Planet FSCI

May 10, 2022

• Utkarsh Gupta FOSS Activites in May 2022

  Here’s my (thirty-second) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 41st month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:

  Debian Uploads

  • puppet-beaker (4.30.0-2) - Sponsored the upload to fix net-ssh’s FTBFS.
  • ruby-terminal-table (3.0.2-1) - New upstream version, v3.0.2.

  Other $things:

  • Volunteering for DC22 Content team.
  • Leading the Bursary team w/ Paulo.
  • Answering a bunch of questions and things bursary.
  • Being an AM for Arun Kumar, process #1024.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 16th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-second month as a Debian LTS and twenty-third month as a Debian ELTS paid contributor.
  I worked for 35.00 hours for LTS and 30.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 2999-1, fixing CVE-2022-1328, for mutt.
    For Debian 9 stretch, these problems have been fixed in version 1.7.2-1+deb9u6.
  • Issued DLA 3009-1, fixing CVE-2022-27239 and CVE-2022-29869, for cifs-utils.
    For Debian 9 stretch, these problems have been fixed in version 2:6.7-1+deb9u1.
  • Issued DLA 3013-1, fixing CVE-2022-30688, for needrestart.
    For Debian 9 stretch, these problems have been fixed in version 2.11-3+deb9u2.
  • Issued DLA 3014-1, fixing CVE-2020-8659, for elog.
    For Debian 9 stretch, these problems have been fixed in version 3.1.2-1-1+deb9u1.
  • Issued DLA 3038-1, for debian-security-support.
    For Debian 9 stretch, these problems have been fixed in version 1:9+2022.06.02.
  • Working on tiff update for stretch.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 607-1, fixing CVE-2022-1328, for mutt.
    For Debian 8 jessie, these problems have been fixed in version 1.5.23-3+deb8u6.
  • Issued ELA 608-1, fixing CVE-2022-28044, for lrzip.
    For Debian 8 jessie, these problems have been fixed in version 0.616-1+deb8u2.
  • Issued ELA 611-1, fixing CVE-2022-25647, for libgoogle-gson-java.
    For Debian 8 jessie, these problems have been fixed in version 2.2.4-1+deb8u1.
  • Issued ELA 614-1, fixing CVE-2022-27239 and CVE-2022-29869, for cifs-utils.
    For Debian 8 jessie, these problems have been fixed in version 2:6.4-1+deb8u1.
  • Working on tiff and beep updates for jessie.

  Other (E)LTS Work:

  • Triaged cifs-utils, vim, elog, needrestart, amd64-microcode, libgoogle-gson-java, lrzip, and mutt.
  • Started as a Freexian Collaborator! \o/
  • Read through the documentation bits around that.
  • Helped and assisted new contributors joining Freexian.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • Participated and helped fellow members with theie queries via private mail and chat.
  • General and other discussions on LTS private and public mailing list.

  Debian LTS Survey

  I’ve spent 2 hours on the LTS survey on the following bits:

  • Finalizing and wrapping up the survey.
  • Providing the stats, working on the initial export of the survey.
  • Dropping ghost entries and other things which are useless. :)

  ---

  Until next time.
  :wq for today.

---

• Utkarsh Gupta FOSS Activites in April 2022

  Here’s my (thirty-first) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 40th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  There’s a bunch of things I did this month but mostly non-technical, now that DC22 is around the corner. Here are the things I did:

  Debian Uploads

  • Helped Andrius w/ FTBFS for php-text-captcha, reported via #977403.
    • I fixed the samed in Ubuntu a couple of months ago and they copied over the patch here.

  Other $things:

  • Volunteering for DC22 Content team.
  • Leading the Bursary team w/ Paulo.
  • Answering a bunch of questions of referees and attendees around bursary.
  • Being an AM for Arun Kumar, process #1024.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 15th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirty-first month as a Debian LTS and twentieth month as a Debian ELTS paid contributor.
  I worked for 23.25 hours for LTS and 20.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 2976-1, fixing CVE-2022-1271, for gzip.
    For Debian 9 stretch, these problems have been fixed in version 1.6-5+deb9u1.
  • Issued DLA 2977-1, fixing CVE-2022-1271, for xz-utils.
    For Debian 9 stretch, these problems have been fixed in version 5.2.2-1.2+deb9u1.
  • Working on src:tiff and src:mbedtls to fix the issues, still waiting for more issues to be reported, though.
  • Looking at src:mutt CVEs. Haven’t had the time to complete but shall roll out next month.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 593-1, fixing CVE-2022-1271, for gzip.
    For Debian 8 jessie, these problems have been fixed in version 1.6-4+deb8u1.
  • Issued ELA 594-1, fixing CVE-2022-1271, for xz-utils.
    For Debian 8 jessie, these problems have been fixed in version 5.1.1alpha+20120614-2+deb8u1.
  • Issued ELA 598-1, fixing CVE-2019-16935, CVE-2021-3177, and CVE-2021-4189, for python2.7.
    For Debian 8 jessie, these problems have been fixed in version 2.7.9-2-ds1-1+deb8u9.
  • Working on src:tiff and src:beep to fix the issues, still waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)

  Other (E)LTS Work:

  • Triaged gzip, xz-utils, tiff, beep, python2.7, python-django, and libgit2,
  • Signed up to be a Freexian Collaborator! \o/
  • Read through some bits around that.
  • Helped and assisted new contributors joining Freexian.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.
  • Attended monthly Debian meeting. Held on Jitsi this month.

  Debian LTS Survey

  I’ve spent 18 hours on the LTS survey on the following bits:

  • Rolled out the announcement. Started the survey.
  • Answered a bunch of queries, people asked via e-mail.
  • Looked at another bunch of tickets: https://salsa.debian.org/freexian-team/project-funding/-/issues/23.
  • Sent a reminder and fixed a few things here and there.
  • Gave a status update during the meeting.
  • Extended the duration of the survey.

  ---

  Until next time.
  :wq for today.

---

May 08, 2022

• Sahil Dhiman Meeting With School Juniors

  Had a chance meeting with school juniors few days back. I was out hanging with Rajan, while we by chance met them. All of them were of the same year, a year junior to us and hanging out together.

  I remembered most of them. Apparently they remembered me too. The interaction was easy going and fun. Aarush was amongst them too, one of my favorites from their batch. Felt joy, they were happy faces indeed. It was more heartfelt than even meeting my own classmates, maybe due to the fact I was seeing them after such a long time. Came to the realization that human interactions feel better and can’t be replaced with time spent on books/computer/mobile and what not.

  Now I want to plan alumni meet someday where we simply meet and interact how life has been and remember the good old days when deadlines weren’t so scary.

---

May 06, 2022

• Abraham Raji Status Update Quarter One 2022

  There goes four months. Time just keeps moving faster as you keep getting older I guess. These past few months seriously feel like a year to me for some reason. I guess there were a few things different about it compared to the other 21 years of my life.

  Work

  Last time I did a status update I had completed my training at work and had joined a product team. I can't really remember what my expectations where when I joined, to be honest I think I was anxious as to how I'd perform. Long story short I continue to learn a lot and it's fun. Right now I'm learning more and more about things like fixing bugs in a live applications in graceful way, handling exceptions in production, the importance of and how to do proper logging, SQL (no, seriously.), optimizing code for resource intense tasks etc. It's all very interesting stuff.

  Almost everyday at work feels eventful, even though it's the same me sitting on same desk every day typing on the same keyboard. Something I've been struggling though however is with work life balance. It was definitely worse in the beginning. Like I spent hours on weekdays working and walked into the weekend feeling really tired, as in I am definitely not going to code for the next two days. This was weird for me because I never felt that before. Something else I noticed was that my contribution to FOSS dropped down to nothing. This was mostly because I was not able to commit to anything that would take more than a day or two's worth of work and even then when the weekends rolled out I just felt like lying on my bed in silence for a while. This is when my workplace does not have any sort of toxic hustle culture in fact it promotes working for not more than 40 hours a week and taking the weekend off unless you, the developer decides that it was absolutely necessary for you to work during the weekend. I was the issue here. I am working on getting this right. And yes my close friends have pointed out to the lack of a hobby in my life. More on that later.

  IFFK

  I was hoping to go to Kerala Literature Festival (KLF) ¹ this year in the hopes that it will help me start reading fiction again. From the ages of 13 to 17 I used to read anything I could get my hands on. But during college I started to focus more on computer science and the stuff I read gradually lost it's diversity and some time during my third year I sort of realized that I struggled to turn pages on actually good fiction books. Anything technical, I can get through that shit like that insert sound of fingers snapping. When it came to fiction it just didn't happen. I don't want to think that I am over fiction as a genre because that to me is just sad. So I decieded to do what I can to get my mojo back so as to speak. I found a few people who were also inteding to go and we made plans as well but fate had other plans. Quite anti-climatically, KLF was canceled this year due to rising COVID cases in Kerala. At this point I was seriously craving a break and I guess the others were as well because those of us who were planning to go to KLF decieded that we'd go to IFFK ² instead. So Me, some friends of mine and a few strangers (to me) went to IFFK. We were a pretty fun group to be honest. We had people like me who enjoys the artform that is film and then we had people who were actually aspiring film makers, ready to pour out their blood sweat and tears into it and … we really clicked as a group.

  Running around Thiruvananthapuram, deciding what films to watch, the discussions after watching each film, deciding a place to eat that everyone likes, late night meals and the conversations.

  While I didn't think much of those moments then now they have turned into really fond memories. More than the actual film festival it was the experience of watching movies with these folks that made the experience worth it for me. So if you people are reading this, thanks for some special days in my life.

  

  My attempts at building hobbies.

  The truth of the matter is that I think a lot and that combined with the sheer number of choices of hobbies one could pick resulted in me not picking one. A few things I seriously considered are wood working, cycling, mechanical keyboards (impractical as a hobbby? Yes. Very satifying? Also yes.), learning how to play a musical instrument and yes reading. To be brutally honest I spent the last 4 months procrastinating over what hobby to pick. The only two hobbies I really had during the past few years were programming and tinkering with my setup. Tinkering with my GNU/Linux setup really works for me. Like installing a new distribution and trying it out is actually something I find very cathartic, not a joke. But a few weeks ago my laptop got an issue with it's display and the people at the service center are figuring out whether the issue is with a specific chip on the motherboard or the dedicated graphics card it comes with. This meant that I no longer had GNU/Linux as an option. This is where I would say I started to seriously think about another hobby. Recently (as in, a few months ago) I started getting into self hosting stuff, which is yet another slippery slope. I almost fell down the rabbit hole but instead I am sticking to just self hosting nextcloud for now. Primarily because I don't really needs a whole bunch of stuff and I don't want to simply create a VPS running something I wouldn't use slowly burning carbon into the atmosphere. So that's that. Anyways the search continues. Feel free to suggest me anyhting you think I should try. As always mail works best.

