News aggregator

Jonathan McDowell: How Virgin Media lost me as a supporter

Planet ALUG - Tue, 09/01/2018 - 08:39

For a long time I’ve been a supporter of Virgin Media (from a broadband perspective, though their triple play TV/Phone/Broadband offering has seemed decent too). I know they have a bad reputation amongst some people, but I’ve always found their engineers to be capable, their service in general reliable, and they can manage much faster speeds than any UK ADSL/VDSL service at cheaper prices. I’ve used their services everywhere I’ve lived that they were available, starting back in 2001 when I lived in Norwich. The customer support experience with my most recent move has been so bad that I am no longer of the opinion it is a good idea to use their service.

Part of me wonders if the customer support has got worse recently, or if I’ve just been lucky. We had a problem about 6 months ago which was clearly a loss of signal on the line (the modem failed to see anything and I could clearly pinpoint when this had happened as I have collectd monitoring things). Support were insistent they could do a reset and fix things, then said my problem was the modem and I needed a new one (I was on an original v1 hub and the v3 was the current model). I was extremely dubious but they insisted. It didn’t help, and we ended up with an engineer visit - who immediately was able to say they’d been disconnecting noisy lines that should have been unused at the time my signal went down, and then proceeded to confirm my line had been unhooked at the cabinet and then when it was obvious the line was noisy and would have caused problems if hooked back up patched me into the adjacent connection next door. Great service from the engineer, but support should have been aware of work in the area and been able to figure out that might have been a problem rather than me having a 4-day outage and numerous phone calls when the “resets” didn’t fix things.

Anyway. I moved house recently, and got keys before moving out of the old place, so decided to be organised and get broadband setup before moving in - there was no existing BT or Virgin line in the new place so I knew it might take a bit longer than usual to get setup. Also it would have been useful to have a connection while getting things sorted out, so I could work while waiting in for workmen. As stated at the start I’ve been pro Virgin in the past, I had their service at the old place and there was a CableTel (the Belfast cable company NTL acquired) access hatch at the property border so it was clear it had had service in the past. So on October 31st I placed an order on their website and was able to select an installation date of November 11th (earlier dates were available but this was a Saturday and more convenient).

This all seemed fine; Virgin contacted me to let me know there was some external work that needed to be done but told me it would happen in time. This ended up scheduled for November 9th, when I happened to be present. The engineers turned up, had a look around and then told me there was an issue with access to their equipment - they needed to do a new cable pull to the house and although the ducting was all there the access hatch for the other end was blocked by some construction work happening across the road. I’d had a call about this saying they’d be granted access from November 16th, so the November 11th install date was pushed out to November 25th. Unfortunate, but understandable. The engineers also told me that what would happen is the external team would get a cable hooked up to a box on the exterior of the house ready for the internal install, and that I didn’t need to be around for that.

November 25th arrived. There was no external box, so I was dubious things were actually going to go ahead, but I figured there was a chance the external + internal teams would turn up together and get it sorted. No such luck. The guy who was supposed to do the internal setup turned up, noticed the lack of an external box and informed me he couldn’t do anything without that. As I’d expected. I waited a few days to hear from Virgin and heard nothing, so I rang them and was told the installation had moved to December 6th and the external bit would be done before that - I can’t remember the exact date quoted but I rang a couple of times before the 6th and was told it would happen that day “for sure” each time.

December 5th arrives and I get an email telling me the installation has moved to December 21st. This is after the planned move date and dangerously close to Christmas - I’m aware that in the event of any more delays I’m unlikely to get service until the New Year. Lo and behold on December 7th I’m informed my install is on hold and someone will contact me within 5 working days to give me an update.

Suffice to say I do not get called. I ring towards the end of the following week and am told they are continuing to have trouble carrying out work on the access hatch. So I email the housing company doing the work across the road, asking if Virgin have actually been in touch and when the building contractors plan to give them the access they require. I get a polite response saying Virgin have been on-site but did not ask for anything to be moved or make it clear they were trying to connect a customer. And providing an email address for the appropriate person in the construction company to arrange access.

I contact Virgin to ask about this on December 20th. There’s no update but this time I manage to get someone who actually seems to want to help, rather than just telling me it’s being done today or soon. I get email confirmation that the matter is being escalated to the Area Field Manager (I’d been told this by phone on December 16th as well but obviously nothing had happened), and provide the contact details for the construction company.

And then I wait. I’m aware things wind down over the Christmas period, so I’m not expecting an install before the New Year, but I did think I might at least get a call or email with an update. Nothing. My wife rang to finally cancel our old connection last week (it’s been handy to still have my backup host online and be able to go and do updates in the old place) and they were aware of the fact we were trying to get a new connection and that there had been issues, but had no update and then proceeded to charge a disconnection fee, even though Virgin state no disconnection if you move and continue with Virgin Media.

So last week I rang and cancelled the order. And got the usual story of difficulty with access and asked to give them 48 hours to get back to me. I said no, that the customer service so far had been appalling and to cancel anyway. Which I’m informed has now been done.

Let’s be clear on what I have issue with here. While the long delay is annoying I don’t hold Virgin entirely responsible - there is construction work going on and things slow down over Christmas (though the order was placed long enough beforehand that this really shouldn’t have impacted things). The problem is the customer service and complete lack of any indication Virgin are managing this process well internally - the fact the interior install team turned up when the exterior work hadn’t been completed is shocking! If Virgin had told me at the start (or once they’d done the first actual physical visit to the site and seen the situation) that there was going to be a delay and then been able to provide a firm date, I’d have been much more accepting. Instead, the numerous reschedules, an inability to call back and provide updates when promised and the empty assurances that exterior work will be carried out on certain dates all leave me lacking any faith in what Virgin tell me. Equally, the fact they have charged a disconnection fee when their terms state they wouldn’t is ridiculous (a complaint has been raised but at the time of writing the complaints team has, surprise, surprise, not been in contact). If they’re so poor when I’m trying to sign up as a new customer, why should I have any faith in their ability to provide decent support when I actually have their service?

It’s also useful to contrast my Virgin experience with 2 others. Firstly, EE who I used for 4G MiFi access. Worked out of the box, and when I rang to cancel (because I no longer need it) were quick and efficient about processing the cancellation and understood that I’d been pleased with the service but no longer needed it, so didn’t do a hard retention sell.

Secondly, I’ve ended up with FTTC over a BT Openreach line from a local Gamma reseller, MCL Services. I placed this order on December 8th, after Virgin had put my install on hold. At the point of order I had an install date of December 19th, but within 3 hours it was delayed until January 3rd. At this point I thought I was going to have similar issues, so decided to leave both orders open to see which managed to complete first. I double-checked with MCL on January 2nd that there’d been no updates, and they confirmed it was all still on and very unlikely to change. And, sure enough, on the morning of January 3rd a BT engineer turned up after having called to give a rough ETA. Did a look around, saw the job was bigger than expected and then, instead of fobbing me off, got the job done. Which involved needing a colleague to turn up to help, running a new cable from a pole around the corner to an adjacent property and then along the wall, and installing the master socket exactly where suited me best. In miserable weather.

What did these have in common that Virgin does not? First, communication. EE were able to sort out my cancellation easily, at a time that suited me (after 7pm, when I’d got home from work and put dinner on). MCL provided all the installation details for my FTTC after I’d ordered, and let me know about the change in date as soon as BT had informed them (it helps I can email them and actually get someone who can help, rather than having to phone and wait on hold for someone who can’t). BT turned up and discovered problems and worked out how to solve them, rather than abandoning the work - while I’ve had nothing but good experiences with Virgin’s engineers up to this point there’s something wrong if they can’t sort out access to their network in 2 months. What if I’d been an existing customer with broken service?

This is a longer post than normal, and no one probably cares, but I like to think that someone in Virgin might read it and understand where my frustrations throughout this process have come from. And perhaps improve things, though I suspect that’s expecting too much and the loss of a single customer doesn’t really mean a lot to them.

Categories: LUG Community Blogs

Steve Engledow (stilvoid): TODO

Planet ALUG - Tue, 02/01/2018 - 10:09

New year, new diff. Here's last year.

New Year's Resolutions
  • Write at least one short story

    I didn't do much writing this year at all so I'm going to swap this one for...

  • Get at least one blog post published under AWS blogs.

  • Write and release at least one games.

    Still nothing released. I had several more ideas and wrote a few more proofs of concept but in general, I'm terrible at finishing anything.

  • Go horse riding.

    I'll just leave this one here.

  • Learn BSL with the Mrs.

    Heh. Nope.

  • Lose at least a stone (in weight, from myself).

    Lolcry :(

  • Pass all of the AWS certification exams.

    Well, I passed the Networking exam so there's only the Big Data exam to go for now.

  • Stop reading click-bait "articles"

    I did curb it a fair bit.

  • Drink more water.

  • Do more exercise. Specifically, more running and cycling.

  • Have at least two excellent holidays.

  • Eat smaller portions. Specifically, use a small plate for dinner more often than not.

