Enrico's blog

Last 10 blog posts

2016-10-18 10:25:55+02:00

debtags and aptitude forget-new

I like to regularly go through the new packages section in aptitude to see what interesting new packages entered testing, but recently that joyful moment got less joyful for me because of a barrage of obscurely named packages.

I have just realised that aptitude forget-new supports search patterns, and that brought back the joy.

I put this in a script that I run before looking for new packages in aptitude:

aptitude forget-new '?tag(field::biology)
                   | ?tag(devel::lang:ruby)
                   | ?tag(devel::lang:perl)
                   | ?tag(role::shared-lib)
                   | ?tag(suite::openstack)
                   | ?tag(implemented-in::php)
                   | ~n^node-'

The actual content of the search pattern is purely a matter of taste.

I'm happy to see how debtags becomes quite useful here, to keep my own user experience manageable as the size of Debian keeps growing.

Update: pabs suggested to use apt post-invoke hooks. For example:

        $ cat /etc/apt/apt.conf.d/99forget-new
        APT::Update::Post-Invoke { "aptitude forget-new '~sdebug'"; };
debian eng pdo
2016-10-01 00:00:00+02:00

Links for October 2016

Inside the Federal Bureau Of Way Too Many Guns [archive]
«There's no telling how many guns we have in America—and when one gets used in a crime, no way for the cops to connect it to its owner. The only place the police can turn for help is a Kafkaesque agency in West Virginia, where, thanks to the gun lobby, computers are illegal and detective work is absurdly antiquated. On purpose. Thing is, the geniuses who work there are quietly inventing ways to do the impossible.»
What to do when you see harassment [archive]
«This is an illustrated guide I made as part of my co-admining work at The Middle Eastern Feminist on Facebook! It will be published there shortly. The technique that is displayed here is a genuine one used in psychology - I forgot the name and couldn’t find it again so if you know about it, feel free to tell me! Some could say: “Yes but you can use that technique for instances of harassment other than Islamophobic attacks!”, and my reply is: Sure! Please do so, it also works for other “types” of harassment of a lone person in a public space!!» (buzzfeed article) (article on noncomplementary behaviour)
Stop Stealing Dreams [archive]
«Over the last ten years, I’ve written more than a dozen books about how our society is being fundamentally changed by the impact of the internet and the connection economy. [...] In this manifesto, I’m going to argue that top-down industrialized schooling is just as threatened, and for very good reasons. Scarcity of access is destroyed by the connection economy, at the very same time the skills and attitudes we need from our graduates are changing.»
English Adjectives Order
«When we group adjectives together there is a general (sometimes flexible) rule for the position of each type of adjective». More details. I like this as a reminder that I don't need to learn gramar in order to use it. Which is why I speak much better German after fiddling occasionally on Duolingo and buying schinkenzwiebelmettwürst at the wochenmarkt, than Latin after insulting my intelligence by pointlessly studying only its grammar for 5 long years in high school.
there will be a moment when you realize you are more grown up than your parents are… [archive]
Short piece of prose on Tumblr that I related to a lot.
eng links pdo
2016-09-10 09:47:03+02:00

Dreaming of being picked

From "Stop stealing dreams":

«Settling for the not-particularly uplifting dream of a boring, steady job isn’t helpful. Dreaming of being picked — picked to be on TV or picked to play on a team or picked to be lucky — isn’t helpful either. We waste our time and the time of our students when we set them up with pipe dreams that don’t empower them to adapt (or better yet, lead) when the world doesn’t work out as they hope.

The dreams we need are self-reliant dreams. We need dreams based not on what is but on what might be. We need students who can learn how to learn, who can discover how to push themselves and are generous enough and honest enough to engage with the outside world to make those dreams happen.»

This made me think that I know many hero stories based on "the chosen", like Matrix, like most superheros getting powers either from some entity chosing them for it, or from chance.

I have a hard time thinking of a superhero who becomes one just by working hard at acquiring and honing their skills: I can only think of Batman and Ironman, and they start off as super rich.

If I think of people who start from scratch as commoners and work hard to become exceptional, in the standard superhero narrative, I can only think of supervillains.


It makes me feel culturally biased into thinking that a common person cannot be trusted to act responsibly, and that only the rich, the chosen and the aristocrats can.

As a bias it may serve the rich and the aristocrats, but I don't think it serves society as a whole.

eng life pdo
2016-09-01 00:00:00+02:00

Links for September 2016

A Few Useful Mental Tools from Richard Feynman [archive]

«These tricks show Feynman taking the method of thought he learned in pure science and applying it to the more mundane topics most of us have to deal with every day.»