  Maybe I don't need the internet as much as I thought I would.

  This is a thought that I came across inadvertently and this might come of as pretty weird but apart from work, I don't do a lot of things that require a constant internet connection. I'm the kind of person who likes the idea of having things that I need on me at all times if that makes sense. Up until a year ago every single song/movie I liked I had it locally on my device. It is borderline hoarding and I say borderline because I do clean stuff up and remove the ones I'm over pretty regularly. But then my friends got me hooked on streaming stuff. So now if I didn't do instant messaging which I don't do much of anyway and stream stuff from spotify, youtube and netflix, I could live with having access to the internet for an hour a day. When I thought about this, the more I realized not long there was a time when I didn't have internet and I lived, pretty happily as well if I say so myself. I am curious about what such a life will be like today. Can I go a day every week without the internet? Is there any actual advantage to this? I don't know. Maybe one of these days I might just give it a shot.

  That's about it for this month. Until next time. o/

  ---

  ¹

  Kerala Literature Festival (KLF), founded in 2016, is an annual literary festival held in Kozhikode, Kerala.

  ²

  The International Film Festival of Kerala (IFFK) is a film festival held annually in Thiruvananthapuram, the capital city of Kerala.

---

May 01, 2022

• Sahil Dhiman Navratri Hunger Cycle

  Navratri is a bi-annual celebration in Hinduism spanning over nine (sometimes eight) days. It is usually celebrated with fasting and ends with various ceremonies. Now, fasting is our topic for this post today. I have been fasting for Navratri once a year, since quite a few years. Due to family traditions, we only do fasting till eighth day, which is called Ashtami. I have some observation on my hunger and thought patterns during these fasting periods.

  The initial, one to three days are filled with thoughts about all the delicacies the world has to offer. Spicy, chat-patta Gol Gappas, Chole Samosa, Gulab Jamuns and what not. It’s the period when most will power is tested on the question of why even deprave oneself from all these worldly pleasures.

  Day four to six are when, the mind usually makes peace with the situation. It doesn’t matter if I eat food or not, it doesn’t cross my mind. Things are better, there are no hunger pangs. Even if someone eats or brings some delicacy, it really doesn’t matter much.

  Day seven is usually an exciting day that finally it is coming to an end. A bunch of eat this and that lists starts forming in mind.

  Day eight, the day when Chole Puri and Halwa are made for Puja and rituals are performed. It is followed by eating of Chole Puri, which to be frank becomes a bit under-whelming experience. As the day goes by and various, normal food is eaten, a gloom starts coming that why even eat now. It doesn’t matter. Grand lists made on seventh day just don’t feel so good anymore. The cravings are all gone by this time. Food feels just like a necessity to mind, leading to completion of Navratri.

  Still, I feel Navratris are good time. It gives the opportunity to strengthen mental strength over physical needs. Also, it’s fun seeing the reaction of folks when they get to know that someone is keeping all the fasts.

---

April 18, 2022

• Sahil Dhiman Late, Late Experience Post of DebConf21

  DebConf21 was held online from August 24th to August 28th, 2021. As the tradition dictates, I wanted to jot down the experience for my future self and others, but it kept slipping. Now, as DebConf22, Kosovo looms (and preparations for DebConf23 here in India begins), I feel obliged to quickly write down as much as I can remember. As this year’s DebConf is in-person again, in Kosovo, I won’t be attending it, so no experience post this year around.

  This time our focus was to bring a separate Indic track featuring talks and workshops in Indic languages. Though a separate Indic track wasn’t added, five Indic languages were added in talk submission page to be directly included in main DebConf. We did outreach for bringing people to submit talks in their native language. Finally, on the lower end, but we did manage to persuade some folks to submit talks.

  As usual this time too during the conference I volunteered to do the talk meistering and talk direction. The setup was similar to DebConf20 and MiniDebConf India though this year was more fun because of the inclusion of a number of Indic language talks, four out of five of which I didn’t understand.

  This year, four Hindi talks were accepted (including mine), which was the biggest number ever (as far I as I know). I was elated, seeing this. Alas, three of the talks were cancelled at the last moment. Mine was the only Hindi talk in the end.

  About talk; my first talk was a short talk titled: डेबियन में योगदान कैसे करें (How to contribute to Debian). I prepared the talk with 2 pages of pointers on notebook and taking presentation help from Praveen. Made the slides in Cryptpad and OBS, capturing 1/4th of the screen with presentation and webcam. As usual, made the video in one take. The talk etherpad looks funny now :) Someone mentioned (don’t remember who), that I was doing all the stuff and by chance during this talk QnA, talk meister for talk, Sruthi’s internet blinked. As I was already the talk director and was on call, I stepped in to give the closing notes. You can see it starting at 20.16 mins into the video. Finally, I edited the final cut of my video as well as the video team :D

  I was also part of BoF on Growing the Debian Community in India. I did particularly like the fact folks put in their honest views, leading to prolonged discussions on the same. As the discussion went on, the 45-minute time seemed less. The BoF saw the participation of Anupa, Sruthi, Akshay, Praveen, Abraham and Utkarsh.

  Participated in the DebConf closing ceremony and party thereafter with online with gol gappa chat. It was delicious as always. After the closure, we also did an 8.5 hour late night video call, discussing Debian, software and life in general.

  Initial preparations for DebConf23 India have already started, scheduled for next year. Will be actively participating in the prep, albeit online. DebConf23 seems to be the first Debian event I would attend in-person. Come join us, if you want to make DebConf23 India a success.

  PS: Ravi mentioned that he showed my Hindi talk to his mother, and now she knows what Debian is. A small win.

---

April 10, 2022

• Utkarsh Gupta FOSS Activites in March 2022

  Here’s my (thirtieth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 39th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  I recovered this month and cleared up a bunch of my backlog. So a good month, that way.

  I didn’t do any uploads this month but I still did the following this month:

  Other $things:

  • Volunteering for DC22 Content team.
  • Volunteering for DC22 Bursary team.
  • Being a DC22 Bursary lead along w/ Paulo.
  • Being an AM for Arun Kumar, process #1024.
  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 14th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my thirtieth month as a Debian LTS and nineteenth month as a Debian ELTS paid contributor.
  I worked for 57.75 out of 59.50 hours for LTS and 42.25 out of 60.00 hours for ELTS.

  LTS CVE Fixes and Announcements:

  • Issued DLA 2943-1, fixing CVE-2021-30151 and CVE-2022-23837, for ruby-sidekiq.
    For Debian 9 stretch, these problems have been fixed in version 4.2.3+dfsg-1+deb9u1.
  • Issued DLA 2951-1, fixing CVE-2021-0561, for flac.
    For Debian 9 stretch, these problems have been fixed in version 1.3.2-2+deb9u2.
  • Issued DLA 2956-1, fixing some vulnerabilties which haven’t a CVE ID assigned yet, for wordpress.
    For Debian 9 stretch, these problems have been fixed in version 4.7.23+dfsg-0+deb9u1.
  • Issued DLA 2958-1, fixing CVE-2021-3700, for usbredir.
    For Debian 9 stretch, these problems have been fixed in version 0.7.1-1+deb9u1.
  • Issued DLA 2936-1, fixing CVE-2018-8098, CVE-2018-8099, CVE-2018-10887, CVE-2018-10888, CVE-2018-15501, CVE-2020-12278, CVE-2020-12279, CVE-2019-1352, and CVE-2019-1353, for libgit2.
    For Debian 9 stretch, these problems have been fixed in version 0.25.1+really0.24.6-1+deb9u1.
  • Working on src:tiff and src:mbedtls to fix the issues, waiting for more issues to be reported, though.
  • Help and assisted others w/ their queries, see “Other (E)LTS Work” section for more details.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 578-1, fixing CVE-2021-0561, for flac.
    For Debian 8 jessie, these problems have been fixed in version 1.3.0-3+deb8u2.
  • Issued ELA 582-1, fixing some vulnerabilties which haven’t a CVE ID assigned yet, for wordpress.
    For Debian 8 jessie, these problems have been fixed in version 4.1.35+dfsg-0+deb8u1.
  • Worked on readying up python2.7 update. But the tests fails with a segfault but only on jessie. The very same works fine on stretch.
    Been trying to workthru the tests but it looks that it’s a test-only thing. But I’ll double-check to be sure. :)
  • Looked into src:bind9 for Markus. Also, coordinated the same w/ the Ubuntu security team (ESM one). Reported the findings that I and Marc discussed.
    Markus seemed to workthru a way out in the end. \o/
  • Working on src:tiff and src:beep to fix the issues, waiting for more issues to be reported for src:tiff and src:beep is a bit of a PITA, though. :)

  Other (E)LTS Work:

  • Triaged xterm, dojo, strongswan, ruby-sidekiq, flac, wordpress, usbredir, debian-edu-config, libphp-adodb, and libgit2,
  • Contributed to “Freexian values” (cf: internal survey).
  • Read through the logs of the monthly Debian LTS meeting.
  • Helped w/ debian-archive-keyring thread and gave pointers to Anton.
  • Sorted out the LXD VM issue for src:libgit2 upload.
  • Helped answer Markus’ question on src:bind9 security/regression updates.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.
  • Attended the monthly LTS meeting. Happened on #debian-lts this month.

  Debian LTS Survey

  I’ve spent 9 hours on the LTS survey on the following bits:
  (but I’ll invoice them next month)

  • Organize questions. Re-order, fix, and add things wherever needed.
  • Finally set the whole thing up.
  • Did a couple of dry-runs.
  • Drafted the mail to be sent.

  ---

  Until next time.
  :wq for today.

---

April 09, 2022

• FSCI Prav App Project: Challenging the Monopoly of WhatsApp

  PravApp project is a plan to get a lot of people to invest small amounts to run an interoperable messaging service that is easier to join and discover contacts.

  

  It will be based on Quicksy which gives a similar experience to WhatsApp without locking users to its service by interoperability with any XMPP service provider.

  The prav project wants to offer this service under a Multi State Cooperative Society in India, and they need 50 members each from at least two Indian states.

  In addition to the software freedom and interoperability, the Prav project will give users control over its privacy policy. The cooperative society ensures democratic decision making as the members of the cooperative society will have equal voting power.

  

  Prav’s Mastodon handle summarized the project very well:

  Imagine there are two dining mess (where students eat) in your college, one in which the menu is decided by the administration, and the other one in which the menu is decided by the students. The administration mess is under their policies over which students have no control, and the menu along with any other policies can be changed anytime without asking students, whereas every decision in the student mess is taken collectively by students.

  Which one would you prefer as a student?

  Prav project is like the student mess in the above example, where users control the Privacy Policy of the service.

  Learn more at prav.app.

