered for a massive
picnic in las islas, the main area inside our university campus.
Afterwards, we went br...
--------------------
Matthew Palmer: How I Tripped Over the Debian Weak Keys Vulnerability
https://www.hezmatt.org/~mpalmer/blog/2024/04/09/how-i-tripped-over-the-debian-weak-keys-vuln.html
April 9, 2024, 12:00 AM
Those of you who haven’t been in IT for far, far too long might not know that next month will be the 16th(!) anniversary of the disclosure of what was, at the time, a fairly earth-shattering revelation: that for about 18 months, the Debian OpenSSL package was generating entirely predictable private keys.
The recent xz-stential threat (thanks to @nixCraft for making me aware of that one), has got me thinking about my own serendipitous interaction with a major vulnerability.
Given that the stat...
--------------------
Bastian Blank: Python dataclasses for Deb822 format
https://bblank.thinkmo.de/python-dataclasses-deb822.html
April 8, 2024, 5:00 PM
Python includes some helping support for classes that are designed to just hold some data and not much more: Data Classes.
It uses plain Python type definitions to specify what you can have and some further information for every field.
This will then generate you some useful methods, like __init__ and __repr__, but on request also more.
But given that those type definitions are available to other code, a lot more can be done.
There exists several separate packages to work on data classes.
For ex...
--------------------
Thorsten Alteholz: My Debian Activities in March 2024
http://blog.alteholz.eu/2024/04/my-debian-activities-in-march-2024/
April 7, 2024, 11:56 AM
FTP master
This month I accepted 147 and rejected 12 packages. The overall number of packages that got accepted was 151.
If you file an RM bug, please do check whether there are reverse dependencies as well and file RM bugs for them. It is annoying and time-consuming when I have to do the moreinfo dance.
Debian LTS
This was my hundred-seventeenth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded:
[...
--------------------
John Goerzen: Facebook is Censoring Stories about Climate Change and Illegal Raid in Marion, Kansas
https://changelog.complete.org/archives/10657-facebook-is-censoring-stories-about-illegal-raid-in-marion-kansas
April 6, 2024, 2:00 PM
It is, sadly, not entirely surprising that Facebook is censoring articles critical of Meta.
The Kansas Reflector published an artical about Meta censoring environmental articles about climate change — deeming them “too controversial”.
Facebook then censored the article about Facebook censorship, and then after an independent site published a copy of the climate change article, Facebook censored it too.
The CNN story says Facebook apologized and said it was a mistake and was fixing it.
Colo...
--------------------
Junichi Uekawa: Trying to explain analogue clock.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-6.html.en#2024-Apr-6-12:37:09
April 6, 2024, 3:37 AM
Trying to explain analogue clock. It's hard to
explain. Tried adding some things for affordance, and it is
still not enough. So it's not obvious which arm is the hour
and which arm is the minute.
analog clock
--------------------
Paul Wise: FLOSS Activities March 2024
http://bonedaddy.net/pabs3/log/2024/04/06/floss-activities/
April 5, 2024, 11:24 PM
Focus
This month I didn't have any particular focus.
I just worked on issues in my info bubble.
Changes
gt:
use standard systemd usb-gadget.target
SWH docs:
add FAQ item
reportbug:
allow overriding auto-applied tags
Debian BTS usertags:
fix up Ubuntu, porter, 64-bit time_t usertags
Debian wiki pages:
AutoGeneratedFiles
(1
2),
DebianDay
(2024),
Exploits,
GSoC,
gsoc,
Hardware/Wanted,
LTS/Development,
Ports/riscv64,
Sprints
(2024/DebianMed),
Statistics,
Year
Issues
Features in
SWH
(1
2),
sw...
--------------------
Dirk Eddelbuettel: RcppArmadillo 0.12.8.2.0 on CRAN: Upstream Fix
http://dirk.eddelbuettel.com/blog/2024/04/05#rcpparmadillo_0.12.8.2.0
April 5, 2024, 10:12 PM
Armadillo is a powerful
and expressive C++ template library for linear algebra and scientific
computing. It aims towards a good balance between speed and ease of use,
has a syntax deliberately close to Matlab, and is useful for algorithm
development directly in C++, or quick conversion of research code into
production environments. RcppArmadillo
integrates this library with the R environment and language–and is
widely used by (currently) 1136 other packages on CRAN, downloaded 33.5 million
tim...
