All entries

debtags.debian.org cleaned up

Since the Debtags consolidation announcement there are some more news:

No more anonymous submissions

  • I have disabled anonymous tagging. Anyone is still able to tag via Debian Single Sign-On. SSO-enabling the site was as simple as this.
  • Tags need no review anymore to be sent to ftp-master. I have removed all the distinction in the code between reviwed and unreviewed tags, and all the code for the tag review interface.
  • The site now has an audit log for each user, that any person logged in via SSO can access via the "history" link in the top right of the tag editor page.

Official recognition as Debian Contributors

  • Tag contributions are sent to contributors.debian.org. There is no historical data for them because all submissions until now have been anonymous, but from now on if you tag packages you are finally recognised as a Debian Contributor!

Mailing lists closed

  • I closed the debtags-devel and debtags-commits mailing lists; the archives are still online.
  • I have updated the workflow for suggesting new tags in the FAQ to "submit a bug to debtags and Cc debian-devel"

We can just use debian-devel instead of debtags-devel.

Autotagging of trivial packages

  • I have introduced the concept of "trivial" packages to currently be any package in the libs, oldlibs and debug sections. They are tagged automatically by the site maintenance and are excluded from the site todo lists and tag editor. We do not need to bother about trivial packages anymore, all 13239 of them.

Miscellaneous other changes

  • I have moved the debtags vocabulary from subversion to git
  • I have renamed the tag used to mark packages not yet reviewed by humans from special::not-yet-tagged to special::unreviewed
  • At the end of every nightly maintenance, some statistics are saved into a database table. I have collected 10 years of historical data by crunching big tarballs of site backups, and fed them to the historical stats table.
  • The workflow for getting tags from the site to ftp-master is now far, far simpler. It is almost simple enough that I should manage to explain it without needing to dig through code to see what it is actually doing.
Posted Fri Feb 5 19:18:50 2016 Tags:

Downgrading network-manager

This morning I woke up. Bad idea.

I find in the work mail a compiler error that I cannot reproduce, so I need to log into a machine at work. But #809195.

I decided to downgrade network-manager. I recall there was a tool to download packages from snapshots.debian.org, I discussed it recently on IRC, let's sync the IRC logs from my server. Or not (#810212).

Never mind, I'll log into the server and grep. Ooh, it's debsnap. However, it doesn't quite do what I hoped (#667712).

After some help from #debian-devel (thanks jcristau and LebedevRI), here is how to downgrade network-manager:

# echo "deb http://snapshot.debian.org/archive/debian/20151125T155830Z/ sid main" >> /etc/apt/sources.list.d/tmp-downgrade-nm.list
# apt -o Acquire::Check-Valid-Until=false update
# apt -o Acquire::Check-Valid-Until=false install network-manager=1.0.6-1
# rm /etc/apt/sources.list.d/tmp-downgrade-nm.list
# service network-manager restart

And as user:

$ killall nm-applet
$ nm-applet &

The yak is now nice and shaved, I can now go and see what those compiler errors are all about.

Actually, no, there was still an unshaved patch on the yak, and now we have a debcya script.

Posted Thu Jan 7 11:37:19 2016 Tags:

When Akonadi silently fails to sync your calendar...

Bug severity: seriously ruining my life.

Try to use korganizer to create a calendar entry when the server is not reachable (say, you are offline, or you typed the wrong password), and you may find that you end up with no error messages, an entry that shows up perfectly fine, but that will never be synced to the server, ever again.

I use korganizer, radicale and caldav for important things. The practical ramifications of me inserting entries in korganizer, seeing that everything looks ok, and then not finding them on my phone while on the go, are scary.

Think of things like importing .ics files with flight schedules, entering tax deadlines, time and places for customer meetings, time and places of arrival of loved ones I'm supposed to pick up.

I spent time setting up my own infrastructure for this exactly because I care that all of this works reliably.

And now I urgently took a morning off work to find a way to detect those entries that Akonadi is refusing to update,

The whole thing is cumbersome to run, but if you are using kdepim-based tools to manage your calendars and sync them across devices, you may want to give it a go every once in a while.

You can find the script and the notes I took so far on the issue at https://github.com/spanezz/akonadi-workarounds.

Posted Tue Dec 1 14:01:09 2015 Tags:

Italian Fattura Elettronica with OpenSSL

I have had some success signing an Italian fattura elettronica with OpenSSL.

I am amazed to realise that the software they gave me to do the job is of such bad quality that I felt like spending a few hours trying to do the same thing with OpenSSL instead.

Posted Fri Oct 23 10:35:53 2015 Tags:

Extracting XML payload from Italian Fattura Elettronica zipfiles

This system does not even export to PDF. In order to provide my accountant with something better than a DER-encoded file with a random-looking name stored inside a zipfile, here is a script that at least extracts the unsigned XML payload out of a saved Fattura Elettronica.

If you're giving a python course in Italy, this sounds like a nice early programming assignment.

Posted Fri Oct 9 11:52:04 2015 Tags:

If you happen to know a browser developer...

Do you happen to know a developer of Firefox or Chrome or some other mainstream browser?

If so, can you please talk to them about our experiments with Client Certificate authentication in Debian?

Client Certificate authentication rocks; with just a couple of little tweaks in the interface, it would be pretty close to perfect.

Visiting sites without using a certificate

If I want to browse a site unauthenticated instead of using a certificate, at the moment I can hit "Cancel" on the certificate popup menu, and it works nicely. I feel quite confused when I do that, though, because it's not clear to me if I am canceling use of certificates, or canceling the visit to the site.

