Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 19 min ago

Erich Schubert: Facebook is overly optimistic with respect to Cambridge Analytica data scope

1 hour 42 min ago

Facebook is too optimistic when it comes to Cambridge Analytica extends.

Sorry for this post on a fairly old topic. I just did not get around to write this up.

Several media outlets (e.g., Bloomberg) ran the story that Facebook privacy policy director Stephen Satterfield claimed that “European’s data” may not have been accessed by Cambridge Analytica in an EU hearing.

This claim is nonsense. It is almost a lie - except that he used the weasel word “may”.

For fairly trivial reasons, you can be sure that the data of at least some European’s data has been accessed. Largely because it’s pretty much impossible to perfectly separate U.S. and EU users. People move. People use Proxies. People use wrong locations. People forget to update their location. Location does not imply residency nor citizenship. People may have multiple nationalities. On Facebook, people may make up all of this, too.

Even if Dr. Aleksandr Kogan did try his best to provide only U.S. users to Cambridge Analytica, there ought to be some mistakes. Even if he only provided the data of users he could map to U.S. voter records, there likely is someone in there that has both U.S. and EU citizenship. Or that became a EU citizen since.

Because they shared the data of 87 million people. According to some numbers I found, there are around 70,000 people with U.S. and German citizenship. That is “just” a tiny 0.02% of U.S. citizens. Since Facebook users are younger than average, and in particular kids will often have both citizenships if their parents have different nationalities, we can expect the rate to be higher than that. If you now draw 87 million random samples, the chance of not having at least one of these U.S.-EU-citizens in your sample is effectively 0. This does not even take other EU nationalities into account yet.

Already a random sample of 100,000 U.S. citizens will with very high probability contain at least one E.U. citizen (in fact, at least one German citizen, because I didn’t include any other numbers but the 70,000 above). In 87 million, you likely have even several accounts created for a cat.

Says math.

To anyone trained in statistics, this should be obvious version of the birthday paradoxon.

So yes, I bet that at least one EU citizen was affected.

Just because the data is too big (and too unreliable) to be able to rule this out.

Apparently, neither the U.S. nor Germany (or the EU) even have reliable numbers on how many people have multiple nationalities. So do not trust Facebook (or Kogan’s) data to be better here…

Louis-Philippe Véronneau: Taiwan Travel Blog - Day 6 & 7

4 hours 31 min ago

This is the fifth entry of my Taiwan Travel blog series! You can find my previous entries here:

I wasn't sure if people were enjoying my travel blog or if I was spamming planet.d.o with pictures of random mountain paths, but several people told me they liked it. Thanks for the feedback!

I've been busy in the last few days so for convenience's sake, I'll merge together what I did on the 14th and the 15th.

From mountain to sea

I left late in the morning on the 14th from the Taroko national park were I was staying to move to Hualien. Taroko was beautiful, but there is only so much to do there and I think I did most of it.

The bike ride was easier than I thought it would be. Taroko is in the mountains so I was travelling on a downward slope pretty much the whole way. There wasn't a dedicated bike path, but the road I took (n° 193) had a speed limit of 40km/h. The view was beautiful, as this road follows the shoreline all the way to Hualien.

I guess I must have been quite a sight for the locals: a foreigner riding a bicycle a few sizes to small for him on a small country road with a large bag and hiking boots strapped behind on the rack.

Fun times! I also caught a bad sunburn, as it seems the sun is stronger here than at home :(


After more than a week of travel, Hualien was the first large city in Taiwan I visited. Although its the largest city on the east coast, Hualien only has 100'000 inhabitants. That's a manageable size for me.

I arrived in Hualien in the beginning of the afternoon and after having checked-in at my hotel, I decided to go out for the night to have a meal and enjoy the city. I'm really happy I bought a bicycle, as it makes moving around so much easier than walking!

Following Andrew's advice, I first stopped at Danji's Bianshi shop (戴记扁食) to enjoy one of the best Bianshi I ever had. From what I understood from the pictures on the wall, this shop has been there for a least a few decades and only sells one dish: Bianshi. For those of you not familiar with Bianshi, it's a dumpling soup similar to Wonton soup, but where celery plays the leading role in flavouring the clear chicken broth. Hmmmmmm.

At the night market I got to eat a ton of food once again, from donuts filled with red bean paste to octopus takoyaki. It's also the harvest season here so I enjoyed many fresh juices like watermelon (the first time I had some juiced) and later on white jade bitter melon (白玉苦瓜), deliciously sweet and bitter.

And the Lord said ‘This bike shop shall be closed on Sunday’

On the 15th, I went out to try to get my bike fixed. I wanted to buy a longer saddle post and the bottom bracket on my bike was loose and I wanted to have it fixed.

Since the bike I bought is still under warranty, I had the great idea to cycle across town to the Giant store to see what could be done. Of course, I didn't check if the store was open and ended up realising it was Sunday when I saw the sign on the door.

Some say bad things happen for a reason so I comprised, bought fruits from the fruit stall across the street and decided to go watch the waves on the beach. The mango I ate was delicious and it had been a really long time since I ate fresh litchis.

