The disease stiffened and carried off three or four patients who were expected to recover. These were the unfortunates of the plague, those whom it killed when hope was high

Small, podgy, and at best middle-aged, Smiley was by appearance one of London's meek who do not inherit the earth. His legs were short, his gait anything but agile, his dress costly, ill-fitting, and extremely wet.

Perhaps his life might have veered elsewhere if the US government had opened the country to colored advancement like they opened the army. But it was one thing to allow someone to kill for you and another to let him live next door.

The Daily News review described the [Manhattan restaurant] as nouveau Southern, "down-home plates with a twist." What was the twist that it was soul food made by white people?

"Earlier tonight I gave some thought to stealing a kiss from you, though you are very young, and sick and unattractive to boot, but now I am of a mind to give you five or six good licks with my belt." "One would be as unpleasant as the other."

We're accustomed to worrying about AI systems being built that will either "go rogue" and attack us, or succeed us in a bizarre evolution of, um, evolution what we didn't reckon on is the sheer inscrutability of these manufactured minds. And minds is not a misnomer. How else should we think about the neural network Google has built so its translator can model the interrelation of all words in all languages, in a kind of three-dimensional "semantic space"?

A better proxy for your life isn't your first home, but your last. Where you draw your last breath is more meaningful, as it's a reflection of your success and, more important, the number of people who care about your well-being. Your first house signals the meaningful your future and possibility. Your last home signals the profound the people who love you. Where you die, and who is around you at the end, is a strong signal of your success or failure in life.

• Nodes announce a variety of information essential to the DHT s function including their unique node identifiers (PeerIDs) and the CIDs of data that they re providing and because of this, information about which nodes are retrieving and/or reproviding which CIDs is publicly available.
• those DHT queries happen in public. Because of this, it s possible that third parties could be monitoring this traffic to determine what CIDs are being requested, when, and by whom.
• nodes unique identifiers are themselves public your PeerID is still a long-lived, unique identifier for your node. Keep in mind that it s possible to do a DHT lookup on your PeerID and, particularly if your node is regularly running from the same location (like your home), find your IP address Additionally, longer-term monitoring of the public IPFS network could yield information about what CIDs your node is requesting and/or reproviding and when.

• Synapse, the only currently viable Matrix server, is not ready. My Matrix instance hosts ONE person, me. Synapse uses many GB of RAM and 10+GB of disk space. Despite extensive tuning, nothing helped much. It s caused OOMs more than once. It can t be hosted on a Raspberry Pi or even one of the cheaper VPSs.
• Now then, how about choosing a Matrix instance? Well, you could just tell a person to use matrix.org. But then it spent a good portion of last year unable to federate with other popular nodes due to Synapse limitations. Or you could pick a random node, but will it be up when someone needs to say my car broke down? Some are run from a dorm computer, some by a team in a datacenter, some by one person with EC2, and you can t really know. Will your homeserver be stable and long-lived? Hard to say.
• Voice and video calling are not there yet in Matrix. Matrix has two incompatible video calling methods (Jitsi and built-in), neither work consistently well, both are hard to manage, and both have NAT challenges.
• Matrix is so hard to set up on a server that there is matrix-docker-ansible-deploy. This makes it much better, but it is STILL terribly hard to deploy, and very simple things like how do I delete a user or let me shrink down this 30GB database are barely there yet, if at all.
• Encryption isn t mandatory in Matrix. E2EE has been getting dramatically better in the last few releases, but it is still optional, especially for what people would call group chats (rooms). Signal is ALWAYS encrypted. Always. (Unless, I guess, you set it as your SMS provider on Android). You ve got to take the responsibility off the user to verify encryption status, and instead make it the one and only way to use the ecosystem.

• Dead-simple setup
• Store-and-forward delivery (devices need not be online simultaneously)
• Encrypted everything, including voice and video calls, and the ability to send photos and video encrypted

• [DLA 2489-1] minidlna security update for two CVEs
• [DLA 2490-1] x11vnc security update for one CVE
• [DLA 2501-1] influxdb security update for one CVE
• [DLA 2511-1] highlight.js security update for one CVE

• ELA-341-1 for highlight.js

• golang-github-cyberdelia-heroku-go
• golang-github-rivo-uniseg
• golang-github-dchest-uniuri
• golang-github-deanthompson-ginpprof
• golang-github-cnf-structhash
• golang-github-dreamitgetit-statuscake
• golang-github-gin-contrib-static
• golang-github-grafana-grafana-plugin-model
• golang-github-hashicorp-terraform-svchost
• golang-github-jesseduffield-pty
• golang-github-vividcortex-mysqlerr
• golang-github-zorkian-go-datadog-api
• golang-github-zenazn-goji
• golang-github-suapapa-go-eddystone
• golang-github-uber-go-atomic
• golang-github-rhnvrm-simples3
• golang-github-ua-parser-uap-go
• golang-github-hashicorp-go-slug
• astronomical-almanac
• meep
• meep-mpi-default
• meep-openmpi
• mpb
• nuspell
• osmo-msc
• osmo-bts
• libosmocore

• entropybroker
• chktex
• osmo-pcu
• libosmo-netif
• libosmo-sccp
• osmo-bsc
• osmo-sgsn
• osmo-ggsn
• osmo-pcu
• osmo-trx
• libsmpp34
• osmo-hlr
• osmo-mgw
• openbsc
• osmo-iuh
• osmo-bts
• osmo-msc
• libosmo-abis
• golang-gopkg-go-playground-colors.v1

• pescetti
• rplay
• setserial
• siggen
• te923con
• sshesame
• feynmf
• pywws
• golang-github-wildducktheories-go-csv

