FEED Validator

for Atom and RSS and KML

Congratulations!

This is a valid RSS feed.

Recommendations

This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.

line 773, column 57: title should not contain HTML: é (3 occurrences) [help]

	<title>St&amp;eacute;phane Graber: Announcing Incus 6.16</title>
                                                         ^

line 1239, column 0: description should not contain data-attachment-id attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-comments-opened attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-image-caption attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-image-description attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-image-meta attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-image-title attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-large-file attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-medium-file attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-orig-file attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-orig-size attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1239, column 0: description should not contain data-permalink attribute (6 occurrences) [help]
```
&lt;figure class=&quot;alignright size-large is-resized&quot;&gt;&lt;a href= ...
```
line 1711, column 0: description should not contain data-patreon-widget-type attribute [help]
```
&lt;img alt=&quot;&quot; border=&quot;0&quot; height=&quot;1&quot; src=&quot ...
```

line 1909, column 0: description should not contain data-id attribute [help]

&lt;figure class=&quot;wp-block-image size-large&quot;&gt;&lt;img alt=&quot; ...

line 2157, column 0: description should not contain data-original-height attribute [help]
```
	<description>&lt;table align=&quot;center&quot; cellpadding=&quot;0&quot; c ...
```
line 2157, column 0: description should not contain data-original-width attribute [help]
```
	<description>&lt;table align=&quot;center&quot; cellpadding=&quot;0&quot; c ...
```
line 2729, column 0: description should not contain data-component-name attribute (2 occurrences) [help]
```
	<description>&lt;p&gt;This isn’t a tech-related post, so if you’re only her ...
```
line 3009, column 0: description should not contain data-lang attribute (3 occurrences) [help]
```
&lt;div class=&quot;highlight&quot;&gt;&lt;pre tabindex=&quot;0&quot;&gt;&lt ...
```
line 3101, column 0: Missing atom:link with rel="self" [help]
```
</channel>
```

