Planet Debian

Subscribe to Planet Debian feed
Planet Debian -
Updated: 2 hours 46 min ago

Bits from Debian: Call for Proposals: Debconf 19, Curitiba, Brazil

9 hours 40 min ago

The DebConf Content team would like to call for proposals in the DebConf 19 conference, which will take place in Curitiba, Brazil, between July 21th and 28th. It will be preceded by DebCamp from July 14th to 19th, and Open Day on the 20th.

You can find this Call for Proposals, in its latest form, online:

Please refer to this URL for updates on the present information.

Submitting an Event

You can now submit an event proposal. Events are not limited to traditional presentations or informal sessions (BoFs): we welcome submissions of tutorials, performances, art installations, debates, or any other format of event that you think would be of interest to the Debian community.

Regular sessions may either be 20 or 45 minutes long (including time for questions), other kinds of sessions (workshops, demos, lightning talks, ...) could have different durations. Please choose the most suitable duration for your event and explain any special requests.

You will need to create an account on the site, to submit a talk. We suggest that Debian account holders (including DDs and DMs) to use Debian SSO when creating an account. However, this isn't required, as you can sign up with an e-mail address and password.


If you depend on having your proposal accepted in order to attend the conference, please submit it in a timely fashion so that it can be considered (and potentially accepted) as soon as possible.

All proposals must be submitted before Sunday April 28th, 2019 to be evaluated for the official schedule.

Topics and Tracks

Though we invite proposals on any Debian or FLOSS related subject, we have some broad topics on which we encourage people to submit proposals, including but not limited to:

  • Cloud and containers
  • Debian Blends
  • Debian in Science
  • Embedded
  • Introduction to Free Software & Debian
  • Packaging, policy, and Debian infrastructure
  • Security
  • Social context
  • Systems administration, automation and orchestration

You are welcome to either suggest more tracks, or to become a coordinator for any of them. For more information, see the Content team wiki.

Open Day

This call for proposals also targets Open Day, a day of activities targeted at the general public on July 20th. Topics of interest range from topics specific to Debian to the greater Free Software community and maker movement. The idea of Open Day is to bring the general public closer to Debian and vice-versa, so activity proposals that go in that direction are more than welcome.

If you are interested in presenting on Open Day, let us know in the "Notes" field of your submission. We might also invite proponents that are not specifically targeting Open Day to present in it if we find that the topic fits the above goals.

The Open Day will host activities in multiple languages. We expect to have activities in English, Portuguese, and Spanish.

If your talk will be in portuguese, you can write the Abstract field in portuguese too.

Talk proposal help on IRC

This year we will be holding holding office hours on IRC. Those will be designated times where the DebConf content team will be available to help potential speakers prepare their talk proposals for DebConf.

Dates and times for those will be announced later.

Code of Conduct

Our event is covered by a Code of Conduct designed to ensure everyone’s safety and comfort. The code applies to all attendees, including speakers and the content of their presentations. Do not hesitate to contact us at if you have any questions or are unsure about certain content you’d like to present.

Video Coverage

Providing video is one of the conference goals, as it makes the content accessible to a wider audience. Unless speakers opt-out, scheduled talks may be streamed live over the Internet to promote remote participation, and recordings will be published later under the DebConf license (MIT/Expat), as well as presentation slides and papers whenever available.

Closing note

DebConf 19 is still accepting sponsors; if you are interested, or think you know of others who would be willing to help, please get in touch with

In case of any questions, or if you wanted to bounce some ideas off us first, please do not hesitate to reach out to the content team at

We hope to see you in Curitiba!

The DebConf team

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, February 2019

26 March, 2019 - 19:59

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In February, about 204.5 work hours have been dispatched among 13 paid contributors. Their reports are available:

  • Abhijith PA did 14 hours (out of 14 hours allocated).
  • Adrian Bunk did 8 hours (out of 8 hours allocated).
  • Antoine Beaupré did 16 hours (out of 19.5 hours allocated + 11.5 extra hours, but gave back the remaining hours because he wanted to stop working on LTS).
  • Ben Hutchings did 4 hours (out of 19.5 hours allocated plus 1 extra hour, thus keeping 16.5 extra hours for March).
  • Brian May did 10 hours (out of 10 hours allocated).
  • Chris Lamb did 18 hours (out of 18 hours allocated).
  • Emilio Pozuelo Monfort did not publish his report yet (out of 19.5 hours allocated + 3.25 extra hours).
  • Hugo Lefeuvre did 19.5 hours (out of 19.5 hours allocated).
  • Markus Koschany did 19.5 hours (out of 19.5 hours allocated).
  • Mike Gabriel did 6 hours (out of 10 hours allocated, thus keeping 4 extra hours for March).
  • Ola Lundqvist did 14 hours (out of 8 hours allocated + 8 extra hours, thus keeping 2 extra hours for March).
  • Roberto C. Sanchez did 13.25 hours (out of 19.5 hours allocated + 9.75 extra hours, thus keeping 16 extra hours for March).
  • Thorsten Alteholz did 19.5 hours (out of 19.5 hours allocated).
Evolution of the situation

The number of sponsors (and thus the funding level) did not change for a couple of months. On the contributors side, we have some turn-over: Antoine Beaupré is stopping after many years of good work. Many thanks to him! Fortunately, Sylvain Beucler just started and the workload did not increase too much on existing contributors. But we are still looking for more paid LTS contributors.

The security tracker currently lists 42 packages with a known CVE and the dla-needed.txt file has 28 packages needing an update.

Thanks to our sponsors

New sponsors are in bold (none this month).

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Steinar H. Gunderson: Optimal stable filtering

26 March, 2019 - 15:22

This was originally an email to Casey Muratori's blog post about stable filtering; in it, he left a few open questions. Like me, he doesn't allow comments on his blog, so I sent this by email, but evidently, it didn't make it, because now part 2 is out and still doesn't show how to actually find such filters.

Thus, here are the relevant excerpts:

[...] generally, FIR filter response is calculated by means of the Z-transform, giving a complex response of

   Y[w] / X[w] = (... + b2 e^2jw + b1 e^jw + b0)
   F[w]        = sum(k=0..5, e^(jkw) * b_k)

where the normalized frequency w goes from 0..2pi (the interesting part is from 0..pi, the rest is just aliasing), and j = sqrt(-1) so that e^jx = cos(x) + j sin(x).

Your “stability” criterion here seems to be that |F[w]| <= 1, ie., no frequency is ever boosted.

As you've no doubt discovered, the coefficients b_i need to be symmetric (b_0 = b_5, b_1 = b_4, b_2 = b_3); there's a theorem (whose name I've forgotten) that says that this is a necessary and sufficient condition for linear phase (ie., all frequencies are delayed by the same amount). This makes for a great simplification, as we can look at the real part only (the imaginary part will just be the same as the real part multiplied by a constant factor):

   |F[w]| = sum(k=0..5, cos(kw) * b_k) / cos(2.5 w)

So we want F[w] to be as close as possible to 1, without ever exceeding it. I'm sure someone will have a fancy way of optimizing it symbolically, but I chose to just sample w a bunch of times from 0..pi and formulate it as a linear program. Ie., every F[w] <= 1, the objective is sum(F[w]) over all sampled w. (I wonder if I should theoretically do abs() somewhere, but it seems not to be needed.)

This returned the coefficients

  [0.052519, -0.152582, 0.600063, 0.600063, -0.152582, 0.052519]

which I'm fairly certain are at least accurate to three decimal points; more samples may help with the lower decimals.

The six coeficients sum to almost exactly 1.0, which makes sense; more than that, and very low frequencies would pass the 1.0 limit. I have no idea why the middle coefficient is so close to decimal 0.6, though; there may be some deep reason, but I haven't seen it.

You can see frequency plots by Octave comparing your filter [first] and mine [second]:

You can see that mine is a bit better in the upper filters, trading off a little bit of ripple. I would assume they're fairly close in practice.

Some more discussion hidden deep into ryg's tweets.

Jonathan Carter: DPL 2019 Election: Rebuttals

26 March, 2019 - 11:51

Writing rebuttals is not easy. You have to scrutinise the ideas of the people you admire and highlight the flaws in the ideas that they have put a lot of thought in to. At first I wanted to hold back a bit, because I don’t like being mean, but I think it may be a healthy part of the process to offer a critique towards the fellow candidates. I hope that the other candidates will understand that and not take it personally, my feelings towards them have not changed during this process.