I came back to my hotel in the middle of the afternoon, once again thinking I would have a quiet night listening to podcasts while working on some DebConf stuff when aLiao (Andrew's friend who owns a recording studio in Hualien) reached out to me to ask if I had plans for the night.

I ended up at his studio listening to him and a bunch of his friends jamming. We later went to a seafood restaurant on the edge of the night market called The Tall Knight (高大侠) to have some fresh seafood grilled on charcoal.

We ate a bunch of grilled shrimps as appetizers, very large scallops cooked in their shells and oysters the size of a toy football. I'm used to the small and delicious oysters we eat raw in Canada, but this one was served cooked with homemade hot sauce. They also had Hardcore beer (a local Taiwan craft beer) on tap and it went very well with the meal.


Reproducible builds folks: Reproducible Builds: Weekly report #168

17 July, 2018 - 18:51

Here’s what happened in the Reproducible Builds effort between Sunday July 8 and Saturday July 14 2018:

Packages reviewed and fixed, and bugs filed diffoscope development

diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages. This week, diffoscope version 99 was uploaded to Debian unstable by Mattia Rizzolo. It includes contributions already covered in previous weeks as well as new ones from:

reprotest development

reprotest is our “end-user” tool to build arbitrary software and check it for reproducibility. This week, version 0.7.8 was uploaded to Debian unstable by Mattia Rizzolo. It includes contributions already covered in previous weeks as additional contributions from Mattia, including:


This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Dirk Eddelbuettel: pinp 0.0.6: Two new options

17 July, 2018 - 17:22

A small feature release of our pinp package for snazzier one or two column vignettes get onto CRAN a little earlier.

It offers two new options. Saghir Bashir addressed a longer-standing help needed! issue and contributed code to select papersize options via the YAML header. And I added support for the collapse option of knitr, also via YAML header selection.

A screenshot of the package vignette can be seen below. Additional screenshots of are at the pinp page.

The NEWS entry for this release follows.

Changes in pinp version 0.0.6 (2018-07-16)
  • Added YAML header option 'papersize' (Saghir Bashir in #54 and #58 fixing #24).

  • Added YAML header option 'collapse' with default 'false' (#59).

Courtesy of CRANberries, there is a comparison to the previous release. More information is on the tint page. For questions or comments use the issue tracker off the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Jacob Adams: PGP Clean Room Beta

17 July, 2018 - 08:10

My Google Summer of Code 2018 Project is finally far enough along that I feel that it should have a proper public beta.

PGP Clean Room

This summer I’m working on the PGP Clean Room Live CD project. The goal of this project is to make it easy to create and maintain an offline GPG key. It creates and backs up your GPG key to USB drives which can be stored in a safe place, and exports subkeys for you to use, either via an export USB or a PGP smartcard. It also allows you to sign other people’s keys, revoke your own keys, and change your keys expiration dates. The live system is built on live-build with an added python application (using GPGME to manage keys) and all networking functionality removed.

Testers Wanted

I would love to get some feedback on this build and how it could be improved. You can report bugs via salsa.d.o


Prebuilt ISOs are available here (sig) or on Google Drive (sig)

The source code is available on salsa.d.o


Main Menu

Load Menu

Advanced Menu

Signing subkey

Picking subkey algorithm

Picking a backup disk (in QEMU)

Gunnar Wolf: A very nice side-project that has come to fruition: Fresh from the 1960s, my father's travel memories

17 July, 2018 - 07:03

So... Everybody I've interacted with along the last couple of weeks knows I'm basically just too busy. If I'm not tied up with stuff regarding my privacy/anonymity project at the university, I am trying to get the DebConf scheduling, or trying to catch up with my perpetual enemy, mail backlog. Of course, there's also my dayjob — Yes, it's vacation time, but I'm a sysadmin, and it's not like I want to give software updates much of a vacation! Of course, my family goes to Argentina for a couple of weeks while I go to DebConf, so there's quite a bit of work in that sphere as well, and... And... And... Meh, many other things better left unaccounted for ☺
But there's one big extra I was working on, somewhat secretly, over the last two months. I didn't want to openly spill the beans on it until it was delivered in hand to its recipient.
Which happened this last weekend. So, here it is!

During the late 1960s, my father studied his PhD in Israel and had a posdoctoral stay in Sweden. During that time, he traveled through the world during his vacations as much as he could — This book collects his travels through Ethiopia (including what today is Eritrea), Kenya, Uganda, Rwanda, Burundi, Turkey, Afghanistan, Pakistan, Czechoslovakia, Sweden, Norway, Iceland and India. As he took those trips, he wrote chronicles about them, and sent them to Mexico's then-most-important newspaper (Excélsior), which published each of them in four to six parts (except for the Czechoslovakia one, which is a single page, devoted to understanding Prague two years after the Soviet repression and occupation).

