A strange problem Yesterday, I was reported a funny problem with the dokuwiki Debian package's postinst script, which contains a piece of shell script similar to that:

# Check the destination does not already exist
if [ ! -e /the/destination ]
then
    ln -s /some/file /the/destination
fi

It was failing with that message: ln: failed to create symbolic link '/the/destination': File exists. Even though I had just tested it did not exist! The explanation The reason of that failure is quite simple, but easy to forget: test(1), aka [, uses stat(2), which dereferences symlinks when testing for file existence! So, test ! -e /the/destination does not mean check there is no file there but rather check there is either no file or only a dead symlink . So, the correct way to write such a piece of code is:

# Check there is not already a file or a (dead) symlink
if [ ! -e /the/destination -a ! -h /the/destination ]
then
    ln -s /some/file /the/destination
fi

I just received an USB headset from Plantronics. Since it has a keypad on it, with buttons to mute the microphone and to adjust the volume, it appears as both a sound card and a keyboard. Problem: that keyboard sends a mouse ButtonPress 1 (yes, a mouse button event, do not ask me how that is materially and logically possible) when the microphone is muted, and only sends the corresponding ButtonRelease 1 when it is unmuted. As a result, the pointer behaves as if the mouse button was pressed continuously, rendering the desktop quite unusable.This situation has been the object of many discussions and bug reports. All of them always suggest the same solution: making X.Org ignore the keyboard associated to the headset, with an important side effect: volume adjustment will no longer be possible using the headset buttons. Microphone muting will still be available though, since it is implemented directly in the headset. There is a better solution however: remap the mouse button 1 of that keyboard (yes, the idea that a keyboard has mouse buttons is quite funny) to disable it. To do that temporarily:

 $ # Get the identifier of the Plantronics keyboard
$ xinput --list
  Virtual core pointer            id=2  [master pointer  (3)]
      Logitech USB Optical Mouse  id=10 [slave  pointer  (2)]
  Virtual core keyboard           id=3  [master keyboard (2)]
      Power Button                id=6  [slave  keyboard (3)]
      Logitech USB Keyboard       id=8  [slave  keyboard (3)]
      Plantronics .Audio 400 DSP  id=11 [slave  keyboard (3)]
$ # Remap its mouse button 1 to 0 (disable)
$ xinput --set-button-map 11 0

And to do it permanently, create a file /etc/X11/xorg.conf.d/plantronics.conf and restart X.Org:

 Section "InputClass"
    Identifier "Plantronics"
    MatchVendor "Plantronics"
    Option "ButtonMapping" "0"
EndSection

This way, the mouse button 1 events from the headset keyboard are ignored, while all the other events it generates, that is KeyPress/KeyRelease XF86AudioLowerVolume and XF86AudioRaiseVolume, are not.

Like it or not, XML has been used everywhere, even in cases where text-based formats would have been sufficient. Unfortunately, standard tools such as grep, sed or awk are not really adapted to work with XML. Let us take the following example:

<chapter
    xmlns="http://docbook.org/ns/docbook" version="5.0">
    <title>The Debian distribution</title>
    <para>Debian is a free operating system, describing itself as  the
    universal operating system . It is mostly known as a GNU/Linux
    distribution, but it also exist in other variants such as GNU/Hurd
    and GNU/kFreeBSD </para>
</chapter>

PYX and xml2 There are at least two line-oriented alternative formats for XML:

• PYX is an even-oriented format derived from an SGML subset, which can be used with the tool XMLStarlet,
• xml2 is a tool that can transform XML to a content-oriented format.

This is what our example would like in PYX:

(chapter
Aversion 5.0
-\n
(title
-The Debian distribution
)title
-\n\n
(para
-Debian is a free operating system, describing itself as
- the\n    universal operating system . It is mostly known as a GNU/Linux\n    distribution, but it also exist in other variants such as GNU/Hurd\n    and GNU/kFreeBSD 
)para
-\n
)chapter

And in the xml2 format:

/chapter/@xmlns=http://docbook.org/ns/docbook
/chapter/@version=5.0
/chapter/title=The Debian distribution
/chapter/para=Debian is a free operating system, describing itself as  the
/chapter/para=    universal operating system . It is mostly known as a GNU/Linux
/chapter/para=    distribution, but it also exist in other variants such as GNU/Hurd
/chapter/para=    and GNU/kFreeBSD 

Examples of use We want to extract the DocBook version number. This is not easy to do in a reliable way using the XML directly, but it appears directly with xml2:

$ xml2 < chapter.xml   grep '^/chapter/@version=' \
      cut -d= -f2
5.0

We want to move the title into an info tag, using PYX:

$ xmlstarlet pyx chapter.xml   sed -e '/^(title$/i\
(info
/^)title$/a\
)info'   xmlstarlet p2x
<chapter version="5.0">
    <info><title>The Debian distribution</title></info>
    [ ]

We could go further, adding a keywords entry in that info tag for instance, but you get the idea: when you want to work with XML in a reliable way, try xmlstarlet pyx or xml2.

