Planet Russell


Worse Than FailureThe Three-Month Itch

Compass in coil

It was March 2016, and Ian was in need of a job. Fairly early into his search, he was lucky to find a tiny startup in need of someone with Python architecture and design skills. By "tiny," we mean that there were only three other developers working for Jack, the founder.

Ian interviewed with Jack directly. After a technical test, he learned more about the company's pet project: a nearly-finished prototype of an iOS app. Once a user synced their phone with a wrist-worn heart rate monitor, the phone would play appropriate music for whatever the user was doing. It was primarily intended to help users reach a target heart rate while exercising. The app also used the phone's accelerometers to track the user's pace as they moved around, data that Jack claimed would be valuable for research into Parkinson's disease. He even had scientific papers from top universities to back up the claim. The prototype application, in its current state, wouldn't scale. Thus, Jack needed Ian to design a new backend system to store data and handle requests.

Jack was friendly and personable, and his enthusiasm was contagious. Ian accepted on the spot, and started the next day. His office was cramped, but it was his. He got to work designing the requested backend.

Two weeks passed. Then, early on a groggy Monday morning, Jack breathlessly pulled his dev team into a meeting room. The bright light beaming from his Powerpoint presentation drilled into everyone's retinas.

"I've been doing a lot of thinking," Jack prefaced. "We're a brand new startup. Nobody knows about us, right? We gotta do something to build up name recognition. So, here: we're gonna scrap the music part of the app, and focus solely on data collection."

Ian stifled his instinctual What?! Not only were two weeks of work down the drain, but the data collection part of the app was an entirely optional feature at present.

Jack flipped to a slide that showed the metrics he was now interested in tracking for each user. There were so many that the tiniest of fonts had been used to fit them all in. Ian squinted to read them.

"If you build a big enough haystack, a needle will appear!" Jack said. "We'll make the app free so it's a totally opt-in experience. The data we collect is the real prize."

Investment capital was spent on posh downtown office space; for free app developers, only the very best would do. Jack also hired a second iOS developer, a data scientist, and an intern.

"But don't give the intern anything important to do," Jack told the full-timers.

Once Ian settled into his new digs, he began architecting a new system that would somehow capture all the required data.

Three months later, Jack threw it out. "No apps! We need a new direction!"

Jack's new vision was a website where people would sit down and input what songs they listened to when sleeping, exercising, and performing other activities.

"People love to talk about themselves," Jack said. "They don't need to be paid to give us their data!"

A frontend dev was hired to build the website. Soon after it went live, Jack bragged to investors that the website had hit 1 million unique visitors. In reality, the site had handled around 300 submissions, half of which had come from a single person.

Three months later, guess what happened? Jack scrapped the faltering website in favor of a Slack bot that would respond to "Play ${song} by ${artist}" by looking it up on Spotify and providing a link. The Spotify widget would play a 30-second preview, or—if the user were logged in with a Spotify Premium account—play the whole song.

"That's it? How's that going to make any money?" By this point, the developers were no longer holding back their objections.

"We'll charge a subscription fee," Jack answered, undaunted.

"For a chat bot?" Ian challenged. "You already need Spotify Premium for this thing to fully work. If we want people to pay more money on top of that, we have to provide more features!"

"That's something we can figure out later," Jack said.

Jack had the intern develop the company's new flagship product, going against the wishes of Jack from six months earlier. The intern gave it his best shot, but soon had to return to school; the unfinished code was unceremoniously tossed into the frontend developer's lap. With help from one of the iOS developers, he finished it off. And what was Ian up to? Setting up monitoring dashboards and logging at Jack's insistence that they'd attract enough users to justify it.

Three more months passed. A number of "features" were added, such as the bot nagging users in the Slack channel to use it. As this behavior violated the Slack TOS, they were prevented from putting their app in the app store; Jack had to hand out links to a manual install to interested parties. The product was first given to 50 "super-friendly" companies Jack knew personally, of which only a handful installed it and even fewer kept using it after the first day. Jack then extended his offering to 300 "friendly" companies, with similar results.

Ian's breaking point came when Jack insisted he pull overtime, even though there was no way he could help the other developers with their tasks. Nevertheless, Jack insisted Ian stay late with them to "show solidarity." Finally at his wit's end, Ian put in his two weeks. His final day coincided with the general release of the Slack bot, during which he watched a lot of very flat lines on dashboards. When he left the posh office for the last time, the startup still had yet to earn its first cent.

Fortunately, Jack had a plan. After Ian left, he scrapped everything to start on fresh on a new product. No, it wouldn't make any money, but they needed name recognition first.

[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Planet Linux AustraliaMichael Still: Abaddon’s Gate


This is the third book in the Leviathan Wakes series by James SA Corey. Just as good as the first two, this is a story about how much a daughter loves her father, perhaps beyond reason, moral choices, and politics — just as much as it is the continuation of the story arc around the alien visitor.

Another excellent book, with a bit more emphasis on space battles than previously and an overall enjoyable plot line. Worth a read, to be honest I think the series is getting better.

Abaddon's Gate Book Cover Abaddon's Gate
James S. A. Corey
Hachette UK
June 4, 2013

The third book in the New York Times bestselling Expanse series. NOW A MAJOR TV SERIES FROM NETFLIX For generations, the solar system - Mars, the Moon, the Asteroid Belt - was humanity's great frontier. Until now. The alien artefact working through its program under the clouds of Venus has emerged to build a massive structure outside the orbit of Uranus: a gate that leads into a starless dark. Jim Holden and the crew of the Rocinante are part of a vast flotilla of scientific and military ships going out to examine the artefact. But behind the scenes, a complex plot is unfolding, with the destruction of Holden at its core. As the emissaries of the human race try to find whether the gate is an opportunity or a threat, the greatest danger is the one they brought with them.


Planet Linux AustraliaBen Martin: 5th axis getting up to speed

After a little bit of calibration and tinkering in the fusion360 cps output filter files the cnc is starting to take advantage of the new 5th axis. Below is a "Flow" multiaxis toolpath finishing a sphere with a flat endmill.

There are still some issues that I have to address. It has been a surprisingly good experience so far. Starting out cutting 5 sides of a block and moving on to cutting the edges at an angle. This is the third test where I rough out the sphere using a 3d adaptive path and then use a flow multiaxis path to clean things up. Things look better in video and there is some of that to come.


Planet DebianNiels Thykier: Making debug symbols discoverable and fetchable

Michael wrote a few days ago about the experience of debugging programs on Debian.  And he is certainly not the only one, who found it more difficult to find debug symbols on Linux systems in general.

But fortunately, it is a fixable problem.  Basically, we just need a service to map a build-id to a downloadable file containing that build-id.  You can find the source code to my (prototype) of such a dbgsym service on

It exposes one API endpoint, “/api/v1/find-dbgsym”, which accepts a build-id and returns some data about that build-id (or HTTP 404 if we do not know the build-id).  An example:

$ curl --silent | python -m json.tool
    "package": {
        "architecture": "amd64",
        "build_ids": [
        "checksums": {
            "sha1": "a7a38b49689031dc506790548cd09789769cfad3",
            "sha256": "3706bbdecd0975e8c55b4ba14a481d4326746f1f18adcd1bd8abc7b5a075679b"
        "download_size": 18032,
        "download_urls": [
        "name": "6tunnel-dbgsym",
        "version": "1:0.12-1"

Notice how it includes a download URL and a SHA256 checksum, so with this you can download the package containing the build-id directly from this and verify the download. The included in the repo does that and might be a useful basis for others interested in developing a client for this service.


To seed the database, so it can actually answer these queries, there is a bulk importer that parses Packages files from the Debian archive (for people testing: the ones from debian-debug archive are usually more interesting as they have more build-ids).

Possible improvements

  • Have this service deployed somewhere on the internet rather than the loopback interface on my machine.
  • The concept is basically distribution agnostic (Michael’s post in fact links to a similar service) and this could be a standard service/tool for all Linux distributions (or even just organizations).  I am happy to work with people outside Debian to make the code useful for their distribution (including non-Debian based distros).
    • The prototype was primarily based around Debian because it was my point of reference (plus what I had data for).
  • The bulk importer could (hopefully) be faster on new entries.
  • The bulk importer could import the download urls as well, so we do not have to fetch the relevant data online the first time when people are waiting.
  • Most of the django code / setup could probably have been done better as this has been an excuse to learn django as well.

Patches and help welcome.


This prototype would not have been possible without python3, django, django’s restframework, python’s APT module, Postgresql, PoWA and, of course, (including its API).

Planet DebianBirger Schacht: Sway in experimental

A couple of days ago the 1.0-RC2 version of Sway, a Wayland compositor, landed in Debian experimental. Sway is a drop in replacement for the i3 tiling window manager for wayland. Drop in replacement means that, apart from minor adaptions, you can reuse your existing i3 configuration file for Sway. On the Website of sway you can find a short introduction video that shows the most basic concepts of using Sway, though if you have worked with i3 you will feel at home soon.

In the video the utility swaygrab is mentioned, but this tool is not part of Sway anymore. There is another screenshot tool now though, called grim which you can combine with the tool slurp if you want to select regions for screenshots. The video also mentions swaylock, which is a screen locking utility similar to i3lock. It was split out of the main Sway release a couple of weeks ago but there also exists a Debian package by now. And there is a package for swayidle, which is a idle management daemon, which comes handy for locking the screen or for turning of your display after a timeout. If you need clipboard manager, you can use wl-clipboard. There is also a notification daemon called mako (the Debian package is called mako-notifier and is in NEW) and if you don’t like the default swaybar, you can have a look at waybar (not yet in Debian, see this RFS). If you want to get in touch with other Sway users there is a #sway IRC channel on freenode. For some tricks setting up Sway you can browse the wiki.

If you want to try Sway, beware that is is a release candiate and there are still bugs. I’m using Sway since a couple of month and though i had crashes when it still was the 1.0-beta.1 i hadn’t any since beta.2. But i’m using a pretty conservative setup.

Sway was started by Drew DeVault who is also the upstream maintainer of wlroots, the Wayland compositor library Sway is using and who some might now from his sourcehut project (LWN Article). He also just published an article about Wayland misconceptions. The upstream of grim, slurp and mako is Simon Ser, who also contributes to sway. A lot of thanks for the Debian packaging is due to nicoo who did most of the heavy lifting and to Sean for having patience when reviewing my contributions. Also thanks to Guido for maintaining wlroots!

Planet DebianAndrew Cater: Debian 9.8 released : Desktop environments and power settings

CryptogramBlockchain and Trust

In his 2008 white paper that first proposed bitcoin, the anonymous Satoshi Nakamoto concluded with: "We have proposed a system for electronic transactions without relying on trust." He was referring to blockchain, the system behind bitcoin cryptocurrency. The circumvention of trust is a great promise, but it's just not true. Yes, bitcoin eliminates certain trusted intermediaries that are inherent in other payment systems like credit cards. But you still have to trust bitcoin -- and everything about it.

Much has been written about blockchains and how they displace, reshape, or eliminate trust. But when you analyze both blockchain and trust, you quickly realize that there is much more hype than value. Blockchain solutions are often much worse than what they replace.

First, a caveat. By blockchain, I mean something very specific: the data structures and protocols that make up a public blockchain. These have three essential elements. The first is a distributed (as in multiple copies) but centralized (as in there's only one) ledger, which is a way of recording what happened and in what order. This ledger is public, meaning that anyone can read it, and immutable, meaning that no one can change what happened in the past.

The second element is the consensus algorithm, which is a way to ensure all the copies of the ledger are the same. This is generally called mining; a critical part of the system is that anyone can participate. It is also distributed, meaning that you don't have to trust any particular node in the consensus network. It can also be extremely expensive, both in data storage and in the energy required to maintain it. Bitcoin has the most expensive consensus algorithm the world has ever seen, by far.

Finally, the third element is the currency. This is some sort of digital token that has value and is publicly traded. Currency is a necessary element of a blockchain to align the incentives of everyone involved. Transactions involving these tokens are stored on the ledger.

Private blockchains are completely uninteresting. (By this, I mean systems that use the blockchain data structure but don't have the above three elements.) In general, they have some external limitation on who can interact with the blockchain and its features. These are not anything new; they're distributed append-only data structures with a list of individuals authorized to add to it. Consensus protocols have been studied in distributed systems for more than 60 years. Append-only data structures have been similarly well covered. They're blockchains in name only, and -- as far as I can tell -- the only reason to operate one is to ride on the blockchain hype.

All three elements of a public blockchain fit together as a single network that offers new security properties. The question is: Is it actually good for anything? It's all a matter of trust.

Trust is essential to society. As a species, humans are wired to trust one another. Society can't function without trust, and the fact that we mostly don't even think about it is a measure of how well trust works.

The word "trust" is loaded with many meanings. There's personal and intimate trust. When we say we trust a friend, we mean that we trust their intentions and know that those intentions will inform their actions. There's also the less intimate, less personal trust -- we might not know someone personally, or know their motivations, but we can trust their future actions. Blockchain enables this sort of trust: We don't know any bitcoin miners, for example, but we trust that they will follow the mining protocol and make the whole system work.

Most blockchain enthusiasts have a unnaturally narrow definition of trust. They're fond of catchphrases like "in code we trust," "in math we trust," and "in crypto we trust." This is trust as verification. But verification isn't the same as trust.

In 2012, I wrote a book about trust and security, Liars and Outliers. In it, I listed four very general systems our species uses to incentivize trustworthy behavior. The first two are morals and reputation. The problem is that they scale only to a certain population size. Primitive systems were good enough for small communities, but larger communities required delegation, and more formalism.

The third is institutions. Institutions have rules and laws that induce people to behave according to the group norm, imposing sanctions on those who do not. In a sense, laws formalize reputation. Finally, the fourth is security systems. These are the wide varieties of security technologies we employ: door locks and tall fences, alarm systems and guards, forensics and audit systems, and so on.

These four elements work together to enable trust. Take banking, for example. Financial institutions, merchants, and individuals are all concerned with their reputations, which prevents theft and fraud. The laws and regulations surrounding every aspect of banking keep everyone in line, including backstops that limit risks in the case of fraud. And there are lots of security systems in place, from anti-counterfeiting technologies to internet-security technologies.

In his 2018 book, Blockchain and the New Architecture of Trust, Kevin Werbach outlines four different "trust architectures." The first is peer-to-peer trust. This basically corresponds to my morals and reputational systems: pairs of people who come to trust each other. His second is leviathan trust, which corresponds to institutional trust. You can see this working in our system of contracts, which allows parties that don't trust each other to enter into an agreement because they both trust that a government system will help resolve disputes. His third is intermediary trust. A good example is the credit card system, which allows untrusting buyers and sellers to engage in commerce. His fourth trust architecture is distributed trust. This is emergent trust in the particular security system that is blockchain.

What blockchain does is shift some of the trust in people and institutions to trust in technology. You need to trust the cryptography, the protocols, the software, the computers and the network. And you need to trust them absolutely, because they're often single points of failure.

When that trust turns out to be misplaced, there is no recourse. If your bitcoin exchange gets hacked, you lose all of your money. If your bitcoin wallet gets hacked, you lose all of your money. If you forget your login credentials, you lose all of your money. If there's a bug in the code of your smart contract, you lose all of your money. If someone successfully hacks the blockchain security, you lose all of your money. In many ways, trusting technology is harder than trusting people. Would you rather trust a human legal system or the details of some computer code you don't have the expertise to audit?

Blockchain enthusiasts point to more traditional forms of trust -- bank processing fees, for example -- as expensive. But blockchain trust is also costly; the cost is just hidden. For bitcoin, that's the cost of the additional bitcoin mined, the transaction fees, and the enormous environmental waste.

Blockchain doesn't eliminate the need to trust human institutions. There will always be a big gap that can't be addressed by technology alone. People still need to be in charge, and there is always a need for governance outside the system. This is obvious in the ongoing debate about changing the bitcoin block size, or in fixing the DAO attack against Ethereum. There's always a need to override the rules, and there's always a need for the ability to make permanent rules changes. As long as hard forks are a possibility -- that's when the people in charge of a blockchain step outside the system to change it -- people will need to be in charge.

Any blockchain system will have to coexist with other, more conventional systems. Modern banking, for example, is designed to be reversible. Bitcoin is not. That makes it hard to make the two compatible, and the result is often an insecurity. Steve Wozniak was scammed out of $70K in bitcoin because he forgot this.

Blockchain technology is often centralized. Bitcoin might theoretically be based on distributed trust, but in practice, that's just not true. Just about everyone using bitcoin has to trust one of the few available wallets and use one of the few available exchanges. People have to trust the software and the operating systems and the computers everything is running on. And we've seen attacks against wallets and exchanges. We've seen Trojans and phishing and password guessing. Criminals have even used flaws in the system that people use to repair their cell phones to steal bitcoin.

Moreover, in any distributed trust system, there are backdoor methods for centralization to creep back in. With bitcoin, there are only a few miners of consequence. There's one company that provides most of the mining hardware. There are only a few dominant exchanges. To the extent that most people interact with bitcoin, it is through these centralized systems. This also allows for attacks against blockchain-based systems.

These issues are not bugs in current blockchain applications, they're inherent in how blockchain works. Any evaluation of the security of the system has to take the whole socio-technical system into account. Too many blockchain enthusiasts focus on the technology and ignore the rest.

To the extent that people don't use bitcoin, it's because they don't trust bitcoin. That has nothing to do with the cryptography or the protocols. In fact, a system where you can lose your life savings if you forget your key or download a piece of malware is not particularly trustworthy. No amount of explaining how SHA-256 works to prevent double-spending will fix that.

Similarly, to the extent that people do use blockchains, it is because they trust them. People either own bitcoin or not based on reputation; that's true even for speculators who own bitcoin simply because they think it will make them rich quickly. People choose a wallet for their cryptocurrency, and an exchange for their transactions, based on reputation. We even evaluate and trust the cryptography that underpins blockchains based on the algorithms' reputation.

To see how this can fail, look at the various supply-chain security systems that are using blockchain. A blockchain isn't a necessary feature of any of them. The reasons they're successful is that everyone has a single software platform to enter their data in. Even though the blockchain systems are built on distributed trust, people don't necessarily accept that. For example, some companies don't trust the IBM/Maersk system because it's not their blockchain.

Irrational? Maybe, but that's how trust works. It can't be replaced by algorithms and protocols. It's much more social than that.

Still, the idea that blockchains can somehow eliminate the need for trust persists. Recently, I received an email from a company that implemented secure messaging using blockchain. It said, in part: "Using the blockchain, as we have done, has eliminated the need for Trust." This sentiment suggests the writer misunderstands both what blockchain does and how trust works.

Do you need a public blockchain? The answer is almost certainly no. A blockchain probably doesn't solve the security problems you think it solves. The security problems it solves are probably not the ones you have. (Manipulating audit data is probably not your major security risk.) A false trust in blockchain can itself be a security risk. The inefficiencies, especially in scaling, are probably not worth it. I have looked at many blockchain applications, and all of them could achieve the same security properties without using a blockchain­ -- of course, then they wouldn't have the cool name.

Honestly, cryptocurrencies are useless. They're only used by speculators looking for quick riches, people who don't like government-backed currencies, and criminals who want a black-market way to exchange money.

To answer the question of whether the blockchain is needed, ask yourself: Does the blockchain change the system of trust in any meaningful way, or just shift it around? Does it just try to replace trust with verification? Does it strengthen existing trust relationships, or try to go against them? How can trust be abused in the new system, and is this better or worse than the potential abuses in the old system? And lastly: What would your system look like if you didn't use blockchain at all?

If you ask yourself those questions, it's likely you'll choose solutions that don't use public blockchain. And that'll be a good thing -- especially when the hype dissipates.

This essay previously appeared on

EDITED TO ADD (2/11): Two commentaries on my essay.

I have wanted to write this essay for over a year. The impetus to finally do it came from an invite to speak at the Hyperledger Global Forum in December. This essay is a version of the talk I wrote for that event, made more accessible to a general audience.

It seems to be the season for blockchain takedowns. James Waldo has an excellent essay in Queue. And Nicholas Weaver gave a talk at the Enigma Conference, summarized here. It's a shortened version of this talk.

EDITED TO ADD (2/17): Reddit thread.

Planet Linux AustraliaDavid Rowe: Using D-STAR with Codec 2

Antony Chazapis, SV9OAN, has been extending the D-STAR protocol to use Codec 2. Below is a brief explanation of the project, please also see his Github page. Over to Antony:

Instead of designing a new protocol, I propose a D-STAR protocol extension that allows to use Codec 2 in frames instead of AMBE. There are many Codec 2 variants, so I started by using the highest bitrate one (3200 mode) without FEC which is fine for over-the-Internet communication. I then modified xlxd to add a new listener for the D-STAR protocol variant (named “DExtra Open”) and ambed to transcode from 1 codec to 2 (eg. AMBE in, Codec 2/AMBE+ out).

In theory you could do transmissions with the new protocol, but the problem is that there are no real clients that implement it – yet. Actually, the only clients available now are my Python-based dv-player and dv-recorder which connect to xlxd, play and record dvtool files respectively. I am thinking about software-based implementations at the moment: Android, iOS, Mac OS, Linux, etc.

Another direction would be to figure out a FEC implementation and do real over-the-air experiments with MMDVM based devices, assuming a microphone input and a speaker output.

73 de SV9OAN

About Antony

Antony Chazapis, SV9OAN, is licensed since 2009. He is a member of RAAG, RASC, ARRL, and the volunteer group HARES (Hellenic Amateur Radio Emergency Service). Since 2017, he has been serving as the Association Manager for the SOTA award program in Greece. Antony enjoys DXing and exploring what makes digital modes tick. He is the author of PocketPacket, an APRS client application for macOS and iOS. Recently, he has been working on enabling D-STAR communications with Codec 2. He holds a PhD in Computer Science and is currently employed by a Toronto-based tech startup implementing bleeding-edge storage solutions.


Planet DebianJonathan Dowland: embedding Haskell in AsciiDoc

I'm a fan of the concept of Literate Programming (I explored it a little in my Undergraduate Dissertation a long time ago) which can be briefly (if inadequately) summarised as follows: the normal convention for computer code is by default the text within a source file is considered to be code; comments (or, human-oriented documentation) are exceptional and must be demarked in some way (such as via a special symbol). Literate Programming (amongst other things) inverts this. By default, the text in a source file is treated as comments and ignored by the compiler, code must be specially delimited.

Haskell has built-in support for this scheme: by naming your source code files .lhs, you can make use of one of two conventions for demarking source code: either prefix each source code line with a chevron (called Bird-style, after Richard Bird), or wrap code sections in a pair of delimiters \begin{code} and \end{code} (TeX-style, because it facilitates embedding Haskell into a TeX-formatted document).

For various convoluted reasons I wanted to embed Haskell into an AsciiDoc-formatted document and I couldn't use Bird-style literate Haskell, which would be my preference. The AsciiDoc delimiter for a section of code is a line of dash symbols, which can be interleaved with the TeX-style delimiters:

next a = if a == maxBound then minBound else succ a

Unfortunately the Tex-style delimiters show up in the output once the AsciiDoc is processed. Luckily, we can swap the order of the AsciiDoc and Literate-Haskell delimiters, because the AsciiDoc ones are treated as a source-code comment by Haskell and ignored. This moves the visible TeX-style delimiters out of the code block, which is a minor improvement:

next a = if a == maxBound then minBound else succ a

We can disguise the delimiters outside of the code block further by defining an empty AsciiDoc macro called "code". Macros are marked up with surrounding braces, leaving just stray \begin and \end tokens in the text. Towards the top of the AsciiDoc file, in the pre-amble:

= Document title
Document author

This could probably be further improved by some AsciiDoc markup to change the style of the text outside of the code block immediately prior to the \begin token (perhaps make the font 0pt or the text colour the same as the background colour) but this is legible enough for me, for now.

The resulting file can be fed to an AsciiDoc processor (like asciidoctor, or intepreted by GitHub's built-in AsciiDoc formatter) and to a Haskell compiler. Unfortunately GitHub insists on a .adoc extension to interpret the file as AsciiDoc; GHC insists on a .lhs extension to interpret it as Literate Haskell (who said extensions were semantically meaningless these days…). So I commit the file as .adoc for GitHub's benefit and maintain a local symlink with a .lhs extension for my own.

Finally, I am not interested in including some of the Haskell code in my document that I need to include in the file in order for it to work as Haskell source. This can be achieved by changing from the code delimiter to AsciiDoc comment delimeters on the outside:

utilityFunction = "necessary but not interesting for the document"

You can see an example of a combined AsciiDoc-Haskell file here (which is otherwise a work in progress):

Planet DebianVasudev Kamath: Note to Self: Growing the Root File System on First Boot

These 2 are the use cases I came across for expanding root file system.

  1. RaspberryPi images which comes in smaller image size like 1GB which you write bigger size SD cards like 32GB but you want to use full 32GB of space when system comes up.
  2. You have a VM image which is contains basic server operating system and you want to provision the same as a VM with much larger size root file system.

My current use case was second but I learnt the trick from 1, that is the RaspberryPi3 image spec by Debian project.

Idea behind the expanding root file system is first expanding the root file system to full available size and then run resize2fs on the expanded partition to grow file system. resize2fs is a tool specific for ext2/3/4 file system. But this needs to be done before the file system is mounted.

Here is my modified script from raspi3-image-spec repo. Only difference is I've changed the logic of extracting root partition device to my need, and of course added comments based on my understanding.


# Just extracts root partition and removes partition number to get the device
# name eg. /dev/sda1 becomes /dev/sda
roottmp=$(lsblk -l -o NAME,MOUNTPOINT | grep '/$')
rootpart=/dev/${roottmp%% */}

# Use sfdisk to extend partition to all available free space on device.
flock $rootdev sfdisk -f $rootdev -N 2 <<EOF

sleep 5

# Wait for all pending udev events to be handled
udevadm settle

sleep 5

# detect the changes to partition (we extended it).
flock $rootdev partprobe $rootdev

# remount the root partition in read write mode
mount -o remount,rw $rootpart

# Finally grow the file system on root partition
resize2fs $rootpart

exit 0fs

raspi3-image-spec uses sytemd service file to execute this script just before any file system is mounted. This is done by a making service execute before local-fs.pre target. From the man page for systemd.special
systemd-fstab-generator(3) automatically adds dependencies of type Before= to all mount units that refer to local mount points for this target unit. In addition, it adds dependencies of type Wants= to this target unit for those mounts listed in /etc/fstab that have the auto mount option set.

Service also disables itself on executing to avoid re-runs on every boot. I've used the service file from raspi3-image-spec as is.

Testing with VM

raspi3-image-spec is well tested, but I wanted to make sure this works with my use case for VM. Since I didn't have any spare physical disks to experiment with I used kpartx with raw file images. Here is what I did

  1. Created a stretch image using vmdb2 with grub installed. Image size is 1.5G
  2. I created another raw disk using fallocate of 4G size.
  3. I created a partition on 4G disk.
  4. Loop mounted the disk and wrote 1G image on it using dd
  5. Finally created a VM using virt-install with this loop mounted device as root disk.

Below is my vmdb configuration yml again derived from raspi3-image-spec one with some modifications to suit my needs.

# See for known issues and more details.
- mkimg: "{{ output }}"
  size: 1.5G

- mklabel: msdos
  device: "{{ output }}"

- mkpart: primary
  device: "{{ output }}"
  start: 0%
  end: 100%
  tag: /

- kpartx: "{{ output }}"

- mkfs: ext4
  partition: /
  label: RASPIROOT

- mount: /

- unpack-rootfs: /

- debootstrap: stretch
  mirror: http://localhost:3142/
  target: /
  variant: minbase
  - main
  - contrib
  - non-free
  unless: rootfs_unpacked

# TODO( remove this workaround once
# debootstrap is fixed
- chroot: /
  shell: |
    echo 'deb buster main contrib non-free' > /etc/apt/sources.list
    apt-get update
  unless: rootfs_unpacked

- apt: install
  - ssh
  - parted
  - dosfstools
  - linux-image-amd64
  tag: /
  unless: rootfs_unpacked

- grub: bios
  tag: /

- cache-rootfs: /
  unless: rootfs_unpacked

- shell: |
     echo "experimental" > "${ROOT?}/etc/hostname"

     # '..VyaTFxP8kT6' is crypt.crypt('raspberry', '..')
     sed -i 's,root:[^:]*,root:..VyaTFxP8kT6,' "${ROOT?}/etc/shadow"

     sed -i 's,#PermitRootLogin prohibit-password,PermitRootLogin yes,g' "${ROOT?}/etc/ssh/sshd_config"

     install -m 644 -o root -g root fstab "${ROOT?}/etc/fstab"

     install -m 644 -o root -g root eth0 "${ROOT?}/etc/network/interfaces.d/eth0"

     install -m 755 -o root -g root rpi3-resizerootfs "${ROOT?}/usr/sbin/rpi3-resizerootfs"
     install -m 644 -o root -g root rpi3-resizerootfs.service "${ROOT?}/etc/systemd/system"
     mkdir -p "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/"
     ln -s /etc/systemd/system/rpi3-resizerootfs.service "${ROOT?}/etc/systemd/system/systemd-remount-fs.service.requires/rpi3-resizerootfs.service"

     install -m 644 -o root -g root rpi3-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system"
     mkdir -p "${ROOT?}/etc/systemd/system/"
     ln -s /etc/systemd/system/rpi3-generate-ssh-host-keys.service "${ROOT?}/etc/systemd/system/"
     rm -f ${ROOT?}/etc/ssh/ssh_host_*_key*

  root-fs: /

# Clean up archive cache (likely not useful) and lists (likely outdated) to
# reduce image size by several hundred megabytes.
- chroot: /
  shell: |
     apt-get clean
     rm -rf /var/lib/apt/lists

# TODO( remove once vmdb
# clears /etc/resolv.conf on its own.
- shell: |
     rm "${ROOT?}/etc/resolv.conf"
  root-fs: /

I could not run with vmdb2 installed from Debian archive, so I cloned raspi3-image-spec and used vmdb2 submodule from it. And here are rest of commands used for testing the script.

fallocate -l 4G rootdisk.img
# Create one partition with full disk
sfdisk -f rootdisk.img <<EOF
kpartx -av rootdisk.img # mounts on /dev/loop0 for me
dd if=vmdb.img of=/dev/loop0
sudo virt-install --name experimental --memory 1024 --disk path=/dev/loop0 --controller type=scsi,model=virtio-scsi --boot hd --network bridge=lxcbr0

Once VM booted I could see the root file system is 4G of size instead of 1.5G it was after using dd to write image on to it. So success!.

Planet DebianBen Hutchings: Debian LTS work, January 2019

I was assigned 20 hours of work by Freexian's Debian LTS initiative and carried over 5 hours from December. I worked 24 hours and so will carry over 1 hour.

I prepared another stable update for Linux 3.16 (3.16.63), but did not upload a new release yet.

I also raised the issue that the installer images for Debian 8 "jessie" would need to be updated to include a fix for CVE-2019-3462.

Planet DebianDavid Moreno: Dell XPS 13 9380

Got myself a XPS 13” 9380 that Dell just released as “Developer Edition” with Ubuntu 18.04 LTS pre-installed. They just released it on January 2019.

Ubuntu didn’t last long though. I prefer OS X Mojave than any of the Ubuntu installations. It’s okay though, it’s just not for me.

Big big big shoutout to Jérémy Garrouste for his documentation only a few days ago of the Debian installation for Buster on the laptop which helped me figure out I needed to upgrade the BIOS to fix a couple of issues and be able to run the d-i alpha 5 with the Atheros drivers. Time to dust a few things here and there :)

IMG_20190215_171421.jpg IMG_20190215_171647.jpg IMG_20190215_171736.jpg IMG_20190215_190933.jpg

Well that’s not a picture of the alpha d-i but from the first time I tried to install before upgrading the BIOS.

Planet DebianSteve Kemp: Updated myy compiler, and bought a watch.

The simple math-compiler I introduced in my previous post has had a bit of an overhaul, so that now it is fully RPN-based.

Originally the input was RPN-like, now it is RPN for real. It handles error-detection at run-time, and generates a cleaner assembly-language output:

In other news I bought a new watch, which was a fun way to spend some time.

I love mechanical watches, clocks, and devices such as steam-engines. While watches are full of tiny and intricate parts I like the pretence that you can see how they work, and understand them. Steam engines are seductive because their operation is similar; you can almost look at them and understand how they work.

I've got a small collection of watches at the moment, ranging from €100-€2000 in price, these are universally skeleton-watches, or open-heart watches.

My recent purchase is something different. I was looking at used Rolexs, and found some from 1970s. That made me suddenly wonder what had been made the same year as I was born. So I started searching for vintage watches, which had been manufactured in 1976. In the end I found a nice Soviet Union piece, made by Raketa. I can't prove that this specific model was actually manufactured that year, but I'll keep up the pretence. If it is +/- 10 years that's probably close enough.

My personal dream-watch is the Rolex Oyster (I like to avoid complications). The Oyster is beautiful, and I can afford it. But even with insurance I'd feel too paranoid leaving the house with that much money on my wrist. No doubt I'll find a used one, for half that price, sometime. I'm not in a hurry.

(In a horological-sense a "complication" is something above/beyond the regular display of time. So showing the day, the date, or phase of the moon would each be complications.)

Planet DebianMolly de Blanc: pancakes

My father and Fanny Farmer taught me how to make pancakes. Fanny Farmer provided a basic recipe, and Peter de Blanc filled in the details and the important things she missed — the texture of the batter, how you know when it’s time to flip them, the repeatedly emphasized importance of butter.


  • 1 1/2 cup flour
  • 2 1/2 teaspoons baking powder
  • 3 tablespoons sweetener (optional, see note below)
  • 3/4 teaspoon salt
  • 1 egg (slightly beaten)
  • 2 cups milk
  • 3 tablespoons butter (melted)

Why is the sweetener optional? I think if you sweeten the pancake recipe, it’s enough that you don’t want to cover it in maple syrup, jam, etc, etc. So, I usually go without sugar or honey or putting the maple right in, unless I’m making these to eat on the go. ALSO! If you don’t use sugar, you can make them savory.

A glass bowl containing flour, salt, and baking powder.

Make the batter

  1. Mix all the dry ingredients (flour, baking powder, salt, and sweetener if you’re using sugar).
  2. Add most of the wet ingredients (egg, milk, and sweetener if you’re using honey or maple syrup).
  3. Mix together.
  4. Melt the butter in your pan, so the pan gets full of butter. Yum.
  5. While stirring your batter, add in the melted butter slowly.

Cooking the pancakes

A pancake cooking, the top has small bubbles in it.Bubbles slowly forming

Okay, this is the hardest part for me because it requires lots of patience, which I don’t have enough of.

A  few tips:

  • Shamelessly use lots of butter to keep your pancakes from sticking. It will also help them taste delicious.
  • After  you put the pancakes in the pan, they need to cook at a medium temperature for a fairly long time. You want them to be full of little holes and mostly solid before you flip them over. (See photos.)
  • I recommend listening to music and taking dancing breaks.

How to cook pancakes:

A pancake that has not been flipped yet cooking.Almost ready to flip!
  1. Over a medium heat, use your nice, hot, buttery pan.
  2. Use a quarter cup of batter for each pancake. Based on the size of your pan, you should make three – four pancakes per batch.
  3. Let cook for a while. As mentioned above, they should be mostly cooked on the top as well. There ought to be a ring of crispy pancake around the outside (see pictures), but if there’s not it’s still okay!
  4. Flip the pancakes!
  5. Let cook a little bit longer, until the bottom has that pretty golden brown color to match the top.

And that’s it. Eat your pancakes however you’d like. The day I wrote this recipe I heated some maple syrup with vanilla, bourbon, and cinnamon. Yummmmm.

A delicious golden brown pancake, ready to be enjoyed.

P.S. I tagged this post “free software” so it would show up in Planet Debian because I was asked to include a baking post there. This isn’t quite baking, but it’s still pretty good.

Planet DebianGunnar Wolf: Debian on the Raspberryscape: Great news!

I already mentioned here having adopted and updated the Raspberry Pi 3 Debian Buster Unofficial Preview image generation project. As you might know, the hardware differences between the three families are quite deep — The original Raspberry Pi (models A and B), as well as the Zero and Zero W, are ARMv6 (which, in Debian-speak, belong to the armel architecture, a.k.a. EABI / Embedded ABI). Raspberry Pi 2 is an ARMv7 (so, we call it armhf or ARM hard-float, as it does support floating point instructions). Finally, the Raspberry Pi 3 is an ARMv8-A (in Debian it corresponds to the ARM64 architecture).

The machines are quite different, but being the CPUs provided by Broadcom, they all share a strange bootloader requirement, as the GPU must be initialized to kickstart the CPU (and only then can Linux be started), hence, they require non-free firmware

Anyway, the image project was targetted at model 3 Raspberries. However...

Thanks (again!) to Romain Perier, I got word that the "lesser" Raspberries can be made to boot from Debian proper, after they are initialized with this dirty, ugly firmware!

I rebuilt the project, targeting armhf instead of arm64. Dropped an extra devicetree blob on the image, to help Linux understand what is connected to the RPI2. Flashed it to my so-far-trusty SD. And... Behold! On the photo above, you can appreciate the Raspberry Pi 2 booting straight Debian, no Raspbian required!

As for the little guy, the Zero that sits atop them, I only have to upload a new version of raspberry3-firmware built also for armel. I will add to it the needed devicetree files. I have to check with the release-team members if it would be possible to rename the package to simply raspberry-firmware (as it's no longer v3-specific).

Why is this relevant? Well, the Raspberry Pi is by far the most popular ARM machine ever. It is a board people love playing with. It is the base for many, many, many projects. And now, finally, it can run with straight Debian! And, of course, if you don't trust me providing clean images, you can prepare them by yourself, trusting the same distribution you have come to trust and love over the years.


IMG_20190215_194614.jpg4.11 MB


Planet DebianChris Lamb: Book Review: Stories of Your Life and Others

Stories of Your Life and Others (2002)

Ted Chiang

This compilation has been enjoying a renaissance in recent years due the success of the film Arrival (2016) which based on on the fourth and titular entry in this amazing collection. Don't infer too much from that however as whilst this is prima facie just another set of sci-fi tales it is science fiction in the way that Children of Men is, rather than Babylon 5.

A well-balanced mixture of worlds are evoked throughout with a combination of tales that variously mix the Aristotelian concepts of spectacle (opsis), themes (dianoia), character (ethos) and dialogue (lexis), perhaps best expressed practically in that some stories were extremely striking at the time — one even leading me to rebuff an advance at a bar — and a number were not as remarkable at the time yet continue to occupy my idle thoughts.

The opening tale which reworks the Tower of Babel into a construction project probably remains my overall favourite, but the Dark Materials-esque world summoned in Seventy-Two Letters continues to haunt my mind and lips of anyone else who has happened to come across it, perhaps becoming the quite-literal story of my life for a brief period. Indeed it could be said that, gifted as a paperback, whilst the whole collection followed me around across a number of locales, it continues to follow me — figuratively speaking that is — to this day.

Highly recommended to all readers but for those who enjoy discussing books with others it would more than repay any investment.

CryptogramFriday Squid Blogging: Sharp-Eared Enope Squid

Beautiful photo of a three-inch-long squid.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Planet DebianGunnar Wolf: Spinning rust woes: Cowbuilder

I use a traditional, spinning rust hard drive as my main volume:

  1. $ /dev/sda2 on / type btrfs (rw,relatime,compress=zlib:3,space_cache,subvolid=5,subvol=/)

I just adopted Lars' vmdb2. Of course, I was eager to build and upload my first version and... Hit a FTBFS bug due to missing dependencies... Bummer!
So I went to my good ol' cowbuilder (package cowdancer)to fix whatever needed fixing. But it took long! Do note that my /var/cache/pbuilder/base.cow was already set up and updated.
  1. # time cowbuilder --build /home/gwolf/vcs/build-area/vmdb2_0.13.2+git20190215-1.dsc
  2. (...)
  3. real 15m55.403s
  4. user 0m53.734s
  5. sys 0m23.138s

But... What if I take the spinning rust out of the equation?
  1. # mkdir /var/cache/pbuilder
  2. # mount none -t tmpfs /var/cache/pbuilder
  3. # time rsync -a /var/cache/pbuilderbk/* /var/cache/pbuilder
  5. real 0m5.363s
  6. user 0m2.333s
  7. sys 0m0.709s
  8. # time cowbuilder --build /home/gwolf/vcs/build-area/vmdb2_0.13.2+git20190215-1.dsc
  9. (...)
  10. real 0m52.586s
  11. user 0m53.076s
  12. sys 0m8.277s

Close to ¹/₁₆th of the running time — Even including the copy of the base.cow!

OK, I cheated a bit before the rsync, as my cache was already warm... But still, convenient!

CryptogramReconstructing SIGSALY

Lessons learned in reconstructing the World War II-era SIGSALY voice encryption system.

Planet DebianMichael Stapelberg: Debugging experience in Debian

Recently, a user reported that they don’t see window titles in i3 when running i3 on a Raspberry Pi with Debian.

I copied the latest Raspberry Pi Debian image onto an SD card, booted it, and was able to reproduce the issue.

Conceptually, at this point, I should be able to install and start gdb, set a break point and step through the code.

Enabling debug symbols in Debian

Debian, by default, strips debug symbols when building packages to conserve disk space and network bandwidth. The motivation is very reasonable: most users will never need the debug symbols.

Unfortunately, obtaining debug symbols when you do need them is unreasonably hard.

We begin by configuring an additional apt repository which contains automatically generated debug packages:

raspi# cat >>/etc/apt/sources.list.d/debug.list <<'EOT'
deb buster-debug main contrib non-free
raspi# apt update

Notably, not all Debian packages have debug packages. As the DebugPackage Debian Wiki page explains, debhelper/9.20151219 started generating debug packages (ending in -dbgsym) automatically. Packages which have not been updated might come with their own debug packages (ending in -dbg) or might not preserve debug symbols at all!

Now that we can install debug packages, how do we know which ones we need?

Finding debug symbol packages in Debian

For debugging i3, we obviously need at least the i3-dbgsym package, but i3 uses a number of other libraries through whose code we may need to step.

The debian-goodies package ships a tool called find-dbgsym-packages which prints the required packages to debug an executable, core dump or running process:

raspi# apt install debian-goodies
raspi# apt install $(find-dbgsym-packages $(which i3))

Now we should have symbol names and line number information available in gdb. But for effectively stepping through the program, access to the source code is required.

Obtaining source code in Debian

Naively, one would assume that apt source should be sufficient for obtaining the source code of any Debian package. However, apt source defaults to the package candidate version, not the version you have installed on your system.

I have addressed this issue with the pk4 tool, which defaults to the installed version.

Before we can extract any sources, we need to configure yet another apt repository:

raspi# cat >>/etc/apt/sources.list.d/source.list <<'EOT'
deb-src buster main contrib non-free
raspi# apt update

Regardless of whether you use apt source or pk4, one remaining problem is the directory mismatch: the debug symbols contain a certain path, and that path is typically not where you extracted your sources to. While debugging, you will need to tell gdb about the location of the sources. This is tricky when you debug a call across different source packages:

(gdb) pwd
Working directory /usr/src/i3.
(gdb) list main
229     * the main loop. */
230     ev_unref(main_loop);
231   }
232 }
234 int main(int argc, char *argv[]) {
235  /* Keep a symbol pointing to the I3_VERSION string constant so that
236   * we have it in gdb backtraces. */
237  static const char *_i3_version __attribute__((used)) = I3_VERSION;
238  char *override_configpath = NULL;
(gdb) list xcb_connect
484	../../src/xcb_util.c: No such file or directory.

See Specifying Source Directories in the gdb manual for the dir command which allows you to add multiple directories to the source path. This is pretty tedious, though, and does not work for all programs.

Positive example: Fedora

While Fedora conceptually shares all the same steps, the experience on Fedora is so much better: when you run gdb /usr/bin/i3, it will tell you what the next step is:

# gdb /usr/bin/i3
Reading symbols from /usr/bin/i3...(no debugging symbols found)...done.
Missing separate debuginfos, use: dnf debuginfo-install i3-4.16-1.fc28.x86_64

Watch what happens when we run the suggested command:

# dnf debuginfo-install i3-4.16-1.fc28.x86_64
enabling updates-debuginfo repository
enabling fedora-debuginfo repository
  i3-debuginfo.x86_64 4.16-1.fc28
  i3-debugsource.x86_64 4.16-1.fc28

A single command understood our intent, enabled the required repositories and installed the required packages, both for debug symbols and source code (stored in e.g. /usr/src/debug/i3-4.16-1.fc28.x86_64). Unfortunately, gdb doesn’t seem to locate the sources, which seems like a bug to me.

One downside of Fedora’s approach is that gdb will only print all required dependencies once you actually run the program, so you may need to run multiple dnf commands.

In an ideal world

Ideally, none of the manual steps described above would be necessary. It seems absurd to me that so much knowledge is required to efficiently debug programs in Debian. Case in point: I only learnt about find-dbgsym-packages a few days ago when talking to one of its contributors.

Installing gdb should be all that a user needs to do. Debug symbols and sources can be transparently provided through a lazy-loading FUSE file system. If our build/packaging infrastructure assured predictable paths and automated debug symbol extraction, we could have transparent, quick and reliable debugging of all programs within Debian.

NixOS’s dwarffs is an implementation of this idea:


While I agree with the removal of debug symbols as a general optimization, I think every Linux distribution should strive to provide an entirely transparent debugging experience: you should not even have to know that debug symbols are not present by default. Debian really falls short in this regard.

Getting Debian to a fully transparent debugging experience requires a lot of technical work and a lot of social convincing. In my experience, programmatically working with the Debian archive and packages is tricky, and ensuring that all packages in a Debian release have debug packages (let alone predictable paths) seems entirely unachievable due to the fragmentation of packaging infrastructure and holdouts blocking any progress.

My go-to example is rsync’s debian/rules, which intentionally (!) still has not adopted debhelper. It is not a surprise that there are no debug symbols for rsync in Debian.

Planet Linux AustraliaLev Lafayette: Thematic Review 3 : Practical Implementations of Information Systems

Following examples of a successful IS implementation, the Bankers Trust of Australia, and an on-going failure with the example of the UK's Universal Credit project, it is opportune to consider a subset of IS that is common to both projects and determine whether there is a general rule that can be applied. In particular, attention is drawn to the fact that the IT contract for the IS projects in the two cases was either largely developed in-house for the successful project and fully outsourced in the failed project. Common-sense should dictate that this cannot be universalised; surely not every introduction of an IS system must have the IT component developed in-house? One wonders whether there are any thorough studies with practical implementations to explore when it in-house or outsourced development is appropriate?

Traylor (2006) looks at this very issue, arguing "Decades of trial, error, and egghead analysis have yielded a consensus conclusion: Buy when you need to automate commodity business processes; build when you're dealing with the core processes that differentiate your company", however immediately pointing out that such a theoretical model (doubtless built on numerous empirical examples), may encounter problems with reality, such as in-house software for standard processes may come with very high transition costs, whereas external commercial packages may actually be a very good fit for strategic plans. Traylor continues: "'Buy to standardize, build to compete' may be terrific as an ideology, but the choices that real companies face are a lot messier ... and more interesting."

Following the arguments of several senior executives from companies with significant IT investments, some variation is noted. The former CIO of Pricewaterhouse Coopers argues that "[E]verybody knows" that standardised and off-the-shelf purchases are more cost-effective for implementation and maintenance, whereas the IT chief architect at MCI argues for in-house development where one can get incremental revenue or a competitive advantage, whilst at the same time encouraging code re-use. Whilst decisions metrics (cost, skill-sets, strategic value etc) remain the same in either approach, and most firms have a combination of both, Traylor also points out - almost fifteen years ago now - that open source software offers the best of both, providing standards-compliance and bespoke elements. Emphasis is also made towards the software lifecycle with the stated claim that 70 percent of software costs occur after implementation.

Even large and security-conscious companies, such as Visa, who have an enormous amount of in-house development will purchase commercial solutions when there is no competitive advantage to be achieved and costs would be greater to follow the in-house method. Nevertheless, when it comes to commercial software a clear warning is expressed about developing components outside that commercial package which are nevertheless dependent on it. The result of such an approach will be to generate in-house software with critical dependencies which is outside of the control of the organisation, which is both wasteful and dangerous. In many cases, commercial applications offer their own extensions which can fit existing varied business processes.

This is not to say that in-house development should not occur alongside or even with commercial offerings. It should just not be for the same business process (e.g., an accounting package with an in-house accounting extension). An example is given of the District of Columbia city government which has migrated from a myriad of in-house applications to commercial applications, yet still has specific business processes (such as Business Intelligence) which are developed in-house, because commercial applications did not meet the needs of the organisation. Sometimes opportunities even exist for commercialisation with existing vendors to develop new applications, such as the work between the University of Pittsburgh Medical Center and Stentor for a picture-archiving communications system.

Traylor argues the IT Planning Software is taking into account these decisions, and helping managers determine whether to build or buy, and gives an example of the questions confronting MCI on a system to track third-party services inventory. It comes across as being a lot less detailed or sophisticated as one would hope for in a for a purchase of such importance. One is interested about the series of posed questions is that they are almost entirely in reference to an IT business approach, rather than an IS approach - there is little evidence that the question of existing business processes, staff involvement etc are included in such software packages. Whilst does suggest that whilst they provide some contribution to the decision, it is also evidence that an IS decision must be of broader scope than an IT decision.


Traylor, Polly (2006). To build or to buy IT applications?, InfoWorld, 13 Feb, 2006

Worse Than FailureError'd: Nobody is Perfect

"Google notified me that it needs help from a human and then displayed me this image," Jeff K. wrote, "I think I may need some help too."


"I'm really glad that Pizza Hut's batch job finished up...does this mean I get one of those 16,867,183 coupons?" Lincoln K. wrote.


Stefan Z. writes, "Testing is important for any business' site. Even if, sometimes, it's in production."


"I give you The Sam's Club business model:

  1. Drop password length limit from 25 to 12
  2. Apply new validation to existing passwords
  3. ???
  4. Profit!" George writes.


"My feedback for World of Tanks is as follows - 'I had a VERY negative experience'," writes Piotr.


James P. writes, "So...which one do I install first?"


[Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!


Cory DoctorowInterview with Taming the Net: “How to preserve the freedom of the internet without letting the internet destroy democracy.”

I recently recorded an interview with Yascha Mounk for Slate’s “Taming the Net podcast (MP3), whose mission is: “How to preserve the freedom of the internet without letting the internet destroy democracy.” Mounk and I talked about how the internet enables abuses, but also enables us to push back against those abuses.

Sociological ImagesFlipping the Script on Romance

Happy Valentine’s Day! A sociological look at love is always a little awkward, because it means coming to terms with just how much our most personal, intimate, and individual relationships are conditioned by the cultures we live in. Dating preferences reflect broader patterns in social inequality, external strains like job insecurity can shape the way we think about romantic commitment, and even the way people orgasm can be culturally conditioned.

Classic sociological research finds that love follows cultural scripts and repertoires. While every relationship is unique, we learn fundamental patterns about how to love from the world around us. Breaking those scripts can be uncomfortable, but also hilarious and genuine. This year the internet has gifted us two amazing examples where romantic scripts and comedy collide.

One comes from research scientist Janelle Shane. Shane recently trained a machine learning algorithm using a collection of phrases from those candy hearts that always pop up this time of year. After detecting patterns in the real messages, the program generated its own. You can see a full set of hearts on her blog. These hearts get so very close to our familiar valentine scripts, but they miss hilariously because the program can only ever approximate the romantic gesture.

The other comes from comedy writer Ryan Creamer, who has uploaded an entire series of simple, earnest, and distinctly not pornographic videos to PornHub. Hit titles include, “I Hug You and Say I Had a Really Good Time Tonight and Then I Go Home,” and “I Ride in a Taxi and Don’t Have Sex With the Driver.” Check out Joana Ramiro’s analysis of Creamer’s work, capitalism, and intimacy at Jacobin. 

This Valentine’s Day, take a moment and see if you’re just following the typical social script. Breaking up the romantic routine can lead to a genuine laugh or two, and you might even learn something new about your relationship.

Evan Stewart is a Ph.D. candidate in sociology at the University of Minnesota. You can follow him on Twitter.

(View original at

TEDCalling all GlobalXplorers: Get ready to go to India

Sarah Parcak shared the vision for GlobalXplorer at TED2016. Today, the platform announced its second expedition: India. Photo credit: TED/Bret Hartman

Today, GlobalXplorer, the citizen science platform created by satellite archaeologist Sarah Parcak with the 2016 TED Prize — which allows users live out their Indiana Jones fantasies and search for archaeological sites from home — announced the location of its second expedition. The location will be: India!

GlobalXplorer’s first expedition took users to Peru, where they searched 150,000 kilometers of land and identified thousands of features of archaeological interest, including more than 50 new Nazca Lines and 324 sites determined by the Peruvian Ministry of Culture to be of high interest. The exploration of India will be even more sweeping in scope.

India is a large country with 29 states, spread out over 3.287 million square kilometers. Working with the Archaeological Survey of India (a branch of India’s Ministry of Culture) and alongside Tata Trusts and the National Geographic Society, GlobalXplorer’s new expedition will cover the entire country, state by state. This vast work will be accomplished with the help of machine learning. Over the past year, GlobalXplorer has been working with technology partners to train AI to weed out tiles that either contain no archaeological features or that are not able to be properly searched because of dense cloud cover or an impenetrable landscape. Platform users will take on the next step: looking at tiles with potential signs of archaeological features. Searching this most promising fraction of tiles will be no small task. Parcak estimates that, with the help of the crowd, this mapping will be done in less than three years.

“Folks we are about to announce country #2 for @Global_Xplorer I am SO excited. What’s your guess?” she tweeted at 6:30am this morning. Then later she revealed: “So thrilled to be able to share: Globalxplorer will be heading to India next!”

More information on when the expedition begins will be coming soon. In the meantime, read lots more — including how GlobalXplorer is using a blockchain-enabled app to keep antiquities safe — on Medium. And watch the video below to get excited about what you might find.

Planet DebianChris Lamb: Book review: Toujours Provence

Toujours Provence (2001)

Peter Mayle

In my favourite books of 2018 I mentioned that after enjoying the first book in the series I was looking forward to imbibing the second installment of humorous memoirs from British expat M. Mayle in the south of France.

However — and I should have seen this coming really — not only did it not live up to expectations I further can't quite put my finger on exactly why. All of the previous ingredients of the «mise en place» remain; the anecdotes on the locals' quirks & peccadilloes, the florid & often-beautiful phrasing and, of course, further lengthy expositions extolling the merits of a lengthy «dégustation»… but it somehow didn't engage or otherwise "hang together" quite right.

Some obvious candidates might be the lack of a structural through-line (the previous book used the conceit of the authors's renovation of a house in a small village through a particular calendar year) but that seems a little too superficial. Perhaps it was the over-reliance of "silly" stories such as the choir of toads or the truffle dog? Or a somewhat contrived set-piece about Pavarotti? I remain unsure.

That being said, the book is not at all bad or unworthy of your time, it's merely that whilst the next entry in the series remains on my reading list, I fear it has subconsciously slipped down a few places.

CryptogramUSB Cable with Embedded Wi-Fi Controller

It's only a prototype, but this USB cable has an embedded Wi-Fi controller. Whoever controls that Wi-Fi connection can remotely execute commands on the attached computer.

Worse Than FailureCodeSOD: Getting to YES

“We’re a dynamic, multi-paradigm organization, and we do most of our new development in a blend of Ruby and Go. We’re not the kind of company that is dogmatic about tools though, we just want to deliver the best product for our customers.”

That’s what Delphia was told in the interview. She didn’t quite grasp why they were mixing those two techs in the first place, but the interview went well, and she took the job. It was then that she discovered that everything she’d been told was technically true.

The company had just finished a sprint where they tried to pivot and reimplement their 15 year old codebase in Rails and Go. At the same time. It was difficult to tell from the code if this were a case where they did both together, or they were parallel projects, or frankly, if there was any coordination between either of them. That was their new development.

The company didn’t do much new development, though. The core of the company’s business was a 7,500 line PHP file which contained a single form. It depends on includes from dozens of other files, some of which depend on functions defined in the main PHP file, and thus can’t be used in any other context but that include. It’s less spaghetti code or even a big ball of mud, and more a career killing meteorite.

But it makes more money for the company in a day than Delphia can rightly count.

One function that Delphia kept seeing invoked a bunch was yesorno. It was used almost everywhere, but she had never seen the definition. So, curious, she went digging. And digging. And digging. Someplace around the fifteenth or thirtieth include file she read through, she found it.

function yesorno($in) {
  if($in == 'YES') return 'YES';
  else             return 'NO';

That indentation, by the way, is typical of about 30% of the codebase, maybe less. You wouldn’t expect any sort of consistency in this kind of code, would you?

[Advertisement] ProGet supports your applications, Docker containers, and third-party packages, allowing you to enforce quality standards across all components. Download and see how!

Planet Linux AustraliaLev Lafayette: Thematic Review 2 : Practical Implementations of Information Systems

When reviewing practical implementations of information systems (IS), incredible failures provide very valuable lessons even if they are ongoing. At an estimated £12.8bn, far in excess of the originally estimated £2.2bn (Ballard, 2013), the UK's Universal Credit project will be the single-most expensive failed or overbudget custom software projects, although when adjusted for inflation the UK's NHS Connecting for Health project (mostly abandoned in 2011), also cost around £12bn. Apparently if one wishes to study exceptional failures in IS, government in general, the UK in particular, and the subcategory of health and welfare is a good place to start. Whilst this may seem slightly snide, it is backed by empirical evidence. Only the US's FAA Advanced Automation System (c$4.5b USD, 1994) is really within a similar sort of scale of failure.

Universal Credit, like many such projects, on a prima facie level, seems to designed on reasonable principles. Announced in 2010, with the objective to simplify working-age welfare benefits and encourage taking up paid work, it would replace and combine six different means-tested benefits, and roll them into a single monthly payment and which, as paid work was taken up, would be gradually be reduced, rather than having an all-or-nothing approach, following the "negative income tax" proposals, as proposed by Juliet Rhys William and Milton Friedman (Forget, 2012). The project was meant to start in 2013 and completed by 2017. Under current plans (there have been at least seven timetable completion changes), this has been pushed out to 2023 (Butler, Walker, 2016).

It is important to note that the majority of problems that confront the Universal Credit project were not just limited by IT, although there are plenty of those. Attention to detail is evidently lacking, perhaps overlooked by decision-makers who have a minimal visceral understanding of those who require welfare. For example, part-time work can lead to a situation where people can work more and be paid less (Toynbee, 2013) and the self-employed could lose thousands of pounds per annum. The transition period from old welfare payments to Universal Credit meant that people on already marginal incomes experiencing delays in payments, with the National Audit reporting to eight months (Richardson, 2018). As a result, there are numerous instances of people falling behind in rent payments, food banks requests rocketing, (Savage, Jayanetti, 2017) and some even turning to prostitution (Quayle, Box, 2018). These are, in an economic model, a producer-consumer issue where the producer is a monopoly provider of a good (welfare) which has near-vertical demand due to need. From a business perspective in IS, it reflects not just administrative errors, but also a lack of project planning with sufficient input from users.

However, in addition to these errors, the project has fraught with IT issues. With 15 different suppliers providing components of the outsourced IT systems in the initial stages (DWP, 2012), the suppliers themselves voiced concerns at the capacity to build a nation-wide reporting system within the short time-frame initially provided (Boffey, 2011). The system requires real-time data from a new Pay as You Earn (PAYE) system being developed with HM Revenue & Customs. The resulting IT system has been described as "completely unworkable, badly designed" and already "out of date" (Jee, 2014) and a subsequent survey of staff found that 90% found the system "inadequate" (Jee, 2015). An audit of the system found that the IT systems "depend heavily on manual intervention and will only handle a small number of claims".

Information Systems needs to founded on quantitative and realistic expectations of the capacity of a technology to deliver a good or service, and with project plans that incorporate end-users, as they will be people who "feel the pain" of a poorly designed system. In the case of welfare, this is no mere consumable, but rather pain in a very visceral and, without having to engage in hyperbole, even mortal requirements. The evidence provided so far is that the Universal Credit system has engaged neither in a realistic assessment of the IT requirements and capabilities, was designed without sufficient input of the final recipients of the service, and as a result, has delivered a sub-par project. Overall, it constitutes the worst IS project in history.


Ballard, Mark (2013), Universal Credit will cost taxpayers £12.8bn, Computer Weekly, 03 June, 2013.

Boffey, Daniel (2011), Universal credit's 2013 delivery could be derailed by complex IT system, The Observer, 19 June 2011

Butler, Patrick., Walker, Peter (2016) Universal credit falls five years behind schedule, The Guardian, 20 July, 2016.

DWP Central Freedom of Information Team (2012), FoI request from Mr. Robinson, 18 October, 2012

Forget, Evelyn L. (2012), Advocating negative income taxes: Juliet Rhys-Williams and Milton Friedman, Proceedings of the History of Political Economy Conference Spring 2012.

Jee, Charlotte (2014), Leaked memo says Universal Credit IT 'completely unworkable', Computer World UK, October 27, 2014

Jee, Charlotte (2015), 90 percent of Universal Credit staff say IT systems 'inadequate', Computer World UK, March 9, 2015

Richardson, Hannah (2018), Universal Credit 'could cost more than current benefits system', BBC News Education, 15 June 2018

Savage, Michael., Jayanetti, Chaminda (2017), Revealed: universal credit sends rent arrears soaring, The Observer, 16 September, 2017

Toynbee, Polly (2013), Universal credit is simple: work more and get paid less, The Guardian, 12 July, 2013.

Quayle, Jess., Box, Dan (2018), 'I was forced into prostitution by Universal Credit', BBC News, 19 November, 2018.

Krebs on SecurityBomb Threat Hoaxer Exposed by Hacked Gaming Site

Federal authorities this week arrested a North Carolina man who allegedly ran with a group of online hooligans that attacked Web sites (including this one), took requests on Twitter to call in bomb threats to thousands of schools, and tried to frame various online gaming sites as the culprits. In an ironic twist, the accused — who had fairly well separated his real life identity from his online personas — appears to have been caught after a gaming Web site he frequented got hacked.