I did this work starting from the yellow-to-brown and quite brittle copies of the newspaper he kept stored in a set of folders. I had the help of a digitalization professional that often works for the University, but still did a couple of cleanup and QA reads (and still, found typos... In the first printed page, in the first title! :-/ ). The text? Amazing. I thoroughly enjoyed it. He wrote the chronicles being between 23 and 27 years old, but the text flows quick and easy, delightful, as if coming from a professional writer. If you can read Spanish, I am sure you will enjoy the read:

Chronicles of a backpacker in a more naïve world

Why am I publishing this now, amid the work craze I've run into? Because my father is turning 75 year old next weekend. We rushed the mini-party for him (including the book-as-a-present) as we wanted my kids to deliver the present, and they are now in a plane to South America.

The book run I did was quite limited — Just 30 items, to give away to family and close friends. I can, of course, print more on demand. But I want to take this work to a publisher — There are many reasons I believe these youth chronicles are of general interest.

AttachmentSize libro_bwolf.jpg64.11 KB portada.jpg368.39 KB cronicas_de_un_mochilero.pdf25.3 MB

Russ Allbery: Review: Effective Python

16 July, 2018 - 08:25

Review: Effective Python, by Brett Slatkin

Publisher: Addison-Wesley Copyright: 2015 ISBN: 0-13-403428-7 Format: Trade paperback Pages: 216

I'm still looking for a programming language book that's as good as Joshua Bloch's Effective Java, which goes beyond its surface mission to provide valuable and deep advice about how to think about software construction and interface design. Effective Python is, sadly, not that book. It settles for being a more pedestrian guide to useful or tricky corners of Python, with a bit of style guide attached (although not as much as I wanted).

Usually I read books like this as part of learning a language, but in this case I'd done some early experimenting with Python and have been using it extensively for my job for about the past four years. I was therefore already familiar with the basics and with some coding style rules, which made this book less useful. This is more of an intermediate than a beginner's book, but if you're familiar with list and hash comprehensions, closures, standard method decorators, context managers, and the global interpreter lock (about my level of experience when I started reading), at least half of this book will be obvious and familiar material.

The most useful part of the book for me was a deep look at Python's object system, including some fully-worked examples of mix-ins, metaclasses, and descriptors. This material was new to me and a bit different than the approach to similar problems in other programming languages I know. I think this is one of the most complex and hard-to-understand parts of Python and will probably use this as a reference the next time I have to deal with complex class machinery. (That said, this is also the part of Python that I think is the hardest to read and understand, so most programs are better off avoiding it.) The description of generators and coroutines was also excellent, and although the basic concepts will be familiar to most people who have done parallelism in other languages, Slatkin's treatment of parallelism and its (severe) limitations in Python was valuable.

But there were also a lot of things that I was surprised weren't covered. Some of these are due to the author deciding to limit the scope to the standard library, so testing only covers unittest and not the (IMO far more useful) pytest third-party module. Some are gaps in the language that the author can't fix (Python's documentation situation for user-written modules is sad). But there was essentially nothing here about distutils or how to publish modules properly, almost nothing about good namespace design and when to put code into (a topic crying out for some opinionated recommendations), and an odd lack of mention of any static analysis or linting tools. Most books of this type I've read are noticeably more comprehensive and have a larger focus on how to share your code with others.

Slatkin doesn't even offer much of a style guide, which is usually standard in a book of this sort. He does steer the reader away from a few features (such as else with for loops) and preaches the merits of decomposition and small functions, among other useful tidbits. But it falls well short of Damian Conway's excellent guide for Perl, Perl Best Practices.

Anyone who already knows Python will be wondering how Slatkin handles the conflict between Python 2 and Python 3. The answer is that it mostly doesn't matter, since Slatkin spends little time on the parts of the language that differ. In the few places it matters, Effective Python discusses Python 3 first and then mentions the differences or gaps in Python 2. But there's no general discussion about differences between Python 2 and 3, nor is there any guide to updating your own programs or attempting to be compatible with both versions. That's one of the more common real-world problems in Python at the moment, and was even more so when this book was originally written, so it's an odd omission.

Addison-Wesley did a good job on the printing, including a nice, subtle use of color that made the physical book enjoyable to read. But the downside is that this book has a surprisingly expensive retail ($40 USD) for a fairly thin trade paperback. At the time of this writing, Amazon has it on sale at 64% off, which takes the cost down to about the right territory for what you get.

I'm not sorry I read this, and I learned a few things from it despite having used Python fairly steadily for the last few years. But it's nowhere near good enough to recommend to every Python programmer, and with a bit of willingness to search out on-line articles and study high-quality code bases, you can skip this book entirely and never miss it. I found it oddly unopinionated and unsatisfying in the places where I wish Python had more structure or stronger conventions. This is particularly strange given that it was written by a Google staff engineer and Google has a quite comprehensive and far more opinionated coding style guide for Python.

If you want to dig into some of Python's class and object features or see a detailed example of how to effectively use coroutines, Effective Python is a useful guide. Otherwise, you'll probably learn some things from this book, but it's not going to significantly change how you approach the language.

