I think my demands for a terminal emulator are pretty basic but none
the less I run into trouble every now and then. This time it was a
new laptop and starting from scratch with an empty $HOME and the
current Debian/testing instead of good old Jessie.
For the last four or five years I've been a happy user of gnome-terminal,
configured a mono space font, a light grey background with black text
color, create new tabs with Ctrl-n, navigate the tabs with Ctrl-Left and
Ctrl-Right, show no menubar, select URLs with double click. Suited me well
with my similarly configured awesome window manager, where I navigate with
Mod4-Left and Mod4-Right between the desktops on the local screen and only
activate a handful of the many default tiling modes.
While I could get back most of my settings, somehow all cited gconf kung-foo
to reconfigure the URL selection pattern in gnome-terminal failed, and copy&pasting
URLs from the terminal was a pain in the ass. Long story short I now followed
the advice of a coworker to just use the xfce4-terminal.
That still required a few tweaks to get back to do what I want it to do. To
edit the keybindings you've to know that you've to use the GTK way and edit
them within in the menu while selecting the menu entry. But you've to allow
that first (why oh why?):
echo "gtk-can-change-accels=1" >> ~/.gtkrc-2.0
Fair enough that is documented.
Changing the keybinding generates fancy things in ~/.config/xfce4/terminal/accels.scm in
case you plan to hand edit a few more of them.
I also edited a few things in ~/.config/xfce4/terminal/terminalrc:
MiscAlwaysShowTabs=TRUE
MiscMenubarDefault=FALSE
So I guess I can remove gnome-terminal for now and stay with another
GTK2 application. Doesn't feel that good but well at least it works.
This isn't actually answering the question, but it's close. It's also horrible, so whoever adopts
Enrico's script should also
completely rewrite this or burn it along with the stack of pizza boxes and the grand piano.
Input:
Not sure what to say on days when the default ruleset of a
"web application firewall" denies access for curl, and the
circumvention is as complicated as:
alias curl-vs-asm="curl -A 'Mozilla'"
It starts to feel like wasting my lifetime when I see something
like that. Otherwise I like my job (that's without irony!).
Update:
Turns out it's even worse. They specifically block curl. Even
To state the obvious: my personal preference is to
run Debian GNU/Linux. My current workplace is a CentOS
shop and usually I'm the first to claim that it doesn't
matter at all, and distribution specific implementation
details are irrelevant for what we do (running a JVM).
Let's take a short detour to the RedHat network-scripts.
Two weeks ago we found some systems we originally installed
in a different network segment, with different DNS servers and different
search domains, came back up after a reboot with a rewritten
'resolv.conf'. Later on cfengine replaced the generated 'resolv.conf'
with the intended one, so it wasn't that obvious to spot in the first place.
A colleague found the origin of the rewritten 'resolv.conf' in a
device specific configuration file that defined the 'DNS 1,2 ' variables
with the installation time DNS server IPs from the other segment.
I expected to experience the same behaviour (resolv.conf rewritten during
startup and replaced by cfengine later on) in other locations,
but assumed we just didn't notice it because the main difference would be
a slightly different list of search domains. And I was wrong. I checked
the timestamps of several 'resolv.conf' files and their cfengine backup
file. None were recently created or related somehow to a reboot.
grep-ing through parts of the network-scripts I found the following conditional
in '/etc/sysconfig/network-scripts/ifup'
if [ "$PEERDNS" != "no" ] [ -n "$RESOLV_MODS" -a "$RESOLV_MODS" != "no" ]; then
[ -n "$MS_DNS1" ] && DNS1=$MS_DNS1
[ -n "$MS_DNS2" ] && DNS2=$MS_DNS2
if [ -n "$DNS1" ] && ! grep -q "^nameserver $DNS1" /etc/resolv.conf &&
tr=$(mktemp /tmp/XXXXXX) ; then
...
