Planet FSCI

January 28, 2023

• Sahil Dhiman MiniDebConf Palakkad 2022

  It all started with a discussion that we’ll meet IRL if we have a physical Debian event. A few texts exchanged - we got a venue, we had an organization team, and we were set for an event. This was how MiniDebConf Palakkad 2022 which happened on November 12 to November 13, in NSS College of Engineering Palakkad, Kerala came to be.

  To give you folks a bit of context, I have been active in Debian and Debian India since DebConf20, which was around the time when I started using Debian full time on my machine. Debian been such a welcoming community, and DebConf22 Kochi (which has since changed to DebConf23 Kochi) preparations ongoing, pulled me in for more participating and volunteering for more Debian events since. Due to Covid-19 pandemic, DebConf22 Kosovo was probably the first physical Debian event. As official host of next DebConf, the Debian India had to send a delegation to attend and receive Pollito. I wanted to attend this conference and meet folks I was working, interacting and gossiping with since I started on Debian, as we hadn’t met IRL ever. But alas! Due to work, I had to skip attending the conf. Also, all the attendees kept saying, I should have attended it, it was so much fun. Now during once such conversation among the MDC Shoutout team (if you know, you know ;)), we were discussing this and that’s when the idea of a Debian event came to be. A few texts by Abbyck to his alma mater club at FOSSNSS, and soon we had them onboard for venue and event. From there it all came to be.

  Now, coming up with a two day, two track Debian event is never easy. Call for proposals needs to be sent, website has to be done, registrations has to be taken care of, money needs to be raised, publicity has to be done and then on the venue, projection and sound system is to be setup, attendees need food and accommodation and all the nitty-gritty has to be planned, arranged and executed for the conference to happen. Discussions started around September and conference dates were fixed mid-November. Teams, consisting mostly of FOSSNSS and Debian India folks, started work under guidance from Anupa. (She’s usually the one doing most stuff, never ever taking the credit for.) All the folks did loads of work, multiple meetings were conducted and on ground stuff was done.

  As Ravi too planned to join the conference, we booked the tickets to Coimbatore, from there we planned to travel by road to Palakkad. After landing in Coimbatore, rain was the last thing I was expecting in the month of November. Later on, I came to know it’s always rainy here in South India for half the year. As I hadn’t anticipated rain, I was wearing white shoes, and it felt real bad seeing them catch all the mud and dirt. Coming here was also a cultural shock for me. Since childhood, I had never travelled to south India or any place where Hindi wasn’t a commonly understood or spoken language. Now, here I was in Tamil Nadu with no understanding of Tamil. It wasn’t very hard per se, but me being in a bit of a cultural hocked state elevated the hardship. Being with Ravi, who has travelled to places, helped. He knew how to navigate unknown areas. Initially, the plan was to travel in cab via Uber, but that plan fell apart due to price differences. We finally travelled in KSRTC i.e. Kerala State Road Transport Corporation bus, much to the delight of Ravi. The accommodation for was arranged by local team and I got a hotel named KTDC Garden House near the scenic Malampuzha Dam. It was a scenic place, but with limited food options. Malampuzha Dam was beautiful but due to time constraint I couldn’t explore it fully with rope way and activities near it.

  This was my first in-person Debian event, so was excited to attend it. On the day of conf, I meet many folks to which I was talking to since a very long time in-person. I also got to know many new folks. In total, I had proposed two Birds of Feathers (BoF), one short talk and a workshop, of which the workshop didn’t happen as we (Abbyck and me) didn’t get the time to sit together and prepare it. Coming to the BoFs, the DebConf India BoF happened on Day 1. It was intended to introduce folks to DebConf23 and get them to join the team (though we weren’t too successful on that part). Various teams and members were introduced, and work status was discussed. The second BoF was Debian India BoF to discuss direction for Debian community in India. Various issues and suggestions were discussed. Moderating this BoF, was more difficult than I had anticipated, but that’s how things are. They don’t always turn out as we expect them to.

  I had a short talk too on the topic, Mobile OpenStreetMap mapping on the go. I had a few screenshots and outdoor pictures collected, which I planned to incorporate in my talk. I cobbled together all those pictures and finally completed my presentation just in nick of time for the talk. The idea was to present all the use cases and different mobile applications to map those in OpenStreetMap. (I plan to do a write-up for the talk, but let’s see if it comes around). The presentation went well, though no-one ask any question in QnA.

  For final submission, the workshop on self-hosting with Abbyck, we decided to cancel due to time constraints.

  As being the tradition with Debian events, GPG key signing was part of the event. Ravi gave an introduction on it and Pirate Praveen dived into details how it’s done in his talk. It was a fun little activity where people came with their government IDs (some had their pictures from when they were teens) and key signature written or printed somewhere, and we cross verified it and then signed their key. I got my keys signed by Praveen and Anupa, both DDs to meet the criteria to start the DD process. Post that, I started my non uploading DD application. Nilesh, another DD had mentioned that he might be my Account Manager (AM) as his AM slot was empty, and by chance, he was chosen to be my AM, the role he has taken quite seriously since then. The AM process is complete now. I’m awaiting final step of Front desk or DAM approval, post which I’ll officially become a Debian Developer, non uploading.

  I was meeting the whole DebConf23 Kochi organizing team for the first time (mostly I was the one coming from far, most of the team lives in and around Kerala). The whole organizing team was housed in KTDC to allow discussions in person to happen, which were held on the night of 12th. In person discussions were way more productive as we were able to discuss and deliberate on DC issues faster.

  

  Pollito at Palakkad

  Finally, the event was also graced by the presence of DebConf mascot Pollito which is in India for DebConf23. Raju brought the Pollito on the last day of the conf, and it was an instant celebrity. Raju was mobbed by the crowd for getting a picture with it, and it was also given it’s MDC ID as well. I, too, saw and held Pollito for the first time.

  In conf, everyone agreed that we needed more decentralized, in-person events in various parts of India; various nascent plans were made to conduct MDCs in Villupuram, Bengaluru, Hyderabad and Pune. For now, the Villupurm one is happening thanks to active local community VGLUG, titled MiniDebConf Tamil Nadu 2023. Another MDC might take place before DebConf23, Kochi. I hope starting with these MDC, at least the Palakkad and Villupuram MDCs become annual affairs. Fingers crossed on that. If you want to organize an MiniDebConf in your city, get in contact, and we’ll together figure something out.

  

  Volunteer team for the conference

  Finally, I would like to thanks all the folks who came together to make this conference a success, and also gave me the opportunity to meet everyone.

  

  MiniDebconf Palakkad 2022 group photo. Click to enlarge

  PS - Finally, shoutout to Abbyck!

---

January 17, 2023

• Hemish Libadwaita Without Adwaita

  While GNOME is moving to Libadwaita with the help of Purism (sure they need to be acknowledged), themeing has surely lessened, but people still use some hacks.

  Some background information: ((Whenever I search for any new package or install any new packages on my system, I generally use yay -Ss <packagename> or just I use yay -Ss <packagename> and then press TAB and bash-completuon provides me the matching package names. By doing this, I am able to get aware about any patched package, that might give me some extra functionality or something else.

  I generally don't theme my system and use the default theme for Libadwaita apps. For GTK3 apps, I use adw-gtk3 to match them with the Libadwaita apps. Though sometimes I do switch temporarily to WhiteSur theme by vinceluice (which also provides Libadwaita css) because why not someone would like that glossy theme. But, I keep coming back to the default theme.))

  So, long ago I came across this package called libadwaita-without-adwaita on AUR (Arch User Repository). As I mentioned I don't care about themeing not available as I use the default theme generally, but still this libadwaita-without-adwaita grabbed my attention.

  So, the maintainer of this AUR package (named ich) has provided a patch called themeing_patch.diff which patches the specific code which pins the libadwaita-provided Adwaita theme. So the patched package uses the theme from Gsettings (or dconf, whatever you call it) key gtk-theme-name and also follows gtk-application-prefer-dark-theme to use the theme set by the desktop environments. Someone also packaged it for RPM based distros. (See this) I appreciate the maintainer that they specifically mention that this is experimental and people should not report bugs to Libadwaita apps while using this package. (Also note that any themes used should support Libadwaita widgets in their main css theme for this to work correctly)

  So, this made me think that if this can be patched so easily without adding any new files or changing a hell lotta lines of code, people can experiment with it to provide their own libadwaita package which the apps would use, but it would not pin the new Adwaita theme. I would say this should not be done in any mainstream distros for the sake that we should not break the userspace, but surely we can try something like providing a custom libadwaita package, where some distribution may pin their own theme into this library or they just provide the user a way to just modify in their settings. This patched package may be kept into official repos and voila you have themed apps. I am not saying this should be done to just mitigate the themeing issue, but this can be shown as a proof of concept or just a temporary workaround till GNOME is ready with their themeing API.

---

December 30, 2022

• Utkarsh Gupta FOSS Activites in December 2022

  Here’s my (thirty-ninth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 48th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

  • Some DebConf work.
  • Sponsoring stuff for non-DDs.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 23rd month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).

  This was my thirty-ninth month as a Debian LTS and thirtieth month as a Debian ELTS paid contributor.
  I worked for 51.50 hours for LTS and 22.50 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 3224-1, fixing CVE-2020-8287, for http-parser.
    For Debian 10 buster, these problems have been fixed in version 2.8.1-1+deb10u3.
  • Issued DLA 3225-1, fixing CVE-2022-46391, for awstats.
    For Debian 10 buster, these problems have been fixed in version 7.6+dfsg-2+deb10u2.
  • Issued DLA 3227-1, fixing CVE-2022-32209, for ruby-rails-html-sanitizer.
    For Debian 10 buster, these problems have been fixed in version 1.0.4-1+deb10u1.
  • Issued DLA 3228-1, fixing CVE-2021-3918, for node-json-schema.
    For Debian 10 buster, these problems have been fixed in version 0.2.3-1+deb10u1.
  • Issued DLA 3229-1, fixing CVE-2022-21704, for node-log4js.
    For Debian 10 buster, these problems have been fixed in version 4.0.2-2+deb10u1.
  • Issued DLA 3230-1, fixing CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, and CVE-2022-31160, for jqueryui.
    For Debian 10 buster, these problems have been fixed in version 1.12.1+dfsg-5+deb10u1.
  • Issued DLA 3231-1, fixing CVE-2020-29394, CVE-2020-36244, and CVE-2022-31291, for dlt-daemon.
    For Debian 10 buster, these problems have been fixed in version 2.18.0-1+deb10u1.
  • Inspected joblib’s security update upon Helmut’s investigation and see what went wrong there.
  • Started to look at other set of packages: node-moment, tiff, ruby*, et al.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 752-1, fixing CVE-2021-41182, CVE-2021-41183, CVE-2021-41184, and CVE-2022-31160, for jqueryui.
    For Debian 9 stretch, these problems have been fixed in version 1.12.1+dfsg-4+deb9u1.
  • Helped facilitate Erlang’s and RabbitMQ’s update; cf: ELA 754-1.
  • Looked through python3.4’s FTBFS on armhf. Even diff’d with Ubuntu. No luck. Inspected the traces, doesn’t give a lot of hint either. Will continue to look later next month or so but it’s a rabbit hole. (:
  • Inspected joblib’s security update upon Helmut’s investigation and see what went wrong there.
  • Started to look at other set of packages: dropbear, tiff, et al.

  Other (E)LTS Work:

  • Triaged jqueryui, http-parser, awstats, ruby-rails-html-sanitizer, node-json-schema, node-log4js, dlt-daemon, joblib, tiff, dropbear, python3.5, python3.4, ruby-sinatra, erlang, and rabbitmq-server.
  • Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly Freexian meeting.

  ---

  Until next time.
  :wq for today.

---

December 18, 2022

• aktsbot Slackware post-installation guide

  Slackware post-installation guide

  17 Dec 2022

  ---

  This guide is a continuation from the lvm/luks installation guide.