Source: http://planet.ubuntu.com/rss20.xml

<?xml version="1.0"?>
<rss version="2.0">
<channel>
<title>Planet Ubuntu</title>
<link>http://planet.ubuntu.com/</link>
<language>en</language>
<description>Planet Ubuntu - http://planet.ubuntu.com/</description>
<item>
<title>Ubuntu Blog: What our users make with Ubuntu Pro – Episode 2</title>
<guid isPermaLink="true">https://ubuntu.com//blog/what-our-users-make-with-ubuntu-pro-episode-2</guid>
<link>https://ubuntu.com//blog/what-our-users-make-with-ubuntu-pro-episode-2</link>
<description><h2 class="wp-block-heading">How Vaultara achieved FedRAMP compliance with Ubuntu Pro</h2>
<a href="https://ubuntu.com/pro">Ubuntu Pro</a> helps businesses worldwide to innovate and shape the future. In this edition of What our users make with Pro, we talk to Dave Monk, CTO of Vaultara, a <a href="https://ubuntu.com/security/fedramp">FedRAMP</a> approved data-sharing platform trusted by the US government. Dave shares how Ubuntu Pro became a cornerstone of Vaultara’s security, compliance, and open-source ethos.
Tell us about your project or business.
I’m the CTO of Vaultara. We’ve built a secure data-sharing platform that helps clients and their partners exchange information across separate networks. Our solution is currently used by the US government, and we’ve achieved FedRAMP compliance – which is a major milestone for any technology company.
Are you a part of the Ubuntu or broader open-source community?
I’ve been using Ubuntu for close to 20 years. I started in a Windows environment but quickly gravitated toward Linux because of the openness and flexibility. I wouldn’t call myself a programmer – more of a technologist – but I’ve built much of my career and our business around open source.
We contribute by giving feedback to projects we use, pushing PRs for open-source libraries, and supporting the community ethos. For me, giving back is essential, whether through technical contributions or simply sharing our story of how open source is used in real-world solutions.
What challenges were you facing before engaging with Ubuntu Pro?
Security and compliance were the big ones. When pitching to government clients, we needed FIPS-certified cryptography and timely vulnerability patching to meet strict requirements. Ubuntu Pro provided exactly that – certified components, regular security updates, and the assurances we needed to meet regulatory standards.
Equally important was the support. When we raise an issue, we don’t just get an automated response, we get timely, knowledgeable help. In fact, we often receive a response within 20 to 30 minutes. In our industry, where every delay matters, that kind of responsiveness is a game changer.
That combination of compliance, security, and rapid support gave us the confidence to stick with Ubuntu. Today, all our systems, from desktops in the office to the servers hosting our applications, run on Ubuntu, backed by Pro.
Why did you choose Ubuntu Pro?
I’ve always believed in doing things differently rather than just following the crowd. Ubuntu was the operating system I trusted and was comfortable with. Ubuntu Pro gave me the additional security, compliance, and support I needed to make it viable for highly regulated markets.
It also helped us prove to clients that Ubuntu is every bit as robust and secure as any other option – and in many ways, more streamlined for our needs.
We haven’t had one issue with our customer base turning around and saying, “You’re not dealing with this in a timely manner.” And I think that’s important. We’re reasonably small, we’re very nimble, and as a result, I like working with partners that are just as nimble. That’s a big thing to me because, at the end of the day, it’s how the customer responds to any pros or cons regarding a solution. And if you can respond in a timely manner that exceeds their expectations, you’re always going to win in my opinion.
What’s the most important feature for your business?
Timely security updates. Because we operate under FedRAMP, we’re required to resolve vulnerabilities within strict timeframes. Ubuntu Pro ensures we can patch quickly and reliably, while also giving us direct access to Canonical’s support team when something needs extra attention.
That responsiveness is critical. We’ve even had cases where our feedback on a vulnerability assessment influenced how quickly a patch was released. That kind of partnership keeps our solution secure and compliant.
What business processes does Ubuntu Pro enhance? Does it save you time or resources?
Simply put, we couldn’t operate in our market without it. Ubuntu Pro gives us the Linux security, consistency, and compliance we need to meet customer expectations. It allows us to reassure clients that vulnerabilities are being addressed as soon as they’re identified and that fixes will always be delivered on time.
About 90% of my focus is on ensuring our solution remains secure and stable. Ubuntu Pro makes that possible – and by extension, it helps us maintain the trust of our customers year after year.
Have there been moments when Canonical went above and beyond?
One small but memorable example: I had suggested improvements to the support ticketing system, like better text formatting, to make communication clearer. Not long after, those improvements were rolled out. It might seem minor, but it shows that feedback is taken seriously – and it makes a big difference when you’re providing detailed security reports.
<hr class="wp-block-separator has-alpha-channel-opacity" />
Ubuntu Pro is always free for personal use – whether you’re experimenting, building, or running your own projects.<a href="https://ubuntu.com/pro/subscribe"> </a> Join a global community of Linux enthusiasts and builders who rely on Ubuntu every day. 
<a href="https://ubuntu.com/pro/subscribe">Get Ubuntu Pro</a>
Missed the last installation of What our users make with Ubuntu Pro? <a href="https://ubuntu.com/blog/what-our-users-make-with-ubuntu-pro-episode-1">Read the blog</a> for an insight into how Marc Grondin secured homelabs for him and his family.
Do you have an Ubuntu Pro story you want to share with us? Fill out <a href="https://krzty8pox19.typeform.com/to/f0bimGuL">this form</a> and we will get in touch with you!</description>
<pubDate>Thu, 11 Sep 2025 12:13:51 +0000</pubDate>
</item>
<item>
<title>Podcast Ubuntu Portugal: E362 Malmen, Barbosa & Simões Contra as Torres Do Técnico</title>
<guid isPermaLink="false">https://hub.podcastubuntuportugal.org/s/pEYnEHygscmg3oB/download/e362.mp3</guid>
<link>https://podcastubuntuportugal.org/e362/</link>
<description>Desta feita recebemos a visita do Malmen (em directo de São Miguel), do André Barbosa (Wikimedia) e da Joana Simões (OSgeo) para falarmos um pouco sobre as suas aventuras tecnológicas e do que esperam da Festa do Software Livre no Porto. O Diogo e o Miguel visitaram o interior do país e trouxeram de lá muitas novidades boas; pelo meio discutimos as catástrofes globais da semana trazidas pelo jogo Alentejo Tinto’s Law, dramas da Comunidade e até Tamagochis no Ubuntu Touch.
Já sabem: oiçam, subscrevam e partilhem!
<ul>
<li><a href="https://discourse.ubuntu.com/t/on-discourse-rules-about-politics/66986">https://discourse.ubuntu.com/t/on-discourse-rules-about-politics/66986</a></li>
<li><a href="https://discourse.ubuntu.com/t/an-update-concerning-the-ubuntu-archive-service-disruption/66997">https://discourse.ubuntu.com/t/an-update-concerning-the-ubuntu-archive-service-disruption/66997</a></li>
<li><a href="https://open-store.io/app/gearboy.bhdouglass">https://open-store.io/app/gearboy.bhdouglass</a></li>
<li><a href="https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/">https://blog.mozilla.org/futurereleases/2025/09/05/firefox-32-bit-linux-support-to-end-in-2026/</a></li>
<li><a href="https://www.omgubuntu.co.uk/2025/09/firefox-32-bit-linux-support-ending">https://www.omgubuntu.co.uk/2025/09/firefox-32-bit-linux-support-ending</a></li>
<li><a href="https://open-store.io/app/ovi.alaskalinuxuser">https://open-store.io/app/ovi.alaskalinuxuser</a></li>
<li><a href="https://github.com/MalMen/HellYes/">https://github.com/MalMen/HellYes/</a></li>
<li><a href="https://masto.pt/@MalMen">https://masto.pt/@MalMen</a></li>
<li><a href="https://noc.social/@doublebyte">https://noc.social/@doublebyte</a></li>
<li><a href="https://ciberlandia.pt/@Barbosa">https://ciberlandia.pt/@Barbosa</a></li>
<li><a href="https://github.com/byteroad/pygeoapi_config">https://github.com/byteroad/pygeoapi_config</a></li>
<li><a href="https://wiki.osgeo.org/wiki/OSGeo_Community_Sprint_2025">https://wiki.osgeo.org/wiki/OSGeo_Community_Sprint_2025</a></li>
<li>Festa do Software Livre 2025, Porto, 3 a 5 de Outubro: <a href="https://festa2025.softwarelivre.eu/pt/">https://festa2025.softwarelivre.eu/pt/</a></li>
<li>Ubuntu Summit 2025, Londres, 23-24 de Outubro: <a href="https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london">https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london</a></li>
<li>LoCo PT: <a href="https://loco.ubuntu.com/teams/ubuntu-pt/">https://loco.ubuntu.com/teams/ubuntu-pt/</a></li>
<li>Mastodon: <a href="https://masto.pt/@pup">https://masto.pt/@pup</a></li>
<li>Youtube: <a href="https://youtube.com/PodcastUbuntuPortugal">https://youtube.com/PodcastUbuntuPortugal</a></li>
</ul>
<h3 id="atribuição-e-licenças">Atribuição e licenças</h3>
Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo <a href="https://senhorpodcast.pt/">Senhor Podcast</a>.
O website é produzido por Tiago Carrondo e o <a href="https://gitlab.com/podcastubuntuportugal/website">código aberto</a> está licenciado nos termos da <a href="https://gitlab.com/podcastubuntuportugal/website/main/LICENSE">Licença MIT</a>. (<a href="https://creativecommons.org/licenses/by/4.0/)">https://creativecommons.org/licenses/by/4.0/)</a>. A música do genérico é: “Won’t see it comin’ (Feat Aequality &amp; N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Universal License</a>.
Os separadores de péssima qualidade foram tocados ao vivo e sem rede pelo Miguel (e há ali um cavaquinho desafinado do Barbosa), pelo que pedimos desculpa pelos incómodos causados. OS efeitos sonoros têm os seguintes créditos: Multidão com archotes e forquilhas: rowdy crowd.wav by xtrgamr – <a href="https://freesound.org/s/243798/">https://freesound.org/s/243798/</a> – License: Attribution 4.0; Sad Trombone: wah wah sad trombone.wav by kirbydx – <a href="https://freesound.org/s/175409/">https://freesound.org/s/175409/</a> – License: Creative Commons 0.
Este episódio e a imagem utilizada estão licenciados nos termos da licença: <a href="https://creativecommons.org/licenses/by-nc-nd/4.0/">Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)</a>, <a href="https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode">cujo texto integral pode ser lido aqui</a>. Estamos abertos a licenciar para permitir outros tipos de utilização, <a href="https://podcastubuntuportugal.org/contactos">contactem-nos</a> para validação e autorização.
A arte de episódio foi criada por encomenda pela Shizamura - artista, ilustradora e autora de BD. Podem ficar a conhecer melhor a <a href="https://ciberlandia.pt/@shizamura">Shizamura na Ciberlândia</a> e no <a href="https://sarilho.net/">seu sítio web</a>.</description>
<pubDate>Thu, 11 Sep 2025 00:00:00 +0000</pubDate>
<enclosure url="https://hub.podcastubuntuportugal.org/s/pEYnEHygscmg3oB/download/e362.mp3" length="48274493" type="audio/mpeg"/>
</item>
<item>
<title>Xubuntu: Guide Terbaru Slot Online, Versi Demo Tanpa Deposit, serta Platform Slot Online Gacor Versi Update</title>
<guid isPermaLink="false">https://xubuntu.org/?p=5699</guid>
<link>https://xubuntu.org/news/guide-terbaru-slot-online-versi-demo-tanpa-deposit-serta-platform-slot-online-gacor-versi-update/</link>
<description><h1>Panduan Asik Slot Online 2025</h1>
Saat ini, <a href="https://emirategate.com/">demo slot pragmatic</a> semakin booming di para pecinta hiburan. Ada banyak alasan yang bikin game slot jadi favorit, mulai dari praktis dimainkan, koleksi slot bejibun, hingga hadiah besar yang bikin penasaran. Gak heran kalau slot gacor selalu jadi buruan utama bagi pemain baru maupun pemain pro.
<h2>Mengenal Game Slot</h2>
Permainan slot online adalah bentuk digital dari mesin slot klasik yang dulunya cuma ada di rumah judi. Lewat internet, setiap orang bisa menikmati slot online hanya dengan laptop mereka. Inilah alasan game slot menjadi tren, karena gampang dimengerti, fleksibel, serta bikin nagih.
Daya tarik slot online juga ada di visual kece, soundtrack epik, dan koleksi tema unik. Dari retro vibes sampai slot modern, semua ada. Bahkan banyak developer game bikin slot bertema anime. Jadi, user bisa tentuin game favorit dengan bebas.
<h2>Manfaat Slot Demo</h2>
Mode gratis berguna banget buat pemula yang baru kenal slot. Dengan mode ini, pemain bisa mengetes mekanisme slot tanpa resiko kehilangan saldo. Mereka juga bisa belajar fitur scatter. Bahkan player berpengalaman sering menggunakan demo slot untuk uji RTP sebelum main sungguhan.
Kesimpulannya, slot demo adalah alat belajar yang bikin nyaman, bukan hanya untuk player baru tapi juga user senior. Dengan begitu, saat masuk ke slot online, mereka lebih paham.
<h2>Fenomena Slot Gacor</h2>
Di kalangan penggemar slot, istilah slot hoki jadi bahan obrolan. Banyak yang yakin kalau ada periode spesial di mana slot kasih big win. Walaupun hasilnya RNG, kemenangan besar bikin pemain makin percaya ada slot gacor. Itulah kenapa akses slot gacor selalu heboh pemain.
<h2>Tips Cari Situs Slot Aman</h2>
Platform permainan slot ada banyak banget sekarang, tapi gak semuanya aman. Makanya pemain wajib cermat sebelum main. Beberapa hal penting yang patut diperhatikan antara lain:
<ul>
<li>Proteksi data biar informasi pribadi tetap terjaga.</li>
<li>Support 24 jam yang cepat tanggap buat bantu masalah pemain.</li>
<li>Review positif supaya user lebih percaya diri saat main.</li>
<li>Transaksi lancar agar gak ribet untuk semua pemain.</li>
</ul>
<h2>Tren Toto Slot</h2>
Game toto belakangan makin naik daun. Fitur inovatif dari jenis ini ada di bonus spesial yang seru. Berbeda dengan slot klasik, toto slot sering ngasih free spin, bikin user merasa semakin enjoy tiap kali nyoba.
<h3>Panduan Bermain Slot Santai</h3>
Supaya main makin menyenangkan, ada beberapa trik yang bisa diterapkan:
<ul>
<li>Mulai dari slot demo biar ngerti cara main dulu.</li>
<li>Kontrol budget dengan hati-hati, jangan terlalu napsu.</li>
<li>Jangan lupa, permainan slot itu bergantung hoki, jadi fokus ke hiburan daripada ngejar profit.</li>
</ul>
<h2>Penutup</h2>
Game slot digital makin seru dengan teknologi baru. Dari demo slot untuk latihan, slot mudah jackpot yang banyak dicari, sampai toto slot yang lagi trend, semua tersedia buat pengguna. Yang penting, mainlah santai, pilih situs aman, dan selalu sadari kalau keseruan lebih utama daripada cari profit.</description>
<pubDate>Wed, 10 Sep 2025 17:39:35 +0000</pubDate>
</item>
<item>
<title>Ubuntu Blog: What’s the state of open source adoption in Europe?</title>
<guid isPermaLink="true">https://ubuntu.com//blog/state-of-open-source-adoption-in-europe</guid>
<link>https://ubuntu.com//blog/state-of-open-source-adoption-in-europe</link>
<description><h4 class="wp-block-heading has-text-color has-link-color wp-elements-282567c4640b2fe29363af60bf6c3f6f" style="color: #4f575d;">New research suggests 86% of European organizations believe open source is valuable for the future of their industry – but only 34% have a clear and visible open source strategy </h4>
The Linux Foundation’s latest report, Open source as Europe’s strategic advantage: trends, barriers, and priorities for the European open source community amid regulatory and geopolitical shifts, provides key insights into how European enterprises are using open source software (OSS), as well as the barriers towards further development of open source in the continent. Released in collaboration with Canonical, the report surveyed 316 enterprises and interviewed experts to give a clear picture of the state of open source in Europe.
This blog gives a breakdown of the key findings of the report, answering how European enterprises are using open source, what the biggest opportunities and challenges are, and how organizations can benefit most from OSS adoption.
<a href="https://pages.ubuntu.com/rs/066-EOV-335/images/Final%20report%20-%20WorldofOS_EUSpotlight_2025_081525.pdf?version=0">Read the full report</a>
<h3 class="wp-block-heading">Is open source popular in Europe?</h3>
Incorporating OSS into workflows and infrastructure has become increasingly common in organizations throughout Europe. The report indicates that 64% use OSS for their operating systems, 55% for cloud and container technologies, and 54% for web and application development. 
<figure class="wp-block-image size-full"><img alt="" height="779" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2Fbc0c%2Fc9ebaadc-cc9e-4435-8780-24f5ace4c9ca.png" width="1600" /></figure>
[Figure 1]
The rationale behind the popularity of OSS is clear, as the report suggests: by using OSS, respondents reported that they benefited from higher productivity (63%), higher quality software (75%), reduced vendor lock-in (62%) and lower software ownership costs (58%). In addition, OSS was considered a gateway to greater transparency (49%), innovation (58%), and collaboration across organizational boundaries (48%). Overall, 56% of those surveyed consider that the benefits of OSS exceed – or greatly exceed – the costs.
<figure class="wp-block-image size-full"><img alt="" height="773" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F5f3c%2Fimage.png" width="1600" /></figure>
[Figure 3]
Many organizations have adopted open source to improve their cost-effectiveness. For example, Nova, one of the leading telecommunications providers in Greece, adopted open source with Canonical. Nikolaos Dasyras, Senior Manager of Cloud Infrastructure &amp; Services at Nova, emphasizes how Canonical’s straightforward planning and pricing has benefited Nova’s ability to control costs:
“From a capital expenditure (CAPEX) perspective, Canonical’s roadmap is fully iterable …. This makes it simple for us to estimate the time and cost needed when embarking on new projects. From an operational expenditure (OPEX) perspective, the support from Canonical is directly related to the footprint and number of servers – with no additional cost for management software, as Juju and MAAS are free and open source tools. Without licensing fees, we’re paying for real expertise that enriches our team, rather than paying for access.”
Learn more in <a href="https://canonical.com/case-study/nova-telecommunications">the case study</a>.
<h3 class="wp-block-heading">Why is open source development a priority in Europe?</h3>
<h4 class="wp-block-heading has-text-color has-link-color wp-elements-52c164e458cae19b4b971a2198796404" style="color: #4f575d;">55% consider open source alternatives a priority for European sovereignty</h4>
Beyond its numerous benefits, recent geopolitical turbulence has catalyzed the importance of OSS for business leaders and policymakers alike. Concerns have arisen about trade disputes and political changes causing a sudden and disruptive loss of services and technology, leading to widespread trends such as <a href="https://canonical.com/blog/what-is-geopatriation">geopatriation</a>. Open source offers a way of developing alternatives, reducing dependence on proprietary technologies and a small set of vendors. Awareness of this has led to investment and development of OSS being recognized as a critical element to achieving digital sovereignty.
Canonical has been at the forefront of enabling digital sovereignty through open source software. For instance, we have partnered with UNICC to build a sovereign cloud based on Canonical OpenStack, providing the UN with the data sovereignty they sought. Find out more in the <a href="https://www.unicc.org/news/2023/10/19/unicc-partners-with-canonical-to-build-unicc-cloud/">announcement</a>.
<h2 class="wp-block-heading">What are the most important opportunities developing in open source?</h2>
<h4 class="wp-block-heading has-text-color has-link-color wp-elements-f44397a02c1bbbf7bb0b2a3ab603b96e" style="color: #4f575d;">41% use OSS for AI and Machine Learning</h4>
In the light of DeepSeek’s release in January of 2025, open source AI in Europe – and public support for it – has blossomed. The report highlights this as the trigger for a growing interest in building European-based open source AI models. This trend links back to the growing interest in achieving digital sovereignty: 89% of respondents considered OSS the most important approach to sovereign AI.
<figure class="wp-block-image size-full"><img alt="" height="733" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F8a87%2Fimage.png" width="1600" /></figure>
[Figure 16]
Europe has an abundance of AI/ML talent and projects. <a href="https://mistral.ai/">Mistral AI</a> is one of the leading examples. But there’s also rising public sector interest in AI Factories and similar initiatives, such as the <a href="https://www.bsc.es/ai-factory">Barcelona AI Factory</a> and <a href="https://www.ifabfoundation.org/it4lia-ai-factory/">IT4LIA AI Factory</a>. 
Organizations like the European Space Agency are also making headway into the use of AI. The European Space Operations Centre (ESOC), one of ESA’s premises in Germany, hosts the engineering teams that control spacecraft in orbit, manage the global tracking station network, and design and build the systems on the ground which support their missions in space. By 2030, ESA aims to significantly expand the number of satellites it currently launches. ESA relies on a number of AI-supported software tools during their missions. However, these tools require a platform on which to run.
ESA chose Canonical’s distributions of Kubeflow and Spark on top of Canonical Kubernetes, helping ESA to focus on optimizing their missions, rather than troubleshooting the supporting infrastructure. As Michael Hawkshaw, ESA Mission Operations Infrastructure IT Service Manager at ESOC put it, “we can sleep soundly knowing Canonical is supporting us and we won’t get a call at night telling us that something’s gone wrong.” 
Find out the full story in the <a href="https://canonical.com/case-study/esa">case study</a>, or check out our <a href="https://canonical.com/solutions/ai">webpages</a> for more information about Canonical’s AI and ML solutions.
Whilst AI and ML pose significant opportunities in Europe, developing and adopting these technologies is not without challenges. Complex new legislation and regulations, like the <a href="https://artificialintelligenceact.eu/">AI act</a>, are not broadly understood by organizations. Developing a formal OSS strategy, with robust security controls and a clear compliance roadmap is critical. 
<h2 class="wp-block-heading">What are the key challenges faced by enterprises using OSS?</h2>
<h4 class="wp-block-heading has-text-color has-link-color wp-elements-02ba06a886d284c989ccb11594c27c79" style="color: #72787d;">66% of organizations lack a formal open source strategy </h4>
Despite growing awareness of OSS benefits and adoption of OSS, over 50% of organizations contributed to OSS projects in either limited ways, did not contribute, or weren’t sure if they contributed. Of those who did engage significantly with OSS projects, by employing full-time contributions or maintainers, 81% saw high, or very high, value in their investment. Why, then, is contribution limited?
<figure class="wp-block-image size-full is-resized"><img alt="" height="900" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F6cab%2F1eb53d40-772e-4245-bb56-02b126905423.png" width="1600" /></figure>
[Figure 14]
The report suggests that the barriers preventing OSS contribution include legal and licensing concerns (31%) and fear of leaking IP (24%). These issues are linked to a broad lack of maturity in OSS strategy: 66% of organizations lack a formal open source strategy, and 78% have not implemented an open source program office (OSPO). 
<figure class="wp-block-image size-full is-resized"><img alt="" height="855" src="https://res.cloudinary.com/canonical/image/fetch/f_auto,q_auto,fl_sanitize,c_fill,w_1600/https%3A%2F%2Fubuntu.com%2Fwp-content%2Fuploads%2F9512%2Fimage.png" width="1600" /></figure>
[Figure 7]
OSPOs are internal teams that oversee an organization’s open source engagement. OSPOs help to ensure compliance and avoid legal risks, whilst optimizing the organization’s use of and contributions towards OSS projects. To find out more about OSPOs, as well as how to create and successfully run an OSPO in your own organization, <a href="https://ubuntu.com/engage/open-source-program-office-guide-ospo-guide">read our guide</a>.
The report suggests a concerning lack of understanding of how best to comply with cybersecurity regulations and standards. However, the introduction of new legislation like the EU <a href="https://canonical.com/solutions/open-source-security/cyber-resilience-act">Cyber Resilience Act (CRA)</a> will require organizations to develop roadmaps for compliance, especially if they commercialize products with digital elements. For a comprehensive breakdown of the CRA from our CISO, read our <a href="https://ubuntu.com/blog/a-cisos-comprehensive-breakdown-of-the-cyber-resilience-act">blog</a>, or find a more concise overview on our <a href="https://canonical.com/solutions/open-source-security/cyber-resilience-act">webpage</a>.
<h2 class="wp-block-heading">The state of open source in Europe</h2>
Europe’s open source community is flourishing, with enterprises incorporating open source across the technical stack and becoming increasingly aware of the benefits it provides. In particular, the opportunities to achieve digital sovereignty and establish European open source AI are drawing interest and attention. 
However, receiving the full benefits of open source requires engagement and a structured approach to OSS within the organization. Similarly, understanding regulatory and legislative requirements, and achieving compliance can be challenging; however, working with trusted partners like Canonical, and establishing internal open source program offices can help organizations to overcome these barriers to success. 
<a href="https://pages.ubuntu.com/rs/066-EOV-335/images/Final%20report%20-%20WorldofOS_EUSpotlight_2025_081525.pdf?version=0">Read the full report &gt;</a></description>
<pubDate>Wed, 10 Sep 2025 09:51:10 +0000</pubDate>
</item>
<item>
<title>Xubuntu: Tutorial Komprehensif Slot Casino Online, Versi Demo Tanpa Deposit, dilengkapi dengan Platform Slot Online Paling Dicari Versi Update</title>
<guid isPermaLink="false">https://xubuntu.org/?p=5697</guid>
<link>https://xubuntu.org/news/tutorial-komprehensif-slot-casino-online-versi-demo-tanpa-deposit-dilengkapi-dengan-platform-slot-online-paling-dicari-versi-update/</link>
<description><h1>Kupas Tuntas Game Slot Masa Kini</h1>
Sekarang ini, <a href="https://orthores.org/">slot gacor</a> slot online terus meroket di kalangan penggemar hiburan. Banyak penyebab kenapa permainan slot online bisa trending, mulai dari akses mudah, koleksi game melimpah, sampai bonus yang membuat betah. Salah satu yang paling sering dicari tentu saja slot gacor yang jadi pintu masuk bagi pemain pemula maupun penggemar setia.
<h2>Ngomongin Tentang Game Slot</h2>
Slot online adalah pengembangan online dari mesin slot klasik yang dulu cuma bisa dimainkan di arena judi. Dengan hadirnya internet, semua orang bisa mengakses slot online kapan saja pakai smartphone. Faktor inilah yang menjadikan slot online trending dan disukai banyak orang, karena simple, bisa dimainkan di mana saja, serta ngasik banget.
Keunikan lain dari slot online ada di grafis keren, soundtrack keren, dan desain beragam. Dari yang klasik sampai modern, semua tersedia. Bahkan banyak developer slot yang bikin mitologi. Jadi, user bebas menentukan game favorit kapan saja.
<h2>Alasan Coba Demo Slot</h2>
Slot demo merupakan cara buat newbie yang masih belajar. Lewat versi ini, user bisa mengetes game tanpa takut rugi. Mereka bisa belajar simbol kayak wild. Bahkan player pro juga sering main mode gratis buat uji game baru sebelum taruh uang beneran.
Intinya, slot demo bukan cuma mainan iseng, tapi media latihan buat semua kalangan biar lebih pede saat main slot online.
<h2>Fenomena Slot Gacor</h2>
Di dunia slot online, istilah game gacor banyak dibicarakan. Ada anggapan kalau ada momen spesifik di mana mesin game lebih sering bagi hadiah. Walaupun menggunakan random number generator, perasaan dapet kemenangan besar bikin orang makin percaya. Karena itu, pencarian jalur gampang jackpot selalu heboh di komunitas.
<h2>Tips Pilih Situs Slot</h2>
Banyak situs slot yang tersedia. Tapi gak semua jujur. Pengguna harus teliti sebelum daftar. Beberapa faktor utama yang perlu dicek:
<ul>
<li>Proteksi akun supaya akun tetap aman.</li>
<li>Customer service yang profesional biar masalah bisa segera beres.</li>
<li>Nama baik biar percaya diri waktu main.</li>
<li>Proses deposit withdraw cepat untuk tanpa ribet.</li>
</ul>
<h2>Mengenal Slot Variasi Toto</h2>
Game toto banyak dibicarakan belakangan ini. Daya tarik dari jenis ini ada di fitur bonus yang bikin pengguna semangat coba. Tidak sama dari slot klasik, toto slot sering kasih free spin, sehingga waktu bermain makin nyaman.
<h3>Saran Biar Main Asik</h3>
Biar main makin fun, ada beberapa tips yang bisa dipakai:
<ul>
<li>Coba dulu slot demo buat paham mekanisme.</li>
<li>Atur modal dengan disiplin, jangan emosi. </li>
<li>Jangan lupa, slot online itu random, jadi fokus ke fun ketimbang ngejar untung.</li>
</ul>
<h2>Kesimpulan</h2>
Dunia slot online makin maju dengan teknologi baru. Dari slot demo buat latihan, slot gacor yang selalu diburu, hingga slot alternatif sebagai pilihan baru, semuanya hadir buat user. Yang penting, nikmati dengan bijak, pilih situs terpercaya, dan ingat bahwa fun lebih utama daripada sekadar memburu uang cepat.</description>
<pubDate>Wed, 10 Sep 2025 07:11:50 +0000</pubDate>
</item>
<item>
<title>Andrea Corbellini: Testing crash recovery features in a CI environment</title>
<guid isPermaLink="false">tag:andrea.corbellini.name,2025-09-09:/2025/09/09/testing-crash-recovery-features-in-ci/</guid>
<link>https://andrea.corbellini.name/2025/09/09/testing-crash-recovery-features-in-ci/</link>
<description>About two years ago I wrote a Rust crate to fulfill this promise:
<blockquote>
If a crash occurs while updating a file, the file either contains the old
contents, or the new contents, nothing in between.
</blockquote>
This crate essentially solves the following problem: when you update a file,
generally you open it, truncate it, write to it block-by-block, and eventually
close it. The problem with this process is that if a crash occurs at any point
during this process (the program segfaults, the kernel panics, the machine
loses power, …), your file will be left in an intermediate state where the
old contents are completely lost, and the new contents are only partially
written (if at all). My crate solves this problem by making file updates atomic.
This crate is publicly available as <a href="https://crates.io/crates/atomic-write-file">atomic-write-file</a> and you can read its
description for more details (sorry, I’m very bad at naming things).
The way the crate works is simple:
<ol>
<li>Instead of opening the target file directly, the crate opens a temporary
file.</li>
<li>You write to the temporary file.</li>
<li>Once all changes are in, the temporary file contents are synced to the
storage, and it is atomically renamed so that it replaces the target file.</li>
</ol>
This is not by any chance a new technique that I invented, and it’s a very
common strategy to solve the problem. This technique guarantees that if a crash
occurs at or before step 3, then the file will have the old contents,
unchanged. If a crash occurs after step 3, then the file will have the new
contents.
There’s a small caveat with this technique: if a crash occurs between steps 1
and 3, then the crate will leave behind a temporary file that occupies some
space on the storage device with no purpose.
This is where Linux anonymous temporary files come into play: this
Linux-specific feature allows you to create temporary files that are written on
the filesystem, but are not given a path in the filesystem. If a crash occurs
between step 1 and 3, the temporary file will simply be forgotten into
oblivion.
<h1 id="meet-the-opponent-btrfs">Meet the opponent: btrfs</h1>
Using Linux anonymous temporary files seemed very appealing for
atomic-write-file to avoid leaving leftovers behind, although I knew that
they’re not the perfect solution: there’s limited support (they’re supported
only on Linux, and only on some filesystems), they require the use of Linux
features that may not be available all the time (the <code>/proc</code> filesystem), and
they also have the problem that, sooner or later, they will need to be given a
name if we want to be able to replace the target file, and this leaves a small
time window during which we could leave some cruft behind.
But none of these are huge problems, and in fact atomic-write-file is able to
do a best effort attempt at using anonymous temporary files, and reverting to
regular files if that doesn’t work.
One day I was notified about <a href="https://github.com/andreacorbellini/rust-atomic-write-file/issues/6">an issue on using my crate on the btrfs file
system</a>: after a crash, my crate could break its promise and leave the
file contents empty. I did some investigation on the issue that <a href="https://github.com/andreacorbellini/rust-atomic-write-file/issues/6#issuecomment-2048836275">you can
read about if you’re interested</a>, and then fixed it.
This problem was specific to btrfs, and I argue that it’s actually caused by a
btrfs bug, rather than a bug in the crate itself, but nonetheless this issue
had revealed a critical flaw of my crate: I did not have any tests to check
if my crate was fulfilling its promise or not!
Therefore I decided to create a small test suite for Linux to simulate crashes
and inspect the contents of files after those crashes occurred on a variety of
filesystems, which is what this blog post is about. This test suite now runs on
my laptop and <a href="https://github.com/andreacorbellini/rust-atomic-write-file/actions/workflows/crash-tests.yml">on GitHub Actions</a>, and potentially any
