Contributing to Debian is part of Freexian s mission. This article covers the latest achievements of Freexian and their collaborators. All of this is made possible by organizations subscribing to our Long Term Support contracts and consulting services. P.S. We ve completed over a year of writing these blogs. If you have any suggestions on how to make them better or what you d like us to cover, or any other opinions/reviews you might have, et al, please let us know by dropping an email to us. We d be happy to hear your thoughts. :)

SSO Authentication for jitsi.debian.social, by Stefano Rivera Debian.social s jitsi instance has been getting some abuse by (non-Debian) people sharing sexually explicit content on the service. After playing whack-a-mole with this for a month, and shutting the instance off for another month, we opened it up again and the abuse immediately re-started. Stefano sat down and wrote an SSO Implementation that hooks into Jitsi s existing JWT SSO support. This requires everyone using jitsi.debian.social to have a Salsa account. With only a little bit of effort, we could change this in future, to only require an account to open a room, and allow guests to join the call.

/usr-move, by Helmut Grohne The biggest task this month was sending mitigation patches for all of the /usr-move issues arising from package renames due to the 2038 transition. As a result, we can now say that every affected package in unstable can either be converted with dh-sequence-movetousr or has an open bug report. The package set relevant to debootstrap except for the set that has to be uploaded concurrently has been moved to /usr and is awaiting migration. The move of coreutils happened to affect piuparts which hard codes the location of /bin/sync and received multiple updates as a result.

Miscellaneous contributions

• Stefano Rivera uploaded a stable release update to python3.11 for bookworm, fixing a use-after-free crash.
• Stefano uploaded a new version of python-html2text, and updated python3-defaults to build with it.
• In support of Python 3.12, Stefano dropped distutils as a Build-Dependency from a few packages, and uploaded a complex set of patches to python-mitogen.
• Stefano landed some merge requests to clean up dead code in dh-python, removed the flit plugin, and uploaded it.
• Stefano uploaded new upstream versions of twisted, hatchling, python-flexmock, python-authlib, python mitogen, python-pipx, and xonsh.
• Stefano requested removal of a few packages supporting the Opsis HDMI2USB hardware that DebConf Video team used to use for HDMI capture, as they are not being maintained upstream. They started to FTBFS, with recent sdcc changes.
• DebConf 24 is getting ready to open registration, Stefano spent some time fixing bugs in the website, caused by infrastructure updates.
• Stefano reviewed all the DebConf 23 travel reimbursements, filing requests for more information from SPI where our records mismatched.
• Stefano spun up a Wafer website for the Berlin 2024 mini DebConf.
• Roberto C. S nchez worked on facilitating the transfer of upstream maintenance responsibility for the dormant Shorewall project to a new team led by the current maintainer of the Shorewall packages in Debian.
• Colin Watson fixed build failures in celery-haystack-ng, db1-compat, jsonpickle, libsdl-perl, kali, knews, openssh-ssh1, python-json-log-formatter, python-typing-extensions, trn4, vigor, and wcwidth. Some of these were related to the 64-bit time_t transition, since that involved enabling -Werror=implicit-function-declaration.
• Colin fixed an off-by-one error in neovim, which was already causing a build failure in Ubuntu and would eventually have caused a build failure in Debian with stricter toolchain settings.
• Colin added an sshd@.service template to openssh to help newer systemd versions make containers and VMs SSH-accessible over AF_VSOCK sockets.
• Following the xz-utils backdoor, Colin spent some time testing and discussing OpenSSH upstream s proposed inline systemd notification patch, since the current implementation via libsystemd was part of the attack vector used by that backdoor.
• Utkarsh reviewed and sponsored some Go packages for Lena Voytek and Rajudev.
• Utkarsh also helped Mitchell Dzurick with the adoption of pyparted package.
• Helmut sent 10 patches for cross build failures.
• Helmut partially fixed architecture cross bootstrap tooling to deal with changes in linux-libc-dev and the recent gcc-for-host changes and also fixed a 64bit-time_t FTBFS in libtextwrap.
• Thorsten Alteholz uploaded several packages from debian-printing: cjet, lprng, rlpr and epson-inkjet-printer-escpr were affected by the newly enabled compiler switch -Werror=implicit-function-declaration. Besides fixing these serious bugs, Thorsten also worked on other bugs and could fix one or the other.
• Carles updated simplemonitor and python-ring-doorbell packages with new upstream versions.
• Santiago is still working on the Salsa CI MRs to adapt the build jobs so they can rely on sbuild. Current work includes adapting the images used by the build job, implementing the basic sbuild support the related jobs, and adjusting the support for experimental and *-backports releases..
  Additionally, Santiago reviewed some MR such as Make timeout action explicit in the logs and the subsequent Implement conditional timeout verbosity, and the batch of MRs included in https://salsa.debian.org/salsa-ci-team/pipeline/-/merge_requests/482.
• Santiago also reviewed applications for the improving Salsa CI in Debian GSoC 2024 project. We received applications from four very talented candidates. The selection process is currently ongoing. A huge thanks to all of them!
• As part of the DebConf 24 organization, Santiago has taken part in the Content team discussions.

FTP master Unfortunately a day only has 24h. As the freeze is approaching, I had to concentrate a bit more on keeping my packages in shape. So this month I only accepted nine packages. The good news, I rejected no package. The overall number of packages that got accepted was 328. Debian LTS This was my seventy-seventh month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian. This month my all in all workload has been 22.75h. During that time I did LTS uploads of:

• [DLA 2446-1] moin security update for two CVEs
• [DLA 2451-1] libvncserver security update for one CVE
• [DLA 2459-1] golang-1.7 security update for two CVEs
• [DLA 2460-1] golang-1.8 security update for three CVEs
• [DLA 2468-1] tcpflow security update for one CVE
• [DLA 2469-1] qemu security update for five CVEs

I also started to work on x11vnc and slirp. Last but not least I did some days of frontdesk duties. Debian ELTS This month was the twenty ninth ELTS month. During my allocated time I uploaded:

• ELA-319-1 for libass
• ELA-320-1 for tcpflow
• ELA-321-1 for qemu

Unfortunately I also had to give back some hours. Last but not least I did some days of frontdesk duties. Other stuff This month I uploaded new upstream versions of:

• golang-github-apparentlymart-go-cidr
• golang-github-apparentlymart-go-versions
• golang-github-bmatcuk-doublestar
• golang-github-cactus-go-statsd-client
• golang-github-cyberdelia-heroku-go
• golang-github-gin-contrib-cors
• golang-github-gin-contrib-gzip
• golang-github-jarcoal-httpmock
• golang-github-mattetti-filebuffer
• golang-github-nrdcg-goinwx
• golang-github-phpdave11-gofpdi
• golang-github-terra-farm-udnssdk
• meep
• golang-github-rs-zerolog

