I had this issue preventing me to start a call, which happened on two different browsers. It turned out that the pulseaudio service was hung, and no audio devices were available for the browser to use. In that case it makes sense to check:

if pulseaudio is running

systemctl status --user pulseaudio

if pulseaudio is running, that you have a list from input (sources) and output (sinks) audio devices in the Gnome Desktop Settings. You can also check from the command line with

pactl list sources
pactl list sinks

If you know the Amazon Web Services portfolio, and you are interested in OpenShift or the OKD OpenShift community distribution, this is a table of corresponding technologies. OpenShift is Red Hat s Kubernetes distribution: it is basically the upstream Kubernetes delivered with monitoring, logging, CI/CD, underlying OS, tested upgrade paths not found with a manual kubernetes.io kubeadm install.

AWS	OpenShift	OpenShift upstream project
Cloud Trail	Kubernetes API Server audit log	Kubernetes
Cloud Watch	OpenShift Monitoring	Prometheus
AWS Artifact	Compliance Operator	OpenSCAP
AWS Trusted Advisor	Insights
AWS Marketplace	OpenShift Operator Hub
AWS Identity and Access Management (IAM)	Red Hat SSO	Keycloack
AWS Elastisc Beanstalk	OpenShift Source2Image (S2I)	Source2Image (S2I)
AWS S3	ODF Rados Gateway	Rook RGW
AWS Elastic Bloc Storage	ODF Rados Block Device	Rook RBD
AWS Elastic File System	ODF Ceph FS	Rook CephFS
Amazon Simple Notification Service	OpenShift Streams for Apache Kafka	Apache Kafka
Amazon Guard Duty	API Server audit log review, ACS Runtime detection	Stackrox
Amazon Inspector	Quay.io container scanner, ACS Vulnerability Assessment	Clair, Stackrox
AWS Lambda	Openshift Serverless`*`	Knative
AWS Key Management System	could be done with Hashicorp Vault	Vault
AWS WAF	NGINX Ingress Controller Operator with ModSecurity	NGINX ModSecurity
Amazon Elasticache	Redis Enterprise Operator	Redis, memcached as alternative
AWS Relational Database Service	Crunchy Data Operator	PostgreSQL

* OpenShift Serverless requires the application to be packaged as a container, something AWS Lamda does not require.

I switched from blogger.com the Google Blog platform to the hosted wordpress.com of Automaticc, the WordPress blog engine main authors.
I thus gain:

markdown formatting when writing blog entries, finally !
running on a opensource core, that I can move locally to my own server if I ever want to fiddle with MySQL and PHP.

I lose:

free CNAME redirect using my own domain name
a bit of advertising-free space. The blog at wordpress.com has a prominent header indicating I am using the free plan, but I am OK so far with that.

What stays the same:

Blogger and WordPress.com offer both tag-based RSS feed exports, so I decided to keep for Debian Planet a feed containing only the posts related to free, libre and opensource software.

I was not ready to make the jump to a self hosted static blog generator, as I still wanted to have the possibility to comment, without me having to host the comment subsystem. On the personal side, I also intend to pause twitter activity, as I notice current microblogging platforms tend to mostly contain flame wars, self promotion, or shared links I could find anyway with a good feed reader.

Investigating today what is AWS Relational Database Service with two readable standbys Considering your current read/write server is in Availability Zone AZ1, this is basically postgres 14 with synchronous_standby_names = ANY 1 (az2, az3) and synchronous_commit = on. In regards to safety of data, it looks similar to the raft algorithm used by etcd with three members as a write is only ack ed if it has been fsynced by two servers, the difference is that raft has a leader election, whereas in PostgreSQL the leader is set at startup and you have to build yourself the election mechanism. There is no special cloud magic here, it is just database good practices paid by the minute.

Using a markdown file , this style sheet and this simple command,

pandoc couronne.md --standalone --css styling.css \
    --to  html5  --table-of-contents &gt; couronne.html

I feel I will never need a word processor again. It produces this nice looking document without pain.

Welcome to the July 2022 report from the Reproducible Builds project! In our reports we attempt to outline the most relevant things that have been going on in the past month. As a brief introduction, the reproducible builds effort is concerned with ensuring no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.

Reproducible Builds summit 2022 Despite several delays, we are pleased to announce that registration is open for our in-person summit this year: November 1st November 3rd
The event will happen in Venice (Italy). We intend to pick a venue reachable via the train station and an international airport. However, the precise venue will depend on the number of attendees. Please see the announcement email for information about how to register.

Is reproducibility practical? Ludovic Court s published an informative blog post this month asking the important question: Is reproducibility practical?:
Our attention was recently caught by a nice slide deck on the methods and tools for reproducible research in the R programming language. Among those, the talk mentions Guix, stating that it is for professional, sensitive applications that require ultimate reproducibility , which is probably a bit overkill for Reproducible Research . While we were flattered to see Guix suggested as good tool for reproducibility, the very notion that there s a kind of reproducibility that is ultimate and, essentially, impractical, is something that left us wondering: What kind of reproducibility do scientists need, if not the ultimate kind? Is reproducibility practical at all, or is it more of a horizon?
The post goes on to outlines the concept of reproducibility, situating examples within the context of the GNU Guix operating system.

diffoscope diffoscope is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats. This month, Chris Lamb prepared and uploaded versions `218`, `219` and `220` to Debian, as well as made the following changes:

New features:

Support Haskell 9.x series files. [ ]

Bug fixes:

Fix a regression introduced in version 207 where diffoscope would crash if one directory contained a directory that wasn t in the other. Thanks to Alderico Gallo for the testcase. [ ]

Don t traceback if we encounter an invalid Unicode character in Haskell versioning headers. [ ]

Output improvements:

Improve output of Markdown and reStructuredText to use code blocks with highlighting. [ ]

Codebase improvements:

Space out a file a little. [ ]

Update various copyright years. [ ]

Mailing list On our mailing list this month:

Roland Clobus posted his Eleventh status update about reproducible [Debian] live-build ISO images, noting amongst many other things! that all major desktops build reproducibly with bullseye, bookworm and sid.