other CI environment.
<h1 id="testing-strategy">Testing strategy</h1>
Here’s the idea I came up with: I can create a virtual machine, with a virtual
storage device attached to it, and a filesystem initialized with a file. The
virtual machine updates the file using atomic-write-file, and then triggers a
kernel panic. After that, the file is inspected for consistency.
So here is how it works in practice: there are 3 main pieces:
1. A test binary that is responsible for updating the test file using
atomic-write-file.
1. An <code>init.sh</code> script that runs inside the virtual machine.
1. The <code>run-tests.sh</code> script that puts everything together and starts up the
virtual machine.
<h2 id="the-test-binary">The test binary</h2>
The test binary that is a <a href="https://github.com/andreacorbellini/rust-atomic-write-file/blob/master/crash-tests/linux/src/main.rs">short Rust program</a> that I can paste here:
<div class="highlight"><pre><code>use atomic_write_file::AtomicWriteFile;
use std::io::Write;
fn main() {
let mut file = AtomicWriteFile::open("/test/file").expect("open failed");
file.write_all(b"hello").expect("write failed");
 file.commit().expect("commit failed");
}
</code></pre></div>
Nothing special to see here: this is the minimal code required to use atomic-write-file.
<h2 id="the-initsh-script">The init.sh script</h2>
<a href="https://github.com/andreacorbellini/rust-atomic-write-file/blob/master/crash-tests/linux/init.sh">The <code>init.sh</code> script</a> is more interesting: this script in fact is meant to run
twice. The first time it runs, <code>init.sh</code> will run the test binary above and
trigger the kernel panic. The second time, it will read the test file contents
and report them back <code>run-tests.sh</code> script for inspection.
Let’s take a closer look at what it does: first, it mounts the <code>/proc</code> and
<code>/sys</code> virtual filesystems. These are needed for some basic system functions,
and also to enable the Linux anonymous temporary file feature.
<div class="highlight"><pre><code>mount -t proc none /proc
mount -t sysfs none /sys
</code></pre></div>
Then it mounts the filesystem containing the test file. Before it can do that,
however, it needs to load the correct kernel module for the filesystem. Nothing
too fancy here: the filesystem type is simply specified on the kernel command
line (read through <code>/proc/cmdline</code>):
<div class="highlight"><pre><code>fstype=$(grep -Eo 'test.fs=\w+' /proc/cmdline | cut -d= -f2)
modprobe "$fstype" || true
mount -t "$fstype" /dev/sdb /test
</code></pre></div>
Then, if this script is run for the first time, it will run the test executable and quit:
<div class="highlight"><pre><code>echo 'Running test binary'
atomic-write-file-test
</code></pre></div>
<code>init.sh</code> (as the name suggests) is run as the init script of the virtual
machine. In Linux, if the init script quits without invoking the proper
shutdown sequence, the kernel will panic. So we don’t actually need to do
anything special to trigger a panic. I could have inserted a <code>echo c &gt;
/proc/sysrq-trigger</code> line to make it more explicit, but then I figured that
having that line wouldn’t be nice for people who want to test the script on
their system.
You might ask: how does <code>init.sh</code> know if it’s the first time it gets called or
the second? Again, nothing fancy here: <code>run-tests.sh</code> gives that hint using a
kernel command line argument:
<div class="highlight"><pre><code>if grep -q test.verify /proc/cmdline; then
 # ...
fi
</code></pre></div>
If <code>test.verify</code> is specified on <code>/proc/cmdline</code>, then it means this is the
second time this script is run. In that case, the file contents are just
printed on the console:
<div class="highlight"><pre><code>if grep -q test.verify /proc/cmdline; then
 echo 'Verifying test file contents'
 echo '-----'
 xxd /test/file
 echo '-----'
 poweroff -f
fi
</code></pre></div>
This uses <code>xxd</code> so in case there are garbled characters on screen, we can
comfortably analyze the output and figure out what happened. At the end, the
system is more gracefully shut down using <code>poweroff</code> to avoid another kernel
panic (this is not really necessary).
<h1 id="the-run-testssh-script">The run-tests.sh script</h1>
And then there’s <a href="https://github.com/andreacorbellini/rust-atomic-write-file/blob/master/crash-tests/linux/run-test.sh">the <code>run-tests.sh</code> script that crates the virtual storage,
launches the virtual machine, and inspects the file contents</a>.
This is where most the complexity is, so let’s go step-by-step (the code below
has been simplified from the original for readability):
The first thing it does is compiling the test binary above. The virtual machine
runs in a very barebone environment, so I used static linking to avoid having
to copy additional libraries like <code>libc</code>:
<div class="highlight"><pre><code>target=$(uname -m)-unknown-linux-gnu
RUSTFLAGS='-C target-feature=+crt-static' cargo build --release --features "$cargo_features" --target "$target"
</code></pre></div>
Then <code>run-tests.sh</code> creates a minimal <a href="https://en.wikipedia.org/wiki/Initial_ramdisk">initramfs</a> for the virtual machine. The
initramfs is a filesystem that gets mounted by Linux early at boot. It’s
generally used by Linux distributions to load the main operating system, but in
my case the initramfs contains everything needed for the test. In particular,
it contains:
<ul>
<li>The test binary.</li>
<li>The <code>init.sh</code> script.</li>
<li><a href="https://en.wikipedia.org/wiki/BusyBox">BusyBox</a>, to get the needed utilities like <code>xxd</code> and <code>poweroff</code>.</li>
<li>The kernel modules to mount filesystems and their dependencies.</li>
</ul>
The first 3 items are easy to set up:
<div class="highlight"><pre><code>cp "init.sh" -T "$initramfs_build_dir/sbin/init"
cp "atomic-write-file-test" -t "$initramfs_build_dir/bin"
cp "$(which busybox)" -t "$initramfs_build_dir/bin"
"$busybox" --install -s "$initramfs_build_dir/bin"
</code></pre></div>
The kernel modules are a bit more complicated. First of all: where can we get
them from? Ideally, I would have liked to download them from some minimal Linux
distribution, but this turned out to be more complicated than expected. In the
end, I decided to just steal them from the host operating system:
<div class="highlight"><pre><code>modules=/usr/lib/modules/$(uname -r)
cp -a "$modules" -t "$initramfs_build_dir/lib/modules"
while read -r mod_path; do
if [[ "$mod_path" = *.ko.gz ]]; then
gunzip "$mod_path" -o "$mod_path.uncompressed"
elif [[ "$mod_path" = *.ko.xz ]]; then
unxz "$mod_path" -o "$mod_path.uncompressed"
elif [[ "$mod_path" = *.ko.zst ]]; then
unzstd "$mod_path" -o "$mod_path.uncompressed"
 else
 continue
 fi
 mv "$mod_path.uncompressed" "$mod_path"
done &lt; &lt;(modprobe --dirname "$initramfs_build_dir" --show-depends "$filesystem_type" | grep ^insmod | cut -d' ' -f2)
</code></pre></div>
What this does is copying all the module files from the host, getting all the
dependencies for the filesystem module using <code>modprobe</code>, and then uncompressing
those modules if they’re compressed (I found this much easier than adding
compression support in the virtual machine). An alternative approach would be
to simply decompress all the modules, but that’s much slower.
Once everything has been copied over and uncompressed, the initramfs is
created:
<div class="highlight"><pre><code>initramfs=rootfs.img
mksquashfs "$initramfs_build_dir" "$initramfs"
</code></pre></div>
Now it’s time to create the virtual storage device with the filesystem, which
is a trivial task:
<div class="highlight"><pre><code>testfs=testfs.img
dd if=/dev/zero of="$testfs" bs=1M count=300
"mkfs.$filesystem_type" "$testfs"
</code></pre></div>
Finally, we can start our VM using <a href="https://en.wikipedia.org/wiki/QEMU">QEMU</a>:
<div class="highlight"><pre><code>qemu=qemu-system-$(uname -m)
kernel=/boot/vmlinuz-$(uname -r)
"$qemu" \
 -kernel "$kernel" \
 -append "root=/dev/sda ro panic=-1 console=ttyS0 quiet test.fs=$filesystem_type" \
 -drive "index=0,media=disk,format=raw,file=$initramfs" \
 -drive "index=1,media=disk,format=raw,file=$testfs" \
 -no-reboot \
 -nographic
</code></pre></div>
Again we’re stealing the kernel from the host operating system, which is also
where the kernel modules come from. The <code>drive</code> with <code>index=0</code> is the initramfs
and will be visible as <code>/dev/sda</code> in the guest; the other drive with <code>index=1</code>
is our test storage and will be visible as <code>/dev/sdb</code>.
<code>root=/dev/sda</code> tells the kernel to boot from our initramfs image. <code>panic=-1</code>
tells the kernel not to reboot in case of a panic (<code>panic=N</code> specifies the
number of seconds to wait before rebooting in case of kernel panic; specifying
a negative value blocks that behavior). <code>console=ttyS0</code> allows us to capture
the output printed by the init script. <code>test.fs=...</code> is the option that
<code>init.sh</code> is going to look for to understand what filesystem type to use.
Once that runs, the virtual machine is expected to do its job and crash with a
kernel panic. We then need to restart it to verify the file contents. The QEMU
command is exactly the same except for the additional <code>test.verify</code> option:
<div class="highlight"><pre><code>output=output.txt
"$qemu" \
 -kernel "$kernel" \
 -append "root=/dev/sda ro panic=-1 console=ttyS0 quiet test.fs=$filesystem_type test.verify" \
 -drive "index=0,media=disk,format=raw,file=$initramfs" \
 -drive "index=1,media=disk,format=raw,file=$testfs" \
 -no-reboot \
 -nographic \
 | tee "$output"
</code></pre></div>
The output from this command is captured in a file that can be analyzed. If you
remember how <code>init.sh</code> is written, you might have noticed that it writes the
test file contents between two markers:
<div class="highlight"><pre><code>echo '-----'
xxd /test/file
echo '-----'
</code></pre></div>
So what we have to do to verify the contents of the file is simply look for
those two <code>-----</code> markers, get the content in between, and parse it through
<code>xxd -r</code>:
<div class="highlight"><pre><code>if [[ $(sed -n '/-----/, /-----/p' "$output" | xxd -r) = hello ]]; then
 echo "Success"
else
 echo "Failure"
 exit 1
fi
</code></pre></div>
And that’s it!
<h1 id="running-in-github-actions">Running in GitHub Actions</h1>
The next step for me was to set up some automation to make sure that my test
script was run whenever I made any change to the crate. Because my project was
already hosted on GitHub, I decided to go with GitHub Actions. I was a bit
worried that I would have had to struggle to make it work because my script
works by stealing the kernel from the host, and I thought that the GitHub
runners could have some protections in place to prevent me from reading the
kernel. To my surprise, there were no such restrictions. In fact, I did not
have to modify a single line of code to make my tests work in GitHub Actions:
check out the <a href="https://github.com/andreacorbellini/rust-atomic-write-file/blob/master/.github/workflows/crash-tests.yml">workflow file</a> if you’re curious.
<h1 id="result">Result</h1>
In the end, the test suite was able to reproduce the issue with btrfs and
anonymous temporary files, as well as show that the fix was working as
intended. This is what it looks like (output in the screenshot was trimmed down
a bit):
<figure>
<img alt="Output showing a failure from the test suite" src="https://andrea.corbellini.name/images/crash-tests-failure.png" />
Output from the <code>run-test.sh</code> script before applying the fix, showing a failure.
</figure>
<figure>
<img alt="Output showing a success from the test suite" src="https://andrea.corbellini.name/images/crash-tests-success.png" />
Output from the <code>run-test.sh</code> script after applying the fix, showing a success.
</figure>
<h1 id="future">Future</h1>
I’m pretty satisfied with the general approach of running in a virtual machine
and simulating a crash, but the implementation has a huge limitation: because
it steals the kernel from the host, it cannot simulate crashes on other
kernels, operating systems, or platforms.
I think in the future I’m going to take a look at <a href="https://github.com/cross-rs/cross">cross-rs</a>, a cross-platform
tool for Rust crates. Cross-rs works kinda in a similar way as my test suite,
in that it uses QEMU emulation to run tests. Maybe I can reuse their QEMU
images and tweak them to run my crash tests. If that is feasible, then I will
be able to extend my test suite to all major platforms and operating systems.</description>
<pubDate>Tue, 09 Sep 2025 00:05:00 +0000</pubDate>
</item>
<item>
<title>The Fridge: Ubuntu Weekly Newsletter Issue 908</title>
<guid isPermaLink="false">https://fridge.ubuntu.com/?p=10610</guid>
<link>https://fridge.ubuntu.com/2025/09/08/ubuntu-weekly-newsletter-issue-908/</link>
<description><img src="https://fridge.ubuntu.com/wp-content/uploads/2020/02/c9d7/header.png" /> Welcome to the Ubuntu Weekly Newsletter, Issue 908 for the week of August 31 – September 6, 2025. The full version of this issue is available <a href="https://discourse.ubuntu.com/t/ubuntu-weekly-newsletter-issue-908/66467">here</a>.
In this issue we cover:
<ul><li>rust-coreutils transition landing in release pocket</li><li>Call for Nominations: Ubuntu Communications Council</li><li>Ubuntu Stats</li><li>Hot in Support</li><li>Rocks Public Journal; 2025-09-05</li><li>Other Meeting Reports</li><li>Upcoming Meetings and Events</li><li>Lasting Memories from DjangoCon Africa and UbuCon Africa 2025</li><li>Ubuntu at DevConf.US – Boston, USA, September 19th-20th</li><li>Event Report from Youngbin Han – UbuCon Asia 2025</li><li>LoCo Events</li><li>The Immutable Linux Paradox</li><li>Sudo-rs is now default for Questing Quokka</li><li>Multipass 1.16.1 bug fix release</li><li>OpenJDK 19 removal from Ubuntu 22.04 LTS (Jammy Jellyfish)</li><li>Ubuntu Project docs: Another day at the office…</li><li>Desktop docs taking a new direction</li><li>Other Community News</li><li>Ubuntu Cloud News</li><li>Canonical News</li><li>In the Blogosphere</li><li>Featured Audio and Video</li><li>Updates and Security for Ubuntu 22.04, 24.04, and 25.04</li><li>And much more!</li></ul>
The Ubuntu Weekly Newsletter is brought to you by:
<ul><li>Krytarik Raido</li><li>Bashing-om</li><li>Chris Guiver</li><li>Wild Man</li><li>Cristovao Cordeiro (cjdc) – Rocks</li><li>And many others</li></ul>
If you have a story idea for the Weekly Newsletter, join the <a href="https://lists.ubuntu.com/mailman/listinfo/Ubuntu-news-team">Ubuntu News Team mailing list</a> and submit it. Ideas can also be added to the <a href="https://discourse.ubuntu.com/t/ubuntu-weekly-newsletter-ideas/40053">wiki</a>!
<div class="wp-block-image"><figure class="alignleft"><img alt="" src="https://fridge.ubuntu.com/wp-content/uploads/2015/05/ab28/CCL.png" /></figure></div>
<a href="https://fridge.ubuntu.com/2025/09/08/ubuntu-weekly-newsletter-issue-908/"></a>.</description>
<pubDate>Mon, 08 Sep 2025 22:45:08 +0000</pubDate>
</item>
<item>
<title>Colin Watson: Free software activity in August 2025</title>
<guid isPermaLink="false">tag:www.chiark.greenend.org.uk,2025-09-03:/~cjwatson/blog/activity-2025-08.html</guid>
<link>https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2025-08.html</link>
<description>About 95% of my Debian contributions this month were
<a href="https://www.freexian.com/about/debian-contributions/">sponsored</a> by Freexian.
You can also support my work directly via
<a href="https://liberapay.com/cjwatson">Liberapay</a> or <a href="https://github.com/sponsors/cjwatson">GitHub
Sponsors</a>.
<h2>Python team</h2>
forky is
<a href="https://lists.debian.org/debian-devel-announce/2025/08/msg00002.html">open</a>!
As a result I’m starting to think about the <a href="https://peps.python.org/pep-0745/">upcoming Python
3.14</a>. At some point we’ll doubtless do
a full test rebuild, but in advance of that I concluded that one of the most
useful things I could do would be to work on our <a href="https://udd.debian.org/dmd/?email1=team%2Bpython%40tracker.debian.org">very long list of packages
with new upstream
versions</a>.
Of course there’s no real chance of this ever becoming empty since upstream
maintainers aren’t going to stop work for that long, but there are a lot of
packages there where we’re quite a long way out of date, and many of those
include fixes that we’ll need for 3.14, either directly or by fixing
interactions with new versions of other packages that in turn will need to
be fixed. We can backport changes when we need to, but more often than not
the most efficient way to do things is just to keep up to date.
So, I upgraded these packages to new upstream versions (deep breath):
<ul>
<li>aioftp</li>
<li>aiosignal (building on <a href="https://salsa.debian.org/python-team/packages/aiosignal/-/merge_requests/1">work by
IanLucca</a>)</li>
<li>audioop-lts</li>
<li>celery</li>
<li>djangorestframework</li>
<li>djoser</li>
<li>fpylll</li>
<li>frozenlist</li>
<li>git-repo-updater</li>
<li>ipykernel</li>
<li>klepto</li>
<li>kombu</li>
<li>multipart</li>
<li>netmiko (sponsoring <a href="https://salsa.debian.org/python-team/packages/netmiko/-/merge_requests/1">work by Eduardo
Silva</a>;
<a href="https://github.com/ktbyers/netmiko/pull/3722">contributed supporting fix
upstream</a>)</li>
<li>pathos</li>
<li>ppft</li>
<li>pydantic</li>
<li>pydantic-core</li>
<li>pydantic-settings</li>
<li>pylsqpack</li>
<li>pymssql</li>
<li>pytest-mock</li>
<li>pytest-pretty</li>
<li>pytest-repeat</li>
<li>pytest-rerunfailures</li>
<li>python-a2wsgi</li>
<li>python-apptools (sponsoring <a href="https://salsa.debian.org/python-team/packages/python-apptools/-/merge_requests/6">work by Kathlyn Lara
Murussi</a>)</li>
<li>python-asgiref</li>
<li>python-asyncssh</li>
<li>python-bitarray</li>
<li>python-bitstring</li>
<li>python-bytecode</li>
<li>python-channels-redis</li>
<li>python-charset-normalizer</li>
<li>python-daphne</li>
<li>python-django-analytical</li>
<li>python-django-guid</li>
<li>python-django-health-check</li>
<li>python-django-pgbulk</li>
<li>python-django-pgtrigger</li>
<li>python-django-postgres-extra</li>
<li>python-django-storages</li>
<li>python-holidays</li>
<li>python-httpx-sse</li>
<li>python-icalendar</li>
<li>python-lazy-model</li>
<li>python-line-profiler</li>
<li>python-lz4</li>
<li>python-marshmallow-dataclass</li>
<li>python-mastodon</li>
<li>python-model-bakery</li>
<li>python-oauthlib</li>
<li>python-parse-type</li>
<li>python-pathvalidate</li>
<li>python-pgspecial</li>
<li>python-processview</li>
<li>python-pytest-subtests</li>
<li>python-roman</li>
<li>python-semantic-release</li>
<li>python-testfixtures</li>
<li>python-time-machine</li>
<li>python-tokenize-rt</li>
<li>python-typeguard</li>
<li>python-typing-extensions</li>
<li>python-urllib3</li>
<li>pyupgrade</li>
<li>requests (fixing <a href="http://bugs.debian.org/1107368">CVE-2024-47081</a>)</li>
<li>responses</li>
<li>zope.deferredimport</li>
<li>zope.schema</li>
<li>zope.testrunner</li>
</ul>
That’s only about 10% of the backlog, but of course others are working on
this too. If we can keep this up for a while then it should help.
I packaged <a href="https://bugs.debian.org/1111640">pytest-run-parallel</a>,
<a href="https://bugs.debian.org/1110995">pytest-unmagic</a> (still in <code>NEW</code>), and
<a href="https://bugs.debian.org/1111569">python-forbiddenfruit</a> (still in <code>NEW</code>),
all needed as new dependencies of various other packages.
setuptools upstream will be <a href="https://setuptools.pypa.io/en/stable/history.html#v80-1-0">removing the <code>setup.py install</code>
command</a> on 31
October. While this may not trickle down immediately into Debian, it does
mean that in the near future nearly all Python packages will have to use
<code>pybuild-plugin-pyproject</code> (note that this does not mean that they
necessarily have to use <code>pyproject.toml</code>; this is just a question of how the
packaging runs the build system). We talked about this a bit at DebConf,
and I said that I’d noticed a number of packages where this isn’t
straightforward and promised to write up some notes. I wrote the
<a href="https://wiki.debian.org/Python/PybuildPluginPyproject">Python/PybuildPluginPyproject</a>
wiki page for this; I expect to add more bits and pieces to it as I find them.
On that note, I converted several packages to <code>pybuild-plugin-pyproject</code>:
<ul>
<li>billiard</li>
<li>lazr.config</li>
<li>python-timeline</li>
<li>zope.sqlalchemy</li>
<li>zope.testing</li>
</ul>
I fixed several build/test failures:
<ul>
<li><a href="https://bugs.debian.org/1111057">aiosmtplib</a></li>
<li><a href="https://bugs.debian.org/1111058">blinker</a></li>
<li><a href="https://bugs.debian.org/1111059">ipykernel</a></li>
<li><a href="https://bugs.debian.org/1111060">ipyparallel</a></li>
<li><a href="https://salsa.debian.org/python-team/packages/quart/-/commit/481c11c4fc33a18b17f8b223dff584342adc84af">quart</a></li>
</ul>
I fixed some other bugs:
<ul>
<li><a href="https://bugs.debian.org/1110821">austin: binutils now has a libsframe-dev package, please add an explicit
build dependency</a></li>
<li><a href="https://salsa.debian.org/python-team/packages/python-django-pgbulk/-/commit/96a17113f634d3c401c21a113579273ec49ccc2b">python-django-pgbulk: Missing dependency on
python3-typing-extensions</a>
(<a href="https://github.com/AmbitionEng/django-pgbulk/pull/54">contributed
upstream</a>)</li>
<li><a href="https://bugs.debian.org/1110139">python-maturin: Upcoming rust-which update</a></li>
</ul>
I reviewed <a href="https://salsa.debian.org/python-team/packages/fail2ban/-/merge_requests/18">Debian defaults: nftables as banaction and systemd as
backend</a>,
but it looked as though nothing actually needed to be changed so we closed
this with no action.
<h2>Rust team</h2>
Upgrading Pydantic was complicated, and required a rust-pyo3 transition
(which Jelmer Vernooĳ started and Peter Michael Green has mostly been
driving, thankfully), packaging rust-malloc-size-of (including an <a href="https://github.com/servo/malloc_size_of/pull/12">upstream
portability fix</a>), and
upgrading several packages to new upstream versions:
<ul>
<li>rust-serde</li>
<li>rust-serde-derive</li>
<li>rust-serde-json</li>
<li>rust-smallvec</li>
<li>rust-speedate</li>
<li>rust-time</li>
<li>rust-time-core</li>
<li>rust-time-macros</li>
</ul>
<h2>bugs.debian.org</h2>
I fixed <a href="https://bugs.debian.org/1078575">bugs.debian.org: misspelled checkbox id
“uselessmesages”</a>, as well as a <a href="https://salsa.debian.org/debbugs-team/debbugs/-/commit/fff0db4e57a2781f5c82827e42f395a3325270f3">bug that
caused incoming emails with certain header contents to go
missing</a>.
<h2>OpenSSH</h2>
I fixed <a href="https://bugs.debian.org/1080350">openssh-server: refuses further connections after having handled
PerSourceMaxStartups connections</a> with a
cherry-pick from upstream.
<h2>Other bits and pieces</h2>
I upgraded libfido2 to a new upstream version.
I fixed <a href="https://bugs.debian.org/1103589">mimalloc: FTBFS on armhf: cc1: error: ‘-mfloat-abi=hard’: selected
architecture lacks an FPU</a>, which was
blocking changes to pendulum in the Python team. I also spent some time
helping to investigate <a href="https://bugs.debian.org/1106879">libmimalloc3: Illegal instruction Running mtxrun
—generate</a>, though that bug is still open.
I fixed <a href="https://salsa.debian.org/debian/gssproxy/-/compare/debian%2F0.9.2-3...debian%2F0.9.2-4?from_project_id=45135">various autopkgtest bugs in
gssproxy</a>,
prompted by
<a href="https://salsa.debian.org/freexian-team/debusine/-/issues/1007">#1007</a> in Debusine.
Since my old team is <a href="https://blog.launchpad.net/general/phasing-out-bazaar-code-hosting">decommissioning Bazaar/Breezy code hosting in
Launchpad</a>
(the end of an era, which I have distinctly mixed feelings about), I
converted <a href="https://git.launchpad.net/storm">Storm</a> to git.</description>
<pubDate>Wed, 03 Sep 2025 10:56:59 +0000</pubDate>
</item>
<item>
<title>The Fridge: Ubuntu Weekly Newsletter Issue 907</title>
<guid isPermaLink="false">https://fridge.ubuntu.com/?p=10607</guid>
<link>https://fridge.ubuntu.com/2025/09/01/ubuntu-weekly-newsletter-issue-907/</link>
<description><figure class="wp-block-image"><img alt="" src="https://fridge.ubuntu.com/wp-content/uploads/2020/02/c9d7/header.png" /></figure>
Welcome to the Ubuntu Weekly Newsletter, Issue 907 for the week of August 24 – 30, 2025. The full version of this issue is available <a href="https://discourse.ubuntu.com/t/ubuntu-weekly-newsletter-issue-907/66322">here</a>.
In this issue we cover:
<ul><li>Questing Snapshot 4 released</li><li>Ubuntu Stats</li><li>Hot in Support</li><li>Other Meeting Reports</li><li>Upcoming Meetings and Events</li><li>Discover the Pre-UbuConLA 2025 Agenda – Now Available</li><li>Welcome to the CODA workshop at UbuCon Asia</li><li>LoCo Events</li><li>Ubuntu Server Gazette – Issue 7 – MySQL memory allocation</li><li>Mir Office Hours – 2025-08-28 15:15UTC</li><li>Ubuntu-pt Newsletter 1</li><li>A Bittersweet Farewell: My Final KDE Snap Release and the End of an Era</li><li>Ubuntu Cloud News</li><li>Canonical News</li><li>In the Blogosphere</li><li>Featured Audio and Video</li><li>Updates and Security for Ubuntu 22.04, 24.04, and 25.04</li><li>And much more!</li></ul>
The Ubuntu Weekly Newsletter is brought to you by:
<ul><li>Krytarik Raido</li><li>Bashing-om</li><li>Chris Guiver</li><li>Wild Man</li><li>And many others</li></ul>
If you have a story idea for the Weekly Newsletter, join the <a href="https://lists.ubuntu.com/mailman/listinfo/Ubuntu-news-team">Ubuntu News Team mailing list</a> and submit it. Ideas can also be added to the <a href="https://discourse.ubuntu.com/t/ubuntu-weekly-newsletter-ideas/40053">wiki</a>!
<div class="wp-block-image"><figure class="alignleft"><img alt="" src="https://fridge.ubuntu.com/wp-content/uploads/2015/05/ab28/CCL.png" /></figure></div>
<a href="https://fridge.ubuntu.com/2025/09/01/ubuntu-weekly-newsletter-issue-907/"></a>.</description>
<pubDate>Mon, 01 Sep 2025 22:31:42 +0000</pubDate>
</item>
<item>
<title>St&eacute;phane Graber: Announcing Incus 6.16</title>
<guid isPermaLink="false">https://stgraber.org/?p=1777</guid>
<link>https://stgraber.org/2025/09/01/announcing-incus-6-16/</link>
<description>The Incus team is pleased to announce the release of Incus 6.16!
This release brings in a new storage driver, the ability to install Windows VMs without having to rely on a repacked ISO and support for temporary storage in containers.
<figure class="wp-block-image size-large"><a href="https://linuxcontainers.org/incus/try-it/"><img alt="" class="wp-image-1778" height="425" src="https://stgraber.org/wp-content/uploads/2025/09/image-1024x425.png" width="1024" /></a></figure>
The highlights for this release are:
<ul class="wp-block-list">
<li>TrueNAS storage driver</li>
<li>USB CD-ROM handling for VMs</li>
<li>tmpfs and tmpfs-overlay disks for containers</li>
<li>Configurable console behavior in the CLI</li>
</ul>
The full announcement and changelog can be <a href="https://discuss.linuxcontainers.org/t/incus-6-16-has-been-released/24614" rel="noreferrer noopener" target="_blank">found here</a>. And for those who prefer videos, here’s the release overview video:
<figure class="wp-block-embed is-type-video is-provider-youtube wp-block-embed-youtube wp-embed-aspect-16-9 wp-has-aspect-ratio"><div class="wp-block-embed__wrapper">
</div></figure>
You can take the latest release of Incus up for a spin through our online demo service at: <a href="https://linuxcontainers.org/incus/try-it/" rel="noreferrer noopener" target="_blank">https://linuxcontainers.org/incus/try-it/</a>
And as always, my company is offering commercial support on Incus, ranging from by-the-hour support contracts to one-off services on things like initial migration from LXD, review of your deployment to squeeze the most out of Incus or even feature sponsorship. You’ll find all details of that here: <a href="https://zabbly.com/incus">https://zabbly.com/incus</a>
Donations towards my work on this and other open source projects is also always appreciated, you can find me on <a href="https://github.com/sponsors/stgraber">Github Sponsors</a>, <a href="https://patreon.com/stgraber">Patreon</a> and <a href="https://ko-fi.com/stgraber">Ko-fi</a>.
Enjoy!
</description>
<pubDate>Mon, 01 Sep 2025 15:19:43 +0000</pubDate>
</item>
<item>
<title>Dougie Richardson: CLI Corner: rsync</title>
<guid isPermaLink="false">https://dougiewougie.com/?p=2981</guid>
<link>https://dougiewougie.com/2025/08/31/cli-corner-rsync/</link>
<description>Synchronise two directories, e.g. Nextcloud and an encrypted USB drive with archive, recursive, partial, and progress flags:
<pre class="wp-block-code"><code class="language-bash" lang="bash">rsync -varP src destination</code></pre>
</description>
<pubDate>Sun, 31 Aug 2025 10:38:37 +0000</pubDate>
</item>
<item>
<title>Salih Emin: Mastering the First Impression: Your intriguing post title goes here</title>
<guid isPermaLink="true">https://stage.synergops.gr/post-3-2/</guid>
<link>https://stage.synergops.gr/post-3-2/</link>
<description><h4 class="wp-block-heading">Engaging Introductions: Capturing Your Audience’s Interest</h4>
The initial impression your blog post makes is crucial, and that’s where your introduction comes into play. Hook your readers with a captivating opening that sparks curiosity or emotion. Address their pain points or questions to establish a connection. Outline the purpose of your post and give a sneak peek into what they can expect. A well-crafted introduction sets the tone for an immersive reading experience.
<h4 class="wp-block-heading">Crafting Informative and Cohesive Body Content</h4>
Within the body of your blog post lies the heart of your message. Break down your content into coherent sections, each with a clear heading that guides readers through the narrative. Dive deep into each subtopic, providing valuable insights, data, and relatable examples. Maintain a logical flow between paragraphs using transitions, ensuring that each point naturally progresses to the next. By structuring your body content effectively, you keep readers engaged and eager to learn more.
<h4 class="wp-block-heading">Powerful Closures: Leaving a Lasting Impression</h4>
Concluding your blog post isn’t just about wrapping things up – it’s your final opportunity to leave a strong impact. Summarize the key takeaways from your post, reinforcing your main points. If relevant, provide actionable solutions or thought-provoking questions to keep readers thinking beyond the post. Encourage engagement by inviting comments, questions, or sharing. A well-crafted conclusion should linger in your readers’ minds, inspiring them to explore further or apply what they’ve learned.
The post <a href="https://stage.synergops.gr/post-3-2/">Mastering the First Impression: Your intriguing post title goes here</a> appeared first on <a href="https://stage.synergops.gr">SynergOps</a>.</description>
<pubDate>Sat, 30 Aug 2025 17:35:48 +0000</pubDate>
</item>
<item>
<title>Salih Emin: The Art of Drawing Readers In: Your attractive post title goes here</title>
<guid isPermaLink="true">https://stage.synergops.gr/post-2-2/</guid>
<link>https://stage.synergops.gr/post-2-2/</link>
<description><h4 class="wp-block-heading">Engaging Introductions: Capturing Your Audience’s Interest</h4>
The initial impression your blog post makes is crucial, and that’s where your introduction comes into play. Hook your readers with a captivating opening that sparks curiosity or emotion. Address their pain points or questions to establish a connection. Outline the purpose of your post and give a sneak peek into what they can expect. A well-crafted introduction sets the tone for an immersive reading experience.
<h4 class="wp-block-heading">Crafting Informative and Cohesive Body Content</h4>
Within the body of your blog post lies the heart of your message. Break down your content into coherent sections, each with a clear heading that guides readers through the narrative. Dive deep into each subtopic, providing valuable insights, data, and relatable examples. Maintain a logical flow between paragraphs using transitions, ensuring that each point naturally progresses to the next. By structuring your body content effectively, you keep readers engaged and eager to learn more.
<h4 class="wp-block-heading">Powerful Closures: Leaving a Lasting Impression</h4>
Concluding your blog post isn’t just about wrapping things up – it’s your final opportunity to leave a strong impact. Summarize the key takeaways from your post, reinforcing your main points. If relevant, provide actionable solutions or thought-provoking questions to keep readers thinking beyond the post. Encourage engagement by inviting comments, questions, or sharing. A well-crafted conclusion should linger in your readers’ minds, inspiring them to explore further or apply what they’ve learned.
The post <a href="https://stage.synergops.gr/post-2-2/">The Art of Drawing Readers In: Your attractive post title goes here</a> appeared first on <a href="https://stage.synergops.gr">SynergOps</a>.</description>
<pubDate>Sat, 30 Aug 2025 17:35:48 +0000</pubDate>
</item>
<item>
<title>Podcast Ubuntu Portugal: E361 Prognósticos FSL</title>
<guid isPermaLink="false">https://hub.podcastubuntuportugal.org/s/Xtjn494g5NRtwF5/download/e361.mp3</guid>
<link>https://podcastubuntuportugal.org/e361/</link>
<description>Desta vez, o plantel está completo, numa antevisão do clássico Derby da Festa do Software Livre! Temos comentadores de peso: André Alves, Tiago Carreira e João Jotta, na mesa com Miguel e Diogo Constantino, que vão partilhar um pouco das suas aventuras tecnológicas, mas sobretudo as suas expectativas para a Festa do Software Livre, que decorrerá no Porto, de 3 a 5 de Outubro.
Já sabem: oiçam, subscrevam e partilhem!
<ul>
<li>Festa do Software Livre 2025, Porto, 3 a 5 de Outubro: <a href="https://festa2025.softwarelivre.eu/pt/">https://festa2025.softwarelivre.eu/pt/</a></li>
<li><a href="https://ansol.org">https://ansol.org</a></li>
<li><a href="https://masto.pt/@andralves">https://masto.pt/@andralves</a></li>