  Check out this video for an introduction in the Malayalam language:

---

April 08, 2022

• FSCI FSCI will do an Ask Me Anything on r/India subreddit on 12th April

  Update: The AMA ended and you can read it here.

  We are invited by the moderators of r/India subreddit to do an Ask Me Anything as a community. Members of r/India community can ask us anything during this Ask Me Anything session. We feel that this is a very good opportunity to interact with people and spread the idea of Free Software and its importance.

  The AMA is on 12th April 2022 and will start from 17:00 hours Indian Standard Time. We created a Reddit account especially for this AMA and our username on Reddit is u/fsci-in.

  Thanks a lot to the r/India moderators for the invitation. Feel free to join the AMA and literally ask us anything. We are looking forward to the AMA and hope it will be fun.

  Links:

  • AMA announcement on r/India.

  • Announcement of Mastodon by r/India.

  • Announcement on Twitter by r/India.

---

March 29, 2022

• Vinay Keshava Snikket Xmpp

  Back to writing after a 2-month long Semester End Exam !!!!.
  Everyone uses messaging platforms like WhatsApp, Facebook, Signal, Telegram, and various other applications to communicate with people, in this blog post I would like to introduce to XMPP Protocol( Extensible Messaging and Presence Protocol), XMPP is an open, decentralized universal messaging standard for instant messaging, voice/video calls. Many Applications or Clients are built using the XMPP protocol due to its open nature. Platforms like WhatsApp, Telegram, Signal impose vendor lock-in wherein the user using the product or service cannot transit to the competitor’s product/service. To overcome vendor lock-in issues and privacy issues one of the minimal, simple best solutions is to set up a Snikket server of your own, where you can own your data.

  What is Snikket

  Snikket is a simple, customized messaging platform that is different from other messaging apps like Whatsapp, Telegram. Snikket is a decentralized messaging platform which means anyone can host their snikket server on their cloud, it allows everyone to host their server.
  Snikket is free software, a privacy-friendly messaging platform based on XMPP protocol, it can be self-hosted by anyone. Snikket provides an android application client to connect to any XMPP servers and using a snikket account you choose any XMPP clients if you want to connect using android applications like monocles chat, blabber, Snikket app other desktop clients recommended are dino-im and gajim.

  Experience of Running Snikket Server

  Snikket is my first self-hosted service, before talking about the experience of running the snikket server I would like to talk about Software Freedom camp 2021 ,the camp is organized by the Free Software Community of India. As a part of the camp initially, learners were made to understand the philosophy and intention behind free software. Later during the project phase, learners were allowed to choose certain available topics proposed by the mentor.
  After joining the sfcamp as a learner, I choose to learn system administration and Debian packaging, under system administration one of the deliverables was to set up a Snikket server of my own.
  To run any snikket server basic requirements are a domain name and a VPS (Virtual Private Server )to run your snikket server. I had signed up for the Github Student Developer pack through the pack got the free domain from name.com and I choose Amazon Web Services Free Tier as my VPS.

    Snikket is all about the
          DNS
          Docker
          Daemons
  

  Snikket also has an option of creating circles, limiting users to that circle only, although any user can talk to any individual by providing an XMPP or Snikket username. Snikket uses an invite-based procedure for account creation on the server. Only the admin can have the authority to create an invite link. Snikket also supports audio and video calls of great speed, these are some of the features of the snikket application. I have been using Snikket and invited most of my friends to my Snikket server. Initially, it took time to make them understand how it is completely different from other messaging platforms. Later educated them about how decentralization, vendor lock-in works and then introduced them to Snikket and other XMPP-based clients.
  The learning while setting up the snikket server was got introduced to Docker Container, Domain Name System( DNS ), how server logs are checked, and debugging the errors.

  Guide to Setup Snikket Server

  Here is the quickstart guide to setup the snikket server , this is the official guide by Snikket to setup the snikket server . The detailed documentation is here. Snikket requires few ports to be open for communication refer this which clearly mentions the firewall rules and ports required. Snikket Source code here.

  Thanks to Ravish and Sahil for helping to set up the Snikket server.

  Next Goals

  • Reverse Proxy by Nginx .

  Bye for now .

      :wq
  

      Mail : vinaykeshava@disroot.org
  

---

March 26, 2022

• FSCI How To Create A Channel Interconnected With Telegram, IRC, XMPP, Matrix

  (Updated on 08-April-2022 to add screenshots)

  Let’s say your friend uses Telegram and wants to join your group on Free Software activism, while your group is on Matrix and the friend needs to download an extra app to join your group. Wouldn’t it be better if users could connect with each other irrespective of the app they use? While we don’t know any such method for encrypted personal chats or private groups as of now, but public groups can be interconnected in such a way that users of Telegram, IRC, Matrix, XMPP, can participate without switching to any other chat protocol. This tutorial is exactly about this.

  This method will enable, for example, a Matrix user’s post in the Matrix group to reach IRC, XMPP and Telegram users too. A posting by a user of any of these chatting systems in the respective group will be bridged across to other chat systems.

  Step 1: Create a public non-encrypted public Matrix room on any matrix homeserver.

  Step 2: Create a public Telegram channel.

  Step 3: Use t2bot guide to bridge Matrix with Telegram.

  Step 4: In this step, we will bridge Matrix room to IRC.

  4a: Create an IRC channel on oftc.net (or your preferred server) with the channel name, let’s say, #name. To do this, we join irc.oftc.net via an IRC client and then in the chat box, type the command /join #name. You joined a new channel named #name. Type the command /msg ChanServ HELP in the chat box. Now go to the chat box of ChanServ, and type the command REGISTER #name <Description of the channel>. This will register a channel on irc.oftc.net.

  4b: Make sure that you have admin access on the Matrix room and in the Matrix room, select the option ‘Add widgets, bridges & bots’ as in the image below(we are using Element Desktop app for Matrix side screenshots in this tutorial):

  

  4c: Select the option ‘Add integrations’ as shown in the image below.

  

  4d: Scroll down to the bridges section and choose the IRC option.

  

  4e: Choose the IRC network your channel is on.

  

  4f: Fill all the channel details and in the nick, write the name of the channel operator. After filling details, click on ‘Request Integration’.

  

  4g: Check the IRC side. You must have received a request from the Matrix bridge as shown in the image below, which you need to reply by entering either y or yes in the chatbox and pressing enter.

  

  4i: After you type y, the IRC channel and Matrix room will be bridged. This means IRC users can post in Matrix room and vice versa.

  

  Step 5: Use IRC Cheogram to join the channel from the XMPP side.

  If you are having problems joining from the XMPP side, please go to the room settings and change your nickname in your XMPP app. Changing nickname in xmpp group settings will change nickname on IRC.

  Note: For FSCI chat room, we have made Telegram channel as read-only to encourage participation through IRC, Matrix or XMPP. Telegram is centralized and we would not like to promote it. You are invited to join our chat groups.

---

March 23, 2022

• Sahil Dhiman Humans and Home

  I always wonder that humans erect walls to keep themselves safe when they’re most vulnerable, ie in their sleep. Walls or something akin gives a feeling of protection. It protects them from natural elements (weather, heat, rain etc.), seems to be a basic human instinct to want to be safe.

  Eventually, it seems as possession keeps on mounting (as compared to our hunter-gather roots), those walls gave protection to possessions as well. A reassurance of safekeeping and ownership that everything between these walls is “mine”. And we started calling the area between the walls as our place or home.

---

March 19, 2022

• Sahil Dhiman Aapka Bunty and Some Thoughts

  Stories are windows in someone’s life. The author may find it suitable to open and close it at a juncture, leaving us in a mix of emotions. We may wish it closes at different point or the window is open a little longer to peer what happened with the protagonist, but as the story window open at random it may well close as that.

  आपका बंटी (Aapka Bunty) by Mannu Bhandari was about a small boy and his relations with divorced parents. He used to live with his mother (who later remarried, just like his father). The surge of emotions; fear, anger, confusion made him disconnected, stubborn and disagreeable. The complexity of circumstances made me want the mother-son could come back to former connected self, but alas, the emotional turmoil broke them apart. Things may look simple from outside, but internally, feelings gets’ harder to make sense or connect. Our feelings for someone’s or something remains and are usually hard to change.

  Aapka Bunty stirred and brought back memories of my childhood. School, family, friends were fine but mentally, all sorts of thoughts, fear, at times anger, new realizations about my self and world around kept my brain buzzing. Most times, I wouldn’t share those with anyone (which may have sorted many of them) but most times trusted another soul was hard to come by. The story hit hard and brought back memories of those time almost 13-14 years later now. After reading it, I also realized that how privileged to have guidance, love and care from both parents. It’s even more significant as I transition to an in-office workplace at my first job in Gurgaon. Father guiding me about the world around and mother taking care of my household needs; complementing each other to ease the move.

  An interesting aspect I find is the sea of different emotions portrayed/described in Hindi literature, which I could not find in English or translated literature. Maybe English too has its depth, but I could connect to Hindi completely.

  As usual, as the end of the novel was drawing near; an excitement of end and a dread of closing of the window coincided. The window in Bunty’s life closed, leaving with thought’s how he coped the now physical distance from his mother and incoming hostel life. Surely this would have adverse effects on his teenage and adult life later, or perhaps he came to peace with his life.

---

March 11, 2022

• Sahil Dhiman Life Goes On

  Whether it’s life after someone’s death or traffic on a highway, it keeps on going.

  A small particle, person or writing is just a minute dent in the grand scheme of the universe. Big bang is big or probably the biggest event in comparison to just an exam or a deadline. Everything is relative. A thing that’s worrying can fade as soon as a different, “bigger” issue crops up. So, does anything matter, or we should say all is well and things will pan out fine in the end (or if they don’t, a “bigger” issue is surely on the way).

---

March 01, 2022

• Utkarsh Gupta FOSS Activites in February 2022

  Here’s my (twenty-ninth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 38th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  I had been sick this month, so most of the time I spent away from system, recovering, et al, and also went through the huge backlog that I had, which is starting to get smaller. :D

  Anyway, I did the following stuff in Debian:

  Uploads and bug fixes:

  • at (3.4.4-1) - Adding a DEP8 test for the package, fixing bug #985421.