On Feb. 12, the U.S. Justice Department announced the arrest of Timothy Dalton Vaughn, a 20-year-old from Winston-Salem, N.C. Vaughn is alleged to have been a key member of the Apophis Squad, a gang of ne’er-do-wells who made bomb threats against thousands of schools and launched distributed denial-of-service (DDoS) attacks against Web sites — including KrebsOnSecurity on multiple occasions.

The feds say Vaughn used multiple aliases on Twitter and elsewhere to crow about his attacks, including “HDGZero,” “WantedByFeds,” and “Xavier Farbel.” Among the Apophis Squad’s targets was encrypted mail service Protonmail, which reached out to this author last year for clues about the identities of the Apophis Squad members after noticing we were both being targeted by them and receiving demands for money in exchange for calling off the attacks.

Protonmail later publicly thanked KrebsOnSecurity for helping to bring about the arrest of Apophis Squad leader George Duke-Cohan — a.k.a. “opt1cz,” “7R1D3n7,” and “Pl3xl3t,” — a 19-year-old from the United Kingdom who was convicted in December 2018 and sentenced to three years in prison. But the real-life identity of HDGZero remained a mystery to both of us, as there was little publicly available information at the time connecting that moniker to anyone.

The DDoS-for-hire service run by Apophis Squad listed their members.

That is, until early January 2019, when news broke that hackers had broken into the servers of computer game maker BlankMediaGames and made off with account details of some 7.6 million people who had signed up to play “Town of Salem,” the company’s browser-based role playing game. That stolen information has since been posted and resold in underground forums.

A review of the leaked BlankMediaGames user database shows that in late 2018, someone who selected the username “hdgzero” signed up to play Town of Salem, registering with the email address The data also shows this person registered at the site using a Sprint mobile device with an Internet address that traced back to the Carolinas.

The Justice Department indictment against Vaughn and Duke-Cohan released this week alleges the pair were equally responsible for sending spoofed bomb threat emails to 2,000 schools in the United States and more than 400 in the U.K., falsely warning that various explosive devices were planted at the schools and would be detonated unless a ransom demand was paid.

In this snippet from a January 2018 online chat taken from a channel maintained by HDGZero, the accused can be seen claiming credit for the bomb threats and posting links to stories in various local media outlets about schools evacuating students in response to the threats. The bomb threat emails were made to look like they were sent by different high-profile squads of online gamers competing against one another in the wildly popular game Minecraft.

One of the many private Twitter messages I received from the Apophis Squad following DDoS attacks on KrebsOnSecurity.

The government maintains that, through their various Twitter handles, Duke-Cohan and Vaughn even offered to take requests for shutting down specific schools with bomb threats.

“We are OPEN for request for school lockdowns / evacs,” read a tweet from the Twitter account @apophissquadv2, which the Justice Department says Duke-Cohan and Vaughn shared. “Send us your request to (FREE).”

The government alleges that Vaughn also participated with Duke-Cohan in reporting the hijack of a United Airlines flight bound for the United States. That flight, which had almost 300 passengers on board, was later quarantined for four hours in San Francisco pending a full security check.

The indictment charges Vaughn and Duke-Cohan with conspiracy and eight additional felony offenses, including making threats to injure in interstate commerce and making interstate threats involving explosives. Vaughn is additionally charged with intentionally damaging a computer and interstate threat to damage a protected computer with intent to extort.

A Justice Department press release on the indictment states that if convicted of all 11 charges, Vaughn would face a statutory maximum sentence of 80 years in federal prison. If convicted of the nine charges in the indictment in which he is named, Duke-Cohan would face a statutory maximum sentence of 65 years in federal prison.


Planet DebianSteinar H. Gunderson: Futatabi video out

After some delay, the video of my FOSDEM talk about Futatabi, my instant replay system, is out on YouTube. Actually, the official recording has been out for a while, but this is a special edit; nearly all of the computer content has been replaced with clean 720p59.94 versions.

The reason is simple; the talk is so much about discussing smooth versus choppy video, and when you decimate 59.94 fps to 25 fps, everything gets choppy. (When making the talk, I did know about this and took it into account to the degree I could, but it's always better just to get rid of the problem entirely.) As an extra bonus, when I only have one talk to care about and not 750+, I could give it some extra love in the form of hand-transcribed subtitles, audio sync fixes, and so on. Thanks to the FOSDEM team for providing me with the required source material so that I could make this edit.

Oh, and of course, since I now have a framerate interpolation system, the camera has been upsampled from 50 to 59.94 fps, too. :-)

Planet DebianDimitri John Ledkov: Encrypt all the things

xkcd #538: Security
Went into blogger settings and enabled TLS on my custom domain blogger blog. So it is now finally a However, I do use feedburner and syndicate that to the planet. I am not sure if that is end-to-end TLS connections, thus I will look into removing feedburner between my blog and the ubuntu/debian planets. My experience with changing feeds in the planets is that I end up spamming everyone. I wonder, if I should make a new tag and add that one, and add both feeds to the planet config to avoid spamming old posts.

Next up went into gandi LiveDNS platform and enabled DNSSEC on my domain. It propagated quite quickly, but I believe my domain is now correctly signed with DNSSEC stuff. Next up I guess, is to fix DNSSEC with captive portals. I guess what we really want to have on "wifi" like devices, is to first connect to wifi and not set it as default route. Perform captive portal check, potentially with a reduced DNS server capabilities (ie. no EDNS, no DNSSEC, etc) and only route traffic to the captive portal to authenticate. Once past the captive portal, test and upgrade connectivity to have DNSSEC on. In the cloud, and on the wired connections, I'd expect that DNSSEC should just work, and if it does we should be enforcing DNSSEC validation by default.

So I'll start enforcing DNSSEC on my laptop I think, and will start reporting issues to all of the UK banks if they dare not to have DNSSEC. If I managed to do it, on my own domain, so should they!

Now I need to publish CAA Records to indicate that my sites are supposed to be protected by Let's Encrypt certificates only, to prevent anybody else issuing certificates for my sites and clients trusting them.

I think I think I want to publish SSHFP records for the servers I care about, such that I could potentially use those to trust the fingerprints. Also at the FOSDEM getdns talk it was mentioned that openssh might not be verifying these by default and/or need additional settings pointing at the anchor. Will need to dig into that, to see if I need to modify something about this. It did sound odd.

Generated 4k RSA subkeys for my main key. Previously I was using 2k RSA keys, but since I got a new yubikey that supports 4k keys I am upgrading to that. I use yubikey's OpenGPG for my signing, encryption, and authentication subkeys - meaning for ssh too. Which I had to remember how to use `gpg --with-keygrip -k` to add the right "keygrip" to `~/.gnupg/sshcontrol` file to get the new subkey available in the ssh agent. Also it seems like the order of keygrips in sshcontrol file matters. Updating new ssh key in all the places is not fun I think I did github, salsa and launchpad at the moment. But still need to push the keys onto the many of the installed systems.

Tried to use FIDO2 passwordless login for Windows 10, only to find out that my Dell XPS appears to be incompatible with it as it seems that my laptop does not have TPM. Oh well, I guess I need to upgrade my laptop to have a TPM2 chip such that I can have self-unlocking encrypted drives, and like OTP token displayed on boot and the like as was presented at this FOSDEM talk.

Now that cryptsetup 2.1.0 is out and is in Debian and Ubuntu, I guess it's time to reinstall and re-encrypt my laptop, to migrate from LUKS1 to LUKS2. It has a bigger header, so obviously so much better!

Changing phone soon, so will need to regenerate all of the OTP tokens. *sigh* Does anyone backup all the QR codes for them, to quickly re-enroll all the things?

BTW I gave a talk about systemd-resolved at FOSDEM. People didn't like that we do not enable/enforce DNS over TLS, or DNS over HTTPS, or DNSSEC by default. At least, people seemed happy about not leaking queries. But not happy again about caching.

I feel safe.

ps. funny how xkcd uses 2k RSA, not 4k.

Sky CroeserWrapping up Mapping Movements

Over the last few years, I’ve been working on a project with Tim Highfield that explores the connections and disjunctions of activism that crosses online and offline spaces, Mapping Movements. We had a book contract to bring the research together and write up some material that hasn’t made it into other publications, but we’ve decided to withdraw it. It was the right choice to make, and it means wrapping up the project.

I learned a lot doing this research, and even though not all of it will end up seeing publication it will continue to weave through my understanding of the myriad of ways people are trying to create change in the world. This post is an awkward goodbye, and a chance to reflect on some of what I learned.

A large part of what I found valuable (as in many of my collaborations) was working out how our approaches fit: how to bring together quantitative and qualitative data from the Internet and the streets to show more than we might see otherwise. We wrote a bit about our methodology in ‘Mapping Movements – Social Movement Research and Big Data: Critiques and Alternatives’ (in Compromised Data From Social Media to Big Data) and a chapter in the forthcoming Second International Handbook of Internet Research. I continue to reflect on how academics can engage in research that’s safe, and hopefully eventually also useful, for activists. Internet research poses particular challenges in this respect, in part because of the increased online surveillance of many social movements.

Fieldwork I carried out for Occupy Oakland and #oo: uses of Twitter within the Occupy movement was particularly instructive when it came to thinking about surveillance and oppression. There were important debates happening in Occupy at the time about livestreaming and the ways in which citizen journalism might feed into claims to represent or lead the movement. And the open police violence made it clear what the stakes might involve. I won’t forget being teargassed, seeing someone carried away on a stretcher, being kettled, running with a group of friends as we got away, desperately trying to work out where the bulk of the marchers were and if there was anything we could do to help them. This violence was a large part of what dispersed the Occupy movement, but activists also spoke about how it prompted them to a deeper understanding of the problems with the US state and the extents to which it will go to protect capitalism.

My second round of fieldwork, in Athens, led to Harbouring Dissent: Greek Independent and Social Media and the Antifascist Movement. Activists there are doing vital work resisting fascism and racism and, increasingly, working to support refugees seeking safety. I am so grateful for the people I met through a friend-of-a-friend-of-a-friend who were willing to talk to me, help me improve my shoddy classroom Greek, make introductions, and argue with my analyses. Getting the opportunity to talk about some of my work at Bfest and in small workshops made me feel like there’s some hope for this research to be useful beyond academia.

Finally, research at the 2015 World Social Forum in Tunis is unlikely to be published. However, it did feed into my continuing reflections on the way the WSF is constituted and contested.

Mapping Movements helped me grow a lot as a researcher and let me connect and better understand movements that I often feel very far from in Perth. Ending the project opens up space to consider what comes next. Whatever that is, I know it will continue to be influenced by the work we’ve done over the last few years.

Planet DebianJonathan Dowland: My first FOSDEM

FOSDEM 2019 was my first FOSDEM. My work reason to attend was to meet many of my new team-mates from the Red Hat OpenJDK team, as well as people from the wider OpenJDK community, and learn a bit about what people are up to. I spent most of the first day entirely in the Free Java room, which was consistently over-full. On Monday I attended an OpenJDK Committer's meeting hosted by Oracle (despite not — yet — being an OpenJDK source contributor… soon!)

A sides from work and Java, I thought this would be a great opportunity to catch up with various friends from the Debian community. I didn't do quite as well as I hoped! By coincidence, I sat on a train next to Ben Hutchings On Friday, I tried to meet up with Steve McIntyre and others (I spotted at least Neil Williams and half a dozen others) for dinner, but alas the restaurant had (literally) nothing on the menu for vegetarians, so I waved and said hello for a mere 5 minutes before moving on.

On Saturday I bumped into Thomas Goirand (who sports a fantastic Debian Swirl umbrella) with whom I was not yet acquainted. I'm fairly sure I saw Mark Brown from across a room but didn't manage to say hello. I also managed a brief hello with Nattie Hutchings who was volunteering at one of the FOSDEM booths. I missed all the talks given by Debian people, including Karen Sandler, Molly De Blanc, irl, Steinar, Samuel Thibault.

Sunday was a little more successful: I did manage to shake Enrico's hand briefly in the queue for tea, and chat with Paul Sladen for all of 5 minutes. I think I bumped into Karen after FOSDEM in the street near my hotel whilst our respective groups searched for somewhere to eat dinner, but I didn't introduce myself. Finally I met Matthias Klose on Monday.

Quite apart from Debian people, I also failed to meet some Red Hat colleagues and fellow PhD students from Newcastle University who were in attendance, as well as several people from other social networks to which I'd hoped to say hello.

FOSDEM is a gigantic, unique conference, and there are definitely some more successful strategies for getting the most out of it. If I were to go again, I'd be more relaxed about seeing the talks I wanted to in real-time (although I didn't have unrealistic expectations about that for this one); I'd collect more freebie stickers (not for me, but for my daughter!); and I'd try much harder to pre-arrange social get-togethers with friends from various F/OSS communities for the "corridor track" as well as dinners and such around the edges. Things that worked: my tea flask was very handy, and using a lightweight messenger bag instead of my normal backpack made getting in and out of places much easier; things that didn't: I expected it to be much colder than it turned out to be, and wore my warmest jumper, which meant I was hot a lot of the time and had to stuff it (+bulky winter gloves and hat) into aformentioned messenger bag; bringing my own stash of tea bags and a large chocolate tear-and-share brioche for the hotel; in general I over-packed, although that wasn't a problem for the conference itself, just travelling to/from Brussels. I did manage to use the hotel swimming pool once, but it was generally a trade-off between swim or sleep for another 30 minutes.

I've written nothing at all about the talks themselves, yet, perhaps I'll do so in another post.

CryptogramCyberinsurance and Acts of War

I had not heard about this case before. Zurich Insurance has refused to pay Mondelez International's claim of $100 million in damages from NotPetya. It claims it is an act of war and therefor not covered. Mondelez is suing.

Those turning to cyber insurance to manage their exposure presently face significant uncertainties about its promise. First, the scope of cyber risks vastly exceeds available coverage, as cyber perils cut across most areas of commercial insurance in an unprecedented manner: direct losses to policyholders and third-party claims (clients, customers, etc.); financial, physical and IP damages; business interruption, and so on. Yet no cyber insurance policies cover this entire spectrum. Second, the scope of cyber-risk coverage under existing policies, whether traditional general liability or property policies or cyber-specific policies, is rarely comprehensive (to cover all possible cyber perils) and often unclear (i.e., it does not explicitly pertain to all manifestations of cyber perils, or it explicitly excludes some).

But it is in the public interest for Zurich and its peers to expand their role in managing cyber risk. In its ideal state, a mature cyber insurance market could go beyond simply absorbing some of the damage of cyberattacks and play a more fundamental role in engineering and managing cyber risk. It would allow analysis of data across industries to understand risk factors and develop common metrics and scalable solutions. It would allow researchers to pinpoint sources of aggregation risk, such as weak spots in widely relied-upon software and hardware platforms and services. Through its financial levers, the insurance industry can turn these insights into action, shaping private-sector behavior and promoting best practices internationally. Such systematic efforts to improve and incentivize cyber-risk management would redress the conditions that made NotPetya possible in the first place. This, in turn, would diminish the onus on governments to retaliate against attacks.

Planet Linux AustraliaLev Lafayette: Thematic Review 1 : Practical Implementations of Information Systems

Following definitional foundations and theoretical models in Information Systems (IS) there is a great desire to find some detailed practical applications. The first, the Arcadia project at Bankers Trust Australia limited (BTAL) for the derivatives group is almost ancient history as far as computer technology is concerned - it was initiated in 1994. However, as a very successful project it provides excellent information on the processes of implementing new systems into an organisation (Baster et. al., (2001)).

The distinction at this time was described as a "B-T gap" ("Business-Technology gap"), where business users assumed that IT solutions were unable to capture the "dynamic, holistic, and imprecise" nature of business information and decisions, whereas IT users tended to place the blame on 'error between keyboard and chair'. Naturally enough, recognising the gap and the need to overcome it was an excellent starting point of the project along with stating an objective of an information system that was "extensible, adaptable, and responsive to rapid changes".

In more contemporary times what was being built would be considered an Enterprise Resource Planning (ERP) system, which makes some of the management choices particularly interesting in that context. Because of stated needs, BTAL rejected the possibility of a vendor-based solution, which was estimated to be more expensive and less flexible, giving "BTAL less control for satisfying internal decision-making strategies and responding quickly to business changes." To further assist the flexibility a component-based approach was applied, allowing for well-structured interfaces between specific business and technology procedures. The component-based model combined both business and technological logic into a layered model, where the core technological infrastructure was subject to minimal changes, with high-level GUI-presentation layer being areas of most iterative functional elaborations, and with databases and scripting incorporating the business logic desired.

One means of bridging the B-T gap was to have project implementation carried out by a combination of IT and business users, with developers, business drivers, and business users who provided feedback in testing and validating the components, whilst the drivers had detailed expertise in the business functionality that was desired. This was seen a different to much theoretical literature which suggested high-level abstraction, whilst the project used an understanding of complex details and development through rapid iteration.

The success of the Arcadia project was based on continuing feedback, follow-up steps to reduce the B-T gap, and the interest expressed by global operations of the BTAL. The major lessons learned from the project include understanding the existence of a B-T gap and the need to bridge it, understanding and leveraging user behaviour and skills whilst minimising interface changes, keeping the project low-profile whilst recruiting detail-orientated staff as testers. Overall, this detail-orientated layered approach which combined business needs with technological capability should be perceived as a model case study for Information Systems.

Figure 1. Business-Technology layers in the Arcadia project


Baster, Greg., Konana, Prabhudev., Scott, Judy E., Business components: A case study of bankers trust Australia limited, Communications of the ACM 44(5):92-98 · May 2001

Worse Than FailureA Backup Pipeline

“Um… can you come take a look at something for me?”

Pat looked up from happily hacking away at some new features to see Milton hovering at the edge of the cubicle.

“I think I messed up,” Milton added.

One of their company’s main internal systems was a data processing pipeline. “Pipeline” might be a bit generous, as in practice, it was actually a webwork of shell scripts and Python that pulled data in from files, did “stuff” to that data, and dropped the results into other files, which could then be read in by different scripts. In actual use, this usually meant people grabbed the latest version of the scripts from source control, modified and tweaked how they executed to answer one specific data-related question, and if that particular process seemed like it might have value, they’d clean the code up a bit and then try and merge it back up into source control. Otherwise, if they didn’t think they’d need it again, they’d just reset back to HEAD.

Some folks, though, like Milton, mostly kept their own copy of all the scripts. Or in Milton’s case, multiple copies. Milton knew the data processing pipeline better than anyone, but the vast majority of that knowledge was locked up in his personal scripting library.

“I was thinking I should probably try and contribute changes back upstream,” Milton said. “So, like, I’ve got a script that’s called by a script, which is called by a script, and it depends on having a bunch of shell variables created, like $SETUP_DIR.”

Pat nodded along.

“So I wanted to refactor that into an argument, so other people could use it. And I did… but I forgot to change the calling scripts to pass the argument before I tried to test it.”

Specifically, Milton’s script had a line like this:


rm -rf $SETUP_DIR/*/

Which he refactored into a line like this:


rm -rf $1/*/

Shell scripts don’t care if these variables exist or not. Milton had an environment which always guaranteed $SETUP_DIR existed. But $1 is the first argument, and if you don’t pass an argument, it’s nothing. So Milton’s new script, when executed with no arguments, expanded to rm -rf /*/- deleting everything his account had access to.

Mostly that meant lots of failed attempts to delete files he didn’t have the rights to. It also meant his home directory went away, along with his entire packrat pile of spaghettified scripts that were absolutely impossible to reconstruct, as they’d never been placed in source control.

“There’s a way to fix this, right?” Milton asked.

“I mean, sure. You can restore from the last backup you took,” Pat said.

While all the Windows boxes were running an automated backup tool, installed automatically, none of the Linux boxes were so configured. The support team took the stance that if you were technical enough to be running Linux and writing shell scripts, you were technical enough to set up your own backup solution. There was a SAN available to everyone for exactly that purpose.

“Oh, I… never set up a backup,” Milton whispered. “Well… at least I didn’t push?”

Pat wondered if Milton was learning the right lesson from this mistake.

[Advertisement] Ensure your software is built only once and then deployed consistently across environments, by packaging your applications and components. Learn how today!

Planet DebianOlivier Berger: Two demos of programming inside the Web browser with Theia for Java and PHP, using Docker

Theia is a Web IDE that can be used to offer a development environment displayed in a Web browser.

I’ve recorded 2 screencasts of running Theia inside Docker containers, to develop Java and PHP applications, respectively using Maven and Composer (the latter is a Symfony application).

Here are the videos :

I’ve pushed the Dockerfiles I’ve used here (Java) and here (PHP).

This is the kind of environments we’re considering to use for “virual labs” that we could use for teaching purposes.

We’re considering integrating them in Janitor for giving access to these environments on a server, and maybe mixing them with Labtainers for auto-grading of labs, for instance.

I must thank etiennewan for introducing me to Janitor and Theia. So nice to have wonderful students that teach their professors 😉

Planet DebianKeith Packard: snek-de

snekde — an IDE for snek development

I had hoped to create a stand-alone development environment on the Arduino, but I've run out of room. The current snek image uses 32606 bytes of flash (out of 32768) and 1980 bytes of RAM (out of 2048). I can probably squeeze a few more bytes out, but making enough room for a text editor seems like a stretch.

As a back-up plan, I've written a host-side application that communicates with the Arduino over the serial port.

Python + Curses

I looked at a range of options for writing this code, from Java to PyTk and finally settled on Python and Curses. This requires a minimal number of Python packages on the target system (just curses and pyserial), and seems to run just fine on both Linux and Windows. I haven't tried it on OS X, but I imagine it will work fine there too.

This creates a pretty spartan UI, but it's not a lot of code (about 800 lines), and installing it should be pretty easy.

What Can It Do

It's not the worlds most sophisticated IDE, but it does the basics:

  • Get and Put source code to EEPROM on the Arduino.

  • Edit source code. Including auto-indent, and a cut/paste buffer.

  • Load and Save source code to files on the host.

  • Interact with the snek command line, saving all output for review

Where Now for Snek?

I think I'll let a few students give this a try and see if they can make anything of it. I expect to get lots of feedback for stuff which is wrong, confusing or undocumented which should help make it better pretty quickly.

snekde source:

Krebs on SecurityPatch Tuesday, February 2019 Edition

Microsoft on Tuesday issued a bevy of patches to correct at least 70 distinct security vulnerabilities in Windows and software designed to interact with various flavors of the operating system. This month’s patch batch tackles some notable threats to enterprises — including multiple flaws that were publicly disclosed prior to Patch Tuesday. It also bundles fixes to quash threats relevant to end users, including critical updates for Adobe Flash Player and Microsoft Office, as well as a zero-day bug in Internet Explorer.

Some 20 of the flaws addressed in February’s update bundle are weaknesses labeled “critical,” meaning Microsoft believes that attackers or malware could exploit them to fully compromise systems through little or no help from users — save from convincing a user to visit a malicious or hacked Web site.

Microsoft patched a bug in Internet Exploder Explorer (CVE-2019-0676) discovered by Google that attackers already are using to target vulnerable systems. This flaw could allow malware or miscreants to check for the presence of specific files on the target’s hard drive.

Another critical vulnerability that impacts both end users and enterprises is a weakness in the Windows component responsible for assigning Internet addresses to host computers (a.k.a. “Windows DHCP client”). That flaw, CVE-2019-0626, could let an attacker execute malcode of his choice just by sending the target a specially crafted DHCP request.

At the top of the list of patch concerns mainly for companies is a publicly disclosed issue with Microsoft Exchange services (CVE-2019-0686) that could allow an attacker on the same network as the target to access the inbox of other users. Microsoft said it has not seen active exploitation of this bug yet, but considers it likely to be exploited soon.

Security experts are fond of saying “patch now!” when it comes to Windows bugs, but in general it can’t hurt for regular users to wait a day or two after Microsoft releases monthly security updates before installing the fixes. That’s because occasionally buggy patches can cause serious headaches for users who install them before all the kinks are worked out.

Just don’t put off the task too long. And bear in mind it’s a good idea to get in the habit of backing up your data before installing Windows updates, to hedge against the odd case in which a wonky patch ends up rendering your system unusable until you can work out how to reverse the changes.

Windows 10 likes to install patches all in one go and reboot your computer on its own schedule. Microsoft doesn’t make it easy for Windows 10 users to change this setting, but it is possible. For all other Windows OS users, if you’d rather be alerted to new updates when they’re available so you can choose when to install them, there’s a setting for that in Windows Update.

Microsoft also included fixes to address a single vulnerability in Adobe Flash Player. Microsoft and Adobe disagree on the severity of this flaw, according to security firm Qualys. Adobe labels it an “important” bug, while Microsoft tags it with a far more severe “critical” label. Regardless, Flash flaws are favorite targets of attackers. If you browse the Web with IE or Edge, this month’s patch batch from Microsoft has you covered.

Fortunately, the most popular Web browser by a long shot — Google Chrome — auto-updates Flash but also is now making users explicitly enable Flash every time they want to use it (Microsoft also bundles Flash with IE/Edge and updates it whenever Windows systems install monthly updates). By the summer of 2019 Google will make Chrome users go into their settings to enable it every time they want to run it.

Firefox also forces users with the Flash add-on installed to click in order to play Flash content; instructions for disabling or removing Flash from Firefox are here. Adobe will stop supporting Flash at the end of 2020.

Adobe also released updates for Adobe Acrobat and Reader that plug at least 70 security holes in these applications, so if you have either installed please be sure to update those.

As always, if you experience any problems installing any of these patches this month, please feel free to leave a comment about it below; there’s a good chance other readers have experienced the same and may even chime in here with some helpful tips.

Planet Linux AustraliaLev Lafayette: Video Review of a Social Media Webinar

A video review of the webinar/video presentation of Meet Edgar's "Ten Social Media Tips for 2019 Success", for the MSc course in Information Systems (University of Salford).

Video produced through slides made with LibreOffice Impress and audio with GNOME SoundRecorder, and composed with OpenShot.

Whilst a transcription is not available, the following is the content from the slideshow presentation.

Ten Social Media Tips for 2019

* This is a review of Meet Edgar’s “Ten Social Media Tips for 2019”
* The video (and transcript) is available from the following URL
* Presenters are Megan and Christina Meet Edgar Community Social Media
* First argument is that social media is a free platform where you can connect with your followers and create a community.
* The presentation does not describe or differentiate between specific social media platforms, but rather gives general advice common to all.
* This immediately limits the value the presentation; the sort of engagement that one has on Facebook is different to Twitter is different to Youtube is different to Livejournal (does anyone outside of Russia still actively use LJ?), or even Usenet, due to the posting restrictions (word count, imagery), style, and especially community norms.

Tip 1: More social less media

* Purpose of this suggestion is to encourage authenticity in marketing, and that “personal branding is now part of company branding”, so engage directly with followers, add more personality into their social media posts. “People buy from people, not businesses”.
* It is claimed that engagement provides for opportunities to connect with followers, find out what drives them, establish brand-loyalty on the basis of brand personality.
* This is all largely true, but over-stated. For example the webinar has completely overlooked the importance of business-to-business transactions (even if these are not usually via social media). The assertion of “brand personality” is backwards; actors (even corporate actors) have personality. A brand is an identifier of a personality.

Tip 2: More Listening, Less Broadcasting

* Discover pain points of consumer, find out what their ideal image of themselves in the future and try to create a situation where your products and services match that image.
* There’s more content on social media than is possible for a consumer to process. It should be stated that in a factor leading to a greater balance of market power between the supplier of goods and services and the consumer of goods and services (other factors, such as a concentration of capital, are a countervailing trend).
* Argues that producers need to “listen and reply and engage with your followers not just broadcast out your promotions”.

Tip 3 More Video, Less Text

* Argues that "everything we read, every trend we're seeing, every analytics that we're looking at goes to this idea that video is where it's at on social media".
* Produce exclusive video content for followers, and encourage comments.
* Claims that live streams generates the most views.
* Drive engagement through emotional reactions.
* Ironically, the video provided by Meet Edgar is essentially a presentation with images and a voice-over (like this one too, but at least I’m knowingly self-referentially ironic).
* Video is a great media for immersion in exciting live content. It is not live streams that generates the views but the content of the live streams (otherwise Andy Warhol’s Empire would be a great film).
* In reality text is ten times faster than video, can be easily referenced,and is technologically a more independent media.

Tip 4 More new experiences

* Argues that marketing agents must keep an eye on what’s coming up next in social media, find out which platforms are winning, and direct experiments on those.
* If the platform or the social media posts fail to connect then use it as a learning experience and incorporate those lessons in the base networks.
* This advice is horribly vague and could be a massive sinkhole of time and effort if followed as presented. Instead they should be providing a metric for experimentation, trigger levels for greater levels of investment etc

Tip 5 More Content Creation, Less Analytics

* Claims that checking in analytics can be addictive; instead of doing it daily, do it every week or so. Instead, concentrate on content creation and follow meaningful trends over weeks, months, etc.
* This is fairly sound advice, although further practical elaboration on how to correlate analytics information with action would be appreciated. Advice is simply to “really connect the dots on where things are going in your marketing strategy”. That’s not exactly helpful from an information systems point of view.

Tip 6 More education and emotion and less selling

* The proposal is to walk through the “buyer’s journey” (see also Tip 9) and teach them how to use the product to its fullest, and give them an emotional boost when they succeed with it.
* This makes sense with complex products with high price tags that can cover the cost of servicing the customer (for example a supercomputer with training included). Not exactly sure how this is especially relevant for consumer products sold through social media, unless it is mass transmission (e.g., training videos) rather than individual coaching.
* Something that probably should have been included is the potential of conflict between emotion and education. Many emotional decisions are not educated decisions. The ideal customer is one who is deeply committed to a product with grounded reasons, rather than just rash feelings.

Tip 7 More Values, Less Guessing

* A corporate body should have “brand values” which become known to the social media followers.
* Consistency and committed to the values in every social media post.
* Values can change through conversations with consumers.
* Again, brands don’t have values but represent values. Values represent the moral integrity of an organisation. Good corporate practise to liaise with independent organisations and potential critics (e.g., unions, environmental groups, workplace advocates etc).

Tip 8 More customer hero, less product hero

* The presentation argues that the structure of the Hero’s journey can be applied to the customer and social media marketing; “people are going throughout something, they come to a struggle, they overcome it and they are better off for it at the end.”
* Part of the process is to get user-generated content on success stories and share them as social proof in product reassurance.
* The great insight of Joseph Campbell, “The Hero with A Thousand Faces” in generating the monomyth (the hero ventures from the ordinary world to the supernatural, confronts great and magical adversaries, returns and bestows new powers to the community), has been converted to a shopping expedition.
* Raising any customer or product to a heroic level is worthy of ridicule. Mortal bravery is required, not a high-limit credit card.

Tip 9 More answers, less questions

* Suggestions to seek follower questions to develop a list of frequent questions; make it a consistent fun activity to invite followers to participate in regular question and answer sessions. Note that private message requests are increasing faster than requests on public forums.
* Curious that the authors are suggesting developing a Frequently Asked Questions (FAQ) which have been on the Internet (originally by NASA) since the early 1980s and arguably in publications since the 17th century.
* The matter of private messaging is probably a result of increased awareness of privacy issues.

Tip 10 More Traffic, Less Work

* Propose "working smarter" and "systemizing your social media strategy". The advice doesn't really come down to more than having a time-based plan for social media content.
* Even if one does adopt a project-like approach to social media one has to consider time, product, and cost (the classic project management triad) along with contingencies, or the classic marketing approach of product, price, and place.
* Just because we’re in the supposedly new world of social media and individualised market segments these hard issues can’t be hand-waved away.
* The best way to develop “more traffic, less work” is to have a good product at a good price when users need it, and then they’ll do a lot of the marketing for you!

Concluding Remarks

* There was some good material in the presentation, with regards to individual approaches and customer engagement, along with correctly identifying these as part of other trends in online communication.
* However much of the material was seriously short on elaboration, over-stated the case significantly, and lack a quantitative evaluation. The signal to noise ratio was very low.
* It is extremely difficult to see how the authors could seriously argue that this material reflected “Ten Social Media Tips for 2019”. Much of it was not related to social media, let alone material that is particularly important for 2019.
* Really, the presentation could have done with an information systems perspective. That is, looking at social media marketing as being a system, with a technological and business workflow, with market segment inputs decision points, triggers and contingencies, and so forth. The positive aspects of the presentation were random, the negative comes down to a lack of a systemic perspective.


Planet DebianJonathan McDowell: Gemini NC14 + Debian

My main machine is a Dell E7240. It’s 5 years old and, while a bit slow sometimes, is generally still capable of doing all I need. However it mostly lives in an E-Port Plus II dock and gets treated like a desktop. As a result I don’t tend to move it around the house; the external monitor has a higher resolution than the internal 1080p and I’m often running things on it where it would be inconvenient to have to suspend it. So I decided I’d look for a basic laptop that could act as a simple terminal and web browser. This seems like an ideal job for a Chromebook, but I wanted a decent resolution screen and all of the cheap Chromebooks were 1366x768.

Looking around I found the Gemini Devices NC14. This is a Celeron N3350 based device with 4GB RAM and a 14” 1080p LCD. For £180 that seemed like a decent spec, much better than anything else I could see for under £200. Included storage is limited to a 32GB eMMC, with a slot for an m.2 SSD if desired, but as I’m not planning to store anything other than the OS/applications on the device that wasn’t a drawback to me. Box seem to be the only supplier, though they also list on Amazon. I chose Amazon, because that avoided paying extra for shipping to Northern Ireland.

The laptop comes with just a wall-wart style power supply - there’s no paperwork or anything else in the box. The PSU is a 12V/2A model and the cable is only slightly more than 1m long. However there’s also a USB-C power on the left side of the laptop and it will charge from that; didn’t work with any of my USB-C phone chargers, but worked just fine with my Lenovo laptop charger. The USB-C port does USB, as you’d expect, but surprisingly is also setup for DisplayPort - I plugged in a standard USB-C → HDMI adaptor and it worked perfectly. Additional ports include 2 standard USB 3.0 ports, a mini-HDMI port, a 3.5mm audio jack and a micro SD card slot. The whole device is pretty light too, coming in at about 1.37kg. It feels cheap, but not flimsy - not unreasonable given the price point. The keyboard is ok; not a great amount of travel and slightly offset from what I’m used to on the right hand side (there is a column of home/pgup/pgdn/end to the right of the enter key). The worst aspect is that the power button is a regular key in the top right, so easy to hit when looking for delete. The trackpad is serviceable; the middle button is a little tricky to hit sometimes, but there and useful.

Software-wise it is supplied with Windows 10 Home. I didn’t boot it, instead choosing to install Debian Buster via the Alpha 4 installer (Alpha 5 has since been released). There were no hiccups here; I did a UEFI based install overwriting the Windows installation and chose LXDE as my desktop environment. I’m still not entirely convinced by it (my other machines run GNOME3), but with the hardware being lower spec I didn’t want to try too much. I added Chrome - I plan to leave the laptop running Buster rather than testing, so regular updates to the browser direct from Google are appealing. LXDE’s default LXTerminal works just fine as the terminal emulator (though I did hit #908760 in regards to trying to click on URLs to open them).

How do I find it? I’m pretty pleased with my purchase. I’ve had it just over 2 weeks at the point of writing, and I’m using it to write this post (ssh’d into my laptop - I’ve longer term plans to use a different machine as the grunt). Chrome can sometimes be a little sluggish to open a new URL - I think this is due to the slow internal eMMC and trying to lookup autocomplete suggestions from previous visits - but there’s no problem with responsiveness after that point. Youtube videos play just fine. Running a whole bunch of terminals doesn’t cause any issues, as you’d hope. I’m running a single virtual desktop with Chrome full-screened and one with a bunch of lxterminals and it’s all very usable. Battery life is excellent, though acpi reports obviously inaccurate timings (currently, with 16% battery left, it’s reporting 5hr35 runtime) I think I’m probably seeing 8+ hours. One oddity I did see is with the keyboard; the enter key actually returns KEY_KPENTER which makes less unhappy, as well as some other things. I fixed it using xmodmap -e 'keycode 104 = Return NoSymbol Return', which maps it back to KEY_ENTER, and I’ve had a fix accepted into udev/systemd to fix it up automatically.

