You are here

Agreguesi i feed

Russian National Vulnerability Database Operation Raises Suspicions - Mar, 17/07/2018 - 11:18pd The official mission of the organization in charge of maintaining Russia's national vulnerability database gives it legitimate cover for inspecting foreign technologies and products for security vulnerabilities that can later be weaponized.

David Tomaschik: Useful Metasploit Reminders

Planet Ubuntu - Mar, 17/07/2018 - 5:52pd

This isn’t an intro to metasploit, but more a reminder to myself of things that are useful to know, but maybe not used all the time (or relatively new).


The Fridge: Ubuntu Weekly Newsletter Issue 536

Planet Ubuntu - Hën, 16/07/2018 - 10:58md

Welcome to the Ubuntu Weekly Newsletter, Issue 536 for the week of July 8 – 14, 2018. The full version of this issue is available here.

In this issue we cover:

The Ubuntu Weekly Newsletter is brought to you by:

  • Krytarik Raido
  • Bashing-om
  • Chris Guiver
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Colin King: Comparing Latencies and Power consumption with various CPU schedulers

Planet Ubuntu - Hën, 16/07/2018 - 2:22md
The low-latency kernel offering with Ubuntu provides a kernel tuned for low-latency environments using low-latency kernel configuration options.  The x86 kernels by default run with the Intel-Pstate CPU scheduler set to run with the powersave scaling governor biased towards power efficiency.

While power efficiency is fine for most use-cases, it can introduce latencies due to the fact that the CPU can be running at a low frequency to save power and also switching from a deep C state when idle to a higher C state when servicing an event can also increase on latencies.

In a somewhat contrived experiment, I rigged up an i7-3770 to collect latency timings of clock_nanosleep() wake-ups with timer event coalescing disabled (timer_slack set to zero) over 60 seconds across a range of CPU scheduler and governor settings on a 4.15 low-latency kernel.  This can be achieved using stress-ng, for example:

sudo stress-ng --cyclic 1 --cyclic-dist 100 –cyclic-sleep=10000 --cpu 1 -l 0 -v \
--cyclic-policy rr --cyclic-method clock_ns --cpu 0 -t 60 --timer-slack 0

..the above runs a cyclic measurement collecting latency counts in 100ns buckets with a clock_nanosecond wakeup interval of 10,000 nanoseconds with zero % load CPU stressor and timer slack set to 0 nanoseconds.  This dumps latency distribution stats that can be plotted to see where the modal latency points occur and the latency characteristics of the CPU scheduler.

I also used powerstat to measure the power consumed by the CPU package over a 60 second interval.  Measurements for the Intel-Pstate CPU scheduler [performance, powersave] and the ACPI CPU scheduler (intel_pstate=disabled) [performance, powersave, conservative and ondemand] were taken for 1,000,000 down to 10,000 nanosecond timer delays.

1,000,000 nanosecond timer delays (1 millisecond) Strangely the powersave Intel-Pstate is using the most power (not what I expected).

The ACPI CPU scheduler in performance mode has the best latency distribution followed by the Intel-Pstate CPU scheduler also in performance mode.

100,000 nanosecond timer delays (100 microseconds)Note that Intel-Pstate performance consumes the most power...
...and also has the most responsive low-latency distribution.

10,000 nanosecond timer delays (10 microseconds)In this scenario, the ACPI CPU scheduler in performance mode was consuming the most power and had the best latency distribution.

It is clear that the best latency responses occur when a CPU scheduler is running in performance mode and this consumes a little more power than other CPU scheduler modes.  However, it is not clear which CPU scheduler (Intel-Pstate or ACPI) is best in specific use-cases.

The conclusion is rather obvious;  but needs to be stated.  For best low-latency response, set the CPU governor to the performance mode at the cost of higher power consumption.  Depending on the use-case, the extra power cost is probably worth the improved latency response.

As mentioned earlier, this is a somewhat contrived experiment, only one CPU was being exercised with a predictable timer wakeup.  A more interesting test would be with data handling, such as incoming packet handling over ethernet at different rates; I will probably experiment with that if and when I get more time.  Since this was a synthetic test using stress-ng, it does not represent real world low-latency scenarios, however, it may be worth exploring CPU scheduler settings to tune a low-latency configuration rather than relying on the default CPU scheduler setting.

"Red Alert" Warning on US Cyber-Attacks, Now at "Critical Point" - Hën, 16/07/2018 - 11:28pd The United States' director of national intelligence issued a "red alert" warning on a dangerous new level of cyber-warfare during a Washington think tank conference. He also spoke of Russia as one of the "worst offenders" ahead of US President Trump's meeting with Russian President Vladimir Putin in Finland.

Russia Fends Off 25 Million Cyber-Attacks During World Cup - Hën, 16/07/2018 - 11:23pd Russia prevented nearly 25 million cyber-attacks and other criminal acts during the football World Cup, according to the Kremlin. The Moscow Times reported that Russian President Vladimir Putin praised the world of the country's security forces, along with international cooperation, ensuring a safe tournament.