<li><a href="https://masto.pt/@tcarreira@floss.social">https://masto.pt/@tcarreira@floss.social</a></li>
<li><a href="https://mastodon.online/@joaojotta">https://mastodon.online/@joaojotta</a></li>
<li><a href="https://metenamesa.pt">https://metenamesa.pt</a></li>
<li><a href="https://modaafoca.com">https://modaafoca.com</a></li>
<li><a href="https://joaojotta.com">https://joaojotta.com</a></li>
<li><a href="https://www.amazon.es/E1-Desktop-Computer-RJ45-4K-Display/dp/B0DWVZQ3SQ">https://www.amazon.es/E1-Desktop-Computer-RJ45-4K-Display/dp/B0DWVZQ3SQ</a></li>
<li><a href="https://www.gmktec.com/products/intel-twin-lake-n150-dual-system-4-bay-nas-mini-pc-nucbox-g9">https://www.gmktec.com/products/intel-twin-lake-n150-dual-system-4-bay-nas-mini-pc-nucbox-g9</a></li>
<li><a href="https://netbird.io/">https://netbird.io/</a></li>
<li>Ubuntu Summit 2025, Londres, 23-24 de Outubro: <a href="https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london">https://ubuntu.com/blog/ubuntu-summit-25-10-is-coming-to-your-circle-of-friends-from-london</a></li>
<li>LoCo PT: <a href="https://loco.ubuntu.com/teams/ubuntu-pt/">https://loco.ubuntu.com/teams/ubuntu-pt/</a></li>
<li>Mastodon: <a href="https://masto.pt/@pup">https://masto.pt/@pup</a></li>
<li>Youtube: <a href="https://youtube.com/PodcastUbuntuPortugal">https://youtube.com/PodcastUbuntuPortugal</a></li>
</ul>
<h3 id="atribuição-e-licenças">Atribuição e licenças</h3>
Este episódio foi produzido por Diogo Constantino, Miguel e Tiago Carrondo e editado pelo <a href="https://senhorpodcast.pt/">Senhor Podcast</a>.
O website é produzido por Tiago Carrondo e o <a href="https://gitlab.com/podcastubuntuportugal/website">código aberto</a> está licenciado nos termos da <a href="https://gitlab.com/podcastubuntuportugal/website/main/LICENSE">Licença MIT</a>. (<a href="https://creativecommons.org/licenses/by/4.0/)">https://creativecommons.org/licenses/by/4.0/)</a>. A música do genérico é: “Won’t see it comin’ (Feat Aequality &amp; N’sorte d’autruche)”, por Alpha Hydrae e está licenciada nos termos da <a href="https://creativecommons.org/publicdomain/zero/1.0/">CC0 1.0 Universal License</a>.
Os separadores de péssima qualidade foram tocados ao vivo e sem rede pelo Miguel, pelo que pedimos desculpa pelos incómodos causados. OS efeitos sonoros têm os seguintes créditos: Isto é um Alerta Ubuntu: Breaking news intro music by humanoide9000 – <a href="https://freesound.org/s/760770/">https://freesound.org/s/760770/</a> – License: Attribution 4.0. ; Junta-te à Força Aérea! - SunixMuz - Devil Dance (Opening, trailer, epic music, Free CCBY) by SunixMuz – <a href="https://freesound.org/s/767842/">https://freesound.org/s/767842/</a> – License: Attribution 4.0
Este episódio e a imagem utilizada estão licenciados nos termos da licença: <a href="https://creativecommons.org/licenses/by-nc-nd/4.0/">Attribution-NonCommercial-NoDerivatives 4.0 International (CC BY-NC-ND 4.0)</a>, <a href="https://creativecommons.org/licenses/by-nc-nd/4.0/legalcode">cujo texto integral pode ser lido aqui</a>. Estamos abertos a licenciar para permitir outros tipos de utilização, <a href="https://podcastubuntuportugal.org/contactos">contactem-nos</a> para validação e autorização.
A arte de episódio foi criada por encomenda pela Shizamura - artista, ilustradora e autora de BD. Podem ficar a conhecer melhor a <a href="https://ciberlandia.pt/@shizamura">Shizamura na Ciberlândia</a> e no <a href="https://sarilho.net/">seu sítio web</a>.</description>
<pubDate>Thu, 28 Aug 2025 00:00:00 +0000</pubDate>
<enclosure url="https://hub.podcastubuntuportugal.org/s/Xtjn494g5NRtwF5/download/e361.mp3" length="31430947" type="audio/mpeg"/>
</item>
<item>
<title>Scarlett Gately Moore: A Bittersweet Farewell: My Final KDE Snap Release and the End of an Era</title>
<guid isPermaLink="false">https://www.scarlettgatelymoore.dev/?p=2134</guid>
<link>https://www.scarlettgatelymoore.dev/a-bittersweet-farewell-my-final-kde-snap-release-and-the-end-of-an-era/</link>
<description>Today marks both a milestone and a turning point in my journey with open source software. I’m proud to announce the release of KDE Gear 25.08.0 as my final snap package release. You can find all the details about this exciting update at the <a href="https://kde.org/announcements/gear/25.08.0/">official KDE announcement</a>.
After much reflection and with a heavy heart, I’ve made the difficult decision to retire from most of my open source software work, including snap packaging. This wasn’t a choice I made lightly – it comes after months of rejections and silence in an industry I’ve loved and called home for over 20 years.
<h2 class="wp-block-heading">Passing the Torch</h2>
While I’m stepping back, I’m thrilled to share that the future of KDE snaps is in excellent hands. Carlos from the Neon team has been working tirelessly to set up snaps on the new infrastructure that KDE has made available. This means building snaps in KDE CI is now possible – a significant leap forward for the ecosystem. I’ll be helping Carlos get the pipelines properly configured to ensure a smooth transition.
<h2 class="wp-block-heading">Staying Connected (But Differently)</h2>
Though I’m stepping away from most development work, I won’t be disappearing entirely from the communities that have meant so much to me:
<ul class="wp-block-list">
<li>Kubuntu: I’ll remain available as a backup, though Rik is doing an absolutely fabulous job getting the latest and greatest KDE packages uploaded. The distribution is in capable hands.</li>
<li>Ubuntu Community Council: I’m continuing my involvement here because I’ve found myself genuinely enjoying the community side of things. There’s something deeply fulfilling about focusing on the human connections that make these projects possible.</li>
<li>Debian: I’ll likely be submitting for emeritus status, as I haven’t had the time to contribute meaningfully and want to be honest about my current capacity.</li>
</ul>
<h2 class="wp-block-heading">The Reality Behind the Decision</h2>
This transition isn’t just about career fatigue – it’s about financial reality. I’ve spent too many years working for free while struggling to pay my bills. The recent changes in the industry, particularly with AI transforming the web development landscape, have made things even more challenging. Getting traffic to websites now requires extensive social media work and marketing – all expected to be done without compensation.
My stint at webwork was good while it lasted, but the changing landscape has made it unsustainable. I’ve reached a point where I can’t continue doing free work when my family and I are struggling financially. It shouldn’t take breaking a limb to receive the donations needed to survive.
<h2 class="wp-block-heading">A Career That Meant Everything</h2>
These 20+ years in open source have been the defining chapter of my professional life. I’ve watched communities grow, technologies evolve, and witnessed firsthand the incredible things that happen when passionate people work together. The relationships I’ve built, the problems we’ve solved together, and the software we’ve created have been deeply meaningful.
But I also have to be honest about where I stand today: I cannot compete in the current job market. The industry has changed, and despite my experience and passion, the opportunities just aren’t there for someone in my situation.
<h2 class="wp-block-heading">Looking Forward</h2>
Making a career change after two decades is terrifying, but it’s also necessary. I need to find a path that can provide financial stability for my family while still allowing me to contribute meaningfully to the world.
If you’ve benefited from my work over the years and are in a position to help during this transition, I would be forever grateful for any support. Every contribution, no matter the size, helps ease this difficult period: <a href="https://gofund.me/a9c55d8f">https://gofund.me/a9c55d8f</a>
<h2 class="wp-block-heading">Thank You</h2>
To everyone who has collaborated with me, tested my packages, filed bug reports, offered encouragement, or simply used the software I’ve helped maintain – thank you. You’ve made these 20+ years worthwhile, and you’ve been part of something bigger than any individual contribution.
The open source world will continue to thrive because it’s built on the collective passion of thousands of people like Carlos, Rik, and countless others who are carrying the torch forward. While my active development days are ending, the impact of this community will continue long into the future.
With sincere gratitude and fond farewells,
Scarlett Moore</description>
<pubDate>Mon, 25 Aug 2025 15:42:29 +0000</pubDate>
</item>
<item>
<title>Launchpad News: Deprecating CVS and Subversion imports</title>
<guid isPermaLink="false">https://blog.launchpad.net/?p=4471</guid>
<link>https://blog.launchpad.net/general/deprecating-cvs-and-subversion-imports</link>
<description><h3>What are code imports?</h3>
Launchpad’s <a href="https://code.launchpad.net/+code-imports">code import</a> service allows users to automatically mirror code from external version control systems into Launchpad. Historically, this has supported imports from CVS, Subversion, Bazaar and Git.
As part of this, Launchpad currently also supports imports into Bazaar branches from:
<ul><li>Concurrent Version System to Bazaar</li><li>Subversion via cvs2svn to Bazaar</li><li>Subversion via bzr-svn to Bazaar</li></ul>
These imports will be deprecated.
<h3>Why deprecate these imports?</h3>
As announced in<a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189"> Phasing out Bazaar code hosting</a>, Bazaar itself has been deprecated and is no longer actively developed. The last release was in 2016, and usage has steadily declined.
Maintaining imports from these less common version controls to Bazaar requires significant efforts.
To streamline our services and focus resources where they matter most, Launchpad will be retiring the previously mentioned Bazaar-based imports.
<h3>Timelines</h3>
<ul><li>September 18th, 2025: No new import configurations for the previously mentioned Bazaar-based imports will be accepted. </li><li>October 1st, 2025: All existing CVS to Bazaar and SVN to Bazaar imports (both cvs2svn and bzr-svn) will be shut down. Import jobs will no longer run after this date. </li></ul>
<h3>Migration paths</h3>
If you are currently using these imports, we recommend:
<ul><li>Migrating the source repository to Git.</li><li>Reconfiguring your Launchpad project to use a Git-based import instead.</li></ul>
Guides and references:
<ul><li><a href="https://discourse.ubuntu.com/t/migrate-a-repository-from-bazaar-to-git/...">Migrate a Repository From Bazaar to Git</a></li><li>General CVS/SVN to Git migration tools (such as git cvsimport, svn2git, or git svn) are widely documented.</li></ul>
<h3>Call for action</h3>
If you have a project still depending on CVS to Bazaar or SVN to Bazaar imports, and you are unsure how to migrate, please reach out to us.
You can contact us in #launchpad:ubuntu.com on Matrix, or via e-mail at feedback@launchpad.net.
Join the discussion at:<a href="https://discourse.ubuntu.com/t/deprecating-cvs-and-subversion-imports/66876" rel="noreferrer noopener" target="_blank"> https://discourse.ubuntu.com/t/deprecating-cvs-and-subversion-imports/66876</a>
</description>
<pubDate>Mon, 25 Aug 2025 07:14:50 +0000</pubDate>
</item>
<item>
<title>Andrea Corbellini: It will take decades to undo the damage done by "AI"</title>
<guid isPermaLink="false">tag:andrea.corbellini.name,2025-08-20:/2025/08/20/it-will-take-decades-to-undo-the-damage-done-by-ai/</guid>
<link>https://andrea.corbellini.name/2025/08/20/it-will-take-decades-to-undo-the-damage-done-by-ai/</link>
<description>Many business owners in the software development industry are investing a lot
into LLM bots, marketed as “generative AI”. Some of them go as far as forcing
software developers to use such tools under the threat of being fired if they
don’t comply. After all, why shouldn’t they? This technology has a catchy name,
it produces very convincing output that sometimes is correct (or close to being
correct), and companies producing these tools are very good at downplaying
their limitations and at promising that the “next version” will be
astonishingly better than the one before.
My day-to-day experience, and scientific research, however show a quite big
problem: while senior developers get little or no gain from “generative AI”
(<a href="https://www.reuters.com/business/ai-slows-down-some-experienced-software-developers-study-finds-2025-07-10/">1</a>,
<a href="https://fortune.com/2025/07/20/ai-hampers-productivity-software-developers-productivity-study/">2</a>,
<a href="https://blueheadline.com/software-dev/ai-helps-new-developers-but-seniors/">3</a>,
<a href="https://blog.stackademic.com/ai-coding-tools-slow-senior-devs-by-19-why-experts-are-still-using-them-98d855b81c4e">4</a>),
junior developers get massive boosts in productivity. Why am I describing a
boost in productivity as a problem? Well, it’s simple: the new generations of
software developers (the ones that are just entering the job market, and the
ones that are still in school) are relying heavily on these LLM tools for
nearly all work-related tasks. And, again, why shouldn’t they? The entire
world is telling them to do so! And as a result of that, they are advancing
without gaining any actual skill.
Me and other (ex-)coworkers have seen it first hand: a junior developer
completes a task using an LLM bot. More senior developers find major problems
with the result. Junior developers go back to the LLM tool asking for a fix,
wasting hours or days without a positive outcome. Junior developers are
becoming unable to perform tasks independently.
In addition to that, there’s a problem that I feel like is not talked about
extensively: these LLM tools can only regurgitate what they’ve been trained
with. They’re good at finding patterns and re-applying strategies that have
been used in prior work, but by their nature they cannot create or
innovate. So, if this trend continues, the new generations of software
developers are not just going to be skill-less, they’re also going to be
incapable of solving new problems that haven’t been seen before.
My prediction? Within 10 or 20 years, the older generation of software
developers will be asked to come out of retirement to fix the unmaintainable
mess created by the newer generations, and to make advancements in the
information technology sector. A bit like old COBOL developers are asked to
come out of retirement to maintain banking systems, but on a much larger scale.
This, unless there will be advancements towards true Artificial Intelligence,
or unless the current trend in education is broken.
Now don’t get me wrong: I’m not opposed to LLM bots (although I’m against
calling them “AI”, because they’re very far from fulfilling the AI promise),
and I think they can be very powerful tools. What I’m worried about is that new
generations are being told to rely on them almost exclusively, and this can
only lead to an evident skill gap. In fact, I think that if there’s a country
that in the future will be able to harness the power of the LLM bots and at
the same time maintain a good enough level of education, thus addressing the
skill gap problem, they will be the dominant economic power of the future,
because they will be able to automate tasks that are time/energy-consuming for
humans, while at the same time use the human brain to innovate and advance.</description>
<pubDate>Wed, 20 Aug 2025 17:17:00 +0000</pubDate>
</item>
<item>
<title>Erich Eickmeyer: Raspberry Pi as a Networked Audio Interface</title>
<guid isPermaLink="false">http://ericheickmeyer.com/?p=5998</guid>
<link>https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/</link>
<description>I haven’t posted for quite some time, and a lot has happened. For instance, my wife revived Edubuntu and my work with Ubuntu Studio now spans over 7 years.
Recently, I became the proud owner of a Behringer X-Air XR18. This became the key to opening a new business, which I’ll announce at a later date. I’m working on acquiring more equipment to make this work.
As many people know, the XR18 is a stagebox-style mixer in which the mixer is physically on the stage with no controls but controlled with an iPad or Android tablet. However, as the owner of a Behringer X-Touch, which integrates seamlessly with an X-Air mixer via either MIDI or Network connections. In my situation, this gives the ability to have a physical front-of-house setup, with a computer showing the X-Air Edit application.
However, what if I want to multi-track record or add custom effects via Ubuntu Studio? This is where it would get complicated as I would then have to run a prohibitively-long USB cable from my computer to the XR18 on the stage. This would not be ideal.
As many people know, MIDI can be routed via network, which is the way the X-Touch, XR18, and X-Air app work together. A simple WiFi router and ethernet cable wouild be a great solution to this problem, but that also leaves an Ethernet cable prone to being tripped-over by audience members (unless one were to gaff it down). So, since we’ve already got WiFi, let’s take advantage of that.
To expose the audio ports to the WiFi, we’re going to have to bridge it. But… how? Most people would tell me just to use <a href="https://www.audinate.com/">Dante</a> but, unfortunately, Audinate refuses to support Linux, and AES67 support in PipeWire is very young. However, it turns out, <a href="https://www.jacktrip.com/">JackTrip</a> is in the Ubuntu repositories and, as its name would imply, integrates seamlessly with <a href="https://jackaudio.org/">JACK </a>and, therefore, <a href="https://pipewire.org">PipeWire</a>.
Setting this up is rather simple, and I’m documenting the process here.
<h2 class="wp-block-heading">Prerequisites</h2>
<ul class="wp-block-list">
<li>A Raspberry Pi 4 or higher (I have a late 2023 Raspberry Pi 5)</li>
<li>A micro SD card (16GB or larger)</li>
<li><a href="https://cdimage.ubuntu.com/releases/noble/release/">Ubuntu Server for Raspberry Pi</a> (I used 24.04, linked here).</li>
<li>Optional: <a href="https://ubuntu.com/pro">Ubuntu Pro</a> (for the RealTime Ubuntu Raspberry Pi Kernel)</li>
</ul>
<h2 class="wp-block-heading">Here we go…</h2>
<div class="wp-block-image">
<figure class="alignright size-large is-resized"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/image.png"><img alt="" class="wp-image-6004" data-attachment-id="6004" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="image" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image.png?w=662" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image.png?w=300" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image.png" data-orig-size="832,616" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/image/" height="616" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/image.png?w=832" style="width: 417px; height: auto;" width="832" /></a></figure></div>
The first thing I did was install the downloaded preinstalled server image to a micro SD card. This is accomplished using Raspberry Pi Imager. I used the Snap version maintained by Dave Jones of Canonical, part of Canonical’s Raspberry Pi team. If you’ve never met Dave, he does all of his computing via Raspberry Pi, and it’s a sight to behold! To get that, it’s as easy as <code>sudo snap install rpi-imager</code>.
I made sure to set the server to automatically detect my WiFi, but if you plan to use a hard Ethernet connection, this isn’t necessary. Just be sure you can SSH into the machine as this is key (pre-set a user and set the machine name).
Once the SD card is imaged, I SSH’d into the machine (<code>ssh erich@{computer-name}.local</code>). The first thing I did was install <code>jackd2</code> and <code>jacktrip</code>:
<code>sudo apt install --no-install-recommends jackd2 jacktrip</code>
One must use the <code>--no-install-recommends</code> option to avoid installing unecessary graphical tools as <code>jackd2</code> will want to install <code>qjackctl</code> which is the GUI application to control JACK. We don’t need it here. JackTrip has an option to automatically connect to all inputs and outputs, so we’ll use that here.
To automatically start JACK upon boot, I modified <a href="https://raw.githubusercontent.com/jackaudio/jack2/refs/heads/develop/systemd/jack%40.service.in">this systemd unit file </a>to be custom for my setup. You’ll notice I made the buffer 256 (<code>-p 256</code>) with 3 periods per buffer (<code>-n 3</code>) as gives the highest reliablility on a USB connection. Additionally, the highest frequency an XR18 runs at is 48000 Hz, so I made sure to set the frequency there (<code>-r 48000</code>). Also, we want the process to run in realtime and directly to ALSA (<code>--realtime -dalsa</code>):
<pre class="wp-block-code"><code>[Unit]
Description=JACK server using %i user profile
Documentation=man:jackd(1)
After=sound.target local-fs.target
[Service]
User=%i
Group=%i
#Type=notify
EnvironmentFile=-/etc/jack/alsa.conf
#EnvironmentFile=-%h/.config/jack/%i.conf
ExecStart=/usr/bin/jackd --realtime -dalsa -p 256 -n 3 -r 48000
# -d $DEVICE $DRIVER_SETTINGS
LimitRTPRIO=95
LimitRTTIME=infinity
LimitMEMLOCK=infinity
# Caution: use on memory-limited devices only
# OOMScoreAdjust=-1000
[Install]
WantedBy=multi-user.target
</code></pre>
I installed this to <code>/usr/lib/systemd/system/jackd@.service</code>.
Next, I created a systemd unit file to start JackTrip. I needed this to be a server (<code>-s</code>), with 18 inputs and outputs (for an XR18, <code>-n 18</code>) and automatically connect upon start (<code>-q auto</code>):
<pre class="wp-block-code"><code>[Unit]
Description=JackTrip Audio Network Service
After=network.target sound.target jackd@%i.service
Wants=network-online.target
[Service]
# Run as a specific user who has JACK permissions
User=%i
Group=%i
ExecStart=jacktrip -s -n 18 -q auto --udprt
Restart=always
RestartSec=5
# Optional: environment for JACK if needed
#Environment=JACK_NO_AUDIO_RESERVATION=1
# Give JACK/JackTrip real-time priority
LimitRTPRIO=infinity
LimitMEMLOCK=infinity
[Install]
WantedBy=multi-user.target</code></pre>
I installed this to <code>/usr/lib/systemd/system/jacktrip@.service</code>.
Next, to make sure this runs as my user, I did the following:
<pre class="wp-block-code"><code>sudo systemctl enable jackd@erich.service
sudo systemctl enable jacktrip@erich.service</code></pre>
Optionally, since this will be used as a headless appliance, one can use Ubuntu Pro to get the RealTime Kernel. This is accomplished by the following with an <a href="https://login.ubuntu.com/">Ubuntu One account</a>:
<pre class="wp-block-code"><code>pro attach
pro enable realtime-kernel</code></pre>
To make sure everything worked, check <code>pro status</code>.
You can have up to 5 machines running Ubuntu Pro for free. In my case, as an Ubuntu Member, I can have up to 50 machines for free, and this is only my third one!
Once this is done, reboot. On your other machine, install <code>jacktrip-gui</code>. (This will be in Ubuntu Studio 25.10 and higher by default!): <code>sudo apt install jacktrip-gui</code>.
Opening it, it will ask you if you want to sign in with a Virtual Studio account. This is because JackTrip allows you to collaborate across the entire internet with fellow musicians with very low latency! It’s pretty cool! However, we don’t need that for this purpose. Instead, we’re going to say “No” and simply connect to the server as a P2P client:
<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-1.png"><img alt="" class="wp-image-6012" data-attachment-id="6012" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="image" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-1.png?w=662" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-1.png?w=300" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-1.png" data-orig-size="856,795" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/image-2/" height="795" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-1.png?w=856" style="width: 678px; height: auto;" width="856" /></a></figure></div>
Enter the computer name with <code>.local</code> afterwards, and it should find it as long as your desktop or laptop is connected to the same network as the Raspberry Pi.
After you click “Connect”, you should see this:
<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-3.png"><img alt="" class="wp-image-6017" data-attachment-id="6017" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="image" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-3.png?w=662" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-3.png?w=224" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-3.png" data-orig-size="856,1148" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/image-4/" height="1024" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-3.png?w=764" style="width: 630px; height: auto;" width="764" /></a></figure></div>
As you can see, this has audio coming in from a microphone already.
Back in X-Air Edit, already connected to the mixer, I changed my routing so channels 1 and 2 were being sent to the aux, so I can then use my computer’s audio there for music from e.g. Spotify:
<figure class="wp-block-image size-large"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-4.png"><img alt="" class="wp-image-6019" data-attachment-id="6019" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="image" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-4.png?w=662" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-4.png?w=300" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-4.png" data-orig-size="1189,754" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/image-5/" height="649" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-4.png?w=1024" width="1024" /></a></figure>
Next I started a Dummy Audio Device from <a href="https://ubuntustudio.org/audio-configuration/">Ubuntu Studio Audio Configuration</a> and made it the main output for the computer. I then connected the monitor of the dummy output to channels 1 and 2 of JackTrip using Patchance:
<div class="wp-block-image">
<figure class="aligncenter size-large"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-5.png"><img alt="" class="wp-image-6021" data-attachment-id="6021" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="image" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-5.png?w=457" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-5.png?w=300" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-5.png" data-orig-size="457,326" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/image-6/" height="326" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/image-5.png?w=457" width="457" /></a></figure></div>
…and VIOLA! Even testing my microphone, there was so little latency it was imperceivable.
I’m envisioning a setup like this:
<figure class="wp-block-image size-large"><a href="https://ericheickmeyer.com/wp-content/uploads/2025/08/stage.png"><img alt="" class="wp-image-6068" data-attachment-id="6068" data-comments-opened="1" data-image-caption="" data-image-description="" data-image-meta="{&quot;aperture&quot;:&quot;0&quot;,&quot;credit&quot;:&quot;&quot;,&quot;camera&quot;:&quot;&quot;,&quot;caption&quot;:&quot;&quot;,&quot;created_timestamp&quot;:&quot;0&quot;,&quot;copyright&quot;:&quot;&quot;,&quot;focal_length&quot;:&quot;0&quot;,&quot;iso&quot;:&quot;0&quot;,&quot;shutter_speed&quot;:&quot;0&quot;,&quot;title&quot;:&quot;&quot;,&quot;orientation&quot;:&quot;0&quot;}" data-image-title="stage" data-large-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/stage.png?w=662" data-medium-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/stage.png?w=300" data-orig-file="https://ericheickmeyer.com/wp-content/uploads/2025/08/stage.png" data-orig-size="740,294" data-permalink="https://ericheickmeyer.com/2025/08/19/raspberry-pi-as-a-networked-audio-interface/stage/" height="294" src="https://ericheickmeyer.com/wp-content/uploads/2025/08/stage.png?w=740" width="740" /></a></figure>
I’m excited to test this further! Overall, I feel like I’ve found a way to do a Dante-less audio-over-ethernet setup that cost me nothing!</description>
<pubDate>Tue, 19 Aug 2025 19:48:23 +0000</pubDate>
</item>
<item>
<title>St&eacute;phane Graber: LXC/LXCFS/Incus 6.0.5 LTS release</title>
<guid isPermaLink="false">https://stgraber.org/?p=1768</guid>
<link>https://stgraber.org/2025/08/15/lxc-lxcfs-incus-6-0-5-lts-release/</link>
<description><h1 class="wp-block-heading">Introduction</h1>
<figure class="wp-block-image size-large"><img alt="" src="https://linuxcontainers.org/static/img/containers.png" /></figure>
The <a href="https://linuxcontainers.org/incus/">Linux Containers project</a> maintains Long Term Support (LTS) releases for its core projects. Those come with 5 years of support from upstream with the first two years including bugfixes, minor improvements and security fixes and the remaining 3 years getting only security fixes.
This is now the fifth round of bugfix releases for LXC, LXCFS and Incus 6.0 LTS.
<h1 class="wp-block-heading">LXC</h1>
<a href="https://linuxcontainers.org/lxc/">LXC</a> is the oldest Linux Containers project and the basis for almost every other one of our projects. This low-level container runtime and library was first released in August 2008, led to the creation of projects like Docker and today is still actively used directly or indirectly on millions of systems.
Announcement: <a href="https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438">https://discuss.linuxcontainers.org/t/lxc-6-0-5-lts-has-been-released/24438</a>
Highlights of this point release:
<ul class="wp-block-list">
<li>Fixes a regression introduced in LXC 6.0.4 which was causing some hooks to fail due to no-new-priv handling</li>
<li>Removed support for building with the bionic C library (Android) as it hadn’t been functional for a long time</li>
<li>Fixed handling of the container_ttys environment variable</li>
<li>Added support for both <code>move</code> and <code>nosymfollow</code> mount options</li>
<li>Improved testsuite coverage</li>
</ul>
<h1 class="wp-block-heading">LXCFS</h1>
<a href="https://linuxcontainers.org/lxcfs/">LXCFS</a> is a FUSE filesystem used to workaround some shortcomings of the Linux kernel when it comes to reporting available system resources to processes running in containers. The project started in late 2014 and is still actively used by Incus today as well as by some Docker and Kubernetes users.
Announcement: <a href="https://discuss.linuxcontainers.org/t/lxcfs-6-0-5-lts-has-been-released/24437">https://discuss.linuxcontainers.org/t/lxcfs-6-0-5-lts-has-been-released/24437</a>
There are no significant changes in this release, only a couple of minor changes to our CI scripts. We are still pushing a LXCFS update out to keep versions in sync between LXC, LXCFS and Incus, but this release is effectively identical to 6.0.4.
<h1 class="wp-block-heading">Incus</h1>
<a href="https://linuxcontainers.org/incus/">Incus</a> is our most actively developed project. This virtualization platform is just over a year old but has already seen over 3500 commits by over 120 individual contributors. Its first LTS release made it usable in production environments and significantly boosted its user base.
Announcement: <a href="https://discuss.linuxcontainers.org/t/incus-6-0-5-lts-has-been-released/24445">https://discuss.linuxcontainers.org/t/incus-6-0-5-lts-has-been-released/24445</a>
Highlights of this point release:
<ul class="wp-block-list">
<li>Support for memory hotplug in VMs</li>
<li>Reworked logging subsystem</li>
<li>SNAT support on complex network forwards</li>
<li>CLI support for server-side filtering on all collections</li>
<li>Windows agent support for VMs</li>
<li>Improvements support to incus-migrate (extra disks, OVA, …)</li>
<li>SFTP API support on custom storage volumes</li>
<li>Support for publishing instances as split images</li>
<li>S3 upload of instances and volume backups</li>
<li>More flexible snapshot configuration</li>
</ul>
<h1 class="wp-block-heading">What’s next?</h1>
We’re expecting another LTS bugfix release for the 6.0 branches by the end of 2025. In the mean time, Incus will keep going with its usual monthly feature release cadence.
<h1 class="wp-block-heading">Thanks</h1>
This LTS release update was made possible thanks to funding provided by the Sovereign Tech Fund (now part of the Sovereign Tech Agency).
<figure class="wp-block-image size-large"><a href="https://www.sovereign.tech"><img alt="" class="wp-image-1648" height="326" src="https://stgraber.org/wp-content/uploads/2024/12/ST-Fund-Logo-Default-Black-RGB-1024x326.png" width="1024" /></a></figure>
<blockquote class="wp-block-quote is-layout-flow wp-block-quote-is-layout-flow">
The Sovereign Tech Fund supports the development, improvement, and maintenance of open digital infrastructure. Its goal is to sustainably strengthen the open source ecosystem, focusing on security, resilience, technological diversity, and the people behind the code.
</blockquote>
Find out more at: <a href="https://www.sovereign.tech">https://www.sovereign.tech</a></description>
<pubDate>Fri, 15 Aug 2025 19:26:32 +0000</pubDate>
</item>
<item>
<title>Jonathan Carter: Debian 13</title>
<guid isPermaLink="false">https://jonathancarter.org/?p=11948</guid>
<link>https://jonathancarter.org/2025/08/10/debian-13/</link>
<description>Debian 13 has finally <a href="https://bits.debian.org/2025/08/trixie-released.html">been released</a>!
One of the biggest and under-hyped features is support for HTTP Boot. This allows you to simply specify a URL (to any d-i or live image iso) in your computer’s firmware setup and then you can boot to it directly over the Internet, so no need to download an image, write it to flash disk and then boot from the flash disk on computers made in the last ~5 years. This is also supported on the Tianocore free EFI firmware, which is useful if you’d like to try it out on QEMU/KVM.
More details about Debian 13 available on the <a href="https://www.debian.org/News/2025/20250809">official press release</a>.
The default theme for Debian 13 is <a href="https://wiki.debian.org/DebianArt/Themes/Ceratopsian">Ceratopsian</a>, designed by Elise Couper. I’ll be honest, I wasn’t 100% sure it was the best choice when it won the artwork vote, but it really grew on me over the last few months, and it looked great in combination with all kinds of other things during DebConf too, so it has certainly won me over.