Here are the links:

Links to other updated platforms with rebuttals can be found here:

Gunnar Wolf: Many random blurbs on Debian

26 March, 2019 - 11:03

I have been busy as hell this year. I might have grabbed a bigger bite than what I can swallow – In many fronts! Anyway, sitting at an airport, at least I have time to spew some random blurbs to The Planet and beyond!

We all feared when no candidates showed up at the first call for DPL. But things sorted out themselves as they tend to (and as we all knew that would happen ;-) ), and we have four top-notch DPL candidates. It's getting tough to sort through their platforms and their answers in the lists; the old-timers among us have the additional advantage of knowing who they are and probably having worked closely with some of them. I am still drafting my Condorcet ballot. It won't be an easy task to completely rank them!
DebConf 20 and world politics
For personal and selfish reasons, I am very, very happy to have a reason to go back to Israel after over two decades. Of course, as everybody would expect, there is a bothering level of noise that's not going to quiet down until probably late August 2020... DebConf has often taken controversial turns. Israel is not the toughest one, even if it seems so to some readers. And... Well, to those that want to complain about it — Please do understand that the DebConf Committee is not a politically-acting body. Two bid submissions were presented fully, and the Israeli one was chosen because its local team is stronger. That is probably the best, most important criteria for this conference to be successful. No, it's not like we are betraying anything — It's just the objective best bidding we got from completely volunteer teams.
DebConf 19
What are you waiting for? Register! Submit a talk! Pack up and get your ticket for Brazil!

I'd better get moving, the plane might be getting some ideas about taking off.

Russ Allbery: Spring haul

26 March, 2019 - 06:51

I think it's becoming safe to call this spring. For once, it's a rainy, cold spring in Northern California. This is a collection of relatively random things (mostly pre-orders) that I've picked up in the last couple of months.

Elizabeth Bear — Ancestral Night (sff)
Robert Jackson Bennett — City of Stairs (sff)
Curtis C. Chen — Kangaroo Too (sff)
Maddox Hahn — The Love Song of Numo and Hammerfist (sff)
Karoliina Korhonen — Finnish NIghtmares (graphic novel)
Ann Leckie — The Raven Tower (sff)
Jenn Lyons — The Ruin of Kings (sff)
Cal Newport — Digital Minimalism (nonfiction)
Noelle Stevenson — Nimona (graphic novel)
Foxfeather Zenkova, et al. — Dry Season Only (nonfiction)

I already read and reviewed Hahn's book, and have read (but not yet written the review of) The Raven Tower by Leckie.

Bits from Debian: Google Platinum Sponsor of DebConf19

25 March, 2019 - 18:30

We are very pleased to announce that Google has committed to support DebConf19 as a Platinum sponsor.

"The annual DebConf is an important part of the Debian development ecosystem and Google is delighted to return as a sponsor in support of the work of the global community of volunteers who make Debian and DebConf a reality" said Cat Allman, Program Manager in the Open Source Programs and Making & Science teams at Google.

Google is one of the largest technology companies in the world, providing a wide range of Internet-related services and products as online advertising technologies, search, cloud computing, software, and hardware.

Google has been supporting Debian by sponsoring DebConf since more than ten years, and is also a Debian partner sponsoring parts of Salsa's continuous integration infrastructure within Google Cloud Platform.

With this additional commitment as Platinum Sponsor for DebConf19, Google contributes to make possible our annual conference, and directly supports the progress of Debian and Free Software helping to strengthen the community that continues to collaborate on Debian projects throughout the rest of the year.

Thank you very much Google, for your support of DebConf19!

Become a sponsor too!

DebConf19 is still accepting sponsors. Interested companies and organizations may contact the DebConf team through, and visit the DebConf19 website at

Petter Reinholdtsen: PlantUML for text based UML diagram modelling - nice free software

25 March, 2019 - 15:35

As part of my involvement with the Nikita Noark 5 core project, I have been proposing improvements to the API specification created by The National Archives of Norway and helped migrating the text from a version control system unfriendly binary format (docx) to Markdown in git. Combined with the migration to a public git repository (on github), this has made it possible for anyone to suggest improvement to the text.

The specification is filled with UML diagrams. I believe the original diagrams were modelled using Sparx Systems Enterprise Architect, and exported as EMF files for import into docx. This approach make it very hard to track changes using a version control system. To improve the situation I have been looking for a good text based UML format with associated command line free software tools on Linux and Windows, to allow anyone to send in corrections to the UML diagrams in the specification. The tool must be text based to work with git, and command line to be able to run it automatically to generate the diagram images. Finally, it must be free software to allow anyone, even those that can not accept a non-free software license, to contribute.

I did not know much about free software UML modelling tools when I started. I have used dia and inkscape for simple modelling in the past, but neither are available on Windows, as far as I could tell. I came across a nice list of text mode uml tools, and tested out a few of the tools listed there. The PlantUML tool seemed most promising. After verifying that the packages is available in Debian and found its Java source under a GPL license on github, I set out to test if it could represent the diagrams we needed, ie the ones currently in the Noark 5 Tjenestegrensesnitt specification. I am happy to report that it could represent them, even thought it have a few warts here and there.

After a few days of modelling I completed the task this weekend. A temporary link to the complete set of diagrams (original and from PlantUML) is available in the github issue discussing the need for a text based UML format, but please note I lack a sensible tool to convert EMF files to PNGs, so the "original" rendering is not as good as the original was in the publised PDF.

Here is an example UML diagram, showing the core classes for keeping metadata about archived documents:

skinparam classAttributeIconSize 0

!include media/uml-class-arkivskaper.iuml
!include media/uml-class-arkiv.iuml
!include media/uml-class-klassifikasjonssystem.iuml
!include media/uml-class-klasse.iuml
!include media/uml-class-arkivdel.iuml
!include media/uml-class-mappe.iuml
!include media/uml-class-merknad.iuml
!include media/uml-class-registrering.iuml
!include media/uml-class-basisregistrering.iuml
!include media/uml-class-dokumentbeskrivelse.iuml
!include media/uml-class-dokumentobjekt.iuml
!include media/uml-class-konvertering.iuml
!include media/uml-datatype-elektronisksignatur.iuml

Arkivstruktur.Arkivskaper "+arkivskaper 1..*" <-o "+arkiv 0..*" Arkivstruktur.Arkiv
Arkivstruktur.Arkiv o--> "+underarkiv 0..*" Arkivstruktur.Arkiv
Arkivstruktur.Arkiv "+arkiv 1" o--> "+arkivdel 0..*" Arkivstruktur.Arkivdel
Arkivstruktur.Klassifikasjonssystem "+klassifikasjonssystem [0..1]" <--o "+arkivdel 1..*" Arkivstruktur.Arkivdel
Arkivstruktur.Klassifikasjonssystem "+klassifikasjonssystem [0..1]" o--> "+klasse 0..*" Arkivstruktur.Klasse
Arkivstruktur.Arkivdel "+arkivdel 0..1" o--> "+mappe 0..*" Arkivstruktur.Mappe
Arkivstruktur.Arkivdel "+arkivdel 0..1" o--> "+registrering 0..*" Arkivstruktur.Registrering
Arkivstruktur.Klasse "+klasse 0..1" o--> "+mappe 0..*" Arkivstruktur.Mappe
Arkivstruktur.Klasse "+klasse 0..1" o--> "+registrering 0..*" Arkivstruktur.Registrering
Arkivstruktur.Mappe --> "+undermappe 0..*" Arkivstruktur.Mappe
Arkivstruktur.Mappe "+mappe 0..1" o--> "+registrering 0..*" Arkivstruktur.Registrering
Arkivstruktur.Merknad "+merknad 0..*" <--* Arkivstruktur.Mappe
Arkivstruktur.Merknad "+merknad 0..*" <--* Arkivstruktur.Dokumentbeskrivelse
Arkivstruktur.Basisregistrering -|> Arkivstruktur.Registrering
Arkivstruktur.Merknad "+merknad 0..*" <--* Arkivstruktur.Basisregistrering
Arkivstruktur.Registrering "+registrering 1..*" o--> "+dokumentbeskrivelse 0..*" Arkivstruktur.Dokumentbeskrivelse
Arkivstruktur.Dokumentbeskrivelse "+dokumentbeskrivelse 1" o-> "+dokumentobjekt 0..*" Arkivstruktur.Dokumentobjekt
Arkivstruktur.Dokumentobjekt *-> "+konvertering 0..*" Arkivstruktur.Konvertering
Arkivstruktur.ElektroniskSignatur -[hidden]-> Arkivstruktur.Dokumentobjekt

The format is quite compact, with little redundant information. The text expresses entities and relations, and there is little layout related fluff. One can reuse content by using include files, allowing for consistent naming across several diagrams. The include files can be standalone PlantUML too. Here is the content of media/uml-class-arkivskaper.iuml:

class Arkivstruktur.Arkivskaper  {
  +arkivskaperID : string
  +arkivskaperNavn : string
  +beskrivelse : string [0..1]

This is what the complete diagram for the PlantUML notation above look like:

A cool feature of PlantUML is that the generated PNG files include the entire original source diagram as text. The source (with include statements expanded) can be extracted using for example exiftool. Another cool feature is that parts of the entities can be hidden after inclusion. This allow to use include files with all attributes listed, even for UML diagrams that should not list any attributes.