  Setting up a normal user

  After a vanilla slackware installation the only user present would be the root user. Using a normal user for our daily needs is ideal. Create one with

  # useradd -m -g users -G wheel,floppy,audio,video,cdrom,plugdev,power,netdev,lp,scanner -s /bin/zsh jim 

  This will create a user named jim whose default shell would be zsh and will be a member of the wheel group that can run sudo commands. Now we setup jim's password

  # passwd jim 

  Next, we setup sudo so that member's of the wheel group can run any command

  # visudo 

  In the file that opens up, make sure the following line is uncommented

  ## Uncomment to allow members of group wheel to execute any command %wheel ALL=(ALL:ALL) ALL 

  Before we continue further, lets add a few lines to configure root's vim, if you plan on using vim to edit config files. Open ~/.vimrc and add

  set nocompatible " vim tries to emulate old vi, this tells it not to filetype plugin indent on " Load plugins according to detected filetype. syntax on " Enable syntax highlighting. set laststatus =2 " Always show statusline. set display =lastline " Show as much as possible of the last line. " dont litter the current folder with backup files set backup set backupdir =$HOME/.vim/files/backup/ set backupext =-vimbackup set backupskip = set directory =$HOME/.vim/files/swap// set updatecount =100 set undofile set undodir =$HOME/.vim/files/undo/ set viminfo ='100,n$HOME/.vim/files/info/viminfo 

  Package management

  slackpkg is slackware's default package manager. Everything thats in the slackware DVD is the entire official slackware software repo. So this is where the community steps in and contributes extra packages.

  Before we get into that, we need to blacklist a few packages, that we ignored during installation.

  Open /etc/slackpkg/blacklist in vim

  kernel-generic.* kernel-huge.* kernel-modules.* kernel-source kde/ 

  Uncomment the kernel lines. This will prevent automatic update of a running kernel. The kde/ entry prevents installing kde packages. Now we tell slackpkg which mirror we wish to use.

  Open /etc/slackpkg/mirrors and uncomment a mirror closest to you. Take care to uncomment only one! The file is heavily commented, so go ahead and start stroking your unix beard :)

  ... #---------------------------------------------------------------- # Slackware64-15.0 #---------------------------------------------------------------- ... # UNITED KINGDOM (UK) http://slackware.uk/slackware/slackware64-15.0/ .... 

  Slackware 15 is the current stable version of slackware as of this writing and since its the version that we've installed, choose a mirror for it and not Slackware64-current. current is the development branch of slackware.

  Lets update our package list

  # slackpkg update gpg # slackpkg update 

  This sets up slackpkg to use the new mirror and update its local package database. Take care to run slackpkg update often when you learn of updates. Read more about slackpkg from its official docs

  To update your system from time-to-time, run

  # slackpkg update # slackpkg install-new # slackpkg upgrade-all 

  If it found any updates, go through the list and install what you need. Take care to read any post install notes if any are presented.

  Feel free to read the slackware beginners guide.

  Configuring $HOME

  Log out from root and login with your normal user.

  Edit ~/.zprofile and add

  EDITOR=vim LANG=en_US.UTF-8 LC_CTYPE=en_US.UTF-8 LC_ALL=en_US.UTF-8 PAGER='less -R' MANPAGER="$PAGER" export EDITOR PAGER MANPAGER LANG LC_CTYPE LC_ALL [ -d $HOME/bin ] && export PATH="${HOME}/bin:${PATH}" # add su paths export PATH="${PATH}:/usr/local/sbin:/usr/sbin:/sbin" # long date format in ls export TIME_STYLE=long-iso 

  These are some niceties to make our $SHELL life comfy. Logout and log back in.

  Start your GUI with

  $ startx 

  Xfce will start up. Open a terminal and do the same vim config update for your normal user as we did for root. On top of that lets configure a tool called tmux. Open ~/.tmux.conf and add

  # Index starts from 1 set-option -g base-index 1 set-option -g pane-base-index 1 # Renumber windows when a window is closed set-option -g renumber-windows on # no login shell set -g default-command "${SHELL}" # 256-color terminal set -g default-terminal "tmux-256color" # use 256 colors instead of 16 # Add truecolor support (tmux info | grep Tc) set-option -ga terminal-overrides ",xterm-256color:Tc" # Mouse set-option -g mouse on # Reload ~/.tmux.conf bind-key R source-file ~/.tmux.conf \; display-message "Reloaded!" 

  Add an alias to launch tmux from your shell

  $ echo "alias t='tmux -2 -u' >> ~/.zshrc" 

  Now, everytime we need to launch tmux, just type t and hit enter.

  What I like to do when updating my system is - exit X and launch tmux from the tty - Then I switch to root using sudo su - - then i do slackpkg update and go from there.

  When using slackware, we'll be spending most of our time on the command-line, so its a good investment to learn it. Bookmark the Unix Grymoire and get cracking.

  Xfce is a very capable desktop environment. Almost everything one needs to know is mentioned on its archwiki entry.

  Installing extra packages

  slackpkg+ is a script that extends slackpkg to pull in software from 3rd party repos.

  • Get the package from sourceforge
  • Switch to root and then install it

  # upgradepkg --install-new slackpkg+-1.8.0-noarch-6mt.txz 

  Now, we'll have a new file of interest /etc/slackpkg/slackpkgplus.conf Make sure the following lines are updated accordingly. Some of them would be commented. Take a moment to read the file. TLDR; setup the repos, if 2 repos have the same packages, which takes priority? these are addressed in this file.

  # if you plan on using wine or steam PKGS_PRIORITY=( multilib ) MIRRORPLUS['multilib']=https://slackware.nl/people/alien/multilib/15.0/ REPOPLUS=( slackpkgplus ) MIRRORPLUS['slackpkgplus']=https://slakfinder.org/slackpkg+15/ 

  At the end of the file, we can find a few repos that are given as examples and which could be used.

  After we configure slackpkgplus,

  # slackpkg update gpg # slackpkg update 

  You can choose to skip installing multilib, but I use a few programs via wine. So I will install it. OldTechBloke has a tonne of incredible videos on slackware and how to setup a system. Do give it a watch, if you wish to see what the outcome of this is going to be.

  # slackpkg update # slackpkg upgrade multilib # slackpkg install multilib 

  sbopkg is a tool to download and install packages from SlackBuilds. Slackbuilds is to slackware is what the AUR is for archlinux. Download sbopkg and install it with

  # upgradepkg --install-new sbopkg-0.38.2-noarch-1_wsr.tgz 

  Make sure to blacklist sbopkg and all packages from slackbuilds in slackpkg's blacklist file.

  kernel-generic.* kernel-huge.* kernel-modules.* kernel-source # This one will blacklist all SBo packages: [0-9]+_SBo # for alienbob's packages #[0-9]+alien # no kde kde/ # sbopkg sbopkg-0.38.2-noarch-1_wsr 

  sbopkg will download the source package from upstream for a package, compile + builds a slackware package and then installs it.

  First thing to do would be to update sbopkg's local database

  # sbopkg -r 

  Then open it up

  # sbopkg 

  One gotcha here is that it does not handle dependencies. Every slackbuild script README has a variable called REQUIRES= which has a list of dependency packages that you can look into installing before you install the main package.

  There's another fabulous tool or set of tools called sbotools that's available on slackbuilds that gives a bit more flexibility when installing from slackbuilds.

  OTB has a wonderful video of this process.

  TLDR;

  # sbosnap fetch # sbofind packagename # sboinstall packagename 

  The slackware docs has more info on sbopkg. Do give it a read.

  Too Short Need More

  • The slackbook
  • Slackware docs
  • Slack forum
  • So you want to be a slacker
  • A history of slackware development - alienBOB
  • Long live slackware!
  • minimal zsh, tmux and vim configs

  Happy Hacking & have a great day!

---

December 15, 2022

• Abhijith PA Running PostmarketOS on my phone

  Couple of weeks back I installed PostmarketOS on my idle phone Leeco Le 1s , which was paper weight for some time now.

  It all started with a roadtrip to Pondicherry (I will soon write about this trip). As I was sitting on the front seat where Praveen’s Librem 5 kept charing on the car dashboard. And we had a small discussion about PostmarketOS and how much new ports are available now.

  My idle phone came to my mind. After reaching home I started setting up porting pmOS to this device. Going through pmOS website, to my surprise there is already a port for this device.

  The OEM unlock is quite easy even though a little hiccup at begin (I suspect it is solely of my cable). The Xiaomi users knows the pain of unlocking bootloader.

  With the pmOS community preferred practice of using pmbootstrap, I built image for my device, flashed it. And phone boot stopped with pmOS logo. I thought I went to bootloop. I tried sxmo, xfce4, everything same nothing happening after boot logo splash.

  The pmOS troubleshooting wiki is quite good. They have documented most issues. Though screen is stuck I can still ssh to the phone. From wiki I came to know its a screen refresh problem. I installed msm-fb-refresher package and ran it as a daemon.

  Voila, I have a mate desktop.

  

  Mate desktop is not at all touch friendly even though I tried to scaled up to read and tap things on the screen. Wiki suggest xfce4 is little more touch friendly. I started moving to xfce. Then again same problem, stuck at boot loop.

  This time it was with lightdm, I turned off CanGraphical issue warning and now I have xfce desktop. pmos xfce seems great comparing with mate.

  Nothing works as of now from a Mobile phone point of view. The phone maintainer says the battery is working, but I couldn’t get it working. Its always in battery mode and 50% status.

  I thought the hardware buttons will never work. But with xev, I can see the hardware key event triggering.

---

November 30, 2022

• Utkarsh Gupta FOSS Activites in November 2022

  Here’s my (thirty-eighth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 47th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

  Debian Uploads

  • tango (9.3.4+dfsg1-2) - Fix FTBFS: configure: error; cf: bug#1020056.

  Other $things:

  • Sponsoring stuff for non-DDs.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 22nd month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the stretch and jessie release (+2 years after LTS support).

  This was my thirty-eighth month as a Debian LTS and twenty-nine month as a Debian ELTS paid contributor.
  I worked for 41.00 hours for LTS and 30.25 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 3187-1, fixing CVE-2021-36369, for dropbear.
    For Debian 10 buster, these problems have been fixed in version 2018.76-5+deb10u2.
  • Issued DLA 3188-1, fixing CVE-2019-16167, CVE-2019-19725, and CVE-2022-39377, for sysstat.
    For Debian 10 buster, these problems have been fixed in version 12.0.3-2+deb10u1.
  • Issued DLA 3189-1 for a minor LTS version update of postgresql-11.
    For Debian 10 buster, the package has been updated to version 11.18-0+deb10u1.
  • Issued DLA 3215-1, fixing CVE-2022-3328, for snapd.
    For Debian 10 buster, these problems have been fixed in version 2.37.4-1+deb10u2.
  • Issued DLA 3216-1, fixing CVE-2022-41325, for vlc.
    For Debian 10 buster, these problems have been fixed in version 3.0.17.4-0+deb10u2.
  • Issued DLA 3217-1, fixing CVE-2022-46338, for g810-led.
    For Debian 10 buster, these problems have been fixed in version 0.3.3-2+deb10u1.
  • Issued DLA 3218-1, fixing CVE-2022-41946, for libpgjava.
    For Debian 10 buster, these problems have been fixed in version 42.2.5-2+deb10u3.
  • Issued DLA 3220-1 for a new upstream version update of clamav.
    For Debian 10 buster, the package has been updated to version 0.103.7+dfsg-0+deb10u1.
  • Started to look at other set of packages.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 731-1, fixing CVE-2022-39377, for sysstat.
    For Debian 9 stretch, these problems have been fixed in version 11.4.3-2+deb9u1.
    For Debian 8 jessie, these problems have been fixed in version 11.0.1-1+deb8u1.
  • Issued ELA 749-1, fixing CVE-2022-41325, for vlc.
    For Debian 9 stretch, these problems have been fixed in version 3.0.17.4-0+deb9u2.
  • Issued ELA 750-1 for a new upstream version update of clamav.
    For Debian 9 stretch, the package has been updated to version 0.103.7+dfsg-0+deb9u1. For Debian 8 jessie, the package has been updated to version 0.103.7+dfsg-0+deb8u1.
  • Started to look at other set of packages.