After years of waiting, Google has finally enabled IPv6 for their email service Gmail. And a few weeks ago, they updated their policy, adding one specific rule: reject email from IP addresses with no reverse name:

% nc -Cv gmail-smtp-in.l.google.com. smtp
Connection to gmail-smtp-in.l.google.com. 25 port [tcp/smtp] succeeded!
220 mx.google.com ESMTP bz2si13656083wjc.108 - gsmtp
HELO boo.example.com
250 mx.google.com at your service
MAIL FROM: <me@example.com>
250 2.1.0 OK bz2si13656083wjc.108 - gsmtp
RCPT TO: <you@gmail.com>
250 2.1.5 OK bz2si13656083wjc.108 - gsmtp
DATA
354  Go ahead bz2si13656083wjc.108 - gsmtp
Subject: Test
From: Me <me@example.com>
To: You <you@gmail.com>
Test.
.
550-5.7.1 [2001:db8:8e3f:43c7::12      16] Our system has detected that this
550-5.7.1 message does not meet IPv6 sending guidelines regarding PTR records
550-5.7.1 and authentication. Please review
550-5.7.1 https://support.google.com/mail/?p=ipv6_authentication_error for more
550 5.7.1 information. bz2si13656083wjc.108 - gsmtp

That sucks

• It is not a sane anti-spam measure, because not having a reverse name tells absolutely nothing about the email emitter or the message itself: it only indicates that the email emitter has a lame access provider. Specifically:
  • spammers can have perfect reverse names;
  • regular email emitter can have no reverse name because their access provider suck, and have no way of fixing it because all access providers suck the same way.
• While IPv6 is the future of the Internet, this measure discourages its use. Yes, providing no reverse names suck, but it is by no mean the user's fault, and since IPv6 is more complicated to implement than IPv4, Internet actors must tolerate youth errors or people will just keep what works, i.e. IPv4.

By the way, I would love to have a perfect Internet access provider, but that does not exist where I live, and I do not think it exists at all anywhere. Google, instead of complaining about lame access providers, you are welcome to offer me a fibre service with decent upload rate, static IPv4, static IPv6 /64, customizable reverse DNS for IPv4 and IPv6, and full respect of the network neutrality. Until then, I am doing the best I can with the least bad provider available. Workaround As I said, their is an easy workaround. Google does not accept my mail on IPv6? Fine, I will keep using IPv4. Only for Google of course, no need to punish the whole Internet for Google's damn restrictions. With Postfix, you can do that this way (thanks to Christian Skala for his blog post about this problem). In /etc/postfix/master.fr, enable an IPv4-only SMTP client service:

smtp4     unix  -       -       -       -       -       smtp -o inet_protocols=ipv4

Then, in /etc/postfix/main.cf, define a transport map if you do not already use one:

transport_maps = hash:/etc/postfix/transport

Create that transport map /etc/postfix/transport or complete it:

gmail.com smtp4:

Finally, hash that transport map and have Postfix reload its configuration:

# postmap /etc/postfix/transport
# service postfix reload

One problem with PGP, at least with GnuPG, is that it does not interact with the web. There used to be a Firefox addon for that, called FirePGP, but its development was stopped. So, good news, a new addon has come to fill the gap it left: WebPG, an addons for Firefox and Chrome. I am using it since a while, and it seems to work fine, being able to encrypt, sign, decrypt and check text blocks. Of course, it cannot handle PGP/MIME unless explicitly adapted to the webmail you use, but there seem to be some experimental support for GMail.