The diagram also show some of the warts. Some times the layout engine place text labels on top of each other, and some times it place the class boxes too close to each other, not leaving room for the labels on the relationship arrows. The former can be worked around by placing extra newlines in the labes (ie "\n"). I did not do it here to be able to demonstrate the issue. I have not found a good way around the latter, so I normally try to reduce the problem by changing from vertical to horizontal links to improve the layout.

All in all, I am quite happy with PlantUML, and very impressed with how quickly its lead developer responds to questions. So far I got an answer to my questions in a few hours when I send an email. I definitely recommend looking at PlantUML if you need to make UML diagrams. Note, PlantUML can draw a lot more than class relations. Check out the documention for a complete list. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Iustin Pop: The last 10 percent

25 March, 2019 - 12:52

Gamification is everywhere this days, but sometimes it’s well implemented, sometimes not. In this particular case—Garmin environment—it introduced badges around a year or two ago for all kind of things (whether real achievements or not), most of them interesting or at least funny, like having an activity while below 0°C, etc.

The other nice part of all this was that it allows you to easily compare badges with connections. Which results, err can result in races to both get the badges your connections have but you don’t, and get ones that they don’t. All this because it also has a leaderboard based on the total points accumulated—and some badges are worth way more points than basic ones.

One thing I found out this way was that some of my connections had the “achieve step goal 30 days in a row” (4 points!), or even 60 days (8 points!!!). But how can this be, since by default Garmin increases the goal as long as you hit each day’s goals? This was the reason I couldn’t get it before, as the target inexorably increases, and would reach something like 3 hours of walking needed per day at 60 days.

So, my conclusion was that this is possible only with switching to fixed-goal (N steps per day), and did so. I set myself a moderate goal (I don’t walk much, sadly, especially when I commute by bike), and started working towards it. This was back in December. And I still don’t have the badge, argh!

In the first iteration, I went all the way up to 29 days, had 40 steps left for the day, was almost celebrating, but at the end of the day completely forgot about it—because it was just 2 minutes of moving needed. 29 days of carefully checking each evening my goal, all gone away due to early sleeping during vacation… All that was between me and my goal were 40 lousy steps.

I said no problem, I’ll start again. So once more I go, all the way up to 28 days, when sadly external factors intervened and I really couldn’t hit my goal on the 28th day. At least not my fault this time, or at least partially not my fault—had I met my goal early in the day and not leave it to match on the evening, I would have still gotten it.

So, on third iteration now. All went well until day 24th or so, when I got a bit of a cold. This was Wednesday last week, but still, between stuff (I got out of the house that day), it was easy to get the steps. Then, Thursday, I was really out and stayed in-house, with running nose and headache and all that stuff, when I realised: this is a “you-will-not-get-the-badge” event type!! Damn you dungeon master! I needed to move. So here I was, indoors, slowly pacing between the hot teas, for one hour, then after some sleep for another hour, until I hit my goal. Yay!

Today (Monday), I’m at 27 days out of 30. If I hit my goal today, tomorrow and Wednesday, I’ll finally have the damn badge and can both increase my target steps and start working towards the 60 day badge.

But three days is a lot. Many things could happen, including the worst case: my watch could stop working or I could lose it. And I don’t have a backup… I need to be careful…

So yeah, sometimes gamification really works :)

Russ Allbery: Review: The Love Song of Numo and Hammerfist

25 March, 2019 - 09:22

Review: The Love Song of Numo and Hammerfist, by Maddox Hahn

Publisher: Maddox Hahn Copyright: 2018 ISBN: 1-73206-630-2 Format: Kindle Pages: 329

Numo is a drake, a type of homunculus created by alchemy from a mandrake root. He is, to be more precise, a stoker: a slave whose purpose is to stoke the hypocaust of his owning family. Numo's life is wood and fires and the colors of flames, not running messages to the arena for his master. (That may be part of the message his master was sending.) Falling desperately in love at first sight with an infandus fighting in the arena is definitely not part of his normal job.

Hammerfist is an infandus, the other type of homunculus. They aren't made from mandrake root. They're made from humans who have been sentenced to transmogrification. Hammerfist has had a long and successful career in the arena, but she's starting to suffer from the fall, which means she's remembering that she used to be human. This leads to inevitable cognitive decline and eventually death. In Hammerfist's case, it also leads to plotting revolution against the alchemists who make homunculi and use them as slaves.

Numo is not the type to plot revolution. His slave lobe is entirely intact, which means the idea of disobeying his owners is hard to even understand. But he is desperately in love with Hammerfist (even though he doesn't understand what love is), and a revolution would make her happy, so he'll gamely give it a try.

Numo is not a very good revolutionary, but the alchemists are also not very bright, and have more enemies than just the homunculi. And Numo is remarkably persistent and stubborn once he wraps his head around an idea.

Okay, first, when I say that you need a high tolerance for body horror to enjoy this book, I am Seriously Not Kidding. I don't think I have ever read a book with a higher density of maiming, mutilation, torture, mind control, vivisection, and horrific biological experiments. I spent most of this book wincing, and more than a few parts were more graphic than I wanted to read. Hahn's style is light and bubbly and irrepressible and doesn't dwell on the horror, which helps, but if you have a strong visual imagination and body integrity violations bother you, this may not be the book for you.

That said, although this book is about horrible things, this is not a horror novel. It's a fantasy about politics and revolution, about figuring out how to go forward after horrible things happen to you, about taking dramatic steps to take control of your own life, about the courage to choose truth over a familiar lie, and about how sympathy and connection and decency may be more important than love. It's also a book full of gruesome things described in prose like this:

Her eyes were as red as bellowed embers. Her blood-spattered mane stood up a foot or more from her head and neck, cresting between her shoulders like a glorious wave of shimmering heat. Her slobbering mouth was an orangey oven of the purest fire, a font of wondrousness gaping open down to the little iron plate stamped above her pendulous bosoms.

and emotions described like this:

And he'd had enough. Numo was taut as a wire, worn as a cliff face, tired as a beermonger on the solstice. One more gust of wind and he'd snap like a shoddy laundry pole.

This is the book for simile and metaphor lovers. Hahn achieves a rhythm with off-beat metaphor and Numo's oddly-polite mental voice that I found mesmerizing and weirdly cheery.

Except for Numo and Hammerfist, nearly everyone in this book is awful, even if they don't seem so at first. (And Hammerfist is often so wrapped up in depression and self-loathing to be kind of awful herself.) Next to the body horror, that was the aspect of this story I struggled with the most. But Numo's stubborn determination and persistent decency pulled me through, helped by the rare oasis of a supporting character I really liked. Bollix is wonderful (although I'm rather grumpy about how her story turns out). Sangja isn't exactly wonderful — he can be as awful to others as most of the people in this story — but for me he was one of the most sympathetic characters and the one I found myself rooting for.

(I'm going to be coy about Sangja's nature and role, since I think it's a spoiler, but I greatly appreciated the way Hahn portrayed Sangja in this book. He is so perfectly and exactly fits the implications of his nature in this world, and the story is entirely matter-of-fact about it.)

Hahn said somewhere on-line (which I cannot now find and therefore cannot get exactly right) that part of the motivation for this story was the way the beast becomes human at the end of Beauty and the Beast stories, against all of our experience in the real world. Harm and change isn't magically undone; it's something that you still have to live with past the end of the story. This is, therefore, not a purely positive good-triumphs type of story, but I found the ending touching and oddly satisfying (although I wish the cost hadn't been so high).