  Other $things:

  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 13th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my twenty-ninth month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
  Whilst I was assigned 42.75 hours for LTS and 45.25 hours for ELTS, I could only work a little due to being sick and so I spent 15.75 hours on LTS and 9.25 hours on ELTS and worked on the following things:

  LTS CVE Fixes and Announcements:

  • Issued DLA 2909-1, fixing CVE-2021-45079, for strongswan.
    For Debian 9 stretch, these problems have been fixed in version 5.5.1-4+deb9u6.
  • Issued DLA 2912-1, fixing CVE-2021-3850, for libphp-adodb.
    For Debian 9 stretch, these problems have been fixed in version 5.20.9-1+deb9u1.
  • Issued DLA 2913-1, fixing CVE-2022-24130, for xterm.
    For Debian 9 stretch, these problems have been fixed in version 327-2+deb9u2.
  • Issued DLA 2918-1, fixing CVE-2021-20001, for debian-edu-config.
    For Debian 9 stretch, these problems have been fixed in version 1.929+deb9u5.
  • Simultaneously, I’ve been working on the python* update but couldn’t complete due to illness.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 559-1, fixing CVE-2018-6561, CVE-2020-4051, and CVE-2021-23450, for dojo.
    For Debian 8 jessie, these problems have been fixed in version 1.10.2+dfsg-1+deb8u4.
  • Issued ELA 560-1, fixing CVE-2021-3850, for libphp-adodb.
    For Debian 8 jessie, these problems have been fixed in version 5.15-1+deb8u2.
  • Issued ELA 561-1, fixing CVE-2022-24130, for xterm.
    For Debian 8 jessie, these problems have been fixed in version 312-2+deb8u4.
  • Also looking at python2.7 and python3.4 updates for jessie but couldn’t complete due to illness.

  Other (E)LTS Work:

  • Triaged xterm, dojo, strongswan, debian-edu-config, libphp-adodb, and libgit2,
  • Read through the logs of the monthly Debian LTS meeting.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.

  Debian LTS Survey

  I’ve spent 10 hours on the LTS survey on the following bits:
  (and 5 hours of the last month that I’m going to invoice this month)

  • Put most of the content in the instance according to the question type.
  • Been going back and forth updating the status of the survey on the issue.
  • Trying to find a way to send to DDs - discussing with DPL, Raphael, and other people on the issue itself.
  • Completing the last bits to start the survey for the paid contributors, at least. Talking to Jeremiah about this.

  ---

  Until next time.
  :wq for today.

---

February 07, 2022

• FSCI How do people make a living out of free software

  (This article is taken from a draft created for FSF India article on the same topic)

  When people understand that “free software” means the software which respects user’s freedom and not free of cost, the question “how does one earn a living with free software?” comes from the fact that free software ensures the user’s freedom to share exact and modified copies of the software with anyone.

  To answer this question arising out of natural curiosity, we have compiled a list of methods on how to make a living out of free software or to sustain the development of free software with examples.

  1. Free Software consultancy services which provide solutions based on free software

  A business can provide paid consultation services to clients and implement solutions based on free software. DeepRoot GNU/Linux is an example of a successful Free Software consultancy service.

  Quote from Abhas who leads Deeproot: “At DeepRoot Linux, we enable organisations of all sizes to use Free Software for their infrastructure deployments. We provide software, services and support so that they can use GNU/Linux and Free Software effectively. Over the past 18 years, we have worked with more than 500 organisations to help them in their endeavour to adopt and run Free Software. We build mail servers and mail server clusters, private clouds, containerisation and automation solutions, computer labs and so much more. We provide support for a variety of free software tools that user’s might want to use and help them implement, scale and secure them.”

  2. Customization of Free Software

  Free Software businesses can customize their own offering or existing free software for their clients to satisfy their needs. This is usually done in combination with selling free software solutions.

  For example, Alphafork Technologies is a business which customizes Free Software to build solutions according to the requirements of clients.

  Computing Freedom Collective is another business which provides customized solutions based on Free Software.

  3. Offering Free Software powered services

  Free Software services can be setup and run with an access fee for using the services.

  Examples:

  • Chiguru Class Meet offers gratis and paid plans for using their BigBlueButton service, which is a Free Software Video Conferencing solution.

  • conversations.im offers a paid XMPP service.

  4. By selling hardware with free software pre-installed.

  Examples:

  • Unmukti is a unique free software business selling hardware devices handling network security and connectivity for clients, with customized free software solutions running on top of it.

  • Mostly Harmless sells libre hardware, like laptops, phones, routers etc., capable of running only free software.

  • Purism is a company which sells hardware which can run fully free software. They maintain their operating system, PureOS and the development of PureOS are funded by selling hardware.

  5. By selling free software

  People can charge as much as they wish or can for a copy of free software. If a license does not permit users to make copies and sell them, it is a nonfree license. Free/Swatantra software is a matter of user’s freedom and the following are some examples of distributing free software for a fee:

  Examples:

  • Simple Mobile Tools, an android app developer, sells a huge variety of android apps including a gallery app, calendar, camera, clock, app launcher, calculator, dialer, sms messenger, voice recorder and many more apps in two ways. One is, they sell paid apps via google play store and the same apps are distributed via F-Droid without charging any money. So the user can get the same app for free and can also support its development by paying for it if they so desire.

  • Krita Foundation, sells Krita, a free software digital painting application, on Windows store and on Steam for a fee.

  • Ardour is another free software project that shows free is all about freedom not gratis.

  • Conversations is a paid free software Android xmpp app which can be downloaded from Google Play Store.

  • Vital, a spectral warping wavetable synthesizer is a free software sold for a fee.

  • Elementary OS, which is a GNU/Linux Distribution makes downloads available with options for payment.

  • Zorin OS, which is another GNU/Linux Distribution, funds the developments of its software by selling paid versions of free software.

  6. Selling Exceptions to the GNU GPL

  Instead of making a software available under dual licenses, a free software can be sold to someone making an exception in case of application of free software license terms. It is sold to the buyer only without any possibility of redistributing the software under that license exception. See Selling Exceptions for more details.

  7. Selling Free/Swatantra core with paid addons:

  Providing addons for a fee for extra functionality in a free (as in freedom) software (the software itself can be paid or gratis).

  • VCV Rack

  • Akaunting, an accounting software that is free-of-cost for use but also has paid addons for additional functionality https://akaunting.com/

  8. Subscription based support:

  A Free Software business can sell subscriptions for support which ensures clients using the supported free software can rely on that business for support when they need it.

  Examples:

  • Red Hat sells subscriptions for the support, training, and integration services that help customers in using their free software products. Customers pay one set price for unlimited access to services such as Red Hat Network and up to 24/7 support.

  • Suse Linux also offers the same.

  • Matrix.org develops free replacements to proprietary/nonfree apps like Whatsapp, Telegram which can be installed on own infrastructure and they offer paid hosting based subscriptions which funds the development of the software.

  9. Donations and Crowdfunding

  • Donations are usually collected for Free Software Development and hosting free software services for the public.

  • GCompris, Godot game engine, Blender, Peertube, a decentralized video platform, Pixelfed, a decentralized photo sharing platform are examples of free softwares developed with community funding which ensures livelihood of developers.

  • Riseup, Disroot, etc. collect donations for running various Free Software Services for the community.

  10. Free Software Training

  Charging money for providing trainings for free software based services.

  • Blender Studio is funded through Blender Cloud, which offers training and learning materials to learn Blender.

  11. Selling Merchandise

  Selling merchandise branded with free software logos such as clothes, accessories, mugs, pens etc. can be helpful in sustaining free software development and in paying developers.

  • Blender sells merchandise at Blender Store, KDE sells laptops, merchandise, books on their MetaStore, same for Matrix foundation merchandise store

  12. Content creation around Free Sofware

  Examples:

  • It’s FOSS an online technology website has built its entire content around free sofware and their own content can be reused with proper credits.

  • Content creators like Novaspirit Tech Chris Were, Luke Smith and many more have built their audience around free sofware where they build various projects, do experiments, discuss free sofware and because of their reach, have access to sponsorships from brands and donations from users inclduing Patreon.

  • Tilvids.com, a curated, donation based edutainment video platform built on the Free Peertube software. The donations to the website are used to maintain the website as well as for commissioning content creators to create original content.

  13. By getting paid to develop free software.

  • Software like Libreoffice, OBS studio, KDE softwares are examples of free software which are being developed by corporate sponsorships to developers who are commissioned to fix particular issues or develop new functionality. The corporates get the benefit of using free software with functionality they want and the wider community benefits from improved software.

  You can watch this video for more details where people earning a living from Free Software shre their experiences. This was a discussion session organized as a part of Free Software Camp 2020.

  FSF maintains a directory of people offering their free software services for hire.

  A lot of free software developers all over the world are paid for their work, others volunteer to develop free software in their free time. We consider it as developer’s obligation to release the software under a free license.

  A lot of free software projects are developed by volunteers in which non-technical people are also involved in crowdfunding, designing posters, campaigning by writing articles, translation into local languages etc. Free Software community needs everyone to get involved to create a free society. You can contribute to free software by volunteering for FSCI. You can contact us for guidance on how you can make a living with free software.

  Further Reading:

  • A website maintained by Abhas explaining what is a Free Software Business - Raises awareness, explores the possibilities of running one.

  • Free software in business: Success stories.

---

February 05, 2022

• Sahil Dhiman 100DaysToOffload Conclusion

  I took the #100DaysToOffload challenge last year, thanks to Jason. The whole concept of #100DaysToOffload challenge was to write 100 posts in the span of 365 days. Now counting this post (which is coming out 365+ some days ;)), I managed to write about 54 posts (starting with this write-up), a little more than the halfway mark.

  Initially, I was hesitant to take it up, saying 50 is a more reasonable number, but Jason’s mentioning it’s only two posts/week and seeing he did multiple 100s of posts for some years around gave the boost to go for it. It seems that January to July were quite productive months in terms of writings, 40 till then. August came, which saw no writing (probably due to work stuff coming in full swing). After August, it was slower, leading to this conclusion post.

  #100DaysToOffload was a good motivator to write, but it later became a burden. In hindsight, I have more clarity and my writing is better than before, but I won’t re-attempt it again. Writing is better (and easier) with no commitments attached and posting as and when something is completed. Still, I don’t see myself committing less to writing, the blog will keep on pinging :)

  PS: Having # in title and in turn URL seems not easy in Hugo.

---

February 01, 2022

• Utkarsh Gupta FOSS Activites in January 2022

  Here’s my (twenty-eighth) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 37th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  Just churning through the backlog again this month. Ugh.

  Anyway, I did the following stuff in Debian:

  Uploads and bug fixes:

  • ruby2.5 (2.5.5-3+deb10u4) - Fixing CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-32066, Fixes: CVE-2021-41817, and CVE-2021-41819 for Buster.
  • mat2 (0.12.2-1.1) - Add patch to fix AssertionError in test_libmat2, fixing bug #1002418.
  • ruby-fast-gettext (2.0.3-2) - Add patch to fix FTBFS, fixing bug #1002103.
  • python-flask-marshmallow (0.14.0-1) - New upstream version, v0.14.0, fixing bug #989269.
  • ruby-rack (2.2.3-4) - Add patch to fix build and autopkgtest.
  • ruby2.7 (2.7.4-1+deb11u1) - Fixing CVE-2021-41816, CVE-2021-41817, and CVE-2021-41819 for Bullseye.