The blog engine PluXml is now available as a Debian package:

Package: pluxml
Version: 5.2-2
Description-en: Light blog engine using XML files
 PluXml is a light and simple blog and CMS engine that uses simple XML
 files to store its data and requires no database. It has all the usual
 features (static pages, comments, categories, tags, medias, RSS
 feed...) and supports multiple users, customizable themes and plugins.
Homepage: http://www.pluxml.org/
Section: web
Priority: extra

PluXml is a French blog engine that uses XML files to store its data, thus avoiding the need for an external database system as most blogs do. The name PluXml is a French portmanteau between plume (feather, evoking something light) and XML. Apart from that, although it was started in French only and its official website is still in French, it was internationalized about a year ago. It is designed to be easy enough to use, targeting regular users, but not too fancy: for instance, it provides a web-based administration interface, but content editing uses HTML code unless you install a graphical content editor plugin. That package may be of interest to people like me, that consider the almost systematic use of relational database systems in many web applications as a disease, and more generally to self-hosted people that would rather avoid running an additional database server on their small home servers. The package includes an interactive configuration, that allows to choose the blog language, title, description, admin login and password. Unless debconf was configured not to ask questions, in which case nothing is asked and the blog is left in an barely unusable state, of course.

grep is designed to print lines matching a given pattern, but I often need to print only the matching part, discarding the remaining. I used to do that with sed, but it involves several actions: match, replace the line by only the matching pattern and print. Fortunately, GNU grep has an option to do just that:

-o, --only-matching

Print only the matched (non-empty) parts of a matching line, with each such part on a separate output line.

Unfortunately it is not a standard option, so it may be missing on non-GNU systems.

With the PRISM scandal, there has been some talk about encrypted communication systems. For instance, BitMessage is often introduced as an easy and secure message system, that would allow you to communicate with no possible eavesdropping. Apple is also making similar claims about their systems iMessage and FaceTime. This is a good time to remind this: without direct contact or a certification layer, encryption systems are not secure! Or at least, not as secure as you would expect, as they do allow some kind of eavesdropping.Let us take the example of BitMessage:

1. Alice sends her BitMessage address to Bob by email, an insecure channel;
2. Mallory catches that email message and changes Alice's BitMessage address with his own;
3. Bob sends a BitMessage for Alice to the address he received, which he thinks is Alice's, but is in fact Mallory's;
4. Mallory receives the message, reads it, modifies it if he wants, and sends it to Alice.

This is a man-in-the-middle attack, a kind of active eavesdropping technique that requires read-modify access to a communication line. Without a specific way to ensure that a cryptographic key really belongs to its alleged owner, a cryptographic system is vulnerable to such attacks, even if it does protect against simpler attacks (like passive eavesdropping or introduction of MiTM after the introduction sequence). When you read that a cryptographic system provides end-to-end security and is impervious to eavesdropping, while it provides no mean to make sure you are in contact to the right person, remember to consider this affirmation as what it is: a lie.

For email extensions such as SPF, DKIM and DMARC, I think the most flexible and portable system is the milter protocol. Originally developed for Sendmail, it is now also supported by Postfix, and it allows to plug specific filters in the mail server without the hassle of the previous systems like SMTP proxies.

SPF milters in Debian OpenDKIM provides a good milter for checking DKIM. OpenDMARC provides a similar milter for DMARC. But the situation is more difficult for SPF in Debian which is a requirement for DMARC! :

spf-milter

It was based on the buggy libspf0 and was never updated to libspf2, and was finally removed from Debian;

spf-milter-python

This one seems a bit Sendmail-centric it uses a dbm configuration file for instance and not very documented.

Packaging a new SPF milter? There are other milters for SPF, which have not been packaged for Debian yet, but I am ready to package one. Has anybody tried another SPF milter?

spfmilter

Still in beta test, still to be ported to libspf2 which may never happen since it was not updated since 2005.

smf-spf

Based on libspf2, seems rather neat, with a clean configuration, but inactive since 2007.

milter-spiff

Proprietary.