I am, in general, dubious of the more extravagant claims about the power of self-publishing to bypass gatekeepers, mostly because I think traditional publishing gatekeepers do a valuable job for the reader. This book is one of the more convincing exceptions I've seen. It's a bit of a sprawling mess in places and it doesn't pull together the traditional quest line, which combined with the body horror outside the horror genre makes it hard for me to imagine a place for it in a traditional publishing line-up. But it's highly original, weirdly delightful, and so very much itself that I'm glad I read it even if I had to wince through it.

This is, to be honest, not really my thing, and I'm not sure I'd read another book just like it. But I think some people with more interest in body horror than I do are going to love this book, and I'm not at all unhappy I read it. If you want your devoted, odd, and angstful complex love story mixed with horrific images, gallows humor, and unexpected similes, well, there aren't a lot of books out there that meet that description. This is one. Give it a try.

Rating: 6 out of 10

Sam Hartman: Questioning and Finding Purpose

25 March, 2019 - 03:04
This is copied over from my spiritual blog. I'm nervous doing that, especially at a point when I'm more vulnerable than usual in the Debian community. Still, this is who I am, and I want to be proud of that rather than hide it. And Debian and the free software community are about far more than just the programs we write. So hear goes:

The Libreplanet opening keynote had me in tears. It was a talk by Dr. Tarek Loubani. He described his work as an emergency physician in Gaza and how 3d printers and open hardware are helping save lives.

They didn't have enough stethoscopes; that was one of the critical needs. So, they imported a 3d printer, used that to print another 3d printer, and then began iterative designs of 3d-printable stethoscopes. By the time they were done, they had a device that performed as well or better than than a commercially available model. What was amazing is that the residents of Gaza could print their own; this didn't introduce dependencies on some external organization. Instead, open/free hardware was used to help give people a sense of dignity, control of some part of their lives, and the ability to better save those who depended on them.

Even more basic supplies were unavailable. The lack of tourniquets caused the death of some significant fraction of casualties in the 2014 war. The same solution—3d-printed tourniquets had an even more dramatic result.

Dr. Loubani talked about how he felt powerless to change the world around him. He talked about how he felt like an insignificant ant.

By this point I was feeling my own sense of hopelessness and insignificance. In the face of someone saving lives like that, I felt like I was only playing at changing the world. What is helping teach love and connection when we face that level of violence? Claming that sexual freedom is worth fighting for seems like a joke in the worst possible taste in the face of what he is doing. I felt like an imposter.

Then he went on to talk about how we are all ants, but it is the combination of all our insignificant actions that eventually change the world. He talked about how the violence he sees is an intimate act: he talked about the connection between a sniper and their victim. We die one at a time; we can work to make things better one at a time.

He never othered or judged those committing violence. Not as he talked about his fellow doctor and friend who was shot, radioed that he could not breathe, and eventually died pinned down by gunfire so that no one could rescue him. Not as he talked about how he himself was shot. Not as he helped the audience connect with grief-stricken family members facing the death of their loved ones. He never withdrew compassion.

To me I heard hope that what I try to teach can matter; it can connect. If he can face that violence and take a stand against it while still maintaining compassion, then this stuff I believe actually can work. Facing the world and making real changes without giving up compassion and empathy seems more possible: I’ve seen it done.

Somewhere in this talk, I regained a connection with my own value. People like him are helping save people. However, the violence will continue until we have the love, empathy and compassion to understand and connect with each other and find better options. In my own way I’m doing that. Every time I help someone see a different way of looking at things, I make it easier for them to start with empathy first rather than fear.

Everything I’ve written about sex is still true. That journey can bring us closer to accepting ourselves, stepping past fear and shame. Once we accept our own desires and our own need, we’re in a better position to meet in the Strength of Love and advocate for our own needs while offering compassion to others. Once we know what we can find when we have empathy and connection, we can learn to strive for it.

So I will find joy in being my own little ant. Insignificant and divine: take your pick as it’s all the same in the end.

Bringing that Round to Debian

Debian is back in the center of my compassion work. I'm running for Debian project Leader (DPL). I served on the Debian Technical Committee for over a year, hoping to help bring understanding of diverse positions to our technical dispute resolution process. That ended up being the wrong place. Everyone seems to believe that the DPL is currently at the center of most of the work of helping people connect. I hope to fix that: more than one person should be driving that work.

After the keynote I found myself sitting between Micky Metts and Henry Poole. Micky asked me what I did that I loved. “Ah, she’s not expecting this answer,” I thought to myself as I talked about my spiritual work and how it overlaps with my Debian work. It turns out that she was delighted by the answer and we had a great time chatting about self empowerment. I’m looking forward to her keynote later today.

Then Henry asked how I was going to accomplish bringing empathy into Debian. I talked about my hopes and dreams and went through some of the specifics I’ve discussed in my platform and what I’ve had success with so far. He talked about similarities and overlaps with work his company does and how he works to teach people about free software.

Especially after that keynote it was joyful to sit between two luminaries and be able to share hopes for empathy, compassion and connection. I felt like I had found validation and energy again.

Shirish Agarwal: Questions about Racism, Immigration

25 March, 2019 - 00:26

Racial Attacks in New Zealand

I can’t believe it’s been almost a year since I wrote the blog post about Racism . While that one was in response to Russel’s post about a year back, this one is about the cowardly attack on the 50 odd and rising people died in the racist attack in New Zealand few days back. While I knew things were and charged with Trump and the right or/and alt right is rising in Europe as well but didn’t know that the fire had spread through Australia and New Zealand as well. And before people point fingers, it isn’t as if India is any better in the current circumstances. I came to know of the news on twitter where a gentleman named Khaled Beydoun broke the story . I had not been well the day before hence after work had just slept and woke mid-afternoon. I usually freshen myself but that day either due to laziness or whatever, I opened and was shocked when I read the news on twitter. My eyes, brain must have not properly woken up as I urged Khaled, along with many others to share the stories of the victims so people might know about them. In India, it has been more or less characterised as something to celebrate with slogans like ’50 would-be terrorists slain’ and such nonsense, I did feel it was part of some larger scheme as then also heard that the shooter had a webcam and live-streamed the whole thing on Facebook. Around the same time or a little later, also came to know about Senator Fraser Anning who talked about ‘White Australia’ . The idea behind ‘White Australia’ has been mirrored by the Right in Poland today/yesterday.


The idea is similar in many ways to what Brexiteers told to people living in Britain. In essence we see the following characteristics –

a. Immigrants are the problem of all problems – While time and again has shown that Immigrants have been the source of growth in all developed countries, they are still able to get that particular message across. We had movies like Pathemari from South and fortunately or unfortunately many more movies on the same subject pursued in Hollywood. Some of the movies which I have enjoyed and have also found challenging are Moscow on the Hudson, (one of the best performances given by Robin Williams, The Immigrant , Man Push Cart, The Namesake (the Novel first and then the Movie) , Brooklyn , Sugar and many more. To distill down, all the movies, it comes to a singular fact, we love the place where we are born. We learn the taste, the smell, the culture and are assimilated by it long before we know it. It is only when people go to a different place whether to visit or to live as an immigrant that a dissonance is created and people spend their whole lives trying to fix the dissonance somehow.

In fact, I know at least 10-15 friends and family personally who have been forced into being Economic migrants for life, many of them into IT or Information Technology or business. While I may have shared this pattern before, just a few months back, (without taking names), a friend of mine wound up going back to States. He had made good money in States, is and was at a high post, had made enough money to buy a bungalow in Pune. He sent resumes from United States to Indian companies in and around Pune where they promised him comparative earnings, But when he was back in the excuse of being with the family i.e. father, mother, sister et al he found that they were promising him now half or 1/3rd of what they had promised him before. And this is without any of the benefits which he was enjoying in States. His wife is also from Pune, India and a working professional. In the end, he had to sell his bungalow and say a tearful bye to his parents and sister. This is the case in almost all of Kothrud. I may have shared about Kothrud before. This is a place around 5-6 kms. from my place, where thousands of parents are living a good life as their children are abroad. They feel good that the children are earning good, but many or most of them miss the human touch, the love and care that children can give. There are now non-profits and even the police who do try to care of the old and the aged but there is only so much they can do.

