Here s my (eighteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 27th month of active contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
This month was a bit exhausting; lots of moving parts. With the financial year ending, it was even more crazy, with me running around to banks, CA, et al.
Anyway, with now working on Ubuntu full-time, I did little of Debian this month. Here are the following things I worked on:
Filed bug #985314 against asterisk (systemd misconfiguration) and added a patch as well.
Filed bug #985421 against at (add DEP8 tests) and added a patch as well.
Other $things:
Attended the Debian LTS team meeting.
Mentoring for newcomers.
Moderation of -project mailing list.
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my eighteenth month as a Debian LTS and ninth month as a Debian ELTS paid contributor.
I was assigned 60.00 hours for LTS and 39.00 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2580-1, fixing CVE-2021-21311, for adminer.
For Debian 9 stretch, these problems have been fixed in version 4.2.5-3+deb9u2.
Issued DLA 2581-1, fixing CVE-2021-27803, for wpa.
For Debian 9 stretch, these problems have been fixed in version 2:2.4-1+deb9u9.
Issued DLA 2585-1, fixing CVE-2020-13848, for libupnp.
For Debian 9 stretch, these problems have been fixed in version 1:1.6.19+git20160116-1.2+deb9u1.
Issued DLA 2589-2, fixing regression caused by DLA 2589-1, for mupdf.
For Debian 9 stretch, these problems have been fixed in version 1.9a+ds1-4+deb9u7.
Issued DLA 2598-1, fixing CVE-2020-25097, for squid3.
For Debian 9 stretch, these problems have been fixed in version 3.5.23-5+deb9u6.
Marked CVE-2021-21330/python-aiohttp as not-affected for stretch.
Marked CVE-2021-20233, CVE-2021-20225, CVE-2020-27779, CVE-2020-27778, CVE-2020-27749, CVE-2020-27748, CVE-2020-25647, CVE-2020-25632, CVE-2020-25631, and CVE-2020-14372, affecting grub2, as ignored for stretch and jessie.
Marked CVE-2020-27842/openjpeg2 as no-dsa for jessie.
Marked CVE-2020-27843/openjpeg2 as no-dsa for jessie.
Marked CVE-2021-28041/openssh as not-affect for jessie.
Marked CVE-2020-3552 3,4 /tiff as no-dsa for jessie.
Marked CVE-2021-20201/spice as no-dsa for jessie.
Marked CVE-2020-11988/xmlgraphics-commons as postponed for jessie.
Marked CVE-2020-11987/batik as postponed for jessie.
Marked CVE-2020-12695/libupnp as no-dsa for stretch.
Marked CVE-2021-25122/tomcat7 as not-affected for stretch.
Marked CVE-2021-25329/tomcat7 as ignored for stretch.
Marked CVE-2021-28116/squid3 as postponed for stretch and jessie.
Marked CVE-2021-3449/openssl as not-affected for stretch.
Document extra notes for grub2 for LTS and co-ordinate with the sec-team.
Document extra notes for pillow about piled-up issues in jessie.
Issued DLA-2593-1 for ca-certificates on Microsoft s request; co-ordinating w/ them.
Co-ordinating w/ maintainer of courier-authlib for stretch and jessie update.
Fixing build failures of ELTS security tracker and re-ordering entries in data/CVE-EXTENDED-LTS/list file.
Answer queries of dupondje and mikap about openssl on IRC; and it being not-affected for stretch.
Help review the status of CVE-2021-3121/golang-github-gogo-protobuf-dev for Ola.
Co-ordinating w/ Noah for cloud-init and setuptools.
Auto EOL ed mongodb, linux, guacamole-client, node-xmlhttprequest, newlib, neutron, privoxy, glpi, and zabbix for jessie.
Attended monthly meeting for Debian LTS.
Answered questions (& discussions) on IRC (#debian-lts and #debian-elts).
Review: The Lion, the Witch and the Wardrobe, by C.S. Lewis
Illustrator:
Pauline Baynes
Series:
Chronicles of Narnia #1
Publisher:
Collier Books
Copyright:
1950
Printing:
1978
ISBN:
0-02-044220-3
Format:
Mass market
Pages:
186
Although it's been more than 20 years since I last read it, I believe I
have read The Lion, the Witch and the Wardrobe more times than any
other book. The count is certainly in double digits. As you might guess,
I also have strong opinions about it, some of which are unorthodox, and
I've been threatening to write this review for years. It seemed a fitting
choice for my 1000th review.
There is quite a lot that can and has been said about this book and this
series, and this review is already going to be much too long, so I'm only
going to say a fraction of it. I'm going to focus on my personal
reactions as someone raised a white evangelical Christian but no longer
part of that faith, and the role this book played in my religion. I'm not
going to talk much about some of its flaws, particularly Lewis's treatment
of race and gender. This is not because I don't agree they're there, but
only that I don't have much to say that isn't covered far better in other
places.
Unlike my other reviews, this one will contain major spoilers. If you
have managed to remain unspoiled for a 70-year-old novel that spawned
multiple movies and became part of the shared culture of evangelical
Christianity, and want to stay that way, I'll warn you in ALL CAPS when
it's time to go. But first, a few non-spoiler notes.
First, reading order. Most modern publications of The Chronicles of
Narnia will list The Magician's Nephew as the first book. This
follows internal chronological order and is at C.S. Lewis's request.
However, I think Lewis was wrong. You should read this series in original
publication order, starting with The Lion, the Witch and the
Wardrobe (which I'm going to abbreviate as TLtWatW like everyone
else who writes about it).
I will caveat this by saying that I have a bias towards reading books in
the order an author wrote them because I like seeing the development of
the author's view of their work, and I love books that jump back in time
and fill in background, so your experience may vary. But the problem I
see with the revised publication order is that The Magician's
Nephew explains the origins of Narnia and, thus, many of the odd
mysteries of TLtWatW that Lewis intended to be mysterious. Reading
it first damages both books, like watching a slow-motion how-to video for
a magic trick before ever seeing it performed. The reader is not primed
to care about the things The Magician's Nephew is explaining, which
makes it less interesting. And the bits of unexpected magic and mystery
in TLtWatW that give it so much charm (and which it needs, given
the thinness of the plot) are already explained away and lose appeal
because of it.
I have read this series repeatedly in both internal chronological order
and in original publication order. I have even read it in strict
chronological order, wherein one pauses halfway through the last chapter
of TLtWatW to read The Horse and His Boy before returning.
I think original publication order is the best. (The Horse and His
Boy is a side story and it doesn't matter that much where you read it as
long as you read it after TLtWatW. For this re-read, I will follow
original publication order and read it fifth.)
Second, allegory.
The common understanding of TLtWatW is that it's a Christian
allegory for children, often provoking irritated reactions from readers
who enjoyed the story on its own terms and later discovered all of the
religion beneath it. I think this view partly misunderstands how Lewis
thought about the world and there is a more interesting way of looking at
the book. I'm not as dogmatic about this as I used to be; if you want to
read it as an allegory, there are plenty of carefully crafted parallels to
the gospels to support that reading. But here's my pitch for a different
reading.
To C.S. Lewis, the redemption of the world through the death of Jesus
Christ is as foundational a part of reality as gravity. He spent much of
his life writing about religion and Christianity in both fiction and
non-fiction, and this was the sort of thing he constantly thought about.
If somewhere there is another group of sentient creatures, Lewis's
theology says that they must fit into that narrative in some way. Either
they would have to be unfallen and thus not need redemption (roughly the
position taken by The Space Trilogy), or they would need their own
version of redemption. So yes, there are close parallels in Narnia to
events of the Christian Bible, but I think they can be read as speculating
how Christian salvation would play out in a separate creation with talking
animals, rather than an attempt to disguise Christianity in an allegory
for children. It's a subtle difference, but I think Narnia more an answer
to "how would Christ appear in this fantasy world?" than to "how do I get
children interested in the themes of Christianity?", although certainly
both are in play.
Put more bluntly, where other people see allegory, I see the further
adventures of Jesus Christ as an anthropomorphic lion, which in my opinion
is an altogether more delightful way to read the books.
So much for the preamble; on to the book.
The Pevensie kids, Peter, Susan, Edmund, and Lucy, have been evacuated to
a huge old house in the country due to the air raids (setting this book
during World War II, something that is passed over with barely a mention
and not a hint of trauma in a way that a modern book would never do).
While exploring this house, which despite the scant description is still
stuck in my mind as the canonical huge country home, Lucy steps into a
wardrobe because she wants to feel the fur of the coats. Much to her
surprise, the wardrobe appears not to have a back, and she finds herself
eventually stepping into a snow-covered pine forest where she meets a Fawn
named Mr. Tumnus by an unlikely lamp-post.
MAJOR SPOILERS BELOW, so if you don't want to see those, here's
your cue to stop reading.
Two things surprised me when re-reading TLtWatW. The first, which
I remember surprising me every time I read it, is how far into this (very
short) book one has to go before the plot kicks into gear. It's not until
"What Happened After Dinner" more than a third in that we learn much of
substance about Narnia, and not until "The Spell Begins to Break" halfway
through the book that things start to happen. The early chapters are
concerned primarily with the unreliability of the wardrobe portal, with a
couple of early and brief excursions by Edmund and Lucy, and with Edmund
being absolutely awful to Lucy.
The second thing that surprised me is how little of what happens is driven
by the kids. The second half of TLtWatW is about the fight between
Aslan and the White Witch, but this fight was not set off by the children
and their decisions don't shape it in any significant way. They're
primarily bystanders; the few times they take action, it's either
off-camera or they're told explicitly what to do. The arguable exception
is Edmund, who provides the justification for the final conflict, but he
functions more as plot device than as a character with much agency. When
that is combined with how much of the story is also on rails via its need
to recapitulate part of the gospels (more on that in a moment), it makes
the plot feel astonishingly thin and simple.
Edmund is the one protagonist who gets to make some decisions, all of them
bad. As a kid, I hated reading these parts because Edmund is an ass, the
White Witch is obviously evil, and everyone knows not to eat the food.
Re-reading now, I have more appreciation for how Lewis shows Edmund's
slide into treachery. He starts teasing Lucy because he thinks it's funny
(even though it's not), has a moment when he realizes he was wrong and
almost apologizes, but then decides to blame his discomfort on the victim.
From that point, he is caught, with some help from the White Witch's
magic, in a spiral of doubling down on his previous cruelty and then
feeling unfairly attacked. Breaking the cycle is beyond him because it
would require admitting just how badly he behaved and, worse, that he was
wrong and his little sister was right. He instead tries to justify
himself by spreading poisonous bits of doubt, and looks for reasons to
believe the friends of the other children are untrustworthy. It's
simplistic, to be sure, but it's such a good model of how people slide
into believing conspiracy theories and joining hate groups. The
Republican Party is currently drowning in Edmunds.
That said, Lewis does one disturbing thing with Edmund that leaped out on
re-reading. Everyone in this book has a reaction when Aslan's name is
mentioned. For the other three kids, that reaction is awe or delight.
For Edmund, it's mysterious horror.
I know where Lewis is getting this from, but this is a nasty theological
trap. One of the problems that religion should confront directly is
criticism that questions the moral foundations of that religion. If one
postulates that those who have thrown in with some version of the Devil
have an instinctual revulsion for God, it's a free intellectual dodge.
Valid moral criticism can be hand-waved away as Edmund's horrified
reaction to Aslan: a sign of Edmund's guilt, rather than a possible flaw
to consider seriously. It's also, needless to say, not the effect you
would expect from a god who wants universal salvation! But this is only
an odd side note, and once Edmund is rescued it's never mentioned again.
This brings us to Aslan himself, the Great Lion, and to the heart of why I
think this book and series are so popular. In reinterpreting Christianity
for the world of Narnia, Lewis created a far more satisfying and relatable
god than Jesus Christ, particularly for kids.
I'm not sure I can describe, for someone who didn't grow up in that faith,
how central the idea of a personal relationship with Jesus is to
evangelical Christianity. It's more than a theological principle; it's
the standard by which one's faith is judged. And it is very difficult for
a kid to mentally bootstrap themselves into a feeling of a personal
relationship with a radical preacher from 2000 years ago who spoke in
gnomic parables about subtle points of adult theology. It's hard enough
for adults with theological training to understand what that phrase is
intended to mean. For kids, you may as well tell them they have a
personal relationship with Aristotle.
But a giant, awe-inspiring lion with understanding eyes, a roar like
thunder, and a warm mane that you can bury your fingers into? A lion who
sacrifices himself for your brother, who can be comforted and who comforts
you in turn, and who makes a glorious surprise return? That's the
kind of god with which one can imagine having a personal relationship.
Aslan felt physical and embodied and present in the imagination in a way
that Jesus never did.
I am certain I was not the only Christian kid for whom Aslan was much more
viscerally real than Jesus, and who had a tendency to mentally substitute
Aslan for Jesus in most thoughts about religion.
I am getting ahead of myself a bit because this is a review of
TLtWatW and not of the whole series, and Aslan in this book is
still a partly unformed idea. He's much more mundanely present here than
he is later, more of a field general than a god, and there are some bits
that are just wrong (like him clapping his paws together). But the scenes
with Susan and Lucy, the night at the Stone Table and the rescue of the
statues afterwards, remain my absolute favorite parts of this book and
some of the best bits of the whole series. They strike just the right
balance of sadness, awe, despair, and delight.
The image of a lion also lets Lewis show joy in a relatable way. Aslan
plays, he runs, he wrestles with the kids, he thrills in the victory over
evil just as much as Susan and Lucy do, and he is clearly having the time
of his life turning people back to flesh from stone. The combination of
translation, different conventions, and historical distance means the
Bible has none of this for the modern reader, and while people have tried
to layer it on with Bible stories for kids, none of them (and I read a
lot of them) capture anything close to the sheer joy of this story.
The trade-off Lewis makes for that immediacy is that Aslan is a wonderful
god, but TLtWatW has very little religion. Lewis can
have his characters interact with Aslan directly, which reduces the need
for abstract theology and difficult questions of how to know God's will.
But even when theology is unavoidable, this book doesn't ask for the type
of belief that Christianity demands.
For example, there is a crucifixion parallel, because in Lewis's world
view there would have to be. That means Lewis has to deal with
substitutionary atonement (the belief that Christ died for the sins of the
world), which is one of the hardest parts of Christianity to justify. How
he does this is fascinating.
The Narnian equivalent is the Deep Magic, which says that the lives of all
traitors belong to the White Witch. If she is ever denied a life, Narnia
will be destroyed by fire and water. The Witch demands Edmund's life,
which sets up Aslan to volunteer to be sacrificed in Edmund's place. This
triggers the Deeper Magic that she did not know about, freeing Narnia from
her power.
You may have noticed the card that Lewis is palming, and to give him
credit, so do the kids, leading to this exchange when the White Witch is
still demanding Edmund:
"Oh, Aslan!" whispered Susan in the Lion's ear, "can't we I mean,
you won't, will you? Can't we do something about the Deep Magic?
Isn't there something you can work against it?"
"Work against the Emperor's magic?" said Aslan, turning to her with
something like a frown on his face. And nobody ever made that
suggestion to him again.
The problem with substitutionary atonement is why would a supposedly
benevolent god create such a morally abhorrent rule in the first place?
And Lewis totally punts. Susan is simply not allowed to ask the question.
Lewis does try to tackle this problem elsewhere in his apologetics for
adults (without, in my opinion, much success). But here it's just a part
of the laws of this universe, which all of the characters, including
Aslan, have to work within.
That leads to another interesting point of theology, which is that if you
didn't already know about the Christian doctrine of the trinity, you would
never guess it from this book. The Emperor-Beyond-the-Sea and Aslan are
clearly separate characters, with Aslan below the Emperor in the pantheon.
This makes rules like the above work out more smoothly than they do in
Christianity because Aslan is bound by the Emperor's rules and the Emperor
is inscrutable and not present in the story. (The Holy Spirit is Deity
Not-appearing-in-this-book, but to be fair to Lewis, that's largely true
of the Bible as well.)