This is my monthly summary of my free software related activities. If you re among the people who made a donation to support my work (70 , thanks everybody!), then you can learn how I spent your money. Otherwise it s just an interesting status update on my various projects. The Debian Administrator s Handbook Spanish translation completed. The Spanish team finished the translation of the book. The PDF build process was not yet ready to build translations so I had to fix this. At the same time, I also improved the mobipocket build script to make use of Amazon s kindlegen when available (since Amazon now requires the use of this tool to generate Mobipocket files that can be distributed on their platform). Once those issues were sorted I made some promotion of this first completed translation because they really deserve some big kudos ! Plans for the French translation. You know that the Debian Administrator s Handbook came to life as a translation of the French book Cahier de l Admin Debian (published by Eyrolles). This means that we currently have a free translation of a proprietary book. It s a bid of an odd situation that I always wanted to fix. I discussed with Eyrolles to find out how we could publish the original book under the same licenses that we picked for the English book and the result is that we setup a new crowdfunding campaign to liberate the French book and then make it an official French translation of the Debian Administrator s Handbook. Read the rest and support us on the ulule project page (a kickstarter like for people who are not based in the US). Debian France I updated our membership management application (galette) to version 0.7.4.1 with numerous bug fixes but the true highlight this month was Solutions Libres et Opensource , a tradeshow in Paris where Tanguy Ortolo, me, and other volunteers (C dric Boutillier, Arnaud G., and some that I have forgotten, thanks to them!), held a Debian booth for two consecutive days (May 28-29). For once we had lots of goodies to sell (buffs, mouse pad, polos, stickers, etc.) and the booth was very well attended. Google s Summer of Code Last month I was rater overwhelmed with queries from students who were interested in applying for the Package Tracking System Rewrite project that I offered to mentor as part of Google s Summer of Code. In the end, I got 6 good student applications that Stefano and me evaluated. We selected Marko Lalic. The Community Bonding Period is just starting and we re fleshing out details on how we will organize the work. We ll try to use the IRC channel #debian-qa on OFTC for questions and answers and weekly meetings. Misc Debian packaging I packaged zim 0.60 and with the release of Wheezy, I uploaded to unstable all the packages that I staged in experimental (cpputest, publican). I sponsored the upload of libmicrohttpd 0.9.27-1. I filed a couple of bug reports that I experienced with the upcoming dpkg 1.17.0 (#709172, #709009). In both cases, the package was using a wrongly hardcoded path to dpkg-divert (the binary moved from /usr/sbin/ to /usr/bin/ a while ago and the compatibility symlink is dropped now). I also dealt with #709064 where the user reported upgrade issues related to multiarch. I also filed an upstream bug report on publican to request some way to avoid so much duplication of files (actually I filed it as a response to the Debian bug #708705 that I received). Kali work I had to update OpenVAS for Kali but some parts failed to build in a Debian 7 environment. I diagnosed the problem and submitted a patch upstream. I also got in touch with the Debian OpenVAS maintainer as I wanted to contribute the package back to Debian, but timing issues have pushed this back for a little longer. Thanks See you next month for a new summary of my activities.

One comment Liked this article? Click here. My blog is Flattr-enabled.

Cameron Russell (who works as an underwear model) gave an interesting TED talk about beauty [1]. Ben Goldacre gave an interesting and energetic TED talk about bad science in medicine [2]. A lot of the material is aimed at non-experts, so this is a good talk to forward to your less scientific friends. Lev wrote a useful description of how to disable JavaScript from one site without disabling it from all sites which was inspired by Snopes [3]. This may be useful some time. Russ Allbery wrote an interesting post about work and success titled The Why? of Work [4]. Russ makes lots of good points and I m not going to summarise them (read the article, it s worth it). There is one point I disagree with, he says You are probably not going to change the world . The fact is that I ve observed Russ changing the world, he doesn t appear to have done anything that will get him an entry in a history book but he s done a lot of good work in Debian (a project that IS changing the world) and his insightful blog posts and comments on mailing lists influence many people. I believe that most people should think of changing the world as a group project where they are likely to be one of thousands or millions who are involved, then you can be part of changing the world every day. James Morrison wrote an insightful blog post about what he calls Penance driven development [5]. The basic concept of doing something good to make up for something you did which has a bad result (even if the bad result was inadvertent) is probably something that most people do to some extent, but formalising it in the context of software development work is a cencept I haven t seen described before. A 9yo boy named Caine created his own games arcade out of cardboard, when the filmmaker Nirvan Mullick saw it he created a short movie about it and promoted a flash mob event to play games at the arcade [6]. They also created the Imagination Foundation to encourage kids to create things from cardboard [7]. Tanguy Ortolo describes how to use the UDF filesystem instead of FAT for USB devices [8]. This allows you to create files larger than 2G while still allowing the device to be used on Windows systems. I ll keep using BTRFS for most of my USB sticks though. Bruce Schneier gave an informative TED talk about security models [9]. Probably most people who read my blog already have a good knowledge of most of the topics he covers. I think that the best use of this video is to educate less technical people you know. Blaine Harden gave an informative and disturbing TED talk about the concentration camps in North Korea [10]. At the end he points out the difficult task of helping people recover from their totalitarian government that will follow the fall of North Korea. Bruce Schneier has an interesting blog post about the use of a motherboard BMC controller (IPMI and similar) to compromise a server [11]. Also some business class desktop systems and laptops have similar functionality. Russ Allbery wrote an insightful article about the failures of consensus decision-making [12]. He compares the Wikipedia and Debian methods so his article is also informative for people who are interested in learning about those projects. The TED blog has a useful reference article with 10 places anyone can learn to code [13]. Racialicious has an interesting article about the people who take offense when it s pointed out that they have offended someone else [14]. Nick Selby wrote an interesting article criticising the Symantic response to the NYT getting hacked and also criticises anti-viru software in general [15]. He raises the point that most of us already know, anti-virus software doesn t do much good. Securing Windows networks is a losing game. Joshua Brindle wrote an interesting blog post about security on mobile phones and the attempts to use hypervisors for separating data of different levels [16]. He gives lots of useful background information about how to design and implement phone based systems.