So if you adjust only the second nameserver IP you stored in "DNS2" in your configuration
you end up without an update to your 'resolv.conf'. Now knowing that, I'd say this is
relevant distribution specific knowledge, and I'm wondering how many of such subtle
behaviours we've hidden in Debian specific solutions? Maybe knowledge about distribution
specific implementation details even matters after all.
Regardig the 'resolv.conf' issue itself the fault is on us. We as the responsible team
did not read the documentation properly and thus deployed a configuration that later on
let to some unexpected consequences. I try to remember those issues as an example for the
next NetworkManager/systemd-networkd vs old-school-network-scripts argument.
Note to myself so I don't have to search for it the next time I've to
answer security audit questions.
If you're lucky and you're running Debian you can install pgpdump and use
and match the CIPHER_ALGO_ and DIGEST_ALGO_ numbers with those in
include/cipher.h.
Found the information in this thread.
Update: anarcat suggested to take a look at the tools contained in
hopenpgp-tools.
Maybe my favourite song of Moby - "That's when I reach for my revolver" -
is one of the more unsual ones, slightly more rooted in his Punk years and a cover version. Great artist anyway.
In case someone is in need of a free DynDNS service
which allows you to configure AAAA recods and the TTL,
you might want to look at
BLABLADNS.
It's rather HTTP API centric so you can configure
everything with curl if you like.
Well we want to freeze later this year so I started with the
axing now.
Maybe a bit premature like Mattia pointed out correctly
in #debian-qa, because we've some maintained plugins
for xchat around.
cwirc a morse code via IRC plugin
xchat-xsys system statistics output to a channel
Update: There is a xsys plugin included with hexchat.
xchat-guile GNU Scheme scripting plugin
Update: Lionel agreed and created a RM bug. Thanks!
I can survive without them, so I'd be fine with another three RM bugs. Now feel
free to flame me, I promise to wear my finest asbestos underwear.
I did some musings on my way home about a line of shell scripting similar to
if [ grep foobar somefile wc -l -gt 0 ]; then ...
Yes it's obvious that silencing grep and working with the return code is
way more elegant and the backticks are also deprecated, or at least discouraged,
nowadays. For this special case "grep -c" is not the right replacement. Just in case.
So I wanted to know how widespread the "grep wc -l" chaining
actually is. codesearch.d.n to the rescue!
At least in some codebases it seems to be rather widespread, so maybe
"grep -c" is not POSIX compliant?
Nope. Traveling back a few years and looking at a somewhat older
manpage
also lists a "-c" option. At least for now I doubt that this is some kind
of backwards compatiblity thing. Even
busybox
supports it.
As you can obviously deduce from the matching lines, and my rather fuzzy search pattern,
there are valid cases among the result set where "grep" is just the first command
and some "awk/sed/tr" (you name it) is in between the final "wc -l". But quite some
" wc -l" could be replaced by a "-c" added to the "grep" invocation.
[root@adc:Standby:In Sync] config # tmsh save /sys ucs /var/tmp/foo.ucs
Saving active configuration...
/var/tmp/foo.ucs is saved.
[root@adc:Standby:In Sync] config # tmsh save /sys ucs /var/tmp/foo.ucs > /dev/null
Saving active configuration...
[root@adc:Standby:In Sync] config # tmsh save /sys ucs /var/tmp/foo.ucs 2> /dev/null
/var/tmp/foo.ucs is saved.
[root@adc:Standby:In Sync] config #
Seems F5 is not alone with such glorious ideas. A coworker pointed out that the
"ipspace list" command on our old NetApps outputs a space and a backspace in some
places.
What happened in the reproducible
builds effort between December
27th and January 2nd:
Infrastructure
dak now silently accepts and discards .buildinfo files (commit 1, 2), thanks to Niels Thykier and Ansgar Burchardt. This was later confirmed as working by Mattia Rizzolo.
Packages fixed
The following packages have become reproducible due to changes in their
build dependencies:
banshee-community-extensions,
javamail,
mono-debugger-libs,
python-avro.