What all this means is that Aslan's death is presented straightforwardly
as a magic spell. It works because Aslan has the deepest understanding of
the fixed laws of the Emperor's magic, and it looks nothing like what we
normally think of as religion. Faith is not that important in this book
because Aslan is physically present, so it doesn't require any faith for
the children to believe he exists. (The Beavers, who believed in him from
prophecy without having seen him, are another matter, but this book never
talks about that.) The structure of religion is therefore remarkably
absent despite the story's Christian parallels. All that's expected of
the kids is the normal moral virtues of loyalty and courage and opposition
to cruelty.
I have read this book so many times that I've scrutinized every word, so I
have to resist the temptation to dig into every nook and cranny: the
beautiful description of spring, the weird insertion of Lilith as Adam's
first wife, how the controversial appearance of Santa Claus in this book
reveals Lewis's love of Platonic ideals... the list is endless, and the
review is already much longer than normal. But I never get to talk about
book endings in reviews, so one more indulgence.
The best thing that can be said about the ending of TLtWatW is that
it is partly redeemed by the start of Prince Caspian. Other than
that, the last chapter of this book has always been one of my least
favorite parts of The Chronicles of Narnia.
For those who haven't read it (and who by this point clearly don't mind
spoilers), the four kids are immediately and improbably crowned Kings and
Queens of Narnia. Apparently, to answer the Professor from earlier in the
book, ruling magical kingdoms is what they were teaching in those schools?
They then spend years in Narnia, never apparently giving a second thought
to their parents (you know, the ones who are caught up in World War II,
which prompted the evacuation of the kids to the country in the first
place). This, for some reason, leaves them talking like medieval
literature, which may be moderately funny if you read their dialogue in
silly voices to a five-year-old and is otherwise kind of tedious.
Finally, in a hunt for the white stag, they stumble across the wardrobe
and tumble back into their own world, where they are children again and
not a moment has passed.
I will give Lewis credit for not doing a full reset and having the kids
not remember anything, which is possibly my least favorite trope in
fiction. But this is almost as bad. If the kids returned immediately,
that would make sense. If they stayed in Narnia until they died, that
arguably would also make sense (their poor parents!). But growing up in
Narnia and then returning as if nothing happened doesn't work. Do they
remember all of their skills? How do you readjust to going to school
after you've lived a life as a medieval Queen? Do they remember any of
their friends after fifteen years in Narnia? Argh. It's a very
"adventures are over, now time for bed" sort of ending, although the next
book does try to patch some of this up.
As a single book taken on its own terms, TLtWatW is weirdly slight,
disjointed, and hits almost none of the beats that one would expect from a
children's novel. What saves it is a sense of delight and joy that
suffuses the descriptions of Narnia, even when locked in endless winter,
and Aslan. The plot is full of holes, the role of the children in that
plot makes no sense, and Santa Claus literally shows up in the middle of
the story to hand out plot devices and make an incredibly sexist statement
about war. And yet, I memorized every gift the children received as a
kid, I can still feel the coziness of the Beaver's home while Mr. Beaver
is explaining prophecy, and the night at the Stone Table remains ten times
more emotionally effective for me than the description of the analogous
event in the Bible.
And, of course, there's Aslan.
"Safe?" said Mr. Beaver. "Don't you hear what Mrs. Beaver tells you?
Who said anything about safe? 'Course he isn't safe. But he's good.
He's the king, I tell you."
Aslan is not a tame lion, to use the phrase that echos through this
series. That, I think, is the key to the god that I find the most
memorable in all of fantasy literature, even in this awkward, flawed, and
decidedly strange introduction.
Followed by Prince Caspian, in which the children return to a
much-changed Narnia. Lewis has gotten most of the obligatory cosmological
beats out of the way in this book, so subsequent books can tell more
conventional stories.
Rating: 7 out of 10
I won't reveal precisely how many books I read in 2020, but it was definitely an improvement on 74 in 2019, 53 in 2018 and 50 in 2017. But not only did I read more in a quantitative sense, the quality seemed higher as well. There were certainly fewer disappointments: given its cultural resonance, I was nonplussed by Nick Hornby's Fever Pitch and whilst Ian Fleming's The Man with the Golden Gun was a little thin (again, given the obvious influence of the Bond franchise) the booked lacked 'thinness' in a way that made it interesting to critique. The weakest novel I read this year was probably J. M. Berger's Optimal, but even this hybrid of Ready Player One late-period Black Mirror wasn't that cringeworthy, all things considered. Alas, graphic novels continue to not quite be my thing, I'm afraid.
I perhaps experienced more disappointments in the non-fiction section. Paul Bloom's Against Empathy was frustrating, particularly in that it expended unnecessary energy battling its misleading title and accepted terminology, and it could so easily have been an 20-minute video essay instead). (Elsewhere in the social sciences, David and Goliath will likely be the last Malcolm Gladwell book I voluntarily read.) After so many positive citations, I was also more than a little underwhelmed by Shoshana Zuboff's The Age of Surveillance Capitalism, and after Ryan Holiday's manyengagingreboots of Stoic philosophy, his Conspiracy (on Peter Thiel and Hulk Hogan taking on Gawker) was slightly wide of the mark for me.
Anyway, here follows a selection of my favourites from 2020, in no particular order:
Fiction
Wolf Hall & Bring Up the Bodies & The Mirror and the LightHilary Mantel
During the early weeks of 2020, I re-read the first two parts of Hilary Mantel's Thomas Cromwell trilogy in time for the March release of The Mirror and the Light. I had actually spent the last few years eagerly following any news of the final instalment, feigning outrage whenever Mantel appeared to be spending time on other projects.
Wolf Hall turned out to be an even better book than I remembered, and when The Mirror and the Light finally landed at midnight on 5th March, I began in earnest the next morning. Note that date carefully; this was early 2020, and the book swiftly became something of a heavy-handed allegory about the world at the time. That is to say and without claiming that I am Monsieur Cromuel in any meaningful sense it was an uneasy experience to be reading about a man whose confident grasp on his world, friends and life was slipping beyond his control, and at least in Cromwell's case, was heading inexorably towards its denouement.
The final instalment in Mantel's trilogy is not perfect, and despite my love of her writing I would concur with the judges who decided against awarding her a third Booker Prize. For instance, there is something of the longueur that readers dislike in the second novel, although this might not be entirely Mantel's fault after all, the rise of the "ugly" Anne of Cleves and laborious trade negotiations for an uninspiring mineral (this is no Herbertian 'spice') will never match the court intrigues of Anne Boleyn, Jane Seymour and that man for all seasons, Thomas More. Still, I am already looking forward to returning to the verbal sparring between King Henry and Cromwell when I read the entire trilogy once again, tentatively planned for 2022.
The Fault in Our StarsJohn Green
I came across John Green's The Fault in Our Stars via a fantastic video by Lindsay Ellis discussing Roland Barthes famous 1967 essay on authorial intent. However, I might have eventually come across The Fault in Our Stars regardless, not because of Green's status as an internet celebrity of sorts but because I'm a complete sucker for this kind of emotionally-manipulative bildungsroman, likely due to reading Philip Pullman's His Dark Materials a few too many times in my teens.
Although its title is taken from Shakespeare's Julius Caesar, The Fault in Our Stars is actually more Romeo & Juliet. Hazel, a 16-year-old cancer patient falls in love with Gus, an equally ill teen from her cancer support group. Hazel and Gus share the same acerbic (and distinctly unteenage) wit and a love of books, centred around Hazel's obsession of An Imperial Affliction, a novel by the meta-fictional author Peter Van Houten. Through a kind of American version of Jim'll Fix It, Gus and Hazel go and visit Van Houten in Amsterdam.
I'm afraid it's even cheesier than I'm describing it. Yet just as there is a time and a place for Michelin stars and Haribo Starmix, there's surely a place for this kind of well-constructed but altogether maudlin literature. One test for emotionally manipulative works like this is how well it can mask its internal contradictions while Green's story focuses on the universalities of love, fate and the shortness of life (as do almost all of his works, it seems), The Fault in Our Stars manages to hide, for example, that this is an exceedingly favourable treatment of terminal illness that is only possible for the better off. The 2014 film adaptation does somewhat worse in peddling this fantasy (and has a much weaker treatment of the relationship between the teens' parents too, an underappreciated subtlety of the book).
The novel, however, is pretty slick stuff, and it is difficult to fault it for what it is. For some comparison, I later read Green's Looking for Alaska and Paper Towns which, as I mention, tug at many of the same strings, but they don't come together nearly as well as The Fault in Our Stars. James Joyce claimed that "sentimentality is unearned emotion", and in this respect, The Fault in Our Stars really does earn it.
The PlagueAlbert Camus
P. D. James' The Children of Men, George Orwell's Nineteen Eighty-Four, Arthur Koestler's Darkness at Noon ... dystopian fiction was already a theme of my reading in 2020, so given world events it was an inevitability that I would end up with Camus's novel about a plague that swept through the Algerian city of Oran.
Is The Plague an allegory about the Nazi occupation of France during World War Two? Where are all the female characters? Where are the Arab ones? Since its original publication in 1947, there's been so much written about The Plague that it's hard to say anything new today. Nevertheless, I was taken aback by how well it captured so much of the nuance of 2020. Whilst we were saying just how 'unprecedented' these times were, it was eerie how a novel written in the 1940s could accurately how many of us were feeling well over seventy years on later: the attitudes of the people; the confident declarations from the institutions; the misaligned conversations that led to accidental misunderstandings. The disconnected lovers.
The only thing that perhaps did not work for me in The Plague was the 'character' of the church. Although I could appreciate most of the allusion and metaphor, it was difficult for me to relate to the significance of Father Paneloux, particularly regarding his change of view on the doctrinal implications of the virus, and spoiler alert that he finally died of a "doubtful case" of the disease, beyond the idea that Paneloux's beliefs are in themselves "doubtful". Answers on a postcard, perhaps.
The Plague even seemed to predict how we, at least speaking of the UK, would react when the waves of the virus waxed and waned as well:
The disease stiffened and carried off three or four patients who were expected to recover. These were the unfortunates of the plague, those whom it killed when hope was high
It somehow captured the nostalgic yearning for high-definition videos of cities and public transport; one character even visits the completely deserted railway station in Oman simply to read the timetables on the wall.
Tinker, Tailor, Soldier, SpyJohn le Carr
There's absolutely none of the Mad Men glamour of James Bond in John le Carr 's icy world of Cold War spies:
Small, podgy, and at best middle-aged, Smiley was by appearance one of London's meek who do not inherit the earth. His legs were short, his gait anything but agile, his dress costly, ill-fitting, and extremely wet.
Almost a direct rebuttal to Ian Fleming's 007, Tinker, Tailor has broken-down cars, bad clothes, women with their own internal and external lives (!), pathetically primitive gadgets, and (contra Mad Men) hangovers that significantly longer than ten minutes. In fact, the main aspect that the mostly excellent 2011 film adaption doesn't really capture is the smoggy and run-down nature of 1970s London this is not your proto-Cool Britannia of Austin Powers or GTA:1969, the city is truly 'gritty' in the sense there is a thin film of dirt and grime on every surface imaginable.
Another angle that the film cannot capture well is just how purposefully the novel does not mention the United States. Despite the US obviously being the dominant power, the British vacillate between pretending it doesn't exist or implying its irrelevance to the matter at hand. This is no mistake on Le Carr 's part, as careful readers are rewarded by finding this denial of US hegemony in metaphor throughout --pace Ian Fleming, there is no obvious Felix Leiter to loudly throw money at the problem or a Sheriff Pepper to serve as cartoon racist for the Brits to feel superior about. By contrast, I recall that a clever allusion to "dusty teabags" is subtly mirrored a few paragraphs later with a reference to the installation of a coffee machine in the office, likely symbolic of the omnipresent and unavoidable influence of America. (The officer class convince themselves that coffee is a European import.) Indeed, Le Carr communicates a feeling of being surrounded on all sides by the peeling wallpaper of Empire.
Oftentimes, the writing style matches the graceless and inelegance of the world it depicts. The sentences are dense and you find your brain performing a fair amount of mid-flight sentence reconstruction, reparsing clauses, commas and conjunctions to interpret Le Carr 's intended meaning. In fact, in his eulogy-cum-analysis of Le Carr 's writing style, William Boyd, himself a ventrioquilist of Ian Fleming, named this intentional technique 'staccato'. Like the musical term, I suspect the effect of this literary staccato is as much about the impact it makes on a sentence as the imperceptible space it generates after it.
Lastly, the large cast in this sprawling novel is completely believable, all the way from the Russian spymaster Karla to minor schoolboy Roach the latter possibly a stand-in for Le Carr himself. I got through the 500-odd pages in just a few days, somehow managing to hold the almost-absurdly complicated plot in my head. This is one of those classic books of the genre that made me wonder why I had not got around to it before.
The Nickel BoysColson Whitehead
According to the judges who awarded it the Pulitzer Prize for Fiction, The Nickel Boys is "a devastating exploration of abuse at a reform school in Jim Crow-era Florida" that serves as a "powerful tale of human perseverance, dignity and redemption". But whilst there is plenty of this perseverance and dignity on display, I found little redemption in this deeply cynical novel.
It could almost be read as a follow-up book to Whitehead's popular The Underground Railroad, which itself won the Pulitzer Prize in 2017. Indeed, each book focuses on a young protagonist who might be euphemistically referred to as 'downtrodden'. But The Nickel Boys is not only far darker in tone, it feels much closer and more connected to us today. Perhaps this is unsurprising, given that it is based on the story of the Dozier School in northern Florida which operated for over a century before its long history of institutional abuse and racism was exposed a 2012 investigation. Nevertheless, if you liked the social commentary in The Underground Railroad, then there is much more of that in The Nickel Boys:
Perhaps his life might have veered elsewhere if the US government had opened the country to colored advancement like they opened the army. But it was one thing to allow someone to kill for you and another to let him live next door.
Sardonic aper us of this kind are pretty relentless throughout the book, but it never tips its hand too far into on nihilism, especially when some of the visual metaphors are often first-rate: "An American flag sighed on a pole" is one I can easily recall from memory. In general though, The Nickel Boys is not only more world-weary in tenor than his previous novel, the United States it describes seems almost too beaten down to have the energy conjure up the Swiftian magical realism that prevented The Underground Railroad from being overly lachrymose. Indeed, even we Whitehead transports us a present-day New York City, we can't indulge in another kind of fantasy, the one where America has solved its problems:
The Daily News review described the [Manhattan restaurant] as nouveau Southern, "down-home plates with a twist." What was the twist that it was soul food made by white people?
It might be overly reductionist to connect Whitehead's tonal downshift with the racial justice movements of the past few years, but whatever the reason, we've ended up with a hard-hitting, crushing and frankly excellent book.
True Grit & No Country for Old MenCharles Portis & Cormac McCarthy
It's one of the most tedious cliches to claim the book is better than the film, but these two books are of such high quality that even the Coen Brothers at their best cannot transcend them. I'm grouping these books together here though, not because their respective adaptations will exemplify some of the best cinema of the 21st century, but because of their superb treatment of language.
Take the use of dialogue. Cormac McCarthy famously does not use any punctuation "I believe in periods, in capitals, in the occasional comma, and that's it" but the conversations in No Country for Old Men together feel familiar and commonplace, despite being relayed through this unconventional technique. In lesser hands, McCarthy's written-out Texan drawl would be the novelistic equivalent of white rap or Jar Jar Binks, but not only is the effect entirely gripping, it helps you to believe you are physically present in the many intimate and domestic conversations that hold this book together. Perhaps the cinematic familiarity helps, as you can almost hear Tommy Lee Jones' voice as Sheriff Bell from the opening page to the last.
Charles Portis' True Grit excels in its dialogue too, but in this book it is not so much in how it flows (although that is delightful in its own way) but in how forthright and sardonic Maddie Ross is:
"Earlier tonight I gave some thought to stealing a kiss from you, though you are very young, and sick and unattractive to boot, but now I am of a mind to give you five or six good licks with my belt."
"One would be as unpleasant as the other."
Perhaps this should be unsurprising. Maddie, a fourteen-year-old girl from Yell County, Arkansas, can barely fire her father's heavy pistol, so she can only has words to wield as her weapon. Anyway, it's not just me who treasures this book. In her encomium that presages most modern editions, Donna Tartt of The Secret History fame traces the novels origins through Huckleberry Finn, praising its elegance and economy: "The plot of True Grit is uncomplicated and as pure in its way as one of the Canterbury Tales". I've read any Chaucer, but I am inclined to agree.