I fixed one or two bugs in:

• libctl

I improved packaging of:

• bottlerocket
• ent
• golang-github-abdullin-seq
• golang-github-bruth-assert
• golang-github-cnf-structhash
• golang-github-crossdock-crossdock-go
• golang-github-dchest-uniuri
• golang-github-deanthompson-ginpprof
• golang-github-dreamitgetit-statuscake
• golang-github-facebookgo-inject
• golang-github-facebookgo-structtag
• golang-github-gin-contrib-static
• golang-github-goji-httpauth
• golang-github-grafana-grafana-plugin-model
• golang-github-hansrodtang-randomcolor
• golang-github-hashicorp-terraform-svchost
• golang-github-icrowley-fake
• golang-github-jackc-fake
• golang-github-joyent-gocommon
• golang-github-joyent-gosdc
• golang-github-joyent-gosign
• golang-github-mitchellh-go-linereader
• golang-github-paypal-gatt
• golang-github-pearkes-cloudflare
• golang-github-pearkes-dnsimple
• golang-github-robfig-go-cache
• golang-github-sean pager
• golang-github-sean seed
• golang-github-shurcool-gopherjslib
• golang-github-vividcortex-mysqlerr
• golang-github-xlab-handysort
• golang-github-yudai-golcs
• golang-github-yvasiyarov-newrelic-platform-go
• golang-github-zenazn-goji
• golang-github-rs-xid

and there have been even some new packages:

• golang-github-rhnvrm-simples3
• golang-github-ua-parser-uap-go
• golang-github-knadh-koanf

As it is again this time of the year, I would also like to draw some attention to the Debian Med Advent Calendar. Like the past years, the Debian Med team starts a bug squashing event from the December 1st to 24th. Every bug that is closed will be registered in the calendar. So instead of taking something from the calendar, this special one will be filled and at Christmas hopefully every Debian Med related bug is closed. Don t hesitate, start to squash :-). The announcement on the mailing list can be found here.

On February 28th, GitHub published a brand new version of its Terms of Service (ToS). While the first draft announced earlier in February didn't generate much reaction, the new ToS raised concerns that they may break at least the spirit, if not the letter, of certain free-software licenses. Digging in further reveals that the situation is probably not as dire as some had feared. The first person to raise the alarm was probably Thorsten Glaser, a Debian developer, who stated that the "new GitHub Terms of Service require removing many Open Source works from it". His concerns are mainly about section D of the document, in particular section D.4 which states:

You grant us and our legal successors the right to store and display your Content and make incidental copies as necessary to render the Website and provide the Service.

Section D.5 then goes on to say:

[...] You grant each User of GitHub a nonexclusive, worldwide license to access your Content through the GitHub Service, and to use, display and perform your Content, and to reproduce your Content solely on GitHub as permitted through GitHub's functionality

ToS versus GPL The concern here is that the ToS bypass the normal provisions of licenses like the GPL. Indeed, copyleft licenses are based on copyright law which forbid users from doing anything with the content unless they comply with the license, which forces, among other things, "share alike" properties. By granting GitHub and its users rights to reproduce content without explicitly respecting the original license, the ToS may allow users to bypass the copyleft nature of the license. Indeed, as Joey Hess, author of git-annex, explained :

The new TOS is potentially very bad for copylefted Free Software. It potentially neuters it entirely, so GPL licensed software hosted on Github has an implicit BSD-like license

Hess has since removed all his content (mostly mirrors) from GitHub. Others disagree. In a well-reasoned blog post, Debian developer Jonathan McDowell explained the rationale behind the changes:

My reading of the GitHub changes is that they are driven by a desire to ensure that GitHub are legally covered for the things they need to do with your code in order to run their service.

This seems like a fair point to make: GitHub needs to protect its own rights to operate the service. McDowell then goes on to do a detailed rebuttal of the arguments made by Glaser, arguing specifically that section D.5 "does not grant [...] additional rights to reproduce outside of GitHub". However, specific problems arise when we consider that GitHub is a private corporation that users have no control over. The "Services" defined in the ToS explicitly "refers to the applications, software, products, and services provided by GitHub". The term "Services" is therefore not limited to the current set of services. This loophole may actually give GitHub the right to bypass certain provisions of licenses used on GitHub. As Hess detailed in a later blog post:

If Github tomorrow starts providing say, an App Store service, that necessarily involves distribution of software to others, and they put my software in it, would that be allowed by this or not? If that hypothetical Github App Store doesn't sell apps, but licenses access to them for money, would that be allowed under this license that they want to my software?

However, when asked on IRC, Bradley M. Kuhn of the Software Freedom Conservancy explained that "ultimately, failure to comply with a copyleft license is a copyright infringement" and that the ToS do outline a process to deal with such infringement. Some lawyers have also publicly expressed their disagreement with Glaser's assessment, with Richard Fontana from Red Hat saying that the analysis is "basically wrong". It all comes down to the intent of the ToS, as Kuhn (who is not a lawyer) explained:

any license can be abused or misused for an intent other than its original intent. It's why it matters to get every little detail right, and I hope Github will do that.

He went even further and said that "we should assume the ambiguity in their ToS as it stands is favorable to Free Software". The ToS are in effect since February 28th; users "can accept them by clicking the broadcast announcement on your dashboard or by continuing to use GitHub". The immediacy of the change is one of the reasons why certain people are rushing to remove content from GitHub: there are concerns that continuing to use the service may be interpreted as consent to bypass those licenses. Hess even hosted a separate copy of the ToS [PDF] for people to be able to read the document without implicitly consenting. It is, however, unclear how a user should remove their content from the GitHub servers without actually agreeing to the new ToS.

CLAs When I read the first draft, I initially thought there would be concerns about the mandatory Contributor License Agreement (CLA) in section D.5 of the draft:

[...] unless there is a Contributor License Agreement to the contrary, whenever you make a contribution to a repository containing notice of a license, you license your contribution under the same terms, and agree that you have the right to license your contribution under those terms.

I was concerned this would establish the controversial practice of forcing CLAs on every GitHub user. I managed to find a post from a lawyer, Kyle E. Mitchell, who commented on the draft and, specifically, on the CLA. He outlined issues with wording and definition problems in that section of the draft. In particular, he noted that "contributor license agreement is not a legal term of art, but an industry term" and "is a bit fuzzy". This was clarified in the final draft, in section D.6, by removing the use of the CLA term and by explicitly mentioning the widely accepted norm for licenses: "inbound=outbound". So it seems that section D.6 is not really a problem: contributors do not need to necessarily delegate copyright ownership (as some CLAs require) when they make a contribution, unless otherwise noted by a repository-specific CLA. An interesting concern he raised, however, was with how GitHub conducted the drafting process. A blog post announced the change on February 7th with a link to a form to provide feedback until the 21st, with a publishing deadline of February 28th. This gave little time for lawyers and developers to review the document and comment on it. Users then had to basically accept whatever came out of the process as-is. Unlike every software project hosted on GitHub, the ToS document is not part of a Git repository people can propose changes to or even collaboratively discuss. While Mitchell acknowledges that "GitHub are within their rights to update their terms, within very broad limits, more or less however they like, whenever they like", he sets higher standards for GitHub than for other corporations, considering the community it serves and the spirit it represents. He described the process as:

[...] consistent with the value of CYA, which is real, but not with the output-improving virtues of open process, which is also real, and a great deal more pleasant.