Rating: 6 out of 10

Dirk Eddelbuettel: RcppClassic 0.9.11

16 July, 2018 - 06:44

A new maintenance release, now at version 0.9.11, of the RcppClassic package arrived earlier today on CRAN. This package provides a maintained version of the otherwise deprecated initial Rcpp API which no new projects should use as the normal Rcpp API is so much better.

Per another request from CRAN, we updated the source code in four places to no longer use dynamic exceptions specification. This is something C++11 deprecated, and g++-7 and above now complain about each use. No other changes were made.

CRANberries also reports the changes relative to the previous release.

Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Mike Hommey: Announcing git-cinnabar 0.5.0 beta 4

16 July, 2018 - 06:04

Git-cinnabar is a git remote helper to interact with mercurial repositories. It allows to clone, pull and push from/to mercurial remote repositories, using git.

Get it on github.

These release notes are also available on the git-cinnabar wiki.

What’s new since 0.5.0 beta 3?
  • Fixed incompatibility with Mercurial 3.4.
  • Performance and memory consumption improvements.
  • Work around networking issues while downloading clone bundles from Mozilla CDN with range requests to continue past failure.
  • Miscellaneous metadata format changes.
  • The prebuilt helper for Linux now works across more distributions (as long as is present, it should work)
  • Updated git to 2.18.0 for the helper.
  • Properly support the pack.packsizelimit setting.
  • Experimental support for initial clone from a git repository containing git-cinnabar metadata.
  • Changed the default make rule to only build the helper.
  • Now can successfully clone the pypy and GNU octave mercurial repositories.
  • More user-friendly errors.

Elena Gjevukaj: Google Summer of Code with a Debian Project

15 July, 2018 - 16:04


Yes! My project proposal was selected.

First of all I want to mention that I began my open source adventure with Debian.

I started to participate in the open source events like Hackathons, BSP and Conferences and doing small contribution to different projects and this is how everything started.


Google Summer of Code is a global program focused on bringing more student developers into open source software development. Undergrads, students in graduate programs, PhD candidates can take part in GSoC. Due to the prestigiousness of the program and the weight of Google’s name to go with it, acceptance into the program is no easy task. GSoC is based on the model of different organizations providing projects for students all around the world. Each organization assign mentors for every project and students are paired up with mentors once they get selected.

MY PROJECT: Wizard/GUI helping students/interns apply and get started

Throughout the application process and first few weeks of programs like Google Summer of Code and Outreachy, applicants typically need to work through many things for the first time, such as creating their own domain name and blog, mail account with proper filters, creating SSH and PGP keys, linking these keys with a Github account, joining mailing lists, IRC and XMPP channels, searching for free software groups in their local area and installing useful development tools on their computer. Daniel Pocock’s blog “Want to be selected for GSoC?” lists some of these steps with more details. This project involves creating a Python script with a GUI that helps applicants and interns complete as many of these steps as possible, in less than an hour. Imagine that a student has only just installed Debian, they install this script from a package using Synaptic and an hour later they have all their accounts, communications tools, development tools and a blog (using Jekyll/Git) up and running.


In practice, the community bonding period is all about, well, community bonding. Rather than jumping straight into coding, you’ve got some time to learn about your organization’s processes - release and otherwise - developer interactions, codes of conduct, etc.


In the very frist week of GSoC we all were preparing for OSCAL’18, one of the biggest technology conferences held in my Ballkan. I was fortune enough to meet my mentor Daniel Pocock in his visit for this conference. He helped me a lot to get started with the project.

It was the week that mentors devided the tasks between us interns. After getting my tasks, I started with the research for the Python API’s, templates and other tools that I needed to use for my work on the project.

I read about python-git API, about python templates and together with my mentor we decided which template was the best to use.

Event: I meet other GSoC interns here in Kosovo, Diellza Shabani and Enekelena Haxhiu, where we discussed about our projects.


The second week of GSoC I spent mostly learning new things and updating packages that I needed for the project, also I started writing the script to create a blog and learning Python and Jekyll Github pages.

Why Jekyll you ask?

  • Jekyll sites are basically static sites with an extra templating language called Liquid so it’s a small step to learn if you already know HTML, CSS and JavaScript. We can actually start with a static site and then introduce Jekyll functionality as it’s needed.

For templating we decided to use the Mako template.

<%inherit file="base.html"/>
    rows = [[v for v in range(0,10)] for row in range(0,10)]
    % for row in rows:
    % endfor

<%def name="makerow(row)">
    % for name in row:
    % endfor

Towards the beginning of the month, Daniel recommended that we could use Salsa for the development phase.

WEEK 3 & 4

In the begining og the third week of the project I was busy with two important things.

As asked from my mentors, I was doing a research on what things should be included in Wizard, in order to make our project more helpful. Meeting first hand with new people starting in the open source world I knew excatlly what should we include.

Things as:

  • Email account

  • Blog created

  • Github account

  • Debian wiki personal home page

  • IRC nick

  • IRC client configuration file generated with IRC nick in it

  • SSH key

  • PGP key

  • Fingerprint slips printed, PDF generated

  • Thunderbird and Lightning configured

  • IMAP

  • Labels

  • Enigmail

  • Lightning polling events and tasks for the chosen communities

  • CardBook plugin for contacts

  • Package install

  • Domain name

The other thing was my part on the creating the Jekyll blog.