  Other (E)LTS Work:

  • Front desk duty from 21-11 until 27-11 for both, LTS and ELTS.
  • Triaged jqueryui, open-vm-tools, systemd, ffmpeg, lava, pngcheck, snapd, vlc, g810-led, libpgjava, dropbear, python3.5, python3.4, clamav, systat, postgresql-11, and mariadb-10.1.
  • Marked CVE-2009-1143/open-vm-tools as postponed for buster, stretch and jessie.
  • Marked CVE-2022-45873/systemd as not-affected in stretch and jessie.
  • Marked CVE-2022-396{4,5}/ffmpeg as postponed for buster and stretch.
  • Marked CVE-2022-45061/python3.{4,5} as postponed for stretch and jessie.
  • Marked CVE-2022-31160/jqueryui as not-affected for jessie instead.
  • Noted CVE-2022-45061/python3.4 to be marked as postponed; only things to fix is the armhf FTBFS.
  • Auto EOL’d linux, libpgjava, nvidia-graphics-drivers, maradns, chromium, and glance for ELTS.
  • Helped and assisted new contributors joining Freexian (LTS/ELTS/internally).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly meeting held on IRC on November 24th.

  ---

  Until next time.
  :wq for today.

---

November 20, 2022

• FSCI My adventures with Dino illustrate the importance of Software Freedom

  I have Librem 5 phone and I use XMPP for communications. I was using Dino, but a few days ago, I learnt that Dino restricts key sharing to contacts. That means, in encrypted groups, I was not able to decrypt messages sent by people not in my contacts. Other Dino users also reported similar problems. The solution was to add them to my contacts, but that is impractical in a large encrypted group. So, I couldn’t use Dino unless this policy was removed. The other option was Gajim, which did not have support for small screen devices, such as my Librem 5, and Gajim developers were not interested in UI that works on both mobiles and desktop.

  I decided to fix the Dino key publishing issue myself. Going through the Dino’s repository, I found an earlier commit which allowed key exchange with everyone, and not just with contacts. I just had to change one line to mimic that commit, but the way Dino works changed since then, and I could not build it successfully.

  I met Abraham Raji at Minidebconf 22 Palakkad, who looked at the code and figured out the way to fix it– it was still a single line fix.

  I didn’t want to use an older version of Dino for this feature, as the new version introduced another important feature– showing group history. I needed GTK 4 version for this feature, which was not in PureOS, the operating system I was running in my Librem 5. To fix this, I switched to mobian(which is debian for mobiles). This finally gave the desired set up, although I had to give up on disk encryption.

  By the above example, I would like to emphasize the freedoms that free/swatantra software gives and its importance to everyone. Think of a proprietary app, like WhatsApp. If I wanted to run it as I wish, it would not have been possible. Only WhatsApp developers could have fixed that, and as you see in this case, the Dino developers weren’t interested in fixing my issue. They just recommended me to add every person in the group as contact. Note that even if you don’t know how to fix the above problem, you can run my modified version of Dino. Even though I could not fix it myself, I was able to take help from someone who knew programming. This means we can collectively crowdfund and pay someone to fix the problem even if we are not able to fix things ourselves.

---

November 16, 2022

• Raghavendra Kamath Automatically updating nightly builds of Krita on Linux

  

  When chatting on Krita IRC deevad mentioned that he uses a script to automatically download Krita nightly update and manage the launcher icons etc. So I thought that it is a cool idea to use script to automate the update process. Usually I used to click on the update button and then manually adjust the filename of the Appimage etc. I rename the files of appimage to stable and nightly respectively so that it becomes each to point them to a shortcut and there is no need to change the desktop shortcut file always. I already have two different desktop files to launch the nightly and stable Appimage version of Krita. The update done from the Krita’s welcome screen downloads a file with new file name and we have to either adjust the name in desktop file or rename the downloaded file.

  When searching for a solution to automate this I found out about appimageupdatetool I believe this is the same tool that Krita uses in back-end to fetch the update. This tool has a GUI version and also a CLI version. I downloaded the CLI version which is named appimageupdatetool.

  wget  https://github.com/AppImage/AppImageUpdate/releases/download/continuous/appimageupdatetool-x86_64.AppImage -O ~/.local/bin/appimageupdatetool

  The above command downloads the binary file of the tool to my computer’s local/bin folder. Make sure you have ~/.local/bin folder in your $PATH variable. I then mark it as executable with the following command.

  chmod +x  ~/.local/bin/appimageupdatetool

  One of the best advantages of using this tool is that it has the option to self update itself and also update the appimage file in place having the same name that you have given the appimage.

  So updating an appimage is this command

  appimageupdatetool  -rO ~/store/Krita/nightly/krita-nightly

  The -r option removes old appimage file and -O option overwrites the old file. It overwrites it by default but also makes a backup file with .old filename so to remove that file we pass the -r option. I have renamed the appimage to “krita-nightly” and my desktop file placed in .local/share/applications/ targets this file. Earlier when a new appimage was downloaded, it had different name on each update I would need to rename the appimage or edit the desktop shortcut file with new name.

  Below is content of my desktop file called – org.kde.krita-appimage-nightly.desktop

  [Desktop Entry]
  Categories=Qt;KDE;Graphics;2DGraphics;RasterGraphics;
  Comment=Digital Painting
  Exec=/home/raghu/store/Krita/nightly/krita-nightly
  GenericName=Digital Painting
  Icon=/mnt/attic/krita-build/krita/krita/pics/branding/Next/512-apps-krita.png
  MimeType=image/openraster;application/x-krita;
  Name=Krita-nightly
  StartupNotify=true
  StartupWMClass=krita
  Terminal=false
  X-KDE-NativeMimeType=application/x-krita

  I have used a different Krita icon with git symbol from Krita repository that I have cloned on my hard disk. I just supplied the path in the Icon option. The Exec option determines the target binary that needs to be launched when you click this desktop file. I gave it the patch where I store the nightly appimage. Now onto the automation and scripting part

  I used my limited knowledge of bash and stack exchange search skills to craft this bash script, which will be run everyday to update Krita using systemd timer.

  #!/usr/bin/env bash
  # Krita nightly update
  # A script to update appimage of Krita
  # License: CC0
  
  # we first check if the appimagetool itself is up-to-date.
  # Rather than checking daily I check only after 25th of every month.
  # I could also just check if there is any update with the tool itself but I felt lazy and did this.
  
  cur_day=$(date +%d)  # gets current day from system and assigns it to a variable.
  
  # check for the update of appimageupdatetool itself on 25th of every month
  
  if [ ${cur_day} -ge 25 ];
  then
  	echo "Checking and updating of appimageupdatetool"
  	~/.local/bin/appimageupdatetool -rO --self-update # command to self update the tool
  else
  	echo "skipping update of appimageupdatetool since it is not 25th yet"
  fi
  
  update1=$? # get the exit code assigned to a variable
  
  # updating Krita
  echo "Now checking and updating the Krita nightly"
  ~/.local/bin/appimageupdatetool  -rO ~/store/Krita/nightly/krita-nightly # command to update Krita appimage
  
  update2=$?  # get the exit code assigned to a variable
  
  # use highest exit code as global exit code
  global_exit=$(( update1 > update2 ? update1 : update2 ))
  
  # I then send a notification popup on the desktop to let myself know of the result or error. 
  # This requires a utility called notify-send which is present in most linux repositories.
  
  if [ ${global_exit} -eq 0 ];
  then
  	notify-send -a 'Krita update' -h "string:desktop-entry:org.kde.krita" -u normal 'Krita update done' 'No errors & update complete' --icon=face-smile
  fi
  
  if [ ${global_exit} -gt 0 ];
  then
  	notify-send -a 'Krita update' -h "string:desktop-entry:org.kde.krita" -u critical 'Krita update failed' 'check the system journal' --icon=face-sad
  fi
  
  exit ${global_exit}

  This is a crude script and might be improvised or enhanced. If you have any better method or way of writing it or have any extra additions please suggest in the comments. I might change it later when I have lots of procrastination time on hand.

  Now comes the part where this script is run daily and automated. Earlier I used to use cron but systemd timers are efficient and handy plus I do not need to install cron as systemd comes with the distro already.

  I have enabled something called lingering, this helps in running user services without a session although here it won’t be needed I think but the command to enable it is loginctl enable-linger username and then logout and login again.

  A user can run a systemd service and the service file need not be in the system directories. There are two files required. A service file which determines what to do and a timer file which determines when to do it. Both files are stored in ~/.config/systemd/user/ folder.

  I have a krita-nightly.service file in the above folder which says systemd to run the bash script. The content of the file is:

  [Unit]
  Description=Krita nightly update
  Wants=krita-nightly.timer
   
  [Service]
  Type=simple
  ExecStart=/home/raghu/.local/bin/krita-nightly.sh

  The ExecStart=/home/raghu/.local/bin/krita-nightly.sh gives the path of the script to execute.

  Now the timer file has the following content and is stored in the same folder mentioned above.

  [Unit]
  Description=Krita nightly update timer
  After=plasma-plasmashell.service # runs after my desktop session is started. use whatever relevant to your desktop environment.
  Requires=krita-nightly.service 
  
  [Timer]
  OnCalendar=daily # runs the script daily at 24:00 midnight
  RandomizedDelaySec=10min # adding a random delay so that this doesn't clash with anything other 
  Persistent=true # if my PC is not on at that time this will make sure it is run when I boot next time.
  
  [Install]
  WantedBy=graphical-session.target # runs only when I have a GUI session

  After I place the two files in the folder, I run the following command to enable and start the timer.

  systemctl --user enable --now krita-nightly.timer

  This will enable the timer which in turn will run the updating script only for my user account. If the update goes through I get a nice notification on the desktop
  

  

  if not then the notification says to check the logs for error. Hope this helps someone who wants to automate the process.

  Note: I have nightly and stable builds in separate folder to not hinder the resource files of each version. I also have two desktop launchers for nightly and stable.

  If you find this post helpful and want to buy me a coffee for sharing it just check out my page on Kofi or donate through my PayPal page. Or you can also buy my sunset painting as a print from here.

---

November 14, 2022

• Hemish Hamara Plymouth Theme

  Hamara Linux was/is a India based linux distribution. It is in pretty dormant stage now (Even the site is down for some time).

  I asked Chirag Sukhala what is even the need of such a Linux distribution which gives you Indic languages preinstalled when you can just install Indic languages in pretty much any popular linux distro

  Well, I would have to dig into archives to extract wallpapers from their ISO, but I found that their Plymouth theme (Plymouth is a program installed by many distros to give you a boot animation) is in Debian repositories.

  Being an Arch Linux user, I created a PKGBUILD and an AUR (Arch Linux User Repository) package for it. It is called 'plymouth-theme-hamara'. So, now any Arch Linux user can enjoy that boot animation.

  Take a look at the package here: plymouth-theme-hamara

---

• Hemish Upgrading firmware in Linux using fwupd

  Want to upgrade your PC or laptop's firmware but don't want to use Windows?

  Fwupd is a command line program, which has the ability to fetch firmware updates from vendors (including proprietary vendors like Dell) and apply the updates.

  For me, it worked seamlessly with my Dell Latitude 5490 and a HGST brand hard drive.

  You have to just enable the fwupd.service through systemd, and then you would be able to operate the application using the command line.

  There are some GUI front ends available for the same application like gnome-firmware. Even Ubuntu is developing a flutter based frontend for it. But, for me, command line works best.