Mitchell also explained that, because of its position, GitHub can have a major impact on the free-software world.

And as the current forum of preference for a great many developers, the knock-on effects of their decisions throw big weight. While GitHub have the wheel and they ve certainly earned it for now they can do real damage.

In particular, there have been some concerns that the ToS change may be an attempt to further the already diminishing adoption of the GPL for free-software projects; on GitHub, the GPL has been surpassed by the MIT license. But Kuhn believes that attitudes at GitHub have begun changing:

GitHub historically had an anti-copyleft culture, which was created in large part by their former and now ousted CEO, Preston-Warner. However, recently, I've seen people at GitHub truly reach out to me and others in the copyleft community to learn more and open their minds. I thus have a hard time believing that there was some anti-copyleft conspiracy in this ToS change.

GitHub response However, it seems that GitHub has actually been proactive in reaching out to the free software community. Kuhn noted that GitHub contacted the Conservancy to get its advice on the ToS changes. While he still thinks GitHub should fix the ambiguities quickly, he also noted that those issues "impact pretty much any non-trivial Open Source and Free Software license", not just copylefted material. When reached for comments, a GitHub spokesperson said:

While we are confident that these Terms serve the best needs of the community, we take our users' feedback very seriously and we are looking closely at ways to address their concerns.

Regardless, free-software enthusiasts have other concerns than the new ToS if they wish to use GitHub. First and foremost, most of the software running GitHub is proprietary, including the JavaScript served to your web browser. GitHub also created a centralized service out of a decentralized tool (Git). It has become the largest code hosting service in the world after only a few years and may well have become a single point of failure for free software collaboration in a way we have never seen before. Outages and policy changes at GitHub can have a major impact on not only the free-software world, but also the larger computing world that relies on its services for daily operation. There are now free-software alternatives to GitHub. GitLab.com, for example, does not seem to have similar licensing issues in its ToS and GitLab itself is free software, although based on the controversial open core business model. The GitLab hosting service still needs to get better than its grade of "C" in the GNU Ethical Repository Criteria Evaluations (and it is being worked on); other services like GitHub and SourceForge score an "F". In the end, all this controversy might have been avoided if GitHub was generally more open about the ToS development process and gave more time for feedback and reviews by the community. Terms of service are notorious for being confusing and something of a legal gray area, especially for end users who generally click through without reading them. We should probably applaud the efforts made by GitHub to make its own ToS document more readable and hope that, with time, it will address the community's concerns.

Note: this article first appeared in the Linux Weekly News.

There has been a great deal of comment among my friends recently about a particularly British cookery program called "The Great British Bake Off". There has been some controversy as the program is moving from the BBC to a commercial broadcaster.

Part of this discussion comes from all the presenters, excepting Paul Hollywood, declining to sign with the new broadcaster and partly because of speculation the BBC might continue with a similar format show with a new name.

Rob Kendrick provided the start to this conversation by passing on a satirical link suggesting Samuel L Jackson might host "cakes on a plane"

This caused a large number of suggestions for alternate names which I will be reporting but Rob Kendrick, Vivek Das Mohapatra, Colin Watson, Jonathan McDowell, Oki Kuma, Dan Alderman, Dagfinn Ilmari Manns ke, Lesley Mitchell and Daniel Silverstone are the ones to blame.

• Strictly come baking
• Stars and their pies
• Baking with the stars
• Bake/Off.
• Blind Cake
• Cake or no cake?
• The cake is a lie
• Bake That.
• Bake Me On
• Bake On Me
• Bakin' Stevens.
• The Winner Bakes It All
• Bakerloo
• Bake Five
• Every breath you bake
• Every bread you bake
• Unbake my heart
• Knead and let prove
• Bake me up before you go-go
• I want to bake free
• Another bake bites the dust
• Cinnamon whorl is not enough
• The pie who loved me
• The yeast you can do.
• Total collapse of the tart
• Bake and deliver
• You Gotta Bake
• Bake's Seven
• Natural Born Bakers
• Bake It Or Leaven It
• Driving the last pikelet
• Pie crust on the dancefloor
• Tomorrow never pies
• Murder on the pie crust
• The pie who came in from the cold.
• You only bake twice (Every body has to make one sweet and one savoury dish).

So that is our list, anyone else got better ideas?

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):

• Presented "Reproducible Builds status update" at DebConf16, the annual Debian GNU/Linux developer conference.
• Attended a Core Infrastricture Initiative summit meeting. The CII was set up in the wake of the Heartbleed SSL vulnerability to support software projects that are critical to the functioning of the internet.

• Ensured that the Webconverger web kiosk operating system builds reproducibly. I may rework some of the patches to libisoburn and libisofs before sending them upstream. This work was sponsored by Webconverger.
• Proposed a pull request for Regex Replace (a Chrome extension to automatically replace text on webpages) to ensure that the rules were correctly HTML encoded on the options page. (#3)
• Proposed a change to ronn, a documentation generator that "is the opposite of roff", to make the output reproducible. (#98)
• Fixed an issue in django-enumfield, a custom Django web development field for type-safe named constants, to make the Enum.get interface more consistent. (#36)
• Proposed a change to txt2tags to make the output use SOURCE_DATE_EPOCH and non-timezone timestamps. (#204).

---

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):

• Added Python 3 support to django-template-tests, a tool to perform simple static analysis on Django templates. (#1)
• Corrected my Chrome extension for the FastMail web interface to not disable the CTRL+Enter keyboard shortcut when authoring emails. (#3)
• Corrected a subtle bug in my django-staticfiles-dotd "staticfiles" library where the Content-Length HTTP header was calculated incorrectly in the presence of Unicode characters resulting in truncated output. (#2)
• Various fixes to django-slack, a library to easily post messages to the Slack group-messaging utility from projects using the Django web development framework:
  • Don't require an explicit backend import when using the Celery task queue backend. (#41)
  • Actually generate and send messages asynchronously when using the Celery backend. (#44)
• Fixed an issue with my local-debian-mirror tool where the option to disable DEP-11 mirroring wasn't working. (#1)
• Fixed an issue in django-hipchat, a library to easily post messages to the Hipchat group-messaging utility from projects using the Django web development framework where the templates were not includes when installing via PyPI. (#1)
• Created a quick-and-dirty tool to scrape a Squarespace blog and convert it to a PDF so I can read them on my Kindle e-reader. (tree)
• Updated django-keyerror a library to post exceptions to the KeyError.com error tracking service to silence an AttributeError exception in some error-reporting edge-cases. (commit)
• Suggested an improvement to the documentation for the upcoming Twitter Bootstrap version for the deprecated .hidden and .show CSS classes. (#19789)
• Submitted a documentation update to the Ansible sever configuration tool's ufw firewall module. (commit)
• I also blogged about parsing Jenkins CI output to determine job success or failure.