Categories: LUG Community Blogs

Jonathan McDowell: Twisted Networking with an EE MiFi

Planet ALUG - Mon, 01/01/2018 - 14:36

Life’s been busy for the past few months, so excuse the lack of posts. One reason for this is that I’ve moved house. Virgin were supposed to install a cable modem on November 11th, but at the time of writing currently have my install on hold (more on that in the future). As a result when we actually moved in mid-December there was no broadband available. I’d noticed Currys were doing a deal on an EE 4GEE WiFi Mini - £4.99 for the device and then £12.50/month for 20GB on a 30 day rolling contract. Seemed like a good stopgap measure even if it wasn’t going to be enough for streaming video. I was pleasantly surprised to find it supported IPv6 out of the box - all clients get a globally routed IPv6 address (though it’s firewalled so you can’t connect back in; I guess this makes sense but it would be nice to be able to allow things through). EE are also making use of DNS64 + NAT64, falling back to standard CGNAT when the devices don’t support that.

All well and good, but part of the problem in the new place is a general lack of mobile reception in some rooms (foil backed internal insulation doesn’t help). So the MiFi is at the top of the house, where it gets a couple of bars of 4G reception and sits directly above the living room and bedroom. Coverage in those rooms is fine, but the kitchen is at the back of the house through a couple of solid brick walls and the WiFi ends up extremely weak there. Additionally my Honor 7 struggles to get a 3 signal in that room (my aging Nexus 7, also on 3, does fine, so it seems more likely to be the Honor 7 at fault here). I’ve been busy with various other bits over the Christmas period, but with broadband hopefully arriving in the new year I decided it was time to sort out my UniFi to handle coverage in the kitchen.

The long term plan is cabling around the house, but that turned out to be harder than expected (chipboard flooring and existing cabling not being in conduit ruled out the easy options, so there needs to be an external run from the top to the bottom). There is a meter/boiler room which is reasonably central and thus a logical place for cable termination and an access point to live. So I mounted the UniFi there, on the wall closest to the kitchen. Now I needed to get it connected to the MiFi, which was still upstairs. Luckily I have a couple of PowerLine adaptors I was using at the old place, so those provided a network link between the locations. The only remaining problem was that the 4GEE doesn’t have ethernet. What it does have is USB, and it presents as a USB RNDIS network interface. I had a spare DGN3500 lying around, so I upgraded it to the latest LEDE, installed kmod-usb-net-rndis and usb-modeswitch and then had a usb0 network device. I bridged this with eth0.1 - I want clients to talk to the 4GEE DHCP server so they can roam between the 2 APs, and I want the IPv6 configuration to work on both APs as well. I did have to change the IP on the DGN3500 as well - it defaulted to 192.168.1.1 which is what the 4GEE uses. Switching it to a static 192.168.1.2 ensures I can still get to it when the 4GEE isn’t active and prevents conflicts.

The whole thing ends up looking like the following (I fought Inkscape + Dia for a bit, but ASCII art turned out to be the easiest option):

/----------\ +-------+ +--------------+ +------------+ | Internet |--LTE--| EE 4G |--USB--| DGN3500 |--Ethernet--| TL-PA9020P | | | | MiFi | | LEDE 17.01.4 | | PowerLine | \----------/ +-------+ +--------------+ +------------+ | | WiFi | | | +---------+ | | Clients | Ring Main +---------+ | | | WiFi | | | +--------+ +----------+ +------------+ | UniFi |--Ethernet--| PoE |--Ethernet--| TL-PA9020P | | AC Pro | | Injector | | PowerLine | +--------+ +----------+ +------------+

It feels a bit overly twisted for use with just a 4G connection, but various bits will be reusable when broadband finally arrives.

Categories: LUG Community Blogs

Chris Lamb: Free software activities in December 2017

Planet ALUG - Sun, 31/12/2017 - 16:17

Here is my monthly update covering what I have been doing in the free software world in December 2017 (previous month):

  • Released a new version of python-gfshare, my Python library that implements Shamir’s method for secret sharing fixing parts of the documentation as well as fixing two warnings via contributions by Kevin Ji [...] [...].
  • Opened a PR against vim-pizza (a plugin to order pizza from within the Vim text editor) to use xdg-open or sensible-browser under Debian and derivatives. [...]
  • Created two pull requests for the RediSearch search engine module for Redis, first to un-ignore the /debian dir in .gitignore to aid packaging [...] and second to inherit CFLAGS/LDFLAGS from the outside environment to enable hardening support [...].
  • Even more hacking on the Lintian static analysis tool for Debian packages:
    • New features:
      • Support Standards-Version 4.1.3.
      • Warn when files specified in Files-Excluded exist in the source tree. (#871454)
      • Check Microsoft Windows Portable Executable (PE) files missing hardening features. (#837548)
      • Warn about Python 2.x packages using ${python3:Depends} and Python 3.x packages using ${python:Depends}. (#884676)
      • Check changelog entries with incorrectly formatted dates. (#793406)
      • Check override_dh_fixperms targets missing calls to dh_fixperms. (#885910)
      • Ensure PAM modules are in the admin, preventing a false positive for libpam-krb5. (#885899)
      • Check Python packages installing modules called site, docs, examples etc. into the global namespace. (#769365)
      • Check packages that invoke AC_PATH_PROG without considering cross-compilation. (#884798)
      • Emit a warning for packages that mismatch version control systems in Vcs-* headers. (#884503)
      • Warn when packages specify a Bugs field in debian/control that does not refer to official Debian infrastructure. (#741071)
      • Warn for packages shipping pkg-config files under /usr/lib/pkgconfig. (#885096)
      • Warn about packages that ship non-reproducible Python .doctree files. (#885327)
      • Bump the recommended Debhelper compat level to 11. (#884699)
      • Warn about Python 3 packages that depend on Python 2 packages (and vice versa). (#782277)
      • Check for override_dh_clean targets missing calls to dh_clean. (#884817)
      • Check Apache 2.0-licensed packages that do not distribute their accompanying NOTICE files. (#885042)
      • Detect embedded jQuery libraries with version number in their filenames. (#833613)
      • Also emit embedded-javascript-library for Twitter Bootstrap and Mustache.
      • Check development packages that ship ELF binaries in $PATH. (#794295)
      • Warn about library packages with excessive priority. (#834290)
      • Warn about Multi-Arch: foreign packages that ship CMake, pkg-config or static libraries in public, architecture-dependent search paths. (#882684)
      • Test for packages shipping gschemas.compiled files. (#884142)
      • Warn if a package ships compiled font files. (#884165)
      • Detect invalid debian/po/POTFILES.in. (#883653)
      • Warn for packages that modify the epoch yet there's no comment about the change in the changelog.
    • Bug fixes:
    • Reporting improvements:
    • Documentation:
    • Miscellaneous:
      • Add a vendor profile for Purism's PureOS. (#884408)
      • Allow the tag display limit to be configured via --tag-display-limit. (#813525)
      • Tag build-dependencies with <!nocheck> in debian/control.
      • Make -v imply --no-tag-display-limit. (#812756)
      • Remove russianRussian corrections as they are covered by data/spelling/corrections-case. (#883041)
  • Suggested an improvement to the "lack of entropy" error message in the TLSH (Trend Micro Locality Sensitive Hash) fuzzy matching algorithm. [...]
  • I also blogged about simple media cachebusting when using GitHub Pages.
Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area.

This month I:



I also made the following changes to our tooling:

diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • Support Android ROM boot.img introspection. (#884557)
  • Handle case where a file to be "fuzzy" matched does not contain enough entropy despite being over 512 bytes. (#882981)
  • Ensure the cleanup of symlink placeholders is idempotent. [...]

trydiffoscope

trydiffoscope is a web-based version of the diffoscope in-depth and content-aware diff utility. Continued thanks to Bytemark for sponsoring the hardware.

  • Parse dpkg-parsechangeloga in setup.py instead of hardcoding version. [...]
  • Flake8 the main file. [...]

buildinfo.debian.net

buildinfo.debian.net is my experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them.

  • Don't HTTP 500 if no request body. [...]
  • Catch TypeError: decode() argument 1 must be string, not None tracebacks. [...]


Debian

My activities as the current Debian Project Leader will be covered in my Bits from the DPL email to the debian-devel-announce mailing list.