  Other $things:

  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 12th month of actively contributing to Ubuntu. Now that I joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from the fall, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
  I was assigned 58.25 hours for LTS and 60.00 hours for ELTS and worked on the following things:
  (I already worked for 20h in the last month (December) because of vacation :D)

  LTS CVE Fixes and Announcements:

  • Issued DLA 2884-1, fixing CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, and CVE-2022-21664, for wordpress.
    For Debian 9 stretch, these problems have been fixed in version 4.7.22+dfsg-0+deb9u1.
  • Issued DLA 2885-1, fixing CVE-2021-3481 and CVE-2021-45930, for qtsvg-opensource-src.
    For Debian 9 stretch, these problems have been fixed in version 5.7.1~20161021-2.1+deb9u1.
  • Issued DLA 2895-1, fixing CVE-2021-3481 and CVE-2021-45930, for qt4-x11.
    For Debian 9 stretch, these problems have been fixed in version 4:4.8.7+dfsg-11+deb9u3.
  • Issued DLA 2894-1, fixing CVE-2021-45417, for aide.
    For Debian 9 stretch, these problems have been fixed in version 0.16-1+deb9u1.
  • Issued DSA 5067-1, fixing CVE-2021-41816, CVE-2021-41817, and CVE-2021-41819, for ruby2.7.
    For Debian 11 bullseye, these problems have been fixed in version 2.7.4-1+deb11u1.
  • Also worked on the policykit-1 security update, rolled out by Salvatore.
  • Simultaneously, I’ve been working on the samba and python* update.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 539-1, fixing CVE-2022-21661, CVE-2022-21662, CVE-2022-21663, and CVE-2022-21664, for wordpress.
    For Debian 8 jessie, these problems have been fixed in version 4.1.34+dfsg-0+deb8u1.
  • Issued ELA 543-1, fixing CVE-2018-19869, CVE-2021-3481, and CVE-2021-45930, for qtsvg-opensource-src.
    For Debian 8 jessie, these problems have been fixed in version 5.3.2-2+deb8u1.
  • Issued ELA 545-1, fixing CVE-2021-45417, for aide.
    For Debian 8 jessie, these problems have been fixed in version 0.16~a2.git20130520-3+deb8u1.
  • Issued ELA 554-1, fixing CVE-2018-19872, CVE-2021-3481, and CVE-2021-45930, for qt4-x11.
    For Debian 8 jessie, these problems have been fixed in version 4:4.8.6+git64-g5dc8b2b+dfsg-3+deb8u4.
  • Issued ELA 555-1, fixing CVE-2017-12424 and CVE-2018-7169, for shadow.
    For Debian 8 jessie, these problems have been fixed in version 1:4.2-3+deb8u5.
  • Issued DSA 5066-1, fixing CVE-2021-28965, CVE-2021-31799, CVE-2021-31810, CVE-2021-41817, CVE-2021-41819, and CVE-2021-32066, for ruby2.5.
    For Debian 10 buster, these problems have been fixed in version 2.5.5-3+deb10u4.
  • Worked on the policykit-1 (ELA 551-1) security update for jessie, fixing CVE-2021-4034, but was rolled out by Emilio due to a slight clash, but all good. :)
  • Been working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
    The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. Might need to unclaim, I think.
  • Found the problem w/ libjdom1-java. Will have to roll the regression upload.
  • Also looking at python2.7 and python3.4 updates for jessie. Some regressions for the package has been reported on the Ubuntu side.

  Other (E)LTS Work:

  • Front-desk duty from 24-01 to 30-01 for both LTS and ELTS.
  • Triaged wordpress, php-nette, samba, wordpress, and qtsvg-opensource-src, qt4-x11, python2.7, python3.4, libspring-java, librecad, minetest, spip, varnish, libimage-exiftool-perl, libsixel, openexr, openssl, phpmyadmin, util-linux, shadow, ruby2.5, and ruby2.7.
  • Mark CVE-2022-21648/php-nette as not-affected for stretch and jessie.
  • Mark CVE-2021-23803/php-nette as not-affected for stretch and jessie.
  • Mark CVE-2021-22060/libspring-java as end-of-life for stretch.
  • Mark CVE-2022-23935/libimage-exiftool-perl as no-dsa for stretch.
  • Mark CVE-2021-45340/libsixel as no-dsa for stretch.
  • Mark CVE-2021-45942/openexr as no-dsa for stretch.
  • Mark CVE-2021-4160/openssl as no-dsa for stretch.
  • Mark CVE-2022-23807/phpmyadmin as not-affected at all.
  • Mark CVE-2022-23808/phpmyadmin as not-affected at all.
  • Mark CVE-2022-23935/libimage-exiftool-perl as no-dsa for jessie.
  • Mark CVE-2021-4160/openssl as no-dsa for jessie.
  • Mark CVE-2021-3995/util-linux as not-affected for jessie.
  • Mark CVE-2021-3996/util-linux as not-affected for jessie.
  • Mark CVE-2022-23959/varnish as not-affected for jessie.
  • Mark CVE-2021-4160/openssl as ignored instead for stretch.
  • Auto EOL’ed 389-ds-base, mongodb, kfreebsd-10, spip, strongswan, libsixel, xen, connman, minetest, and linux for jessie.
  • Attended monthly Debian LTS meeting.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.

  Debian LTS Survey

  I’ve spent 5 hours on the LTS survey on the following bits:
  (however, I’ll invoice them together next month)

  • Went through the content to put in the survey.
  • Put some of them there according to the question type.
  • Been going back and forth updating the status of the survey on the issue.

  ---

  Until next time.
  :wq for today.

---

January 28, 2022

• Sahil Dhiman Quick-wiki: Mastodon

  Last update: 02/2022, Mastodon v3.4.6 from Docker Hub.

  This is a quick-wiki for Mastodon, a federated, self-hostable social media software. As the installation was done via docker-compose, it’s more oriented towards it and may see fewer customizations.

  Table of Content

  • Updates
  • Accounts
  • Glossary
  • To do
  • Quick links

  Updates

  • Read changelog and instructions from GitHub release page.

  • Now pull down the containers and update version numbers in docker-compose file:

  ## backup db
  docker exec mastodon-db-1 pg_dump -Fc -U postgres postgres > name_of_the_backup.dump
  cd mastodon
  sed -i 's/v3.4.5/v3.4.6/g' docker-compose.yml
  docker-compose pull
  docker-compose up -d
  

  Accounts

  • Create new account via admin CLI:

  docker exec -it mastodon-web-1 sh
  tootctl accounts create <USERNAME> --email=<EMAIL>
  # a password would be generated for login
  

  • Create new account via web UI by visiting /admin/invites

  Note: Accounts need manual approval (confirm CTA) via <MASTODON_URL>/admin/accounts as email setup isn’t present.

  • Delete an account via admin CLI:

  docker exec -it mastodon-web-1 sh
  tootctl accounts delete <USERNAME>
  

  • Direct account deletion isn’t possible via web UI. The account is first suspended and then data is deleted.

  Database backup

  docker exec mastodon-db-1 pg_dump -Fc -U postgres postgres > db.dump
  

  Regain storage

  • Steps to delete media older than seven days:

  docker exec -it mastodon-web-1 sh
  tootctl media remove
  tootctl media remove-orphans
  

  Glossary

  • Web (through Puma) - Short lived HTTP requests.
  • Streaming API - Streaming API handles long-lived HTTP and WebSockets connections for real time updates.
  • Background processing (through Sidekiq) - Many tasks are delegated to background processes for quick HTTP requests. Sidekiq handles these. Sidekiq has the following queues - default (local users tasks), push (push content to remote servers), mailers, pull (fetching content from remote servers) and scheduler (cron jobs like log cleanups and refreshing trending hashtags) - in decreasing order of preference.

  TODO

  • Instance emoji’s for tusky client.
  • Secure mode.
  • Federation with hidden services.
  • Full text search.
  • Video playback in tusky. Latency would be the culprit here.

  Quick links

  • Release page
  • Docker Hub release page
  • Mastodon Documentation
  • Linode’s installation guide
  • Admin CLI documentation

---

January 25, 2022

• Raghavendra Kamath How to use Smart Objects in Krita?

  Greetings Everyone

  This is the first quick tip tutorial post of this year. Today we are going learn about File Layers in Krita, for those who are coming from Photoshop “Smart Objects” may be a familiar term.

  

  In my recent advertising illustration project, I had to paint lots of small elements on a page. The page size was huge and the final layout was not fixed yet. The illustration was also going to be adapted to web and print media, that meant that the elements would be resized and moved around a lot across many files. Painting in groups and layers adding transform masks and transparency masks helps but once I changed an element in the main layout I would need to copy this group and layer to all others. Not a good thing when you are on the clock. And advertising tends to involve lots and lots of iterations.

  So here comes the “File Layers” feature in Krita to my rescue. It basically helps us to add a file as a linked reference into a document, and when the external file changes it also updates the instances of this file inside all of our .kra file when we open them. We can also convert any group or layer into a file layer on the fly while working. This makes it really easy for us to break down the illustration elements of a project into multiple separate containers linked to a main file. We can then open these containers or file layers in Krita and work on them separately. This also becomes a boon if your file dimension is really huge. The file dimension of this project was 12k x 5k pixels. So this made total sense.

  Method 1 – Adding external file

  To add an existing external file as a file layer, just drag it inside your document and a context menu will appear. Click on the “Insert as a new file layer” option. Or you can click on the plus icon in the layer docker and click on the “Add File Layer” option. It will open a dialog box and then click on the folder icon to browse and add your file. You can choose the scaling options according to your needs. Click “Ok” . Now you will have a File layer in your document.

  Method 2 – Converting from layers

  The first method was to add an external file, let us see how to convert the part of the document as file layer. Select and right click on any specific layer of groups layer. Then in the context menu go to “convert” menu and then click on “To File Layer”. A dialog box will open asking you where to save this file layer. Browse and choose a location and save as .KRA file if it is a group (to preserve the layers inside the group) or .PNG file if it is a single layer. The layer or group will be converted as a referenced file layer in place. Now you can close the document and work on the file layer you saved. Next time you open the main file the file layer will get updated.

  To edit a file layer quickly click on the folder icon besides its name. This will open it in Krita for editing. And when you save the file it will get automatically updated in the main file

  We can add transform masks or filter masks on the file layer to adjust or resize it. This makes it easy to separate large groups into individual elements, which then can be used in other documents, while at the same time keeping the original content intact. As far as I know this type of non-destructive workflow via file linking is not yet present in any other free and open source software other than Krita.

  Do you use file layers in your workflow? Did you find this tutorial useful? let me know in the comments. If you find this post helpful and want to buy me a coffee for sharing it just check out my page on Kofi or donate through my PayPal page. Or you can also buy my paintings as a print from here.