The following packages became reproducible after getting fixed:
fltk1.1/1.1.10-20 by Aaron M. Ucko, currently FTBFS.
fltk1.3/1.3.3-5 by Aaron M. Ucko, currently FTBFS.
reproducible.debian.net
The testing distribution (the upcoming stretch) is now tested on armhf. (h01ger)
Four new armhf build nodes provided by Vagrant Cascandian were integrated in the infrastructer. This allowed for 9 new armhf builder jobs. (h01ger)
The RPM-based build system, koji, is now in unstable and testing. (Marek Marczykowski-G recki, Ximin Luo).
Package reviews
131 reviews have been removed, 71 added and 53 updated in the previous week.
58 new FTBFS reports were made by Chris Lamb and Chris West.
New issues identified this week:
nondeterminstic_ordering_in_gsettings_glib_enums_xml,
nondeterminstic_output_in_warnings_generated_by_breathe, qt_translate_noop_nondeterminstic_ordering.
Misc.
Steven Chamberlain explained in length why reproducible cross-building across architectures mattered, and posted results of his tests comparing a stage1 debootstrapped chroot of linux-i386 once done from official Debian packages, the others cross-built from kfreebsd-amd64.
Today I learned from my coworkers about a few helpful sub commands of yum
and some other things from the rpm world. Just jotting them down here so
I don't forget about them.
Oh and why did we've to do it? Well CentOS 6 got a grep update from 2.6 to
2.20.
That upgrade lost the --mmap option and some very old stuff started
to fall apart because of the now unknown option.
Update: There are some interesting issues related to this update in the RedHat
Bugzilla.
#1287074#1256756
I added #1291714 just for
the sake of completeness.
# yum history
ID Login user Date and time Action(s) Altered
-------------------------------------------------------------------------------
124 xxx 2015-12-15 11:51 Downgrade 1
123 yyy 2015-12-15 11:02 E, O, U 244 EE
122 zzz 2015-12-15 10:57 I, O, U 255 **
Provides an overview of the last actions done with yum. On CentOS 7 (this
one is from CentOS 6) the output seems to have changed slighty and it provides
the commandline instead of the username.
Kind of the rpm -q ... stuff on a repository level instead of the local rpm database.
Update: T.P. provided a small shell snippet to
show updates. Thanks.
My monthly report covers a large part of what I have been doing in the free software world. I write it for my donators (thanks to them!) but also for the wider Debian community because it can give ideas to newcomers and it s one of the best ways to find volunteers to work with me on projects that matter to me.
Debian LTS
This month I have been paid to work 21.25 hours on Debian LTS. During this time I worked on the following things:
From November 2nd to November 8th, I was handling the LTS frontdesk, triaging new CVE, filing bugs, and ensuring timely answers on the mailing list. I pushed 26 commits to the security tracker. While investigating CVE-2015-7183 I discovered more embedded copies of nspr (which resulted in #804058). I also commented on the upstream fix for CVE-2015-5602 which looked like insufficient.
Prepared and released DLA-339-1 on libhtml-scrubber-perl fixing one CVE.
Prepared and released DLA-350-1 on eglibc with a non-trivial backport fixing one CVE.
Prepared and released DLA-353-1 on imagemagick fixing two security issues without CVE yet (and marking one as not-affecting squeeze).
Added a third patch after review by the upstream author on my still pending bouncycastle update. The upstream author asked me to further defer the update as they have some related fixes coming up.
I did preparatory work for DLA-352-1 by identifying the upstream commits that fixed the security issue.
I spent some time checking issues that have been assigned for a long time without any visible progress being made in the hope to unblock them (libvncserver, pound, quassel).
The Debian Administrator s Handbook
Now that the English version has been finalized for Debian 8 Jessie (I uploaded the package to Debian Unstable), I concentrated my efforts on the French version. The book has been fully translated and we re now finalizing the print version that Eyrolles will again edit.
Paris Open Source Summit
On November 18th and 19th, I was in Paris for the Paris Open Source Summit. I helped to hold a booth for Debian France during two days (with the help of Fran ois-R gis and several others).
