Agreguesi i feed

Bpftrace is a new high-level tracing language for Linux using the extended Berkeley packet filter (eBPF).  It is a very powerful and flexible tracing front-end that enables systems to be analyzed much like DTrace.

The bpftrace tool is now installable as a snap. From the command line one can install it and enable it to use system tracing as follows:

sudo snap install bpftrace
sudo snap connect bpftrace:system-trace

To illustrate the power of bpftrace, here are some simple one-liners:

# trace openat() system calls
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_openat { printf("%d %s %s\n", pid, comm, str(args->filename)); }'
Attaching 1 probe...
1080 irqbalance /proc/interrupts
1080 irqbalance /proc/stat
2255 dmesg /etc/ld.so.cache
2255 dmesg /lib/x86_64-linux-gnu/libtinfo.so.5
2255 dmesg /lib/x86_64-linux-gnu/librt.so.1
2255 dmesg /lib/x86_64-linux-gnu/libc.so.6
2255 dmesg /lib/x86_64-linux-gnu/libpthread.so.0
2255 dmesg /usr/lib/locale/locale-archive
2255 dmesg /lib/terminfo/l/linux
2255 dmesg /home/king/.config/terminal-colors.d
2255 dmesg /etc/terminal-colors.d
2255 dmesg /dev/kmsg
2255 dmesg /usr/lib/x86_64-linux-gnu/gconv/gconv-modules.cache

# count system calls using tracepoints:
sudo bpftrace -e 'tracepoint:syscalls:sys_enter_* { @[probe] = count(); }'
@[tracepoint:syscalls:sys_enter_getsockname]: 1
@[tracepoint:syscalls:sys_enter_kill]: 1
@[tracepoint:syscalls:sys_enter_prctl]: 1
@[tracepoint:syscalls:sys_enter_epoll_wait]: 1
@[tracepoint:syscalls:sys_enter_signalfd4]: 2
@[tracepoint:syscalls:sys_enter_utimensat]: 2
@[tracepoint:syscalls:sys_enter_set_robust_list]: 2
@[tracepoint:syscalls:sys_enter_poll]: 2
@[tracepoint:syscalls:sys_enter_socket]: 3
@[tracepoint:syscalls:sys_enter_getrandom]: 3
@[tracepoint:syscalls:sys_enter_setsockopt]: 3
...

Note that it is recommended to use bpftrace with Linux 4.9 or higher.

The bpftrace github project page has an excellent README guide with some worked examples and is a very good place to start.  There is also a very useful reference guide and one-liner tutorial too.

If you have any useful btftrace one-liners, it would be great to share them. This is an amazingly powerful tool, and it would be interesting to see how it will be used.

Review: Skeen's Leap, by Jo Clayton

Series: Skeen #1 Publisher: Open Road Copyright: 1986 Printing: 2016 ISBN: 1-5040-3845-2 Format: Kindle Pages: 320

Skeen is a Rooner: a treasure hunter who finds (or steals) artifacts from prior civilizations and sells them to collectors. She's been doing it for decades and she's very good at her job. Good enough to own her own ship. Not good enough to keep from being betrayed by her lover, who stole her ship and abandoned her on a miserable planet with a long history of being temporarily part of various alien empires until its sun flares and wipes out all life for another round.

At the start, Skeen's Leap feels like a gritty space opera, something from Traveller or a similar universe in which the characters try to make a living in the interstices of sprawling and squabbling alien civilizations. But, shortly into the book, Skeen hears rumors of an ancient teleportation gate and is drawn through it into an entirely different world. A world inhabited by the remnants of every civilization that has fled Kildun Aalda during one of its solar flares, alongside native (and hostile) shape-changers. A world in which each of those civilizations have slowly lost their technology from breakdowns and time, leaving a quasi-medieval and diverse world with some odd technological spikes. And, of course, the gate won't let Skeen back through.

This turns out not to be space opera at all. Skeen's Leap is pure sword and sorcery, with technology substituted (mostly) in for the sorcery.

It's not just the setting: the structure of the book would be comfortably at home in a Conan story. Skeen uses her darter pistol and streetwise smarts to stumble into endless short encounters, most of them adding another member to her growing party. She rescues a shapeshifter who doesn't want to be rescued, befriends an adventuring scholar seeking to map the world, steals from an alien mob boss, attaches herself to four surplus brothers looking for something to do in the world, and continues in that vein across the world by horse and ship, searching for the first and near-extinct race of alien refugees who are rumored to have the key to the gate. Along the way, she and her companions occasionally tell stories. Hers are similar to her current adventures, just with spaceships and seedy space stations instead of ships and seedy ports.

Skeen's Leap is told in third person, but most of it is a very tight third-person that barely distinguishes Skeen's rambling and sarcastic thoughts from the narration. It's so very much in Skeen's own voice that I had to check when writing this review whether it was grammatically in first or third. The narrator does wander to other characters occasionally, but Skeen is at the center of this book: practical, avaricious, competent, life-hardened, observant, and always a survivor. The voice takes a bit to get used to (although the lengthy chapter titles in Skeen's voice are a delight from the very start), but it grew on me. I suspect one's feeling about Skeen's voice will make or break one's enjoyment of this book. I do wish she'd stop complaining about her lost ship and the lover who betrayed her, though; an entire book of that got a bit tiresome.