Why people leave, the Brain Drain and Politics in India

Just to share some facts about the Indian Industry, the Indian Government has several plans and schemes on paper, but most of them are unworkable in real life. They have fallen flat as Startup India and ‘Make in India‘ which have been reduced to being mere logos within India. In fact, almost all economic indicators are at a record low. While except for mobiles, most electronic products are stalling, even Cars and Bikes sales which are known as bell-weathers of how the Indian Economy is doing tells the story well. In fact, the current stats. of unemployment should raise a cause of concern. The story does have political colors as now it has come to light that RBI had advised against demonetisation before it was announced and now we are fully into election mode. There is and was China-bashing without realizing we need them as we have no alternatives and even no plan. There have been accusations being made against Pandit Nehru for giving the UNSC seat without understanding the politics behind it. While I of course, need to read more of history, it does point to the fact that if Pandit Nehru had taken the seat, then India would have had war with China in 1955 rather than 1962 when it did. The reason I shared the above is at least most of the problems in India are of its own making, or at the very least, its leaders, the same I fear could possibly be said of many countries.

A hypothesis

There are couple of other painful truths which I feel we don’t want to face, we are all migrants if we believe and support the hypothesis and observation that anthropologists have made about Homosapiens, to the extent as to where they were found and how migration happened over generations. By the same coin, an argument can be made that all of us have our hands bloody. Either in the recent or waaay in the past, the history we don’t know, we either wilfully or tacitly killed whatever was native to each land, whether it was humans or nature itself.

Reasoning for fear of Immigration

b. Nationalism will solve all the problems – There is this wide-spread belief that either ultra-nationalism, or being ultra-whatever will solve all problems. It took more than 200 years for the separation between the church and the State if you read the article on Wikipedia and look up some of the links they have mentioned therein and less than 5 years with help of technology to try to have them together. The idea of one race, one thought has been peddled before and it has resulted into untold destruction. and there is no evidence to point that it will be anything different today.

c. The main crux though of the matter though is probably Immigration and jobs, security – This is where the actual fight is. Most people believe that the natural-born should have some sort of entitlement, more than the Immigrants and that Immigrants get favors which from at least my reading has not been true at all. One point though, I am talking about Economic Migrants here and NOT migrants who end up elsewhere from where they are due to war, famine, natural calamities. For such people who are the unluckiest because they are not in charge of their fates I have no clue as it is much more complex than Economic migrants. Any solutions should have humanitarian focus but is easily pulled into politics as has been seen in India and potentially is the same for other countries as well. It is very much possible that at some future date, we may find India culpable in Rohingya genocide if that becomes the case. This reminds me very much of the Komagata Maru incident in which Indians died and the Canadian PM later apologized.

There was only one advertisement from some European freezing country (climate-wise) which said they will provide or give a house to whoever migrates there (have forgotten the name of the country) but in most countries Immigrants have quite a number of issues. Last year when trying to understand about Taiwan, came to know about immigration issues within Taiwan, much of which is espoused quite nicely in the recent issue of thediplomat. I would venture other countries would have similar issues. I had shared before when I visited Qatar and came to know that in almost all Middle-east countries Indians and people from the sub-continent have a work visa and in many ways they are bonded labourers. Only last year they have made some changes. After coming back to India, Pune I was able to ask and know from many people both in Pune and elsewhere and all of them had similar stories to share. I remember reading some article about immigration laws to Australia in which it was said that if a doctor trained in India were to migrate to Australia, he would have to go through the residency period all over again. That would add another 5-7 years for learning medicine again when s(he) could have been helping. This was shared not just in the article but also shared by personal experiences of few friends and people I met, casually had a chat and so on.

Why not Ban Immigration At all

If Immigration is such an issue why not ban it ? The New Scientist ran a series of articles on the same topic couple of years ago. While I would recommend to read them all, the best one which resounded within me was this one . I had a coincidence to meet quite a few doctors, nurses etc. during my travels, also when I was ill in the hospital. My landlord too was a Doctor who served all his life in UK in NHS . While we have somewhat of a quarrel-some relationship due to renter and rentee, he has shared lot about NHS in Britain. Interestingly, lot of his colleagues were from India, apparently close to 30-40% of the doctors and nurses are from India. The same I have heard about Gulf Countries as well. There are also articles by Rukhsana Khan, I especially liked the article in which she shares about immigration in Canada which I found to be quite interesting. The comments much more so as it tells how much as a species we have yet to grow.

The Positives

While the cost has been high, there has been a net positive as far as inclusiveness for New Zealand is concerned. Jacinda Ardern, the world’s youngest female leader, as shared by Economist had been forthright, critical and called it a terrorist attack. This must have been really difficult for Jacinda to do politically especially when you see her background as shared by Economist, the reasons people chose her. But this is what leaders are expected to do, to lead and not be predictable. This is something our great leader has not been able to. The whole world has commended her for the way she has managed to lead, both with grace and empathy. While I did see some people commenting on her need to use the hijab, most people have complimented her for the way she communicated and foremore, bringing restriction to gun ownership esp. in automated rifles . This is something that United States has failed to do despite so many killings which have taken place

While the post has turned to be long there are still many feelings yet to be expressed, the first one is from a person of whose work I am a fan of and make no bones about it –

TL;DR: The effects of the rise of right wing populism are not dramatic and visible. Often they just involve an excruciating micronegotiation of your body and its place in geographies of suspicion. Do you know what happens when you wear skin and body of suspicion? In a country that overnight feels hostile because of an abhorrent act of terrorism, and an election that exercised the democratic will of bringing into power a fundamental extremist political party, you scan your everyday modes of being. The routines and ruts of habitual living suddenly become unfamiliar, suspect, alien. You take on the double weight of the loss and grief of the victims and the shame and repentance of the perpetrator. You inherit pity and terror of the tragedy with no catharsis. And you see yourself change. Instantaneously.

1. You find yourself smiling more. Whenever you are in public, you make an extra effort to smile at strangers, to convince them that the bag on your shoulders only has your laptop and no other weapon.

2. When you see the increased security, you try to look small, wrapped up in a shrug, to convince the scrutinizing gaze that you are not a menace.

3. When you sit on the train you realise that you sit differently. Not taking as much space, Keeping all your limbs to yourself, breathing in self-defence.

4. Your phone vibrates while you are sitting in the train. It is your mom. You wonder if you should take the call, and speak in your heathen tongue, and if it will offend or alarm people around you.

5. You hear the couple sitting next to you, peering over a train time-table and trying to figure out where they should change trains. You pause for a long moment before you give them advice in a language that you only speak brokenly.

6. You pretend not to notice the raised eyebrows when you betray your outsider status by speaking the local language clumsily, and accept the reluctant thanks before trying to hide behind your phone.

7. You are hungry. There is a lunch box in your bagpack. It is the left-over curry from dinner last night. You hesitate opening it lest the smells of your food bring forth a reaction that you might not be able to digest.

8. As you walk to the building where you have a meeting, you see a group of people drinking beer and being loud, and you instinctively scan to see if there is another entrance into the building that you can detour to.

9. You find solidarity in the people who are angry and in shock at this changed electoral and cultural trend in their country. They lament about how things are going bad. You don’t join them and instead spend all your effort in assuring them that you do not blame them, that you are happy to have them as friends and colleagues; you swallow your feeling of vague dread and spend time consoling them about the fate of things to come.

10. You meet a friend. You sit in a café and talk. You see a small group of people in their older whateveragebrackets pointedly looking at you and looking away when you catch their eye. When you see it happening more than once, you talk your friend into going somewhere else. When asked why, you say, ‘this is just so loud’.

11. You sit through an academic discussion. People are talking about vulnerability and safety. Care and creativity show up. The smart, insightful, and inspiring conversations develop, surrounded by plenty and privilege. You drone out because you remember the 5 refugees that you are counselling, who have sent you messages that given the current political climate, they want to drop out of their education development programme. Now is not a good time to be visible, one 19 year old has said.

12. You enter the central station and realise that you are going to have to sprint to the train. You are used to this. But today you walk measured footsteps even though you are going to miss the train. You don’t want to be running in your body, on a late evening train station. You miss the train and wait in the cold wind plucking at your cheeks, for the next one that takes you home.

13. On the ride back, you compose your face in rehearsed pleasantness. You wear your Asian niceness on your cheeks. The tiredness of the day has no place on your face. You are good, you are not a threat, you are acceptable.