On the booth, we had the visit of Juliette Belin who created the theme and the artwork of Debian 8 Jessie. We lacked goodies but we organized a lottery to win 12copies of my French book.
Debian packaging work
Django. After two weeks of preparation for revers dependencies, I uploaded Django 1.8 to unstable and raised the severity of remaining bugs. Later I uploaded a new upstream point release (1.8.6). I also handled a release critical bug first by opening a ticket upstream and then by writing a patch and submitting it upstream. I uploaded 1.8.7-2 to Debian with my patch.
I also submittted another small fix which has been rejected because the manual page is generated via Sphinx and I thus had to file a bug against Sphinx (which I did). A work-around has been found in the mean time.
apt-xapian-index NMU. A long time ago, I filed a release critical bug against that package (#793681) but the maintainer did not handle it. Fortunately Sven Joachim prepared an NMU and I just uploaded his work. This resulted in another problem due bash-completion changes that Sven promptly fixed and I uploaded a second NMU a few days later.
Gnome-shell-timer. I forwarded #805347 to gnome-shell-timer issue #29 but gnome-shell-timer is abandoned upstream. On a suggestion of Paul Wise, I tried to get this nice extension integrated into gnome-shell-extensions but the request has been turned down. Is there anyone with javascript skills who would like to adopt this project as an upstream developer? It s a low maintenance project with a decent and loyal user base.
Misc. I fixed bug #804763 in zim which was the result of a bad Debian-specific patch.
I sponsored pylint-plugin-utils_0.2.3-2.dsc for Joseph Herlant to fix a release critical bug. I filed 806237 against lintian. I filed more tickets upstream, related to my Kali packaging work: one against sddm, one against john
Other Debian-related work
Distro-Tracker. I finally merged the work of Orestis Ioannou on bug #756766 which added the possibility to browse old news of each package.
Debian Installer. I implemented two small features that we wanted in Kali: I fixed #647405 to have a way to disable deb-src lines in generated sources.list files. I also filed #805291 to see how to allow kernel command line preseeding to override initrd preseeding the fix is trivial and it works in Kali. I just have to commit it in Debian, I was hoping to get an ack from someone in charge before doing it.
Thanks
See you next month for a new summary of my activities.
Beside of an upgrade to TMOS 11.4.1HF9 I wanted to use a maintenance today to assign
some specific irule to a VS. Within the irule I use some HTTP functions so
when I tried to add the irule to the already existing VS the tmsh correctly told me
that I also need a http profile on this VS. Thanks tmsh you're right, oversight by
myself.
So what I did was:
tmsh accepted but all my tests ended at the VS. I could connect but got no reply at all. That was strange
because I tested this irule extensively. So I reverted back to the known good state with just
plain tcp forwarding.
My next try was to assign only the http profile without the irule.
And now it worked as intended. So I went on and removed my debug statements, tested
again and it still works. Let's see if I can reproduce that case some time later this
week to fill a proper bugreport with F5.
Update: Turns out it was all my fault. Due to a misunderstanding about
RULE_INIT and
the static namespace,
I managed to overwrite important variables globally. Lesson learned: Be very careful
if you use "static::" or better avoid it. Also think twice if you start to set things
on the RULE_INIT event. Since it's only called on saving an irule or restarts of the
device, your errors might show only later when you do not expect that.
Colin Watson uploaded halibut/1.1-2 which implements support for SOURCE_DATE_EPOCH.
Chris Lamb filled a bug on python-setuptools with a patch to make the generated requires.txt files reproducible. The patch has been forwarded upstream.
Chris also understood why the she-bang in some Python scripts kept being undeterministic: setuptools as called by dh-python could skip re-installing the scripts if the build had been too fast (under one second). #804339 offers a patch fixing the issue by passing --force to setup.py install.
#804141 reported on gettext asks for support of SOURCE_DATE_EPOCH in gettextize. Santiago Vila pointed out that it doesn't felt appropriate as gettextize is supposed to be an interactive tool. The problem reported seems to be in avahi build system instead.