Tartt also recalls that True Grit vanished almost entirely from the public eye after the release of John Wayne's flimsy cinematic vehicle in 1969 this earlier film was, Tartt believes, "good enough, but doesn't do the book justice". As it happens, reading a book with its big screen adaptation as a chaser has been a minor theme of my 2020, including P. D. James' The Children of Men, Kazuo Ishiguro's Never Let Me Go, Patricia Highsmith's Strangers on a Train, James Ellroy's The Black Dahlia, John Green's The Fault in Our Stars, John le Carr 's Tinker, Tailor Soldier, Spy and even a staged production of Charles Dicken's A Christmas Carol streamed from The Old Vic. For an autodidact with no academic background in literature or cinema, I've been finding this an effective and enjoyable means of getting closer to these fine books and films it is precisely where they deviate (or perhaps where they are deficient) that offers a means by which one can see how they were constructed. I've also found that adaptations can also tell you a lot about the culture in which they were made: take the 'straightwashing' in the film version of Strangers on a Train (1951) compared to the original novel, for example. It is certainly true that adaptions rarely (as Tartt put it) "do the book justice", but she might be also right to alight on a legal metaphor, for as the saying goes, to judge a movie in comparison to the book is to do both a disservice.
The Glass HotelEmily St. John Mandel
In The Glass Hotel, Mandel somehow pulls off the impossible; writing a loose roman- -clef on Bernie Madoff, a Ponzi scheme and the ephemeral nature of finance capital that is tranquil and shimmeringly beautiful. Indeed, don't get the wrong idea about the subject matter; this is no over over-caffeinated The Big Short, as The Glass Hotel is less about a Madoff or coked-up financebros but the fragile unreality of the late 2010s, a time which was, as we indeed discovered in 2020, one event away from almost shattering completely.
Mandel's prose has that translucent, phantom quality to it where the chapters slip through your fingers when you try to grasp at them, and the plot is like a ghost ship that that slips silently, like the Mary Celeste, onto the Canadian water next to which the eponymous 'Glass Hotel' resides. Indeed, not unlike The Overlook Hotel, the novel so overflows with symbolism so that even the title needs to evoke the idea of impermanence permanently living in a hotel might serve as a house, but it won't provide a home. It's risky to generalise about such things post-2016, but the whole story sits in that the infinitesimally small distance between perception and reality, a self-constructed culture that is not so much 'post truth' but between them.
There's something to consider in almost every character too. Take the stand-in for Bernie Madoff: no caricature of Wall Street out of a 1920s political cartoon or Brechtian satire, Jonathan Alkaitis has none of the oleaginous sleaze of a Dominic Strauss-Kahn, the cold sociopathy of a Marcus Halberstam nor the well-exercised sinuses of, say, Jordan Belford. Alkaitis is dare I say it? eminently likeable, and the book is all the better for it. Even the C-level characters have something to say: Enrico, trivially escaping from the regulators (who are pathetically late to the fraud without Mandel ever telling us explicitly), is daydreaming about the girlfriend he abandoned in New York: "He wished he'd realised he loved her before he left". What was in his previous life that prevented him from doing so? Perhaps he was never in love at all, or is love itself just as transient as the imaginary money in all those bank accounts? Maybe he fell in love just as he crossed safely into Mexico? When, precisely, do we fall in love anyway?
I went on to read Mandel's Last Night in Montreal, an early work where you can feel her reaching for that other-worldly quality that she so masterfully achieves in The Glass Hotel. Her f ted Station Eleven is on my must-read list for 2021. "What is truth?" asked Pontius Pilate. Not even Mandel cannot give us the answer, but this will certainly do for now.
Running the LightSam Tallent
Although it trades in all of the clich s and stereotypes of the stand-up comedian (the triumvirate of drink, drugs and divorce), Sam Tallent's debut novel depicts an extremely convincing fictional account of a touring road comic.
The comedian Doug Stanhope (who himself released a fairly decent No Encore for the Donkey memoir in 2020) hyped Sam's book relentlessly on his podcast during lockdown... and justifiably so. I ripped through Running the Light in a few short hours, the only disappointment being that I can't seem to find videos online of Sam that come anywhere close to match up to his writing style. If you liked the rollercoaster energy of Paul Beatty's The Sellout, the cynicism of George Carlin and the car-crash invertibility of final season Breaking Bad, check this great book out.
Non-fiction
Inside StoryMartin Amis
This was my first introduction to Martin Amis's work after hearing that his "novelised autobiography" contained a fair amount about Christopher Hitchens, an author with whom I had a one of those rather clich d parasocial relationship with in the early days of YouTube. (Hey, it couldhavebeenmuchworse.) Amis calls his book a "novelised autobiography", and just as much has been made of its quasi-fictional nature as the many diversions into didactic writing advice that betwixt each chapter: "Not content with being a novel, this book also wants to tell you how to write novels", complained Tim Adams in The Guardian.
I suspect that reviewers who grew up with Martin since his debut book in 1973 rolled their eyes at yet another demonstration of his manifest cleverness, but as my first exposure to Amis's gift of observation, I confess that I was thought it was actually kinda clever. Try, for example, "it remains a maddening truth that both sexual success and sexual failure are steeply self-perpetuating" or "a hospital gym is a contradiction like a young Conservative", etc. Then again, perhaps I was experiencing a form of nostalgia for a pre-Gamergate YouTube, when everything in the world was a lot simpler... or at least things could be solved by articulate gentlemen who honed their art of rhetoric at the Oxford Union.
I went on to read Martin's first novel, The Rachel Papers (is it 'arrogance' if you are, indeed, that confident?), as well as his 1997 Night Train. I plan to read more of him in the future.
The Collected Essays, Journalism and Letters: Volume 1 & Volume 2 & Volume 3 & Volume 4George Orwell
These deceptively bulky four volumes contain all of George Orwell's essays, reviews and correspondence, from his teenage letters sent to local newspapers to notes to his literary executor on his deathbed in 1950. Reading this was part of a larger, multi-year project of mine to cover the entirety of his output.
By including this here, however, I'm not recommending that you read everything that came out of Orwell's typewriter. The letters to friends and publishers will only be interesting to biographers or hardcore fans (although I would recommend Dorian Lynskey's The Ministry of Truth: A Biography of George Orwell's 1984 first). Furthermore, many of his book reviews will be of little interest today. Still, some insights can be gleaned; if there is any inconsistency in this huge corpus is that his best work is almost 'too' good and too impactful, making his merely-average writing appear like hackwork. There are some gems that don't make the usual essay collections too, and some of Orwell's most astute social commentary came out of series of articles he wrote for the left-leaning newspaper Tribune, related in many ways to the US Jacobin. You can also see some of his most famous ideas start to take shape years if not decades before they appear in his novels in these prototype blog posts.
I also read Dennis Glover's novelised account of the writing of Nineteen-Eighty Four called The Last Man in Europe, and I plan to re-read some of Orwell's earlier novels during 2021 too, including A Clergyman's Daughter and his 'antebellum' Coming Up for Air that he wrote just before the Second World War; his most under-rated novel in my estimation. As it happens, and with the exception of the US and Spain, copyright in the works published in his lifetime ends on 1st January 2021. Make of that what you will.
Capitalist Realism & Chavs: The Demonisation of the Working ClassMark Fisher & Owen Jones
These two books are not natural companions to one another and there is likely much that Jones and Fisher would vehemently disagree on, but I am pairing these books together here because they represent the best of the 'political' books I read in 2020.
Mark Fisher was a dedicated leftist whose first book, Capitalist Realism, marked an important contribution to political philosophy in the UK. However, since his suicide in early 2017, the currency of his writing has markedly risen, and Fisher is now frequently referenced due to his belief that the prevalence of mental health conditions in modern life is a side-effect of various material conditions, rather than a natural or unalterable fact "like weather". (Of course, our 'weather' is being increasingly determined by a combination of politics, economics and petrochemistry than pure randomness.) Still, Fisher wrote on all manner of topics, from the 2012 London Olympics and "weird and eerie" electronic music that yearns for a lost future that will never arrive, possibly prefiguring or influencing the Fallout video game series.
Saying that, I suspect Fisher will resonate better with a UK audience more than one across the Atlantic, not necessarily because he was minded to write about the parochial politics and culture of Britain, but because his writing often carries some exasperation at the suppression of class in favour of identity-oriented politics, a viewpoint not entirely prevalent in the United States outside of, say, Tour F. Reed or the late Michael Brooks. (Indeed, Fisher is likely best known in the US as the author of his controversial 2013 essay, Exiting the Vampire Castle, but that does not figure greatly in this book). Regardless, Capitalist Realism is an insightful, damning and deeply unoptimistic book, best enjoyed in the warm sunshine I found it an ironic compliment that I had quoted so many paragraphs that my Kindle's copy protection routines prevented me from clipping any further.
Owen Jones needs no introduction to anyone who regularly reads a British newspaper, especially since 2015 where he unofficially served as a proxy and punching bag for expressing frustrations with the then-Labour leader, Jeremy Corbyn. However, as the subtitle of Jones' 2012 book suggests, Chavs attempts to reveal the "demonisation of the working class" in post-financial crisis Britain. Indeed, the timing of the book is central to Jones' analysis, specifically that the stereotype of the "chav" is used by government and the media as a convenient figleaf to avoid meaningful engagement with economic and social problems on an austerity ridden island. (I'm not quite sure what the US equivalent to 'chav' might be. Perhaps Florida Man without the implications of mental health.)
Anyway, Jones certainly has a point. From Vicky Pollard to the attacks on Jade Goody, there is an ignorance and prejudice at the heart of the 'chav' backlash, and that would be bad enough even if it was not being co-opted or criminalised for ideological ends.
Elsewhere in political science, I also caught Michael Brooks' Against the Web and David Graeber's Bullshit Jobs, although they are not quite methodical enough to recommend here. However, Graeber's award-winning Debt: The First 5000 Years will be read in 2021. Matt Taibbi's Hate Inc: Why Today's Media Makes Us Despise One Another is worth a brief mention here though, but its sprawling nature felt very much like I was reading a set of Substack articles loosely edited together. And, indeed, I was.
The Golden Thread: The Story of WritingEwan Clayton
A recommendation from a dear friend, Ewan Clayton's The Golden Thread is a journey through the long history of the writing from the Dawn of Man to present day. Whether you are a linguist, a graphic designer, a visual artist, a typographer, an archaeologist or 'just' a reader, there is probably something in here for you. I was already dipping my quill into calligraphy this year so I suspect I would have liked this book in any case, but highlights would definitely include the changing role of writing due to the influence of textual forms in the workplace as well as digression on ergonomic desks employed by monks and scribes in the Middle Ages.
A lot of books by otherwise-sensible authors overstretch themselves when they write about computers or other technology from the Information Age, at best resulting in bizarre non-sequiturs and dangerously Panglossian viewpoints at worst. But Clayton surprised me by writing extremely cogently and accurate on the role of text in this new and unpredictable era. After finishing it I realised why for a number of years, Clayton was a consultant for the legendary Xerox PARC where he worked in a group focusing on documents and contemporary communications whilst his colleagues were busy inventing the graphical user interface, laser printing, text editors and the computer mouse.
We're accustomed to worrying about AI systems being built that will either "go rogue" and attack us, or succeed us in a bizarre evolution of, um, evolution what we didn't reckon on is the sheer inscrutability of these manufactured minds. And minds is not a misnomer. How else should we think about the neural network Google has built so its translator can model the interrelation of all words in all languages, in a kind of three-dimensional "semantic space"?
New Dark Age also turns its attention to the weird, algorithmically-derived products offered for sale on Amazon as well as the disturbing and abusive videos that are automatically uploaded by bots to YouTube. It should, by rights, be a mess of disparate ideas and concerns, but Bridle has a flair for introducing topics which reveals he comes to computer science from another discipline altogether; indeed, on a four-part series he made for Radio 4, he's primarily referred to as "an artist".
Whilst New Dark Age has rather abstract section topics, Adam Greenfield's Radical Technologies is a rather different book altogether. Each chapter dissects one of the so-called 'radical' technologies that condition the choices available to us, asking how do they work, what challenges do they present to us and who ultimately benefits from their adoption. Greenfield takes his scalpel to smartphones, machine learning, cryptocurrencies, artificial intelligence, etc., and I don't think it would be unfair to say that starts and ends with a cynical point of view. He is no reactionary Luddite, though, and this is both informed and extremely well-explained, and it also lacks the lazy, affected and Private Eye-like cynicism of, say, Attack of the 50 Foot Blockchain.
The books aren't a natural pair, for Bridle's writing contains quite a bit of air in places, ironically mimics the very 'clouds' he inveighs against. Greenfield's book, by contrast, as little air and much lower pH value. Still, it was more than refreshing to read two technology books that do not limit themselves to platitudinal booleans, be those dangerously naive (e.g. Kevin Kelly's The Inevitable) or relentlessly nihilistic (Shoshana Zuboff's The Age of Surveillance Capitalism). Sure, they are both anti-technology screeds, but they tend to make arguments about systems of power rather than specific companies and avoid being too anti-'Big Tech' through a narrower, Silicon Valley obsessed lens for that (dipping into some other 2020 reading of mine) I might suggest Wendy Liu's Abolish Silicon Valley or Scott Galloway's The Four.
Still, both books are superlatively written. In fact, Adam Greenfield has some of the best non-fiction writing around, both in terms of how he can explain complicated concepts (particularly the smart contract mechanism of the Ethereum cryptocurrency) as well as in the extremely finely-crafted sentences I often felt that the writing style almost had no need to be that poetic, and I particularly enjoyed his fictional scenarios at the end of the book.
The Algebra of Happiness & Indistractable: How to Control Your Attention and Choose Your LifeScott Galloway & Nir Eyal
A cocktail of insight, informality and abrasiveness makes NYU Professor Scott Galloway uncannily appealing to guys around my age. Although Galloway definitely has his own wisdom and experience, similar to Joe Rogan I suspect that a crucial part of Galloway's appeal is that you feel you are learning right alongside him. Thankfully, 'Prof G' is far less err problematic than Rogan (Galloway is more of a well-meaning, spirited centrist), although he, too, has some pretty awful takes at time. This is a shame, because removed from the whirlwind of social media he can be really quite considered, such as in this long-form interview with Stephanie Ruhle.
In fact, it is this kind of sentiment that he captured in his 2019 Algebra of Happiness. When I look over my highlighted sections, it's clear that it's rather schmaltzy out of context ("Things you hate become just inconveniences in the presence of people you love..."), but his one-two punch of cynicism and saccharine ("Ask somebody who purchased a home in 2007 if their 'American Dream' came true...") is weirdly effective, especially when he uses his own family experiences as part of his story:
A better proxy for your life isn't your first home, but your last. Where you draw your last breath is more meaningful, as it's a reflection of your success and, more important, the number of people who care about your well-being. Your first house signals the meaningful your future and possibility. Your last home signals the profound the people who love you. Where you die, and who is around you at the end, is a strong signal of your success or failure in life.
Nir Eyal's Indistractable, however, is a totally different kind of 'self-help' book. The important background story is that Eyal was the author of the widely-read Hooked which turned into a secular Bible of so-called 'addictive design'. (If you've ever been cornered by a techbro wielding a Wikipedia-thin knowledge of B. F. Skinner's behaviourist psychology and how it can get you to click 'Like' more often, it ultimately came from Hooked.) However, Eyal's latest effort is actually an extended mea culpa for his previous sin and he offers both high and low-level palliative advice on how to avoid falling for the tricks he so studiously espoused before. I suppose we should be thankful to capitalism for selling both cause and cure.
Speaking of markets, there appears to be a growing appetite for books in this 'anti-distraction' category, and whilst I cannot claim to have done an exhausting study of this nascent field, Indistractable argues its points well without relying on accurate-but-dry "studies show..." or, worse, Gladwellian gotchas. My main criticism, however, would be that Eyal doesn't acknowledge the limits of a self-help approach to this problem; it seems that many of the issues he outlines are an inescapable part of the alienation in modern Western society, and the only way one can really avoid distraction is to move up the income ladder or move out to a 500-acre ranch.