Santiago Torres-Arias announced a Call for Papers (CfP) for a new SCORED conference, an academic workshop around software supply chain security . As Santiago highlights, this new conference invites reviewers from industry, open source, governement and academia to review the papers [and] I think that this is super important to tackle the supply chain security task .

Upstream patches The Reproducible Builds project attempts to fix as many currently-unreproducible packages as possible. This month, however, we submitted the following patches:

Bernhard M. Wiedemann

openSUSE monthly report

`acarsdec` (embeds CPU info with `march=native`)

`casacore` (embeds CPU info with `march=native`)

`kubernetes` (uses random name of temporary directory)

`setuptools/python-brotlicffi` (toolchain, filesys/readdir)

`sysstat` (FTBFS in single CPU mode)

`sundials` (FTBFS in single CPU mode)

`nim` (FTBFS in single CPU mode)

`doxygen/libzypp` (toolchain readdir)

`python-pyquil` (build failure)

`openssl-1_0_0` (build failure)

`jsonrpc-glib` (FTBFS in single CPU mode)

`slurm` (Link-Time Optimisation and `.tar` issues)

`wasi-libc` (sort the output from `find`)

Chris Lamb:

#1015245 filed against `libshumate`.

#1015246 filed against `zeal`.

#1016186 filed against `gappa`.

Philip Rinn:

#1014877 filed against `cxref`.

Vagrant Cascadian:

#1014426 filed against `cldump`.

#1014428 filed against `xmacro`.

#1014559 filed against `libloki`.

#1014560 filed against `ygl`.

#1014561 filed against `clp`.

#1014564 filed against `tvtime`.

#1014789 filed against `rdiff-backup-fs`.

Reprotest reprotest is the Reproducible Builds project s end-user tool to build the same source code twice in widely and deliberate different environments, and checking whether the binaries produced by the builds have any differences. This month, the following changes were made:

Holger Levsen:

Uploaded version `0.7.21` to Debian unstable as well as mark `0.7.22` development in the repository [ ].

Make diffoscope dependency unversioned as the required version is met even in Debian buster. [ ]

Revert an accidentally committed hunk. [ ]

Mattia Rizzolo:

Apply a patch from Nick Rosbrook to not force the tests to run only against Python 3.9. [ ]

Run the tests through `pybuild` in order to run them against all supported Python 3.x versions. [ ]

Fix a deprecation warning in the `setup.cfg` file. [ ]

Close a new Debian bug. [ ]

Reproducible builds website A number of changes were made to the Reproducible Builds website and documentation this month, including:

Arnout Engelen:

Add a link to recent May Contain Hackers 2022 conference talk slides. [ ]

Chris Lamb:

Correct some grammar. [ ]

Holger Levsen:

Add talk from FOSDEM 2015 presented by Holger and Lunar. [ ]

Show date of presentations if we have them. [ ][ ]

Add my presentation from DebConf22 [ ] and from Debian Reunion Hamburg 2022 [ ].

Add dhole to the speakers of the DebConf15 talk. [ ]

Add raboof s talk Reproducible Builds for Trustworthy Binaries from May Contain Hackers. [ ]

Drop some Debian-related suggested ideas which are not really relevant anymore. [ ]

Add a link to list of packages with patches ready to be NMUed. [ ]

Mattia Rizzolo:

Add information about our upcoming event in Venice. [ ][ ][ ][ ]

Testing framework The Reproducible Builds project runs a significant testing framework at tests.reproducible-builds.org, to check packages and other artifacts for reproducibility. This month, Holger Levsen made the following changes:

Debian-related changes:

Create graphs displaying existing `.buildinfo` files per each Debian suite/arch. [ ][ ]

Fix a typo in the Debian dashboard. [ ][ ]

Fix some issues in the `pkg-r` package set definition. [ ][ ][ ]

Improve the builtin-pho HTML output. [ ][ ][ ][ ]

Temporarily disable all live builds as our snapshot mirror is offline. [ ]

Automated node health checks:

Detect `dpkg` failures. [ ]

Detect files with bad UNIX permissions. [ ]

Relax a regular expression in order to detect Debian Live image build failures. [ ]

Misc changes:

Test that FreeBSD virtual machine has been updated to version 13.1. [ ]

Add a reminder about powercycling the `armhf`-architecture `mst0X` node. [ ]

Fix a number of typos. [ ][ ]

Update documentation. [ ][ ]

Fix Munin monitoring configuration for some nodes. [ ]

Fix the static IP address for a node. [ ]

In addition, Vagrant Cascadian updated host keys for the `cbxi4pro0` and `wbq0` nodes [ ] and, finally, node maintenance was also performed by Mattia Rizzolo [ ] and Holger Levsen [ ][ ][ ].

Contact As ever, if you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

IRC: `#reproducible-builds` on `irc.oftc.net`.

Twitter: @ReproBuilds

Mailing list: `rb-general@lists.reproducible-builds.org`

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

SPTAG: print error reason

duck: add (1 2), sort indicator phrases

aptitude: fix GCC 12 FTBFS

Debian security tracker: link GitHub advisories

Debian packages website: sync contact footer

Debian sysadmin scripts: use TLS not StartTLS

Debian BTS usertags: fix some Hurd, ftp-master and release manager usertags

Debian package uploads: tldextract, sptag

Debian wiki pages: Arturo_Teslao, DebConf (23/Artwork, 24/Artwork/LogoProposals), DebianDay/2022/Netherlands/Breda, DebianRepository/SetupWithReprepro, DebianUnstable, Derivatives/Census (BOSSlinux, Ubuntu), ExternalEntities, Games/PlayIt, Hardware/Wanted, ICTL/TrustedOrganizationCriteria, KernelDKMS, LoongArch, MemberBenefits, Mobile, mtr, qa.debian.org/Join, research/publications, Ripping, SIMDEverywhere, SystemdNetworkd, Teams/Design, Teams/Publicity/Meetings/DebConf21_session

