I'm happy to announce I handed out my Master's Thesis last Monday. I'm not
publishing the final copy just yet1, as it still needs to go through
the approval committee. If everything goes well, I should have my Master of
Economics diploma before Christmas!
It sure hasn't been easy, and although I regret nothing, I'm also happy to be
done with university.
Looking for a job
What an odd time to be looking for a job, right? Turns out for the first time
in 12 years, I don't have an employer. It's oddly freeing, but also a little
scary. I'm certainly not bitter about it though and it's nice to have some time
on my hands to work on various projects and read things other than academic
papers. Look out for my next blog posts on using the NeTV2 as an OSHW HDMI
capture card, on hacking at security tokens and much more!
I'm not looking for anything long term (I'm hoping to teach Economics again next
Winter), but for the next few months, my calendar is wide open.
For the last 6 years, I worked as Linux system administrator, mostly using a
LAMP stack in conjunction with Puppet, Shell and Python. Although I'm most
comfortable with Puppet, I also have decent experience with Ansible, thanks to
my work in the DebConf Videoteam.
I'm not the most seasoned Debian Developer, but I have some experience
packaging Python applications and libraries. Although I'm no expert at it,
lately I've also been working on Clojure packages, as I'm trying to get Puppet
6 in Debian in time for the Bullseye freeze. At the rate it's going though, I
doubt we're going to make it...
If your company depends on Puppet and cares about having a version in Debian 11
that is maintained (Puppet 5 is EOL in November 2020), I'm your guy!
Oh, and I guess I'm a soon-to-be Master of Economics specialising in Free and
Open Source Software business models and incentives theory. Not sure I'll ever
get paid putting that in application, but hey, who knows.
If any of that resonates with you, contact me and let's have a chat! I promise
I don't bite :)
The title of the thesis is What are the incentive structures of
Free Software? An economic analysis of Free Software's specific development
model. Once the final copy is approved, I'll be sure to write a longer blog
post about my findings here.
Dealing with the void during MiniDebConf Online #1
Between 28 and 31 May this year, we set out to create our first ever online MiniDebConf for Debian. Many people have been meaning to do something similar for a long time, but it just didn t work out yet. With many of us being in lock down due to COVID-19, and with the strong possibility looming that DebConf20 might have had to become an online event, we rushed towards organising the first ever Online MiniDebConf and put together some form of usable video stack for it.
I could go into all kinds of details on the above, but this post is about a bug that lead to a pretty nifty feature for DebConf20. The tool that we use to capture Jitsi calls is called Jibri (Jitsi Broadcasting Infrustructure). It had a bug (well, bug for us, but it s an upstream feature) where Jibri would hang up after 30s of complete silence, because it would assume that the call has ended and that the worker can be freed up again. This would result in the stream being ended at the end of every talk, so before the next talk, someone would have to remember to press play again in their media player or on the video player on the stream page. Hrmph.
Easy solution on the morning that the conference starts? I was testing a Debian Live image the night before in a KVM and thought that I might as well just start a Jitsi call from there and keep a steady stream of silence so that Jibri doesn t hang up.
It worked! But the black screen and silence on stream was a bit eery. Because this event was so experimental in nature, and because we were on such an incredibly tight timeline, we opted not to seek sponsors for this event, so there was no sponsors loop that we d usually stream during a DebConf event. Then I thought Ah! I could just show the schedule! .
The stream looked bright and colourful (and was even useful!) and Jitsi/Jibri didn t die. I thought my work was done. As usual, little did I know how untrue that was.
The silence was slightly disturbing after the talks, and people asked for some music. Playing music on my VM and capturing the desktop audio in to Jitsi was just a few pulseaudio settings away, so I spent two minutes finding some freely licensed tracks that sounded ok enough to just start playing on the stream. I came across mini-albums by Captive Portal and Cinema Noir, During the course of the MiniDebConf Online I even started enjoying those. Someone also pointed out that it would be really nice to have a UTC clock on the stream. I couldn t find a nice clock in a hurry so I just added a tmux clock in the meantime while we deal with the real-time torrent of issues that usually happens when organising events like this.
Speaking of issues, during our very first talk of the last day, our speaker had a power cut during the talk and abruptly dropped off. Oops! So, since I had a screenshare open from the VM to the stream, I thought I d just pop in a quick message in a text editor to let people know that we re aware of it and trying to figure out what s going on.
In the end, MiniDebConf Online worked out all right. Besides the power cut for our one speaker, and another who had a laptop that was way too under-powered to deal with video, everything worked out very well. Even the issues we had weren t show-stoppers and we managed to work around them.
DebConf20 Moves Online
For DebConf, we usually show a sponsors loop in between sessions. It s great that we give our sponsors visibility here, but in reality people see the sponsors loop and think Talk over! and then they look away. It s also completely silent and doesn t provide any additional useful information. I was wondering how I could take our lessons from MDCO#1 and integrate our new tricks with the sponsors loop. That is, add the schedule, time, some space to type announcements on the screen and also add some loopable music to it.
I used OBS before in making my videos, and like the flexibility it provides when working with scenes and sources. A scene is what you would think of as a screen or a document with its own collection of sources or elements. For example, a scene might contain sources such as a logo, clock, video, image, etc. A scene can also contain another scene. This is useful if you want to contain a banner or play some background music that is shared between scenes.
The above screenshots illustrate some basics of scenes and sources. First with just the DC20 banner, and then that used embedded in another scene.
For MDCO#1, I copied and pasted the schedule into a LibreOffice Impress slide that was displayed on the stream. Having to do this for all 7 days of DebConf, plus dealing with scheduling changes would be daunting. So, I started to look in to generating some schedule slides programmatically. Stefano then pointed me to the Happening Now page on the DebConf website, where the current schedule block is displayed. So all I would need to do in OBS was to display a web page. Nice!
Unfortunately the OBS in Debian doesn t have the ability to display web pages out of the box (we need to figure out CEF in Debian), but fortunately someone provides a pre-compiled version of the plugin called Linux Browser that works just fine. This allowed me to easily add the schedule page in its own scene.
Being able to display a web page solved another problem. I wasn t fond of having to type / manage the announcements in OBS. It would either be a bit prone to user error, and if you want to edit the text while the loop is running, you d have to disrupt the loop, go to the foreground scene, and edit the text before resuming the loop. That s a bit icky. Then I thought that we could probably just get that from a web page instead. We could host some nice html snippet in a repository in salsa, and then anyone could easily commit an MR to update the announcement.
But then I went a step further, use an etherpad! Then anyone in the orga team can quickly update the announcement and it would be instantly changed on the stream. Nice! So that small section of announcement text on the screen is actually a whole web browser with an added OBS filter to crop away all the pieces we don t want. Overkill? Sure, but it gave us a decent enough solution that worked in time for the start of DebConf. Also, being able to type directly on to the loop screen works out great especially in an emergency. Oh, and uhm the clock is also a website rendered in its own web browser :-P
So, I had the ability to make scenes, add elements and add all the minimal elements I wanted in there. Great! But now I had to figure out how to switch scenes automatically. It s probably worth mentioning that I only found some time to really dig into this right before DebConf started, so with all of this I was scrambling to find things that would work without too many bugs while also still being practical.
Now I needed the ability to switch between the scenes automatically / programmatically. I had never done this in OBS before. I know it has some API because there are Android apps that you can use to control OBS with from your phone. I discovered that it had an automatic scene switcher, but it s very basic. It can only switch based on active window, which can be useful in some cases, but since we won t have any windows open other than OBS, this tool was basically pointless.
After some quick searches, I found a plugin called Advanced Scene Switcher. This plugin can do a lot more, but has some weird UI choices, and is really meant for gamers and other types of professional streamers to help them automate their work flow and doesn t seem at all meant to be used for a continuous loop, but, it worked, and I could make it do something that will work for us during the DebConf.
I had a chicken and egg problem because I had to figure out a programming flow, but didn t really have any content to work with, or an idea of all the content that we would eventually have. I ve been toying with the idea in my mind and had some idea that we could add fun facts, postcards (an image with some text), time now in different timezones, Debian news (maybe procured by the press team), cards that contain the longer announcements that was sent to debconf-announce, perhaps a shout out or two and some photos from previous DebConfs like the group photos. I knew that I wouldn t be able to build anything substantial by the time DebConf starts, but adding content to OBS in between talks is relatively easy, so we could keep on building on it during DebConf.
Nattie provided the first shout out, and I made 2 video loops with the DC18/19 pictures and also two Did you know cards. So the flow I ended up with was: Sponsors -> Happening Now -> Random video (which would be any of those clips) -> Back to sponsors. This ended up working pretty well for quite a while. With the first batch of videos the sponsor loop would come up on average about every 2 minutes, but as much shorter clips like shout outs started to come in faster and faster, it made sense to play a few 2-3 shout-outs before going back to sponsors.