<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img alt="" class="wp-image-11957" height="500" src="https://jonathancarter.org/files/images/wllpaper.jpeg" style="width: 798px; height: auto;" width="800" /></figure></div>
And I particularly like the Plymouth theme. It’s very minimal, and it reminds me of the Toy Story Trixie character, it’s almost like it helps explain the theme:
<div class="wp-block-image">
<figure class="aligncenter size-large is-resized"><img alt="" class="wp-image-11961" height="644" src="https://jonathancarter.org/files/images/certop-1024x644.jpeg" style="width: 1024px; height: auto;" width="1024" /></figure></div>
Plymouth (start-up/shutdown) theme.
<div class="wp-block-image">
<figure class="aligncenter size-full"><img alt="" class="wp-image-11963" height="631" src="https://jonathancarter.org/files/images/trixie.jpeg" width="600" /></figure></div>
<a href="https://disney.fandom.com/wiki/Trixie">Trixie, the character from Toy Story</a> that was chosen as the codename for Debian 13.
<h2 class="wp-block-heading">Debian Local Team ISO testing</h2>
Yesterday we got some locals together for ISO testing and we got a cake with the wallpaper printed on it, along with our local team logo which has been a work in progress for the last 3 years, so hopefully we’ll finalise it this year! (it will be ready when it’s ready). It came out a lot bluer than the original wallpaper, but still tasted great.
<div class="wp-block-image">
<figure class="aligncenter size-large"><img alt="" class="wp-image-11949" height="771" src="https://jonathancarter.org/files/images/cake-13-1024x771.jpg" width="1024" /></figure></div>
For many releases, I’ve been the only person from South Africa doing ISO smoke-testing, and this time was quite different, since everyone else in the photo below tested an image except for me. I basically just provided some support and helped out with getting salsa/wiki accounts and some troubleshooting. It went nice and fast, and it’s always a big relief when there are no showstoppers for the release.
<div class="wp-block-image">
<figure class="aligncenter size-large"><img alt="" class="wp-image-11951" height="590" src="https://jonathancarter.org/files/images/trixiecake2-1024x590.jpg" width="1024" /></figure></div>
My dog was really wishing hard that the cake would slip off.
<div class="wp-block-image">
<figure class="aligncenter size-full"><img alt="" class="wp-image-11970" height="221" src="https://jonathancarter.org/files/images/cambalache.jpg" width="600" /></figure></div>
Packaging-wise, I only have one big new package for Trixie, and that’s <a href="https://github.com/xjuan/cambalache/tree/main">Cambalache</a>, a rapid application design UI builder for GTK3/GTK4.
<div class="wp-block-image">
<figure class="aligncenter size-full is-resized"><img alt="" class="wp-image-11972" height="423" src="https://jonathancarter.org/files/images/image-29.png" style="width: 616px; height: auto;" width="752" /></figure></div>
The version in trixie is 0.94.1-3 and version 1.0 was recently released, so I’ll get that updated in forky and backport it if possible.
I was originally considering using Cambalache for an installer UI, but ended up going with a web front-end instead. But that’s moving firmly towards forky territory, so more on that another time!
Thanks to everyone who was involved in this release, so far upgrades have been very smooth!
<img alt="" height="0" src="https://analytics.jonathancarter.org/piwik.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fjonathancarter.org%2F2025%2F08%2F10%2Fdebian-13%2F&amp;action_name=Debian+13&amp;urlref=https%3A%2F%2Fjonathancarter.org%2Ffeed%2F" style="border: 0; width: 0; height: 0;" width="0" /></description>
<pubDate>Sun, 10 Aug 2025 14:53:36 +0000</pubDate>
</item>
<item>
<title>Ubuntu Studio: Ubuntu Studio 24.04.3 LTS Released</title>
<guid isPermaLink="false">https://ubuntustudio.org/?p=3009</guid>
<link>https://ubuntustudio.org/2025/08/ubuntu-studio-24-04-3-released/</link>
<description><div class="wp-block-image"><figure class="aligncenter size-full is-resized"><img alt="" class="wp-image-2763" height="223" src="https://ubuntustudio.org/wp-content/uploads/2024/04/0a09/finalbanner.png" width="600" /></figure></div>
The Ubuntu Studio team is pleased to announce the release of Ubuntu Studio 24.04.3 LTS. This is a minor release which wraps-up the security and bug fixes into one .iso image, available for download now.
The biggest change is the <code>lowlatency</code> kernel has been officially retired, replaced by the <code>generic</code> Ubuntu kernel. Those that have been using Ubuntu Studio 24.04 and upgraded may have already noticed this change.
With that said, much like Ubuntu Studio 24.10 and higher, the <code>generic</code> kernel includes kernel parameters added upon boot that allow the kernel to act in a <code>lowlatency</code> mode, so you now can enjoy the benefits of the <code>lowlatency</code> kernel while using the <code>generic</code> kernel.
We realize this may come as a shock, but when 24.04 was released, we knew this day would eventually come. However, there is no difference between the <code>lowlatency</code> kernel and the <code>generic</code> kernel with these boot parameters. They are:
<ul><li><code>preempt=full</code>: Makes the kernel fully preemptible</li><li><code>rcu_nocbs=all</code> Offloads Read-Copy Update (RCU) callbacks from all CPUs dedicated to kernel threads, improves real-time performance</li><li><code>threadirqs</code> Forces interrupt handlers to run in a threaded context, reducing buffer xruns</li></ul>
These kernel parameters can be found in the files in <code>/etc/defaults/grub.d</code>
<h2>Please give financially to Ubuntu Studio!</h2>
Giving is down. We understand that some people may no longer be able to give financially to this project, and that’s OK. However, if you have never given to Ubuntu Studio for the hard work and dedication we put into this project, please consider a monetary contribution.
Additionally, we would love to see more monthly contributions to this project. You can do so via PayPal, Liberapay, or Patreon. We would love to see more contributions!
So don’t wait, and don’t wait for someone else to do it! Thank you in advance!
<table align="center" border="0" width="100%"><tbody><tr><td align="center" valign="center" width="33%">Donate using PayPal <form action="https://www.paypal.com/cgi-bin/webscr" method="post" target="_top">
<input name="cmd" type="hidden" value="_donations" />
<input name="business" type="hidden" value="4KAYVBRFDQPJW" />
<input name="item_name" type="hidden" value="Ubuntu Studio Donation" />
<input name="currency_code" type="hidden" value="USD" />
<input alt="Donate with PayPal button" border="0" name="submit" src="https://www.paypalobjects.com/en_US/i/btn/btn_donateCC_LG.gif" title="PayPal - The safer, easier way to pay online!" type="image" />
<img alt="" border="0" height="1" src="https://www.paypal.com/en_US/i/scr/pixel.gif" width="1" /></form>Donations are Monthly or One-Time</td><td align="center" valign="center" width="33%">Donate using Liberapay <a href="https://liberapay.com/ubuntustudio/donate"><img alt="Donate using Liberapay" src="https://liberapay.com/assets/widgets/donate.svg" /></a> Donations are Weekly, Monthly, or Annually</td><td align="center" valign="center" width="33%">Donate using Patreon <a data-patreon-widget-type="become-patron-button" href="https://www.patreon.com/bePatron?u=43532738">Become a Patron!</a>Donations are Monthly</td></tr></tbody></table> </description>
<pubDate>Fri, 08 Aug 2025 04:15:53 +0000</pubDate>
</item>
<item>
<title>Colin Watson: Free software activity in July 2025</title>
<guid isPermaLink="false">tag:www.chiark.greenend.org.uk,2025-08-06:/~cjwatson/blog/activity-2025-07.html</guid>
<link>https://www.chiark.greenend.org.uk/~cjwatson/blog/activity-2025-07.html</link>
<description>About 90% of my Debian contributions this month were
<a href="https://www.freexian.com/about/debian-contributions/">sponsored</a> by Freexian.
You can also support my work directly via
<a href="https://liberapay.com/cjwatson">Liberapay</a> or <a href="https://github.com/sponsors/cjwatson">GitHub
Sponsors</a>.
<h2>DebConf</h2>
I attended DebConf for the first time in 11 years (my last one was DebConf
14 in Portland). It was great! For once I had a conference where I had a
fairly light load of things I absolutely had to do, so I was able to spend
time catching up with old friends, making some new friends, and doing some
volunteering - a bit of Front Desk, and quite a lot of video team work where
I got to play with sound desks and such. Apparently one of the BoFs (“birds
of a feather”, i.e. relatively open discussion sessions) where I was
talkmeister managed to break the automatic video cutting system by starting
and ending precisely on time, to the second, which I’m told has never
happened before. I’ll take that.
I gave a <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-398-using-debusine-to-pre-test-your-unstable-uploads.av1.webm">talk about
Debusine</a>,
along with <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-669-debusine-workflow-bof.av1.webm">helping Enrico run a Debusine
BoF</a>.
We still need to process some of the feedback from this, but are generally
pretty thrilled about the reception. My personal highlight was getting a
shout-out in a <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-605-approaching-the-speed-of-light-with-debian-debians-role-in-the-worlds-largest-particle-accelerator.av1.webm">talk from
CERN</a>
(in the slide starting at 32:55).
Other highlights for me included a <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-416-debian-python-bof.av1.webm">Python team
BoF</a>,
<a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-397-tag2upload-upload-simply-by-pushing-a-signed-git-tag.av1.webm">Ian’s tag2upload
talk</a>
and some very useful follow-up discussions, a session on <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-420-future-of-archive-wide-testing.av1.webm">archive-wide
testing</a>,
a somewhat brain-melting whiteboard session about the “multiarch interpreter
problem”,
<a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-649-salsa-bof.av1.webm">several</a>
<a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-624-salsa-ci-bof.av1.webm">useful</a>
<a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-560-salsa-ci-now-running-for-27-000-packages-what-have-we-learnt.av1.webm">discussions</a>
about salsa.debian.org, <a href="https://meetings-archive.debian.net/pub/debian-meetings/2025/DebConf25/debconf25-180-automating-downstream-debian-package-builds-and-updates-in-ci.av1.webm">Matthew’s talk on how Wikimedia automates their Debian package
builds</a>,
and many others. I hope I can start attending regularly again!
<h2>OpenSSH</h2>
Towards the end of a release cycle, people tend to do more upgrade testing,
and this sometimes results in interesting problems. Manfred Stock reported
<a href="https://bugs.debian.org/1109742">“No new SSH connections possible during large part of upgrade to Debian
Trixie”</a>, and after a little testing in a
container I confirmed that this was a reproducible problem that would have
affected many people upgrading from Debian 12 (bookworm), with potentially
severe consequences for people upgrading remote systems. In fact, there
were two independent problems that each led to much the same symptom:
<ul>
<li>
OpenSSH 9.8 split the monolithic <code>sshd</code> listener process into two
pieces: a minimal network listener (still called <code>sshd</code>), and an
<code>sshd-session</code> process dealing with each individual session. (OpenSSH
10.0 further split <code>sshd-session</code>, adding an <code>sshd-auth</code> process that
deals with the user authentication phase of the protocol.) This hardens
the OpenSSH server by using different address spaces for privileged and
unprivileged code.
Before this change, when <code>sshd</code> received an incoming connection, it
forked and re-executed itself with some special parameters to deal with
it. After this change, it forks and executes <code>sshd-session</code> instead,
and <code>sshd</code> no longer accepts the parameters it used to accept for this.
Debian package upgrades happen in two phases: first we unpack the new
files onto disk, and then we run some package-specific configuration
steps which usually include things like restarting services. (I’m
simplifying, but this is good enough for this post.) Normally this is
fine, and in fact desirable: the old service keeps on working, and this
approach often allows breaking what would otherwise be difficult cycles
by ensuring that the system is in a more coherent state before trying to
restart services. However, in this case, unpacking the new files onto
disk immediately means that new SSH connections no longer work: the old
<code>sshd</code> receives the connection and tries to hand it off to a
freshly-executed copy of the new <code>sshd</code> binary on disk, which no longer
supports this.
If you’re just upgrading OpenSSH on its own or with a small number of
other packages, this isn’t much of a problem as the listener will be
restarted quite soon; but if you’re upgrading from bookworm to trixie,
there may be a long gap when you can’t SSH to the system any more, and
if something fails in the middle of the upgrade then you could be in trouble.
So, what to do? I considered keeping a copy of the old <code>sshd</code> around
temporarily and patching the new <code>sshd</code> to re-execute it if it’s being
run to handle an incoming connection, but that turned out to fail in my
first test: dependencies are normally only checked when configuring a
package, so it’s possible to unpack <code>openssh-server</code> before unpacking a
newer <code>libc6</code> that it depends on, at which point you can’t execute the
new <code>sshd</code> at all. (That also means that the approach of restarting the
service at unpack time instead of configure time is a non-starter.) We
needed a different idea.
<code>dpkg</code>, the core Debian package manager, has a specialized facility
called “diversions”: you can tell it that when it’s unpacking a
particular file it should put it somewhere else instead. This is
normally used by administrators when they want to install a
locally-modified version of a particular file at their own risk, or by
packages that knowingly override a file normally provided by some other
package. However, in this case it turns out to be useful for
<code>openssh-server</code> to temporarily divert one of its own files! When
upgrading from before 9.8, it now diverts <code>/usr/sbin/sshd</code> to
<code>/usr/sbin/sshd.session-split</code> before the new version is unpacked, then
removes the diversion and moves the new file into place once it’s ready
to restart the service; this reduces the period when incoming
connections fail to a minimum. (We actually have to pretend that the
diversion is being performed on behalf of a slightly different package
since we’re using <code>dpkg-divert</code> in a strange way here, but it all works.)
</li>
<li>
Most OpenSSH processes, including <code>sshd</code>, check for a compatible version
of the OpenSSL library when they start up. This check used to be very
picky, among other things requiring both the major and minor number to
match. OpenSSL 3 has a <a href="https://www.openssl-library.org/policies/general/versioning-policy/">better versioning
policy</a>,
and so OpenSSH 9.4p1 <a href="https://anongit.mindrot.org/openssh.git/commit/?id=b7afd8a4ecaca8afd3179b55e9db79c0ff210237">relaxed this
check</a>.
Unfortunately, bookworm shipped with OpenSSH 9.2p1, which means that as
soon as you unpack the new <code>libssl3</code> during an upgrade (actually
<code>libssl3t64</code> due to the <a href="https://wiki.debian.org/ReleaseGoals/64bit-time">64-bit <code>time_t</code>
transition</a>), <code>sshd</code>
stops working. This couldn’t be fixed by a change in trixie; we needed
to change bookworm in advance of the upgrade so that it would tolerate
newer versions of OpenSSL. And time was tight if we wanted to maximize
the chance that people would apply that stable update before upgrading
to trixie; there isn’t going to be another point release of Debian 12
before the release of Debian 13.
Fortunately, there’s a
<a href="https://www.debian.org/doc/manuals/developers-reference/pkgs.en.html#special-case-the-stable-updates-suite"><code>stable-updates</code></a>
mechanism for exactly this sort of thing, and the stable release
managers kindly accepted my proposal to fix this there.
</li>
</ul>
The net result is that if you apply updates to bookworm (including
<code>stable-updates</code> / <code>bookworm-updates</code>, which is enabled by default) before
starting the upgrade to trixie, everything should be fine. Many thanks to
Manfred for reporting this with just enough time to spare that we were able
to fix it before Debian 13 is released in a few days!
<h2>debmirror</h2>
I did my twice-yearly refresh of debmirror’s <a href="https://salsa.debian.org/debian/debmirror/-/blob/master/mirror_size"><code>mirror_size</code>
documentation</a>,
and applied a <a href="https://bugs.debian.org/1108274">patch from Christoph Goehre</a>
to improve mirroring of installer files.
<h2>madison-lite</h2>
I <a href="https://bugs.debian.org/1109003">proposed</a> renaming this project along
with the <code>rmadison</code> tool in <code>devscripts</code>, although I’m not yet sure what a
good replacement name would be.
<h2>Python team</h2>
I upgraded python-expandvars, python-typing-extensions (in experimental),
and webtest to new upstream versions.
I backported fixes for some security vulnerabilities to unstable:
<ul>
<li>python-urllib3: <a href="https://bugs.debian.org/1108076">CVE-2025-50181</a>,
<a href="https://bugs.debian.org/1108077">CVE-2025-50182</a></li>
</ul>
I fixed or helped to fix a number of release-critical bugs:
<ul>
<li><a href="https://bugs.debian.org/1108968">bitstruct: autopkgtest regression: invalid command ‘test’</a></li>
<li><a href="https://bugs.debian.org/1102611">django-pipeline: autopkgtest failure</a>
(<a href="https://github.com/jazzband/django-pipeline/pull/837">contributed supporting fix
upstream</a>)</li>
<li><a href="https://bugs.debian.org/1108946">pnopaste: Fails to install with debconf noninteractive
frontend</a> (suggested possible patch)</li>
<li><a href="https://bugs.debian.org/1108799">py3dns: autopkgtest regression: ‘96.7.128.186’ !=
‘93.184.215.14’</a> (<a href="https://code.launchpad.net/~cjwatson/py3dns/+git/py3dns/+merge/488798">contributed
upstream</a>)</li>
<li><a href="https://bugs.debian.org/1108782">python-marshmallow-dataclass: autopkgtest depends on removed package python-marshmallow-enum</a></li>
<li><a href="https://bugs.debian.org/1108795">python-pkgconfig: autopkgtest regression: list index out of range</a></li>
<li><a href="https://bugs.debian.org/1108797">python-txrequests: autopkgtest regression:
twisted.trial.unittest.FailTest: 200 != 404</a></li>
</ul>
I fixed some other bugs, mostly <code>Severity: important</code>:
<ul>
<li><a href="https://bugs.debian.org/1106896">afew: Unable to remove tags</a> (<a href="https://salsa.debian.org/python-team/packages/afew/-/merge_requests/3">reviewed
and merged
MR</a>)</li>
<li><a href="https://bugs.debian.org/1103313">ipy: FTBFS with the nocheck build profile</a></li>
<li><a href="https://bugs.debian.org/1108434">paramiko: Does not correctly handle OpenSSH 10 version</a></li>
<li><a href="https://bugs.debian.org/1103323">python-django-storages: FTBFS with the nocheck build profile</a></li>
<li><a href="https://bugs.debian.org/1104638">python-icalendar: Depends on a transitional
package</a> (and follow-up fixes for missing
build-dependencies in python-recurring-ical-events, python-x-wr-timezone,
and todoman)</li>
<li><a href="https://bugs.debian.org/1025404">python-libais: Stop calling python3 setup.py
test</a> (<a href="https://github.com/schwehr/libais/pull/252">contributed supporting fix
upstream</a>)</li>
</ul>
I reinstated python3-mastodon’s build-dependency on and recommendation of
python3-blurhash, now that the latter has been <a href="https://bugs.debian.org/1101140">fixed to use the correct
upstream source</a>.</description>
<pubDate>Wed, 06 Aug 2025 10:41:41 +0000</pubDate>
</item>
<item>
<title>Scarlett Gately Moore: Fostering Constructive Communication in Open Source Communities</title>
<guid isPermaLink="false">https://www.scarlettgatelymoore.dev/?p=2127</guid>
<link>https://www.scarlettgatelymoore.dev/fostering-constructive-communication-in-open-source-communities/</link>
<description><figure class="wp-block-gallery has-nested-images columns-default is-cropped wp-block-gallery-1 is-layout-flex wp-block-gallery-is-layout-flex">
<figure class="wp-block-image size-large"><img alt="" class="wp-image-2128" data-id="2128" height="625" src="https://www.scarlettgatelymoore.dev/wp-content/uploads/5278-1024x625.jpg" width="1024" />Partners holding big jigsaw puzzle pieces flat vector illustration. Successful partnership, communication and collaboration metaphor. Teamwork and business cooperation concept.</figure>
</figure>
I write this in the wake of a personal attack against my work and a project that is near and dear to me. Instead of spreading vile rumors and hearsay, talk to me. I am not known to be ‘hard to talk to’ and am wide open for productive communication. I am disheartened and would like to share some thoughts of the importance of communication. Thanks for listening.
Open source development thrives on collaboration, shared knowledge, and mutual respect. Yet sometimes, the very passion that drives us to contribute can lead to misunderstandings and conflicts that harm both individuals and the projects we care about. As contributors, maintainers, and community members, we have a responsibility to foster environments where constructive dialogue flourishes.
<h2 class="wp-block-heading">The Foundation of Healthy Open Source Communities</h2>
At its core, open source is about people coming together to build something greater than what any individual could create alone. This collaborative spirit requires more than just technical skills—it demands emotional intelligence, empathy, and a commitment to treating one another with dignity and respect.
When disagreements arise—and they inevitably will—the manner in which we handle them defines the character of our community. Technical debates should focus on the merits of ideas, implementations, and approaches, not on personal attacks or character assassinations conducted behind closed doors.
<h2 class="wp-block-heading">The Importance of Direct Communication</h2>
One of the most damaging patterns in any community is when criticism travels through indirect channels while bypassing the person who could actually address the concerns. When we have legitimate technical disagreements or concerns about someone’s work, the constructive path forward is always direct, respectful communication.
Consider these approaches:
<ul class="wp-block-list">
<li>Address concerns directly: If you have technical objections to someone’s work, engage with them directly through appropriate channels</li>
<li>Focus on specifics: Critique implementations, documentation, or processes—not the person behind them</li>
<li>Assume good intentions: Most contributors are doing their best with the time and resources available to them</li>
<li>Offer solutions: Instead of just pointing out problems, suggest constructive alternatives</li>
</ul>
<h2 class="wp-block-heading">Supporting Contributors Through Challenges</h2>
Open source contributors often juggle their community involvement with work, family, and personal challenges. Many are volunteers giving their time freely, while others may be going through difficult periods in their lives—job searching, dealing with health issues, or facing other personal struggles.
During these times, our response as a community matters enormously. A word of encouragement can sustain someone through tough periods, while harsh criticism delivered thoughtlessly can drive away valuable contributors permanently.
<h2 class="wp-block-heading">Building Resilient Communities</h2>
Strong open source communities are built on several key principles:
Transparency in Communication: Discussions about technical decisions should happen in public forums where all stakeholders can participate and learn from the discourse.
Constructive Feedback Culture: Criticism should be specific, actionable, and delivered with the intent to improve rather than to tear down.
Recognition of Contribution: Every contribution, whether it’s code, documentation, bug reports, or community support, has value and deserves acknowledgment.
Conflict Resolution Processes: Clear, fair procedures for handling disputes help prevent minor disagreements from escalating into community-damaging conflicts.
<h2 class="wp-block-heading">The Long View</h2>
Many successful open source projects span decades, with contributors coming and going as their life circumstances change. The relationships we build and the culture we create today will determine whether these projects continue to attract and retain the diverse talent they need to thrive.
When we invest in treating each other well—even during disagreements—we’re investing in the long-term health of our projects and communities. We’re creating spaces where innovation can flourish because people feel safe to experiment, learn from mistakes, and grow together.
<h2 class="wp-block-heading">Moving Forward Constructively</h2>
If you find yourself in conflict with another community member, consider these steps:
<ol class="wp-block-list">
<li>Take a breath: Strong emotions rarely lead to productive outcomes</li>
<li>Seek to understand: What are the underlying concerns or motivations?</li>
<li>Communicate directly: Reach out privately first, then publicly if necessary</li>
<li>Focus on solutions: How can the situation be improved for everyone involved?</li>
<li>Know when to step back: Sometimes the healthiest choice is to disengage from unproductive conflicts</li>
</ol>
<h2 class="wp-block-heading">A Call for Better</h2>
Open source has given us incredible tools, technologies, and opportunities. The least we can do in return is treat each other with the respect and kindness that makes these collaborative achievements possible.
Every contributor—whether they’re packaging software, writing documentation, fixing bugs, or supporting users—is helping to build something remarkable. Let’s make sure our communities are places where that work can continue to flourish, supported by constructive communication and mutual respect.
The next time you encounter work you disagree with, ask yourself: How can I make this better? How can I help this contributor grow? How can I model the kind of community interaction I want to see?
Our projects are only as strong as the communities that support them. Let’s build communities worthy of the amazing software we create together.
<a href="https://gofund.me/506c910c">https://gofund.me/506c910c</a></description>
<pubDate>Mon, 04 Aug 2025 21:52:10 +0000</pubDate>
</item>
<item>
<title>Thomas Bechtold: Streamline Root Filesystem Modifications with chimg</title>
<guid isPermaLink="false">http://toabctl.wordpress.com/?p=151</guid>
<link>https://toabctl.wordpress.com/2025/07/31/streamline-root-filesystem-modifications-with-chimg/</link>
<description>During the last year I developed as a side project a new tool called <a href="https://github.com/canonical/chimg/">chimg</a> . That tool is useful to modify a given rootfs chroot directory in a declarative way. It can replace a kernel within a chroot, preseed snaps, install debian packages, add PPAs and more (documentation is in git but not yet published).
The nice thing about this is, that this tool can be integrated into <a href="https://launchpad.net/livecd-rootfs">livecd-rootfs</a> (the tool that is usually used to build Ubuntu images) or future tools which might use the craft framework to build images. <code>chimg</code> automatically detects already bind-mounted filesystems (eg. <code>/sys</code>, <code>/proc</code>, …), detects already preseeded snaps and usually does that same thing that <code>livecd-rootfs</code> currently does when eg. replacing an already installed kernel.
Install <code>chimg</code> with:
<div class="wp-block-syntaxhighlighter-code "><pre class="brush: plain; title: ; notranslate">sudo snap install chimg --classic
</pre></div>
An example configuration (eg. <code>config.yaml</code>) to modify a rootfs chroot directory looks like this:
<div class="wp-block-syntaxhighlighter-code "><pre class="brush: yaml; title: ; notranslate">---
kernel: linux-aws
debs:
- name: shim-signed
- name: grub-pc
- name: grub2-common
- name: ubuntu-cloud-minimal
snap:
assertion_brand: canonical
assertion_model: aws-classic
snaps:
- name: hello
channel: latest/stable
files:
-
destination: /etc/default/grub.d/70-mysettings.cfg
content: |+
GRUB_TIMEOUT=0
cmds_post:
-
cmd: |
echo "Everything done"
</pre></div>
This config (stored in <code>config.yaml</code> in this example) can be applied to a newly created (or existing) root filesystem directory. Let’s create one in <code>/tmp/chimg-noble</code>:
<div class="wp-block-syntaxhighlighter-code "><pre class="brush: bash; title: ; notranslate">sudo mmdebstrap --variant=apt --verbose noble /tmp/chimg-noble
</pre></div>
Let’s apply the config changes now:
<div class="wp-block-syntaxhighlighter-code "><pre class="brush: bash; title: ; notranslate">sudo chimg --log-console chrootfs config.yaml /tmp/chimg-noble
</pre></div>
That’s it. The modifications are now applied to the <code>/tmp/chimg-noble</code> directory.
</description>
<pubDate>Thu, 31 Jul 2025 18:15:36 +0000</pubDate>
</item>
<item>
<title>Oliver Grawert: Rooming with Mark</title>
<guid isPermaLink="false">http://ograblog.wordpress.com/?p=389</guid>
<link>https://ograblog.wordpress.com/2025/05/16/rooming-with-mark/</link>
<description>Yesterday, exactly twenty years ago my mobile rang while I was walking the dog. I had just returned from Sydney about a week ago (still battling with the last remains of my Jet-lag (I had never left Europe before!)) where I had attended the UbuntuDownUnder summit and had a 30min interview on the last day (that was literally rather like having a coffee with friends after lunch) with Mark Shuttleworth and Matt Zimmerman (back then Canonicals CTO) on a nice hotel terrace directly under a tree with a colony of flying foxes sleeping above our heads. There was Jane Silber (CEO) on the phone, telling me: “I’m so happy to tell you you are hired! In your new role we want you to create an educational flavor of Ubuntu, there will be a debian-edu/skolelinux gathering in Bergen in Norway from the 10th to 12th of June, are you okay flying there with Mark?” I rushed back home and told my girlfriend: “I’m hired, and I’ll fly Canonical One on my first business trip next month!” (Canonical One was the name of Marks plane). I learned the next weeks that Canonical had indeed booked a generic scheduled flight for me and we’d only meet at the venue <img alt="🙂" class="wp-smiley" src="https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f642.png" style="height: 1em;" /> The flight was a disaster, after we were boarding that small 20-seater 2 prop plane that was supposed to get us from Cologne to Amsterdam and the pilot started the engine my window all of a sudden was soaked in oil. We had to stay in the plane out on the filed while the mechanics were fixing the engine for like 2-3h so indeed I missed the connection in Amsterdam and had to stay for the night instead of arriving in Bergen the evening before the event started. When I arrived at the venue everyone was already busy hacking on stuff and I jumped right in alongside, finally meeting some users of LTSP (Linux Terminal Server Project) which I was upstream for at that time and working with them on the problems they faced in debian with it, tinkering with moodle as a teaching support system and looking at other edu software, meanwhile Mark was sitting on a bar-stool in a corner with his laptop hacking on launchpad code. When we went to our hotel in the evening it turned out they did not have our booking at all and were completely overbooked due to a jewelry exhibition they had in the house for that week. I talked like 15min to the lady behind the counter, showed her my booking confirmation PDF on the laptop, begged and flirted a lot and eventually she told us “We do have an exhibition room that we keep as spare, it only has one bed but you can have it and we will add a folding bed”. The room was actually a normal hotel room but completely set up with wallpaper tables all around the walls. Mark insisted to take the folding bed and I can tell you, he does not snore … (well, he didn’t back then) This was only the first of a plethora of adventures that followed in the upcoming 20 years, that phone call clearly changed my life and the company gave me the opportunity to work with the brightest, sharpest and most intelligent people on the planet in and outside of Canonical. It surely changed a lot over these years (when I started we were building the distro with 18 people in the distro team and did that for quite a few years before it actually got split into server, foundations, kernel and desktop teams) but it never lost its special spirit of having these exceptional people with such a high focus on bringing opensource to everyone and making it accessible to everyone. Indeed, with growth comes the requirement to make more money to pay the people, the responsibility to give your employees a certain amount of security and persistence grows, but Canonical and especially Mark have always managed to keep the balance to not lose that focus and do the right thing in the end. Ten years ago I said “onward to the next ten!!”, I won’t really say “onward to the next 20!” today, not because I ever plan to resign but simply because I doubt I still want to work full time when I’m 75 <img alt="😉" class="wp-smiley" src="https://s0.wp.com/wp-content/mu-plugins/wpcom-smileys/twemoji/2/72x72/1f609.png" style="height: 1em;" /> Thank you Mark for dragging me into this adventure and thank you for still having me! I still love the ride!!