---

This month I've worked on the following things for Debian: To begin with that, I've set up a Debhelper sequencer script for dh-buildinfo¹, this add-on now can be used with dh $@ --with buildinfo in deb/rules instead of having to explicitly call it somewhere in an override. Debops I've set up initial Debian packages of Debops², a collection of fine crafted Ansible roles and playbooks especially for Debian servers, shipped with a couple of convenience and wrapper scripts in Python³. There are two binary packages, one for the toolset (debops), and the other for the playbooks and roles of the project (debops-playbooks). The application is easy to use, just initialize a new project with debops-init foo and add your server(s) to foo/ansible/inventory/hosts belonging to groups representing services and things you want to employ on them. Like the group [debops_gitlab] automatically installs a complete running Gitlab setup on one or a multitude of servers in the same run with the debops command⁴. Use other groups like [debops_mariadb_server] accordingly in the same host inventory. Ansible runs agent less, so you don't have to prepare freshly setup servers with nothing special to use that tool randomly (like on localhost). The list of things you could deploy with Debops is quite amazing and you've got dozens of services at your hand. The new packages are currently in experimental because they need some more fine tuning, like there are a couple of minor error messages which recently occur using it, but it works well. The (early staged) documentation unfortunately couldn't be packaged because of the scattered resp. collective nature of the project (all parts have their own Github repositories)⁵, and also how to generate the upstream tarball remains a bit of a challenge (currently, it's the outcome of debops-init)⁶. I'll have this package in unstable soon. More info on Debops is coming up, then. Hashicorp's Packer I'm very glad to announce that Packer⁷ is ready being available in unstable, and the two year old RFP bug could be finally closed⁸. It's another great and much convenient devops tool which does a lot of different things in an automated fashion using only a single "one-argument" CLI tool in combination with a couple of lines in a configuration script (thanks to Yaroslav Halchenko for the tip). Packer helps creating machine images for different platforms. This is like when you use e.g. Debian installations in a Qemu box for testing or development purposes. Instead of setting up a new virtual machine manually like installing Debian on another computer this process could be automated with Packer, like I've written about in this blog entry here⁹. You just need a template containing instructions for the included Qemu-builder and a preseeding script for the Debian installer, and there you go drinking your coffee while Packer does all the work for you: downloading the installation ISO image, creating the new virtual harddrive, booting the emulator, running the whole installation process automatically like answering questions, selecting things, rebooting without ISO image to complete the installation etc. A couple of minutes and you have a new pre-baked virtual machine image like from a vendoring machine, a fresh one everytime you need it. Packer¹⁰ supports a number of builders for different target platforms (desktop virtualization solutions as much as public cloud providers and private cloud software), can build in parallel, and also the full range of common provisioners can be employed in the process to equip the newly installed OSs. Vagrant boxes could be generated by one of the included postprocessors. I'll write more on Packer here on this blog, soon. There were more then two dozens of packages missing to complete Packer¹¹, which is the achievement of combined forces within the pkg-go group. Much thanks esp. to Alexandre Viau who have worked on the most of the needed new packages. Thanks also to the FTP-masters which were always very quick in reviewing the Go packages, so that it could be proceeded to build and package the sub dependent new ones always consecutively. Squirrel3 I've didn't had the most work with it and just sponsored this for Fabian Wolff, but want to highlight here that there's a new package of Squirrel¹² now available in Debian¹³. Squirrel is a lightweight scripting language, somewhat comparable to Lua. It's fully object-oriented and highly embeddable, it's used in a lot of commerical computer games under the hood for implementing intelligence for bots next to other things¹⁴, but also for the Internet of Things (it's embedded in hardware from Electric Imp). Squirrel functions could be called from C++¹⁵. I've filed an ITP bug for Squirrel already in 2011 (#651195), but always something else got in the way, and it ended up being an RFP. I'm really glad that it got picked up and completed. misc There were a couple of uploads on updated upstream tarballs and for fixing bugs, namely afl/2.10b-1 and 2.11b-1, python-afl/0.5.3-1, pyutilib/5.3.2-1, pyomo/4.3.11327-1, libvigraimpex/1.10.0+git20160211.167be93dfsg-2 (fix of #820429, thanks for Tobias Frost), and gamera/3.4.2+svn1454-1. For the pkg-go group, I've set up a new package of github-mitchellh-ioprogress (which is needed by the official DigitalOcean CLI tool doctl, now RFP #807956 instead of ITP due to the lack of time - again facing a lot of missing packages), and provided a little patch for dh-make-golang updating some standards¹⁶. For Packer I've also updated azure-go-autorest and azure-sdk as team upload (#821938, #821832), but it came out that the project which is currently under heavy development towards a new official release broke a lot in the past weeks (and no Git branching have been used), so that Packer as a matter of fact needed a vendored snapshot, although there have been only a couple of commits in between. Docker-registry hat the same problem with the new package of azure-sdk/2.1.1~beta1, so that it needed to be fixed, too (#822146). By the way, the tool ratt¹⁷ comes very handy for automatically test building down all reverse dependencies, not only for Go packages (thanks to Tianon Gravi for the tip). Finally, I've posted the needed reverse depencies as RFP bugs for Terraform¹⁸ (again quite a lot), Vuls¹⁹, and cve-dictionary²⁰, which is needed for Vuls. I'll let them rest a while waiting to get picked up before working anything down.