  It's just wonderful to see that we have reached a point, where every other thing doesn't require Windows, and we can daily drive Linux on our laptops and computers. That's the power of opensource community.

---

October 30, 2022

• Utkarsh Gupta FOSS Activites in October 2022

  Here’s my (thirty-seventh) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 46th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

  Debian Uploads

  • ruby-espeak (1.1.0-1) - New upstream version, v1.1.0.

  Other $things:

  • Being an AM for Arun Kumar, process #1024. Process completed. \o/
  • Sponsoring stuff for non-DDs.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 21st month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-seventh month as a Debian LTS and twenty-eighth month as a Debian ELTS paid contributor.
  I worked for 35.00 hours for LTS and 25.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 3146-1, fixing CVE-2022-2928 and CVE-2022-2929, for isc-dhcp.
    For Debian 10 buster, these problems have been fixed in version 4.4.1-2+deb10u2.
  • Issued DLA 3165-1, fixing CVE-2022-43680, for expat.
    For Debian 10 buster, these problems have been fixed in version 2.2.6-2+deb10u6.
  • Issued DLA 3166-1, fixing CVE-2022-29970, for ruby-sinatra.
    For Debian 10 buster, these problems have been fixed in version 2.0.5-4+deb10u1.
  • Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload to issue the DLA. But will do soon now.
  • src:joblib is a bit painful - having to backport patches to Py2. :/
  • Started to look at other set of packages.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 715-1, fixing CVE-2022-43680, for expat.
    For Debian 9 stretch, these problems have been fixed in version 2.2.0-2+deb9u7.
    For Debian 8 jessie, these problems have been fixed in version 2.1.0-6+deb8u10.
  • Issued ELA 716-1, fixing CVE-2018-25045 and CVE-2020-25626, for djangorestframework.
    For Debian 9 stretch, these problems have been fixed in version 3.4.0-2+deb9u1.
  • Uploaded dropbear to fix CVE-2021-36369 in buster. Waiting for ELTS upload, too. But some backporting problems. :/
  • src:joblib is a bit painful - having to backport patches to Py2. :/
  • Started to look at other set of packages.

  Other (E)LTS Work:

  • Triaged joblib, dropbear, ruby-sinatra, djangorestframework, isc-dhcp, and expat.
  • Reverted “Mark freerdp CVEs wrongly affecting freerdp <2.0.0” in the ELTS tracker.
  • Helped and assisted new contributors joining Freexian (LTS/ELTS).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly meeting held on Jitsi on October 27th.

  ---

  Until next time.
  :wq for today.

---

October 24, 2022

• aktsbot Installing Slackware with LVM/LUKS

  Installing Slackware with LVM/LUKS

  24 October 2022

  ---

  Slackware 15 got released this year. It has been a very long time since I last messed around with it. Lets install it on our primary machine :)

  LUKS - Linux Unified Key Setup is a disk encryption spec and LVM - Logical Volume Manager is a software abstraction layer on top of partitions/disks that make them easier to manage. I'm going to install slackware on my laptop and encrypting our disk makes sense as there's a good chance the machine could get stolen.

  I'll be using an unencrypted /boot partition, as the default bootloader in slackware - LILO does not support booting a LUKS container. There are plenty of tutorials on setting up grub2 for this purpose. SlackerNET UK has an amazing video guide on this.

  Booting the live media

  Booting the live media will bring us to this familiar screen where we are asked which kernel we want to boot. Hit Enter!

  

  We are then asked to choose our keyboard layout. We may choose, but we'll hit Enter!

  

  Now we login as the user root. Type in root and hit Enter!

  

  After which we are greeted by the shell

  

  Setting up our disk

  My machine's disk is /dev/sda. To find yours, try running

  # fdisk -l # or # lsblk 

  

  Assuming my disk is 40 GB, our plan is to allocate the first 1 GB to the boot partition and then use the rest for the main linux partition.

  # cfdisk /dev/sda 

  • Create first partition - sda1 with size 1GB. Of type Linux and then mark it as Bootable.
  • Create second partition - sda2 with the rest. Its type is also Linux.

  

  Confirm just once again to see if our disks are correct with

  # fdisk -l 

  

  Setting up disk encryption

  In our case, /dev/sda2 is our main linux partition. Technically, we wont be using it as a partition, rather like another disk/volume.

  # cryptsetup -s 256 -y luksFormat /dev/sda2 

  Type YES, in all caps and give it a password. Do not forget this password!

  

  Now, on to partioning our disk. Here, we're going to give 2GB to swap and the rest to the root partition.

  # cryptsetup luksOpen /dev/sda2 sda2crypt 

  Input the password that we previously set. This will make our encrypted disk available on /dev/mapper/sda2crypt.

  Now onto creating volumes.

  # pvcreate /dev/mapper/sda2crypt # vgcreate lc230vg /dev/mapper/sda2crypt # lvcreate -L 2G -n swap lc230vg # lvcreate -l 100%FREE -n root lc230vg 

  • pvcreate will initialize a volume to be used by lvm
  • vgcreate is used to make volume groups
  • lvcreate is used to make a logical volume. -L is used with a particular size and -l (lowercase L) is used to extent a percent of the volume.
  • lc230 is the hostname that I'm planning to give to my machine. You dont have to name your volume groups with this convention, but its something that I picked up from debian's installer.

  Now we let lvm know about our volumes

  # vgscan --mknodes # vgchange -ay 

  Setup our swap volume with

  # mkswap /dev/lc230vg/swap 

  

  Starting the installation

  Run setup from the shell and we'd see this

  

  Please take a moment to read how to navigate the program.

  Adding swap

  Choose ADDSWAP and then let the installer find our swap partition. In our case, /dev/lc230vg/swap. Ignore the screenshot stating t430vg.

  

  It'll then ask us if we want it to scan the partition for bad blocks. Feel free to say YES

  

  After thats done, we'll see our swap space configured.

  

  Adding the root partition

  Select /dev/lc230vg/root as the partition we want to use for root (/)

  

  Choose ext4 as the filesystem.

  

  Adding the boot partition

  Select /dev/sda1 as the next partition we want to use

  

  Format with ext4 and set its mount point as /boot

  

  Choose done adding partitions, continue with setup in the next step

  

  And now all our partitions are ready!

  

  Selecting software sets

  Please take a moment to read the screen.

  

  I usually skip KDE. If you're a KDE fan, have it selected. Hit Enter and you'd be asked to choose a prompting mode. Choose either terse or full here and start the package sets installation.

  

  Configuration

  Skip making a USB boot stick

  

  Now we are asked to install LILO, the linux loader. This is the boot-loader that slackware uses instead of GRUB by default.

  Choose expert mode.

  

  We'd see the LILO installation screen.

  

  Choose Begin

  You can enter nothing in the optional lilo append parameters screen

  

  For the framebuffer console config, I usually leave it at standard

  

  Set the lilo target to MBR

  

  Check if lilo found our disk. /dev/sda in our case.

  

  Choose lilo timeout.

  

  Choose to show a boot screen logo. Highly recommended!

  

  We'll be then brought back to the initial LILO installation screen.

  Choose Linux - Add a linux partition to the LILO config

  

  and then choose /dev/lc230vg/root

  

  Set a name like Linux for the entry

  

  After that LILO setup should be done.

  Now, it'll ask us if we want GPM. This would allow us to use a mouse cursor from the tty.

  

  Network

  The next step is configuring our network

  

  Choose YES

  Set a hostname(lc230) and then a domain name(localdomain would do fine.)

  Next we are asked to configure VLAN. Choose NO

  

  Then select NetworkManager to manage our network.

  

  and voila we have our network configured. Choose YES to have NetworkManager manage our network by default in the next screen.

  

  Startup services

  I usually unselect sshd here as this is a desktop and not a server.

  

  System clock

  Set it to your local timezone

  

  

  Now we are asked to select an editor. Go with the default nvi

  

  Window manager

  I choose fluxbox here. Feel free to choose whatever you like. If you have KDE installed, that should come up here.

  

  Root password

  Set one up in this screen

  

  Setup complete?

  

  We'll be brought back to the first screen of setup. Choose Exit

  

  and then drop to a Shell

  

  Now we're going to go back into our installation.

  # chroot /mnt 

  We need to generate a generic kernel. To do that run,

  # /usr/share/mkinitrd/mkinitrd_command_generator.sh 

  This will return us a command that we can run to generate the GENERIC kernel specific to our machine. For me it was something like,

  # mkinitrd -c -k 5.15.19 -f ext4 -r /dev/lc23vg/root \ -m jbd2:mbcache:crc32c_intel:crc32c_generic:ext4 \ -C /dev/sda2 -L -u -o /boot/initrd.gz \ -h /dev/lc230vg/swap 

  The -h /dev/lc230vg/swap notes the swap partition to enable hiberation.

  

  The format is usually something like this

  mkinitrd -c -k *insert kernel number* -m *insert ROOT file system type here* -f *insert root file system type here* -r /dev/cryptvg/root -C /dev/sdx2 -h /dev/cryptvg/swap -L 

  Edit lilo's config to make it use this new generic kernel

  # vim /etc/lilo.conf 

  Edit the corresponding parts to look like this

  image = /boot/vmlinuz-generic-5.15.19 initrd = /boot/initrd.gz root = /dev/lc230vg/root label = Linux read-only # Partitions should be mounted read-only for checking 

  

  Above that, there's an "append" line. Edit it to look something like this,

  append = " resume=/dev/lc230vg/swap" 

  

  Now we update lilo with

  # lilo 

  

  Ctrl + D out of our chroot shell and then reboot

  First boot

  We'd be greeted by lilo

  

  Hit Enter.

  After our boot process starts we are asked to unlock our disk. Enter the password that we chose for encrypting our disk.

  

  And then we are put at the login prompt. Enter root and the password we chose for root.

  

  Type startx and behold

  

  In the next post we'll look into post installation steps for our brand new slackware install.

  Thanks and credits

  • Slack wiki
  • Slackware mirror - look for the README_*.txt files.
  • tankmek + this gist
  • darknedgy

  Happy Slacking & have a great day!

---

October 16, 2022

• Arun Mathai Yummy corporate offerings

  I would like to believe that I genuinely value the Libre Software principles, ethics, and the whole ecosystem around it. And on the other hand, I do not like nor agree with the business and ethical practices of these huge corporate companies. But with certain choices, there come certain sacrifices as well. The term ‘sacrifices’ here can be put to debate but, you get the point… So, as an undergraduate student Bacheloring in Computer Engineering, I am displayed with several job offerings from fortune 500 tech companies, several “open source” projects, some campaigns, and other community/developer advocacy programs that would require me to speak something pleasant about their products and services in exchange of possible recognition or compensation in the form of swags, money or other resources…

---

October 10, 2022

• Hemish Translating in open-source world

  Isn't it amazing to get your credits in an opensource app?

  

  Dialect is an open-source desktop translation app for linux systems, specifically designed for GNOME desktop. I translated it into Hindi so that anyone using their desktop in Hindi may be able to see Hindi translations and the app doesnt look like an odd English app in hindi environment.

  Open-source is not only about code, it's about multi-faceted work loads spread across community , to which everyone contributes in their own time.

  and this includes translation as well. We live in a globalised world, so people across different nations, speaking different languages use computers, so internationalization (i18n) and localisation (l10n) of apps is important.

  I belive having access to computers is a basic right for everyone, and whatever I can do for making computers more accessible is worth it.

  Thus, I am part of hindi translation team at l10n.gnome.org (and I have translated stuff like gnome-clocks, gnome-weather, gnome-bluetooth, gnome-characters). The official website of our team is indlinux.org.

---

October 05, 2022

• Sahil Dhiman 23 and Counting

  23 is two years older than 21, when you’re legally allowed to marry in India and one year older than 22, when I came to the realization that I old now, not old age wise but old in some mental sense to me. The age number tells that I’ve become an adult, but inside, it doesn’t feel like it. I still don’t feel like an adult. When I’m at home, mum does my packing, dad still do governmental and other stuff. Frankly, I don’t feel like growing now.