  That was it for this tutorial, see you next time in another quick tip. Bye.

---

January 20, 2022

• FSCI Donate today to keep our services running

  We believe every computer user must have freedom and privacy. A lot of services on the internet are privacy-invading and snoop on their users. Therefore, as ethical replacements, to bring the change we seek, we run services so that people can use them without the fear of being tracked or having to spend their time and effort in maintaining them.

  Our services are open to everyone, such as Jitsi Meet for video/audio calls, Encrypted Chat Services, etc. and these services are administered and maintained by trusted and skilled volunteers at FSCI in their free time .

  But running these services comes along with their own costs. The costs mainly include renting computers connected to the internet(servers) that run these services, associated storage, purchasing domain names and sometimes hiring people outside the community to fix certain issues that our own volunteers are unable to fix.

  Mainstream corporate services are funded by selling user data. We do not collect any personal information about our users. We rely on donations to cover the monetary costs of running these services. But we do not receive sufficient donations to cover these costs. As a result, some of the community members end up paying from their pockets to keep the services up and running. Although, we are trying our best to keep these services running, we think that only a few members covering the whole cost is unfair to them and not sustainable in the long term.

  We saw great efforts by many volunteers and financial contributors in our Jitsi Meet crowdfunding in which we targeted ₹ 62,500 for 2 years and 15 people donated to cover 57% of the target in one year. The donations ranged from ₹ 10 to ₹ 16440. This shows us the potential of people coming together and contributing in whatever ways they can for the things they care about. Donations go a long way!

  Please click on the Donate button below to make financial contributions to support our free software powered and privacy-respecting services. Every contribution counts, whatever be the amount.

  Donate

  In addition to financial contributions, we are always looking for volunteers to help maintain our services. It does not matter who you are or how technically skilled you are, only the willingness to learn and contribute is enough. Other than financial contributions or volunteering for maintaining the services, there are a lot of ways you can help us in the free software movement at FSCI, please check out this page. In addition, you can contribute in other ways– making posters, contribute by writing articles campaigning for free software on our website, monitor funding status of various services and organize crowd funding campaigns when funds are depleted, raise awareness about free software, privacy, organizing events and talks, by designing posters, banners etc.

  We are grateful to all the contributors.

---

• FSCI My Experience of running Snikket

  What is Snikket?

  Snikket is a software that can be installed on a server to self-host an xmpp server. Snikket makes some choices for the person installing it on the server and therefore, makes it easy to get the features any XMPP server would usually like to have– audio/video calls, file sharing, etc. It is very convenient to set up and saves time. The downside is that you lose control over your setup, but you can choose to install plain XMPP on the server anyway if you want more control.

  In addition, Snikket also has a hosted option which makes the process even easier, at which is currently free-of-cost and in beta but will be very affordable once it is launched officially.

  When Praveen told me the idea of Snikket a few days ago, I liked the idea and so I wanted to try and self-host it.

  Setting up on the server

  Sahil and me first tried to get Snikket running on a server with nginx running on it, but we failed to do so. Snikket’s guide assumes that there is no reverse proxy running on the server. Then I thought that we should try deploying Snikket on a server in which there is no other service running. Sahil allowed access to a server that he was abandoning anyway. He gave a fresh Debian installed on the server. After that, we followed the Snikket self-hosting guide which was very simple and within a few minutes, the server was up and running.

  Experience as a user

  I created an admin invite link for myself. Then I scanned the QR code in the invite link using the Snikket app. The app asked me to set a username and password, after which my account got created and ready to go. Every user on Snikket needs an invite to join. The admin creates an invite link and shares with the person. The link gives various ways of joining and links to app stores to download the app as well. Then I created an invite link for Sahil. He joined using the Conversations app, which shows that you can use any xmpp app to accept the invite and use your account. we tried texting, file sharing, audio/video calls and it was working very well. Snikket gave 95% compliance to my server out of the box, which usually takes a lot of work in plain XMPP, but Snikket made it easy. On this occassion, the founder of Snikket project, Matt replied to me on Mastodon reminding us not to take compliance measure too seriously:

  As a follow up of my comment about Snikket providing 95% compliance out of the box, they posted an FAQ on their website to address why they are not chasing 100% compliance with any tester on the internet.

  Now back to my setup. I noticed that while generating the invite link, the admin can choose the circle of the person they are inviting. People joining the same circle are automatically added as contacts. They don’t need to add manually. For example, you might have a circle called Family. So, everyone in the Family circle will know each other. You might have a different circle called ‘College’ and so on.

  What I like about the Snikket is that it is very good quality out of the box. The audio/video call quality is superb, file sharing works like a breeze.

  Further goals

  The next step is to configure Snikket on a server running a reverse proxy like nginx. Me and Sahil tried but didn’t get success. If that is successful, I can run the server in long-term. For now, it is only experimental and temporary.

  Thanks FSCI for giving me an opportunity to share my experience on their blog.

  Goodbye for now.

  Update on May 15 2022

  After a week of writing this post, I could set up Snikket on nginx. It’s been almost 5 months now and the service is very smooth. I only had to update once and that was very easy. I faced no issues as of now on the server side. The uptime has been 100%.

  I found Snikket project chatroom as very helping and welcoming. They try their best to help newbies in self-hosting, which usually takes a lot of patience.

---

January 18, 2022

• FSCI Use F-Droid App Store For Freedom and Privacy in Android phones

  We have been emphasizing the importance of Free Software (software which gives users freedom to use, study, modify and share) for years now and the problems with nonfree/proprietary software. For users of Android operating system, there is a very easy way to download and use Free Software– via the F-Droid app store. This will help you in replacing proprietary/nonfree apps with Free Software ones, an action which is important to take control of your own device.

  F-Droid is an app store for Android which contains only Free/Swatantra Software. It is a community-driven project which ensures that the app you download matches the source code. F-Droid also verifies the apps for any malicious code– for example, whether the app has some tracking or not. F-Droid also lists Anti-features for each app in the F-Droid app store. It will also give updates for the recent versions of the apps.

  Get Started

  To get started, grab the apk file for the F-Droid app store by clicking on ‘Download F-Droid option’ from F-Droid’s official website. Allow your browser to download apk files on prompt. After the apk file is finished downloading, please open it and the F-Droid should be installed and shown in the app drawer. Open F-Droid and swipe down to update the repositories. Now you are ready to go!

  A few app recommendations to get started with F-Droid:

  • Indic Keyboard: Indic keyboard is a privacy-respecting keyboard which supports English and many Indian languages. It currently supports 23 languages and 60 layouts.

  After downloading Indic Keyboard, don’t forget to set it as default keyboard.

  • Newpipe: Newpipe is a frontend of YouTube. With Newpipe, you can watch YouTube videos without giving away your privacy. Further, Newpipe does not show you any ads, lets you download the video/audio in your device, and you can stream videos in the background as well.

  • Quicksy: A chatting app which respects your freedom, privacy, and at the same time provides convenience.

  • pep app: App for reading and writing emails which automatically encrypts emails between two pep users. Check out our email encryption guide.

  Support projects with donations

  In the end, we would like to encourage you to donate to the projects behind the apps you download and enjoy! A lot of Free Software apps and services rely on donations by their users. And finally, don’t forget to donate to the F-Droid project.

  Further Reading

  • FSF Europe’s article on F-Droid.

---

January 15, 2022

• Sahil Dhiman Men, Please Respect Women!

  A humble appeal to men to please respect women and their consent. It pains me immensely to say that EVERY SINGLE FEMALE FRIEND I came in close contact with has multitudes of horrible stories to tell about happenings of men following, molesting, character assassinating, making unsolicited sexual advances and what not. These were terrible things to hear, and every one of these girls were traumatized beyond belief. On the surface, these female friends seem happy or fine, but the constant amount of these bad advances have them scared, mentally. Single acts go a long way and keep on affecting for years.

  So please BACK-OFF or just go ask a female friend how horribly results these things can have.

---

January 12, 2022

• Sahil Dhiman termux.sahilister.in, a Termux Mirror Is Live Now

  termux.sahilister.in, a termux mirror is live now.

  To use it, termux-change-repo (part termux-tools package) can be used to modify sources. Doing apt edit-sources and using the following lines, would achieve the same purpose:

  # main
  deb https://termux.sahilister.in/apt/termux-main stable main
  
  # root
  deb https://termux.sahilister.in/apt/termux-root root stable
  
  # X11
  deb https://termux.sahilister.in/apt/termux-x11 x11 main
  

  The mirror is hosted on Contabo, in Germany, and syncs with upstream every 6 hours.

  Since the time I got in servers and hosting, I wanted to help the community by hosting a free software mirror, but most required too much storage or already had an abundant number of mirrors. Recently, I got to know about termux and saw the less number of its mirrors. Thought that this might be the right candidate for a mirror, I started setting it up. A Reddit reply from termux dev team member and ‘A New Termux Mirror’ post by Librehat, another mirror operator, made the setup a breeze. Finally, I opened an issue on termux-packages repo to get it added in official mirrors wiki and package.

---

January 04, 2022

• Sahil Dhiman Write for Yourself

  Akshay, during one of our mail correspondence, said - “The whole blogging thing is a giant ego boost”. Now I can’t agree more. I spent the past half hour and countless nights before reading my life blogs and loved the feeling. Even though all of them were my experiences, written, edited and posted by me, still going through them was like reliving my past once again.

  Many of my blogs feel worthless and not fit for posting immediately when in process of their creation, but I have come to this realization that they were/aren’t for immediate me but for future me.

  As I say, blog writing is like writing one’s own history/autobiography. No one would appreciate them more than your future self. Reliving the moment is what they will help you. I encourage you to write, write for yourself.

---

January 02, 2022

• aktsbot Swaywm on Debian 11 - bullseye

  Swaywm on Debian 11 - bullseye

  02 Jan 2022

  ---

  Getting a working sway/wayland desktop on my machine had always been a goal for sometime in the past year. I have been a huge dwm/X11 user and the reason Ihaven't jumped ship till now was that there were a few quality of life programs like redshift, unclutter, st etc that didn't have good substitutes in wayland.

  However, a lot changed since I tried sway back in 2020. Now there are good alternatives for the tools that I use and I thought I could document what my setup is at the moment. The operating system is Debian 11 "bullseye".

  Base install

  I chose to install debian from a net-install iso. At the step where the installer asked me what all "collection" of software I wanted to install, I only chose standard system utilities. Reboot and login into your debian system.

  Tip: If you skip setting a root password, the first user that you createduring installation would get sudo privilleges.

  Sway and foot

  $ sudo apt install sway foot

  foot is a lightweight terminal emulator forwayland. Copy over default config files to our home folder to mess with theirsettings.