Lubuntu Blog: This Week in Lubuntu Development #7

Planet Ubuntu - Hën, 16/07/2018 - 7:40pd
Here is the seventh issue of This Week in Lubuntu Development. You can read the last issue here. Changes General This week was focused on polishing the installer experience and the desktop in general. Here are the changes made, with links to the full details. Lubuntu Artwork Rename sddm-theme-lubuntu-chooser to sddm-theme-lubuntu. Since Ubuntu's sddm is […]

Robert Ancell: GUADEC 2018 Almería

Planet Ubuntu - Hën, 16/07/2018 - 4:41pd
I recently attended the recent GNOME Users and Developers European Conference (GUADEC) in Almería, Spain. This was my fifth GUADEC and as always I was able to attend thanks to my employer Canonical paying for me to be there. This year we had seven members of the Ubuntu desktop team present. Almería was a beautiful location for the conference and a good trade for the winter weather I left on the opposite side of the world in New Zealand.

This was the second GUADEC since the Ubuntu desktop switched back to shipping GNOME and it’s been great to be back. I was really impressed how positive and co-operative everyone was; the community seems to be in a really healthy shape. The icing on the cake is the anonymous million dollar donation the foundation has received which they announced will be used to hire some staff.

The first talk of the week was from my teammates Ken VanDine, Didier Roche and Marco Treviño who talked about how we’d done the transition from Unity to GNOME in Ubuntu desktop. I was successful in getting an open talk slot and did a short talk about the state of Snap integration into GNOME. I talked about the work I’d done making snapd-glib and the Snap plugin in GNOME Software. I also touched on some of the work James Henstridge has been working on making Snaps work with portals. It was quite fun to see James be a bit of a celebrity after a long period of not being at a GUADEC - he is the JH in JHBuild!

After the first three days of talks the remaining three days are set for Birds of a Feather sessions where we get together in groups around a particular topic and discuss and hack on that. I organised a session on settings which turned out to be surprisingly popular! It was great to see everyone that I work with online in-person and allowed us to better understand each other. In particular I caught up with Georges Stavracas who has been very patient in reviewing the many patches I have been working on in GNOME Control Center.

I hope to see everyone again next year!

4.18-rc5: mainline

Kernel Linux - Dje, 15/07/2018 - 9:49md
Version:4.18-rc5 (mainline) Released:2018-07-15 Source:linux-4.18-rc5.tar.gz Patch:full (incremental)

Michael Hill: Writing docs in a container

Planet GNOME - Enj, 12/07/2018 - 12:06pd

In February, Matthias Clasen started a series of blog posts about Fedora Atomic Workstation (now Team Silverblue) and Flatpak. I gave it a try to see how the container would work with the documentation tools.

The screenshot below shows the setup I used to submit this merge request. The buildah container is in the shell window on the right where git and Emacs operate in the /srv directory. At the same time on the Silverblue desktop, gitg and Yelp see the same files in the /var/srv directory.

Recently I launched buildah and found it wasn’t connecting to the network. It goes without saying that I needed to look no further than GUADEC for the solution (Matthias indicated that “–net=host” was now required on the command line). Now I create the container like this:

sudo chcon -R -h -t container_file_t /var/srv sudo buildah run --net=host -v /var/srv:/srv:rslave fedora-working-container bash

Emacs bindings for Mallard are courtesy of Jaromír Hradílek.

Emmanuele Bassi: News from GLib 2.58

Planet GNOME - Mër, 11/07/2018 - 3:50md

Next September, GLib will hit version 2.58. There have been a few changes during the past two development cycles, most notably the improvement of the Meson build, which in turn led to an improved portability of GLib to platforms such as Windows, macOS, and Android. It is time to take stock of the current status of GLib, and to highlight some of the changes that will impact GLib-based code.