Here s my (sixteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 25th month of contributing to Debian.
I became a DM in late March 2019 and a DD on Christmas 19! \o/
This month was bat-shit crazy. Why? We ll come to it later, probably 15th of this month?
Anyway, besides being crazy, hectic, adventerous, and the first of 2021, this month I was super-insanely busy. With what? Hm, more about this later this month! ^_^
However, I still did some Debian stuff here and there. Here are the following things I worked on:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my sixteenth month as a Debian LTS and seventh month as a Debian ELTS paid contributor.
I was assigned 26.00 hours for LTS and 36.75 hours for ELTS and worked on the following things:
(however, I worked extra for 9 hours for LTS and 9 hours for ELTS this month, which I intend to balance from the next month!)
LTS CVE Fixes and Announcements:
Issued DLA 2518-1, fixing CVE-2020-35492, for cairo.
For Debian 9 Stretch, these problems have been fixed in version 1.14.8-1+deb9u1.
Prepared DSA 4831-1, fixing CVE-2020-26298, for ruby-redcarpet.
For Debian 10 Buster, these problems have been fixed in version 3.4.0-4+deb10u1. The announcement was released by the Security Team.
This January, on 23rd and 24th, we had Mini DebConf India 2021 online.
I had a talk as well, titled, Why Point Releases are important and how you can help
prepare them?".
It was a fun and a very short talk, where I just list out the reasons and ways to help in
the preparation of point releases . I did some experimentation with this talk, figuring
out what works for the audience and what doesn t and where can I improve for the next time
I talk about this topic! \o/
You can listen to the talk here
and let me know if you have any feedback!
Anyway, the conference lasted for 2 days and I also did some volunteering (talk director,
talk miester) in Hindi and English, both! It was all so fun and new. Anyway, here s the picture we took:
In another exciting news, I got my first CVE assigned!!! \o/
No, it is not something that I found, it was discovered by Tavis Ormandy. I just assigned
this a CVE ID, CVE-2021-3181.
This is my first, so I am very excited about this! ^_^
Besides, there s something more that is in the pipelines. Can t talk about it now, shh. But
hopefully very sooooooon!
Other $things! \o/
This month was tiresome, with most of the time being spent on the Debian stuff, I did
very little work outside it, really. The issues and patches that I sent are:
Issue #700 for redcarpet, asking for a reproducer for CVE-2020-26298 and some additional patch related queries.
Issue #7 for in-parallel, asking them to not use relative paths for tests.
Issue #8 for in-parallel, reporting a test failure for the library.
Issue #2 for rake-ant, asking them to bump their dependencies to a newer version.
PR #3 for rake-ant, bumping the dependencies to a newer version, fixing the above issue, heh.
Issue #4 for rake-ant, requesting to drop git from their gemspec.
PR #5 for rake-ant, dropping git from gemspec, fixing the above issue, heh.
Issue #95 for WavPack, asking for a review of past security vulnerabilites wrt v4.70.0.
Reviewed PR #128 for ruby-openid, addressing the past regression with CVE fix merge.
Reviewed PR #63 for cocoapods-acknowledgements, updating redcarpet to v3.5.1, as a safety measure due to recently discovered vulnerability.
Issue #1331 for bottle, asking for relevant commits for CVE-2020-28473 and clarifying other things.
Issue #5 for em-redis, reporting test failures on IPv6-only build machines.
Issue #939 for eventmachine, reporting test failures for em-redis on IPv6-only build machines.
Here s my (fifteenth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This was my 24th month of contributing to Debian.
I became a DM in late March last year and a DD last Christmas! \o/
Amongs a lot of things, this was month was crazy, hectic, adventerous, and the last of 2020 more on some parts later this month.
I finally finished my 7th semester (FTW!) and moved onto my last one! That said, I had been busy with other things but still did a bunch of Debian stuff
Here are the following things I did this month:
Debian (E)LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group of volunteers and companies interested in making it a success.
And Debian Extended LTS (ELTS) is its sister project, extending support to the Jessie release (+2 years after LTS support).
This was my fifteenth month as a Debian LTS and sixth month as a Debian ELTS paid contributor.
I was assigned 26.00 hours for LTS and 38.25 hours for ELTS and worked on the following things:
LTS CVE Fixes and Announcements:
Issued DLA 2474-1, fixing CVE-2020-28928, for musl.
For Debian 9 Stretch, these problems have been fixed in version 1.1.16-3+deb9u1.
Issued DLA 2484-1, fixing #969126, for python-certbot.
For Debian 9 Stretch, these problems have been fixed in version 0.28.0-1~deb9u3.
Issued DLA 2487-1, fixing CVE-2020-27350, for apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.11. The update was prepared by the maintainer, Julian.
Issued DLA 2488-1, fixing CVE-2020-27351, for python-apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.2. The update was prepared by the maintainer, Julian.
Issued DLA 2495-1, fixing CVE-2020-17527, for tomcat8.
For Debian 9 Stretch, these problems have been fixed in version 8.5.54-0+deb9u5.
Issued DLA 2488-2, for python-apt.
For Debian 9 Stretch, these problems have been fixed in version 1.4.3. The update was prepared by the maintainer, Julian.
Issued DLA 2508-1, fixing CVE-2020-35730, for roundcube.
For Debian 9 Stretch, these problems have been fixed in version 1.2.3+dfsg.1-4+deb9u8. The update was prepared by the maintainer, Guilhem.
ELTS CVE Fixes and Announcements:
Issued ELA 324-1, fixing CVE-2020-28928, for musl.
For Debian 8 Jessie, these problems have been fixed in version 1.1.5-2+deb8u2.
Issued ELA 325-1, fixing CVE-2020-28896, for mutt.
For Debian 8 Jessie, these problems have been fixed in version 1.5.23-3+deb8u4.
Marked CVE-2020-17527/tomcat8 as not-affected for jessie.
Marked CVE-2020-28052/bountycastle as not-affected for jessie.
Marked CVE-2020-14394/qemu as postponed for jessie.
Marked CVE-2020-35738/wavpack as not-affected for jessie.
Marked CVE-2020-3550 3-6 /qemu as postponed for jessie.
Marked CVE-2020-3550 3-6 /qemu as postponed for stretch.
Marked CVE-2020-16093/lemonldap-ng as no-dsa for stretch.
Marked CVE-2020-27837/gdm3 as no-dsa for stretch.
Marked CVE-2020- 13987, 13988, 17437 /open-iscsi as no-dsa for stretch.
Marked CVE-2020-35450/gobby as no-dsa for stretch.
Marked CVE-2020-35728/jackson-databind as no-dsa for stretch.
Marked CVE-2020-28935/nsd as no-dsa for stretch.
Auto EOL ed libpam-tacplus, open-iscsi, wireshark, gdm3, golang-go.crypto, jackson-databind, spotweb, python-autobahn, asterisk, nsd, ruby-nokogiri, linux, and motion for jessie.
Bugs and Patches
Well, I did report some bugs and issues and also sent some patches:
Issue #44 for github-activity-readme, asking for a feature request to set custom committer s email address.
Issue #711 for git2go, reporting build failure for the library.
PR #89 for rubocop-rails_config, bumping RuboCop::Packaging to v0.5.
Issue #36 for rubocop-packaging, asking to try out mutant :)
PR #212 for cucumber-ruby-core, bumping RuboCop::Packaging to v0.5.
PR #213 for cucumber-ruby-core, enabling RuboCop::Packaging.
Issue #19 for behance, asking to relax constraints on faraday and faraday_middleware.
PR #37 for rubocop-packaging, enabling tests against ruby3.0! \o/
PR #489 for cucumber-rails, bumping RuboCop::Packaging to v0.5.
Issue #362 for nheko, reporting a crash when opening the application.
PR #1282 for paper_trail, adding RuboCop::Packaging amongst other used extensions.
Bug #978640 for nheko Debian package, reporting a crash, as a result of libfmt7 regression.
Misc and Fun
Besides squashing bugs and submitting patches, I did some other things as well!
Participated in my first Advent of Code event! :)
Whilst it was indeed fun, I didn t really complete it. No reason, really. But I ll definitely come back stronger next year, heh! :)
All the solutions thus far could be found here.
Did a couple of reviews for some PRs and triaged some bugs here and there, meh.
Also did some cloud debugging, not so fun if you ask me, but cool enough to make me want to do it again! ^_^
Worked along with pollo, zigo, ehashman, rlb, et al for puppet and puppetserver in Debian. OMG, they re so lovely! <3
Ordered some interesting books to read January onward. New year resolution? Meh, not really. Or maybe. But nah.
Also did some interesting stuff this month but can t really talk about it now. Hopefully sooooon.
Like many other people, I first became aware of Anne Helen Petersen's
journalism when her Buzzfeed article
"How Millennials Became the Burnout Generation" went viral. Can't
Even is the much-awaited (at least by me) book-length expansion of that
thesis: The United States is, as a society, burning out, and that burnout
is falling on millennials the hardest. We're not recognizing the symptoms
because we think burnout looks like something dramatic and flashy. But
for most people burnout looks less like a nervous breakdown and more like
constant background anxiety and lack of energy.
Laura, who lives in Chicago and works as a special ed teacher, never
wants to see her friends, or date, or cook she's so tired, she just
wants to melt into the couch. "But then I can't focus on what I'm
watching, and end up unfocused again, and not completely relaxing,"
she explained. "Here I am telling you I don't even relax right! I
feel bad about feeling bad! But by the time I have leisure time, I
just want to be alone!"
Petersen explores this idea across childhood, education, work, family, and
parenting, but the core of her thesis is the precise opposite of the
pervasive myth that millennials are entitled and lazy (a persistent
generational critique that Petersen points out was also leveled at their
Baby Boomer parents in the 1960s and 1970s). Millennials aren't slackers;
they're workaholics from childhood, for whom everything has become a
hustle and a second (or third or fourth) job. The struggle with
"adulting" is a symptom of the burnout on the other side of exhaustion,
the mental failures that happen when you've forced yourself to keep going
on empty so many times that it's left lingering damage.
Petersen is a synthesizing writer who draws together the threads of other
books rather than going deep on a novel concept, so if you've been reading
about work, psychology, stress, and productivity, many of the ideas here
will be familiar. But she's been reading the same authors that I've been
reading (Tressie McMillan Cottom,
Emily Guendelsberger, Brigid Schulte, and even Cal Newport), and
this was the book that helped me pull those analyses together into a
coherent picture.
That picture starts with the shift of risk in the 1970s and 1980s from
previously stable corporations with long-lasting jobs and retirement
pensions onto individual employees. The corresponding rise in precarity
and therefore fear led to a concerted effort to re-establish a feeling of
control. Baby Boomers doubled down on personal responsibility and
personal capability, replacing unstructured childhood for their kids with
planned activities and academic achievement. That generation, in turn,
internalized the need for constant improvement, constant grading, and
constant achievement, accepting an implied bargain that if they worked
very hard, got good grades, got into good schools, and got a good degree,
it would pay off in a good life and financial security.
They were betrayed. The payoff never happened; many millennials graduated
into the Great Recession and the worst economy since World War II. In
response, millennials doubled down on the only path to success they were
taught. They took on more debt, got more education, moved back in with
their parents to cut expenses, and tried even harder.
Even after watching our parents get shut out, fall from, or simply
struggle anxiously to maintain the American Dream, we didn't reject
it. We tried to work harder, and better, more efficiently, with more
credentials, to achieve it.
Once one has this framework in mind, it's startling how pervasive the
"just try harder" message is and how deeply we've internalized it. It is
at the center of the time management literature: Getting Things Done focuses almost entirely on individual
efficiency. Later time management work has become more aware of the
importance of pruning the to-do list and doing fewer things, but addresses
that through techniques for individual prioritization.
Cal Newport is more aware than most that
constant busyness and multitasking interacts poorly with the human brain,
and has taken a few tentative steps towards treating the problem as
systemic rather than individual, but his focus is still primarily on
individual choices. Even when tackling a problem that is clearly
societal, such as the monetization of fear and outrage on social media,
the solutions are all individual: recognize that those platforms are bad
for you, make an individual determination that your attention is being
exploited, and quit social media through your personal force of will.
And this isn't just productivity systems. Most of public discussion of
environmentalism in the United States is about personal energy
consumption, your individual carbon footprint, household recycling, and
whether you personally should eat meat. Discussions of monopoly and
monopsony become debates over whether you personally should buy from
Amazon. Concerns about personal privacy turn into advocacy for using an
ad blocker or shaming people for using Google products. Articles about
the growth of right-wing extremism become exhortations to take
responsibility for the right-wing extremist in your life and argue them
out of their beliefs over the dinner table. Every major systemic issue
facing society becomes yet another personal obligation, another place we
are failing as individuals, something else that requires trying harder,
learning more, caring more, doing more.
This advice is well-meaning (mostly; sometimes it is an intentional and
cynical diversion), and can even be effective with specific problems. But
it's also a trap. If you're feeling miserable, you just haven't found the
right combination of time-block scheduling, kanban, and bullet journaling
yet. If you're upset at corporate greed and the destruction of the
environment, the change starts with you and your household. The solution
is in your personal hands; you just have try a little harder, work a
little harder, make better decisions, and spend money more ethically
(generally by buying more expensive products). And therefore, when we're
already burned out, every topic becomes another failure, increasing our
already excessive guilt and anxiety.
Believing that we're in control, even when we're not, does have
psychological value. That's part of what makes it such a beguiling trap.
While drafting this review, I listened to Ezra Klein's interview with
Robert Sapolsky on poverty and stress, and one of the points he made is
that, when mildly or moderately bad things happen, believing you have
control is empowering. It lets you recast the setback as a larger
disaster that you were able to prevent and avoid a sense of futility. But
when something major goes wrong, believing you have control is actively
harmful to your mental health. The tragedy is now also a personal
failure, leading to guilt and internal recrimination on top of the effects
of the tragedy itself. This is why often the most comforting thing we can
say to someone else after a personal disaster is "there's nothing you
could have done."
Believing we can improve our lives if we just try a little harder does
work, until it doesn't. And because it does work for smaller things, it's
hard to abandon; in the short term, believing we're at the mercy of forces
outside our control feels even worse. So we double down on
self-improvement, giving ourselves even more things to attempt to do and
thus burning out even more.
Petersen is having none of this, and her anger is both satisfying and
clarifying.
In writing that article, and this book, I haven't cured anyone's
burnout, including my own. But one thing did become incredibly clear.
This isn't a personal problem. It's a societal one and it will not
be cured by productivity apps, or a bullet journal, or face mask skin
treatments, or overnight fucking oats. We gravitate toward those
personal cures because they seem tenable, and promise that our lives
can be recentered, and regrounded, with just a bit more discipline, a
new app, a better email organization strategy, or a new approach to
meal planning. But these are all merely Band-Aids on an open wound.
They might temporarily stop the bleeding, but when they fall off, and
we fail at our new-found discipline, we just feel worse.
Structurally, Can't Even is half summaries of other books and
essays put into this overall structure and half short profiles and quotes
from millennials that illustrate her point. This is Petersen's typical
journalistic style if you're familiar with her other work. It gains a lot
from the voices of individuals, but it can also feel like argument from
anecdote. If there's a epistemic flaw in this book, it's that Petersen
defends her arguments more with examples than with scientific study. I've
read enough of the other books she cites, many of which do go into the
underlying studies and statistics, to know that her argument is
well-grounded, but I think Can't Even works better as a roadmap and
synthesis than as a primary source of convincing data.
The other flaw that I'll mention is that although Petersen tries very hard
to incorporate poorer and non-white millennials, I don't think the effort
was successful, and I'm not sure it was possible within the structure
of this book. She frequently makes a statement that's accurate and
insightful for millennials from white, middle-class families, acknowledges
that it doesn't entirely apply to, for example, racial minorities, and
then moves on without truly reconciling those two perspectives. I think
this is a deep structural problem: One's experience of American life
is very different depending on race and class, and the phenomenon that
Petersen is speaking to is to an extent specific to those social classes
who had a more comfortable and relaxing life and are losing it.