Patches contributed
  • bitseq: Add missing Build-Depends on python-numpy for documentation generation. (#884677)
  • dh-golang: Avoid "uninitialized value" warnings. (#885696)
  • marsshooter: Avoid source-includes-file-in-files-excluded Lintian override. (#885732)
  • gtranslator: Do not ship .pyo and .pyc files. (#884714)
  • media-player-info: Bugs field does not refer to Debian infrastructure. (#885703)
  • pydoctor: Add a Homepage field to debian/control. (#884255)
Debian LTS

This month I have been paid to work 14 hours on Debian Long Term Support (LTS). In that time I did the following:

  • "Frontdesk" duties, triaging CVEs, etc.
  • Updating old notes in data/dla-needed.txt.
  • Issued DLA 1204-1 for the evince PDF viewer to fix an arbitrary command injection vulnerability where a specially-crafted embedded DVI filename could be exploited to run commands as the current user when "printing" to PDF.
  • Issued DLA 1209-1 to fix a vulnerability in sensible-browser (a utility to start the most suitable web browser based on one's environment or configuration) where remote attackers could conduct argument-injection attacks via specially-crafted URLs.
  • Issued DLA 1210-1 for kildclient, a "MUD" multiplayer real-time virtual world game to remedy a command-injection vulnerability.
Uploads
  • python-django (2:2.0-1) — Release the new upstream stable release to the experimental suite.
  • redis:
    • 5:4.0.5-1 — New upstream release & use "metapackage" over "meta-package" in debian/control.
    • 5:4.0.6-1 — New upstream bugfix release.
    • 5:4.0.6-2 — Replace redis-sentinel's main dependency with redis-tools from redis-server moving the creating/deletion of the redis user, associated data & log directories to redis-tools (#884321), and add stub manpages for redis-sentinel, redis-check-aof & redis-check-rdb.
    • 5:4.0.6-1~bpo9+1 — Upload to the stretch-backports repository.
  • redisearch:
    • 1.0.1-1 — New upstream release.
    • 1.0.2-1 — New upstream release, ensure .so file is hardered (upstream patch), update upstream's .gitignore so our changes under debian/ are visible without -f (upstream patch and override no-upstream-changelog in all binary packages.
  • installation-birthday (6) — Bump Standards-Version to 4.1.2 and replace Priority: extra with Priority: optional.

Finally, I also made the following miscellaneous uploads:

  • cpio (2.12+dfsg-6), NMU-ing a new 2.12 upstream version to the "unstable" suite.
  • wolfssl (3.12.2+dfsg-1 & 3.13.0+dfsg-1) — Sponsoring new upstream versions.
Debian bugs filed FTP Team

As a Debian FTP assistant I ACCEPTed 106 packages: aodh, autosuspend, binutils, btrfs-compsize, budgie-extras, caja-seahorse, condor, cross-toolchain-base-ports, dde-calendar, deepin-calculator, deepin-shortcut-viewer, dewalls, dh-dlang, django-mailman3, flask-gravatar, flask-mail, flask-migrate, flask-paranoid, flask-peewee, gcc-5-cross-ports, getmail, gitea, gitlab, golang-github-go-kit-kit, golang-github-knqyf263-go-deb-version, golang-github-knqyf263-go-rpm-version, golang-github-mwitkow-go-conntrack, golang-github-parnurzeal-gorequest, golang-github-prometheus-tsdb, haskell-unicode-transforms, haskell-unliftio-core, htslib, hyperkitty, libcbor, libcdio, libcidr, libcloudproviders, libepubgen, libgaminggear, libgitlab-api-v4-perl, libgoocanvas2-perl, libical, libical3, libixion, libjaxp1.3-java, liblog-any-adapter-tap-perl, liborcus, libosmo-netif, libt3config, libtirpc, linux-show-player, mailman-hyperkitty, mailman-suite, mailmanclient, muchsync, node-browser-stdout, node-crc32, node-deflate-js, node-get-func-name, node-ip-regex, node-json-parse-better-errors, node-katex, node-locate-path, node-uglifyjs-webpack-plugin, nq, nvidia-cuda-toolkit, openstack-meta-packages, osmo-ggsn, osmo-hlr, osmo-libasn1c, osmo-mgw, osmo-pcu, patman, peewee, postorius, pyasn1, pymediainfo, pyprind, pysmi, python-colour, python-defaults, python-django-channels, python-django-x509, python-ldap, python-quamash, python-ratelimiter, python-rebulk, python-trezor, python3-defaults, python3-stdlib-extensions, python3.6, python3.7, qscintilla2, range-v3, rawkit, remmina, reprotest, ruby-gettext-i18n-rails-js, ruby-webpack-rails, sacjava, sphinxcontrib-pecanwsme, unicode-cldr-core, wolfssl, writerperfect, xrdp & yoshimi.

I additionally filed 4 RC bugs against packages that had incomplete debian/copyright files against: libtirpc, python-ldap, python-trezor & sphinxcontrib-pecanwsme.

Categories: LUG Community Blogs

Chris Lamb: Favourite books of 2017

Planet ALUG - Sat, 30/12/2017 - 18:56

Whilst I managed to read just over fifty books in 2017 (down from sixty in 2016) here are ten of my favourites, in no particular order.

Disappointments this year included Doug Stanhope's This Is Not Fame, a barely coherent collection of bar stories that felt especially weak after Digging Up Mother, but I might still listen to the audiobook as I would enjoy his extemporisation on a phone book. Ready Player One left me feeling contemptuous, as did Charles Stross' The Atrocity Archives.

The worst book I finished this year was Adam Mitzner's Dead Certain, beating Dan Brown's Origin, a poor Barcelona tourist guide at best.






Year of Wonders

Geraldine Brooks

Teased by Hilary Mantel's BBC Reith Lecture appearances and not content with her short story collection, I looked to others for my fill of historical fiction whilst awaiting the final chapter in the Wolf Hall trilogy.

This book, Year of Wonders, subtitled A Novel of the Plague, is written from point of view of Anna Frith, recounting what she and her Derbyshire village experience when they nobly quarantine themselves in order to prevent the disease from spreading further.

I found it initially difficult to get to grips with the artificially aged vocabulary — and I hate to be "that guy" — but do persist until the chapter where Anna takes over the village apothecary.

The Second World Wars

Victor Davis Hanson

If the pluralisation of "Wars" is an affectation, it certainly is an accurate one: whilst we might consider the Second World War to be a unified conflict today, Hanson reasonably points out that this is a post hoc simplification of different conflicts from the late-1910s through 1945.

Unlike most books that attempt to cover the entirety of the war, this book is organised by topic instead of chronology. For example, there are two or three adjacent chapters comparing and contrasting naval strategy before moving onto land armies, constrasting and comparing Germany's eastern and western fronts, etc. This approach leads to a readable and surprisingly gripping book despite its lengthy 720 pages.

Particular attention is given to the interplay between the various armed services and how this tended to lead to overall strategic victory. This, as well as the economics of materiel, simple rates-of-replacement, combined with the irrationality and caprice of the Axis would be an fair summary of the author's general thesis — this is no Churchill, Hitler & The Unnecessary War.

Hanson is not afraid to ask "what if" questions but only where they provide meaningful explanation or provide deeper rationale rather than as an indulgent flight of fancy. His answers to such questions are invariably that some outcome would have come about.

Whilst the author is a US citizen, he does not spare his homeland from criticism, but where Hanson's background as classical-era historian lets him down is in contrived comparisons to the Peloponnesian War and other ancient conflicts. His Napoleonic references do not feel as forced, especially due to Hitler's own obsessions. Recommended.

Everybody Lies

Seth Stephens-Davidowitz

Vying for the role as the Freakonomics for the "Big Data" generation, Everybody Lies is essentially a compendium of counter-arguments, refuting commonly-held beliefs about the internet and society in general based on large-scale observations. For example:

Google searches reflecting anxiety—such as "anxiety symptoms" or "anxiety help"—tend to be higher in places with lower levels of education, lower median incomes and where a larger portion of the population lives in rural areas. There are higher search rates for anxiety in rural, upstate New York than in New York City.

Or:

On weekends with a popular violent movie when millions of Americans were exposed to images of men killing other men, crime dropped. Significantly.

Some methodological anecdotes are included: a correlation was once noticed between teens being adopted and the use of drugs and skipping school. Subsequent research found this correlation was explained entirely by the 20% of the self-reported adoptees not actually being adopted...

Although replete with the kind of factoids that force you announce them out loud to anyone "lucky" enough to be in the same room as you, Everybody Lies is let down by a chronic lack of structure — a final conclusion that is so self-aware of its limitations that it ready and repeatedly admits to it is still an weak conclusion.

The Bobiverse Trilogy

Dennis Taylor

I'm really not a "science fiction" person, at least not in the sense of reading books catalogued as such, with all their indulgent meta-references and stereotypical cover art.

However, I was really taken by the conceit and execution of the Bobiverse trilogy: Robert "Bob" Johansson perishes in an automobile accident the day after agreeing to have his head cryogenically frozen upon death. 117 years later he finds that he has been installed in a computer as an artificial intelligence. He subsequently clones himself multiple times resulting in the chapters being written from various "Bob's" locations, timelines and perspectives around the galaxy.

One particular thing I liked about the books was their complete disregard for a film tie-in; Ready Player One was almost cynically written with this in mind, but the Bobiverse cheerfully handicaps itself by including Homer Simpson and other unlicensable characters.

Whilst the opening world-building book is the most immediately rewarding, the series kicks into gear after this — as the various "Bob's" unfold with differing interests (exploration, warfare, pure science, anthropology, etc.) a engrossing tapestry is woven together with a generous helping of humour and, funnily enough, believability.

Homo Deus: A Brief History of Tomorrow

Yuval Noah Harari

After a number of strong recommendations I finally read Sapiens, this book's prequel.