  • Meson – Thanks to the ongoing work of Nirbheek Chauhan and Xavier Claessens, the Meson build has been constantly improving, to the point that we can start switching to it as the default build system. The plan—as outlined on the mailing list—is to release GLib 2.58 using Meson, while keeping the Autotools build in tree and available in the release archive; then, we’ll drop the Autotools build during the following development cycle, and release GLib 2.60 without Autotools support. Linux distributors are very much welcome to start testing the Meson build in their builders; we’ve been running the Meson build as part of our CI process for a while, now, but more exposure will bring out eventual regressions that we missed; additionally, it would be stellar if people with different toolchains than GCC/Clang/MSVC would start trying the Meson build and report bugs. In the meantime, if you’re using GLib on macOS and Windows, we already recommend you switch to Meson to build GLib, as it’s easier and better integrated with those platforms than Autotools
  • Reliability and portability – GLib switched to GitLab alongside the rest of GNOME, which meant being able to run continuous integration outside of the GNOME Continuous builds. Now we run CI on multiple toolchains, multiple build systems, and multiple platforms for every commit and merge request, which significantly reduces the chances of a broken build. We’ve also improved the code coverage in the test suite. Of course, we could always do better; for instance, we don’t have a CI runner for macOS and the Solaris family of OSes, and more runners for the *BSD family would be greatly appreciated. We’ve issued a call for help, if you have a spare machine and some bandwidth that you can donate
  • File monitoring on *BSD – Apropos the *BSD family, the kqueue backend for file monitoring in GIO has been completely overhauled by Martin Pieuchot and Ting-Wei Lan; the new code is simpler, more robust, and passes all the tests
  • Use posix_spawn() for efficient process launching — Thanks to Daniel Drake, GLib now can use posix_spawn() under specific circumstances, if the platform’s C library supports it; this allows hitting fast paths in the kernel, compared to manually calling fork() + exec(); those fast paths are especially beneficial when running on memory constrained platforms
  • Reference counting types and allocations — GLib uses reference counting as a memory management and garbage collection mechanism in many of its types, but lacks the public API to allow other people to implement the same semantics in their own data structures; this leads to much copy-pasting and re-implementations, and typically to things like undefined behavior when it comes to saturation and thread safety. GLib 2.58 has a grefcount and a gatomicrefcount types, alongside their API, to reduce this duplication. Additionally, taking a cue from other languages like Rust, GLib provides a way to add reference counting semantics on memory allocations, by adding a low level API that allows you to allocate structures that do not have a reference count field, and automatically add reference counting semantics to them
  • Deprecations – A few soft deprecations have become real deprecations in this last development cycle:
      • g_type_class_add_private() has finally been deprecated, five years after we introduced the instance private data macros; if you’re still using that function in your class initialization, please switch to G_DEFINE_TYPE_WITH_PRIVATE or G_ADD_PRIVATE
      • g_main_context_wait() is officially deprecated, but you should have already seen run time warnings about its use
      • gtester, the GTest harness provided by GLib, is deprecated; if you’re using Autotools, you should use the TAP harness that comes with Automake

There have been lots of contributions in GLib, in this past cycle, thanks to the tireless efforts of Philip Withnall; he’s been instrumental in reviewing patches, triaging bugs, and implementing changes in the development process of the project. The switch over to GitLab has also improved the contribution process, with many more developers opening merge requests:

  • 2.54.0..c182cd68: 968 changesets from 143 developers, up from 412 changesets and 68 developers during the 2.53 development cycle
  • A total of 31851 lines added, 27976 removed (delta: +3875)
Developers with the most changesets Philip Withnall 303 31.3% Xavier Claessens 79 8.2% Emmanuele Bassi 69 7.1% Christoph Reiter 42 4.3% Ting-Wei Lan 21 2.2% Chun-wei Fan 21 2.2% Nirbheek Chauhan 21 2.2% Ondrej Holy 20 2.1% Руслан Ижбулатов 20 2.1% Mikhail Zabaluev 20 2.1% Simon McVittie 15 1.5% Matthias Clasen 14 1.4% Christian Hergert 13 1.3% Iñigo Martínez 12 1.2% Bastien Nocera 10 1.0% Rafal Luzynski 9 0.9% Michael Catanzaro 9 0.9% Will Thompson 8 0.8% Allison Lortie 8 0.8% Daniel Boles 8 0.8%

Make sure to test your code with GLib 2.57.2, the next development snapshot towards the 2.58.0 stable release.

Michael Hill: GUADEC 2018

Planet GNOME - Mar, 10/07/2018 - 6:07md

I’m feeling extremely grateful for the shot in the arm GUADEC provides by way of old friends, new friends, expert advice, enthusiasm, time-worn wisdom, and so many reminders of why we do this.

I use FreeCAD for freelance work, and build the development version from git periodically. There is a copr nightly build for recent versions of Fedora, but not for Rawhide. The first person to whom I related this experience, David King, said the software would be ideal for the Flatpak treatment. Since then I’ve been getting a tutorial on building the YAML manifest, and after four days of hard work (thanks Dave!), it’s on the very brink of completion.

On the docs front, having adapted to GitLab and getting a merge request committed to the Desktop Help in the spring, it’s time to refresh some of the topics. I’ll be starting with the Settings pages.

A couple of jokers photobomb André’s portrait session.

Thanks to Ismael Olea, Rubén Gómez and the organizing team for a spectacular event and a wonderful cultural experience! Thank you GNOME Foundation for the sponsorship.

Aditya Manglik: GUADEC 2018

Planet GNOME - Mar, 10/07/2018 - 9:38pd

Today, my first GUADEC experience has come to an end, and it was great! Kudos to the organizers for a very well-planned and executed event. Being a part of the volunteer team was a fantastic experience and thanks for the nice t-shirt!

It was wonderful to meet the GNOME community in person, quite a surreal experience to say the least. The talks were a great opportunity to learn about everything going on at GNOME. I had amazing discussions with my mentors on various topics ranging from “Integrating AI in gnome applications” to “The big dilemma: Is a PhD really worth it?” and finally, some stuff about the GSoC project too.