One subtle thing about this book that I found fascinating once I noticed it is its embrace of the female gaze. In most novels, even with female protagonists, descriptions of other characters use a default male gaze, or at best a neutral one. Women are pretty or beautiful or cute; men are described in more functional terms. Skeen's Leap is one of the few SFF novels I've seen with a female gaze that lingers on the attractiveness and shape of male bodies throughout, and occasionally stands gender roles on their head. (The one person in the book who might be Skeen's equal is a female ship captain with a similar background.) It's an entertaining variation.

Despite the voice and the unapologetic female perspective, though, this wasn't quite my thing. I picked up this book looking for a space opera, so the episodic sword-and-sorcery plot structure didn't fit my mood. I wanted deeper revelations and more complex world-building, but that's not on the agenda for this book (although it might be in later books in the series). This is pure adventure story, and by the end of the book the episodes were blending together and it all felt too much the same. It doesn't help that the book ends somewhat abruptly, at a milestone in Skeen's quest but quite far from any conclusion.

If you're looking for sword and sorcery with some SF trappings and a confident female protagonist, this isn't bad, but be warned that it doesn't end so much as stop, and you'll need (at least) the next book for the full story.

Followed by Skeen's Return.

Rating: 6 out of 10

Today is the Ubuntu Appreciation Day in which we share our thanks to people in our community for making Ubuntu great.

This year, I want to thank you to Rudy (~cm-t)! Why? Because IMHO he is an incredible activist, helpful, funny, always with a smile. He prints passion in everything related to Ubuntu. A perfect example for everyone!



Thanks Rudy |o/

Here’s what happened in the Reproducible Builds effort between Sunday November 11 and Saturday November 17 2018:

• Code review for the LLVM compiler to support the -fmacro-prefix-map argument is currently in progress. Like the -fdebug-prefix-map flag, this argument replaces a string prefix for the FILE pre-processor macro.

• Kyle Rankin, the Chief Security Officer of Puri.sm authored a blog post entitled “Protecting the Digital Supply Chain” which describes how with Reproducible Builds you can show that no malicious code was injected in software supply chains:

  Think of it like the combination of a food safety inspector and an independent lab that verifies the nutrition claims on a box of cereal all rolled into one.

• Chris Lamb gave a presentation at the SFScon conference in Bozen, Italy on reproducible builds and how they can prevent developers from becoming targets of various attacks.

• Holger Levsen updated our website to add the Tor project as a participant at our upcoming Paris Summit. In addition, Bernhard M. Wiedemann applied a sitewide change to use consistent capitalisation for openSUSE […].

• 38 Debian package reviews were added, 4 were updated and 19 were removed in this week, adding to our knowledge about identified issues. The nondeterminstic_output_in_pkgconfig_files_generated_by_meson was removed as a fix was applied upstream […], and the note for the randomness_in_binaries_generated_by_golang issue was updated. (1, 2)

• diffoscope is our in-depth “diff-on-steroids” utility which helps us diagnose reproducibility issues in packages. This week, Marius Gedminas provided a patch to add a python_requires field to diffoscope’s setup.py […] and Mattia Rizzolo sorted the list of recommended Python modules in debian/tests/control […].

• Chris Lamb’s previously-authored patches for GNU mtools to ensure the Debian Installer images could become reproducible which were sent upstream last week (1 & 2) are now available in upstream’s 4.0.20 release.

• Upstream chromium-70 now builds reproducibly in openSUSE (with a admittedly-normalised build environment) since it uses the Git commit date.

• Chris Lamb uploaded strip-nondeterminism (our tool to post-process files to remove known non-deterministic output) version 0.45.0-1 to Debian unstable in order that catch invalid ZIP “local” field lengths — we were previously blindly trusting the value supplied in the ZIP file (#803503). As part of this upload he moved the utility to the SemVer versioning scheme.

• We have received more than 45 registrations for the upcoming Reproducible Builds summit in Paris between 11th—13th December 2018 and have now closed registrations. Very much looking forward to seeing you there!

Packages reviewed and fixed, and bugs filed

• Bernhard M. Wiedemann:
  • kvirc (drop uname -r), Also submitted to openSUSE (…)
  • libpt2 (drop uname -r)
• Christoph Berg posted some work-in-progress patches for postgresql-hll (a PostgreSQL extension adding HyperLogLog data structures as a native data type) to make their build reproducible to the upstream mailing list.