Debian sysadmin wiki: document debian-admin subscription

Wikipedia: Message-ID

Issues

Missing dependency in libgd

Test failures in SPTAG (1 2)

Broken documentation in pdb-tools

Features in SIMDe, lintian

Underlinking in libgprofng

Missing include in cwidget

Warnings in stem

Invalid syntax in ncbi-igblast

Error details needed in SPTAG

Review

Spam: reported 4 Debian bug reports and 49 Debian mailing list posts

Debian wiki: RecentChanges for the month

Debian BTS usertags: changes for the month

Debian screenshots:

approved cbonsai cmake-qt-gui diffpdf flam3-utils gbsplay kdeconnect kde-plasma-desktop network-manager paper-icon-theme plasma-desktop qtav-players wyrd

rejected mesa-vulkan-drivers (icon), mintpy/python3-mintpy (website), fpart (logo), xserver-xorg-video-sisusb/safecopy/ca-certificates/weboob-qt (selfie), vlc (photo of Microsoft Windows), chromium-browser/android-sdk (mobile phone app, private information)

Administration

Debian BTS: unarchive/reopen/triage bugs for reintroduced packages

Debian servers: check full disks, ping users of excessive disk usage, restart a hung service

Debian wiki: approve accounts

Communication

Respond to queries from Debian users and contributors on the mailing lists and IRC

Sponsors The SPTAG, SIMDEverywhere, cwidget, aptitude, tldextract work was sponsored. All other work was done on a volunteer basis.

The diffoscope maintainers are pleased to announce the release of diffoscope version 218. This version includes the following changes:

* Improve output of Markdown and reStructuredText to use code blocks with
  syntax highlighting. (Closes: reproducible-builds/diffoscope#306)

You find out more by visiting the project homepage.

I ve been using OpenIKED for some time now to configure my VPN. One of its features is that it can dynamically assign addresses on the internal network to clients, and clients can assign these addresses and routes to interfaces. However, these interfaces must exist before iked can start. Some months ago I switched my Debian laptop s configuration from the traditional ifupdown to systemd-networkd. It took me some time to figure out how to have systemd-networkd create dummy interfaces on which iked can install addresses, but also not interfere with iked by trying to manage these interfaces. Here is my working configuration. First, I have systemd create the interface dummy1 by creating a systemd.netdev(5) configuration file at /etc/systemd/network/20-dummy1.netdev:

[NetDev]
Name=dummy1
Kind=dummy

Then I tell systemd not to manage this interface by creating a systemd.network(5) configuration file at /etc/systemd/network/20-dummy1.network:

[Match]
Name=dummy1
Unmanaged=yes

Restarting systemd-networkd causes these interfaces to get created, and we can then check their status using networkctl(8):

$ systemctl restart systemd-networkd.service
$ networkctl
IDX LINK     TYPE     OPERATIONAL SETUP
  1 lo       loopback carrier     unmanaged
  2 enp2s0f0 ether    off         unmanaged
  3 enp5s0   ether    off         unmanaged
  4 dummy1   ether    degraded    configuring
  5 dummy3   ether    degraded    configuring
  6 sit0     sit      off         unmanaged
  8 wlp3s0   wlan     routable    configured
  9 he-ipv6  sit      routable    configured

8 links listed.

Finally, I configure my flows in /etc/iked.conf, making sure to assign the received address to the interface dummy1.

ikev2 'hades' active esp \
        from dynamic to 10.0.1.0/24 \
        peer hades.rak.ac \
        srcid '/CN=asteria.rak.ac' \
        dstid '/CN=hades.rak.ac' \
        request address 10.0.1.103 \
        iface dummy1

Restarting openiked and checking the status of the interface reveals that it has been assigned an address on the internal network and that it is routable:

$ systemctl restart openiked.service
$ networkctl status dummy1
  4: dummy1
                     Link File: /usr/lib/systemd/network/99-default.link
                  Network File: /etc/systemd/network/20-dummy1.network
                          Type: ether
                          Kind: dummy
                         State: routable (configured)
                  Online state: online
                        Driver: dummy
              Hardware Address: 22:50:5f:98:a1:a9
                           MTU: 1500
                         QDisc: noqueue
  IPv6 Address Generation Mode: eui64
          Queue Length (Tx/Rx): 1/1
                       Address: 10.0.1.103
                                fe80::2050:5fff:fe98:a1a9
                           DNS: 10.0.1.1
                 Route Domains: .
             Activation Policy: up
           Required For Online: yes
             DHCP6 Client DUID: DUID-EN/Vendor:0000ab11aafa4f02d6ac68d40000

I d be happy to hear if there are simpler or more idiomatic ways to configure this under systemd.

Last year, I wrote my own blog-aware static site generator in Python. I called it blag named after the blag of the webcomic xkcd. Now I finally got around packaging- and uploading blag to Debian. It passed the NEW queue and is now part of the distribution. That means if you re using Debian, you can install it via:

sudo aptitude install blag

Ubuntu will probably follow soon. For every other system, blag is also available on PyPI:

pip install blag

To get started, you can

mkdir blog && cd blog
blag quickstart                        # fill out some info
nvim content/hello-world.md            # write some content
blag build                             # build the website

Blag is aware of articles and pages: the difference is that articles are part of the blog and will be added to the atom feed, the archive and aggregated in the tag pages. Pages are just rendered out to HTML. Articles and pages can be freely mixed in the content directory, what differentiates an article from a page is the existence of the dade metadata element:

title: My first article
description: Short description of the article
date: 2022-06-18 23:00
tags: blogging, markdown
## Hello World!
Lorem ipsum.
[...]

blag also comes with a dev-server that rebuilds the website automatically on every change detected, you can start it using:

blag serve

The default theme looks quite ugly, and you probably want to create your own styling to make it more beautiful. The process is not very difficult if you re familiar with jinja templating. Help on that can be found in the Templating section of the online documentation, the offline version in the blag-doc package, or the man page, respectively. Speaking of the blag-doc package: packaging it was surprisingly tricky, and it also took me a lot of trial and error to realize that dh_sphinxdocs alone does not automatically put the generated html output into the appropriate package, you rather have to list them in the package.docs-file (i.e. blag-doc.docs) so dh_installdocs can install them properly.