• golang-github-jesseduffield-termbox-go
• golang-github-mgutz-str
• golang-github-ua-parser-uap-go
• golang-github-rivo-uniseg

• golang-github-go-chi-chi
• golang-github-hashicorp-go-azure-helpers
• golang-github-mitch000001-go-hbci
• golang-github-go-chi-cors
• golang-github-fvbommel-sortorder
• golang-github-goburrow-modbus
• golang-github-hashicorp-go-tfe
• golang-github-zclconf-go-cty-yaml
• golang-github-go-chi-chi

• launch applications
• switch between running applications and close them
• lock and unlock the screen
• display status information (e.g. network connectivity, battery level)
• provide quick access to things like torch or Bluetooth
• show notifications

phoc -E 'gnome-session --session=phosh'

• phosh - the graphical shell
• phoc - the compositor
• squeekboard - the on screen keyboard
• phosh.session: The session that ties these and GNOME together

nncp:
  debug_print = "T: nncp transport for $local_part@$domain"
  driver = pipe
  user = nncp
  batch_max = 100
  use_bsmtp
  command = /usr/local/nncp/bin/nncp-exec -noprogress -quiet hostname_goes_here rsmtp
.ifdef REMOTE_SMTP_HEADERS_REWRITE
  headers_rewrite = REMOTE_SMTP_HEADERS_REWRITE
.endif
.ifdef REMOTE_SMTP_RETURN_PATH
  return_path = REMOTE_SMTP_RETURN_PATH
.endif

      exec:  
        rsmtp: ["/usr/sbin/sendmail", "-bS"]
       

• [DLA 2446-1] moin security update for two CVEs
• [DLA 2451-1] libvncserver security update for one CVE
• [DLA 2459-1] golang-1.7 security update for two CVEs
• [DLA 2460-1] golang-1.8 security update for three CVEs
• [DLA 2468-1] tcpflow security update for one CVE
• [DLA 2469-1] qemu security update for five CVEs

• ELA-319-1 for libass
• ELA-320-1 for tcpflow
• ELA-321-1 for qemu

• golang-github-apparentlymart-go-cidr
• golang-github-apparentlymart-go-versions
• golang-github-bmatcuk-doublestar
• golang-github-cactus-go-statsd-client
• golang-github-cyberdelia-heroku-go
• golang-github-gin-contrib-cors
• golang-github-gin-contrib-gzip
• golang-github-jarcoal-httpmock
• golang-github-mattetti-filebuffer
• golang-github-nrdcg-goinwx
• golang-github-phpdave11-gofpdi
• golang-github-terra-farm-udnssdk
• meep
• golang-github-rs-zerolog

• libctl

• bottlerocket
• ent
• golang-github-abdullin-seq
• golang-github-bruth-assert
• golang-github-cnf-structhash
• golang-github-crossdock-crossdock-go
• golang-github-dchest-uniuri
• golang-github-deanthompson-ginpprof
• golang-github-dreamitgetit-statuscake
• golang-github-facebookgo-inject
• golang-github-facebookgo-structtag
• golang-github-gin-contrib-static
• golang-github-goji-httpauth
• golang-github-grafana-grafana-plugin-model
• golang-github-hansrodtang-randomcolor
• golang-github-hashicorp-terraform-svchost
• golang-github-icrowley-fake
• golang-github-jackc-fake
• golang-github-joyent-gocommon
• golang-github-joyent-gosdc
• golang-github-joyent-gosign
• golang-github-mitchellh-go-linereader
• golang-github-paypal-gatt
• golang-github-pearkes-cloudflare
• golang-github-pearkes-dnsimple
• golang-github-robfig-go-cache
• golang-github-sean pager
• golang-github-sean seed
• golang-github-shurcool-gopherjslib
• golang-github-vividcortex-mysqlerr
• golang-github-xlab-handysort
• golang-github-yudai-golcs
• golang-github-yvasiyarov-newrelic-platform-go
• golang-github-zenazn-goji
• golang-github-rs-xid

• golang-github-rhnvrm-simples3
• golang-github-ua-parser-uap-go
• golang-github-knadh-koanf

- name: create a device in NetBox
  netbox_device:
    netbox_url: http://netbox.local
    netbox_token: s3cret
    data:
      name: to3-p14.sfo1.example.com
      device_type: QFX5110-48S
      device_role: Compute Switch
      site: SFO1

Code The module has the following signature and it syncs NetBox with the content of the provided YAML file:

netbox_sync:
  source: netbox.yaml
  api: https://netbox.example.com
  token: s3cret

The synchronized objects are:

• sites,
• manufacturers,
• device types,
• device roles,
• devices, and
• IP addresses.

In our environment, the YAML file is generated from our configuration management database and contains a set of devices and a list of IP addresses:

devices:
  ad2-p6.sfo1.example.com:
     datacenter: sfo1
     manufacturer: Cisco
     model: Catalyst 2960G-48TC-L
     role: net_tor_oob_switch
  to1-p6.sfo1.example.com:
     datacenter: sfo1
     manufacturer: Juniper
     model: QFX5110-48S
     role: net_tor_gpu_switch
# [ ]
ips:
  - device: ad2-p6.example.com
    ip: 172.31.115.18/21
    interface: oob
  - device: to1-p6.example.com
    ip: 172.31.115.33/21
    interface: oob
  - device: to1-p6.example.com
    ip: 172.31.254.33/32
    interface: lo0.0
# [ ]

The network team is not the sole tenant in NetBox. While adding new objects or modifying existing ones should be relatively safe, deleting unwanted objects can be risky. The module only deletes objects it did create or modify. To identify them, it marks them with a specific tag, cmdb. Most objects in NetBox accept tags.