One way to see the story of the modern economy is that white people are
becoming as precarious as everyone else already was, and are reacting by
making the lives of non-white people yet more miserable. Petersen is
accurately pointing to significant changes in relationships with
employers, productivity, family, and the ideology of individualism, but
experiencing that as a change is more applicable to white people than
non-white people. That means there are, in a way, two books here: one
about the slow collapse of the white middle class into constant burnout,
and a different book about the much longer-standing burnout of being
non-white in the United States and our systemic failure to address the
causes of it. Petersen tries to gesture at the second book, but she's not
the person to write it and those two books cannot comfortably live between
the same covers. The gestures therefore feel awkward and forced, and
while the discomfort itself serves some purpose, it lacks the insight that
Petersen brings to the rest of the book.
Those critiques aside, I found Can't Even immensely clarifying.
It's the first book that explained to me in a way I understood what's so
demoralizing and harmful about Instagram and its allure of cosplaying as a
successful person. It helped me understand how productivity and
individual political choices fit into a system that emphasizes individual
action as an excuse to not address collective problems. And it also gave
me a strange form of hope, because if something can't go on forever, it
will, at some point, stop.
Millennials have been denigrated and mischaracterized, blamed for
struggling in situations that set us up to fail. But if we have the
endurance and aptitude and wherewithal to work ourselves this deeply
into the ground, we also have the strength to fight. We have little
savings and less stability. Our anger is barely contained. We're a
pile of ashes smoldering, a bad memory of our best selves.
Underestimate us at your peril: We have so little left to lose.
Nothing will change without individual people making different decisions
and taking different actions than they are today. But we have gone much
too far down the path of individual, atomized actions that may produce
feelings of personal virtue but that are a path to ineffectiveness and
burnout when faced with systemic problems. We need to make different
choices, yes, but choices towards solidarity and movement politics rather
than personal optimization.
There is a backlash coming. If we let it ground itself in personal
grievance, it could turn ugly and take a racist and nationalist direction.
But that's not, by in large, what millennials have done, and that makes me
optimistic. If we embrace the energy of that backlash and help shape it
to be more inclusive, just, and fair, we can rediscover the effectiveness
of collective solutions for collective problems.
Rating: 8 out of 10
Welcome to the September 2020 report from the Reproducible Builds project. In our monthly reports, we attempt to summarise the things that we have been up to over the past month, but if you are interested in contributing to the project, please visit our main website.
This month, the Reproducible Builds project was pleased to announce a donation from Amateur Radio Digital Communications (ARDC) in support of its goals. ARDC s contribution will propel the Reproducible Builds project s efforts in ensuring the future health, security and sustainability of our increasingly digital society. Amateur Radio Digital Communications (ARDC) is a non-profit which was formed to further research and experimentation with digital communications using radio, with a goal of advancing the state of the art of amateur radio and to educate radio operators in these techniques. You can view the full announcement as well as more information about ARDC on their website.
In August s report, we announced that Jennifer Helsby (redshiftzero) launched a new reproduciblewheels.com website to address the lack of reproducibility of Python wheels . This month, Kushal Das posted a brief follow-up to provide an update on reproducible sources as well.
The Threema privacy and security-oriented messaging application announced that within the next months , their apps will become fully open source, supporting reproducible builds :
This is to say that anyone will be able to independently review Threema s security and verify that the published source code corresponds to the downloaded app.
The previous year has seen great progress in Arch Linux to get reproducible builds in the hands of the users and developers. In this talk we will explore the current tooling that allows users to reproduce packages, the rebuilder software that has been written to check packages and the current issues in this space.
During the Reproducible Builds summit in Marrakesh, GNU Guix, NixOS and Debian were able to produce a bit-for-bit identical binary when building GNU Mes, despite using three different major versions of GCC. Since the summit, additional work resulted in a bit-for-bit identical Mes binary using tcc and this month, a fuller update was posted by the individuals involved.
diffoscopediffoscope is our in-depth and content-aware diff utility that can not only locate and diagnose reproducibility issues, it provides human-readable diffs of all kinds too.
In September, Chris Lamb made the following changes to diffoscope, including preparing and uploading versions 159 and 160 to Debian:
New features:
Show ordering differences only in strings(1) output by applying the ordering check to all differences across the codebase. []
Bug fixes:
Mark some PGP tests that they require pgpdump, and check that the associated binary is actually installed before attempting to run it. (#969753)
Don t raise exceptions when cleaning up after guestfs cleanup failure. []
Ensure we check FALLBACK_FILE_EXTENSION_SUFFIX, otherwise we run pgpdump against all files that are recognised by file(1) as data. []
Codebase improvements:
Add some documentation for the EXTERNAL_TOOLS dictionary. []
Abstract out a variable we use a couple of times. []
Improve the documentation on how to signup to Salsa. []
Add some more links to academic papers. []
Also include the general news in our RSS feed [] and drop including weekly reports from the RSS feed (they are never shown now that we have over 10 items) [].
Update ordering and location of various news and links to tarballs, etc. [][][]
In addition, Holger Levsen re-added the documentation link to the top-level navigation [] and documented that the jekyll-polyglot package is required []. Lastly, diffoscope.org and reproducible-builds.org were transferred to Software Freedom Conservancy. Many thanks to Brett Smith from Conservancy, J r my Bobbio (lunar) and Holger Levsen for their help with transferring and to Mattia Rizzolo for initiating this.
Upstream patches
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of these patches, including:
Testing framework
The Reproducible Builds project operates a Jenkins-based testing framework to power tests.reproducible-builds.org. This month, Holger Levsen made the following changes:
Highlight important bad conditions in colour. [][]
Add support for detecting more problems, including Jenkins shutdown issues [], failure to upgrade Arch Linux packages [], kernels with wrong permissions [], etc.
Misc:
Delete old schroot sessions after 2 days, not 3. []
In addition, stefan0xC fixed a query for unknown results in the handling of Arch Linux packages [] and Mattia Rizzolo updated the template that notifies maintainers by email of their newly-unreproducible packages to ensure that it did not get caught in junk/spam folders []. Finally, build node maintenance was performed by Holger Levsen [][][][], Mattia Rizzolo [][] and Vagrant Cascadian [][][].
If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:
Sun is the daughter and heir of the mercurial Queen-Marshal Eirene, ruler
of the Republic of Chaonia. Chaonia, thanks to Eirene and her ancestors,
has carved out a fiercely independent position between the Yele League and
the Phene Empire. Sun's father, Prince Jo o, is one of Eirene's three
consorts, all chosen for political alliances to shore up that fragile
position. Jo o is Gatoi, a civilization of feared fighters and supposed
barbarians from outside Chaonia who normally ally with the Phene, which
complicates Sun's position as heir. Sun attempts to compensate for that
by winning battles for the Republic, following in the martial footsteps of
her mother.
The publisher's summary of this book is not great (I'm a huge fan of
Princess Leia, but that is... not the analogy that comes to mind), so let
me try to help. This is gender-swapped Alexander the Great in space.
However, it is gender-swapped Alexander the Great in space with her
Companions, which means the DNA of this novel is half space opera and
half heist story (without, to be clear, an actual heist, although there
are some heist-like maneuvers). It's also worth mentioning that Sun, like
Alexander, is not heterosexual.
The other critical thing to know before reading, mostly because it will
get you through the rather painful start, is that the most interesting
viewpoint character in this book is not Sun, the Alexander analogue. It's
Persephone, who isn't introduced until chapter seven.
Significant disclaimer up front: I got a reasonably typical US grade
school history of Alexander the Great, which means I was taught that he
succeeded his father, conquered a whole swath of the middle of the
Eurasian land mass at a very young age, and then died and left his empire
to his four generals who promptly divided it into four uninteresting
empires that no one's ever heard of, and that's why Rome is more important
than Greece. (I put in that last bit to troll one specific person.)
I am therefore not the person to judge the parallels between this story
and known history, or to notice any damage done to Greek pride, or to pick
up on elements that might cause someone with a better grasp of that
history to break out in hives. I did enough research to know that one
scene in this book is lifted directly out of Alexander's life, but I'm not
sure how closely the other parallels track. Yele is probably southern
Greece and Phene is probably Persia, but I'm not certain even of that, and
some of the details don't line up. If I had to hazard a guess, I'd say
that Elliott has probably mangled history sufficiently to make it clear
that this isn't intended to be a retelling, but if the historical
parallels are likely to bother you, you may want to do more research
before reading.
What I can say is that the space opera setup, while a bit stock, has all
the necessary elements to make me happy. Unconquerable Sun is
firmly in the "lost Earth" tradition: The Argosy fleet fled the
now-mythical Celestial Empire and founded a new starfaring civilization
without any contact with their original home. Eventually, they invented
(or discovered; the characters don't know) the beacons, which allow for
instantaneous travel between specific systems without the long (but still
faster-than-light) journeys of the knnu drive. More recently, the beacon
network has partly collapsed, cutting off the characters' known world from
the civilization that was responsible for the beacons and guarded their
secrets. It's a fun space opera history with lots of lost knowledge to
reference and possibly discover, and with plot-enabling military choke
points at the surviving beacons that link multiple worlds.
This is all background to the story, which is the ongoing war between
Chaonia and the Phene Empire mixed with cutthroat political maneuvering
between the great houses of the Chaonian Republic. This is where the
heist aspects come in. Each house sends one representative to join the
household of the Queen-Marshal and (more to the point for this story)
another to join her heir. Sun has encouraged the individual and divergent
talents of her Companions and their cee-cees (an unfortunate term that I
suspect is short for Companion's Companion) and forged them into a good
working team. A team that's about to be disrupted by the maneuverings of
a rival house and the introduction of a new team member whom no one wants.
A problem with writing tactical geniuses is that they often aren't good
viewpoint characters. Sun's tight third-person chapters, which is a
little less than half the book, advance the plot and provide analysis of
the interpersonal dynamics of the characters, but aren't the strength of
the story. That lies with the interwoven first-person sections that
follow Persephone, an altogether more interesting character.
Persephone is the scion of the house that is Sun's chief rival, but she
has no interest in being part of that house or its maneuverings. When the
story opens, she's a cadet in a military academy for recruits from the
commoners, having run away from home, hidden her identity, and won a
position through the open entrance exams. She of course doesn't stay
there; her past catches up with her and she gets assigned to Sun, to a
great deal of mutual suspicion. She also is assigned an impeccably
dressed and stunningly beautiful cee-cee, Tiana, who has her own secrets
and who was my favorite character in the book.
Somewhat unusually for the space opera tradition, this is a book that
knows that common people exist and have interesting lives. It's primarily
focused on the ruling houses, but that focus is not exclusive and the
rulers do not have a monopoly on competence. Elliott also avoids
narrowing the political field too far; the Gatoi are separate from the
three rival powers, and there are other groups with traditions older than
the Chaonian Republic and their own agendas. Sun and her Companions are
following a couple of political threads, but there is clearly more going
on in this world than that single plot.
This is exactly the kind of story I think of when I think space opera.
It's not doing anything that original or groundbreaking, and it's not
going to make any of my lists of great literature, but it's a fun romp
with satisfyingly layered bits of lore, a large-scale setting with lots of
plot potential, and (once we get through the confusing and somewhat
tedious process of introducing rather too many characters in short
succession) some great interpersonal dynamics. It's the kind of book in
which the characters are in the middle of decisive military action in an
interstellar war and are also near-teenagers competing for ratings in an
ad hoc reality TV show, primarily as an excuse to create tactical
distractions for Sun's latest scheme. The writing is okay but not great,
and the first few chapters have some serious infodumping problems, but I
thoroughly enjoyed the whole book and will pre-order the sequel.
One Amazon review complained that Unconquerable Sun is not a space
opera like Hyperion or
Use of Weapons. That is entirely true,
but if that's your standard for space opera, the world may be a
disappointing place. This is a solid entry in a subgenre I love, with
some great characters, sarcasm, competence porn, plenty of pages to keep
turning, a few twists, and the promise of more to come. Recommended.
Followed by the not-yet-published Furious Heaven.
Rating: 7 out of 10
The Bouletcorp Love & Dragons
is a strip I like about fairytale relationships.
There are a lot of mainstream expectations about relationships. These links
challenge a few of them:
Review: Who Do You Serve, Who Do You Protect?, edited by Maya Schenwar, et al.
Editor:
Maya Schenwar
Editor:
Joe Macar
Editor:
Alana Yu-lan Price
Publisher:
Haymarket Books
Copyright:
June 2016
ISBN:
1-60846-684-1
Format:
Kindle
Pages:
250
Who Do You Serve, Who Do You Protect? is an anthology of essays
about policing in the United States. It's divided into two sections: one
that enumerates ways that police are failing to serve or protect
communities, and one that describes how communities are building
resistance and alternatives. Haymarket Books (a progressive press in
Chicago) has made it
available for free in the aftermath of the George Floyd killing and
resulting protests in the United States.
I'm going to be a bit unfair to this book, so let me start by admitting
that the mismatch between it and the book I was looking for is not
entirely its fault.
My primary goal was to orient myself in the discussion on the left about
alternatives to policing. I also wanted to sample something from
Haymarket Books; a free book was a good way to do that. I was hoping for
a collection of short introductions to current lines of thinking that I
could selectively follow in longer writing, and an essay collection seemed
ideal for that.
What I had not realized (which was my fault for not doing simple research)
is that this is a compilation of articles previously published by
Truthout, a non-profit progressive
journalism site, in 2014 and 2015. The essays are a mix of reporting and
opinion but lean towards reporting. The earliest pieces in this book date
from shortly after the police killing of Michael Brown, when racist police
violence was (again) reaching national white attention.
The first half of the book is therefore devoted to providing evidence of
police abuse and violence. This is important to do, but it's sadly no
longer as revelatory in 2020, when most of us have seen similar things on
video, as it was to white America in 2014. If you live in the United
States today, while you may not be aware of the specific events described
here, you're unlikely to be surprised that Detroit police paid off
jailhouse informants to provide false testimony ("Ring of Snitches" by
Aaron Miguel Cant ), or that Chicago police routinely use excessive deadly
force with no consequences ("Amid Shootings, Chicago Police Department
Upholds Culture of Impunity" by Sarah Macaraeg and Alison Flowers), or
that there is a long history of police abuse and degradation of pregnant
women ("Your Pregnancy May Subject You to Even More Law Enforcement
Violence" by Victoria Law). There are about eight essays along those
lines.
Unfortunately, the people who excuse or disbelieve these stories are
rarely willing to seek out new evidence, let alone read a book like this.
That raises the question of intended audience for the catalog of horrors
part of this book. The answer to that question may also be the
publication date; in 2014, the base of evidence and example for discussion
had not been fully constructed. This sort of reporting is also obviously
relevant in the original publication context of web-based journalism,
where people may encounter these accounts individually through social
media or other news coverage. In 2020, they offer reinforcement and
rhetorical evidence, but I'm dubious that the people who would benefit
from this knowledge will ever see it in this form. Those of us who will
are already sickened, angry, and depressed.
My primary interest was therefore in the second half of the book: the
section on how communities are building resistance and alternatives. This
is where I'm going to be somewhat unfair because the state of that
conversation may have been different in 2015 than it is now in 2020. But
these essays were lacking the depth of analysis that I was looking for.
There is a human tendency, when one becomes aware of an obvious wrong, to
simply publicize the horrible thing that is happening and expect someone
to do something about it. It's obviously and egregiously wrong, so if
more people knew about it, certainly it would be stopped! That has
happened repeatedly with racial violence in the United States. It's also
part of the common (and school-taught) understanding of the Civil Rights
movement in the 1960s: activists succeeded in getting the violence on the
cover of newspapers and on television, people were shocked and appalled,
and the backlash against the violence created political change.
Putting aside the fact that this is too simplistic of a picture of the
Civil Rights era, it's abundantly clear at this point in 2020 that
publicizing racist and violent policing isn't going to stop it. We're
going to have to do something more than draw attention to the problem.
Deciding what to do requires political and social analysis, not just of
the better world that we want to see but of how our current world can
become that world.
There is very little in that direction in this book. Who Do You
Serve, Who Do You Protect? does not answer the question of its title
beyond "not us" and "white supremacy." While those answers are not
exactly wrong, they're also not pushing the analysis in the direction that
I wanted to read.