Welcome to my new Blog for Technical Stuff. For a long time I was planning to start publishing technical articles again but to do it I wanted to replace my old blog based on ikiwiki by something more modern. I ve used Jekyll with GitLab Pages to build the Intranet of the ITI and to generate internal documentation sites on Agile Content, but, as happened with ikiwiki, I felt that things were kind of slow and not as easy to maintain as I would like. So on Kyso (the Company I work for right now) I switched to Hugo as the Static Site Generator (I still use GitLab Pages to automate the deployment, though), but the contents are written using the Markdown format, while my personal preference is the Asciidoc format. One thing I liked about Jekyll was that it was possible to use Asciidoctor to generate the HTML simply by using the Jekyll Asciidoc plugin (I even configured my site to generate PDF documents from .adoc files using the Asciidoctor PDF converter) and, luckily for me, that is also possible with Hugo, so that is what I plan to use on this blog, in fact this post is written in .adoc. My plan is to start publishing articles about things I m working on to keep them documented for myself and maybe be useful to someone else. The general intention is to write about Container Orchestration (mainly Kubernetes), CI/CD tools (currently I m using GitLab CE for that), System Administration (with Debian GNU/Linux as my preferred OS) and that sort of things. My next post will be about how I build, publish and update the Blog, but probably I will not finish it until next week, once the site is fully operational and the publishing system is tested.

Spoiler Alert: This is a personal site, so I m using Gitea to host the code instead of GitLab. To handle the deployment I ve configured json2file-go to save the data sent by the hook calls and process it asynchronously using inotify-tools. When a new file is detected a script parses the JSON file using jq and builds and updates the site if appropriate.

Welcome to the February 2022 report from the Reproducible Builds project. In these reports, we try to round-up the important things we and others have been up to over the past month. As ever, if you are interested in contributing to the project, please visit our Contribute page on our website.

Jiawen Xiong, Yong Shi, Boyuan Chen, Filipe R. Cogo and Zhen Ming Jiang have published a new paper titled Towards Build Verifiability for Java-based Systems (PDF). The abstract of the paper contains the following:

Various efforts towards build verifiability have been made to C/C++-based systems, yet the techniques for Java-based systems are not systematic and are often specific to a particular build tool (eg. Maven). In this study, we present a systematic approach towards build verifiability on Java-based systems.

GitBOM is a flexible scheme to track the source code used to generate build artifacts via Git-like unique identifiers. Although the project has been active for a while, the community around GitBOM has now started running weekly community meetings.

The paper Chris Lamb and Stefano Zacchiroli is now available in the March/April 2022 issue of IEEE Software. Titled Reproducible Builds: Increasing the Integrity of Software Supply Chains (PDF), the abstract of the paper contains the following:

We first define the problem, and then provide insight into the challenges of making real-world software build in a reproducible manner-this is, when every build generates bit-for-bit identical results. Through the experience of the Reproducible Builds project making the Debian Linux distribution reproducible, we also describe the affinity between reproducibility and quality assurance (QA).

In openSUSE, Bernhard M. Wiedemann posted his monthly reproducible builds status report.

On our mailing list this month, Thomas Schmitt started a thread around the SOURCE_DATE_EPOCH specification related to formats that cannot help embedding potentially timezone-specific timestamp. (Full thread index.)

The Yocto Project is pleased to report that it s core metadata (OpenEmbedded-Core) is now reproducible for all recipes (100% coverage) after issues with newer languages such as Golang were resolved. This was announced in their recent Year in Review publication. It is of particular interest for security updates so that systems can have specific components updated but reducing the risk of other unintended changes and making the sections of the system changing very clear for audit. The project is now also making heavy use of equivalence of build output to determine whether further items in builds need to be rebuilt or whether cached previously built items can be used. As mentioned in the article above, there are now public servers sharing this equivalence information. Reproducibility is key in making this possible and effective to reduce build times/costs/resource usage.

diffoscope diffoscope is our in-depth and content-aware diff utility. Not only can it locate and diagnose reproducibility issues, it can provide human-readable diffs from many kinds of binary formats. This month, Chris Lamb prepared and uploaded versions `203`, `204`, `205` and `206` to Debian unstable, as well as made the following changes to the code itself:

Bug fixes:

Fix a `file(1)`-related regression where Debian `.changes` files that contained non-ASCII text were not identified as such, therefore resulting in seemingly arbitrary packages not actually comparing the nested files themselves. The non-ASCII parts were typically in the `Maintainer` or in the changelog text. [ ][ ]

Fix a regression when comparing directories against non-directories. [ ][ ]

If we fail to scan using `binwalk`, return `False` from `BinwalkFile.recognizes`. [ ]

If we fail to import `binwalk`, don t report that we are missing the Python `rpm` module! [ ]

Testsuite improvements:

Add a test for recent `file(1)` issue regarding `.changes` files. [ ]

Use our `assert_diff` utility where we can within the `test_directory.py` set of tests. [ ]

Don t run our `binwalk`-related tests as root or `fakeroot`. The latest version of `binwalk` has some new security protection against this. [ ]

Codebase improvements:

Drop the `_PATH` suffix from module-level globals that are not paths. [ ]

Tidy some control flow in `Difference._reverse_self`. [ ]

Don t print a warning to the console regarding `NT_GNU_BUILD_ID` changes. [ ]