microcode: microcode updated early to revision 0x32, date = 2018-05-11
Linux version 4.19.0-2-amd64 ( (gcc version 8.2.0 (Debian 8.2.0-14)) #1 SMP Debian 4.19.16-1 (2019-01-17)
Command line: BOOT_IMAGE=/boot/vmlinuz-4.19.0-2-amd64 root=UUID=57a681dd-c949-4287-be18-9d7b0f3f2b45 ro quiet
x86/fpu: Supporting XSAVE feature 0x001: 'x87 floating point registers'
x86/fpu: Supporting XSAVE feature 0x002: 'SSE registers'
x86/fpu: Supporting XSAVE feature 0x008: 'MPX bounds registers'
x86/fpu: Supporting XSAVE feature 0x010: 'MPX CSR'
x86/fpu: xstate_offset[3]:  576, xstate_sizes[3]:   64
x86/fpu: xstate_offset[4]:  640, xstate_sizes[4]:   64
x86/fpu: Enabled xstate features 0x1b, context size is 704 bytes, using 'compacted' format.
BIOS-provided physical RAM map:
BIOS-e820: [mem 0x0000000000000000-0x000000000003efff] usable
BIOS-e820: [mem 0x000000000003f000-0x000000000003ffff] reserved
BIOS-e820: [mem 0x0000000000040000-0x000000000009dfff] usable
BIOS-e820: [mem 0x000000000009e000-0x00000000000fffff] reserved
BIOS-e820: [mem 0x0000000000100000-0x000000000fffffff] usable
BIOS-e820: [mem 0x0000000010000000-0x0000000012150fff] reserved
BIOS-e820: [mem 0x0000000012151000-0x00000000768bcfff] usable
BIOS-e820: [mem 0x00000000768bd000-0x0000000079a0afff] reserved
BIOS-e820: [mem 0x0000000079a0b000-0x0000000079a26fff] ACPI data
BIOS-e820: [mem 0x0000000079a27000-0x0000000079a8afff] ACPI NVS
BIOS-e820: [mem 0x0000000079a8b000-0x0000000079ddffff] reserved
BIOS-e820: [mem 0x0000000079de0000-0x0000000079e34fff] type 20
BIOS-e820: [mem 0x0000000079e35000-0x000000007a1acfff] usable
BIOS-e820: [mem 0x000000007a1ad000-0x000000007a1adfff] ACPI NVS
BIOS-e820: [mem 0x000000007a1ae000-0x000000007a1c7fff] reserved
BIOS-e820: [mem 0x000000007a1c8000-0x000000007a762fff] usable
BIOS-e820: [mem 0x000000007a763000-0x000000007a764fff] reserved
BIOS-e820: [mem 0x000000007a765000-0x000000007affffff] usable
BIOS-e820: [mem 0x000000007b000000-0x000000007fffffff] reserved
BIOS-e820: [mem 0x00000000d0000000-0x00000000d0ffffff] reserved
BIOS-e820: [mem 0x00000000e0000000-0x00000000efffffff] reserved
BIOS-e820: [mem 0x00000000fe042000-0x00000000fe044fff] reserved
BIOS-e820: [mem 0x00000000fe900000-0x00000000fe902fff] reserved
BIOS-e820: [mem 0x00000000fec00000-0x00000000fec00fff] reserved
BIOS-e820: [mem 0x00000000fed01000-0x00000000fed01fff] reserved
BIOS-e820: [mem 0x00000000fee00000-0x00000000fee00fff] reserved
BIOS-e820: [mem 0x00000000ff800000-0x00000000ffffffff] reserved
BIOS-e820: [mem 0x0000000100000000-0x000000017fffffff] usable
NX (Execute Disable) protection: active
efi: EFI v2.50 by American Megatrends
efi:  ACPI=0x79a10000  ACPI 2.0=0x79a10000  SMBIOS=0x79c98000  SMBIOS 3.0=0x79c97000  ESRT=0x73860f18 
secureboot: Secure boot could not be determined (mode 0)
SMBIOS 3.0.0 present.
DMI: Gemini Devices NC14V1006/To be filled by O.E.M., BIOS XW-BI-14-S133AR400-AA54M-046-A 01/04/2018
tsc: Fast TSC calibration using PIT
tsc: Detected 1094.400 MHz processor
e820: update [mem 0x00000000-0x00000fff] usable ==> reserved
e820: remove [mem 0x000a0000-0x000fffff] usable
last_pfn = 0x180000 max_arch_pfn = 0x400000000
MTRR default type: uncachable
MTRR fixed ranges enabled:
  00000-6FFFF write-back
  70000-7FFFF uncachable
  80000-9FFFF write-back
  A0000-BFFFF uncachable
  C0000-FFFFF write-protect
MTRR variable ranges enabled:
  0 base 0000000000 mask 7F80000000 write-back
  1 base 007C000000 mask 7FFC000000 uncachable
  2 base 007B000000 mask 7FFF000000 uncachable
  3 base 0100000000 mask 7F80000000 write-back
  4 base 00FF800000 mask 7FFF800000 write-combining
  5 base 0090000000 mask 7FF0000000 write-through
  6 disabled
  7 disabled
  8 disabled
  9 disabled
x86/PAT: Configuration [0-7]: WB  WC  UC- UC  WB  WP  UC- WT  
last_pfn = 0x7b000 max_arch_pfn = 0x400000000
esrt: Reserving ESRT space from 0x0000000073860f18 to 0x0000000073860f50.
Base memory trampoline at [(____ptrval____)] 97000 size 24576
Using GB pages for direct mapping
BRK [0x19001000, 0x19001fff] PGTABLE
BRK [0x19002000, 0x19002fff] PGTABLE
BRK [0x19003000, 0x19003fff] PGTABLE
BRK [0x19004000, 0x19004fff] PGTABLE
BRK [0x19005000, 0x19005fff] PGTABLE
BRK [0x19006000, 0x19006fff] PGTABLE
BRK [0x19007000, 0x19007fff] PGTABLE
RAMDISK: [mem 0x34d25000-0x36689fff]
ACPI: Early table checksum verification disabled
ACPI: RSDP 0x0000000079A10000 000024 (v02 ALASKA)
ACPI: XSDT 0x0000000079A100C0 0000F4 (v01 ALASKA A M I    01072009 AMI  00010013)
ACPI: FACP 0x0000000079A19030 000114 (v06 ALASKA A M I    01072009 AMI  00010013)
ACPI: DSDT 0x0000000079A10260 008DCF (v02 ALASKA A M I    01072009 INTL 20120913)
ACPI: FACS 0x0000000079A8A080 000040
ACPI: FPDT 0x0000000079A19150 000044 (v01 ALASKA A M I    01072009 AMI  00010013)
ACPI: FIDT 0x0000000079A191A0 00009C (v01 ALASKA A M I    01072009 AMI  00010013)
ACPI: MSDM 0x0000000079A19240 000055 (v03 ALASKA A M I    01072009 AMI  00010013)
ACPI: MCFG 0x0000000079A192A0 00003C (v01 ALASKA A M I    01072009 MSFT 00000097)
ACPI: DBG2 0x0000000079A192E0 000072 (v00 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: DBGP 0x0000000079A19360 000034 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: HPET 0x0000000079A193A0 000038 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: LPIT 0x0000000079A193E0 00005C (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: APIC 0x0000000079A19440 000084 (v03 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: NPKT 0x0000000079A194D0 000065 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: PRAM 0x0000000079A19540 000030 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: WSMT 0x0000000079A19570 000028 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: SSDT 0x0000000079A195A0 00414C (v02 INTEL  DptfTab  00000003 BRXT 0100000D)
ACPI: SSDT 0x0000000079A1D6F0 003621 (v02 INTEL  RVPRtd3  00000003 BRXT 0100000D)
ACPI: SSDT 0x0000000079A20D20 00077D (v02 INTEL  UsbCTabl 00000003 BRXT 0100000D)
ACPI: SSDT 0x0000000079A214A0 001611 (v01 Intel_ Platform 00001000 INTL 20120913)
ACPI: SSDT 0x0000000079A22AC0 0003DF (v02 PmRef  Cpu0Ist  00003000 INTL 20120913)
ACPI: SSDT 0x0000000079A22EA0 00072B (v02 CpuRef CpuSsdt  00003000 INTL 20120913)
ACPI: SSDT 0x0000000079A235D0 00032D (v02 PmRef  Cpu0Tst  00003000 INTL 20120913)
ACPI: SSDT 0x0000000079A23900 00017C (v02 PmRef  ApTst    00003000 INTL 20120913)
ACPI: SSDT 0x0000000079A23A80 002760 (v02 SaSsdt SaSsdt   00003000 INTL 20120913)
ACPI: UEFI 0x0000000079A261E0 000042 (v01 ALASKA A M I    00000000      00000000)
ACPI: TPM2 0x0000000079A26230 000034 (v03        Tpm2Tabl 00000001 AMI  00000000)
ACPI: DMAR 0x0000000079A26270 0000A8 (v01 INTEL  EDK2     00000003 BRXT 0100000D)
ACPI: WDAT 0x0000000079A26320 000104 (v01                 00000000      00000000)
ACPI: Local APIC address 0xfee00000
No NUMA configuration found
Faking a node at [mem 0x0000000000000000-0x000000017fffffff]
NODE_DATA(0) allocated [mem 0x17fff8000-0x17fffcfff]
Zone ranges:
  DMA      [mem 0x0000000000001000-0x0000000000ffffff]
  DMA32    [mem 0x0000000001000000-0x00000000ffffffff]
  Normal   [mem 0x0000000100000000-0x000000017fffffff]
  Device   empty
Movable zone start for each node
Early memory node ranges
  node   0: [mem 0x0000000000001000-0x000000000003efff]
  node   0: [mem 0x0000000000040000-0x000000000009dfff]
  node   0: [mem 0x0000000000100000-0x000000000fffffff]
  node   0: [mem 0x0000000012151000-0x00000000768bcfff]
  node   0: [mem 0x0000000079e35000-0x000000007a1acfff]
  node   0: [mem 0x000000007a1c8000-0x000000007a762fff]
  node   0: [mem 0x000000007a765000-0x000000007affffff]
  node   0: [mem 0x0000000100000000-0x000000017fffffff]
Reserved but unavailable: 98 pages
Initmem setup node 0 [mem 0x0000000000001000-0x000000017fffffff]
On node 0 totalpages: 1005750
  DMA zone: 64 pages used for memmap
  DMA zone: 23 pages reserved
  DMA zone: 3996 pages, LIFO batch:0
  DMA32 zone: 7461 pages used for memmap
  DMA32 zone: 477466 pages, LIFO batch:63
  Normal zone: 8192 pages used for memmap
  Normal zone: 524288 pages, LIFO batch:63
Reserving Intel graphics memory at [mem 0x7c000000-0x7fffffff]
ACPI: PM-Timer IO Port: 0x408
ACPI: Local APIC address 0xfee00000
ACPI: LAPIC_NMI (acpi_id[0x01] high level lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x02] high level lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x03] high level lint[0x1])
ACPI: LAPIC_NMI (acpi_id[0x04] high level lint[0x1])
IOAPIC[0]: apic_id 1, version 32, address 0xfec00000, GSI 0-119
ACPI: INT_SRC_OVR (bus 0 bus_irq 0 global_irq 2 dfl dfl)
ACPI: INT_SRC_OVR (bus 0 bus_irq 9 global_irq 9 low level)
ACPI: IRQ0 used by override.
ACPI: IRQ9 used by override.
Using ACPI (MADT) for SMP configuration information
ACPI: HPET id: 0x8086a701 base: 0xfed00000
smpboot: Allowing 4 CPUs, 2 hotplug CPUs
PM: Registered nosave memory: [mem 0x00000000-0x00000fff]
PM: Registered nosave memory: [mem 0x0003f000-0x0003ffff]
PM: Registered nosave memory: [mem 0x0009e000-0x000fffff]
PM: Registered nosave memory: [mem 0x10000000-0x12150fff]
PM: Registered nosave memory: [mem 0x768bd000-0x79a0afff]
PM: Registered nosave memory: [mem 0x79a0b000-0x79a26fff]
PM: Registered nosave memory: [mem 0x79a27000-0x79a8afff]
PM: Registered nosave memory: [mem 0x79a8b000-0x79ddffff]
PM: Registered nosave memory: [mem 0x79de0000-0x79e34fff]
PM: Registered nosave memory: [mem 0x7a1ad000-0x7a1adfff]
PM: Registered nosave memory: [mem 0x7a1ae000-0x7a1c7fff]
PM: Registered nosave memory: [mem 0x7a763000-0x7a764fff]
PM: Registered nosave memory: [mem 0x7b000000-0x7fffffff]
PM: Registered nosave memory: [mem 0x80000000-0xcfffffff]
PM: Registered nosave memory: [mem 0xd0000000-0xd0ffffff]
PM: Registered nosave memory: [mem 0xd1000000-0xdfffffff]
PM: Registered nosave memory: [mem 0xe0000000-0xefffffff]
PM: Registered nosave memory: [mem 0xf0000000-0xfe041fff]
PM: Registered nosave memory: [mem 0xfe042000-0xfe044fff]
PM: Registered nosave memory: [mem 0xfe045000-0xfe8fffff]
PM: Registered nosave memory: [mem 0xfe900000-0xfe902fff]
PM: Registered nosave memory: [mem 0xfe903000-0xfebfffff]
PM: Registered nosave memory: [mem 0xfec00000-0xfec00fff]
PM: Registered nosave memory: [mem 0xfec01000-0xfed00fff]
PM: Registered nosave memory: [mem 0xfed01000-0xfed01fff]
PM: Registered nosave memory: [mem 0xfed02000-0xfedfffff]
PM: Registered nosave memory: [mem 0xfee00000-0xfee00fff]
PM: Registered nosave memory: [mem 0xfee01000-0xff7fffff]
PM: Registered nosave memory: [mem 0xff800000-0xffffffff]
[mem 0x80000000-0xcfffffff] available for PCI devices
Booting paravirtualized kernel on bare hardware
clocksource: refined-jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645519600211568 ns
random: get_random_bytes called from start_kernel+0x93/0x531 with crng_init=0
setup_percpu: NR_CPUS:512 nr_cpumask_bits:512 nr_cpu_ids:4 nr_node_ids:1
percpu: Embedded 44 pages/cpu @(____ptrval____) s143192 r8192 d28840 u524288
pcpu-alloc: s143192 r8192 d28840 u524288 alloc=1*2097152
pcpu-alloc: [0] 0 1 2 3 
Built 1 zonelists, mobility grouping on.  Total pages: 990010
Policy zone: Normal
Kernel command line: BOOT_IMAGE=/boot/vmlinuz-4.19.0-2-amd64 root=UUID=57a681dd-c949-4287-be18-9d7b0f3f2b45 ro quiet
Calgary: detecting Calgary via BIOS EBDA area
Calgary: Unable to locate Rio Grande table in EBDA - bailing!
Memory: 3729732K/4023000K available (10252K kernel code, 1236K rwdata, 3196K rodata, 1572K init, 2332K bss, 293268K reserved, 0K cma-reserved)
SLUB: HWalign=64, Order=0-3, MinObjects=0, CPUs=4, Nodes=1
ftrace: allocating 31615 entries in 124 pages
rcu: Hierarchical RCU implementation.
rcu: 	RCU restricting CPUs from NR_CPUS=512 to nr_cpu_ids=4.
rcu: Adjusting geometry for rcu_fanout_leaf=16, nr_cpu_ids=4
NR_IRQS: 33024, nr_irqs: 1024, preallocated irqs: 16
Console: colour dummy device 80x25
console [tty0] enabled
ACPI: Core revision 20180810
clocksource: hpet: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 99544814920 ns
hpet clockevent registered
APIC: Switch to symmetric I/O mode setup
DMAR: Host address width 39
DMAR: DRHD base: 0x000000fed64000 flags: 0x0
DMAR: dmar0: reg_base_addr fed64000 ver 1:0 cap 1c0000c40660462 ecap 7e3ff0505e
DMAR: DRHD base: 0x000000fed65000 flags: 0x1
DMAR: dmar1: reg_base_addr fed65000 ver 1:0 cap d2008c40660462 ecap f050da
DMAR: RMRR base: 0x000000799b6000 end: 0x000000799d5fff
DMAR: RMRR base: 0x0000007b800000 end: 0x0000007fffffff
DMAR-IR: IOAPIC id 1 under DRHD base  0xfed65000 IOMMU 1
DMAR-IR: HPET id 0 under DRHD base 0xfed65000
DMAR-IR: Queued invalidation will be enabled to support x2apic and Intr-remapping.
DMAR-IR: Enabled IRQ remapping in x2apic mode
x2apic enabled
Switched APIC routing to cluster x2apic.
..TIMER: vector=0x30 apic1=0 pin1=2 apic2=-1 pin2=-1
clocksource: tsc-early: mask: 0xffffffffffffffff max_cycles: 0xfc66f4fc7c, max_idle_ns: 440795224246 ns
Calibrating delay loop (skipped), value calculated using timer frequency.. 2188.80 BogoMIPS (lpj=4377600)
pid_max: default: 32768 minimum: 301
Security Framework initialized
Yama: disabled by default; enable with sysctl kernel.yama.*
AppArmor: AppArmor initialized
Dentry cache hash table entries: 524288 (order: 10, 4194304 bytes)
Inode-cache hash table entries: 262144 (order: 9, 2097152 bytes)
Mount-cache hash table entries: 8192 (order: 4, 65536 bytes)
Mountpoint-cache hash table entries: 8192 (order: 4, 65536 bytes)
mce: CPU supports 7 MCE banks
Last level iTLB entries: 4KB 48, 2MB 0, 4MB 0
Last level dTLB entries: 4KB 0, 2MB 0, 4MB 0, 1GB 0
Spectre V2 : Mitigation: Full generic retpoline
Spectre V2 : Spectre v2 / SpectreRSB mitigation: Filling RSB on context switch
Spectre V2 : Enabling Restricted Speculation for firmware calls
Spectre V2 : mitigation: Enabling conditional Indirect Branch Prediction Barrier
Freeing SMP alternatives memory: 24K
TSC deadline timer enabled
smpboot: CPU0: Intel(R) Celeron(R) CPU N3350 @ 1.10GHz (family: 0x6, model: 0x5c, stepping: 0x9)
Performance Events: PEBS fmt3+, Goldmont events, 32-deep LBR, full-width counters, Intel PMU driver.
... version:                4
... bit width:              48
... generic registers:      4
... value mask:             0000ffffffffffff
... max period:             00007fffffffffff
... fixed-purpose events:   3
... event mask:             000000070000000f
rcu: Hierarchical SRCU implementation.
NMI watchdog: Enabled. Permanently consumes one hw-PMU counter.
smp: Bringing up secondary CPUs ...
x86: Booting SMP configuration:
.... node  #0, CPUs:      #1
smp: Brought up 1 node, 2 CPUs
smpboot: Max logical packages: 2
smpboot: Total of 2 processors activated (4377.60 BogoMIPS)
devtmpfs: initialized
x86/mm: Memory block size: 128MB
PM: Registering ACPI NVS region [mem 0x79a27000-0x79a8afff] (409600 bytes)
PM: Registering ACPI NVS region [mem 0x7a1ad000-0x7a1adfff] (4096 bytes)
clocksource: jiffies: mask: 0xffffffff max_cycles: 0xffffffff, max_idle_ns: 7645041785100000 ns
futex hash table entries: 1024 (order: 4, 65536 bytes)
pinctrl core: initialized pinctrl subsystem
NET: Registered protocol family 16
audit: initializing netlink subsys (disabled)
audit: type=2000 audit(1549808778.056:1): state=initialized audit_enabled=0 res=1
cpuidle: using governor ladder
cpuidle: using governor menu
ACPI: bus type PCI registered
acpiphp: ACPI Hot Plug PCI Controller Driver version: 0.5
PCI: MMCONFIG for domain 0000 [bus 00-ff] at [mem 0xe0000000-0xefffffff] (base 0xe0000000)
PCI: MMCONFIG at [mem 0xe0000000-0xefffffff] reserved in E820
PCI: Using configuration type 1 for base access
HugeTLB registered 1.00 GiB page size, pre-allocated 0 pages
HugeTLB registered 2.00 MiB page size, pre-allocated 0 pages
ACPI: Added _OSI(Module Device)
ACPI: Added _OSI(Processor Device)
ACPI: Added _OSI(3.0 _SCP Extensions)
ACPI: Added _OSI(Processor Aggregator Device)
ACPI: Added _OSI(Linux-Dell-Video)
ACPI: Added _OSI(Linux-Lenovo-NV-HDMI-Audio)
ACPI: 10 ACPI AML tables successfully acquired and loaded
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFF975CBA502800 000102 (v02 PmRef  Cpu0Cst  00003001 INTL 20120913)
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFF975CBA5A2A00 00015F (v02 PmRef  ApIst    00003000 INTL 20120913)
ACPI: Dynamic OEM Table Load:
ACPI: SSDT 0xFFFF975CBA4CA840 00008D (v02 PmRef  ApCst    00003000 INTL 20120913)
ACPI: EC: EC started
ACPI: EC: interrupt blocked
ACPI: \_SB_.PCI0.SBRG.H_EC: Used as first EC
ACPI: \_SB_.PCI0.SBRG.H_EC: GPE=0x2c, EC_CMD/EC_SC=0x66, EC_DATA=0x62
ACPI: \_SB_.PCI0.SBRG.H_EC: Used as boot DSDT EC to handle transactions
ACPI: Interpreter enabled
ACPI: (supports S0 S3 S4 S5)
ACPI: Using IOAPIC for interrupt routing
PCI: Using host bridge windows from ACPI; if necessary, use "pci=nocrs" and report a bug
ACPI: Enabled 9 GPEs in block 00 to 7F
ACPI: Power Resource [SPPR] (on)
ACPI: Power Resource [SPPR] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [PX03] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [UPPR] (on)
ACPI: Power Resource [USBC] (on)
ACPI: Power Resource [LSPR] (on)
ACPI: Power Resource [SDPR] (on)
ACPI: Power Resource [PXP] (on)
ACPI: Power Resource [PXP] (on)
ACPI: Power Resource [PXP] (off)
ACPI: Power Resource [PXP] (off)
ACPI: Power Resource [PAUD] (on)
ACPI: Power Resource [FN00] (on)
ACPI: PCI Root Bridge [PCI0] (domain 0000 [bus 00-ff])
acpi PNP0A08:00: _OSC: OS supports [ExtendedConfig ASPM ClockPM Segments MSI]
acpi PNP0A08:00: _OSC: OS now controls [PCIeHotplug SHPCHotplug PME AER PCIeCapability LTR]
PCI host bridge to bus 0000:00
pci_bus 0000:00: root bus resource [io  0x0070-0x0077]
pci_bus 0000:00: root bus resource [io  0x0000-0x006f window]
pci_bus 0000:00: root bus resource [io  0x0078-0x0cf7 window]
pci_bus 0000:00: root bus resource [io  0x0d00-0xffff window]
pci_bus 0000:00: root bus resource [mem 0x7c000001-0x7fffffff window]
pci_bus 0000:00: root bus resource [mem 0x7b800001-0x7bffffff window]
pci_bus 0000:00: root bus resource [mem 0x80000000-0xcfffffff window]
pci_bus 0000:00: root bus resource [mem 0xe0000000-0xefffffff window]
pci_bus 0000:00: root bus resource [bus 00-ff]
pci 0000:00:00.0: [8086:5af0] type 00 class 0x060000
pci 0000:00:00.1: [8086:5a8c] type 00 class 0x118000
pci 0000:00:00.1: reg 0x10: [mem 0x80000000-0x80007fff 64bit]
pci 0000:00:02.0: [8086:5a85] type 00 class 0x030000
pci 0000:00:02.0: reg 0x10: [mem 0x81000000-0x81ffffff 64bit]
pci 0000:00:02.0: reg 0x18: [mem 0x90000000-0x9fffffff 64bit pref]
pci 0000:00:02.0: reg 0x20: [io  0xf000-0xf03f]
pci 0000:00:02.0: BAR 2: assigned to efifb
pci 0000:00:0e.0: [8086:5a98] type 00 class 0x040300
pci 0000:00:0e.0: reg 0x10: [mem 0x82210000-0x82213fff 64bit]
pci 0000:00:0e.0: reg 0x20: [mem 0x82000000-0x820fffff 64bit]
pci 0000:00:0e.0: PME# supported from D0 D3hot D3cold
pci 0000:00:0f.0: [8086:5a9a] type 00 class 0x078000
pci 0000:00:0f.0: reg 0x10: [mem 0x82239000-0x82239fff 64bit]
pci 0000:00:0f.0: PME# supported from D3hot
pci 0000:00:14.0: [8086:5ad7] type 01 class 0x060400
pci 0000:00:14.0: PME# supported from D0 D3hot D3cold
pci 0000:00:15.0: [8086:5aa8] type 00 class 0x0c0330
pci 0000:00:15.0: reg 0x10: [mem 0x82200000-0x8220ffff 64bit]
pci 0000:00:15.0: PME# supported from D3hot D3cold
pci 0000:00:16.0: [8086:5aac] type 00 class 0x118000
pci 0000:00:16.0: reg 0x10: [mem 0x82236000-0x82236fff 64bit]
pci 0000:00:16.0: reg 0x18: [mem 0x82235000-0x82235fff 64bit]
pci 0000:00:16.1: [8086:5aae] type 00 class 0x118000
pci 0000:00:16.1: reg 0x10: [mem 0x82234000-0x82234fff 64bit]
pci 0000:00:16.1: reg 0x18: [mem 0x82233000-0x82233fff 64bit]
pci 0000:00:16.2: [8086:5ab0] type 00 class 0x118000
pci 0000:00:16.2: reg 0x10: [mem 0x82232000-0x82232fff 64bit]
pci 0000:00:16.2: reg 0x18: [mem 0x82231000-0x82231fff 64bit]
pci 0000:00:16.3: [8086:5ab2] type 00 class 0x118000
pci 0000:00:16.3: reg 0x10: [mem 0x82230000-0x82230fff 64bit]
pci 0000:00:16.3: reg 0x18: [mem 0x8222f000-0x8222ffff 64bit]
pci 0000:00:17.0: [8086:5ab4] type 00 class 0x118000
pci 0000:00:17.0: reg 0x10: [mem 0x8222e000-0x8222efff 64bit]
pci 0000:00:17.0: reg 0x18: [mem 0x8222d000-0x8222dfff 64bit]
pci 0000:00:17.1: [8086:5ab6] type 00 class 0x118000
pci 0000:00:17.1: reg 0x10: [mem 0x8222c000-0x8222cfff 64bit]
pci 0000:00:17.1: reg 0x18: [mem 0x8222b000-0x8222bfff 64bit]
pci 0000:00:17.2: [8086:5ab8] type 00 class 0x118000
pci 0000:00:17.2: reg 0x10: [mem 0x8222a000-0x8222afff 64bit]
pci 0000:00:17.2: reg 0x18: [mem 0x82229000-0x82229fff 64bit]
pci 0000:00:17.3: [8086:5aba] type 00 class 0x118000
pci 0000:00:17.3: reg 0x10: [mem 0x82228000-0x82228fff 64bit]
pci 0000:00:17.3: reg 0x18: [mem 0x82227000-0x82227fff 64bit]
pci 0000:00:18.0: [8086:5abc] type 00 class 0x118000
pci 0000:00:18.0: reg 0x10: [mem 0x82226000-0x82226fff 64bit]
pci 0000:00:18.0: reg 0x18: [mem 0x82225000-0x82225fff 64bit]
pci 0000:00:18.1: [8086:5abe] type 00 class 0x118000
pci 0000:00:18.1: reg 0x10: [mem 0x82224000-0x82224fff 64bit]
pci 0000:00:18.1: reg 0x18: [mem 0x82223000-0x82223fff 64bit]
pci 0000:00:18.2: [8086:5ac0] type 00 class 0x118000
pci 0000:00:18.2: reg 0x10: [mem 0xfea10000-0xfea10fff 64bit]
pci 0000:00:18.2: reg 0x18: [mem 0x00000000-0x00000fff 64bit]
pci 0000:00:18.3: [8086:5aee] type 00 class 0x118000
pci 0000:00:18.3: reg 0x10: [mem 0x82222000-0x82222fff 64bit]
pci 0000:00:18.3: reg 0x18: [mem 0x82221000-0x82221fff 64bit]
pci 0000:00:19.0: [8086:5ac2] type 00 class 0x118000
pci 0000:00:19.0: reg 0x10: [mem 0x82220000-0x82220fff 64bit]
pci 0000:00:19.0: reg 0x18: [mem 0x8221f000-0x8221ffff 64bit]
pci 0000:00:19.1: [8086:5ac4] type 00 class 0x118000
pci 0000:00:19.1: reg 0x10: [mem 0x8221e000-0x8221efff 64bit]
pci 0000:00:19.1: reg 0x18: [mem 0x8221d000-0x8221dfff 64bit]
pci 0000:00:19.2: [8086:5ac6] type 00 class 0x118000
pci 0000:00:19.2: reg 0x10: [mem 0x8221c000-0x8221cfff 64bit]
pci 0000:00:19.2: reg 0x18: [mem 0x8221b000-0x8221bfff 64bit]
pci 0000:00:1b.0: [8086:5aca] type 00 class 0x080501
pci 0000:00:1b.0: reg 0x10: [mem 0x8221a000-0x8221afff 64bit]
pci 0000:00:1b.0: reg 0x18: [mem 0x82219000-0x82219fff 64bit]
pci 0000:00:1c.0: [8086:5acc] type 00 class 0x080501
pci 0000:00:1c.0: reg 0x10: [mem 0x82218000-0x82218fff 64bit]
pci 0000:00:1c.0: reg 0x18: [mem 0x82217000-0x82217fff 64bit]
pci 0000:00:1e.0: [8086:5ad0] type 00 class 0x080501
pci 0000:00:1e.0: reg 0x10: [mem 0x82216000-0x82216fff 64bit]
pci 0000:00:1e.0: reg 0x18: [mem 0x82215000-0x82215fff 64bit]
pci 0000:00:1f.0: [8086:5ae8] type 00 class 0x060100
pci 0000:00:1f.1: [8086:5ad4] type 00 class 0x0c0500
pci 0000:00:1f.1: reg 0x10: [mem 0x82214000-0x822140ff 64bit]
pci 0000:00:1f.1: reg 0x20: [io  0xf040-0xf05f]
pci 0000:01:00.0: [8086:3165] type 00 class 0x028000
pci 0000:01:00.0: reg 0x10: [mem 0x82100000-0x82101fff 64bit]
pci 0000:01:00.0: Upstream bridge's Max Payload Size set to 128 (was 256, max 256)
pci 0000:01:00.0: Max Payload Size set to 128 (was 128, max 128)
pci 0000:01:00.0: PME# supported from D0 D3hot D3cold
pci 0000:00:14.0: PCI bridge to [bus 01]
pci 0000:00:14.0:   bridge window [mem 0x82100000-0x821fffff]
ACPI: PCI Interrupt Link [LNKA] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKB] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKC] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKD] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKE] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKF] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKG] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI: PCI Interrupt Link [LNKH] (IRQs 3 4 5 6 10 11 12 14 *15), disabled.
ACPI Warning: GPE type mismatch (level/edge) (20180810/evxface-792)
ACPI: EC: interrupt unblocked
ACPI: EC: event unblocked
ACPI: \_SB_.PCI0.SBRG.H_EC: GPE=0x2c, EC_CMD/EC_SC=0x66, EC_DATA=0x62
ACPI: \_SB_.PCI0.SBRG.H_EC: Used as boot DSDT EC to handle transactions and events
pci 0000:00:02.0: vgaarb: setting as boot VGA device
pci 0000:00:02.0: vgaarb: VGA device added: decodes=io+mem,owns=io+mem,locks=none
pci 0000:00:02.0: vgaarb: bridge control possible
vgaarb: loaded
pps_core: LinuxPPS API ver. 1 registered
pps_core: Software ver. 5.3.6 - Copyright 2005-2007 Rodolfo Giometti <>
PTP clock support registered
EDAC MC: Ver: 3.0.0
Registered efivars operations
PCI: Using ACPI for IRQ routing
PCI: pci_cache_line_size set to 64 bytes
pci 0000:00:18.2: can't claim BAR 0 [mem 0xfea10000-0xfea10fff 64bit]: no compatible bridge window
e820: reserve RAM buffer [mem 0x0003f000-0x0003ffff]
e820: reserve RAM buffer [mem 0x0009e000-0x0009ffff]
e820: reserve RAM buffer [mem 0x768bd000-0x77ffffff]
e820: reserve RAM buffer [mem 0x7a1ad000-0x7bffffff]
e820: reserve RAM buffer [mem 0x7a763000-0x7bffffff]
e820: reserve RAM buffer [mem 0x7b000000-0x7bffffff]
hpet0: at MMIO 0xfed00000, IRQs 2, 8, 0, 0, 0, 0, 0, 0
hpet0: 8 comparators, 64-bit 19.200000 MHz counter
clocksource: Switched to clocksource tsc-early
VFS: Disk quotas dquot_6.6.0
VFS: Dquot-cache hash table entries: 512 (order 0, 4096 bytes)
AppArmor: AppArmor Filesystem Enabled
pnp: PnP ACPI init
system 00:00: [io  0x0680-0x069f] has been reserved
system 00:00: [io  0x0400-0x047f] has been reserved
system 00:00: [io  0x0500-0x05fe] has been reserved
system 00:00: [io  0x0600-0x061f] has been reserved
system 00:00: [io  0x164e-0x164f] has been reserved
system 00:00: Plug and Play ACPI device, IDs PNP0c02 (active)
system 00:01: [mem 0xe0000000-0xefffffff] has been reserved
system 00:01: [mem 0xfea00000-0xfeafffff] has been reserved
system 00:01: [mem 0xfed01000-0xfed01fff] has been reserved
system 00:01: [mem 0xfed03000-0xfed03fff] has been reserved
system 00:01: [mem 0xfed06000-0xfed06fff] has been reserved
system 00:01: [mem 0xfed08000-0xfed09fff] has been reserved
system 00:01: [mem 0xfed80000-0xfedbffff] has been reserved
system 00:01: [mem 0xfed1c000-0xfed1cfff] has been reserved
system 00:01: [mem 0xfee00000-0xfeefffff] could not be reserved
system 00:01: Plug and Play ACPI device, IDs PNP0c02 (active)
pnp 00:02: Plug and Play ACPI device, IDs PNP0303 (active)
pnp 00:03: Plug and Play ACPI device, IDs PNP0b00 (active)
pnp: PnP ACPI: found 4 devices
clocksource: acpi_pm: mask: 0xffffff max_cycles: 0xffffff, max_idle_ns: 2085701024 ns
pci 0000:00:18.2: BAR 0: assigned [mem 0x80008000-0x80008fff 64bit]
pci 0000:00:18.2: BAR 2: assigned [mem 0x80009000-0x80009fff 64bit]
pci 0000:00:14.0: PCI bridge to [bus 01]
pci 0000:00:14.0:   bridge window [mem 0x82100000-0x821fffff]
pci_bus 0000:00: resource 4 [io  0x0070-0x0077]
pci_bus 0000:00: resource 5 [io  0x0000-0x006f window]
pci_bus 0000:00: resource 6 [io  0x0078-0x0cf7 window]
pci_bus 0000:00: resource 7 [io  0x0d00-0xffff window]
pci_bus 0000:00: resource 8 [mem 0x7c000001-0x7fffffff window]
pci_bus 0000:00: resource 9 [mem 0x7b800001-0x7bffffff window]
pci_bus 0000:00: resource 10 [mem 0x80000000-0xcfffffff window]
pci_bus 0000:00: resource 11 [mem 0xe0000000-0xefffffff window]
pci_bus 0000:01: resource 1 [mem 0x82100000-0x821fffff]
NET: Registered protocol family 2
tcp_listen_portaddr_hash hash table entries: 2048 (order: 3, 32768 bytes)
TCP established hash table entries: 32768 (order: 6, 262144 bytes)
TCP bind hash table entries: 32768 (order: 7, 524288 bytes)
TCP: Hash tables configured (established 32768 bind 32768)
UDP hash table entries: 2048 (order: 4, 65536 bytes)
UDP-Lite hash table entries: 2048 (order: 4, 65536 bytes)
NET: Registered protocol family 1
pci 0000:00:02.0: Video device with shadowed ROM at [mem 0x000c0000-0x000dffff]
PCI: CLS 0 bytes, default 64
Unpacking initramfs...
Freeing initrd memory: 26004K
PCI-DMA: Using software bounce buffering for IO (SWIOTLB)
software IO TLB: mapped [mem 0x6cb91000-0x70b91000] (64MB)
clocksource: tsc: mask: 0xffffffffffffffff max_cycles: 0xfc66f4fc7c, max_idle_ns: 440795224246 ns
clocksource: Switched to clocksource tsc
Initialise system trusted keyrings
workingset: timestamp_bits=40 max_order=20 bucket_order=0
zbud: loaded
pstore: using deflate compression
Key type asymmetric registered
Asymmetric key parser 'x509' registered
Block layer SCSI generic (bsg) driver version 0.4 loaded (major 247)
io scheduler noop registered
io scheduler deadline registered
io scheduler cfq registered (default)
io scheduler mq-deadline registered
pcieport 0000:00:14.0: Signaling PME with IRQ 122
shpchp: Standard Hot Plug PCI Controller Driver version: 0.4
efifb: probing for efifb
efifb: framebuffer at 0x90000000, using 8128k, total 8128k
efifb: mode is 1920x1080x32, linelength=7680, pages=1
efifb: scrolling: redraw
efifb: Truecolor: size=8:8:8:8, shift=24:16:8:0
Console: switching to colour frame buffer device 240x67
fb0: EFI VGA frame buffer device
intel_idle: MWAIT substates: 0x11242020
intel_idle: v0.4.1 model 0x5C
intel_idle: lapic_timer_reliable_states 0xffffffff
Serial: 8250/16550 driver, 4 ports, IRQ sharing enabled
Linux agpgart interface v0.103
AMD IOMMUv2 driver by Joerg Roedel <>
AMD IOMMUv2 functionality not available on this system
i8042: PNP: PS/2 Controller [PNP0303:PS2K] at 0x60,0x64 irq 1
i8042: PNP: PS/2 appears to have AUX port disabled, if this is incorrect please boot with i8042.nopnp
serio: i8042 KBD port at 0x60,0x64 irq 1
mousedev: PS/2 mouse device common for all mice
rtc_cmos 00:03: RTC can wake from S4
rtc_cmos 00:03: registered as rtc0
rtc_cmos 00:03: alarms up to one month, y3k, 242 bytes nvram, hpet irqs
intel_pstate: Intel P-state driver initializing
ledtrig-cpu: registered to indicate activity on CPUs
NET: Registered protocol family 10
input: AT Translated Set 2 keyboard as /devices/platform/i8042/serio0/input/input0
Segment Routing with IPv6
mip6: Mobile IPv6
NET: Registered protocol family 17
mpls_gso: MPLS GSO support
microcode: sig=0x506c9, pf=0x1, revision=0x32
microcode: Microcode Update Driver: v2.2.
sched_clock: Marking stable (2917959387, -2501360)->(2921251562, -5793535)
registered taskstats version 1
Loading compiled-in X.509 certificates
Loaded X.509 cert 'secure-boot-test-key-lfaraone: 97c1b25cddf9873ca78a58f3d73bf727d2cf78ff'
zswap: loaded using pool lzo/zbud
AppArmor: AppArmor sha1 policy hashing enabled
rtc_cmos 00:03: setting system clock to 2019-02-10 14:26:20 UTC (1549808780)
Freeing unused kernel image memory: 1572K
Write protecting the kernel read-only data: 16384k
Freeing unused kernel image memory: 2028K
Freeing unused kernel image memory: 900K
x86/mm: Checked W+X mappings: passed, no W+X pages found.
Run /init as init process
hidraw: raw HID events driver (C) Jiri Kosina
thermal LNXTHERM:00: registered as thermal_zone0
ACPI: Thermal Zone [TZ01] (24 C)
ACPI: bus type USB registered
usbcore: registered new interface driver usbfs
usbcore: registered new interface driver hub
usbcore: registered new device driver usb
i801_smbus 0000:00:1f.1: can't derive routing for PCI INT A
i801_smbus 0000:00:1f.1: PCI INT A: not connected
i801_smbus 0000:00:1f.1: SPD Write Disable is set
i801_smbus 0000:00:1f.1: SMBus using polling
lpc_ich 0000:00:1f.0: I/O space for ACPI uninitialized
sdhci: Secure Digital Host Controller Interface driver
sdhci: Copyright(c) Pierre Ossman
sdhci-pci 0000:00:1b.0: SDHCI controller found [8086:5aca] (rev b)
sdhci-pci 0000:00:1b.0: enabling device (0000 -> 0002)
xhci_hcd 0000:00:15.0: xHCI Host Controller
xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 1
xhci_hcd 0000:00:15.0: hcc params 0x200077c1 hci version 0x100 quirks 0x0000000081109810
xhci_hcd 0000:00:15.0: cache line size of 64 is not supported
cryptd: max_cpu_qlen set to 1000
usb usb1: New USB device found, idVendor=1d6b, idProduct=0002, bcdDevice= 4.19
usb usb1: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb1: Product: xHCI Host Controller
usb usb1: Manufacturer: Linux 4.19.0-2-amd64 xhci-hcd
usb usb1: SerialNumber: 0000:00:15.0
hub 1-0:1.0: USB hub found
hub 1-0:1.0: 8 ports detected
mmc0: SDHCI controller on PCI [0000:00:1b.0] using ADMA 64-bit
sdhci-pci 0000:00:1c.0: SDHCI controller found [8086:5acc] (rev b)
SSE version of gcm_enc/dec engaged.
mmc1: SDHCI controller on PCI [0000:00:1c.0] using ADMA 64-bit
sdhci-pci 0000:00:1e.0: SDHCI controller found [8086:5ad0] (rev b)
sdhci-pci 0000:00:1e.0: enabling device (0000 -> 0002)
i2c_hid i2c-SYNA3602:00: i2c-SYNA3602:00 supply vdd not found, using dummy regulator
i2c_hid i2c-SYNA3602:00: Linked as a consumer to regulator.0
i2c_hid i2c-SYNA3602:00: i2c-SYNA3602:00 supply vddl not found, using dummy regulator
xhci_hcd 0000:00:15.0: xHCI Host Controller
xhci_hcd 0000:00:15.0: new USB bus registered, assigned bus number 2
xhci_hcd 0000:00:15.0: Host supports USB 3.0  SuperSpeed
usb usb2: New USB device found, idVendor=1d6b, idProduct=0003, bcdDevice= 4.19
usb usb2: New USB device strings: Mfr=3, Product=2, SerialNumber=1
usb usb2: Product: xHCI Host Controller
usb usb2: Manufacturer: Linux 4.19.0-2-amd64 xhci-hcd
usb usb2: SerialNumber: 0000:00:15.0
hub 2-0:1.0: USB hub found
hub 2-0:1.0: 7 ports detected
mmc2: SDHCI controller on PCI [0000:00:1e.0] using ADMA 64-bit
mmc1: new HS400 MMC card at address 0001
mmcblk1: mmc1:0001 DF4032 29.1 GiB 
mmcblk1boot0: mmc1:0001 DF4032 partition 1 4.00 MiB
mmcblk1boot1: mmc1:0001 DF4032 partition 2 4.00 MiB
mmcblk1rpmb: mmc1:0001 DF4032 partition 3 4.00 MiB, chardev (245:0)
 mmcblk1: p1 p2 p3 p4
random: fast init done
dw-apb-uart.8: ttyS0 at MMIO 0x82226000 (irq = 4, base_baud = 115200) is a 16550A
dw-apb-uart.9: ttyS1 at MMIO 0x82224000 (irq = 5, base_baud = 115200) is a 16550A
dw-apb-uart.10: ttyS2 at MMIO 0x80008000 (irq = 6, base_baud = 115200) is a 16550A
dw-apb-uart.11: ttyS3 at MMIO 0x82222000 (irq = 7, base_baud = 115200) is a 16550A
input: SYNA3602:00 0911:5288 Mouse as /devices/pci0000:00/0000:00:16.2/i2c_designware.2/i2c-3/i2c-SYNA3602:00/0018:0911:5288.0001/input/input1
input: SYNA3602:00 0911:5288 Touchpad as /devices/pci0000:00/0000:00:16.2/i2c_designware.2/i2c-3/i2c-SYNA3602:00/0018:0911:5288.0001/input/input2
hid-generic 0018:0911:5288.0001: input,hidraw0: I2C HID v1.00 Mouse [SYNA3602:00 0911:5288] on i2c-SYNA3602:00
usb 1-6: new high-speed USB device number 2 using xhci_hcd
usb 1-6: New USB device found, idVendor=0bda, idProduct=0129, bcdDevice=39.60
usb 1-6: New USB device strings: Mfr=1, Product=2, SerialNumber=3
usb 1-6: Product: USB2.0-CRW
usb 1-6: Manufacturer: Generic
usb 1-6: SerialNumber: 20100201396000000
usbcore: registered new interface driver rtsx_usb
usb 1-7: new full-speed USB device number 3 using xhci_hcd
EXT4-fs (mmcblk1p3): mounted filesystem with ordered data mode. Opts: (null)
usb 1-7: New USB device found, idVendor=8087, idProduct=0a2a, bcdDevice= 0.01
usb 1-7: New USB device strings: Mfr=0, Product=0, SerialNumber=0
usb 1-8: new high-speed USB device number 4 using xhci_hcd
systemd[1]: RTC configured in localtime, applying delta of 0 minutes to system time.
systemd[1]: Inserted module 'autofs4'
usb 1-8: New USB device found, idVendor=058f, idProduct=3841, bcdDevice= 0.01
usb 1-8: New USB device strings: Mfr=1, Product=2, SerialNumber=0
usb 1-8: Product: USB 2.0 PC Camera
usb 1-8: Manufacturer: Alcor Micro, Corp.
systemd[1]: systemd 240 running in system mode. (+PAM +AUDIT +SELINUX +IMA +APPARMOR +SMACK +SYSVINIT +UTMP +LIBCRYPTSETUP +GCRYPT +GNUTLS +ACL +XZ +LZ4 +SECCOMP +BLKID +ELFUTILS +KMOD -IDN2 +IDN -PCRE2 default-hierarchy=hybrid)
systemd[1]: Detected architecture x86-64.
systemd[1]: Set hostname to <nc14>.
systemd[1]: Started Dispatch Password Requests to Console Directory Watch.
systemd[1]: Created slice system-getty.slice.
systemd[1]: Listening on udev Kernel Socket.
systemd[1]: Listening on initctl Compatibility Named Pipe.
systemd[1]: Listening on Journal Socket (/dev/log).
systemd[1]: Listening on Syslog Socket.
systemd[1]: Set up automount Arbitrary Executable File Formats File System Automount Point.
EXT4-fs (mmcblk1p3): re-mounted. Opts: errors=remount-ro
random: systemd-random-: uninitialized urandom read (512 bytes read)
systemd-journald[240]: Received request to flush runtime journal from PID 1
input: Intel HID events as /devices/platform/INT33D5:00/input/input3
intel-hid INT33D5:00: platform supports 5 button array
input: Intel HID 5 button array as /devices/platform/INT33D5:00/input/input4
input: Lid Switch as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/device:13/PNP0C09:00/PNP0C0D:00/input/input5
ACPI: Lid Switch [LID0]
input: Power Button as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0C0C:00/input/input6
ACPI: Power Button [PWRB]
int3403 thermal: probe of INT3403:05 failed with error -22
idma64 idma64.0: Found Intel integrated DMA 64-bit
ACPI: AC Adapter [ADP1] (off-line)
battery: ACPI: Battery Slot [BAT0] (battery present)
idma64 idma64.1: Found Intel integrated DMA 64-bit
Intel(R) Wireless WiFi driver for Linux
Copyright(c) 2003- 2015 Intel Corporation
iwlwifi 0000:01:00.0: enabling device (0000 -> 0002)
checking generic (90000000 7f0000) vs hw (90000000 10000000)
fb: switching to inteldrmfb from EFI VGA
Console: switching to colour dummy device 80x25
[drm] Replacing VGA console driver
[drm] Supports vblank timestamp caching Rev 2 (21.10.2013).
[drm] Driver supports precise vblank timestamp query.
i915 0000:00:02.0: vgaarb: changed VGA decodes: olddecodes=io+mem,decodes=io+mem:owns=io+mem
iwlwifi 0000:01:00.0: firmware: direct-loading firmware iwlwifi-7265D-29.ucode
iwlwifi 0000:01:00.0: loaded firmware version 29.1044073957.0 op_mode iwlmvm
i915 0000:00:02.0: firmware: direct-loading firmware i915/bxt_dmc_ver1_07.bin
[drm] Finished loading DMC firmware i915/bxt_dmc_ver1_07.bin (v1.7)
alg: No test for fips(ansi_cprng) (fips_ansi_cprng)
media: Linux media interface: v0.10
idma64 idma64.2: Found Intel integrated DMA 64-bit
videodev: Linux video capture interface: v2.00
uvcvideo: Found UVC 1.00 device USB 2.0 PC Camera (058f:3841)
uvcvideo 1-8:1.0: Entity type for entity Processing 2 was not initialized!
uvcvideo 1-8:1.0: Entity type for entity Extension 6 was not initialized!
uvcvideo 1-8:1.0: Entity type for entity Camera 1 was not initialized!
input: USB 2.0 PC Camera: PC Camera as /devices/pci0000:00/0000:00:15.0/usb1/1-8/1-8:1.0/input/input7
usbcore: registered new interface driver uvcvideo
USB Video Class driver (1.1.1)
usbcore: registered new interface driver snd-usb-audio
idma64 idma64.3: Found Intel integrated DMA 64-bit
iwlwifi 0000:01:00.0: Detected Intel(R) Dual Band Wireless AC 3165, REV=0x210
input: SYNA3602:00 0911:5288 Touchpad as /devices/pci0000:00/0000:00:16.2/i2c_designware.2/i2c-3/i2c-SYNA3602:00/0018:0911:5288.0001/input/input9
hid-multitouch 0018:0911:5288.0001: input,hidraw0: I2C HID v1.00 Mouse [SYNA3602:00 0911:5288] on i2c-SYNA3602:00
Bluetooth: Core ver 2.22
NET: Registered protocol family 31
Bluetooth: HCI device and connection manager initialized
Bluetooth: HCI socket layer initialized
Bluetooth: L2CAP socket layer initialized
Bluetooth: SCO socket layer initialized
iwlwifi 0000:01:00.0: base HW address: b8:08:cf:fd:fd:d6
usbcore: registered new interface driver btusb
Bluetooth: hci0: read Intel version: 370810011003110e00
bluetooth hci0: firmware: direct-loading firmware intel/ibt-hw-37.8.10-fw-
Bluetooth: hci0: Intel Bluetooth firmware file: intel/ibt-hw-37.8.10-fw-
[drm] Initialized i915 1.6.0 20180719 for 0000:00:02.0 on minor 0
ACPI: Video Device [GFX0] (multi-head: yes  rom: no  post: no)
input: Video Bus as /devices/LNXSYSTM:00/LNXSYBUS:00/PNP0A08:00/LNXVIDEO:00/input/input10
snd_hda_intel 0000:00:0e.0: bound 0000:00:02.0 (ops i915_audio_component_bind_ops [i915])
EFI Variables Facility v0.08 2004-May-17
fbcon: inteldrmfb (fb0) is primary device
idma64 idma64.4: Found Intel integrated DMA 64-bit
input: PC Speaker as /devices/platform/pcspkr/input/input11
random: crng init done
ieee80211 phy0: Selected rate control algorithm 'iwl-mvm-rs'
thermal thermal_zone3: failed to read out thermal zone (-61)
pstore: Registered efi as persistent store backend
RAPL PMU: API unit is 2^-32 Joules, 4 fixed counters, 655360 ms ovfl timer
RAPL PMU: hw unit of domain pp0-core 2^-14 Joules
RAPL PMU: hw unit of domain package 2^-14 Joules
RAPL PMU: hw unit of domain dram 2^-14 Joules
RAPL PMU: hw unit of domain pp1-gpu 2^-14 Joules
snd_hda_codec_realtek hdaudioC0D0: autoconfig for ALC269VC: line_outs=1 (0x14/0x0/0x0/0x0/0x0) type:speaker
snd_hda_codec_realtek hdaudioC0D0:    speaker_outs=0 (0x0/0x0/0x0/0x0/0x0)
snd_hda_codec_realtek hdaudioC0D0:    hp_outs=1 (0x15/0x0/0x0/0x0/0x0)
snd_hda_codec_realtek hdaudioC0D0:    mono: mono_out=0x0
snd_hda_codec_realtek hdaudioC0D0:    inputs:
snd_hda_codec_realtek hdaudioC0D0:      Mic=0x18
snd_hda_codec_realtek hdaudioC0D0:      Internal Mic=0x12
idma64 idma64.5: Found Intel integrated DMA 64-bit
input: HDA Intel PCH Mic as /devices/pci0000:00/0000:00:0e.0/sound/card0/input12
input: HDA Intel PCH Headphone as /devices/pci0000:00/0000:00:0e.0/sound/card0/input13
input: HDA Intel PCH HDMI/DP,pcm=3 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input14
input: HDA Intel PCH HDMI/DP,pcm=7 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input15
input: HDA Intel PCH HDMI/DP,pcm=8 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input16
input: HDA Intel PCH HDMI/DP,pcm=9 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input17
input: HDA Intel PCH HDMI/DP,pcm=10 as /devices/pci0000:00/0000:00:0e.0/sound/card0/input18
idma64 idma64.6: Found Intel integrated DMA 64-bit
EDAC pnd2: b_cr_tolud_pci=080000001 ret=0
EDAC pnd2: b_cr_touud_lo_pci=080000000 ret=0
EDAC pnd2: b_cr_touud_hi_pci=000000001 ret=0
EDAC pnd2: b_cr_asym_mem_region0_mchbar=000000000 ret=0
EDAC pnd2: b_cr_asym_mem_region1_mchbar=000000000 ret=0
EDAC pnd2: b_cr_mot_out_base_mchbar=000000000 ret=0
EDAC pnd2: b_cr_mot_out_mask_mchbar=000000000 ret=0
EDAC pnd2: b_cr_slice_channel_hash=80000dbc00000244 ret=0
EDAC pnd2: b_cr_asym_2way_mem_region_mchbar=000000000 ret=0
EDAC pnd2: d_cr_drp0=01048c023 ret=0
EDAC pnd2: d_cr_drp0=01048c023 ret=0
EDAC pnd2: d_cr_drp0=01048c023 ret=0
EDAC pnd2: d_cr_drp0=01048c023 ret=0
EDAC pnd2: Unsupported DIMM in channel 0
EDAC pnd2: Unsupported DIMM in channel 1
EDAC pnd2: Unsupported DIMM in channel 2
EDAC pnd2: Unsupported DIMM in channel 3
EDAC pnd2: Failed to register device with error -22.
Bluetooth: hci0: Intel firmware patch completed and activated
intel_rapl: Found RAPL domain package
intel_rapl: Found RAPL domain core
intel_rapl: Found RAPL domain uncore
intel_rapl: Found RAPL domain dram
idma64 idma64.7: Found Intel integrated DMA 64-bit
idma64 idma64.9: Found Intel integrated DMA 64-bit
idma64 idma64.12: Found Intel integrated DMA 64-bit
idma64 idma64.13: Found Intel integrated DMA 64-bit
Bluetooth: BNEP (Ethernet Emulation) ver 1.3
Bluetooth: BNEP filters: protocol multicast
Bluetooth: BNEP socket layer initialized
idma64 idma64.14: Found Intel integrated DMA 64-bit
NET: Registered protocol family 3
NET: Registered protocol family 5
Console: switching to colour frame buffer device 240x67
i915 0000:00:02.0: fb0: inteldrmfb frame buffer device
fuse init (API version 7.27)
Architecture:        x86_64
CPU op-mode(s):      32-bit, 64-bit
Byte Order:          Little Endian
Address sizes:       39 bits physical, 48 bits virtual
CPU(s):              2
On-line CPU(s) list: 0,1
Thread(s) per core:  1
Core(s) per socket:  2
Socket(s):           1
NUMA node(s):        1
Vendor ID:           GenuineIntel
CPU family:          6
Model:               92
Model name:          Intel(R) Celeron(R) CPU N3350 @ 1.10GHz
Stepping:            9
CPU MHz:             987.647
CPU max MHz:         2400.0000
CPU min MHz:         800.0000
BogoMIPS:            2188.80
Virtualization:      VT-x
L1d cache:           24K
L1i cache:           32K
L2 cache:            1024K
NUMA node0 CPU(s):   0,1
Flags:               fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush dts acpi mmx fxsr sse sse2 ss ht tm pbe syscall nx pdpe1gb rdtscp lm constant_tsc art arch_perfmon pebs bts rep_good nopl xtopology tsc_reliable nonstop_tsc cpuid aperfmperf tsc_known_freq pni pclmulqdq dtes64 monitor ds_cpl vmx est tm2 ssse3 sdbg cx16 xtpr pdcm sse4_1 sse4_2 x2apic movbe popcnt tsc_deadline_timer aes xsave rdrand lahf_lm 3dnowprefetch cpuid_fault cat_l2 pti tpr_shadow vnmi flexpriority ept vpid ept_ad fsgsbase tsc_adjust smep erms mpx rdt_a rdseed smap clflushopt intel_pt sha_ni xsaveopt xsavec xgetbv1 xsaves dtherm ida arat pln pts
00:00.0 Host bridge [0600]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series Host Bridge [8086:5af0] (rev 0b)
00:00.1 Signal processing controller [1180]: Intel Corporation Device [8086:5a8c] (rev 0b)
00:02.0 VGA compatible controller [0300]: Intel Corporation Device [8086:5a85] (rev 0b)
00:0e.0 Audio device [0403]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series Audio Cluster [8086:5a98] (rev 0b)
00:0f.0 Communication controller [0780]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series Trusted Execution Engine [8086:5a9a] (rev 0b)
00:12.0 SATA controller [0106]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SATA AHCI Controller [8086:5ae3] (rev 0b)
00:14.0 PCI bridge [0604]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series PCI Express Port B #2 [8086:5ad7] (rev fb)
00:15.0 USB controller [0c03]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series USB xHCI [8086:5aa8] (rev 0b)
00:16.0 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #1 [8086:5aac] (rev 0b)
00:16.1 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #2 [8086:5aae] (rev 0b)
00:16.2 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #3 [8086:5ab0] (rev 0b)
00:16.3 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #4 [8086:5ab2] (rev 0b)
00:17.0 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #5 [8086:5ab4] (rev 0b)
00:17.1 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #6 [8086:5ab6] (rev 0b)
00:17.2 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #7 [8086:5ab8] (rev 0b)
00:17.3 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series I2C Controller #8 [8086:5aba] (rev 0b)
00:18.0 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series HSUART Controller #1 [8086:5abc] (rev 0b)
00:18.1 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series HSUART Controller #2 [8086:5abe] (rev 0b)
00:18.2 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series HSUART Controller #3 [8086:5ac0] (rev 0b)
00:18.3 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series HSUART Controller #4 [8086:5aee] (rev 0b)
00:19.0 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SPI Controller #1 [8086:5ac2] (rev 0b)
00:19.1 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SPI Controller #2 [8086:5ac4] (rev 0b)
00:19.2 Signal processing controller [1180]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SPI Controller #3 [8086:5ac6] (rev 0b)
00:1b.0 SD Host controller [0805]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SDXC/MMC Host Controller [8086:5aca] (rev 0b)
00:1c.0 SD Host controller [0805]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series eMMC Controller [8086:5acc] (rev 0b)
00:1e.0 SD Host controller [0805]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SDIO Controller [8086:5ad0] (rev 0b)
00:1f.0 ISA bridge [0601]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series Low Pin Count Interface [8086:5ae8] (rev 0b)
00:1f.1 SMBus [0c05]: Intel Corporation Atom/Celeron/Pentium Processor N4200/N3350/E3900 Series SMBus Controller [8086:5ad4] (rev 0b)
01:00.0 Network controller [0280]: Intel Corporation Wireless 3165 [8086:3165] (rev 79)
Bus 002 Device 001: ID 1d6b:0003 Linux Foundation 3.0 root hub
Bus 001 Device 004: ID 058f:3841 Alcor Micro Corp.
Bus 001 Device 003: ID 8087:0a2a Intel Corp.
Bus 001 Device 002: ID 0bda:0129 Realtek Semiconductor Corp. RTS5129 Card Reader Controller
Bus 001 Device 001: ID 1d6b:0002 Linux Foundation 2.0 root hub

Sociological ImagesPage, Pratt, and Politics at the Pulpit

Over the past few years, Chris Pratt has been more public about his faith in interviews, award speeches, and social media. A few days ago, Ellen Page raised questions about Pratt’s church advancing anti-LGBT views. Pratt has ties to both Zoe Church and Hillsong, evangelical churches that are well-known and influential in contemporary Christianity.

My work doesn’t usually dovetail with celebrity gossip, but this case caught my interest because it raises questions about whether we can or should ask people to justify the political work of their religious groups. Thanks to research in the sociology of religion, we know how political attitudes spread through faith groups, and this can help us make better sense of the conversation.

Photo Credit: Mor, Flickr CC

There is good reason to expect people to have their own beliefs that might differ from their church leadership. Research across the social sciences shows that people generally aren’t consistent in the way they express their religious beliefs in everyday life. Also, churches are not often clear about where they stand on these issues. According to reporting in The Huffington Post,

Zoe’s official stance on LGBTQ issues is unclear, according to Church Clarity, a crowd-sourced database that scores churches based on how clearly they communicate their policies on LGBTQ people and on women in leadership. George Mekhail, one of Church Clarity’s founders, told HuffPost he suspects that the ambiguity some conservative Christian churches have around their LGBTQ policies could be intentional.

That last part of the quote gets at the most important sociological point. In these church contexts, people don’t usually get their politics straight from the pulpit. Research on evangelical congregations shows how most of the political socialization in church life comes from lay leaders and fellow members who model their political views for new members. If church leaders want to advocate for a pro-life, anti-LGBT, or other policy agenda, they often don’t have to do it explicitly. The laity has already taught newcomers that this is how “people like us” vote.

Want to learn more about the new politics of evangelicals? There’s research on that!

We also have to consider Pratt’s status as a celebrity congregant. Regardless of his personal views, religious organizations have long taken an interest in cultural influence and worked to foster connections with important social networks in politics, business, and the entertainment industry to legitimize and advance their social agendas.

It might seem unfair to call out a single person for the agenda of an entire church organization. On the other hand, as a sociologist, I come to this debate less interested in what’s in any single person’s head or heart. I’m more interested in where they are in relation to everyone else and what those relationships do. The conversation from Page reminds us that It’s not necessarily about what a person believes, but about what they legitimate with their platform and presence.

Evan Stewart is a Ph.D. candidate in sociology at the University of Minnesota. You can follow him on Twitter.

(View original at

Planet DebianSven Hoexter: The day you start to use rc builds in production - Kafka 2.1.1 edition

tl;dr If you want to run Kafka 2.x use 2.1.1rc1 or later.

So someone started to update from Kafka 1.1.1 to 2.1.0 yesterday and it kept crashing every other hour. It pretty much looks like, so we're now trying out 2.1.1rc1 because we missed the rc2 at So ideally you go with rc2 which has a few more fixes for unrelated issues.

Beside of that, be aware that the update to 2.1.0 is a one way street! Read carefully. There is a schema change in the consumer offset topic which is internally used to track your consumer offsets since those moved out of Zookeeper some time ago.

For us the primary lesson is that we've to put way more synthetic traffic on our testing environments, because 2.1.0 was running in the non production environments for several days without an issue, and the relevant team hit the deadlock in production within hours.

Krebs on SecurityEmail Provider VFEmail Suffers ‘Catastrophic’ Hack

Email provider VFEmail has suffered what the company is calling “catastrophic destruction” at the hands of an as-yet unknown intruder who trashed all of the company’s primary and backup data in the United States. The firm’s founder says he now fears some 18 years’ worth of customer email may be gone forever.

Founded in 2001 and based in Milwaukee, Wisc., VFEmail provides email service to businesses and end users. The first signs of the attack came on the morning of Feb. 11, when the company’s Twitter account started fielding reports from users who said they were no longer receiving messages. VFEmail’s Twitter account responded that “external facing systems, of differing OS’s and remote authentication, in multiple data centers are down.”

Two hours later, VFEmail tweeted that it had caught a hacker in the act of formatting one of the company’s mail servers in The Netherlands.

“nl101 is up, but no incoming email,” read a tweet shortly thereafter. “I fear all US based data my be lost.”

“At this time, the attacker has formatted all the disks on every server,” wrote VFEmail. “Every VM [virtual machine] is lost. Every file server is lost, every backup server is lost. Strangely, not all VMs shared the same authentication, but all were destroyed. This was more than a multi-password via ssh exploit, and there was no ransom. Just attack and destroy.”

In an update posted to the company’s Web site, VFEmail owner Rick Romero wrote that new email was being delivered and that efforts were being made to recover what user data could be salvaged.

“At this time I am unsure of the status of existing mail for US users,” Romero wrote. “If you have your own email client, DO NOT TRY TO MAKE IT WORK. If you reconnect your client to your new mailbox, all your local mail will be lost.”

Reached by KrebsOnSecurity on Tuesday morning, Romero said he was able to recover a backup drive hosted in The Netherlands, but that he fears all of the mail for U.S. users may be irreparably lost.

“I don’t have very high expectations of getting any U.S. data back,” Romero said in an online chat.

John Senchak, a longtime VFEmail user from Florida who also has been a loyal reader and commenter at this blog, told KrebsOnSecurity that the attack completely wiped out his inbox at the company — some 60,000 emails sent and received over more than a decade.

“I have a account with that site, all the email in my account was deleted,” Senchak said.

Asked if he had any clues about the attackers or how they may have broken in, Romero said the intruder appeared to be doing his dirty work from a server based in Bulgaria (94.155.49[9], username “aktv.”)

“I haven’t done much digging yet on the actors,” he said. “It looked like the IP was a Bulgarian hosting company. So I’m assuming it was just a virtual machine they were using to launch the attack from. There definitely was something that somebody didn’t want found. Or, I really pissed someone off. That’s always possible.”

This isn’t the first time criminals have targeted VFEmail. I wrote about the company in 2015 after it suffered a debilitating distributed denial-of-service (DDoS) attack after Romero declined to pay a ransom demand from an online extortion group. Another series of DDoS attacks in 2017 forced VFEmail to find a new hosting provider.

In December 2018, Romero tweeted that service had been disrupted by a DDoS attack that he attributed to “script kiddies,” a derisive reference to low-skilled online hooligans.

“After 17 years if I was planning to shut it down, it’d be shut down by me – not script kiddies,” Romero wrote on Dec. 8.

Attacks that seek to completely destroy data and servers without any warning or extortion demand are not as common as, say, ransomware infestations, but when they do occur they can be devastating (the 2014 Sony Pictures hack and the still-unsolved 2016 assault on U.S.-based ISP Staminus come to mind).

It’s not clear how or whether VFEmail will recover from this latest attack, but such actions are an unsettling reminder that although most cybercriminals have some kind of short- or long-term profit motive in mind, an intruder with privileged access to a network can just as well virtually destroy everything within reach as they can plant malware or extortion threats like ransomware.

Planet DebianReproducible builds folks: Reproducible Builds: Weekly report #198

Here’s what happened in the Reproducible Builds effort between Sunday February 3rd and Saturday February 9th 2019:

Packages reviewed and fixed, and bugs filed

Test framework development

We operate a comprehensive Jenkins-based testing framework that powers This week, Holger Levsen made a large number of improvements including:

  • Arch Linux-specific changes:
    • Correct information about the hostnames used. []
    • Document that the kernel is not currently varied on rebuilds. []
    • Improve IRC messages. [][]
  • Debian-specific changes:
    • Perform a large number of cleanups, updating documentation to match. [][][][]
    • Avoid unnecessary apt install calls on every deployment run. []
  • LEDE/OpenWrt-specific changes:
    • Attempt to build all the packages again. []
    • Mark a workaround for an iw issue in a better way. []
  • Misc/generic changes:
    • Clarify where NetBSD is actually built. []
    • Improve jobs to check the version of diffoscope relative to upstream in various distributions. [][]
    • Render the artificial date correctly in the build variation tables. []
    • Work around a rare and temporary problem when restarting Munin. []
    • Drop code relating to OpenSSH client ports as this is handled via ~/ssh/config now. []
    • Fix various bits of documentation. [][][][][]
  • Fedora-specific changes:
    • Correctly note that testing Fedora is currently disabled. []
    • Abstract some behaviour to make possible testing of other distributions easier. []
    • Only update mock on build nodes. []

In addition, Mattia Rizzolo updated the configuration for df_inode [] and reverted a change to our pbuilder setup [] whilst Bernhard M. Wiedemann ported make_graph to using Python 3 [].

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Jelle van der Waa & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Worse Than FailureCodeSOD: A Knotted String

Rita caught a weird bug. It was weird, in part, because there hadn’t been any code changes in their label printing application for ages. Yet, there was a sudden new bug. Labels were printing with what was obviously unicode garbage. Interestingly, the application definitely supported unicode- there had been a huge effort a few years back to move the C++ code from chars to wchars.

Rita started debugging, and confirmed that when the label text was populated, memory stored correct values. By the time the data was printed, it no longer did. Obviously, there was something wrong with memory management- something was touching the end of the string and throwing off the output. That was an easy enough bug to make in C++, but tracing through 7,000 lines of label printing code to figure out where things got thrown off was more of a chore, especially with the… “friendly” variable naming convention the original developer had used.

  wchar_t* xyz = new wchar_t(wcslen(abc));

That doesn’t look like much, does it? xyz is a pointer to a wchar_t, a pretty typical way to represent a string, and then we initialize it to point to a new wchar_t with a size equivalent to the length of an input string, right?

Of course not. There’s an important difference between new wchar_t(10) and new wchar_t[10]. The latter makes a block of memory capable of holding ten wide characters. The former makes a single wide character and initializes it with the value 10. So xyz points to a single character, but this is C++. If you disable enough warnings, there’s nothing that will stop you from abusing that pointer and running off the end of memory.

The real WTF though, is that this wasn’t a bug introduced back when they switched to wchar. Going back through the source control history, Rita found the previous version:

char* xyz = new char(strlen(abc));

It had the same bug. The bug had gone undetected for all this time because the message string had been short enough that nothing else was touching that section of memory. It was only after a user had recently tried to add a slightly longer message that the buffer overrun started causing problems.

[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Planet Linux AustraliaLev Lafayette: Two White Paper Reviews

Information Systems and Enterprise Resource Planning

If a broad definition of information systems is taken as "usage and adaptation of the IT and the formal and informal processes by all of its users" (Paul, 2007), then Enterprise Resource Planning (ERP) must be recognised as a major IT application which seeks to combine a very wide range of business processes in an organisation in a technologically-mediated manner. Integration is of primary importance, for example, so that the disparate and siloed software applications that manage customers, sales, procurement, production, distribution, accounting, human resources, governance etc are provided common associations through a database system and from which decision-makers can engage in effective and informed business intelligence and enterprise management.

As can be imagined with such scope, effective ERP systems are highly sought after, with a range of well-known major providers (e.g., Oracle, SAP, Infor, Microsoft, Syspro, Pegasus etc), and a number of free and open-source solutions as well (e.g., LedgerSMB, metasfresh, Dolibarr etc). The main advantages of ERP systems should be self-evident; forecasting, tracking, a systems consolidation, a comprehensive workflow of activities, and business quality, efficiency, and collaboration. What is perhaps less well-known is the disadvantages; the twins of expensive customisation or business process restructuring for the software, the possibility of vendor lock-in and transition costs, and, of course, cost.

Panorama Consulting Services is a consulting company, that specialises in ERP that has been in operation since 2005, providing advice to business and government. They describe themselves as "[o]ne-hundred percent technology agnostic and independent of vendor affiliation" (Panorama Consulting, 2019), who provide a significant number of corporate "White Papers" on ERP-related subjects which, on a prima facie level, makes them a good candidate to begin some ERP comparisons. In particular, two White Papers are reviewed, "Ten Tips for a Successful ERP Implementation" (Panorama Consulting, 2015) and "Clash of the Titans 2019: An Independent Comparison of SAP, Oracle, Microsoft Dynamics and Infor" (2018), the selection in part to have a sense of a foundational paper followed by a practical implementation, and to determine whether their own principles of assessment in the former are actually applied in practical cases.

As an aside, mentioned must be made of the difference between White Papers in government and business. In the Commonwealth tradition, a White Paper is an official policy statement that is developed from an initial brief, and an initial statement designed for public consultation (a "Green Paper"). This differs significantly in the business world where a White Paper has come to mean a brief statement of businesses policy on a complex topic, and is much closer to a marketing tool (Graham, 2015). Government White Papers are significantly longer, more complex, and, arguably, are often the result of more extensive research.

Review: Ten Tips for a Successful ERP Implementation

The first recommendation from Panorama Consulting is for organisations to establish their own business requirements, which must arise from having defined business processes. It is not possible to define ERP requirements without having the business processes (and presumably the technology) already in place. This relates heavily to the major issues noted by Panorama that 75% of ERP projects take longer than expected, 55% are over-budget, and 41% realise less than half of their expected business benefits (based on Panorama's 2015 Annual Report). The reason for these problems are based on "unrealistic expectations", "mismanagement of scope", "unrealistic plans", "failure to manage the software vendor and project scope".

These issues form the basis of the stated tips, i.e., "focus on business processes and requirements first", "quantify expected benefits" to achieve a healthy ERP return-in-investment, "[e]nsure strong project management and resource commitment", "solicit executive buy-in", "take time to plan up front", "[e]nsure adequate training and change management", "[u]nderstand why you are implementing ERP", "[f]ocus on data migration early in the process", "[l]everage the value of conference room pilots", and finally "clear communication ... to all stakeholders" via a project charter.

Much of the White Paper is dedicated to issues that are less related to ERP as such and more on the project management aspects. Certainly there is some justification for this, after all, the implementation of ERP is a significant project. The highest level recommendation, however, ties in well with an information systems approach, that is, ensuring that business processes exist in the first place. If a business has not mapped its own processes the introduction of an ERP will not solve their problems as well as it could because neither the business procedures or culture are in place to effectively use the ERP.

Review: Clash of the Titans 2019

The second, and far more extensive, Panorama ERP White Paper was written some four years after the "Ten Tips". It analyses the major enterprise ERP software providers, (SAP, Oracle, Microsoft Dynamics, and Infor), based on their own ERP Benchmark Survey which was conducted between September 2018 and October 2018. The survey had some 263 respondents, with some 30% using SAP, 29% using Microsoft Dynamics, 25% using Oracle, and 16% using Infor. The top-level comparison from Panorama to organisations is to "consider software functionality, deployment options and vendor and product viability" and, returning to the previous White Paper, "[a]n informed decision also requires business process mapping and requirements definition".

The evaluations taken in the survey include; (i) implementation duration., (ii) operational disruption., (iii) single-system vs best-of-breed., (iv) internal vs external resource requirements., (v) significance of ERP in the organisation's digital strategy., and (vi) business initiatives included in the digital strategy. The results included some interpretation by Panorama, although it is worth noting the questions were more based around business results rather than the underlying technological tools.

From the ERP systems, SAP had the longest duration for implementation (average of 14.7 months), whereas Infor had the shortest (11.2), and by the same token SAP had the longest average operational disruption (128.5 days) and Infor had the shortest (120.6 days). However SAP clients tend towards large, complex, and global organisations, whereas Infor is designed for less cutomisation, and also as a result, tended to be a single ERP system (90.5% of solution set) whereas SAP had the lowest (86.2%), although it should be pointed out that the variation between the providers was not great.

Of some concern is human resource investment required; "vendors typically recommend a team of at least 8-12 full-time internal resources, this isn't feasible for most organizations". Oracle customers have a high of 50.9% of resources sourced internal, whilst Microsoft Dynamics is at at the other end of the scale at 45.4%. Panorama argues that simple customisation can be done in-house, whereas complex configurations require external support. Also of concern is whether or not ERP played a significant role in the organisations digital strategy, which ranged from 71.4% (Infor) to a low of 45% (Oracle), although the latter is explained as Oracle offers diverse components for specific functions. When functions themselves were analysed, a high of 84.6% included ERP in their business strategy, with a low of 8.3% using eCommerce from an Infor installation.

Critique of the Two White Papers

The initial proposal of conducting a review of the second paper based on the suggestions of the first is difficult as the survey as those questions are not directly addressed. Whilst the second White Paper does reiterate the concerns of planning and project management in both the short and long-term for an organisation considering implementing an ERP system, it does not associate the difficulties with the evident disruptions of implementation that ERP systems cause. In a sense, this can serve as a critique of the second White Paper in its own right, that they survey whilst broad in the range of the questions asked related to usage is also shallow, insofar that it relied on some fairly superficial interpretations of Panorama Consulting on why particular results were generated.

A major issue that is not directly addressed by either paper is whether ERP systems are justified, or have a limited justification from an enterprise software perspective. Whilst it would be challenging for an organisation such as Panorama Consulting to give advice that essentially says "No, an ERP system is not for you", it is surprising that in neither White Paper consideration is given to building bespoke systems. These do not need be as "complex but easy" (easy to use, complex to change) expensive enterprise tools would suggest. After all, an ERP is essentially a graphic interface connecting queries to database with stored procedures that incorporates business logic in a stateful manner. An ERP that is developed in-house but with proprietary-free storage and logic engines is relatively easy to change as the business itself develops. Rather than a "solution" it may be worthwhile looking at a "toolkit". It would certainly help with one of the often-overlooked matter that major ERP solutions embody significant cultural biases (Newman, Zhao, 2008).

Further, neither paper engaged in a comparison of technological resources required and consumed, such as requisite operating system and existing software requirements, physical system requirements, or latency and bandwidth. Given the effect that this has in the end-user experience of the system, the performance of the system (especially consider distance between data and processing) and therefore the speed of business intelligence, and the capacity of the system to cover the business needs at scale, one would have thought that such quantitative and objective measures would have had a primary consideration.

The implementation of an ERP system, which suggests an organisation-wide repository of related business data that is updated from various input functions, certainly seems enticing. However, as the first White Paper has correctly argued, an ERP system can only perform as well as the existing business logic and data repositories. The degree that these are incomplete suggests a need that will arise during implementation. Whilst the two White Papers from Panorama Consulting provide some information necessary for the implementation (organisational buy-in, project management) and some information concerning utilising of major packages, the papers lack the necessary systematic perspective for either implementation or comparison, part of which directly comes from the lack of critical quantitative and logical evaluations.


Graham, Gordon (2015). The White Paper FAQ,, Retrieved 16 March 2015.

Newman, M. and Zhao, Y. (2008), The Process of ERP Implementation and BPR: A Tale from two Chinese SMEs. Information Systems Journal, 18 (4): 405-426.

Panorama Consulting (2015), Ten Tips for a Successful ERP Implementation.

Panorama Consulting (2018), Clash of the Titans 2019: An Independent Comparison of SAP, Oracle, Microsoft Dynamics and Infor

Panorama Consulting (accessed 2019), We Are Panorama From:

Paul, Ray J., (2007), Challenges to information systems: time to change, European Journal of Information Systems, 16, p193-195Two Panorama ERP White Paper Reviews

Planet DebianMike Gabriel: Drupal 6 - Security Support Continued

Believe it or not, I just upgraded my old Drupal 6 instances serving e.g. my blog [1] to Drupal 6 LTS v6.49.

Thanks a lot to Elliot Christenson for continuing Drupal 6 security support. See [2] for more information about Drupal 6 LTS support provided by his company.



Planet DebianMarkus Koschany: My Free Software Activities in January 2019

Welcome to Here is my monthly report that covers what I have been doing for Debian. If you’re interested in Java, Games and LTS topics, this might be interesting for you.

Debian Games

  • Time’s almost up and the soft freeze is near. In January I packaged a couple of new upstream versions for Teeworlds (0.7.2), Neverball (this one was a Git snapshot because they apparently don’t like regular releases), cube2-data (easy, because I am upstream myself), adonthell and adonthell-data, fifechan, fife and unknown-horizons.
  • After I uploaded the latest Teeworlds release to stretch-backports too, I sponsored pegsolitaire for Juhani Numminen and a shiny new Supertux release for Reiner Herrmann.
  • I updated KXL, the Kacchan X Windows System Library. You have never heard of it? Well, never mind. However it powers three Debian games.
  • Last but not least I updated btanks,  your fast 2D tank arcade game.

Debian Java


Debian LTS

This was my thirty-fifth month as a paid contributor and I have been paid to work 20,5 hours on Debian LTS, a project started by Raphaël Hertzog. In that time I did the following:

  • From 28.01.2019 until 03.02.2019 I was in charge of our LTS frontdesk. I investigated and triaged CVE in mupdf, coturn, php5, netkit-rsh, guacamole-client, openjdk-7, python-numpy, python-gnupg, muble, mysql-connector-python, enigmail, python-colander, slurml-llnl, sox, uriparser, and drupal7.
  • DLA-1631-1. Issued a security update for libcaca fixing 4 CVE.
  • DLA-1633-1. Issued a security update for sqlite3 fixing 5 CVE.
  • DLA-1650-1. Issued a security update for rssh fixing 1 CVE.
  • DLA-1656-1. Issued a security update for agg fixing 1 CVE. This one required a sourceful upload of desmume and exactimage as well because agg provides only a static library.
  • DLA-1662-1. Issued a security update for libthrift-java fixing 1 CVE.
  • DLA-1673-1. Issued a security update for wordpress fixing 7 CVE.


Extended Long Term Support (ELTS) is a project led by Freexian to further extend the lifetime of Debian releases. It is not an official Debian project but all Debian users benefit from it without cost. The current ELTS release is Debian 7 „Wheezy“. This was my eight month and I have been paid to work 15 hours on ELTS.

  • I was in charge of our ELTS frontdesk from 28.01.2019 until 03.02.2019 and I triaged CVE in php5 and systemd.
  • ELA-81-1. Issued a security update for systemd fixing 2 CVE. I investigated CVE-2018-16865 and found that systemd was not exploitable. I marked CVE-2018-16864, CVE-2018-16866 and CVE-2018-15688 as <not-affected> because the vulnerable code was introduced later.
  • ELA-83-1. Issued a security update for php5  fixing 7 upstream bugs. No CVE have been assigned yet but upstream intends to do so shortly.

Thanks for reading and see you next time.

Cory DoctorowA free excerpt from UNAUTHORIZED BREAD, my latest audiobook

Unauthorized Bread is the first installment of my next science fiction book for adults, Radicalized, which comes out in just over a month; the audiobook is available DRM-free on Google Play and direct from me.

Unauthorized Bread is a story about refugees, rent-seeking, DRM and the housing crisis, and the audiobook, read by Lameece Issaq, is amazing. is hosting an excerpt from the book.

TEDStacey Abrams’ State of the Union response and more updates from TED speakers

The TED community is brimming with new projects and updates. Below, a few highlights.

Stacey Abrams responds to the US State of the Union. Politician Stacey Abrams spoke from Atlanta on behalf of the Democratic party following the State of the Union address. In her speech, she focused on the fight against bigotry, bipartisanship in a turbulent America and voter rights. The right to vote is especially important to Abrams — last November, she lost the Georgia gubernatorial election by 55,000 votes, a loss that some pundits have attributed to voter suppression. “The foundation of our moral leadership around the globe is free and fair elections, where voters pick their leaders, not where politicians pick their voters,” she said. “In this time of division and crisis, we must come together and stand for, and with, one another.” Watch the full speech on The New York Times website or read the transcript at USA Today. (Watch Abrams’ TED Talk.)

Remembering Emily Levine. The extraordinary humorist and philosopher Emily Levine has passed away following a battle with lung cancer. Reflecting on life and death, Levine said, “’I am just a collection of particles that is arranged into this pattern, then will decompose and be available, all of its constituent parts, to nature, to reorganize into another pattern. To me, that is so exciting, and it makes me even more grateful to be part of that process.” Read our full tribute to Levine on our blog. (Watch Levin’s TED Talk.)

Could you cut the tech giants from your life? In a new multimedia series from Gizmodo, journalist Kashmir Hill details her six-week experiment quitting Facebook, Amazon, Apple, Microsoft and Google — and shares surprising insights on how entwined these companies are in daily life. With help from technologist Dhruv Mehrotra, Hill blocked access to one company for a week at a time using a custom VPN (virtual private network), culminating with a final week of excluding all five tech companies. In just her first week of cutting out Amazon, Hill’s VPN logged over 300,000 blocked pings to Amazon servers! Check out the whole series on Gizmodo. (Watch Hill’s TED Talk.)

Exploring the historical roots of today’s biggest headlines. Alongside artist Masud Olufani, journalist Celeste Headlee will launch a new series at PBS called Retro Report that will explore current news stories, “revealing their unknown — and often surprising — connections to the past.” Each one-hour episode will trace the history of four news stories, including Colin Kaepernick’s NFL protests, modern-day drug approval laws and the US government’s wild horse care program. Retro Report will launch on PBS this fall. (Watch Headlee’s TED Talk.)

Customizable vegetables now for sale. Grubstreet has a new profile on Row 7, the seed company co-founded by chef Dan Barber that wants to change the way farmers, chefs and breeders collaborate and connect. Alongside breeder Michael Mazourek and seeds dealer Matthew Goldfarb, Barber hopes to design seeds that have the flavors chefs want, along with the qualities (like high yield and disease resistance) that farmers are looking for.  “We’re trying to deepen the context for the seeds, and this conversation between breeders and the chefs,” Barber said. By prioritizing taste and nutrition, Row 7 plans to engineer ever-evolving seed collections that meet the needs of both farmers and chefs. Row 7’s first seed collection is now available for purchase. (Watch Barber’s TED Talk.)

A promising new report on tobacco divestment. The Tobacco-Free Finance Pledge, led by oncologist Bronwyn King, has a new signatory: Genus Capital Investment, a leading Canadian fossil-free investment firm. Genus released a new report — based on a six-year study — about the financial impacts of divesting from tobacco stocks and removing tobacco from its portfolios. They found that over the past 20 years, tobacco divestment did not negatively affect index portfolios, and that in the past five years, portfolios that excluded tobacco actually outperformed the market. In a statement, King said, “This new research adds to a growing body of evidence demonstrating that investors do not need to invest in tobacco to achieve excellent returns.” Spearheaded by Tobacco Free Portfolios and the United Nations Environment Programme, the Tobacco-Free Finance Pledge was launched last year and has over 140 signatories and supporters. (Watch King’s TED Talk.)

An HBO feature on superhuman tech. On Real Sports with Bryant Gumbel, bionics designer Hugh Herr presented his team’s latest prosthetics and explained why he thinks bionics will soon revolutionize sports. Herr spoke to Soledad O’Brien about a future of enhanced athletic ability, saying “There’s going to be new sports … power basketball, power swimming, power climbing. It’ll be a reinvention of sports and it’ll be so much fun.” In a teaser clip, O’Brien tried on a pair of lower-leg exoskeletons developed at Herr’s MIT lab; the full episode can be viewed on HBO. (Watch Herr’s TED Talk.)


Have a news item to share? Write us at and you may see it included in this round-up.