  As usual, life continued after 22nd birthday. Professionally, I’m still with the same organization and naturally become more comfortable and confident with my job. It has given me the freedom to not think twice on buying or eating out as I have become independent, not accountable to anybody for my spends.

  Once again, months and year seem to have intermingled. The year seem to be have flown by. Jotting down the months and trying to remember happening in them; couldn’t come up with interesting happening in the year. Either my memory is not that great or things were really mild these past months.

  On my blog, writings have grown to focus more on my life and experiences now. Earlier, I was exploring a lot of technologies and stuff, but recently I find my writings to lean towards my feelings and thoughts. These posts usually start on Notally, my note-taking app on the phone, copied over to Etherpad with random bits and pieces of first thoughts. I usually jot down pointers I want to think/write about and then elaborate on them.

  This year also marked less time dedicated to exploring hosting new applications in server space, though have started hosting my own Mastodon server at masto.sahilister.in which has me and Ravi as the users. I also took a more active role in maintaining diasp.in with Raju Dev through co-sponsoring it, though don’t have any concrete will to keep it running due to low to no participation from the community. Next, working on pulling up a Free Software mirror hosted at mirrors.sahilister.in. At the moment, it houses official mirrors for termux, NomadBSD and OSMC seeing more than 100k requests/day with average network usage of ~45GB/day. Work is in progress to become a Blender and Trisquel mirror, though that has already taken a long time, and I’m not seeing a completion to them in the distant future due to long back and forth with those projects.

  Coming to our operating system of choice - Debian, I missed the opportunity to attend DebConf22 Kosovo. It was a wonderful opportunity to interact with the larger Debian community with whom I have been working, having fun, for the past two years. In person MiniDebConf Palakkad, Kerala is planned for November. That should give ample time to visit Kerala and interact with the folks. On the sideline, preparations for DebConf23 Kochi are also in full swing.

  A highlight for this year was contributing to OpenStreetMap (OSM). Finding random usage of OSM data ranging from online bus tracking website to live booking screen in my office has intrigued me. Even big tech players like Snap Maps and Instagram use it in their applications. Now my phone contains five different OSM apps for various navigation and contributing purposes. Going on a new road always leads to bunch local survey and POI addition, note-taking and GPS track recording for editing the map later on laptop. It has helped me be geographically aware of places near me, like knowing about the weird naming of villages near my native place which have different naming on paper and on signboards. It has also made my conversation with my family more interesting, as I now come up with questions about nearby places, and they have to brainstorm and discuss giving me a suitable answer together. This also leads to many visits to unknown roads as well, which is always exciting.

  Lately, life gave a few setbacks (and they seem to keep coming more these days), which I’m trying to see as challenges and life lessons to be learned. This year, I want to explore the mountains, go on treks, be in nature and feel the silence. I want to be in my own and company more and want to enjoy it too. Also want to remove desire for external validation on my actions as no one has seen the world through my eyes and none desire to do accomplish the same things as I do.

  Lastly, I feel blessed and grateful for having my parents, sister and other people in my life who have always been supporting me in navigating life. They have eased many of my transitions and I didn’t have to face many troubles because of them.

  PS - Read last year’s birthday post here.

  PPS - Team change notified at work, so back to hustle.

---

October 04, 2022

• Raghavendra Kamath Huion H610X Graphic Tablet – review and setup on Linux

  Disclaimer: This post is not in any way sponsored by Huion or anyone related to them. All the things stated here are my opinions and your mileage may vary. I do not guarantee it will work for you the same way it worked flawlessly for me.

  Recently I have been visiting my village house a lot and I have been trying to set up an alternate workstation there so that I don’t need to carry the laptop and tablet with me all the time. I planned to buy a Wacom but as a backup tablet, it is costly. It costs around ₹28,000 ($345) for a medium-sized Intuos Wacom. So I was searching for an alternative brand. I knew about Huion and XP-pen but the biggest requirement for me is that they should work on Linux without making me climb Everest.

  I was happy to see a user of Huion reported that one model (H950p) works nicely with Linux on krita-artists.org. I went to the Huion website and found that there is a slightly newer model of this tablet with a USB-C option. It is the H610X model, this model has all the niceties of H950p plus it also works with android phones and tablets, a good travel companion. What’s more incredible is that this tablet costs 1/7^th of the price of a Wacom, This tablet costs around ₹4000 ($50) here.

  I was slightly sceptical about buying the new model since Linux support would be somewhat dicey for new models. Nevertheless, I saw that the product page on the Huion website listed Linux as a supported platform. They also have an official Linux driver package for this tablet. So I purchased the H610X tablet.

  

  The package was simple and to the point. No wastage of extra wrapping and plastic etc. The box had

  1. A graphic tablet – 325mm x 205mm
  2. A Pen with two buttons (no eraser end)
  3. USB type A 3.0 to USB type C cable – 1580 mm in length. Also has a nice Velcro strap for cable management
  4. Pen holder combined with nib holder with 8 extra nibs. The bottom has a hole to aid in removing the nib from the pen.
  5. USB A to USB C converter that helps connect to mobile devices.
  6. Warranty card and instruction flyer

  

  First impressions

  The tablet felt very lightweight compared to my Wacom Intuos pro medium. The design is simple and identical to the Wacom, even the button placements and logo placements are in the same place. the material is a bit cheaper than Wacom. The pen too felt lighter and I think this is an advantage or disadvantage depending on the person. I felt it was good and intuitive to write and draw. The pen doesn’t have an eraser end, which I never used anyway. Tilt support is good and works out of the box.

  

  The tablet was working right away out of the box, most tablets these days are plug and play. it is the configuration that falls short on Linux if the tablet is new or not supported. We will further look into this aspect later. The surface of the tablet was not smooth like the Wacom, something which I am a bit worried about. It has a slight roughness to it and this may or may not result in nib wear like how the new Wacom Intuos models’ nibs wear out due to rough texture.

  The nib has a very slight barely noticeable spring mechanism which makes it feel smoother and less fatigue-inducing. Some heavy pressing users might think that they are not exerting enough pressure . I don’t know if it has spring inside or not.

  The pen holder too is very lightweight and it can be easily toppled like every other pen holder unless the pen is placed horizontally. there is a slightly larger chance of this pen holder breaking by damage than the Wacom one. The Wacom pen holder is heavier with a metal base and firmly stays on the desk.

  

  The USB port on the tablet is awkwardly placed on the left-hand side top, this makes it easier to bend and wear out if you keep your keyboard above the tablet like me. The cable is also not stiff like the Wacom offers. The cable has a Velcro strap so that you can folder the extra cable and tie it with other cables on your desk, a nice touch from Huion.

  

  The buttons feel better than Wacom and are not too stiff. They however lack the pronounced tactile bumps or marks for accessibility and blind pressing. There is only one very small circular bump in the middle key. The tactile bumps on the Wacom pad help in identifying the key you are pressing without looking at it. However here the number of keys is less and there is a slightly raised bar between the keys so that you can guide your finger to get to the middle or last key, so it might not be such a big problem.

  Out-of-the-box software experience

  Pen pressure works like a charm out of the box, no need to install Wacom or any drivers. Just plug and play. Tilt too works out of the box. The driver is provided by the Linux kernel and the device is managed by libinput. On android too the tablet works out of the box. I have yet to draw and check pen pressure and other stuff on it though.

  However, if you want to use the keys and configure the tablet correctly you need some fiddling to do. As this is a new model, there is no tablet definition file in the libwacom package for this. There is a tablet definition file for the H950p, which strangely has the same USB ID (006d) as this tablet. So in the KDE settings section, this tablet is wrongly reported as H950P. This also leads to a mismatch of tablet areas. The reported tablet surface area shows a square of 32767 x 32767 so when we try to map the area proportional to the monitor resolution it renders half of the tablet out of range.
  

  

  The KDE settings version on Fedora 36 Linux that I am using has a bug where it doesn’t remember any settings changed. So even if the buttons are detected correctly here, since they are the same as the h950p tablet the settings don’t persist.

  This bug is solved in the future version of the settings and hopefully, in the next update, the settings will have no issues.

  For the tablet to get correctly recognized we would have to submit a tablet definition file to the libwacom project. Maybe another weekend project for me, of course when I do get a free weekend :).

  The Wayland side should be plug and play and I see that KDE has been adding a new tablet setting GUI so that should be covered. However, when I wanted to test the development version of this, I couldn’t log in to the live USB of KDE neon with Wayland.

  I tried the Digimend drivers but they did not give me any advantage over what I already have with defaults. it too didn’t recognize the tablet and it wrongly reported the pad as the stylus and the pen as the eraser.

  The main concern is the aspect ratio of the tablet surface which is not 16:9 like my monitor. So drawing a perfect circle gives me an egg shape. Quick tracing of the round jar lid or coin gives this result, you can see the coin is a squished circle here.

  

  Configuration and setup

  Official driver

  I tried the official driver given on the huion website. The driver program was an archive and had two bash scripts to install as well as uninstall the utility. Although the driver’s front end was made in Qt and was under LGPL license there was one binary called huioncore. I suspect this is a proprietary program. Nevertheless, I gave it a try to check how the official support is. The utility was only officially supported on Ubuntu but I got it to install on Fedora without any issue. The utility autostarts with every boot and sits in your system tray with a blue pencil icon. The interface is well-designed and easy to use.

  

  

  However, there is some drawback to this. The utility needs to be run all the time in the background for the tablet configuration to work. If you close the utility completely all the config gets unloaded. Some of the configurations were not persisting. Huion needs to test this more and try to release their driver as Free and open source software so that people can improve it and help them too. Their hardware is on par with the user expectation but the software side is not that good on the Linux side. Although since Huion is one of the few hardware companies openly advertising Linux support on its website we can give them a bit of time to understand and catch up to the community. You can work with this utility if you want. I won’t be using this since it is proprietary and it doesn’t give me anything that the free software counterpart can’t give. And I am not forced to use it, unlike some graphic card vendor scenarios.

  Free Software Based Setup

  Since the tablet model isn’t properly recognized but works perfectly, configuring this will be a bit easy. First I tried to use the default libinput drivers and did not use the Wacom drivers. This mode gives you the tablet with working pen pressure and also a mapping facility via xinput. Just run the following command to trim the surface area of the tablet to match that of the monitor.

  xinput set-prop "HUION Huion Tablet_H610X Pen (0)" "libinput Tablet Tool Area Ratio" 16, 9

  For now if you do not want to map the button and just work with the tablet this is good to go. To map the button I opted to fallback to the wacom driver method. Because I did not have the patience to find the command and information regarding libinput and it is easier with wacom driver. This tablet works with the wacom drivers too.

  So install the xf86-input-wacom package from the repository and configure the tablet according to your needs. Here is the step by step that I did.

  Step 1 – Install the wacom driver from your Linux distribution’s repository. For me the command on fedora was this

  sudo dnf install xorg-x11-drv-wacom

  Step 2 – Make a Xorg configuration file which tells our system to use wacom driver for this tablet. You would need administrator privilege for this. Open the file in the text editor with the following command.

  sudo nano /etc/X11/xorg.conf.d/50-huion.conf

  And paste in the following contents

  # huion tablet and buttons
  Section "InputClass"
      Identifier "Huion tablet class"
      MatchProduct "HUION"
      MatchIsTablet "on"
      MatchDevicePath "/dev/input/event*"
      Driver "wacom"
  EndSection

  This tells our system to find any hardware with the product name “HUION” and check if it is a tablet type and use the driver specified. Now if you reboot, the Linux command line utility for configuring the tablets called xsetwacom should show your tablet in the list of devices

  

  Now we can use xsetwacom command to configure the tablet are and buttons too. The button numbering on this tablet is similar to the Wacom Intuos, probably because we are using the wacom driver. Here is the button layout with their numbers.