I want to say that as a developer this project allowed me to explore and learn a lot of new things.

WEEK 5 & 6

I finished the first phase of the program succesfully. These weeks were the most challenging week so far.

I was getting started with Django Framework and Bootstrap, dynamic blog and compiling function.

You can take a look at my code in these repositories:

In this process I learned a lot about the Liquid templating language, Pipenv, Kivy and the Django Framework.

WEEK 7 & 8

I’m getting used to the dictionary in the Python and I wrote the function to generate the blogs from the templates and for the moment I’m in the testing phase.

def main():
    dictionary = createDictionary()

blog_params['first_name'] =   'Test'
blog_params['last_name'] = 'Student'
blog_params['email_address'] = ''


Steve Kemp: Automating builds via CI

15 July, 2018 - 16:01

I've been overhauling the way that I build Debian packages and websites for myself. In the past I used to use pbuilder but it is pretty heavyweight and in my previous role I was much happier using Gitlab runners for building and deploying applications.

Gitlab is something I've no interest in self-hosting, and Jenkins is an abomination, so I figured I'd write down what kind of things I did and explore options again. My use-cases are generally very simple:

  • I trigger some before-steps
    • Which mostly mean pulling a remote git repository to the local system.
  • I then start a build.
    • This means running debuild, hugo, or similar.
    • This happens in an isolated Docker container.
  • Once the build is complete I upload the results somehere.
    • Either to a Debian package-pool, or to a remote host via rsync.

Running all these steps inside a container is well-understood, but I cheat. It is significantly easier to run the before/after steps on your host - because that way you don't need to setup SSH keys in your containers, and that is required when you clone (private) remote repositories, or wish to upload to hosts via rsync over SSH.

Anyway I wrote more thoughts here:

Then I made it work. So that was nice.

To complete the process I also implemented a simple HTTP-server which will list all available jobs, and allow you to launch one via a click. The output of the build is streamed to your client in real-time. I didn't bother persisting output and success/failure to a database, but that would be trivial enough.

It'll tide me over until I try ick again, anyway. :)

Steinar H. Gunderson: Solskogen 2018

14 July, 2018 - 08:30

I've been so busy I've forgotten to blog: Solskogen 2018 is underway! And so is the stream. has it all, and Saturday evening (CEST) is the big night; the home page has schedule (scroll down), and everything you missed is going up on the The YouTube channel as soon as time and bandwidth permits. :-)

Sean Whitton: Debian Policy call for participation -- July 2018

13 July, 2018 - 23:41

Thanks to efforts from several contributors I was able to push a substantive release of Policy a little over a week ago. It contains a lot of changes that I was very pleased to release:

 debian-policy ( unstable; urgency=medium
   * Policy: Update section 4.1, "Standards conformance"
     Wording: Ian Jackson
     Seconded: Sean Whitton
     Seconded: Holger Levsen
     Closes: #901160
   * Policy: Require d-devel consultation for each epoch bump
     Wording: Ian Jackson
     Seconded: Sean Whitton
     Seconded: Paul Gevers
     Closes: #891216
   * Policy: Document Rules-Requires-Root
     Wording: Niels Thykier
     Wording: Guillem Jover
     Wording: Sean Whitton
     Seconded: Paul Gevers
     Closes: #880920
   * Policy: Update version of POSIX standard for shell scripts
     Wording: Sean Whitton
     Seconded: Simon McVittie
     Seconded: Julien Cristau
     Seconded: Gunnar Wolf
     Closes: #864615
   * Policy: Update version of FHS from 2.3 to 3.0
     Wording: Simon McVittie
     Seconded: Sean Whitton
     Seconded: Julien Cristau
     Closes: #787816
   * Add reference link to section 4.1 to section 5.6.11.

We’re now looking forward to the rolling Debian Policy spring at DebCamp18. You do not need to be physically present at DebCamp18 to participate. My goal is firstly to enable others to work on bugs by providing advice about the process and how to move things along, and secondarily to get some patches written for uncontroversial bugs.

See the linked wiki page for more information on the sprint.

Andrej Shadura: Upcoming git-crecord releaae

13 July, 2018 - 18:10

More than 1½ years since the first release of git-crecord, I’m preparing a big update. Not aware how exactly many people are using it, I neglected the maintenance for some time, but last month I’ve decided I need to take action and fix some issues I’ve known since the first release.

First of all, I’ve fixed a few minor issues with installer some users reported.

Second, I’ve ported a batch of updates from a another crecord derivative merged into Mercurial. That also brought some updates to the bits of Mercurial code git-crecord is using.

Third, long waited Python 3 support is here. I’m afraid at the moment I cannot guarantee support of patches in encodings other than the locale’s one, but if that turns out to be a needed feature, I can think about implementing it.

Fourth, missing staging and unstaging functionality is being implemented, subject to the availability of free time during the holiday :)

The project is currently hosted at GitHub:

P.S. In case you’d like to support me hacking on git-crecord, or any other of my free software activities, you can tip my Patreon account.