Pasta [archive]

A comprehensive introduction to pasta, to keep at hand in case I meet someone who has little familiarity with it.

MPTP: One Designer Drug and Serendipity [archive]

Abstract: Through an unlikely series of coincidences and fortunate accidents, the development of Parkinson’s disease in several illicit drug users was traced to their use of a meperidine analog contaminated with 1-methyl-4-phenyl-1,2,3,6-tetrahydropyridine (MPTP). The discovery of a chemical capable of producing animal models of the disease has revitalized research efforts and resulted in important new information. The serendipitous finding also prompted consideration of what changes seem advisable if designer drugs are to be dealt with more efficaciously.

The Debunking Handbook: now freely available for download

The Debunking Handbook, a guide to debunking misinformation, is now freely available to download. Although there is a great deal of psychological research on misinformation, there's no summary of the literature that offers practical guidelines on the most effective ways of reducing the influence of myths.

Faulty neon light jams radio appliances [archive]

«An apparent interference source began plaguing wireless vehicle key fobs, cell phones, and other wireless electronics. Key fob owners found they could not open or start their vehicles remotely until their vehicles were towed at least a block away, nor were they able to call for help on their cell phones when problems occurred»

Calvin & Muad'Dib

Calvin & Hobbes with text taken from Frank Herbert's Dune. It's been around since 2013 and I consistently found it moving and deep.

When Birds Attack - Bike Helmet Hacks [archive]

Australian magpies attacking cyclists has propted several creative adaptations, including attaching an afro wig to the bike helmet.

eng links pdo
2016-08-01 00:00:00+02:00

Links for August 2016

First post with the new link collection feature of staticsite!

Heavy Metal and Natural Language Processing [archived]

Natural language processing and Metal lyrics, including the formula for the "metalness" of a word and a list of the most and least metal words.

Confirming all use of an SSH agent [archived]

«For a long time I’ve wanted an ssh-agent setup that would ask me before every use, so I could slightly more comfortably forward authentication over SSH without worrying that my session might get hijacked somewhere at the remote end (I often find myself wanting to pull authenticated git repos on remote hosts). I’m at DebConf this week, which is an ideal time to dig further into these things, so I did so today. As is often the case it turns out this is already possible, if you know how.»

Why We Don’t Report It [archived]

«“Why don’t you report it?” It’s up there on every list I’ve seen of things you shouldn’t say to sexual assault survivors, yet I keep hearing it…»

Voltron, an extensible debugger UI toolkit written in Python

Multi-panel display built from various gdb outputs.

Notmuch, offlineimap and Sieve setup [archived]

Nice description of a notmuch+offlineimap+sieve setup, for when I feel like rethinking my email setup.

Wikipedia:Unusual articles

An endless source of weird and wonderful.

ZERO: no linked HIV transmissions [archived]

«The results provide a dataset to question whether transmission with an undetectable viral load is actually possible. They should help normalise HIV and challenge stigma and discrimination.»

TV pickup

Someone once in the UK told me that it was a big enough problem that so many people turn on their electric kettles during the endtitles of Eastenders, that there's an employee in a hydro plant that needs to watch it to ramp up the power at the right time. I've finally found a wikipedia page about it.

Amazon isn't saying if Echo has been wiretapped [archived]

"We may never know if the feds have hijacked Amazon Echo. … In case you didn't know, Echo is an always-on device, which, when activated, can return search queries, as well as read audiobooks and report sports, traffic, and weather. It can even control smart home devices."

eng pdo
2016-07-09 19:23:35+02:00

Monthly link collections with staticsite

A year ago, I wrote:

Instead of keeping substantial tabs open until I have read all of them, or losing them in the jungle of browser bookmarks, I have written a script that collects them into a file per month, and turns them into markdown files for my blog.

That script turned out to be quirky and overengineered, so much so that I stopped using it myself.

I've now rethought my approach, and downscaled it: instead of saving a copy of each page locally, I can blog a reference to https://archive.org or https://archive.is. I do not need to autogenerate a description from the site itself.

The result has been a nicely minimal set of changes to staticsite that resulted in a new version where adding a link to a monthly collection is as easy as typing ssite new -a links.

As long as I'll remember to rebuild the site 3 weeks from now, a new post should automagically appear in my blog.

eng pdo ssite sw
2016-06-15 21:47:28+02:00

Verifying gpg keys

Suppose you have a gpg keyid like 9F6C6333 that corresponds to both key 1AE0322EB8F74717BDEABF1D44BB1BA79F6C6333 and 88BB08F633073D7129383EE71EA37A0C9F6C6333, and you don't know which of the two to use.