  

  You can use the following command to map a key or sequence of keys to a button

  xsetwacom set "HUION Huion Tablet_H610X Pad pad" Button 11 "key ctrl s"

  This will map the Button number 11 to Ctrl S which will trigger the save.

  Step 3 – Instead of running each command individually I have made a script with all the sequence of command which will be run when required. the script is below

  #!/bin/bash
  
  #get device id without hardcoding it
  list=$(xsetwacom list devices)
  pad=$(echo "${list}" | awk '/Pad pad/{print $(NF-2)}')
  stylus=$(echo "${list}" | awk '/stylus/{print $(NF-2)}')
  
  if [ -z "${pad}" ]; then
      exit 0
  fi
  
  # configure the buttons on ${stylus} with your xsetwacom commands...
  
  xsetwacom set "${stylus}" Area 0 0 50800 28575
  xsetwacom set "${stylus}" RawSample 1
  xsetwacom set "${stylus}" Suppress 0
  xsetwacom set "${pad}" Button 1 "key m"
  xsetwacom set "${pad}" Button 2 "key a"
  xsetwacom set "${pad}" Button 3 "key ctrl"
  xsetwacom set "${pad}" Button 8 "key b"
  xsetwacom set "${pad}" Button 9 "key +ctrl +shift z -ctrl -shift"
  xsetwacom set "${pad}" Button 10 "key +ctrl z -ctrl"
  xsetwacom set "${pad}" Button 11 "key ctrl s"
  xsetwacom set "${pad}" Button 12 "key +v"
  
  #optional send notification after configuring 
  notify-send -a 'config' -h "string:desktop-entry:org.kde.konsole" -u normal 'huion config done' --icon=face-smile 

  This script can be run on startup or run with systemd triggered by udev like mentioned in this arch wiki article . But I found that while the script is run on startup and the configuration is done correctly, removing and re-plugging the tablet will not run the script again. I tried to search a solution for this and found this wonderful article by Brian Lester. They use python to monitor changes in udev and run the script when necessary. You can find the python script they use in the linked article. I changed the path in it accordingly and used it. Here is my python script copied from Brian’s script and shared with permission.

  This require pyudev, so please install it from your distributions repository or from pip. Fedora has this by default so i didn’t have to do install anything.

  #!/usr/bin/python
  # script from https://blester125.com/blog/wacom.html
  # author - Brian Lester
  
  import time
  import argparse
  import subprocess
  import pyudev
  
  
  def main():
      parser = argparse.ArgumentParser(description="Listen to udev for the huion tablet.")
      parser.add_argument('--vendor_id', '--vendor-id', default=b"256c", type=lambda x: x.encode("utf-8"))
      parser.add_argument('--product_id', '--product-id', default=b"006d", type=lambda x: x.encode("utf-8"))
      args = parser.parse_args()
  
      print("Initializing udev listener")
      context = pyudev.Context()
      print("initializing udev monitor")
      monitor = pyudev.Monitor.from_netlink(context)
      monitor.filter_by(subsystem="usb")
      print("starting udev monitor")
      monitor.start()
  
      print("Running huion setup")
      subprocess.call("/home/raghu/.local/bin/huion.sh")
      print("Setup huion")
  
      for device in iter(monitor.poll, None):
          print(f"action on device {device}")
          vendor_id = device.attributes.get('idVendor')
          print(f"device vendor id: {vendor_id}")
          product_id = device.attributes.get('idProduct')
          print(f"device product id: {product_id}")
          if vendor_id == args.vendor_id and product_id == args.product_id:
              print("Device is my huion")
              time.sleep(2)
              print("Running huion config setup")
              subprocess.call("/home/raghu/.local/bin/huion.sh")
              print("Setup huion")
  
  
  if __name__ == "__main__":
      main()

  And then I have a systemd service file like Brian which starts the python program to watch udev. I place this service file in ~/.config/systemd/user as huion.service and enable it as user service.

  [Unit]
  Description=Configure Huion Service
  After=graphical-session.target
  PartOf=graphical-session.target
  
  
  [Service]
  ExecStart=/home/raghu/.local/bin/huion/huion.py
  Restart=on-failure
  RestartSec=10
  StartLimitBurst=10
  Type=simple
  Environment=PYTHONUNBUFFERED=1
  
  [Install]
  WantedBy=graphical-session.target

  systemctl --user enable huion.service

  And there we are with a configured tablet. And now our coin trace test works as expected.

  

  Conclusion

  Huion H610X is worth every penny and a good tablet which is usable on Linux without much hassle. The tablet works excellently and it is a boon for budding artists who are low on cash. In the coming months, I am optimistic that the initial hiccup of the tablet not being recognized in the KDE setting will be sorted out. I give this tablet a 7 out of 10. If you have any questions or want me to test anything with this tablet let me know in the comments below.

---

• Abhijith PA Laptop refreshment

  (Sorry if you have read this already, due to a tag mistake, my draft copy got published)

  

  I recently bought a refurbished thinkpad x260. If you have read my post of my previous laptop. Its a big jump from 1 gen Intel processors to 6th Gen.

  I really love my old laptop. In fact I am actually writing this from my old laptop. Its OK for my day to day task. But its not convenient to carry around when I am travelling.

  I was thinking a lot of buying a new machine. But always end up not because of how much minimal hardware ports and how hard for normal users to open it for usual maintenance. But during Debconf22 someone made fun of my laptop, he mentioned its more of a printer than a laptop. And there I decided get a new machine.

  Thinkpads always fascinated me. Look sturdy, more I/O ports, nice keyboard and easy to open up for usual maintenance. But I never arrived on which model should I pick. Lenovo has only limited number of models available in India and with right specs, its way out of budget for me. I was planned for taking a liberated.computer. But should I go again to old model. Then I decided to get something little more recent. I know Marhaba computers from whom I already bought a thinkpad for my brother.

  Deciding to pick X260 took around an evening. I have bugged a lot of my friends especially Kiran. I might’ve have made him mad because of how much back and forth I asked questions to him regarding this. Finally we arrived at X260.

  I chose the minimal storage and memory as I will be changing that anyway. So mine had 320GB SATA HDD, DDR4 4 GB memory, Intel i5 6000 , 6th gen processor. I have a 120GB SSD lying around. I quickly swapped it with stock HDD and installed Debian. More memory will be loaded soon.

  cons

  Resolution is 1920*1080 and scaling seems very small and it started to give me a hard time for my eye. So I decided to adjust it.

  abhijith@Adebian  cat .Xresources
  Xft.dpi: 120%
  

  I was using libinput drivers for the trackpad. Turns out it was horrible for my model. So I decided to move back to synaptics.

  So far I haven’t decided on full transition. So its my travel laptop for mail, IRC, RSS, matrix reader/client.

---

September 30, 2022

• Utkarsh Gupta FOSS Activites in September 2022

  Here’s my (thirty-sixth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 45th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

  Debian Uploads

  • rails (2:6.1.6.1+dfsg-2) - Add patch to allow Symbols in YAML columns, fixes #1018934.
  • rails (2:6.1.6.1+dfsg-3) - Add patch to remove active_record.yaml initializers.
  • rails (2:6.1.6.1+dfsg-4) - Add patch to allow Date, Time, ActiveSupport::HashWithIndifferentAccess in YAML columns.
  • ruby-arbre (1.4.0-2) - Add patch to use selector to detect authenticity token input.
  • ruby-net-http-digest-auth (1.4.1-1) - New upstream version, v1.4.1 to fix the FTBFS w/ rails.
  • rails (2:6.1.7+dfsg-1) - New upstream version, v6.1.7+dfsg.
  • redmine (5.0.2-1) - New upstream version, v5.0.2 + fixes for #1017525, #1019607, #1019238, and #1014813.
  • redmine (5.0.2-2) - Add patch to relax pg’s version for autopkgtest.
  • ruby-json-jwt (1.14.0-2) - No-change rebuild for unstable to fix #1011682.
  • libexporter-tiny-perl (1.004002-1) - New upstream version, v1.004002.

  Other $things:

  • Sponsored php-nikic-fast-route/1.3.0-4~bpo11+1 for William.
  • Being an AM for Arun Kumar, process #1024.
  • Sponsoring stuff for non-DDs.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 20th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-sixth month as a Debian LTS and twenty-seventh month as a Debian ELTS paid contributor.
  I worked for 38.00 hours for LTS and 27.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Rolled out announcement for src:flac.
  • Rolled out announcement for src:ruby-rack.
  • Issued DLA 3128-1, fixing CVE-2020-7677, for node-thenify.
    For Debian 10 buster, these problems have been fixed in version 3.3.0-1+deb10u1.
  • Issued DLA 3129-1, fixing CVE-2019-17545 and CVE-2021-45943, for gdal.
    For Debian 10 buster, these problems have been fixed in version 2.4.0+dfsg-1+deb10u1.
  • Looked at src:mbedtls which has about 18 CVEs opened in buster (including no-dsa).
    Also, spoke to the maintainer - they said they’d be uncomfortable doing or reviewing the backport (although they initially said they’d be happy to help).
  • Fixed src:rails regression via 2:6.1.6.1+dfsg-2, 2:6.1.6.1+dfsg-3, and 2:6.1.6.1+dfsg-4 for sid.
    CVE-2022-32224 broke the entire world. :)
  • Helped Abhijith figure out the regression fix for CVE-2022-32224.
    Also got that verified by the people who reported regression, Raphael, Sven, and Jude. The whole thread is on debian-lts@.

  ELTS CVE Fixes and Announcements:

  • Rolled out announcemnet for src:ruby-tzinfo.
  • Rolled out announcemnet for src:grubt.
  • Issued ELA 682-1, fixing CVE-2022-31676, for open-vm-tools.
    For Debian 9 stretch, these problems have been fixed in version 2:10.1.5-5055683-4+deb9u3.
  • Issued ELA 691-1, fixing CVE-2020-21365, for wkhtmltopdf.
    For Debian 8 jessie, these problems have been fixed in version 0.12.1-2+deb8u1.
    For Debian 9 stretch, these problems have been fixed in version 0.12.3.2-3+deb9u1.
  • Issued ELA 692-1, fixing CVE-2022-37452, for exim4.
    For Debian 8 jessie, these problems have been fixed in version 4.84.2-2+deb8u9.
    For Debian 9 stretch, these problems have been fixed in version 4.89-2+deb9u9.
  • Started to look at src:tiff again. Has a lot of open issues. Haven’t claimed the package officially yet, though. :)

  Other (E)LTS Work:

  • Triaged rails, node-thenify, exim4, wkhtmltopdf, gdal, and mbedtls.
  • Marked CVE-2019-25050/gdal as not-affected for buster.
  • Marked CVE-2022-37451/exim4 as not-affected for stretch and jessie; following buster and bullseye.
  • Helped and assisted new contributors joining Freexian (LTS/ELTS).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly public meeting held on #debian-lts on September 29th.

  ---

  Until next time.
  :wq for today.

---

September 22, 2022

• Sahil Dhiman Metro and City Intersection

  These are my experiences specific to Delhi Metro and Rapid Metro Gurugram, which I frequent almost daily. Metros in other cities may or may not share these traits.

  Metro seems to carry almost everyone. I haven’t seen so many people in one place together and such diversity between them. After reading Metronama: Scenes From The Delhi Metro by Rashmi Sadana, I came to the realization that travelling by Metro isn’t economical for economically weaker section of the society. Barring these strata of people, almost everyone is represented in these Metro coaches. Metro really blurs the line of societal differences; I can see, a daily wageworker seating next to an IT professional. Metro brings them together like no other public space could.