Test framework development

There were a large number of updates to our Jenkins-based testing framework that powers tests.reproducible-builds.org by Holger Levsen this week, including:

• Arch Linux-specific changes:

  • Make sed(1) calls for modifying pacman.conf more robust, fixing building in the future as well as using proxies for downloading package dependencies. (1
  • Improve the documentation of a multi-line sed(1) statement. […]
  • Perform some administration on the package blacklists. (1, 2)
  • Move to using sudo(8) for cleaning old /tmp files left by package builds. […]

• Debian-specific changes:

  • Add two new cloud-image and cloud-image_build-depends package sets.
  • Perform some node maintenance. (1, 2, 3)
  • Install munin from the “Backports repositories. (1, 2)
  • Strip architecture from packages in the grml package sets. […]

• Misc/generic changes:

  • Ensure all ProfitBricks (amd64 and i386) nodes in Karlsruhe use pb1 as a proxy and all nodes in Frankfurt use pb10. This might have produced some build failures but fixed issues with Squid running in the future. This complements previous work for the arm64 architecture.
  • Filed #913658: (“Broken links on packages pages”)
  • Document that the proxy setting for chroot installs are actually correct. […]

In addition, Alexander Couzens provided workaround for an OpenWrt build system bug […], Eli Schwartz refactored our Arch Linux support […] and Mattia Rizzolo performed some node maintenance.

This week’s edition was written by Bernhard M. Wiedemann, Chris Lamb, Holger Levsen, Mattia Rizzolo & reviewed by a bunch of Reproducible Builds folks on IRC & the mailing lists.

Today is Transgender Day Of Remembrance. Today is a black day for trans people around the globe. We mourn the trans folks that aren't amongst us anymore due to hate crime violence against them. Reach out to the trans folks that are part of your life, that you know, ask them if they are in need of emotional support on this day. There are more trans folks getting killed for being trans than there are days in a year. Furthermost black trans women of color. If you feel strong enough you can read about it in this article.

Also, we are facing huge threats for our mere existence all over the world these days. If you follow any social media, check the hashtag #WontBeErased. The US government follows a path of Erasing Gender left and right, which also affects intersex people likewise and manifests the gender binary and gender separation even further, also hurting cis people. Now also in Ontario, Canada, gender identity gets erased, too. And Brazil, where next year's DebConf will be held, which already has the highest trans murders in the world, has elected Bolsonaro, a right wing extremist who is outspokenly gay antagonist and misogynist. And then there is Tanzania which started a hunt for LGBTIQ people. And those reports are only the tip of the iceberg. I definitely missed some other countries shit, like Ukraine (where next year's European Lesbian* Conference is taking place) or Austrian's government being right-winged and cutting the social system left and right so we are in need of Wieder Donnerstag (a weekly Thursday demonstration) again.

I'm currently drafting the announce mail to send out about the creation of the Debian Diversity Team which we finally formed. It is more important than ever to make it clear and visible that discrimination has no place within Debian, and that we in fact are a diverse community. I can understand the wish that it should focus on the visibility and welcoming aspects of the team, and especially to not make it look like it's a reaction to those world events. Which it isn't, this is in the works since two years now. And I totally agree with that. I just have a hard time to not add a solidarity message alongside mentioning that we are aware of the crap that's going on in the world and that we see your pain, and share it. So yes, the team has finally formed, but the announcement mail through debian-devel-announce about it is still pending. And we are in contact with the local team for next year's DebConf and following the news about Brazil to figure out how to make it as safe as possible for attendees, so that fear shouldn't be the guiding factor for you to not attend.

Stay strong, sending you hugs if wanted.

/personal | permanent link | Comments: 2 |

When creating clang-tidy checks, it is common to extract parts of AST Matcher expressions to local variables. I expanded on this in a previous blog.

auto nonAwesomeFunction = functionDecl( unless(matchesName("^::awesome_")) ); Finder->addMatcher( nonAwesomeFunction.bind("addAwesomePrefix") , this); Finder->addMatcher( callExpr(callee(nonAwesomeFunction)).bind("addAwesomePrefix") , this);

Use of such variables establishes an emergent extension API for re-use in the checks, or in multiple checks you create which share matcher requirements.

When attempting to match items inside a ForStmt for example, we might encounter the difference in the AST depending on whether braces are used or not.

#include <vector> void foo() { std::vector<int> vec; int c = 0; for (int i = 0; i < 100; ++i) vec.push_back(i); for (int i = 0; i < 100; ++i) { vec.push_back(i); } }

In this case, we wish to match the push_back method inside a ForStmt body. The body item might be a CompoundStmt or the CallExpr we wish to match. We can match both cases with the anyOf matcher.

auto pushbackcall = callExpr(callee(functionDecl(hasName("push_back")))); Finder->addMatcher( forStmt( hasBody(anyOf( pushbackcall.bind("port_call"), compoundStmt(has(pushbackcall.bind("port_call"))) )) ) , this);

Having to list the pushbackcall twice in the matcher is suboptimal. We ca do better by defining a new API function which we can use in AST Matcher expressions:

auto hasIgnoringBraces = [](auto const& Matcher) { return anyOf( Matcher, compoundStmt(has(Matcher)) ); };

With this in hand, we can simplify the original expression:

auto pushbackcall = callExpr(callee(functionDecl(hasName("push_back")))); Finder->addMatcher( forStmt( hasBody(hasIgnoringBraces( pushbackcall.bind("port_call") )) ) , this);

This pattern of defining AST Matcher API using a lambda function finds use in other contexts. For example, sometimes we want to find and bind to an AST node if it is present, ignoring its absense if is not present.

For example, consider wishing to match struct declarations and match a copy constructor if present:

struct A { }; struct B { B(B const&); };

We can match the AST with the anyOf() and anything() matchers.