Module definition Starting from the skeleton described in the previous article, we define the module:

module_args = dict(
    source=dict(type='path', required=True),
    api=dict(type='str', required=True),
    token=dict(type='str', required=True, no_log=True),
    max_workers=dict(type='int', required=False, default=10)
)
result = dict(
    changed=False
)
module = AnsibleModule(
    argument_spec=module_args,
    supports_check_mode=True
)

It contains an additional optional arguments defining the number of workers to talk to NetBox and query the existing objects in parallel to speedup the execution.

Abstracting synchronization We need to synchronize different object types, but once we have a list of objects we want in NetBox, the grunt work is always the same:

• check if the objects already exist,
• retrieve them and put them in a form suitable for comparison,
• retrieve the extra objects we don t want anymore,
• compare the two sets, and
• add missing objects, update existing ones, delete extra ones.

We code these behaviours into a Synchronizer abstract class. For each kind of object, a concrete class is built with the appropriate class attributes to tune its behaviour and a wanted() method to provide the objects we want. I am not explaining the abstract class code here. Have a look at the source if you want.

Synchronizing tags and tenants As a starter, here is how we define the class synchronizing the tags:

class SyncTags(Synchronizer):
    app = "extras"
    table = "tags"
    key = "name"
    def wanted(self):
        return  "cmdb": dict(
            slug="cmdb",
            color="8bc34a",
            description="synced by network CMDB") 

The app and table attributes defines the NetBox objects we want to manipulate. The key attribute is used to determine how to lookup for existing objects. In this example, we want to lookup tags using their names. The wanted() method is expected to return a dictionary mapping object keys to the list of wanted attributes. Here, the keys are tag names and we create only one tag, cmdb, with the provided slug, color and description. This is the tag we will use to mark the objects we create or modify. If the tag does not exist, it is created. If it exists, the provided attributes are updated. Other attributes are left untouched. We also want to create a specific tenant for objects accepting such an attribute (devices and IP addresses):

class SyncTenants(Synchronizer):
    app = "tenancy"
    table = "tenants"
    key = "name"
    def wanted(self):
        return  "Network": dict(slug="network",
                                description="Network team") 

Synchronizing sites We also need to synchronize the list of sites. This time, the wanted() method uses the information provided in the YAML file: it walks the devices and builds a set of datacenter names.

class SyncSites(Synchronizer):
    app = "dcim"
    table = "sites"
    key = "name"
    only_on_create = ("status", "slug")
    def wanted(self):
        result = set(details["datacenter"]
                     for details in self.source['devices'].values()
                     if "datacenter" in details)
        return  k: dict(slug=k,
                        status="planned")
                for k in result 

Thanks to the use of the only_on_create attribute, the specified attributes are not updated if they are different. The goal of this synchronizer is mostly to collect the references to the different sites for other objects.

>>> pprint(SyncSites(**sync_args).wanted())
 'sfo1':  'slug': 'sfo1', 'status': 'planned' ,
 'chi1':  'slug': 'chi1', 'status': 'planned' ,
 'nyc1':  'slug': 'nyc1', 'status': 'planned' 

Synchronizing manufacturers, device types and device roles The synchronization of manufacturers is pretty similar, except we do not use the only_on_create attribute:

class SyncManufacturers(Synchronizer):
    app = "dcim"
    table = "manufacturers"
    key = "name"
    def wanted(self):
        result = set(details["manufacturer"]
                     for details in self.source['devices'].values()
                     if "manufacturer" in details)
        return  k:  "slug": slugify(k) 
                for k in result 

Regarding the device types, we use the foreign attribute linking a NetBox attribute to the synchronizer handling it.

class SyncDeviceTypes(Synchronizer):
    app = "dcim"
    table = "device_types"
    key = "model"
    foreign =  "manufacturer": SyncManufacturers 
    def wanted(self):
        result = set((details["manufacturer"], details["model"])
                     for details in self.source['devices'].values()
                     if "model" in details)
        return  k[1]: dict(manufacturer=k[0],
                           slug=slugify(k[1]))
                for k in result 

The wanted() method refers to the manufacturer using its key attribute. In this case, this is the manufacturer name.

>>> pprint(SyncManufacturers(**sync_args).wanted())
 'Cisco':  'slug': 'cisco' ,
 'Dell':  'slug': 'dell' ,
 'Juniper':  'slug': 'juniper' 
>>> pprint(SyncDeviceTypes(**sync_args).wanted())
 'ASR 9001':  'manufacturer': 'Cisco', 'slug': 'asr-9001' ,
 'Catalyst 2960G-48TC-L':  'manufacturer': 'Cisco',
                           'slug': 'catalyst-2960g-48tc-l' ,
 'MX10003':  'manufacturer': 'Juniper', 'slug': 'mx10003' ,
 'QFX10002-36Q':  'manufacturer': 'Juniper', 'slug': 'qfx10002-36q' ,
 'QFX10002-72Q':  'manufacturer': 'Juniper', 'slug': 'qfx10002-72q' ,
 'QFX5110-32Q':  'manufacturer': 'Juniper', 'slug': 'qfx5110-32q' ,
 'QFX5110-48S':  'manufacturer': 'Juniper', 'slug': 'qfx5110-48s' ,
 'QFX5200-32C':  'manufacturer': 'Juniper', 'slug': 'qfx5200-32c' ,
 'S4048-ON':  'manufacturer': 'Dell', 'slug': 's4048-on' ,
 'S6010-ON':  'manufacturer': 'Dell', 'slug': 's6010-on' 