For example (and this is a long-standing pet peeve of mine in US political
writing), it would be hard to tell from most of the essays in this book
that any country besides the United States exists. One essay ("Killing
Africa" by William C. Anderson) talks about colonialism and draws
comparisons between police violence in the United States and international
treatment of African and other majority-Black countries. One essay talks
about US military behavior oversees ("Beyond Homan Square" by Adam
Hudson). That's about it for international perspective. Notably, there
is no analysis here of what other countries might be doing better.
Police violence against out-groups is not unique to the United States. No
one has entirely solved this problem, but versions of this problem have
been handled with far more success than here. The US has a comparatively
appalling record; many countries in the world, particularly among
comparable liberal democracies in Europe, are doing far better on metrics
of racial oppression by agents of the government and of law enforcement
violence. And yet it's common to approach these problems as if we have to
develop a solution de novo, rather than ask what other countries
are doing differently and if we could do some of those things.
The US has some unique challenges, both historical and with the nature of
endemic violence in the country, so perhaps such an analysis would turn up
too many US-specific factors to copy other people's solutions. But we
need to do the analysis, not give up before we start. Novel solutions can
lead to novel new problems; other countries have tested, working
improvements that could provide a starting framework and some map of
potential pitfalls.
More fundamentally, only the last two essays of this book propose
solutions more complex than "stop." The authors are very clear about
what the police are doing, seem less interested in why, and
are nearly silent on how to change it. I suspect I am largely in
political agreement with most of the authors, but obviously a substantial
portion of the country (let alone its power structures) is not, and
therefore nothing is changing. Part of the project of ending police
violence is understanding why the violence exists, picking apart the
motives and potential fracture lines in the political forces supporting
the status quo, and building a strategy to change the politics. That
isn't even attempted here.
For example, the "who do you serve?" question of the book's title is more
interesting than the essays give it credit. Police are not a monolith.
Why do Black people become police officers? What are their experiences?
Are there police forces in the United States that are doing better than
others? What makes them different? Why do police act with violence in
the moment? What set of cultural expectations, training experiences,
anxieties, and fears lead to that outcome? How do we change those
factors?
Or, to take another tack, why are police not held accountable even when
there is substantial public outrage? What political coalition supports
that immunity from consequences, what are its fault lines and internal
frictions, and what portions of that coalition could be broken off, pealed
away, or removed from power? To whom, institutionally, are police forces
accountable? What public offices can aspiring candidates run for that
would give them oversight capability? This varies wildly throughout the
United States; political approaches that work in large cities may not work
in small towns, or with county sheriffs, or with the FBI, or with prison
guards.
To treat these organizations as a monolith and their motives as uniform is
bad political tactics. It gives up points of leverage.
I thought the best essays of this collection were the last two.
"Community Groups Work to Provide Emergency Medical Alternatives, Separate
from Police," by Candice Bernd, is a profile of several local emergency
response systems that divert emergency calls from the police to
paramedics, mental health experts, or social workers. This is an idea
that's now relatively mainstream, and it seems to be finding modest
success where it has been tried. It's more of a harm mitigation strategy
than an attempt to deal with the root problem, but we're going to need
both.
The last essay, "Building Community Safety" by Ejeris Dixon, is the only
essay in this book that is pushing in the direction that I was hoping to
read. Dixon describes building an alternative system that can intervene
in violent situations without using the police. This is fascinating and
I'm glad that I read it.
It's also frustrating in context because Dixon's essay should be part of a
discussion. Dixon describes spending years learning de-escalation
techniques, doing hard work of community discussion and collective
decision-making, and making deep investment in the skills required to
handle violence without calling in a dangerous outside force. I greatly
admire this approach (also common in parts of the anarchist community) and
the people who are willing to commit to it. But it's an immense amount of
work, and as Dixon points out, that work often falls on the people who are
least able to afford it. Marginalized communities, for whom the police
are often dangerous, are also likely to lack both time and energy to
invest in this type of skill training. And many people simply will not do
this work even if they do have the resources to do it.
More fundamentally, this approach conflicts somewhat with division of
labor. De-escalation and social work are both professional skills that
require significant time and practice to hone, and as much as I too would
love to live in a world where everyone knows how to do some amount of this
work, I find it hard to imagine scaling this approach without trained
professionals. The point of paying someone to do this work as their job
is that the money frees up their time to focus on learning those skills at
a level that is difficult to do in one's free time. But once you have an
organized group of professionals who do this work, you have to find a way
to keep them from falling prey to the problems that plague the police,
which requires understanding the origins of those problems. And that's
putting aside the question of how large the residual of dangerous crime
that cannot be addressed through any form of de-escalation might be, and
what organization we should use to address it.
Dixon's essay is great; I wouldn't change anything about it. But I wanted
to see the next essay engaging with Dixon's perspective and looking for
weaknesses and scaling concerns, and then the next essay that attempts to
shore up those weaknesses, and yet another essay that grapples with the
challenging philosophical question of a government monopoly on force and
how that can and should come into play in violent crime. And then essays
on grass-roots organizing in the context of police reform or abolition,
and on restorative justice, and on the experience of attempting police
reform from the inside, and on how to support public defenders, and on the
merits and weaknesses of focusing on electing reform-minded district
attorneys. Unfortunately, none of those are here.
Overall, Who Do You Serve, Who Do You Protect? was a
disappointment. It was free, so I suppose I got what I paid for, and I
may have had a different reaction if I read it in 2015. But if you're
looking for a deep discussion on the trade-offs and challenges of stopping
police violence in 2020, I don't think this is the place to start.
Rating: 3 out of 10
Welcome to the August 2020 report from the Reproducible Builds project.
In our monthly reports, we summarise the things that we have been up to over the past month. The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced from the original free software source code to the pre-compiled binaries we install on our systems. If you re interested in contributing to the project, please visit our main website.
This month, Jennifer Helsby launched a new reproduciblewheels.com website to address the lack of reproducibility of Python wheels.
To quote Jennifer s accompanying explanatory blog post:
One hiccup we ve encountered in SecureDrop development is that not all Python wheels can be built reproducibly. We ship multiple (Python) projects in Debian packages, with Python dependencies included in those packages as wheels. In order for our Debian packages to be reproducible, we need that wheel build process to also be reproducible
Reproducible builds at DebConf20
There were a number of talks at the recent online-only DebConf20 conference on the topic of reproducible builds.
Holger gave a talk titled Reproducing Bullseye in practice , focusing on independently verifying that the binaries distributed from ftp.debian.org are made from their claimed sources. It also served as a general update on the status of reproducible builds within Debian. The video (145 MB) and slides are available.
There were also a number of other talks that involved Reproducible Builds too. For example, the Malayalam language mini-conference had a talk titled , ? ( I want to join Debian, what should I do? ) presented by Praveen Arimbrathodiyil, the Clojure Packaging Team BoF session led by Elana Hashman, as well as Where is Salsa CI right now? that was on the topic of Salsa, the collaborative development server that Debian uses to provide the necessary tools for package maintainers, packaging teams and so on.
Jonathan Bustillos (Jathan) also gave a talk in Spanish titled Un camino verificable desde el origen hasta el binario ( A verifiable path from source to binary ). (Video, 88MB)
Development work
After many years of development work, the compiler for the Rust programming language now generates reproducible binary code. This generated some general discussion on Reddit on the topic of reproducibility in general.
Paul Spooren posted a request for comments to OpenWrt s openwrt-devel mailing list asking for clarification on when to raise the PKG_RELEASE identifier of a package. This is needed in order to successfully perform rebuilds in a reproducible builds context.
In openSUSE, Bernhard M. Wiedemann published his monthly Reproducible Builds status update.
Chris Lamb provided some comments and pointers on an upstream issue regarding the reproducibility of a Snap / SquashFS archive file. []
Debian
Holger Levsen identified that a large number of Debian .buildinfo build certificates have been tainted on the official Debian build servers, as these environments have files underneath the /usr/local/sbin directory []. He also filed against bug for debrebuild after spotting that it can fail to download packages from snapshot.debian.org [].
This month, several issues were uncovered (or assisted) due to the efforts of reproducible builds.
For instance, Debian bug #968710 was filed by Simon McVittie, which describes a problem with detached debug symbol files (required to generate a traceback) that is unlikely to have been discovered without reproducible builds. In addition, Jelmer Vernooij called attention that the new Debian Janitor tool is using the property of reproducibility (as well as diffoscope when applying archive-wide changes to Debian:
New merge proposals also include a link to the diffoscope diff between a vanilla build and the build with changes. Unfortunately these can be a bit noisy for packages that are not reproducible yet, due to the difference in build environment between the two builds. []
56 reviews of Debian packages were added, 38 were updated and 24 were removed this month adding to our knowledge about identified issues. Specifically, Chris Lamb added and categorised the nondeterministic_version_generated_by_python_param and the lessc_nondeterministic_keys toolchain issues. [][]
Holger Levsen sponsored Lukas Puehringer s upload of the python-securesystemslib pacage, which is a dependency of in-toto, a framework to secure the integrity of software supply chains. []
Lastly, Chris Lamb further refined his merge request against the debian-installer component to allow all arguments from sources.list files (such as [check-valid-until=no]) in order that we can test the reproducibility of the installer images on the Reproducible Builds own testing infrastructure and sent a ping to the team that maintains that code.
Upstream patches
The Reproducible Builds project detects, dissects and attempts to fix as many currently-unreproducible packages as possible. We endeavour to send all of our patches upstream where appropriate. This month, we wrote a large number of these patches, including:
diffoscopediffoscope is our in-depth and content-aware diff utility that can not only locate and diagnose reproducibility issues, it provides human-readable diffs of all kinds. In August, Chris Lamb made the following changes to diffoscope, including preparing and uploading versions 155, 156, 157 and 158 to Debian:
New features:
Support extracting data of PGP signed data. (#214)
Try files named .pgp against pgpdump(1) to determine whether they are Pretty Good Privacy (PGP) files. (#211)
Support multiple options for all file extension matching. []
Bug fixes:
Don t raise an exception when we encounter XML files with <!ENTITY> declarations inside the Document Type Definition (DTD), or when a DTD or entity references an external resource. (#212)
pgpdump(1) can successfully parse some binary files, so check that the parsed output contains something sensible before accepting it. []
Temporarily drop gnumeric from the Debian build-dependencies as it has been removed from the testing distribution. (#968742)
Correctly use fallback_recognises to prevent matching .xsb binary XML files.
Correct identify signed PGP files as file(1) returns data . (#211)
Logging improvements:
Emit a message when ppudump version does not match our file header. []
Don t use Python s repr(object) output in Calling external command messages. []
Include the filename in the not identified by any comparator message. []
Codebase improvements:
Bump Python requirement from 3.6 to 3.7. Most distributions are either shipping with Python 3.5 or 3.7, so supporting 3.6 is not only somewhat unnecessary but also cumbersome to test locally. []
Drop some unused imports [], drop an unnecessary dictionary comprehensions [] and some unnecessary control flow [].
Correct typo of output in a comment. []
Release process:
Move generation of debian/tests/control to an external script. []
Add some URLs for the site that will appear on PyPI.org. []
Update author and author email in setup.py for PyPI.org and similar. []
Testsuite improvements:
Update PPU tests for compatibility with Free Pascal versions 3.2.0 or greater. (#968124)
Mark that our identification test for .ppu files requires ppudump version 3.2.0 or higher. []
Add an assert_diff helper that loads and compares a fixture output. [][][][]
Misc:
Duplicate docker instructions in the Get diffoscope section of the diffoscope website. []
In addition, Mattia Rizzolo documented in setup.py that diffoscope works with Python version 3.8 [] and Frazer Clews applied some Pylint suggestions [] and removed some deprecated methods [].
Clarify & fix a few entries on the who page [][] and ensure that images do not get to large on some viewports [].
Clarify use of a pronoun re. Conservancy. []
Use View all our monthly reports over View all monthly reports . []
Move a is a suffix out of the link target on the SOURCE_DATE_EPOCH age. []
In addition, Javier Jard n added the freedesktop-sdk project [] and Kushal Das added SecureDrop project [] to our projects page. Lastly, Michael P hn added internationalisation and translation support with help from Hans-Christoph Steiner [].
Testing framework
The Reproducible Builds project operate a Jenkins-based testing framework to power tests.reproducible-builds.org. This month, Holger Levsen made the following changes:
System health checks:
Improve explanation how the status and scores are calculated. [][]
Update and condense view of detected issues. [][]
Query the canonical configuration file to determine whether a job is disabled instead of duplicating/hardcoding this. []
Detect several problems when updating the status of reporting-oriented metapackage sets. []
Detect when diffoscope is not installable [] and failures in DNS resolution [].
Mark that the u-boot Universal Boot Loader should not build architecture independent packages on the arm64 architecture anymore. []
Finally, build node maintenance was performed by Holger Levsen [], Mattia Rizzolo [][] and Vagrant Cascadian [][][][]
Mailing list
On our mailing list this month, Leo Wandersleb sent a message to the list after he was wondering how to expand his WalletScrutiny.com project (which aims to improve the security of Bitcoin wallets) from Android wallets to also monitor Linux wallets as well:
If you think you know how to spread the word about reproducibility in the context of Bitcoin wallets through WalletScrutiny, your contributions are highly welcome on this PR []
Julien Lepiller posted to the list linking to a blog post by Tavis Ormandy titled You don t need reproducible builds. Morten Linderud (foxboron) responded with a clear rebuttal that Tavis was only considering the narrow use-case of proprietary vendors and closed-source software. He additionally noted that the criticism that reproducible builds cannot prevent against backdoors being deliberately introduced into the upstream source ( bugdoors ) are decidedly (and deliberately) outside the scope of reproducible builds to begin with.
Chris Lamb included the Reproducible Builds mailing list in a wider discussion regarding a tentative proposal to include .buildinfo files in .deb packages, adding his remarks regarding requiring a custom tool in order to determine whether generated build artifacts are identical in a reproducible context. []
Jonathan Bustillos (Jathan) posted a quick email to the list requesting whether there was a list of To do tasks in Reproducible Builds.
Lastly, Chris Lamb responded at length to a query regarding the status of reproducible builds for Debian ISO or installation images. He noted that most of the technical work has been performed but there are at least four issues until they can be generally advertised as such . He pointed that the privacy-oriented Tails operation system, which is based directly on Debian, has had reproducible builds for a number of years now. []
If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:
As the United States tries, in fits and starts, to have a meaningful
discussion about long-standing police racism, brutality, overreach,
corruption, and murder, I've realized that my theoretical understanding of
the history of and alternative frameworks for law enforcement is woefully
lacking. Starting with a book by a conservative white guy is not the most
ideal of approaches, but it's what I already had on hand, and it won't be
the last book I read and review on this topic. (Most of my research so
far has been in podcast form. I don't review those here, but I can
recommend Ezra Klein's interviews with
Ta-Nehisi Coates,
Paul Butler, and, most strongly,
sujatha baliga.)
Rise of the Warrior Cop is from 2013 and has had several moments of
fame, no doubt helped by Balko's connections to the conservative and
libertarian right. One of the frustrating facts of US politics is that
critiques of the justice system from the right (and from white men) get
more media attention than critiques from the left. That said, it's a
generally well-respected book on the factual history of the topic, and
police brutality and civil rights are among the points on which I have
stopped-clock agreements with US libertarians.
This book is very, very libertarian.
In my callow youth, I was an ardent libertarian, so I've read a lot of US
libertarian literature. It's a genre with its own conventions that become
obvious when you read enough of it, and Rise of the Warrior Cop
goes through them like a checklist. Use the Roman Republic (never the
Roman Empire) as the starting point for any political discussion, check.
Analyze the topic in the context of pre-revolutionary America, check.
Spend considerable effort on discerning the opinions of the US founders on
the topic since their opinions are always relevant to the modern world,
check. Locate some point in the past (preferably before 1960) where the
political issue was as good as it has ever been, check. Frame all changes
since then as an erosion of rights through government overreach, check.
Present your solution as a return to a previous era of respect for civil
rights, check. Once you start recognizing the genre conventions, their
prevalence in libertarian writing is almost comical.