• [1] http://tinyurl.com/be6eel3
• [2] http://www.ted.com/talks/ben_goldacre_battling_bad_science.html
• [3] http://levlafayette.com/node/383
• [4] http://www.eyrie.org/~eagle/journal/2013-01/021.html
• [5] http://www.sorced.com/2012/03/penance-driven-development.html
• [6] http://cainesarcade.com/
• [7] http://www.imagination.is/
• [8] http://tanguy.ortolo.eu/blog/article93/usb-udf
• [9] http://www.ted.com/talks/bruce_schneier.html
• [10] http://www.youtube.com/watch?v=8SAWKDRHZuw
• [11] http://www.schneier.com/blog/archives/2013/01/the_eavesdroppi.html
• [12] http://www.eyrie.org/~eagle/journal/2013-01/026.html
• [13] http://blog.ted.com/2013/01/29/10-places-where-anyone-can-learn-to-code/
• [14] http://tinyurl.com/q2vl2fv
• [15] http://tinyurl.com/awtv7ka
• [16] http://securityblog.org/2013/02/11/security-anti-pattern-mobile-hypervisors/

This is my monthly summary of my free software related activities. If you re among the people who made a donation to support my work (114.19 , thanks everybody!), then you can learn how I spent your money. Otherwise it s just an interesting status update on my various projects. Simple-CDD and debian-cd I tried to use wheezy s version of debian-cd and simple-cdd to generate an automatic installer. In this process, I filed a couple of bugs on simple-cdd (#701963: type-handling package is gone and should not be listed in default.downloads, and #701998: the --keyboard parameter is not working with wheezy s debian-installer) and I commited fixes for a few issues in debian-cd:

• r2518: adjust Makefile for new xorriso requirement
• r2520: add missing depends on dosfstools
• r2521: use --no-check-gpg when querying debootstrap
• r2522: make debian-cd work with a mirror without sources)

Debian France I completed the new website for Debian France and I put it online. Later I merged some supplementary enhancements prepared by Tanguy Ortolo (and I gave him commits rights at the same time). I tried to update our Galette installation to the latest upstream version but I reverted to the former version after having encountered two problems (filed here and here). In the process, I created a Debian package for galette (you can grab it on git.debian.org). I also suggested an idea of improvement for Galette s paypal plugin and it has been quickly implemented. Thus I updated the plugin installed on france.debian.net. Kali related work It s been a few months that I have been helping the Kali team to prepare this new Debian derivative. Now that the derivative has gone public, I can attribute some of my Debian work to my collaboration with the Kali team. This month I contributed a few features and fixes to debian-installer and live-build:

• #702257: new preseed entry to disable CDROM entries
• #703072: hid-generic module is missing from input-modules udeb (affecting experimental kernel only)
• Fix win32-loader support in live-build

After the launch, we registered Kali in the derivative census. Paul Wise quickly reported some misfiled bugs from early Kali users and I discovered that reportbug was not behaving properly even though we correctly updated base-files (see #703678 on reportbug and #703677 on lsb-release). Misc packaging work

• I sponsored a new upstream version of dnsjava because it s required by Jitsi.
• I prepared rebuild 0.4.1.1 and uploaded it to testing-proposed-updates for a RC bug fix.
• I uploaded Publican 3.1.5 to experimental and filed #703514 to request a new upstream version of docbook-xsl that is needed by Publican.
• I filed #703995 to fix apt-setup s handling of the apt-setup/multiarch preseed option.