This month I've worked on the these things for Debian: To begin with that, I've set up a Debhelper sequencer script for dh-buildinfo¹, this add-on now can be used with dh $@ --with buildinfo in deb/rules instead of having to explicitly call it somewhere in an override. Debops I've set up initial Debian packages of Debops², a collection of fine crafted Ansible roles and playbooks especially for Debian servers (servers which run on Debian), which are shipped with a couple of helper and wrapper scripts in Python³. There are two binary packages, one for the toolset (debops), and the other for the playbooks and roles of the project (debops-playbooks). The application is easy to use, just initialize a new project with debops-init foo and add your server(s) to foo/ansible/inventory/hosts belonging to groups representing services and things you want to employ on them. For example, the group [debops_gitlab] automatically installs a complete running Gitlab setup on one or a multitude of servers in the same run with the debops command⁴. Other groups like [debops_mariadb_server] could be used accordingly in the same host inventory. Ansible works without agent, so you don't have to prepare freshly setup servers with nothing special to use that tool randomly (like on localhost). The list of things you could deploy with Debops is quite amazing and dozens of services are at hand. The new Debian packages are currently in experimental because they need some more fine tuning, e.g. there are a couple of minor error messages which recently occur using it, but it works well. The (early staged) documentation unfortunately couldn't be packaged because of the scattered resp. collective nature of the project (all parts have their own Github repositories)⁵, and also how to generate the upstream tarball remains a bit of a challenge (currently, it's the outcome of debops-init)⁶. I'll have this package in unstable soon. More info on Debops is coming up, then. HashiCorp's Packer I'm very glad to announce that Packer⁷ is ready being available in unstable, and the RFP bug could be finally closed after I've taken it over⁸. It's another great and much convenient devops tool which does a lot of different things in an automated fashion using only a single "one-argument" CLI tool in combination with a couple of lines in a configuration script (thanks to Yaroslav Halchenko for the tip). Packer helps creating machine images for different platforms. This is like when you use e.g. Debian installations in a Qemu box for testing or development purposes. Instead of setting up a new virtual machine manually the same way as installing Debian on another computer this process can be completely automated with Packer, like I've written about in this blog entry here⁹. You just need a template which contains instructions for the included Qemu builder and a preseeding script for the Debian installer, and there you go drinking your coffee while Packer does all the work: download the ISO image for installation, create the new virtual harddrive, boot the emulator, run the whole installation process automatically like with answering questions, selecting things, reboot without ISO image to complete the installation etc. A couple of minutes and you have a new pre-baked virtual machine image like from a vendoring machine, another fresh one could be created anytime. Packer¹⁰ supports a number of builders for different target platforms (desktop virtualization solutions as much as public cloud providers and private cloud software), can build in parallel, and also the full range of common provisioners can be employed in the process to equip the newly installed OSs with services and programs. Vagrant boxes could be generated by one of the included postprocessors. I'll write more on Packer here on this blog, soon. There were more then two dozens of packages missing to complete Packer¹¹, which is the achievement of combined forces within the pkg-go group. Much thanks esp. to Alexandre Viau who have worked on the most of the needed new packages. Thanks also to the FTP masters which were always very quick in reviewing the Go packages, so that it could be proceeded to build and package the sub dependent new ones always consecutively. Squirrel3 I've didn't had the major work of that and just sponsored this for Fabian Wolff, but want to highlight here that there's a new package of Squirrel¹² now available in Debian¹³. Squirrel is a lightweight scripting language, somewhat comparable to Lua. It's fully object-oriented and highly embeddable, it's used in a lot of commerical computer games under the hood for implementing intelligence for bots next to other things¹⁴, but also for the Internet of Things (it's embedded in hardware from Electric Imp). Squirrel functions could be called from C++¹⁵. I've filed an ITP bug for Squirrel already in 2011 (#651195), but always something else had a higher priority, and it ended up being an RFP. I'm really glad that it got picked up and completed quickly afterwards. misc There were a couple of uploads on updated upstream tarballs and for fixing bugs, namely afl/2.10b-1 and 2.11b-1, python-afl/0.5.3-1, pyutilib/5.3.2-1, pyomo/4.3.11327-1, libvigraimpex/1.10.0+git20160211.167be93dfsg-2 (fix of #820429, thanks to Tobias Frost), and gamera/3.4.2+svn1454-1. For the pkg-go group, I've set up a new package of github-mitchellh-ioprogress (which is needed by the official DigitalOcean CLI tool doctl, now RFP #807956 instead of ITP due to the lack of time, again a lot of missing packages are missing for that), and provided a little patch for dh-make-golang updating some standards¹⁶. For Packer I've also updated azure-go-autorest and azure-sdk as team upload (#821938, #821832), but it came out that the project which is currently under heavy development towards a new official release broke a lot in the past weeks (no Git branching have been used), so that Packer as a matter of fact needed a vendored snapshot, although there have been only a couple of commits in between. Docker-registry has the same problem with the new package of azure-sdk/2.1.1~beta1, so that it needed to be fixed, too (#822146). By the way, the tool ratt¹⁷ comes very handy for automatically test building down all reverse dependencies, not only for Go packages (thanks to Tianon Gravi for the tip). Finally, I've posted the needed reverse depencies as RFP bugs for Terraform¹⁸ (again quite a lot), Vuls¹⁹, and cve-dictionary²⁰, which is needed for Vuls. I'll let them rest a while waiting to get picked up before working anything down.

Here is my monthly update covering a large part of what I have been doing in the free software world (previously):

• Submitted a number of pull requests to the Ansible sever configuration tool:
  • Add the ability to specify the --allow-unauthenticated to APT. (#2023)
  • Ignore EPIPE when flushing standard input and output to avoid unnecessary and ugly tracebacks. (#14774)
  • Add an option for ansible-playbook to exit with an error if no plays were matched. (#14742)
• Various improvements to django-slack, a library to easily post messages to the Slack group-messaging utility from projects using the Django web development framework:
  • Merged a patch from Joshua Blum to update the logging integration documentation. (#39)
  • Fixed an issue when rendering various exceptions would in themselves raise an exception. (#40)
  • Improved and merged a patch from Patrick Cloke to actually allow settings to be overriden using the @override_settings decorator. (#37)
• Updated local-debian-mirror, a package that attempts to make it easy to maintain a partial local mirror of the Debian archive:
  • Added an option to exclude DEP-11 files. (ee03b21)
  • Added an option to exclude Translation-* files. (28bbf34)
  • Corrected the phrasing of the debconf prompt to not ask a direct question to appease Lintian. (13fccc7b)
• Updated django-keyerror a library to post exceptions to the KeyError.com error tracking service to support pushing tracebacks from the Celery queue processor using the task_failure signal. (#1)
• Submitted a number of pull requests for django-zebra, a collection of utilities that make it easier to integrate the Stripe payment processor and the Django web development framework:
  • Add the ability to test an incoming Stripe webhook. (#44)
  • Prefer @require_POST over an explicit check in the view. (#43)
  • Move away from the deprecated django.conf.urls.patterns method. (#45)
• Updated django-template-tests, a tool to perform simple static analysis on Django templates prior to production to improve the robustness of dynamic test generation. (e98f9fc)
• Fixed django-force-logout a library to allow administrators to log user's out of Django projects to not require a custom JSON serialiser. (c0e5d64)
• Corrected the documentation for travis.debian.net my hosted script to easily test and build Debian packages on the Travis CI continuous integration platform to reflect the actual default mirror. (4c862f0)
• Blogged about generating dynamic Python tests using metaclasses.