I was gripped, especially given its revisionist insight into various stages of Man. The idea that wheat domesticated us (and not the other way around) and how adoption of this crop led to truncated and unhealthier lifespans particularly intrigued me: we have an innate bias towards chronocentrism, so to be reminded that progress isn't a linear progression from "bad" to "better" is always useful.

The sequel, Homo Deus, continues this trend by discussing the future potential of our species. I was surprised just how humourous the book was in places. For example, here is Harari on the anthropocentric nature of religion:

You could never convince a monkey to give you a banana by promising him limitless bananas after death in monkey heaven.

Or even:

You can't settle the Greek debt crisis by inviting Greek politicians and German bankers to a fist fight or an orgy.

The chapters on AI and the inexpensive remarks about the impact of social media did not score many points with me, but I certainly preferred the latter book in that the author takes more risks with his own opinion so it's less dry and more more thought-provoking, even if one disagrees.

La Belle Sauvage: The Book of Dust Volume One

Philip Pullman

I have extremely fond memories of reading (and re-reading, etc.) the author's Dark Materials as a teenager despite being started on the second book by a "supply" English teacher.

La Belle Sauvage is a prequel to this original trilogy and the first of another trio. Ms Lyra Belacqua is present as a baby but the protagonist here is Malcolm Polstead who is very much part of the Oxford "town" rather than "gown".

Alas, Pullman didn't make a study of Star Wars and thus relies a little too much on the existing canon, wary to add new, original features. This results in an excess of Magesterium and Mrs Coulter (a superior Delores Umbridge, by the way), and the protagonist is a little too redolent of Will...

There is also an very out-of-character chapter where the magical rules of the novel temporarily multiply resulting in a confusion that was almost certainly not the author's intention. You'll spot it when you get to it, which you should.

(I also enjoyed the slender Lyra's Oxford, essentially a short story set just a few years after The Amber Spyglass.)

Open: An Autobiography

Andre Agassi

Sporting personalities certainly exist, but they are rarely revealed by their "authors" so upon friends' enquiries to what I was reading I frequently caught myself qualifying my response with «It's a sports autobiography, but...».

It's naturally difficult to know what we can credit to Agassi or his (truly excellent) ghostwriter but this book is a real pleasure to read. This is no lost Nabokov or Proust, but the level of wordsmithing went beyond supererogatory. For example:

For a man with so many fleeting identities, it's shocking, and symbolic, that my initials are A. K. A.

Or:

I understand that there's a tax on everything in America. Now, I discover that this is the tax on success in sports: fifteen seconds of time for every fan.

Like all good books that revolve around a subject, readers do not need to know or have any real interest in the topic at hand, so even non-tennis fans will find this an engrossing read. Dark themes abound — Agassi is deeply haunted by his father, a topic I wish he went into more, but perhaps he has not done the "work" himself yet.

The Complete Short Stories

Roald Dahl

I distinctly remember reading Roald Dahl's The Wonderful Story of Henry Sugar and Six More collection of short stories as a child, some characters still etched in my mind; the 'od carrier and fingersmith of The Hitchhiker or the protagonist polishing his silver Trove in The Mildenhall Treasure.

Instead of re-reading this collection I embarked on reading his complete short stories, curious whether the rest of his œuvre was at the same level. After reading two entire volumes, I can say it mostly does — Dahl's typical humour and descriptive style are present throughout with only a few show-off sentences such as:

"There's a trick that nearly every writer uses of inserting at least one long obscure word into each story. This makes the reader think that the man is very wise and clever. I have a whole stack of long words stored away just for this purpose." "Where?" "In the 'word-memory' section," he said, epexegetically.

There were a perhaps too many of his early, mostly-factual, war tales that were lacking a an interesting conceit and I still might recommend the Henry Sugar collection for the uninitiated, but I would still heartily recommend either of these two volumes, starting with the second.

Watching the English

Kate Fox

Written by a social anthropologist, this book dissects "English" behaviour for the layman providing an insight into British humour, rites of passage, dress/language codes, amongst others.

A must-read for anyone who is in — or considering... — a relationship with an Englishman, it is also a curious read for the native Brit: a kind of horoscope for folks, like me, who believe they are above them.

It's not perfect: Fox tediously repeats that her "rules" or patterns are not rules in the strict sense of being observed by 100% of the population; there will always be people who do not, as well as others whose defiance of a so-called "rule" only reinforces the concept. Most likely this reiteration is to sidestep wearisome criticisms but it becomes ponderous and patronising over time.

Her general conclusions (that the English are repressed, risk-averse and, above all, hypocrites) invariably oversimplify, but taken as a series of vignettes rather than a scientifically accurate and coherent whole, the book is worth your investment.

(Ensure you locate the "revised" edition — it not only contains more content, it also profers valuable counter-arguments to rebuttals Fox received since the original publication.)

What Does This Button Do?

Bruce Dickinson

In this entertaining autobiography we are thankfully spared a litany of Iron Maiden gigs, successes and reproaches of the inevitable bust-ups and are instead treated to an introspective insight into just another "everyman" who could very easily be your regular drinking buddy if it weren't for a need to fulfill a relentless inner drive for... well, just about anything.

The frontman's antics as a schoolboy stand out, as are his later sojourns into Olympic fencing and being a commercial pilot. These latter exploits sound bizarre out of context but despite their non-sequitur nature they make a perfect foil (hah!) to the heavy metal.

A big follower of Maiden in my teens, I fell off the wagon as I didn't care for their newer albums so I was blindsided by Dickinson's sobering cancer diagnosis in the closing chapters. Furthermore, whilst Bruce's book fails George Orwell's test that autobiography is only to be trusted when it reveals something disgraceful, it is tour de force enough for to distract from any concept of integrity.

(I have it on excellent authority that the audiobook, which is narrated by the author, is definitely worth one's time.)

Categories: LUG Community Blogs

Mick Morgan: Merry Christmas 2017

Planet ALUG - Tue, 26/12/2017 - 17:47

I’m a couple of days late this year. I normally post on Christmas Eve, trivia’s birthday, but hey, I’ve been busy (it goes with the territory at this time of year if you are a grandparent). This year I thought I would depart from my usual topic(s) and post a couple of pictures marking the occasion. So here you go.

Last year my lady gave me a rather interesting christmas present – a Mr Potato Head, but home made.

Not content to leave the joke alone, this year she went slightly upmarket and gave me a Mr Pineapple Head.

I’m sure she loves me really. In fact I know that she does. She made the toadstool cake below for our daughter’s boys, and hey, she really does love those boys.

Merry Christmas to all my readers, wherever you are (and oddly enough, a lot of you appear to be in China).

Categories: LUG Community Blogs

Andy Smith: Disabling edge tiling on GNOME 3.26

Planet HantsLUG - Thu, 14/12/2017 - 17:05
Edge tiling?

It’s that thing where when you drag a window so it hits the edge of the screen, GNOME offers to maximise the window. Generally the number of times I will knowingly want to maximise a window by dragging it to the top of the screen is 0, while the number of times it happens accidentally is over 9,000 by lunch time.

Things that work $ dconf write /org/gnome/mutter/edge-tiling false

It should take effect immediately.

If you like a pointy clicky way to do it then install dconf-editor package and run dconf-editor, but really all you will do is click down the tree orggnomemutter and then toggle edge-tiling so I don’t really see the point.

Things that people on the Internet say work, but don’t – a non-exhaustive list

These suggestions silently fail to do anything, as far as I can see. They may have been correct for earlier versions of GNOME, but I am using GNOME on Ubuntu 17.10 and they didn’t work for me.

dconf write /org/gnome/shell/extensions/classic-overrides/edge-tiling false gsettings set org.gnome.shell.overrides edge-tiling false dconf write /org/gnome/shell/overrides/edge-tiling false
Categories: LUG Community Blogs

Chris Lamb: Simple media cachebusting with GitHub pages

Planet ALUG - Thu, 07/12/2017 - 22:10

GitHub Pages makes it really easy to host static websites, including sites with custom domains or even with HTTPS via CloudFlare.

However, one typical annoyance with static site hosting in general is the lack of cachebusting so updating an image or stylesheet does not result in any change in your users' browsers until they perform an explicit refresh.

One easy way to add cachebusting to your Pages-based site is to use GitHub's support for Jekyll-based sites. To start, first we add some scaffolding to use Jekyll:

$ cd "$(git rev-parse --show-toplevel) $ touch _config.yml $ mkdir _layouts $ echo '{{ content }}' > _layouts/default.html $ echo /_site/ >> .gitignore

Then in each of our HTML files, we prepend the following header:

--- layout: default ---

This can be performed on your index.html file using sed:

$ sed -i '1s;^;---\nlayout: default\n---\n;' index.html

Alternatively, you can run this against all of your HTML files in one go with:

$ find -not -path './[._]*' -type f -name '*.html' -print0 | \ xargs -0r sed -i '1s;^;---\nlayout: default\n---\n;'

Due to these new headers, we can obviously no longer simply view our site by pointing our web browser directly at the local files. Thus, we now test our site by running:

$ jekyll serve --watch

... and navigate to http://127.0.0.1:3000/.