The device roles are defined like this:

class SyncDeviceRoles(Synchronizer):
    app = "dcim"
    table = "device_roles"
    key = "name"
    def wanted(self):
        result = set(details["role"]
                     for details in self.source['devices'].values()
                     if "role" in details)
        return  k: dict(slug=slugify(k),
                        color="8bc34a")
                for k in result 

Synchronizing devices A device is mostly a name with references to a role, a model, a datacenter and a tenant. These references are declared as foreign keys using the synchronizers defined previously.

class SyncDevices(Synchronizer):
    app = "dcim"
    table = "devices"
    key = "name"
    foreign =  "device_role": SyncDeviceRoles,
               "device_type": SyncDeviceTypes,
               "site": SyncSites,
               "tenant": SyncTenants 
    remove_unused = 10
    def wanted(self):
        return  name: dict(device_role=details["role"],
                           device_type=details["model"],
                           site=details["datacenter"],
                           tenant="Network")
                for name, details in self.source['devices'].items()
                if  "datacenter", "model", "role"  <= set(details.keys()) 

The remove_unused attribute is a safety implemented to fail if we have to delete more than 10 devices: this may be the indication there is a bug somewhere, unless one of your datacenter suddenly caught fire.

>>> pprint(SyncDevices(**sync_args).wanted())
 'ad2-p6.sfo1.example.com':  'device_role': 'net_tor_oob_switch',
                             'device_type': 'Catalyst 2960G-48TC-L',
                             'site': 'sfo1',
                             'tenant': 'Network' ,
 'to1-p6.sfo1.example.com':  'device_role': 'net_tor_gpu_switch',
                             'device_type': 'QFX5110-48S',
                             'site': 'sfo1',
                             'tenant': 'Network' ,
[ ]

Synchronizing IP addresses The last step is to synchronize IP addresses. We do not attach them to a device.² Instead, we specify the device names in the description of the IP address:

class SyncIPs(Synchronizer):
    app = "ipam"
    table = "ip-addresses"
    key = "address"
    foreign =  "tenant": SyncTenants 
    remove_unused = 1000
    def wanted(self):
        wanted =  
        for details in self.source['ips']:
            if details['ip'] in wanted:
                wanted[details['ip']]['description'] = \
                    f" details['device']  (and others)"
            else:
                wanted[details['ip']] = dict(
                    tenant="Network",
                    status="active",
                    dns_name="",        # information is present in DNS
                    description=f" details['device'] :  details['interface'] ",
                    role=None,
                    vrf=None)
        return wanted

There is a slight difficulty: NetBox allows duplicate IP addresses, so a simple lookup is not enough. In case of multiple matches, we choose the best by preferring those tagged with cmdb, then those already attached to an interface:

def get(self, key):
    """Grab IP address from NetBox."""
    # There may be duplicate. We need to grab the "best".
    results = super(Synchronizer, self).get(key)
    if len(results) == 0:
        return None
    if len(results) == 1:
        return results[0]
    scores = [0]*len(results)
    for idx, result in enumerate(results):
        if "cmdb" in result.tags:
            scores[idx] += 10
        if result.interface is not None:
            scores[idx] += 5
    return sorted(zip(scores, results),
                  reverse=True, key=lambda k: k[0])[0][1]

Getting the current and wanted states Each synchronizer is initialized with a reference to the Ansible module, a reference to a pynetbox s API object, the data contained in the provided YAML file and two empty dictionaries for the current and expected states:

source = yaml.safe_load(open(module.params['source']))
netbox = pynetbox.api(module.params['api'],
                      token=module.params['token'])
sync_args = dict(
    module=module,
    netbox=netbox,
    source=source,
    before= ,
    after= 
)
synchronizers = [synchronizer(**sync_args) for synchronizer in [
    SyncTags,
    SyncTenants,
    SyncSites,
    SyncManufacturers,
    SyncDeviceTypes,
    SyncDeviceRoles,
    SyncDevices,
    SyncIPs
]]

Each synchronizer has a prepare() method whose goal is to compute the current and wanted states. It returns True in case of a difference:

# Check what needs to be synchronized
try:
    for synchronizer in synchronizers:
        result['changed']  = synchronizer.prepare()
except AnsibleError as e:
    result['msg'] = e.message
    module.fail_json(**result)

Applying changes Back to the skeleton described in the previous article, the last step is to apply the changes if there is a difference between these states. Each synchronizer registers the current and wanted states in sync_args["before"][table] and sync_args["after"][table] where table is the name of the table for a given NetBox object type. The diff object is a bit elaborate as it is built table by table. This enables Ansible to display the name of each table before the diff representation:

# Compute the diff
if module._diff and result['changed']:
    result['diff'] = [
        dict(
            before_header=table,
            after_header=table,
            before=yaml.safe_dump(sync_args["before"][table]),
            after=yaml.safe_dump(sync_args["after"][table]))
        for table in sync_args["after"]
        if sync_args["before"][table] != sync_args["after"][table]
    ]
# Stop here if check mode is enabled or if no change
if module.check_mode or not result['changed']:
    module.exit_json(**result)

Each synchronizer also exposes a synchronize() method to apply changes and a cleanup() method to delete unwanted objects. Order is important due to the relation between the objects.