Packages fixed
The following packages became reproducible due to changes in their
build dependencies:
celestia,
dsdo,
fonts-taml-tscu,
fte,
hkgerman,
ifrench-gut,
ispell-czech,
maven-assembly-plugin,
maven-project-info-reports-plugin,
python-avro,
ruby-compass,
signond,
thepeg,
wagon2,
xjdic.
The following packages became reproducible after getting fixed:
4ti2/1.6.6+ds-1 uploaded by Jerome Benoit, fixed upstream.
Chris Lamb closed a wrongly reopened bug against haskell-devscripts that was actually a problem in haddock.
reproducible.debian.net
FreeBSD tests are now run for three branches: master, stable/10, release/10.2.0. (h01ger)
diffoscope development
Support has been added for Free Pascal unit files (.ppc). (Paul Gevers)
The homepage is now available using HTTPS, thanks to Let's Encrypt!.
Work has been done to be able to publish diffoscope on the Python Package Index (also known as PyPI): the tlsh module is now optional, compatibility with python-magic has been added, and the fallback code to handle RPM has been fixed.
Documentation update
Reiner Herrmann, Paul Gevers, Niko Tyni, opi, and Dhole offered various fixes and wording improvements to the reproducible-builds.org. A mailing-list is now available to receive change notifications.
NixOS, Guix, and Baserock are featured as projects working on reproducible builds.
Package reviews
70 reviews have been removed, 74 added and 17 updated this week.
Chris Lamb opened 22 new fail to build from source bugs.
New issues this week:
randomness_in_ocaml_provides,
randomness_in_qdoc_page_id,
randomness_in_python_setuptools_requires_txt,
gettext_creates_ChangeLog_files_and_entries_with_current_date.
Misc.
h01ger and Chris Lamb presented Beyond reproducible builds at the MiniDebConf in Cambridge on November 8th. They gave an overview of where we stand and the changes in user tools, infrastructure, and development practices that we might want to see happening. Feedback on these thoughts are welcome. Slides are already available, and the video should be online soon.
At the same event, a meeting happened with some members of the release team to discuss the best strategy regarding releases and reproducibility. Minutes have been posted on the Debian reproducible-builds mailing-list.
I just got asked by someone I help out with sponsoring uploads from
time to time how to get rid of overlinking. Since wheezy or maybe even earlier
dpkg-shlipdeps will complain with a warning like this:
dpkg-shlibdeps: warning: package could avoid a useless dependency if debian/
foobar/usr/bin/foobar was not linked against libatk-1.0.so.0 (it uses none of the
library's symbols)
That usually requires some build system fixes, or pkg-config fixes or something else.
This one
should provide a starting point if you'd like to read a bit more.
But in case you're lucky, and you use debhelper, and the buildsystem is sane enough to
read the LDCONFIG environment variable
in your debian/rules can be enough. I admit that's still a bit of a hack that requires
some luck to work out and can break in strange and nasty ways. But if it work's I'm fine
with it.
man 1 dpkg-buildflags
hold the details to the mechanics in use here regarding the environment variables.
USENIX lately started a new journal called JESA
to tackle the issue of education for Systemadministrators. For the first issue Tom Limoncelli
wrote an open letter
which tries to summarize the current situation the industry faces. For me it's kind of a
problem statement one can use to start thinking about solutions.
Currently I don't see something like a formal education to call yourself Systemadministrator or
Systemengineer anywhere near. And I don't think it's required. But still the expectations I see
on both ends - employer and employee - often differ a lot in all kind of directions.
In Germany we've a very organized (some call it bureaucratic) system of non academic education,
organized as an apprenticeship. And like Tom wrote in the open letter mentioned above many IT
departments do not follow best practise, and even more do so unintentionally because they never
got that far. But what kind of people can you expect from this system when they got formed for
three years in a rather sloppy environment? So there is a lot to fix, but as usual I've
doubts when I think about possible solutions. Do I expect too much from the education system and/or
the people? Do I look at the wrong people? Is this education system the right system to educate this
kind of people I'd like to work with?