Finally, we need to append the cachebusting strings itself. For example, if we had the following HTML to include a CSS stylesheet:

<link href="/css/style.css" rel="stylesheet">

... we should replace it with:

<link href="/css/style.css?{{ site.time | date: '%s%N' }}" rel="stylesheet">

This adds the current "build" timestamp to the file, resulting in the following HTML once deployed:

<link href="/css/style.css?1507450135153299034" rel="stylesheet">

Don't forget to to apply it all your other static media, including images and Javascript:

<img src="image.jpg?{{ site.time | date: '%s%N' }}"> <script src="/js/scripts.js?{{ site.time | date: '%s%N' }}')">

To ensure that transitively-linked images are cachebusted, instead of referencing them in the CSS you can specify them directly in the HTML instead:

<header style="background-image: url(/img/bg.jpg?{{ site.time | date: '%s%N' }})">
Categories: LUG Community Blogs

Chris Lamb: Free software activities in November 2017

Planet ALUG - Thu, 30/11/2017 - 17:51

Here is my monthly update covering what I have been doing in the free software world in November 2017 (previous month):

Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area.

This month I:

  • Presented at the Open Compliance Summit 2017 in Yokohama, Japan and had many follow-up conversations regarding using reproducible builds as a way of ensuring the long-term sustainability of civil infrastructure.
  • Created pull requests upstream for fswatch, bitz-server, stetl, nbsphinx & stardicter.
  • Updated diffoscope, our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues, to only parse DTB's version number, not any -dirty suffix. (#880279)
  • Expanded the documentation for disorderfs, our FUSE-based filesystem that deliberately introduces non-determinism into directory system calls in order to flush out reproducibility issues, highlighting the non-intuitive recommendation to sort instead of shuffle. [...]
  • Made some brief changes to buildinfo.debian.net, my experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them:
    • Add a by-hash API endpoint. [...]
    • Support ?key__uid=X&key__uid=Y filtering. [...]
  • Updated our website:
    • Move the "contribute" page from the Debian wiki to /contribute/. [...]
    • Add a (redirecting) /docs/source-date-epoch/ page so we have a canonical URL. [...]
    • Add recent talks to Resources page. [...]
    • Cachebust CSS files. [...]
  • In Debian:
  • Categorised a large number of packages and issues in the Reproducible Builds "notes" repository.
  • Made some changes to: jenkins.debian.net which uns our comprehensive testing framework:
    • Ignore "warning" strings in commit messages causing builds to be marked as unstable. [...]
    • Update the email subject of status change mails away from Debian-specific URI. [...]
    • Move some IRC announcements to #debian-reproducible-changes. [...]
  • Worked on publishing our weekly reports. (#132, #133, #134 & #135)


Debian

My activities as the current Debian Project Leader are covered in my "Bits from the DPL" email to the debian-devel-announce mailing list.

Patches contributed
  • dget: Please support downloading packages over gopher://. (#880649)
  • gpaw: Incorrectly creates logging files called - instead of logging to standard output. (#882638)
  • pk4: Please avoid the use of avail in package descriptions. (#881343)
Debian LTS

This month I have been paid to work 13 hours on Debian Long Term Support (LTS). In that time I did the following:

  • "Frontdesk" duties, triaging CVEs, etc.
  • Issued DLA 1161-1 for the redis key-value storage database to fix cross-protocol scripting attack.
  • Issued DLA 1162-1 & DLA 1163-1 to fix out-of-bounds memory vulnerabilites in apr and apr-util, portability libraries for various Apache applications.
  • Issued DLA 1173-1 for procmail, a tool used to sort incoming mail into various directories and filter out spam messages to fix a heap-based buffer overflow.
  • Issued DLA 1174-1 to correct a denial of service vulnerability in the konversation IRC client related to parsing of color formatting codes.
  • Issued DLA 1175-1 for the lynx-cur web browser, preventing a use-after-free vulnerability in the HTML parser which could lead to memory/information disclosure.
Uploads
  • python-django:
  • redis:
    • 4.0.2-6 — Correct locations of redis-sentinel pidfiles. (#880980)
    • 4.0.2-7 — Add a redis metapackage. (#876475)
    • 4.0.2-8 — Use get_current_dir_name over a PATHMAX, etc. (#881684), don't rely on taskset existing for kFreeBSD-* (#881683), drop "memory efficiency" tests on advice from upstream (#881682) and allow the package be bin-NMUable.
    • 4.0.2-9 — Modify aof.c for MAXPATHLEN issues. (#881684)
    • 4.0.2-9~bpo9+1 — Upload to stretch-backports.
  • bfs:
    • 1.1.4-1 — New upstream release.
    • 1.1.4-2 — Use upstream's new manpage.
  • python-daiquiri:
    • 1.3.0-2 — Ensure all dependencies are available for DEP-8 tests. (#882876)
  • redisearch (0.90.0~alpha1-1, 0.90.1-1, 0.99.0-1 & 0.99.2-1) — New upstream releases.

Finally, I also made a non-maintainer upload (NMU) of cpio (2.12+dfsg-5) to the experimental distribution.

Debian bugs filed
  • cappuccino: Broken symlink in /usr/games. (#880714)
  • statsmodels: Accesses raw.github.com during build. (#882641)
  • python-lti: Please run the upstream testsuite. (#880834)
  • git-buildpackage: gbp dch needs a better workflow description. (#880552)
  • audacity: New upstream release. (#880717)
  • python-djangorestframework: New upstream release. (#880538)
  • djangorestframework: New upstream release. (#880558)

I also filed 2 FTBFS bugs against django-axes & plinth.

FTP Team

As a Debian FTP assistant I ACCEPTed 58 packages: aladin, apulse, aribb24, ayatana-indicator-printers, beads, belr, binutils, breezy-debian, brightnessctl, cupt, dino-im, evqueue-core, fdm-materials, fonts-noto-color-emoji, gcc-8-cross, gcc-8-cross-ports, gnome-shell-extension-hide-veth, gnome-shell-extension-no-annoyance, gnome-shell-extension-tilix-shortcut, gnome-shell-extension-workspaces-to-dock, goocanvasmm-2.0, intel-vaapi-driver-shaders, ldc, libaws-signature4-perl, libcdio-paranoia, libemail-address-xs-perl, libjs-jquery-file-upload, libmath-utils-perl, libosmo-abis, libosmocore, libsavitar, libsignal-protocol-c, lr, mate-window-applets, node-ms, openjdk-10, phast, pspg, python-daphne, r-cran-cardata, r-cran-cvst, r-cran-forcats, r-cran-gower, r-cran-guerry, r-cran-haven, r-cran-lava, r-cran-nortest, r-cran-rcpproll, r-cran-readr, r-cran-spatstat.data, r-cran-tidyselect, ros-geometry2, shoogle, snapd-glib, sphinx-intl, tang, ulfius & webapps-metainfo.

I additionally filed 2 RC bugs against packages that had incomplete debian/copyright files against libsavitar & fdm-materials.

Categories: LUG Community Blogs

Windows 10 Black Screen After Remote Desktop

Planet SurreyLUG - Tue, 21/11/2017 - 10:00

I logged into my Windows 10 Professional (1703) desktop from home yesterday, using Remmina on Ubuntu 16.04. I wasn’t surprised when my desktop wallpaper was black, I know it does this to save bandwidth, but when I returned to the office this morning my desktop was still black and, as it is set by the administrator via GPO, could not be changed.

Searching the Internet was not helpful on this occasion; so I have made this quick posts to help others.

It turns out that this is not some weird absence of wallpaper, but rather is an plain black wallpaper image, which has managed to get itself cached. The solution is consequentially simple - find and terminate said cached image.

  1. Open File Explorer and navigate to %APPDATA% (you can type that into the top address/location field).
  2. In the search box at the top right enter the text “Cache” (see image below).
  3. Delete the cached version of the black wallpaper once it is found.
  4. Sign out and then sign back in.

Please do comment below if this was helpful, or if you needed to alter these instructions at all.

Categories: LUG Community Blogs

Chris Lamb: Faking cleaner URLs in the Debian BTS

Planet ALUG - Fri, 03/11/2017 - 08:21

Debian bug #846500 requests that the Bug Tracking System moves the canonical URL for a given bug from:

https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=846500

… to the shorter, cleaner and generally less ugly:

https://bugs.debian.org/846500

(The latter currently redirects to the former.)

However, whilst we wait for a fix we can abuse the window.history object from the HTML History API to fake this locally:

var m = window.location.href .match(/https:\/\/bugs.debian.org\/cgi-bin\/bugreport.cgi\?bug=(\d+)(#.*)?$/); if (!m) return; for (var x of document.getElementsByTagName("a")) { var href = x.getAttribute("href"); if (href && href.match(/^[^:]+\.cgi/)) { // Mangle relative URIs; <base> tag does not DTRT x.setAttribute('href', "/cgi-bin/" + href); } } history.replaceState({}, "", "/" + m[1] + window.location.hash);

This should work with most "user script" managers — I happen to use TamperMonkey in Chrome.