In addition, Mattia Rizzolo updated the Debian packaging to ensure that `diffoscope` and `diffoscope-minimal` packages have the same version. [ ]

Debian-related updates Vagrant Cascadian wrote to the `debian-devel` mailing list after noticing that the `binutils` source package contained unreproducible logs in one of its binary packages. Vagrant expanded the discussion to one about all kinds of build metadata in packages and outlines a number of potential solutions that support reproducible builds and arbitrary metadata. Vagrant also started a discussion on `debian-devel` after identifying a large number of packages that embed build paths via RPATH when building with CMake, including a list of packages (grouped by Debian maintainer) affected by this issue. Maintainers were requested to check whether their package still builds correctly when passing the `-DCMAKE_BUILD_RPATH_USE_ORIGIN=ON` directive. On our mailing list this month, kpcyrd announced the release of rebuilderd-debian-buildinfo-crawler a tool to parse the `Packages.xz` Debian package index file, attempts to discover the right `.buildinfo` file from buildinfos.debian.net and outputs it in a format that can be understood by rebuilderd. The tool, which is available on GitHub, solves a problem regarding correlating Debian version numbers with their builds. bauen1 provided two patches for debian-cd, the software used to make Debian installer images. This involved passing `--invariant` and `-i deb00001` to `mkfs.msdos(8)` and avoided embedding timestamps into the gzipped `Packages` and `Translations` files. After some discussion, the patches in question were merged and will be included in debian-cd version 3.1.36. Roland Clobus wrote another in-depth status update about status of live Debian images, summarising the current situation that all major desktops build reproducibly with bullseye, bookworm and sid . The `python3.10` package was uploaded to Debian by doko, fixing an issue where [`.pyc` files were not reproducible because the elements in `frozenset` data structures were not ordered reproducibly. This meant that to creating a bit-for-bit reproducible Debian chroot which included `.pyc` files was not reproducible. As of writing, the only remaining unreproducible parts of a `standard` chroot is `man-db`, but Guillem Jover has a patch for `update-alternatives` which will likely be part of the next release of `dpkg`. Elsewhere in Debian, 139 reviews of Debian packages were added, 29 were updated and 17 were removed this month adding to our knowledge about identified issues. A large number of issue types have been updated too, including the addition of `captures_kernel_variant`, `erlang_escript_file`, `captures_build_path_in_r_rdb_rds_databases`, `captures_build_path_in_vo_files_generated_by_coq` and `build_path_in_vo_files_generated_by_coq`.

Website updates There were quite a few changes to the Reproducible Builds website and documentation this month as well, including:

Chris Lamb:

Considerably rework the Who is involved? page. [ ][ ]

Move the `contributors.sh` Bash/shell script into a Python script. [ ][ ][ ]

Daniel Shahaf:

Try a different Markdown footnote content syntax to work around a rendering issue. [ ][ ][ ]

Holger Levsen:

Make a huge number of changes to the Who is involved? page, including pre-populating a large number of contributors who cannot be identified from the metadata of the website itself. [ ][ ][ ][ ][ ]

Improve linking to sponsors in sidebar navigation. [ ]

drop sponsors paragraph as the navigation is clearer now. [ ]

Add Mullvad VPN as a bronze-level sponsor . [ ][ ]

Vagrant Cascadian:

Remove a stray parenthesis from the Who is involved? page. [ ]

Upstream patches The Reproducible Builds project attempts to fix as many currently-unreproducible packages as possible. February s patches included the following:

Bernhard M. Wiedemann:

`btop` (sort-related issue)

`complexity` (date)

`giac` (update the version with upstreamed date patch)

`htcondor` (use CMake timestamp)

`libint` (`readdir` system call related)

`libnet` (date-related issue)

`librime-lua` (sort filesystem ordering)

`linux_logo` (sort-related issue)

`micro-editor` (date-related issue)

`openvas-smb` (date-related issue)

`ovmf` (sort-related issue)

`paperjam` (date-related issue)

`python-PyQRCode` (date-related issue)

`quimb` (single-CPU build failure)

`radare2` (Meson date/time-related issue)

`radare2` (Rework `SOURCE_DATE_EPOCH` usage to be portable)

`siproxd` (date, with Sebastian Kemper + follow-up

`xonsh` (Address Space Layout Randomisation-related issue)

`xsnow` (date & `tar(1)`-related issue)

`zip` (toolchain issue related to filesystem ordering)

Chris Lamb:

#1005029 filed against `ltsp` (forwarded upstream).

#1005197 filed against `pcmemtest`.

#1005825 filed against `hatchling`.

#1005826 filed against `mpl-sphinx-theme` (forwarded upstream)

#1005827 filed against `gap-hapcryst`.

#1005901 filed against `tree-puzzle`.

#1005954 filed against `jcabi-aspects`.

#1005955 filed against `paper-icon-theme`.

Roland Clobus:

#1006358 filed against `libxmlb`.

Vagrant Cascadian:

#1005408 filed against `wcwidth`.

#1005420 filed against `xir`.

#1005421 filed against `xir`.

#1005726 filed against `ruby-github-markup`.

#1005727 filed against `ruby-tioga`.

#1005792 filed against `btop`.

#1005793 filed against `libadwaita-1`.

#1005794 filed against `snibbetracker`.

#1006252 filed against `cctbx`.

#1006254 filed against `mdnsd`.

#1006256 filed against `gmerlin`.

#1006302 filed against `beav`.

#1006385 filed against `krita`.

#1006407 filed against `qt6-base`.

#1006455 filed against `onevpl-intel-gpu`.

#1006471 filed against `ruby3.0`.

#1006473 filed against `nix`.

#1006474 filed against `foma`.

#1006476 filed against `ruby3.0`.