  $ mkdir -p ~/.config/foot$ mkdir -p ~/.config/sway$ cp /usr/share/foot/foot.ini ~/.config/foot/foot.ini$ cp /etc/sway/config ~/.config/sway/config

  If we type in just sway from our logged in tty, sway should launch. Take alook at sway's config file that we copied over to know the default keybinds. Ifyou're an i3 user, you should feel right at home.

  swaylock, the screen lock application for sway is not in the debian stablerepos. So to install it grab its .debfrom one of the sid repo mirrors.

  $ cd ~/Downloads$ wget http://ftp.us.debian.org/debian/pool/main/s/swaylock/swaylock_1.5-2+b1_amd64.deb$ sudo apt install ./swaylock_1.5-2+b1_amd64.deb

  If we run swaylock from a terminal, our screen should be locked now. Sweet!

  Going through the default sway config that we copied over, both swayidle andswaylock are used together for locking the screen after a 300 second idle time.

  Make sure swayidle is installed with

  $ sudo apt install swayidle

  Exit menu

  Add the following to our sway config

  # exit dialogueset $mode_system System (e) xit, (s)leep, (r) eboot, (p) oweroffmode "$mode_system" {    bindsym e exec swaymsg exit, mode "default"    bindsym r exec systemctl reboot, mode "default"    bindsym p exec systemctl poweroff, mode "default"    bindsym s exec systemctl suspend, mode "default"    # back to normal: Enter or Escape    bindsym Return mode "default"    bindsym Escape mode "default"}bindsym $mod+Shift+x mode "$mode_system"

  Reload sway with $mod+Shift+c. If we now press $mod+Shift+x, we'd see anexit menu in the bar.

  Status line

  i3status works fine for basic needs. We can roll our own shell script for thistoo.

  $ sudo apt install i3status

  By default the status line just has the date and time. To change this,find the line in the config file that configures the status line in the bar and change it to call i3status

  bar {  ...   ## example with a shell script  # status_command while ~/bin/sway-status-line ; do sleep 10; done    ## default status line  # status_command while date +'%Y-%m-%d %l:%M:%S %p'; do sleep 1; done    ## calling i3status  status_command i3status  ...}

  Input configuration

  sway will handle our input devices directly if instructed to do so. Thedefault config provides a few examples. Running swaymsg -t get_inputs willlist all our input devices. For example, here's a snippet for my touchpad andkeyboard

  ...input "2:7:SynPS/2_Synaptics_TouchPad" {    tap enabled    middle_emulation enabled}input "type:keyboard" {    xkb_options caps:escape    repeat_delay 350    repeat_rate 50}...

  For X11, we'd have to use tools like setxkbmap, xset and synclient to dothis.

  Environment config

  Append the following to ~/.profile to let GTK and QT apps know that we need themto run with wayland as their backend.

  export MOZ_ENABLE_WAYLAND=1 # for firefoxexport XDG_SESSION_TYPE=wayland export GDK_BACKEND=waylandexport QT_QPA_PLATFORM=wayland

  We can ask the shell to run sway when we login into tty1 with the following in.profile

  # automatically login into swayif [ -z $DISPLAY ] && [ "$(tty)" = "/dev/tty1" ]; then  exec swayfi

  If we are using zsh, make a symlink .zprofile to .profile. .bash_profileis the equivalent for bash.

  $ ln -s $HOME/.profile $HOME/.zprofile$ ln -s $HOME/.profile $HOME/.bash_profile

  More configuration, tweaks and recommendations for sway can be found at theswaywm wiki and ofcourse man 5 sway.

  Volume and brightness control

  $ sudo apt install brightnessctl pavucontrol

  Add the following to our sway config

  ## Volume control#bindsym XF86AudioRaiseVolume exec pactl set-sink-volume @DEFAULT_SINK@ +5%bindsym XF86AudioLowerVolume exec pactl set-sink-volume @DEFAULT_SINK@ -5%bindsym XF86AudioMute exec pactl set-sink-mute @DEFAULT_SINK@ togglebindsym XF86AudioMicMute exec pactl set-source-mute @DEFAULT_SOURCE@ toggle## brightness#bindsym XF86MonBrightnessDown exec brightnessctl set 5%-bindsym XF86MonBrightnessUp exec brightnessctl set +5%

  Application launcher

  $ sudo apt install wofi

  Add/update the following in our config to launch wofi instead of dmenu

  #set $menu dmenu_path | dmenu | xargs swaymsg exec --set $menu wofi --show run | xargs swaymsg exec --

  Internet/Wi-Fi

  $ sudo apt install network-manager network-manager-gnome --no-install-recommends

  From our terminal emulator running nmtui from the terminal should give us anncurses UI to choose our network. nm-connections-editor will give a GTK gui tomake changes to our network connections.

  We could add

  exec nm-applet --indicator

  to our config to launch the network manager applet icon in the systray. But itdoesn't give us a mouse click menu to do anything.

  Browsers

  Get firefox from mozilla.The one in the repos is a bit old and crashes if we hop on video calls from it.

  Having MOZ_ENABLE_WAYLAND=1 set in our environment is crucial for firefox torun under sway.

  For chromium/chrome, get the latest from their websites as well. I useungoogled-chromium

  $ sudo echo 'deb http://download.opensuse.org/repositories/home:/ungoogled_chromium/Debian_Bullseye/ /' | sudo tee /etc/apt/sources.list.d/home-ungoogled_chromium.list > /dev/null$ sudo curl -s 'https://download.opensuse.org/repositories/home:/ungoogled_chromium/Debian_Bullseye/Release.key' | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/home-ungoogled_chromium.gpg > /dev/null# sudo apt update# sudo apt install -y ungoogled-chromium

  To run it, I use a wrapper script called chromium-wayland that looks likethis.

  #!/bin/shchromium --enable-features=UseOzonePlatform --ozone-platform=wayland

  Screensharing

  $ sudo apt install xdg-desktop-portal-wlr

  We must reboot after installing this package.

  This will also install a tool called pipewire. This is needed for sway toproperly do screen sharing. To see if its running try

  systemctl --user status pipewire.socket pipewire

  More info can be found on its wiki.

  Notifications

  $ sudo apt install mako-notifier

  Run mako when sway starts with adding this to sway's config file

  exec mako

  Clipboard management

  sudo apt install wl-clipboard clipman

  wl-clipboard gives us wl-copy and wl-paste which are tools in similarspirit to xsel. clipman is the actual clipboard manager. If we installedwofi, then running clipman pick from our terminal should bring up ourclipboard history in wofi. I have the following in my sway config for this.

  # start clipman on sway startupexec wl-paste -t text --watch clipman store...# select stuff from clipboardbindsym $mod+Insert exec clipman pick

  Qt applications

  sudo apt install qtwayland5

  Without this package installed, qt apps will not run.

  Libreoffice

  sudo apt install libreoffice libreoffice-java-common default-jdk libreoffice-gtk3

  Image and pdf viewer

  sudo apt install imv zathura

  imv-wayland is our image viewer and zathura is our pdf viewer.

  Color temperature

  sudo apt install gammastep

  This is an alternative to redshift. Run it when sway starts by adding this to sway's config

  exec gammastep

  It's config file lives in ~/.config/gammastep/config.ini.man gammastep is our friend. The project has a sample configfile as well.

  Screenshot

  sudo apt install slurp grim

  Get the grimshot script from sway's contrib folder and put it in your $PATH.

  Add the following to sway's config

  bindsym $mod+Print exec grimshot save output ~/Pictures/screenshots/$(date -Ins).png 

  Set our save path accordingly.

  

  More reading

  • Archwiki
  • Sway wiki
  • Debian wiki
  • Awesome wayland

  Caution if also using X11!

  If we are using other X11 desktop environments on our user account, having

  export MOZ_ENABLE_WAYLAND=1 # for firefoxexport XDG_SESSION_TYPE=wayland export GDK_BACKEND=waylandexport QT_QPA_PLATFORM=wayland

  in our .profile will cause issues. If you are using KDE for example, having QT_QPA_PLATFORM=wayland in our env will not allow KDE plasma to start. Thewiki says to install plasma-workspace-wayland to make it work.

  A quick fix would be to comment out the above envs from .profile if we're running X.Another work around would be to create a wrapper script to invoke sway like so

  $ cat /usr/local/bin/mysway#!/bin/shexport MOZ_ENABLE_WAYLAND=1 # for firefoxexport XDG_SESSION_TYPE=wayland export GDK_BACKEND=waylandexport QT_QPA_PLATFORM=waylandexec sway

  And call mysway instead of sway to launch our swaywm session.

  Thanks Ravi for testing this.

  Fin

  I'd love to hear your setup on wayland/sway. Please feel free to shoot me anemail.

  Shout outs to the swell people at the Window Manager Gangmatrix group for hooking me up on sway!

  Happy hacking & have a great day!

---

January 01, 2022

• Utkarsh Gupta FOSS Activites in December 2021

  Here’s my (twenty-seventh) monthly but brief update about the activities I’ve done in the F/L/OSS world.

  Debian

  

  This was my 36th month of actively contributing to Debian. I became a DM in late March 2019 and a DD on Christmas ‘19! \o/

  Just churning through the backlog again this month. Ugh.

  Anyway, I did the following stuff in Debian:

  Uploads and bug fixes:

  • ruby2.7 (2.7.5-1) - New upstream version fixing 3 new CVEs.

  Other $things:

  • Mentoring for newcomers.
  • Moderation of -project mailing list.

  ---

  Ubuntu

  

  This was my 11th month of actively contributing to Ubuntu. Now that I’ve joined Canonical to work on Ubuntu full-time, there’s a bunch of things I do! \o/

  I mostly worked on different things, I guess.

  I was too lazy to maintain a list of things I worked on so there’s no concrete list atm. Maybe I’ll get back to this section later or will start to list stuff from next year onward, as I was doing before. :D

  ---

  Debian (E)LTS

  

  Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.

  And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).

  This was my twenty-seventh month as a Debian LTS and eighteenth month as a Debian ELTS paid contributor.
  I was assigned 40.00 hours for LTS and 60.00 hours for ELTS and worked on the following things:
  (since I had a 3-week vacation, I wanted to wrap things up that were pending and so I worked for 20h more for LTS, which I’ll compensate the next month!)