Categories: LUG Community Blogs

Chris Lamb: Free software activities in October 2017

Planet ALUG - Tue, 31/10/2017 - 21:22

Here is my monthly update covering what I have been doing in the free software world in October 2017 (previous month):

Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area.

This month I:



I also made the following changes to our tooling:

diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • Improve names in output of "internal" binwalk members. (#877525).
  • Don't crash on malformed md5sums files. (#877473).
  • Omit misleading "any of" prefix when only complaining about a single module on import. [...]
  • Adjust tests as ps2ascii now varies its output on timezone. [...]

strip-nondeterminism

strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.

  • Clojure considers .class file to be stale if it shares the same timestamp of the .clj. We thus adjust the timestamps of the .clj to always be younger. (#877418).
  • Print a message in --verbose mode if no canonical time was specified. [...]

buildinfo.debian.net

buildinfo.debian.net is my experiment into how to process, store and distribute .buildinfo files after the Debian archive software has processed them.

  • Always show SHA-256 checksums, regardless of the browser viewport size. [...]
  • Add an API endpoint to fetch specific .buildinfo files for a certain package/version/architecture. [...]


Debian

My activities as the current Debian Project Leader are covered in my "Bits from the DPL" email to the debian-devel-announce mailing list.

Patches contributed
  • devscripts: Please print the actual arguments debuild makes to Lintian. (#880124)
  • hw-detect: Drop reference to floppy disks; it's almost 2018. (#880122)
  • debci:
    • Use deb.debian.org over http.debian.net. (#879654)
    • Document how to use an alternative mirror. (#879655)
Debian LTS

This month I have been paid to work 18 hours on Debian Long Term Support (LTS). In that time I did the following:

  • "Frontdesk" duties, triaging CVEs, etc.
  • Followed up on a large number of upstream "pings" that have been left dormant.
  • Issued DLA 1121-1 to fix an out-of-bounds read vulnerability in curl where a malicious FTP server could abuse this to prevent clients from interacting with it.
  • Issued DLA 1123-1 for the "Go" programming language where an attacker could generate a MIME request such that the server ran out of file descriptors.
  • Issued DLA 1126-1 for the libxfont font selection and rasterisation library, correcting two vulnerabilities, both involving the library being tricked into reading invalid/random memory.
  • Issued DLA 1134-1 for sdl-image1.2, an image loading library. A maliciously-crafted .xcf file could cause a stack-based buffer overflow resulting in potential code execution.
Uploads
  • python-django:
    • 2.0~beta1-1 — New upstream 2.x release.
    • 1.11.6-1 — New upstream bugfix release.
  • gunicorn (19.6.0-10+deb9u1) — Prepared a release for stable to avoid a runtime dependency on a compiler. (#877722)
  • redis:
    • 4:4.0.2-3:
      • Drop the Debian-specific /etc/redis/redis-server.pre-up.d (etc.) hooks and remove them if unchanged.
      • Include systemd redis-server@.service and redis-sentinel@.service template files to easily run multiple Redis instances. (#877702)
      • Patch redis.conf and sentinel.conf with quilt instead of maintaining our own versions under debian/.
    • 4:4.0.2-4:
      • Add input validity checking to cluster config slot numbers to fix CVE-2017-15047. (#878076)
      • Drop debian/bin/generate-parts now we aren't calling it.
      • Correct Bash-ism in NEWS file.
    • 4:4.0.2-5: Replace the existing patch for CVE-2017-15047 with an upstream-blessed version that covers another case.
  • redisearch (0.21.3-5) — Initial release.
  • docbook2man (2.0.0-40) — Correct spelling mistakes in binaries and other misc packaging tidying.
  • python-redis (2.10.6-1) — New upstream release.
  • bfs (1.1.3-1) — New upstream release.
FTP Team

As a Debian FTP assistant I ACCEPTed 103 packages: amcheck, argagg, binutils, blockui, bro-pkg, chkservice, citus, django-axes, docker-containerd, doctest, dtkwidget, duktape, feed2exec, fontforge, fonttools, gcc-8, gcc-8-cross, generator-scripting-language, gitgraph.js, haskell-uri-encode, hoel, iniparser, its, jquery-areyousure, kodi, libcatmandu-mods-perl, libcatmandu-template-perl, libcatmandu-xml-perl, libcatmandu-xsd-perl, libcode-tidyall-plugin-sortlines-naturally-perl, libgdamm5.0, libinfinity, libmods-record-perl, libreoffice-dictionaries, libset-intervaltree-perl, libsodium, linux, linux-grsec, ltsp-manager, lxqt-themes, mailman3-core, measurement-kit, mini-buildd, musescore, node-babel, node-babel-eslint, node-babel-loader, node-babel-plugin-add-module-exports, node-babel-plugin-transform-define, node-gulp-newer, node-regenerate-unicode-properties, node-regexpu-core, node-regjsparser, node-unicode-data, node-unicode-loose-match, openjdk-9, orafce, pgaudit, pgsql-ogr-fdw, pk4, postgresql-mysql-fdw, powa-archivist, python-azure-devtools, python-colormap, python-darkslide, python-dotenv, python-karborclient, python-logfury, python-lupa, python-marshmallow, python-murano-pkg-check, python-octaviaclient, python-pathspec, python-pgpy, python-pydub, python-randomize, python-sabyenc, python-searchlightclient, python-stestr, python-subunit2sql, python-twitter, python-utils, python-wsgilog, r-cran-bindr, r-cran-desc, r-cran-hms, r-cran-readstata13, r-cran-rprojroot, r-cran-wikidatar, r-cran-wikipedir, r-cran-wikitaxa, repmgr, requests-file, resteasy3.0, sdl-kitchensink, stardicter, systemd-el, thunderbird, tomcat8.0, uwsgi-plugin-luajit, uwsgi-plugin-mongo, uwsgi-plugin-php & uwsgi-plugin-v8.

I additionally filed 3 RC bugs against packages that had incomplete debian/copyright files against: fonttools, generator-scripting-language & libsodium.

Categories: LUG Community Blogs

Daniel Silverstone (Kinnison): Introducing 석진 the car

Planet ALUG - Tue, 24/10/2017 - 19:44

For many years now, I have been driving a diesel based VW Passat Estate. It has served me very well and been as reliable as I might have hoped given how awful I am with cars. Sadly Gunther was reaching the point where it was going to cost more per year to maintain than the car was worth, and also I've been being more and more irked by not having a car from the future.

I spent many months doing spreadsheets, trying to convince myself I could somehow afford a Tesla of some variety. Sadly I never quite managed it. As such I set my sights on the more viable BEVs such as the Nissan Leaf. For a while, nothing I saw was something I wanted. I am quite unusual it seems, in that I don't want a car which is a "Look at me, I'm driving an electric car" fashion statement. I felt like I'd never get something which looked like a normal car, but happened to be a BEV.

Then along came the Hyundai Ioniq. Hybrid, Plug-in Hybrid, and BEV all looking basically the same, and not in-your-face-special. I began to covet. Eventually I caved and arranged a test drive of an Ioniq plug-in hybrid because the BEV was basically on 9 month lead. I enjoyed the drive and was instantly very sad because I didn't want a plug-in hybrid, I wanted a BEV. Despondent, I left the dealership and went home.

I went online and found a small number of second-hand Ioniq BEVs but as I scrolled through the list, none seemed to be of the right trim level. Then, just as I was ready to give up hope, I saw a new listing, no photo, of the right thing. One snag, it was 200 miles away. No matter, I rang the place, confirmed it was available, and agreed to sleep on the decision.

The following morning, I hadn't decided to not buy, so I called them up, put down a deposit to hold the car until I could test drive it, and then began the long and awkward process of working out how I would charge the car given I have no off-street parking so I can't charge at home. (Yeah yeah, you'd think I'd have checked that first, but no I'm just not that sensible). Over the week I convinced myself I could do it, I ordered RFID cards for various schemes, signed up with a number of services, and then, on Friday last week, I drove down to a hotel near the dealership and had a fitful night's sleep.

I rocked up to the dealership exactly as they opened for business, shook the hand of the very helpful salesman who had gone through the purchase process with me over the phone during the week, and got to see the car. Instant want coursed through me as I sat in it and decided "Yes, this somehow feels right".

I took the car for about a 45 minute test drive just to see how it felt relative to the plug-in hybrid I'd driven the week before and it was like night and day. The BEV felt so much better to drive. I was hooked. Back to the dealership and we began the paperwork. Emptying Gunther of all of the bits and bobs scattered throughout his nooks and crannies took a while and gave me a chance to say goodbye to a car which, on reflection, had actually been a pleasure to own, even when its expensive things went wrong, more than once. But once I'd closed the Passat for the last time, and handed the keys over, it was quite a bittersweet moment as the salesman drove off in what still felt like my car, despite (by this point) it not being so.

Sitting in the Ioniq though, I headed off for the 200 mile journey back home. With about 90% charge left after the test drive, I had two stops planned at rapid chargers and I headed toward my first.