Can you please change the wording on the Cancel button to something more descriptive?

See/change current certificate selection

My top wish is, once I choise to use (or not use) a certificate for a site, to be able to see which certificate I'm using and possibly change it.

At the moment I did not find a way to see what certificate I'm using, and the browser will remember the choice until it gets closed and reopened.

At the moment I can use a Private or Incognito window to switch identities or to stop authenticated access and continue anonymously, and that helps me immensely.

I think however that the ultimate solution could be to have the https lockpad popup show an indication of what certificate is currently being used, and offer a way to re-trigger certificate selection. That would be so cool.

Also, once the certificate choice can be seen and changed at any time, it could just get remembered so that sites can be visited again without any prompts, even after the browser has been closed and reopened. That would be, to me, the ultimate convenience.

Thanks! <3

Thank you very much for all the work you have already put into this: I have been told that a few years ago using client certificate was unthinkable, and now it seems to be down to just a couple of papercuts. And SPKAC/keygen seriously rocks!

I have been constantly impressed by how well this all works right now.

Posted Tue Sep 1 17:25:04 2015 Tags:

My semi serious stand up comedy notes

Video

Disclaimers

“Someone has said that it requires less mental effort to condemn than to think.”

(Emma Goldman, on several things including mailing list flamewars)

Fascinating Aïda's "Dogging" song.

Look for "dogging etiquette" for more examples of code of conducts. Just don't take your computer for repair immediately afterwards™.

Introduction

Every daring attempt to make a great change in existing conditions, every lofty vision of new possibilities for the human race, has been labeled Utopian.

(Emma Goldman, on the Debian Social Contract)

I am going to talk about many topics that we all know have so much in common:

  • Anarchism
  • Poliamory
  • BDSM
  • and Free Software

They are all, after all:

  • People
  • Consensually
  • Doing Things
  • Together

BDSM

A person is no less a slave because they are allowed to choose a new master once in a term of years.

(Lysander Spooner about proprietary cloud service providers)

If you thought you've seen it all with recursive acronyms, here's a chain acronym: Bondage Discipline, Dominance Submission, Sado Masochism.

Why I think BDSM is interesting: not (just) because of whips, but for having a lot of awareness about power releationships. Why should one accept from a coworker a level of abuse that would be considered a hard limit when negotiating with a trusted dom?

The BDSM Free Software definition: "I refuse to be bound by software I cannot negotiate with".

YKINMKBYKIOK (Your Kink Is Not My Kink But Your Kink Is Okay) is a nice example of dealing with diversity, and it also definitely solves the emacs vs vi debate.

Comfort zones, safewords, traffic light flow control, safety.

"No means no", unless there has been a long discussion first, and a safeword is in place, in which case "Fuzzy purple unicorn" means "no"

"No means no", and if someone insists after a "no", it becomes harassment.

"No means no" is a precondition for being able to say "yes": http://pervocracy.blogspot.de/2011/03/no-and-no-and-no-and-yes.html

Aftercare! Aftercare! Release parties! High fives! Solidarity after flamewars or votes!

Poliamory

If love does not know how to give and take without restrictions, it is not love, but a transaction that never fails to lay stress on a plus and a minus.

(Emma Goldman, on volunteer projects)

Polyamory is the practice, desire, or acceptance of intimate relationships that are not exclusive with respect to other sexual or intimate relationships, with knowledge and consent of everyone involved.

Compersion, n: the feeling you get when someone else also takes good care of one of your packages.

We currently allow only one value in the Maintainer field: * takeover is traumatic, because values can only be replaced * if values could be added instead, and removed when they don't make sense anymore...

What is your definition of love? My current one is: my world is better with you in it.

Relationship anarchy is the practice of forming relationships which are not bound by rules aside from what the people involved mutually agree on. How do you call a relationship that is bound by rules that the people involved do not agree on?

From discussions after the talk

New Relationship Energy, the excitement when you start to maintain a new package, and the risk of been carried away by the excitement and neglecting all the other ones.

Consent

Anarchism, to me, means not only the denial of authority, not only a new economy, but a revision of the principles of morality. It means the development of the individual as well as the assertion of the individual. It means self-responsibility, and not leader worship.

(Voltairine de Cleyre about trusting lintian warnings)

You need to know what you are doing, and what situation you're putting yourself into.

You need to know that the person asking a question really is able to accept any answer, and take it seriously.

You need to feel that you have alternatives.

Be selfish when you ask, honest when you reply, and when others reply, take them seriously. If any of this doesn't stand, I find it hard to trust that we are in a consensual situation.

When is one supposed to learn about consent?

  • I see little consensuality in standard education.
  • I see little consensuality at work.

Consent explained with tea.

Practical advice

Anarchism has but one infallible, unchangeable motto, ‘Freedom.’ Freedom to discover any truth, freedom to develop, to live naturally and fully.

(Lucy Parsons about the DFSG)

Relationship advice and work advice have a lot in common:

Relationship advice from 99 ways to ruin an open source project

Online participation advice from How to Screw Up Your Relationship (and make everyone miserable while you’re at it)

Packaging advice from BDSM Basics: 20 Unsolicited Tips for New Dominants

Advice about joining a new community from Advice to a newbie submissive about dominants

♥ ♥ ♥

Dear Debian, and dear everyone contributing to it: my world is better with you in it.

I love you all :* <3

Posted Tue Aug 18 11:48:08 2015 Tags:

Archive of all entries