Planet DebianAndy Simpkins: AVR ATMEGA328P support in avr-gcc

I can save £0.40 per device if I move from the ATMEGA328P to an ATMEGA328PB, given that I am expecting to use around 4000 of these microcontrollers a year this looks like a no brainer decision to me… The ATMEGA328P has been around for a few years now and I did check that the device was supported in avr-gcc *before* I committed to a PCB.  The device on the surface appears to be a simple B revision, with a few changes over the original part as described in Application Note AN_42559 – AT15007: Differences between ATmega328/P and ATmega328PB.  There are potential issues around the crystal drive for the clock (but I am pretty sure that I have done the appropriate calculations so this will work – famous last words I know).

I have had my PCBs back for a couple of weeks now, I have populated the boards and confirmed that electrically they work fine, the interface to the Raspberry Pi has also been tested.  I took a week out for the DebConf Videoteam sprint and a couple of extra days to recover from FOSDEM (catch up on much needed sleep) so today I picked up the project once again.

My first task was to change my firmware build away from an Arduino Uno R3 platform to my own PCB – simple right?  Just move around my #defines to match the GPIO pins I am using to drive my hardware, and change my build flags from -mmcu=atmega328p to -mmcu=atmega328pb and then rebuild.

If only things were that simple….

It turns out that even though the avr-gcc in Stretch knows about the atmega328pb it doesn’t know how to deal with it.

The internet suggested in all its wisdom that this was a known bug, so I updated my trusty laptop to Buster to take a look (where known bug is old and apparently resolved in a version number lower than that of gcc-avr in buster).

Good news – my upgrade to buster went without hitch :-)
Bad news – my program still does not compile – I still have the same error

avr/include/avr/io.h:404:6: warning: #warning "
device type not defined"

My googlefoo must be getting better these days because it didn’t take long to track down a solution:

I need to download a “pack” from Atmel / Microchip that tells gcc about the 328pb.  I downloaded the Atmel ATmega Series Device Support Pack from 

Once I copied all the *.h files from within the pack to /usr/lib/avr/include to get the avr io headers to work properly.  I also put all the other files from the pack into a folder called `packs` in my project folder.  Inside the packs folder should be folder like “gcc, include, templates…”

I now needed to update my build script to add another GCC flag to tell it to use the atmega328pb definition from the ‘pack’

-B ./packs/gcc/dev/atmega328pb/

We are finally getting somewhere, my errors about undefined device type has gone away, however I am now getting new errors about the SPI control registers being unrecognized.

One of the differences between the two chip ‘revisions’ is that the atmega328pb has an additional SPI port, so it makes sense that registers have been renamed following the convention of adding device number after the register.
Thus the interrupt vector SPI_STC_vect becomes SPI0_STC_vect and the registers simply gain a 0 suffix.

A few #if statements later and my code now compiles and I can commence testing…  Happy days!

The ‘pack’ which contains the details for the ATMEGA328PB is 1.2.132 (2016-12-14) which means it has had quite a while to be included in the tool-chain.  Should this be included as part of avr-gcc for buster?  I would hope so, but we are now in a freeze so perhaps it will be missed.

Next task – avr-dude.  Does the buster build recognize the ATMEGA328PB signatures / program correctly?

[EDIT 20190213 AS]  Yes avr-dude recognises and programs the ATMEGA328PB just fine.

Google AdsensePolicy resources available to you

We want to do everything we can to help our publishers succeed.

Beyond providing the AdSense platform to monetize content, we provide various channels through which we communicate policies, best practices and product changes to our publishers.

What resources are available?

We know that one size doesn't fit all for publishers when it comes to preferred methods of transmitting messages and information.  There are several platforms where we provide policy information to publishers.

First, we have our Policy Help Center. Through the Help Center, publishers can view all AdSense program policies, with detailed information on specific areas such as content policies, ad implementation policies, webmaster guidelines and much more.

Next, we have an AdSense Forum, comprised of experienced expert publishers that are passionate about helping other publishers better understand AdSense policies.  Here, you can review previous threads or post questions and receive feedback from the community.

We also have our AdSense YouTube channel, a platform we are investing in going forward to address questions for those publishers who prefer videos over text. We plan to update this resource frequently throughout the next year.

For big policy changes, check out our Inside AdSense blog, where we generally post updates first. We have Googlers from across AdSense posting best practices as well as practical advice to avoid common pitfalls, increase revenue and remain policy compliant. We’ll also provide updates on industry drivers, which may be useful to publishers. 

And more recently we’ve also tried to amplify our messaging through the AdSense social channels on Facebook & Twitter.  Generally, these posts reiterate an update that we’ve posted on our AdSense blog, with a link to that posting.

Lastly, we often speak at conferences and host publisher events at our offices worldwide. At these events, we discuss our program policies and gather in-person feedback from you. This feedback is valuable and has resulted in modifications to products, policies, and policy enforcement to better serve your needs.

Why is it important for Google to provide all of these resources?

We know that your first priority is creating content and growing your business. We want to do our part to help you succeed, so we’ve provided multiple platforms to help you understand our policies in the way that suits you best. To put it simply: we want to provide the right resource information, at the right time, in as many places as possible to help you understand our policies.

We also want to make sure you have a number of paths to provide feedback. Our publisher events at Google offices are a great opportunity for this. Additionally, my entire role representing Publisher Policy Communications places a face to our policies, and a feedback loop from you, to the policy team.

Communication involves listening

Communication is a two way street. We’ve listened to your feedback, and created several ways, on several platforms for publishers to better understand our policies. We will always try to interact with you in ways that work best for you. When you succeed, we succeed. Please let us know how we can better communicate our policies to you.

John Brown
Head of Publisher Policy Communications

CryptogramChina's AI Strategy and its Security Implications

Gregory C. Allen at the Center for a New American Security has a new report with some interesting analysis and insights into China's AI strategy, commercial, government, and military. There are numerous security -- and national security -- implications.

Worse Than FailureCodeSOD: The Double Bind Printer

Printer jams are an unavoidable circumstance. Paper might not seem sticky, but static electricity and humidity can to horrible things, and all the protections in the world can't stop them. Printers are also objectively terrible, and always have been.

Years ago, when Coyne T was a fresh-faced youth, he supported an aging COBOL-based warehouse system. Their reports went to a noisy continuous feed line printer. The printer was a finicky beast, and no matter what sacrifices were made before printing, it had a tendency to devour pages, or have the gears slip and misprint lines. Because the report data came straight from a COBOL job, there was no cached output to reprint- the entire reporting process would need to be re-run every time the printer got angry.

About thirty pages of a report got chewed up a few days after Coyne joined the team. As the new kid, re-running the report fell to him. "But, before you go and re-run the report," the team lead, Herschel, said, "there's a few things you should know."

Herschel laid out the key facts. The report generating program didn't just generate the report. It also could clear the monthly totals and update the day's inventory as part of running the report. Doing either of those in the middle of the day was absolutely wrong, and would create a lot of manual work to fix it. Even worse, doing both of those during the same run would stomp all over the data files and absolutely corrupt the entire mainframe.

"Fortunately, I added two flags- CLEAR-SWITCH and UPDATE-SWITCH. Just make sure they're both set to 'N', and you should be fine."

Coyne checked and double checked the instructions, ensured that the flags were definitely set to 'N', and then ran the report.

After the mainframe team had restored from backup and recovered as much of the data that they could (losing only the past three days worth of inventory), Coyne was called out on the carpet to explain how he'd destroyed the database. Despite being a newbie, Coyne had been cautious from the start, and reviewed the instructions which Herschel had given him, as well as how he'd verified that he'd followed the instructions. But Coyne had also gone the extra step, to look up the code block which checked those flags. He came to the meeting prepared.


Now, first off, one might hope that if two flags should never be used at the same time lest they destroy all the data, there might be some logic to make them mutually exclusive. There is no such logic, but if you look closely, you can see some illogic that I suspect was meant to accomplish that goal.

If the CLEAR-SWITCH variable is not 'Y', then the code sets… RUN-UPDATE. And RUN-CLEAR is controlled by UPDATE-SWITCH. The result is an odd block of code: if either one of the switches is disabled, by being set to anything that isn't 'Y', this code works. If both of the switches are enabled, by being set to 'Y', then this code won't run either step. In the case where both switches are explicitly disabled, then both steps will be run (and the data will be destroyed).

Herschel warned Coyne that "only an idiot would run a job without reading the code first, you should have been more careful," but since Coyne was only a junior, and had followed the instructions, nothing more came from that meeting.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!


Planet DebianMike Gabriel: My Work on Debian LTS/ELTS (January 2019)

In January 2019, I have worked on the Debian LTS project for 10 hours and on the Debian ELTS project for 2 hours (of originally planned 6 + 1 hours) as a paid contributor. The non-worked 5 ELTS hours I have given back to the pool of available work hours.

LTS Work

  • Fix one CVE issue in sssd (DLA-1635-1 [1]).
  • Fix five CVE issues in libjpeg-turbo (DLA 1638-1 [2]).
  • Fix some more CVE issues in libav (DLA-1654-1 [3]).
  • FreeRDP: patch rebasing and cleanup.
  • FreeRDP: Testing the proposed uploads, sending out a request for testing [4], provide build previews, some more patch work.
  • Give feedback to the Debian stable release team on the planned FreeRDP 1.1 uploads to Debian jessie LTS and Debian stretch.
  • Some little bit of CVE triaging during my LTS frontdesk week (a very quiet week it seemed to me)

The new FreeRDP versions have been uploaded at the beginning of February 2019 (I will mention that properly in my next month's LTS work summary, but you may already want to take a glimnpse at DLA-1666-1 [5]).


  • Start working on OpenSSH security issues currently effecting Debian wheezy ELTS (and also Debian jessie LTS).

The pressing and urgent fixes for OpenSSH will be uploaded during the coming week.

Thanks to all LTS/ELTS sponsors for making these projects possible.



Planet DebianMike Gabriel: My Work on Debian LTS/ELTS (January 2019)

In January 2019, I have worked on the Debian LTS project for 10 hours and on the Debian ELTS project for 2 hours (of originally planned 6 + 1 hours) as a paid contributor. The non-worked 5 ELTS hours I have given back to the pool of available work hours.

LTS Work

  • Fix one CVE issue in sssd (DLA-1635-1 [1]).
  • Fix five CVE issues in libjpeg-turbo (DLA 1638-1 [2]).
  • Fix some more CVE issues in libav (DLA-1654-1 [3]).
  • FreeRDP: patch rebasing and cleanup.
  • FreeRDP: Testing the proposed uploads, sending out a request for testing [4], provide build previews, some more patch work.
  • Give feedback to the Debian stable release team on the planned FreeRDP 1.1 uploads to Debian jessie LTS and Debian stretch.
  • Some little bit of CVE triaging during my LTS frontdesk week (a very quiet week it seemed to me)

The new FreeRDP versions have been uploaded at the beginning of February 2019 (I will mention that properly in my next month's LTS work summary, but you may already want to take a glimnpse at DLA-1666-1 [5]).


  • Start working on OpenSSH security issues currently effecting Debian wheezy ELTS (and also Debian jessie LTS).

The pressing and urgent fixes for OpenSSH will be uploaded during the coming week.

Thanks to all LTS/ELTS sponsors for making these projects possible.



Planet Linux AustraliaLev Lafayette: The Disciplinary Vagaries of Information Systems


More than thirty years ago, Professor Peter Checkland of the University of Lancaster, raised the question whether information systems (IS) and systems thinking could be united (Checkland, 1988). Almost twenty years later, Ray J. Paul, senior lecturer at the London School of Economics and Political Science also raised the disciplinary status of the subject, as editor the European Journal of Information Systems (Paul, 2007). These two papers are both illustrative of several others (e.g., Banville and Laundry, (1988)., George et. al., (2005)., Firth et. al., (2011)., Annabi and McGann, (2015)) from information systems as it attempts to find its own disciplinary boundaries among the crowd of academia, research, and vocational activities (c.f., Abraham et. al., (2006)., Benamati et. al., (2010).

The two papers are selecting not only to provide an at-a-glance illustration of the time-period of foundational issues within Information Systems as a discipline, but also the temporal context of each paper, and the differences in their views which, at least in part, is reflective of those different times. Drawing from these illustrative comments and from other source material mentioned, some critical issues facing the field of information systems is identified. Rather than attempting to enforce a niche for information systems, a philosophical reconstruction is carried out using formal pragmatics, as developed by the philosopher Karl-Otto Apel (1980) and the social theorist Jurgen Habermas (1984).

Checkland and Paul: A Review

Checkland argues that human beings are "unique" in converting data into information and attributing meaning. Whilst recent studies in animal studies suggest that a more relative term would be more appropriate (c.f., Pika, et. al, (2018)), the point is made. Information Systems are defined as "organized attempts" by institutions to provide information, dominated by the use of computers as the dominant means to carry this into effect. For Checkland a potential conflict between technical experts who avoid the social aspect, and agents of social change who side-step technical expertise, with the discipline lacking in a "Newton" to bring the field together.

In elucidating how this situation came about Checkland notes that the recent history of Information Systems begins with the approach of engineers and statisticians of the 1940s (e.g., Fisher, Wiener, Weaver, Shannon) were primarily concerned with signal-transmission of messages and their distortion, with no reference to meaning. This would be developed in a "semantic information theory" by Stamper et. al., at the London School of Economics, to include semantic analysis. Nevertheless Checkland argues that information systems have "tacitly followed the systems thinking of the 1950s and 1960s". In taking up this argument Checkland applies a phenomenological epistemology where the system is derived from concepts which themselves are a "mutually-creating relationship between perceived reality .. and intellectual concepts (which include 'system')".

Generalized approaches as systems to entities as an "autonomous whole" applies in a variety of fields as diverse as biology, ecology, engineering, economics, sociology etc, from the 1940s to the 1960s and beyond. Checkland argues that this approach correlated with the information technology systems at the time, where such "hard" systems theory where "organizations are conceptualized as goal-seeking machines and information systems are there to enable the information needs associated with organizational goals to be met". In the 1980s new technologies were making it increasingly possible to view organizations as"discourses, cultures, tribes, political battlegrounds, quasi-families, or communication and task networks", where functionalism was being replaced with "phenomenology and hermeneutics", which correlates with the development of Soft Systems Methodology (SSM), meaning-attribution, and emergent properties, and where SSM is a learning system as a whole, and which makes system models.

With this transformation in technology and systems methodology, Checkland argues in the future computer projects will rarely use a project life cycle, except for when "relatively mechanical administrative procedures are computerized". Instead, projects will be increasingly orientated around tasks of perception and meaning where processes and information flows "increasingly need a social and political perspective", which places computing in the hands of the end-user, and where systems are developed so that they can learn and build their own information system. Checkland concludes that this "process orientation offers help with some of the crux problems of information provision in organizations in the 1990s".

Paul's editorial is quite different from Checkland's paper, with the most notable differences being between the difference of twenty years in time and the size of the publication; the editorial is a mere three pages compared to Checkland reaching just over ten. Despite this Paul managed to raise a great number of critical issues with both brevity and power, and with a great deal of hindsight wisdom when compared to the zeitgeist optimism of Checkland. Thematically Paul is concerned with the two topics of challenge and change, noting a variety of past editorials that are concerned with these matters, and notes a connection between them: It is clear to me that there are challenges to IS, and that it is time to address them – it is time to change.

Five challenges are identified which strike at the very core of Information Systems as a discipline and research project highlighting its continuing problematic status. Specifically, Paul states the following: "Nobody seems to know who were are outside the IS community", "Demand from students to study IS is generally dropping", "Research publications in IS do not appear to be publishing the right sort or content of research". In addition. Paul identifies "journal league tables" as being particularly troubling for the discipline, and finally, noting that what are information systems is still subject to significant debate.

Initially referring to the first four challenges, which are less elaborated, Paul suggests that the lack of IS's public recognition is because of its lack of distinct identity, often being located either within business studies or computer science, and suggests that a stronger IS community could provide the strength to overcome these barriers. Whilst the second challenge is an empirical measure it is suggested that community strength would overcome also help with declining enrolments. The third challenge is one of real-world applications versus pure research, with Paul strongly leaning towards the former. As for "journal league tables" Paul makes a case for journals to have a diversity of roles and fitness of purpose.

The final matter is the definition of IS. It is obviously difficult for a discipline to find its place in academia when it is unsure of its own core subject matter, Paul addresses this last point as a matter of major concentration. Taking an approach of via negativa, Paul tries to define information systems by what it is not. Thus, information systems are not information technology, which are the devices that provide the delivery mechanism for information systems. Nor is information systems the processes being used, and nor is the people using the technology and the processes. Instead, to Paul, information systems are the combination of these contributing factors. "The IS is what emerges from the usage and adaptation of the IT and the formal and informal processes by all of its users."

Critique and Reconstruction

Despite the differences in time, size, and even approach, both the papers from Checkland and Paul refer to the issue of identity for IS as a discipline and research project. Checkland provides a historical and philosophical approach to describing this matter and concludes with an optimistic zeitgeist of transformation, partially developed from a degree of technological determinism. Paul's editorial, in contrast, is more concerned with immediate issues and context, although this too is ultimately grounded in ontological and epistemological issues that confront Information Systems.

Checkland's historical argument of the transformation from "hard systems" approaches to SSM are largely accepted within the discipline, although the argument that this correlates with organisations moving from goal-seeking institutions to some sort of extended family is pretty speculative to say the least. Likewise is the claim of processes moving away from functionalism to more phenomenological and hermeneutic approaches, as if these are at variance to each other. After all, functionalism has both phenomenology and hermeneutics as a philosophical foundation. Whilst Checkland is close to transcending these subject-centred approaches with references to speech-act theory and the generation of meaning, they have not engaged in the core principle of linguistic philosophy which notes that shared symbolic values cannot be systematically generated on account of their intersubjectivity (Apel, 1980., Habermas, 1984).

Likewise, Paul's five challenges are not without problems. Two at least are not exactly IS unique problems but rather universal to all academic disciplines, that is the matter of conflict between pure research and practical application (see also Benamati et. al., (2010)) and the issue of journal league tables and fitness to purpose. The matter of IS lacking its own distinct disciplinary identity is certainly a challenge however as Paul's definitional conclusion indirectly notes, this is because it is a multi-disciplinary subject that draws together the organisational requirements in business studies with the technology of computer science. Finally, Paul takes a fairly idealistic approach in arguing that the drop in IS enrolments is due to a lack of an IS community. As Abraham et al (2006) point out, there were particularly historical macroeconomic issues as a major factor, specifically the "" crash of 2000-2002.

A reconstruction of the disciplinary identity of IS is founded on the philosophy of formal (or universal) pragmatics. Initiated by the "linguistic turn" of Wittgenstein (1953), this approach identifies language and meaning as something that is generated between people, and rather than taking a subject-centered view of the world elaborates this to an intersubjective approach. Uniting epistemological considerations with ontological ones formal pragmatics takes a rationalisation of world orientations with specific verification claims.

Unverifiable Metaphysics Physicalist, Symbolist, Idealist Theology
Verifiable Reality Logical and Empirical Philosophy
Orientations/Worlds (verification) 1. Objective or External World 2.Intersubective or Social World 3. Subjective or Internal World
1. Statements of Truth - Sciences (correspondence) Scientific facts Social facts Unverifiable
2. Statements of Justice - Laws (consensus) Unverifiable Legal Norms Moral Norms
3. Statements of Beauty – Arts (sincerity) Aesthetic Expressions Unverifiable Sensual Expressions

Table 1: Elaborated from Habermas (1984), illustrating the pragmatic complexes

In doing so, IS is placed within multiple complexes; not only does it have to deal with the world-orientation of objective facts (information technology), it is equally involved in the world-orientation of social facts (business processes); whereas earlier IS focussed more on the former, SSM was focussed more on the later. Both of these are part of DIKW hierarchy, which refers to the relationship between data, information, knowledge, and wisdom (Rowley (2007). IS is thus a subset of the wider body of knowledge management, which contains all the specific academic disciplines and world-orientations. Whilst the importance of IS will continue to grow due to the increased development of business processes, information technology, and their integration, it will always be a multi-disciplinary subject as it crosses pragmatic boundaries.

One sociological effect of formal pragmatics refers to an understanding of society as a combination of institutional systems and a lifeworld of communities. Procedural action occurs through institutional systems, whereas meaning generation occurs through the lifeworld. In this sense, a system cannot generate meaning and, despite the best efforts of public relations experts, cannot determine the response of communities to their slogans, neologisms, etc. It is very much asystematic, and the best that organisations can hope for is that they have sufficient inputs from the wild world of external communities to be attentive to communities think of them. In this sense, the hopes of Checkland that somehow institutional systems will transform themselves from procedural to meaning-generating bodies is implausible.


Taking the divergent papers of Checkland and Paul a common theme was noted as both attempted to find a foundation on which to base Information Systems as a discipline and research project. Checkland's approach was to apply philosophical considerations to the history of IS and in particular note the transformation of the engineering and biological perspectives of the 1950s and 1960s to the Soft Systems Methodology of the 1970s and 1980s with the possibility of institutional transformation aided by changes in technological devices. In contrast, Paul noted difficulties of identity within IS as it crossed disciplinary boundaries and lacked a referential ability to define itself in distinction to other fields of inquiry.

Both these papers contribute to an ongoing debate on the nature and function of IS. A contribution is made here using contemporary pragmatic and linguistic philosophy with the identification that the challenges confronting IS are actually required for the existence of IS. As long as there is data that is stored in a structured manner as information and that that information is utilised by institutions, then it is inevitable that IS will be crossing the boundaries of instrumental and social technologies. Likewise, as long meaning is generated intersubjectively then there can be no way that an external body can enforce and define the interpretation of shared symbolic values.

By way of conclusion, it must be said that formal pragmatics is obviously not just applicable to IS. As a theory that looks at whether statements of affairs are even verifiable in a pragmatic sense it must incorporate the entirety of the knowledge of our species; not in the content of course, but rather in the categorisation of what sort of statements are possible in the first place. Certainly, there is many things in the universe which we do not know yet, but at least formal pragmatics provides the tools of what sort of questions can be asked, and when propositions are made, whether or not that content seeks verification of truth, justice, or beauty. There are, perhaps further questions outside these areas of verification, but for them, perhaps it is best to refer to two aphorisms of the early Wittgenstein (1922). "The limits of my language mean the limits of my world"; "Whereof one cannot speak, thereof one must be silent."


Abraham, T., Beath, C., Bullen, C., Gallagher, K., Goles, T., Kaiser, K., and Simon, J. (2006) IT Workforce Trends: Implications For IS Programs, Communications of the Association for Information Systems, (17)50, p. 1147-1170

Annabi, H., McGann, Sean T., (2015), MIS-Understood: A Longitudinal Analysis of MIS Major Misconceptions, Proceedings of SIGED: IAIM Conference 2015

Apel, Karl-Otto, (1980), (trans. Glyn Adey, David Frisby), Towards a Transformation of Philosophy, Routledge and Kegal Paul, FP 1972

Benamati, J. H., Ozdemir, Z. D., and Smith, H. J. (2010), Aligning Undergraduate IS Curricula with Industry Needs, Communications of the Association for Information Systems, (53)3, p. 152-156

Banville, C., Landry, M., (1989) Can the Field of MIS be Disciplined?, Communications of the ACM, 32 (1), p48-60

Checkland, P.B., (1988) Information Systems and Systems Thinking: Time to Unite?, International Journal of Information Management, 8, p239-248

George, J. F., Valacich, J. S., and Valor, J. (2005), Does Information Systems Still Matter? Lessons for a Maturing Discipline, Communications of the Association for Information Systems (16)8, pp. 219-232

Habermas, J., The Theory of Communicative Action, Volume 1: Reason and the Rationalisation of Society, Beacon Press, 1984 [FP 1981]

Firth, D., King, J., Koch, H., Looney, C. A., Pavlou, P., and Trauth, E. M. (2011), Addressing the Credibility Crisis in IS, Communications of the Association for Information Systems, (28)13, p. 199-212

Paul, Ray J., (2007), Challenges to information systems: time to change, European Journal of Information Systems, 16, p193-195

Pika, Simone., Wilkinson, Ray, Kendrik, Kobin H., Vernes, Sonja C., (2018), Taking turns: bridging the gap between human and animal communication, Proceeedings of the Royal Society B, 285(1880)

Rowley, Jennifer (2007). The wisdom hierarchy: representations of the DIKW hierarchy. Journal of Information and Communication Science. 33 (2): p163–180.

Wittgenstein, Ludwig (1922), (trans. Frank P. Ramsey and Charles Kay Ogden), Tractatus Logico-Philosophicus, Kegan Paul, FP 1921

Wittgenstein, Ludwig (1953), (trans. G. E. M. Anscombe), Philosophical Investigations, Macmillan Publishing Company.


CryptogramFriday Squid Blogging: The Hawaiian Bobtail Squid Genome

The Hawaiian Bobtail Squid's genome is half again the size of a human's.

Other facts:

The Hawaiian bobtail squid has two different symbiotic organs, and researchers were able to show that each of these took different paths in their evolution. This particular species of squid has a light organ that harbors a light-producing, or bioluminescent, bacterium that enables the squid to cloak itself from predators. At some point in the past, a major "duplication event" occurred that led to repeat copies of genes that normally exist in the eye. These genes allowed the squid to manipulate the light generated by the bacteria.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Krebs on SecurityPhishers Target Anti-Money Laundering Officers at U.S. Credit Unions

A highly targeted, malware-laced phishing campaign landed in the inboxes of multiple credit unions last week. The missives are raising eyebrows because they were sent only to specific anti-money laundering contacts at credit unions, and many credit union sources say they suspect the non-public data may have been somehow obtained from the National Credit Union Administration (NCUA), an independent federal agency that insures deposits at federally insured credit unions.

The USA Patriot Act, passed in the wake of the terror attacks of Sept 11, 2001, requires all financial institutions to appoint at least two Bank Secrecy Act (BSA) contacts responsible for reporting suspicious financial transactions that may be associated with money laundering. U.S. credit unions are required to register these BSA officers with the NCUA.

On the morning of Wednesday, Jan. 30, BSA officers at credit unions across the nation began receiving emails spoofed to make it look like they were sent by BSA officers at other credit unions.

The missives addressed each contact by name, claimed that a suspicious transfer from one of the recipient credit union’s customers was put on hold for suspected money laundering, and encouraged recipients to open an attached PDF to review the suspect transaction. The PDF itself comes back clean via a scan at, but the body of the PDF includes a link to a malicious site.

One of the many variations on the malware-laced targeted phishing email sent to dozens of credit unions across the nation last week.

The phishing emails contained grammatical errors and were sent from email addresses not tied to the purported sending credit union. It is not clear if any of the BSA officers who received the messages actually clicked on the attachment, although one credit union source reported speaking with a colleague who feared a BSA contact at their institution may have fallen for the ruse.

One source at an association that works with multiple credit unions who spoke with KrebsOnSecurity on condition of anonymity said many credit unions are having trouble imagining another source for the recipient list other than the NCUA.

“I tried to think of any public ways that the scammers might have received a list of BSA officers, but sites like LinkedIn require contact through the site itself,” the source said. “CUNA [the Credit Union National Association] has BSA certification schools, but they certify state examiners and trade association staff (like me), so non-credit union employees that utilize the school should have received these emails if the list came from them. As far as we know, only credit union BSA officers have received the emails. I haven’t seen anyone who received the email say they were not a BSA officer yet.”

“Wonder where they got the list of BSA contacts at all of our credit unions,” said another credit union source. “They sent it to our BSA officer, and [omitted] said they sent it to her BSA officers.” A BSA officer at a different credit union said their IT department had traced the source of the message they received back to Ukraine.

The NCUA has not responded to multiple requests for comment since Monday. The agency’s instructions for mandatory BSA reporting (PDF) state that the NCUA will not release BSA contact information to the public. Officials with CUNA also did not respond to requests for comment.

A notice posted by the U.S. Treasury Department’s Financial Crimes Enforcement Network (FinCEN) said the bureau was aware of the phishing campaign, and was urging financial institutions to disregard the missives.

Update, 11:13 a.m. ET: Multiple sources have now confirmed this spam campaign also was sent to BSA contacts at financial institutions other than credit unions, suggesting perhaps another, more inclusive, entity that deals with financial institutions may have leaked the BSA contact data.

Update, 5:26 p.m. ET: The NCUA responded and released the following statement:

Upon learning of the recent spear phishing campaign targeting Bank Secrecy Act officers at credit unions, the NCUA conducted a comprehensive review of its security logs and alerts. This review is completed, and it did not find any indication that information was compromised.

The most recent information available indicates the campaign extends beyond credit unions to other parts of the financial sector.

The NCUA encourages all credit union staff to be wary of suspicious emails, and credit unions may report suspicious activity to the agency. Additional information about phishing and other information security concerns is available on the agency’s Cybersecurity Resources webpage.

Also, the Treasury Department responded to requests for information about this event, stating:

FinCEN is aware of the phishing attempts and we’re examining the circumstances. There is no indication that any FinCEN systems were compromised.

Here is some information on 314(b) from our website

Note that the 314(b) system is designed so that individual compliance officers (registered with FinCEN) can find and directly contact each other. It provides no access to any type of broad financial database.

Original story: The latest scam comes amid a significant rise in successful phishing attacks, according to a non-public alert sent in late January by the U.S. Secret Service to financial institutions nationwide. “The Secret Service is observing a noticeable increase in successful large-scale phishing attacks targeting unsuspecting victims across industry,” the alert warns.

The Secret Service alert reminds readers that we in the United States are entering tax season, which typically brings a large spike in scams designed to siphon personal and financial data. It also includes some helpful reminders, including:

-Never click on links embedded in emails or open any attachments from unknown or suspect fraudulent email accounts.

-Always independently verify any requested information originates from a legitimate source.

-Visit Web sites by entering the domain name yourself (for sensitive sites, preferably by using a bookmark you created previously).

-If you are contacted via phone, hang up, look up the number for the institution at that institution’s Web site, and call back. Do not give out information in an unsolicited phone call.

Planet DebianIustin Pop: Notes on XFS: raid reshapes, metadata size, schedulers…

Just a couple on notes on XFS, and a story regarding RAID reshapes.

sunit, swidth and raid geometry

When I started looking at improving my backup story, first thing I did was resizing my then-existing backup array from three to four disks, to allow playing with new tools before moving to larger disks. Side-note: yes, I now have an array where the newest drive is 7 years newer than the oldest ☺

Reshaping worked well as usual (thanks md/mdadm!), and I thought all is good. I forgot however that xfs takes its stripe width from the geometry at file-system creation, and any subsequent reshapes are ignored. This is documented (and somewhat logical, if not entirely), in the xfs(5) man-page:

sunit=value and swidth=value … Typically the only time these mount options are necessary if after an underly‐ ing RAID device has had it’s geometry modified, such as adding a new disk to a RAID5 lun and reshaping it.

But I forgot to do that. On top of a raid5. Which means, instead of writing full stripes, xfs was writing ⅔ of a stripe, resulting in lots of read-modify-write, which explains why I saw some unexpected performance issues even in single-threaded workloads.

Lesson learned…

xfs metadata size

Once I got my new large HDDs, I created the new large (for me, at least) file-system with all bells and whistles, which includes lots of metadata. And by lots, I really mean lots:

# mkfs.xfs -m rmapbt=1,reflink=1 /dev/mapper/…
# df -h 
Filesystem         Size  Used Avail Use% Mounted on
/dev/mapper/        33T  643G   33T   2% /…

Almost 650G of metadata! 650G!!!!! Let’s try some variations, on a 50T file-system (on top of sparse file, not that I have this laying around!):

Plain mkfs.xfs:
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       50T   52G   50T   1% /mnt
mkfs.xfs with rmapbt=1:
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       50T  675G   50T   2% /mnt
mkfs.xfs with rmapbt=1,reflink=1:
Filesystem      Size  Used Avail Use% Mounted on
/dev/loop0       50T  981G   50T   2% /mnt

So indeed, the extra “bells” do eat a lot of disk. Fortunately that ~1T of metadata is not written at mkfs time, otherwise it’d be fun! The actual allocation for that sparse file was “just” 2G. I wonder how come the metadata is consistent if mkfs doesn’t ensure zeroing?

Not sure I’ll actually test the reflink support soon, but since I won’t be able to recreate the file-system easily once I put lots of data on it, I’ll leave it as such. It’s, after all, only 2% of the disk space, even if the absolute value is large.

XFS schedulers

Apparently CFQ is not a good scheduler for XFS. I’m probably the last person on earth to learn this, as it was documented for ages, but better late than never. Yet another explanation for the bad performance I was seeing…

Summary: yes, I have fun playing a sysadmin at home ☺

Worse Than FailureError'd: Quite Powerful Errors Indeed

"I was considering this recorder for my son, but I think 120W might be a bit over the top," writes Peter B.


"Yep, looks like the test works to me," writes Stefan S.


Lincoln K. wrote, "Hertz may have Ultimate Choice(tm) but apparently not Ultimate QA."


"Consider a situation where seven electric vehicle chargers were installed and they were working ok, but monitoring wasn't working so great. After two weeks of finger pointing and 'not my fault' emails, an agreement was reached - inspect the terminal sockets and replace any networking cables. In the end, what happened was that an Electrician been 'promoted' to 'network technican' for a day. The guy's boss must have said It's just a tiny cable...a little smaller than your used to, just do as usual. Poor guy he stripped 112 wires (7 cables * 2 ends * 8 wires) by hand," Jon B. wrote.


Adam G. writes, "Something tells me I will not be contacted shortly."


Robert wrote, "Usually I'm very careful who I'm sharing passwords with, but in this case, I think I can make an exception."


[Advertisement] Continuously monitor your servers for configuration changes, and report when there's configuration drift. Get started with Otter today!

LongNowTreeline, a Documentary Shot Partly On Long Now’s Nevada Property

Patagonia has released a mini documentary about skiers, snowboarders and scientists as they explore “an ancient story written in rings.” The doc was shot in part on Long Now’s Nevada property in Mount Washington, and shows stunning images of something we at Long Now have not yet had a chance to see: the ancient Bristlecone pines on the mountain in deep winter.



Planet DebianThorsten Alteholz: My Debian Activities in January 2019

FTP master

This month I accepted 363 packages, which is again more than last month. On the other side I rejected 68 uploads, which is almost twice as last month. The overall number of packages that got accepted this month was 494.

Debian LTS

This was my fifty fifth month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.

This month my all in all workload has been 20.5h. During that time I did LTS uploads or prepared security uploads of:

    [DLA 1634-1] wireshark security update for 41 CVEs
    [DLA 1643-1] krb5 security update for three CVEs
    [DLA 1645-1] wireshark security update for three CVEs
    [DLA 1647-1] apache2 security update for one CVE
    [DLA 1651-1] libgd2 security update for four CVEs

I continued to work on CVEs of exiv2.

Last but not least I did some days of frontdesk duties.

Debian ELTS

This month was the eight ELTS month.

During my allocated time I uploaded:

  • ELA-75-1 of wireshark for 26 CVEs
  • ELA-77-1 of krb5 for four CVEs
  • ELA-78-1 of wireshark for three CVEs

As like in LTS, I also did some days of frontdesk duties.

Other stuff

I improved packaging of …

I uploaded new upstream versions of …

I uploaded new packages …

  • ptunnel-ng, which is a fork of ptunnel with ongoing development

Last but not least I sponsored uploads of …

Planet DebianIain R. Learmonth: Privacy-preserving monitoring of an anonymity network (FOSDEM 2019)

This is a transcript of a talk I gave at FOSDEM 2019 in the Monitoring and Observability devroom about the work of Tor Metrics.

Direct links:

Producing this transcript was more work than I had anticipated it would be, and I’ve done this in my free time, so if you find it useful then please do let me know otherwise I probably won’t be doing this again.

I’ll start off by letting you know who I am. Generally this is a different audience for me but I’m hoping that there are some things that we can share here. I work for Tor Project. I work in a team that is currently formed of two people on monitoring the health of the Tor network and performing privacy-preserving measurement of it. Before Tor, I worked on active Internet measurement in an academic environment but I’ve been volunteering with Tor Project since 2015. If you want to contact me afterwards, my email address, or if you want to follow me on the Fediverse there is my WebFinger ID.

So what is Tor? I guess most people have heard of Tor but maybe they don’t know so much about it. Tor is quite a few things, it’s a community of people. We have a paid staff of approximately 47, the number keeps going up but 47 last time I looked. We also have hundereds of volunteer developers that contribute code and we also have relay operators that help to run the Tor network, academics and a lot of people involved organising the community locally. We are registered in the US as a non-profit organisation and the two main things that really come out of Tor Project are the open source software that runs the Tor network and the network itself which is open for anyone to use.

Currently there are an estimated average 2,000,000 users per day. This is estimated and I’ll get to why we don’t have exact numbers.

Most people when they are using Tor will use Tor Browser. This is a bundle of Firefox and a Tor client set up in such a way that it is easy for users to use safely.

When you are using Tor Browser your traffic is proxied through three relays. With a VPN there is only one server in the middle and that server can see either side. It is knows who you are and where you are going so they can spy on you just as your ISP could before. The first step in setting up a Tor connection is that the client needs to know where all of those relays are so it downloads a list of all the relays from a directory server. We’re going to call that directory server Dave. Our user Alice talks to Dave to get a list of the relays that are available.

In the second step, the Tor client forms a circuit through the relays and connects finally to the website that Alice would like to talk to, in this case Bob.

If Alice later decides they want to talk to Jane, they will form a different path through the relays.

We know a lot about these relays. Because the relays need to be public knowledge for people to be able to use them, we can count them quite well. Over time we can see how many relays there are that are announcing themselves and we also have the bridges which are a seperate topic but these are special purpose relays.

Because we have to connect to the relays we know their IP addresses and we know if they have IPv4 or IPv6 addresses so as we want to get better IPv6 support in the Tor network we can track this and see how the network is evolving.

Because we have the IP addresses we can combine those IP addresses with GeoIP databases and that can tell us what country those relays are in with some degree of accuracy. Recently we have written up a blog post about monitoring the diversity of the Tor network. The Tor network is not very useful if all of the relays are in the same datacenter.

We also perform active measurement of these relays so we really analyse these relays because this is where we put a lot of the trust in the Tor network. It is distributed between multiple relays but if all of the relays are malicious then the network is not very useful. We make sure that we’re monitoring its diversity and the relays come in different sizes so we want to know are the big relays spread out or are there just a lot of small relays inflating the absolute counts of relays in a location.

When we look at these two graphs, we can see that the number of relays in Russia is about 250 at the moment but when we look at the top 5 by the actual bandwidth they contribute to the network they drop off and Sweden takes Russia’s place in the top 5 contributing around 4% of the capacity.

The Tor Metrics team, as I mentioned we are two people, and we care about measuring and analysing things in the Tor network. There are 3 or 4 repetitive contributors and then occasionally people will come along with patches or perform a one-off analysis of our data.

We use this data for lots of different use cases. One of which is detecting censorship so if websites are blocked in a country, people may turn to Tor in order to access those websites. In other cases, Tor itself might be censored and then we see a drop in Tor users and then we also see we a rise in the use of the special purpose bridge relays that can be used to circumvent censorship. We can interpret the data in that way.

We can detect attacks against the network. If we suddenly see a huge rise in the number of relays then we can suspect that OK maybe there is something malicious going on here and we can deal with that. We can evaluate effects on how performance changes when we make changes to the software. We have recently made changes to an internal scheduler and the idea there is to reduce congestion at relays and from our metrics we can say we have a good idea that this is working.

Probably one of the more important aspects is being able to take this data and make the case for a more private and secure Internet, not just from a position of I think we should do this, I think it’s the right thing, but here is data and here is facts that cannot be so easily disputed.

We only handle public non-sensitive data. Each analysis goes through a rigorous review and discussion process before publication.

As you might imagine the goals of privacy and anonymity network doesn’t lend itself to easy data gathering and extensive monitoring of the network. The Research Safety Board if you are interested in doing research on Tor or attempting to collect data through Tor can offer advice on how to do that safely. Often this is used by academics that want to study Tor but also the Metrics Team has used it on occasion where we want to get second opinions on deploying new measurements.

What we try and do is follow three key principles: data minimalisation, source aggregation, and transparency.

The first one of these is quite simple and I think with GDPR probably is something people need to think about more even if you don’t have an anonymity network. Having large amounts of data that you don’t have an active use for is a liability and something to be avoided. Given a dataset and given an infinite amount of time that dataset is going to get leaked. The probability increases as you go along. We want to make sure that we are collecting as little detail as possible to answer the questions that we have.

When we collect data we want to aggregate it as soon as we can to make sure that sensitive data exists for as little time as possible. This means usually in the Tor relays themselves before they even report information back to Tor Metrics. They will be aggregating data and then we will aggregate the aggregates. This can also include adding noise, binning values. All of these things can help to protect the individual.

And then being as transparent as possible about our processes so that our users are not surprised when they find out we are doing something, relay operators are not surprised, and academics have a chance to say whoa that’s not good maybe you should think about this.

The example that I’m going to talk about is counting unique users. Users of the Tor network would not expect that we are storing their IP address or anything like this. They come to Tor because they want the anonymity properties. So the easy way, the traditional web analytics, keep a list of the IP addresses and count up the uniques and then you have an idea of the unique users. You could do this and combine with a GeoIP database and get unique users per country and these things. We can’t do this.

So we measure indirectly and in 2010 we produced a technical report on a number of different ways we could do this.

It comes back to Alice talking to Dave. Because every client needs to have a complete view of the entire Tor network, we know that each client will fetch the directory approximately 10 times a day. By measuring how many directory fetches there are we can get an idea of the number of concurrent users there are of the Tor network.

Relays don’t store IP addresses at all, they count the number of directory requests and then those directory requests are reported to a central location. We don’t know how long an average session is so we can’t say we had so many unique users but we can say concurrently we had so many users on average. We get to see trends but we don’t get the exact number.

So here is what our graph looks like. At the moment we have the average 2,000,000 concurrent Tor users. The first peak may have been an attempted attack, as with the second peak. Often things happen and we don’t have full context for them but we can see when things are going wrong and we can also see when things are back to normal afterwards.

This is in a class of problems called the count-distinct problem and these are our methods from 2010 but since then there has been other work in this space.

One example is HyperLogLog. I’m not going to explain this in detail but I’m going to give a high-level overview. Imagine you have a bitfield and you initialise all of these bits to zero. You take an IP address, you take a hash of the IP address, and you look for the position of the leftmost one. How many zeros were there at the start of that string? Say it was 3, you set the third bit in your bitfield. At the end you have a series of ones and zeros and you can get from this to an estimate of the total number that there are.

Every time you set a bit there is 50% chance that that bit would be set given the number of distinct items. (And then 50% chance of that 50% for the second bit, and so on…) There is a very complicated proof in the paper that I don’t have time to go through here but this is one example that actually turns out to be quite accurate for counting unique things.

This was designed for very large datasets where you don’t have enough RAM to keep everything in memory. We have a variant on this problem where even keep 2 IP addresses in memory would, for us, be a very large dataset. We can use this to avoid storing even small datasets.

Private Set-Union Cardinality is another example. In this one you can look at distributed databases and find unique counts within those. Unfortunately this currently requires far too much RAM to actually do the computation for us to use this but over time these methods are evolving and should become feasible, hopefully soon.

And then moving on from just count-distinct, the aggregation of counters. We have counters such as how much bandwidth has been used in the Tor network. We want to aggregate these but we don’t want to release the individual relay counts. We are looking at using a method called PrivCount that allows us to get the aggregate total bandwidth used while keeping the individual relay bandwidth counters secret.

And then there are similar schemes to this, RAPPOR and PROCHLO from Google and Prio that Mozilla have written a blog post about are similar technologies. All of the links here in the slides and are in the page on the FOSDEM schedule so don’t worry about writing these down.

Finally, I’m looking at putting together some guidelines for performing safe measurement on the Internet. This is targetted primarily at academics but also if people wanted to apply this to analytics platforms or monitoring of anything that has users and you want to respect those users’ privacy then there could be some techniques in here that are applicable.

Ok. So that’s all I have if there are any questions?

Q: I have a question about how many users have to be honest so that the network stays secure and private, or relays?

A: At the moment when we are collecting statistics we can see – so as I showed earlier the active measurement – we know how much bandwidth a relay can cope with and then we do some load balancing so we have an idea of what fraction of traffic should go to each relay and if one relay is expecting a certain level of traffic and it has wildly different statistics to another relay then we can say that relay is cheating. There isn’t really any incentive to do this and it’s something we can detect quite easily but we are also working on more robust metrics going forward to avoid this being a point where it could be attacked.

Q: A few days ago I heard that with Tor Metrics you are between 2 and 8 million users but you don’t really know in detail what the real numbers are? Can you talk about the variance and which number is more accurate?

A: The 8 million number comes from the PrivCount paper and they did a small study where they looked at unique IP address over a day where we look at concurrent users. There are two different measurements. What we can say is that we know for certain that there are between 2 million and 25 million unique users per day but we’re not sure where in there we fall and 8 million is a reasonable-ish number but also they measured IP addresses and some countries use a lot of NAT so it could be more than 8 million. It’s tricky but we see the trends.

Q: Your presentation actually implies that you are able to collect more private data than you are doing. It says that the only thing preventing you from collecting private user data is the team’s good will and good intentions. Have I got it wrong? Are there any possibilities for the Tor Project team to collect some private user data?

A: Tor Project does not run the relays. We write the code but there individual relay operators that run the relays and if we were to release code that suddenly collecting lots of private data people would realise and they wouldn’t run that code. There is a step between the development and it being deployed. I think that it’s possible other people could write that code and then run those relays but if they started to run enough relays that it looked suspicious then people would ask questions there too, so there is a distributed trust model with the relays.

Q: You talk about privacy preserving monitoring, but also a couple of years ago we learned that the NSA was able to monitor relays and learn which user was connecting to relays so is there also research to make it so Tor users cannot be targetted for using a relay and never being able to be monitored.

A: Yes, there is! There is a lot of research in this area and one of them is through obfuscation techniques where you can make your traffic look like something else. They are called pluggable transports and they can make your traffic look like all sorts of things.

Worse Than FailureCodeSOD: A Policy Exception

“So, we have a problem. A… a big one.”

Andrea C worked for an insurance company. In terms of software development, a “problem” meant she’d misfiled one of her TPS coversheets or something like that. A big problem meant she’d accidentally checked in code that contained a comment with some profanity in it.

“It’s actually, well, it’s actually huge,” her boss continued.

She’d never had a “huge” problem before.

Someone had discovered that, if they knew a customer’s policy number and were currently logged in- they could see that customer’s policy. It didn’t have to be their policy. Any policy, so long as they had a valid login and the policy number.

That was pretty huge. Andrea hadn’t gotten too deep into that section of the application before, but the original developer had moved on, so it was time for her to dig in. She pulled up the JSP code which served the page.

	boolean globalError = false;

	// SNIP: gets various parameters from HttpPortletRequest. E.g. policyNumber, fiscalCode, etc.
  //fiscalCode is the customer identifier

	try {
		// Security check to see if the policy belongs to the user
		if(!PolicyUtil.isValidPolicyNumber(fiscalCode, policyNumber, endpoint))
			throw new PolicyNumberException();
	} catch(Exception e) {
		globalError = true;

	Policy policy = PolicyUtil.getPolicy(fiscalCode, policyNumber, dateOnlyFormat, endpoint);

<%-- <c:if test="<%=!globalError %>"> --%>
	<div class="header container main_dsh">
		<h2><%=policy.getProductName() %></h2>
		<h4 style="color: white;">N. <%=policyNumber %></h4>
<%-- </c:if> --%>	
	// SNIP: displays policy details

Let’s start with names. isValidPolicyNumber isn’t just a validator- it uses the fiscalCode to determine if this customer is allowed to see that policy number. It also checks that the policy number exists, that it’s a valid and active policy. And all that information is encoded into a single boolean value.

And of course, of course if that boolean value is false, we throw an exception. Flow of control by exceptions is always a great choice, especially when the only thing you do with the exception is set a flag.

The sane thing, at this point, is to bail. We can’t display this policy. But the code doesn’t bail, it actually goes right back to the database to fetch the policy. A policy that it may have already decided is not valid in this context.

When Andrea found this much, she thought she’d figured out the actual bug, but reading on revealed the next step. The <c:if> test only surrounds the display of the header.

No one had touched this code in years. Pretty much since their new website launched in 2009, this code had been sitting in production.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!


TEDRemembering Emily Levine

“You have to understand that we don’t live in Newton’s clockwork universe anymore. We live in a banana peel universe, and we won’t ever be able to know everything or control everything or predict everything.” Emily Levine speaks at TED2018. Photo: Jason Redmond / TED

“That’s what’s so extraordinary about life: It’s a cycle of generation, degeneration, regeneration.”

The humorist Emily Levine has died, after an extraordinary life spent questioning the very nature of reality. A philosopher-comic, she tore apart classics and physics and pop culture, and then, in trickster fashion, stuck them together in ways that created not just a shock of recognition but (as she explained herself back in 2002) a shock of re-cognition, of thinking in a new way. Her goal was to short-circuit your mind, to shake you out of your silly old and/or thinking with a little bit of and/and. Not for nothing did she call herself “the Evel Knievel of mental leaps.”

She worked as a TV writer and producer, a filmmaker and as a connector, a locus for like-minded kooks. She was a force, a word that we hope will make sense on many levels.

Most recently, she turned her attention to the process of dying itself, as she faced down a diagnosis of stage IV lung cancer. As always, it sent her searching through the widest possible array of sources. She read quantum physics (” — well, I read an email from someone who’d read it, but — “), she re-visited Hannah Arendt and an old joke, and tossed everything into the blender of her sharp wit. And it all began to make sense, life, living, dying, death. In her own words: “’I’ am just a collection of particles that is arranged into this pattern, then will decompose and be available, all of its constituent parts, to nature, to reorganize into another pattern. To me, that is so exciting, and it makes me even more grateful to be part of that process.”

Planet DebianGunnar Wolf: Raspberry Pi 3 Debian Buster *unofficial preview* image update

As I mentioned two months ago, I adopted the Debian Raspberry 3 build scripts, and am now building a clean Buster (Debian Testing) unofficial preview image. And there are some good news to tell!
Yesterday, I was prompted by Martin Zobel-Helas and Holger Levsen to prepare this image after the Buster Debian Installer (d-i) alpha release. While we don't use d-i to build the image, I pushed the build, and found that...
I did quite a bit of work together with Romain Perier, a soon-to-become Debian Maintainer, and he helped get the needed changes in the main Debian kernel, thanks to which we now finally have working wireless support!

Romain also told me he did some tests, building an image very much like this one, but built for armel instead of armhf, and apparently it works correctly on a Raspberry Pi Zero. That means that, if we do a small amount of changes (and tests, of course), we will be able to provide straight Debian images to boot unmodified on all of the Raspberry lineup!
So, as usual:
You can look at the instructions at the Debian Wiki page on RaspberryPi3. Or you can just jump to the downloads, at my


raspi3.jpg116.06 KB

CryptogramUsing Gmail "Dot Addresses" to Commit Fraud

In Gmail addresses, the dots don't matter. The account "" maps to the exact same address as "" and "" -- and so on. (Note: I own none of those addresses, if they are actually valid.)

This fact can be used to commit fraud:

Recently, we observed a group of BEC actors make extensive use of Gmail dot accounts to commit a large and diverse amount of fraud. Since early 2018, this group has used this fairly simple tactic to facilitate the following fraudulent activities:

  • Submit 48 credit card applications at four US-based financial institutions, resulting in the approval of at least $65,000 in fraudulent credit
  • Register for 14 trial accounts with a commercial sales leads service to collect targeting data for BEC attacks
  • File 13 fraudulent tax returns with an online tax filing service
  • Submit 12 change of address requests with the US Postal Service
  • Submit 11 fraudulent Social Security benefit applications
  • Apply for unemployment benefits under nine identities in a large US state
  • Submit applications for FEMA disaster assistance under three identities

In each case, the scammers created multiple accounts on each website within a short period of time, modifying the placement of periods in the email address for each account. Each of these accounts is associated with a different stolen identity, but all email from these services are received by the same Gmail account. Thus, the group is able to centralize and organize their fraudulent activity around a small set of email accounts, thereby increasing productivity and making it easier to continue their fraudulent behavior.

This isn't a new trick. It has been previously documented as a way to trick Netflix users.

News article.

Slashdot thread.

Planet DebianAntoine Beaupré: January 2019 report: LTS, Mailman 3, Vero 4k, Kubernetes, Undertime, Monkeysign, oh my!

January is often a long month in our northern region. Very cold, lots of snow, which can mean a lot of fun as well. But it's also a great time to cocoon (or maybe hygge?) in front of the computer and do great things. I think the last few weeks were particularly fruitful which lead to this rather lengthy report, which I hope will be nonetheless interesting.

So grab some hot coco, a coffee, tea or whatever warm beverage (or cool if you're in the southern hemisphere) and hopefully you'll learn awesome things. I know I did.

Free software volunteer work

As always, the vast majority of my time was actually spent volunteering on various projects, while scrambling near the end of the month to work on paid stuff. For the first time here I mention my Kubernetes work, but I've also worked on the new Mailman 3 packages, my monkeysign and undertime packages (including a new configuration file support for argparse), random Debian work, and Golang packaging. Oh, and I bought a new toy for my home cinema, which I warmly recommend.

Kubernetes research

While I've written multiple articles on Kubernetes for LWN in the past, I am somewhat embarrassed to say that I don't have much experience running Kubernetes itself for real out there. But for a few months, with a group of fellow sysadmins, we've been exploring various container solutions and gravitated naturally towards Kubernetes. In the last month, I particularly worked on deploying a Ceph cluster with Rook, a tool to deploy storage solutions on a Kubernetes cluster (submitting a patch while I was there). Like many things in Kubernetes, Rook is shipped as a Helm chart, more specifically as an "operator", which might be described (if I understand this right) as a container that talks with Kubernetes to orchestrate other containers.

We've similarly worked on containerizing Nextcloud, which proved to be pretty shitty at behaving like a "cloud" application: secrets and dynamic data and configuration are all mixed up in the config directory, which makes it really hard to manage sanely in a container environment. The only way we found it could work was to mount configuration as a volume, which means configuration becomes data and can't be controled through git. Which is bad. This is also how the proposed Nextcloud Helm solves this problem (on which I've provided a review), for what it's worth.

We've also worked on integrating GitLab in our workflow, so that we keep configuration as code and deploy on pushes. While GitLab talks a lot about Kubernetes integration, the actual integration features aren't that great: unless I totally misunderstood how it's supposed to work, it seems you need to provide your own container and run kubectl from it, using the tokens provided by GitLab. And if you want to do anything of significance, you will probably need to give GitLab cluster access to your Kubernetes cluster, which kind of freaks me out considering the number of security issues that keep coming out with GitLab recently.

In general, I must say I was very skeptical of Kubernetes when I first attended those conferences: too much hype, buzzwords and suits. I felt that Google just threw us a toy project to play with while they kept the real stuff to themselves. I don't think that analysis is wrong, but I do think Kubernetes has something to offer, especially for organizations still stuck in the "shared hosting" paradigm where you give users a shell account or (S?!)FTP access and run mod_php on top. Containers at least provide some level of isolation out of the box and make such multi-tenant offerings actually reasonable and much more scalable. With a little work, we've been able to setup a fully redundant and scalable storage cluster and Nextcloud service: doing this from scratch wouldn't be that hard either, but it would have been done only for Nextcloud. The trick is the knowledge and experience we gained by doing this with Nextcloud will be useful for all the other apps we'll be hosting in the future. So I think there's definitely something there.

Debian work

I participated in the Montreal BSP, of which Louis-Philippe Véronneau made a good summary. I also sponsored a few uploads and fixed a few bugs. We didn't fix that many bugs, but I gave two workshops, including my now well-tuned packaging 101 workshop, which seems to be always quite welcome. I really wish I could make a video of that talk, because I think it's useful in going through the essentials of Debian packaging and could use a wider audience. In the meantime, my reference documentation is the best you can get.

I've decided to let bugs-everywhere die in Debian. There's a release critical bug and it seems no one is really using this anymore, at least I'm not. I would probably orphan the package once it gets removed from buster, but I'm not actually the maintainer, just an uploader... A promising alternative to BE seems to be git-bug, with support for synchronization with GitHub issues.

I've otherwise tried to get my figurative "house" of Debian packages in order for the upcoming freeze, which meant new updates for

I've also sponsored the introduction of web-mode (RFS #921130) a nice package to edit HTML in Emacs and filed the usual barrage of bug reports and patches.

Elegant argparse configfile support and new date parser for undertime

I've issued two new releases for my undertime project which helps users coordinate meetings across timezones. I first started working on improvingthe date parser which mostly involved finding a new library to handle dates. I started using dateparser which behaves slightly better, and I ended up packaging it for Debian as well although I still have to re-upload undertime to use the new dependency.

That was a first 1.6.0 release, but that wasn't enough - my users wanted a configuration file! I ended up designing a simple, YAML-based configuration file parser that integrates quite well with argparse, after finding too many issues with existing solutions like Configargparse. I summarized those for the certbot project which suffered from similar issues. I'm quite happy with my small, elegant solution for config file support. It is significantly better than the one I used for Monkeysign which was (ab)using the fromfile option of argparse.

Mailman 3

Motivated by this post extolling the virtues of good old mailing lists to resist social media hegemony, I did a lot (too much) work on installing Mailman 3 on my own server. I have ran Mailman 2 mailing lists for hundreds of clients in my previous job at Koumbit and I have so far used my access there to host a few mailing lists. This time, I wanted to try something new and figured Mailman 3 might have been ready after 4 years since the 3.0 release and almost 10 years since the project started.

How wrong I was! Many things don't work: there is no french translation at all (nor any other translation, for that matter), no invite feature, templates translation is buggy, the Debian backport fails with the MySQL version in stable... it's a mess. The complete history of my failure is better documented in mail.

I worked around many of those issues. I like the fact that I was almost able to replace the missing "invite" feature through the API and there Mailman 3 is much better to look at than the older version. They did fix a lot of things and I absolutely love the web interface which allows users to interact with the mailing list as a forum. But maybe it will take a bit more time before it's ready for my use case.

Right now, I'm hesitant: either I go with a mailing list to connect with friends and family. It works with everyone because everyone uses email, if only for their password resets. The alternative is to use something like a (private?) Discourse instance, which could also double as a comments provider for my blog if I ever decide to switch away from Ikiwiki... Neither seems like a good solution, and both require extra work and maintenance, Discourse particularly so because it is very unlikely it will get shipped as a Debian package.

Vero: my new home cinema box

Speaking of Discourse, the reason I'm thinking about it is I am involved in many online forums running it. It's generally a great experience, although I wish email integration was mandatory - it's great to be able to reply through your email client, and it's not always supported. One of the forums I participate in is the forum where I posted a description of my photography kit, explained different NAS options I'm considering and explained part of my git-annex/dartkable workflow.

Another forum I recently started working on is the forum. I first asked what were the full specifications for their neat little embedded set-top box, the Vero 4k+. I wasn't fully satisfied with the answers (the hardware is not fully open), but I ended up ordering the device and moving the "home cinema services" off of the venerable marcos server, which is going to turn 8 years old this year. This was an elaborate enterprise which involved wiring power outlets (because a ground was faulty), vacuuming the basement (because it was filthy), doing elaborate research on SSHFS setup and performance, deal with systemd bugs and so on.

In the end it was worth it: my roommates enjoy the new remote control. It's much more intuitive than the previous Bluetooth keyboard, it performs well enough, and is one less thing to overload poor marcos with.

Monkeysign alternatives testing

I already mentioned I was considering Monkeysign retirement and recently a friend asked me to sign his key so I figured it was a great time to test out possible replacements for the project. Turns out things were not as rosy as I thought.

I first tested pius and it didn't behave as well as I hoped. Generally, it asks too many cryptic questions the user shouldn't have to guess the answer to. Specifically, here's the issues I found in my review:

  1. it forces you to specify your signing key, which is error-prone and needlessly difficult for the user

  2. I don't quite understand what the first question means - there's too much to unpack there: is it for inline PGP/MIME? for sending email at all? for sending individual emails? what's going on? and the second questions

  3. the second question should be optional: i already specified my key on the commandline, it should use that as a From...

  4. the signature level is useless and generally disregarded by all software, including OpenPGP. even if it would be used, 0/1/2/3/s/n/h/q is a pretty horrible user interface.

And then it simply fails to send the email completely on dkg's key, but that might be because its key was so exotic...

Gnome-keysign didn't fare much better - I opened six different issues on the promising project:

  1. what does the internet button do?
  2. signing arbitrary keys in GUI
  3. error in french translation
  4. using mutt as a MUA does not work
  5. signing a key on the commandline never completes
  6. flatpak instructions failure

So, surprisingly, Monkeysign might survive a bit longer, as much as I have come to dislike the poor little thing...

Golang packaging

To help a friend getting the new RiseupVPN package in Debian, I uploaded a bunch of Golang dependencies (bug #919936, bug #919938, bug #919941, bug #919944, bug #919945, bug #919946, bug #919947, bug #919948) in Debian. This involved filing many bugs upstream as many of those (often tiny) packages didn't have explicit licences, so many of those couldn't actually be uploaded, but the ITPs are there and hopefully someone will complete that thankless work.

I also tried to package two other useful Golang programs, dmarc-cat and gotop, both of which also required a significant number of dependencies to be packaged (bug #920387, bug #920388, bug #920389, bug #920390, bug #921285, bug #921286, bug #921287, bug #921288). dmarc-cat has just been accepted in Debian - it's very useful to decipher DMARC reports you get when you configure your DNS to receive such reports. This is part of a larger effort to modernize my DNS and mail configuration.

But gotop is just starting - none of the dependencies have been update just yet, and I'm running out of steam a little, even though that looks like an awesome package.

Other work

  • I hosed my workstation / laptop backup by trying to be too clever with Borg. It bit back and left me holding the candle, the bastard.

  • Expanded on my disk testing documentation to include better examples of fio as part of my neglected stressant package

GitHub said I "opened 21 issues in 14 other repositories" which seems a tad insane. And there's of course probably more stuff I'm forgetting here.