Finder->addMatcher( cxxRecordDecl(anyOf( hasMethod(cxxConstructorDecl(isCopyConstructor()).bind("port_method")), anything() )).bind("port_record") , this);

This can be generalized into an optional() matcher:

auto optional = [](auto const& Matcher) { return anyOf( Matcher, anything() ); };

The anything() matcher matches, well, anything. It can also match nothing because of the fact that a matcher written inside another matcher matches itself.

That is, matchers such as

functionDecl(decl()) functionDecl(namedDecl()) functionDecl(functionDecl())

match ‘trivially’.

If a functionDecl() in fact binds to a method, then the derived type can be used in the matcher:

functionDecl(cxxMethodDecl())

The optional matcher can be used as expected:

Finder->addMatcher( cxxRecordDecl( optional( hasMethod(cxxConstructorDecl(isCopyConstructor()).bind("port_method")) ) ).bind("port_record") , this);

Yet another problem writers of clang-tidy checks will find is that AST nodes CallExpr and CXXConstructExpr do not share a common base representing the ability to take expressions as arguments. This means that separate matchers are required for calls and constructions.

Again, we can solve this problem generically by creating a composition function:

auto callOrConstruct = [](auto const& Matcher) { return expr(anyOf( callExpr(Matcher), cxxConstructExpr(Matcher) )); };

which reads as ‘an Expression which is any of a call expression or a construct expression’.

It can be used in place of either in matcher expressions:

Finder->addMatcher( callOrConstruct( hasArgument(0, integerLiteral().bind("port_literal")) ) , this);

Creating composition functions like this is a very convenient way to simplify and create maintainable matchers in your clang-tidy checks. A recently published RFC on the topic of making clang-tidy checks easier to write proposes some other conveniences which can be implemented in this manner.

Well, I had a weekend off sick. The time has come to put things in motion. Health concerns pushed up my timetable for what was discussed prior.

I am seeking support to be able to undertake freelance work. The first project would be to finally close out the Outernet/Othernet research work to get it submitted. Beyond that there would be technical writing as well as making creative works. Some of that would involve creating “digital library” collections but also helping others create print works instead.

Who could I help/serve? Unfortunately we have plenty of small, underfunded groups in my town. The American Red Cross no longer maintains a local office and the Salvation Army has no staff presence locally. Our county-owned airport verges on financial collapse and multiple units of government have difficulty staying solvent. There are plenty of needs to cover as long as someone had independent financial backing.

Besides, I owe some edits of Xubuntu documentation too.

It isn’t like “going on disability” as it is called in American parlance is immediate let alone simple. One of two sets of paperwork has to eventually go into a cave in Pennsylvania for centralized processing. I wish I were kidding but that cave is located near Slippery Rock. Both processes are backlogged only 12-18 months at last report. For making a change in the short term, that doesn’t even exist as an option on the table.

That’s why I’m asking for support. I’ve grown tired of spending multiple days at work depressed. Showing physical symptoms of depression in the workplace isn’t good either especially when it results in me missing work. When you can’t help people who are in the throes of despair frequently by their own fault, how much more futile can it get?

I set the goal on Liberapay lower than what I get now. While it would be a pay cut, I’d still be able to pay the bills. It is time to move to doing something constructive for society instead of merely fueling the machinery of government. For as often as I get asked how I sleep at night, I want to move past the answer being “terribly”.

The relevant Liberapay page is here. Folks like Pepper & Carrot use it. If the goal can be initially met by December 7th, I would be ready for the potential budget snafu at work like the three we already had at the start of the year.

I just look forward to some day being able to talk about doing good things instead of having to be cryptic due to security restrictions.

Welcome to the Ubuntu Weekly Newsletter, Issue 554 for the week of November 11 – 17, 2018. The full version of this issue is available here.

In this issue we cover:

• Ubuntu Stats
• Hot in Support
• LoCo Events
• Mir News 16th of November 2018
• Canonical News
• In the Blogosphere
• Featured Audio and Video
• Meeting Reports
• Upcoming Meetings and Events
• Updates and Security for 14.04, 16.04, 18.04, and 18.10
• And much more!

The Ubuntu Weekly Newsletter is brought to you by:

• Krytarik Raido
• Bashing-om
• Chris Guiver
• Wild Man
• And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, this issue of the Ubuntu Weekly Newsletter is licensed under a Creative Commons Attribution ShareAlike 3.0 License

Since the day I had my first class of Operating Systems (OS) in my engineering course, I got passionate about it; for me, OS represents one of the greatest achievements of mankind. As a result of my delight for OS, I always tried to gravitate around this field, but my school environment did not provide me with many opportunities to get into the area. To summarize this long journey, I will jump directly into the main point, on November 15 of 2017, I joined to a conference named Linuxdev-br [1] which brought together some of the best Brazilians Kernel developers. I took this opportunity to learn everything that I could by asking lots of questions to developers. Additionally, I was lucky to meet Gustavo Padovan. He helped me a lot during my first steps in the Linux Kernel.