  Metro is truly made for city use and quick movement. Large windows for light to seep in and eight doors in each coach to quickly move in and out. Metro coaches in rush hours are no fun. Shoulder to shoulder pushing, and difficulty getting in and out is a norm during office hours. In lean hours, one can comfortably sit back and observe (no fun observing others when your legs are aching due to standing and constant motion). Ladies, depressed working professionals, hopping kids, friends enjoying their going places chit-chat amongst others are common fixtures in these coaches. Loud gossips and phone calls can be heard, though most folks are down in their phones, head bowed and earphones plugged enjoying a downloaded OTT series.

  Even though the public announcement and notices in Delhi Metro says luggage heavier than 25kgs and exceeding 80x50x30 cm dimensions are not allowed but is rarely enforced where we move from railway station to Metro station and vice-versa. Metro serves as our last mile to reach a secondary home in the city.

  Metro stations are architectural marvels. They’re well planned, functional public spaces made to onboard people from a chaotic city like Delhi. Each above ground station are build differently according to situation. As Metro traverse in different places - different landscape. The Metro zooms over bridges; sometimes near multistory houses where a curious passenger can peer into a persons households. Metro windows are screens with changing visuals, forests if you come to Gurugram side on yellow line, parks and city landscape on violet line towards Faridabad and others. Underground stations are sad with no visuals other than narrow black walls. Metro had a forward-looking approach, the leadership also seems to have emphasized it through adopting accessibility everywhere. Accessibility seems like an afterthought in other mode of public transport like bus and rail. Lifts and ramps are first place citizens in stations, with Metro staff placed around the station to help people around. With dedicated gates for entry and exit, flow of people is highly channeled through Metro stations. Station exit barriers are fun too. I usually look at the amount deduced from the person in front’s card and guess how far the person has travelled to reach this station. Metro stations stand in contrast in terms of cleanliness from other public spaces in India. There are neat and clean, and feels more like an airport than their rail cousin. The cleanliness culture of Metro really seems to have seeped into its passengers as well, who for the most part don’t litter any on/in most station. Another fascinating aspects are Metro lifts, which house a soul of their own. Moving up or down a life, one stand close and times, too close to hear people’s personal call; their social media timelines and their odor. Metro stations have also provided a safe space to couples who can be seen huddled together, sitting and chit-chatting with no worries or hugging as they part.

  Metro is a true people mover and has increased accessibility to and fro from far flung areas. One don’t need to face long traffic jams. Earlier people had to travel 2-3 hours to places, so plans were avoided, now in 25 mins, so people can cover the same distance. It has made places accessible, and people have better opportunities professionally, educationally and socially. Now they can reach right into city heart from hinterland.

  Overall, Metro is what keeps the city like Delhi moving, else everyone would just have been sitting in traffic for long hours and getting frustrated with it.

  PS - I’ll highly recommend the book Metronama: Scenes From The Delhi Metro by Rashmi Sadana for people who want to understand how Delhi Metro came to be and it’s affects on the society. Rashmi being Associate professor of Anthropology has captured the intersection of this massive public infrastructure project and people who use it daily using first hand instances conversations with them. It really shows how Metro has transformed life of Delhiites for the better.

---

September 20, 2022

• Hemish Mitmproxy

  Today, I came across this wonderful tool called mitmproxy which is a TLS capable HTTP and HTTPS proxy and can be used by pen-testers and enthusiasts.

  Their documentation provides an easy way to install CA trust certificates on each operating system so that browser or any application does not show security errors making it unable to connect to required site.

  It provides three tools in single package:

  • mitmdump: This is a CLI tool which can be used to dump http(s) requests. It is like tcpdump tool, but just for HTTP and capable of decoding TLS requests.

  • mitmproxy: This is a TUI interface which provides convenient way of monitoring the requests.

  • mitmweb: is a web interface (the interface is rendered in your browser) which provides a chromium-devtools-like interface for monitoring and editing requests.

  Mitmweb is most convenient as it provides a GUI interface. Though, BurpSuite may be beneficial for advance usecases; but for a random hobbyist, mitmproxy is enough for just intercepting requests.

---

September 02, 2022

• Arun Mathai Youtube Channels I Like

  These are the channels I somewhat enjoy watching…, although I might not be so up to date with them. If any of the links are broken, please let me know ğŸ˜�. Food Stuff Strictly Dumpling Mark Wiens The Food Ranger Techinal Stuff Dave’s Garage Strange Parts tripcode!Q/7 Jadi Tsoding Daily Jeff Geerling Computerphile Xah Lee The Linux Channel Other Random Stuff Paolo fromTOKYO TABI-IE -quiet night- Tom Scott Vsauce

---

September 01, 2022

• Arun Mathai Websites I Like

  If any of the links are broken, please let me know �. Personal Websites Akshay S Dinesh Ravi Dwivedi Sahil Dhiman Abraham Raji Aral Balkan

---

August 30, 2022

• Utkarsh Gupta FOSS Activites in August 2022

  Here’s my (thirty-fifth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 44th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I do, both, technical and non-technical. Here are the things I did this month:

  Debian Uploads

  • rails (2:6.1.6.1+dfsg-1) - New upstream version, v6.1.6.1+dfsg to fix CVE-2022-22577, CVE-2022-27777, and CVE-2022-32224 and thereby, bug #1011941, #1016982, and #1016140.
  • python-pbcommand (2.1.1+git20220616.3f2e6c2-2) - Add python3-avro to Depends to fix autopkgtest.

  Other $things:

  • Being an AM for Arun Kumar, process #1024.
  • Sponsoring stuff for non-DDs.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 19th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-fifth month as a Debian LTS and twenty-sixth month as a Debian ELTS paid contributor.
  I worked for 14.00 hours for LTS and 19.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 3094-1, fixing CVE-2021-0561, for flac.
    For Debian 10 buster, these problems have been fixed in version 1.3.2-3+deb10u2.
  • Issued DLA 3095-1, fixing CVE-2022-30122 and CVE-2022-30123, for ruby-rack.
    For Debian 10 buster, these problems have been fixed in version 2.0.6-3+deb10u1.
  • Uploaded rails/2:6.1.6.1+dfsg-1 to unstable for fixing CVE-2022-22577, CVE-2022-27777, and CVE-2022-32224 and thereby, bug #1011941, #1016982, and #1016140.
  • Also looked at src:samba and how Ubuntu is looking at it. It’s a mess, really. And it’s different for both, LTS and ELTS. Worse for LTS with 36 opened issues. :)

  ELTS CVE Fixes and Announcements:

  • Issued ELA 671-1, fixing CVE-2022-31163, for ruby-tzinfo.
    For Debian 9 stretch, these problems have been fixed in version 1.2.2-2+deb9u1.
  • Issued ELA 672-1, fixing CVE-2022-0436, for grunt.
    For Debian 9 stretch, these problems have been fixed in version 1.0.1-5+deb9u2.
  • Started to look at src:tiff again. There are a lot of open CVEs piled up now. Drafted some fixes but halted the process to look at src:tiff in buster first - which I’ll do next month.
    I might do the update in two cycles. But more on that later.
  • Also looked at src:samba and how Ubuntu is looking at it. It’s a mess, really. Probably should write to the list. :/

  Other (E)LTS Work:

  • Triaged grunt, flac, ruby-rack, ruby-tzinfo, and mbedtls.
  • Helped and assisted new (and fellow) contributors joining Freexian (LTS/ELTS).
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts) and Matrix.
  • General and other discussions on LTS private and public mailing list.

  ---

  Until next time.
  :wq for today.

---

August 26, 2022

• Sahil Dhiman OpenStreetMap and Snapchat

  A casual talk regarding OpenStreetMap (OSM) with my roommate lead to the discovery that Snapchat uses OpenStreetMap as basemap for their map functionality. It was felt great learning about this development.

  I was mapping actively since the time I moved to Gurugram with my colleague/roommate. My roommate use to see me doing edits and making roads in OSM. He was curious to know who even uses those maps, and during one of these discussions, I remembered vaguely reading somewhere about Snapchat and OpenStreetMap. Personally, I don’t use Snapchat, so asked him to open the map feature to confirm. Clicking on the small info icon on the bottom, confirmed that Snapchat uses OpenStreetMap data through Mapbox (seems to be using a secondary source for POI data). That got his interest piqued as well. Snap Map (as they’re called) can be viewed online here map.snapchat.com as well.

  After Snap Maps, I also discovered that the big live bookings screen at my office (an online travel aggregator), also uses OpenStreetMap data. Been passing this screen everyday and just noticed the small OpenStreetMap credits at the bottom. Next, discovered OpenStreetMap being used in my live bus tracking link through MapTiler (though the data seemed to be old and didn’t contain my POI and roads edits in my nearby areas). Zomato also seems to used OpenStreetMap for restaurant location screenshots on their website.

  These usages of OSM data in wild gives me the motivation to add/edit even more to improve maps for everyone, including Snapchatters and Pokémon Go players everywhere. OpenStreetMap mapping has helped me know places better. The history/road types/classifications and figuring out the appropriate tags is always an experience. Seeing roads and POIs fill up empty stretches of maps, always look good. OpenStreetMap data has given rise to so wonderful uses which wouldn’t have been possible with non-free licensed geographical data.

  PS - If you’re new to OpenStreetMap and want to contribute, start with StreetComplete app. It gamifies the whole data addition part by asking questions on missing nodes in your local area.

  PSS - My inbox is always open for chats regarding mapping and OSM.

---

August 24, 2022

• Abhinav Krishna C K Going through Linux Device Drivers, 3rd Edition

  I was introduced to Linux Device Drivers Book by Alessandro Rubini, Greg Kroah-Hartman, and Jonathan Corbet in a video by LiveOverflow from 2020. But I never got around to reading it. This post is just me jotting down my experiences going through this book.

  Linux Device Drivers, Third Edition #

  This book is freely available from lwn.net under the Creative Commons “Attribution-ShareAlike” license, Version 2.0. LiveOverflow goes through a bit of history in his video. I think I don’t need to reiterate it. Oh, and BTW, sub to lwn.net if you can!

  I built the kernel with the existing config from my Arch Linux install a couple of years back. And custom kernels for building TWRP and some test ROMs for my previous android devices. But that was it. The kernel source is too scary for me :sweat_smile:

  So, in other words, this is another attempt to try and understand the kernel source, or at least some parts of it. Heard, device drivers are a good starting point? Well, the kernel can be thought of as a driver.

  Chapter 1 is a lighter version of my Engineering Degree’s CS204 syllabus but a bit skewed towards Linux Kernel.

  Also, since LDD3 was created with Linux 2.6 in mind, some coding examples will require some modifications. There is this repo ldd3 which has examples updated to work in recent kernels.

  Chapter 2 #

  So, the real meat starts from chapter 2 which contains a hello world kernel module!

  I jumped on Vagrant to set up a temporary, quick VM. Just followed the Vagrant ArchWiki and used libvirt as the virtualization provider. Also had to install nfs-utils along with the libvirt dependencies.

  Ran vagrant init and edited the Vagrantfile to include Debian Bullseye box debian/bullseye64. A sample config might look something like this.

  Vagrant.configure("2") do |config|
   config.vm.box = "debian/bullseye64"
  
   config.vm.provider "libvirt" do |v|
   # Adjust these as required
   v.memory = 8162
   v.cpus = 4
   end
  end
  

  Now, just do vagrant up and if it’s successful, you can do vagrant ssh to get into the VM. You also need to install build-essentials and appropriate kernel headers for your host(VM) -> apt install build-essential linux-headers-`uname -r` .

  Copied over the hello.c file from here to /vagrant/src directory on the guest (or to ./src directory on the host) and added the makefile. Make sure to remove all the modules that we are not building at this step -> Only keep hello.o in obj-m.

  While copying, I’ve also noticed this placement of braces and spaces. It’s not something that I’m used to. So it might be worth looking at the very opinionated coding style for the kernel.