Steve Kemp: Odroid-go initial impressions

13 July, 2018 - 16:01

Recently I came across a hacker news post about the Odroid-go, which is a tiny hand-held console, somewhat resembling a gameboy.

In terms of hardware this is powered by an ESP32 chip, which is something I'm familiar with due to my work on Arduino, ESP8266, and other simple hardware projects.

Anyway the Odroid device costs about $40, can be programmed via the Arduino-studio, and comes by default with a series of emulators for "retro" hardware:

  • Game Boy (GB)
  • Game Boy Color (GBC)
  • Game Gear (GG)
  • Nintendo Entertainment System (NES)
  • Sega Master System (SMS)

I figured it was cheap, and because of its programmable nature it might be fun to experiment with. Though in all honesty my intentions were mostly to play NES games upon it. The fact that it is programmable means I can pretend I'm doing more interesting things than I probably would be!

Most of the documentation is available on this wiki:


The arduino setup describes how to install the libraries required to support the hardware, but then makes no mention of the board-support required to connect to an ESP32 device.

So to get a working setup you need to do two things:

    1. Install the libraries & sample-code.
    1. Install the board-support.

The first is documented, but here it is again:

 git clone \

The second is not documented. In short you need to download the esp32 hardware support via this incantation:

    mkdir -p ~/Arduino/hardware/espressif && \
     cd ~/Arduino/hardware/espressif && \
     git clone esp32 && \
     cd esp32 && \
     git submodule update --init --recursive && \
     cd tools && \

(This assumes that you're using ~/Arduino for your code, but since almost everybody does ..)

Anyway the upshot of this should be that you can:

  • Choose "Tools | Boards | ODROID ESP32" to select the hardware to build for.
  • Click "File | Examples |ODROID-Go | ...." to load a sample project.
    • This can now be compiled and uploaded, but read on for the flashing-caveat.

Another gap in the instructions is that uploading projects fails. Even when you choose the correct port (Tools | Ports | ttyUSB0). To correct this you need to put the device into flash-mode:

  • Turn it off.
  • Hold down "Volume"
  • Turn it on.
  • Click Upload in your Arduino IDE.

The end result is you'll have your own code running on the device, as per this video:

Enough said. Once you do this when you turn the device on you'll see the text scrolling around. So we've overwritten the flash with our program. Oops. No more emulation for us!

The process of getting the emulators running, or updated, is in two-parts:

  • First of all the system firmware must be updated.
  • Secondly you need to update the actual emulators.

Confusingly both of these updates are called "firmware" in various (mixed) documentation and references. The main bootloader which updates the system at boot-time is downloaded from here:

To be honest I expect you only need to do this part once, unless you're uploading your own code to it. The firmware pretty much just boots, and if it finds a magic file on the SD-card it'll copy it into flash. Then it'll either execute this new code, or execute the old/pre-existing code if no update was found.

Anyway get the tarball, extract it, and edit the two files if your serial device is not /dev/ttyUSB0:


One you've done that run them both, in order:

$ ./
$ ./

NOTE: Here again I had to turn the device off, hold down the volume button, turn it on, and only then execute ./ This puts the device into flashing-mode.

Anyway if that worked you'll see your blue LED flashing on the front of the device. It'll flash quickly to say "Hey there is no file on the SD-card". So we'll carry out the second step - Download and place firmware.bin into the root of your SD-card. This comes from here:

(firmware.bin contains the actual emulators.)

Insert the card. The contents of firmware.bin will be sucked into flash, and you're ready to go. Turn off your toy, remove the SD-card, load it up with games, and reinsert it.

Power on your toy and enjoy your games. Again a simple demo:


Games are laid out in a simple structure:

  ├── firmware.bin
  ├── odroid
  │   ├── data
  │   │   ├── gb
  │   │   │   └── Tetris (World).gb.sav
  │   │   ├── gbc
  │   │   ├── gg
  │   │   ├── nes
  │   │   │   ├── Lifeforce (U).nes.sav
  │   │   │   └── SMB-3.nes.sav
  │   │   └── sms
  │   └── firmware
  └── roms
      ├── gb
      │   └── Tetris (World).gb
      ├── gbc
      ├── gg
      ├── nes
      │   ├── Lifeforce (U).nes
      │   ├── SMB-3.nes
      │   └── Super Bomberman 2 (E) [!].nes
      └── sms

You can find a template here:

bisco: Fifth GSoC Report

13 July, 2018 - 12:28

No shiny screenshots this time ;-)

In the last two weeks i’ve finished evaluating the SSO solutions. I’ve added the evaluation of ‘ipsilon’, a python based single sign on solution. I’ve also updated the existing evaluations with a bit more information about their possibility to work with multiple backends. And i’ve added gitlab configuration snippets for some of the solutions. Formorer asked me to create a tabular overview of the outcome of the evaluations, so i did that in the README of the corresponding salsa repository. I’ve also pushed the code for the test client application i used to test the SSO solutions.