DPL election I also spent quite some time to read and participate to the discussions on debian-vote since it was campaigning time for the DPL candidates Thanks This was a rather active month if you take into account the fact that I got a second son Lucas on March 6th. See you next month for a new summary of my activities.

4 comments Liked this article? Click here. My blog is Flattr-enabled.

I've moved (only a couple of blocks from where I was before), and as the new place has Webpass I've reluctantly given up my Sonic.net connection, along with its static IPv4 address and ISP IPv6 tunnel. Hard to resist a 200Mb/s ethernet connection for the same price I was paying for 18Mb/s ADSL2 though. However that leaves my DGN3500 router somewhat inappropriate for providing my net connection. Freed from the need for an ADSL/cable router I decided it was time to build an all in one house server (I'm a believer in as few always on boxes as possible). I already had a nettop acting as a media box, but wanted to build something that would handle:

• Gateway for the external network connection
  • Routing to internal ethernet
  • 2.4GHz wifi router
  • 5GHz wifi router
• Printer server
• House NAS
  • Backup server (syncing externally as well)
  • DLNA server
• mpd server
• ATSC based PVR

Probably in that order if it turns out I'm asking too much. The intention is the box is the only one that always needs to be on, so I wanted it to be low power consumption. I also wanted the option of hooking it up to the TV if it turned out to have enough grunt, so the case needed to be something suitable for the living room. I like Intel's approach to graphics drivers, in particular the existence of Free video acceleration support, so I went with an Intel Core i3-3220T as the processor. It's a 35W Ivybridge processor with HD 2500 graphics, plus I got it for a decent price. For the case I chose a CFI A2059. There's a local supplier I was able to pick it up from, it has a couple of large fans which helps keeps the noise down while keeping things cool and as I was aiming for backup / file sharing being more important than a media box the 2 hot swap bays tipped the balance away from an AV style case. The small case limits the motherboard options. I wanted twin GigE ports so the external was entirely separate from the internal (my switch does VLANs so I could have made do with a single port, but with a 200Mb/s connection I didn't really want to share the port). The Gigabyte GA-H77N-WIFI seemed to fit the bill, with the added advantage of a built in WiFi card (an Intel 2230 in a mini PCI-E slot) which leaves the PCI-E slot free for either a TV tuner or a second WiFi card to cover 5GHz. I maxed out the board with 2 8G G.SKILL DDR3-1600 DIMMs. I normally go Crucial because I've found them reliable, but these were slightly cheaper and available from the same place as the motherboard. Finally I added a Seagate ST4000DM000 for storage. It actually came from a Backup Plus that Costco were selling for about $20 less than the bare drive sells for. The plan is to add at least another 1T drive to RAID1 the most important bits (or possibly a 2T - it depends which of my existing drives I can tidy stuff off most easily). Of course it's running Debian and I took the opportunity to try out the RC1 Wheezy image. For extra giggles I did an EFI install; this all worked fine except I didn't end up with grub-efi installed at the end, instead I had grub-pc. I booted with legacy BIOS enabled and followed Tanguy's switch to UEFI boot instructions. Further notes on software setup to follow...

UPower for regular users Major desktop environments usually provide a user-friendly menu to suspend your computer. Internally, if seems to use something called UPower, which uses something called PolicyKit, which in turn may or may not use another piece called ConsoleKit (do not ask me what all these pieces are and how they relate to each other, I do not know and I do not want to know). For the regular user, the result is the following: when they click on that button, it suspends their computer.UPower for command line users However, if you are using a more unusual desktop environment, for instance a simple, light window manager, you will not have such a button. And no, UPower does not provide a simple command line tool to suspend your computer (they probably consider that command line is out of fashion ). Well, in case you need it, here is a way to suspend your computer from a command line or whatever: just alias it or bind it to a key shortcut. It uses some dark DBus magic:

$ dbus-send --system --print-reply --dest='org.freedesktop.UPower' \
    /org/freedesktop/UPower org.freedesktop.UPower.Suspend

If you prefer to hibernate your computer, that is, to suspend it, not to RAM but to disk:

$ dbus-send --system --print-reply --dest='org.freedesktop.UPower' \
    /org/freedesktop/UPower org.freedesktop.UPower.Hibernate

As you can see, for some reason it requires some duplication of information: the name org.freedesktop.UPower appears three times in that command line: in the destination , object path and interface member , whatever that could mean. Again, do not ask me why, I know nothing about that and I do not want to. Notes

1. Actually, UPower does provide a command line tool called upower, but the only thing it does (monitoring power sources) is not really useful for that matter.