You go to http://pgp.cs.uu.nl/ and find out that the site uses short key IDs, so the two keys are indistinguishable.

Building on Clint's hopenpgp-tools, I made a script that screenscrapes http://pgp.cs.uu.nl/ for trust paths, downloads all the potentially connecting keys in a temporary keyring, and runs hkt findpaths on it:

$ ./verify-trust-paths 1793D6AB75663E6BF104953A634F4BD1E7AD5568 1AE0322EB8F74717BDEABF1D44BB1BA79F6C6333
hkt (hopenpgp-tools) 0.18
Copyright (C) 2012-2016  Clint Adams
hkt comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.


$ ./verify-trust-paths 1793D6AB75663E6BF104953A634F4BD1E7AD5568 88BB08F633073D7129383EE71EA37A0C9F6C6333
hkt (hopenpgp-tools) 0.18
Copyright (C) 2012-2016  Clint Adams
hkt comes with ABSOLUTELY NO WARRANTY. This is free software, and you are welcome to redistribute it under certain conditions.

This is a start: it could look in the local keyring for all ultimately trusted key finegrprints and use those as starting points. It could just take as an argument a short keyid and automatically check all matching fingerprints.

I'm currently quite busy with https://nm.debian.org and at the moment verify-trust-paths scratches enough of my itch that I can move on with my other things.

Please send patches, or take it over: I'd like to see this grow.

debian eng pdo sw
2016-06-15 10:14:43+02:00

On discomfort and new groups

I recenyly wrote:

When you get involved in a new community, such as Debian, find out early where, if that happens, you can find support, understanding, and help to make it stop.

Last night I asked a group of friends what do they do if they start feeling uncomfortable when they are alone in a group of people they don't know. Here are the replies:

I think a lot of these point are good food for thought about barriers of entry, and about safety nets that a group has or might want to have.

debian eng pdo
2016-06-07 12:43:45+02:00

You'll thank me later

I agree with this post by Matthew Garrett.

I am quite convinced that most of the communities that I have known are vulnerable to people who are good manipulators of people.

Also, in my experience, manipulation by negating, pushing, or reframing the boundaries of people tends not to be recognised as manipulation, let alone abusive behaviour.

It's not about physically forcing people to do things that they don't want to do. It's about pushing people, again and again, wearing them out, making them feel like, despite their actual needs and wants, saying "yes" to you is the only viable way out.

It can happen for sex, and it can happen for getting a patch merged. It can happen out of habit. It can happen for pretty much anything.

Consent culture was not part of my education, and it was something I've had to discover for myself. I assume that to be a common experience, and that pushing against boundaries does happen, even without malicious intentions, on a regular basis.

However, it is not ok.

Take insisting. It is not the same as persisting. Persisting is what I do when I advocate for change. Persisting is what I do when the first version of my code segfaults. Insisting is what I do when a person says "no" to me and I don't want to accept it.

Is it ok to insist that a friend, whom you think is sick, goes and gets help?

Is it ok to insist that a friend, whom you think is sexually repressed, pushes through their boundaries to explore their sexuality with you?

In both cases, one may say, or think, trust me, you'll thank me afterwards. In both cases, what if afterwards I have nothing to thank you for?

I see a common pattern in you'll thank me afterwards situations. It can be in good faith, it can be creepy, it can be abusive, and most of the time, what it is, is dangerously unclear to most of the people involved.

I think that in a community like Debian, at the level of personal interaction, Insisting is not ok.

I think that in a community like Debian, at the level of personal interaction, "You'll thank me afterwards" is not ok.

When I say it's not ok I mean that it should not happen. If it happens, people must be free to say "stop". If it doesn't stop, people must expect to be able to easily find support, understanding, and help to make it stop.

Just like when people upload untested packages.

Pushing against personal boundaries of people is not ok, and pushing against personal boundaries does happen. When you get involved in a new community, such as Debian, find out early where, if that happens, you can find support, understanding, and help to make it stop.

If you cannot find any, or if the only thing you can find is people who say "it never happens here", consider whether you really want to be in that community.

debian eng life pdo
2016-05-31 12:23:31+02:00

Python gotcha

This code:


class Test:
    def __init__(self, items=[]):
        self.items = items

    def add(self, item):

a = Test()
b = Test()

"obviously" prints:

['foo', 'bar']
['foo', 'bar']

Because the default value of the items argument is a mutable list constructed just once when the code is compiled when the function definition is evaluated, and then reused.

So, in Python, mutable items in default arguments are a good way to get more fun time with debugging.

debian eng pdo