</description>
<pubDate>Tue, 29 Jul 2025 13:26:03 +0000</pubDate>
</item>
<item>
<title>Dimitri John Ledkov: Achieving actually full disk encryption of UEFI ESP at rest with TCG OPAL, FIPS, LUKS</title>
<guid isPermaLink="false">tag:blogger.com,1999:blog-347582618045055410.post-5137629174584752121</guid>
<link>http://blog.surgut.co.uk/2025/07/achieving-actually-full-disk-encryption.html</link>
<description><table align="center" cellpadding="0" cellspacing="0" class="tr-caption-container" style="margin-left: auto; margin-right: auto;"><tbody><tr><td style="text-align: center;"><a href="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifDQL9Ducebgoi5rQaoK8ZXCp1ud1YHOguORDpgsmeD5E1PNT9Ptcdps3hLehMw6RHpXeovif1fgMpYF8lAucFgYmUZYgvdl68669qcjgUkN4hcpTRBzSK1HilijZgPjSxpCySZQtvtmkh7EjKMjMB27qIpJvXXmlFfobGPp7bIjoluItyPF6cJ7fnL1A/s1280/pexels-markus-winkler-1430818-3828944.png" style="margin-left: auto; margin-right: auto;"><img border="0" data-original-height="853" data-original-width="1280" height="427" src="https://blogger.googleusercontent.com/img/b/R29vZ2xl/AVvXsEifDQL9Ducebgoi5rQaoK8ZXCp1ud1YHOguORDpgsmeD5E1PNT9Ptcdps3hLehMw6RHpXeovif1fgMpYF8lAucFgYmUZYgvdl68669qcjgUkN4hcpTRBzSK1HilijZgPjSxpCySZQtvtmkh7EjKMjMB27qIpJvXXmlFfobGPp7bIjoluItyPF6cJ7fnL1A/w640-h427/pexels-markus-winkler-1430818-3828944.png" width="640" /></a></td></tr><tr><td class="tr-caption" style="text-align: center;">Achieving full disk encryption using FIPS, TCG OPAL and LUKS to encrypt UEFI ESP on bare-metal and in VMs</td></tr></tbody></table>Many security standards such as CIS and STIG require to protect information at rest. For example, <a href="https://doi.org/10.6028/NIST.SP.800-53r5">NIST SP 800-53r5</a> SC-28 advocate to use cryptographic protection, offline storage and TPMs to enhance protection of information confidentiality and/or integrity.Traditionally to satisfy such controls on portable devices such as laptops one would utilize software based Full Disk Encryption - <a href="https://support.apple.com/en-gb/guide/mac-help/mh11785/mac">Mac OS X FileVault</a>, <a href="https://support.microsoft.com/en-us/windows/bitlocker-drive-encryption-76b92ac9-1040-48d6-9f5f-d14b3c5fa178">Windows Bitlocker</a>, <a href="https://gitlab.com/cryptsetup/cryptsetup">Linux cryptsetup LUKS2</a>. In cases when FIPS cryptography is required, additional burden would be placed onto these systems to operate their kernels in FIPS mode.<a href="https://trustedcomputinggroup.org/">Trusted Computing Group</a> works on establishing many industry standards and specifications, which are widely adopted to improve safety and security of computing whilst keeping it easy to use. One of their most famous specifications them is TCG TPM 2.0 (Trusted Platform Module). TPMs are now widely available on most devices and help to protect secret keys and attest systems. For example, most software full disk encryption solutions can utilise TCG TPM to store full disk encryption keys providing passwordless, biometric or pin-base ways to unlock the drives as well as attesting that system have not been modified or compromised whilst offline.<a href="https://trustedcomputinggroup.org/resource/storage-work-group-storage-security-subsystem-class-opal/">TCG Storage Security Subsystem Class: Opal Specification</a> is a set of specifications for features of data storage devices. The authors and contributors to OPAL are leading and well trusted storage manufacturers such as Samsung, Western Digital, Seagate Technologies, Dell, Google, Lenovo, IBM, Kioxia, among others. One of the features that Opal Specification enables is self-encrypting drives which becomes very powerful when combined with pre-boot authentication. Out of the box, such drives always and transparently encrypt all disk data using hardware acceleration. To protect data one can enter UEFI firmware setup (BIOS) to set NVMe single user password (or user + administrator/recovery passwords) to encrypt the disk encryption key. If one's firmware didn't come with such features, one can also use <a href="https://sedutil.com/">SEDutil</a> to inspect and configure all of this. Latest release of major Linux distributions have SEDutil already packaged.Once password is set, on startup, pre-boot authentication will request one to enter password - prior to booting any operating systems. It means that full disk is actually encrypted, including the UEFI ESP and all operating systems that are installed in case of dual or multi-boot installations. This also prevents tampering with ESP, UEFI bootloaders and kernels which with traditional software-based encryption often remain unencrypted and accessible. It also means one doesn't have to do special OS level repartitioning, or installation steps to ensure all data is encrypted at rest.What about FIPS compliance? Well, the good news is that majority of the OPAL compliant hard drives and/or security sub-chips do have FIPS 140-3 certification. Meaning they have been tested by independent laboratories to ensure they do in-fact encrypt data. On the <a href="https://csrc.nist.gov/Projects/cryptographic-module-validation-program/validated-modules/search">CMVP</a> website one can search for module name terms "OPAL" or "NVMe" or name of hardware vendor to locate FIPS certificates.Are such drives widely available? Yes. For example, a common Thinkpad X1 gen 11 has OPAL NVMe drives as standard, and they have FIPS certification too. Thus, it is likely in your hardware fleet these are already widely available. Use sedutil to check if MediaEncrypt and LockingSupported features are available.Well, this is great for laptops and physical servers, but you may ask - what about public or private cloud? Actually, more or less the same is already in-place in both. On CVMP website all major clouds have their disk encryption hardware certified, and all of them always encrypt all Virtual Machines with FIPS certified cryptography without an ability to opt-out. One is however in full control of how the encryption keys are managed: cloud-provider or self-managed (either with a cloud HSM or KMS or bring your own / external). See these relevant encryption options and key management docs for <a href="https://cloud.google.com/docs/security/encryption/default-encryption?hl=en">GCP</a>, <a href="https://learn.microsoft.com/en-us/azure/virtual-machines/disk-encryption-overview">Azure</a>, <a href="https://maturitymodel.security.aws.dev/en/2.-foundational/kms/">AWS</a>. But the key takeaway without doing anything, at rest, VMs in public cloud are always encrypted and satisfy NIST SP 800-53 controls.What about private cloud? Most Linux based private clouds ultimately use <a href="https://www.qemu.org/">qemu</a> typically with qcow2 virtual disk images. Qemu supports user-space encryption of qcow2 disk, see this <a href="https://www.qemu.org/docs/master/tools/qemu-img.html">manpage</a>. Such encryption encrypts the full virtual machine disk, including the bootloader and ESP. And it is handled entirely outside of the VM on the host - meaning the VM never has access to the disk encryption keys. Qemu implements this encryption entirely in userspace using gnutls, nettle, libgcrypt depending on how it was compiled. This also means one can satisfy FIPS requirements entirely in userspace without a Linux kernel in FIPS mode. Higher level APIs built on top of qemu also support qcow2 disk encryption, as in projects such as <a href="https://libvirt.org/formatstorageencryption.html">libvirt</a> and <a href="https://docs.openstack.org/cinder/latest/configuration/block-storage/volume-encryption.html">OpenStack Cinder</a>.If you carefully read the docs, you may notice that agent support is explicitly sometimes called out as not supported or not mentioned. Quite often agents running inside the OS may not have enough observability to them to assess if there is external encryption. It does mean that monitoring above encryption options require different approaches - for example monitor your cloud configuration using tools such as Wiz and <a href="https://orca.security/">Orca</a>, rather than using agents inside individual VMs. For laptop / endpoint security agents, I do wish they would start gaining capability to report OPAL SED availability and status if it is active or not.What about using software encryption none-the-less on top of the above solutions? It is commonly referred to double or multiple encryption. There will be an additional performance impact, but it can be worthwhile. It really depends on what you define as data at rest for yourself and which controls you need. If one has a dual-boot laptop, and wants to keep one OS encrypted whilst booted into the other, it can perfectly reasonable to encrypted the two using separate software encryption keys. In addition to the OPAL encryption of the ESP. For more targeted per-file / per-folder encryption, one can look into using <a href="https://nuetzlich.net/gocryptfs/">gocryptfs</a> which is the best successor to the once popular, but now deprecated <a href="https://www.ecryptfs.org/">eCryptfs</a> (amazing tool, but has fallen behind in development and can lead to data loss).All of the above mostly talks about cryptographic encryption, which only provides confidentially but not data integrity. To protect integrity, one needs to choose how to maintain that. <a href="https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/verity.html">dm-verity</a> is a good choice for read-only and rigid installations. For read-write workloads, it may be easier to deploy <a href="https://zfsonlinux.org/">ZFS</a> or <a href="https://btrfs.readthedocs.io/en/latest/index.html">Btrfs</a> instead. If one is using filesystems without a built-in integrity support such as XFS or Ext4, one can retrofit integrity layer to them by using <a href="https://www.kernel.org/doc/html/latest/admin-guide/device-mapper/dm-integrity.html">dm-integrity</a> (either standalone, or via dm-luks/cryptsetup --integrity option).If one has a lot of estate and a lot of encryption keys to keep track off a key management solution is likely needed. The most popular solution is likely the one from Thales Group marketed under <a href="https://cpl.thalesgroup.com/encryption/data-security-platform">ChiperTrust Data Security Platform</a> (previously Vormetric), but there are many others including OEM / Vendor / Hardware / Cloud specific or agnostic solutions.I hope this crash course guide piques your interest to learn and discover modern confidentially and integrity solutions, and to re-affirm or change your existing controls w.r.t. to data protection at rest. Full disk encryption, including UEFI ESP /boot/efi is now widely achievable by default on both baremetal machines and in VMs including with FIPS certification. To discuss more let's connect on <a href="https://www.linkedin.com/in/dimitri-john-ledkov/">Linkedin</a>.</description>
<pubDate>Mon, 28 Jul 2025 11:13:30 +0000</pubDate>
<author>noreply@blogger.com (Dimitri John Ledkov)</author>
</item>
<item>
<title>Jonathan Carter: DebConf25</title>
<guid isPermaLink="false">https://jonathancarter.org/?p=11929</guid>
<link>https://jonathancarter.org/2025/07/19/debconf25/</link>
<description>The last two weeks I attended <a href="https://debconf25.debconf.org/">DebConf and DebCamp</a> in Brest, France.
Usually, I like to do a more detailed write-up of DebConf, but I was already quite burnt out when I got here, so I’ll circle back to a few things that were important to me in later posts.
In the meantime, thanks to everyone who made this DebConf possible, whether you volunteered for one task or were part of the organisation team. Also a special thanks to the <a href="https://debconf25.debconf.org/sponsors/">wonderful sponsors</a> who made this entire event possible!
See you next year in Argentina!
<figure class="wp-block-image size-large"><img alt="Jellyfish taken during daytrip at aquarium." class="wp-image-11936" height="577" src="https://jonathancarter.org/files/images/jellyfish-1024x577.jpeg" width="1024" /></figure>
Jellyfish, taken during daytrip at aquarium.