From November 2017 until now, I did the best I could to become a Kernel developer, and I have to admit that the path was very complicated. I paid the price to work from 8 AM to 11 PM, from Sunday to Sunday, to maintain my efforts in my master and the Linux Kernel at the same time; unfortunately, I could not stay focused only in the Kernel. However, all of these efforts were paid off along the year; I had many patches accepted in the Kernel, I joined the Google Summer of Code (GSoC), I traveled to conferences, I returned to Linuxdev-br 2018 as a speaker, I joined XDC2018 [2], and many other good things happened.

Now I am close to complete one year of Linux Kernel, and one question still bugs me: why does it have to be so hard for someone in a similar condition to become part of this world? I realized that I had great support from many people (especially from my sweet and calm wife) and I also pushed myself very hard. Now, I feel that it is time to start giving back something to society; as a result, I began to promote some small events about free software in the university and the city I live. However, my main project related to this started around two months ago with six undergraduate students at the University of Sao Paulo, IME [3]. My plan is simple: train all of these six students to contribute to the Linux Kernel with the intention to help them to create a local group of Kernel developers. I am excited about this project! I noticed that within a few weeks of mentoring the students they already learned lots of things, and in a few days, they will send out their contributions to the Kernel. I want to write a new post about that in December 2018, reporting the results of this new tiny project and the summary of this one year of Linux Kernel. See you soon :)

Reference

1. linuxdev-br
2. XDC 2018
3. IME USP

Esta semana o trio maravilha dedicou a sua atenção a sugestões de leitura, técnica ou não, porque a vida não são só podcasts… As novidades no mundo SolusOS, a parceria da Canonical e da Samsung e o projecto Linux on Dex, sem esquecer a Festa do Software Livre da Moita 2018, que está já aí! Já sabes: Ouve, subscreve e partilha!

• https://www.humblebundle.com/books/dev-ops-oreilly
• https://blog.mozilla.org/thunderbird/2017/05/thunderbirds-future-home/
• https://www.phoronix.com/scan.php?page=news_item&px=Solus-Open-Letter
• https://www.phoronix.com/scan.php?page=news_item&px=WireGuard-Not-In-4.20
• https://twitter.com/sflc/status/1058386456115326976
• https://twitter.com/sflc/status/1058388361449259009
• https://www.mozilla.org/en-US/firefox/63.0/releasenotes/
• https://www.linuxondex.com/
• https://www.protondb.com

Patrocínios

Este episódio foi produzido e editado por Alexandre Carrapiço (Thunderclaws Studios – captação, produção, edição, mistura e masterização de som) contacto: thunderclawstudiosPT–arroba–gmail.com.

Atribuição e licenças

A música do genérico é: “Won’t see it comin’ (Feat Aequality & N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da CC0 1.0 Universal License.

Este episódio está licenciado nos termos da licença: Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0), cujo texto integral pode ser lido aqui. Estamos abertos a licenciar para permitir outros tipos de utilização, contactem-nos para validação e autorização.

Open Source Software: 20-Plus Years of Innovation
Source: https://www.linuxinsider.com/story/Open-Source-Software-20-Plus-Years-of-Innovation-85646.html

IBM Buys Linux & Open Source Software Distributor Red Hat For $34 Billion
Source: https://fossbytes.com/ibm-buys-red-hat-open-source-linux/

We (may) now know the real reason for that IBM takeover. A distraction for Red Hat to axe KDE
Source: https://www.theregister.co.uk/2018/11/02/rhel_deprecates_kde/

Ubuntu Founder Mark Shuttleworth Has No Plans Of Selling Canonical
Source: https://fossbytes.com/ubuntu-founder-mark-shuttleworth-has-no-plans-of-selling-canonical/

Mark Shuttleworth reveals Ubuntu 18.04 will get a 10-year support lifespan
Source: https://www.zdnet.com/article/mark-shuttleworth-reveals-ubuntu-18-04-will-get-a-10-year-support-lifespan/

Debian GNU/Linux 9.6 “Stretch” Released with Hundreds of Updates
Source: https://news.softpedia.com/news/debian-gnu-linux-9-6-stretch-released-with-hundreds-of-updates-download-now-523739.shtml

Fresh Linux Mint 19.1 Arrives This Christmas
Source: https://www.forbes.com/sites/jasonevangelho/2018/11/01/fresh-linux-mint-19-1-arrives-this-christmas/#6c64618d293d

Linux-friendly company System76 shares more open source Thelio computer details
Source: https://betanews.com/2018/10/26/system76-open-source-thelio-linux/

Linus Torvalds Says Linux 5.0 Comes in 2019, Kicks Off Development of Linux 4.20
Source: https://news.softpedia.com/news/linus-torvalds-is-back-kicks-off-the-development-of-linux-kernel-4-20-523622.shtml

Canonical Adds Spectre V4, SpectreRSB Fixes to New Ubuntu 18.04 LTS Azure Kernel
Source: https://news.softpedia.com/news/canonical-adds-spectre-v4-spectrersb-fixes-to-new-ubuntu-18-04-lts-azure-kernel-523533.shtml

Trivial Bug in X.Org Gives Root Permission on Linux and BSD Systems
Source: https://www.bleepingcomputer.com/news/security/trivial-bug-in-xorg-gives-root-permission-on-linux-and-bsd-systems/

Security Researcher Drops VirtualBox Guest-to-Host Escape Zero-Day on GitHub
Source: https://news.softpedia.com/news/security-researcher-drops-virtualbox-guest-to-host-escape-zero-day-on-github-523660.shtml

I’m wondering now if the problem with the activitypub is because the user object was already in the remote site and somehow the two were not being linked up properly.