The framing chapters therefore leave a bit to be desired, but the meat of
the book is a useful resource. Starting with the 1970s and its use as a
campaigning tool by Nixon, Balko traces a useful history of the war on
drugs. And starting with the 1980s, the number of cites to primary
sources and the evidence of Balko's own research increases considerably.
If you want to know how US police turned into military cosplayers with
body armor, heavy weapons, and armored vehicles, this book provides a lot
of context and history.
One of the reasons why I view libertarians as allies of convenience on
this specific issue is that drug legalization and disgust with the war on
drugs have been libertarian issues for decades. Ideologically honest
libertarians (and Balko appears to be one) are inherently skeptical of the
police, so when the police overreach in an area of libertarian interest,
they notice. Balko makes a solid argument, backed up with statistics,
specific programs, legislation, and court cases, that the drug war and its
accompanying lies about heavily-armed drug dealers and their supposed
threat to police officers was the fuel for the growth of SWAT teams,
no-knock search warrants, erosion of legal protections for criminal
defendants, and de facto license for the police to ignore the scope and
sometimes even the existence of warrants.
This book is useful support for the argument that fears for the safety of
officers underlying the militarization of police forces are imaginary.
One telling point that Balko makes repeatedly and backs with statistical
and anecdotal evidence is that the police generally do not use raid
tactics on dangerous criminals. On the contrary, aggressive raids are
more likely to be used on the least dangerous criminals because they're
faster, they're fun for the police (they provide an adrenaline high and
let them play with toys), and they're essentially risk-free. If the
police believe someone is truly dangerous, they're more likely to use
careful surveillance and to conduct a quiet arrest at an unexpected
moment. The middle-of-the-night armed break-ins with battering rams, tear
gas, and flash-bangs are, tellingly, used against the less dangerous
suspects.
This is part of Balko's overall argument that police equipment and tactics
have become untethered from any realistic threat and have become cultural.
He traces an acceleration of that trend to 9/11 and the resulting
obsession with terrorism, which further opened the spigot of military
hardware and "special forces" training. This became a point of
competition between police departments, with small town forces that had
never seen a terrorist and had almost no chance of a terrorist incident
demanding their own armored vehicles. I've encountered this bizarre
terrorism justification personally; one of the reasons my local police
department gave in a public hearing for not having a policy against
shooting at moving vehicles was "but what if terrorism?" I don't believe
there has ever been a local terrorist attack.
SWAT in such places didn't involve the special training or dedicated
personnel of large city forces; instead, it was a part-time duty for
normal police officers, and frequently they were encouraged to practice
SWAT tactics by using them at random for some otherwise normal arrest or
search. Balko argues that those raids were more exciting than normal
police work, leading to a flood of volunteers for that duty and a tendency
to use them as much as possible. That in turn normalizes disconnecting
police tactics from the underlying crime or situational risk.
So far, so good. But despite the information I was able to extract from
it, I have mixed feelings about Rise of the Warrior Cop as a whole.
At the least, it has substantial limitations.
First, I don't trust the historical survey of policing in this book.
Libertarian writing makes for bad history. The constraints of the genre
require overusing only a few points of reference, treating every opinion
of the US founders as holy writ, and tying forward progress to a return to
a previous era, all of which interfere with good analysis. Balko also
didn't do the research for the historical survey, as is clear from the
footnotes. The citations are all to other people's histories, not to
primary sources. He's summarizing other people's histories, and you'll
almost certainly get better history by finding well-respected historians
who cover the same ground. (That said, if you're not familiar with Peel's
policing principles, this is a good introduction.)
Second, and this too is unfortunately predictable in a libertarian
treatment, race rarely appears in this book. If Balko published the same
book today, I'm sure he would say more about race, but even in 2013 its
absence is strange. I was struck while reading by how many examples of
excessive police force were raids on west coast pot farms; yes, I'm sure
that was traumatic, but it's not the demographic I would name as the most
vulnerable to or affected by police brutality. West coast pot growers
are, however, mostly white.
I have no idea why Balko made that choice. Perhaps he thought his target
audience would be more persuaded by his argument if he focused on white
victims. Perhaps he thought it was an easier and less complicated story
to tell. Perhaps, like a lot of libertarians, he doesn't believe racism
has a significant impact on society because it would be a market failure.
Perhaps those were the people who more readily came to mind. But to talk
about police militarization, denial of civil rights, and police brutality
in the United States without putting race at the center of both the
history and the societal effects leaves a gaping hole in the analysis.
Given that lack of engagement, I also am dubious of Balko's policy
prescriptions. His reform suggestions aren't unreasonable, but they stay
firmly in the centrist and incrementalist camp and would benefit white
people more than black people. Transparency, accountability, and cultural
changes are all fine and good, but the cultural change Balko is focused on
is less aggressive arrest tactics, more use of mediation, and better
physical fitness. I would not object to those things (well, maybe the
last, which seemed odd), but we need to have a discussion about police
white supremacist organizations, the prevalence of spousal abuse, and the
police tendency to see themselves not as public servants but as embattled
warriors who are misunderstood by the naive sheep they are defending.
And, of course, you won't find in Rise of the Warrior Cop any
thoughtful wrestling with whether there are alternative approaches to
community safety, whether punitive rather than restorative justice is
effective, or whether crime is a symptom of deeper societal problems we
could address but refuse to. The most radical suggestion Balko has is to
legalize drugs, which is both the predictable libertarian position and, as
we have seen from recent events in the United States, far from the only
problem of overcriminalization.
I understand why this book is so frequently mentioned on-line, and its
author's political views may make it more palatable to some people than a
more race-centered or radical perspective. But I don't think this is the
best or most useful book on police violence that one could read today. I
hope to find a better one in upcoming reviews.
Rating: 6 out of 10
The Bulwark has an interesting article on why they can t Reopen America [1]. I wonder how many changes will be long term. According to the Wikipedia List of Epidemics [2] Covid-19 so far hasn t had a high death toll when compared to other pandemics of the last 100 years. People s reactions to this vary from doing nothing to significant isolation, the question is what changes in attitudes will be significant enough to change society.
Transport
One thing that has been happening recently is a transition in transport. It s obvious that we need to reduce CO2 and while electric cars will address the transport part of the problem in the long term changing to electric public transport is the cheaper and faster way to do it in the short term. Before Covid-19 the peak hour public transport in my city was ridiculously overcrowded, having people unable to board trams due to overcrowding was really common. If the economy returns to it s previous state then I predict less people on public transport, more traffic jams, and many more cars idling and polluting the atmosphere.
Can we have mass public transport that doesn t give a significant disease risk? Maybe if we had significantly more trains and trams and better ventilation with more airflow designed to suck contaminated air out. But that would require significant engineering work to design new trams, trains, and buses as well as expense in refitting or replacing old ones.
Uber and similar companies have been taking over from taxi companies, one major feature of those companies is that the vehicles are not dedicated as taxis. Dedicated taxis could easily be designed to reduce the spread of disease, the famed Black Cab AKA Hackney Carriage [3] design in the UK has a separate compartment for passengers with little air flow to/from the driver compartment. It would be easy to design such taxis to have entirely separate airflow and if setup to only take EFTPOS and credit card payment could avoid all contact between the driver and passengers. I would prefer to have a Hackney Carriage design of vehicle instead of a regular taxi or Uber.
Autonomous cars have been shown to basically work. There are some concerns about safety issues as there are currently corner cases that car computers don t handle as well as people, but of course there are also things computers do better than people. Having an autonomous taxi would be a benefit for anyone who wants to avoid other people. Maybe approval could be rushed through for autonomous cars that are limited to 40Km/h (the maximum collision speed at which a pedestrian is unlikely to die), in central city areas and inner suburbs you aren t likely to drive much faster than that anyway.
Car share services have been becoming popular, for many people they are significantly cheaper than owning a car due to the costs of regular maintenance, insurance, and depreciation. As the full costs of car ownership aren t obvious people may focus on the disease risk and keep buying cars.
Passenger jets are ridiculously cheap. But this relies on the airline companies being able to consistently fill the planes. If they were to add measures to reduce cross contamination between passengers which slightly reduces the capacity of planes then they need to increase ticket prices accordingly which then reduces demand. If passengers are just scared of flying in close proximity and they can t fill planes then they will have to increase prices which again reduces demand and could lead to a death spiral. If in the long term there aren t enough passengers to sustain the current number of planes in service then airline companies will have significant financial problems, planes are expensive assets that are expected to last for a long time, if they can t use them all and can t sell them then airline companies will go bankrupt.
It s not reasonable to expect that the same number of people will be travelling internationally for years (if ever). Due to relying on economies of scale to provide low prices I don t think it s possible to keep prices the same no matter what they do. A new economic balance of flights costing 2-3 times more than we are used to while having significantly less passengers seems likely. Governments need to spend significant amounts of money to improve trains to take over from flights that are cancelled or too expensive.
Entertainment
The article on The Bulwark mentions Las Vegas as a city that will be hurt a lot by reductions in travel and crowds, the same thing will happen to tourist regions all around the world. Australia has a significant tourist industry that will be hurt a lot. But the mention of Las Vegas makes me wonder what will happen to the gambling in general. Will people avoid casinos and play poker with friends and relatives at home? It seems that small stakes poker games among friends will be much less socially damaging than casinos, will this be good for society?
The article also mentions cinemas which have been on the way out since the video rental stores all closed down. There s lots of prime real estate used for cinemas and little potential for them to make enough money to cover the rent. Should we just assume that most uses of cinemas will be replaced by Netflix and other streaming services? What about teenage dates, will kissing in the back rows of cinemas be replaced by Netflix and chill ? What will happen to all the prime real estate used by cinemas?
Professional sporting matches have been played for a TV-only audience during the pandemic. There s no reason that they couldn t make a return to live stadium audiences when there is a vaccine for the disease or the disease has been extinguished by social distancing. But I wonder if some fans will start to appreciate the merits of small groups watching large TVs and not want to go back to stadiums, can this change the typical behaviour of groups?
Restaurants and cafes are going to do really badly. I previously wrote about my experience running an Internet Cafe and why reopening businesses soon is a bad idea [4]. The question is how long this will go for and whether social norms about personal space will change things. If in the long term people expect 25% more space in a cafe or restaurant that s enough to make a significant impact on profitability for many small businesses.
When I was young the standard thing was for people to have dinner at friends homes. Meeting friends for dinner at a restaurant was uncommon. Recently it seemed to be the most common practice for people to meet friends at a restaurant. There are real benefits to meeting at a restaurant in terms of effort and location. Maybe meeting friends at their home for a delivered dinner will become a common compromise, avoiding the effort of cooking while avoiding the extra expense and disease risk of eating out. Food delivery services will do well in the long term, it s one of the few industry segments which might do better after the pandemic than before.
Work
Many companies are discovering the benefits of teleworking, getting it going effectively has required investing in faster Internet connections and hardware for employees. When we have a vaccine the equipment needed for teleworking will still be there and we will have a discussion about whether it should be used on a more routine basis. When employees spend more than 2 hours per day travelling to and from work (which is very common for people who work in major cities) that will obviously limit the amount of time per day that they can spend working. For the more enthusiastic permanent employees there seems to be a benefit to the employer to allow working from home. It s obvious that some portion of the companies that were forced to try teleworking will find it effective enough to continue in some degree.
One company that I work for has quit their coworking space in part because they were concerned that the coworking company might go bankrupt due to the pandemic. They seem to have become a 100% work from home company for the office part of the work (only on site installation and stock management is done at corporate locations). Companies running coworking spaces and other shared offices will suffer first as their clients have short term leases. But all companies renting out office space in major cities will suffer due to teleworking. I wonder how this will affect the companies providing services to the office workers, the cafes and restaurants etc. Will there end up being so much unused space in central city areas that it s not worth converting the city cinemas into useful space?
There s been a lot of news about Zoom and similar technologies. Lots of other companies are trying to get into that business. One thing that isn t getting much notice is remote access technologies for desktop support. If the IT people can t visit your desk because you are working from home then they need to be able to remotely access it to fix things. When people make working from home a large part of their work time the issue of who owns peripherals and how they are tracked will get interesting. In a previous blog post I suggested that keyboards and mice not be treated as assets [5]. But what about monitors, 4G/Wifi access points, etc?
Some people have suggested that there will be business sectors benefiting from the pandemic, such as telecoms and e-commerce. If you have a bunch of people forced to stay home who aren t broke (IE a large portion of the middle class in Australia) they will probably order delivery of stuff for entertainment. But in the long term e-commerce seems unlikely to change much, people will spend less due to economic uncertainty so while they may shift some purchasing to e-commerce apart from home delivery of groceries e-commerce probably won t go up overall. Generally telecoms won t gain anything from teleworking, the Internet access you need for good Netflix viewing is generally greater than that needed for good video-conferencing.
Money
I previously wrote about a Basic Income for Australia [6]. One of the most cited reasons for a Basic Income is to deal with robots replacing people. Now we are at the start of what could be a long term economic contraction caused by the pandemic which could reduce the scale of the economy by a similar degree while also improving the economic case for a robotic workforce. We should implement a Universal Basic Income now.
I previously wrote about the make-work jobs and how we could optimise society to achieve the worthwhile things with less work [7]. My ideas about optimising public transport and using more car share services may not work so well after the pandemic, but the rest should work well.
Business
There are a number of big companies that are not aiming for profitability in the short term. WeWork and Uber are well documented examples. Some of those companies will hopefully go bankrupt and make room for more responsible companies.
The co-working thing was always a precarious business. The companies renting out office space usually did so on a monthly basis as flexibility was one of their selling points, but they presumably rented buildings on an annual basis. As the profit margins weren t particularly high having to pay rent on mostly empty buildings for a few months will hurt them badly. The long term trend in co-working spaces might be some sort of collaborative arrangement between the people who run them and the landlords similar to the way some of the hotel chains have profit sharing agreements with land owners to avoid both the capital outlay for buying land and the risk involved in renting. Also city hotels are very well equipped to run office space, they have the staff and the procedures for running such a business, most hotels also make significant profits from conventions and conferences.
The way the economy has been working in first world countries has been about being as competitive as possible. Just in time delivery to avoid using storage space and machines to package things in exactly the way that customers need and no more machines than needed for regular capacity. This means that there s no spare capacity when things go wrong. A few years ago a company making bolts for the car industry went bankrupt because the car companies forced the prices down, then car manufacture stopped due to lack of bolts this could have been a wake up call but was ignored. Now we have had problems with toilet paper shortages due to it being packaged in wholesale quantities for offices and schools not retail quantities for home use. Food was destroyed because it was created for restaurant packaging and couldn t be packaged for home use in a reasonable amount of time.
Farmer s markets alleviate some of the problems with packaging food etc. But they aren t a good option when there s a pandemic as disease risk makes them less appealing to customers and therefore less profitable for vendors.
Religion
Many religious groups have supported social distancing. Could this be the start of more decentralised religion? Maybe have people read the holy book of their religion and pray at home instead of being programmed at church? We can always hope.
PSA: don't rely on GnuTLS, please.
CVE-2020-13777 Whoops, for the past 10 releases most TLS 1.0 1.2
connection could be passively decrypted and most TLS 1.3 connections
intercepted. Trivially.
Also, TLS 1.2 1.0 session tickets are awful.
You are reading this correctly: supposedly encrypted TLS connections
made with affected GnuTLS releases are vulnerable to passive
cleartext recovery attack (and active for 1.3, but who uses that
anyways). That is extremely bad. It's pretty close to just switching
everyone to HTTP instead of HTTPS, more or less. I would have a lot
more to say about the security of GnuTLS in particular -- and security
in general -- but I am mostly concerned about patching holes in the
roof right now, so this article is not about that.
This article is about figuring out what, exactly, was exposed in our
infrastructure because of this.
Affected packages
Assuming you're running Debian, this will show a list of packages that
Depends on GnuTLS:
This assumes you run this only on hosts running Buster or
above. Otherwise you'll need to figure out a way to pick machines
running GnuTLS 3.6.4 or later.
Note that this list only first level dependencies! It is perfectly
possible that another package uses GnuTLS without being listed
here. For example, in the above list I have libcurl3-gnutls, so the
be really thorough, I would actually need to recurse down the
dependency tree.