So here is a very brief guide on how I set up the sequencing in Advanced Scene Switcher.
If no condition was met, a video would play from the Random tab.
Then in the Random tab, I added the scenes that were part of the random mix. Annoyingly, you have to specify how long it should play for. If you don t, the no condition thingy is triggered and another video is selected. The time is also the length of the video minus one second, because
You can t just say that a random video should return back to a certain scene, you have to specify that in the sequence tab for each video. Why after 1 second? Because, at least in my early tests, and I didn t circle back to this, it seems like 0s can randomly either mean instantly, or never. Yes, this ended up being a bit confusing and tedious, and considering the late hours I worked on this, I m surprised that I didn t manage to screw it up completely at any point.
I also suspected that threads would eventually happen. That is, when people create video replies to other videos. We had 3 threads in total. There was a backups thread, beverage thread and an impersonation thread. The arrow in the screenshot above points to the backups thread. I know it doesn t look that complicated, but it was initially somewhat confusing to set up and make sense out of it.
For the next event, the Advanced Scene Switcher might just get some more taming, or even be replaced entirely. There are ways to drive OBS by API, and even the Advanced Scene Switcher tool can be driven externally to some degree, but I think we definitely want to replace it by the next full DebConf. We had the problem that when a talk ended, we would return to the loop in the middle of a clip, which felt very unnatural and sometimes even confusing. So Stefano helped me with a helper script that could read the socket from Vocto, which I used to write either Loop or Standby to a file, and then the scene switcher would watch that file and keep the sponsors loop ready for start while the talks play. Why not just switch to sponsors when the talk ends? Well, the little bit of delay in switching would mean that you would see a tiny bit of loop every time before switching to sponsors. This is also why we didn t have any loop for the ad-hoc track (that would have probably needed another OBS instance, we ll look more into solutions for this for the future).
Then for all the clips. There were over 50 of them. All of them edited by hand in kdenlive. I removed any hard clicks, tried to improve audibility, remove some sections at the beginning and the end that seemed extra and added some music that would reduce in volume when someone speaks. In the beginning, I had lots of fun with choosing music for the clips. Towards the end, I had to rush them through and just chose the same tune whether it made sense or not. For comparison of what a difference the music can make, compare the original and adapted version for Valhalla s clip above, or this original and adapted video from urbec. This part was a lot more fun than dealing with the video sequencer, but I also want to automate it a bit. When I can fully drive OBS from Python I ll likely instead want to show those cards and control music volume from Python (what could possibly go wrong ).
The loopy name happened when I requested an @debconf.org alias for this. I was initially just thinking about loop@debconf.org but since I wanted to make it clear that the purpose of this loop is also to have some fun, I opted for loopy instead:
I was really surprised by how people took to loopy. I hoped it would be good and that it would have somewhat positive feedback, but the positive feedback was just immense. The idea was that people typically saw it in between talks. But a few people told me they kept it playing after the last talk of the day to watch it in the background. Some asked for the music because they want to keep listening to it while working (and even for jogging!?). Some people also asked for recordings of the loop because they want to keep it for after DebConf. The shoutouts idea proved to be very popular. Overall, I m very glad that people enjoyed it and I think it s safe to say that loopy will be back for the next event.
Also throughout this experiment Loopy Loop turned into yet another DebConf mascot. We gain one about every DebConf, some by accident and some on purpose. This one was not quite on purpose. I meant to make an image for it for salsa, and started with an infinite loop symbol. That s a loop, but by just adding two more solid circles to it, it looks like googly eyes, now it s a proper loopy loop!
I like the progress we ve made on this, but there s still a long way to go, and the ideas keep heaping up. The next event is quite soon (MDCO#2 at the end of November, and it seems that 3 other MiniDebConf events may also be planned), but over the next few events there will likely be significantly better graphics/artwork, better sequencing, better flow and more layout options. I hope to gain some additional members in the team to deal with incoming requests during DebConf. It was quite hectic this time! The new OBS also has a scripting host that supports Python, so I should be able to do some nice things even within OBS without having to drive it externally (like, display a clock without starting a web browser).
The Loopy Loop Music
The two mini albums that mostly played during the first few days were just a copy and paste from the MDCO#1 music, which was:
I have much more things to say about DebConf20, but I ll keep that for another post, and hopefully we can get all the other video stuff in a post from the video team, because I think there s been some real good work done for this DebConf. Also thanks to Infomaniak who was not only a platinum sponsor for this DebConf, but they also provided us with plenty of computing power to run all the video stuff on. Thanks again!
After we gave our talk at DebConf 20, Doing things together,
there were 5 minutes left for the live Q&A. Pollo asked a question that I
think is interesting and deserves a longer answer: How can we still have a
good code review process without making it a "you need to be perfect"
scenario? I often find picky code reviews help me write better code.
I find it useful to first disentangle
what code reviews are good for, how we do them, why we do them that way, and
how we can potentially improve processes.
What are code reviews good for?
Code review and peer review are great methods for cooperation aiming at:
Ensuring that the code works as intended
Ensuring that the task was fully accomplished and no detail left out
Ensuring that no security issues have been introduced
Making sure the code fits the practices of the team and is understandable and maintainable by others
Sharing insights, transferring knowledge between code author and code reviewer
Helping the code author to learn to write better code
Looking at this list, the last point seems to be more like a nice side
effect of all the other points. :)
How do code reviews happen in our communities?
It seems to be a common assumption that code reviews are and have to
be picky and perfectionist. To me, this does not actually seem to be a
necessity to accomplish the above mentioned goals. We might want to work with
precision a quality which is different from perfection. Perfection
can hardly be a goal: perfection does not exist.
Perfectionist dynamics can lead to failing to call something "good enough"
or "done". Sometimes, a disproportionate amount of time is invested in writing
(several) code reviews for minor issues. In some cases, strong perfectionist
dynamics of a reviewer can create a feeling of never being good enough along
with a loss of self esteem for otherwise skilled code authors.
When do we cross the line?
When going from cooperation, precision, and learning to write better code,
to nitpicking, we are crossing a line: nitpicking means to pedantically search
for others' faults. For example, I once got one of my Git commits at work
criticized merely for its commit message that was said to be "ugly"
because I "use[d] the same word twice" in it.
When we are nitpicking, we might not give feedback in an appreciative,
cooperative way, we become fault finders instead. From there it's a short way
to operating on the level of blame.
Are you nitpicking to help or are you nitpicking to prove something?
Motivations matter.
How can we improve code reviewing?
When we did something wrong, we can do better next time. When we are told that we are wrong, the underlying assumption is that we cannot change (See Bren Brown, The difference between blame and shame). We can learn to go beyond blame.
Negative feedback rarely leads to improvement if the
environment in which it happens lacks general appreciation and confirmation.
We can learn to give helpful feedback. It might be harder to create an
appreciative environment in which negative feedback is a possibility for
growth. One can think of it like of a relationship: in a healthy relationship
we can tell each other when something does not work and work it out because
we regularly experience that we respect, value, and support each
other.
To be able to work precisely, we need guidelines, tools, and time. It's not
possible to work with precision if we are in a hurry, burnt out, or working
under a permanent state of exception. The same is true for receiving picky
feedback.
On DebConf's IRC channel, after our talk, marvil07 said: On picky code
reviews, something that I find useful is automation on code reviews; i.e. when
a bot is stating a list of indentation/style errors it feels less personal, and
also saves time to humans to provide more insightful changes. Indeed, we can
set up routines that do automatic fault checking (linting). We can set up coding
guidelines. We can define what we call "done" or "good enough".
We can negotiate with each other how we would like code to be reviewed. For
example, one could agree that a particularly perfectionist reviewer should
point out only functional faults. They can spare their time and refrain from
writing lengthy reviews about minor esthetic issues that have never made it
into a guideline. If necessary, author and reviewer can talk about what can be
improved on the long term during a retrospective. Or, on the contrary, one could explicitly
ask for a particularly detailed review including all sorts of esthetic
issues to learn the best practices of a team applied to one's own code.
In summary: let's not lose sight of what code reviews are good for, let's
have a clear definition of "done", let's not confuse precision with perfection,
let's create appreciative work environments, and negotiate with each
other how reviews are made.
I'm sure you will come up with more ideas. Please do not hesitate to share them!
Our thoughts about cooperation aspects of doing things together.
Sometimes in Debian we do work together with others, and sometimes we are a
number of people who work alone, and happen to all upload their work in the
same place.
In times when we have needed to take important decisions together, this
distinction has become crucial, and some of us might have found that we were
not as good at cooperation as we would have thought.
This talk is intended for everyone who is part of a larger community. We will
show concepts and tools that we think could help understand and shape
cooperation.
How can we still have a good code review process without making it a "you
need to be perfect" scenario? I often find picky code reviews help me write
better code.
DebConf20 starts in about 5 weeks, and as always, the DebConf
Videoteam is working hard to make sure it'll be a success. As such, we held a
sprint from July 9th to 13th to work on our new infrastructure.