Debian Long Term Support (LTS)

This is my monthly Debian LTS report.

sbuild regression

My first stop this month was to notice a problem with sbuild from buster running on jessie chroots (bug #920227). After discussions on IRC, where fellow Debian Developers basically fabricated me a patch on the fly, I sent merge request #5 which was promptly accepted and should be part of the next upload.


I again worked a bit on systemd. I marked CVE-2018-16866 as not affecting jessie, because the vulnerable code was introduced in later versions. I backported fixes for CVE-2018-16864 and CVE-2018-16865 and published the resulting package as DLA-1639-1, after doing some smoke-testing.

I still haven't gotten the courage to dig back in the large backport of tmpfiles.c required to fix CVE-2018-6954.

tiff review

I did a quick review of the fix for CVE-2018-19210 proposed upstream which seems to have brought upstream's attention back to the issue and finally merge the fix.

Enigmail EOL

After reflecting on the issue one last time, I decided to mark Enigmail as EOL in jessie, which involved an upload of debian-security-support to jessie (DLA-1657-1), unstable and a stable-pu.

DLA / website work

I worked again on fixing the LTS workflow with the DLAs on the main website. Reminder: hundreds of DLAs are missing from the website (bug #859122) and we need to figure out a way to automate the import of newer ones (bug #859123).

The details of my work are in this post but basically, I readded a bunch more DLAs to the MR and got some good feedback from the www team (in MR #47). There's still some work to be done on the DLA parser, although I have merged my own improvements (MR #46) as I felt they had been sitting for review long enough.

Next step is to deal with noise like PGP signatures correctly and thoroughly review the proposed changes.

While I was in the webmaster's backyard, I tried to help with a few things by merging a LTS errata and a paypal integration note although the latter ended up being a mistake that was reverted. I also rejected some issues (MR #13, MR #15) during a quick triage.

phpMyAdmin review

After reading this email from Lucas Kanashiro, I reviewed CVE-2018-19968 and reviewed and tested CVE-2018-19970.

Worse Than FailureCodeSOD: Double Up

Carl works in research, and like most research organizations, half their code is carelessly glued together GUI tools, command line interfaces, and shell scripts. The other half, the half which does the real work, is Fortran. Sure, the code was written forty years ago, but the laws of physics haven’t changed, so it’s still good and it’s still fast.

Carl usually doesn’t have to touch the Fortran half. Instead, he usually looks at the other bit. Most things are run from shell scripts, and most of the work of the shell scripts is getting environment variables configured so that they Fotran code can actually run its model without having a heart attack.

So, for example, one of those environment variables is WORKINGDIR. WORKINGDIR holds a /very/long/path/to/a/deeply/nested/folder/someplace The Fortran model code also needs to know the location of the SYSDIR, which is always exactly two levels up from WORKINGDIR. No, the Fortran code can’t figure this out on its own, it’s too busy doing calculus. The shell script needs to figure it out.

The shell script which calculates it throws in a little wrinkle though: # calculate dir 2 levels up (Program doesn't allow .. in pathnames). So, no $WORKINGDIR/../.. here.

There are a number of ways one could solve this problem. The wrong way to solve this problem is this ksh script…

# calculate dir 2 levels up (Program doesn't allow .. in pathnames)
tmp=`echo $WORKINGDIR | tr -d /`
wctmp=`echo $tmp | wc -m`
wcwrk=`echo $WORKINGDIR | wc -m`
(( up2 = $wcwrk - $wctmp - 1 ))
export SYSDIR=`echo $WORKINGDIR | cut -d / -f 1-$up2 `

This code starts by using tr to strip out all the “/” characters. Then it counts how many characters are in the trimmed down version, and how many are in the original. The difference between these is the total number of directories in the path. Subtract another one from that. Then we use the cut command to grab from the 1st “/” character in the original path, up to the penultimate “/” character. Good news: this code is pretty confident $WORKINGDIR never ends in a slash, so this guarantees that we go up two levels.

Carl replaced this with the following one-liner: export SYSDIR=${WORKINGDIR%/*/*}, which accomplishes the exact same thing.

[Advertisement] ProGet supports your applications, Docker containers, and third-party packages, allowing you to enforce quality standards across all components. Download and see how!

Planet DebianKeith Packard: snek-duino

Snek-Duino: Snek with Arduino I/O

At the suggestion of a fellow LCA attendee, I've renamed my mini Python-like language from 'Newt' to 'Snek'. Same language, new name. I've made a bunch of progress in the implementation and it's getting pretty usable.

Here's our target system running Snek code that drives the GPIO pins. This example uses Pin 3 in PWM mode to fade up and down:

# Fade an LED on digital pin 3 up and down

led = 3

def up():
    for i in range(0,1,0.001):

def down():
    for i in range(1,0,-0.001):

def blink(n):
    for i in range(n):

Snek-Duino GPIO API

The GPIO interface I've made borrows ideas from the Lego Logo system. Here's an old presentation about Lego Logo. In brief:

  • talkto(output) or talkto((output,direction)) — set the specified pin as an output and use this pin for future output operations. If the parameter is a list or tuple, use the first element as the output pin and the second element as the direction pin.

  • listento(input) — set the specified pin as an input (with pull-ups enabled) and use this pin for future input operations.

  • on() — turn the current output pin on. If there is a recorded power level for the pin, use it.

  • off() — turn the current output pin off.

  • setpower(power) — record the power level for the current output pin. If it is already on, change the power level immediately. Power levels go from 0-1 inclusive.

  • read() — report the state of the current input pin. Pins 0-13 are the digital pins and report values 0 or 1. Pins 14-19 are the analog input pins and report values from 0-1.

  • setleft() — set the current direction pin to 1.

  • setright() — set the current direction pin to 0.

With this simple API, the user has fairly complete control over the pins at the level necessary to read from switches and light sensors and write to lights and motor controllers.

Another Example

This implements a dimmer — reading from an analog input and mirroring that value to a pin.

led = 3
dial = 14

def track():
    while True:
        p = read()
        if p == 1:

Further Work

Right now, all Snek code has to be typed at the command line as there's no file system on the device. The ATmega328P on this board has a 1k EEPROM that I'd like to use to store Snek code to be loaded and run when the device powers on.

And, I'd like to have a limited IDE to run on the host. I'm wondering if I can create something using the standard Python3 curses module so that the IDE could be written in fairly simple Python code. I want a split screen with one portion being a text editor with code to be sent to the device and the other offering a command line. Flipping away from the text editor would send the code to the device so that it could be run.

There's no way to interrupt a running program on the Arduino. I need interrupt-driven keyboard input so that I can catch ^C and halt the interpreter. This would also make it easy to add flow control so you can send long strings of code without dropping most of the characters.

Planet DebianFrançois Marier: Encrypted connection between SIP phones using Asterisk

Here is the setup I put together to have two SIP phones connect together over an encrypted channel. Since the two phones do not support encryption, I used Asterisk to provide the encrypted channel over the Internet.

Installing Asterisk

First of all, each VoIP phone is in a different physical location and so I installed an Asterisk server in each house.

One of the server is a Debian stretch machine and the other runs Ubuntu bionic 18.04. Regardless, I used a fairly standard configuration and simply installed the asterisk package on both machines:

apt install asterisk

SIP phones

The two phones, both Snom 300, connect to their local asterisk server on its local IP address and use the same details as I have put in /etc/asterisk/sip.conf:


Dialplan and voicemail

The extension number above (1000) maps to the following configuration blurb in /etc/asterisk/extensions.conf:

exten => 1000,1,Dial(SIP/1000,20)
exten => 1000,n,Goto(in1000-${DIALSTATUS},1)
exten => 1000,n,Hangup
exten => in1000-BUSY,1,Hangup(17)
exten => in1000-CONGESTION,1,Hangup(3)
exten => in1000-CHANUNAVAIL,1,VoiceMail(1000@mailboxes,su)
exten => in1000-CHANUNAVAIL,n,Hangup(3)
exten => in1000-NOANSWER,1,VoiceMail(1000@mailboxes,su)
exten => in1000-NOANSWER,n,Hangup(16)
exten => _in1000-.,1,Hangup(16)

the internal context maps to the following blurb in /etc/asterisk/extensions.conf:

include => home
include => iax2users
exten => 707,1,VoiceMailMain(1000@mailboxes)

and 1000@mailboxes maps to the following entry in /etc/asterisk/voicemail.conf:

1000 => 1234,home,

(with 1234 being the voicemail PIN).

Encrypted IAX links

In order to create a virtual link between the two servers using the IAX protocol, I created user credentials on each server in /etc/asterisk/iax.conf:


then I created an entry for the other server in the same file:


The second machine contains the same configuration with the exception of the server name (server1 instead of server2) and hostname ( instead of

Speed dial for the other phone

Finally, to allow each phone to ring one another by dialing 2000, I put the following in /etc/asterisk/extensions.conf:

include => home
exten => 2000,1,Set(CALLERID(all)=Francois Marier <2000>)
exten => 2000,2,Dial(IAX2/server1/1000)

and of course a similar blurb on the other machine:

include => home
exten => 2000,1,Set(CALLERID(all)=Other Person <2000>)
exten => 2000,2,Dial(IAX2/server2/1000)

Firewall rules

Since we are using the IAX protocol instead of SIP, there is only one port to open in /etc/network/iptables.up.rules for the remote server:

# IAX2 protocol
-A INPUT -s x.x.x.x/y -p udp --dport 4569 -j ACCEPT

where x.x.x.x/y is the IP range allocated to the ISP that the other machine is behind.

If you want to restrict traffic on the local network as well, then these ports need to be open for the SIP phone to be able to connect to its local server:

# VoIP phones (internal)
-A INPUT -s -p udp --dport 5060 -j ACCEPT
-A INPUT -s -p udp --dport 10000:20000 -j ACCEPT

where is the static IP address allocated to the SIP phone.

Krebs on SecurityMore Alleged SIM Swappers Face Justice

Prosecutors in Northern California have charged two men with using unauthorized SIM swaps to steal and extort money from victims. One of the individuals charged allegedly used a hacker nickname belonging to a key figure in the underground who’s built a solid reputation hijacking mobile phone numbers for profit.

According to indictments unsealed this week, Tucson, Ariz. resident Ahmad Wagaafe Hared and Matthew Gene Ditman of Las Vegas were part of a group that specialized in tricking or bribing representatives at the major wireless providers into giving them control over phone numbers belonging to people they later targeted for extortion and theft.

Investigators allege that between October 2016 and May 2018, Hared and Ditman grew proficient at SIM swapping, a complex form of mobile phone fraud that is often used to steal large amounts of cryptocurrencies and other items of value from victims.

The Justice Department says Hared was better known to his co-conspirators as “winblo.” That nickname corresponds to an extremely active and at one time revered member of the forum ogusers[.]com, a marketplace for people who wish to sell highly prized social media account names — including short usernames at Twitter, Instagram and other sites that can fetch thousands of dollars apiece.

Winblo’s account on ogusers[.]com

Winblo was an associate and business partner of another top Oguser member, a serial SIM swapper known to Oguser members as “Xzavyer.” In August 2018, authorities in California arrested a hacker by the same name — whose real name is Xzavyer Clemente Narvaez — charging him with identity theft, grand theft, and computer intrusion.

Prosecutors allege Narvaez used the proceeds of his crimes (estimated at > $1 million in virtual currencies) to purchase luxury items, including a McLaren — a $200,000 high-performance sports car.

According to the indictments against Hared and Ditman, one of the men (the indictment doesn’t specify which) allegedly used his ill-gotten gains to purchase a BMW i8, an automobile that sells for about $150,000.

Investigators also say the two men stole approximately 40 bitcoins from their SIM swapping victims. That’s roughly $136,000 in today’s conversion, but it would have been substantially more in 2017 when the price of a single bitcoin reached nearly $20,000.

Interestingly, KrebsOnSecurity was contacted in 2018 by a California man who said he was SIM swapped by Winblo and several associates. That victim, who asked not to be identified for fear of reprisals, said his Verizon mobile number was SIM hijacked by Winblo and others who used that access to take over his Twitter and PayPal accounts and then demand payment for the return of the accounts.

A computer specialist by trade, the victim said he was targeted because he’d invested in a cryptocurrency startup, and that the hackers found his contact information from a list of investors they’d somehow obtained. As luck would have it, he didn’t have much of value to steal in his accounts.

The victim said he learned more about his tormentors and exactly how they’d taken over his mobile number after they invited him to an online chat to negotiate a price for the return of his accounts.

“They told me they had called a Verizon employee line [posing as a Verizon employee] and managed to get my Verizon account ID number,” said my victim source. “Once they had that, they called Verizon customer service and had them reset the password. They literally just called and pretended to be me, and were able to get my account tied to another SIM card.”

The victim said his attackers even called his mom because the mobile account was in her name. Soon after that, his phone went dead.

“The funny thing was, after I got my account back the next day, there was a voicemail from a Verizon customer service agent who said something like, ‘Hey [omitted], heard you were having trouble with your line, hope the new SIM card is working okay, give us a call if not, have a nice day.'”


The indictments against Hared and Ditman come amid a series of arrests, charges and sentences targeting admitted and suspected SIM swappers. Last week, Joel Ortiz — a 20-year-old college student valedictorian accused of stealing more than $5 million in cryptocurrency in a slew of SIM hijacking attacks — became the first to be convicted for the crime, accepting a plea deal for a 10-year prison term.

Many of the people being arrested and charged with SIM swapping were part of a tight circle of individuals who spent money almost as quickly as they stole it. The video below was posted to the Instagram account “0,” a username that was hijacked by Ortiz. The video shows a birthday party celebration for Xzavyer Narvarez at the Hyde Sunset club in Los Angeles. Notice the Twitter bird symbols at the bottom of each card brought out by the club’s female attendants.



Another video posted by Ortiz — to a hijacked, highly sought Instagram account “T” — shows members of this group dumping out $200 bottles of glow-in-the-dark Dom Perignon champagne onto designer watches that cost thousands of dollars each.



Also last week, 20-year-old Dawson Bakies pleaded not guilty in Manhattan Supreme Court to 52 counts of identity theft, grand larceny, and computer trespass tied to alleged SIM swapping activity. According to the New York Post, Bakies, who lives with his mom in Columbus, Ohio, allegedly called customer-service representatives posing as his victims and was able to port their phone numbers to a device he controlled.

In November 2018, authorities in New York arrested 21-year-old Manhattan resident Nicholas Truglia on suspicion of using SIM swaps to steal approximately $1 million worth of cryptocurrencies from a Silicon Valley executive. Truglia also is being sued by cryptocurrency angel investor Michael Terpin, who alleges that Truglia used a SIM swap against AT&T to steal $24 million in cryptocurrencies from him.


SIM swappers tend to target people with plenty of funds in the bank or in cryptocurrency exchanges, but as my victim source’s story shows, they often also SIM swap individuals who only appear to be high rollers. In the process, they may also rifle through your personal email and try to extort victims in exchange for turning over access to hijacked accounts.

There are several steps that readers can take to insulate themselves from SIM swapping attacks. First and foremost, do not re-use passwords to important accounts anywhere else. Also, take full advantage of the most robust form of multi-factor authentication available for the accounts you care about.

The web site breaks down online service providers by the types of secondary authentication offered (SMS, call, app-based one-time codes, security keys). Take a moment soon to review this important resource and harden your security posture wherever possible.

If the only two-factor authentication offered by a company you use is based on sending a one-time code via SMS or automated phone call, this is still better than relying on simply a password alone. But one-time codes generated by a mobile phone app such as Authy or Google Authenticator are more secure than SMS-based options because they are not directly vulnerable to SIM-swapping attacks. If available, physical security keys are an even better option.

Further reading:

Hanging Up on Mobile in the Name of Security

Busting SIM Swappers and SIM Swap Myths

Planet DebianAntoine Beaupré: Debian build helpers: dh dominates

It's been a while since someone did this. Back in 2009, Joey Hess made a talk at Debconf 9 about debhelper and mentioned in his slides (PDF) that it was used in most Debian packages. Here was the ratio (page 10):

  • debhelper: 54%
  • cdbs: 25%
  • dh: 9%
  • other: 3%

Then Lucas Nussbaum made graphs from that did the same, but with history. His latest post (archive link because original is missing images), from 2015 confirmed Joey's 2009 results. It also showed cdbs was slowly declining and a sharp uptake in the dh usage (over debhelper). Here were the approximate numbers:

  • debhelper: 15%
  • cdbs: 15%
  • dh: 69%
  • other: 1%

I ran the numbers again. Jakub Wilk pointed me to the output that can be used to get the current state easily:

$ curl -so lintian.log.gz
$ zgrep debian-build-system lintian.log.gz | awk '{print $NF}' | sort | uniq -c | sort -nr
  25772 dh
   2268 debhelper
    257 dhmk
    123 other

Shoving this in a LibreOffice spreadsheet (sorry, my R/Python brain is slow today) gave me this nice little graph:

Pie chart of showing a large proportion of dh packages, and much less of debhelper and cdbs

As of today, the numbers are now:

  • debhelper: 7%
  • cdbs: 7%
  • dh: 84%
  • other: 1%

(No the numbers don't add up. Yes it's a rounding error. Blame LibreOffice.)

So while cdbs lost 10% of the packages in 6 years, it lost another half of its share in the last 4. It's also interesting to note that debhelper and cdbs are both shrinking at a similar rate.

This confirms that debhelper development is where everything is happening right now. The new dh(1) sequencer is also a huge improvement that almost everyone has adopted wholeheartedly.

Now of course, that remaining 15% of debhelper/cdbs (or just 7% of cdbs, depending on how pedantic you are) will be the hard part to transition. Notice how the 1% of "other" packages hasn't really moved in the last four years: that's because some packages in Debian are old, abandoned, ignored, complicated, or all of the above. So it will be difficult to convert the remaining packages and finalize this great unification Joey (unknowingly) started ten years ago, as the remaining packages are probably the hard, messy, old ones no want wants to fix because, well, "they're not broken so don't fix it".

Still, it's nice to see us agree on something for a change. I'd be quite curious to see an update of Lucas' historical graphs. It would be particularly useful to see the impact of the old Alioth server replacement with, because it runs GitLab and only supports Git. Without an easy-to-use internal hosting service, I doubt SVN, Darcs, Bzr and whatever is left in "other" there will survive very long.


CryptogramMajor Zcash Vulnerability Fixed

Zcash just fixed a vulnerability that would have allowed "infinite counterfeit" Zcash.

Like all the other blockchain vulnerabilities and updates, this demonstrates the ridiculousness of the notion that code can replace people, that trust can be encompassed in the protocols, or that human governance is not ncessary.

Planet DebianNicolas Dandrimont: It is complete!

(well, at least the front of it is)

After last week’s DebConf Video Team sprint (thanks again to Jasper @ Linux Belgium for hosting us), the missing components for the stage box turned up right as I was driving back to Paris, and I could take the time to assemble them tonight.

The final inventory of this 6U rack is, from top to bottom:

  • U1: 1 Shure UA844+SWB antenna and power distribution system
  • U2 and U3: 4 Shure BLX4R/S8 receivers
  • U4: 1 Numato Opsis, 1 Minnowboard Turbot, 1 Netgear Gigabit Ethernet Switch to do presenter laptop (HDMI) capture, all neatly packed in a rackmount case.
  • U5 and U6: 1 tray with 2 BLX1/S8 belt packs with MX153T earset microphones and 2 BLX2/SM58 handheld microphone assemblies

This combination of audio and video equipment is all the things that the DebConf Video Team needs to have near the stage to record presentations in one room.

The next step will be to get the back panel milled to properly mount connectors, so that we don’t have to take the back of the box apart to wire things up 🙂

You may see this equipment in action at one of Debian’s upcoming events.

TEDLaunching today: The Way We Work, in partnership with Dropbox

We’re thrilled to announce the launch of TED’s latest original video series, The Way We Work. In this 8-episode series, a range of business leaders and thinkers offer their direct, practical wisdom and insight into how we can adapt and thrive amid changing workplace conventions.

In these brief, to-the-point videos, you can get answers to your questions on workplace romance … why you should work from home … the side hustle revolution … and how to make applying for a job less painful. It’s a smart exploration of the way we work right now. This series is made possible with the support of Dropbox.

Watch the playlist of The Way We Work >>

Planet DebianMolly de Blanc: Free software activities (January, 2019)

January was another quiet month for free software. This isn’t to say I wasn’t busy, but merely that there were fewer things going on, with those things being more demanding of my attention. I’m including some more banal activities both to pad out the list, but to also draw some attention to the labor that goes into free software participation.

A photo of two mugs of eggnog, sprinkled with nutmeg and cinnamon. The mugs feature a winter scene of characters from the Moomin books.

January activities (personal)

  • Debian Anti-harassment covered several incidents. These have not yet been detailed in an email to the Debian Project mailing list. I won’t get into details here, due to the sensitive nature of some of the conversations.
  • We began planning for Debian involvement in Google Summer of Code and Outreachy.
  • I put together a slide deck and prepared for FOSDEM. More details about FOSDEM next month! In the mean time, check out my talk description.

January activities (professional)

  • We wrapped up the end of the year fundraiser.
  • We’re planning LibrePlanet 2019! I hope to see you there.
  • I put together a slide deck for CopyLeft Conf, which I’ll detail more in February. I had drew and scanned in my slides, which is a time consuming process.

LongNowHow to Run a 500-Year Long Science Experiment

Glass vials containing dried B. subtilis spores (R. Möller and C. S. Cockell)

Last week, The Atlantic‘s Sarah Zhang profiled a University of Edinburgh science experiment that began in 02014 and—if everything goes according to plan—will conclude in 02514.

The experiment is studying the longevity of bacteria, which can remain viable well past the lifespan of humans.

Physically, the 500-year experiment consists of 800 simple glass vials containing either Chroococcidiopsis or another bacterium, Bacillus subtilis. The glass vials have been hermetically sealed with a flame. Half are shielded with lead, to protect them from the radiation of radon or cosmic rays, which can cause DNA damage. (A duplicate set of the vials sits in the Natural History Museum in London for backup.) Every other year for the first 24 years, and then every quarter century for the next 475, scientists are supposed to come test the dried bacteria for viability and DNA damage. The first set of data from the experiment was published last month.

Running a science experiment for 500 years introduces a number of challenges of interest to Long Now and our various long-term projects, from questions around storage and backup to institutional infrastructure to linguistic and technological considerations.

Opening vials, adding water, and counting colonies that grow from rehydrated bacteria is easy. The hard part is ensuring someone will continue doing this on schedule well into the future. The team left a USB stick with instructions, which Möller realizes is far from adequate, given how quickly digital technology becomes obsolete. They also left a hard copy, on paper. “But think about 500-year-old paper,” he says, how it would yellow and crumble. “Should we carve it in stone? Do we have to carve it in a metal plate?” But what if someone who cannot read the writing comes along and decides to take the metal plate as a cool, shiny relic, as tomb raiders once did when looting ancient tombs?

No strategy is likely to be completely foolproof 500 years later. So the team asks that researchers at each 25-year time point copy the instructions so that they remain linguistically and technologically up to date.

Zhang’s piece also details a number of other long-term science experiments, including a fertilizer and crop study that’s been underway since 01843 and a seed viability study that began in 01879 and will conclude in 02020.

Read her piece in full here.

Planet DebianReproducible builds folks: Reproducible Builds: Weekly report #197

Here’s what happened in the Reproducible Builds effort between Sunday January 27th and Saturday February 2nd 2019:

  • There was yet more progress towards making the Debian Installer images reproducible. Following-on from last week, Chris Lamb performed some further testing of the generated images resulting in two patches to ensure that builds were reproducible regardless of both the user’s umask(2) (filed as #920631) and even the underlying ordering of files on disk (#920676). It is hoped these can be merged for the next Debian Installer alpha/beta after the recent “Alpha 5” release.

  • Tails, the privacy-oriented “live” operating system released its first USB image, which is reproducible.

  • Chris Lamb implemented a check in the Lintian static analysis tool that performs automated checks against Debian packages in order to add a check for .sass-cache directories. As as they contain non-deterministic subdirectories they immediately contribute towards an unreproducible build (#920593).
  • disorderfs is our FUSE-based filesystem that deliberately introduces non-determinism into filesystems for easy and reliable testing. Chris Lamb fixed an issue this week in the handling of the fsyncdir system call to ensure dpkg(1) can “flush” /var/lib/dpkg correctly [].

  • Hervé Boutemy made more updates to the project website, including documenting []. In addition, Chris Smith fixed a typo on the tools page [] and Holger Levsen added a link to Lukas’s report to the recent Paris Summit page [].

  • strip-nondeterminism is our our tool that post-processes files to remove known non-deterministic output) version. This week, Chris Lamb investigated an issue regarding the tool not normalising file ownerships in .epub files that was originally identified by Holger Levsen, as well as clarified the negative message in test failures [] and performed some code cleanups (eg. []).

  • Chris Lamb updated the SSL certificate for to ensure validation after the deprecation of TLS-SNI-01 validation in LetsEncrypt.

  • Reproducible Builds were present at FOSDEM 2019 handing out t-shirts to contributors. Thank you!

  • On Tuesday February 26th Chris Lamb will speak at Speck&Tech 31 “Open Security” on Reproducible Builds in Trento, Italy.

  • 6 Debian package reviews were added, 3 were updated and 5 were removed in this week, adding to our knowledge about identified issues. Chris Lamb unearthed a new toolchain issue randomness_in_documentation_underscore_downloads_generated_by_sphinx, .

Packages reviewed and fixed, and bugs filed

Test framework development

We operate a comprehensive Jenkins-based testing framework that powers This week, Holger Levsen made a large number of improvements including:

  • Arch Linux-specific changes:
    • The scheduler is now run every 4h so present stats for this time period. []
    • Fix detection of bad builds. []
  • LEDE/OpenWrt-specific changes:
    • Make OpenSSH usable with a TCP port other than 22. This is needed for our OSUOSL nodes. []
    • Perform a minor refactoring of the build script. []
  • NetBSD-specific changes:
    • Add a ~jenkins/.ssh/config to fix jobs regarding OpenSSH running on non-standard ports. []
    • Add a note that osuosl171 is constantly online. []
  • Misc/generic changes:
    • Use same configuration for df_inode as for df to reduce noise. []
    • Remove a now-bogus warning; we have its parallel in Git now. []
    • Define ControlMaster and ControlPath in our OpenSSH configurations. []

In addition, Mattia Rizzolo and Vagrant Cascadian performed maintenance of the build nodes. ([], [], [], etc.)

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, intrigeri & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Worse Than FailureSet the Flux Capacitor for 12/30/1899

I mentally think of the early 2000s as "the XML Age". XML was everywhere. Everyone wanted to put XML into their applications. Java was the XML king, using XML for everything. People were starting to ask themselves, "do we need the big expensive RDBMS, when we can just use XML instead?"

In other words, just like JSON today, but worse. Tomislav A inherited one such database- a clunky pile of XML documents with only the vaguest hint of a schema to them, and a mix of valuable, useful data, and a mountain of crap. With the assumption that all data validation was happening in the application layer, the database was mostly "garbage in, garbage sits there forever and can never be deleted because it might be important".

Tomislav's job was to filter out the garbage, find the actually useful information, and move it into a real datastore. There were loads of problems and inconsistencies in the data, but with a little Python in his toolkit, Tomislav could mostly handle those.

For example, dates. Dates were stored in the XML as just text strings, because why would you use a structured document format to represent structured data? Since they were just strings, and since there was no data validation/sanitization in the application layer, there was no system to the strings. "31-DEC-2002" sat next to "12/31/2002" and "31/12/2002". With some help from dateutil.parser, Tomislav could handle most of those glitches without difficulty.

Until, when importing a date, he got the error: ValueError: year 39002 is out of range.

One of the dates in the document was just that- 39002. Knowing that there was no validation, Tomislav was ready to dismiss it as just corrupt data, but not before taking a stab at it. Was it the number of days, or maybe weeks since the Unix Epoch?

>>> datetime(2019, 1, 1) - datetime(1970, 1, 1) datetime.timedelta(days=17897)

Nope, not even close. The rest of the record didn't look like garbage, though. And 39002 seemed so oddly specific. Tomislav had one advantage, though: one of the original developers was still with the company.

Heidi was still writing code, mostly keeping ancient MFC-based C++ applications from falling over. Because she was elbow deep in the Windows stack, it didn't take her more than a second of looking at the "date" to figure out what was going on.

"39002? That's the number of days since December 30th, 1899."

"What? Why?"

Heidi laughed. "Let me tell you a story."

Rewind time far enough, and the most important piece of software on the planet, at least from the end users perspective, was Lotus 1-2-3, which had the killer feature: it was Excel before Excel existed. All users ever want is Excel.

Spreadsheets are large, complex systems, and in the early days of Lotus 1-2-3, they were running on computers that had limitations on doing large, complex things. Compact representations which could be manipulated quickly were important. So, if you wanted to represent a date, for example, you wanted a single number. If you limit yourself to dates (and not times), then counting the number of days since an arbitrary threshold date seems reasonable. If you want times, you can make it a floating point, and use fractional days.

If you wanted to set a landmark, you could pick any date, but a nice round number seems reasonable. Let's say, for example, January 1st, 1900. From there, it's easy to just add and subtract numbers of days to produce new dates. Oh, but you do have to think about leap years. Leap years are more complicated- a year is a leap year if it's divisible by four, but not if it's divisible by 100, unless it's also divisible by 400. That's a lot of math to do if you're trying to fit a thousand rows in a spreadsheet on a computer with less horsepower than your average 2019 thermostat.

So you cheat. Checking if a number is divisible by four doesn't require a modulus operation- you can check that with a bitmask, which is super fast. Unfortunately, it means your code is wrong, because you think 1900 is a leap year. Now all your dates after February 28th are off-by-one. Then again, you're the one counting. Speaking of being the one counting, while arrays might start at zero, normal humans start counting at one, so January 1st should be 1, which makes December 31st, 1899 your "zero" date.

You've got a spreadsheet app with working dates that can handle thousands of cells in under 640k of RAM. It's time to ship it. The problem is solved.

Until Microsoft comes back into the picture, anyway. As previously stated, what users really want is Excel, but Excel doesn't exist yet. So you need to make it. Lotus 1-2-3 owns the spreadsheet space, so Microsoft is actually the plucky upstart here, and like all plucky upstarts, they have to start out by being compatible with the established product. Excel needs to be able to handle Lotus files. And that means it needs to handle Lotus dates. So it replicates the Lotus behavior, down to thinking 1900 is a leap year.

Lotus, and Excel, both think that 60 days after December 31st, 1899 is February 29th.

Time marches on. Excel needs to have macros, and the thought is to bolt on some of the newfangled Object-Oriented Basic folks have been experimenting with. This is a full-fledged programming language, so there's already an assumption that it should be able to handle dates correctly, and that means counting leap years properly. So this dialect of Basic doesn't think 1900 is a leap year.

This macro language thinks that 60 days after December 31st, 1899 is March 1st.

No problem. Move your start date back one more, to December 30th, 1899. Now Excel, Lotus, and our macro language all agree that March 1st, 1900, is day number 61. Our macro language is off-by-one for the first few months of 1900, but that discrepancy is acceptable, and no one at Microsoft, including Bill Gates who signed off on it, cares.

The Basic-derived macro language is successful enough inside of Excel that it grows up to be Visual Basic. It is "the" Microsoft language, and when they start extending it with features like COM for handling library linking and cross-process communication, it lays the model. Which means when they're figuring out how to do dates in COM… they use the Visual Basic date model. And COM was the whole banana, as far as Windows was concerned- everything on Windows touched COM or its successors in some fashion. It wasn't until .NET that the rule of December 30th, 1899 was finally broken, but it still crops up in Office products and SQL Server from time to time.

Tomislav writes:

I don't use any Microsoft technologies, and never did much. I always believed that if there was one common thing across all systems and technologies, it was 1970-01-01, the Epoch, the magic date!

Armed with a better picture of how weird dates could actually be, Tomislav was able to get back to work on trying to make sense of that XML database. Heidi still has her hands deep in the guts of ancient C++ applications that barely compile on modern Windows environments.

For me, the key take away is how small choices made ages ago, decisions which made sense at the time, keep cropping up. It's not just dates, although the Y2K bug and the 2038 problem both highlight how often this happens with dates. You never know when today's quick little cheat or hack becomes tomorrow's standard.

For more information on this topic:

[Advertisement] Ensure your software is built only once and then deployed consistently across environments, by packaging your applications and components. Learn how today!

Planet DebianMichael Stapelberg: Looking for a new Raspberry Pi image maintainer

This is taken care of: Gunnar Wolf has taken on maintenance of the Raspberry Pi image. Thank you!

(Cross-posting this message I sent to pkg-raspi-maintainers for broader visibility.)

I started building Raspberry Pi images because I thought there should be an easy, official way to install Debian on the Raspberry Pi.

I still believe that, but I’m not actually using Debian on any of my Raspberry Pis anymore¹, so my personal motivation to do any work on the images is gone.

On top of that, I realize that my commitments exceed my spare time capacity, so I need to get rid of responsibilities.

Therefore, I’m looking for someone to take up maintainership of the Raspberry Pi images. Numerous people have reached out to me with thank you notes and questions, so I think the user interest is there. Also, I’ll be happy to answer any questions that you might have and that I can easily answer. Please reply here (or in private) if you’re interested.

If I can’t find someone within the next 7 days, I’ll put up an announcement message in the raspi3-image-spec README, wiki page, and my blog posts, stating that the image is unmaintained and looking for a new maintainer.

Thanks for your understanding,

① just in case you’re curious, I’m now running cross-compiled Go programs directly under a Linux kernel and minimal userland, see

Planet DebianMichael Stapelberg: Looking for a new Raspberry Pi image maintainer

This is taken care of: Gunnar Wolf has taken on maintenance of the Raspberry Pi image. Thank you!

(Cross-posting this message I sent to pkg-raspi-maintainers for broader visibility.)

I started building Raspberry Pi images because I thought there should be an easy, official way to install Debian on the Raspberry Pi.

I still believe that, but I’m not actually using Debian on any of my Raspberry Pis anymore¹, so my personal motivation to do any work on the images is gone.

On top of that, I realize that my commitments exceed my spare time capacity, so I need to get rid of responsibilities.

Therefore, I’m looking for someone to take up maintainership of the Raspberry Pi images. Numerous people have reached out to me with thank you notes and questions, so I think the user interest is there. Also, I’ll be happy to answer any questions that you might have and that I can easily answer. Please reply here (or in private) if you’re interested.

If I can’t find someone within the next 7 days, I’ll put up an announcement message in the raspi3-image-spec README, wiki page, and my blog posts, stating that the image is unmaintained and looking for a new maintainer.

Thanks for your understanding,

① just in case you’re curious, I’m now running cross-compiled Go programs directly under a Linux kernel and minimal userland, see

Planet DebianMichael Stapelberg: TurboPFor: an analysis


I have recently been looking into speeding up Debian Code Search. As a quick reminder, search engines answer queries by consulting an inverted index: a map from term to documents containing that term (called a “posting list”). See the Debian Code Search Bachelor Thesis (PDF) for a lot more details.

Currently, Debian Code Search does not store positional information in its index, i.e. the index can only reveal that a certain trigram is present in a document, not where or how often.

From analyzing Debian Code Search queries, I knew that identifier queries (70%) massively outnumber regular expression queries (30%). When processing identifier queries, storing positional information in the index enables a significant optimization: instead of identifying the possibly-matching documents and having to read them all, we can determine matches from querying the index alone, no document reads required.

This moves the bottleneck: having to read all possibly-matching documents requires a lot of expensive random I/O, whereas having to decode long posting lists requires a lot of cheap sequential I/O.

Of course, storing positions comes with a downside: the index is larger, and a larger index takes more time to decode when querying.

Hence, I have been looking at various posting list compression/decoding techniques, to figure out whether we could switch to a technique which would retain (or improve upon!) current performance despite much longer posting lists and produce a small enough index to fit on our current hardware.


I started looking into this space because of Daniel Lemire’s Stream VByte post. As usual, Daniel’s work is well presented, easily digestible and accompanied by not just one, but multiple implementations.

I also looked for scientific papers to learn about the state of the art and classes of different approaches in general. The best I could find is Compression, SIMD, and Postings Lists. If you don’t have access to the paper, I hear that Sci-Hub is helpful.

The paper is from 2014, and doesn’t include all algorithms. If you know of a better paper, please let me know and I’ll include it here.

Eventually, I stumbled upon an algorithm/implementation called TurboPFor, which the rest of the article tries to shine some light on.


If you’re wondering: PFor stands for Patched Frame Of Reference and describes a family of algorithms. The principle is explained e.g. in SIMD Compression and the Intersection of Sorted Integers (PDF).

The TurboPFor project’s README file claims that TurboPFor256 compresses with a rate of 5.04 bits per integer, and can decode with 9400 MB/s on a single thread of an Intel i7-6700 CPU.

For Debian Code Search, we use unsigned integers of 32 bit (uint32), which TurboPFor will compress into as few bits as required.

Dividing Debian Code Search’s file sizes by the total number of integers, I get similar values, at least for the docid index section:

  • 5.49 bits per integer for the docid index section
  • 11.09 bits per integer for the positions index section

I can confirm the order of magnitude of the decoding speed, too. My benchmark calls TurboPFor from Go via cgo, which introduces some overhead. To exclude disk speed as a factor, data comes from the page cache. The benchmark sequentially decodes all posting lists in the specified index, using as many threads as the machine has cores¹:

  • ≈1400 MB/s on a 1.1 GiB docid index section
  • ≈4126 MB/s on a 15.0 GiB position index section

I think the numbers differ because the position index section contains larger integers (requiring more bits). I repeated both benchmarks, capped to 1 GiB, and decoding speeds still differed, so it is not just the size of the index.

Compared to Streaming VByte, a TurboPFor256 index comes in at just over half the size, while still reaching 83% of Streaming VByte’s decoding speed. This seems like a good trade-off for my use-case, so I decided to have a closer look at how TurboPFor works.

① See cmd/gp4-verify/verify.go run on an Intel i9-9900K.


To confirm my understanding of the details of the format, I implemented a pure-Go TurboPFor256 decoder. Note that it is intentionally not optimized as its main goal is to use simple code to teach the TurboPFor256 on-disk format.

If you’re looking to use TurboPFor from Go, I recommend using cgo. cgo’s function call overhead is about 51ns as of Go 1.8, which will easily be offset by TurboPFor’s carefully optimized, vectorized (SSE/AVX) code.

With that caveat out of the way, you can find my teaching implementation at

I verified that it produces the same results as TurboPFor’s p4ndec256v32 function for all posting lists in the Debian Code Search index.

On-disk format

Note that TurboPFor does not fully define an on-disk format on its own. When encoding, it turns a list of integers into a byte stream:

size_t p4nenc256v32(uint32_t *in, size_t n, unsigned char *out);

When decoding, it decodes the byte stream into an array of integers, but needs to know the number of integers in advance:

size_t p4ndec256v32(unsigned char *in, size_t n, uint32_t *out);

Hence, you’ll need to keep track of the number of integers and length of the generated byte streams separately. When I talk about on-disk format, I’m referring to the byte stream which TurboPFor returns.

The TurboPFor256 format uses blocks of 256 integers each, followed by a trailing block — if required — which can contain fewer than 256 integers:

SIMD bitpacking is used for all blocks but the trailing block (which uses regular bitpacking). This is not merely an implementation detail for decoding: the on-disk structure is different for blocks which can be SIMD-decoded.

Each block starts with a 2 bit header, specifying the type of the block:

Each block type is explained in more detail in the following sections.

Note that none of the block types store the number of elements: you will always need to know how many integers you need to decode. Also, you need to know in advance how many bytes you need to feed to TurboPFor, so you will need some sort of container format.

Further, TurboPFor automatically choses the best block type for each block.

Constant block

A constant block (all integers of the block have the same value) consists of a single value of a specified bit width ≤ 32. This value will be stored in each output element for the block. E.g., after calling decode(input, 3, output) with input being the constant block depicted below, output is {0xB8912636, 0xB8912636, 0xB8912636}.

The example shows the maximum number of bytes (5). Smaller integers will use fewer bytes: e.g. an integer which can be represented in 3 bits will only use 2 bytes.

Bitpacking block

A bitpacking block specifies a bit width ≤ 32, followed by a stream of bits. Each value starts at the Least Significant Bit (LSB), i.e. the 3-bit values 0 (000b) and 5 (101b) are encoded as 101000b.

Bitpacking with exceptions (bitmap) block

The constant and bitpacking block types work well for integers which don’t exceed a certain width, e.g. for a series of integers of width ≤ 5 bits.

For a series of integers where only a few values exceed an otherwise common width (say, two values require 7 bits, the rest requires 5 bits), it makes sense to cut the integers into two parts: value and exception.

In the example below, decoding the third integer out2 (000b) requires combination with exception ex0 (10110b), resulting in 10110000b.

The number of exceptions can be determined by summing the 1 bits in the bitmap using the popcount instruction.

Bitpacking with exceptions (variable byte)

When the exceptions are not uniform enough, it makes sense to switch from bitpacking to a variable byte encoding:

Decoding: variable byte

The variable byte encoding used by the TurboPFor format is similar to the one used by SQLite, which is described, alongside other common variable byte encodings, at

Instead of using individual bits for dispatching, this format classifies the first byte (b[0]) into ranges:

  • [0—176]: the value is b[0]
  • [177—240]: a 14 bit value is in b[0] (6 high bits) and b[1] (8 low bits)
  • [241—248]: a 19 bit value is in b[0] (3 high bits), b[1] and b[2] (16 low bits)
  • [249—255]: a 32 bit value is in b[1], b[2], b[3] and possibly b[4]

Here is the space usage of different values:

  • [0—176] are stored in 1 byte (as-is)
  • [177—16560] are stored in 2 bytes, with the highest 6 bits added to 177
  • [16561—540848] are stored in 3 bytes, with the highest 3 bits added to 241
  • [540849—16777215] are stored in 4 bytes, with 0 added to 249
  • [16777216—4294967295] are stored in 5 bytes, with 1 added to 249

An overflow marker will be used to signal that encoding the values would be less space-efficient than simply copying them (e.g. if all values require 5 bytes).

This format is very space-efficient: it packs 0-176 into a single byte, as opposed to 0-128 (most others). At the same time, it can be decoded very quickly, as only the first byte needs to be compared to decode a value (similar to PrefixVarint).

Decoding: bitpacking

Regular bitpacking

In regular (non-SIMD) bitpacking, integers are stored on disk one after the other, padded to a full byte, as a byte is the smallest addressable unit when reading data from disk. For example, if you bitpack only one 3 bit int, you will end up with 5 bits of padding.

SIMD bitpacking (256v32)

SIMD bitpacking works like regular bitpacking, but processes 8 uint32 little-endian values at the same time, leveraging the AVX instruction set. The following illustration shows the order in which 3-bit integers are decoded from disk:

In Practice

For a Debian Code Search index, 85% of posting lists are short enough to only consist of a trailing block, i.e. no SIMD instructions can be used for decoding.

The distribution of block types looks as follows:

  • 72% bitpacking with exceptions (bitmap)
  • 19% bitpacking with exceptions (variable byte)
  • 5% constant
  • 4% bitpacking

Constant blocks are mostly used for posting lists with just one entry.


The TurboPFor on-disk format is very flexible: with its 4 different kinds of blocks, chances are high that a very efficient encoding will be used for most integer series.

Of course, the flip side of covering so many cases is complexity: the format and implementation take quite a bit of time to understand — hopefully this article helps a little! For environments where the C TurboPFor implementation cannot be used, smaller algorithms might be simpler to implement.

That said, if you can use the TurboPFor implementation, you will benefit from a highly optimized SIMD code base, which will most likely be an improvement over what you’re currently using.

Planet DebianMichael Stapelberg: TurboPFor: an analysis


I have recently been looking into speeding up Debian Code Search. As a quick reminder, search engines answer queries by consulting an inverted index: a map from term to documents containing that term (called a “posting list”). See the Debian Code Search Bachelor Thesis (PDF) for a lot more details.

Currently, Debian Code Search does not store positional information in its index, i.e. the index can only reveal that a certain trigram is present in a document, not where or how often.

From analyzing Debian Code Search queries, I knew that identifier queries (70%) massively outnumber regular expression queries (30%). When processing identifier queries, storing positional information in the index enables a significant optimization: instead of identifying the possibly-matching documents and having to read them all, we can determine matches from querying the index alone, no document reads required.

This moves the bottleneck: having to read all possibly-matching documents requires a lot of expensive random I/O, whereas having to decode long posting lists requires a lot of cheap sequential I/O.

Of course, storing positions comes with a downside: the index is larger, and a larger index takes more time to decode when querying.

Hence, I have been looking at various posting list compression/decoding techniques, to figure out whether we could switch to a technique which would retain (or improve upon!) current performance despite much longer posting lists and produce a small enough index to fit on our current hardware.


I started looking into this space because of Daniel Lemire’s Stream VByte post. As usual, Daniel’s work is well presented, easily digestible and accompanied by not just one, but multiple implementations.

I also looked for scientific papers to learn about the state of the art and classes of different approaches in general. The best I could find is Compression, SIMD, and Postings Lists. If you don’t have access to the paper, I hear that Sci-Hub is helpful.

The paper is from 2014, and doesn’t include all algorithms. If you know of a better paper, please let me know and I’ll include it here.

Eventually, I stumbled upon an algorithm/implementation called TurboPFor, which the rest of the article tries to shine some light on.


If you’re wondering: PFor stands for Patched Frame Of Reference and describes a family of algorithms. The principle is explained e.g. in SIMD Compression and the Intersection of Sorted Integers (PDF).

The TurboPFor project’s README file claims that TurboPFor256 compresses with a rate of 5.04 bits per integer, and can decode with 9400 MB/s on a single thread of an Intel i7-6700 CPU.

For Debian Code Search, we use unsigned integers of 32 bit (uint32), which TurboPFor will compress into as few bits as required.

Dividing Debian Code Search’s file sizes by the total number of integers, I get similar values, at least for the docid index section:

  • 5.49 bits per integer for the docid index section
  • 11.09 bits per integer for the positions index section

I can confirm the order of magnitude of the decoding speed, too. My benchmark calls TurboPFor from Go via cgo, which introduces some overhead. To exclude disk speed as a factor, data comes from the page cache. The benchmark sequentially decodes all posting lists in the specified index, using as many threads as the machine has cores¹:

  • ≈1400 MB/s on a 1.1 GiB docid index section
  • ≈4126 MB/s on a 15.0 GiB position index section

I think the numbers differ because the position index section contains larger integers (requiring more bits). I repeated both benchmarks, capped to 1 GiB, and decoding speeds still differed, so it is not just the size of the index.

Compared to Streaming VByte, a TurboPFor256 index comes in at just over half the size, while still reaching 83% of Streaming VByte’s decoding speed. This seems like a good trade-off for my use-case, so I decided to have a closer look at how TurboPFor works.

① See cmd/gp4-verify/verify.go run on an Intel i9-9900K.


To confirm my understanding of the details of the format, I implemented a pure-Go TurboPFor256 decoder. Note that it is intentionally not optimized as its main goal is to use simple code to teach the TurboPFor256 on-disk format.

If you’re looking to use TurboPFor from Go, I recommend using cgo. cgo’s function call overhead is about 51ns as of Go 1.8, which will easily be offset by TurboPFor’s carefully optimized, vectorized (SSE/AVX) code.

With that caveat out of the way, you can find my teaching implementation at

I verified that it produces the same results as TurboPFor’s p4ndec256v32 function for all posting lists in the Debian Code Search index.

On-disk format

Note that TurboPFor does not fully define an on-disk format on its own. When encoding, it turns a list of integers into a byte stream:

size_t p4nenc256v32(uint32_t *in, size_t n, unsigned char *out);

When decoding, it decodes the byte stream into an array of integers, but needs to know the number of integers in advance:

size_t p4ndec256v32(unsigned char *in, size_t n, uint32_t *out);

Hence, you’ll need to keep track of the number of integers and length of the generated byte streams separately. When I talk about on-disk format, I’m referring to the byte stream which TurboPFor returns.

The TurboPFor256 format uses blocks of 256 integers each, followed by a trailing block — if required — which can contain fewer than 256 integers:

SIMD bitpacking is used for all blocks but the trailing block (which uses regular bitpacking). This is not merely an implementation detail for decoding: the on-disk structure is different for blocks which can be SIMD-decoded.

Each block starts with a 2 bit header, specifying the type of the block:

Each block type is explained in more detail in the following sections.

Note that none of the block types store the number of elements: you will always need to know how many integers you need to decode. Also, you need to know in advance how many bytes you need to feed to TurboPFor, so you will need some sort of container format.

Further, TurboPFor automatically choses the best block type for each block.

Constant block

A constant block (all integers of the block have the same value) consists of a single value of a specified bit width ≤ 32. This value will be stored in each output element for the block. E.g., after calling decode(input, 3, output) with input being the constant block depicted below, output is {0xB8912636, 0xB8912636, 0xB8912636}.

The example shows the maximum number of bytes (5). Smaller integers will use fewer bytes: e.g. an integer which can be represented in 3 bits will only use 2 bytes.

Bitpacking block

A bitpacking block specifies a bit width ≤ 32, followed by a stream of bits. Each value starts at the Least Significant Bit (LSB), i.e. the 3-bit values 0 (000b) and 5 (101b) are encoded as 101000b.

Bitpacking with exceptions (bitmap) block

The constant and bitpacking block types work well for integers which don’t exceed a certain width, e.g. for a series of integers of width ≤ 5 bits.

For a series of integers where only a few values exceed an otherwise common width (say, two values require 7 bits, the rest requires 5 bits), it makes sense to cut the integers into two parts: value and exception.

In the example below, decoding the third integer out2 (000b) requires combination with exception ex0 (10110b), resulting in 10110000b.

The number of exceptions can be determined by summing the 1 bits in the bitmap using the popcount instruction.

Bitpacking with exceptions (variable byte)

When the exceptions are not uniform enough, it makes sense to switch from bitpacking to a variable byte encoding:

Decoding: variable byte

The variable byte encoding used by the TurboPFor format is similar to the one used by SQLite, which is described, alongside other common variable byte encodings, at

Instead of using individual bits for dispatching, this format classifies the first byte (b[0]) into ranges:

  • [0—176]: the value is b[0]
  • [177—240]: a 14 bit value is in b[0] (6 high bits) and b[1] (8 low bits)
  • [241—248]: a 19 bit value is in b[0] (3 high bits), b[1] and b[2] (16 low bits)
  • [249—255]: a 32 bit value is in b[1], b[2], b[3] and possibly b[4]

Here is the space usage of different values:

  • [0—176] are stored in 1 byte (as-is)
  • [177—16560] are stored in 2 bytes, with the highest 6 bits added to 177
  • [16561—540848] are stored in 3 bytes, with the highest 3 bits added to 241
  • [540849—16777215] are stored in 4 bytes, with 0 added to 249
  • [16777216—4294967295] are stored in 5 bytes, with 1 added to 249

An overflow marker will be used to signal that encoding the values would be less space-efficient than simply copying them (e.g. if all values require 5 bytes).

This format is very space-efficient: it packs 0-176 into a single byte, as opposed to 0-128 (most others). At the same time, it can be decoded very quickly, as only the first byte needs to be compared to decode a value (similar to PrefixVarint).

Decoding: bitpacking

Regular bitpacking

In regular (non-SIMD) bitpacking, integers are stored on disk one after the other, padded to a full byte, as a byte is the smallest addressable unit when reading data from disk. For example, if you bitpack only one 3 bit int, you will end up with 5 bits of padding.

SIMD bitpacking (256v32)

SIMD bitpacking works like regular bitpacking, but processes 8 uint32 little-endian values at the same time, leveraging the AVX instruction set. The following illustration shows the order in which 3-bit integers are decoded from disk:

In Practice

For a Debian Code Search index, 85% of posting lists are short enough to only consist of a trailing block, i.e. no SIMD instructions can be used for decoding.

The distribution of block types looks as follows:

  • 72% bitpacking with exceptions (bitmap)
  • 19% bitpacking with exceptions (variable byte)
  • 5% constant
  • 4% bitpacking

Constant blocks are mostly used for posting lists with just one entry.


The TurboPFor on-disk format is very flexible: with its 4 different kinds of blocks, chances are high that a very efficient encoding will be used for most integer series.

Of course, the flip side of covering so many cases is complexity: the format and implementation take quite a bit of time to understand — hopefully this article helps a little! For environments where the C TurboPFor implementation cannot be used, smaller algorithms might be simpler to implement.

That said, if you can use the TurboPFor implementation, you will benefit from a highly optimized SIMD code base, which will most likely be an improvement over what you’re currently using.


Krebs on SecurityCrooks Continue to Exploit GoDaddy Hole, the world’s largest domain name registrar, recently addressed an authentication weakness that cybercriminals were using to blast out spam through legitimate, dormant domains. But several more recent malware spam campaigns suggest GoDaddy’s fix hasn’t gone far enough, and that scammers likely still have a sizable arsenal of hijacked GoDaddy domains at their disposal.

On January 22, KrebsOnSecurity published research showing that crooks behind a series of massive sextortion and bomb threat spam campaigns throughout 2018 — an adversary that’s been dubbed “Spammy Bear” —  achieved an unusual amount of inbox delivery by exploiting a weakness at GoDaddy which allowed anyone to add a domain to their GoDaddy account without validating that they actually owned the domain.

Spammy Bear targeted dormant but otherwise legitimate domains that had one thing in common: They all at one time used GoDaddy’s hosted Domain Name System (DNS) service. Researcher Ron Guilmette discovered that Spammy Bear was able to hijack thousands of these dormant domains for spam simply by registering free accounts at GoDaddy and telling the company’s automated DNS service to allow the sending of email with those domains from an Internet address controlled by the spammers.

Very soon after that story ran, GoDaddy said it had put in place a fix for the problem, and had scrubbed more than 4,000 domain names used in the spam campaigns that were identified in my Jan. 22 story. But on or around February 1, a new spam campaign that leveraged similarly hijacked domains at GoDaddy began distributing Gand Crab, a potent strain of ransomware.

As noted in a post last week at the blog MyOnlineSecurity, the Gand Crab campaign used a variety of lures, including fake DHL shipping notices and phony AT&T e-fax alerts. The domains documented by MyOnlineSecurity all had their DNS records altered between Jan. 31 and Feb. 1 to allow the sending of email from Internet addresses tied to two ISPs identified in my original Jan. 22 report on the GoDaddy weakness.

“What makes these malware laden emails much more likely to be delivered is the fact that the sending domains all have a good reputation,” MyOnlineSecurity observed. “There are dozens, if not hundreds of domains involved in this particular campaign. Almost all the domains have been registered for many years, some for more than 10 years.”

A “passive DNS” lookup shows the DNS changes made by the spammers on Jan. 31 for one of the domains used in the Gand Crab spam campaign documented by MyOnlineSecurity. Image: Farsight Security.

In a statement provided to KrebsOnSecurity, GoDaddy said the company was confident the steps it took to address the problem were working as intended, and that GoDaddy had simply overlooked the domains abused in the recent GandCrab spam campaign.

“The domains used in the Gand Crab campaign were modified before then, but we missed them in our initial sweep,” GoDaddy spokesperson Dan Race said. “While we are otherwise confident of the mitigation steps we took to prevent the dangling DNS issue, we are working to identify any other domains that need to be fixed.”

“We do not believe it is possible for a person to hijack the DNS of one or more domains using the same tactics as used in the Spammy Bear and Gand Crab campaigns,” Race continued. “However, we are assessing if there are other methods that may be used to achieve the same results, and we continue our normal monitoring for account takeover. We have also set up a reporting alias at to make it easier to report any suspicious activity or any details that might help our efforts to stop this kind of abuse.”

That email address is likely to receive quite a few tips in the short run. Virus Bulletin editor Martijn Grooten this week published his analysis on a January 29 malware email campaign that came disguised as a shipping notice from UPS. Grooten said the spam intercepted from that campaign included links to an Internet address that was previously used to distribute GandCrab, and that virtually all of the domains seen sending the fake UPS notices used one of two pairs of DNS servers managed by GoDaddy.

“The majority of domains, which we think had probably had their DNS compromised, still point to the same IP address though,” Grooten wrote. That IP address is currently home to a Web site that sells stolen credit card data.

The fake UPS message used in a Jan. 29 Gand Crab malware spam campaign. Source: Virus Bulletin.

Grooten told KrebsOnSecurity he suspects criminals may have succeeded at actually compromising several of GoDaddy’s hosted DNS servers. For one thing, he said, the same pair (sometimes two pairs) of name servers keep appearing in the same campaign.

“In quite a few campaigns we saw domains used that were alphabetically close, [and] there are other domains used that had moved away from GoDaddy before these campaigns, yet were still used,” Grooten said. “It’s also interesting to note that hundreds — and perhaps thousands — of domains had their DNS changed within a short period of time. Such a thing is hard to do if you have to log into individual accounts.”

GoDaddy said there has been no such breach.

“Our DNS servers have not been compromised,” Race said. “The examples provided were dangled domains that had zone files created by the threat actor prior to when we implemented our mitigation on January 23. These domain names were parked until the threat actors activated them. They had the ability to do that because they owned the zone files already. We’re continuing to review customer accounts for other potential zone entries.”

First emerging in early 2018, Gand Crab has been dubbed “the most popular multi-million dollar ransomware of the year.” Last week, KrebsOnSecurity was contacted by a company hit with Gand Crab in late January after an employee was taken in by what appears to be the same campaign detailed by Virus Bulletin.

Charlene Price is co-owner of A.S. Price Mechanical, a small metal fabrication business in Gilbert, South Carolina. Price said an employee was tricked into infecting one of their hard drives with Gand Crab, which encrypted the drive and demanded $2,000 in bitcoin for a key needed to unlock the files.

While Price and her husband consulted with tech experts and debated what to do next, the extortionists doubled the ransom demand to $4,000.

Sites like distribute free tools and tutorials that can help some ransomware victims recover their files without paying a ransom demand, but those tools often only work with specific versions of a particular ransomware strain. Price said the tool made available for Gand Crab infections was unable to decrypt the files on her scrambled hard drive.

“It’s not fair or right and this is unjust,” Price said. “We have accepted the fact, for now, that we are just locked out our company’s information. We know nothing about this type of issue other than we have to pay it or just start again.”

Update: 2:55 p.m. ET: Added statement from GoDaddy.

Planet DebianMichael Stapelberg: sbuild-debian-developer-setup(1)

I have heard a number of times that sbuild is too hard to get started with, and hence people don’t use it.

To reduce hurdles from using/contributing to Debian, I wanted to make sbuild easier to set up.

sbuild ≥ 0.74.0 provides a Debian package called sbuild-debian-developer-setup. Once installed, run the sbuild-debian-developer-setup(1) command to create a chroot suitable for building packages for Debian unstable.

On a system without any sbuild/schroot bits installed, a transcript of the full setup looks like this:

% sudo apt install -t unstable sbuild-debian-developer-setup
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libsbuild-perl sbuild schroot
Suggested packages:
  deborphan btrfs-tools aufs-tools | unionfs-fuse qemu-user-static
Recommended packages:
  exim4 | mail-transport-agent autopkgtest
The following NEW packages will be installed:
  libsbuild-perl sbuild sbuild-debian-developer-setup schroot
0 upgraded, 4 newly installed, 0 to remove and 1454 not upgraded.
Need to get 1.106 kB of archives.
After this operation, 3.556 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://localhost:3142/ unstable/main amd64 libsbuild-perl all 0.74.0-1 [129 kB]
Get:2 http://localhost:3142/ unstable/main amd64 sbuild all 0.74.0-1 [142 kB]
Get:3 http://localhost:3142/ testing/main amd64 schroot amd64 1.6.10-4 [772 kB]
Get:4 http://localhost:3142/ unstable/main amd64 sbuild-debian-developer-setup all 0.74.0-1 [62,6 kB]
Fetched 1.106 kB in 0s (5.036 kB/s)
Selecting previously unselected package libsbuild-perl.
(Reading database ... 276684 files and directories currently installed.)
Preparing to unpack .../libsbuild-perl_0.74.0-1_all.deb ...
Unpacking libsbuild-perl (0.74.0-1) ...
Selecting previously unselected package sbuild.
Preparing to unpack .../sbuild_0.74.0-1_all.deb ...
Unpacking sbuild (0.74.0-1) ...
Selecting previously unselected package schroot.
Preparing to unpack .../schroot_1.6.10-4_amd64.deb ...
Unpacking schroot (1.6.10-4) ...
Selecting previously unselected package sbuild-debian-developer-setup.
Preparing to unpack .../sbuild-debian-developer-setup_0.74.0-1_all.deb ...
Unpacking sbuild-debian-developer-setup (0.74.0-1) ...
Processing triggers for systemd (236-1) ...
Setting up schroot (1.6.10-4) ...
Created symlink /etc/systemd/system/ → /lib/systemd/system/schroot.service.
Setting up libsbuild-perl (0.74.0-1) ...
Processing triggers for man-db ( ...
Setting up sbuild (0.74.0-1) ...
Setting up sbuild-debian-developer-setup (0.74.0-1) ...
Processing triggers for systemd (236-1) ...

% sudo sbuild-debian-developer-setup
The user `michael' is already a member of `sbuild'.
I: SUITE: unstable
I: TARGET: /srv/chroot/unstable-amd64-sbuild
I: MIRROR: http://localhost:3142/
I: Running debootstrap --arch=amd64 --variant=buildd --verbose --include=fakeroot,build-essential,eatmydata --components=main --resolve-deps unstable /srv/chroot/unstable-amd64-sbuild http://localhost:3142/
I: Retrieving InRelease 
I: Checking Release signature
I: Valid Release signature (key id 126C0D24BD8A2942CC7DF8AC7638D0442B90D010)
I: Retrieving Packages 
I: Validating Packages 
I: Found packages in base already in required: apt 
I: Resolving dependencies of required packages...
I: Successfully set up unstable chroot.
I: Run "sbuild-adduser" to add new sbuild users.
ln -s /usr/share/doc/sbuild/examples/sbuild-update-all /etc/cron.daily/sbuild-debian-developer-setup-update-all
Now run `newgrp sbuild', or log out and log in again.