# Synchronize
for synchronizer in synchronizers:
    synchronizer.synchronize()
for synchronizer in synchronizers[::-1]:
    synchronizer.cleanup()
module.exit_json(**result)

---

The complete code is available on GitHub. Compared to using netbox.netbox collection, the logic is written in Python instead of trying to glue Ansible tasks together. I believe this is both more flexible and easier to read, notably when trying to delete outdated objects. While I did not test it, it should also be faster. An alternative would have been to reuse code from the netbox.netbox collection, as it contains similar primitives. Unfortunately, I didn t think of it until now.

---

1. In my opinion, a good option for a source of truth is to use YAML files in a Git repository. You get versioning for free and people can get started with a text editor.
2. This limitation is mostly due to laziness: we do not really care about this information. Our main motivation for putting IP addresses in NetBox is to keep track of the used IP addresses. However, if an IP address is already attached to an interface, we leave this association untouched.

2020, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 4.0 License.

• LoopDocs: https://github.com/LoopKit/loopdocs/pull/191
• Nightscout: https://github.com/nightscout/cgm-remote-monitor/pull/5893

Setting up Nightscout If you want to setup Nightscout from scratch using MongoDB Atlas, please follow this modified guide. However, note that you will have to make one modification to the steps in the guide. At the start of Step 4, you will need to go to this repository instead: https://github.com/aviau/cgm-remote-monitor. This is my own version of Nightscout and it contains small modifications that will allow you to set it up with MongoDB Atlas easily. I will keep this blog post updated as I receive feedback. Come back here for more instructions.

# Set default for From: for replyes for alternates.
set reverse_name

• Update router/200_exim4-config_primary by overwriting it with newer router/200_exim4-config_primary
• Add transport/30_exim4-config_remote_smtp_submission and transport/30_exim4-config_remote_smtp_submission
• Update auth/30_exim4-config_examples by overwriting with newer auth/30_exim4-config_examples
• Read passwd.client to set up multiple SMTP message submission host accounts.
• Read README.ssh for how to set up mail to be sent over to the shell account via ssh.

 .ifndef NO_EAA_REWRITE_REWRITE
*@+local_domains "$ lookup $ local_part lsearch /etc/email-addresses \
                   $value fail " f
# identical rewriting rule for /etc/mailname
*@ETC_MAILNAME "$ lookup $ local_part lsearch /etc/email-addresses \
                   $value fail " f
.endif
* "$h_from:" Frs

Debian

This was my 17th month of contributing to Debian. I became a DM in late March last year and a DD last Christmas! \o/ Well, this month I didn t do a lot of Debian stuff, like I usually do, however, I did a lot of things related to Debian (indirectly via GSoC)! Anyway, here are the following things I did this month:

Uploads and bug fixes:

• rails (2:6.0.3.2+dfsg-1) - Fix CVE-2020-8185 (Closes #964081).
• ruby-rubocop-packaging (0.1.1-1) - Fix blank file issue.
• micro (2.0.6-2~bpo10+1) - Backport new upstream version.
• ruby2.5 (2.5.5-3+deb10u2) - Fix CVE-2020-10663 and CVE-2020-10933.
• djangorestframework-api-key (2.0.0-2) - Fix #956920.
• golang-golang-x-text (0.3.3-1~bpo10+1) - Backport CVE-2020-14040 fix to Buster.
• ruby-growl (4.1+dfsg-2) - Source-only upload.
• ruby-iso8601 (0.13.0-1) - New upstream version, drop patches as they re merged upstream.
• sup-mail (1.0-1) - Re-introduce sup-mail to the Debian archive.
• ruby-rubocop-packaging (0.2.0-1) - New version for the RelativeRequireToLib cop.
• ruby-rubocop-ast (0.1.0-2) - Source-only upload.
• ruby-rubocop-rspec (1.42.0-1) - Fixing FTBFS with RuboCop v0.88.0 via v1.42.0.
• ruby-rubocop-performance (1.7.1-1) - Fixing FTBFS with RuboCop v0.88.0 via v1.7.1.

Other $things:

• Mentoring for newcomers.
• FTP Trainee reviewing.
• Moderation of -project mailing list.
• Sponsored php-twig for William, ruby-growl, ruby-xmpp4r, and uby-uniform-notifier for Cocoa, sup-mail for Iain, and node-markdown-it for Sakshi.

---

GSoC Phase 2, Part 2! In May, I got selected as a Google Summer of Code student for Debian again! \o/
I am working on the Upstream-Downstream Cooperation in Ruby project. The first three blogs can be found here:

• GSoC Phase 1 (part 1).
• GSoC Phase 1 (part 2).
• GSoC Phase 2 (part 1).
• And this is GSoC Phase 2 (part 2).

Also, I log daily updates at gsocwithutkarsh2102.tk. Whilst the daily updates are available at the above site^, I ll breakdown the important parts of the later half of the second month here:

• Marc Andre, very kindly, helped in fixing the specs that were failing earlier this month. Well, the problem was with the specs, but I am still confused how so. Anyway..
• Finished documentation of the second cop and marked the PR as ready to be reviewed.
• David reviewed and suggested some really good changes and I fixed/tweaked that PR as per his suggestion to finally finish the last bits of the second cop, RelativeRequireToLib.
• Merged the PR upon two approvals and released it as v0.2.0!
• We had our next weekly meeting where we discussed the next steps and the things that are supposed to be done for the next set of cops.
• Introduced rubocop-packaging to the outer world and requested other upstream projects to use it! It is being used by 13 other projects already!
• Started to work on packaging-style-guide but I didn t push anything to the public repository yet.
• Worked on refactoring the cops_documentation Rake task which was broken by the new auto-corrector API. Opened PR #7 for it. It ll be merged after the next RuboCop release as it uses CopsDocumentationGenerator class from the master branch.
• Whilst working on autoprefixer-rails, I found something unusual. The second cop shouldn t really report offenses if the require_relative calls are from lib to lib itself. This is a false-positive. Opened issue #8 for the same.