On my desktop, this shows an "interesting" list of targets:
Arguably, fetchers like apt, curl, fwupd, and wget rely on HTTPS for
"authentication" more than secrecy, although apt has its own
OpenPGP-based authentication so that wouldn't matter anyways. Still,
this is truly distressing. And I haven't mentioned here things like
gobby, network-manager, systemd, and others - the scope of this is
broad. Hell, even good old lynx links against GnuTLS.
In our infrastructure, the magic command looks something like this:
There, the result is even more worrisome, as those important packages seem to rely on GnuTLS for their transport security:
mariadb - all MySQL traffic and passwords
mandos - full disk encryption
slapd - LDAP passwords
mandos is especially distressing although it's probably not
vulnerable because it seems it doesn't store the cleartext -- it's
encrypted with the client's OpenPGP public key -- so the TLS tunnel
never sees the cleartext either.
Other reports have also mentioned the following servers link
against GnuTLS and could be vulnerable:
exim
rsyslog
samba
various VNC implementations
Not affected
Those programs are not affected by this vulnerability:
apache2
gnupg
python
nginx
openssh
This list is not exhaustive, naturally, but serves as an example of
common software you don't need to worry about.
The vulnerability only exists in GnuTLS, as far as we know, so
programs linking against other libraries are not vulnerable.
Because the vulnerability affects session tickets -- and those are set
on the server side of the TLS connection -- only users of GnuTLS as a
server are vulnerable. This means, for example, that while weechat
uses GnuTLS, it will only suffer from the problem when acting as a
server (which it does, in relay mode) or, of course, if the remote IRC
server also uses GnuTLS. Same with apt, curl, wget, or git: it is
unlikely to be a problem because it is only used as a client; the
remote server is usually a webserver -- not git itself -- when using
TLS.
Caveats
Keep in mind that it's not because a package links against GnuTLS that
it uses it. For example, I have been told that, on Arch Linux, if
both GnuTLS and OpenSSL are available, the mutt package will use the
latter, so it's not affected. I haven't confirmed that myself nor have I
checked on Debian.
Also, because it relies on session tickets, there's a time window
after which the ticket gets cycled and properly initialized. But that
is apparently 6 hours by default so it is going to protect only
really long-lasting TLS sessions, which are uncommon, I would argue.
My audit is limited. For example, it might have been better to walk
the shared library dependencies directly, instead of relying on Debian
package dependencies.
Other technical details
It seems the vulnerability might have been introduced in this merge
request, itself following a (entirely reasonable) feature request
to make it easier to rotate session tickets. The merge request was
open for a few months and was thoroughly reviewed by a peer before
being merged. Interestingly, the vulnerable function
(_gnutls_initialize_session_ticket_key_rotation), explicitly says:
* This function will not enable session ticket keys on the server side. That is done
* with the gnutls_session_ticket_enable_server() function. This function just initializes
* the internal state to support periodical rotation of the session ticket encryption key.
In other words, it thinks it is not responsible for session ticket
initialization, yet it is. Indeed, the merge request fixing the
problem unconditionally does this:
Moving forward
The impact of this vulnerability depends on the affected packages and
how they are used. It can range from "meh, someone knows I downloaded
that Debian package yesterday" to "holy crap my full disk encryption
passwords are compromised, I need to re-encrypt all my drives",
including "I need to change all LDAP and MySQL passwords".
It promises to be a fun week for some people at least.
Looking ahead, however, one has to wonder whether we should follow
@FiloSottile's advice and stop using GnuTLS altogether. There are
at least a few programs that link against GnuTLS because of the
OpenSSL licensing oddities but that has been first announced in
2015, then definitely and clearly resolved in 2017 -- or maybe
that was in 2018? Anyways it's fixed, pinky-promise-I-swear,
except if you're one of those weirdos still using GPL-2, of
course. Even though OpenSSL isn't the simplest and secure TLS
implementation out there, it could preferable to GnuTLS and maybe we
should consider changing Debian packages to use it in the future.
But then again, the last time something like this happened, it was
Heartbleed and GnuTLS wasn't affected, so who knows... It is
likely that people don't have OpenSSL in mind when they suggest moving
away from GnuTLS and instead think of other TLS libraries like
mbedtls (previously known as PolarSSL), NSS, BoringSSL,
LibreSSL and so on. Not that those are totally sinless either...
"This is fine", as they say...
Here s my (eighth) monthly update about the activities I ve done in the F/L/OSS world.
Debian
This month marks my 15 months of contributing to Debian.
And 6th month as a DD! \o/
Whilst I love doing Debian stuff, I have started spending more time on the programming
side now. And I hope to keep it this for some time now.
Of course, I ll keep doing the Debian stuff, but just lesser in amount.
Anyway, the following are the things I did in May.
Experimenting and improving Ruby libraries FTW!
I have been very heavily involved with the Debian Ruby team for over an year now.
Thanks to Antonio Terceiro (and GSoC), I ve started experimenting and taking more
interest in upstream development and improvement of these libraries.
This has the sole purpose of learning. It has gotten fun since I ve started doing Ruby.
And I hope it stays this way.
This month, I opened some issues and proposed a few pull requests. They are:
Issue #802 against whenever for Ruby2.7 test failures.
Issue #8 against aggregate asking upstream for a release on rubygems.
Issue #104 against irb for asking more about Array.join("\n").
Issue #1391 against mail asking upstream to cut a new release.
Issue #1655 against rack reporting test failures in the CVE fix.
Debian LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases
to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group
of volunteers and companies interested in making it a success.
This was my eighth month as a Debian LTS paid contributor. I was assigned 17.25 hours and worked on
the following things:
CVE Fixes and Announcements:
Issued DLA 2191-1, fixing CVE-2020-10683, for dom4j.
For Debian 8 Jessie , this problem has been fixed in version 1.6.1+dfsg.3-2+deb8u2.
Issued DLA 2192-1, fixing CVE-2020-10663, for ruby2.1.
For Debian 8 Jessie , this problem has been fixed in version 2.1.5-2+deb8u10.
Issued DLA 2210-1, fixing CVE-2020-3810, for apt.
This update was prepared by the maintainer, Julian. I just took care of the paperwork.
For Debian 8 Jessie , this problem has been fixed in version 1.0.9.8.6.
Other(s)
Sometimes it gets hard to categorize work/things into a particular category.
That s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.
Personal:
This month I could get the following things done:
Wrote and published my first Ruby gem/library/tool on RubyGems!
It s open-sourced and the repository is here.
Bug reports and pull requests are welcomed!
Wrote a small Ruby script (available here) to install Ruby gems from Gemfile(.lock).
Needed this when I hit a bug while using ruby-standalone, which Antonio fixed pretty quickly!
For more than a few decades now (!), I've been running my own
server. First it was just my old Pentium 1 squatting on university
networks, but eventually grew into a real server somewhere at the dawn
of the millenia. Apart from the university days, the server was mostly
hosted over ADSL links, first a handful of megabits, up to the current
25 Mbps down, 6 Mbps up that the Bell Canada network seems to allow
to its resellers (currently Teksavvy Internet, or TSI).
Why change?
Obviously, this speed is showing its age, and especially in this age
of Pandemia where everyone is on videoconferencing all the time. But
it's also inconvenient when I need to upload large files on the
network. I also host a variety of services on this network, and I
always worry that any idiot can (rather trivially) DoS my server, so I
often feel I should pack a little more punch at home (although I have
no illusions about my capacity of resisting any sort of DoS attack at
home of course).
Also, the idea of having gigabit links at home brings back the idea of
the original internet, that everyone on the internet is a
"peer". "Client" and "servers" are just a technical distinction and
everyone should be able to run a server.
Requirements
So I'm shopping for a replacement. The requirements are:
higher speed than 25/6, preferably 100mbps down, 30mbps up, or
more. ideally 1gbps symmetric.
static or near-static IP address: I run a DNS server with its IP
in the glue records (although the latter could possibly be
relaxed). ideally a /29 or more.
all ports open: I run an SMTP server (incoming and outgoing) along
with a webserver and other experiments. ideally, no firewall or
policy should be blocking me from hosting stuff, unless there's an
attack or security issue, obviously.
clean IP address: the SMTP server needs to have a good reputation,
so the IP address should not be in a "residential space" pool.
IPv6 support: TSI offers IPv6 support, but it is buggy (I
frequently have to restart the IPv6 interface on the router
because the delegated block stops routing, and they haven't been
able to figure out the problem). ideally, a /56.
less than 100$/mth, ideally close to the current 60$/mth I pay.
(All amounts in $CAD.)
Contestants
I wrote a similar message asking major ISPs in my city for those
services, including business service if necessary:
Bell Canada: i have sworn, two decades ago, never to do business
with that company ever again. They have a near-monopoly on almost
all telcos in Canada and I want to give them as little money as
possible.
Videotron: I know for a fact they do not allow servers on their
network, and their IPv6 has been in betafor so long it
has become somewhat of a joke now
I might have forgotten some, let me know if you're in the area and
have a good recommendation. I'll update this post with findings as
they come in.
Keep in mind that I am in a major Canadian city, less than a kilometer
from a major telco exchange site, so it's not like I'm in a rural
community. This should just work.
TSI
First answer from TSI was "we do not provide 30mbps upload on
residential services", even though they seem to have that package on
their website. They confirmed that they "don't have a option more
than 10 mbps upload."
TSI were the first to respond, within 24h.
Oricom
They offer a 100/30 link for 65$ plus 25$ for a static IP.
No IPv6 yet, unlikely to come soon. No services blocked, they have
their own PoP within Videotron's datacenters so clients come out from
their IP address space.
I can confirm that the IP is fairly static from the office.
Oricom were the second to respond, within 24h, but required a phone
call instead of an email exchange. Responded within 6 hours after
leaving a voicemail.
Ebox
Ebox claims my neighborhood supports 400mbps down, but offered me a
100/30 package with 350Go bandwidth per month for 54.95$/mth or
unlimited for 65$/mth.
Many ports are blocked, which makes it impossible for me to use their
service:
port 25 blocked incoming
port 25 filtered outgoing (only allowed to their servers)
port 53 blocked incoming
No static IP addressing, shared dynamic space so no garantee on
reputation. IPv6 only on DSL, so no high speed IPv6.
Ebox took the longest to respond, about 48 hours.
Beanfield / Openface
Even though they have a really interesting service (50$/mth for
unlimited 1gbps), they are not in my building. I did try to contact
them over chat, they told me to call, and I left a message. They
responded saying they mostly offer business services for now, no
residential in Montreal.
Here s my (seventh) monthly update about the activities I ve done in the F/L/OSS world.
Debian
It s been 14 months since I ve started contributing to Debian.
And 4 months since I ve been a Debian Developer. And in this beautiful time,
I had this opprotunity to do and learn lots of new and interesting things. And most
importantly, meet and interact with lots of lovely people!
Debian is $home.
Sponsored a lot of uploads for William Desportes and Adam Cecile.
Mentoring for newcomers.
FTP Trainee reviewing.
Moderation of -project mailing list.
Applied for DUCI project for Google Summer of Code 2020.
Ruby2.7 Migration:
Ruby2.7 was recently released on 25th December, 2019. Santa s gift. Believe it or not.
We, the Debian Ruby team, have been trying hard to make it migrate to testing. And it finally happened.
The default version in testing is ruby2.7. Here s the news! \o/
Here s what I worked on this month for this transition.
Upstream:
Opened several issues and proposed patches (in the form of PRs):
Issue #35 against encryptor for Ruby2.7 test failures.
Issue #28 against image_science for removing relative paths.
Issue #106 against ffi-yajl for Ruby2.7 test failures.
Debian LTS
Debian Long Term Support (LTS) is a project to extend the lifetime of all Debian stable releases
to (at least) 5 years. Debian LTS is not handled by the Debian security team, but by a separate group
of volunteers and companies interested in making it a success.
This was my seventh month as a Debian LTS paid contributor. I was assigned 24.00 hours and worked on
the following things:
Other(s)
Sometimes it gets hard to categorize work/things into a particular category.
That s why I am writing all of those things inside this category.
This includes two sub-categories and they are as follows.
Personal:
This month I could get the following things done:
Most importantly, I finally migrated to a new website. Huge UI imporvement! \o/
From Jekyll to Hugo, it was not easy. But it was worth it! Many thanks to Luiz for writing hugo-coder, Clement, and Samyak!
If you find any flaws, issues and pull requests are welcomed at utkarsh2102/utkarsh2102.com
Wrote battery-alert, a mini-project of my own to show battery alerts at <10% and >90%.
Written in shell, it brings me all the satisfaction as it has saved my life on many occasions.
And guess what? It has more users than just myself!
Reviews and patches are welcomed \o/
Mentored in HackOn Hackathon. Thanks to Manvi for reaching out!
It was fun to see people developing some really nice projects.
Thanks to Ray and John, I became a GitLab Hero!
(I am yet to figure out my role and responibility though)
Atteneded Intro Sec Con and had the most fun!
Heard Ian s keynote and attended other talks and learned how to use WireShark!
Open Source:
Again, this contains all the things that I couldn t categorize earlier.
Opened several issues and pull requests:
Issue #297 against hugo-coder, asking to enable RSS feed for blogs.
PR #316 for hugo-coder for fixing the above issue myself.
Issue #173 against arbre for requesting a release.
Issue #104 against combustion, asking to relax dependency on rubocop. Fixed in this commit.
Issue #16 against ffi-compiler for requesting to fix homepage and license.
Issue #57 against gographviz for requesting a release.
Issue #14 against crb-blast, suggesting compatability with bio 2.0.x.
Issue #58 against uniform_notifier for asking to drop the use of ruby-growl.
PR #2072 for polybar, adding installation instructions on Debian systems.
Cleopatra the Alchemist who likely lived during the 3rd century AD, was a Greek alchemist, author, and philosopher. She experimented with practical alchemy but is also credited as one of the four female alchemists that could produce the Philosopher's stone. Some writers consider her to be the inventor of the alembic, a distillation apparatus.
Hedy Lamarr (/ he di/), born Hedwig Eva Maria Kiesler (November 9, 1914[a] January 19, 2000), was an Austrian-born American film actress and inventor who was posthumously inducted into the National Inventors Hall of Fame.[1]
Radia Joy Perlman (born December 18, 1951) is an American computer programmer and network engineer. She is most famous for her invention of the spanning-tree protocol (STP), which is fundamental to the operation of network bridges, while working for Digital Equipment Corporation. She also made large contributions to many other areas of network design and standardization, such as link-state routing protocols.
Stephanie Louise Kwolek (July 31, 1923 June 18, 2014) was an American
chemist who is known for inventing Kevlar. She was of Polish heritage and her career
at the DuPont company spanned more than 40 years.[1] She discovered the first of
a family of synthetic fibres of exceptional strength and stiffness: poly-paraphenylene
terephthalamide.
I don't play many video games any more, and I certainly don't consider myself a
gamer. If I have time and brain power, I like to write code or work on my PhD;
if I don't have brain power I read, watch movies or TV.
However last Summer, lured by the launch titles Super Mario Odyssey
and The Legend of Zelda: Breath of the Wild, I bought a Nintendo Switch. I've
actually played some games on it now, although I surprised myself by playing
lesser-known and indie titles rather than the AAA names. My favourite games are
ones I can pick up and play for 5-10 minutes at a time without losing time to
tutorials, introductory videos, and other such nonsense.
I thought I'd recommend some games. First up, Virtua Racing.
I actually bought this for the office Switch before I had my own. It's
re-release of the 1992 arcade racer. I have fond memories of Arcades in the 90s
(although I don't think I played this game). It's conceptually simple: three
tracks, few options (you can choose manual or automatic transmission). But there's
some hidden depth in there: it models slipstream, tyre wear and other effects.
The fun of it for me is trying to beat my personal best and that of my
colleagues. But I haven't actually placed above 3rd on the
intermediate course or even finished the advanced one, so despite its
simplicity, there's plenty of mileage in it for me. It also looks great,
rending at a smooth 60fps. The large untextured polygons were once a design
decision due to the limitations of the hardware in 1992 and are now an
in-fashion aesthetic.
I won't reveal precisely how many books I read in 2020, but it was definitely an improvement on 