A remote sprint certainly ain't as fun as an in-person one, but we nonetheless
managed to enjoy ourselves. Many thanks to those who participated, namely:
Carl Karsten (CarlFK)
Ivo De Decker (ivodd)
Kyle Robbertze (paddatrapper)
Louis-Philippe V ronneau (pollo)
Nattie Mayer-Hutchings (nattie)
Nicolas Dandrimont (olasd)
Stefano Rivera (tumbleweed)
Wouter Verhelst (wouter)
We also wish to extend our thanks to Thomas Goirand and Infomaniak for
providing us with virtual machines to experiment on and host the video
infrastructure for DebConf20.
Advice for presenters
For DebConf20, we strongly encourage presenters to record their talks in
advance and send us the resulting video. We understand this is more work,
but we think it'll make for a more agreeable conference for everyone. Video
conferencing is still pretty wonky and there is nothing worse than a talk
ruined by a flaky internet connection or hardware failures.
As such, if you are giving a talk at DebConf this year, we are asking you to
read and follow our guide on how to record your presentation.
Fear not: we are not getting rid of the Q&A period at the end of talks.
Attendees will ask their questions either on IRC or on a collaborative pad
and the Talkmeister will relay them to the speaker once the pre-recorded
video has finished playing.
New infrastructure, who dis?
Organising a virtual DebConf implies migrating from our battle-tested
on-premise workflow to a completely new remote one.
One of the major changes this means for us is the addition of Jitsi Meet to our
infrastructure. We normally have 3 different video sources in a room: two
cameras and a slides grabber. With the new online workflow, directors will be
able to play pre-recorded videos as a source, will get a feed from a Jitsi room
and will see the audience questions as a third source.
This might seem simple at first, but is in fact a very major change to our
workflow and required a lot of work to implement.
== On-premise == == Online ==
Camera 1 Jitsi
v ---> Frontend v ---> Frontend
Slides -> Voctomix -> Backend -+--> Frontend Questions -> Voctomix -> Backend -+--> Frontend
^ ---> Frontend ^ ---> Frontend
Camera 2 Pre-recorded video
In our tests, playing back pre-recorded videos to voctomix worked well, but was
sometimes unreliable due to inconsistent encoding settings. Presenters will
thus upload their pre-recorded talks to SReview so we can make sure there
aren't any obvious errors. Videos will then be re-encoded to ensure a
consistent encoding and to normalise audio levels.
This process will also let us stitch the Q&As at the end of the pre-recorded
videos more easily prior to publication.
Reducing the stream latency
One of the pitfalls of the streaming infrastructure we have been using since
2016 is high video latency. In a worst case scenario, remote attendees could
get up to 45 seconds of latency, making participation in events like BoFs
arduous.
In preparation for DebConf20, we added a new way to stream our talks: RTMP.
Attendees will thus have the option of using either an HLS stream with higher
latency or an RTMP stream with lower latency.
Here is a comparative table that can help you decide between the two protocols:
HLS
RTMP
Pros
Can be watched from a browser
Auto-selects a stream encoding
Single URL to remember
Lower latency (~5s)
Cons
Higher latency (up to 45s)
Requires a dedicated video player (VLC, mpv)
Specific URLs for each encoding setting
Live mixing from home with VoctoWeb
Since DebConf16, we have been using voctomix, a live video mixer developed
by the CCC VOC. voctomix is conveniently divided in two: voctocore is the
backend server while voctogui is a GTK+ UI frontend directors can use to
live-mix.
Although voctogui can connect to a remote server, it was primarily designed to
run either on the same machine as voctocore or on the same LAN. Trying to use
voctogui from a machine at home to connect to a voctocore running in a
datacenter proved unreliable, especially for high-latency and low bandwidth
connections.
Inspired by the setup FOSDEM uses, we instead decided to go with a web frontend
for voctocore. We initially used FOSDEM's code as a proof of
concept, but quickly reimplemented it in Python, a language we are more
familiar with as a team.
Compared to the FOSDEM PHP implementation, voctoweb implements A / B source
selection (akin to voctogui) as well as audio control, two very useful
features. In the following screen captures, you can see the old PHP UI on the
left and the new shiny Python one on the right.
Voctoweb is still under development and is likely to change quite a bit
until DebConf20. Still, the current version seems to works well enough to be
used in production if you ever need to.
Python GeoIP redirector
We run multiple geographically-distributed streaming frontend servers to
minimize the load on our streaming backend and to reduce overall latency.
Although users can connect to the frontends directly, we typically point them
to live.debconf.org and redirect connections to the nearest server.
Sadly, 6 months ago MaxMind decided to change the licence on their
GeoLite2 database and left us scrambling. To fix this annoying issue, Stefano
Rivera wrote a Python program that uses the new database and reworked our
ansible frontend server role. Since the new database cannot be
redistributed freely, you'll have to get a (free) license key from MaxMind if
you to use this role.
Ansible & CI improvements
Infrastructure as code is a living process and needs constant care to fix bugs,
follow changes in DSL and to implement new features. All that to say a large
part of the sprint was spent making our ansible roles and continuous
integration setup more reliable, less buggy and more featureful.
All in all, we merged 26 separate ansible-related merge request during the
sprint! As always, if you are good with ansible and wish to help, we accept
merge requests on our ansible repository :)
DebConf20 will be held online this year and I've started doing some work
for the DebConf videoteam to prepare what's to come.
One thing I want us to do is capture a live IRC session and use it as a video
input in Voctomix, the live video mixer we use. This way, at the end of a
talk we could show both the attendees asking questions on IRC and the presenter
replying to them side-by-side.
Capturing a live video of an IRC client on a remote headless server is somewhat
more complicated than you might think; as far as I know, neither ffmpeg nor
gstreamer support recording a live ssh pseudoterminal1.
Worse, neither weechat nor irssi run on X: they use ncurses... Although you
can capture an X11 window with ffmpeg -f x11grab, I wasn't able to get them to
run with Xvfb.
Capturing the framebuffer
One thing I dislike with this method is the framebuffer isn't always easy to
access on remote machines. If you don't have a serial connection, you can try
using a VNC server that can.
I did my tests in a VM on an KVM hypervisor and used virt-manager to access
the framebuffer.
I had a hard time setting the framebuffer resolution to a 16:9 aspect ratio. The
winning combination ended up passing the nomodeset kernel parameter at boot
and setting up these parameters in /etc/default/grub2:
GRUB_GFXMODE=1280x720
GRUB_GFXPAYLOAD_LINUX=keep
To make the text more readable, this is the /etc/default/console-setup file
that seemed to make the most sense:
# CONFIGURATION FILE FOR SETUPCON
# Consult the console-setup(5) manual page.
ACTIVE_CONSOLES="/dev/tty[1-6]"
CHARMAP="UTF-8"
CODESET="Lat15"
FONTFACE="TerminusBold"
FONTSIZE="12x24"
Once that is done, the only thing left is to run the IRC client and launch
ffmpeg. The magic command to record the framebuffer seems to be something
like:
Here's a blog post I wrote for the puppet.com blog. Many thanks
to Ben Ford and all their team!.
With everything that is currently happening around the world, many of us IT
folks have had to solve complex problems in a very short amount of time. Pretty
quickly at work, I was tasked with finding a way to make virtual meetings easy,
private and secure.
Whereas many would have turned to a SaaS offering, we decided to use Jitsi
Meet, a modern and fully on-premise FOSS videoconferencing solution.
Jitsi works on all platforms by running in a browser and comes with nifty
Android and iOS applications.
We've been using our instance quite a bit, and so far everyone from technical
to non-technical users have been pretty happy with it.
Jitsi Meet is powered by WebRTC and can be broken into multiple parts across
multiple machines if needed. In addition to the webserver running the Jitsi
Meet JavaScript code, the base configuration uses the Videobridge to manage
users' video feeds, Jicofo as a conference focus to manage media sessions and
the Prosody XMPP server to tie it all together.
Here's a network diagram I took from their documentation to show
how those applications interact:
Getting started with the Jitsi Puppet module
First of all, you'll need a valid domain name and a server with decent
bandwidth. Jitsi has published a performance evaluation of the
Videobridge to help you spec your instance appropriately. You will also need to
open TCP ports 443, 4443 and UDP port 10000 in your firewall. The
puppetlabs/firewall module could come in handy here.
Once that is done, you can use the smash/jitsimeet Puppet module on
a Debian 10 (Buster) server to spin up an instance. A basic configuration would
look like this:
The jitsimeet module is still pretty young: it clearly isn't perfect and some
external help would be very appreciated. If you have some time, here are a few
things that would be nice to work on:
Tests using puppet-rspec
Support for other OSes (only Debian 10 at the moment)
Integration with the Apache and Ngnix modules
If you use this module to manage your Jitsi Meet instance, please send patches
and bug reports our way!