Thank you for the beautiful memories. I look forward to meeting everyone once again, next year.

P.S.- Please prepare for the next ice cream deathmatch. I won’t be eating any more ice cream until the next GUADEC.

Taiwan Travel Blog - Day 2 & 3

Planet Debian - Mar, 10/07/2018 - 6:00pd

My Taiwan Travel blog continues! I was expecting the weather to go bad on July 10th, but the typhoon arrived late and the rain only started around 20:00. I'm pretty happy because that means I got to enjoy another beautiful day of hiking in Taroko National Park.

I couldn't find time on the 10th to sit down and blog about my trip, so this blog will also include what I did on the 11th.

Xiaozhuilu Trail (小锥麓步道)

The first path I did on the 10th was Xiaozhuilu to warm my muscles a little bit. It links the Shakadang Trail to the Taroko Visitor center and it's both easy and enjoyable. The path is mainly composed of stairs and man-made walkways, but it's the middle of the forest and goes by the LiWu river.

To me, the highlight of the trail was the short rope suspension bridge. How cute!

Dekalun Trail (得卡伦步道)

Once I finished the Xiaozhuilu trail, I decided I was ready for something a little more challenging. Since the park was slowly closing down because of the incoming Typhoon Maria, the only paths I could do were the ones where I didn't need to ride a bus.

I thus started climbing the Dekalun Trail, situated right behind the Taroko Visitor Center.

Although the path is very steep and goes through the wild forest/jungle, this path is also mainly man-made walkways and stairs. Here is a forest interpretation poster I really liked:

The leaves of a tree are its name cards. The name cards of the Macaranga tree are very special. They are large and round and the petiole is not on the leaf margin, it is inside the leaf blade. They are called perforated leaves and look like shields. [...] The Macaranga tree is like a spearhead. When the village here relocated and the fields were abandoned, it quickly moved in. The numerous leaves form a large umbrella that catches a large amount of sunlight and allows it to grow quickly. It can be predicted that in the future, the Macaranga will gradually be replaced by trees that are more shade tolerant. In the meantime however, its leaves, flowers and fruits are a source of food loved by the insects and birds.

A very fengshui tree yo.

Here is a bonus video of one of the giant spiders I was describing yesterday being eaten by ants. For size comparison, the half step you can see is about 10cm large...

Video of a huge dead spider being eaten by ants. Dali - Datong Trail (大礼-大同步道)

The Dekalun Trail ends quite abruptly and diverges into two other paths: one that goes back down and the other one that climbs to the Dali village and then continues to the Datong village.

It was still early in the afternoon when I arrived at the crossroad so I decided that I was at least going to make it to Dali before turning back. Turns out that was a good idea, since the Dali path was a really beautiful mountainside path with a very challenging heigh difference. If the Dekalun Trail is a light 3/5, I'd say the Dali trail is a heavy 3/5. Although I'm in shape, I had to stop multiple times to sit down and try to cool myself. By itself the trail would be fine, but it's the 35+°C with a high level of humidity that made it challenging to me.

Once I arrived at Dali, I needed a permit to continue to Datong but the path was very easy, the weather beautiful and the view incredible, so I couldn't stop myself. I think I walked about half of the 6km trail from Dali to Datong before running out of water. Turns out 4L wasn't enough. The mixed guilt of not having a mountain permit and the concern I wouldn't have anything left to drink for a while made me turn back and start climbing down.

Still, no regrets! This trail was clearly the best one I did so far.

A Wild Andrew Appears!

So there I was in my bed after a day of hiking in the mountains, ready to go to sleep when Andrew Lee reached out to me.

He decided to come by my hostel to talk about the DebConf18 daytrip options. Turns out I'll be the one to lead the River Tracing daytrip on the MeiHua river (梅花溪). River tracing is a mix of bouldering and hiking, but in a river bed.

I'm a little apprehensive of taking the lead of the daytrip since I don't know if my mandarin will be good enough to fully understand the bus driver and the activity guide, but I'll try my best!

Anyway, once we finished talking about the daytrip, Andrew proposed we go to the Hualien night market. After telling him I wasn't able to rent a bike because of the incoming typhoon (nobody would rent me one), we swerved by Carrefour (a large super market chain) and ended up buying a bicycle! The clerk was super nice and even gave me a lock to go with it.

I'm now the proud owner of a brand new Giant bicycle for the rest of my trip in Taiwan. I'm retrospective, I think this was a pretty good idea. It'll end up cheaper than renting one for a large amount of time and will be pretty useful to get around during DebConf.1 It's a little small for me, but I will try to buy a longer seat post in Hualien.

Music and Smoked Flying Fish

After buying the bike, I guess we said fuck the night market and met up with one of Andrew's friend who is a musician and owns a small recording studio. We played music with him for a while and sang songs, and then went back to Andrew's place to eat some flying fish that Andrew had smoked. We drank a little and I decided to sleep there because it was getting pretty late.

Andrew was a wonderful guest and brought me back to my hostel the next day in the afternoon after showing me the Hualien beach and drinking some tea in a local teashop with me. I had a very good time.