Unfortunately disaster struck, the rapid (50KW) charger refused to initialise, and I ended up with my car on the slower (7KW) charger to get enough juice into it to drive on to the next rapid charger enabled service station. When I got the message that my maximum charge period (45m) had elapsed, I headed back to the car to discover I couldn't persuade it to unlock from the car. Much hassle later, and an AA man came and together we learned that it takes 2 to tango, one to pull the emergency release in the boot, the other to then unplug the cable.

Armed with this knowledge, I headed on my way to a rapid charger I'd found on the map which wasn't run by the same company. Vainly hoping that this would work better, I plugged the car in, set the charger going, and headed into the adjacent shop for a rest break. I went back to the car about 20 minutes later to see the charger wasn't running. Horror of horrors. I imagined maybe some nasty little oik had pressed 'stop' so I started the charger up again, and sat in the car to read my book. After about 3 minutes, the charge stopped. Turns out that charger was slightly iffy and couldn't cope with the charge current and kept emergency-stopping as a result. The lovely lady I spoke to about it directed me to a nearby (12 miles or so, easily done with the charge I had) charger in the grounds of a gorgeous chateau hotel. That one worked perfectly and I filled up. I drove on to my second planned stop and that charge went perfectly too. In fact, every charge since has gone flawlessly. So perhaps my baptism of failed charges has hardened me to the problems with owning a BEV.

I've spent the past few days trying different charge points around Manchester enjoying my free charge capability, and trying different names for the car before I finally settled on 석진 which is a reasonable Korean boy's name (since the car is Korean I even got to set that as the bluetooth ID) and it's roughly pronounced sock/gin which are two wonderful things in life.

I'm currently sat in a pub, eating a burger, enjoying myself while 석진 suckles on the teat of "free" electricity to make up for the fact that I've developed a non-trivial habit of leaving Audi drivers in the dust at traffic lights.

Further updates may happen as I play with Android Auto and other toys in an attempt to eventually be able to ask the car to please "freeze my buttocks" (a feature it has in the form of air-conditioned seats.)

Categories: LUG Community Blogs

Mick Morgan: multilingual chat

Planet ALUG - Sat, 14/10/2017 - 15:29

I use email fairly extensively for my public communication but I use XMPP (with suitable end-to-end encryption) for my private, personal communication. And I use my own XMPP server to facilitate this. But as I have mentioned in previous posts my family and many of my friends insist on using proprietary variants of this open standard (facebook, whatsapp etc. ad nauseam). I was thus amused to note that I am not alone in having difficulty in keeping track of “which of my contacts use which chat systems“.

(My thanks, as ever, to Randall Munroe over at XKCD.)

I must find a client which can handle all of my messaging systems. Better yet, I’d like one which worked, and seamlessly synchronised, across my mobile devices and my linux desktop. Even better again, such a client should offer simple (i.e. easy to use) e-to-e crypto and use an open server platform which I can manage myself.

Proprietary systems suck.

Categories: LUG Community Blogs

Chris Lamb: python-gfshare: Secret sharing in Python

Planet ALUG - Sat, 07/10/2017 - 10:12

I've just released python-gfshare, a Python library that implements Shamir’s method for secret sharing, a technique to split a "secret" into multiple parts.

An arbitrary number of those parts are then needed to recover the original file but any smaller combination of parts are useless to an attacker.

For instance, you might split a GPG key into a “3-of-5” share, putting one share on each of three computers and two shares on a USB memory stick. You can then use the GPG key on any of those three computers using the memory stick.

If the memory stick is lost you can ultimately recover the key by bringing the three computers back together again.

For example:

$ pip install gfshare >>> import gfshare >>> shares = gfshare.split(3, 5, b"secret") >>> shares {104: b'1\x9cQ\xd8\xd3\xaf', 164: b'\x15\xa4\xcf7R\xd2', 171: b'>\xf5*\xce\xa2\xe2', 173: b'd\xd1\xaaR\xa5\x1d', 183: b'\x0c\xb4Y\x8apC'} >>> gfshare.combine(shares) b"secret"

After removing two "shares" we can still reconstruct the secret as we have 3 out of the 5 originals:

>>> del shares['104'] >>> del shares['171'] >>> gfshare.combine(shares) b"secret"

Under the hood it uses Daniel Silverstone’s libgfshare library. The source code is available on GitHub as is the documentation.

Patches welcome.

Categories: LUG Community Blogs

Daniel Silverstone (Kinnison): F/LOSS (in)activity, September 2017

Planet ALUG - Wed, 04/10/2017 - 12:53

In the interests of keeping myself "honest" regarding F/LOSS activity, here's a report, sadly it's not very good.

Unfortunately, September was a poor month for me in terms of motivation and energy for F/LOSS work. I did some amount of Gitano work, merging a patch from Richard Ipsum for help text of the config command. I also submitted another patch to the STM32F103xx Rust repository, though it wasn't a particularly big thing. Otherwise I've been relatively quiet on the Rust/USB stuff and have otherwise kept away from projects.

Sometimes one needs to take a step away from things in order to recuperate and care for oneself rather than the various demands on ones time. This is something I had been feeling I needed for a while, and with a lack of motivation toward the start of the month I gave myself permission to take a short break.

Next weekend is the next Gitano developer day and I hope to pick up my activity again then, so I should have more to report for October.

Categories: LUG Community Blogs

Chris Lamb: Free software activities in September 2017

Planet ALUG - Sat, 30/09/2017 - 18:31

Here is my monthly update covering what I have been doing in the free software world in September 2017 (previous month):

  • Submitted a pull request to Quadrapassel (the Gnome version of Tetris) to start a new game when the pause button is pressed outside of a game. This means you would no longer have to use the mouse to start a new game. [...]
  • Made a large number of improvements to AptFS — my FUSE-based filesystem that provides a view on unpacked Debian source packages as regular folders — including moving away from manual parsing of package lists [...] and numerous code tidying/refactoring changes.
  • Sent a small patch to django-sitetree, a Django library for menu and breadcrumb navigation elements to not mask test exit codes from the surrounding shell. [...]
  • Updated travis.debian.net, my hosted service for projects that host their Debian packaging on GitHub to use the Travis CI continuous integration platform to test builds:
    • Add support for "sloppy" backports. Thanks to Bernd Zeimetz for the idea and ongoing testing. [...]
    • Merged a pull request from James McCoy to pass DEB_BUILD_PROFILES through to the build. [...]
    • Workaround Travis CI's HTTP proxy which does not appear to support SRV records. [...]
    • Run debc from devscripts if the build was successful [...] and output the .buildinfo file if it exists [...].
  • Fixed a few issues in local-debian-mirror, my package to easily maintain and customise a local Debian mirror via the DebConf configuration tool:
    • Fix an issue where file permissions from the remote could result in a local archive that was impossible to access. [...]
    • Clear out empty directories on the local repository. [...]
  • Updated django-staticfiles-dotd, my Django staticfiles adaptor to concatentate static media in .d-style directories to support Python 3.x by using bytes objects (commit) and move away from monkeypatch as it does not have a Python 3.x port yet (commit).
  • I also posted a short essay to my blog entitled "Ask the Dumb Questions" as well as provided an update on the latest Lintian release.
Reproducible builds

Whilst anyone can inspect the source code of free software for malicious flaws, most software is distributed pre-compiled to end users.

The motivation behind the Reproducible Builds effort is to allow verification that no flaws have been introduced — either maliciously or accidentally — during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.

I have generously been awarded a grant from the Core Infrastructure Initiative to fund my work in this area.

This month I:

  • Published a short blog post about how to determine which packages on your system are reproducible. [...]
  • Submitted a pull request for Numpy to make the generated config.py files reproducible. [...]
  • Provided a patch to GTK upstream to ensure the immodules.cache files are reproducible. [...]
  • Within Debian:
    • Updated isdebianreproducibleyet.com, moving it to HTTPS, adding cachebusting as well as keeping the number up-to-date.
    • Submitted the following patches to fix reproducibility-related toolchain issues:
      • gdk-pixbuf: Make the output of gdk-pixbuf-query-loaders reproducible. (#875704)
      • texlive-bin: Make PDF IDs reproducible. (#874102)
    • Submitted a patch to fix a reproducibility issue in doit.
  • Categorised a large number of packages and issues in the Reproducible Builds "notes" repository.
  • Chaired our monthly IRC meeting. [...]
  • Worked on publishing our weekly reports. (#123, #124, #125, #126 & #127)


I also made the following changes to our tooling:

reproducible-check

reproducible-check is our script to determine which packages actually installed on your system are reproducible or not.

  • Handle multi-architecture systems correctly. (#875887)
  • Use the "restricted" data file to mask transient issues. (#875861)
  • Expire the cache file after one day and base the local cache filename on the remote name. [...] [...]

I also blogged about this utility. [...]

diffoscope

diffoscope is our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues.