Learn more
Here is my monthly update covering what I have been doing in the free software world during March 2020 (previous month):
Patched the browserify-lite Javascript compiler to ensure that module dependency maps are rendered in a deterministic order. (#14)
Pushed a change to the "pmemkv" key-value data store to make their documentation build reproducibly. (#615)
As part of my duties of being on the board of directors of the Open Source Initiative and Software in the Public Interest I attended their respective monthly meetings and participated in various licensing and other discussions occurring on the internet as well as the usual internal discussions regarding logistics, licensing, policy and liaising with the ClearlyDefined and so
Congratulations to Megan Sanicki and Josh Simmons who were elected and re-elected respectively to the OSI Board's two individual member seats and to Italo Vignoli who was elected to the affiliate member seat. These newly-elected Directors will took their seats on March 20, 2020.
As part of being on being on the judging panel of the OpenUK Awards I am pleased to announce that after some discussion nominations are now open until 15th June in five different categories.
Merged a number of contributions to my django-cache-toolbox "non-magical" caching library for Django web applications, including caching negative relation lookups locally (#14) and to include the README file in the package long description (#17).
Made some small changes to my tickle-me-email library which implements Gettings Things Done (GTD)-like behaviours in IMAP inboxes to support to optionally limiting the number of messages in the send-later functionality. [...]
In addition, I did even more hacking on the Lintian static analysis tool for Debian packages, including:
New features:
Check for py3versions -i in autopkgtests and debian/rules files. (#954763)
Warn when py3versions -s is used without a python3-all dependency. (#954763)
Correct reference to a bug in a previous debian/changelog entry. [...]
Avoid indenting approximately 150 lines by returning early from a subroutine and other code improvements. [...]
Reproducible builds
One of the original promises of open source software is that distributed peer review and transparency of process results in enhanced end-user security. However, whilst anyone may inspect the source code of free and open source software for malicious flaws, almost all software today is distributed as
pre-compiled binaries. This allows nefarious third-parties to compromise systems by injecting malicious code into ostensibly secure software during the various compilation and distribution processes.
The motivation behind the Reproducible Builds effort is to ensure no flaws have been introduced during this compilation process by promising identical results are always generated from a given source, thus allowing multiple third-parties to come to a consensus on whether a build was compromised.
The initiative is proud to be a member project of the Software Freedom Conservancy, a not-for-profit 501(c)(3) charity focused on ethical technology and user freedom.
Conservancy acts as a corporate umbrella allowing projects to operate as non-profit initiatives without managing their own corporate structure. If you like the work of the Conservancy or the Reproducible Builds project, please consider becoming an official supporter.
This month, I:
Filed an issue against IMAP Spam Begone a script by Louis-Philippe V ronneau (pollo) that makes it easy to process an email inbox using SpamAssassin to report that a (duplicate) documentation entry includes nondeterministic value taken from the value of the XDG cache directory (#151) and filed an upstream pull requests against the pmemkv key-value data store to make their documentation build reproducibly (#615).
Further refined my merge request against the debian-installer component to allow all arguments from sources.list files (such as [check-valid-until=no]) in order that we can test the reproducibility of the installer images on the Reproducible Builds own testing infrastructure. (#13)
Submitted two following patches to fix reproducibility-related toolchain issues within Debian:
node-browserify-lite: Please make the output reproducible. (#954409)
pdb2pqr: Please make the aconf.py file reproducible. (#955287)
Submitted eight patches to fix specific reproducibility issues in beep (caused by a variation between /bin/dash and /bin/bash), cloudkitty (due to a default value being taken from the number of CPUs on the build machine), font-manager (embedding the value of @abs_top_srcdir@ into the resulting binary), gucharmap (due to embedding the absolute build path when generating a comment in a header file), infernal (timestamps are injected into a Python example, which should not be shipped anyway), ndisc6 (embeds the value of CFLAGS into the binary without sanitising any absolute build paths), node-nodedbi (embedded timestamp in binary) & pmemkv (does not respect SOURCE_DATE_EPOCH when populating a YEAR variable).
Improved our website, including correcting the syntax of some CSS class formatting [...], improved some "filed against" copy a little better [...] and corrected a reference to calendar.monthrange Python method. [...]
In our tooling, I also made the following changes to diffoscope, our in-depth and content-aware diff utility that can locate and diagnose reproducibility issues, including preparing and uploading version 138 to Debian:
Improvements:
Don't allow errors with R script deserialisation cause the entire operation to fail, for example if an external library cannot be loaded. (#91)
Experiment with memoising output from expensive external commands, eg. readelf. (#93)
Use dumppdf from the python3-pdfminer if we do not see any other differences from pdftext, etc. (#92)
Prevent a traceback when comparing two R .rdx files directly as the get_member method will return a file even if the file is missing. [...]
Reporting:
Display the supported file formats into the package long description. (#90)
Print a potentially-helpful message if the PyPDF2 module is not installed. [...]
Remove any duplicate comparator descriptions when formatting in the --help output or in the package long description. [...]
Weaken "Install the X package to get a better output." message to "... may produce a better output." as the former is not guaranteed. [...]
Misc:
Ensure we only parse the recommended packages from --list-debian-substvars when we want them for debian/tests/control generation. [...]
Inline the RequiredToolNotFound.get_package method's functionality as it is only used once. [...]
Drop the deprecated "py36 = [..]" argument in the pyproject.toml file. [...]
The Reproducible Builds project also operates a fully-featured and comprehensive Jenkins-based testing framework that powers tests.reproducible-builds.org. This month, I reworked the web-based package rescheduling tool to:
Require a HTTP POST method in the web-based scheduler as not only should HTTP GET requests be idempotent but this will allow many future improvements in the user interface. [...][...][...]
Improve the authentication error message in the rescheduler to suggest that the developer's SSL certificate may have expired. [...]
Investigated and triaged glibc (CVE-2020-1751), jackson-databind, libbsd (CVE-2019-20367), libvirt (CVE-2019-20485), netkit-telnet & netkit-telnet-ssl (CVE-2020-10188), pdfresurrect (CVE-2020-9549) & shiro (CVE-2020-1957), etc.
In the script that reserves a unique advisory number don't warn about potential duplicate work when issuing a regression in order to avoid this message being missed when it does apply. [...]
Frontdesk duties, responding to user/developer questions, reviewing others' packages, participating in mailing list discussions, etc.
xtrlock versions 2.8+deb9u1 (#949112) and 2.8+deb10u1 (#949113) was accepted to the Debian jessie and buster distributions.
Issued DLA 2115-2 to correct a regression in a previous fix (a use-after-free vulnerability) in the ProFTPD FTP server.
Issued DLA 2132-1 to fix an issue where incorrect default permissions on a HTTP cookie store could have allowed local attackers to read private credentials in libzypp, the library underpinning package management tools such as YaST, zypper and the openSUSE/SLE implementation of PackageKit.
Issued DLA 2134-1 to patch an out-of-bounds write vulnerability in pdfresurrect, a tool for extracting or scrubbing versioning data from PDF documents.
Issued DLA 2136-1, addressing an out-of-bounds buffer read vulnerability in libvpx, a library implementing the VP8 & VP9 video codecs.
Issued DLA 2142-1. It was discovered that there was a buffer overflow vulnerability in slirp, a SLIP/PPP emulator for using a dial up shell account. This was caused by the incorrect usage of return values from snprintf(3).
Issued DLA 2145-1 and DLA 2145-2 for twisted to prevent a large number of HTTP request splitting vulnerabilities in Twisted, a Python event-based framework for building various types of internet applications.
Issued ELA-219-1 to address an out-of-bounds read vulnerability during string comparisons in libbsd, a library of functions commonly available on BSD systems but not on others such as GNU.
You can find out more about the Debian LTS project via the following video:
Debian Uploads
xtrlock (2.13) Add a warning that X11 does not support grabbing events under the Wayland display server protocol. (#953319)
gunicorn (20.0.4-4) Ensure that the Python 3.x gunicorn binary package replaces the now-legacy gunicorn3 that was removed in 19.9.0-2 upon installation. I also backported this version to buster-backports. (#953883)
xcb (2.4-6) Remove a vague "pigeon holes" metaphor from package description.
For the Debian Privacy Maintainers team I requested that the pyptlib package be removed from the archive (#953429) as well as uploading onionbalance (0.1.8-6) to fix test failures under Pytest 3.x (#953535) and a new upstream release of nautilus-wipe.
Finally, I sponsored an upload of bilibop (0.6.1) on behalf of Yann Amar.
TL;DR: The zoom meeting link you have probably look like this:
https://zoom.us/j/123456789
To use the web client, use this instead:
https://zoom.us/wc/join/123456789
Avant-propos
Like too many institutions, the school where I teach chose to partner up with
Zoom. I wasn't expecting anything else, as my school's IT department is a
Windows shop. Well, I guess I'm still a little disappointed.