What an eventful two days that was! Turns out the big typhoon that was supposed to hit on the 11th turned out to be a fluke and passed to the north of Taiwan: in Hualien we only had a little bit of rain. So much for the rainpocalyspe I was expecting!

Language Rant bis

Short but heartfelt language rant: Jesus Christ on a paddle-board, communication in a language you don't really master is exhausting. I recently understood one of the sentences I was trying to decipher was a pun and I laughed. Then cried a little.

  1. If you plan to stay in Taiwan after DebConf and need a bicycle, I would be happy to sell it for 1500 NTD$ (40€), half of what I paid. It's a little bit cheap, but it's brand new and comes with a 1 year warranty! Better than walking if you ask me. 

Louis-Philippe Véronneau Louis-Philippe Véronneau

Still not going to Debconf....

Planet Debian - Hën, 09/07/2018 - 10:35md

I was looking forward to this year's Debconf in Taiwan, the first in Asia, and the perspective of attending it with no jet lag, but I happen to be moving to Okinawa and changing jobs on August 1st, right at the middle of it...

Moving is a mixed feeling of happiness and excitation for what I am about to find, and melancholy about what and whom I am about to leave. But flights to Tôkyô and Yokohama are very affordable.

Special thanks to the Tôkyô Debian study group, where I got my GPG key signed by Debian developers a long time ago

Charles Plessy Planet

Run Ubuntu on Windows, even multiple releases in parallel!

Planet Debian - Hën, 09/07/2018 - 9:50md

Running Linux terminals on Windows needs just a few clicks since we can install Ubuntu, Debian and other distributions right from the Store as apps, without the old days’ hassle of dual-booting or starting virtual machines. It just works and it works even in enterprise environments where installation policies are tightly controlled.

If you check the Linux distribution apps based on the Windows Subsystem for Linux technology you may notice that there is not only one Ubuntu app, but there are already three, Ubuntu, Ubuntu 16.04 and Ubuntu 18.04. This is no accident. It matches the traditional Ubuntu release offering where the LTS releases are supported for long periods and there is always a recommended LTS release for production:

  • Ubuntu 16.04 (code name: Xenial) was the first release really rocking on WSL and it will be updated in the Store until 16.04’s EOL, April, 2021.
  • Ubuntu 18.04 (code name: Bionic) is the current LTS release (also rocking :-)) and the first one supporting even ARM64 systems on Windows. It will be updated in the Store until 18.04’s EOL, April, 2023.
  • Ubuntu (without the release version) always follows the recommended release, switching over to the next one when it gets the first point release. Right now it installs Ubuntu 16.04 and will switch to 18.04.1, on 26th July, 2018.

The apps in the Store are like installation kits. Each app creates a separate root file system in which Ubuntu terminals are opened but app updates don’t change the root file system afterwards. Installing a different app in parallel creates a different root file system allowing you to have both Ubuntu LTS releases installed and running in case you need it for keeping compatibility with other external systems. You can also upgrade your Ubuntu 16.04 to 18.04 by running ‘do-release-upgrade’ and have three different systems running in parallel, separating production and sandboxes for experiments.

What amazes me in the WSL technology is not only that Linux programs running directly on Windows perform surprisingly well (benchmarks), but the coverage of programs you can run unmodified without any issues and without the large memory overhead of virtual machines.

I hope you will enjoy the power or the Linux terminals on Windows at least as much we enjoyed building the apps at Canonical working closely with Microsoft to make it awesome!

Réczey Bálint debian – Obsessed with reality

My Free Software Activities in June 2018

Planet Debian - Hën, 09/07/2018 - 8:06md

Welcome to Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games
  • I advocated Phil Morrell to become Debian Maintainer with whom I have previously worked together on corsix-th. This month I sponsored his updates for scorched3d and the new package, an installer for drm-free commercial games. is basically a collection of shell scripts that create a wrapper around games from or Steam and put them into a Debian package which is then seamlessly integrated into the user’s system.  Similar software are game-data-packager, playonlinux or lutris (not yet in Debian).
  • I packaged new upstream releases of blockattack, renpy, atomix and minetest, and also backported Minetest version to Stretch later on.
  • I uploaded RC bug fixes from Peter de Wachter for torus-trooper, tumiki-fighters and val-and-rick and moved the packages to Git.
  • I tackled an RC bug (#897548) in yabause, a Saturn emulator.
  • I sponsored connectagram, cutemaze and tanglet updates for Innocent de Marchi.
  • Last but not least I refreshed the packaging of trophy and sauerbraten which had not seen any updates for the last couple of years.
Debian Java
  • I packaged a new upstream release of activemq and could later address #901366 thanks to a bug report by Chris Donoghue.
  • I also packaged upstream releases of bouncycastle, libpdfbox-java, libpdfbox2-java because of reported security vulnerabilities.
  • I investigated and fixed RC bugs in openjpa (#901045), osgi-foundation-ee (#893382) and ditaa (#897494, Java 10 related).
  • A snakeyaml update introduced a regression in apktool (#902666) which was only visible at runtime. Once known I could fix it.
  •   I worked on Netbeans again. It can be built from source now but there is still a runtime error (#891957) that prevents users from starting the application. The current plan is to package the latest release candidate of Netbeans 9 and move forward.
Debian LTS