% newgrp sbuild

% sbuild -d unstable hello
sbuild (Debian sbuild) 0.74.0 (14 Mar 2018) on x1

| hello (amd64)                                Mon, 19 Mar 2018 07:46:14 +0000 |

Package: hello
Distribution: unstable
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: binary

I hope you’ll find this useful.

Planet DebianMichael Stapelberg: dput usability changes

dput-ng ≥ 1.16 contains two usability changes which make uploading easier:

  1. When no arguments are specified, dput-ng auto-selects the most recent .changes file (with confirmation).
  2. Instead of erroring out when detecting an unsigned .changes file, debsign(1) is invoked to sign the .changes file before proceeding.

With these changes, after building a package, you just need to type dput (in the correct directory of course) to sign and upload it.

Planet DebianMichael Stapelberg: pristine-tar considered harmful

If you want to follow along at home, clone this repository:

% GBP_CONF_FILES=:debian/gbp.conf gbp clone

Now, in the golang-github-go-macaron-inject directory, I’m aware of three ways to obtain an orig tarball (please correct me if there are more):

  1. Run gbp buildpackage, creating an orig tarball from git (upstream/0.0_git20160627.0.d8a0b86)
    The resulting sha1sum is d085a04b7b35856be24f8cc4a9a6d9799cdb59b4.
  2. Run pristine-tar checkout
    The resulting sha1sum is d51575c0b00db5fe2bbf8eea65bc7c4f767ee954.
  3. Run origtargz
    The resulting sha1sum is d51575c0b00db5fe2bbf8eea65bc7c4f767ee954.

Have a look at the archive’s golang-github-go-macaron-inject_0.0~git20160627.0.d8a0b86-2.dsc, however: the file entry orig tarball reads:

f5d5941c7b77e8941498910b64542f3db6daa3c2 7688 golang-github-go-macaron-inject_0.0~git20160627.0.d8a0b86.orig.tar.xz

So, why did we get a different tarball? Let’s go through the methods:

  1. The uploader must not have used gbp buildpackage to create their tarball. Perhaps they imported from a tarball created by dh-make-golang, or created manually, and then left that tarball in place (which is a perfectly fine, normal workflow).
  2. I’m not entirely sure why pristine-tar resulted in a different tarball than what’s in the archive. I think the most likely theory is that the uploader had to go back and modify the tarball, but forgot to update (or made a mistake while updating) the pristine-tar branch.
  3. origtargz, when it detects pristine-tar data, uses pristine-tar, hence the same tarball as ②.

Had we not used pristine-tar for this repository at all, origtargz would have pulled the correct tarball from the archive.

The above anecdote illustrates the fragility of the pristine-tar approach. In my experience from the pkg-go team, when the pristine-tar branch doesn’t contain outright incorrect data, it is often outdated. Even when everything is working correctly, a number of packagers are disgruntled about the extra work/mental complexity.

In the pkg-go team, we have (independently of this specific anecdote) collectively decided to have the upstream branch track the upstream remote’s master (or similar) branch directly, and get rid of pristine-tar in our repositories. This should result in method ① and ③ working correctly.

In conclusion, my recommendation for any repository is: don’t bother with pristine-tar. Instead, configure origtargz as a git-buildpackage postclone hook in your ~/.gbp.conf to always work with archive orig tarballs:

# Ensure the correct orig tarball is present.

# Pick up the orig tarballs created by the origtargz postclone hook.
tarball-dir = ..

Planet DebianMichael Stapelberg: sbuild-debian-developer-setup(1)

I have heard a number of times that sbuild is too hard to get started with, and hence people don’t use it.

To reduce hurdles from using/contributing to Debian, I wanted to make sbuild easier to set up.

sbuild ≥ 0.74.0 provides a Debian package called sbuild-debian-developer-setup. Once installed, run the sbuild-debian-developer-setup(1) command to create a chroot suitable for building packages for Debian unstable.

On a system without any sbuild/schroot bits installed, a transcript of the full setup looks like this:

% sudo apt install -t unstable sbuild-debian-developer-setup
Reading package lists... Done
Building dependency tree
Reading state information... Done
The following additional packages will be installed:
  libsbuild-perl sbuild schroot
Suggested packages:
  deborphan btrfs-tools aufs-tools | unionfs-fuse qemu-user-static
Recommended packages:
  exim4 | mail-transport-agent autopkgtest
The following NEW packages will be installed:
  libsbuild-perl sbuild sbuild-debian-developer-setup schroot
0 upgraded, 4 newly installed, 0 to remove and 1454 not upgraded.
Need to get 1.106 kB of archives.
After this operation, 3.556 kB of additional disk space will be used.
Do you want to continue? [Y/n]
Get:1 http://localhost:3142/ unstable/main amd64 libsbuild-perl all 0.74.0-1 [129 kB]
Get:2 http://localhost:3142/ unstable/main amd64 sbuild all 0.74.0-1 [142 kB]
Get:3 http://localhost:3142/ testing/main amd64 schroot amd64 1.6.10-4 [772 kB]
Get:4 http://localhost:3142/ unstable/main amd64 sbuild-debian-developer-setup all 0.74.0-1 [62,6 kB]
Fetched 1.106 kB in 0s (5.036 kB/s)
Selecting previously unselected package libsbuild-perl.
(Reading database ... 276684 files and directories currently installed.)
Preparing to unpack .../libsbuild-perl_0.74.0-1_all.deb ...
Unpacking libsbuild-perl (0.74.0-1) ...
Selecting previously unselected package sbuild.
Preparing to unpack .../sbuild_0.74.0-1_all.deb ...
Unpacking sbuild (0.74.0-1) ...
Selecting previously unselected package schroot.
Preparing to unpack .../schroot_1.6.10-4_amd64.deb ...
Unpacking schroot (1.6.10-4) ...
Selecting previously unselected package sbuild-debian-developer-setup.
Preparing to unpack .../sbuild-debian-developer-setup_0.74.0-1_all.deb ...
Unpacking sbuild-debian-developer-setup (0.74.0-1) ...
Processing triggers for systemd (236-1) ...
Setting up schroot (1.6.10-4) ...
Created symlink /etc/systemd/system/ → /lib/systemd/system/schroot.service.
Setting up libsbuild-perl (0.74.0-1) ...
Processing triggers for man-db ( ...
Setting up sbuild (0.74.0-1) ...
Setting up sbuild-debian-developer-setup (0.74.0-1) ...
Processing triggers for systemd (236-1) ...

% sudo sbuild-debian-developer-setup
The user `michael' is already a member of `sbuild'.
I: SUITE: unstable
I: TARGET: /srv/chroot/unstable-amd64-sbuild
I: MIRROR: http://localhost:3142/
I: Running debootstrap --arch=amd64 --variant=buildd --verbose --include=fakeroot,build-essential,eatmydata --components=main --resolve-deps unstable /srv/chroot/unstable-amd64-sbuild http://localhost:3142/
I: Retrieving InRelease 
I: Checking Release signature
I: Valid Release signature (key id 126C0D24BD8A2942CC7DF8AC7638D0442B90D010)
I: Retrieving Packages 
I: Validating Packages 
I: Found packages in base already in required: apt 
I: Resolving dependencies of required packages...
I: Successfully set up unstable chroot.
I: Run "sbuild-adduser" to add new sbuild users.
ln -s /usr/share/doc/sbuild/examples/sbuild-update-all /etc/cron.daily/sbuild-debian-developer-setup-update-all
Now run `newgrp sbuild', or log out and log in again.

% newgrp sbuild

% sbuild -d unstable hello
sbuild (Debian sbuild) 0.74.0 (14 Mar 2018) on x1

| hello (amd64)                                Mon, 19 Mar 2018 07:46:14 +0000 |

Package: hello
Distribution: unstable
Machine Architecture: amd64
Host Architecture: amd64
Build Architecture: amd64
Build Type: binary

I hope you’ll find this useful.

Planet DebianMichael Stapelberg: dput usability changes

dput-ng ≥ 1.16 contains two usability changes which make uploading easier:

  1. When no arguments are specified, dput-ng auto-selects the most recent .changes file (with confirmation).
  2. Instead of erroring out when detecting an unsigned .changes file, debsign(1) is invoked to sign the .changes file before proceeding.

With these changes, after building a package, you just need to type dput (in the correct directory of course) to sign and upload it.

CryptogramFacebook's New Privacy Hires

The Wired headline sums it up nicely -- "Facebook Hires Up Three of Its Biggest Privacy Critics":

In December, Facebook hired Nathan White away from the digital rights nonprofit Access Now, and put him in the role of privacy policy manager. On Tuesday of this week, lawyers Nate Cardozo, of the privacy watchdog Electronic Frontier Foundation, and Robyn Greene, of New America's Open Technology Institute, announced they also are going in-house at Facebook. Cardozo will be the privacy policy manager of WhatsApp, while Greene will be Facebook's new privacy policy manager for law enforcement and data protection.

I know these people. They're ethical, and they're on the right side. I hope they continue to do their good work from inside Facebook.

Sociological ImagesDoing Gender with Backpacks

I’ve always loved Tristan Bridges’ Sociological Images piece about how we can readily see the ways that we “do gender” by analyzing what we carry around with us every day. Bridges focuses on wallets and purses, telling the story of a transgender women who struggled to learn the norms of purse-carrying during the process of socially transitioning to being recognized as a woman – remembering to bring it, knowing what to put in it, how to carry it, etc.  Aside from the fact that wallets and purses themselves are gendered, Bridges shows how what we put in those wallets and purses is also gendered. I’ve found the four-by-four schema presented in the piece to be a great model for getting students to analyze the contents of their own wallets and purses and to reflect on the ways that gender norms influence their choices.

Photo by Nels Highberg, Flickr CC

In this activity, I build directly from Bridges’ piece to get students thinking about whether and how gender norms influence the kinds of things they carry around with them. While Bridges focuses on wallets and purses, I’ve found that students are most likely to be carrying backpacks. So I complicated Bridges’ piece a bit to get students thinking about not only how wallets and purses are gendered, but also how what might seem like a gender-neutral bag – backpacks – may or may not conform to some of the same gendered norms found among wallet and purse carriers.

Photo by Julia P, Flickr CC
Photo by Jess C, Flickr CC

I’ve used this activity in an Introduction to Gender Studies class and an Introduction to Sociology class. It’s worked great in both contexts. I usually run this activity during a week/day that’s devoted to understanding concepts like socialization and the social construction of gender. I have students read the Bridges piece, either as part of the week’s readings or as part of the activity itself, and then hand them the attached handout with a four-by-four schema and some discussion questions. Then we talk as a class about their analysis. Students enjoy the interactive and tactile aspect of the activity (I ask them to dig through their bags), and it gets them talking about sociological concepts like gender norms, socialization, and “doing gender.”

Activity Materials

Doing Gender with Backpacks – Handout Lab 8

Originally Posted at Teaching TSP

Jacqui Frost is a PhD candidate in sociology at the University of Minnesota. Her research interests include non-religion and religion, culture, and civic engagement, and her dissertation project is an ethnographic study of a non-religious community.

(View original at

Worse Than FailureCodeSOD: Collect Your Garbage Test

Alex L works for a company with a bunch of data warehousing tools. One of the primary drivers for new features is adding bits which make the sales demos shinier, or in marketing speak, "delivers a value add for a prospective customer".

One of those "shinies" was a lightweight server which would gather stats from the data warehousing engine and provide a dashboard with those stats, and notifications about them. Prospective customers really love it when the machine goes "bing" and shows them an interesting notification.

As the notifications were becoming a bigger feature, the system needed a way to remember notification configuration between sessions, and that meant there needed to be a better persistence layer.

To add the feature, Alex started by looking at the existing tests for the notification system.

public class NotificationFeatureTest extends TestBase { @BeforeClass public static void init(){ start(new File(TestUtil.TEST_DIR, "notification")); } @Test public void testSetNotificationLevel() { NotifyClient client = new NotifyClient(connectionUrl); client.setNotifyAbove(0); //notify at 0% used client.publish(TestUtils.randomRow()); Assert.assertTrue(client.isNotified()); } /* and about 20 more simple such tests */ }

Pretty reasonable. The init method calls the base class's start method, which spins up a notification server and a notification client.

Using that as a model, Alex whipped up a test which would shut down the server, then restart it, and confirm that the data is still there.

@Test public void testPersistNotificationLevel() { NotifyClient client = new NotifyClient(connectionUrl); client.setNotifyAbove(32); //notify at 32% used testInst.shutdown(); testInst.start(); client = new NotifyClient(connectionUrl); Assert.assertEquals(32, client.getNotifyAbove()); }

testInst is the service instance created during the start. Unfortunately, when Alex ran this test, it exploded on testInst.start(), complaining: "Configuration not specified". But wasn't the point of the base-class start method to do that configuration step?

public abstract class TestBase { static int port = 8080; static String connectionUrl = null; static DashboardServer testInst =null; public static void start(File config) { testInst = new DashboardServer(port); testInst.setConfigurationFile(config.getAbsolutePath()); testInst.start(); connectionUrl = testInst.getUrl(); testInst = new DashboardServer(port); } /* stripped unnecessary variables and methods */ }

Well, sort of. The start method creates a testInst, configures it, and then starts it. So far so good. It then stuffs the URL of that instance into connectionUrl, which is also the url the NotifyClient uses to connect to the server in all of the tests.

And then they replace the started testInst with an entirely new, and unconfigured, testInst.

Alex went back through the history here, and found that this line had always been part of the TestBase class. The fact that any of the 400 tests in their test suite actually worked was basically an accident. It would start a server, release the reference to the server, and since the unit tests didn't live long enough for garbage collection to hit them, the server kept running even though there were no live references to it. Since NotifyClient was initialized with the connectionUrl from that living instance, everything worked.

Alex's test was the first one to directly touch testInst as a test step. It was easy for Alex to fix that line and get the test to pass. It was much harder to understand how and why that line got there in the first place, or why no one had ever noticed it before.

[Advertisement] ProGet supports your applications, Docker containers, and third-party packages, allowing you to enforce quality standards across all components. Download and see how!

CryptogramPublic-Interest Tech at the RSA Conference

Our work in cybersecurity is inexorably intertwined with public policy and­ -- more generally­ -- the public interest. It's obvious in the debates on encryption and vulnerability disclosure, but it's also part of the policy discussions about the Internet of Things, cryptocurrencies, artificial intelligence, social media platforms, and pretty much everything else related to IT.

This societal dimension to our traditionally technical area is bringing with it a need for public-interest technologists.

Defining this term is difficult. One blog post described public-interest technologists as "technology practitioners who focus on social justice, the common good, and/or the public interest." A group of academics in this field wrote that "public-interest technology refers to the study and application of technology expertise to advance the public interest/generate public benefits/promote the public good."

I think of public-interest technologists as people who combine their technological expertise with a public-interest focus, either by working on tech policy (for the EFF or as a congressional staffer, as examples), working on a technology project with a public benefit (such as Tor or Signal), or working as a more traditional technologist for an organization with a public-interest focus (providing IT security for Human Rights Watch, as an example). Public-interest technology isn't one thing; it's many things. And not everyone likes the term. Maybe it's not the most accurate term for what different people do, but it's the best umbrella term that covers everyone.

It's a growing field -- one far broader than cybersecurity -- and one that I am increasingly focusing my time on. I maintain a resources page for public-interest technology. (This is the single best document to read about the current state of public-interest technology, and what is still to be done.)

This year, I am bringing some of these ideas to the RSA Conference. In partnership with the Ford Foundation, I am hosting a mini-track on public-interest technology. Six sessions throughout the day on Thursday will highlight different aspects of this important work. We'll look at public-interest technologists inside governments, as part of civil society, at universities, and in corporate environments.

  1. How Public-Interest Technologists are Changing the World . This introductory panel lays the groundwork for the day to come. I'll be joined on stage with Matt Mitchell of Tactical Tech, and we'll discuss how public-interest technologists are already changing the world.
  2. Public-Interest Tech in Silicon Valley. Most of us work for technology companies, and this panel discusses public-interest technology work within companies. Mitchell Baker of Mozilla Corp. and Cindy Cohn of the EFF will lead the discussion, looking at both public-interest projects within corporations and employee activism initiatives by corporate employees.
  3. Working in Civil Society. Bringing a technological perspective into civil society can transform how organizations do their work. Through a series of lightning talks, this session examines how this transformation can happen from a variety of perspectives: exposing government surveillance, protecting journalists worldwide, preserving a free and open Internet, bringing a security focus to artificial intelligence research, protecting NGO networks, and more. For those of us in security, bringing tech tools to those who need them is core to what we do.
  4. Government Needs You. Government needs technologists at all levels. We're needed on legislative staffs and at regulatory agencies in order to make effective tech policy, but we're also needed elsewhere to implement policy more broadly. We're needed to advise courts, testify at hearings, and serve on advisory committees. At this session, you'll hear from public-interest technologists who have had a major impact on government from a variety of positions, and learn about ways you can get involved.
  5. Changing Academia. Higher education needs to incorporate a public-interest perspective in technology departments, and a technology perspective in public-policy departments. This could look like ethics courses for computer science majors, programming for law students, or joint degrees that combine technology and social science. Danny Weitzner of MIT and Latanya Sweeney of Harvard will discuss efforts to build these sorts of interdisciplinary classes, programs, and institutes.
  6. The Future of Public-Interest Tech Creating an environment where public-interest technology can flourish will require a robust pipeline: more people wanting to go into this field, more places for them to go, and an improved market that matches supply with demand. In this closing session, Jenny Toomey of the Ford Foundation and I will sum up the day and discuss future directions for growing the field, funding trajectories, highlighting outstanding needs and gaps, and describing how you can get involved.

Check here for times and locations, and be sure to reserve your seat.

We all need to help. I don't mean that we all need to quit our jobs and go work on legislative staffs; there's a lot we can do while still maintaining our existing careers. We can advise governments and other public-interest organizations. We can agitate for the public interest inside the corporations we work for. We can speak at conferences and write opinion pieces for publication. We can teach part-time at all levels. But some of us will need to do this full-time.

There's an interesting parallel to public-interest law, which covers everything from human-rights lawyers to public defenders. In the 1960s, that field didn't exist. The field was deliberately created, funded by organizations like the Ford Foundation. They created a world where public-interest law is valued. Today, when the ACLU advertises for a staff attorney, paying a third to a tenth of a normal salary, it gets hundreds of applicants. Today, 20% of Harvard Law School grads go into public-interest law, while the percentage of computer science grads doing public-interest work is basically zero. This is what we need to fix.

Please stop in at my mini-track. Come for a panel that interests you, or stay for the whole day. Bring your ideas. Find me to talk about this further. Pretty much all the major policy debates of this century will have a strong technological component -- and an important cybersecurity angle -- and we all need to get involved.

This essay originally appeared on the RSA Conference blog.

Michael Brennan of the Ford Foundation also wrote an essay on the event.

Planet DebianJulien Danjou: How to Log Properly in Python

How to Log Properly in Python

Logging is one of the most underrated features. Often ignored by software engineers, it can save your time when your application's running in production.

Most teams don't think about it until it's too late in their development process. It's when things start to get wrong in deployments that somebody realizes too late that logging is missing.


The Twelve-Factor App defines logs as a stream of aggregated, time-ordered events collected from the output streams of all running processes. It also describes how applications should handle their logging. We can summarize those guidelines as:

  • Logs have no fixed beginning or end.
  • Print logs to stdout.
  • Print logs unbuffered.
  • The environment is responsible for capturing the stream.

From my experience, this set of rules is a good trade-off. Logs have to be kept pretty simple to be efficient and reliable. Building complex logging systems might make it harder to get insight into a running application.

There's also no point in duplication effort in log management (e.g., log file rotation, archival policy, etc) in your different applications. Having an external workflow that can be shared across different programs seems more efficient.

In Python

Python provides a logging subsystem with its logging module. This module provides a Logger object that allows you to emit messages with different levels of criticality. Those messages can then be filtered and send to different handlers.

Let's have an example:

import logging

logger = logging.getLogger("myapp")
logger.error("something wrong")

Depending on the version of Python you're running you'll either see:

No handlers could be found for logger "test123"


something wrong

Python 2 used to have no logging setup by default, so it would print an error message about no handler being found. Since Python 3, a default handler outputting to stdout is now installed — matching the requirements from the 12factor App.

However, this default setup is far from being perfect.


The default format that Python uses does not embed any contextual information. There is no way to know the name of the logger — myapp in the previous example — nor the date and time of the logged message.

You must configure Python logging subsystem to enhance its output format.

To do that, I advise using the daiquiri module. It provides an excellent default configuration and a simple API to configure logging, plus some exciting features.

How to Log Properly in Python

Logging Setup

When using daiquiri, the first thing to do is to set up your logging correctly. This can be done with the daiquiri.setup function as this:

import daiquiri


As simple as that. You can tweak the setup further by asking it to log to file, to change the default string formats, etc, but just calling daiquiri.setup is enough to get a proper logging default.


import daiquiri

daiquiri.getLogger("myapp").error("something wrong")


2018-12-13 10:24:04,373 [38550] ERROR    myapp: something wrong

If your terminal supports writing text in colors, the line will be printed in red since it's an error. The format provided by daiquiri is better than Python's default: this one includes a timestamp, the process ID,  the criticality level and the logger's name. Needless to say that this format can also be customized.

Passing Contextual Information

Logging strings are boring. Most of the time, engineers end up writing code such as:

logger.error("Something wrong happened with %s when writing data at %d", myobject.myfield, myobject.mynumber")

The issue with this approach is that you have to think about each field that you want to log about your object, and to make sure that they are inserted correctly in your sentence. If you forget an essential field to describe your object and the problem, you're screwed.

A reliable alternative to this manual crafting of log strings is to pass interesting objects as keyword arguments. Daiquiri supports it, and it works that way:

import attr
import daiquiri
import requests

logger = daiquiri.getLogger("myapp")

class Request:
     url = attr.ib()
     status_code = attr.ib(init=False, default=None)
     def get(self):
         r = requests.get(self.url)
         self.status_code = r.status_code
         return r

user = "jd"
req = Request("")
except Exception:
    logger.error("Something wrong happened during the request",
                 request=req, user=user)

If anything goes wrong with the request, it will be logged with the stack trace, like this:

2018-12-14 10:37:24,586 [43644] ERROR    myapp [request: Request(url='', status_code=404)] [user: jd]: Something wrong happened during the request

As you can see, the call to logger.error is pretty straight-forward: a line that explains what's wrong, and then the different interesting objects are passed as keyword arguments.

Daiquiri logs those keyword arguments with a default format of [key: value] that is included as a prefix to the log string. The value is printed using its __format__ method — that's why I'm using the attr module here: it automatically generates this method for me and includes all fields by default. You can also customize daiquiri to use any other format.

Following those guidelines should be a perfect start for logging correctly with Python!

Rondam RamblingsAre you a Turing Machine?

A few days ago, regular commenter Publius drew my attention to a paper by a fellow named Selim G. Akl entitled "The Myth of Universal Computation."  In it Akl claims to exhibit functions that are computable, but not by a Turing machine. If this claim were to pan out it should be big news because Turing machines are supposed to be "universal", that is, capable of computing any computable function


Planet DebianIustin Pop: HGST HUH721212ALN600

Due to life, I didn’t manage to do any more investigation on backup solutions, but after a long saga I managed to finally have 4 working new HDDs - model HUH721212ALN600.

These are 12TB, 4K sector size, “ISE” (instant secure erase) SATA hard-drives. This combination seemed the best, especially the ISE part; apparently the HDD controller always encrypts data to/from platters, and the “instant erase” part is about wiping the encryption key. Between this and cryptsetup, dealing with either a failed HDD or one that is to be removed from service should be a no-breeze.

Hardware is hardware

The long saga of getting the hard-drives is that this particular model, and in general any 4K hard-drives seem to be very hard to acquire in Switzerland. I ordered and cancelled many times due to “available in 3 days” then “in 5 days” then “unknown delivery”, to finally being able to order and receive 4 of them. And one to be dead-on-arrival, in the form of failing a short smart test, and failing any writes. Sent back, and due to low availability, wait and wait… I’m glad I finally got the replacement and can proceed with the project. A spare wouldn’t be bad though :)

Performance stats

Fun aside, things went through burn-in procedure successfully, and now the raid array is being built. It’s the first time I see mechanical HDDs being faster than the default sync_speed_max. After bumping up that value for this particular raid array:

md4 : active raid5 sdd2[4] sdc2[2] sdb2[1] sda2[0]
      35149965312 blocks super 1.2 level 5, 512k chunk, algorithm 2 [4/3] [UUU_]
      [=>...................]  recovery =  5.2% (619963868/11716655104) finish=769.4min speed=240361K/sec
      bitmap: 0/88 pages [0KB], 65536KB chunk

Still, it’ll take more than that value as the speed decreases significantly towards the end. Not really looking forwards to 24hrs rebuild times, but that’s life:

[Sat Feb  2 09:03:21 2019] md4: detected capacity change from 0 to 35993564479488
[Sat Feb  2 09:03:21 2019] md: recovery of RAID array md4
[Sun Feb  3 03:05:51 2019] md: md4: recovery done.

Eighteen hours to the minute almost.

IOPS graph:

IOPS graph IOPS graph

I was not aware that 7’200 RPM hard-drives can now peak at close 200 IO/s (196, to be precise). For the same RPM, 8 years ago the peak was about 175, so smarter something (controller, cache, actuator, whatever) results in about 20 extra IOPS. And yes, SATA limitation of 31 in-flight I/Os is clearly visible…

While trying to get a bandwidth graph, I was surprised about fio not ending. Apparently there’s a bug in fio since 2014, reported back in 2015, but still not fixed. I filled issue 738 on github, hopefully it is confirmed and can be fixed (I’m not sure what the intent was at all to loop?). And the numbers I see if I let it run for long are a bit weird as well. While running, I see numbers between 260MB/s (max) and around 125MB (min). Some quick numbers for max performance:

# dd if=/dev/sda of=/dev/null iflag=direct bs=8192k count=1000
1000+0 records in
1000+0 records out
8388608000 bytes (8.4 GB, 7.8 GiB) copied, 31.9695 s, 262 MB/s
# dd if=/dev/md4 of=/dev/null iflag=direct bs=8192k count=2000
2000+0 records in
2000+0 records out
16777216000 bytes (17 GB, 16 GiB) copied, 23.1841 s, 724 MB/s

This and the very large storage space are about the only thing mechanical HDDs are still good at.

And now, to migrate from the old array…

Raw info

As other people might be interested (I was and couldn’t find the information beforehand), here is smartctl and hdparm info from the broken hard-drive (before I knew it was so):


    smartctl 6.6 2017-11-05 r4594 [x86_64-linux] (local build)
    Copyright (C) 2002-17, Bruce Allen, Christian Franke,
    Device Model:     HGST HUH721212ALN600
    Serial Number:    8HHUE36H
    LU WWN Device Id: 5 000cca 270d9a5f8
    Firmware Version: LEGNT3D0
    User Capacity:    12,000,138,625,024 bytes [12.0 TB]
    Sector Size:      4096 bytes logical/physical
    Rotation Rate:    7200 rpm
    Form Factor:      3.5 inches
    Device is:        Not in smartctl database [for details use: -P showall]
    ATA Version is:   ACS-2, ATA8-ACS T13/1699-D revision 4
    SATA Version is:  SATA 3.2, 6.0 Gb/s (current: 6.0 Gb/s)
    Local Time is:    Thu Jan 10 13:58:03 2019 CET
    SMART support is: Available - device has SMART capability.
    SMART support is: Enabled
    SMART overall-health self-assessment test result: PASSED
    General SMART Values:
    Offline data collection status:  (0x80)	Offline data collection activity
    					was never started.
    					Auto Offline Data Collection: Enabled.
    Self-test execution status:      (   0)	The previous self-test routine completed
    					without error or no self-test has ever 
    					been run.
    Total time to complete Offline 
    data collection: 		(   87) seconds.
    Offline data collection
    capabilities: 			 (0x5b) SMART execute Offline immediate.
    					Auto Offline data collection on/off support.
    					Suspend Offline collection upon new
    					Offline surface scan supported.
    					Self-test supported.
    					No Conveyance Self-test supported.
    					Selective Self-test supported.
    SMART capabilities:            (0x0003)	Saves SMART data before entering
    					power-saving mode.
    					Supports SMART auto save timer.
    Error logging capability:        (0x01)	Error logging supported.
    					General Purpose Logging supported.
    Short self-test routine 
    recommended polling time: 	 (   2) minutes.
    Extended self-test routine
    recommended polling time: 	 (1257) minutes.
    SCT capabilities: 	       (0x003d)	SCT Status supported.
    					SCT Error Recovery Control supported.
    					SCT Feature Control supported.
    					SCT Data Table supported.
    SMART Attributes Data Structure revision number: 16
    Vendor Specific SMART Attributes with Thresholds:
      1 Raw_Read_Error_Rate     0x000b   100   100   016    Pre-fail  Always       -       0
      2 Throughput_Performance  0x0005   100   100   054    Pre-fail  Offline      -       0
      3 Spin_Up_Time            0x0007   100   100   024    Pre-fail  Always       -       0
      4 Start_Stop_Count        0x0012   100   100   000    Old_age   Always       -       1
      5 Reallocated_Sector_Ct   0x0033   100   100   005    Pre-fail  Always       -       0
      7 Seek_Error_Rate         0x000b   100   100   067    Pre-fail  Always       -       0
      8 Seek_Time_Performance   0x0005   100   100   020    Pre-fail  Offline      -       0
      9 Power_On_Hours          0x0012   100   100   000    Old_age   Always       -       0
     10 Spin_Retry_Count        0x0013   100   100   060    Pre-fail  Always       -       0
     12 Power_Cycle_Count       0x0032   100   100   000    Old_age   Always       -       1
     22 Unknown_Attribute       0x0023   100   100   025    Pre-fail  Always       -       100
    192 Power-Off_Retract_Count 0x0032   100   100   000    Old_age   Always       -       1
    193 Load_Cycle_Count        0x0012   100   100   000    Old_age   Always       -       1
    194 Temperature_Celsius     0x0002   200   200   000    Old_age   Always       -       30 (Min/Max 25/30)
    196 Reallocated_Event_Count 0x0032   100   100   000    Old_age   Always       -       0
    197 Current_Pending_Sector  0x0022   100   100   000    Old_age   Always       -       0
    198 Offline_Uncorrectable   0x0008   100   100   000    Old_age   Offline      -       0
    199 UDMA_CRC_Error_Count    0x000a   200   200   000    Old_age   Always       -       0
    SMART Error Log Version: 1
    No Errors Logged
    SMART Self-test log structure revision number 1
    No self-tests have been logged.  [To run self-tests, use: smartctl -t]
    SMART Selective self-test log data structure revision number 1
        1        0        0  Not_testing
        2        0        0  Not_testing
        3        0        0  Not_testing
        4        0        0  Not_testing
        5        0        0  Not_testing
    Selective self-test flags (0x0):
      After scanning selected spans, do NOT read-scan remainder of disk.
    If Selective self-test is pending on power-up, resume after 0 minute delay.



    ATA device, with non-removable media
    	Model Number:       HGST HUH721212ALN600
    	Serial Number:      8HHUE36H
    	Firmware Revision:  LEGNT3D0
    	Transport:          Serial, ATA8-AST, SATA 1.0a, SATA II Extensions, 
                            SATA Rev 2.5, SATA Rev 2.6, SATA Rev 3.0; 
                            Revision: ATA8-AST T13 Project D1697 Revision 0b
    	Used: unknown (minor revision code 0x0029) 
    	Supported: 9 8 7 6 5 
    	Likely used: 9
    	Logical		max	current
    	cylinders	16383	16383
    	heads		16	16
    	sectors/track	63	63
    	CHS current addressable sectors:    16514064
    	LBA    user addressable sectors:   268435455
    	LBA48  user addressable sectors:  2929721344
    	Logical  Sector size:                  4096 bytes
    	Physical Sector size:                  4096 bytes
    	device size with M = 1024*1024:    11444224 MBytes
    	device size with M = 1000*1000:    12000138 MBytes (12000 GB)
    	cache/buffer size  = unknown
    	Form Factor: 3.5 inch
    	Nominal Media Rotation Rate: 7200
    	LBA, IORDY(can be disabled)
    	Queue depth: 32
    	Standby timer values: spec'd by Standard, no device specific minimum
    	R/W multiple sector transfer: Max = 2	Current = 0
    	Advanced power management level: 254
    	DMA: mdma0 mdma1 mdma2 udma0 udma1 udma2 udma3 udma4 udma5 *udma6 
    	     Cycle time: min=120ns recommended=120ns
    	PIO: pio0 pio1 pio2 pio3 pio4 
    	     Cycle time: no flow control=120ns  IORDY flow control=120ns
    	Enabled	Supported:
    	   *	SMART feature set
    	    	Security Mode feature set
    	   *	Power Management feature set
    	   *	Write cache
    	   *	Look-ahead
    	   *	Host Protected Area feature set
    	   *	WRITE_BUFFER command
    	   *	READ_BUFFER command
    	   *	NOP cmd
    	   *	Advanced Power Management feature set
    	    	Power-Up In Standby feature set
    	   *	SET_FEATURES required to spinup after power up
    	    	SET_MAX security extension
    	   *	48-bit Address feature set
    	   *	Device Configuration Overlay feature set
    	   *	Mandatory FLUSH_CACHE
    	   *	SMART error logging
    	   *	SMART self-test
    	   *	Media Card Pass-Through
    	   *	General Purpose Logging feature set
    	   *	64-bit World wide name
    	   *	URG for READ_STREAM[_DMA]_EXT
    	   *	URG for WRITE_STREAM[_DMA]_EXT
    	   *	{READ,WRITE}_DMA_EXT_GPL commands
    	   *	Segmented DOWNLOAD_MICROCODE
    	    	unknown 119[6]
    	    	unknown 119[7]
    	   *	Gen1 signaling speed (1.5Gb/s)
    	   *	Gen2 signaling speed (3.0Gb/s)
    	   *	Gen3 signaling speed (6.0Gb/s)
    	   *	Native Command Queueing (NCQ)
    	   *	Host-initiated interface power management
    	   *	Phy event counters
    	   *	NCQ priority information
    	   *	READ_LOG_DMA_EXT equivalent to READ_LOG_EXT
    	    	Non-Zero buffer offsets in DMA Setup FIS
    	   *	DMA Setup Auto-Activate optimization
    	    	Device-initiated interface power management
    	    	In-order data delivery
    	   *	Software settings preservation
    	    	unknown 78[7]
    	    	unknown 78[10]
    	    	unknown 78[11]
    	   *	SMART Command Transport (SCT) feature set
    	   *	SCT Write Same (AC2)
    	   *	SCT Error Recovery Control (AC3)
    	   *	SCT Features Control (AC4)
    	   *	SCT Data Tables (AC5)
    	   *	SANITIZE feature set
    	   *	CRYPTO_SCRAMBLE_EXT command
    	   *	OVERWRITE_EXT command
    	   *	reserved 69[3]
    	   *	reserved 69[4]
    	   *	WRITE BUFFER DMA command
    	   *	READ BUFFER DMA command
    	Master password revision code = 65534
    	not	enabled
    	not	locked
    	not	frozen
    	not	expired: security count
    	not	supported: enhanced erase
    	1114min for SECURITY ERASE UNIT.
    Logical Unit WWN Device Identifier: 5000cca270d9a5f8
    	NAA		: 5
    	IEEE OUI	: 000cca
    	Unique ID	: 270d9a5f8
    Checksum: correct

Planet DebianJamie McClelland: I didn't know what ibus was one day ago, now I love it

[See update below.]

After over a decade using mutt as my email client, I finally gave up pretending I didn't want to see pretty pictures in my email and switched to Thunderbird.

Since I don't write email in spanish often, I didn't immediately notice that my old dead key trick for typing spanish accent characters didn't work in Thunderbird like it does in vim or any terminal program.

I learned many years ago that I could set a special key via my openbox autostart script with xmodmap -e 'keysym Alt_R = Multi_key'. Then, if I wanted to type é, I would press and hold my right alt key while I press the apostrophe key, let go, and press the e key. I could get an ñ using the same trick but press the tilde key instead of the apostrophe key. Pretty easy.

When I tried that trick in Thunderbird I got an upside down e. WTF.

I spent about 30 minutes clawing my way through search results on several occassions over the course of many months before I finally found someone say: "I installed the ibus package, rebooted and it all worked." (Sorry Internet, I can't find that page now!)

ibus? apt-cache show ibus states:

IBus is an Intelligent Input Bus. It is a new input framework for the Linux
OS. It provides full featured and user friendly input method user
interface. It also may help developers to develop input method easily.

Well, that's succinct. I still had no idea what ibus was, but it sounded like it might work. I followed those directions and suddenly in my system tray area, there was a new icon. If I clicked on it, it listed by default my English keyboard.

I could right click, hit preferences and add a new keyboard:

English - English (US, International with dead keys)

Now, when I select that new option, I simply press my right alt key and e (no need for the apostrophe) and I get my é. Same with ñ. Hooray!

My only complaint is that while using this keyboard, I can't using regular apostrophes or ~'s. Not sure why, but it's not that hard to switch.

As far as I can tell, ibus tries to abstract some of the difficulties around input methods so it's easier on GUI developers.

Update 2019-02-11

Thanks, Internet, particularly for the comment from Alex about how I was choosing the wrong International keyboard. Of course, my keyboard does not have dead keys, so I need to choose the one called "English (intl., with AltGr dead keys)."

Now everything works perfectly. No need for ibus at all. I can get é with my right alt key followed by e. It works in my unicode terminal, thunderbird, and everywhere else that I've tried.

LongNowSeminar Highlight: Martin Rees on Space Exploration

“I think it’s a dangerous delusion to think that space offers an escape from Earth’s problems.” -Lord Martin Rees, Astronomer Royal, speaking at Long Now in January 02019.

Watch video of the full talk here.


CryptogramFriday Squid Blogging: Squid with Chorizo, Tomato, and Beans

Nice recipe.

As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Krebs on Security250 Webstresser Users to Face Legal Action

More than 250 customers of a popular and powerful online attack-for-hire service that was dismantled by authorities in 2018 are expected to face legal action for the damage they caused, according to Europol, the European Union’s law enforcement agency.

In April 2018, investigators in the U.S., U.K. and the Netherlands took down attack-for-hire service WebStresser[.]org and arrested its alleged administrators. Prior to the takedown, the service had more than 151,000 registered users and was responsible for launching some four million attacks over three years. Now, those same authorities are targeting people who paid the service to conduct attacks. (formerly, as it appeared in 2017.

In the United Kingdom, police have seized more than 60 personal electronic devices from a number of Webstresser users, and some 250 customers of the service will soon face legal action, Europol said in a statement released this week.

“Size does not matter – all levels of users are under the radar of law enforcement, be it a gamer booting out the competition out of a game, or a high-level hacker carrying out DDoS attacks against commercial targets for financial gain,” Europol officials warned.

The focus on Webstresser’s customers is the latest phase of “Operation Power Off,” which targeted one of the most active services for launching point-and-click distributed denial-of-service (DDoS) attacks. WebStresser was one of many so-called “booter” or “stresser” services — virtual hired muscle that even completely unskilled users can rent to knock nearly any website or Internet user offline.

Operation Power Off is part of a broader law enforcement effort to disrupt the burgeoning booter service industry and to weaken demand for such services. In December, authorities in the United States filed criminal charges against three men accused of running booter services, and orchestrated a coordinated takedown of 15 different booter sites.

This seizure notice appeared on the homepage of more than a dozen popular “booter” or “stresser” DDoS-for-hire Web sites in December 2018.

The takedowns come as courts in the United States and Europe are beginning to hand down serious punishment for booter service operators, their customers, and for those convicted of launching large-scale DDoS attacks. Last month, a 34-year-old Connecticut man received a 10-year prison sentence for carrying out DDoS attacks a number of hospitals in 2014. Also last month, a 30-year-old in the United Kingdom was sentenced to 32 months in jail for using an army of hacked devices to crash large portions of Liberia’s Internet access in 2016.

In December 2018, the ringleader of an online crime group that launched DDoS attacks against Web sites — including several against KrebsOnSecurity — was sentenced to three years in a U.K. prison. And in 2017, a 20-year-old from Britain was sentenced to two years in jail for renting out Titanium Stresser, a booter service that earned him $300,000 over several years it was in operation.

Many in the hacker community have criticized authorities for targeting booter service administrators and users and for not pursuing what they perceive as more serious cybercriminals, noting that the vast majority of both groups are young men under the age of 21 and are using booter services to settle petty disputes over online games.

But not all countries involved in Operation Power Off are taking such a punitive approach. In the Netherlands, the police and the prosecutor’s office have deployed new legal intervention called “Hack_Right,” a diversion program intended for first-time cyber offenders. Europol says at least one user of Webstresser has already received this alternative sanction.

“Skills in coding, gaming, computer programming, cyber security or anything IT-related are in high demand and there are many careers and opportunities available to use these wisely,” Europol said.

According to U.S. federal prosecutors, the use of booter and stresser services to conduct attacks is punishable under both wire fraud laws and the Computer Fraud and Abuse Act (18 U.S.C. § 1030), and may result in arrest and prosecution, the seizure of computers or other electronics, as well as prison sentences and a penalty or fine.

Worse Than FailureError'd: Please Select All Errors that Apply

"It doesn't impact me, but just wondering...which one would I pick if my spouse was named Elisabeth?" wrote Jon T.


Mark R. writes, "When it absolutely has to be there ...Yesterday!"


"Hmmmm...'Cancel' or 'Cancel Cancel'...which to pick..." writes Dave L.


Phil R. wrote, "Thankfully Levi's omitted 'Gent', 'Guy', 'Dude', 'Dude-Bro', and 'Fella'...or it might be REALLY confusing."


"So my wife was browsing the Domino's Canada menu and came across this gem...Yes, please! I'd love a side of delicious Collect Coupons!" Steve H. wrote.


Irving M. writes, "Umm, wasn't I already doing that? Am I supposed to see something special?"


[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.


TEDReggie Watts’ virtual reality dance party and more TED news

The TED community is busy with new projects and news — below, some highlights.

A virtual reality dance party at Sundance. Musician and comedian Reggie Watts and artist Kiira Benzing debuted their new project “Runnin’” at the Sundance Film Festival’s New Frontier exhibit. “Runnin’” is an “immersive, interactive music video” backed with a hypnotic techno beat by Wajatta (the musical duo of Watts and composer John Tejada). The project welcomes players into a “retro-future world,” coupling VR technology and the magic of dance into an experience of pure creativity. In an interview with the Sundance Institute, Watts said, “I always wanted Wajatta to be able to create videos that really embody the music in a fun way.” Check out the artist feature for a sneak peek at the visuals for the project and listen to a live performance of “Runnin’.” At the New Frontier exhibit, Nonny de la Peña also premiered a virtual reality photo booth and data artists Chris Milk and Aaron Koblin contributed to a project called “Emergence”. (Watch Watts’ TED Talk, de la Peña’s TED Talk, Milk’s TED Talk and Kobin’s TED Talk.)

Global science commission urges radical, planet-wide diet. The EAT-Lancet Commission, co-chaired by sustainability expert Johan Rockström and scientist Walter Willett, released a new report on the state of food production, environmental degradation and global sustainability. The commission, which is composed of 37 leading scientists from around the world, warns of serious consequences to current consumption patterns and offers a newly designed “planetary health diet” to help accelerate a “radical transformation of the global food system.” According to the report summary, the dietary shift will require doubling the consumption of fruits, vegetables, legumes and nuts globally — and reducing sugar and red meat consumption by more than half. “To have any chance of feeding 10 billion people in 2050 within planetary boundaries, we must adopt a healthy diet, slash food waste and invest in technologies that reduce environmental impacts,” said Rockström in an interview with AFP. (Watch Rockström’s TED Talk.)

#WeKnowYouCare campaign launches. Advocacy organization Caring Across Generations, co-directed by activist Ai-jen Poo, launched its latest campaign, #WeKnowYouCare, which celebrates the 16 million men who act as caregivers for their families in America. By sharing video narratives from male caregivers, the campaign aims to highlight nuanced stories of masculinity and address why men who caregive are particularly vulnerable to isolation and lack of support. “Men were actually really quite harmed by the gender norms related to caregiving, in that it’s harder for them to ask for help, it’s harder for them to actually get the support that they need to do what is a very emotionally challenging — and otherwise [difficult] — thing to do,” said Poo in an interview with Bustle. (Watch Poo’s TED Talk.)

The hidden meanings of laughter. Neuroscientist Sophie Scott dives deep into the wonder of laughter on an episode of NPR’s Hidden Brain podcast; alongside host Shankar Vedantam, Scott discusses the animal kingdom, social bonds and the bizarre and beautiful science behind laughter. “Wherever you go in the world, you’ll encounter laughter. It has at its heart the same meaning. It’s very truthful, and it’s telling you something very positive. And that’s always a sort of wonderful thing to encounter,” she said. (Listen to the full episode.) (Watch Scott’s TED Talk.)

Have a news item to share? Write us at and you may see it included in this round-up.

CryptogramSecurity Flaws in Children's Smart Watches

A year ago, the Norwegian Consumer Council published an excellent security analysis of children's GPS-connected smart watches. The security was terrible. Not only could parents track the children, anyone else could also track the children.

A recent analysis checked if anything had improved after that torrent of bad press. Short answer: no.

Guess what: a train wreck. Anyone could access the entire database, including real time child location, name, parents details etc. Not just Gator watches either -- the same back end covered multiple brands and tens of thousands of watches

The Gator web backend was passing the user level as a parameter. Changing that value to another number gave super admin access throughout the platform. The system failed to validate that the user had the appropriate permission to take admin control!

This means that an attacker could get full access to all account information and all watch information. They could view any user of the system and any device on the system, including its location. They could manipulate everything and even change users' emails/passwords to lock them out of their watch.

In fairness, upon our reporting of the vulnerability to them, Gator got it fixed in 48 hours.

This is a lesson in the limits of naming and shaming: publishing vulnerabilities in an effort to get companies to improve their security. If a company is specifically named, it is likely to improve the specific vulnerability described. But that is unlikely to translate into improved security practices in the future. If an industry, or product category, is named generally, nothing is likely to happen. This is one of the reasons I am a proponent of regulation.

News article.

Planet Linux AustraliaJames Bromberger: 20 Years of [Memoirs]

On the first night I arrived in Christchurch, New Zealand for 2019, a group of around a dozen attendees went to dinner. Amongst them were Steve Hanley and Hugh Blemmings, whom I have known since the early 2000’s at various LCAs around the region. They asked for some memoirs of LCA – something small; what follows was my throughts, far longer than expected

Dateline: Just after the Year 2000. The Y2K bug. The first billion seconds of the Unix™ epoch (Sept 9 2001)…

In the summer of 2001, some friends from Perth and I made a trip to a new conference we had heard about called I was a new Debian Linux developer, my friends were similarly developers, sysadmins, etc. What met us was one of the best interactions of like minded individuals we had seen; deeply technical discussions and presentations by key individuals who not only knew their subject matter, but wrote the code, created the community, or otherwise steered a section of the Open Source software movement from around the world. 2001 – day 1

Living on the opposite side of Australia in Perth meant we were intellectually starved of being able to talk face-to-face to key people from this new world of Open Source and Free Software. The distance across the county is almost the same as East to West coast United States, and not many visitors to Melbourne or Sydney make the long trek over the Great Australian Bight to reach Western Australia’s capital.

We found ourselves asking the LCA 2011 organisers if it would be possible in future to run Linux.Conf.Au in Perth one day.

Having had the initial conference (then called the Conference of Australian Linux Users, or CALU) in 1999 in Melbourne, and then 2001 in Sydney, it seemed a natural progression to having LCA roam around different cities year; it felt almost unfair to those who could not afford to travel to Melbourne or Sydney.

The result from 2001 was that in 2002 it would run in Brisbane, but that we should make a proposal and get organised

MiniConfs at LCA

In 1999 I went to AusWeb in Ballina, NSW, and ApacheCon 2K in London.

Closing of ApacheCon 2000 in London – developers on stage Q&A

I also went to DebConf 1 in Bordeaux, France. DebConf was run as an adjunct to the larger French Libre Software Meeting (LSM), as Debian felt that its gathering of developers was too small to warrant the organisational overhead for its own conference at that time.

Debian Developers at DebConf1, Bordeaux 2001

I liked the idea of a pre-conference gathering for Debian for 2002 in Brisbane – a Mini Conference.

So in parallel to talking about running LCA in Perth for 2003, I asked Raymond Smith, LCA 2002 lead organiser, and the rest of the Brisbane organising team if I could turn up a few days early to Brisbane for the 2002 conference, use one of the rooms for a small pre-event.

The principle was simple: minimal organisation overhead; don’t get in the way of those setting up for LCA.

LCA2003 Bid Preparation

The Puffin/Penguin suit, and a small TuxPuffin/Penguin suit

In December 2001 we found what was probably closer to a full-size puffin costume at a fancy dress shop – close enough that it could pass for a penguin.

We started to plan a video as a welcome video – to show some of Perth, and what could be expected in coming to the West.

With a logo I designed from a classic Australian yellow road sign, we had a theme of the Road Trip to Perth.

So with the Puffin/Penguin suit in hand, and a few phone calls, we found ourselves with camera kit on New Years’ Day 2002 at the arrivals hall of Perth airport to film segments for a video to play at the close of LCA2002: the story of tux arriving and making his/her/their way to the conference venue at UWA. Much of the costume performance was Nick Bannon, but also Mark Tearle, and others. I filmed and rough scripted, Tony Breeds edited video, and sought licensing for the music, generously donated by the band credited.

LCA 2002

The MiniConf at LCA ran smoothly. People arrived from around the world, including then DPL Bdale Garbee.

Debian mini-conf at LCA 2002 in BrisbaneJames Bromberger (c) and Bdale Garbee (r) at the Dbeian Mini-Conf, 2002

The main conference was awesome, as always.

Rusty Russell speaking at 2002
Jeremy Allison (l) and Andrew Tridgell (r) tlaking Samba at 2002
Raymond Smith, lead organiser LCA 2002
Ted T’so talking filesystems at LCA 2002. “In Ted we trust”.
LCA2003 closing
James Bromberger (l) and Tony Breeds (r) – co-chairs of LCA 2003
LCA2003 invite video being played at LCA2002 Closing

Post 2002 prep for 2003

We ran monthly, then weekly face to face meetings, we split into teams – web site, papers committee, travel & accommodation, swag, catering, venue, AV and more. Bernard Blackham made significant changes to get us able to process the crypto to talk to the CommSecure payment gateway so we could process registrations (and send signed receipts).

We thought that not many people would come to Perth, a worry that drove us to innovate. Sun Microsystems agreed to sponsor a program we devised called the Sun Regional Delegate Programme, funding a sizable amount of money to fly people from across the state down to Perth to attend

I left my full time job in November 2002 to work full time on the conference, having planned to start travelling in Europe sometime after LCA in 2003. Hugh Blemmings (then at IBM) sponsored Linus Torvalds to attend, which we kept under wraps.

Tux at 2003

A small group worked on making a much better, full size Penguin costume, which days before the opening we proposed to put Linus in as part of the opening welcome.

Holy Penguin Pee, LCA 2003

I sourced some white label wine, designed and had printed some custom labels, naming this the Holy Penguin Pee, which was to be our conference dinner wine (amongst other beverages). While at the time this was a nice little drop; the bottles I now hold some 16 years later are a little less palatable.

Perth 2003

Miniconfs had blown out to several sessions. Attendance was projected to exceed 500 attendees (excluding speakers and organisers).

As the audience gathered for the welcome in the Octagon Theatre at UWA, we had amongst us Tove Torvalds, and their three small girls: Patricia (6), Daniella (4), and Celeste (2).

The opening of 2003James Bromberger (l), Rusty Russel (c), Linus Torvalds (r

As the conference opened, I took to the stage, and the Penguin waddled on. I commented that we have a mascot, and he’s here; Rusty then joined me, and removed the head of the Penguin to reveal Linus within.

Linus in Penguin costume talking to his daughters

Along with Linus, we also had Tove Torvalds, and their three small girls: Patricia (6), Daniella (4), and Celeste (2). During the earlier rehearsal, the girls were so amused to see their Daddy in a penguin suit; there were some lovely photos of them inspecting the suit, and looking at their Dad change the world while having fun.

On that opening welcome – the morning in the Penguin suit – the temperature was over 40°C.

For a non-profit event, we had too much money left over that it was decided to reduce the profit by ordering pizza for lunch on the last day. Days ahead, we drove to a local pizza hut branch, and asked what would be required to order some 300 pizzas, and could they deliver them effectively. We cut a cheque (remember those) two days in advance, and on the day, two minivans stuffed to the roof turned up.

LCA spelt with Pizza Boxes, a slang name for a common form factor of servers around this time, and one of the LCA yellow banners.

Prior to recycling, I suggested we spell out the name of this even in Pizza boxes as a fun tribute to the amount of pizza we all consumed as we cut code, and changed the world. This photo embodies LCA (and appears on the Wikipedia page). I think I took the image from the library balcony, but I may be wrong.

LCA2003 was the first time we had full audio recordings of all main conference sessions. Ogg Speex was the best codec at the time, and video was just beyond us. A CD was produced containing all recordings, plus a source copy of the Speex codec.

LCA2003 closed on 25 January 2003.

Then on the 26th (Australia Day) my then girlfriend and I grabbed our bags, and moved to the UK for 1 year (PS: it was 8).

Roaming around the northern hemisphere

My time in Europe got me to FOSDEM and DebConf many times. I was at UKUUG, tripping through Cambridge occasionally, seeing people whom I had previously met from the Debian community at the LSM in Bordeaux. I met new people as well, some of whom have since made the trip to Australia in order to present at LCA.

James Bromberger (far l), Barry White (l), Pierre Denis (c), Simon Wardley (far r), at the Fotango Christmas party (skiiing) in Chamonix in 2004.

I spent time at Fotango (part of Canon Europe) working with some awesome Perl developers, and running the data centres and infrastructure.

Returning Home

Upon my return to Perth in 2010, I went back to PLUG, to find a new generation of people who were going to LCA 2011 in Brisbane.

I started a cunning plan with the PLUG crew; we put forward a proposal to the Lottery commission for $10,000 to get equipment for us to set up a single stream for video recording using DVSwitch in order to record the regular PLUG meetings.

Euan (l) and Jason (r) playing with DVSwitch at Perth Artifactory in 2011

It worked; a crew came together, and PLUG had some practice at what running a Video Team required (at the time).  I managed to convince Luke John to put forward a proposal to run LCA – it had been nearly 10 years since it had been in Perth – and thus it came to pass.

I, however, was not going to be front and centre in 2014 (though I did give a presentation on Debian and AWS at the 2014 conference).

But I found a new role I could play. With the additional video kit, and a bit of organising, we grabbed a couch and for one year, created LCA TV – an opportunity to grab on video some of the amazing people who come to While we now have great video of presentations, it’s nice to have a few minutes for chat with those amongst us, captured for posterity.

LCA TV 2014

I want to thank LA Council who have had the courage to have LCA wander the region year to year. I want to thank the LCA crews I have worked with in 2003 and 2014, but I want to thank the crew from every year, the speakers who have stood up and spoken, the video teams, and the volunteers.

Looking forward; I want to thank people who haven’t done what they are going to do yet: those who will run LCA in future, and those who will give their time to share their knowledge with others, across countries, languages, companies and more.

Linux.Conf.Au has been central to the success of technical talent in the Linux and Open Source space in this region.

Arriving at CHC Airport, LCA 2019 was present for conference registrations in the terminal.

I have one more person to thank. My then-girlfriend in 2003, now my wife of many years who has put up with me spending so much time attending, planning and running a technical conference over the years. Thanks Andrea.

Worse Than FailureCodeSOD: A Date with a Consultant

Management went out and hired a Highly Paid Consultant to build some custom extensions for Service Now, a SaaS tool for IT operations management. HPC did their work, turned over the product, and vanished the instant the last check cleared. Matt was the blessed developer who was tasked with dealing with any bugs or feature requests.

Everything was fine for a few days, until the thirthieth of January. One of the end users attempted to set the “Due Date” for a hardware order to 03-FEB–2019. This failed, because "Start date cannot be in the past".

Now, at the time of this writing, Feburary 3rd, 2019 is not yet in the past, so Matt dug in to investigate.

function onChange(control, oldValue, newValue, isLoading) {
	if (isLoading /*|| newValue == ''*/) {
	//Type appropriate comment here, and begin script below
	var currentDate = new Date();
	var selectedDate = new Date(g_form.getValue('date_for'));
	if (currentDate.getUTCDate() > selectedDate.getUTCDate() || currentDate.getUTCMonth() > selectedDate.getUTCMonth() || currentDate.getUTCFullYear() > selectedDate.getUTCFullYear()) {
		g_form.addErrorMessage("Start date cannot be in the past.");

The validation rule at the end pretty much sums it up. They check each part of the date to see if a date is in the future. So 05-JUN–2019 obviously comes well before 09-JAN–2019. 21-JAN–2020 is well before 01-JUL–2019. Of course, 01-JUL-2019 is also before 21-JAN-2020, because this type of date comparison isn't actually orderable at all.

How could this code be wrong? It’s just common sense, obviously.

Speaking of common sense, Matt replaced that check with if (currentDate > selectedDate) and got ready for the next landmine left by the HPC.

[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Planet Linux AustraliaMichael Still: The Gentle Art of Swedish Death Cleaning


We’ve owned this book for a while, but ironically Catherine lost it for a bit. It seems very topical at the moment because of the Marie Kondo craze, but its been floating around our house for probably a year.

The book is written by an 80+ year old and explains the Swedish tradition of sorting your stuff out before you keel over, which seems like a totally reasonable thing to do when the other option is leaving your grieving kids to work out what on earth to do. The book isn’t as applicable to people not at the end of the lives — it for example recommends starting with large things like furniture and younger people are unlikely to have heaps of unneeded furniture.

That said, there is definitely advice in here that is applicable to other life stages.

The book is composed of a series of generally short chapters. They read a bit like small letters, notes, or blog posts. This makes the book feel very approachable and its a quite fast read.

I enjoyed the book and I think I got some interesting things out of it.

The Gentle Art of Swedish Death Cleaning Book Cover The Gentle Art of Swedish Death Cleaning
Margareta Magnusson, Jane Magnusson,
October 19, 2017

D�st�dning, or the art of death cleaning, is a Swedish phenomenon by which the elderly and their families set their affairs in order. Whether it's sorting the family heirlooms from the junk, downsizing to a smaller place, or setting up a system to help you stop misplacing your keys, death cleaning gives us the chance to make the later years of our lives as comfortable and stress-free as possible. Whatever your age, Swedish death cleaning can be used to help you de-clutter your life, and take stock of what's important. Margareta Magnusson has death cleaned for herself and for many others. Radical and joyous, her guide is an invigorating, touching and surprising process that can help you or someone you love immeasurably, and offers the chance to celebrate and reflect on all the tiny joys that make up a long life along the way.


Planet Linux AustraliaLev Lafayette: Introduction to Information Systems & Systems Thinking

What Are Information Systems? (video)

Reflective One Minute Paper

The primary objective here is to define information systems. To do so, one must differentiate between raw, unorganised data, to processed, organised, and structured information that is meaningful. Information is necessary to for behaviour, decisions, and outcomes and can be valued by various metrics (timeliness, appropriateness, accuracy, etc). Information has a life-cycle: Creation (internal or external capture), Existence (Store/Retrieve, Use), Termination (Archive or Destroy).

The scholarly history of Information Systems has developed initially from positivist approaches (business and economics), to include interpretative (sociological) and critical (feminist, environmentalist). The use of Information Systems as a discipline has been especially effective in software development, and in the restructuring of business processes. Pragmatic processes are concerned with capturing and understanding business processes for analysis of that process, with notational systems (e.g., Business Process Model and Notation) being employed.

Three significant questions arise from this review.

Firstly, is there a possibility of transcendence or overcoming (aufhebung) to break the information life-cycle, where iteration leads to qualitative improvement (destruction of information, conversely, would be a qualitative destruction). If this so, then information (and data) should always be at the very least archived and never destroyed.

Secondly, where is Information Systems placed in academia given the influences? This is a major issue for researchers and theorists for decades (e.g., Checkland (1988), Banville and Landry (1989), Paul (2007)), which in part reflects its history of attempting to be positivist, interpretative and critical in approaches. Perhaps overlooked in this analysis is the importance of the earlier Habermas-Luhmann debates between systems and critical approaches in social theory (Habermas, Luhmann, 1971)

Finally, the possibility is raised for the insights of critical approaches in information systems and the iterative techniques of agile project management (Highsmith, 2010) to open up formal mappings such as the Business Process Model and Notation. Applying new decision points that allow for democratic inputs and dynamically changing the model maps would allow for dynamic projects as well as established operations, whilst at the same time providing rigour to agile project management.


Checkland, P.B. (1988), Information Systems and Systems Thinking: Time to Unite?, International Journal of Information Management, 8 p239-248

Banville, Claude., Landry, Maurice (1989), Can the Field of MIS be Disciplined?, Communications of the ACM, Vol 32 No 1, p48-60

Habermas, Jurgen., Luhmann, Niklas (1971), Theorie der Gesellschaft oder Sozialtechnologie?, Suhrkamp

Highsmith, Jim (2010), Agile Project Management, 2nd edition, Addison-Wesley

Paul, Ray J. (2007), Challenges to information systems: time to change, European Journal of Information Systems 16, p193–195. doi:10.1057/palgrave.ejis.3000681

Systems Thinking (video)

Reflective One Minute Paper

Systems Thinking

Reflective One Minute Paper

The following provides a review of the history and approaches to the concept of "systems". Etymologically, the word derives from the Greek sustēma, from sun- 'with' and histanai 'set up' meaning uniting, putting together. The first scientific use of the word comes from Carnot, referring to steam thermodynamics in the early-mid 19th century, with systems concepts being applied in evolutionary and biological sciences (e.g., Darwin, 1850s., Tansley 1910s) with the biologist Bertalanffy (from Bogdanov) developing a "general systems theory" in the 1930s. Wiener provided the notion of cybernetics, the general study of control and communication, in the 1940s, alongside computing sciences with von Neumann, Turing, and Shannon.