Although I had vaguely heard of Zoom before, I had never thought I'd be forced to
use it. Lucky for me, my employer decided not to force us to use it. To finish
the semester, I plan to record myself and talk with my students on a Jitsi Meet
instance.
I will still have to attend meetings on Zoom though. I'm well aware of Zoom's
badprivacy record and I will not install their
desktop application. Zoom does offer a web client. Sadly, on Linux you need to
jump through hoops to be able to use it.
Using Zoom's web client on Linux
Zoom's web client apparently works better on Chrome, so I
decided to use Chromium.
Without already having the desktop client installed on your machine, the
standard procedure to use the web client would be:
Open the link to the meeting in Chromium
Click on the "download & run Zoom" link showed on the page
Click on the "join from your browser" link that then shows up
Sadly, that's not what happens on Linux. When you click on the "download & run
Zoom" link, it brings you to a page with instructions on how to install the
desktop client on Linux.
You can thwart that stupid behavior by changing your browser's user agent to
make it look like you are using Windows. This is the UA string I've been using:
Mozilla/5.0 (Windows NT 10.0; Win64; x64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/80.0.3987.149 Safari/537.36
With that, when you click on the "download & run Zoom" link, it will try to
download a .exe file. Cancel the download and you should now see the infamous
"join from your browser" link.
Upon closer inspection, it seem you can get to the web client by changing the
meeting's URL. The zoom meeting link you have probably look like this:
https://zoom.us/j/123456789
To use the web client, use this instead:
https://zoom.us/wc/join/123456789
Jitsi Meet Puppet Module
I've been playing around with Jitsi Meet quite a bit recently and I've written
a Puppet module to install and configure an instance! The module
certainly isn't perfect, but should wield a working Jitsi instance.
If you already have a Puppet setup, please give it a go! I'm looking forward
receiving feedback (and patches) to improve it.
Hey folks,
This is a quick blog post to tell you Bandcamp is waiving all their
fees on March 20th 2020 (PST). Spread the word, as every penny spent
on the platform that day will go back to the artists.
COVID-19 is throwing us all a mean curveball and artists have it especially
rough, particularly those who were in the middle of tours and had to cancel
them.
If you like Metal, Angry Metal Guy posted a very nice list of artists
you might know and want to help out.
If you are lucky enough to have a little coin around, now is the time to show
support for the artists you like. Buy an album you liked and copied from a
friend or get some merch to wear to your next virtual beer night with your
(remote) friends!
Stay safe and don't forget to wash your hands regularly.
Erf, I'm tired and it is late so this report will be short and won't include
dank memes or funny cat pictures. Come back tomorrow for that.
tumbleweed
Stefano worked all day long on the metadata project and on YouTube uploads. I
think the DebConf7 videos have just finished being uploaded, check them out!
RattusRattus
Apart from the wonderful lasagna he baked for us, Andy continued working on the
scraping scheme, helping tumbleweed.
nattie
Nattie has been with us for a few days now, but today she did some great QA work
on our metadata scraping of the video archive.
ivodd
More tests, more bugs! Ivo worked quite a bit on the Opsis board today and it
seems everything is ready for the mini-conf. \0/
olasd
Nicolas built the streaming network today and wrote some Ansible roles to manage
TLS cert creation through Let's Encrypt. He also talked with DSA some more about
our long term requirements.
wouter
I forgot to mention it yesterday because he could not come to Cambridge, but
Wouter has been sprinting remotely, working on the reviewing system. Everything
with regards to reviewing should be in place for the mini-conf.
He also generated the intro and outro slides for the videos for us.
KiBi and Julien
KiBi and Julien arrived late in the evening, but were nonetheless of great
assistance.
Neither are technically part of the videoteam, but their respective experience
with Debian-Installer and general DSA systems helped us a great deal.
pollo
I'm about 3/4 done documenting our ansible roles. Once I'm done, I'll try to
polish some obvious hacks I've seen while documenting.
Another day, another videoteam report! It feels like we did a lot of work today,
so let's jump right in:
tumbleweed
Stefano worked most of the day on the DebConf video archive metadata project. A
bunch of videos already have been uploaded to YouTube.
Here's some gold you might want
to watch.
By the end of our sprint, we should have generated metadata for most of our
archive and uploaded a bunch of videos to YouTube. Don't worry though, YouTube
is only a mirror and we'll keep our current archive as a video master.
RattusRattus
Andy joined us today! He hacked away with Stefano for most of the day, working
on the metadata format for our videos and making schemes for our scraping tools.
ivodd
Ivo built and tested a good part of our video setup today, fixing bugs left and
right in Ansible. We are prepared for the Cambridge Mini-DebConf!
olasd
Nicolas finished his scripts to automatically spool up and down our streaming
mirrors via the DigitalOcean API today and ran our Ansible config against those
machines to test our setup.
pollo
For my part, I completed a huge chunk of my sprint goals: we now have a website
documenting our setup! It is currently hosted on Alioth pages, but
olasd plans to make a request to DSA to have it hosted on the static.debian.org
machine. The final URL will most likely be something like:
https://video.debconf.org
The documentation is still missing the streaming section (our streaming setup is
not final yet, so not point in documenting that) and a section hosting guides
for the volunteers. With some luck I might write those later this week.
I've now moved on documentation our various Ansible roles.
Oh, and we also ate some cheese fondue:
Another videoteam report! We've now been hacking for a full day and we are
slowly starting to be productive. It's always hard to get back in a project when
you haven't touched it in a while...
Anyway, let's start this report with some important announcement: we finally
have been able to snap a good picture of the airbnb's cat!
No more nagging me about the placeholder image from Wikipedia I used in
yesterday's report!
Set up
Here's what the team did today:
tumbleweed
Stefano started the day by hacking away on our video archive. We eventually want
to upload all our videos to YouTube to give them exposure, but sadly our archive
metadata is in a pretty poor shape.
With the script tumbleweed wrote, we can scrape the archive for matches against
the old DebConf's pentabarf XML we have.
tumbleweed also helped Ivo with the ansible PXE setup he's working on. Some
recent contributions from a collaborator implemented new features (like a nice
menu to choose from) but also came with a few annoying bugs.
ivodd
Ivo continued working on the PXE setup today. He also tried to break our ansible
setup by using fresh installs with different user cases (locales, interfaces,
etc.), with some success.
The reason he and Stefano are working so hard on the PXE boot is that we had a
discussion about the future of our USB install method. The general consensus on
this was although we would not remove it, we would not actively maintain it
anymore.
PXE is less trouble for multiple machines. For single machines or if you don't
control the DHCP server, using ansible manually on a fresh Debian install will
be the recommended way.
olasd
After a very long drive, olasd arrived late in the evening with all our gear.
Hurray! We were thus able to set up some test boxes and start wiring the airbnb
properly. Tomorrow will certainly be more productive with all this stuff at our
disposition.
pollo
Today I mainly worked on setting up our documentation website. After some
debate, we decided that sphinx was the right tool for the job.
I am a few pages in and if I work well I think we'll have something to show for
at the end of the sprint!
I also was thrown back into ansible after witnessing a bug in the locale
management. I'm still rusty, but it's slowly coming back to me.
Let's end this blog post with a picture of the neon pineapple that sits on the
wall of the solarium.
First day of the videoteam autumn sprint! Well, I say first day, but
in reality it's more day 0. Even though most of us have arrived in Cambridge
already, we are still missing a few people.
Last year we decided to sprint in Paris because most of our video gear
is stocked there. This year, we instead chose to sprint a few days before the
Cambridge Mini-Debconf to help record the conference afterwards.
Since some of us arrived very late and the ones who did arrive early are still
mostly jet lagged (that includes me), I'll use this post to introduce the space
we'll be working from this week and our general plan for the sprint.
House Party
After some deliberations, we decided to rent a house for a week in Cambridge:
finding a work space to accommodate us and all our gear proved difficult and we
decided mixing accommodation and work would be a good idea.
I've only been here for a few hours, but I have to say I'm pretty impressed by
the airbnb we got. Last time I checked (it seems every time I do, some new room
magically appears), I counted 5 bedrooms, 6 beds, 5 toilets and 3 shower rooms.
Heck, there's even a solarium and a training room with weights and a punching
bag on the first floor.
Having a whole house to ourselves also means we have access to a functional
kitchen. I'd really like to cook at least a few meals during the week.
There's also a cat!
It's not the house's cat per say, but it's been hanging out around the house
for most of the day and makes cute faces trying to convince us to let it come
inside. Nice try cat. Nice try.
Here are some glamour professional photos of what the place looks like on a
perfect summer day, just for the kick of it:
Of course, reality has trouble matching all the post-processing filters.