  Now if you run make, it should hopefully build our very very complex kernel modules without errors :)

  To insert our module to the kernel, we can use insmod; sudo insmod hello.ko. Note the .ko extension indicating that it’s a kernel object.

  At this point we can inspect the kernel logs and we should see the function we defined in the module_init macro getting executed.

  sudo tail /var/log/kern.log ->

  Aug 24 09:04:43 bullseye kernel: [ 1143.598608] hello: loading out-of-tree module taints kernel.
  Aug 24 09:04:43 bullseye kernel: [ 1143.599432] hello: module verification failed: signature and/or required key missing - tainting kernel
  Aug 24 09:04:43 bullseye kernel: [ 1143.600865] Hello, world
  

  How exciting is this! Something we wrote is getting executed in the kernel space, not in userspace!!

  To remove this module, we can run sudo rmmod hello and see our poor module realizing the realities of the world :P

  Aug 24 09:26:00 bullseye kernel: [ 2421.287445] Goodbye, cruel world
  

  Just to spice things a bit I decided to calculate the factorial of 10 from the kernel space :laughing:

  #include <linux/init.h>
  #include <linux/module.h>
  MODULE_LICENSE("Dual BSD/GPL");
  static int hello_init(void)
  {
  printk(KERN_ALERT "Hello, world\n");
  return 0;
  }
  static void hello_exit(void)
  {
  long fact = 1;
  int i = 1;
  while(i<=10)
   {
   fact*=i;
   i++;
   }
  printk(KERN_INFO "Factorial: %ld\n", fact);
  }
  
  module_init(hello_init);
  module_exit(hello_exit);
  

  I’m pretty sure that I have broken 10 different kernel coding guidelines with these ^ lines. And is probably against the conventions, but, it’s fun!

  Aug 28 10:04:26 bullseye kernel: [ 4727.115511] Hello, world
  Aug 28 10:04:30 bullseye kernel: [ 4730.577740] Factorial: 3628800
  

  I’ll be back with moarr sweet kernel juice.

---

August 07, 2022

• aktsbot Install docker without a package manager

  Install docker without a package manager

  07 Aug 2022

  ---

  A few months back I went back to slackware and one of the things that I missed was docker. slackbuilds at that time was still on 14.2. Luckily, docker provides statically compiled binaries.

  Getting docker

  Head on over to docker's release page and choose the version that we want. At the time of writing docker-20.10.9.tgz was the latest.

  $ cd ~/Downloads $ wget https://download.docker.com/linux/static/stable/x86_64/docker-20.10.9.tgz 

  Installation

  I have a ~/Programs folder, where I put things that I don't install with a package manager. So in there it went.

  $ tar xvf docker-20.10.9.tgz $ mv docker ~/Programs 

  The docker folder has the binaries we need.

  $ cd ~/Programs/docker $ ls ./ containerd* containerd-shim-runc-v2* docker* docker-init* runc* ../ containerd-shim* ctr* dockerd* docker-proxy* 

  Now we need to add these binaries to our shell's path. I'm using zsh, so my ~/.zshrc has something like

  export PATH="${PATH}:$HOME/Programs/docker" 

  You can chuck that into your ~/.bashrc, if you're using bash.

  Running docker

  The docker daemon requires root privileges to run. So we need to invoke it with

  $ sudo dockerd 

  But this will always ask for our password each time. A tiny edit to the sudoers file can sort that out

  $ sudo visudo 

  That will open up the sudoers file in vi or nano based on root's $EDITOR variable. Go to the end of the file and add

  john ALL=NOPASSWD: /home/john/Programs/docker/dockerd 

  Substitute john with your username. Now running sudo dockerd from our terminal would launch the docker daemon. If we accidently close that terminal, dockerd would also die. Enter tmux.

  Create a shell script called start-tmux in your ~/bin folder. I'm assuming ~/bin is in your $PATH. Put in this

  #/bin/sh tmux new-session -d -s docker 'sudo dockerd' 

  Make it executable with

  $ chmod +x ~/bin/start-docker 

  Now we can run it with start-docker from our terminal. To attach to the docker session in tmux, run

  $ tmux a -t docker 

  Here's a quick cheat-sheet on tmux if you're new to it. It is a brilliant tool to familiarize, if you're spending a lot of time on the terminal.

  There's one more step left if our user wants to run the docker cli.

  $ sudo groupadd docker $ sudo usermod -aG docker $USER 

  This creates a group called docker and add then we add our user to it. Without this our user gets a permission denied error.

  To test if everything went well, run

  $ docker run hello-world 

  And we should see something like this.

  Hello from Docker! This message shows that your installation appears to be working correctly. To generate this message, Docker took the following steps: 1. The Docker client contacted the Docker daemon. 2. The Docker daemon pulled the "hello-world" image from the Docker Hub. (amd64) 3. The Docker daemon created a new container from that image which runs the executable that produces the output you are currently reading. 4. The Docker daemon streamed that output to the Docker client, which sent it to your terminal. To try something more ambitious, you can run an Ubuntu container with: $ docker run -it ubuntu bash Share images, automate workflows, and more with a free Docker ID: https://hub.docker.com/ For more examples and ideas, visit: https://docs.docker.com/get-started/ 

  Fin

  This is how I run docker and it may not be the best for most people. For example,

  • No auto update to docker. I'd have to manually download a new release.
  • No dockerd autostart when I boot up my machine. I actually like this, as it keeps my startup time fairly quick.

  These could be remedied with shell scripts, but hey I'm running slackware :)

  Happy Hacking & have a great day!

---

August 04, 2022

• Abhijith PA Trip to misty mountains in Munnar

  Munnar is a hill station in Idukki district of Kerala, India. Home to 2nd largest tea plantation in the country. Lot of people visit here on summer and in winter as well. I live in the neighboring district of Munnar though I never made a visit. In my mind I pictured Munnar as a Tourist trap with lots of garbage lying around.

  I recently made a visit and it changed my perception of this place.

  

  Little background

  I never liked tea much. I am also not a coffee person either. But if I have to choose over two that will be coffee because of the strong aroma. Going to relatives house, they always offered hot tea defacto. I always find difficult say ‘no’ to their friendly gesture. But I hate tea.

  A generation before me drinks lot of tea here at my place. You can see tea stalls in every corner and people sipping tea. I always wondered why people drink lot of tea on a hot country like India.

  The book I am currently trying to read has a chapter about Munnar and how it became a Tea plantation under the British rule. Well, around the same time. I watched a documentary program about the tea and Munnar.

  Munnar

  

  Too much word here and there I decided to do a visit. I took a motorbike and started a journey to Munnar. Due to covid restrictions there weren’t much tourists, so this was to my advantage. There are many water falls on the way to Munnar. Some are very close to road and some are far away but can be spotted. Munnar travel is just not about the destination because its never been a single spot. Enjoying the journey that the ride has to offer.

  I stayed at a hotel, little far away from town, though I never recommend hotels in Munnar. Try to find home stays and small establishments away from the town. There are British Era bungalows inside the plantations still maintained in good condition which can be booked per room or entire property.

  The lush greenery on the Mountains of tea plantation is very refreshing and feast to our eyes. The mornings and evenings of Munnar is something to watch, mountains wrapped in mist slowly uncovering with sunlight and again slipping to mist by dark evening. I planned only to visit places which are less explored by tourists.

  People here live a simple life. Most of them are plantation workers. The native people of Munnar are actually tribal folks but since the plantation boom many people from Tamil Nadu(neighboring state) and other parts of Kerala settled here. The houses of this plantation workers resembled Hobbit homes in Shire from Lord of the Rings as they are in the hill slides. The Kannan Devan hills, the biggest hill in area covers more than half of Munnar.

  

  Two famous Tea companies from Munnar are Tata Tea and KDHP(Kanan Devan Hills Plantations Company (P) Limited) tea. KDHP is actually an employee owned Tea company ie a good share of this company is owned by the employees working there. This was interesting to me, so I bought a bag of speciality tea from KDHP store on my return. I don’t drink tea on a daily basis but I will try it on special occasions.

---

July 30, 2022

• Utkarsh Gupta FOSS Activites in July 2022

  Here’s my (thirty-fourth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 43rd month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:

  • Doing DebConf stuff! \o/
    • Some DebConf talks, some assists, et al.
    • Talking about Freexian/LTS with fellow attendees.
  • Volunteering for DC22 Content team.
  • Leading the Bursary team w/ Paulo.
  • Answering a bunch of questions and things bursary.
  • Being an AM for Arun Kumar, process #1024.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 18th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-fourth month as a Debian LTS and twenty-fifth month as a Debian ELTS paid contributor.
  I worked for 1.00 hours for LTS and 0.00 hours for ELTS, thanks to DebConf. :P

  LTS CVE Fixes and Announcements:

  • Helped Andrea, the mbedtls maintainer, (and Samuel) understand the security tracker interals.
    Also helped them in doing precise triages, fix the incorrect ones, and deep-dived into remaining LTS ones.

  ELTS CVE Fixes and Announcements:

  • Did absolutely nothing. :)

  Other Freexian internal work:

  • Triaged mbedtls.
  • Moar reading on the documentation bits.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • Co-presented LTS BoF with Anton Gladky. Showed the survey results.
  • Talked to upstream CIP kernel folks to help Freexian’s internal goals and bribed them w beers. :)
  • Had a chat around Freexian, LTS, and ELTS with other conference attendees.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • Participated and helped fellow members with their queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.

  ---

  Until next time.
  :wq for today.

---

• Vinay Keshava Contributing To Debian

  Debian

  Debian is a GNU/Linux distribution completely inclinded towards Free Software philosophy, maintained by the community.

  Before talking about how i started contributing to debian, i would like to talk about the camp organized by FSCI It is an online free mentorship programme organized by Free Software Community of India ,introducing people to Free Software.Ravish introduced me to 2021 FSCI’s camp, and there i got introduced to Debian Packaging through Debian Developers and Debian Maintainers.

  During the project phase of the camp, i choosed to work on Debian Packaging and System Administration(here is my Project Proposal)

  Debian Packages and my Story !!

  Debian has roughly over 51,000 packages, these packages are installable through apt, just like “sudo apt install nano”. I always wanted to know how “sudo apt install nano” works !.

  During the project phase of the camp Praveen my mentor of the project,a Debian Developer himself suggested to get started by packaging node packages(dependencies of Gitlab). A big Thanks to praveen for teaching packaging from scratch, also answering my useless questions and also sponsoring my packages to debian. Initially i found it very difficult to understand it,but the community was so welcoming, they were helping and assisting me by clearing all my doubts through matrix.

  I took a lot of time to learn,tried to spend more time in learning during hectic schedule of college and also i gave up hope many times and restarted it. So initial task was to setup the Debian Unstable environment and rebuilding the existing simple node-pretty-ms package, and then tried a simple package update and then went to continue packaging few node modules.

  I currently maintain around two node modules as of today, looking forward to maintain more packages in debian. All the communication happens mainly through mailing list or irc of respective teams.

  Further Development

  Looking forward to contribute and hangout with the awesome debian community and learn more.

---

July 27, 2022

• Abhinav Krishna C K Custom ROMs and safteynet :facepalm:

  Safety net is complete BS, because they clearly are not using it to ensure security. A 10-year old phone with an outdated OS and multiple verified remote code execution vulnerabilities? Passes safetynet with flying colors. Want to update that OS to an aftermarket OS which actually has security fixes? Nope, google will do everything in their power to stop that (safetynet) from passing. It’s so blatantly not about security and all about restricting choice.

  Same with most of the rest. In principle we should be excited about these security features, except the corporations are making sure if we want to use anything they get to hold the keys, not us. And that again makes it all about control, not security.

  ref - #

  The SafetyNet Attestation API is an anti-abuse API that allows app developers to assess the Android device their app is running on. The API should be used as a part of your abuse detection system to help determine whether your servers are interacting with your genuine app running on a genuine Android device.
  - SafetyNet Attestation API: developers.android.com

---