Removing the user information off the mastodn instance may help, or not.

Craig https://dropbear.xyz Small Dropbear

4th attempt at getitng the linking working, works ok on the test site now!

Craig https://dropbear.xyz Small Dropbear

I was in need of creating a Qt application using current Debian stable (Stretch) and gpsd. I could have used libQgpsmm which creates a QTcpSocket for stablishing the connection to the gpsd daemon. But then I hit an issue: libQgpsmm was switched to Qt 5 after the Strech release, namely in gpsd 3.17-4. And I'm using Qt 5.

So the next thing to do is to use libgps itself, which is written in C. In this case one needs to call gps_open() to open a connection, gps_stream() to ask for the needed stream... and use gps_waiting() to poll the socket for data.

gps_waiting() checks for data for a maximum of time specified in it's parameters. That means I would need to create a QTimer and poll it to get the data. Poll it fast enough for the application to be responsive, but not too excessively to avoid useless CPU cycles.

I did not like this idea, so I started digging gpsd's code until I found that it exposes the socket it uses in it's base struct, struct gps_data_t's gps_fd. So the next step was to set up a QSocketNotifier around it, and use it's activated() signal.

So (very) basically:

// Class private:
struct gps_data_t mGpsData;
QSocketNotifier * mNotifier;

// In the implementation:
result = gps_open("localhost", DEFAULT_GPSD_PORT, &mGpsData);
// [...check result status...]

result = gps_stream(&mGPSData,WATCH_ENABLE|WATCH_JSON, NULL);
// [...check result status...]

//  Set up the QSocketNotifier instance.
mNotifier = new QSocketNotifier(mGpsData.gps_fd, QSocketNotifier::Read, this); 

connect(mNotifier, &QSocketNotifier::activated, this, &MyGps::readData);

And of course, calling gps_read(&mGpsData) in MyGps::readData(). With this every time there is activity on the socket readData() will be called, an no need to set up a timer anymore. Lisandro Damián Nicanor Pérez Meyer noreply@blogger.com Solo sé que sé querer, que tengo Dios y tengo fe.

A second and minor update for the RcppGetconf package for reading system configuration — not unlike getconf from the libc library — is now on CRAN.

Changes are minor. We avoid an error on a long-dead operating system cherished in one particular corner of the CRAN world. In doing so some files were updated so that dynamically loaded routines are now registered too.

The short list of changes in this release follows:

Changes in inline version 0.0.3 (2018-11-16)

• Examples no longer run on Solaris where they appear to fail.

Courtesy of CRANberries, there is a diffstat report. More about the package is at the local RcppGetconf page and the GitHub repo.

This post by Dirk Eddelbuettel originated on his Thinking inside the box blog. Please report excessive re-aggregation in third-party for-profit settings.

Dirk Eddelbuettel http://dirk.eddelbuettel.com/blog Thinking inside the box

I have been having a series of strange dreams for few days now. I had seen a bollywood movie called Sui-Dhaaga few days back .

The story is an improbable, semi-plausible story of a person, couple, no a community’s search for self-respect and dignity in labor. While the clothes shown in the movie at the fashion show were shown to be made by them, the styles seemed pretty much reminiscent of the materials and styles used by National Institute of Design.

One of the first dreams I had were of being in some sort of bare foot Design school which is/was interdisciplinary in nature. I am the bored guy who is there because he has no other skills and have been pressured by parents and well-wishers to do the course and even failed in that. I have been observing a guy who is always cleaner than the rest of us, always has a smile on his face and is content and enjoys working with cloth, whether it is tailoring or anything and everything to do with cloth. The material used is organic handspun Khadi which is mixed with silk to lose the coarseness and harshness that handspun Khadi has but using the least of chemicals and additives and is being sold at very low prices so that even a poor person can afford it.

This in reality is still a distant dream.

Anyways, with that as a backgrounder to the story, one day there is a class picnic/short travel. Because the picnic is ‘free’ i.e. paid by the Institute , almost everybody else except the gentleman who is always smiling and content agrees and wants to go to the picnic. The gentleman asks that he would prefer to be there in the classroom, studying and working with the cloth.

The lone teacher/management is in a fix. While he knows the student and doesn’t question his sincerity he is in a fix because the whole class/school is going for the picnic and there are expensive machines, material lying around. Even the watchmen want to be on the picnic and the teacher/management doesn’t have the heart to say no to them.

He asks in a sort of dejected voice if somebody wants to stay behind with him. A part of me wants to go to the picnic, a part of me wants to stay behind and if possible learn about the person’s mystery of his smile and contentedness.

After awaiting appropriate time and teacher asking couple of times, I take on a bored, resigned tone and volunteer to stay behind, provided I get some of the sweets and any clothes or whatever is distributed.