Plan for the week
Now on a more serious note; apart from enjoying the beautiful city of Cambridge,
here's what the team plans to do this week:
tumbleweed
Stefano wants to continue refactoring our ansible setup. A lot of things have
been added in the last year, but some of it are hacks we should remove and
implement correctly.
highvoltage
Jonathan won't be able to come to Cambridge, but plans to work remotely, mainly
on our desktop/xfce session implementation. Another pile of hacks waiting to be
cleaned!
ivodd
Ivo has been working a lot of the pre-ansible part of our installation and plans
to continue working on that. At the moment, creating an installation USB key is
pretty complicated and he wants to make that simpler.
olasd
Nicolas completely reimplemented our streaming setup for DC17 and wants to
continue working on that.
More specifically, he wants to write scripts to automatically setup and teardown
- via API calls - the distributed streaming network we now use.
Finding a way to push TLS certificates to those mirrors, adding a live stream
viewer on video.debconf.org and adding a viewer to our archive are also
things he wants to look at.
pollo
For my part, I plan to catch up with all the commits in our ansible repository I
missed since last year's sprint and work on documentation.
It would be very nice if we could have a static website describing our work so
that others (at mini-debconfs for examples) could replicate it easily.
If I have time, I'll also try to document all the ansible roles we have written.
Stay tuned for more daily reports!
The twelveth update in the 0.12.* series of Rcpp landed on CRAN this morning, following two days of testing at CRAN preceded by five full reverse-depends checks we did (and which are always logged in this GitHub repo). The Debian package has been built and uploaded; Windows and macOS binaries should follow at CRAN as usual. This 0.12.12 release follows the 0.12.0 release from late July, the 0.12.1 release in September, the 0.12.2 release in November, the 0.12.3 release in January, the 0.12.4 release in March, the 0.12.5 release in May, the 0.12.6 release in July, the 0.12.7 release in September, the 0.12.8 release in November, the 0.12.9 release in January, the 0.12.10.release in March, and the 0.12.11.release in May making it the sixteenth release at the steady and predictable bi-montly release frequency.
Rcpp has become the most popular way of enhancing GNU R with C or C++ code. As of today, 1097 packages (and hence 71 more since the last release in May) on CRAN depend on Rcpp for making analytical code go faster and further, along with another 91 in BioConductor.
This releases contain a fairly large number of fairly small and focused pull requests most of which either correct some corner cases or improve other aspects. JJ tirelessly improved the package registration added in the previous release and following R 3.4.0. Kirill tidied up a number of small issues allowing us to run compilation in even more verbose modes---usually a good thing. Jeroen, Elias Pipping and Yo Gong all contributed as well, and we thank everybody for their contributions.
All changes are listed below in some detail.
Changes in Rcpp version 0.12.12 (2017-07-13)
Changes in Rcpp API:
The tinyformat.h header now ends in a newline (#701).
Fixed rare protection error that occurred when fetching stack traces during the construction of an Rcpp exception (Kirill M ller in #706).
Compilation is now also possibly on Haiku-OS (Yo Gong in #708 addressing #707).
Dimension attributes are explicitly cast to int (Kirill M ller in #715).
Unused arguments are no longer declared (Kirill M ller in #716).
Visibility of exported functions is now supported via the R macro atttribute_visible (Jeroen Ooms in #720).
The no_init() constructor accepts R_xlen_t (Kirill M ller in #730).
Loop unrolling used R_xlen_t (Kirill M ller in #731).
Two unused-variables warnings are now avoided (Jeff Pollock in #732).
Changes in Rcpp Attributes:
Execute tools::package_native_routine_registration_skeleton within package rather than current working directory (JJ in #697).
The R portion no longer uses dir.exists to no require R 3.2.0 or newer (Elias Pipping in #698).
Fix native registration for exports with name attribute (JJ in #703 addressing #702).
Automatically register init functions for Rcpp Modules (JJ in #705 addressing #704).
Add Shield around parameters in Rcpp::interfaces (JJ in #713 addressing #712).
Replace dot (".") with underscore ("_") in package names when generating native routine registrations (JJ in #722 addressing #721).
Generate C++ native routines with underscore ("_") prefix to avoid exporting when standard exportPattern is used in NAMESPACE (JJ in #725 addressing #723).
It's been a while. And currently I shouldn't even post but rather pack my stuff because I'll get the keys to my flat in 6 days. Yay!
But, for packing I need a good sound track. And today it is Apollo 440. I saw them live at the Sundance Festival here in Vienna 20 years ago. It's been a while, but their music still gives me power to pull through.
So, without further ado, here are their songs:
Athena's experiment with a city (now civilization) modeled after Plato's
Republic continues, but in a form that she would not have
anticipated, and in a place rather far removed from its origins. But
despite new awareness of the place and role of gods, a rather dramatic
relocation, and unanticipated science-fiction complications, it continues
in much the same style as in The Just
City: thoughtful, questioning debate, a legal and social system that
works surprisingly well, and a surprising lack of drama. At least, that
is, until the displaced cities are contacted by the mainstream of
humanity, and Athena goes unexpectedly missing.
The latter event turns out to have much more to do with the story than the
former, and I regret that. Analyzing mainline human civilization and
negotiating the parameters of a very odd first contact would have, at
least in my opinion, lined up a bit better with the strengths of this
series. Instead, the focus is primarily on metaphysics, and the key
climactic moment in those metaphysics is rather mushy and incoherent
compared to the sharp-edged analysis Walton's civilization is normally
capable of. Not particularly unexpected, as metaphysics of this sort are
notoriously tricky to approach via dialectical logic, but it was a bit of
a letdown. Much of this book deals with Athena's disappearance and its
consequences (including the title), and it wasn't bad, but it wanders a
bit into philosophical musings on the nature of gods.
Necessity is a rather odd book, and I think anyone who started here
would be baffled, but it does make a surprising amount of sense in the
context of the series. Skipping ahead to here seems like a truly bad
idea, but reading the entire series (relatively closely together) does
show a coherent philosophical, moral, and social arc. The Just
City opens with Apollo confronted by the idea of individual significance:
what does it mean to treat other people as one's equals in an ethical
sense, even if they aren't on measures of raw power? The Thessaly series
holds to that theme throughout and follows its implications. Many of the
bizarre things that happen in this series seem like matter-of-fact
outcomes once you're engrossed in the premises and circumstances at the
time. Necessity adds a surprising amount of more typical science
fiction trappings, but they turn out to be ancillary to the story. What
matters is considered action, trying to be your best self, and the earnest
efforts of a society to put those principles first.
And that's the strength of the whole series, including Necessity: I
like these people, I like how they think, and I enjoy spending time with
them, almost no matter what they're doing. As with the previous books, we
get interwoven chapters from different viewpoints, this time from three
primary characters plus some important "guest" chapters. As with the
previous books, the viewpoint characters are different again, mostly a
generation younger, and I had to overcome my initial disappointment at not
hearing the same voices. But Walton is excellent at characterization. I
really like this earnest, thoughtful, oddly-structured society that
always teeters on the edge of being hopelessly naive and trusting but is
self-aware enough to never fall in. By the end of the book, I liked this
round of characters nearly as much as I liked the previous rounds
(although I've still never liked a character in these books as well as I
liked Simmea).
I think one incomplete but important way to sum up the entire Thessaly
series is that it's a trilogy of philosophical society-building on top of
the premise of a universal love for and earnest, probing, thoughtful
analysis of philosophy. Walton's initial cheat is to use an deus
ex machina to jumpstart such a society from a complex human world that
would be unlikely to provide enough time or space for it to build its own
separate culture and tradition. I think the science-fiction trick is
required to make this work real-world societies that try this end up
having to spend so much of their energy fighting intrusion from the
outside and diffusion into the surrounding culture that they don't have
the same room to avoid conformity and test and argue against their own
visions.
Necessity is not at all the conclusion of that experiment I would
expect, but it won me over, and I think it worked, even if a few bits of
it felt indulgent. Most importantly for that overall project, this series
is generational, and Necessity shows how it would feel to grow up
deep inside it, seeing evolution on top of a base structure that is
ubiquitous and ignored. Even the generation in The Philosopher Kings wasn't far enough removed to support that;
Necessity is, and in a way this book shows how distinctly different
and even alien human culture can become when it has space to evolve on top
of different premises. I enjoyed the moments of small surprise, where
characters didn't react the way that I'd expect for reasons now buried
generations-deep in their philosophical foundations.
This book will not win you over if you didn't already like the series, and
I suspect it will lose a few people who read the previous two books. The
plot structure is a little strange, the metaphysics are a touch strained,
and the ending is, well, not quite the payoff that I was hoping for,
although it's thematically appropriate and grew on me after a few days of
thinking it over. But I got more Socrates, finally, who is as delightful
as always and sorely needed to add some irreverence and contrariness to
the the mix. And I got to read more about practical, thoughtful people
who are trying hard to do their best, to be their best selves, and to
analyze and understand the world. There's something calming, delightful,
and beautifully optimistic about their approach, and I'm rather sad to not
have more of it to read.