Testing framework The Reproducible Builds project runs a significant testing framework at tests.reproducible-builds.org, to check packages and other artifacts for reproducibility. This month, the following changes were made:

Daniel Golle:

Update the OpenWrt configuration to not depend on the host LLVM, adding lines to the `.config` seed to build LLVM for eBPF from source. [ ]

Preserve more OpenWrt-related build artifacts. [ ]

Holger Levsen:

Temporary use a different Git tree when building OpenWrt as our tests had been broken since September 2020. This was reverted after the patch in question was accepted by Paul Spooren into the canonical `openwrt.git` repository the next day.

Various improvements to debugging OpenWrt reproducibility. [ ][ ][ ][ ][ ]

Ignore `useradd` warnings when building packages. [ ]

Update the script to powercycle `armhf` architecture nodes to add a hint to where nodes named `virt-`. [ ]

Update the node health check to also fix failed `logrotate` and `man-db` services. [ ]

Mattia Rizzolo:

Update the website job after `contributors.sh` script was rewritten in Python. [ ]

Make sure to set the `DIFFOSCOPE` environment variable when available. [ ]

Vagrant Cascadian:

Various updates to the diffoscope* timeouts. [ ][ ][ ]

Node maintenance was also performed by Holger Levsen [ ] and Vagrant Cascadian [ ].

Finally If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via:

IRC: `#reproducible-builds` on `irc.oftc.net`.

Twitter: @ReproBuilds

Mailing list: `rb-general@lists.reproducible-builds.org`

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Changes

purple-discord: remove code copy, fix markdown

thermal_daemon: gitignore, drop code copy

libpst: cleanup project info, URLs, embedded copies, Python build

circuitbreaker: cleanup (1 2)

ideviceunback: cleanup

Debian package uploads: pscan, purple-discord, sptag, python-circuitbreaker (1 2)

Debian wiki pages: BSP, Chromium, DebianDay/2022, DebianDay, DebianScience/R, Derivatives/Census/Ubuntu, Exploits, Firmware/Open, KVM, LTS/Development, Ports, PressCoverage, PrivacyIssues, SecureBoot, Sprints, Teams/OCamlTaskForce/TODO, Xorg, Year

FOSSjobs wiki pages: Resources

Wikipedia: Message-ID

Issues

Docs additions for moreutils parallel

Broken links in seabios, systemd, openjpeg2, iproute2

Obsolete conffiles in openjdk-11-jre-headless, libguestfs-tools, libddccontrol0

Broken perms in oci-python-sdk

Broken commit style in oci-python-sdk

Packaging intended for oci-cli, oci-python-sdk, python-circuitbreaker

Use of deprecated features in oci-python-sdk (1 2), autoconf-archive, thermal_daemon

Outdated deps in oci-python-sdk

Features in adequate (1 2 3), reportbug, how-can-i-help (1 2), lintian

Disabled tests in zxing-cpp

Warnings in pypy

Review

Spam: reported 1 Debian bug reports and 140 Debian mailing list posts

Patches: libpst

Debian packages: reviewed carl9170fw

Debian wiki: RecentChanges for the month

Debian BTS usertags: changes for the month

Debian screenshots:

approved dablin debian-edu-artwork-buster ggcov goaccess httraqt ktorrent ldap-account-manager netpbm puredata-gui rar scalpel xc3sprog

rejected nautilus (not a good screenshot), libwxgtk3.0-0v5 (bug report), scrot/rar (doesn't show UI), gpaint (upstream), ggcov/gvrng/kephra/bossa (macOS/Windows), weboob-qt/series60-remote/fonts-noto-color-emoji (random mobile phone screenshots),

Administration

Debian BTS: unarchive/reopen/triage bugs for reintroduced packages

Debian servers: ping folks about mail forwarding issues

Debian wiki: unblock IP addresses, approve accounts

Communication

Respond to queries from Debian users and contributors on the mailing lists and IRC

Sponsors The oci-cli, oci-python-sdk, circuitbreaker, autoconf-archive, libpst, purple-discord, sptag work was sponsored. All other work was done on a volunteer basis.

Looking at my blog, it seems I haven't written anything about homebrewing in a while. In fact, the last time I did was when I had a carboy blow out on me in the middle of the night... Fear not, I haven't stopped brewing since then. I have in fact decided to publish my homebrew recipes. Not on this blog though, as it would get pretty repetitive. So here are my recipes. So far, I've brewed around 30 different beers! The format is pretty simple (no fancy HTML, just plain markdown) and although I'm not the most scientific brewer, you should be able to replicate some of those if that's what you want to try. Cheers!

For some time now I wanted to learn Rust, but I either didn t have the time or couldn t come up with a nice beginner project. Given that I recently found myself to be without a job and we had another lockdown in the part of the world I happen to live in, I decided to give that idea another go (no pun intended). There is apparently a trend to reimplement existing Unix tools in Rust (see exa, a modern replacement for ls , delta, a syntax highlighting pager for git, diff and grep output, bat, a cat clone with wings , zellij, a terminal workspace, ripgrep, a line-oriented search tool ). I looked around what else was out there, but what I wasn t able to find was an implementation of cal(1) in Rust (maybe I wasn t looking hard enough, feel free to point anything out to me I might have overlooked). No cal in Rust even though a calendar implementation would provide the potential to go over the top with terminal colors, which is also very important when writing reimplementations of older CLI tools! So I started writing and soon had a simple prototype of a cal reimplementation. A couple of weeks later I can now present carl, a cal implementation in Rust: default carl output

The default output of carl is what you would expect from a commandline calendar tool. It prints the days of the current month and highlights the current day. Other than the cal tools I tried, carl by default also prints days that are in the past in grey. Like cal it can also print three month if you use the -3 switch or the whole year if you use the -y switch.