<img alt="" height="0" src="https://analytics.jonathancarter.org/piwik.php?idsite=1&amp;rec=1&amp;url=https%3A%2F%2Fjonathancarter.org%2F2025%2F07%2F19%2Fdebconf25%2F&amp;action_name=DebConf25&amp;urlref=https%3A%2F%2Fjonathancarter.org%2Ffeed%2F" style="border: 0; width: 0; height: 0;" width="0" /></description>
<pubDate>Sat, 19 Jul 2025 17:12:49 +0000</pubDate>
</item>
<item>
<title>Faizul "Piju" 9M2PJU: OpenRocket: Design, Simulate, and Launch Your Own Rockets — Free and Open Source</title>
<guid isPermaLink="false">https://hamradio.my/?p=7766</guid>
<link>https://hamradio.my/2025/07/openrocket-design-simulate-and-launch-your-own-rockets-free-and-open-source/</link>
<description><h2 class="wp-block-heading"></h2>
Have you ever dreamed of building and launching your own rockets? Whether you’re a student, educator, hobbyist, or aerospace enthusiast, there’s one tool that makes rocketry accessible, educational, and exciting: OpenRocket.
OpenRocket is a free, fully open-source model rocket simulator that helps you design, simulate, and optimize rockets in a virtual environment — all before a single part is printed or assembled.
And the best part? It’s completely free, runs on Windows, macOS, and Linux, and is trusted by thousands around the world — from classrooms to high-powered launch pads.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🛰" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f6f0.png" style="height: 1em;" /> What is OpenRocket?</h3>
OpenRocket is a powerful simulation tool designed to make rocket science understandable and practical. It enables users to build virtual models of rockets, test their flight performance, and iterate on designs long before committing to physical builds. Whether you’re building a simple school project or a multi-stage high-powered model, OpenRocket is built to support you at every step.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🛠" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f6e0.png" style="height: 1em;" /> Key Features</h3>
<ul class="wp-block-list">
<li><img alt="🖱" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f5b1.png" style="height: 1em;" /> Drag-and-Drop Rocket Design Build your rocket with ease using a graphical interface — choose body tubes, fins, nose cones, engines, recovery systems, and more.</li>
<li><img alt="🧮" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f9ee.png" style="height: 1em;" /> Accurate Flight Simulations Simulate flights in real-world conditions with detailed physics modeling, including wind, thrust curves, drag, gravity, and stability.</li>
<li><img alt="📊" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f4ca.png" style="height: 1em;" /> Detailed Analysis Tools Visualize graphs for altitude, velocity, acceleration, angle of attack, and more — perfect for science fair projects and engineering analysis.</li>
<li><img alt="🚀" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f680.png" style="height: 1em;" /> Support for Multistage and Cluster Rockets Go beyond basic designs and experiment with multi-engine configurations, boosters, and complex recovery systems.</li>
<li><img alt="📐" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f4d0.png" style="height: 1em;" /> Advanced Stability Calculations See real-time updates on your rocket’s center of pressure and center of gravity — helping ensure stable flights.</li>
<li><img alt="🎓" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f393.png" style="height: 1em;" /> Education-First Philosophy Built with educators and students in mind — great for teaching physics, aerodynamics, math, and engineering concepts.</li>
<li><img alt="🔓" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f513.png" style="height: 1em;" /> 100% Free and Open Source (GPLv3 License) Modify, contribute, or use it freely in academic and personal projects.</li>
</ul>
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="👨‍🏫" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f468-200d-1f3eb.png" style="height: 1em;" /> Perfect for Classrooms and Competitions</h3>
OpenRocket is a favorite in schools, universities, and STEM clubs. It’s ideal for:
<ul class="wp-block-list">
<li>Physics and engineering lessons</li>
<li>STEM competitions</li>
<li>High school and university rocketry teams</li>
<li>Maker clubs and hobbyist communities</li>
</ul>
With OpenRocket, students don’t just learn theory — they test it, visualize it, and bring it to life.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="💻" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f4bb.png" style="height: 1em;" /> Cross-Platform and Easy to Use</h3>
OpenRocket runs smoothly on Windows, Linux, and macOS, with a lightweight footprint and no complex setup required. Just download, install, and launch.
Want to try the latest features? There are stable and experimental versions available, with an active community improving the project continuously.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🌍" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f30d.png" style="height: 1em;" /> Join a Global Community</h3>
OpenRocket is powered by passionate volunteers and used worldwide. With an active community on forums and GitHub, it’s easy to get help, share ideas, and even contribute your own code or simulations.
If you’re ready to explore the world of rocketry without burning through your budget, OpenRocket is your launchpad.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🔗" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f517.png" style="height: 1em;" /> Ready for Liftoff?</h3>
Visit <a href="https://openrocket.info/">openrocket.info</a> and start building your dream rocket today.
Design. Simulate. Launch. Learn. Repeat.
Welcome to the world of OpenRocket — where rocket science is for everyone.
The post <a href="https://hamradio.my/2025/07/openrocket-design-simulate-and-launch-your-own-rockets-free-and-open-source/">OpenRocket: Design, Simulate, and Launch Your Own Rockets — Free and Open Source</a> appeared on <a href="https://hamradio.my">Hamradio.my - Amateur Radio, Tech Insights and Product Reviews</a> by <a href="https://hamradio.my/author/9m2pju/">9M2PJU</a>.</description>
<pubDate>Sat, 19 Jul 2025 16:15:07 +0000</pubDate>
</item>
<item>
<title>Faizul "Piju" 9M2PJU: Digital – Design, Simulate, and Understand Logic Circuits Like Never Before</title>
<guid isPermaLink="false">https://hamradio.my/?p=7763</guid>
<link>https://hamradio.my/2025/07/digital-design-simulate-and-understand-logic-circuits-like-never-before/</link>
<description><h2 class="wp-block-heading"></h2>
If you’ve ever wanted to dive into the world of digital electronics, whether as a student, educator, engineer, or hobbyist, you’re going to love this tool: Digital — a powerful, free, and open-source logic circuit simulator created by Helmut Neemann. Available on GitHub at <a href="https://github.com/hneemann/Digital">hneemann/Digital</a>, this Java-based application combines clarity, flexibility, and educational value in one sleek package.
<h3 class="wp-block-heading"><img alt="⚙" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/2699.png" style="height: 1em;" /> What Is Digital?</h3>
Digital is a logic circuit simulator designed with a clear goal: to make the teaching, learning, and development of digital logic intuitive and visual. It lets you create, simulate, and analyze logic circuits ranging from basic gates to complex CPUs — all with a drag-and-drop interface and real-time simulation.
Unlike other bloated EDA software, Digital is refreshingly simple, elegant, and lightweight. But don’t let its simplicity fool you — it’s capable of simulating complex architectures with clocked components, finite state machines, memory modules, and even custom microprocessors.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🔑" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f511.png" style="height: 1em;" /> Key Features</h3>
<ul class="wp-block-list">
<li><img alt="🖱" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f5b1.png" style="height: 1em;" /> Intuitive Interface Drag and drop components onto your canvas, connect wires, and see how your circuit behaves in real-time.</li>
<li><img alt="🕒" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f552.png" style="height: 1em;" /> Real-Time Simulation Changes are reflected immediately, with live logic levels and animations that bring your circuits to life.</li>
<li><img alt="🧩" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f9e9.png" style="height: 1em;" /> Modular Design Use subcircuits and hierarchical design to keep things organized, even in large-scale projects.</li>
<li><img alt="⏱" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/23f1.png" style="height: 1em;" /> Clocked Components Simulate registers, flip-flops, RAM, and sequential logic effortlessly.</li>
<li><img alt="🧠" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f9e0.png" style="height: 1em;" /> Built-in CPU &amp; Assembler Digital includes a simple, yet powerful CPU with its own instruction set and assembler — ideal for teaching computer architecture.</li>
<li><img alt="🧑‍🏫" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f9d1-200d-1f3eb.png" style="height: 1em;" /> Made for Education Widely used in universities and schools. Perfect for explaining logic gates, truth tables, FSMs, and microprocessor fundamentals.</li>
<li><img alt="💻" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f4bb.png" style="height: 1em;" /> Cross-platform (Java-based) Works on Windows, macOS, and Linux. Just download and run!</li>
<li><img alt="🔓" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f513.png" style="height: 1em;" /> Open Source (GPL-3.0 License) Actively maintained and completely free. Fork it, contribute, or adapt it to your own projects.</li>
</ul>
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="📚" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f4da.png" style="height: 1em;" /> Who Is It For?</h3>
<ul class="wp-block-list">
<li>Students: Learn digital logic step by step with instant feedback.</li>
<li>Educators: Use it in the classroom to teach logic circuits and CPU architecture interactively.</li>
<li>Makers &amp; Hobbyists: Build and test your own logic-based inventions.</li>
<li>Researchers &amp; Developers: Prototype logic systems before implementing them in hardware.</li>
</ul>
Whether you’re building an ALU, a traffic light controller, or your own 8-bit CPU, Digital gives you the tools to simulate it with precision.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="🚀" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/1f680.png" style="height: 1em;" /> Get Started in Minutes</h3>
<ol class="wp-block-list">
<li>Head over to the <a href="https://github.com/hneemann/Digital">Digital GitHub repository</a>.</li>
<li>Download the latest release (JAR file).</li>
<li>Run it using Java (Java 8 or higher required).</li>
<li>Start building your first circuit with just a few clicks.</li>
</ol>
No complex installations. No licenses. No fees. Just pure learning and tinkering joy.
<hr class="wp-block-separator has-alpha-channel-opacity" />
<h3 class="wp-block-heading"><img alt="❤" class="wp-smiley" src="https://s.w.org/images/core/emoji/16.0.1/72x72/2764.png" style="height: 1em;" /> Final Thoughts</h3>
In a world of expensive and overly complex simulation tools, Digital shines as a free, open-source, and educator-friendly alternative. It’s ideal for classrooms, home labs, and anyone curious about what happens beneath the silicon.
So if you’re ready to master digital logic — from basic gates to building your own CPU — it’s time to download Digital and start creating.
Explore. Simulate. Learn. With Digital.
The post <a href="https://hamradio.my/2025/07/digital-design-simulate-and-understand-logic-circuits-like-never-before/">Digital – Design, Simulate, and Understand Logic Circuits Like Never Before</a> appeared on <a href="https://hamradio.my">Hamradio.my - Amateur Radio, Tech Insights and Product Reviews</a> by <a href="https://hamradio.my/author/9m2pju/">9M2PJU</a>.</description>
<pubDate>Fri, 18 Jul 2025 16:05:45 +0000</pubDate>
</item>
<item>
<title>Ubuntu Studio: Ubuntu Studio 24.10 Has Reached End-Of-Life (EOL)</title>
<guid isPermaLink="false">https://ubuntustudio.org/?p=3006</guid>
<link>https://ubuntustudio.org/2025/07/ubuntu-studio-24-10-has-reached-end-of-life-eol/</link>
<description>As of July 10, 2025, all flavors of Ubuntu 24.10, including Ubuntu Studio 24.10, codenamed “Oracular Oriole”, have reached end-of-life (EOL). There will be no more updates of any kind, including security updates, for this release of Ubuntu.
If you have not already done so, please upgrade to Ubuntu Studio 25.10 via the instructions <a href="https://discourse.ubuntu.com/t/ubuntu-studio-25-04-release-notes/53099#p-132280-upgrading-to-ubuntu-studio-2504">provided here</a>. If you do not do so as soon as possible, you will lose the ability without additional advanced configuration.
No single release of any operating system can be supported indefinitely, and Ubuntu Studio has no exception to this rule.
Regular Ubuntu releases, meaning those that are between the Long-Term Support releases, are supported for 9 months and users are expected to upgrade after every release with a 3-month buffer following each release.
Long-Term Support releases are identified by an even numbered year-of-release and a month-of-release of April (04). Hence, the most recent Long-Term Support release is 24.04 (YY.MM = 2024.April), and the next Long-Term Support release will be 26.04 (2026.April). LTS releases for official Ubuntu flavors (not Desktop or Server which are supported for five years) are three years, meaning LTS users are expected to upgrade after every LTS release with a one-year buffer.</description>
<pubDate>Thu, 10 Jul 2025 12:00:00 +0000</pubDate>
</item>
<item>
<title>Stuart Langridge: Making a Discord activity with PHP</title>
<guid isPermaLink="false">tag:www.kryogenix.org,2025-07-08:/days/2025/07/08/making-a-discord-activity-with-php/</guid>
<link>https://www.kryogenix.org/days/2025/07/08/making-a-discord-activity-with-php/</link>
<description>Another post in what is slowly becoming a series, after describing <a href="https://www.kryogenix.org/days/2024/01/14/making-a-discord-bot-with-php/">how to make a Discord bot with PHP</a>; today we're looking at how to make a Discord activity the same way.
An activity is simpler than a bot; Discord activities are basically a web page which loads in an iframe, and can do what it likes in there. You're supposed to use them for games and the like, but I suspect that it might be useful to do quite a few bot-like tasks with activities instead; they take up more of your screen while you're using them, but it's much, much easier to create a user-friendly experience with an activity than it is with a bot. The user interface for bots tends to look a lot like the command line, which appeals to nerds, but having to type <code>!mybot -opt 1 -opt 2</code> is incomprehensible gibberish to real people. Build a little web UI, you know it makes sense.
Anyway, I have not yet actually published one of these activities, and I suspect that there is a whole bunch of complexity around that which I'm not going to get into yet. So this will get you up and running with a Discord activity that you can test, yourself. Making it available to others is step 2: keep an eye out for a post on that.
There are lots of "frameworks" out there for building Discord activities, most of which are all about "use React!" and "have this complicated build environment!" and "deploy a node.js server!", when all you actually need is an SPA web page<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-making-a-discord-activity-with-php-1" title="it's gotta be an SPA. Discord does not like it when the page navigates around">1</a>, a JS library, a small PHP file, and that's it. No build step required, no deploying a node.js server, just host it in any web space that does PHP (i.e., all of them). Keep it simple, folks. Much nicer.
<h2>Step 1: set up a Discord app</h2>
To have an activity, it's gotta be tied to a Discord app. Get one of these as follows:
<ul>
<li>Create an application at <a href="https://discord.com/developers/applications">discord.com/developers/applications</a>. Call it whatever you want</li>
<li>Copy the "Application ID" from "General Information" and make a <code>secrets.php</code> file; add the application ID as <code>$clientid = "whatever";</code></li>
<li>In "OAuth2", "Reset Secret" under Client Secret and store it in <code>secrets.php</code> as $clientsecret</li>
<li>In "OAuth2", "Add Redirect": this URL doesn't get used but there has to be one, so fill it in as some URL you like (<code>http://127.0.0.1</code> works fine)</li>
<li>Get the URL of your activity web app (let's say it's <code>https://myserver/myapp/</code>). Under URL Mappings, add <code>myserver/myapp</code> (no <code>https://</code>) as the Root Mapping. This tells Discord where your activity is</li>
<li>Under Settings, tick Enable Activities. (Also tick "iOS" and "Android" if you want it to work in the phone app)</li>
<li>Under Installation &gt; Install Link, copy the Discord Provided Link. Open it in a browser. This will switch to the Discord desktop app. Add this app to the server of your choice (not to everywhere), and choose the server you want to add it to</li>
<li>In the Discord desktop client, click the Activities button (it looks like a playstation controller, at the end of the message entry textbox). Your app should now be in "Apps in this Server". Choose it and say Launch. Confirm that you're happy to trust it because you're running it for the first time</li>
</ul>
And this will then launch your activity in a window in your Discord app. It won't do anything yet because you haven't written it, but it's now loading.
<h2>Step 2: write an activity</h2>
<ul>
<li>You'll need the Discord Embedded SDK JS library. Go off to <a href="https://www.jsdelivr.com/package/npm/@discord/embedded-app-sdk">jsdelivr</a> and see the URL it wants you to use (at time of writing this is <code>https://cdn.jsdelivr.net/npm/@discord/embedded-app-sdk@2.0.0/+esm</code> but check). Download this URL to get a JS file, which you should call discordsdk.js. (Note: do not link to this directly. Discord activities can't download external resources without some semi-complex setup. Just download the JS file)</li>
<li>Now write the home page for your app -- index.php is likely to be ideal for this, because you need the client ID that you put in <code>secrets.php</code>. A very basic one, which works out who the user is, looks something like this:</li>
</ul>
<div class="highlight"><pre><code>&lt;html&gt;
&lt;body&gt;
I am an activity! You are &lt;output id="username"&gt;...?&lt;/output&gt;
&lt;scr ipt type="module"&gt;
import {DiscordSDK} from './discordsdk.js';
const clientid = '&lt;?php echo $clientid; ?&gt;';
async function setup() {
 const discordSdk = new DiscordSDK(clientid);
 // Wait for READY payload from the discord client
 await discordSdk.ready();
 // Pop open the OAuth permission modal and request for access to scopes listed in scope array below
 const {code} = await discordSdk.commands.authorize({
 client_id: clientid,
 response_type: 'code',
 state: '',
 prompt: 'none',
 scope: ['identify'],
 });
 const response = await fetch('/.proxy/token.php?code=' + code);
 const {access_token} = await response.json();
 const auth = await discordSdk.commands.authenticate({access_token});
 document.getElementById("username").textContent = auth.user.username;
 /* other properties you may find useful:
 server ID: discordSdk.guildId
 user ID: auth.user.id
 channel ID: discordSdk.channelId */
}
setup()
</code></pre></div>
You will see that in the middle of this, we call <code>token.php</code> to get an access token from the <code>code</code> that <code>discordSdk.commands.authorize</code> gives you. While the URL is <code>/.proxy/token.php</code>, that's just a <code>token.php</code> file right next to <code>index.php</code>; the <code>.proxy</code> stuff is because Discord puts all your requests through their proxy, which is OK. So you need this file to exist. Following the <a href="https://discord.com/developers/docs/activities/building-an-activity#step-5-authorizing-authenticating-users">Discord instructions for authenticating users with OAuth</a>, it should look something like this:
<div class="highlight"><pre><code>&lt;?php
require_once("secrets.php");
$postdata = http_build_query(
array(
"client_id" =&gt; $clientid,
"client_secret" =&gt; $clientsecret,
"grant_type" =&gt; "authorization_code",
"code" =&gt; $_GET["code"]
)
);
$opts = array('http' =&gt;
array(
'method' =&gt; 'POST',
'header' =&gt; [
'Content-Type: application/x-www-form-urlencoded',
'User-Agent: mybot/1.00'
],
'content' =&gt; $postdata,
'ignore_errors' =&gt; true
)
);
$context = stream_context_create($opts);
$result_json = file_get_contents('https://discord.com/api/oauth2/token', false, $context);
if ($result_json == FALSE) {
echo json_encode(array("error"=&gt;"no response"));
die();
}
$result = json_decode($result_json, true);
if (!array_key_exists("access_token", $result)) {
error_log("Got JSON response from /token without access_token $result_json");
echo json_encode(array("error"=&gt;"no token"));
die();
}
$access_token = $result["access_token"];
echo json_encode(array("access_token" =&gt; $access_token));
</code></pre></div>
And... that's all. At this point, if you Launch your activity from Discord, it should load, and should work out who the running user is (and which channel and server they're in) and that's pretty much all you need. Hopefully that's a relatively simple way to get started.<ol class="simple-footnotes"><li id="sf-making-a-discord-activity-with-php-1">it's gotta be an SPA. Discord does not like it when the page navigates around <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-making-a-discord-activity-with-php-1-back">↩</a></li></ol></description>
<pubDate>Tue, 08 Jul 2025 07:11:00 +0000</pubDate>
</item>
<item>
<title>Stuart Langridge: A (limited) defence of footnotes</title>
<guid isPermaLink="false">tag:www.kryogenix.org,2025-07-03:/days/2025/07/03/a-limited-defence-of-footnotes/</guid>
<link>https://www.kryogenix.org/days/2025/07/03/a-limited-defence-of-footnotes/</link>
<description>So, Jake Archibald wrote that we should "<a href="https://jakearchibald.com/2025/give-footnotes-the-boot/">give footnotes the boot</a>", and... I do not wholly agree. So, here are some arguments against, or at least perpendicular to. Whether this is in grateful thanks of or cold-eyed revenge about him making me drink a limoncello and Red Bull last week can remain a mystery.
Commentary about footnotes on the web tends to boil down into two categories: that they're foot, and that they're notes. Everybody<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-1" title="sensible">1</a> agrees that being foot is a problem. Having a meaningless little symbol in some text which you then have to scroll down to the end of a document to understand is stupid. But, and here's the point, nobody does this. Unless a document on the web was straight up machine-converted from its prior life as a printed thing, any "footnotes" therein will have had some effort made to conceptually locate the content of the footnote inline with the text that it's footnoting. That might be a link which jumps you down to the bottom, or it might be placed at the side, or it might appear inline when clicked on, or it might appear in a popover, but the content of a "footnote" can be reached without your thread of attention being diverted from the point where you were previously<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-2" title="for good implementations, anyway; if you make your footnotes a link down to the end of the document, and then don't provide a link back via either the footnote marker or by adding it to the end, then you are a bad web author and I condemn you to constantly find unpaired socks, forever">2</a>.
He's right about the numbers<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-3" title="or, ye gods and little fishes, a selection of mad typographic symbols which most people can't even type and need to be copied from the web search results for &quot;that little squiggly section thingy&quot;">3</a> being meaningless, though, and that they're bad link text; the number "3" gives no indication of what's hidden behind it, and the analogy with "click here" as link text is a good one. We'll come back to this, but it is a correct objection.
<h3>What is a footnote, anyway?</h3>
The issue with footnotes being set off this way (that is: that they're notes) isn't, though, that it's bad (which it is), it's that the alternatives are worse, at least in some situations. A footnote is an extra bit of information which is relevant to what you're reading, but not important enough that you need to read it right now. That might be because it's explanatory (that is: it expands and enlarges on the main point being made, but isn't directly required), or because it's a reference (a citation, or a link out to where this information was found so it can be looked up later and to prove that the author didn't just make this up), or because it's commentary (where you don't want to disrupt the text that's written with additions inline, maybe because you didn't write it). Or, and this is important, because it's funnier to set it off like this. A footnote used this way is like the voice of the narrator in The Perils of Penelope Pitstop being funny about the situation. Look, I'll choose a random book from my bookshelf<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-4" title="alright, I chose a random Terry Pratchett book to make the point, I admit; I'm not stupid. But it really was the closest one to hand; I didn't spend extra time looking for particularly good examples">4</a>, Reaper Man by Terry Pratchett.
<img alt="A photograph of a book page. Most of the text is a little blurred to distract attention from it. Midway down the page, unblurred text reads: 'Even the industrial-grade crystal ball was only there as a sop to her customers. Mrs Cake could actually read the future in a bowl of porridge.¹ She could have a revelation in a panful of frying bacon.' At the bottom of the page is the text referenced by the footnote marker, which reads: '¹ It would say, for example, that you would shortly undergo a painful bowel movement.'" src="https://kryogenix.org/images/pratchett-footnote-example.jpg" />
This is done because it's funny. Alternatives... would not be funny.<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-5" title="This is basically &quot;explaining the joke&quot;, something which squashes all the humour out of it like grapes in a press. Sorry, PTerry.">5</a>
If this read:
<blockquote>Even the industrial-grade crystal ball was only there as a sop to her customers. Mrs Cake could actually read the future in a bowl of porridge. (It would say, for example, that you would shortly undergo a painful bowel movement.) She could have a revelation in a panful of frying bacon.</blockquote>
then it's too distracting, isn't it? That's giving the thing too much prominence; it derails the point and then you have to get back on board after reading it. Similarly with making it a long note via <code>&lt;details&gt;</code> or via making it <code>&lt;section role="aside"&gt;</code>, and Jake does make the point that that's for longer notes.
<blockquote>Even the industrial-grade crystal ball was only there as a sop to her customers. Mrs Cake could actually read the future in a bowl of porridge.
<details>NoteIt would say, for example, that you would shortly undergo a painful bowel movement.</details>
She could have a revelation in a panful of frying bacon.</blockquote>
Now, admittedly, half the reason Pratchett's footnotes are funny is because they're imitating the academic use. But the other half is that there is a place for that "voice of the narrator" to make snarky asides, and we don't really have a better way to do it.
Sometimes the parenthesis is the best way to do it. Look at the explanations of "explanatory", "reference", and "commentary" in <a href="http://feeds.feedburner.com/kryogenix#footnotes-being-set-off">the paragraph above about what a footnote is</a>. They needed to be inline; the definition of what I mean by "explanatory" should be read along with the word, and you need to understand my definition to understand why I think it's important. It's directly relevant. So it's inline; you must not proceed without having read it. It's not a footnote. But that's not always the case; sometimes you want to expand on what's been written without requiring the reader to read that expansion in order to proceed. It's a help; an addition; something relevant but not too relevant. (I think this is behind the convention that footnotes are in smaller text, personally; it's a typographic convention that this represents the niggling or snarky or helpful "voice in your head", annotating the ongoing conversation. But I haven't backed this up with research or anything.)
<h3>What's the alternative?</h3>
See, this is the point. Assume for the moment that I'm right<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-6" title="I always do">6</a> and that there is some need for this type of annotation -- something which is important enough to be referenced here but not important enough that you must read it to proceed. How do we represent that in a document?
Jake's approaches are all reasonable in some situations. A note section (a "sidebar", I think newspaper people would call it?) works well for long clarifying paragraphs, little biographies of a person you've referenced, or whatever. If that content is less obviously relevant then hiding it behind a collapsed revealer triangle is even better. Short stuff which is that smidge more relevant gets promoted to be entirely inline and put in brackets. Stuff which is entirely reference material (citations, for example) doesn't really need to be in text in the document at all; don't footnote your point and then make a citation which links to the source, just link the text you wrote directly to the source. That certainly is a legacy of print media. There are annoying problems with most of the alternatives (a <code>&lt;details&gt;</code> can't go in a <code>&lt;p&gt;</code> even if inline, which is massively infuriating; sidenotes are great on wide screens but you still need to solve this problem on narrow, so they can't be the answer alone.) You can even put the footnote text in a tooltip as well, which helps people with mouse pointers or (maybe) keyboard navigation, and is what I do right here on this site.
But... if you've got a point which isn't important enough to be inline and isn't long enough to get its own box off to the side, then it's gotta go somewhere, and if that somewhere isn't "right there inline" then it's gotta be somewhere else, and... that's what a footnote is, right? Some text elsewhere that you link to.
We can certainly take advantage of being a digital document to display the annotation inline if the user chooses to (by clicking on it or similar), or to show a popover (which paper can't do). But if the text isn't displayed to you up front, then you have to click on something to show it, and that thing you click on must not itself be distracting. That means the thing you click on must be small, and not contentful. Numbers (or little symbols) are not too bad an approach, in that light. The technical issues here are dispensed with easily enough, as <a href="https://front-end.social/@leaverou/114784950642671149">Lea Verou</a> points out: yes, put a bigger hit target around your little undistracting numbers so they're not too hard to tap on, that's important.
But as Lea goes on to say, and Jake mentioned above... how do we deal with the idea that "3" needs to be both "small and undistracting" but also "give context so it's not just a meaningless number"? This is a real problem; pretty much by definition, if your "here is something which will show you extra information" marker gives you context about what that extra information is, then it's long enough that you actually have to read it to understand the context, and therefore it's distracting.<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-7" title="I've seen people do footnote markers which are little words rather than numbers, and it's dead annoying. I get what they're trying to do, which is to solve this context problem, but it's worse">7</a> This isn't really a circle that can be squared: these two requirements are in opposition, and so a compromise is needed.
Lea makes the same point with "How to provide context without increasing prominence? Wrapping part of the text with a link could be a better anchor, but then how to distinguish from actual links? Perhaps we need a convention." And I agree. I think we need a convention for this. But... I think we've already got a convention, no? A little superscript number or symbol means "this is a marker for additional information, which you need to interact with<a class="simple-footnote" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-8" title="you might 'interact' with this marker by clicking on it in a digital document, or by looking it up at the bottom of the page in a print doc, but it's all interaction">8</a> to get that additional information". Is it a perfect convention? No: the numbers are semantically meaningless. Is there a better convention? I'm not sure there is.
<h3>An end on't</h3>
So, Jake's right: a whole bunch of things that are currently presented on the web as "here's a little (maybe clickable) number, click it to jump to the end of the document to read a thing" could be presented much better with a little thought. We web authors could do better at this. But should footnotes go away? I don't think so. Once all the cases of things that should be done better are done better, there'll still be some left. I don't hate footnotes. I do hate limoncello and Red Bull, though.<ol class="simple-footnotes"><li id="sf-a-limited-defence-of-footnotes-1">sensible <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-1-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-2">for good implementations, anyway; if you make your footnotes a link down to the end of the document, and then don't provide a link back via either the footnote marker or by adding it to the end, then you are a bad web author and I condemn you to constantly find unpaired socks, forever <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-2-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-3">or, ye gods and little fishes, a selection of mad typographic symbols which most people can't even type and need to be copied from the web search results for "<a href="https://nerdtechy.com/how-to-type-double-s-vertical-symbol">that little squiggly section thingy</a>" <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-3-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-4">alright, I chose a random Terry Pratchett book to make the point, I admit; I'm not stupid. But it really was the closest one to hand; I didn't spend extra time looking for particularly good examples <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-4-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-5">This is basically "explaining the joke", something which squashes all the humour out of it like grapes in a press. Sorry, PTerry. <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-5-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-6">I always do <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-6-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-7">I've seen people do footnote markers which are little words rather than numbers, and it's dead annoying. I get what they're trying to do, which is to solve this context problem, but it's worse <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-7-back">↩</a></li><li id="sf-a-limited-defence-of-footnotes-8">you might 'interact' with this marker by clicking on it in a digital document, or by looking it up at the bottom of the page in a print doc, but it's all interaction <a class="simple-footnote-back" href="http://feeds.feedburner.com/kryogenix#sf-a-limited-defence-of-footnotes-8-back">↩</a></li></ol></description>
<pubDate>Thu, 03 Jul 2025 06:12:00 +0000</pubDate>
</item>
<item>
<title>Jos&eacute; Antonio Rey: 2025: Finding a job, and the understanding the market</title>
<guid isPermaLink="false">http://joseeantonior.wordpress.com/?p=325</guid>
<link>https://joseeantonior.wordpress.com/2025/06/25/2025-finding-a-job-and-the-understanding-the-market/</link>
<description>So, I’ve been in the job market for a bit over a year. I was part of a layoff cycle in my last company, and finding a new gig has been difficult. I haven’t been able to find something as of yet, but it’s been a learning curve. The market is not what it has been in the last couple of years. With AI in the mix, lots of roles have been eliminated, or have shifted towards where human intervention is needed to interpret or verify the data AI is interpreting. Job hunting is a job in an of itself, and may even take a 9 to 5 role. I know of a lot of people who have gone through the same process as myself, and wanted to share some of insights and tips from what I’ve learned throughout the last year.
<h2 class="wp-block-heading">Leveraging your network</h2>
First, and I think most important, is to understand that there’s a lot of great people around that you might have worked with. You can always ask for recommendations, touch base, or even have a small chat to see how things are going on their end. Conversations can be very refreshing, and can help you get a new perspective as how the industries are shifting, where you might want to learn new skills, or how to improve your positioning in the market. Folks can talk around and see if there’s additional positions where you might be a good fit, and it’s always good to have a helping hand (or a few). At the end of the day, these folks are your own community. I’ve gotten roles in the past by being referred, and these connections have been critical for my understanding of how different businesses may approach the same problem, or even to solve internal conflicts. So, reach out to people you know!
<h2 class="wp-block-heading">Understanding the market</h2>
Like I mentioned in the opening paragraph, the market is evolving constantly. AI has taken a very solid role nowadays, and lots of companies ask about how you’ve used AI recently. Part of understanding the market is understanding the bleeding edge tools that are used to improve workflows and day-to-day efficiency. Research tools that are coming up, and that are shaping the market. 
To give you an example. Haven’t tried AI yet? Give it a spin, even for simple questions. Understand where it works, where it fails, and how you, as a human, can make it work for you. Get a sense of the pitfalls, and where human intervention is needed to interpret or verify the data that’s in there. Like one of my former managers said, “trust, but verify”. Or, you can even get to the point of not trusting the data, and sharing that as a story!
<h2 class="wp-block-heading">Apply thoughtfully</h2>
Someone gave me the recommendation to apply to everything that I see where I “could be a fit”. While this might have its upsides, you might also end up in situations where you are not actually a fit, or where you don’t know the company and what it does. Always take the time, at least a few minutes, to understand the company that you’re applying for, research their values, and how they align to yours. Read about the product they’re creating, selling, or offering, and see if it’s a product where you could contribute your skills. Then, you can make the decision of applying. While doing this you may discover that you are applying to a position in a sector that you’re not interested in, or where your skillset might not be used to its full potential. And you might be missing out on some other opportunities that are significantly more aligned to you.
Also take the time to fully review the job description. JDs are pretty descriptive, and you might stumble upon certain details that don’t align with yourself, such as the salary, hours, location, or certain expectations that you might feel don’t fit within the role or that you are not ready for.
<h2 class="wp-block-heading">Prepare for your interviews</h2>
You landed an interview – congratulations! Make sure that you’ve researched the company before heading in. If you’ve taken a look at the company and the role before applying, take a glimpse again. You might find more interesting things, and it will demonstrate that you are actually preparing yourself for the interview. Also, interviewing is a two-way street. Make sure that you have some questions at the end. Double-check the role of your interviewer in the company, and ensure that you have questions that are tailored to their particular roles. Think about what you want to get from the interview (other than the job!).
<h2 class="wp-block-heading">Job sourcing</h2>
There are many great job sources today – LinkedIn being the biggest of all of them. Throughout my searches I’ve also found weworkremotely.com and hnhiring.com are great sources. I strongly advise that you expand your search and find sources that are relevant to your particular role or industry. This has opened up a lot of opportunities for me!
<h2 class="wp-block-heading">Take some time for yourself</h2>
I know that having a job is important. However, it’s also important to take time for yourself. Your mental health is important. You can use this time to develop some skills, play some games, take care of your garden, or even reorganize your home. Find a hobby and distract yourself every now and then. Take breaks, and ensure you’re not over-stressing yourself. Read a bit about burnout, and take care of yourself, as burnout can also happen from job hunting. And if you need a breather, make sure you take one, but don’t overdo it! Time is valuable, so it’s all about finding the right balance.