Rating: 7 out of 10
Despite the cliffhanger at the end of The
Just City, The Philosopher Kings doesn't pick up immediately
afterwards. Argh. It's a great book (as I'm about to describe), but I
really wanted to also read that book that happened in between. Still, this
is the conclusion to the problem posed in The Just City, and I
wouldn't recommend reading this book on its own (or, really, either book
separate from the other).
Despite the unwanted gap, and another change at the very start of the book
that I won't state explicitly since it's a spoiler but that made me quite
unhappy (despite driving the rest of the plot), this is much closer to the
book that I wanted to read. Walton moves away from the SF philosophical
question that drove much of the second half of The Just City in
favor of going back to arguments about human organization, the nature of
justice, choices between different modes of life, and the nature of human
relationships. Those were the best parts of The Just City, and
they're elaborated here in some fascinating ways that wouldn't have been
possible in the hothouse environment of the previous book.
I also thought Apollo was more interesting here than in the previous book.
Still somewhat infuriating, particularly near the start, but I felt like I
got more of what Walton was trying for, and more of what Apollo was
attempting to use this existence to understand. And, once the plot hits
its stride towards the center of the book, I started really liking Apollo.
I guess it took a book and a half for him to mature enough to be
interesting.
A new viewpoint character, Arete, gets most of the chapters in this book,
rather than following the pattern of The Just City and changing
viewpoint characters every chapter. Her identity is a spoiler for
The Just City, so I'll leave that a mystery. She's a bit more
matter-of-fact and observational than Maia, but she does that thing that I
love in Walton's characters: take an unexpected, fantastic situation,
analyze and experiment with it, and draw some practical and matter-of-fact
conclusions about how to proceed.
I think that's the best way to describe this entire series: take a bunch
of honest, thoughtful, and mostly good people, put them into a fantastic
situation (at first Plato's Republic, a thought experiment made
real, and then some additional fantasy complexities), and watch them
tackle that situation like reasonable human beings. There is some drama,
of course, because humans will disagree and will occasionally do awful, or
just hurtful, things to each other. But the characters try to defuse the
drama, try to be thoughtful and fair and just in their approach, and
encourage change, improvement, and forgiveness in others. I don't like
everyone in these books, but the vast majority of them are good people
(and the few who aren't stand out), and there's something satisfying in
reading about them. And the philosophical debate is wonderful throughout
this book (which I'm not saying entirely because the characters have a
similar reaction to a newly-introduced philosophical system as I did as a
reader, although that certainly helps).
I'm not saying much about the plot since so much would spoil the previous
book. But Walton adds some well-done complexities and complications, and
while I was dubious about them at the start of the book, I definitely came
around. I enjoyed watching the characters reinvent some typical human
problems, but still come at them from a unique and thoughtful angle and
come up with some novel solutions. And the ending took me entirely by
surprise, in a very good way. It's better than the best ending I could
have imagined for the book, providing some much-needed closure and quite a
bit of explanation. (And, thankfully, does not end on another
cliffhanger; in fact, I'm quite curious to see what the third book is
going to tackle.)
Recommended, including the previous book, despite the bits that irritated
me.
Followed by Necessity.
Rating: 9 out of 10
The premise for The Just City is easy to state: The time-traveling
goddess Athene (Athena) decides to organize and aid an attempt to create
the society described in Plato's Republic. She chooses Thera
(modern Santorini) before the eruption, as a safe place where this
experiment wouldn't alter history. The elders of the city are seeded by
people throughout history who at some point prayed to Athene, wanting to
live in the Republic. The children of the age of ten that Plato
suggested starting with are purchased as slaves from various points in
history and transported by Athene to the island.
Apollo, shaken and confused by Daphne wanting to turn into a tree rather
than sleep with him, finds out about this experiment as Athene tries to
explain the concept of consent to him. He decides that becoming human for
a while might help him learn about volition and equal significance, and
that this is the perfect location. He's one of the three viewpoint
characters. The others are two women: one (Maia) from Victorian times who
prayed to Athene in a moment of longing for the tentative sexual equality
of the Republic and was recruited as one of the elders, and another
(Simmea) who is bought as a slave and becomes one of the children.
I should admit up-front that I've never read Plato's Republic, or
indeed much of Plato at all, just small bits for classes. The elders (and
of course the gods) all have, and are attempting to stick quite closely to
Plato's outline of the ideal city. The children haven't, though, so the
book is quite readable for people like me who only remember a few vague
aspects of Plato's vision from school. The reader learns the principles
alongside Simmea.
One of Walton's strengths is taking a science fiction concept, putting
real people into it, and letting the quotidian mingle with the fantastic.
Simmea is my favorite character here: her journey to the city is deeply
traumatic, but the opportunity she gets there is incredible and unforeseen,
and she comes to love the city while still understanding, and arguing
about, its possible flaws. Maia is nearly as successful; Walton does a
good job with committee debates and discussions, avoids coming down too
heavily on the drama, and shows a believable picture of people with very
different backgrounds and beliefs coming together to flesh out the
outlines of something they all agree with, or at least want to try.
I found Apollo less engaging as a character, partly because I never quite
understood his motives or his weird failure to understand the principles
of consent. Walton doesn't portray him as either hopelessly arrogant or
hopelessly narcissistic, which would have been easy outs, but in avoiding
those two obvious explanations for his failures of empathy, I felt like
she left him with an odd and unexplained hole in his personality. He's a
weirdly passive half-character for much of the book, although he does
develop a bit more towards the end (which was probably the point).
Half the fun of this book is working out what the Republic would be like
in practice, and what breakdowns and compromises would happen as soon as
you put real people in it. Athene obviously has to do a bit of cheating
to make a utopia invented as an intellectual exercise work out in
practice, plus a bit more for comfort (electricity and indoor plumbing,
for instance). The most substantial cheat is robots to replace slaves and
do quite a bit that slaves couldn't. Birth control (something Plato
obviously never would have thought of) is another notable cheat; it's
postulated to be an ancient method since lost, but even if that existed,
there's no way it would be this reliable. But otherwise, the society
mostly works, and Walton shows enough of the arguing and mechanics to make
that believable, while still avoiding infodumps and boring descriptions.
It's neatly done, although I'm still a bit dubious that the elders from
later eras would have put up with the primitive conditions with this
little complaint.
The novel needs a plot, of course, and that's the other half of the fun.
I can't talk about this in any detail without spoiling the book, since the
plot only kicks in about halfway through once the setup and character
introductions are complete. That makes it hard to explain why I found
this a bit less successful, although parts of it are brilliant.
What worked for me is the growth of Simmea and her friends as students and
philosophers, the arguments and discussions (and their growing enthusiasm
for argument and discussion), and the way Greek mythology is woven subtly
and undramatically into the story. It really does feel like sitting in on
ancient Greek philosophical arguments and experiments, and by that measure
Walton has succeeded admirably in her goal.
What didn't work for me was the driving conflict of the story, once it's
introduced. I can't describe it without spoilers, but it's an old trope
in science fiction and one with little scientific basis. It may seem
weird to argue that point in a book with time-traveling Greek gods, a
literal Lethe, and a Greek idea of souls, but those are mythological
background material. The SF trope is something about which I have
personal expertise and which simply doesn't work that way, and I had a
harder time getting past that than alternate metaphysical properties. It
threw me out of the book a bit. I see why Walton chose the conflict she
did, but I felt like she could have gotten to the same place in the plot,
admittedly with more difficulty, by using some of the more dubious aspects
of Plato's long-term plan plus some other obstacles that were already
built into the world. This more direct approach added a bit of SF-style
analysis of the unknown that seemed weirdly at odds with the rest of the
story (even if the delight of one of the characters is endearing).
That complaint aside, I really enjoyed reading this book. Apollo didn't
entirely work for me, but all of the other characters are excellent, and
Walton keeps the story moving at a comfortable clip. Given the amount of
description required, particularly for an audience that may not have read
the Republic, a lesser writer could have easily slipped into the
infodump trap. Walton never does.
Fair warning, though: The Just City does end on a cliffhanger, and
is in no way a standalone novel. You will probably want to have the
sequel on hand.
Followed by The Philosopher Kings.
Rating: 7 out of 10
Thats So Raven
If I could sum up the past year in one word, that word would be distraction. There have been so many strange, confusing or simply unforseen things going on I have had trouble focusing like never before.
For instance, on the opposite side of the street from me is one of Jersey City's old resorvoirs. It's not used for drinking water anymore and the city eventually plans on merging it into the park on the other side. In the meantime it has become something of a wildlife refuge. Which is nice except one of the newly settled critters was a bird of prey -- the consensus is possibly some kind of hawk or raven. Starting your morning commute under the eyes of a harbinger of death is very goth and I even learned to deal with the occasional piece of deconstructed rodent on my doorstep but nighttime was a big problem. For contrary to popular belief, ravens do not quoth "nevermore" but "KRRAAAA". Very loudly. Just as soon as you have drifted of to sleep. Eventually my sleep-deprived neighbors and I appealed to the NJ division of enviromental protection to get it removed but by the time they were ready to swing into action the bird had left for somewhere more congenial like Transylvania or Newark.