---

Continuation of GSoC for other Ruby related stuff!

Whilst working on rubocop-packaging, I contributed to more Ruby projects, refactoring their library a little bit and mostly fixing RuboCop issues and fixing issues that the Packaging extension reports as offensive .
Following are the PRs that I raised:

• PR #175 for gir_ffi to drop git ls-files in gemspec.
• PR #3791 for rubygems/bundler to remove redundant bundler/setup require call from spec_helper generated by bundle gem.
• PR #2307 for puma to constrain rake-compiler to v0.9.4.
• PR #476 for cucumber-rails to drop git ls-files in gemspec.
• PR #721 for aruba to drop git ls-files in gemspec.
• PR #89 for wasabi to drop git ls-files in gemspec.
• PR #24 for ed25519 to fix RuboCop warning and offenses.
• PR #25 for ed25519 to drop git ls-files in gemspec.
• PR #59 for ISO8601 to drop git ls-files in gemspec.
• PR #60 for ISO8601 to fix other RuboCop offenses.
• PR #61 for ISO8601 to (minor) refactor the library.
• PR #580 for sup to drop git ls-files in gemspec.
• PR #166 for autoprefixer-rails to use RuboCop to enhance some bits of code.
• PR #167 for autoprefixer-rails to fix remaining RuboCop warning and offenses.
• PR #169 for autoprefixer-rails to do some minor refactoring.
• PR #170 for autoprefixer-rails to drop git ls-files in gemspec.

---

Debian (E)LTS

Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success. And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support). This was my tenth month as a Debian LTS and my first as a Debian ELTS paid contributor.
I was assigned 25.25 hours for LTS and 13.25 hours for ELTS and worked on the following things:

LTS CVE Fixes and Announcements:

• Issued DLA 2269-1, fixing CVE-2020-4046, CVE-2020-4047, CVE-2020-4048, CVE-2020-4049, and CVE-2020-4050, for wordpress.
  For Debian 8 Jessie, these problems have been fixed in version 4.1.31+dfsg-0+deb8u1.
• Issued DLA 2270-1, fixing CVE-2020-14060, CVE-2020-14061, CVE-2020-14062, and CVE-2020-14195, for jackson-databind.
  For Debian 8 Jessie, these problems have been fixed in version 2.4.2-2+deb8u15.
• Issued DLA 2271-1, fixing CVE-2020-4067, for coturn.
  For Debian 8 Jessie, this problem has been fixed in version 4.2.1.2-1+deb8u2.
• Issued DLA 2275-1, fixing CVE-2020-8161 and CVE-2020-8184, for ruby-rack.
  For Debian 9 Stretch, these problems have been fixed in version 1.6.4-4+deb9u2.
• Issued DLA 2276-1, fixing CVE-2020-12108 and CVE-2020-15011, for mailman.
  For Debian 9 Stretch, these problems have been fixed in version 1:2.1.23-1+deb9u6.
• Issued DLA 2277-1, fixing CVE-2019-12973, CVE-2020-6851, CVE-2020-8112, and CVE-2020-15389, for openjpeg2.
  For Debian 9 Stretch, these problems have been fixed in version 2.1.2-1.1+deb9u5.
• Issued DLA 2288-1, fixing CVE-2017-9503, CVE-2019-12068, CVE-2019-20382, CVE-2020-1983, CVE-2020-8608, CVE-2020-10756, CVE-2020-13361, CVE-2020-13362, CVE-2020-13659, CVE-2020-13754, CVE-2020-13765, and CVE-2020-15863, for qemu. This was mostly worked upon by the maintainer, Michael.
  For Debian 9 Stretch, these problems have been fixed in version 1:2.8+dfsg-6+deb9u10.

ELTS CVE Fixes and Announcements:

• Issued ELA 240-1, fixing CVE-2020-12695, for wpa.
  For Debian 8 Jessie, these problems have been fixed in version 2.3-1+deb8u11.
• Issued ELA 241-1, fixing CVE-2020-15389, for openjpeg2.
  For Debian 8 Jessie, these problems have been fixed in version 2.1.0-2+deb8u11.
• Issued ELA 249-1, fixing CVE-2020-13659 and CVE-2020-15863, for qemu.
  For Debian 8 Jessie, these problems have been fixed in version 1:2.1+dfsg-12+deb8u16.

Other (E)LTS Work:

• Did my LTS frontdesk duty from 29th June to 5th July.
• Triaged qemu, firefox-esr, wordpress, libmediainfo, squirrelmail, xen, openjpeg2, samba, and ldb.
• Mark CVE-2020-15395/libmediainfo as no-dsa for Jessie.
• Mark CVE-2020-13754/qemu as no-dsa/intrusive for Stretch and Jessie.
• Mark CVE-2020-12829/qemu as no-dsa for Jessie.
• Mark CVE-2020-10756/qemu as not-affected for Jessie.
• Mark CVE-2020-13253/qemu as postponed for Jessie.
• Drop squirrelmail and xen for Stretch LTS.
• Add notes for tomcat8, shiro, and cacti to take care of the Stretch issues.
• Emailed team@security.d.o and debian-lts@l.d.o regarding possible clashes.
• Maintenance of LTS Survey on the self-hosted LimeSurvey instance. Received 1765 (just wow!) responses.
• Attended the fourth LTS meeting. MOM here.
• General discussion on LTS private and public mailing list.

---

Other(s)

Sometimes it gets hard to categorize work/things into a particular category.
That s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.