14. You put on your headphones and are going to switch to the usual Bollywood mix that you listen to when you walk home. Before you do that, you remove the headphones and play the music. You are checking to see if the music is too loud, and seeping out of the headphones, betraying its ethnicity in its foreign cadences. You lower the volume and decide to play an American pop mix anyway.

15. You walk home on routine routes when you see three people walking behind you. It is a public space. It is your everyday route home. There are people around. You slow down to let them pass. You find comfort in the bagpack snuggling your back, like an armour.

16. You are fumbling for your keys at the entrance of the building. Somebody walks out of the door at the same time. You are happy not to be fishing for keys, so you ask them to hold the door and scurry up inside. The person asks where you want to go. You tell them you live here. You have never seen each other. You nod, wanting to get home. You get out of the slow elevator and from around the corner you see the person from downstairs looking at you. She has taken the stairs to see you safe home.

17. You enter home and even before you have taken off the bag, or the double layers of coats on your shoulder, you feel a weight come off your shoulders. You stretch to your full height. You breathe deeply. In the solace of solitude, you feel the layers of the day strip off. You head into a warm shower and wash all the gazes that have scorched your body. You step out. While drying in front of the misty mirror., you realise that if this continues, it will soon become habit. When your body is a question, you live like an apology. And these are the experiences of a life that is well shielded, protected, and supported by privilege, mobility, work, health, communities of love and trust, and money. So for anybody who is more precarious this must be amplified multiple times. If you know somebody who feels that they are bodies and skins of suspicion, now you know the cruel algebra of life that they are constantly solving. If somebody tells you they are worried, anxious, feeling afraid because of what this populist verdict has delivered, don’t downplay their dread. It is theirs. Let them work through it. You cannot change it by merely offering your love and care. It helps, but this is not a personal question of feelings – it is a structural problem of survival. Their experience is not an accusation towards you. It is merely an apology for themselves. You might not have voted for this to happen. But you are still a part of the system, and the only way out of this is for us to challenge the normalization of hatred and violence. , Nishant Shah , Academic, Educator, Researcher and Annotator, Netherlands.

As shared by Nishant, while I have not met him, have had the privilege to have read many of the articles penned by him many a times in Indian Express and other places. We also have managed to near-miss each other even though I have been to Bangalore quite a number of times to CIS when he was part of CIS . Also this is not just about what he experienced and what many other people who are foreigners or migrants feel, it is also to shed a light to all those who think of migration as the geese which lays the golden goose but forget the cost.

The other is one of my favorite lyricist, poet, writer who made many marriages happen and also likely to bear the cross for the same (from either husbands or wives) Miyan Javed Akhtar Sahab –

To speak of that which everyone is fearful, of that you must write
The night was never so dark ever before, write!

Throw away the pens with which you wrote the odes
In praise of the true pen dipped in the heart’s blood, write!

The narrow circles that confine you, break all of them
Come under the open skies now, of a new creation, write!

That which finds no place in the daily newspapers
That incident which happens everywhere every day, write!

That which has happened finds mentions
But of those that should have happened, write!

If you wish to see spring return to this garden
Call out from every branch and on every leaf, write!

Written by Miyan Javed Akhtar Sahab, translated by Rakshanda Jalil for where it first appeared digitally to my knowledge.

Jelmer Vernooij: Breezy evolves

24 March, 2019 - 23:00

Last month Martin, Vincent and I finally released version 3.0.0 of Breezy, a little over a year after we originally forked Bazaar.

When we started working on Breezy, it was mostly as a way to keep Bazaar working going forward - in a world where Python 2 has mostly disappeared in favour of Python 3).


Since then, we have also made other improvements. In addition to Python 3 support, Breezy comes with the following other bigger changes:

Batteries Included

Breezy bundles most of the common plugins. This makes the installation of Breezy much simpler (pip install brz), and prevents possible issues with API incompatibility that plagued Bazaar.

Bundled plugins include: grep, git, fastimport, propose, upload, stats and parts of bzrtools.

>120 fixed bugs

Since Bazaar 2.7, lots of bugs in the Bazaar code base have been fixed (over 120 as of March 2019). We've also started an effort to go through all bugs in the Bazaar bug tracker to see whether they also apply to Breezy.

Native Git Support

Breezy now supports the Git file formats as a first class citizen; Git support is included in Breezy itself, and should work just as well as regular Bazaar format repositories.

Improved abstractions

Bazaar has always had a higher level API that could be used for version control operations, and which was implemented for both Bazaar, Git and Subversion formats.

As part of the work to support the Git format natively, we have changed the API to remove Bazaar-specific artefacts, like the use of file ids. Inventories (a Bazaar concept) are now also an implementation detail of the bzr formats, and not a concept that is visible in the API or UI.

In the future, I hope the API will be useful for tools that want to make automated changes to any version controlled resource, whether that be Git, Bazaar, Subversion or Mercurial repositories.

Petter Reinholdtsen: Release 0.3 of free software archive API system Nikita announced

24 March, 2019 - 20:30

Yesterday, a new release of Nikita Noark 5 core project was announced on the project mailing list. The free software solution is an implementation of the Norwegian archive standard Noark 5 used by government offices in Norway. These were the changes in version 0.3 since version 0.2.1 (from

  • Improved ClassificationSystem and Class behaviour.
  • Tidied up known inconsistencies between domain model and hateaos links.
  • Added experimental code for blockchain integration.
  • Make token expiry time configurable at upstart from properties file.
  • Continued work on OData search syntax.
  • Started work on pagination for entities, partly implemented for Saksmappe.
  • Finalise ClassifiedCode Metadata entity.
  • Implement mechanism to check if authentication token is still valid. This allow the GUI to return a more sensible message to the user if the token is expired.
  • Reintroduce browse.html page to allow user to browse JSON API using hateoas links.
  • Fix bug in handling file/mappe sequence number. Year change was not properly handled.
  • Update application yml files to be in sync with current development.
  • Stop 'converting' everything to PDF using libreoffice. Only convert the file formats doc, ppt, xls, docx, pptx, xlsx, odt, odp and ods.
  • Continued code style fixing, making code more readable.
  • Minor bug fixes.

If free and open standardized archiving API sound interesting to you, please contact us on IRC (#nikita on or email (nikita-noark mailing list).

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Riku Voipio: On the #uploadfilter problem

23 March, 2019 - 23:07
The copyright holders in europe are pushing hard mandate upload filters for internet. We have been here before - when they outlawed circumventing DRM. Both have roots in the same problem. The copyright holders look at computers and see bad things happening to their revenue. They come to IT companies and say "FIX IT". It industry comes back and says.. "We cant.. making data impossible to copy is like trying to make water not wet!". But we fail at convincing copyright holders in how perfect DRM or upload filter is not possible. Then copyright holders go to law makers and ask them in turn to fix it.

We need to turn tables around. If they want something impossible, it should be upto them to implement it.

It is simply unfair to require each online provider to implement an AI to detect copyright infringement, manage a database of copyrighted content and pay for the costs running it all.. ..And getting slapped with a lawsuit anyways, since copyrighted content is still slipping through.

The burden of implementing #uploadfilter should be on the copyright holder organizations. Implement as a SaaS. Youtube other web platforms call your API and pay $0.01 each time a pirate content is detected. On the other side, to ensure correctness of the filter, copyright holders have to pay any lost revenue, court costs and so on for each false positive.

Filtering uploads is still problematic. But it's now the copyright holders problem. Instead people blaming web companies for poor filters, it's the copyright holders now who have to answer to the public why their filters are rejecting content that doesn't belong to them.

Dirk Eddelbuettel: RcppArmadillo 0.9.300.2.0

23 March, 2019 - 05:57

A new RcppArmadillo release based on a new Armadillo upstream release arrived on CRAN and Debian today.

Armadillo is a powerful and expressive C++ template library for linear algebra aiming towards a good balance between speed and ease of use with a syntax deliberately close to a Matlab. RcppArmadillo integrates this library with the R environment and language–and is widely used by (currently) 583 other packages on CRAN.