--------------------
Bits from Debian: apt install dpl-candidate: Sruthi Chandran
https://bits.debian.org/2024/04/dpl-interview-SruthiChandran.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The DPL is the official representative of representative of The Debian Project tasked with managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served...
--------------------
Bits from Debian: apt install dpl-candidate: Andreas Tille
https://bits.debian.org/2024/04/dpl-interview-AndresTille.html
April 5, 2024, 6:36 PM
The Debian Project Developers will shortly vote for a new Debian Project Leader
known as the DPL.
The Project Leader is the official representative of The Debian Project tasked with
managing the overall project, its vision, direction, and finances.
The DPL is also responsible for the selection of Delegates, defining areas of
responsibility within the project, the coordination of Developers, and making
decisions required for the project.
Our outgoing and present DPL Jonathan Carter served 4 ter...
--------------------
Emanuele Rocca: PGP keys on Yubikey, with a side of Mutt
https://www.linux.it/~ema/posts/pgp-keys-on-yubikey/
April 5, 2024, 1:22 PM
Here are my notes about copying PGP keys to external hardware devices such as
Yubikeys. Let me begin by saying that the gpg tools are pretty bad at this.
MAKE A COUPLE OF BACKUPS OF ~/.gnupg/ TO DIFFERENT ENCRYPTED USB STICKS
BEFORE YOU START. GPG WILL MESS UP YOUR KEYS. SERIOUSLY.
For example, would you believe me if I said that saving changes results in
the removal of your private key? Well
check this
out.
Now that you have multiple safe, offline backups of your keys, here are my notes.
...
--------------------
Reproducible Builds (diffoscope): diffoscope 263 released
https://diffoscope.org/news/diffoscope-263-released/
April 5, 2024, 12:00 AM
The diffoscope maintainers are pleased to announce the release of diffoscope
version 263. This version includes the following changes:
[ Chris Lamb ]
* Add support for the zipdetails(1) tool included in the Perl distribution.
Thanks to Larry Doolittle et al. for the pointer to this tool.
* Don't use parenthesis within test "skipping…" messages; PyTest adds its own
parenthesis, so we were ending up with double nested parens.
* Fix the .epub tests after supporting zipdetails(1).
* Update co...
--------------------
John Goerzen: The xz Issue Isn’t About Open Source
https://changelog.complete.org/archives/10642-the-xz-issue-isnt-about-open-source
April 4, 2024, 10:07 PM
You’ve probably heard of the recent backdoor in xz. There have been a lot of takes on this, most of them boiling down to some version of:
The problem here is with Open Source Software.
I want to say not only is that view so myopic that it pushes towards the incorrect, but also it blinds us to more serious problems.
Now, I don’t pretend that there are no problems in the FLOSS community. There have been various pieces written about what this issue says about the FLOSS community (usually with...
--------------------
Lukas Märdian: Netplan v1.0 paves the way to stable, declarative network management
https://blog.slyon.de/2024/04/04/netplan-v1-0-paves-the-way-to-stable-declarative-network-management/
April 4, 2024, 3:39 PM
New “netplan status –diff” subcommand, finding differences between configuration and system state
As the maintainer and lead developer for Netplan, I’m proud to announce the general availability of Netplan v1.0 after more than 7 years of development efforts. Over the years, we’ve so far had about 80 individual contributors from around the globe. This includes many contributions from our Netplan core-team at Canonical, but also from other big corporations such as Microsoft or Deutsch...
--------------------
Bits from Debian: Proxmox Platinum Sponsor of DebConf24
https://bits.debian.org/2024/04/proxmox-platinum-debconf24.html
April 3, 2024, 11:17 PM
We are pleased to announce that Proxmox
has committed to sponsor DebConf24 as a
Platinum Sponsor.
Proxmox provides powerful and user-friendly open-source server software.
Enterprises of all sizes and industries use Proxmox solutions to deploy
efficient and simplified IT infrastructures, minimize total cost of ownership,
and avoid vendor lock-in. Proxmox also offers commercial support, training
services, and an extensive partner ecosystem to ensure business continuity
for its customers. Proxmox ...