Personal: This month I did the following things:

• Released v0.2.0 of rubocop-packaging on RubyGems!
  It s open-sourced and the repository is here.
  Bug reports and pull requests are welcomed!
• Released v0.1.0 of get_root on RubyGems!
  It s open-sourced and the repository is here.
• Wrote max-word-frequency, my Rails C1M2 programming assignment.
  And made it pretty neater & cleaner!
• Refactored my lts-dla and elts-ela scripts entirely and wrote them in Ruby so that there are no issues and no false-positives!
  Check lts-dla here and elts-ela here.
• And finally, built my first Rails (mini) web-application!
  The repository is here. This was also a programming assignment (C1M3).
  And furthermore, hosted it at Heroku.

Open Source: Again, this contains all the things that I couldn t categorize earlier.
Opened several issues and PRs:

• Issue #8273 against rubocop, reporting a false-positive auto-correct for Style/WhileUntilModifier.
• Issue #615 against http reporting a weird behavior of a flaky test.
• PR #3791 for rubygems/bundler to remove redundant bundler/setup require call from spec_helper generated by bundle gem.
• Issue #3831 against rubygems, reporting a traceback of undefined method, rubyforge_project=.
• Issue #238 against nheko asking for enhancement in showing the font name in the very font itself.
• PR #2307 for puma to constrain rake-compiler to v0.9.4.
• And finally, I joined the Cucumber organization! \o/

---

Thank you for sticking along for so long :) Until next time.
:wq for today.

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

• purple-discord: cleanups (1 2)
• psqlodbc: fix test build failure
• ifenslave fix variable lookup, cleanups (1 2 3 4 5 6 7)
• dak: cleanup
• dh-make: typo (1 2)
• Debian QA services: fix lintian link
• Debian BTS usertags: correct some incorrectly named users
• Debian usertags QA: fix argument order, correct more error classes
• Debian package uploads: ifenslave, java-gnome, purple-discord
• Debian wiki pages: ath9k_htc/open_firmware, AtiHowTo, DebConf/20/Tshirts, DebianEdu/GetACopy, DeveloperNews, LocalGroups, LTS/Meetings, MemberBenefits, Ports, PrivacyIssues (1 2), Salsa/Doc, ShayanDoust, SourceOnlyUpload, SystemBuildTools, UltimateDebianDatabase/UsedInDebianInfrastructure
• FOSSjobs wiki pages: resources

Issues

• Crashes in webdl (reported privately)
• Deprecated API usage in github-backup
• Features in gtranscribe, hw-probe (1, 2), calamares, incoming.debian.org, reportbug (1 2 3), Firefox, piuparts.debian.org
• Incorrect dependencies in libextractor (1 2), libjpeg-turbo
• Comparison failure in diffoscope
• Warnings in samba Python modules, automake, gtranscribe, hachoir
• Underlinking in libnetsnmptrapd.so, libvpf.so, xserver-xorg-video-intel
• MUA handling issues in reportbug (1 2)
• Importing into a VCS needed for Debian base-files
• Compatibility issue in dnssec-trigger
• Description issue in unp
• Broken link in brz
• Broken functionality in bzr

Review

• Spam: reported 182 Debian mailing list posts
• Debian packages: sponsored iotop, iotop-c
• Debian wiki: RecentChanges for the month
• Debian screenshots:
  • approved adequate anki aoflagger canadian-ham-exam carmetal connman-gtk dmagnetic emacs emacs-gtk gazebo gchempaint gcompris-qt gcu-bin goldendict gresistor gtklick gztool iotop-c jack-keyboard kalgebra kalzium khangman kstars lilyterm logisim mediawiki nyx optgeo osdlyrics parley python-treetime qalculate-gtk qelectrotech simulide solvespace step taptempo theli util-linux xgterm ximtool xwallpaper
  • rejected autotalent (not the package), bart (logo), mumble-server (client UI), hpcc (not a screenshot)
  • approved deletion of theli (replacing incorrect screenshot)
  • rejected deletion of gnome-bluetooth/aptitude/torbrowser-launcher (unintelligible), phpbb3/hashcat/onboard/kcharselect (spam), various packages (not the place to report abuse), vim (not the place to send kudos)

Administration

• Debian wiki: unblock IP addresses, approve accounts, reset email addresses

Communication

• Initiate discussion about browsers, webmail and mailto:
• Respond to queries from Debian users and developers on the mailing lists and IRC

Sponsors The purple-discord, ifenslave and psqlodbc work was sponsored by my employer. All other work was done on a volunteer basis.

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

• nsntrace: cleanups (1 2 3 4 5)
• Tails: cleanup (sent privately)
• apt-offline: cleanups (1 2 3 4 5 6 7 8 9 10 11), fix keyring filename handling, make keyring error more useful, fix apt lists files permissions, fix changelog line copying
• puppet-git-hooks: less generic script naming
• DUCK: fix source code link, orphan package, fix typos, packaging cleanup (1 2 3 4 5), add obsolete site and phrases indicating shutdown, redirects
• myrepos: cleanup (1 2 3 4 5 6)
• check-all-the-things: Python 3 porting (1 2 3)
• debian-goodies: cleanup, fix equivs-build usage, print dbgsym install command
• lintian: add tigris.org to obsolete sites
• spelling dictionaries: codespell (1 2 3 4), lintian (1 2 3 4 5 6)
• DSA puppet git hook: drop leading spaces check, ignore ruby warnings
• DSA puppet: cleanups (1 2)
• Debian build log scanner: update links, fix typos
• Debian QA services: update SSH IP addresses, add usertags typo fixes (1 2)
• Debian user database: fix lat/lon parsing
• Debian package uploads: libfile-libmagic-perl (1 2)
• Debian wiki pages: AutomaticBuildLogProcessing, Brasil/Traduzir/DDTP, DebianEvents/Internet/2020/MiniDebConfOnline/Videos, DebianLocations, es/Webcam/Viejas_camaras_WEB, Firmware/Open, IRC/DpkgBot, IRC/GivingBetterHelp, packages-schroot, PrivacyIssues, ReleaseGoals/VerboseBuilds, Services/DebianSources, SoundConfiguration, sway, SystemBuildTools, Teams (Publicity/ReleasePointAnnouncements, RTC), UnifiedCommunications/DebianDevelopers/UserGuide, WebcamPixart
• myrepos wiki pages: index
• ShellCheck wiki pages: Directive
• FOSSJobs wiki: resources