'Cybernetics', is derived from the Greek word for steersman or helmsman, who provides the control system for a boat or ship. Note also applies for government, "kyber-ment'. Cybernetics can be applied to itself, and as such second-order cybernetics was developed by Beer et al in the 1960s, which included the role of the observer. Soft systems methodology developed by Checkland, Wilson et al in the 1970s allowed for normative evaluations to be applied within an interrogative systems approach. Finally, Kauffman, Botkin et al in the 1990s developed a systems approach to complexity which identifies disequilibria dynamics in self-organisation.

Overlooked in the lecture is the extremely important contribution of systems theory within sociology and social theory, deriving from the functional sociology of Weber (1900s), the structuralism of Parsons (1950s), the systems theory of Luhmann (1960s), and the neofunctionalism of Alexander (2000s). Second-order cybernetics also has relevancy with Giddens' (1987) double hermeneutic, a distinguishing difference between social and natural sciences, where the observer is observed as well as the subject.

The structure of a system is a static property and refers to the constituent elements of the system and their relationship to each other. The behaviour is a dynamic property and refers to the effect produced by a system in operation. Feedback is information about the results of a process which is used to change the process. The homeostat, the human being, and the thermostat all are said to maintain homoeostasis or equilibrium, through feedback loops, which was promoted as a theory of everything (e.g., Odum, 1959). Whilst feedback plus systems behaviour was meant to provide a self-regulating system, the observed result is disequilibrium and dynamism at least in nature (equilibrium is present in machines).

Of note was the misuse of language from the computer engineering processes to systems theory (e.g., the use of "memory" for "information storage" (primary, secondary, tertiary, dynamic, fixed). Likewise the use of "information theory" instead of "signal transmission theory". Apropos, Shannon (1948) even described "A Mathematical Theory of Communication", an exceptional paper on signal transmission and noise, but which did not touch upon the pragmatics or semantics of language.


Giddens, A., (1987), Social Theory and Modern Sociology, Polity Press, p20-21

Odum, Howard (1959) "The relationships between producer plants and consumer animals, between predator and prey, not to mention the numbers and kinds of organisms in a given environment, are all limited and controlled by the same basic laws which govern non-living systems, such as electric motors and automobiles.", Fundamentals of Ecology, 2nd ed p44

Shannon, C.E., (1948), A Mathematical Theory of Communication, The Bell System Technical Journal, Vol. 27, pp. 379-423 and 623-656, 1948.

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV February 2019 Workshop: TBA

Feb 22 2019 12:30
Feb 22 2019 16:30
Feb 22 2019 12:30
Feb 22 2019 16:30
Infoxchange, 33 Elizabeth St. Richmond


Topic to be announced

There will also be the usual casual hands-on workshop, Linux installation, configuration and assistance and advice. Bring your laptop if you need help with a particular issue. This will now occur BEFORE the talks from 12:30 to 14:00. The talks will commence at 14:00 (2pm) so there is time for people to have lunch nearby.

The meeting will be held at Infoxchange, 33 Elizabeth St. Richmond 3121.  Late arrivals please call (0421) 775 358 for access to the venue.

LUV would like to acknowledge Infoxchange for the venue.

Linux Users of Victoria is a subcommittee of Linux Australia.

February 22, 2019 - 12:30

Planet Linux AustraliaLinux Users of Victoria (LUV) Announce: LUV February 2019 Main Meeting: All users will eventually die / ZeroTier

Feb 5 2019 19:00
Feb 5 2019 21:00
Feb 5 2019 19:00
Feb 5 2019 21:00
Kathleen Syme Library, 251 Faraday Street Carlton VIC 3053


7:00 PM to 9:00 PM Tuesday, February 5, 2019
Training Room, Kathleen Syme Library, 251 Faraday Street Carlton VIC 3053


Many of us like to go for dinner nearby after the meeting, typically at Brunetti's or Trotters Bistro in Lygon St.  Please let us know if you'd like to join us!

Linux Users of Victoria is a subcommittee of Linux Australia.

February 5, 2019 - 19:00

read more


TEDMeet the 2019 TED Fellows and Senior Fellows

The TED Fellows program turns 10 in 2019 — and to mark this important milestone, we’re excited to kick off the year of celebration by announcing the impressive new group of TED2019 Fellows and Senior Fellows! This year’s TED Fellows class represents 12 countries across four continents; they’re leaders in their fields — ranging from astrodynamics to policing to conservation and beyond — and they’re looking for new ways to collaborate and address today’s most complex challenges.

The TED Fellows program supports extraordinary, iconoclastic individuals at work on world-changing projects, providing them with access to the global TED platform and community, as well as new tools and resources to amplify their remarkable vision. The TED Fellows program now includes 472 Fellows who work across 96 countries, forming a powerful, far-reaching network of artists, scientists, doctors, activists, entrepreneurs, inventors, journalists and beyond, each dedicated to making our world better and more equitable. Read more about their visionary work on the TED Fellows blog.

Below, meet the group of Fellows and Senior Fellows who will join us at TED2019, April 15-19, in Vancouver, BC, Canada.

Alexis Gambis
Alexis Gambis (USA | France)
Filmmaker + biologist
Filmmaker and biologist creating films that merge scientific data with narrative in an effort to make stories of science more human and accessible.

Ali Al-Ibrahim
Ali Al-Ibrahim (Syria | Sweden)
Investigative journalist
Journalist reporting on the front lines of the Syrian conflict and creating films about the daily struggles of Syrians.

Amma Ghartey-Tagoe Kootin
Amma Ghartey-Tagoe Kootin (USA)
Scholar + artist
Scholar and artist working across academia and the entertainment industry to transform archival material about black identity into theatrical performances.

Arnav Kapur
Arnav Kapur (USA | India)
Inventor creating wearable AI devices that augment human cognition and give voice to those who have lost their ability to speak.

Wild fishing cats live in the Mangrove forests of southeast Asia, feeding on fish and mangrove crab in the surrounding waters. Not much is known about this rare species. Conservationist Ashwin Naidu and his organization, Fishing Cat Conservancy, are working to protect these cats and their endangered habitat. (Photo: Anjani Kumar/Fishing Cat Conservancy)

Ashwin Naidu
Ashwin Naidu (USA | India)
Fishing cat conservationist
Conservationist and co-founder of Fishing Cat Conservancy, a nonprofit dedicated to protecting fishing cats and their endangered mangrove habitat.

Brandon Anderson
Brandon Anderson (USA)
Data entrepreneur
Human rights activist and founder of Raheem AI, a tech nonprofit working to end police violence through data collection, storytelling and community organizing.

Brandon Clifford
Brandon Clifford (USA)
Ancient technology architect
Architectural designer and co-founder of Matter Design, an interdisciplinary design studio that uses the technology of ancient civilizations to solve contemporary problems.

Bruce Friedrich
Bruce Friedrich (USA)
Food innovator
Founder of the Good Food Institute, an organization supporting the creation of plant and cell-based meat for a more healthy and sustainable food system.

Christopher Bahl
Christopher Bahl (USA)
Protein designer
Molecular engineer using computational design to develop new protein drugs that combat infectious disease.

Erika Hamden
Erika Hamden (USA)
Astrophysicist developing telescopes and new ultraviolet detection technologies to improve our ability to observe distant galaxies.

Federica Bianco
Federica Bianco (USA | Italy)
Urban astrophysicist
Astrophysicist using an interdisciplinary approach to study stellar explosions and help build resilient cities by applying astronomical data processing techniques to urban science.

Gangadhar Patil
Gangadhar Patil (India)
Journalism entrepreneur
Journalist and founder of 101Reporters, an innovative platform connecting grassroots journalists with international publishers to spotlight rural reporting.

In Tokyo Medical University for Rejected Women, multimedia artist Hiromi Ozaki explores the systematic discrimination of female applicants to medical school in Japan. (Photo: Hiromi Ozaki)

Hiromi Ozaki
Hiromi Ozaki (Japan | UK)
Artist creating music, film and multimedia installations that explore the social and ethical implications of emerging technologies.

Ivonne Roman
Ivonne Roman (USA)
Police captain
Police captain and co-founder of the Women’s Leadership Academy, an organization working to increase the recruitment and retention of women in policing.

Jess Kutch
Jess Kutch (USA)
Labor entrepreneur
Co-founder of, a labor organization for the 21st century helping workers solve problems and advance change through an open online platform.

Leila Pirhaji
Leila Pirhaji (Iran | USA)
Biotech entrepreneur
Computational biologist and founder of ReviveMed, a biotech company pioneering the use of artificial intelligence for drug discovery and treatment of metabolic diseases.

Morangels Mbizah
Moreangels Mbizah (Zimbabwe)
Lion conservationist
Conservation biologist developing innovative community-based conservation methods to protect lions and their habitat.

Moriba Jah
Moriba Jah (USA)
Space environmentalist
Astrodynamicist tracking and monitoring satellites and space garbage to make outer space safe, secure and sustainable for future generations.

Muthoni Ndonga
Muthoni Ndonga (Kenya)
Musician and cultural entrepreneur fusing traditional drum patterns and modern styles such as hip-hop and reggae to create the sound of “African cool.”

Nanfu Wang
Nanfu Wang (China | USA)
Documentary filmmaker
Documentary filmmaker uncovering stories of human rights and untold histories in China through a characteristic immersive approach.

TED2019 Senior Fellows

Senior Fellows embody the spirit of the TED Fellows program. They attend four additional TED events, mentor new Fellows and continue to share their remarkable work with the TED community.

Adital Ela
Adital Ela (Israel)
Sustainable materials designer
Entrepreneur developing sustainable materials and construction methods that mimic natural processes and minimize environmental impact.

Anita Doron
Anita Doron (Canada | Hungary)
Filmmaker who wrote The Breadwinner, an Oscar-nominated coming-of-age story set in Taliban-controlled Afghanistan.

Jessica Ladd
Constance Hockaday (USA)
Artist creating experiential performances on public waterways that examine issues surrounding public space, political voice and belonging.

Jorge Mañes Rubio
Eman Mohammed (USA | Palestine)
Photojournalist documenting contemporary issues, including race relations and immigration, often through a characteristic long-form approach.

Erine Gray
Erine Gray (USA)
Social services entrepreneur
Software developer and founder of Aunt Bertha, a platform helping people access social services such as food banks, health care, housing and educational programs.

In one of her projects, documentary photographer Kiana Hayeri took a rare, intimate look at the lives of single mothers in Afghanistan, capturing their struggles and strengths. Here, two children hang a picture of their father. (Photo: Kiana Hayeri)

Kiana Hayeri
Kiana Hayeri (Canada | Iran)
Documentary photographer
Documentary photographer exploring complex topics such as migration, adolescence and sexuality in marginalized communities.

An illustration of Tungsenia, an early relative of lungfish. Paleobiologist Lauren Sallan studies the vast fossil records to explore how extinctions of fish like this have affected biodiversity in the earth’s oceans. (Photo: Nobu Tamura)

Lauren Sallan (USA)
Paleobiologist using the vast fossil record as a deep time database to explore how mass extinctions, environmental change and shifting ecologies impact biodiversity.

David Sengeh
Pratik Shah (USA | India)
Health technologist
Scientist developing new artificial intelligence technologies for antibiotic discovery, faster clinical trials and tools to help doctors better diagnose patients.

Premesh Chandran
Premesh Chandran (Malaysia)
Journalism entrepreneur
Cofounder and CEO of, the most popular independent online news organization in Malaysia, which is working to create meaningful political change.

Samuel “Blitz the Ambassador” Bazawule
Samuel “Blitz the Ambassador” Bazawule (USA | Ghana)
Musician + filmmaker
Hip-hop artist and filmmaker telling stories of the polyphonic African diaspora.

CryptogramSecurity Analysis of the LIFX Smart Light Bulb

The security is terrible:

In a very short limited amount of time, three vulnerabilities have been discovered:

  • Wifi credentials of the user have been recovered (stored in plaintext into the flash memory).
  • No security settings. The device is completely open (no secure boot, no debug interface disabled, no flash encryption).
  • Root certificate and RSA private key have been extracted.

Boing Boing post.

Worse Than FailureTemporal Obfuscation

We've all been inflicted with completely overdesigned overly generalized systems created by architects managers who didn't know how to scope things, or when to stop.

We've all encountered premature optimization, and the subtle horrors that can spawn therefrom.

For that matter, we've all inherited code that was written by individuals cow-orkers who didn't understand that this is not good variable naming policy.

Jay's boss was a self-taught programmer from way back in the day and learned early on to write code that would conserve both memory and CPU compilation cycles for underpowered computers.

He was assigned to work on such a program written by his boss. It quickly became apparent that when it came to variable names, let's just say that his boss was one of those people who believed that usefully descriptive variable names took so much longer to compile that he preemptively chose not to use them, or comments, in order to expedite compiling. Further, he made everything global to save the cost of pushing/popping variables to/from the stack. He even had a convention for naming his variables. Integers were named I1, I2, I3..., strings were named S1, S2, S3..., booleans were named F1, F2, F3...

Thus, his programs were filled with intuitively self-explanatory statements like I23 = J4 + K17. Jay studied the program files for some time and had absolutely no clue as to what it was supposed to do, let alone how.

He decided that the only sane thing that could be done was to figure out what each of those variables represented and rename it to something appropriate. For example, he figured out that S4 was customer name, and then went through the program and replaced every instance of S4 with customer_name. Rinse and repeat for every variable declaration. He spent countless hours at this and thought that he was finally making sense of the program, when he came to a line that, after variable renaming, now said: account_balance = account_balance - zip_code.

Clearly, that seemed wrong. Okay, he must have made a mistake somewhere, so he went back and checked what made him think that those variables were account balance and zip code. Unfortunately, that's exactly what they represented... at the top of the program.

To his chagrin, Jay soon realized that his boss, to save memory, had re-used variables for totally different purposes at different places in the program. The variable that contained zip code at the top contained item cost further down, and account balance elsewhere. The meaning of each variable changed not only by code location and context, but also temporally throughout the execution of the program.

It was at this point that Jay began his nervous breakdown.

[Advertisement] Otter - Provision your servers automatically without ever needing to log-in to a command prompt. Get started today!

CryptogramiPhone FaceTime Vulnerability

This is kind of a crazy iPhone vulnerability: it's possible to call someone on FaceTime and listen on their microphone -- and see from their camera -- before they accept the call.

This is definitely an embarrassment, and Apple was right to disable Group FaceTime until it's fixed. But it's hard to imagine how an adversary can operationalize this in any useful way.

New York governor Andrew M. Cuomo wrote: "The FaceTime bug is an egregious breach of privacy that puts New Yorkers at risk." Kinda, I guess.

EDITED TO ADD (1/30): This bug/vulnerability was first discovered by a 14-year-old, whose mother tried to alert Apple with no success.

Cory DoctorowAnnouncing the audiobook for Unauthorized Bread: a DRM-free tale of DRM-locked appliances, refugees, and resistance

Unauthorized Bread is the first of four audiobooks that make up my forthcoming book Radicalized and read by the talented actor Lameece Issaq. The book, published by Macmillan Audio, is a Google Play exclusive, as part of a deal I made to celebrate the launch of a major DRM-free audiobook store that challenges Audible’s monopoly on the store. But the Google Play folks have graciously permitted me to sell it with my other DRM-free audiobooks, so you can buy it direct if you prefer.

There’s three more audiobooks to come in the series (they’re launching with Radicalized on March 19), and they’ll all be sold on Google Play and on my site for three months, then they’ll be available in all DRM-free audiobook stores (which probably means that they won’t be for sale on Audible, unless the company makes good on its promise to drop DRM, which dates back to Amazon’s acquisition of the company in 2008.

Here’s a little summary of the story: “Unauthorized Bread is a tale of immigration, the toxicity of economic and technological stratification, and the young and downtrodden fighting against all odds to survive and prosper.”

Unauthorized Bread is being developed for television by Topic Studios (a sister company to The Intercept).

Unauthorized Bread (Google Play)

Unauthorized Bread (Direct from me!)


Planet Linux AustraliaJames Morris: Save the Dates! Linux Security Summit Events for 2019.

There will be two Linux Security Summit (LSS) events again this year:

Stay tuned for CFP announcements!

LongNowThe 26,000-Year Astronomical Monument Hidden in Plain Sight

One of the two massive bronze cast sculptures that flank Hoover Dam’s Monument Plaza. (Photo by Alexander Rose)

On the western flank of the Hoover Dam stands a little-understood monument, commissioned by the US Bureau of Reclamation when construction of the dam began in 01931. The most noticeable parts of this corner of the dam, now known as Monument Plaza, are the massive winged bronze sculptures and central flagpole which are often photographed by visitors. The most amazing feature of this plaza, however, is under their feet as they take those pictures.

The plaza’s terrazzo floor is actually a celestial map that marks the time of the dam’s creation based on the 25,772-year axial precession of the earth.

Marking in the terrazzo floor of Monument Plaza showing the location of Vega, which will be our North Star in roughly 12,000 years. (Photo by Alexander Rose)

I was particularly interested in this monument because this axial precession is also the slowest cycle that we track in Long Now’s 10,000 Year Clock. Strangely, little to no documentation of this installation seemed to be available, except for a few vacation pictures on Flickr. So the last time I was in Las Vegas, I made a special trip out to Hoover Dam to see if I could learn more about this obscure 26,000-year monument.

Monument Plaza with access road on left. (Image courtesy of US Bureau of Reclamation).

I parked my rental car on the Nevada side of the dam on a day pushing 100 degrees. I quickly found Monument Plaza just opposite the visitor center where tours of the dam are offered. While the plaza is easy to find, it stands apart from all the main tours and stories about the dam. With the exception of the writing in the plaza floor itself, the only information I could find came from a speaker running on loop, broadcasting a basic description of the monument while visitors walked around the area. When I asked my tour guide about it, he suggested that there may be some historical documentation and directed me to Emme Woodward, the dam’s historian.

Hansen laying out the axial precession. (Image courtesy of US Bureau of Reclamation)

I was able to get in touch with her after returning home. As she sent me a few items, I began to see why the Bureau of Reclamation doesn’t explain very much about the monument’s background. The first thing she sent me was a description of the plaza by Oskar J. W. Hansen, the artist himself, which I thought would tell me everything I wanted to know. While parts of it were helpful, the artist’s statement of intention was also highly convoluted and opaque. An excerpt:

These [human] postures may be matched to their corresponding reflexes in terms of angle and degree much as one would join cams in a worm-gear drive. There is an angle for doubt, for sorrow, for hate, for joy, for contemplation, and for devotion. There are as many others as there are fleeting emotions within the brain of each individual who inhabits the Earth. Who knows not all these postures of the mind if he would but stop to think of them as usable factors for determining proclivities of character? It is a knowledge bred down to us through the past experience of the whole race of men.

It is pretty hard to imagine the US Bureau of Reclamation using this type of write-up to interpret the monument… and they don’t. And so there it stands, a 26,000-year clock of sorts, for all the world to see, and yet still mired in obscurity.

Markings on the floor showing that Thuban was the North Star for the ancient Egyptians at the time of the Great Pyramids. (Photo by Alexander Rose)

While I may never totally understand the inner motivations of the monument’s designer, I did want to understand it on a technical level. How did Hansen create a celestial clock face frozen in time that we can interpret and understand as the date of the dam’s completion? The earth’s axial precession is a rather obscure piece of astronomy, and our understanding of it through history has been spotty at best. That this major engineering feat was celebrated through this monument to the axial precession still held great interest to me, and I wanted to understand it better.

The giant bronze statues being craned into place. (Image courtesy of US Bureau of Reclamation)

I pressed for more documentation, and the historian sent me instructions for using the Bureau of Reclamation’s image archive site as well as some keywords to search for. The black and white images you see here come from this resource. Using the convoluted web site was a challenge, and at first I had difficulty finding any photos of the plaza before or during its construction. As I discovered, the problem was that I was searching with the term “Monument Plaza,” a name only given to it after its completion in 01936. In order to find images during its construction, I had to search for “Safety Island,” so named because at the time of the dam’s construction, it was an island in the road where workers could stand behind a berm to protect themselves from the never-ending onslaught of cement trucks.

Hansen next to the completed axial precession layout before the terrazzo was laid in. (Image courtesy of US Bureau of Reclamation)

I now had some historical text and photos, but I was still missing a complete diagram of the plaza that would allow me to really understand it. I contacted the historian again, and she obtained permission from her superiors to release the actual building plans. I suspect that they generally don’t like to release technical plans of the dam for security reasons, but it seems they deemed my request a low security risk as the monument is not part of the structure of the dam. The historian sent me a tube full of large blueprints and a CD of the same prints already scanned. With this in hand I was finally able to re-construct the technical intent of the plaza and how it works.

In order to understand how the plaza marks the date of the dam’s construction in the nearly 26,000-year cycle of the earth’s precession, it is worth explaining what exactly axial precession is. In the simplest terms, it is the earth “wobbling” on its tilted axis like a gyroscope — but very, very slowly. This wobbling effectively moves what we see as the center point that stars appear to revolve around each evening.

Long exposure of star trails depicting how all the stars appear to revolve around the earth’s celestial axis, which is currently pointed close to our current North Star — Polaris. Note that when I say that the stars of the night sky “appear to” rotate around Polaris, it is because this apparent rotation is only due to our vantage point on a rotating planet. (Image courtesy of NASA)

Presently, this center point lies very close to the conveniently bright star Polaris. The reason we have historically paid so much attention to this celestial center, or North Star, is because it is the star that stays put all through the course of the night. Having this one fixed point in the sky is the foundation of all celestial navigation.

Figure 1. The earth sits at roughly a 23 degree tilt. Axial precession is that tilt slowly wobbling around in a circle, changing what we perceive as the celestial pole or “North Star.” (Image from Wikipedia entry on Axial Precession.)

But that point near Polaris, which we call the North Star, is actually slowly moving and tracing a circle through the night sky. While Polaris is our North Star, Hansen’s terrazzo floor points out that the North Star of the ancient Egyptians, as they built the great pyramids, was Thuban. And in about 12,000 years, our North Star will be Vega. The workings of this precession are best explained with an animation, as in figure 1. Here you can see how the axis of the earth traces a circle in the sky over the course of 25,772 years.

Unfortunately it is a bit difficult to see how this all works in the inlaid floor at Monument Plaza. The view that you really want to have of the plaza is directly from above. You would need a crane to get this view of the real thing, but by using the original technical drawing as an underlay I was able to mark up a diagram which hopefully clarifies it (Fig. 2).

Figure 2. Description overlaid on the original technical drawing for the layout of terrazzo floor. (Underlay courtesy of US Bureau of Reclamation, color notations by Alexander Rose.)

In this diagram, you can see that the center of the circle traced by the axial precession is actually the massive flag pole in the center of the plaza. This axial circle is prominently marked around the pole, and the angle of Polaris was depicted as precisely as possible to show where it would have been on the date of the dam’s opening. Hansen used the rest of the plaza floor to show the location of the planets visible that evening, and many of the bright stars that appear in the night sky at that location.

By combining planet locations with the angle of precession, we are able to pinpoint the time of the dam’s completion down to within a day. We are now designing a similar system — though with moving parts — in the dials of the 10,000 Year Clock. It is likely that at least major portions of the Hoover Dam will still be in place hundreds of thousands of years from now. Hopefully the Clock will still be ticking and Hansen’s terrazzo floor will still be there, even if it continues to baffle visitors.

A high resolution drawing of the terrazzo layout. (Courtesy of US Bureau of Reclamation)

I would like to thank Emme Woodward of the US Bureau of Reclamation for all her help in finding the original images and plans of Monument Plaza. If you have further interest in reading Hansen’s original writings about the plaza or in seeing the plans, I have uploaded all the scans to the Internet Archive.

Worse Than FailureA Mean Game of Pong

Mark J spent some time as a contractor in the Supply & Inventory division of a Big Government Agency. He helped with the coding efforts on an antiquated requisition system, although as he would come to find, his offers to help went unappreciated.

Ameprod game console, displaying a Pong game
By Wojciech Pędzich

The requisition system allowed a user to enter in a part number they needed and have it ordered for them. Behind the scenes, a database lookup by part number returned all warehouses that had it stocked. Then it determined the closest warehouse to where the request came from. Finally, it would create an order to have the part shipped from Warehouse X to the user's location. It was quite simple and worked fine for what Big Government Agency needed, except when it didn't.

Every now and then, chosen Warehouse X would reject the order. Milliseconds later, it would run back through the system and be rejected again Warehouse X. As a result, the message bounced back and forth thousands of times, creating enough traffic to crash the system.

Eager to be a problem solver, Mark asked Jacob, the head project manager, about the order rejection flaw. "It's a timing issue, depending on when the order is made," Jacob explained. There's a separate copy of the database on the server and at the warehouse. They sync up every night, but if the warehouse shipped its last of a part during the day and someone else orders it, it gets rejected."

Ignoring the asinine practice of not having a centralized database, Mark pressed on, "Ok, but why does the same order then come back to the same warehouse? Shouldn't it find the next closest warehouse and create an order from there?"

"I suppose that would be ideal," Jacob said, shrugging. "But the rejection just sends it back to the routing engine unaltered. So it's treated as a brand new order with the same out-of-sync inventory count. Thus, it's sent right back to the same warehouse, and so on. It's this dumb thing we call ping-ponging."

Mark furrowed his brow at Jacob's acceptance of this fundamental logic flaw. "That sounds absurd. Say the word and I will find a way to address this ping-pong nonsense. Then if I have time, I'll re-architect the data structure to have up-to-the-minute inventory statistics kept in a single copy of the database."

"Mark, we have too much else to do. We can't be worrying about technical debt like this," Jacob responded, growing irritated. "When it causes the system to crash, we just start it back up and go about our business."

Mark decided to drop his argument and began calculating how long his Big Government Agency contract had left. The following week he came in to find a ping pong paddle on his desk. Next to it lay a note from Jacob, "Hey Mark. Since you're so interested in helping with the ping-pong problem, I'm assigning you the duty of restarting the system whenever it goes down. Thanks for being a team player. ~ Jacob."

[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Planet Linux AustraliaTim Serong: Distributed Storage is Easier Now: Usability from Ceph Luminous to Nautilus

On January 21, 2019 I presented Distributed Storage is Easier Now: Usability from Ceph Luminous to Nautilus at the 2019 Systems Administration Miniconf. Thanks to the incredible Next Day Video crew, the video was online the next day, and you can watch it here:

If you’d rather read than watch, the meat of the talk follows, but before we get to that I have two important announcements:

  1. Cephalocon 2019 is coming up on May 19-20, in Barcelona, Spain. The CFP is open until Friday February 1, so time is rapidly running out for submissions. Get onto it.
  2. If you’re able to make it to FOSDEM on February 2-3, there’s a whole Software Defined Storage Developer Room thing going on, with loads of excellent content including What’s new in Ceph Nautilus – project status update and preview of the coming release and Managing and Monitoring Ceph with the Ceph Manager Dashboard, which will cover rather more than I was able to here.

Back to the talk. At 2018, Sage Weil presented “Making distributed storage easy: usability in Ceph Luminous and beyond”. What follows is somewhat of a sequel to that talk, covering the changes we’ve made in the meantime, and what’s still coming down the track. If you’re not familiar with Ceph, you should probably check out A Gentle Introduction to Ceph before proceeding. In brief though, Ceph provides object, block and file storage in a single, horizontally scalable cluster, with no single points of failure. It’s Free and Open Source software, it runs on commodity hardware, and it tries to be self-managing wherever possible, so it notices when disks fail, and replicates data elsewhere. It does background scrubbing, and it tries to balance data evenly across the cluster. But you do still need to actually administer it.

This leads to one of the first points Sage made this time last year: Ceph is Hard. Status display and logs were traditionally difficult to parse visually, there were (and still are) lots of configuration options, tricky authentication setup, and it was difficult to figure out the number of placement groups to use (which is really an internal detail of how Ceph shards data across the cluster, and ideally nobody should need to worry about it). Also, you had to do everything with a CLI, unless you had a third-party GUI.

I’d like to be able to flip this point to the past tense, because a bunch of those things were already fixed in the Luminous release in August 2017; status display and logs were cleaned up, a balancer module was added to help ensure data is spread more evenly, crush device classes were added to differentiate between HDDs and SSDs, a new in-tree web dashboard was added (although it was read-only, so just cluster status display, no admin tasks), plus a bunch of other stuff.

But we can’t go all the way to saying “Ceph was hard”, because that might imply that everything is now easy. So until we reach that frabjous day, I’m just going to say that Ceph is easier now, and it will continue to get easier in future.

At in January 2018, we were half way through the Mimic development cycle, and at the time the major usability enhancements planned included:

  • Centralised configuration management
  • Slick deployment in Kubernetes with Rook
  • A vastly improved dashboard based on ceph-mgr and openATTIC
  • Placement Group merging

We got some of that stuff done for Mimic, which was released in June 2018, and more of it is coming in the Nautilus release, which is due out very soon.

In terms of usability improvements, Mimic gave us a new dashboard, inspired by and derived from openATTIC. This dashboard includes all the features of the Luminous dashboard, plus username/password authentication, SSL/TLS support, RBD and RGW management, and a configuration settings browser. Mimic also brought the ability to store and manage configuration options centrally on the MONs, which means we no longer need to set options in /etc/ceph/ceph.conf, replicate that across the cluster, and restart whatever daemons were affected. Instead, you can run `ceph config set ...` to make configuration changes. For initial cluster bootstrap, you can even use DNS SRV records rather than specifying MON hosts in the ceph.conf file.

As I mentioned, the Nautilus release is due out really soon, and will include a bunch more good stuff:

  • PG autoscaling:
  • More dashboard enhancements, including:
    • Multiple users/roles, also single sign on via SAML
    • Internationalisation and localisation
    • iSCSI and NFS Ganesha management
    • Embedded Grafana dashboards
    • The ability to mark OSDs up/down/in/out, and trigger scrubs/deep scrubs
    • Storage pool management
    • A configuration settings editor which actually tells you what the configuration settings mean, and do
    • Embedded Grafana dashboards
    • To see what this all looks like, check out Ceph Manager Dashboard Screenshots as of 2019-01-17
  • Blinky lights, that being the ability to turn on or off the ident and fault LEDs for the disk(s) backing a given OSD, so you can find the damn things in your DC.
  • Orchestrator module(s)

Blinky lights, and some of the dashboard functionality (notably configuring iSCSI gateways and NFS Ganesha) means that Ceph needs to be able to talk to whatever tool it was that deployed the cluster, which leads to the final big thing I want to talk about for the Nautilus release, which is the Orchestrator modules.

There’s a bunch of ways to deploy Ceph, and your deployment tool will always know more about your environment, and have more power to do things than Ceph itself will, but if you’re managing Ceph, through the inbuilt dashboard and CLI tools, there’s things you want to be able to do as a Ceph admin, that Ceph itself can’t do. Ceph can’t deploy a new MDS, or RGW, or NFS Ganesha host. Ceph can’t deploy new OSDs by itself. Ceph can’t blink the lights on a disk on some host if Ceph itself has somehow failed, but the host is still up. For these things, you rely on your deployment tool, whatever it is. So Nautilus will include Orchestrator modules for Ansible, DeepSea/Salt, and Rook/Kubernetes, which allow the Ceph management tools to call out to your deployment tool as necessary to have it perform those tasks. This is the bit I’m working on at the moment.

Beyond Nautilus, Octopus is the next release, due in a bit more than nine months, and on the usability front I know we can expect more dashboard and more orchestrator functionality, but before that, we have the Software Defined Storage Developer Room at FOSDEM on February 2-3 and Cephalocon 2019 on May 19-20. Hopefully some of you reading this will be able to attend :-)

Update 2019-02-04: Check out Sage’s What’s new in Ceph Nautilus FOSDEM talk for much more detail on what’s coming up in Nautilus and beyond.

Sky CroeserAIES: AI for social good, human machine interactions, and trustworthy AI

If you want to read more about any of these, accepted papers are here.

AI for Social Good

On Influencing Individual Behavior for Reducing Transportation Energy Expenditure in a Large Population, Shiwali Mohan, Frances Yan, Victoria Bellotti, Ahmed Elbery, Hesham Rakha and Matthew Klenk

Transportation is a huge drain on energy use: how can we develop multi-modal planning systems that can improve this? We need to find systems that humans find useful and actually implement, which means finding timely, acceptable, and compelling ways to suggest transport options.

Guiding Prosecutorial Decisions with an Interpretable Statistical Model, Zhiyuan Lin, Alex Chohlas-Wood and Sharad Goel

District attorneys will often hold arrestees in jail for several business days (which may mean many days if it’s over the weekend or a holiday) while they decide whether to press changes. Most reports on cases arrive shortly after booking, but they aren’t always processed in time. This research proposes a system to sort cases from most likely to be dismissed to least likely, allowing a faster processing time (with the district attorney having final discretion). [Note: this seems to introduce some worrying possibilities for bias, including racial bias. When I asked about this, the presenters said that the model was trained on historical data, which was “fair across races”. This seems to require much more careful interrogation, given all the evidence on incarceration and racism in the US. n answer to another question, the presenters said that they didn’t expect the DA would be influenced by the system’s recommendations. The DA would still carefully evaluate each case. Again: this seems to require further interrogation, especially given the work (cited in a bunch of other talks here) on bias in machine learning models used for sentencing.]

Using deceased-donor kidneys to initiate chains of living donor kidney paired donations: algorithm and experimentation, Cristina Cornelio, Lucrezia Furian, Antonio Nicolò and Francesca Rossi

This research looks at ways of introducing chains of transplants, starting from a deceased donor organ, continuing with consecutive donations among pairs of incompatible donar-recipients, and ending with donors who would otherwise be less likely to be recipients. This research suggests that such chains of donation could be useful.

Inferring Work Task Automatability from AI Expert Evidence, Paul Duckworth, Logan Graham and Michael Osborn

We’re currently unsure about what is automatable, and why some tasks are more automatable than others. Looking at tasks (rather than jobs) is one way to evaluate this. The research looked at 150+ experts’ evaluations of different tasks. Work automatability was unevenly distributed across jobs, and disproportionately affects the least adjustable (those with less education and lower-paid jobs). This is exploratory research! Please write papers that explore real-world validation of this work, the differences between the potential for work to be automatable and whether that work should be automated, and other related issues. [Note: like maybe how to use this as a basis for decreasing standard working hours?]

Human and Machine Interaction

Robots Can Be More Than Black And White: Examining Racial Bias Towards Robots, Arifah Addison, Kumar Yogeeswaran and Christoph Bartneck

This transfers existing bias demonstrated in humans to robots, using a modified version of the police officer’s dilemma study. The previously-demonstrated shooter bias (increased likelihood of shooting Black people among US participants among all groups) did transfer to robots. In follow-up studies, researchers asked whether anthropomorphism and racial diversity would modify this. It would be useful to expand this research, including to consider whether bias can be transferred from robots to humans (as well as from humans to robots), and whether there are human-robot interaction strategies that can decrease bias. It also seems that as robots become more human-like, they’re also designed to reflect their creators’ racial identification more.

Tact in Noncompliance: The Need for Pragmatically Apt Responses to Unethical Commands, Ryan Blake Jackson, Ruchen Wen and Tom Williams

This research looks at moral competence in social robots (drawing on Malle and Scheutz, 2014). Natural language capability seems very useful for robots, especially when we think about robots in caring roles. However, robots shouldn’t follow every command: there are a range of different reasons for rejecting commands, but how? If the rejection is too impolite it might have social consequences, and if it’s too polite it may imply tacit approval of norm violations. Robots’ responses influence humans’ perceptions of the robots’ likeability, and future research may show other ways that responses can feed back into human behaviour. [Note: I wonder how this would be affected by human’s perceptions of robots as gendered?]

robot and frank 2012 017

AI Extenders: The Ethical and Societal Implications of Humans Cognitively Extended by AI, Karina Vold and Jose Hernandez-Orallo

How would our approach to AI change if we saw it as part of us? And how would it change our potential for impacting on society? This isn’t merely abstract: AI systems can be thought of as ‘cognitive extenders’ which are outside our skull but are still part of how we think. We can see AI as existing on a continuum between autonomous and internalised. This work draws on Huchin’s (1999) definition of cognitive extenders. this opens up a range of issues about dependency, interference, and control.

Human Trust Measurement Using an Immersive Virtual Reality Autonomous Vehicle Simulator, Shervin Shahrdar, Corey Park and Mehrdad Nojoumian

This study considered two groups of trust-damaging incidents, drawing on substantial data that was carefully gathered with regard to IRB guidelines and laws. But also my gosh I am tired by now, sorry.


The Value of Trustworthy AI, David Danks

We’re using the word ‘trust’ to mean radically-different things, and this has important consequences. Trust is the thing we should seek in our AI. We can understand ‘trust’ as a function of the trustor making themself vulnerable because of positive experections about the behavior or intentions of the trustee. For example, we might trust that the car will start in the morning, allowing us to get to work on time.

Psychological literature gives several different understanding of trust, including behavioural reliability, and understanding of the trustee. There are a couple of themes in this literature on trust. The first is a focus on ‘what is entrusted’ (the trustee should have, or act as if she has, the same values as the trustor). The second is a predictive gap (trust requires that expectations or hopes are not certainties). If you’re going to ethically use a system, you need to have a reasonable expectation that it will behave (at least approximately) as intended.

This has a variety of implications. For example, explainability is important for trust because it provides relevant information about dispositions. Simple measures of trust are insufficient – we need to understand trust in more deep and nuanced ways.


Sky CroeserAIES: Human-AI collaboration, social science approaches to AI, measurement and justice

Specifying AI Objectives as a Human-AI Collaboration Problem, Anca Dragan

Dragan describes some problems with self-driving cars, like this example of a car giving up on merging when there was no gap. After adding some more aggressive driving tactics, researchers then also had to add some courtesy to moderate those. One odd outcome of this was that when the car got to an uncontrolled intersection with another, the car would back up slightly to signal to the other driver that it could go first. Which actually worked fine! It mostly led to the other driver crossing the intersection more quickly (probably because they felt confident that the self-driving car wasn’t going to go). …….except if there’s another car waiting behind the self-driving car, or a very unnerved passenger in the car. It’s a challenge to work out what robots should be optimising for, when it comes to human-robot interactions. Generating good behaviour requires specifying a good cost function, which is remarkably difficult for most agents.

Designers need to think about how robots can work in partnership with humans to work out what their goals actually are (because humans are often bad at this). Robots that can go back to humans and actively query whether they’re making the right choices will be more effective. This framework also lets us think about humans as wanting the robots to do well.

Social Science Models for AI
Invisible Influence: Artificial Intelligence and the Ethics of Adaptive Choice Architectures, Daniel Susser

This talk focused specifically on individual (rather than structural) issues in AI ethics. It drew on behavioural economics, philosophy of technology, and normative ethics to connect a set of abstract ethical principles to a (somewhat) concrete set of design choices.

Draws on an understanding of online manipulation as the use of information technology to impose hidden influences on another person’s decision-making: this undermines their autonomy, which can produce the further harm of diminishing their welfare. Thaler and Sunstein’s Nudge discusses choice architecture: the framing of our decision-making. We act reflexively and habitually on the basis of subtle cues, so choice architecture can have an enormous impact on our decisions. Adaptive choice environments are highly-personalised choice environments that draw on user data.

What kind of world are we building with these tools? Technological transparency: once we become adept at using technologies they recede from conscious awareness (this is kind of the opposite of how we talk about transparency in a governance context). Our environment is full of tools that are functionally invisible to us, but shape our choices in significant ways. Adaptive choice architectures create vulnerabilities in our decision-making, and there are few reasons to assume that the technology industry shaping those architectures are trustworthy. However, manipulation is harmful even when it doesn’t change people’s behaviour because of the threats to our autonomy.

Reinforcement learning and inverse reinforcement learning with system 1 and system 2, Alexander Peysakhovich
napm9jrWe might think of ourselves as a dual system model: system one is fast, effortless, emotional and heuristic, system two is slower and more laborious. We often need to balance short-term desires (EAT THE DONUT) against longer-term goals (HOARD DONUTS INTO A GIANT PILE TO ATTRACT A DONUT-LOVING DRAGON). [Note: these are my own examples.]

How do we deal with this? We need to have good models for understanding how irrational we are. We also need to balance these two systems against each other.

Incomplete Contracting and AI Alignment, Dylan Hadfield-Menell and Gillian Hadfield

Problem: there’s a misalignment between individual and social welfare in many cases. AI research can draw on economic research around the contract design problem. Economists have discovered that contracts are always incomplete, failing to consider important factors like the expenditure of effort. Misspecification in contract design is unavoidable and pervasive, and it’s useful for AI research to learn from this: it’s not just an engineering error or a mistake. Economic theory offers insights for weakly strategic AI. Human contacts are incomplete, and relational – they’re always shaped by and interpreted by the wider context. Can we build AIs that can similarly draw on their broader context?

Then our talk!
Measurement and Justice

gs10.png.1400x1400Algorithmic auditing is meant to hold AI systems accountable. There are several major challenges, including hostile corporate responses, the lack of public pressure, access to targets for evaluation, and benchmark bias. This research offers several solutions to these problems. For example, if we think about bias as a vulnerability or bug, we might use the model of coordinated vulnerability disclosure to overcome corporate hostility. When it comes to benchmark bias, the Gender Shapes project provided an intersectional data set to test systems.

Evaluating companies’ systems once they were targeted for these audits showed continued gaps in accuracy (white men were most accurately identified), but the gap did close. Audit design matters: we can make design decisions that encourage certain public and corporate reactions. We don’t just need data fairness, we need data justice. The Safe Face Pledge is a new project working on this.

A framework for benchmarking discrimination-aware models in machine learning, by Rodrigo L. Cardoso, Wagner Meira Jr., Virgilio Almeida and Mohammed J. Zaki was unfortunately too technical for my sleep-deprived brain to manage.

Towards a Just Theory of Measurement: A Principled Social Measurement Assurance Program, Thomas Gilbert and McKane Andrus

Often, work on ML fairness starts with a given institutional threshold without interrogating the reality they refer to. Some recent work is starting to look more closely at this, like Goodhart’s Law. Can we resituate ML and AI within the institutional pipeline to grapple with what ‘fair’ or ‘just’ decision-making as a whole means. AI ethics isn’t just about how we make the tool fair, it’s about how we use the tool to make institutions more just. Instead of using Fair ML and Ethical AI frameworks to apply existing policies, what if we used them to interrogate those frameworks?

For example, we might look at the ways in which people who are poor are much more susceptible to surveillance from the state. The authors offer different ‘justice models’ as a way of intervening: Rawls, Nozick, and Gramsci. (This was an interesting paper and notable for its emphasis on using ML and AI to change the status quo, so here’s a reminder to myself to read the full paper later when I have eventually had some sleep.)

Putting Fairness Principles into Practice: Challenges, Metrics, and Improvements, Alex Beutel, Jilin Chen, Tulsee Doshi, Hai Qian, Allison Woodruff, Christine Luu, Pierre Kreitmann, Jonathan Bischof and Ed H. Chi

This looks at a specific project for implementing some of the fairness guidelines going around. Examples: fraud detection, Jigsaw (at Google), which attempts to identify and remove ‘toxic’ comments. The solution to these problems is: more technical than I can currently digest.

TEDUp for Debate: Talks from TED and Doha Debates

At TED Salon: Up for Debate, held January 16, 2019, at the TED World Theater in New York, NY, five speakers shared ideas for tackling society’s thorniest issues, joined via video by people worldwide. (Photo: Dian Lofton / TED)

The world is more interconnected than ever before — and the need to bridge political and ideological divides has never been more urgent. Now is the time to examine the rules of genuine human engagement, to find common ground for respectful, passionate discourse and to celebrate civility.

That’s the idea behind TED Salon: Up for Debate, a session of talks hosted by TED Residency director Cyndi Stivers and presented in partnership with Doha Debates — a newly revitalized media venture that seeks to inspire action and collaborative solutions to global challenges through debate. On Wednesday, January 16, five speakers took the stage of the TED World Theater in New York City; meanwhile, five groups of people from around the world joined the session live via Shared_Studios‘s “Portals” project. In reclaimed shipping containers outfitted with AV equipment, the groups in Doha, Qatar; Kigali, Rwanda; Herat, Afghanistan; Hardy County, West Virginia; and Mexico City were invited to share their thoughts on hot topics in their parts of the world and respond to the talks in New York in real time.

After an opening song performed by the Brooklyn Nomads, the session kicked off with journalist Steven Petrow.

Civility shouldn’t be a dirty word. What does it mean to be a “civilist” — an archaic title describing an “individual who tries to live by a moral code” — in a world where “civility” is a dirty word? Voices on the right conflate civility with political correctness, believing it to be a tool for the left to demonize their opposition. On the left, civility is considered immoral if it allows for the acquiescence to injustice — think of Martin Luther King Jr. or the Suffragists, who made changes by speaking out. But does civility actually stifle debate? As Petrow sees it, civility doesn’t mean appeasement or avoiding important differences; it means listening and talking about those differences with respect. Reasonable discussions are crucial to a healthy democracy, he says, while hate speech, cyberbullying and threats are not; in fact, they suppress conversation by telling us, “Shut up or else.” What we need now are rules of engagement — “a Geneva Convention of civility to become better citizens.” He offers three ways citizens can work toward the greater good: de-escalate language; challenge policies and positions, not character; and don’t mistake decorum for civility.

Rana Abdelhamid shares three ingredients to starting an international movement and her story of starting a self-defense class in her community. She speaks at TEDSalon: Up for Debate, January 16, 2019, at the TED World Theater in New York, NY. (Photo: Dian Lofton / TED)

The secret recipe to starting a movement. According to human rights organizer Rana Abdelhamid, there are three ingredients to creating an international movement: Start with what you know, start with who you know and, most important, start with joy. After a stranger aggressively tried to remove her hijab, the 16-year-old Abdelhamid (who happens to be a first-degree black belt) began teaching self-defense to women and girls in a community center basement. But she  realized that she didn’t want the class to focus on fear — instead, she wanted her students to experience the class as an exercise in mental and physical well-being. That one class has evolved into Malikah, a grassroots organization spanning 17 cities in 12 countries that offers security and self-defense training that’s specific to wherever a person may live and how they walk through the world.

Audience members in a “Portal” in Doha, Qatar, speak live with salon host Cyndi Stivers, sharing their experiences with the media in their home country. (Photo: Ryan Lash / TED)

Next up, coming to us live from Doha, Qatar, a group of students who’ve gathered in a Shared_Studios Portal explains how the media has shaped their world — from employment to health to education and beyond. Some outlets have started promoting hate speech and fake news, they say, manipulating people in dangerous ways and sparking a debate about the role the media should play. We turn to the Portal in Mexico City, where students explain how, on the heels of their country’s recent transformative election, it’s becoming more important than ever to work together and understand that humanity is part of one force: “Now, kindness is the ultimate intelligence.”

Real dialogue is possible. Journalist Eve Pearlman is on a mission to bridge the political divide in the United States. With the help of her friend and fellow journalist Jeremy Hay, she founded Spaceship Media, dedicated to bringing together people on different sides of a political spectrum to create “dialogue journalism.” Their first dialogue asked Trump supporters from Alabama how they think Clinton voters in California perceive them — and vice versa. “By identifying stereotypes at the start of each project, we find that people begin to see the simplistic and often mean-spirited caricatures they carry,” Pearlman says, “and after that, we can move into the process of real conversation.” Pearlman and Hay want to bring trust back into journalism — moving away from clickbait reporting and toward transparency and care for the communities these journalists serve. When journalists and citizens come together in discussion, people that otherwise would have never met end up speaking with each other — and feeling grateful to know first-hand that the other side isn’t crazy, Pearlman says: “Real engagement across difference: this is the salve that our democracy sorely needs.”

Are all millennials lazy, entitled avocado-toast lovers? Author Reniqua Allen calls on us to take a broader, more nuanced view — and specifically, to listen to the 43 percent of millennials who are non-white. She speaks at TEDSalon: Up for Debate, January 16, 2019, at the TED World Theater in New York, NY. (Photo: Ryan Lash / TED)

Why we need to listen to millennials — all of them. Millennials aren’t a monolith, says author Reniqua Allen, but too often, we treat them like they are. By simplifying millennials to a worn-out stereotype of lazy, entitled avocado-toast lovers, Allen warns that we erase the vast multitude of millennial backgrounds and experiences, particularly the unique experiences of black millennials. Millennials are the largest, most diverse adult population in the country, she says, and 43 percent are non-white. While researching her book It Was All a Dream, Allen heard from black millennials like Joelle, who couldn’t attend her dream school because it was too expensive; AB, an actor who fears racial bias is limiting his success in Hollywood; and Simon, a tech company CFO who gave up a passion for photography because he didn’t have the financial safety net to take the risk. “These kind of stories — the quieter, more subtle ones — reveal the unique and often untold story of black millennials, show how even dreaming may differ between communities,” Allen says. Though black creatives, politicians and athletes are thriving, racist structures and ideologies haven’t gone away — and they affect the everyday experiences of millennials across the country. 

Next up, we check in with Kigali, Rwanda. The Rwandans in the Portal say that their most pressing issue is the trade war between Rwanda and the US. In 2016, the Rwandan government increased import duties on used clothing from the US in order to encourage domestic clothing production. Since then, the US has suspended certain trade benefits Rwanda receives under the African Growth and Opportunity Act — namely, those allowing Rwanda to export goods to the US without tariffs. They remind us that Rwanda is a young country; what’s on their mind is the need to build up self-dependence, in large part through the economic ability to dictate the prices of the goods they trade with the world. Meanwhile, in Herat, Afghanistan, participants in the Portal share how their community is trying to adapt to the international attitude. They’re eager for technology and social media to help meet and connect with people from other countries; they say that social media, in particular, has opened a gateway for women in Afghanistan.

Tweeting at a terrorist. Twitter is frequently “where you go to get yelled at by people you don’t know,” says counterterrorism expert and blogger Clint Watts. But it can also be a great place to interact with someone who’d otherwise be difficult to talk with — someone like Omar Hammami, a rapping terrorist who traded tweets with Watts in 2013. Hammami grew up in Mobile, Alabama, and Watts notes that had they ever met, “We probably would’ve shared a box of Krispy Kreme donuts.” Instead, Hammami joined the notorious terror group al Shabaab, where his Western background was exploited as propaganda — especially when he became a viral celebrity for his pro-jihad YouTube raps. Hammami eventually fell out with al Shabaab and, hunted by both counterterrorists and the mujahideen, hid in Somalia, where, bored and craving attention, he began obsessively tweeting. Using his training as a negotiator, Watts kept him talking, asking pointed questions about Hammami’s beliefs and goals in between banter about Chinese food and Reading Rainbow. Watts is clear to note, though, that they were never friends. Still, as Hammami’s murderous ex-comrades closed in to assassinate him, Watts wondered: “Did his thoughts reach for jihad and his faith, or did he reach for his family, his friends, his life back in Alabama, and the path he didn’t choose?”

The salon comes to a close with a Portal appearance from students in Hardy County, West Virginia. The most contentious topic in their area? Resistance to change. As one of the participants says: “People hold so tight to their family traditions and what they learned growing up.” Yet hope remains. The students see themselves as activists, looking to help those in their community who are brought down by discrimination and lack of acceptance.

CryptogramJapanese Government Will Hack Citizens' IoT Devices

The Japanese government is going to run penetration tests against all the IoT devices in their country, in an effort to (1) figure out what's insecure, and (2) help consumers secure them:

The survey is scheduled to kick off next month, when authorities plan to test the password security of over 200 million IoT devices, beginning with routers and web cameras. Devices in people's homes and on enterprise networks will be tested alike.


The Japanese government's decision to log into users' IoT devices has sparked outrage in Japan. Many have argued that this is an unnecessary step, as the same results could be achieved by just sending a security alert to all users, as there's no guarantee that the users found to be using default or easy-to-guess passwords would change their passwords after being notified in private.

However, the government's plan has its technical merits. Many of today's IoT and router botnets are being built by hackers who take over devices with default or easy-to-guess passwords.

Hackers can also build botnets with the help of exploits and vulnerabilities in router firmware, but the easiest way to assemble a botnet is by collecting the ones that users have failed to secure with custom passwords.

Securing these devices is often a pain, as some expose Telnet or SSH ports online without the users' knowledge, and for which very few users know how to change passwords. Further, other devices also come with secret backdoor accounts that in some cases can't be removed without a firmware update.

I am interested in the results of this survey. Japan isn't very different from other industrialized nations in this regard, so their findings will be general. I am less optimistic about the country's ability to secure all of this stuff -- especially before the 2020 Summer Olympics.

TEDEducation Everywhere: A night of talks about the future of learning, in partnership with TED-Ed

TED-Ed’s Stephanie Lo (left) and TED’s own Cloe Shasha co-host the salon Education Everywhere, on January 24, 2019, at the TED World Theater in New York City. (Photo: Dian Lofton / TED)

The event: TED Salon: Education Everywhere, curated by Cloe Shasha, TED’s director of speaker development; Stephanie Lo, director of programs for TED-Ed; and Logan Smalley, director of TED-Ed

The partner: Bezos Family Foundation and ENDLESS

When and where: Thursday, January 24, 2019, at the TED World Theater in New York City

Music: Little Nora Brown fingerpicking the banjo

The big idea: We’re relying on educators to teach more skills than ever before — for a future we can’t quite predict.

Awesome animations: Courtesy of TED-Ed, whose videos are watched by more than two million learners around the world every day

New idea (to us anyway)Poverty is associated with a smaller cortical surface of the brain. 

Good to be reminded: Education doesn’t just happen in the classroom. It happens online, in our businesses, our social systems and beyond.

Little Nora Brown, who picked up the ukulele at age six, brings her old-time banjo sound to the TED stage. (Photo: Dian Lofton / TED)

The talks in brief:

Kimberly Noble, a neuroscientist and director of the Neurocognition, Early Experience and Development Lab at Columbia University

  • Big idea: We’ve learned that poverty has a measurable effect on the cortical surface of the brain, an area associated with intelligence. What could we do about that?
  • How: Experience can change children’s brains, and the brain is very sensitive to experience in early childhood. Noble’s lab wants to know if giving impoverished families more money might change brain function in their preschool kids.
  • Quote of the talk: “The brain is not destiny, and if a child’s brain can be changed, then anything is possible.”

Olympia Della Flora, associate superintendent for school development for Stamford Public Schools in Connecticut, and the former principal at Ohio Avenue Elementary School in Columbus, Ohio

  • Big idea: Healthy emotional hygiene means higher academic scores and happier kids.
  • How: With help from local colleges and experts, the teachers at Ohio Avenue Elementary learned new ways to improve kids’ behavior (which in turn helped with learning). Rather than just reacting to kids when they acted out, teachers built healthy coping strategies into the day — simple things like stopping for brain breaks, singing songs and even doing yoga poses — to help kids navigate their emotions in and out of the classroom.
  • Quote of the talk: “Small changes make huge differences, and it’s possible to start right now. You don’t need bigger budgets or grand, strategic plans. You simply need smarter ways to think about using what you have, where you have it.”

Marcos Silva, a TED-Ed Innovative Educator and public school teacher in McAllen, Texas; and Ana Rodriguez, a student who commutes three hours every day to school from Mexico

  • Big idea: Understanding what’s going on with students outside of school is important, too.
  • How: Silva grew up bringing the things he learned at school about American culture and the English language back to his parents, who were immigrants from Mexico. Now a teacher, he’s helping students like Ana Rodriquez to explore their culture, community and identity.
  • Quote of the talk: “Good grades are important, but it’s also important to feel confident and empowered.”

Joel Levin, a technology teacher and the cofounder of MinecraftEdu

  • Big idea: Educators can use games to teach any subject — and actually get kids excited to be in school.
  • How: Levin is a big fan of Minecraft, the game that lets players build digital worlds out of blocks with near-endless variety. In the classroom, Minecraft and similar games can be used to spark creativity, celebrate ingenuity and get kids to debate complex topics like government, poverty and power.
  • Quote of the talk: “One of my daughters even learned to spell because she wanted to communicate within the game. She spelled ‘home.'”

Jarrell E. Daniels offers a new vision for the criminal justice system centered on education and growth. (Photo: Dian Lofton / TED)

Jarrell E. Daniels, criminal justice activist and Columbia University Justice-In-Education Scholar

  • Big idea: Collaborative education can help us create more justice.
  • How: A few weeks before his release from state prison, Daniels took a unique course called Inside Criminal Justice, where he learned in a classroom alongside prosecutors and police officers, people he couldn’t imagine having anything in common with. In class, Daniels connected with and told his story to those in power — and has since found a way to make an impact on the criminal justice system through the power of conversation.
  • Quote of the talk: “It is through education that we will arrive at a truth that is inclusive and unites us all in a pursuit of justice.”

Liz Kleinrock, third-grade teacher and diversity coordinator at a charter school in Los Angeles

  • Big idea: It’s not easy to talk with kids about taboo subjects like race and equity, but having these conversations early prevents bigger problems in the future.
  • How: Like teaching students to read, speaking about tough topics requires breaking down concepts and words until they make sense. It doesn’t mean starting with an incredibly complex idea, like why mass incarceration exists — it means starting with the basics, like what’s fair and what isn’t. It requires practice, doing it every day until it’s easier to do.
  • Quote of the talk: “Teaching kids about equity is not about teaching them what to think. It’s about giving them the tools, strategies and opportunities to practice how to think.”

Worse Than FailureCodeSOD: Sort Sort Sort Your Map, Functionally Down the Stream

A while back, we saw "Frenk"'s approach to making an unreadable pile of lambda-based Java code. Antonio has some more code, which didn't come from Frenk, but possibly from one of Frenk's disciples, who we'll call "Grenk".

Imagine you have a list of users. You want to display those users in order by "lastname, firstname". Your usernames happen to be in the form "firstname.lastname". You also have actual "firstname" and "lastname" fields in your dataset, but ignore those for the moment, because for whatever reason, they never made it to this block of code.

There are a lot of relatively straightforward ways you can solve this problem. Especially, as there is already a TreeMap implementation in Java, which accepts a comparator and ensures the keys are sorted. That wouldn't let Grenk show off the cool new things they learned to do with streams and lambdas. There's a (relatively) new toy in the Java language, and gosh darn it, it needs to be used.

Map<String, ReportPlanDto> mapUsers = getSomeUserDataFromWherever(); Map<String, ReportPlanDto> mapUsersSorted = mapUsers.entrySet().stream().sorted(Map.Entry.comparingByKey((s1, s2) -> { if (s1.split("\\.").length < 2) s1 = s1 + "." + s1; if (s2.split("\\.").length < 2) s2 = s2 + "." + s2; return s1.split("\\.")[1].compareToIgnoreCase(s2.split("\\.")[1]); })).collect(Collectors.toMap(Map.Entry::getKey, Map.Entry::getValue, (oldValue, newValue) -> oldValue, LinkedHashMap::new));

An "elegant" solution using "functional" programming techniques. The logic is… interesting. The key comparison is the return s1.split… line, which grabs the bit after the first period, so if the username were joebob.bobsen it compares bobsen with the other string. It's wrong, of course, and it will break in the "unlikely" case that two users have the same last name.

More interesting is the "sanity" check above. Some users, like prince, may not have a last name. Or a first name, I suppose, depending on how you want to look at it. Lots of naming traditions around the world might not guarantee a distinct surname/given-name distinction. So, with that in mind, Grenk solved the problem once and for all… by duplicating the first part of their name as if it were the last name as well.

What we have here is code written in the most complex way it could be, that also happens to be wrong, and frenkly was the absolute worst way to solve the problem.

[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Sky CroeserAIES Day 1: Artificial Agency, Autonomy and Lethality, Rights and Principles.

Sadly I missed the first few sessions of the Artificial Agency session because we had to wander around a bunch to find lunch. Conference organisers: I cannot emphasise enough the value of easily-available and delicious snacks. Also, I tend to be pretty dazed during afternoon talks these days because of Jetlag + Nonsense Toddler. Luckily, accepted papers are available here!

Speaking on Behalf: Representation, Delegation, and Authority in Computational Text Analysis, Eric Baumer and Micki McGee [Note: Baumer referred to ASD, I’m aware that framing this as a ‘disorder’ is contested, including by people with autism who are part of the neurodiversity movement.]
Baumer discusses analysing Autism Spectrum Disorder (ASD) Parenting blogs, and becoming unsure whether it was ethical to publish the results. Initial data gathering seems innocent. However, we should think about the ways in which objects can ‘speak for’ people (drawing on Latour and others). Computational text analysis has the potential to become the lens through which we see the bloggers, and the topic itself. Claims about what a group of people are ‘really’ saying can have important ramifications, particularly when we look at ASD. For example, research of these blogs might be convincing to policymakers, either for policy based on the assumption that vaccines cause ASD, or at the other extreme, for policy that removes financial and educational supports on the basis that Autism is part of normal human neurodiversity.

In one of the more unsettling talks in Session 4: Autonomy and Lethality, Killer Robots and Human Dignity, Daniel Lim argued that the arguments which seem to underpin claims that being killed by a robot offends human dignity are unconvincing. These arguments seem to rest on the idea that robots may not feel the appropriate emotions and cannot understand the value of human life (among other reasons). But humans might not feel the right emotions either. This doesn’t mean that we should make killer robots, just that there doesn’t seem to be an especially compelling reason why being killed by a robot is worse than being killed by a human.

In Compensation at the Crossroads: Autonomous Vehicles and Alternative Victim Compensation Schemes, Tracy Pearl argues that autonomous vehicles will be an incredible positive net gain for society. However, the failure of the US legal system (from judges through to law through to juries) to provide a reasonable framework for dealing with injuries from autonomous vehicles threatens this, in part because all of US law is designed with the idea that it will be applied to humans.  The US Vaccine Injury Compensation Program provides one paradigm for law dealing with autonomous vehicles: it’s based on the idea that vaccines overall are beneficial, but there are a small number of people who will be harmed (fewer than would be harmed without vaccines), and they should be compensated. A similar fund for autonomous vehicles may be useful, although it would need to come with regulations and incentives to promote safety development. A victim compensation fund would offer much greater stability than relying on private insurance.