This was my twenty-eight month as a paid contributor and I have been paid to work 23,75 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 18.06.2018 until 24.06.2018 I was in charge of our LTS frontdesk. I investigated and triaged CVE in jasperreports, 389-ds-base, asterisk, lava-server, libidn, php-horde-image, tomcat8, thunderbird, glusterfs, ansible, mercurial, php5, jquery, redis, redmine, libspring-java, php-horde-crypt, mupdf, binutils, jetty9 and libpdfbox-java.
  • DSA-4221-1. Issued a security update for libvncserver fixing 1 CVE.
  • DLA-1398-1. Issued a security update for php-horde-crypt fixing 2 CVE.
  • DLA-1399-1. Issued a security update for ruby-passenger fixing 2 CVE.
  • DLA-1411-1. Issued a security update for tiff fixing 5 CVE.
  • DLA-1410-1. Issued a security update for python-pysaml fixing 2 CVE.
  • DLA-1418-1. Issued a security update for bouncycastle fixing 7 CVE.

Extended Long Term Support (ELTS) is a new project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my first month and I have been paid to work 7 hours on ELTS.

  • ELA-1-1. Issued a security update for Git fixing 1 CVE.
  • ELA-8-1. Issued a security update for ruby-passenger fixing 1 CVE.
  • ELA-14-1. Backported the Linux 3.16 kernel from Jessie to Wheezy. This update also included backports of initramfs-tools and the linux-latest source package. The new kernel is available for amd64 and i386 architectures.
  • I prepared security updates for libvncserver (Stretch, DSA-4221-1) and Sid) and bouncycastle (Stretch, DSA-4233-1)

Thanks for reading and see you next time.

Apo planetdebian –

What is the most supported MIME type in Debian in 2018?

Planet Debian - Hën, 09/07/2018 - 8:05pd

Five years ago, I measured what the most supported MIME type in Debian was, by analysing the desktop files in all packages in the archive. Since then, the DEP-11 AppStream system has been put into production, making the task a lot easier. This made me want to repeat the measurement, to see how much things changed. Here are the new numbers, for unstable only this time:

Debian Unstable:

count MIME type ----- ----------------------- 56 image/jpeg 55 image/png 49 image/tiff 48 image/gif 39 image/bmp 38 text/plain 37 audio/mpeg 34 application/ogg 33 audio/x-flac 32 audio/x-mp3 30 audio/x-wav 30 audio/x-vorbis+ogg 29 image/x-portable-pixmap 27 inode/directory 27 image/x-portable-bitmap 27 audio/x-mpeg 26 application/x-ogg 25 audio/x-mpegurl 25 audio/ogg 24 text/html

The list was created like this using a sid chroot: "cat /var/lib/apt/lists/*sid*_dep11_Components-amd64.yml.gz| zcat | awk '/^ - \S+\/\S+$/ {print $2 }' | sort | uniq -c | sort -nr | head -20"

It is interesting to see how image formats have passed text/plain as the most announced supported MIME type. These days, thanks to the AppStream system, if you run into a file format you do not know, and want to figure out which packages support the format, you can find the MIME type of the file using "file --mime <filename>", and then look up all packages announcing support for this format in their AppStream metadata (XML or .desktop file) using "appstreamcli what-provides mimetype <mime-type>. For example if you, like me, want to know which packages support inode/directory, you can get a list like this:

% appstreamcli what-provides mimetype inode/directory | grep Package: | sort Package: anjuta Package: audacious Package: baobab Package: cervisia Package: chirp Package: dolphin Package: doublecmd-common Package: easytag Package: enlightenment Package: ephoto Package: filelight Package: gwenview Package: k4dirstat Package: kaffeine Package: kdesvn Package: kid3 Package: kid3-qt Package: nautilus Package: nemo Package: pcmanfm Package: pcmanfm-qt Package: qweborf Package: ranger Package: sirikali Package: spacefm Package: spacefm Package: vifm %

Using the same method, I can quickly discover that the Sketchup file format is not yet supported by any package in Debian:

% appstreamcli what-provides mimetype application/vnd.sketchup.skp Could not find component providing 'mimetype::application/vnd.sketchup.skp'. %

Yesterday I used it to figure out which packages support the STL 3D format:

% appstreamcli what-provides mimetype application/sla|grep Package Package: cura Package: meshlab Package: printrun %

PS: A new version of Cura was uploaded to Debian yesterday.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Petter Reinholdtsen Petter Reinholdtsen - Entries tagged english

Taiwan Travel Blog - Day 1

Planet Debian - Hën, 09/07/2018 - 6:00pd

I'm going to DebConf18 later this month, and since I had some free time and I speak a somewhat understandable mandarin, I decided to take a full month of vacation in Taiwan.