The (upstream-only this time) changes are listed below:

Changes in RcppArmadillo version 0.9.300.2.0 (2019-03-21)
  • Upgraded to Armadillo release 9.300.2 (Fomo Spiral)

    • Faster handling of compound complex matrix expressions by trace()

    • More efficient handling of element access for inplace modifications in sparse matrices

    • Added .is_sympd() to check whether a matrix is symmetric/hermitian positive definite

    • Added interp2() for 2D data interpolation

    • Added expm1() and log1p()

    • Expanded .is_sorted() with options "strictascend" and "strictdescend"

    • Expanded eig_gen() to optionally perform balancing prior to decomposition

Courtesy of CRANberries, there is a diffstat report relative to previous release. More detailed information is on the RcppArmadillo page. Questions, comments etc should go to the rcpp-devel mailing list off the R-Forge page.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Enrico Zini: debian-vote statistics

22 March, 2019 - 18:48

I made a script to compute some statistics on debian-vote's election discussions.

Here are the result as of 2019-03-22 12:50:

These are the number of mails sent by people who posted more than 2 messages:

Name                     Mails
Joerg Jaspert               18
Sam Hartman                 15
Jonathan Carter             14
Martin Michlmayr            14
Lucas Nussbaum              13
Kurt Roeckx                  9
Andreas Tille                7
Jose Miguel Parrella         6
Bdale Garbee                 3
Ian Jackson                  3
Paul Wise                    3
Raphael Hertzog              3
Sean Whitton                 3

These are sum and averages of lines of non-quoted message text sent by people:

Name                     Sum   Avg
Jonathan Carter          715    51
Lucas Nussbaum           518    40
Sam Hartman              505    34
Martin Michlmayr         370    26
Joerg Jaspert            369    20
Andreas Tille            214    31
Jose Miguel Parrella     161    27
Kurt Roeckx              152    17
Ian Jackson              150    50
Raphael Hertzog           65    22
Paul Wise                 48    16
Sean Whitton              41    14
Bdale Garbee              35    12

These are the top keywords of messages sent by the candidates so far, scored by an improvised TFIDF metric:

Sam Hartman
  people, work, time, things, focus, valuable, think
Jonathan Carter
  back, bold, brave, wiki, developer, your, perhaps
Joerg Jaspert
  something, good, upload, should, thing, nice, just
Martin Michlmayr
  believe, change, where, question, technical, cost, more

Elana Hashman: SREcon19 Americas Talk Resources

22 March, 2019 - 11:00

At SREcon19 Americas, I gave a talk called "Operating within Normal Parameters: Monitoring Kubernetes". Here's some links and resources related to my talk, for your reference.

Operating within Normal Parameters: Monitoring Kubernetes Additional Prometheus metrics sources Related readings

I'm including these documents for reference to add some context around what's currently happening (as of 2019Q1) in the Kubernetes instrumentation SIG and wider ecosystem.

Note that GitHub links are pinned to their most recent commit to ensure they will not break; if you want the latest version, make sure to switch the branch to "master".

Simon Josefsson: Offline Ed25519 OpenPGP key with subkeys on FST-01G running Gnuk

22 March, 2019 - 03:45

Below I describe how to generate an OpenPGP key and import it to a FST-01G device running Gnuk. See my earlier post on planning for my new OpenPGP key and the post on preparing the FST-01G to run Gnuk. For comparison with a RSA/YubiKey based approach, you can read about my setup from 2014.

Most of the steps below are covered by the Gnuk manual. The primary complication for me is the use of a offline machine and storing GnuPG directory stored on a USB memory device.

Offline machine

I use a laptop that is not connected to the Internet and boot it from a read-only USB memory stick. Finding a live CD that contains the necessary tools for using GnuPG with smartcards (gpg-agent, scdaemon, pcscd) is significantly harder than it should be. Using a rarely audited image begs the question of whether you can trust it. A patched kernel/gpg to generate poor randomness would be an easy and hard to notice hack. I’m using the PGP/PKI Clean Room Live CD. Recommendations on more widely used and audited alternatives would be appreciated. Select “Advanced Options” and “Run Shell” to escape the menus. Insert a new USB memory device, and prepare it as follows:

pgp@pgplive:/home/pgp$ sudo wipefs -a /dev/sdX
pgp@pgplive:/home/pgp$ sudo fdisk /dev/sdX
# create a primary partition of Linux type
pgp@pgplive:/home/pgp$ sudo mkfs.ext4 /dev/sdX1
pgp@pgplive:/home/pgp$ sudo mount /dev/sdX1 /mnt
pgp@pgplive:/home/pgp$ sudo mkdir /mnt/gnupghome
pgp@pgplive:/home/pgp$ sudo chown pgp.pgp /mnt/gnupghome
pgp@pgplive:/home/pgp$ sudo chmod go-rwx /mnt/gnupghome
GnuPG configuration

Set your GnuPG home directory to point to the gnupghome directory on the USB memory device. You will need to do this in every terminal windows you open that you want to use GnuPG in.

pgp@pgplive:/home/pgp$ export GNUPGHOME=/mnt/gnupghome

At this point, you should be able to run gpg --card-status and get output from the smartcard.

Create master key

Create a master key and make a backup copy of the GnuPG home directory with it, together with an export ASCII version.

pgp@pgplive:/home/pgp$ gpg --quick-gen-key "Simon Josefsson <>" ed25519 sign 216d
gpg: keybox '/mnt/gnupghome/pubring.kbx' created
gpg: /mnt/gnupghome/trustdb.gpg: trustdb created
gpg: key D73CF638C53C06BE marked as ultimately trusted
gpg: directory '/mnt/gnupghome/openpgp-revocs.d' created
gpg: revocation certificate stored as '/mnt/gnupghome/openpgp-revocs.d/B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE.rev'
pub   ed25519 2019-03-20 [SC] [expires: 2019-10-22]
uid                      Simon Josefsson <>

pgp@pgplive:/home/pgp$ gpg -a --export-secret-keys B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/masterkey.txt
pgp@pgplive:/home/pgp$ sudo cp -a $GNUPGHOME $GNUPGHOME-backup-masterkey
Create subkeys

Create subkeys and make a backup of them too, as follows.

pgp@pgplive:/home/pgp$ gpg --quick-add-key B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE cv25519 encr 216d
pgp@pgplive:/home/pgp$ gpg --quick-add-key B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE ed25519 auth 216d
pgp@pgplive:/home/pgp$ gpg --quick-add-key B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE ed25519 sign 216d
pgp@pgplive:/home/pgp$ gpg -a --export-secret-keys B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/mastersubkeys.txt
pgp@pgplive:/home/pgp$ gpg -a --export-secret-subkeys B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/subkeys.txt
pgp@pgplive:/home/pgp$ sudo cp -a $GNUPGHOME $GNUPGHOME-backup-mastersubkeys
Move keys to card

Prepare the card by setting Admin PIN, PIN, your full name, sex, login account, and key URL as you prefer, following the Gnuk manual on card personalization.

Move the subkeys from your GnuPG keyring to the FST01G using the keytocard command.

Take a final backup — because moving the subkeys to the card modifes the local GnuPG keyring — and create a ASCII armored version of the public key, to be transferred to your daily machine.

pgp@pgplive:/home/pgp$ gpg --list-secret-keys
sec   ed25519 2019-03-20 [SC] [expires: 2019-10-22]
uid           [ultimate] Simon Josefsson <>
ssb>  cv25519 2019-03-20 [E] [expires: 2019-10-22]
ssb>  ed25519 2019-03-20 [A] [expires: 2019-10-22]
ssb>  ed25519 2019-03-20 [S] [expires: 2019-10-22]

pgp@pgplive:/home/pgp$ gpg -a --export-secret-keys B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/masterstubs.txt
pgp@pgplive:/home/pgp$ gpg -a --export-secret-subkeys B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/subkeysstubs.txt
pgp@pgplive:/home/pgp$ gpg -a --export B1D2BD1375BECB784CF4F8C4D73CF638C53C06BE > $GNUPGHOME/publickey.txt
pgp@pgplive:/home/pgp$ cp -a $GNUPGHOME $GNUPGHOME-backup-masterstubs
Transfer to daily machine

Copy publickey.txt to your day-to-day laptop and import it and create stubs using --card-status.

jas@latte:~$ gpg --import < publickey.txt 
gpg: key D73CF638C53C06BE: public key "Simon Josefsson <>" imported
gpg: Total number processed: 1
gpg:               imported: 1
jas@latte:~$ gpg --card-status