Sometimes, you have to use ZIP archives, or worse, RAR archives (curse them!), with one significant annoyance: zip, unzip, rar and unrar use a rather uncommon command line convention, compared to the usual tar, cpio and pax.This is where bsdtar and bsdcpio come handy: these two equivalent tools from FreeBSD do not directly implement any archive format, relying on libarchive to do that instead. That allows you to do thinks like:

% bsdtar -tf crap.rar
% bsdtar -xf crap.rar
% bsdtar --format zip -cf stuff.zip stuff

Too bad it does not have a -a option to automatically select the archive format as GNU tar does.

Silly question: when you use diff(1) to produce a file to be applied with patch(1), do you call the result a diff or a patch? Do you name it foo.diff or foo.patch?

This is my monthly summary of my free software related activities. If you re among the people who made a donation to support my work (84.25 , thanks everybody!), then you can learn how I spent your money. Otherwise it s just an interesting status update on my various projects. Debian Packaging In one of my customer projects, I had to use libwebsockets and since it was not packaged for Debian, I filed a Request For Package (RFP #697671). I discovered a fork of this library on github and decided to mail the original author and the author of the fork to learn a bit more about the reason of the fork. It turns out that they miscommunicated and that the original author was interested by most of the improvements. The fork still exists but the important fixes and most of the improvements have been merged (and he released a version 1.0 after that!). Furthermore the original author setup a bug tracker to better organize the project and so that the author of the fork can submit patches and be sure that they won t be forgotten (as it happened in the past). I spend quite some time discussing with both parties but at the end I m pleased to see that good progress has been made (although nobody stepped up to maintain this package in Debian). I packaged zim 0.59 (an important bugfix release) and wordpress 3.5.1 (with several security fixes). I updated the dpkg-dev squeeze backports to version 1.16.9~bpo60+1 on request of Daniel Schepler. This backport led me to file #698133 on kgb-client because the bot literally spammed the #debian-dpkg IRC channel for multiple hours by resending old commit notices that got merged in the squeeze-backports branch. BTW, they need help to get this issue fixed. I updated python-django-registration to fix a compatibility issue with python3-sphinx (see #697721 for details). Misc Debian Stuff Serious bug with salt. I filed a grave bug on salt (#697747 ) and prepared the upload to fix the issue on request of the maintainer. In the mean time, the maintainer orphaned the package. Franklin G. Mendoza already announced its willingness to take over but this package deserves multiple maintainers since this is a good piece of software that is getting more and more popular. net-retriever and alternate keyrings. I filed a wishlist bug (#698618) on net-retriever to request a way for derivatives to use another keyring package (i.e. not debian-archive-keyring-udeb) without having to fork net-retriever. Linux 3.7 on armel/armhf. I helped the kernel maintainers to fix the 3.7 kernel on armel/armhf by reporting on IRC the results of successive failing kernel rebuilds on those architectures (this kernel version is only in experimental). Carl9170 firmware. I also pinged the kernels maintainers about a missing firmware for the carl9170 driver (already reported in #635840) and Ben Hutchings took care of re-activating its inclusion in upstream s linux-firmware.git and then uploaded firmware-free 3.2 to Debian. Thanks Ben! New QA team member. And to finish with the miscellaneous stuff, I helped Holger Levsen to be added to the qa group so that he could integrate his awesome work on automated QA checks with Jenkins. Debian France Preparation for Solutions Linux. The people organizing the village of associations in the Solutions Linux conference have asked all organizations to apply for a booth if they wanted one. Last year Carl Chenet took care of organizing this and this time we had to find someone else. I made multiple call for volunteers (on the mailing list, on my blog) without much success but I finally managed to convince Tanguy Ortolo to take care of this. Thank you Tanguy! Get in touch with treasurer who disappeared. During the transition with the former Debian France officers, it has been said that Aur lien G r me another former treasurer of Debian France had entirely disappeared together with some papers that he never gave to his successor. I didn t want to give up on this without at least trying to get in touch by myself so after multiple tries (over IRC, phone, and snail mail), and some weeks without answers, he got back to me, explaining that he s currently in a foreign country and that he will take care of that next time that he comes in France. \o/ New website in preparation. Replacing the single-page website webpage with a more comprehensive website is an important goal. Alexandre Delano provided a basic ikiwiki setup inspired by dsa.debian.org. I cleaned it and integrated it in a git repository on our machine. There s thus a new test website on http://france.debian.net/test/. Tanguy Ortolo and Fernando Lagrange immeditaly made some small improvements but since then nobody stepped up to further complete the website. I ll try to do this in February and put the new website in production. Paypal and handling of members. We installed a paypal plugin in galette so that members can renew their membership online. I asked Christian Bayle to try it out and we found some issues that I reported upstream and that got fixed. But this is only the first step, we want to go much further and automate all the membership handling, from membership renewal mail reminders up to integration in the accounting system. To this end, I filed some new tickets in the Galette tracker and completed some that were already opened: #490, #368 and #394. We requested a quote for those tickets and Debian France is going to fund the work on those tickets so that we have a 100% free software solution for our needs. Thanks See you next month for a new summary of my activities.