This week i used to look into the existing Debian SSO solution that works with certificates. The idea is not to change it, but to integrate it with the chosen OAuth2/SAML solution. To test this, i’ve pulled the code and set up my own instance of it. Fortunatly it is a Django application, so i now have some experience with that. Its not working yet, but i’m getting there.

I’ve also reevaluated a design desicion i made with nacho and came to the same conclusion: that storing the temporary accounts in ldap too is the way to go. There are also still some small feature requests i want to implement.

Louis-Philippe Véronneau: Taiwan Travel Blog - Day 5

13 July, 2018 - 11:00

This is the fourth entry of my Taiwan Travel blog series! You can find posts on my first few days in Taiwan by following these links:

Old Zhuilu Road (锥麓古道)

Between all the trails I did in the Taroko National Park, I think this one was the best.

Old Zhuilu Road has quite a story behind it. It was built in the 1910s under the Japanese occupation of the Taiwan island. Most of the trail already existed, but the Japanese forced the natives to make it at least a meter large everywhere (it used to be only 10cm wide) using dynamite.

It's quite sad that such a beautiful trail is soaked the in blood of the Taroko natives.

The Japanese wanted to widen the trail to be able to bring cannons and weapons up the mountain to subdue the native villages resisting the occupation. They eventually won and killed a bunch of them.

Even though this trail is less taxing than the Dali-Datong trail I did two days ago, it easily scores a hard 3/5 as half of the path is made of very narrow paths on the side of a 700m cliff. Better not trip and fall!

Sadly out of the original 10km, only a third of the trail is currently open. A large typhoon destroyed part of the path a few years ago. Once you arrive at the cliffside outpost you have to turn back and start climbing down.

Night market in Xincheng (新成乡)

Tonight was the night market in Xincheng township, the rural township where my hostel is located. I was pretty surprised by how large it was (more than 50 stalls) considering that only 20'000 people reside in the whole township. The ambiance was great and of course I ended up eating too much.

Fried and grilled chicken hearts, fried bits of fat, fried fish balls, grilled squid, hollow egg-shaped cakes, corndogs, sausages, soft-serve ice cream, sweet black tea, I guess I should have paced myself.

Although the food stalls were numerous, there were also a large number of clothes vendors, random toys stalls for the kids and a bunch of electronic pachinko machines where old people were placing bets on one another. The kids were pretty funny: since I seemed to be the only westerner in the whole market, they kept coming in groups of 3 or 4 to laugh at me for not speaking mandarin, and then left running and squealing when I started talking to them.

Blurp! More chicken hearts please!

Petter Reinholdtsen: Simple streaming the Linux desktop to Kodi using GStreamer and RTP

12 July, 2018 - 22:55

Last night, I wrote a recipe to stream a Linux desktop using VLC to a instance of Kodi. During the day I received valuable feedback, and thanks to the suggestions I have been able to rewrite the recipe into a much simpler approach requiring no setup at all. It is a single script that take care of it all.

This new script uses GStreamer instead of VLC to capture the desktop and stream it to Kodi. This fixed the video quality issue I saw initially. It further removes the need to add a m3u file on the Kodi machine, as it instead connects to the JSON-RPC API in Kodi and simply ask Kodi to play from the stream created using GStreamer. Streaming the desktop to Kodi now become trivial. Copy the script below, run it with the DNS name or IP address of the kodi server to stream to as the only argument, and watch your screen show up on the Kodi screen. Note, it depend on multicast on the local network, so if you need to stream outside the local network, the script must be modified. Also note, I have no idea if audio work, as I only care about the picture part.

# Stream the Linux desktop view to Kodi.  See
# for backgorund information.

# Make sure the stream is stopped in Kodi and the gstreamer process is
# killed if something go wrong (for example if curl is unable to find the
# kodi server).  Do the same when interrupting this script.
kodicmd() {
    curl --silent --header 'Content-Type: application/json' \
	 --data-binary "{ \"id\": 1, \"jsonrpc\": \"2.0\", \"method\": \"$cmd\", \"params\": $params }" \
cleanup() {
    if [ -n "$kodihost" ] ; then
	# Stop the playing when we end
	playerid=$(kodicmd "$kodihost" Player.GetActivePlayers "{}" |
			    jq .result[].playerid)
	kodicmd "$kodihost" Player.Stop "{ \"playerid\" : $playerid }" > /dev/null
    if [ "$gstpid" ] && kill -0 "$gstpid" >/dev/null 2>&1; then
	kill "$gstpid"
trap cleanup EXIT INT

if [ -n "$1" ]; then


pasrc=$(pactl list | grep -A2 'Source #' | grep 'Name: .*\.monitor$' | \
  cut -d" " -f2|head -1)
gst-launch-1.0 ximagesrc use-damage=0 ! video/x-raw,framerate=30/1 ! \
  videoconvert ! queue2 ! \
  x264enc bitrate=8000 speed-preset=superfast tune=zerolatency qp-min=30 \
  key-int-max=15 bframes=2 ! video/x-h264,profile=high ! queue2 ! \
  mpegtsmux alignment=7 name=mux ! rndbuffersize max=1316 min=1316 ! \
  udpsink host=$mcast port=$mcastport ttl-mc=$mcastttl auto-multicast=1 sync=0 \
  pulsesrc device=$pasrc ! audioconvert ! queue2 ! avenc_aac ! queue2 ! mux. \
  > /dev/null 2>&1 &