  LTS CVE Fixes and Announcements:

  • Issued DLA 2844-1, fixing CVE-2021-44540 and CVE-2021-44543, for privoxy.
    For Debian 9 stretch, these problems have been fixed in version 3.0.26-3+deb9u3.
  • Issued DLA 2847-1, fixing CVE-2021-44858, for mediawiki.
    For Debian 9 stretch, these problems have been fixed in version 1:1.27.7-1+deb9u11.
  • Issued DLA 2853-1, fixing CVE-2021-41817 and CVE-2021-41819, for ruby2.3.
    For Debian 9 stretch, these problems have been fixed in version 2.3.3-1+deb9u11.
  • Issued DLA 2854-1, fixing CVE-2017-18635, for novnc.
    For Debian 9 stretch, these problems have been fixed in version 1:0.4+dfsg+1+20131010+gitf68af8af3d-6+deb9u1.
  • Issued DLA 2860-1, fixing CVE-2018-7750 and CVE-2018-1000805, for paramiko.
    For Debian 9 stretch, these problems have been fixed in version 2.0.0-1+deb9u1.
  • Issued DLA 2862-1, fixing CVE-2018-12020 and CVE-2019-6690, for python-gnupg.
    For Debian 9 stretch, these problems have been fixed in version 0.3.9-1+deb9u1.
  • Issued DLA 2864-1, fixing CVE-2017-1002201, for ruby-haml.
    For Debian 9 stretch, these problems have been fixed in version 4.0.7-1+deb9u1.
  • Issued DLA 2871-1, fixing CVE-2021-43818, for lxml.
    For Debian 9 stretch, these problems have been fixed in version 3.7.1-1+deb9u5.
  • Simultaneously, I’ve been working on rolling the samba update. Should happen the next month.

  ELTS CVE Fixes and Announcements:

  • Issued ELA 525-2, fixing CVE-2021-43527, for nss.
    For Debian 8 jessie, these problems have been fixed in version 2:3.26-1+debu8u15.
  • Issued ELA 530-1, for systemd.
    For Debian 8 jessie, these problems have been fixed in version 215-17+deb8u14.
  • Issued ELA 531-1, fixing CVE-2021-41817 and CVE-2021-41819, for ruby2.1.
    For Debian 8 jessie, these problems have been fixed in version 2.1.5-2+deb8u13.
  • Issued ELA 533-1, fixing CVE-2018-12020, for python-gnupg.
    For Debian 8 jessie, these problems have been fixed in version 0.3.6-1+deb8u2.
  • Issued ELA 536-1, fixing CVE-2021-43818, for lxml.
    For Debian 8 jessie, these problems have been fixed in version Prior to version 4.6.5, the HTML Cleaner in lxml.html lets certain.
  • Started working on src:samba for CVE-2020-25717 to CVE-2020-25722 and CVE-2021-23192 for jessie and stretch, both.
    The version difference b/w the suites are a bit too much for the patch(es) to be easily backported. I’ve talked to Anton to work something out. \o/
  • Found the problem w/ libjdom1-java. Will have to roll the regression upload.
    I’ve prepared the patch but needs some testing to be finally rolled out. Same for stretch.

  Other (E)LTS Work:

  • Front-desk duty from 29-11 to 05-12 and 20-12 to 26-12 for both LTS and ELTS.
  • Triaged ffmpeg, git, gpac, inetutils, mc, modsecurity-crs, node-object-path, php-pear, systemd-cron, node-tar, ruby2.3, gst-plugins-bad0.10, npm, nltk, request-tracker4, ros-ros-comm, mediawiki, ruby2.1, ckeditor, ntfs-3g, tiff, wordpress, and jsoup, udisks2, libgit2, python3.5, python3.4, and openssh.
  • Mark CVE-2021-38171/ffmpeg as postponed for stretch.
  • Mark CVE-2021-40330/git as no-dsa for stretch and jessie.
  • Mark CVE-2020-19481/gpac as ignored for stretch.
  • Mark CVE-2021-40491/inetutils as no-dsa for stretch.
  • Mark CVE-2021-36370/mc as no-dsa for stretch and jessie.
  • Mark CVE-2021-35368/modsecurity-crs as no-dsa for stretch.
  • Mark CVE-2021-23434/node-object-path as end-of-life for stretch.
  • Mark CVE-2021-32610/php-pear as no-dsa for stretch.
  • Mark CVE-2017-9525/systemd-cron as no-dsa for stretch.
  • Mark CVE-2021-37701/node-tar as end-of-life for stretch.
  • Mark CVE-2021-37712/node-tar as end-of-life in stretch.
  • Mark CVE-2021-39201/wordpress as not-affected for jessie.
  • Mark CVE-2020-19143/tiff as not-affected for stretch and jessie.
  • Mark CVE-2021-38562/request-tracker4 as no-dsa for stretch.
  • Mark CVE-2021-37146/ros-ros-comm as no-dsa for stretch.
  • Mark CVE-2021-28965/ruby2.1 as ignored for jessie.
  • Mark CVE-2021-37714/jsoup as ignored for jessie.
  • Mark CVE-2021-41617/openssh as no-dsa for jessie.
  • Auto EOL’ed ardour, nltk, request-tracker4, python-scrapy, webkit2gtk, and linux for jessie.
  • Attended monthly Debian LTS meeting.
  • Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
  • General and other discussions on LTS private and public mailing list.

  Debian LTS Survey

  I’ve spent 5 hours on the LTS survey on the following bits:

  • Went through the old content on the previous survey.
  • Reviewed the new content - still more work to do.
  • Discussed the survey bits in the team meeting.
  • Partly reviewing the questions of the survey.
  • Walking through the instance to find the doability of the tasks discussed in the meeting.
  • Segregating and staging questions. More work to do here.

  ---

  Until next time.
  :wq for today.

---

December 31, 2021

• Abraham Raji Status Update: Year End 2021

  I honestly started this year without any expectations. I am a pessimist¹ but I decieded to be more optimistic and hoped for this year to be uneventfull. In some ways I was starting to get comfortable with the mediocrity that was starting to creep into my life. But this year was far from uneventful.

  Leaving college

  I really underestimated the experience of getting out of college. College education for me was sort of an underwhelming experience. While searching for colleges I didn't really know what I was doing and there wasn't many people to guide me either. To add to this there was an overwhelming amount of misinformation and honestly I didn't know enough about college to discern the good from the bad. Needless to say I took some decisions that I wouldn't recommend to others (even though in a weird way things did work out for me in the end). By the end of it I didn't become the engineer I wanted to be nor did I know enough to make me feel safe about facing the real world but during this time I found people I actually liked, shared experiences worth looking back and started forming a picture of who I was or rather who I wanted to be. Of everything I found in college the thing I am most gratefull are the people I found, some them are the reason I haven't lost my sanity.

  Getting out of college gets you unexpectedly, the first few days you just sit there as you normally would, because nothing really has changed. If you're like me and like to spend your time indoors by yourself then this time will not even bother you. You will go on with your life like nothing happened. A few weeks will pass by and you'll start to miss people that you used to see everyday. You start calling up on each other.

  "It's been a while! Let's catch up."

  "I miss college!"

  "You know I am here for you right?"

  "We should get together sometime..."

  This goes on for a while and then people get over it. People move on. Like they should. As humans we asume that death is the end of life, like it happens once at the very end. I don't think so. I have died many times. The person I see when I look at pictures of me a few years earlier is not the person I am today. I do not recognise that person. He is not me. That person is dead, lost forever. We all go through this without realizing. Leaving behind parts of us in the ashes only to rise again as new beings only to burn into ashes again. This is life. This is also what happens when you leave college, you leave behind parts of you, sometimes willingly and sometimes out of necessity, hoping that you won't regret the decision. You look straight and start walking. I am not sure what parts of me from college I have retained and what I have lost. Right now I just hope atleast I get to keep a few people.

  Getting a job

  I have done freelance and internships before so I was not particaluarly worried about not being able to find a job or make a living. But I did want to have a full time job at place that had a decent remuneration and a lot oppurtunity to learn. It was an experience I wanted to have and I knew it was difficult to find a job which had both so I didn't have any hight hopes but I guess I got lucky and got a job at a place that I like where I get to do things I like and yes learn a lot. I don't get to do FOSS work as much which is a bummer but for someone without a CS degree this was a great opportunity and I was in the kind of circumstances in life at that point that required me to have a job. I was pretty anxious about the selection process but it went pretty great and I am genuinely happy about landing this job. Once I joined, I started learning a lot. I sort of fell in love with the Ruby and Rails. Rails is truely amazing. It is a great framework for beginners, lots of useful abstraction, lots of defaults that actually makes sense, lot's of great documentation and there's a gem for everything. Never have I been able to implement a token based authentication system as easily as I've done with rails. To be fair I have not worked with many backend frameworks. I hear the Pheonix framework is simillar. Most things in rails is just a keyword away, truly a batteries included expereince. I wish I had more time to just play around with it (Sometimes I wonder where the four years of college went by). Also the community is amazing. I found talks from Rails Confs and Ruby Confs that helped me wrap my head around things I couldn't until then or taught me concepts that were so fundamental that honestly should be taught in every CS degree and bootcamp. I also realized what mediocre code looked like and I didn't like how simillar that looked to the code I wrote. I went back to basics many times and started having this no compromise approach where I worked on a piece of code until it looked 'elegant'. What does 'elegant' mean? I don't know. Atleast for now. It is more like a gut feeling at this point. If I really try to explain it, I would say that elegant code should be simple, easy to understand and good at what it is meant to do and should do it without any side effects. That definition still leaves a lot to be desired but this is the best I can do right now without it turning into a whole another section.

  Learning was a lot of work but it was so good and I loved every second of it. Everyday I find things that I don't know enough about that I probably should know enough about. Everyday I find new things to learn. I like the fact that I am paid to solve small puzzles, I mean that is what programming is. I am gratefull for the fact that I am paid to do something I love. I like the independence and freedom my job gives me. I love how it let's me take care of people in my life. Everyone should get a job they love doing. Would recomend 10/10.

  The end of another year

  As you get older your perception of time changes. You become more and more numb towards the flow of time. As a kid I used to find it very difficult to sit idly for an hour and then there's me right now wondering where four years of college went by. A few years from now I'll be thinking "Where did my 20s go?". It's a sad feeling. Year end is a weird time. I don't know how to end this post. I hope everyone finds peace in who they are and where they are ² and remember, this too shall pass.

  ---

  ¹

  It is just something I developed internally from my life experiences. I personally think it is dumb to be pessimistic and if you take into account how previledged I am compared to most humans who walked and continues to walk this planet there's some form of entitlement beneath it all. What I am trying to say is, be hopeful, want good things and work for it. Hope and persistence is what really matters.

  ²

  Because sometimes I feels true happiness and content is too much to ask for.

---

• Sahil Dhiman Significance of a Day

  This is the first time in more than two decades when it’s not holidays in Christmas-New Year season. Getting up, switching on the laptop to work while seeing the dates of new year is giving mixed feelings. It’s almost the new year, and it should feel special, different or significant of a sort, but going through the day, working, it feels like just another day and right now, night. Colleagues are taking leaves to go out or just relax - another thing that tells it’s the new year.

  During childhood, birthdays were happening days; not much anymore. It makes me wonder if only ones perception that makes the day special. It’s what significance we give a day which make it special. Anyday can be special if one care or feel like it.

  Not 2021 - in some time.

---