Colors You can use a theme file to change the colors `carl` uses for various dates. The name of the theme is set in `carl`s configuration file (in `XDG_CONFIG_HOME/.carl/config.toml` or system-wide in `XDG_CONFIG_DIRS/.carl/config.toml`) using the `theme` setting - carl looks for the theme in the file `$ themename .theme` in the configuration folders. A custom theme could for example look like this: You can change the foreground color, background color and/or style of a date using a combination of various stylenames like `BGRed`, `Bold` and `FGCyan`. The README lists all possible stylenames. A list of date properties defines which dates the specific style should affect- date properties are for example `CurrentDate`, `AfterCurrentDate` or `FirstDayOfMonth`. Again, the README lists the existing date properties and I m happy to implement more of them, if you have ideas.

Ical support I also added the option to list `.ical` files in the configuration file. `carl` can display the dates from the ical file(s) with a separate style. There can either be a global style for all the dates from all the ical files by using the `IsEvent` date property or a separate style for the dates of a specific `*.ical` file. Using the `--agenda` commandline switch `carl` also shows an agenda of dates from the `ical` files.

Installation I have uploaded carl to crates.io, so you can install carl using cargo: `cargo install carl`. I also plan to upload it to Debian at some point. If you find bugs or have feature requests, please don t hesitate to create issues.

Wired magazine has many short documentary films on YouTube, this one about How Photography is Affecting Our Brains is particularly good [1]. Matt Blaze wrote an informative blog post about Faraday cages for phones [2]. It seems that the commercial shielded bags are all pretty good while doing it yourself with aluminium foil may get similar results or may get much worse results with no obvious difference in the quality of the wrapping. Aluminium foil doesn t protect that well and doesn t protect consistently. A metal biscuit tin performed quite well and consistently, so that s a cheap option for reducing signals. Umair Haque wrote an insightful article about the single word that describes most of the problems the world faces right now [3]. Forbes has an informative article about the early days of the Ford company when they doubled wages, it proves that they didn t do so to enable workders to afford cars but to avoid staff turnover (which is expensive) [4]. Also the Ford company had a fascistic approach to employees, controlling what they were allowed to do in their spare time if they wanted the bonus payment. The wages weren t doubled, there was a bonus payment that would double the salary if the employee was eligible for the bonus. One thing that Forbes gets wrong is that they claim that it was only having higher pay than other companies that provided a benefit and that a higher minimum wage wouldn t, the problem with that idea is that a higher minimum wage would discourage people from having multiple jobs and allow more families to not have the mother working (a condition for a man to get the Ford bonus was for his wife to not work). The WSJ has an interesting article about Intel s datacenter for running all the different configurations of CPUs that they have supported over the last 10 years for security tests [5]. My Thinkpad (which is less than 10yo) is vulnerable to one of the SPECTRE family of exploits as Intel hasn t released microcode to fix it, getting fixed microcode out for all the systems from major vendors like Lenovo would be a good idea if they want to improve their security. NPR has an interesting article about the correlation between support for Trump in counties of the US with lack of vaccination and Covid19 deaths [6]. No surprises, but it s good to see the graphs. Cory Doctorow wrote an interesting article on the lack of slack in the current American education system [7]. It s not that bad in Australia but we are unfortunately moving in the American direction. Teen Vogue has an insightful article about the problems with the focus on resilience [8], while resilience is good we should make it a higher priority to avoid putting people in situations where they need to be resiliant than on encouraging resilience.

[1] https://www.youtube.com/watch?v=OrPkTs-i75A
[2] https://www.mattblaze.org/blog/faraday/
[3] https://tinyurl.com/yy8uxrwo
[4] https://tinyurl.com/yddbw65b
[5] https://tinyurl.com/y4sjdapn
[6] https://tinyurl.com/y6olq6zl
[7] https://tinyurl.com/yxkxy4q7
[8] https://tinyurl.com/y228lrbj

DocKnot is my static site generator and software release management toolkit. It's what generates all of what you're reading. DocKnot has always supported pointing to external files from inside its input tree and converting those files to HTML. This is how I include HTML conversions of POD documentation, CVS logs, text files, and other things in my web pages. This release starts the migration from an ad hoc text format for these pointers to YAML, which will permit a much richer configuration and a consistent format and extension for those external pointers. As the first supported format, DocKnot now supports Markdown conversion (using pandoc). POD conversion is also now supported via both the new pointer file syntax and the old one, but the latter is deprecated and will be removed in a later release. This release also includes some internal reorganization, a fix for RSS output on systems where the locale isn't set to English, and support for cutting releases from a main branch instead of a master branch. You can get the latest version from CPAN or the DocKnot distribution page.

Less Is More. Ludwig Mies van der Rohe

Welcome to the 34th post in the rambunctiously refreshing R recitations, or R⁴. Today s post is about architecture. Mies defined modernism. When still in Europe, I had been to the Neue Nationalgalerie in Berlin which provides a gorgeous space for the arts. Twenty-five years ago, I worked next to his Toronto-Dominion Center in Toronto. Here in Chicago we have numerous buildings: the Federal Center (the Dirksen, the Kluczynski and the US Post Office rounding out the square in the Loop), multiple buildings on the Illinois Tech (aka IIT) Campus where he taught in the architecture department he created and lead, the (formerly called) IBM Plaza building at the river and more. Structure and minimalism, often based on the same core elements of black steel beams and glass, are a landmark of these buildings. One immediately senses that there is nothing left to take away. Code and programming can be similar. We too compose based on parts we assemble and combine to create something hopefully larger than the parts. The difficulty arising from too many dependencies is something we discussed before both here in this 2018 post but also via the tinyverse site. Over the last seven days, and via uploads to new versions to CRAN, I have switched the vignettes of seven packages from using minidown (which in turn requires rmarkdown and knitr, plus their aggregate dependencies) to using simplermarkdown with its sole dependency. That is, of course, a personal choice. I tend to not even knit much in my vignettes (and simplermarkdown supports what I do) but to rely mostly on pandoc for code rendering. So I only need a small subset of the functionality provided, but I can not access just that as the default comes with numerous bells, whistles as well as enough other instruments to form a small marching band. A picture may express this better:

(courtesy of the deepdep package for the figures). Which of these two setups is less likely to surprise you with random breaks, say in continuous integration? Which takes less time to install, and burns fewer cpu cycles just to be set up, each time we run a new test? Which is taxing your students, colleagues, collaborators, users, less on setup for use or replication? The first, comprises a total of 29 dependencies, or the second with just one? My money is on the second choice. Less is more.