---

Two years ago, I discussed various ways of constructing a list in a Monad (or, more specifically, in IO) in Haskell, and compared their merits in terms of elegance, stack usage, number of traversals of the list and run-time efficiency. Recently, two blog posts discussed the issue further and proposed new, more daring alternatives. Neil Mitchell breaks through the abstraction provided by IO, duplicates the world and traverses the list twice, and obtains a speed-up for long lists. Twarn van Laarhoven went even further and wrote custom C-- code to destructively update the tail-pointer of the list cell to be able to create the list completely evaluated on the first start. This basically answers my question from two years ago:

I m still wondering: What would be required from Haskell, GHC or the monads in question to have a fully satisfactory solution here, i.e. one that is as fast as the naive recursion, as stack efficient as the difference list solution, and allocates no thunks, only list cells?

He also has a variant with a slightly nicer interface around holes , i.e. explicit objects on the heap that can later be replaced by indirections. Obviously, both approaches are very unsafe. I took this as an opportunity to redo my benchmark measurements, and include their variants (named escapeIO, hackIO and holeIO). The following table omits the variants with quadratic performance, as I ran it on longer lists now:

Variant	10^0	10^1	10^2	10^3	10^4	10^5	10^6
accumReverse	37ns	153ns	1134ns	12 s	208 s	8540 s	97ms
recursion	29ns	139ns	680ns	6790ns	160 s	6441 s	76ms
replicateM	26ns	126ns	677ns	6785ns	168 s	6314 s	78ms
accumDList	35ns	165ns	995ns	10 s	190 s	9706 s	100ms
streams	27ns	136ns	691ns	6788ns	173 s	5771 s	75ms
unsafeInterleave	60ns	329ns	2804ns	28 s	373 s	5605 s	57ms
listFix	51ns	412ns	4109ns	56 s	2761 s	42ms	445ms
escapeIO	41ns	187ns	1808ns	16 s	234 s	4409 s	45ms
hackIO	30ns	152ns	1199ns	11 s	140 s	3701 s	42ms
holeIO	40ns	222ns	1725ns	17 s	218 s	4446 s	53ms

The following graph shows that around 10000, the naive approaches become much slower and the fancy hacks pay of, with Twarn s tail-pointer-updating code performing the best: I would really like to see a package that provides a API like Twarn s holes, either in this raw unsafe variant (but with the garbage collector related code checked), or with a safe API using type hackery similar to the ST monad that ensures that after normal code gets its hands on a term possibly involving holes, the holes may no longer be modified. I have put the code and results on GitHub.

I recently read a few issues of Starburst magazine which is good fun, but a brief mention of the Man Booker prize in issue 404 stoked the fires of the age old SF-versus-mainstream argument, so I wrote the following:

Dear Starburst, I found it perplexing that, in "Brave New Words", issue 404, whilst covering the Man-Booker shortlist, Ed Fortune tried to simultaneously argue that genre readers "read broadly" yet only Howard Jacobson's novel would be of passable interest. Asides from the obvious logical contradiction he is sadly overlooking David Mitchell's critically lauded and undisputably SF&F novel "The Bone Clocks", which it turned out was also overlooked by the short-listers. Still, Jacobson's novel made it, meaning SF&F represents 16% of the shortlist. Not too bad I'd say. All the best & keep up the good work!

As it happens I'm currently struggling through "J". I'm at around the half-way mark.

But you can t just tar.gz up the bare repositories on the server and hope for the best. Maybe a given repository will be in a valid state; maybe it won t.

-- Jeff Mitchell in a followup to the recent KDE near git disaster This was a surprising statement to me. I seem to remember that one of (many) selling points for git talked about back in the day was that it avoided the problem that making a simple cp (or backup) of a repository could lead to an inconsistent result. A problem that subversion repositories had, and required annoying commands to work around. (svnadmin $something -- iirc the backend FSFS fixed or avoided most of this issue.) This prompted me to check how I handle it in ikiwiki-hosting. I must have anticipated a problem at some point, since ikisite backup takes care to lock the git repository in a way that prevents eg, incoming pushes while a backup is running. Probably, like the KDE developers, I was simply exercising reasonable caution. The following analysis has probably been written up before (train; limited network availability; can't check), but here are some scenarios to consider:

• A non-bare repository has two parts that can clearly get out of sync during a backup: The work tree and the .git directory.
  • The .git directory will likely be backed up first, since getdirent will typically return it first, since it gets created first . If a change is made to the work tree during that backup, and committed while the work tree is being backed up, the backup won't include that commit -- which is no particular problem and would not be surprising upon restore. Make commit again and get on with life.
  • However, if (part of) the work tree is backed up before .git, then any changes that are committed to git during the backup would not be reflected in the restored work tree, and git diff would show a reversion of those changes. After restore, care would need to be taken to reset the work tree (without losing any legitimate uncommitted changes).
• A non-bare repository can also become broken in other ways if just the wrong state is snapshotted. For example, if a commit is in progress during a backup, .git/index.lock may exist, and prevent future commits from happening, until it's deleted. These problems can also occur if the machine dies at just the right time during a commit. Git tells you how to recover. (git could go further to avoid these problems than it does; for example it could check if .git/index.lock is actually locked using fcntl. Something I do in git-annex to make the .git/annex/index.lock file crash safe.)
• A bare repository could be receiving a push (or a non-bare repository a pull) while the backup occurs. These are fairly similar cases, with the main difference being that a non-bare repository has the reflog, which can be used to recover from some inconsist states that could be backed up. Let's concentrate on pushes to bare repositories.
  • A pack could be in the process of being uploaded during a backup. The KDE developers apparently worried that this could result in a corrupt or inconsistent repository, but TTBOMK it cannot; git transfers the pack to a temp file and atomically renames it into place once the transfer is complete. A backup may include an excess temp file, but this can also happen if the system goes down while a push is in progress. Git cleans these things up.
  • A push first transfers the .git/objects, and then updates .git/refs. A backup might first back up the refs, and then the objects. In this case, it would lose the record that refs were pushed. After being restored, any push from another repository would update the refs, even using the objects that did get backed up. So git recovers from this, and it's not really a concern.
  • Perhaps a backup chooses to first back up the objects, and then the refs. In this case, it could back up a newly changed ref, without having backed up the referenced objects (because they arrived after the backup had finished with the objects). When this happens, your bare repository is inconsistent; you have to somehow hunt down the correct ref for the objects you do have. This is a bad failure mode. git could improve this, perhaps, by maintaining a reflog for bare repositories. (Update: core.logAllRefUpdates can be set to true for bare repositories, but is disabled by default.)
• A "backup" of a git repository can consist of other clones of it. Which do not include .git/hooks/ scripts, .git/config settings, and potentially other valuable information, that strangely, we do not check into revision control despite having this nice revision control system available. This is the most likely failure mode with "git backups". :P

I think that it's important git support naive backups of git repositories as well as possible, because that's probably how most backups of git repositories are made. We don't all have time to carefully tune our backup systems to do something special around our git repositories to ensure we get them in a consistent state like the KDE project did, and as their experience shows, even if we do it, we can easily introduce other, unanticipated problems. Can anyone else think of any other failure modes like these, or find holes in my slightly rushed analysis?