--------------------
Guido Günther: Free Software Activities March 2024
https://honk.sigxcpu.org/con/Free_Software_Activities_March_2024.html
April 3, 2024, 10:12 AM
A short status update of what happened on my side last month. I spent
quiet a bit of time reviewing new, code (thanks!) as well as
maintenance to keep things going but we also have some improvements:
Phosh
Release phosh 0.37.0
Add support for progress indicator and counts to lockscreen launcher entries: Merge request,
Demo using Phosh-EV's charge status as example (Merge request)
Fix 5G with MM: Merge Request
Doc updates: Merge Request
Drop builtin session support Merge request
Support gnome-...
--------------------
Joey Hess: reflections on distrusting xz
http://joeyh.name/blog/entry/reflections_on_distrusting_xz/
April 3, 2024, 8:48 AM
Was the ssh backdoor the only goal that "Jia Tan" was pursuing
with their multi-year operation against xz?
I doubt it, and if not, then every fix so far has been incomplete,
because everything is still running code written by that entity.
If we assume that they had a multilayered plan, that their every action was
calculated and malicious, then we have to think about the full threat
surface of using xz. This quickly gets into nightmare scenarios of the
"trusting trust" variety.
What if xz cont...
--------------------
Arnaud Rebillout: Firefox: Moving from the Debian package to the Flatpak app (long-term?)
https://arnaudr.io/2024/04/03/firefox-moving-from-the-debian-package-to-the-flatpak-app-long-term/
April 3, 2024, 12:00 AM
First, thanks to Samuel Henrique for giving notice of recent Firefox
CVEs in Debian
testing/unstable.
At the time I didn't want to upgrade my system (Debian Sid) due to the ongoing
t64 transition transition,
so I decided I could install the Firefox Flatpak app instead, and why not stick
to it long-term?
This blog post details all the steps, if ever others want to go the same road.
Flatpak Installation
Disclaimer: this section is hardly anything more than a copy/paste of the
official documentatio...
--------------------
Dirk Eddelbuettel: ulid 0.3.1 on CRAN: New Maintainer, Some Polish
http://dirk.eddelbuettel.com/blog/2024/04/02#ulid-0.3.1
April 2, 2024, 11:14 PM
Happy to share that ulid is now
(back) on CRAN. It provides
universally unique identifiers that are lexicographically sortable,
which improves over the more well-known uuid generators.
ulid is a
neat little package put together by Bob
Rudis a few years ago. It had recently drifted off CRAN so I offered to brush it up
and re-submit it. And as tooted
earlier today, it took just over an hour to finish that (after the
lead up work I had done, including prior email with CRAN in the loop,
the repo tra...
--------------------
Sven Hoexter: PKIX: pathLen Constrain on Root Certificates
http://sven.stormbind.net/blog/posts/pkix_pathlen_rootca/
April 2, 2024, 7:07 PM
I recently came a cross a x509 P(rivate)KI Root Certificate which had
a pathLen constrain set on the (self signed) Root Certificate.
Since that is not commonly seen I looked a bit around to get a
better understanding about how the pathLen basic constrain
should be used.
Primary source is
RFC 5280 section 4.2.1.9
The pathLenConstraint field is meaningful only if the cA boolean is
asserted and the key usage extension, if present, asserts the
keyCertSign bit (Section 4.2.1.3). In this case, it gi...
--------------------
Bits from Debian: Bits from the DPL
https://bits.debian.org/2024/04/bits-from-the-dpl-april.html
April 2, 2024, 5:00 PM
Dear Debianites
This morning I decided to just start writing Bits from DPL and send
whatever I have by 18:00 local time. Here it is, barely proof read,
along with all it's warts and grammar mistakes! It's slightly long and
doesn't contain any critical information, so if you're not in the mood,
don't feel compelled to read it!
Get ready for a new DPL!
Soon, the voting period will start to elect our next DPL, and my time
as DPL will come to an end. Reading the questions posted to the new
candidate...
--------------------
Ben Hutchings: FOSS activity in March 2024
https://www.decadent.org.uk/ben/blog/2024/04/01/foss-activity-in-march-2024.html
April 1, 2024, 2:51 PM
I updated the Linux (4.19) package for buster to upstream version
4.19.311, but I did not make an upload this month.
I triaged recent CVE IDs assigned for kernel security issues, and
queried
some
duplicate
and
trivial
issues, which have now been rejected.