# Give stream a second to get going
sleep 1

# Ask kodi to start streaming using its JSON-RPC API
kodicmd "$kodihost" Player.Open \
	"{\"item\": { \"file\": \"udp://@$mcast:$mcastport\" } }" > /dev/null

# wait for gst to end
wait "$gstpid"

I hope you find the approach useful. I know I do.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Jonathan Dowland: The Cure's 40th Anniversary

12 July, 2018 - 20:59

Last Saturday I joined roughly 65,000 other people to see the Cure play a 40th Anniversary celebration gig in Hyde Park, London. It was a short gig (by Cure) standards of about 2½ hours due to the venue's strict curfew, and as predicted, the set was (for the most part) a straightforward run through the greatest hits. However, the atmosphere was fantastic. It may have been helped along by the great weather we were enjoying (over 30°C), England winning a World Cup match a few hours earlier, and the infectious joy of London Pride that took place a short trip up the road. A great time was had by all.

Last year, a friend of mine who had never listened to the Cure had asked me to recommend (only) 5 songs which would give a reasonable overview. (5 from over 200 studio recorded songs). As with Coil, this is quite a challenging task, and here's what I came up with. In most cases, the videos are from the Hyde Park show (but it's worth seeking out the studio versions too)

1. "Pictures of You"

Walking a delicate line between their dark and light songs, "Pictures of You" is one of those rare songs where the extended remix is possibly better than the original (which is not short either)

2. "If Only Tonight We Could Sleep"

I love this song. I'm a complete sucker for the Phrygian scale. I was extremely happy to finally catch it live for the first time at Hyde Park, which was my fourth Cure gig (and hopefully not my last)

The nu-metal band "Deftones" have occasionally covered this song live, and they do a fantastic job of it. They played it this year for their Meltdown appearance, and a version appears on their "B-Side and Rarities". My favourite take was from a 2004 appearance on MTV's "MTV Icon" programme honouring the Cure:

3. "Killing An Arab"

The provocatively-titled first single by the group takes its name from the pivotal scene in the Albert Camus novel "The Stranger" and is not actually endorsing the murder of people. Despite this it's an unfortunate title, and in recent years they have often performed it as "Killing Another". The song loses nothing in renaming, in my opinion.

The original recording is a sparse, tight, angular post-punk piece, but it's in the live setting that this song really shines, and it's a live version I recommend you try.

4. "Just Like Heaven"

It might be obvious that my tastes align more to the Cure's dark side than the light, but the light side can't be ignored. Most of their greatest hits and best known work are light, accessible pop classics. Choosing just one was amongst the hardest decisions to make. For the selection I offered my friend, I opted for "Friday I'm In Love", which is unabashed joy, but it didn't meet a warm reception, so I now substitute it for "Just Like Heaven".

Bonus video: someone proposed in the middle of this song!

5. "The Drowning Man"

From their "Very Dark" period, another literature-influenced track, this time Mervyn Peake's "Gormenghast": "The Drowning Man"

If you let the video run on, you'll get a bonus 6th track, similarly rarely performed live: Faith. I haven't seen either live yet. Maybe one day!

Louis-Philippe Véronneau: Taiwan Travel Blog - Day 4

12 July, 2018 - 11:00

This is the third entry of my Taiwan Travel blog series! You can find posts on my first few days in Taiwan by following these links:

I had to take care of a few things this morning so I left the hostel a little bit later than I would have liked. I've already done quite a few trails and I'm slowly starting to exhaust the places I wanted to visit in the Taroko National Park, or at least the ones I can reach via public bus.

I've got another day left here and I plan to use the mountain permit I got to visit Old Zhuilu Road (锥麓古道) and then I'll cycle back to Hualien.

Baiyang Waterfall Trail (白杨步道)

I took the bus to go to Tianxiang (天祥), a mountain station about 20km inland from the Taroko National Park entrance. I considered riding my bike there but the mountain road has a lot of blind turns and buses frequently pass one another.

I wanted to visit the Baiyang Waterfall and the Huoran temple, but only found the trail for the waterfall. I blame the heavy construction work in the area.

Baiyang Waterfall was a very nice and leisurely trail. Paved all the way, it follows the Tacijili River (塔次基里) for a while. The trail starts by a tunnel 250m long carved into the mountain. There are no lights in there so it's pitch dark for a while!

I was very lucky to see a colony of bats sleeping with their pups at the exit of the entrance tunnel. So cute!

I also encountered a family of Formosan Rock Macaques in the forest next to the trail. Apparently, they are pretty common in Taiwan, but it was the first time I saw them. Andrew Lee tells me that if I want to meet more monkeys, I can go to the nearby hot spring and bathe with them. If it wasn't so darn hot I just might go.


Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้