  • Filed an issue attempting to identify the causes behind an increased number of timeouts visible in our CI infrastructure, including running a number of benchmarks of recent versions. (#875324)
  • New features:
    • Add "binwalking" support to analyse concatenated CPIO archives such as initramfs images. (#820631).
    • Print a message if we are reading data from standard input. [...]
  • Bug fixes:
    • Loosen matching of file(1)'s output to ensure we correctly also match TTF files under file version 5.32. [...]
    • Correct references to path_apparent_size in comparators.utils.file and self.buf in diffoscope.diff. [...] [...]
  • Testing:
    • Make failing some critical flake8 tests result in a failed build. [...]
    • Check we identify all CPIO fixtures. [...]
  • Misc:
    • No need for try-assert-except block in setup.py. [...]
    • Compare types with identity not equality. [...] [...]
    • Use logging.py's lazy argument interpolation. [...]
    • Remove unused imports. [...]
    • Numerous PEP8, flake8, whitespace, other cosmetic tidy-ups.

strip-nondeterminism

strip-nondeterminism is our tool to remove specific non-deterministic results from a completed build.

  • Log which handler processed a file. (#876140). [...]

disorderfs

disorderfs is our FUSE-based filesystem that deliberately introduces non-determinism into directory system calls in order to flush out reproducibility issues.



Debian

My activities as the current Debian Project Leader are covered in my monthly "Bits from the DPL" email to the debian-devel-announce mailing list.

Lintian

I made a large number of changes to Lintian, the static analysis tool for Debian packages. It reports on various errors, omissions and general quality-assurance issues to maintainers:

I also blogged specifically about the Lintian 2.5.54 release.

Patches contributed
  • debconf: Please add a context manager to debconf.py. (#877096)
  • nm.debian.org: Add pronouns to ALL_STATUS_DESC. (#875128)
  • user-setup: Please drop set_special_users hack added for "the convenience of heavy testers". (#875909)
  • postgresql-common: Please update README.Debian for PostgreSQL 10. (#876438)
  • django-sitetree: Should not mask test failures. (#877321)
  • charmtimetracker:
    • Missing binary dependency on libqt5sql5-sqlite. (#873918)
    • Please drop "Cross-Platform" from package description. (#873917)

I also submitted 5 patches for packages with incorrect calls to find(1) in debian/rules against hamster-applet, libkml, pyferret, python-gssapi & roundcube.

Debian LTS

This month I have been paid to work 15¾ hours on Debian Long Term Support (LTS). In that time I did the following:

  • "Frontdesk" duties, triaging CVEs, etc.
  • Documented an example usage of autopkgtests to test security changes.
  • Issued DLA 1084-1 and DLA 1085-1 for libidn and libidn2-0 to fix an integer overflow vulnerabilities in Punycode handling.
  • Issued DLA 1091-1 for unrar-free to prevent a directory traversal vulnerability from a specially-crafted .rar archive. This update introduces an regression test.
  • Issued DLA 1092-1 for libarchive to prevent malicious .xar archives causing a denial of service via a heap-based buffer over-read.
  • Issued DLA 1096-1 for wordpress-shibboleth, correcting an cross-site scripting vulnerability in the Shibboleth identity provider module.
Uploads
  • python-django:
    • 1.11.5-1 — New upstream security release. (#874415)
    • 1.11.5-2 — Apply upstream patch to fix QuerySet.defer() with "super" and "subclass" fields. (#876816)
    • 2.0~alpha1-2 — New upstream alpha release of Django 2.0, dropping support for Python 2.x.
  • redis:
    • 4.0.2-1 — New upstream release.
    • 4.0.2-2 — Update 0004-redis-check-rdb autopkgtest test to ensure that the redis.rdb file exists before testing against it.
    • 4.0.2-2~bpo9+1 — Upload to stretch-backports.
  • aptfs (0.11.0-1) — New upstream release, moving away from using /var/lib/apt/lists internals. Thanks to Julian Andres Klode for a helpful bug report. (#874765)
  • lintian (2.5.53, 2.5.54) — New upstream releases. (Documented in more detail above.)
  • bfs (1.1.2-1) — New upstream release.
  • docbook-to-man (1:2.0.0-39) — Tighten autopkgtests and enable testing via travis.debian.net.
  • python-daiquiri (1.3.0-1) — New upstream release.

I also made the following non-maintainer uploads (NMUs):

  • vimoutliner (0.3.4+pristine-9.3):
    • Make the build reproducible. (#776369)
    • Expand placeholders in Debian.README. (#575142, #725634)
    • Recommend that the ftplugin is enabled. (#603115)
    • Correct "is not enable" typo.
  • bittornado (0.3.18-10.3):
    • Make the build reproducible. (#796212).
    • Add missing Build-Depends on dh-python.
  • dtc-xen (0.5.17-1.1):
    • Make the build reproducible. (#777322)
    • Add missing Build-Depends on dh-python.
  • dict-gazetteer2k (1.0.0-5.4):
    • Make the build reproducible. (#776376).
    • Override empty-binary-packagea Lintian warning to avoid dak autoreject.
  • cgilib (0.6-1.1) — Make the build reproducible. (#776935)
  • dhcping (1.2-4.2) — Make the build reproducible. (#777320)
  • dict-moby-thesaurus (1.0-6.4) — Make the build reproducible. (#776375)
  • dtaus (0.9-1.1) — Make the build reproducible. (#777321)
  • fastforward (1:0.51-3.2) — Make the build reproducible. (#776972)
  • wily (0.13.41-7.3) — Make the build reproducible. (#777360)
Debian bugs filed
  • clipit: Please choose a sensible startup default in "live" mode. (#875903)
  • git-buildpackage: Please add a --reset option to gbp pull. (#875852)
  • bluez: Please default Device "friendly name" to hostname without domain. (#874094)
  • bugs.debian.org: Please explicitly link to {packages,tracker}.debian.org. (#876746)
  • Requests for packaging:
    • selfspy — log everything you do on the computer. (#873955)
    • shoogle — use the Google API from the shell. (#873916)
FTP Team

As a Debian FTP assistant I ACCEPTed 86 packages: bgw-replstatus, build-essential, caja-admin, caja-rename, calamares, cdiff, cockpit, colorized-logs, comptext, comptty, copyq, django-allauth, django-paintstore, django-q, django-test-without-migrations, docker-runc, emacs-db, emacs-uuid, esxml, fast5, flake8-docstrings, gcc-6-doc, gcc-7-doc, gcc-8, golang-github-go-logfmt-logfmt, golang-github-google-go-cmp, golang-github-nightlyone-lockfile, golang-github-oklog-ulid, golang-pault-go-macchanger, h2o, inhomog, ip4r, ldc, libayatana-appindicator, libbson-perl, libencoding-fixlatin-perl, libfile-monitor-lite-perl, libhtml-restrict-perl, libmojo-rabbitmq-client-perl, libmoosex-types-laxnum-perl, libparse-mime-perl, libplack-test-agent-perl, libpod-projectdocs-perl, libregexp-pattern-license-perl, libstring-trim-perl, libtext-simpletable-autowidth-perl, libvirt, linux, mac-fdisk, myspell-sq, node-coveralls, node-module-deps, nov-el, owncloud-client, pantomime-clojure, pg-dirtyread, pgfincore, pgpool2, pgsql-asn1oid, phpliteadmin, powerlevel9k, pyjokes, python-evdev, python-oslo.db, python-pygal, python-wsaccel, python3.7, r-cran-bindrcpp, r-cran-dotcall64, r-cran-glue, r-cran-gtable, r-cran-pkgconfig, r-cran-rlang, r-cran-spatstat.utils, resolvconf-admin, retro-gtk, ring-ssl-clojure, robot-detection, rpy2-2.8, ruby-hocon, sass-stylesheets-compass, selinux-dbus, selinux-python, statsmodels, webkit2-sharp & weston.

I additionally filed 4 RC bugs against packages that had incomplete debian/copyright files against: comptext, comptext, ldc & python-oslo.concurrency.

Categories: LUG Community Blogs

Mick Morgan: geeks rule

Planet ALUG - Sat, 30/09/2017 - 14:28

Well, sliderule, actually.

The ‘net is a truly wondrous space. I can’t recall exactly how I stumbled across the “International Sliderule Museum” but it is such a wonderful resource devoted to a tool which most people under the age of 40 will never have used that I just had to post a link to it.

Enjoy.

Categories: LUG Community Blogs

Monthly meeting

West Yorkshire LUG News - Tue, 29/08/2017 - 18:08

Discuss what’s news in IT,
make plans for Wuthering Bytes,
ask for & provide computer assistance
bring a daft Penguin Mascot
at The Lord Darcy 7:30pm ish This Thursday (31st)

Bring-A-Box, Saturday 11 June 2016, All Saints, Mitcham

Surrey LUG - Fri, 15/04/2016 - 18:54
Start: 2016-06-11 12:00 End: 2016-06-11 12:00

We have regular sessions on the second Saturday of each month. Bring a 'box', bring a notebook, bring anything that might run Linux, or just bring yourself and enjoy socialising/learning/teaching or simply chilling out!

This month's meeting is at the All Saints Centre, Mitcham, Surrey.  CR4 4JN

New members are very welcome. We're not a cliquey bunch, so you won't feel out of place! Usually between 15 and 30 people come along.

Categories: LUG Community Blogs
Syndicate content