The Rblp team is happy to announce a new version 0.3.12 of Rblpapi which just arrived at CRAN. Rblpapi provides a direct interface between R and the Bloomberg Terminal via the C++ API provided by Bloomberg (but note that a valid Bloomberg license and installation is required). This is the twelveth release since the package first appeared on CRAN in 2016. Changes are detailed below and include both extensions to functionality, actual bug fixes and changes to the package setup. Special thanks goes to Michael Kerber, Yihui Xie and Kai Lin for contributing pull requests!

Changes in Rblpapi version 0.3.12 (2021-12-07)

bdh() supports new option returnAs (Michael Kerber and Dirk in #335 fixing #206)

Remove extra backtick in vignette (Yihui Xie in #343)

Fix a segfault from bulk access with bds (Kai Lin in #347 fixing #253)

Support REQUEST_STATUS in bdh (Kai Lin and John in #349 fixing #348)

Vignette now uses simplermarkdown (Dirk in #350)

Courtesy of my CRANberries, there is also a diffstat report for the this release. As always, more detailed information is on the Rblpapi page. Questions, comments etc should go to the issue tickets system at the GitHub repo. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Another small release of the tidyCpp package arrived on CRAN this morning. The packages offers a clean C++ layer (as well as one small C++ helper class) on top of the C API for R which aims to make use of this robust (if awkward) C API a little easier and more consistent. See the vignette for motivating examples. This release makes a tiny code change, remove a YAML file for the disgraced former continuous integration service we shall not name (yet that we all used to use). And just like digest five days ago, drat four days ago, littler three days ago, RcppAPT two days ago, and RcppSpdlog yesterday, we converted the vignettes from using the minidown package to the (fairly new) simplermarkdown package which is so much more appropriate for our use of the minimal water.css style. The NEWS entry follows.

Changes in tidyCpp version 0.0.6 (2021-12-06)

Assign nullptr in dtor for Protect class

Switch vignette engine to simplermarkdown

Thanks to my CRANberries, there is also a diffstat report for this release. For questions, suggestions, or issues please use the issue tracker at the GitHub repo. If you like this or other open-source work I do, you can now sponsor me at GitHub.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Search Results: "rkd"

9 September 2022

1 September 2022

29 August 2022

24 August 2022

19 August 2022

4 August 2022

31 July 2022

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Issues Missing dependency in libgd Test failures in SPTAG (1 2) Broken documentation in pdb-tools Features in SIMDe, lintian Underlinking in libgprofng Missing include in cwidget Warnings in stem Invalid syntax in ncbi-igblast Error details needed in SPTAG

Administration Debian BTS: unarchive/reopen/triage bugs for reintroduced packages Debian servers: check full disks, ping users of excessive disk usage, restart a hung service Debian wiki: approve accounts

Communication Respond to queries from Debian users and contributors on the mailing lists and IRC

Sponsors The SPTAG, SIMDEverywhere, cwidget, aptitude, tldextract work was sponsored. All other work was done on a volunteer basis.

8 July 2022

25 June 2022

18 June 2022

22 May 2022

5 March 2022

Finally If you are interested in contributing to the Reproducible Builds project, please visit our Contribute page on our website. However, you can get in touch with us via: IRC: #reproducible-builds on irc.oftc.net. Twitter: @ReproBuilds Mailing list: rb-general@lists.reproducible-builds.org

1 February 2022

Focus This month I didn't have any particular focus. I just worked on issues in my info bubble.

Administration Debian BTS: unarchive/reopen/triage bugs for reintroduced packages Debian servers: ping folks about mail forwarding issues Debian wiki: unblock IP addresses, approve accounts

Communication Respond to queries from Debian users and contributors on the mailing lists and IRC

Sponsors The oci-cli, oci-python-sdk, circuitbreaker, autoconf-archive, libpst, purple-discord, sptag work was sponsored. All other work was done on a volunteer basis.

22 January 2022

3 January 2022

Installation I have uploaded carl to crates.io, so you can install carl using cargo: cargo install carl. I also plan to upload it to Debian at some point. If you find bugs or have feature requests, please don t hesitate to create issues.

31 December 2021

26 December 2021

8 December 2021

7 December 2021

6 December 2021

Changes in tidyCpp version 0.0.6 (2021-12-06) Assign nullptr in dtor for Protect class Switch vignette engine to simplermarkdown

Issues

Missing dependency in libgd

Test failures in SPTAG (1 2)

Broken documentation in pdb-tools

Features in SIMDe, lintian

Underlinking in libgprofng

Missing include in cwidget

Warnings in stem

Invalid syntax in ncbi-igblast

Error details needed in SPTAG

Administration

Debian BTS: unarchive/reopen/triage bugs for reintroduced packages

Debian servers: check full disks, ping users of excessive disk usage, restart a hung service

Debian wiki: approve accounts

Communication

Respond to queries from Debian users and contributors on the mailing lists and IRC

Administration

Debian BTS: unarchive/reopen/triage bugs for reintroduced packages

Debian servers: ping folks about mail forwarding issues

Debian wiki: unblock IP addresses, approve accounts

Communication

Respond to queries from Debian users and contributors on the mailing lists and IRC

Installation I have uploaded carl to crates.io, so you can install carl using cargo: `cargo install carl`. I also plan to upload it to Debian at some point. If you find bugs or have feature requests, please don t hesitate to create issues.

Changes in tidyCpp version 0.0.6 (2021-12-06)

Assign nullptr in dtor for `Protect` class

Switch vignette engine to simplermarkdown