The next day, I wear one of my lesser shabbier clothes and go to school and find him near the gates of the school, at a nearby chai shop/tapri. He asks me how I am and asks if I would like to eat and drink something. I quickly order 3-4 items and after a fullish breakfast ended by a sweet masala chai we go to the school.

The ‘school’ is nothing but a two rooms with two adjacent toilets, one for men, one for women. The school is probably 500 meters squarish spaced with one corner for embroidery works, one corner for dyeing works, one corner for handspunning khadi and one corner which has tailoring machines. Just last year we had painted the walls of the school using organic colors and the year before we had some students come in who helped us in having more natural light and air to the school.

We also had a new/old water pump which after a long fight with the local councillor we had been able to get and got running water of sorts. We went to the loo, washed our hands, faces, cracked a few jokes and then using the heavy iron key chain which had multiple keys, opened the front door and we went in. He going to his seat, while I going to mine. As always, he’s fully absorbed, immersed in his work.

After waiting for half an hour to an hour, I announced that I’m going to take a leak and have water. He agreed to join me and we had a short break. After coming back, I sat a little across him and asked if I could ask him a few questions. Without missing a beat, he said sure. I asked him a few probing questions as to who he was, who else was in his family, what he used to do before enrolling here.

Slowly but surely, he teased out the answers sharing that while he had been a successful person and had money (he actually said ‘entrepreneur’ but my dream self couldn’t make out what it was) and while he had money saved, his wife was supporting him in this venture as she was good at Maths (a ‘statistician’ which again my dream self was oblivious was all about) and apart from learning about clothes, how they are made etc. something which he always enjoyed but which was discouraged in his house. They were working on a book about ‘learning outcomes’ (which again my dream self knew nothing about, but when he said he would be sharing stories about me and my class-mates I was excited and apprehensive at the same time.) He assured it would be nothing bad.

I asked him in my innocence as to why such a book was necessary because in my world-view we were doing nothing exciting about a school where most of us were learning in the hopes that with the skills we would somehow be able to eke out a living. Looking at the bleakness of the background of the people around me, I didn’t think there was anything worth writing about. I had learnt about writers who were given money to write about fairy tales and even had got a comic book or two with bright colors and pictures. When I asked him if it was going to be something similar to that book, he replied in the negative . He shared that they were in-fact were going to self-publish the book as the book was going to be ‘controversial’ in nature. While my dream self didn’t understand what ‘controversial was all about but was concerned when he explained that they would be putting up their own money to bring out the book. I felt this was foolishness as nobody I knew would spent money to print a book which didn’t have pictures and it was not also a fantasy like about a hero battling dragons and such.

At this moment, my dream ended. For those who had been working in the education sector I’m sure they would be having a laugh on almost all the aspects of the dream/story. ‘Learning outcomes’ has never been a serious consideration by either the Government of the day or previous Governments. Teachers are the most lowly paid staff in the Government machinery. Most of them who enter the profession, do it out of not being able to get a job any other way and are also not obsessed by the subject/s they teach. They somehow want to make ends meet. The less said of the ‘no detention’ policy of the Government, the better. Even the Government doesn’t believe the stats trouted by its own people but instead on ASER made by Pratham although the present Government has reversed it as it wants to show they have been doing the best job in field of education.

shirishag75 https://flossexperiences.wordpress.com #planet-debian – Experiences in the community

Sometimes tiny things make my day at 9am already.

That spammer got frustrated because none of his bots would get comments pasted to my blog:

Greetings to Cambodia.

BTW: Mikrotik RouterOS 6.41, CVE-2018-7445. RCE unpatched for 9+ months.

Daniel Lange https://daniel-lange.com/ Daniel Lange's blog

I've been spending a bit of time recently working on GNOME Settings. One part of this has been bringing some of the older panel code up to modern standards, one of which is making use of GtkBuilder templates.
I wondered if any of these changes would show in the stats, so I wrote a program to analyse each branch in the git repository and break down the code between C and GtkBuilder. The results were graphed in Google Sheets:



This is just the user accounts panel, which shows some of the reduction in C code and increase in GtkBuilder data:


Here's the breakdown of which panels make up the codebase:



I don't think this draws any major conclusions, but is still interesting to see. Of note:

• Some of the changes make in 3.28 did reduce the total amount of code! But it was quickly gobbled up by the new Thunderbolt panel.
• Network and Printers are the dominant panels - look at all that code!
• I ignored empty lines in the files in case differing coding styles would make some panels look bigger or smaller. It didn't seem to make a significant difference.
• You can see a reduction in C code looking at individual panels that have been updated, but overall it gets lost in the total amount of code.

I'll have another look in a few cycles when more changes have landed (I'm working on a new sound panel at the moment).

This week we’ve been resizing partitions. We interview Andrew Katz and discuss open souce and the law, bring you a command line love and go over all your feedback.

It’s Season 11 Episode 36 of the Ubuntu Podcast! Alan Pope, Mark Johnson and Martin Wimpress are connected and speaking to your brain.

In this week’s show:

• We discuss what we’ve been up to recently:
  • Alan has been resizing partitions, with mixed success.
• We interview Andrew Katz about open source and the law.