---

PS: git-annex is itself entirely crash-safe, to the best of my abilities, and also safe for naive backups. But inherits any problems with naive backups of git repositories.

I'm just back from ExoClimes 2010: Exploring the Diversity of Planetary Atmospheres. An excellent conference: the PDFs of the talks and posters are now online, and they are putting the videos of the talks up soon. But in particular the organizers deserves thanks for bringing exoplanetary scientists and observers together with climate modelers doing Earth (and Mars, Titan, Venus, ...) models. The last talk on Friday was by Peter Cox on Climate change and exoplanet sciences that was far better than expected for the "graveyard shift". One theme of the conference was the need for a 'heirarchy' of models, from simple energy-balance models to full circulation (GCM) models: using progressively more complex models to understand more bits of whats going on. Exoplanet workers mostly use simpler models, progressing now to GCMs, while Earth modellers are moving beyond GCMs to "Earth system" models including biology, etc. Peter pointed out the two styles of work: the exoplanet modelers are short of data, and risk being too speculative. We know little of what the planets are like, and concentrate on implementing physics in the models to see what they might be like. Earth modelers on the other hand are if anything swamped with data: the tendency here is to make the model fit the data, by adjusting parameters until it does so. The danger of this approach is that the model will then not work away from current present-Earth conditions. Tim Lenton pointed out some work that was done with the Met Office model, where they took the radiative transfer part of the model and tested it for other planets, and paleo-Earth conditions. The model blew up : it wasn't capable of x2 or x4 current CO2 levels. (This has since been corrected). Over dinner there were interesting discussions on the different styles within the communities. While the underlying GCMs used come from the Earth sciences, its quite common within the exoplanetary community for a researcher to work on all parts of the model: dynamics one day, radiative transfer the next. In Earth climate work people have become more specialized and someone is a 'radiative transfer' person, and won't touch other parts of the code (even if they can follow them in the huge codes we have today!). On the other hand, there is a greater tradition of model inter-comparison in Earth sciences, where we compare the model outputs to each other for some known test cases ( Held & Suarez, the CMIP5 project, etc.) Apart from some initial work by Emily Rauscher, little has been done on this in exoplanetary models; it was agreed more of this would be a good idea. Radiative transfer (the interaction of 'sunlight' with the atmosphere, where it gets absorbed, scattered and re-radiated) in particular seems to be an area that could benefit from this. In this middle ground Francois Forget showed the work on the LMDZ model and applying GCMs to terrestrial planets. They've successfully applied this model to Mars, Titan, and partially to Venus (a much tougher problem, due to its heavy clouds giving a long radiative timescale). There are problems with correctly explaining super-rotation though. This is where the atmosphere rotates faster than the planet: on Venus for example the planet rotates every 243 days, while the clouds rotate around the planet every 4 days. Sebastian Lebonnois described the possible mechanisms for Venus and Titan; Johnathan Mitchell so did some interesting work on this recently. Different regimes are involved for different rotation rates of the planet. Ralph Lorenz pointed out the lack of "real paleo-Earth" climate work at the moment. While geology has inspired a lot of work on the atmospheric composition, what with the different gas mixtures (meaning earth-model radiative transfer codes don't work) and the faster dynamics meaning super-rotation could apply (Earth's day was about 8 hours long in the Archean era), we don't have a model of the climate yet. It looks like we should treat Earth as an exoplanet. Tags astronomy, climate, exoplanets, conferences

Fun in the afternoon is a designed to be a relaxed programming semair, and being bored I went along. It was pretty good, with all the talks being quite relaxed and interesting. Phil Wadler's Talk was of some interest, since I hate PHP and the other web programming things I have tried, including haskell-html and Kaya arent quite ready yet. The other three talks were quite good. All discussed new things, and there was a lot of "I don't quite know" in reply to the tough questions. The Metatheory stuff was fun, though I haven't done anything like enough type theory to need it. The Version Control stuff was quite cool, and it would be nice to see that become a real tool, similar to darcs. Andrew Kennedy's take on C# was interesting, though he admitted beforehand that he didn't quite belive it himself. It lead to a lot of muttering between Edwin and Myself as to what a functional langauge really was. Its interesting how all the academics revert back to their undergrad days: reading the paper, talking, playing on laptops, being late, sitting at the back and eating. It was also nice to put some faces to names, including Neil Mitchell and Conor McBride Its also nice to see how many people were there, and that people wanted to go have a drink afterwards. That evening I caught up with Dan, and its nice to see he is settling into his new job well. I caught the train home in the morning, getting in at three, and managed to watch the rugby before sleeping for 15 hours, a result of not sleeping week for 8 days before that.

Ubuntu is now being forced to show a EULA before letting users run Firefox, on pain of losing the rights to the Firefox trademark. (You know, End User License Agreements: those pop-ups Windows and Mac users have to put up with all the time, with the big “I Accept” button at the bottom.) Mark Shuttleworth, Ubuntu top dog, weighs in on the bug:

Please feel free to make constructive suggestions as to how we can meet Mozilla’s requirements while improving the user experience. It’s not constructive to say “WTF?”, nor is it constructive to rant and rave in allcaps. Your software freedoms are built on legal grounds, as are Mozilla’s rights in the Firefox trademark. To act as though your rights are being infringed misses the point of free software by a mile.