Or here are some more complete wastes of time: I go the doctor for my annual physical. The insurance company codes it as Adult Onset Diabetes by accident. One day I opened the lid of my laptop and there's a "ping" sound and a piece of the hinge flies off. Apparently that also severed the connection to the screen and naturally the warranty had just expired so I had to spend the next month tethered to an external monitor until I could afford to buy a new one. Mix in all the usual social, political, family and work drama and you can see that it has been a very trying time for me.
Dovecot
I have managed to get some Debian work done. On Dovecot, my principal package, I have gotten tremendous support from Apollon Oikonomopolous who I belatedly welcome as a member of the Dovecot maintainer team. He has been particularly helpful in fixing our systemd support and cleaning out a lot of the old and invalid bugs. We're in pretty good shape for the freeze. Upstream has released an RC of 2.2.26 and hopefully the final version will be out in the next couple of days so we can include it in Stretch. We can always use more help with the package so let me know if you're interested.
Debian-IN
Most of the action has been going on without me but I've been lending support and sponsoring whenever I can. We have several new DDs and DMs but still no one north of the Vindhyas I'm afraid.
Debian Perl Group
gregoa did a ping of inactive maintainers and I regretfully had to admit to myself that I wasn't going to be of use anytime soon so I resigned. Perl remains my favorite language and I've actually been more involved in the meetings of my local Perlmongers group so hopefully I will be back again one day. And I still maintain the Perl modules I wrote myself.
Debian-Axe-Murderers*
May have gained a recruit.
*Stricly speaking it should be called Debian-People-Who-Dont-Think-Faults-in-One-Moral-Domain-Such-As-For-Example-Axe-Murdering-Should-Leak-Into-Another-Moral-Domain-Such-As-For-Example-Debian but come on, that's just silly.
I'm happy to announce I handed out my Master's Thesis last Monday. I'm not
publishing the final copy just yet1, as it still needs to go through
the approval committee. If everything goes well, I should have my Master of
Economics diploma before Christmas!
It sure hasn't been easy, and although I regret nothing, I'm also happy to be
done with university.
Looking for a job
What an odd time to be looking for a job, right? Turns out for the first time
in 12 years, I don't have an employer. It's oddly freeing, but also a little
scary. I'm certainly not bitter about it though and it's nice to have some time
on my hands to work on various projects and read things other than academic
papers. Look out for my next blog posts on using the NeTV2 as an OSHW HDMI
capture card, on hacking at security tokens and much more!
I'm not looking for anything long term (I'm hoping to teach Economics again next
Winter), but for the next few months, my calendar is wide open.
For the last 6 years, I worked as Linux system administrator, mostly using a
LAMP stack in conjunction with Puppet, Shell and Python. Although I'm most
comfortable with Puppet, I also have decent experience with Ansible, thanks to
my work in the DebConf Videoteam.
I'm not the most seasoned Debian Developer, but I have some experience
packaging Python applications and libraries. Although I'm no expert at it,
lately I've also been working on Clojure packages, as I'm trying to get Puppet
6 in Debian in time for the Bullseye freeze. At the rate it's going though, I
doubt we're going to make it...
If your company depends on Puppet and cares about having a version in Debian 11
that is maintained (Puppet 5 is EOL in November 2020), I'm your guy!
Oh, and I guess I'm a soon-to-be Master of Economics specialising in Free and
Open Source Software business models and incentives theory. Not sure I'll ever
get paid putting that in application, but hey, who knows.
If any of that resonates with you, contact me and let's have a chat! I promise
I don't bite :)
After we gave our talk at DebConf 20, 
Capturing a live video of an IRC client on a remote headless server is somewhat
more complicated than you might think; as far as I know, neither 
Getting started with the Jitsi Puppet module
First of all, you'll need a valid domain name and a server with decent
bandwidth. Jitsi has published a 
Here is my monthly update covering what I have been doing in the free software world during March 2020 (
No more nagging me about the placeholder image from Wikipedia I used in
Here's what the team did today:
tumbleweed
Stefano started the day by hacking away on our video archive. We eventually want
to upload all our videos to YouTube to give them exposure, but sadly our archive
metadata is in a pretty poor shape.
With the script tumbleweed wrote, we can scrape the archive for matches against
the old DebConf's pentabarf XML we have.
tumbleweed also helped Ivo with the ansible PXE setup he's working on. Some
recent contributions from a collaborator implemented new features (like a nice
menu to choose from) but also came with a few annoying bugs.
ivodd
Ivo continued working on the PXE setup today. He also tried to break our ansible
setup by using fresh installs with different user cases (locales, interfaces,
etc.), with some success.
The reason he and Stefano are working so hard on the PXE boot is that we had a
discussion about the future of our USB install method. The general consensus on
this was although we would not remove it, we would not actively maintain it
anymore.
PXE is less trouble for multiple machines. For single machines or if you don't
control the DHCP server, using ansible manually on a fresh Debian install will
be the recommended way.
olasd
After a very long drive, olasd arrived late in the evening with all our gear.
Hurray! We were thus able to set up some test boxes and start wiring the airbnb
properly. Tomorrow will certainly be more productive with all this stuff at our
disposition.
pollo
Today I mainly worked on setting up our documentation website. After some
debate, we decided that 
Of course, reality has trouble matching all the post-processing filters.
Plan for the week
Now on a more serious note; apart from enjoying the beautiful city of Cambridge,
here's what the team plans to do this week:
tumbleweed
Stefano wants to continue refactoring our ansible setup. A lot of things have
been added in the last year, but some of it are hacks we should remove and
implement correctly.
highvoltage
Jonathan won't be able to come to Cambridge, but plans to work remotely, mainly
on our desktop/xfce session implementation. Another pile of hacks waiting to be
cleaned!
ivodd
Ivo has been working a lot of the pre-ansible part of our installation and plans
to continue working on that. At the moment, creating an installation USB key is
pretty complicated and he wants to make that simpler.
olasd
Nicolas completely reimplemented our streaming setup for DC17 and wants to
continue working on that.
More specifically, he wants to write scripts to automatically setup and teardown
- via API calls - the distributed streaming network we now use.
Finding a way to push TLS certificates to those mirrors, adding a live stream
viewer on 
The twelveth update in the 0.12.* series of 
It's been a while. And currently I shouldn't even post but rather pack my stuff because I'll get the keys to my flat in 6 days. Yay!
But, for packing I need a good sound track. And today it is 
Thats So Raven
If I could sum up the past year in one word, that word would be distraction. There have been so many strange, confusing or simply unforseen things going on I have had trouble focusing like never before.
For instance, on the opposite side of the street from me is one of Jersey City's old resorvoirs. It's not used for drinking water anymore and the city eventually plans on merging it into the park on the other side. In the meantime it has become something of a wildlife refuge. Which is nice except one of the newly settled critters was a bird of prey -- the consensus is possibly some kind of hawk or raven. Starting your morning commute under the eyes of a harbinger of death is very goth and I even learned to deal with the occasional piece of deconstructed rodent on my doorstep but nighttime was a big problem. For contrary to popular belief, ravens do not quoth "nevermore" but "KRRAAAA". Very loudly. Just as soon as you have drifted of to sleep. Eventually my sleep-deprived neighbors and I appealed to the NJ division of enviromental protection to get it removed but by the time they were ready to swing into action the bird had left for somewhere more congenial like Transylvania or Newark.
Or here are some more complete wastes of time: I go the doctor for my annual physical. The insurance company codes it as Adult Onset Diabetes by accident. One day I opened the lid of my laptop and there's a "ping" sound and a piece of the hinge flies off. Apparently that also severed the connection to the screen and naturally the warranty had just expired so I had to spend the next month tethered to an external monitor until I could afford to buy a new one. Mix in all the usual social, political, family and work drama and you can see that it has been a very trying time for me.
Dovecot
I have managed to get some Debian work done. On Dovecot, my principal package, I have gotten tremendous support from Apollon Oikonomopolous who I belatedly welcome as a member of the Dovecot maintainer team. He has been particularly helpful in fixing our systemd support and cleaning out a lot of the old and invalid bugs. We're in pretty good shape for the freeze. Upstream has released an RC of 2.2.26 and hopefully the final version will be out in the next couple of days so we can include it in Stretch. We can always use more help with the package so let me know if you're interested.
Debian-IN
Most of the action has been going on without me but I've been lending support and sponsoring whenever I can. We have several new DDs and DMs but still no one north of the Vindhyas I'm afraid.
Debian Perl Group
gregoa did a ping of inactive maintainers and I regretfully had to admit to myself that I wasn't going to be of use anytime soon so I resigned. Perl remains my favorite language and I've actually been more involved in the meetings of 