Hopefully this is helpful for some folks that are going through my same situation. What other things have worked for you? Do you have any other tips you could share? I’d be happy to read about them! Share them with me on <a href="https://linkedin.com/in/joseantonio-rey">LinkedIn</a>. I’m also happy to chat – you can always find me at jose@ubuntu.com.</description>
<pubDate>Wed, 25 Jun 2025 21:39:35 +0000</pubDate>
</item>
<item>
<title>Aaron Rainbolt: The bug that code couldn't fix...</title>
<guid isPermaLink="true">https://arraybolt3.substack.com/p/the-bug-that-code-couldnt-fix</guid>
<link>https://arraybolt3.substack.com/p/the-bug-that-code-couldnt-fix</link>
<description>This isn’t a tech-related post, so if you’re only here for the tech, feel free to skip over.Any of y’all hate spiders? If you had asked me that last week, I would have said “no”. Turns out you just need to get in a fight with the wrong spider to change that. I’m in the central United States, so thankfully I don’t have to deal with the horror spiders places like Australia have. But even in my not-intrinsically-hostile-to-human-life area of the world, we have some horror spiders of our own turns out. The two most common ones (the Brown Recluse and Black Widow) are basically memes at this point because they get mentioned so often; I’ve been bitten by both so far. The Brown Recluse bite wasn’t really that dramatic before, during, or after treatment, so there’s not really a story to tell there. The Black Widow bite on the other hand… oh boy. Holy moly.I woke up last Saturday since the alternative was to sleep for 24 hours straight and that sounded awful. There’s lots of good things to do with a Sabbath, why waste the day on sleep? Usually I spend (or at least am supposed to spend) this day with my family, generally doing Bible study and board games. Over the last few weeks though, I had been using the time to clean up various areas of the house that needed it, and this time I decided to clean up a room that had been flooded some time back. I entered the Room of Despair, with the Sword of Paper Towels in one hand and the Shield of Trash Bags in the other. In front of me stood the vast armies of UghYuck-Hai. (LotR fans will get the joke.<a class="footnote-anchor" data-component-name="FootnoteAnchorToDOM" href="https://arraybolt3.substack.com/feed#footnote-1" id="footnote-anchor-1" target="_self">1</a>) Convinced that I was effectively invulnerable to anything the hoards could do to me, I entered the fray, and thus was the battle joined in the land of MyHome.Fast forward two hours of sorting, scrubbing, and hauling. I had made a pretty decent dent in the mess. I was also pretty tired at that point, and our family’s dog needed me to take him outside, so I decided it was time to take a break. I put the leash on the dog, and headed into the great outdoors for a much-needed breath of fresh air.It was at about that time I realized there was something that felt weird on my left hip. In my neck of the woods, we have to deal with pretty extreme concentrations of mosquitoes, so I figured I probably just had some of my blood repurposed by a flying mini-vampire. Upon closer inspection though, I didn’t see localized swelling indicating a mosquito bite (or any other bite for that matter). The troubled area was just far enough toward my back that I couldn’t see if it had a bite hole or not, and I didn’t notice any kind of discoloration to give me a heads-up either. All I knew is that there was a decent-sized patch of my left hip that HURT if I poked it lightly. I’d previously had random areas of my body hurt when poked (probably from minor bruises), so I just lumped this event in with the rest of the mystery injuries I’ve been through and went on with my day.Upon coming back from helping the dog out, I still felt pretty winded. I chalked that up to doing strenuous work in an area with bad air for too long, and decided to spend some time in bed to recover. One hour in bed turned into two. Two turned into three. Regardless of how long I laid there, I still just felt exhausted. “Did I really work that hard?”, I wondered. It didn’t seem like I had done enough work to warrant this level of tiredness. Thankfully I did get to chat with my mom about Bible stuff for a good portion of that time, so I thought the day had been pretty successful nonetheless.The sun went down. I was still unreasonably tired. Usually this was when me and my mom would play a board game together, but I just wasn’t up for it. I ended up needing to use the restroom, so I went to do that, and that’s when I noticed my now-even-sorer hip wasn’t the only thing that was wrong.While in the restroom, I felt like my digestive system was starting to get sick. This too was pretty easily explainable, I had just worked in filth and probably got exposed to too much yuck for my system to handle. My temperature was a bit higher than normal. Whatever, not like I hadn’t had fevers before. My head felt sore and stuffed up, which again just felt like I was getting sick in general. My vision also wasn’t great, but for all I know that could have just been because I was focusing more on feeling bad and less on the wall of the bathroom I was looking at. At this point, I didn’t think that the sore hip and the sudden onset fever might be related.After coming out of the bathroom, I huddled in bed to try to help the minor fever burn out whatever crud I had gotten into. My mom came to help take care of me while I was sick. To my surprise, the fever didn’t stay minor for long - I suddenly started shivering like crazy even though I wasn’t even remotely cold. My temperature skyrocketed, getting to the point where I was worried it could be dangerously high. I started aching all over and my muscles felt like they got a lot weaker. My heart started pounding furiously, and I felt short of breath. We always keep colloidal silver in the house since it helps with immunity, so my mom gave me some sprays of it and had me hold it under my tongue. I noticed I was salivating a bunch for absolutely no reason while trying to hold the silver spray there as long as I could. Things weren’t really improving, and I noticed my hip was starting to hurt more. I mentioned the sore hip issue to my mom, and we chose to put some aloe vera lotion and colloidal silver on it, just in case I had been bitten by a spider of some sort.That turned out to be a very good, very very VERY painful idea. After rubbing in the lotion, the bitten area started experiencing severe, relentless stabbing pains, gradually growing in intensity as time progressed. For the first few minutes, I was thinking “wow, this really hurts, what in the world bit me?”, but that pretty quickly gave way to “AAAAA! AAAAA! AAAAAAAAAAAAAA!” I kept most of the screaming in my mind, but after a while it got so bad I just rocked back and forth and groaned for what felt like forever. I’d never had pain like this just keep going and going, so I thought if I just toughed it out for long enough it would eventually go away. This thing didn’t seem to work like that though. After who-knows-how-long, I finally realized this wasn’t going to go away on its own, and so, for reasons only my pain-deranged mind could understand, I tried rolling over on my left side to see if squishing the area would get it to shut up. Beyond all logic, that actually seemed to work, so I just stayed there for quite some time.At this point, my mom realized the sore hip and the rest of my sickness might be related (I never managed to put the two together). The symptoms I had originally looked like scarlet fever plus random weirdness, but they turned out to match extremely well with the symptoms of a <a href="https://my.clevelandclinic.org/health/diseases/black-widow-spider-bite">black widow bite</a> (I didn’t have the sweating yet but that ended up happening too). The bite area also started looking discolored, so something was definitely not right. At about this point my kidneys started hurting pretty badly, not as badly as the bite but not too far from it.I’ll try to go over the rest of the mess relatively quickly. In summary:<ul><li>I passed out and fell over while trying to walk back from the restroom at one point. From what I remember, I had started blacking out while in the restroom, realized I needed to get back to bed ASAP, managed to clumsily walk out of the bathroom and most of the way into the bed, then felt myself fall, bump into a lamp, and land on the bed back-first (which was weird, my back wasn’t facing the bed yet). My mom on the other hand, who was not virtually unconscious, reports that I came around the corner, proceeded to fall face first into the lamp with arms outstretched like a zombie, had a minor seizure, and she had to pull me off the lamp and flip me around. All I can think is my brain must have still been active but lost all sensory input and motor control.</li><li>I couldn’t get out of bed for over 48 hours straight thereafter. I’d start blacking out if I tried to stand up for very long.</li><li>A dime-sized area around the bite turned purple, then black. So, great, I guess I can now say a part of me is dead :P At this point we were also able to clearly see dual fang marks, confirming that this was indeed a spider bite.</li><li>I ended up drinking way more water than usual. I usually only drink three or four cups a day, but I drank more like nine or ten cups the day after the bite.</li><li>I had some muscle paralysis that made it difficult to urinate. Thankfully that went away after a day.</li><li>My vision got very, very blurry, and my eyes had tons of pus coming out of them for no apparent reason. This was more of an annoyance than anything, I was keeping my eyes shut most of the time anyway, but the crud kept drying and gluing my eyes shut! It was easy enough to just pick off when that happened, but it was one of those things that makes you go “come on, really?”</li><li>On the third day of recovery, my whole body broke out in a rash that looked like a bunch of purple freckles. They didn’t hurt, didn’t bump up, didn’t even hardly itch, but they looked really weird. Patches of the rash proceeded to go away and come back every so often, which they’re still doing now.</li><li>I ended up missing three days of work while laid up.</li></ul>We kept applying peppermint oil infused aloe vera lotion and colloidal silver to the bite, which helped reduce pain (well, except for the first time anyway :P) and seems to have helped keep the toxins from spreading too much.A couple of questions come to mind at this point. For one, how do I know that it was a black widow that bit me? Unfortunately, I never saw or felt the spider, so I can’t know for an absolute certainty that I was bitten by a black widow (some people report false widows can cause similar symptoms if they inject you with enough venom). But false widows don’t live anywhere even remotely close to where I live, and black widows are both known to live here and we’ve seen them here before. The symptoms certainly aren’t anything remotely close to a brown recluse bite, and while I am not a medical professional, they seem to match the symptoms of black widow bites very, very well. So even if by some chance this wasn’t a black widow, whatever bit me had just as bad of an effect on me as a black widow would have.For two, why didn’t I go to a hospital? Number one, everything I looked up said the most they could do is give you antivenom (which can cause <a href="https://pubmed.ncbi.nlm.nih.gov/21641165/">anaphylaxis</a>, no thank you), or painkillers like fentanyl (which I don’t want anywhere near me, I’d rather feel like I’m dying from a spider bite than take a narcotic painkiller, thanks anyway). Number two, last time a family member had to go to the hospital, the ambulance just about killed him trying to get him there in the first place. I lost most of my respect for my city’s medical facilities that day; if I’m not literally dying, I don’t need a hospital, and if I am dying, my hospitals will probably just kill me off quicker.I’m currently on day 4 of recovery (including the day I was bitten). I’m still lightheaded, but I can stand without passing out finally. The kidney pain went away, as did the stabbing pain in the bite area (though it still aches a bit, and hurts if you poke it). The fever is mostly gone, my eyes are working normally again and aren’t constantly trying to superglue themselves closed, and my breathing is mostly fine again. I’m definitely still feeling the effects of the bite, but they aren’t crippling anymore. I’ll probably be able to work from home in the morning (I’d try to do household chores too but my mom would probably have a heart attack since I just about killed myself trying to get out of the bathroom).Speaking of working from home, it’s half past midnight here, I should be going to bed. Thanks for reading!<div class="footnote" data-component-name="FootnoteToDOM"><a class="footnote-number" contenteditable="false" href="https://arraybolt3.substack.com/feed#footnote-anchor-1" id="footnote-1" target="_self">1</a><div class="footnote-content">The army of Saruman sent against the fortress of Helm’s Deep was made up of half-elven, half-orc creatures known as Uruk-Hai. “Ugh, yuck!” and “Uruk” sounded humorously similar, so I just went with it.</div></div></description>
<pubDate>Wed, 18 Jun 2025 05:35:05 +0000</pubDate>
<enclosure url="https://substackcdn.com/image/fetch/$s_!U9th!,w_256,c_limit,f_auto,q_auto:good,fl_progressive:steep/https%3A%2F%2Fsubstack-post-media.s3.amazonaws.com%2Fpublic%2Fimages%2F81afb1c6-f320-42fc-97ab-f1de570fde3a_288x288.png" length="0" type="image/jpeg"/>
</item>
<item>
<title>Paul Tagliamonte: The Promised LAN</title>
<guid isPermaLink="true">https://notes.pault.ag/tpl/</guid>
<link>https://notes.pault.ag/tpl/</link>
<description>The Internet has changed a lot in the last 40+ years. Fads have come and gone.
Network protocols have been designed, deployed, adopted, and abandoned.
Industries have come and gone. The types of people on the internet have changed
a lot. The number of people on the internet has changed a lot, creating an
information medium unlike anything ever seen before in human history. There’s a
lot of good things about the Internet as of 2025, but there’s also an
inescapable hole in what it used to be, for me.
I miss being able to throw a site up to send around to friends to play with
without worrying about hordes of AI-feeding HTML combine harvesters DoS-ing my
website, costing me thousands in network transfer for the privilege. I miss
being able to put a lightly authenticated game server up and not worry too much
at night – wondering if that process is now mining bitcoin. I miss being able
to run a server in my home closet. Decades of cat and mouse games have rendered
running a mail server nearly impossible. Those who are “brave” enough to try
are met with weekslong stretches of delivery failures and countless hours
yelling ineffectually into a pipe that leads from the cheerful lobby of some
disinterested corporation directly into a void somewhere 4 layers below ground
level.
I miss the spirit of curiosity, exploration, and trying new things. I miss
building things for fun without having to worry about being too successful,
after which “security” offices start demanding my supplier paperwork in
triplicate as heartfelt thanks from their engineering teams. I miss communities
that are run because it is important to them, not for ad revenue. I miss
community operated spaces and having more than four websites that are all full
of nothing except screenshots of each other.
Every other page I find myself on now has an AI generated click-bait title,
shared for rage-clicks all brought-to-you-by-our-sponsors–completely covered
wall-to-wall with popup modals, telling me how much they respect my privacy,
with the real content hidden at the bottom bracketed by deceptive ads served by
companies that definitely know which new coffee shop I went to last month.
This is wrong, and those who have seen what was know it.
I can’t keep doing it. I’m not doing it any more. I reject the notion that
this is as it needs to be. It is wrong. The hole left in what the Internet used
to be must be filled. I will fill it.
<h2 id="what-comes-before-part-b">What comes before part b?</h2>
Throughout the 2000s, some of my favorite memories were from LAN parties at my
friends’ places. Dragging your setup somewhere, long nights playing games,
goofing off, even building software all night to get something working—being
able to do something fiercely technical in the context of a uniquely social
activity. It wasn’t really much about the games or the projects—it was an
excuse to spend time together, just hanging out. A huge reason I learned so
much in college was that campus was a non-stop LAN party – we could freely
stand up servers, talk between dorms on the LAN, and hit my dorm room computer
from the lab. Things could go from individual to social in the matter of
seconds. The Internet used to work this way—my dorm had public IPs handed out
by DHCP, and my workstation could serve traffic from anywhere on the internet.
I haven’t been back to campus in a few years, but I’d be surprised if this were
still the case.
In December of 2021, three of us got together and connected our houses together
in what we now call The Promised LAN. The idea is simple—fill the hole we feel
is gone from our lives. Build our own always-on 24/7 nonstop LAN party. Build a
space that is intrinsically social, even though we’re doing technical things.
We can freely host insecure game servers or one-off side projects without
worrying about what someone will do with it.
Over the years, it’s evolved very slowly—we haven’t pulled any all-nighters.
Our mantra has become “old growth”, building each layer carefully. As of May
2025, the LAN is now 19 friends running around 25 network segments. Those 25
networks are connected to 3 backbone nodes, exchanging routes and IP traffic
for the LAN. We refer to the set of backbone operators as “The Bureau of LAN
Management”. Combined decades of operating critical infrastructure has
driven The Bureau to make a set of well-understood, boring, predictable,
interoperable and easily debuggable decisions to make this all happen.
<a href="https://tpl.house/">Nothing here is exotic or even technically interesting</a>.
<h2 id="applications-of-trusting-trust">Applications of trusting trust</h2>
The hardest part, however, is rejecting the idea that anything outside our own
LAN is untrustworthy—nearly irreversible damage inflicted on us by the
Internet. We have solved this by not solving it. We strictly control
membership—the absolute hard minimum for joining the LAN requires 10 years of
friendship with at least one member of the Bureau, with another 10 years of
friendship planned. Members of the LAN can veto new members even if all other
criteria is met. Even with those strict rules, there’s no shortage of friends
that meet the qualifications—but we are not equipped to take that many folks
on. It’s hard to join—-both socially and technically. Doing something malicious
on the LAN requires a lot of highly technical effort upfront, and it would
endanger a decade of friendship. We have relied on those human, social,
interpersonal bonds to bring us all together. It’s worked for the last 4 years,
and it should continue working until we think of something better.
We assume roommates, partners, kids, and visitors all have access to The
Promised LAN. If they’re let into our friends' network, there is a level of
trust that works transitively for us—I trust them to be on mine. This LAN is
not for “security”, rather, the network border is a social one. Benign
“hacking”—in the original sense of misusing systems to do fun and interesting
things—is encouraged. Robust ACLs and firewalls on the LAN are, by definition,
an interpersonal—not technical—failure. We all trust every other network
operator to run their segment in a way that aligns with our collective values
and norms.
Over the last 4 years, we’ve grown our own culture and fads—around half of the
people on the LAN have thermal receipt printers with open access, for printing
out quips or jokes on each other’s counters. It’s incredible how much network
transport and a trusting culture gets you—there’s a 3-node IRC network, exotic
hardware to gawk at, radios galore, a NAS storage swap, LAN only email, and
even a SIP phone network of “redphones”.
<h2 id="diy">DIY</h2>
We do not wish to, nor will we, rebuild the internet. We do not wish to, nor
will we, scale this. We will never be friends with enough people, as hard as we
may try. Participation hinges on us all having fun. As a result, membership
will never be open, and we will never have enough connected LANs to deal with
the technical and social problems that start to happen with scale. This is a
feature, not a bug.
This is a call for you to do the same. Build your own LAN. Connect it with
friends’ homes. Remember what is missing from your life, and fill it in. Use
software you know how to operate and get it running. Build slowly. Build your
community. Do it with joy. Remember how we got here. Rebuild a community space
that doesn’t need to be mediated by faceless corporations and ad revenue. Build
something sustainable that brings you joy. Rebuild something you use daily.
Bring back what we’re missing.</description>
<pubDate>Mon, 16 Jun 2025 15:58:00 +0000</pubDate>
</item>
<item>
<title>Simon Quigley: Thanks, Mailbox!</title>
<guid isPermaLink="false">https://medium.com/p/0eb072dabbc1</guid>
<link>https://medium.com/@tsimonq2/thanks-mailbox-0eb072dabbc1?source=rss-abe8950a00ea------2</link>
<description><a href="https://medium.com/media/553e1df568153a684bfe861e27692fcb/href">https://medium.com/media/553e1df568153a684bfe861e27692fcb/href</a>A gentleman by the name of Arif Ali reached out to me on LinkedIn. I won’t share the actual text of the message, but I’ll paraphrase: “I hope everything is going well with you. I’m applying to be an Ubuntu ‘Per Package Uploader’ for the SOS package, and I was wondering if you could endorse my application.”Arif, thank you! I have always appreciated our chats, and I truly believe you’re doing great work. I don’t want to interfere with anything by jumping on the wiki, but just know you have my full backing.“So, who actually lets Arif upload new versions of SOS to Ubuntu, and what is it?” Great question!Firstly, I realized that I needed some more info on what SOS is, so I can explain it to you all. On a quick search, <a href="https://docs.redhat.com/en/documentation/red_hat_enterprise_linux/8/html/generating_sos_reports_for_technical_support/generating-an-sos-report-for-technical-support_generating-sos-reports-for-technical-support">this was the first result</a>.Okay, so genuine question…Why does the first DuckDuckGo result for “sosreport” point to an article for a release of Red Hat Enterprise Linux that is two versions old? In other words, hey DuckDuckGo, your grass is starting to get long. Or maybe Red Hat? Can’t tell, I give you both the benefit of the doubt, in good faith.So, I clarified the search and found <a href="https://documentation.ubuntu.com/pro/open-case/">this</a>. Canonical, you’ve done a great job. Red Hat, you could work on your <a href="https://en.wikipedia.org/wiki/Search_engine_optimization">SEO</a> so I can actually find the <a href="https://www.redhat.com/en/technologies/linux-platforms/enterprise-linux">RHEL 10</a> docs quicker, but hey… B+ for effort. ;)Anyway, let me tell you about Arif. Just from my own experiences.He’s incredible. He shows love to others, and whenever I would sponsor one of his packages during my time in Ubuntu, he was always incredibly receptive to feedback. I really appreciate the way he reached out to me, as well. That was really kind, and to be honest, I needed it.As for character, he has my +1. In terms of <a href="https://launchpad.net/~developer-membership-board/+members">the members of the DMB</a> (aside from one person who I will not mention by name, who has caused me immense trouble elsewhere), here’s what I’d tell you if you asked me privately…“It’s just PPU. Arif works on SOS as part of his job. Please, do still grill him. The test, and ensuring people know that they actually need to pass a test to get permissions, that’s pretty important.”That being said, I think he deserves it.Good luck, Arif. I wish you well in your meeting. I genuinely hope this helps. :)And to my friends in Ubuntu, I miss you. Please reach out. I’d be happy to write you a public letter, too. Only if you want. :)<img alt="" height="1" src="https://medium.com/_/stat?event=post.clientViewed&amp;referrerSource=full_rss&amp;postId=0eb072dabbc1" width="1" /></description>
<pubDate>Mon, 09 Jun 2025 17:20:27 +0000</pubDate>
</item>
<item>
<title>Simon Quigley: People in the Arena</title>
<guid isPermaLink="false">https://medium.com/p/abe0d865357f</guid>
<link>https://medium.com/@tsimonq2/people-in-the-arena-abe0d865357f?source=rss-abe8950a00ea------2</link>
<description>Theodore Roosevelt is someone I have admired for a long time. I especially appreciate what has been coined <a href="https://worldfuturefund.org/Documents/maninarena.htm">the Man in the Arena speech</a>.A specific excerpt comes to mind after reading world news over the last twelve hours:“It is well if a large proportion of the leaders in any republic, in any democracy, are, as a matter of course, drawn from the classes represented in this audience to-day; but only provided that those classes possess the gifts of sympathy with plain people and of devotion to great ideals. You and those like you have received special advantages; you have all of you had the opportunity for mental training; many of you have had leisure; most of you have had a chance for enjoyment of life far greater than comes to the majority of your fellows. To you and your kind much has been given, and from you much should be expected. Yet there are certain failings against which it is especially incumbent that both men of trained and cultivated intellect, and men of inherited wealth and position should especially guard themselves, because to these failings they are especially liable; and if yielded to, their- your- chances of useful service are at an end. Let the man of learning, the man of lettered leisure, beware of that queer and cheap temptation to pose to himself and to others as a cynic, as the man who has outgrown emotions and beliefs, the man to whom good and evil are as one. The poorest way to face life is to face it with a sneer. There are many men who feel a kind of twister pride in cynicism; there are many who confine themselves to criticism of the way others do what they themselves dare not even attempt. There is no more unhealthy being, no man less worthy of respect, than he who either really holds, or feigns to hold, an attitude of sneering disbelief toward all that is great and lofty, whether in achievement or in that noble effort which, even if it fails, comes to second achievement. A cynical habit of thought and speech, a readiness to criticise work which the critic himself never tries to perform, an intellectual aloofness which will not accept contact with life’s realities — all these are marks, not as the possessor would fain to think, of superiority but of weakness. They mark the men unfit to bear their part painfully in the stern strife of living, who seek, in the affection of contempt for the achievements of others, to hide from others and from themselves in their own weakness. The rôle is easy; there is none easier, save only the rôle of the man who sneers alike at both criticism and performance.”The riots in LA are seriously concerning to me. If something doesn’t happen soon, <a href="https://www.youtube.com/watch?v=rb8z2BMrd60">this is going to get out of control</a>.If you are participating in these events, or know someone who is, tell them to <a href="https://www.youtube.com/watch?v=QuNOwCBYeE4">calm down</a>. Physical violence is never the answer, no matter your political party.De-escalate immediately.Be well. Show love to one another!<img alt="" height="1" src="https://medium.com/_/stat?event=post.clientViewed&amp;referrerSource=full_rss&amp;postId=abe0d865357f" width="1" /></description>
<pubDate>Mon, 09 Jun 2025 05:58:26 +0000</pubDate>
</item>
<item>
<title>Launchpad News: Phasing out Bazaar code hosting</title>
<guid isPermaLink="false">https://blog.launchpad.net/?p=4464</guid>
<link>https://blog.launchpad.net/general/phasing-out-bazaar-code-hosting</link>
<description><h2>What is Bazaar code hosting?</h2>
Bazaar is a distributed revision control system, originally developed by Canonical. It provides similar functionality compared to the now dominant Git.
Bazaar code hosting is an offering from Launchpad to both provide a Bazaar backend for hosting code, but also a web frontend for browsing the code. The frontend is provided by the Loggerhead application on Launchpad.
<h2><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-sunsetting-bazaar"></a>Sunsetting Bazaar</h2>
Bazaar passed its peak a decade ago. <a href="https://launchpad.net/brz">Breezy</a> is a fork of Bazaar that has kept a form of Bazaar alive, but the last release of Bazaar was in 2016. Since then the impact has declined, and there are modern replacements like Git.
Just keeping Bazaar running requires a non-trivial amount of development, operations time, and infrastructure resources – all of which could be better used elsewhere.
Launchpad will now begin the process of discontinuing support for Bazaar.
<h2><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-timelines"></a>Timelines</h2>
We are aware that the migration of the repositories and updating workflows will take some time, that is why we planned sunsetting in two phases.
<h3><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-phase-1"></a>Phase 1</h3>
Loggerhead, the web frontend, which is used to browse the code in a web browser, will be shut down imminently. Analyzing access logs showed that there are hardly any more requests from legit users, but almost the entire traffic comes from scrapers and other abusers. Sunsetting Loggerhead will not affect the ability to pull, push and merge changes.
<h3><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-phase-2"></a>Phase 2</h3>
From September 1st, 2025, we do not intend to have Bazaar, the code hosting backend, any more. Users need to migrate all repositories from Bazaar to Git between now and this deadline.
<h2><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-migration-paths"></a>Migration paths</h2>
The following blog post describes all the necessary steps on how to convert a Bazaar repository hosted on Launchpad to Git.
<h3><a href="https://jugmac00.github.io/blog/migrate-a-repository-from-bazaar-to-git/" rel="noreferrer noopener" target="_blank">Migrate a Repository From Bazaar to Git</a></h3>
<h2><a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189#p-160870-call-for-action"></a>Call for action</h2>
Our users are extremely important to us. Ubuntu, for instance, has a long history of Bazaar usage, and we will need to work with the Ubuntu Engineering team to find ways to move forward to remove the reliance on the integration with Bazaar for the development of Ubuntu. If you are also using Bazaar and you have a special use case, or you do not see a clear way forward, please reach out to us to discuss your use case and how we can help you.
You can reach us in #launchpad:<a href="http://ubuntu.com/">ubuntu.com</a> on Matrix, or submit a <a href="https://answers.launchpad.net/launchpad">question</a> or send us an e-mail via <a href="mailto:feedback@launchpad.net">feedback@launchpad.net</a>.
It is also recommended to join the ongoing discussion at <a href="https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189">https://discourse.ubuntu.com/t/phasing-out-bazaar-code-hosting/62189</a>.</description>
<pubDate>Fri, 06 Jun 2025 09:26:22 +0000</pubDate>
</item>
<item>
<title>Serge Hallyn: Attitudes on privacy and tracking</title>
<guid isPermaLink="false">http://s3hh.wordpress.com/?p=700</guid>
<link>https://s3hh.wordpress.com/2025/05/25/attitudes-on-privacy-and-tracking/</link>
<description>It’s amazing how quickly public opinion changes. Or, how quickly 
people cave. Remember just 10 years ago, how people felt about 
google glass?
<ul>
<li><a href="https://www.businessinsider.com/i-was-assaulted-for-wearing-google-glass-2014-4" rel="nofollow">https://www.businessinsider.com/i-was-assaulted-for-wearing-google-glass-2014-4</a></li>
<li><a href="https://www.youtube.com/watch?v=m8coAuWZL20" rel="nofollow">https://www.youtube.com/watch?v=m8coAuWZL20</a></li>
</ul>
Or how they felt when they found out target was analyzing their 
purchases and perhaps knew them better than themselves or their 
family?
<ul>
<li><a href="https://techland.time.com/2012/02/17/how-target-knew-a-high-school-girl-was-pregnant-before-her-parents/" rel="nofollow">https://techland.time.com/2012/02/17/how-target-knew-a-high-school-girl-was-pregnant-before-her-parents/</a></li>
<li><a href="https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/" rel="nofollow">https://www.forbes.com/sites/kashmirhill/2012/02/16/how-target-figured-out-a-teen-girl-was-pregnant-before-her-father-did/</a></li>
</ul>
People used to worry about being tracked by companies and government. 
Today, they feel insecure unless they are certain they are being 
tracked. For their own well-being of course. If an online store does 
*not* send an email 10 hours after you’ve “left items in your cart, 
don’t miss out!”, and another the next day, you feel disappointed. I 
believe they’re now seen as sub-par.</description>
<pubDate>Sun, 25 May 2025 13:00:15 +0000</pubDate>
</item>
<item>
<title>Julian Andres Klode: A SomewhatMaxSAT Solver</title>
<guid isPermaLink="true">https://blog.jak-linux.org/2025/05/24/somewhatmax-sat-solver/</guid>
<link>https://blog.jak-linux.org/2025/05/24/somewhatmax-sat-solver/</link>
<description>As you may recall from previous posts and elsewhere I have been busy writing a new solver for APT.
Today I want to share some of the latest changes in how to approach solving.
The idea for the solver was that manually installed packages are always protected from removals –
in terms of SAT solving, they are facts. Automatically installed packages become optional unit
clauses. Optional clauses are solved after manual ones, they don’t partake in normal unit propagation.
This worked fine, say you had
<pre tabindex="0"><code>A # install request for A
B # manually installed, keep it
A depends on: conflicts-B | C
</code></pre>Installing <code>A</code> on a system with <code>B</code> installed installed <code>C</code>, as it was not allowed to
install the <code>conflicts-B</code> package since <code>B</code> is installed.
However, I also introduced a mode to allow removing manually installed packages, and that’s
where it broke down, now instead of <code>B</code> being a fact, our clauses looked like:
<pre tabindex="0"><code>A # install request for A
A depends on: conflicts-B | C
Optional: B # try to keep B installed
</code></pre>As a result, we installed <code>conflicts-B</code> and removed <code>B</code>; the steps the solver takes are:
<ol>
<li><code>A</code> is a fact, mark it</li>
<li><code>A depends on: conflicts-B | C</code> is the strongest clause, try to install <code>conflicts-B</code></li>
<li>We unit propagate that <code>conflicts-B</code> conflicts with <code>B</code>, so we mark <code>not B</code></li>
<li><code>Optional: B</code> is reached, but not satisfiable, ignore it because it’s optional.</li>
</ol>
This isn’t correct: Just because we allow removing manually installed packages doesn’t mean that we should remove manually installed packages if we don’t need to.
Fixing this turns out to be surprisingly easy. In addition to adding our optional (soft) clauses, let’s first assume all of them!
But to explain how this works, we first need to explain some terminology:
<ol>
<li>The solver operates on a stack of decisions</li>
<li>“enqueue” means a fact is being added at the current decision level, and enqueued for propagation</li>
<li>“assume” bumps the decision level, and then enqueues the assumed variable</li>
<li>“propagate” looks at all the facts and sees if any clause becomes unit, and then enqueues it</li>
<li>“unit” is when a clause has a single literal left to assign</li>
</ol>
To illustrate this in pseudo Python code:
<ol>
<li>
We introduce all our facts, and if they conflict, we are unsat:
<div class="highlight"><pre tabindex="0"><code class="language-python3" data-lang="python3">for fact in facts:
 enqueue(fact)
if not propagate():
 return False
</code></pre></div></li>
<li>
For each optional literal, we register a soft clause and assume it. If the assumption fails,
we ignore it. If it succeeds, but propagation fails, we undo the assumption.
<div class="highlight"><pre tabindex="0"><code class="language-python3" data-lang="python3">for optionalLiteral in optionalLiterals:
 registerClause(SoftClause([optionalLiteral]))
 if assume(optionalLiteral) and not propagate():
 undo()
</code></pre></div></li>
<li>
Finally we enter the main solver loop:
<div class="highlight"><pre tabindex="0"><code class="language-python3" data-lang="python3">while True:
 if not propagate():
 if not backtrack():
 return False
 elif &lt;all clauses are satisfied&gt;:
 return True
 elif it := find("best unassigned literal satisfying a hard clause"):
 assume(it)
 elif it := find("best literal satisfying a soft clause"):
 assume(it)
</code></pre></div></li>
</ol>
The key point to note is that the main loop will undo the assumptions in order; so
if you assume <code>A,B,C</code> and <code>B</code> is not possible, we will have also undone <code>C</code>. But since
<code>C</code> is also enqueued as a soft clause, we will then later find it again:
<ol>
<li>Assume <code>A</code>: <code>State=[Assume(A)]</code>, <code>Clauses=[SoftClause([A])]</code></li>
<li>Assume <code>B</code>: <code>State=[Assume(A),Assume(B)]</code>, <code>Clauses=[SoftClause([A]),SoftClause([B])]</code></li>
<li>Assume <code>C</code>: <code>State=[Assume(A),Assume(B),Assume(C)]</code>, <code>Clauses=[SoftClause([A]),SoftClause([B]),SoftClause([C])]</code></li>
<li>Solve finds a conflict, backtracks, and sets <code>not C</code>: <code>State=[Assume(A),Assume(B),not(C)]</code></li>
<li>Solve finds a conflict, backtracks, and sets <code>not B</code>: <code>State=[Assume(A),not(B)]</code> – C is no longer assumed either</li>
<li>Solve, assume <code>C</code> as it satisfies <code>SoftClause([C])</code> as next best literal: <code>State=[Assume(A),not(B),Assume(C)]</code></li>
<li>All clauses are satisfied, solution is <code>A</code>, <code>not B</code>, and <code>C</code>.</li>
</ol>
This is not (correct) MaxSAT, because we actually do not guarantee that we satisfy as many soft clauses as possible. Consider you have the following clauses:
<pre><code>Optional: A
Optional: B
Optional: C
B Conflicts with A
C Conflicts with A
</code></pre>
There are two possible results here:
<ol>
<li><code>{A}</code> – If we assume <code>A</code> first, we are unable to satisfy <code>B</code> or <code>C</code>.</li>
<li><code>{B,C}</code> – If we assume either <code>B</code> or <code>C</code> first, <code>A</code> is unsat.</li>
</ol>
The question to ponder though is whether we actually need a global maximum or whether a local maximum is satisfactory in practice for a dependency solver
If you look at it, a naive MaxSAT solver needs to run the SAT solver <code>2**n</code> times for <code>n</code> soft clauses, whereas our heuristic only needs <code>n</code> runs.
For dependency solving, it seems we do not seem have a strong need for a global maximum:
There are various other preferences between our literals, say priorities;
and empirically, from evaluating hundreds of regressions without the initial assumptions,
I can say that the assumptions do fix those cases and the result is correct.
Further improvements exist, though, and we can look into them if they are needed, such as:
<ul>
<li>
Use a better heuristic:
If we assume 1 clause and solve, and we cause 2 or more clauses to become unsatisfiable,
then that clause is a local minimum and can be skipped.
This is a more common heuristical MaxSAT solver.
This gives us a better local maximum, but not a global one.
This is more or less what the <a href="https://labix.org/smart">Smart package manager</a> did,
except that in Smart, all packages were optional, and the entire solution was scored.
It calculated a basic solution without optimization and then toggled each variable and saw if the score improved.
</li>
<li>
Implement an actual search for a global maximum:
This involves reading the literature.
There are various versions of this, for example:
<ol>
<li>
Find unsatisfiable cores and use those to guide relaxation of clauses.
</li>
<li>
A bounds-based search, where we translate sum(satisifed clauses) &gt; k into SAT, and then search in one of the following ways:
<ol>
<li>from 0 upward</li>
<li>from n downward</li>
<li>perform a binary search on [0, k] satisfied clauses.</li>
</ol>
Actually we do not even need to calculate sum constraints into CNF, because we can just add a specialized new type of constraint to our code.
</li>
</ol>
</li>
</ul></description>
<pubDate>Sat, 24 May 2025 10:14:58 +0000</pubDate>
</item>
</channel>
</rss>

If you would like to create a banner that links to this page (i.e. this validation result), do the following:

Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):

<a href="http://www.feedvalidator.org/check.cgi?url=http%3A//planet.ubuntu.com/rss20.xml"><img src="valid-rss-rogers.png" alt="[Valid RSS]" title="Validate my RSS feed" /></a>

If you would like to create a text link instead, here is the URL you can use:

http://www.feedvalidator.org/check.cgi?url=http%3A//planet.ubuntu.com/rss20.xml

Home · About · News · Docs · Terms