I'm not sure if I'll keep blogging about this trip, but so far it's been very interesting and I felt the urge to share the beauty I've seen with the world.

This was the first proper day I spent in Taiwan. I arrived on the 8th during the afternoon, but the time I had left was all spent traveling to Hualien County (花蓮縣) were I intent to spend the rest of my time before DebConf.

Language Rant

I'm mildly annoyed at Taiwan for using traditional Chinese characters instead of simplified ones like they do in Mainland China. So yeah, even though I've been studying mandarin for a while now, I can't read much if anything at all. For those of you not familiar with mandarin, here is an example of a very common character written with simplified (后) and traditional characters (後). You don't see the resemblance between the two? Me neither.

I must say technology is making my trip much easier though. I remember a time when I had to use my pocket dictionary to lookup words and characters and it used to take me up to 5 minutes to find a single character1. That's how you end up ordering cold duck blood soup from a menu without pictures after having given up on translating it.

Now, I can simply use my smartphone and draw the character I'm looking for in my dictionary app. It's fast, it's accurate and it's much more complete than a small pocket dictionary.

Takoro National Park (太鲁阁国家公园)

Since I've seen a bunch of large cities in China already and I both dislike pollution and large amounts of people squished up in too few square meters, I rapidly decided I wasn't going to visit Taipei and would try to move out and explore one of the many national parks in Taiwan.

After looking it up, Takoro National Park in the Hualien County seemed the best option for an extended stay. It's large enough that there is a substantial tourism economy built around visiting the multiple trails of the park, there are both beginner and advanced trails you can choose from and the scenery is incredible.

Also Andrew Lee lives nearby and had a bunch of very nice advice for me, making my trip to Takoro much easier.

Swallow Gorge (燕子口)

The first trail I visited in the morning was Swallow Gorge. Apparently it's frequently closed because of falling rocks. Since the weather was very nice and the trail was open, I decided to start by this one.

Fun fact, at first I thought the swallow in Swallow Gorge meant swallowing, but it is swallow as in the cute bird commonly associated with spring time. The gorge is named that way because the small holes in the cliffs are used by swallows to nest. I kinda understood that when I saw a bunch of them diving and playing in the wind in front of me.

The Gorge was very pretty, but it was full of tourists and the "trail" was actually a painted line next to the road where car drives. It was also pretty short. I guess that's ok for a lot of people, but I was looking for something a little more challenging and less noisy.

Shakadang Trail (砂卡礑步道)

The second trail I visited was the Shakadang trail. The trail dates back to 1940, when the Japanese tried to use the Shakadang river for hydroelectricity.

This trail was very different from Yanzikou, being in the wild and away from cars. It was a pretty easy trail (2/5) and although part of it was paved with concrete, the more you went the wilder it got. In fact, most of the tourist gave up after the first kilometer and I had the rest of the path to myself afterwards.

The path is home to a variety of wild animals, plants and insects. I didn't see any wild board, but gosh damn did I saw some freakingly huge spiders. As I learnt later, Taiwan is home of the largest spiders in the world. The ones I saw (Golden silk orb-weaver, Nephila pilipes) had bodies easily 3 to 5cm long and 2cm thick, with an overall span of 20cm with their legs.

I also heard some bugs (I guess it was bugs) making a huge racket that somewhat reminded me of an old car's loose alternator belt strap on a cold winter morning.

  1. Using a Chinese dictionary is a hard thing to do since there is no alphabet. Instead, the characters are classified by the number of strokes in their radicals and then by the number of strokes in the rest of the character. 

Louis-Philippe Véronneau Louis-Philippe Véronneau

uwsgi; oh my!

Planet Debian - Hën, 09/07/2018 - 5:45pd

The world of Python based web applications, WSGI, its interaction with uwsgi and various deployment methods can quickly turn into a incredible array of confusingly named acronym soup. If you jump straight into the uwsgi documentation it is almost certain you will get lost before you start!

Below tries to lay out a primer for the foundations of application deployment within devstack; a tool for creating a self-contained OpenStack environment for testing and interactive development. However, it is hopefully of more general interest for those new to some of these concepts too.


Let's start with WSGI. Fully described in PEP 333 -- Python Web Server Gateway Interface the core concept a standardised way for a Python program to be called in response to a web request. In essence, it bundles the parameters from the incoming request into known objects, and gives you can object to put data into that will get back to the requesting client. The "simplest application", taken from the PEP directly below, highlights this perfectly:

def simple_app(environ, start_response): """Simplest possible application object""" status = '200 OK' response_headers = [('Content-type', 'text/plain')] start_response(status, response_headers) return ['Hello world!\n']

You can start building frameworks on top of this, but yet maintain broad interoperability as you build your application. There is plenty more to it, but that's all you need to follow for now.

Using WSGI

Your WSGI based application needs to get a request from somewhere. We'll refer to the diagram below for discussions of how WSGI based applications can be deployed.