I reviewed and applied a fix for klibc’s inet_pton()
function. I
then
added some test cases for it,
and
made
further
fixes....
--------------------
Colin Watson: Free software activity in March 2024
https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2024-03.html
April 1, 2024, 1:10 PM
My Debian contributions this month were all
sponsored by Freexian.
Python team:
I updated
zope.testrunner to 6.4.
I fixed a build failure in
celery-haystack-ng, which included an
upstream change to stop using
d2to1.
I backported an upstream change to fix a build failure in
python-json-log-formatter.
I updated python-typing-extensions to 4.10.0 to fix a build
failure.
I updated wcwidth to 0.2.13 to fix a build
failure, which included rewriting
the Debian patches to update-table...
--------------------
Simon Josefsson: Towards reproducible minimal source code tarballs? On *-src.tar.gz
https://blog.josefsson.org/2024/04/01/towards-reproducible-minimal-source-code-tarballs-please-welcome-src-tar-gz/
April 1, 2024, 10:28 AM
While the work to analyze the xz backdoor is in progress, several ideas have been suggested to improve the software supply chain ecosystem. Some of those ideas are good, some of the ideas are at best irrelevant and harmless, and some suggestions are plain bad. I’d like to attempt to formalize two ideas, which have been discussed before, but the context in which they can be appreciated have not been as clear as it is today.
Reproducible tarballs. The idea is that published source tarballs s...
--------------------
Arturo Borrero González: Kubecon and CloudNativeCon 2024 Europe summary
https://ral-arturo.org/2024/04/01/kubecon.html
April 1, 2024, 9:00 AM
This blog post shares my thoughts on attending Kubecon and CloudNativeCon 2024 Europe in Paris. It was my third time at
this conference, and it felt bigger than last year’s in Amsterdam. Apparently it had an impact on public transport. I
missed part of the opening keynote because of the extremely busy rush hour tram in Paris.
On Artificial Intelligence, Machine Learning and GPUs
Talks about AI, ML, and GPUs were everywhere this year. While it wasn’t my main interest, I did learn about GP...
--------------------
Junichi Uekawa: Learning about xz and what is happening is fascinating.
http://www.netfort.gr.jp/~dancer/diary/daily/2024-Apr-1.html.en#2024-Apr-1-07:02:00
March 31, 2024, 10:02 PM
Learning about xz and what is happening is fascinating. The scope of potential exploit is very large. The Open source software space is filled with many unmaintained and unreviewed software.
--------------------
Russell Coker: Links March 2024
https://etbe.coker.com.au/2024/03/31/links-march-2024/
March 31, 2024, 12:51 PM
Bruce Schneier wrote an interesting blog post about his workshop on reimagining democracy and the unusual way he structured it [1]. It would be fun to have a security conference run like that!
Matthias write an informative blog post about Wayland “Wayland really breaks things… Just for now” which links to a blog debate about the utility of Wayland [2]. Wayland seems pretty good to me.
Cory Doctorow wrote an insightful article about the AI bubble comparing it to previous bubbles [3].
Charle...
--------------------
Steinar H. Gunderson: xz backdooring
http://blog.sesse.net/blog/tech/2024-03-30-11-39_xz_backdooring.html
March 30, 2024, 10:39 AM
Andres Freund found that xz-utils is backdoored,
but could not (despite the otherwise excellent analysis) get quite to the bottom of what the payload actually does.
What you would hope for to be posted by others: Further analysis of the payload.
What actually gets posted by others: “systemd is bad.”
Update: Good preliminary analysis....
--------------------
Rapha&#235;l Hertzog: Freexian is looking to expand its team with more Debian contributors
https://raphaelhertzog.com/2024/03/29/freexian-is-looking-to-expand-its-team-with-more-debian-contributors/
March 29, 2024, 3:13 PM
It’s been a while that I haven’t posted anything on my blog, the truth is that Freexian has been doing very well in the last years and that I have a hard time to allocate time to write articles or even to contribute to my usual Debian projects… the exception being debusine since that’s part of the Freexian work (have a look at our most recent announce!).
That being said, given Freexian’s growth and in the hope to reduce my workload, we are looking to extend our team with Debian m...
--------------------


Click here to read the complete article
1
server_pubkey.txt

rocksolid light 0.9.81
clearnet tor