Reader ...........: Free Software Initiative of Japan Gnuk (FSIJ-1.2.14-67252015) 00 00
Application ID ...: D276000124010200FFFE672520150000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 67252015
Name of cardholder: Simon Josefsson
Language prefs ...: sv
Sex ..............: male
URL of public key :
Login data .......: jas
Signature PIN ....: not forced
Key attributes ...: ed25519 cv25519 ed25519
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: A3CC 9C87 0B9D 310A BAD4  CF2F 5172 2B08 FE47 45A2
      created ....: 2019-03-20 23:40:49
Encryption key....: A9EC 8F4D 7F1E 50ED 3DEF  49A9 0292 3D7E E76E BD60
      created ....: 2019-03-20 23:40:26
Authentication key: CA7E 3716 4342 DF31 33DF  3497 8026 0EE8 A9B9 2B2B
      created ....: 2019-03-20 23:40:37
General key info..: sub  ed25519/51722B08FE4745A2 2019-03-20 Simon Josefsson <>
sec   ed25519/D73CF638C53C06BE  created: 2019-03-20  expires: 2019-10-22
ssb>  cv25519/02923D7EE76EBD60  created: 2019-03-20  expires: 2019-10-22
                                card-no: FFFE 67252015
ssb>  ed25519/80260EE8A9B92B2B  created: 2019-03-20  expires: 2019-10-22
                                card-no: FFFE 67252015
ssb>  ed25519/51722B08FE4745A2  created: 2019-03-20  expires: 2019-10-22
                                card-no: FFFE 67252015

Before the key can be used after the import, you must update the trust database for the secret key.

Now you should have a offline master key with subkey stubs. Note in the output below that the master key is not available (sec#) and the subkeys are stubs for smartcard keys (ssb>).

jas@latte:~$ gpg --list-secret-keys
sec#  ed25519 2019-03-20 [SC] [expires: 2019-10-22]
uid           [ultimate] Simon Josefsson <>
ssb>  cv25519 2019-03-20 [E] [expires: 2019-10-22]
ssb>  ed25519 2019-03-20 [A] [expires: 2019-10-22]
ssb>  ed25519 2019-03-20 [S] [expires: 2019-10-22]


If your environment variables are setup correctly, SSH should find the authentication key automatically.

ssh-ed25519 AAAAC3NzaC1lZDI1NTE5AAAAILzCFcHHrKzVSPDDarZPYqn89H5TPaxwcORgRg+4DagE cardno:FFFE67252015

GnuPG and SSH are now ready to be used with the new key. Thanks for reading!

Simon Josefsson: Installing Gnuk on FST-01G running NeuG

22 March, 2019 - 03:39

The FST-01G device that you order from the FSF shop runs NeuG. To be able to use the device as a OpenPGP smartcard, you need to install Gnuk. While Niibe covers this on his tutorial, I found the steps a bit complicated to follow. The following guides you from buying the device to getting a FST-01G running Gnuk ready for use with GnuPG.

Once you have received the device and inserted it into a USB port, your kernel log (sudo dmesg) will show something like the following:

[628772.874658] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0004
[628772.874663] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[628772.874666] usb 1-1.5.1: Product: Fraucheky
[628772.874669] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan
[628772.874671] usb 1-1.5.1: SerialNumber: FSIJ-0.0
[628772.875204] usb-storage 1-1.5.1:1.0: USB Mass Storage device detected
[628772.875452] scsi host6: usb-storage 1-1.5.1:1.0
[628773.886539] scsi 6:0:0:0: Direct-Access     FSIJ     Fraucheky        1.0  PQ: 0 ANSI: 0
[628773.887522] sd 6:0:0:0: Attached scsi generic sg2 type 0
[628773.888931] sd 6:0:0:0: [sdb] 128 512-byte logical blocks: (65.5 kB/64.0 KiB)
[628773.889558] sd 6:0:0:0: [sdb] Write Protect is off
[628773.889564] sd 6:0:0:0: [sdb] Mode Sense: 03 00 00 00
[628773.890305] sd 6:0:0:0: [sdb] No Caching mode page found
[628773.890314] sd 6:0:0:0: [sdb] Assuming drive cache: write through
[628773.902617]  sdb:
[628773.906066] sd 6:0:0:0: [sdb] Attached SCSI removable disk

The device comes up as a USB mass storage device. Conveniently, it contain documentation describing what it is, and you identify the version of NeuG it runs as follows.

jas@latte:~/src/gnuk$ head /media/jas/Fraucheky/README 
NeuG - a true random number generator implementation (for STM32F103)

							  Version 1.0.7
						           Niibe Yutaka
				      Free Software Initiative of Japan

To convert the device into the serial-mode that is required for the software upgrade, use the eject command for the device (above it came up as /dev/sdb): sudo eject /dev/sdb. The kernel log will now contain something like this:

[628966.847387] usb 1-1.5.1: reset full-speed USB device number 27 using ehci-pci
[628966.955723] usb 1-1.5.1: device firmware changed
[628966.956184] usb 1-1.5.1: USB disconnect, device number 27
[628967.115322] usb 1-1.5.1: new full-speed USB device number 28 using ehci-pci
[628967.233272] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0001
[628967.233277] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[628967.233280] usb 1-1.5.1: Product: NeuG True RNG
[628967.233283] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan
[628967.233286] usb 1-1.5.1: SerialNumber: FSIJ-1.0.7-67252015
[628967.234034] cdc_acm 1-1.5.1:1.0: ttyACM0: USB ACM device

The strings NeuG True RNG and FSIJ-1.0.7 suggest it is running NeuG version 1.0.7.

Now both Gnuk itself and reGNUal needs to be built, as follows. If you get any error message, you likely don’t have the necessary dependencies installed.

jas@latte:~/src$ git clone
jas@latte:~/src$ git clone
jas@latte:~/src$ cd gnuk/src/
jas@latte:~/src/gnuk/src$ git submodule update --init
jas@latte:~/src/gnuk/src$ ./configure --vidpid=234b:0000
jas@latte:~/src/gnuk/src$ make
jas@latte:~/src/gnuk/src$ cd ../regnual/
jas@latte:~/src/gnuk/regnual$ make
jas@latte:~/src/gnuk/regnual$ cd ../../

You are now ready to flash the device, as follows.

jas@latte:~/src$ sudo neug/tool/ -f gnuk/regnual/regnual.bin gnuk/src/build/gnuk.bin 
gnuk/regnual/regnual.bin: 4544
gnuk/src/build/gnuk.bin: 113664
CRC32: 931cab51

Configuration: 1
Interface: 1
Downloading flash upgrade program...
start 20000e00
end   20001f00
# 20001f00: 31 : 196
Run flash upgrade program...
Wait 3 seconds...
Downloading the program
start 08001000
end   0801bc00

Remove and insert the device and the kernel log should contain something like this:

[629120.399875] usb 1-1.5.1: new full-speed USB device number 32 using ehci-pci
[629120.511003] usb 1-1.5.1: New USB device found, idVendor=234b, idProduct=0000
[629120.511008] usb 1-1.5.1: New USB device strings: Mfr=1, Product=2, SerialNumber=3
[629120.511011] usb 1-1.5.1: Product: Gnuk Token
[629120.511014] usb 1-1.5.1: Manufacturer: Free Software Initiative of Japan
[629120.511017] usb 1-1.5.1: SerialNumber: FSIJ-1.2.14-67252015

The device can now be used with GnuPG as a smartcard device.

jas@latte:~/src/gnuk$ gpg --card-status
Reader ...........: 234B:0000:FSIJ-1.2.14-67252015:0
Application ID ...: D276000124010200FFFE672520150000
Version ..........: 2.0
Manufacturer .....: unmanaged S/N range
Serial number ....: 67252015
Name of cardholder: [not set]
Language prefs ...: [not set]
Sex ..............: unspecified
URL of public key : [not set]
Login data .......: [not set]
Signature PIN ....: forced
Key attributes ...: rsa2048 rsa2048 rsa2048
Max. PIN lengths .: 127 127 127
PIN retry counter : 3 3 3
Signature counter : 0
Signature key ....: [none]
Encryption key....: [none]
Authentication key: [none]
General key info..: [none]



Creative Commons License ลิขสิทธิ์ของบทความเป็นของเจ้าของบทความแต่ละชิ้น
ผลงานนี้ ใช้สัญญาอนุญาตของครีเอทีฟคอมมอนส์แบบ แสดงที่มา-อนุญาตแบบเดียวกัน 3.0 ที่ยังไม่ได้ปรับแก้