In general, this is illustrating how an API end-point might be connected together to an underlying WSGI implementation written in Python ( Of course, there are going to be layers and frameworks and libraries and heavens knows what else in any real deployment. We're just concentrating on Apache integration -- the client request hits Apache first and then gets handled as described below.


Starting with 1 in the diagram above, we see CGI or "Common Gateway Interface". This is the oldest and most generic method of a web server calling an external application in response to an incoming request. The details of the request are put into environment variables and whatever process is configured to respond to that URL is fork() -ed. In essence, whatever comes back from stdout is sent back to the client and then the process is killed. The next request comes in and it starts all over again.

This can certainly be done with WSGI; above we illustrate that you'd have a framework layer that would translate the environment variables into the python environ object and connect up the processes output to gather the response.

The advantage of CGI is that it is the lowest common denominator of "call this when a request comes in". It works with anything you can exec, from shell scripts to compiled binaries. However, forking processes is expensive, and parsing the environment variables involves a lot of fiddly string processing. These become issues as you scale.


Illustrated by 2 above, it is possible to embed a Python interpreter directly into the web server and call the application from there. This is broadly how mod_python, mod_wsgi and mod_uwsgi all work.

The overheads of marshaling arguments into strings via environment variables, then unmarshaling them back to Python objects can be removed in this model. The web server handles the tricky parts of communicating with the remote client, and the module "just" needs to translate the internal structures of the request and response into the Python WSGI representation. The web server can manage the response handlers directly leading to further opportunities for performance optimisations (more persistent state, etc.).

The problem with this model is that your web server becomes part of your application. This may sound a bit silly -- of course if the web server doesn't take client requests nothing works. However, there are several situations where (as usual in computer science) a layer of abstraction can be of benefit. Being part of the web server means you have to write to its APIs and, in general, its view of the world. For example, mod_uwsgi documentation says

"This is the original module. It is solid, but incredibly ugly and does not follow a lot of apache coding convention style".


mod_python is deprecated with mod_wsgi as the replacement. These are obviously tied very closely to internal Apache concepts.

In production environments, you need things like load-balancing, high-availability and caching that all need to integrate into this model. Thus you will have to additionally ensure these various layers all integrate directly with your web server.

Since your application is the web server, any time you make small changes you essentially need to manage the whole web server; often with a complete restart. Devstack is a great example of this; where you have 5-6 different WSGI-based services running to simulate your OpenStack environment (compute service, network service, image service, block storage, etc) but you are only working on one component which you wish to iterate quickly on. Stopping everything to update one component can be tricky in both production and development.


Which brings us to uwsgi (I call this "micro-wsgi" but I don't know if it actually intended to be a μ). uwsgi is a real Swiss Army knife, and can be used in contexts that don't have to do with Python or WSGI -- which I believe is why you can get quite confused if you just start looking at it in isolation.

uwsgi lets us combine some of the advantages of being part of the web server with the advantages of abstraction. uwsgi is a complete pluggable network daemon framework, but we'll just discuss it in one context illustrated by 3.

In this model, the WSGI application runs separately to the webserver within the embedded python interpreter provided by the uwsgi daemon. uwsgi is, in parts, a web-server -- as illustrated it can talk HTTP directly if you want it to, which can be exposed directly or via a traditional proxy.

By using the proxy extension mod_proxy_uwsgi we can have the advantage of being "inside" Apache and forwarding the requests via a lightweight binary channel to the application back end. In this model, uwsgi provides a uwsgi:// service using its internal protcol on a private port. The proxy module marshals the request into small packets and forwards it to the given port. uswgi takes the incoming request, quickly unmarshals it and feeds it into the WSGI application running inside. Data is sent back via similarly fast channels as the response (note you can equally use file based Unix sockets for local only communication).

Now your application has a level of abstraction to your front end. At one extreme, you could swap out Apache for some other web server completely and feed in requests just the same. Or you can have Apache start to load-balance out requests to different backend handlers transparently.

The model works very well for multiple applications living in the same name-space. For example, in the Devstack context, it's easy with mod_proxy to have Apache doing URL matching and separate out each incoming request to its appropriate back end service; e.g.

  • http://service/identity gets routed to Keystone running at localhost:40000
  • http://service/compute gets sent to Nova at localhost:40001
  • http://service/image gets sent to glance at localhost:40002

and so on (you can see how this is exactly configured in lib/apache:write_uwsgi_config).

When a developer makes a change they simply need to restart one particular uwsgi instance with their change and the unified front-end remains untouched. In Devstack (as illustrated) the uwsgi processes are further wrapped into systemd services which facilitates easy life-cycle and log management. Of course you can imagine you start getting containers involved, then container orchestrators, then clouds-on-clouds ...


There's no right or wrong way to deploy complex web applications. But using an Apache front end, proxying requests via fast channels to isolated uwsgi processes running individual WSGI-based applications can provide both good performance and implementation flexibility.

Ian Wienand Technovelty


Subscribe to AlbLinux agreguesi