No comment Liked this article? Click here. My blog is Flattr-enabled.

FAT USB sticks are traditionally formatted with FAT 32, because this file system is implemented by almost every operating system and device. Unfortunately, it sucks, as it cannot use more than 2 TiB, store files larger than 2 GiB or store symbolic links for instance. In a word, it is an obsolete and deficient file system.

exFAT Good news: someone addressed that problem. Bad new: that someone is Microsoft. So as you could expect, exFAT, the extended FAT, is a stinking proprietary, secret and patented file system. There are free implementations of that shit, but it is safer to stay away from it.UDF to the rescue! Good news: there is one file system that is implemented almost everywhere as well, and which does not suffer from such limitations. UDF, the Universal Disk Format, is an ISO standard originally designed for DVDs, but it is perfectly usable for USB sticks. It also supports POSIX permissions, with one killer feature for removable media: a file can belong to no specific person or group. So, to use it, assuming you USB stick is /dev/sdc:

$ dd if=/dev/zero of=/dev/sdc bs=1M count=1
$ mkudffs -b 512 --media-type=hd /dev/sdc

The initial dd is to erase the existing partition table or file system information, to prevent you USB stick from being detected as a FAT after it has been formatted with UDF. The -b 512 is to force a file system block size equal to the USB stick's physical block size, as required by the UDF specification. Adapt it if you have the luck of having a USB stick with an more appropriate block size. After that, you USB stick will be usable for reading and writing with GNU/Linux and the other free operating systems of course, but also with current versions of Windows (read-only with the outdated version XP) and with MacOS.

You probably know reCAPTCHA already: for the webmasters and the end user, it is an antispam system which asks you to read distorted words in order to prove that you are a human and not a spamming bot. This service has another end: instead of generating its distorted texts, it takes them from printed books to help digitalizing them.The problem In theory, this is an excellent idea, which should help preserving and distributing parts of the human culture. And, in the beginning, it was used in such a way, with reCAPTCHA participating in the Gutenberg project which digitalizes books from the public domain to offer them freely (as in free speech) to everyone. In 2009 however, reCAPTCHA was bought by Google. Now they do not participate in the Gutenberg project any more, instead they are digitalizing stuff from the New York Times and from Google Books. They do not provide much detail about that, but it does not seem that they distribute them in a free way afterwards . To put it boldly: they use people's brain power to digitalize books for their own exploitation monopoly, which is wrong. These books should be made available under a free license. Suggestion Do not help reCAPTCHA. If you are a webmaster, try to use another more ethical system. If you are an end user, and you are facing a reCAPTCHA test, avoid putting the exact answer but try inserting small mistakes (not big ones, which get detected and make you fail the test). And ask Google to free the books they digitalized using your brain. Notes

1. I may be wrong but I learnt to be suspicious in the context of digital culture. Please Google, if you do publish your books digitalized with reCAPTCHA under a free license, tell me, or rather, tell it to everyone and display it proudly in the reCAPTCHA website.

is that you cannot use funny desktop programs such as Xsnow or XPenguins. :-(

---

That is, you can run them, of course, but since you almost never see your desktop because it is by design entirely covered with windows, they are just useless, which is too bad because they rock otherwise.