• We share a Command Line Lurve:

  • hub – hub is a command-line wrapper for git that makes you better at GitHub

snap install hub hub ci-status hub issue hub pr hub sync hub pull-request

• And we go over all your amazing feedback – thanks for sending it – please keep sending it!

• Image credit: Greyson Joralemon

That’s all for this week! You can listen to the Ubuntu Podcast back catalogue on YouTube. If there’s a topic you’d like us to discuss, or you have any feedback on previous shows, please send your comments and suggestions to show@ubuntupodcast.org or Tweet us or Comment on our Facebook page or comment on our Google+ page or comment on our sub-Reddit.

• Join us in the Ubuntu Podcast Telegram group.

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In October, about 209 work hours have been dispatched among 13 paid contributors. Their reports are available:

• Abhijith PA did 1 hour (out of 10 hours allocated + 4 extra hours, thus keeping 13 extra hours for November).
• Antoine Beaupré did 24 hours (out of 24 hours allocated).
• Ben Hutchings did 19 hours (out of 15 hours allocated + 4 extra hours).
• Chris Lamb did 18 hours (out of 18 hours allocated).
• Emilio Pozuelo Monfort did 12 hours (out of 30 hours allocated + 29.25 extra hours, thus keeping 47.25 extra hours for November).
• Holger Levsen did 1 hour (out of 8 hours allocated + 19.5 extra hours, but he gave back the remaining hours due to his new role, see below).
• Hugo Lefeuvre did 10 hours (out of 10 hours allocated).
• Markus Koschany did 30 hours (out of 30 hours allocated).
• Mike Gabriel did 4 hours (out of 8 hours allocated, thus keeping 4 extra hours for November).
• Ola Lundqvist did 4 hours (out of 8 hours allocated + 8 extra hours, but gave back 4 hours, thus keeping 8 extra hours for November).
• Roberto C. Sanchez did 15.5 hours (out of 18 hours allocated, thus keeping 2.5 extra hours for November).
• Santiago Ruano Rincón did 10 hours (out of 28 extra hours, thus keeping 18 extra hours for November).
• Thorsten Alteholz did 30 hours (out of 30 hours allocated).

Evolution of the situation

In November we are welcoming Brian May and Lucas Kanashiro back as contributors after they took some break from this work.

Holger Levsen is stepping down as LTS contributor but is taking over the role of LTS coordinator that was solely under the responsibility of Raphaël Hertzog up to now. Raphaël continues to handle the administrative side, but Holger will coordinate the LTS contributors ensuring that the work is done and that it is well done.

The number of sponsored hours increased to 212 hours per month, we gained a new sponsor (that shall not be named since they don’t want to be publicly listed).

The security tracker currently lists 27 packages with a known CVE and the dla-needed.txt file has 27 packages needing an update.

Thanks to our sponsors

New sponsors are in bold.

• Platinum sponsors:
• TOSHIBA (for 37 months)
• GitHub (for 28 months)
• Civil Infrastructure Platform (CIP) (for 5 months)
• Gold sponsors:
• The Positive Internet (for 53 months)
• Blablacar (for 52 months)
• Linode (for 42 months)
• Babiel GmbH (for 31 months)
• Plat’Home (for 31 months)
• Silver sponsors:
• Domeneshop AS (for 53 months)
• Nantes Métropole (for 47 months)
• Dalenys (for 43 months)
• Univention GmbH (for 38 months)
• Université Jean Monnet de St Etienne (for 38 months)
• Ribbon Communications, Inc. (for 32 months)
• maxcluster GmbH (for 26 months)
• Exonet B.V. (for 22 months)
• Leibniz Rechenzentrum (for 16 months)
• Vente-privee.com (for 13 months)
• CINECA (for 5 months)
• Bronze sponsors:
• David Ayers – IntarS Austria (for 53 months)
• Evolix (for 53 months)
• Seznam.cz, a.s. (for 53 months)
• MyTux (for 52 months)
• Intevation GmbH (for 50 months)
• Linuxhotel GmbH (for 50 months)
• Daevel SARL (for 49 months)
• Bitfolk LTD (for 47 months)
• Megaspace Internet Services GmbH (for 47 months)
• NUMLOG (for 47 months)
• Greenbone Networks GmbH (for 46 months)
• WinGo AG (for 46 months)
• Ecole Centrale de Nantes – LHEEA (for 42 months)
• Sig-I/O (for 40 months)
• Entr’ouvert (for 37 months)
• Adfinis SyGroup AG (for 35 months)
• GNI MEDIA (for 29 months)
• Laboratoire LEGI – UMR 5519 / CNRS (for 29 months)
• Quarantainenet BV (for 29 months)
• Bearstech (for 21 months)
• LiHAS (for 20 months)
• People Doc (for 17 months)
• Catalyst IT Ltd (for 15 months)
• Supagro (for 10 months)
• Demarcq SAS (for 9 months)
• TrapX Security (for 6 months)
• NCC Group (for 3 months)

No comment | Liked this article? Click here. | My blog is Flattr-enabled.

Raphaël Hertzog https://raphaelhertzog.com apt-get install debian-wizard