Session 5: Rights and Principles

The Role and Limits of Principles in AI Ethics: Towards a Focus on Tensions, Jess Whittlestone, Rune Nyrup, Anna Alexandrova and Stephen Cave
This discusses a forthcoming report from the Leverhulme Centre for the Future of Intelligence. Principles have limitations: they’re subject to different interpretations (for example, what does ‘fairness’ mean?), they’re highly general and hard to assess, and they frequently come into conflict with each other. Many of these tensions aren’t unique to AI: they also overlap with ethical principles at play in discussions of climate change, medicine, and other areas.

Cory DoctorowVideo and audio from my closing keynote at Friday’s Grand Re-Opening of the Public Domain

On Friday, hundreds of us gathered at the Internet Archive, at the invitation of Creative Commons, to celebrate the Grand Re-Opening of the Public Domain, just weeks after the first works entered the American public domain in twenty years.

I had the honor of delivering the closing keynote, after a roster of astounding speakers. It was a big challenge and I was pretty nervous, but on reviewing the saved livestream, I’m pretty proud of how it turned out.

Proud enough that I’ve ripped the audio and posted it to my podcast feed; the video for the keynote is on the Archive and mirrored to Youtube.

The whole event’s livestream is also online, and boy do I recommend it.


Sky CroeserAIES : how we talk about AI, algorithmic fairness, norms and explanations

My brief notes from today’s talks: for more details, check the program.

Ryan Calo: How we talk about AI (and why it matters)

There are several studies which demonstrate the ways in which language might shape approaches to policy. For example, one showed that people were more likely to recommend punitive measures when a threat was described as “a predator stalking the city”, rather than “an illness plaguing the city”.  There are legal precedents in the US of language about “robots” being a way to talk about people who have no choice, (and therefore liability).

A whole lot of drones in the sky above treesCalo notes that there are some trends in AI that he’s “upset about but not going to discuss at length, particularly the tendency for both supporters and critics of AI talk about it as if it’s magic. For example, Calo mentioned a billboard displaying a line of identical people with backpacks claiming that, “AI has already found the terrorist.” On the other hand, we should consider language about “killer robots coming door to door to kill us” with caution.

Rhetorical choices about AI policy influence policy, often in very subtle ways. For example, do we talk about AI research as a “race” or do we talk about it as a global collaborative effort that works towards human flourishing? And how do these different frames shape different concrete policies? Current US policy (including restrictions on sharing particular technologies) only make sense if we understand AI research as a high-stakes competition.

Language around “ethics” and “governance” also plays a role here. This rhetoric is familiar, and therefore palatable. Efforts to bring in ethical governance of AI research is laudable. Ethics has a critical role in shaping technology. However, we should also pay attention to the power of these words. Before we start imposing requiremlaents and limits, we need to be sure that we actually understand the ethical frameworks we’re working with.

Both proponents and critics of AI think that it will change everything. We should be thinking about a hypothetical future existential threat posed by AI, but we should also be thinking about more immediate concerns (and possibilities?). If it’s true that AI is the next world-shaping technology, like the steam engine, then policy needs to shift radically to meet this. And we need to start changing the way we talk. That project begins with conferences like this one.

We should also be looking at specific measures, like impact assessments and advisory bodies, for implementing AI tools. Unfortunately, the US government will probably not refrain from the use of any AI weapons that are seen to be effective.

We absolutely should be talking about ethics, guided by the folks who are deeply trained in ethics. Lawyers are contractors building the policies, but ethicists should be the architects.

Note: One of the main questions that I have regarding Calo’s talk, and that Peter and I partially – albeit implicitly – address in our own talk, is how we decide who counts as ‘deeply trained in ethics’ and how the AI community should reach out to ethicists. There is an ongoing under-representation of women and minorities in most university philosophy departments. Mothers (and not fathers) are also less likely to be hired and less likely to progress within academia. This is partially shaped by, and shapes, dominant framings of what is valued and promoted as expertise in ethics. This is fairly obvious when we look at the ethical frameworks cited in AI research ethics: most philosophers cited are white, male, and Western.

The spotlight session giving brief overviews of some of the posters presented included a few that particularly stood out (for various reasons) to me:

  • In ‘The Heart of the Matter: Patient Autonomy as a Model for the Wellbeing of Technology Users‘, Emanuelle Burton, Kristel Clayville, Judy Goldsmith and Nicholas Mattei argue that medical ethics have useful parallels with AI research. For example, when might inefficiency enable users to have an experience that better matches their goals and wishes?
  • In ‘Toward the Engineering of Virtuous Machines‘, Naveen Sundar Govindarajulu, Selmer Bringsjord and Rikhiya Ghosh (or maybe Hassan?) talk about ‘virtue ethics’: focus on virtuous people, rather than on actions. Eg. Zagzebski’s Theory: we admire exemplar humans, study their traits, and attempt to emulate them. (I’m curious what it would look like to see a machine that we admire and hope to emulate.)
  • Perhaps the most interesting and troubling paper was ‘Ethically Aligned Opportunistic Scheduling for Productive Laziness‘, by Han Yu, Chunyan Miao, Yongqing Zheng, Lizhen Cui, Simon Fauvel and Cyril Leung. They discussed developing an ‘efficient ethically aligned personalized scheduler agent’ will can workers (including those in the ‘sharing’ economy) work when they are highly efficient and rest when they’re not, for better overall efficiency. Neither workers nor the company testing the system were that keen on it: it was a lot of extra labour for workers, and company managers seemed to have been horrified by the amount of ‘rest’ time that workers were taking.
  • In ‘Epistemic Therapy for Bias in Automated Decision-Making’, Thomas Gilbert and Yonatan Mintz draw on distinctions between ‘aliefs‘ and ‘beliefs’ to suggest ways of identifying and exploring moments when these come into tension around AI.
The second session, on Algorithmic Fairness, was largely too technical for me to follow easily (apart from the final paper, below), but there were some interesting references to algorithms currently in use which are demonstrably and unfairly biased (like COMPAS, which is meant to predict recidivism, and which recommends harsher sentences for minorities). Presenters in this panel are working an attempts to build fairer algorithms.
In ‘How Do Fairness Definitions Fare? Examining Public Attitudes Towards Algorithmic Definitions of Fairness‘, Nripsuta Saxena, Karen Huang, Evan DeFilippis, Goran Radanovic, David Parkes and Yang Liu discuss different understandings of ‘fairness’. This research looks at loan scenarios, drawing on research on Moral Machines. It used crowdsourcing methods via Amazon Turk. Participants were asked to choose whether to allocate the entire $50,000 amount to a candidate with a greater loan repayment rate; divide it equally between candidates; or divide the money between candidates in proportion to their loan repayment rates.
There are three different ways of understanding fairness examined in this paper:
  • meritocratic fairness,
  • treat similar people similarly,
  • calibrated fairness.
This research found that race affected participants’ perceptions of fair allocations of money, but people broadly perceive decisions aligned with ratio to be fairest, regardless of race.
The presenters hope that this research might spark a greater dialogue between computer scientists, ethicists, and the general public in designing algorithms that affect society.
Session 2: Norms and Explanations
Learning Existing Social Conventions via Observationally Augmented Self-Play, Alexander Peysakhovich and Adam Lerer
This looks at social AI. At the moment, social AI is mainly trained through reinforcement learning, which is highly sample inefficient. Instead, the authors suggest ‘self play’. During training time, AI might draw on a model of the world to learn before test time. If self-play converges, it converges at a Nash equilibrium. In two-play zero sum games, every equilibrium strategy is a minimax strategy. However, many interesting situations are not two-player zero-sum games, for example traffic navigation. The solution to this is: quite technical!
Legible Normativity for AI Alignment: The Value of Silly Rules, Dylan Hadfield-Menell, Mckane Andrus and Gillian Hadfield
A lot of conversations right now focus on how we should regulate AI: but we should also ask how we can regulate AI. AIs can’t (just) be give the rules, they will need to learn to interpret them. For example, there’s often a gap between formal rules, and rules that are actually enforced. Silly rules are (sometimes) good for societies, and AIs might need to learn them. Hadfield discusses the Awa society in Brazil, and what it might look like to drop a robot into the society that would make arrows (drawing on anthropological research). Rules include: use hard wood for the shaft, use a bamboo arrowhead, put feathers on the end, use only dark feathers, make and use only personalised arrows, etc. Some of these rules seem ‘silly’, in that more arrows are produced than are needed and much of hunting actually relies on shotguns. However, these rules are all important – there are significant social consequences to breaking them.
A 1960s advertisement for "the Scaredy Kit", encouraging women to start shaving by buying a soothing shaving kit.This paper looked at the role of ‘silly rules’. To understand this, it’s useful to look at how such rules affect group success, the chance of enforcement, and the consequences for breaking rules. The paper measured the value of group membership, the size of the community over time, the sensitivity to cost and density of silly rules. As long as silly rules are cheap enough, the community can maintain its size. It’s useful to live in a society with a bunch of rules around stuff you don’t care about because it allows a lot of observations of whether rule infraction is punished. AIs may need to read, follow, and help enforce silly as well as functional rules.
Note: Listening to this talk I was struck by two things. Firstly, how much easier it seems to be to identify ‘silly’ rules when we look at societies that seem very different from our own. (I think, for example, of wondering this morning whether I was wearing ‘suitable’ conference attire, whether I was showing an inappropriate amount of shoulder, and so on.) Secondly, I wondered what this research might mean for people trying to change the rules that define and constrain our society, possibly in collaboration with AI agents?
TED: Teaching AI to Explain its Decisions, Noel Codella, Michael Hind, Karthikeyan Natesan Ramamurthy, Murray Campbell, Amit Dhurandhar, Kush Varshney, Dennis Wei and Aleksandra Mojsilovic
Understanding the basis for AI decisions is likely to be important, both ethically and possibly legally (for example, as an interpretation of the GPDR’s requirements for providing meaningful information about data use). How can we get AI to meaningfully explain its decisions? One way is to get users (‘consumers’) to train AI about what constitutes a meaningful explanation. The solution to this is: quite technical!
Understanding Black Box Model Behavior through Subspace Explanations, Himabindu Lakkaraju, Ece Kamar, Rich Caruana and Jure Leskovec
Discussing a model for decisions on bail. Important reasons to understand the model’s behaviour:
  • decisions-makers readily trust models they can understand,
  • it will allow decision-makers to override the machine when it’s wrong,
  • it will be easier to debug and detect biases.

How to facilitate interpretability? The solution to this is: quite technical!

Sam VargheseCricket Australia: anyone will do, as long as we stem the losses

Ever since the Australian cricket team lost its captain Steve Smith, vice-captain David Warner and opener Cameron Bancroft to suspension for ball-tampering, the organisation running the game, Cricket Australia, has been fighting to make the spectre of losses disappear.

The three players were found to have been the prime movers behind the use of sandpaper to change the surface of the ball during a series in South Africa in March 2018; Bancroft, the actual person caught on TV while stuffing a piece of sandpaper down the front of his pants, was suspended for nine months, while Smith and Warner were banned for a year. Warner, in addition, will never be able to hold a leadership position in the team.

After these shocks to the system, Australia has been losing one series after the other, no matter whether it be Tests or the shorter forms of the game. Thus the arrival of the Sri Lankan team to play two Tests has come as a great relief. Sri Lanka is without its skipper Angelo Matthews, a talented all-rounder, who often rescues the team when it is in trouble.

It is also with the experienced paceman Nuwan Pradeep. And after the first Test, it has lost two more pacemen, Dushmantha Chameera and Lahiru Kumara. Given that, the second and final Test is likely to be even more lopsided; the first ended in an innings victory for Australia inside three days, with Sri Lanka able to muster only 144 and 139 in response to an Australian total of 323.

Cricket Australia has been desperate for people to stop talking about the losses and the suspensions; Smith and Warner were the major contributors with the bat and their absence has made the scoreboard look leaner. Plus, being caught red-handed appears to have deflated the confidence of the team no end.

So it is not surprising that the selectors have leapt to effect any and every change that has appeared likely to be a panacea. They named a squad for the first Test but when an uncapped youngster, Kurtis Patterson, made twin centuries in a tour match against the Sri Lankans, he was quickly roped in and gained a place in the team. This, despite the fact that these tour matches are essentially organised to give visiting teams a feel of the conditions; in days gone by, when the global Test cricket schedule was much more relaxed, a touring team had three or four matches, against opposition of varying strengths, prior to the first Test, but these days that is impossible given the packed itinerary.

The media, by and large, did not criticise what was essentially the act of a drowning man in grabbing for a rope. Nobody pointed out that had another youngster, Will Pucovski, been in the team, he would have had the chance to get ready for the forthcoming tour of England — the main game for the Test team this year — as he has already obtained a contract to play county cricket in England before the Ashes.

The fact that Australia defeated Sri Lanka inside three days has now become the main story. Paceman Pat Cummins got 10 wickets in the match – but then Cummins was the best of the bowlers against India too, during the four Tests that preceded the Sri Lanka tour. The problem is that the weak Sri Lankan attack — they have no decent spinner and injuries hit them during the first Test to the extent that when they took the new ball in Australia’s innings, they had one paceman and a spinner operating — posed little challenge and may make someone with questionable skills look much better.

Despite the insipid Sri Lankan attack, no Australian batsmen set themselves to play a long innings. Australia started batting on the very first day so there was no lack of time to fashion an innings over the next two or even three days. But the highest score made was 84, by Marnus Labuschagne, who lasted 150 balls. The drought of centuries continued. Test cricket is a time game; the man at one end can go for his strokes provided the individual at the other end is willing to play the role of sheet anchor. But that air of impatience was once again evident and many of the Australian batsmen crafted their own dismissals.

The dominance of ex-cricketers in the commentators’ ranks on TV and other media has been a hurdle to the selectors in more ways than one. Each of these worthies has his preferred candidate to push — neither of the women in the picture, Allison Mitchell or Isa Guha, has got into this business as yet — and each has his own reasons for doing so. Shane Warne, for instance, still has a chip on his shoulders over never being able to captain Australia and wades into the selectors whenever he can, pushing this candidate or that, many of them from his own state, Victoria, for national selection. His latest choice, Marcus Stoinis, has now been included in the Test squad.

Given the selectors’ knee-jerk reactions in picking players for the national team, it is difficult to know if they are planning for the future or the present. They seem to have one mantra for salvation: the return of Smith and Warner to the ranks after March 29.

CryptogramHacking the GCHQ Backdoor

Last week, I evaluated the security of a recent GCHQ backdoor proposal for communications systems. Furthering the debate, Nate Cardozo and Seth Schoen of EFF explain how this sort of backdoor can be detected:

In fact, we think when the ghost feature is active­ -- silently inserting a secret eavesdropping member into an otherwise end-to-end encrypted conversation in the manner described by the GCHQ authors­ -- it could be detected (by the target as well as certain third parties) with at least four different techniques: binary reverse engineering, cryptographic side channels, network-traffic analysis, and crash log analysis. Further, crash log analysis could lead unrelated third parties to find evidence of the ghost in use, and it's even possible that binary reverse engineering could lead researchers to find ways to disable the ghost capability on the client side. It should be obvious that none of these possibilities are desirable for law enforcement or society as a whole. And while we've theorized some types of mitigations that might make the ghost less detectable by particular techniques, they could also impose considerable costs to the network when deployed at the necessary scale, as well as creating new potential security risks or detection methods.

Other critiques of the system were written by Susan Landau and Matthew Green.

EDITED TO ADD (1/26): Good commentary on how to defeat the backdoor detection.

Planet Linux AustraliaMichael Still: Best Foot Forward


Catherine and I have been huge fans of Adam Hills for ages, so it wasn’t a surprise to me that I’d like a book by him. As an aside, we’ve never seen him live — we had tickets for his show in Canberra in 2013, but some of us ended up in labor in hospital instead, so we had to give those tickets away. One day we’ll manage to see him live though, he just needs to get back to touring Australia more!

Anyways, I enjoyed this book which as mentioned above wasn’t a surprise. What was a surprise is that he said something interesting which I have been pondering for the last few days…

Basically, its nice to get on stage and say things, either entertaining the audience or in my case perhaps educating them a little (I give technical conference talks). However, that’s not the most important thing. You need to work out why you’re on that stage before you go out there. What is the overall thing you’re trying to convey? Once you know that, everything else falls into place. I think this is especially true for keynote speeches, which need to appeal to a more general audience than a conference talk where people can pick from a menu.

What Adam seems to be saying in his comedy (at least to me) is to embrace life and be good to each other. Adam is a super positive guy, which is delightful. There is something very special about someone who lifts up those around them. I hope to be that person one day.

Best Foot Forward Book Cover Best Foot Forward
Adam Hills
Hachette Australia



Planet Linux AustraliaFrancois Marier: Fedora 29 LXC setup on Ubuntu Bionic 18.04

Similarly to what I wrote for Debian stretch and jessie, here is how I was able to create a Fedora 29 LXC container on an Ubuntu 18.04 (bionic) laptop.

Setting up LXC on Ubuntu

First of all, install lxc:

apt install lxc
echo "veth" >> /etc/modules
modprobe veth

turn on bridged networking by putting the following in /etc/sysctl.d/local.conf:


and applying it using:

sysctl -p /etc/sysctl.d/local.conf

Then allow the right traffic in your firewall (/etc/network/iptables.up.rules in my case):

# LXC containers
-A FORWARD -d -m conntrack --ctstate RELATED,ESTABLISHED -j ACCEPT
-A INPUT -d -s -j ACCEPT
-A INPUT -d -s -j ACCEPT
-A INPUT -d -s -j ACCEPT
-A INPUT -d -s -j ACCEPT

and apply these changes:


before restarting the lxc networking:

systemctl restart lxc-net.service

Create the container

Once that's in place, you can finally create the Fedora 29 container:

lxc-create -n fedora29 -t download -- -d fedora -r 29 -a amd64

Logging in as root

Start up the container and get a login console:

lxc-start -n fedora29 -F

In another terminal, set a password for the root user:

lxc-attach -n fedora29 passwd

You can now use this password to log into the console you started earlier.

Logging in as an unprivileged user via ssh

As root, install a few packages:

dnf install openssh-server vim sudo man

and then create an unprivileged user with sudo access:

adduser francois -G wheel
passwd francois

Now login as that user from the console and add an ssh public key:

mkdir .ssh
chmod 700 .ssh
echo "<your public key>" > .ssh/authorized_keys
chmod 644 .ssh/authorized_keys

You can now login via ssh. The IP address to use can be seen in the output of:

lxc-ls --fancy

Enabling all necessary locales

To ensure that you have all available locales and don't see ugly perl warnings such as:

perl: warning: Setting locale failed.
perl: warning: Falling back to the standard locale ("C").

install the appropriate language packs:

dnf install langpacks-en.noarch
dnf reinstall dnf


CryptogramFriday Squid Blogging: Squids on the Tree of Life


As usual, you can also use this squid post to talk about the security stories in the news that I haven't covered.

Read my blog posting guidelines here.

Planet Linux AustraliaMichael Still: should rethink how they present hardware content at


I was originally going to pursue this as a bit of a project in 2019, but that’s no longer possible as I resigned from the papers committee late on Thursday to spend more time with my family. So instead I’ll just throw this out there and maybe something will come of it, but also maybe not.

Should hardware events such as the Open Hardware miniconf or this year’s Home Automation workshop be part of Certainly they’re very popular, often selling out and having to maintain waiting lists in case someone cancels.

Let me take you on an journey and explain why is hard to take hands on hardware content for the conference… I feel qualified to have an opinion on all this having served on the LCA papers committee since 2004, and having been on a conference core team twice.


Hardware assembly sessions are much more complicated to run well than a conference talk. While we expect conference speakers to be well researched and have depth in their field, we don’t expect them to perform flawlessly in an environment with a lot of variables. A static slide deck or maybe a demo or two is all we ask of them.

On the other hand, we do expect hardware assembly sessions to take a group of people with varying skill levels, and get them to assemble non-trivial hardware and have it work at the end. These devices have now reached a level of complexity where they have surface mount components, microprocessors equivalent to to the one in your phone, and software stacks often as large as that on your laptop.

Under recognition of the number of people involved

I haven’t asked the Open Hardware miniconf how many people hours were spent preparing for this year, but I am sure it was a lot. I know that Alastair D’Silva spent a truly huge amount of time on his preparation — think all his spare time for several months while having a small child.

How do we reward that preparation effort? With a single conference ticket. This discourages there from being a team contributing to the project, because at the end of the day only one person can be rewarded with a discount to LCA. This happens because the conference has budget concerns, and can’t give away 20 free tickets to a miniconf without running the risk of failing to break even. It is also because the assumption in the past has been that miniconfs are “conference light” and require less preparation than a main conference talk, and therefore the reduced subsidy for the event was justified.

Lead time

The conference papers review process is fairly complicated these days, with a lot of effort put into promoting the event so that we get the widest range of speakers possible, as well as a diverse review team attempting to ensure that we have good representation of the topic areas you expect to have covered at LCA, as well as diversity in our speaker population. This means that while we normally advertise our call for papers in July, we don’t normally inform speakers that they have been accepted until September.

So, we have complicated hardware projects with a lot of variables, and we give the presenters three months runway to prepare.

One of the obvious ways to lengthen the runway is to just assume your proposal will be accepted, and start preparing earlier. However, that brings me to my next concern…

Out of pocket expenses

Let’s assume you start preparing for your hardware event earlier than September. Let’s also assume that because your hardware is a little complicated and involves surface mount components, that you’ll go through a few prototype rounds and get the final board partially fabricated professionally. This is how things work at the moment.

Guess who gets to pay for that? The organisers of the event. One of those organisers this year was personally out of pocket over $10,000. If the event doesn’t go ahead, or if no one registers for it, then that money is gone. That doesn’t strike me as fair when Linux Australia has $800,000 in the bank at the moment.

The registration process is a nightmare

I don’t know if you noticed, but the registration process for hardware events is also a mess. Again, its up to the individuals running the event to collect money from participants and ensure that there is a fair registration process. The first indications of the level of interest from conference attendees are in the few weeks before the conference itself, when its way too late to course correct if that’s needed.

This is harder than it looks, and comes at a time when the team is flat out ensuring the event runs at all. Worse, then people get annoyed and complain.

Finally on registration, the events are too expensive. In an attempt to simplify registration, there’s only one option — buy the hardware. However, if you already own a Raspberry Pi, why would you buy another one? That’s an extra $60 or so that you’re charged for hardware that you probably don’t really want. If you do want another Raspberry Pi great, but it should be an add on to the event registration.

In summary

Conference organisers generally phrase things in terms of risk versus reward when trying to run a conference. So, the hardware events we have at LCA are high reward for those who attend them, but hugely risky for the conference. Failure of such an event would reflect poorly on LCA, which has worked for 20 years to have a reputation as one of the best technical conferences in the world.

So this is why we shouldn’t run these hardware events — they’re risky, as well as being a super hard slog for the people running them.


But… They’re also hugely popular and an important part of what LCA has become. In a way, LCA is what it is because it embraces a diversity of interests. Without the hardware events, LCA would be diminished from what we have today.

So instead…

If we can’t accept not having these hardware events, we’re only really left with one other option. Let’s blow up the status quo and find a better way of running them.

That’s what originally wrote this post to do — propose something concrete that minimises the impact on the conference organising team while reducing the risk of these events failing and hopefully making life easier for the event organisers.

So here’s Michael’s simple plan for hardware events at LCA:

There should be a separate call for hardware content from now on, for a specific small number of hardware slots at the conference. This should be done really really early. Like stupidly early. As in, opening next month for 2020 and closing in in March. One of the things which holds the call for papers for the main conference up is having the conference web site ready. So let’s not do that — we can use a Google form or something instead. The number of proposals is going to be small, and we can use a “higher touch” process for the review and approval process.

Linux Australia should provide fiscal sponsorship for seed funding to accepted events, based on a proposed bill of materials that is submitted as part of the proposal, on similar terms as is provided for LCA itself and other conference. In other words, Linux Australia should bear the financial risk of failure. Linux Australia should also directly fund conference tickets for hardware event organisers — obviously, we need to somehow validate how many people actually did some work and there need to be limits, but that can be worked through without too much pain.

The LCA website itself should offer registration for hardware events. I see this as relatively trivial in that we can just treat these events as new types of t-shirts and the code to handle that has been around for a really long time.

And finally, we as a community should recognise better the huge amount of effort that has gone into these events in the past (and hopefully in the future) and make a point of thanking the organisers as often as possible. Sometimes there might be warts, but these are human beings like most of us working hard to do something complicated and exciting while still holding down day jobs.

As I said at the start, I had intended to have a go at fixing these issues this year, but events have overtaken me and that will no longer be possible. Hopefully someone else will have a go.


Krebs on SecurityThree Charged for Working With Serial Swatter

The U.S. Justice Department has filed criminal charges against three U.S. men accused of swatting, or making hoax reports of bomb threats or murders in a bid to trigger a heavily armed police response to a target’s address. Investigators say the men, aged 19 to 23, all carried out the attacks with the help of Tyler Barriss, a convicted serial swatter whose last stunt in late 2018 cost a Kansas man his life.


FBI agents on Wednesday arrested Neal Patel, 23, of Des Plaines, Ill. and Tyler Stewart, 19 of Gulf Breeze, Fla. The third defendant, Logan Patten, 19, of Greenwood, Mo., agreed to turn himself in. The men are charged in three separate indictments with conspiracy and conveying false information about the use of explosive devices.

Investigators say Patten, who used the Twitter handle “@spared,” hired Barriss in December 2017 to swat individuals and a high school in Lee’s Summit, Mo.

Around the same time, Stewart, a.k.a. “@tragic” on Twitter, allegedly worked with Barriss to make two phony bomb threats to evacuate a high school in Gurnee, Ill. In that incident, Barriss admitted telling police in Gurnee he had left explosives in a classroom and was high on methamphetamine and was thinking about shooting teachers and students.

Also in December 2017, Patel allegedly worked with Barriss to plan a bomb threat targeting a video game convention in Dallas, Texas. Patel is also accused of using stolen credit cards to buy items of clothing for Barriss.

The Justice Department’s media release on the indictments doesn’t specify which convention Barriss and Patel allegedly swatted, but a Wired story from last year tied Barriss to a similarly timed bomb threat that caused the evacuation of a major Call of Duty tournament at the Dallas Convention Center.

“When the social media star SoaR Ashtronova tweeted about the confusion she felt as she fled the event beneath the whir of police helicopters, Barriss taunted her from one of his Twitter accounts: ‘It got ran, baby girl. Thats what happens,” Wired reported.

Interestingly, it was a dispute over a $1.50 grudge match in a Call of Duty game that would ultimately lead to Barriss’s final — and fatal — swatting. On Dec. 28, 2017, Barriss phoned police in Wichita, Kan. from his location in California, telling them he was a local man who’d just shot his father and was holding other family members hostage.

Prosecutors say Barriss did so after getting in the middle of a dispute between two Call of Duty gamers, 18-year-old Casey Viner from Ohio and Shane Gaskill, 20, from Wichita. Viner allegedly asked Barriss to swat Gaskill. But when Gaskill noticed Barriss’ Twitter account suddenly following him online, he tried to deflect the attack. Barriss says Gaskill allegedly dared him to go ahead with the swat, but then gave Barriss an old home address — which was then being occupied by someone else.

When Wichita police responded to the address given by Barriss, they shot and killed 28-year-old Andrew Finch, a father of two who had no party to the dispute and did not know any of the three men.

Both Viner and Gaskill have been charged with wire fraud, conspiracy and obstruction of justice. Barriss pleaded guilty in Nov. 2018 to a total of 51 charges brought by federal prosecutors in Los Angeles, Kansas and Washington, D.C. He has agreed to serve a sentence of between 20 to 25 years in prison. Barriss is slated to be sentenced on March 1, 2019.

Stewart’s attorney declined to comment. Lawyers assigned to Patel and Patten could not be reached for comment.

As the victim of a swatting attack in 2013 and several other unsuccessful attempts, I am pleased to see federal authorities continue to take this crime seriously. According to the FBI, each swatting incident costs emergency responders approximately $10,000. Each hoax also unnecessarily endangers the lives of the responders and the public, and draws important resources away from actual emergencies.

Cory DoctorowInterview on A World That Might Just Work with Terrence McNally

This week, I sat down for an interview (MP3) with Terrence McNally for his World That Just Might Work show to talk about information politics, science fiction, oligarchy, resistance, and hope!

Worse Than FailureError'd: The Results are (Almost) In!

"Oh man! This results of this McDonalds vote look like they're going to be pretty close...or miles apart...," Pascal writes.


"Yeah the Kindle Edition is a pretty sweet deal, but I think that I'll just wait for the movie to come out," writes Wesley F.


Dustin S. wrote, "My password is soooo close to being done updating. Just a little bit longer."


George B. wrote, "Well, Emojipedia, you're close I'll give you that."


"I suppose I could earn enough caps eventually," Jose B. writes.


Walter wrote, "Well, sure, it's easy to save on kitchen appliances whose size is null."


[Advertisement] Forget logs. Next time you're struggling to replicate error, crash and performance issues in your apps - Think Raygun! Installs in minutes. Learn more.

Planet Linux AustraliaSimon Lyall: 2019 – Friday – Lightning talks and Conference Close

Closing Stuff

  • Special Badge given out
  • Projects from Junior Group from Club Penguin
  • Rusty Wrench award to Joshua Hesketh

Lightning Talks

  • 3 minutes each
  • Martin Kraft
    • Digital trust and trust in the real world
    • In real world it is wired into our brains
    • Aunt’s Laptop. Has Trusted CAs, Debian.
    • Doesn’t know what lock on browser means
    • Imaging that trust is a competition that happens in real time, that takes interactions, mood, random stuff.
    • Maybe when you visit a good vs bad website the browser looks visably different
    • Machine Learning
  • Brimly Collings-Stone
    • Maori language not available on AAC outputs
    • Need a device that speaks Maori and represents Maori grammar accurately
  • Mathew Sherborn
    • RSI
    • Got it in the past, tried various keyboards
    • Type-Matrix but it broke
    • ErgoDox – open source keyboard
    • – Keyboard in batch orders
    • Like the ErgoDox-E – $500 but good – web app to program
    • Change the Dvorak keyboard with special keyboard
  • Emma Springkmeier
    • What do I do when it all goes wrong
    • Potentially stressful situations – phone calls, meetings.
    • eg last year’s lightning talk
    • What I do to cope
    • Talk to friends, explain how I feel to others, listening to calming music, breathing techniques ( 4s in, 4s hold, 4 out, 4 holding, repeat )
  • Karl Kitcher
    • Secretary of the NZ Open Source Society
    • Charity since 2008
    • Reducing in interest in the recent years
    • Open source is not so prevalent, people not really caring, trying to maintain the momentium
    • Open vs Fauxpem
    • – signup to the mailing list
    • Various services to projects
  • Leon Wright
    • About Leon’s badge
    • Twitter bot hooked to hug detector in his badge
    • 2017 badge detects hugs
    • 2018 version 2 . So good twitter shadow banned his account
    • 2019 – Docker containers and other crazy stuff
  • Talia White
    • At LCA since 2018 – Was only 8. Now 12
    • Ordered a robot kit for ardiano
    • Made various projects
    • Don’t give up, struggled to start with coding, got better
  • Brenda Wallace
    • Works for the NZ Govt
    • Sometimes abigious
    • Going to publish for some legislation as python rules
    • eg Social welfare rules,
    • Unit tests
  • Paul Gunn Stephen
    • GDP per km of coastline
    • %coastline length for area
    • Means hard to get Tsunami warning systems
    • Cheaper
    • ETC Lali system approach
    • Every Village has a local warning system
    • Redundant system
  • E Dunham
    • You should speak at conferences
    • 54th talk in 5 years
    • Promotes your company
    • Intersection: What you know, what conference needs and what the attendees needs
    • Find conference want to attend
    • Write abstract
    • Submit a lot, get rejected a lot
    • Each reject is how you dodged a bullet
  • Charell
    • CVE-2019-3462
    • Bug in apt that allows injection of bad content
    • Why https
    • Attestation
    • apt-transport-https – enable
  • Jen Zajac
    • Project scaffolding eg Cookiecutter, yoeman
    • Lots of generating options
    • Creates templates for a project
  • Hugh Blemmings
    • Ardionu and Beagleboard
    • Cool but not high performance
    • A True open and HP computer
    • Open Hardware, Open software stack, no bin blobs, No unexpected software, No cost/perf penality
  • Benno Rice
    • Cobol
    • Over 50 years old
    • Not used much
    • What Language is the new Cobol?
    • PHP is the new COBOL
    • Perl is the new COBOL
    • Python2 ?
    • Javascript ?
    • C ?
    • Y2K – Maybe the real Cobol is the maintenance we incurred along the way
    • Maybe you should support software before it bites you back

Closing Stuff

  • 652 people attended
  • 2.4TB transferred over the SSID
  • 3113 Coffee vouchers

Lots of sponsors and suppliers and staff thanked 2020 is in …. Gold Coast

  • 21st birthday!
  • Gold Coast convention and Exhibition centre
  • 13 – 17th January 2020


Planet Linux AustraliaSimon Lyall: 2019 – Friday – Session 2

OpenLI: Lawful Intercept Without the Massive Price Tag
– Shane Alcock

Shane Alcock
  • Police get Warrent to ISP
  • ISP Obligations
    • Can’t tip off person being intercepted
    • Both current and past intercepts must be private
    • Can’t accept other people’s communications
    • Must accept all communications
  • NZ Lawful Intercept
    • All Providers with more than 4000 customers must be LI capable
    • Must be streamed live
    • TCP/IP over tunnel
    • Higher level agencies have extra requirements
    • 2 seperate handovers – IRI metadata for calls, IP sessions. CC= data packets
  • Open LI
    • $10,000s – $100,000s costs to impliment and license from vendors
    • WAND had some experise in packet collection
    • Known my NZ Network Operator community
    • Voluntary contributions from NZ Network Operators
    • $10k+ each
    • Buys 50% of my time to work on it for a year.
    • Avoiding Free Rider problem
      • Early access for supporters
      • Dev assistence with deployment
      • Priority support for bugs and features
  • Building Blocks
    • Developed and tested on Debian
    • Should work on other Linux flavours
    • Written in C – fast and likes writing C
    • Use libtrace from WAND
    • Data Plane Develop Kit
  • Provisioner
    • Interface for operators
    • Not very busy
  • Collector
    • Comms from Provisioner
    • Intercept instructions
    • Recommended run on bare-metal
    • 1RU Server with 10G interface with DPDK support
    • Supports multiple collectors
  • Mediator
    • Gets data from Collector
    • Forwards to Agency based on instructions from Provisioner
  • Target Identification
    • Nothing on the packets linked to target user
    • People get dynamic IPs, can change
    • For VOIP calls need to know RDP port
    • SIP for VIP , Radius to IP to ID the user’s IPs/Ports
    • Deriving caller identities from SIP packets can be tricky. Other headers can be used, depends on various factors
  • Performance Matters
    • 1Gb/s plans are available to residential customers
    • ISP may have multiple customers being intercepted. Collector must not drop packets
    • Aim to support multiple Gb/s of data
    • libtrace lets use spread load across multiple interfaces, cpus etc
    • But packets now be in multiple threads
    • Lots of threads to keep things all in sync
  • Status
  • Future
    • Build user-driver community around the software
  • Questions
    • Can it handle a hotel? – maybe
    • ISPs or police contributing? – Not yet
    • What have people been doing so far? – They have been gettign away with saying they will use this
    • What about bad guys using? – This probably doesn’t give them any more functionality
    • Larger Operators? – Gone with Vendor Solutions
    • Overseas Interest? – One from Khazakstan , but targetted at small operators
    • Why not Rust, worry about parsing data – Didn’t have time to learn Rust

But Mummy I don’t want to use CUDA – Open source GPU compute
Dave Airlie

Dave Airlie
  • Use Cases
    • AI/ML – Tensorflow
    • HPC – On big supercomputers
    • Scientific – Big datasets, maybe not on big clusters
  • What APIs Exist
    • CUDA
      • NVIDIA defined
      • Closed Source
      • C++ Based single source
      • Lots of support libraries ( BLAS, CiDNN ) from NVIDIA
    • API – HIP
      • AMD Defined
      • Sourcecode released on github
      • C++ based single source
    • OPenCL
      • Khronos Standard
      • Open and Closed implimentations
      • 1.2 v 2.0
      • OpenCL C/C++ Not single source (GPU and CPU code separate)
      • Online vs offline compilation (Online means final compilation at run time)
      • SPIR-V kernel
    • SYCL
      • Khronos Standard
      • C++ Single source
      • CPU Launch via OpenMP
      • GPU launch via OpenCL
      • Closed (codeplay) vs Open(triSYS)
      • Opening of implementation in Progress (from Intel – Jan 2019)
    • Others
      • C++AMP – MS
      • OPenMP – Gettign better for GPUs
      • OpenACC
      • Vulkan Compute
        • Low level submission API
        • Maybe
    • Future
      • C++ standard
      • C++ ISO standards body, ongoing input from everybody
      • Implementations must be tested
      • Still needs execution environment
  • Components of GPU stack
    • Source -> Compiler
    • Output of GPU and CPU code
  • IR
    • Intermediate representation
    • Between source and final binary
    • NVIDIA PTX – liek assemble
  • OpenCL Stacks
    • Vendor Specific
    • LLVM Forks
  • Open Source
    • Development vs Release Model
    • Vendors don’t want to support ports to competitors hardware
    • Distro challenges
      • No idea on future directions
      • Large bodies of code
      • Very little common code
      • Forked llvm/clang everywhere in code
  • Proposed Stack
    • Needs reference implementation
    • vendor neutral, runs on multiple vendors
    • Shared Code based (eg one copy of clang, llvm)
    • Standards based
    • Common API for runtime
    • Common IR as much as possible
    • Common Tooling – eg single debugger
    • SPIR-V in executable -> NIR -> HW Finaliser
    • Maybe Intel’s implementation will do this
  • Questions
    • Vulkan on top of Metal/Molten ? – Don’t know
    • Lots of other questions I didn’t understand enough to write


Planet Linux AustraliaSimon Lyall: 2019 – Friday – Session 1

Preventing the IoT Dystopia with Copyleft- Bradley M. Kuhn

Bradley M. Kuhn
  • The S in IoT stands for Security
  • Many stories of people hacking into baby monitors and home cameras
  • IoT Devices often phone home to manufactorers website in order that you can access then remotely. “I suppose there are Chinese hackers watching my Dogs all day, I hope they will call me if they need water etc”
  • Open source people have historically worked to get around problems like this.
  • 1992 – If you wanted Linux, you downloaded the software onto floppies and installed it yourself. And Often had to work hard to make it work.
  • Today only a small percentage of laptops sold have Linux on it.
  • But Linux is commonly installed on IoT devices – 90% odd
  • But
    • No [easy] way to reinstall it yourself
    • Much worse than laptops
    • GPL includes “The scripts used to control the compilation and install of the executable”
    • “Freedom to Study” is not enough
  • Linksys Wifi router
    • OpenWRT Project
    • Release forced from Linksys and Cisco
    • “Source as received from Linksys from GPL enforcement”
    • Is OpenWRT a Unicorn
      • Few projects with serious alternative firmware project
    • Still sold new after 20 years
  • BusyBox Lawsuits
    • Before IoT was even a term
    • At least one model of Samsung TV ->
    • “Baffles me as to why do the manufactorers want us to buy more hardware”
  • Linux focuses to much on big corp users and ignores hobbyist users
    • Kernel peopel only care about the .c files. Don’t care about the install scripts etc.
    • People at top of Linux now got their start hacking on the devices in front of them.
    • The next generation of developers will be those hackers not from IBM and other big companies
    • You didn’t need anything but a computer and an internet connection to become and upstream developer in those days. This is becoming less true.
    • If the only thing you can install Linux on is a rackmount server, a cloud server or maybe a laptop and none of the IoT devices around you then things don’t look good….
  • Linux was successful because users could install it on their own devices
  • Linux won’t remain the most important GPL program if users can’t install their modifications. Tinkering is what makes Free software great.
  • Upstream matters of course, but downstream matters more.
    • There may be 1000s of Linux developers
    • Put 2 billion people have Linux on their phone – Which is locked down and they can’t reinstall
  • We don’t need a revolution to liberate IoT devices
    • because the words are already there in the GPL
    • We just have to take up our rights
  • What you can do.
    • Request Linux sources on every device you own – Companies have figured out people almost never ask
    • Try to build and install them. If you can’t ask a friend or ask Conservancy for help
    • If it doesn’t build/install it is a GPL violation, report it Conservancy
    • Step up as a leader of a project devices that matter to you.
  • Why this will work
    • The problem seems insurmountable now, only because we have been led astray
    • First and absolutely necessary step towards privacy and scurity on those devices
    • When the user controls the OS again, the balance of power can be restored
  • Questions
    • Best way to ask for source code? Try email, the manual should say.
    • How to get the new code on the device? Needs some push onto industry
    • What if writing requires expensive equipment? Fairly rare, many devices allow over-the-air upgrades, we should be able to go the same way.
    • Is there a list of compliant devices? – Proposed in past. Want to go softly at first in many cases
    • Am I exposed to liability if I modify and distribute code I receive? – Almost certainly note, contact Conservatory if you are threatened.

Web Security 2019 – James Bromberger

James Bromberger
  • History of browser
    • No images
    • Images
    • Netscape with crappy ‘International Security”
    • https takeup is growing
    • Chrome is hitting 60-70%
    • 82% of browser are “modern”, crossover of chrome users to new version is about 3 months.
  • PCI
    • Remove early TLS in mid 2018
    • TLS 1.1 and higher allowed
  • The legacy browser has gone in the real world
    • Some envs still behind, but moving ahead
  • What can we do with as little changes as possible?
  • 0. Don’t use http, use https
    • Use letsencrypt
    • Stds reducing max length of certs from 5 years
  • 1. TLS protocols
    • 7 versions out there (old ones SSL).
    • Most over 10+ years old
    • Only 6 in the wild
    • 3 not-known to be comprimised ( 1.1 1.2 1.3 )
    • Very few clients only support 1.1 and not 1.2 (small gap in 2006-2008 ). IE supports 1.2. So maybe disable 1.1
    • Log the protocol being used so you have data on your users
    • OTOH not much supports 1.3 yet
    • Use 1.2 and 1.3
    • Turn off on the Browsers to
    • Looks at which libraries you are using in code that makes https connections
  • 2. Cypher Suite Optimisation
    • New EC certs for key exchange
    • New certs getting changed to ECDSA
    • AES is standard for bulk encryption. GCM mode is best although windows 9 can’t do (Upgrade to 10!)
    • MAC/Cehecksum – remove MD5, SHA1, remove SHA2-256+ , New ones coming
  • Security Header
    • Content-Security-Policy
    • Referer-Policy – Usually locked down
    • Feature-Policy – lots of stuff
    • ” X-Content-Type-Options: no-sniff ” – don’t guess content type
  • 4. CAA
    • Around 200 Cert Authorities
    • Authorized record type (CAA record) lists what CAs are allowed to issue certs for you.
    • DNS Sec is useful – But during US Govt shutdown DNS keys are expring
  • 5. Sub Resource Integrity
    • Scripts included by html
    • Can include checksums in html calling to varify
  • 6. Cookies
    • Secure – httpsonly
    • “SameSite=Strict” – Reduces cross site request forgery
  • 7. Http2
    • Binary wire protocol
    • Apache 2.4 on debian
    • Forces better protocols
  • 8. Lots more
    • New compression algorithms
    • Network error logs



Planet Linux AustraliaSimon Lyall: 2019 – Friday – Keynote: A Story – Rusty Russell

Rusty Russell
  • Bitcoin Billionare
  • 1992
    • The days of SunOS
    • Read the GNU Manafesto
  • 1995
    • Using GPP compiler at work
    • First patch accepted on November 1995
  • 1997
    • USENIX Conference in california
    • UseLinux – Had a track for Linux
    • Hung around a bunch of top guys in Linux talked about added SMP to Linux
    • Talk on porting Linux to Sparc by David Miller & Miguel de Icaza. Going into improvements and showing how Linux port to sparc bet Solaris in the Lmbench benchmarks on same hardware.
    • Relaized lived in a world where students could create and port OS that bet the original OS from the vendor
  • 1997 – 1998
    • Wrote (with another guy) and got ipchains added to Linux
    • “I woke up one morning and I was kernel firewall maintainer”
    • Got job people paid to work on Linux firewall code
  • 1998
    • Decided needed an Australian Linux conference
    • Oct-Nov visited a bunch of LUGS to invite people and find person to collect money.
    • People not sure what they wanted to go to a Linux conference ( $380 bucks)
    • Invited John Maddog Hall
    • Created and ran a slashdot ad
    • Created card got into $14k negative
    • Last session of the 3rd day, reran the 3 best talks
  • Three stories from 1998
    • Tutorial Books for each of the tutorials- Couldn’t get photocopies from commercial facility, so had to make 400 copies of books via 4 coin operated photocopiers
    • Tridge bought up a triple-CD burner. People ran it in relays
    • Somebody said. “I can’t believe you don’t have conference tshirts”. He bought white tshirts, got them screen printed and sold them.
  • End of conference Tridge organised a gift from the Speakers to Rusty. Pewter Beer mug
  • after 1999
    • 2001 scheduled 3 talks from Rusty. At the same time
    • Met Tridge at LCA – Moved to Canberra they did AusLabs
  • How Great Projects
    • Smart and Capable enough to complete them
    • They are Dumb enough to try
    • When somebody tells you about a project?
      • That sounds Great, Tell me more
      • What can I do to help
    • Enable people’s enthusiasms
    • Collaboration is a super Power
    • Get along with people is a skill
    • “Constructive absenteeism”
  • Headwinds to collaboration
    • Signs are welcoming to some people
    • Other people get signs that they are not so welcoming
    • Good are seeing them when they are aimed at them, not so good are even seeing they exist when they are not aimed at them.


CryptogramMilitary Carrier Pigeons in the Era of Electronic Warfare

They have advantages:

Pigeons are certainly no substitute for drones, but they provide a low-visibility option to relay information. Considering the storage capacity of microSD memory cards, a pigeon's organic characteristics provide front line forces a relatively clandestine mean to transport gigabytes of video, voice, or still imagery and documentation over considerable distance with zero electromagnetic emissions or obvious detectability to radar. These decidedly low-technology options prove difficult to detect and track. Pigeons cannot talk under interrogation, although they are not entirely immune to being held under suspicion of espionage. Within an urban environment, a pigeon has even greater potential to blend into the local avian population, further compounding detection.

The author points out that both France and China still maintain a small number of pigeons in case electronic communications are disrupted.

And there's an existing RFC.

Worse Than FailureCodeSOD: Giving 104%

Dates, as we have explored exhaustively, are hard. And yet, no matter how much we explore dates, and the myriad ways developers can completely screw them up, there are constantly new borders of date-related idiocy ahead of us.

The app Michael supported was running on a server running an Ubuntu version that was more than a little ancient, so as a test, he upgraded to the latest LTS version. That also included upgrades to the MySQL version they were running.

And right after doing the upgrade, errors like this started to appear: ERROR 1292 (22007): Incorrect datetime value: '2019-07-23 24:59:59' for column 'update_endDate'

Well, obviously, 24:59:59 is not a valid datetime value. Obviously, someone rolled a custom date-handling function, and something in the upgrade revealed an off-by-one error. Off-by-one bugs (or “OBOB” as one professor I had liked to call them) are common and easy.

Michael’s guess was technically correct. There was an off-by-one error, only it wasn’t in the code. It was in the original developer’s brain:

$Cust_update_endDate="$EUYear-$EUMonth-$EUDay 24:59:59";

I’d say this code was designed for Mars, but even a Martian day is a smidge under 25 hours. The real WTF is that, somehow, this code worked at one time.

[Advertisement] BuildMaster allows you to create a self-service release management platform that allows different teams to manage their applications. Explore how!

Planet Linux AustraliaSimon Lyall: 2019 – Thursday – Session 3

Open Source Tools for Publishing and Processing Earth Observation Imagery – Paul Haesler

Paul Haesler
  • Golden age of satelite imagery
  • Geostationary – One area – Good for weather
  • Circum-polar orbits – all over earth every 10-16 days
  • Data processing Chain
    • Level 0 – Raw
    • Level 1 – Geo rectify – Measure surface radience
    • Level 2 – Curroect for sun, sat angle, atmostphere – ARD – Records surface reflectance
  • Landsat-8 (25-30m , 8-16 day cycle, data since 1982 ) Sentinel-2 ( better, 5 day cycle, 10m resolution)
  • Digital Earth Australia
  • The Problem
    • Open Data Cube
    • Python, based on xarry
    • Postgres for metadata
    • Actual satellite sata from local or network repo (transparently)
    • GUI maintained by CEOS
    • Aims to publish all Aus OpenData that can be mapped
    • Based on TerriaJS
    • Some DEA data was already being publish but need for additional stuff
  • COGs – Cloud Optimised GeoTIFFs
  • DataCube_ows
    • Lightweight web application server
    • Developed by Datda61 for GA
    • WMS
      • OGC Web Map service
      • Good for general-usage web apps
      • Returns standard images (eg png)
      • Support 1.3 well, works with most clients
      • Styles for band-mapping
      • on-the-fly solar angle correction
    • WCS
      • Version 1 supported
      • Works well with TerriaJS , works okay with QGIS or ArcGIS
  • Next Steps
    • WPS for on-the-fly processing is regularly discussed
    • Better ingegration with datacube-core
    • More recent WCS versions inc WCS-2EO
    • Sparse Data problems

The Tragedy of systemd – Benno Rice

  • References to Contempt Culture
  • Ancestry of Systemd
    • Unix: Happy accident, place, time, reaction to the previous thing
    • housekeeping functions – “mounting filesystems and starting daemons”
    • inetd – Super Daemon for all sockets – “worked well until The Internet Happened”
  • Then the Internet happened
    • forking a process per connection doesn’t scale
    • Lots of persistent state for things like databases
    • Service
      • Might be a bunch of processors
      • Init starts but doesn’t manage
      • initab can restart things in SystemV
  • System Config vs Service bootstrap
    • Mixed in togeather
    • Service management needs more
  • Windows NT
    • Service model there from beginning
  • MacOs
    • Application Model means lot richer interaction with the host
    • Application delegate
    • launchd
  • The Idea of Systemd
    • launchd
      • Service handling in MacOS
      • Took over init, inetd, cron
      • Can listen on ports. Start stuff. doesn’t need to start on boot, boot gets faster, power reduced, security improved
      • Move system services to daemons, then start daemons as needed
    • From Launchd to systemd
      • upstart
        • event driven
        • shell based
      • Rethinking PID 1 – Lennart
      • “Start less” , “Start more in parallel” , “listen to hardware and software changes”
      • cites launchd
  • System management
    • Everything is a lot more dynamic
    • Hotplug , DHCP , etc
    • Don’t install 15 different packages that all behave differently
    • But systemd will have to do things in a different way to those 15 other things
  • The reality of systemd
    • Widely adopted ( 2011 – 2015 )
    • Arguments
      • Violates the unix philosphy – actually systemd actually is many binaries
      • It is bloated and monolithic – Well it does do a lot of thing
      • It is buggy – So is all software, actually a good failure mode
      • I can’t stand Lennart Poettering – He’s delivered. “I won’t defend his community interaction”
      • It is not portable – UNIX is dead – Posix isn’t really a thing anymore, there are not a bunch of crazy Linux variations. “These days you have Linux and some rounding errors”
    • cgroups
    • User-Level units
  • Change – System is a lot of disruptive change
  • The Tragedy of Change
    • Nerds love change as long as we are the ones doing it
    • System boot ups using shell script interaction is like the old blanky we should of got rid of 20 years ago
    • The Knee-jerk – Abuse is not Cool
  • The Next Generation
    • They See a lot more APIs
    • Thinking in Containers is different from thinking in not-containers
  • What does Systemd have that FreeBSD (or even future Linux) could use, or could do better
    • Message Transport
    • RPC Framework
    • Kernel and Use-space services should look similarly to the services above them
    • Service Lifescycle
    • Automation via API – Easier for vendors to write appliances
    • Containers
    • The System Layer
      • Doesn’t have to be the only implementation of theis
    • Consistent Device Naming
    • Better Log/Event/Audit Handling
    • A new model of an application ( a bunch of things managed as a Unit, See the MacOS model)
  • Questions
    • Launchd option – Too MacOS specific
    • Dynamic Libraries = DLL Hell – Containers avoid, different problems
    • Is reaction to systemd scaring other big changes off – Possible, hard to write, very hard to handle the social issues to push though
    • Where is FreeBSD at? – A long way away, no consensus this sort of change needed
    • Should everything have been swallowed up – Thought experiment, If systemd had instead defined an API for separate projects instead of writing them itself, would that have worked? And now we do know what is needed could we switch to a separate model with APIs?
    • Enbeded Devices need systemd – Anything Dynamic needs it
    • What Push back from FreeBSD – Something like that but not systemd. Some like launchd
    • What needs to change in community and systemd team to make things better – See Adam Harvey’s talk on language changes. Hard since everythign is asking for different stuff, systemd people.
    • What should systemd go further into – Messageing and RPC stuff more pervasive and more thought about. Something into the kernel.


Planet Linux AustraliaSimon Lyall: 2019 – Thursday – Session 2

Go All-In! – Bdale Garbee

Bdale Garbee
  • How to get companies involved in FOSS
  • First contribution of source code was almost 40 years ago
  • Used Vax BSD at CMU – HAd the deal with an obscure priesthood
  • KA9Q TCP/IP stack for amateur radio in the 80s
  • Appearance of RMS in my world
    • GNU Manifesto
    • 4 Freedoms
    • GPL
  • Debian
  • Worked as LInux CTO from one of the largest IT companies in the world
  • Collaborative Development Model
    • Spread out besides just making FOSS
    • No one company in charge
    • Diverse range of contributors, massively different motivations
    • We get a software commons we all get to benifit from
  • Free Software means Freedom of Choice
    • Reduced barriers between users and producers of software
    • Any user can be a dev, or pay someone to dev
    • If upsteams goes bad, things can be forked
  • What it means to be successful when you are operating in an open and collaborative model?
    • The goal of a trad company is for investment to yeld technological control points
    • First mover advantage
    • Differentiated features, preferably patentable
    • Collaborative dev model allows us to recognise the benifit of collaroation on all the non-differentialting elements. Leavign more value to the users / customers
    • Thinks less about control points, more about points of affinity. What is it that would make a customer want to user you products or services?
  • Innovation these days largely takes place in the open space
  • Wrights/Goddard – They didn’t get told to to the next new thing, they just started it as a hobby
  • Free Software enables people who we don’t know exist to create innovation and invent things we can’t imagine
  • Long Tail of Contribution
    • Example: People who did one Linux Kernel contribution, often to fix on specific thing that was causing them problems.
    • No company on earth that can hire that resource
    • Needs to be easy for people to access the code and make contributions
  • Attributed of Successful Communities
    • Active contribution and collaboration
    • Diverse participation
    • Solid core of code
    • Recognizable mainline trunk
    • Unified, cohesive structure
    • Low barriers to entry
  • Choosing the right license
    • Businesses can only be successful with permissive licenses
    • The most successful projects seems to be communities built around open contribution
    • Share-alike licenses stop possible problem of Closed Corporate fork while the original project withers

Beach Wreck Ignition: Challenges in open source voice –
Kathy Reid

Kathy Reid
  • MycroftAI – One of the few open source voice stacks
  • Introduction to a Voice Stack
    • Wake Word – eg “Hey Alexie”
    • Utterance – Phrase of command
    • Speech2text processor
    • Looks for keywords etc
    • Runs a command
    • Dialog – acknowledger + response
  • Wake Word
    • PocketPhinx, Snowbox, Mycroft Ai Precise
    • Some use Phonemes (smallest units of sounce in a language)
    • Hard to tell differences between all words
    • Always listening, connected to internet
    • Some use Use Neural networks
    • Low accuracy can cause frustration
      • Bias towards male speaker (10:1 male:female in dataset). Also more with American than other accents
      • To unbias the sample had to tag the samples with ethnicity, gender etc. Which was a problem with ethics of taggign samples/speakers
  • Speech to Test
    • Kaldi – no network needed, compute heavy
    • Deep Speech – From mozilla
    • Challenges
      • Lots of accents out there. Hard
      • Only trained for most common accents
      • Also problem with regional slang
      • Need to train on individual speaker
      • But need lots of data to understand a speaker
  • Endangered Languages
    • No commercial imperative to cover them
    • Mycroft Translate using Pootle to translate command words to 40 languages
    • Issues for gendered languages, formality
  • Intent Parsers
    • Rasa, Mycroft Adapt, Mycroft Padatious
    • Intent Collisions – Use confidence scoring depending on how explicit the request is.
  • Text to Speech
    • Mary TTS, Espeak, Mycroft Mimic, Mycroft Mimic 2
    • Mimic recording studio, Need 40-60 hours audio
    • Challenges
      • Natural sounding voice – making the voice sounds not robotics
      • Pronunciation – often requires after creation


Planet Linux AustraliaSimon Lyall: 2019 – Thursday – Session 1

A Long Day’s Journey Into Backups – Rachel Kelly

Rachael Kelly
  • A journey in four stages
  • Version 1 – State of Backups Aug 2017
    • Needed to look though old logs to see how far back problem wentDaily diffing from duply/duplicity – But where was the original?
    • Tried to restore data from old backups
    • Couldn’t restore from backup since original was too old
    • Couldn’t get it to work, needed something new fast
  • Version 2
    • Created tarball, uploaded to AWS S3, via daily cron
    • Done quickly
    • Not reliable sending to s3
    • Needed ongoing work
    • Big Win: But at least complient, and we could get data back out
  • Try 3 : Shiny EFS
    • EFS is AWS’s NFS solution
    • tarball created on local EFS disk, easypeasy
    • Big Win: Reliable backups, incorporated into infrastructure, retrievable data. 8 weeks off backups
    • Miscalculated cost: About 10x original estimate
  • Try 4: Tarball to s3 redux
    • Tarball to s3. PLUS infrastructure
    • Would work going forward
    • S3 approx 1/10 the cost of EFS
    • Big Win: Reliable, inexpensive, functional, dependable
    • Discovered that EFS not encrypted
    • Able to manage well
  • Current Solution
    • cron job calls a bash script
    • Safety in bash: set -euo pipefail
    • tar up the filesystem (with exclusions)
    • Set it to s3 with aws cli (with hosts’s hostname)
    • After 56 days is sent to glacier
    • restore script to get a file (uses AWS credientials of current instance)
  • What’s Next?
    • I could work on backups forever and they will never be perfect
    • Ability to restore to a new instance
    • Want to be able to get files from anywhere
    • Microservice backups
    • Deglacierisation
    • What we need
    • Better CLI tool – safer
  • What I really really want
    • A decent enterprise solution
    • NIH is a dangerous habit
    • Speaker knows no one using a hosted enterprise solution
    • Vendor solutions seem to be crazy overkill
  • Feedbacks
  • Amanda Recomended
  • Every morning restore dev enviroment from anon prodouting one. Comet Backup
  • Wasabi compatable with s3
  • Recoment “Retrospec”
  • tarsnap
  • bacula
  • rsnapshot
  • Looking at Borg Back
  • rsync to zfs, zfs send
  • Personal backups, using duplicity
  • Industry 4.0
    • After mechanization, mass production and automation
    • The machines run everything and we reap all the benefits – maybe
  • Robot Hype
    • Post AI winter
  • Implementoer’s bias (top down design of neutral network setup, choose number of layers etc)



Planet Linux AustraliaSimon Lyall: 2019 – Thursday – Keynote: Shannon Morse

Personal Branding for the Security Conscious – Shannon Morse

Shannon Morse
  • Who am I
    • Youtube videos on Infosec, Travel
  • Imposter Syndrome
    • Work hard to beat it.
    • Say Yes to offers
    • Work hard to make somethign I am proud of
    • Surround yourself with positive people
  • Accomplishment
    • Keep a list of them, be proud of them
  • Backstory
    • No background in Linux, hacking, infosec
    • Mom and Dad supported me
  • RTFM Sucks
    • Lots of egos and elitism in forums and community online
    • Decided to become the resource for learners
  • Starting your career
    • What do companies need, what hiring for
    • How has industry changed?
    • Diversity numbers?
    • Can you change industry in a positive way
    • Review CERT holders numbers vs Openings looking for those certs
    • Look at job titles being advertised
    • Industry growing -> lots of beginners
  • How can you get good at it
    • Understand what is your best way to learn
    • Read books, classes, videos, whatever
    • Compile your list of passions
    • Get list of influencers / thought leaders / speakers in the area
    • Follow them on social media
    • Learn from your role models
    • you might end up being a thought leader in their eyes
    • Follow people in other areas too
  • Keep learning
    • Do it every single day
    • Make it become a habit
    • Make it a routine
  • Resume
    • Create a one-pager
    • Business cards
    • Dropped out of college put “Huitus”
  • Build you platform
    • Youtube, write articles, videos, whatever
    • If you can afford it, offer free classes for under-represented groups
  • Personal brand
    • Develop the blocks
      • skillsets, values, what does it mean for you to succeed
      • What obstacles have you overcome
      • what are you passions
      • what makes you unique
      • write and live by your vision statement
    • If you don’t control and manage your brand others will do it for you
      • Where do you draw that privacy line?
      • Quiz yourself
      • Eg how public are you on you income?
    • Resources
      • password managers
      • 2FA
      • Guest vs home Networks
    • Clean up your social media accounts, delete old junk
    • Smart sharing
      • Share stuff but not barcodes, addresses
      • Have a plan
    • Be ready to deal with targeted harassment
      • Keep notes, screenshots, know who to contact
      • Trolls? Block; banhammer
      • Troll back (YMMV)
  • Why I don’t quit
    • Do it because you love it