Issues

• Crashes in dbus/libnss-systemd (1 2), pavucontrol, vlc-plugin-bittorrent
• Permissions issue in update-alternatives (reported on IRC)
• Bogus output in dpkg-parsechangelog (reported on IRC)
• False positives in anorack
• Command name conflict in gitsome
• Python 3 support needed in git-imerge
• Incorrect dependencies in python3-lxml
• Wayland issues in ssh-agent
• Warnings in tweeper
• Features in shellcheck, browserpass, lintian (1 2), diffoscope
• Documentation needed in webext-browserpass
• Description update needed in vagrant
• Inflated severity in shellcheck
• Incorrect behaviour in dch

Review

• Spam: reported 193 Debian mailing list posts
• Debian packages: reviewed and sponsored acr, tudu, duck
• Debian wiki: RecentChanges for the month
• Debian screenshots:
  • approved amiwm dino-im elisa five-or-more fonts-cherrybomb fonts-terminus four-in-a-row gargoyle-free gnome gnome-chess gnome-games gnome-klotski gnome-mahjongg gnome-mines gnome-nibbles gnome-robots gnome-sudoku gnome-taquin gnome-tetravex gv hitori i3-wm iagno inxi lightsoff mate-utils neovim notcurses-bin pacvim quadrapassel radare2-cutter saga swell-foop systemd tali ubuntu-desktop vokoscreen-ng w9wm xfce4-panel xless xpdf
  • rejected saga (Windows screenshot), lightdm (upstream screenshot)
  • approved deletion of muttprint (not a screenshot), virt-manager (non-original, contains logo)
  • rejected deletion of tint/fonts-oflb-euterpe/acm (junk reason), jwm/xbubble (spam)

Administration

• nsntrace: talk to upstream about collaborative maintenance
• Debian: deploy changes, debug issue with GPS markers file generation, migrate bls/DUCK from alioth-archive to salsa
• Debian website: ran map cron job, synced mirrors
• Debian wiki: approve accounts, ping folks with bouncing email

Communication

• Initiate discussions about reopening bugs for reintroduced packages, integration between apt-listchanges/apt-offline (sent privately)

Sponsors The apt-offline work and the libfile-libmagic-perl backports were sponsored. All other work was done on a volunteer basis.

• KASan support for vmap memory expands KASan s features to include analysis of memory allocated with vmalloc(). More specifically, this means KASan can examine the stack again, since it can be in that region since CONFIG_VMAP_STACK was introduced.
• MIPS can build with GCC plugins and KCOV now, providing those systems with the associated features like stack wiping, coverage analysis, etc.
• userfaultfd requires CAP_SYS_PTRACE for UFFD_FEATURE_EVENT_FORK. This was done to block unprivileged users from abusing the userfaultfd feature, as it is implemented in a way that provides the ability to inject file descriptors into unsuspecting processes.

2020, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Converting a PDF to DjVu The best solution I found makes use of a different file format: .djvu Such files are not PDFs, but can still be opened in Evince and Okular, as well as in the dedicated DjVuLibre application. As an example, I was unable to print page 11 of this paper. Using pdfinfo, I found that it is in PDF 1.5 format and so the transparency effects could be the cause of the out-of-memory printer error. Here's how I converted it to a high-quality DjVu file I could print without problems using Evince:

pdf2djvu -d 1200 2002.04049.pdf > 2002.04049-1200dpi.djvu

Converting a PDF to PDF 1.3 I also tried the DjVu trick on a different unprintable PDF, but it failed to print, even after lowering the resolution to 600dpi:

pdf2djvu -d 600 dow-faq_v1.1.pdf > dow-faq_v1.1-600dpi.djvu

In this case, I used a different technique and simply converted the PDF to version 1.3 (from version 1.6 according to pdfinfo):

ps2pdf13 -r1200x1200 dow-faq_v1.1.pdf dow-faq_v1.1-1200dpi.pdf

This eliminates the problematic transparency and rasterizes the elements that version 1.3 doesn't support.

• Accept any background images
• Suppot choose camera device
• Useful UI

deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other-deps/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/frameworks/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/plasma/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/apps/Debian_Unstable/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other/Debian_Unstable/ ./

deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other-deps/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/frameworks/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/plasma/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/apps/Debian_Testing/ ./
deb https://download.opensuse.org/repositories/home:/npreining:/debian-kde:/other/Debian_Testing/ ./

• other-deps mostly backports from experimental that are necessary for building KDE Apps 20.04
• frameworks the KDE frameworks, currently version 5.69
• plasma the Plasma packages, currently 5.18.4.1
• apps the KDE Apps, currently 20.04
• other other apps that need rebuild, currently only digikam (but that in the latest beta3 released a few days ago)