This is a bit surprising, and a bit disappointing. Both the decision itself, and Mark’s take on it, are quite wrong. One of the most important benefits of free software is the legal agreement you work in. You don’t have to agree to some long contract every time you need to do something new on your system, or sometimes even when you get a “critical update” to something you’re already doing. You don’t have to read pages of legalese, or go through some long process with your company’s legal department, or just click the “make it go away” button with this vague unease that you’ve just signed your first-born child away to the Devil. Most importantly, you feel like you actually own your computer when you run free software on it. When you enter a situation where you always have to ask permission to do things, and have to be constantly reminded of the rules, you don’t feel comfortable. Clearly, the thing in front of you is not yours, whatever your credit card bill might say; if it were, there wouldn’t be all this stress over you doing something the real owners don’t like. Free software returns your computer to you, by guaranteeing that you don’t have to enter into all these contracts before you can use it. Well, unless that “free” software is Firefox 3.0.2 or later, it seems. It’s “free” by a technical definition (you can strip the Firefox trademark rather easily, and get rid of the EULA as well). But when users fire up Ubuntu, and decide to do some browsing, and get confronted with pages of legal garbage and ALL CAPS, they will ask: “What’s so different about this open source stuff? I thought I was getting rid of all this legal crap.” And, suddenly, they’re slogging through the same drudgery they had to endure with every Windows service pack, and they wonder what they’ve gained. Perhaps there is a price we should be willing to pay to help Mozilla preserve their trademarks, but this price is too great. Mozilla should never have asked this of us, and Ubuntu should never have decided, on our behalf, that this price was acceptable. Debian has already turned its back on Firefox, and I have yet to have a problem with Iceweasel (the branding Debian chose for its Firefox-alike) that was caused by the branding change. But I’m tempted to bring it back, in Debian’s “non-free” software repository. Perhaps we could provide Firefox, complete with nasty EULA, but launch Iceweasel instead of Firefox if the user clicks “No”. There are probably all kinds of reasons why this is a bad idea, but I’m still drawn to the idea of illustrating how silly and useless click-through EULAs are. But it would be much more productive for Mozilla to back down, and not ask us to sacrifice such a large part of our identity on the altar of their sacred mark. UPDATE: First, I notice I was remiss in not giving a hat tip to Slashdot. Second, Mark has posted another comment on the bug. I encourage people to read the whole comment, but here’s a telling part:

For example, at the moment, we’re in detailed negotiations with a
company that makes a lot of popular hardware to release their drivers as
free software - they are currently proprietary. It would not be possible
to hold those negotiations if every step of the way turned into a public
discussion. And yet, engaging with that company both to make sure Ubuntu
works with its hardware and also to move them towards open source
drivers would seem to be precisely in keeping with our community values. In this case, we have been holding extensive, sensitive and complex
conversations with Mozilla. We strongly want to support their brand
(don’t forget this is one of the few companies that has successfully
taken free software to the dragons lair) and come to a reasonable
agreement. We want to do that in a way which is aligned with Ubuntu’s
values, and we have senior representatives of the project participating
in the dialogue and examining options for the implementation of those
agreements. Me. Matt Zimmerman. Colin Watson. Those people have earned
our trust.

On the one hand, yes, I believe that the Canonical people have earned our trust, and I do appreciate the utility of quiet persuasion with a proprietary software company that doesn’t understand our community. On the other hand, I had been under the impression that Mozilla was not a proprietary software company, and didn’t need persuasion and secret negotiations to see our point of view. Is Mozilla still a free software company, or not? UPDATE 2: Cautious optimism is appropriate, I think. Mitchell Baker, Mozilla chair:

We (meaning Mozilla) have shot ourselves in the foot here given the old, wrong content. So I hope we can have a discussion on this point, but I doubt we ll have a good one until we fix the other problems.

The actual changes aren’t available yet, and I wonder how much of this had been communicated to Canonical beforehand. Still, it’s a good sign.

Success as a parent is when your two year old recognizes and demands, at various times, Joni Mitchell, Paul McCartney (particular tracks), They Might Be Giants, and the White Stripes. And when she knows how to operate her own portable CD player and navigate your cell phone photo library. These are skills that the Class of 2026 is going to need.

Share This

I attended my first half-yearly meeting as a member of the co-operative group yesterday evening at 7pm. The event for the strangely-named Kennet and Avon area was held at Jury's Hotel near Queen Square, which is a part of Bristol I've not visited for a while, so I got there a bit early to find it. I found it easily, which gave me a few minutes spare to visit the co-operative food store on the Centre (pictured), which is the first rebranded one I've seen. It looks light and airy and the staff were friendly. I didn't find everything I was looking for, but after exiting, I noticed I'd not seen around the corner of the L-shaped store! Anyway, the meeting itself was chaired by Peter Begley and was attended by six elected reps, three regional officers, four trading managers (all food?) and about 50 members by my reckoning. There was a comment later in the meeting about the low turnout from Bath - it seems that a meeting for each city had been requested and refused. There was also a comment about lack of transport from Weston-super-Mare, about which I'm not sure: trains between WsM and Bristol are at least hourly. Maybe there should be a shuttle between station and meeting for people who can't walk, but it seems nuts to run a bus from here when trains are faster and have space. Officer Chris Griffiths gave a presentation (with loud music!) about our community support, including windfarms on the co-operative farms, Farm to Fork, the Woodcraft Folk, the Queens Award for Sustainable Development, community chef visits to Ilfracombe and Bath, community challenge, Mukti Mitchell's Low Carbon Lifestyle Tour, Fairtrade fashion shows, Holyland Handicrafts Co-operative at Bath Christmas Market, BAND (D is for Daycare, but I missed the rest), Toy Box Library Bath, Avonmouth Community Centre Association and Oldfield Park Juniors. Frank Jones presented the business interim report, noting that the group has a 2.2% increase of revenue before reinsurance premiums, but the bad weather has hit the insurance arm, reducing the overall profit. Nevertheless, we still paid a total of 38 million pounds to and on behalf of members. The closure of WsM Dolphin Square and the gain of the co-operative pharmacy in Milton were mentioned in passing. There was a short presentation about the constitutional review. The first members' consultation ends on 26 October, so send in your comments soon. There was particular concern about some multi-thousand-pound payments to elected representatives who stand down. Then came member questions, which I'll describe in another post, approval of past minutes, reports of the local co-operative party (success in Bath+NES, 8 councillors in Bristol, loss of 2 councillors in N.Somerset) and presentations to Frank Jones and Simon Crew of 10-year elected service awards. The meeting closed at 9pm.

Inspired by Mitchell Charity's printable paper rulers and Steve Pomeroy's CSS ruler, I wrote a little python script to generate an on-screen ruler for the OLPC XO-1. The XO-1 screens are super high resolution (200dpi) and are each identical. This makes for a very accurate ruler. It's one of a few project I've done or am working on that tries to take advantage of the physical qualities (and physical consistencies) of the XOs. Also, a ruler is just a really useful thing for a school child -- or anyone else for that matter. Of course, different screens have different pixel sizes so the ruler for the XO won't work on another screen. This made some of my friends jealous. To appease them, I spent a couple hours and hacked up a little web frontend to my ruler generator which allows anyone to create custom on-screen rulers and to save them and share them with others who might have the same screen. I've called it YouRule. Please check it out or download the source and send me improvements.

http://projects.mako.cc/yourule

It's nice to get email from someone previously mentioned on my site. Mukti Mitchell emailed:

"The Southampton Boatshow programme made by Meridian ITV will include 4 minutes on the Low Carbon Lifestyle Tour and will be screened this week as follows: Sunday 16th September 1800 ITV4; Monday 17th September After Midnight (0100 Tuesday 18th) ITV4; Thursday 20th September 1930 ITV Meridian (ITV1 in South England) (ITV4 Is a national network channel available via your free digi box.) The programme includes footage filmed on board yacht Chance during the round Britain tour. I hope you enjoy the programme."