Planet Debian

[ Holger Levsen ]
* Add ppc64el to the list of architectures for python3-guestfs.
You find out more by
visiting the project homepage
10 April, 2026 12:00AM
April 09, 2026
Russell Coker
HP Z640 and E5-2696 v4
I recently decided to upgrade the CPU in my workstation, the
E5-2696 v3 CPU was OK (passmark 2045 for single thread and 21,380 for multi thread) [1]
but I felt like buying something better so I got a
E5-2696 v4 (passmark 2115 and 24,643) [2]
. I chose the E5-2696 v4 because I was looking for a E5-2699 v4 and found an ebay seller who had them at $140 but was offering the E5-2696 v4 for $99 and the passmark results for the two CPUs are almost identical.
After buying the CPU and waiting for it to be delivered I realised that the Z640 doesn’t include it in the list of supported CPUs and that the maximum TDP of any supported CPU is 145W while according to passmark it has a TDP of 150W. I looked for information about it on Intel ARK (the official site for specs of Intel CPUs) and discovered that
“The Intel® Xeon® Processor E5-2696 v4 is designed to be used by system manufacturers (OEMs), and this means they can modify its specifications depending on the system where it will be implemented” and “The processor does not have an ARK page for this reason, since it has no standard specification from Intel, so depending on the original system, it is necessary to contact that system manufacturer for information” [3]
. That’s the official response from an Intel employee saying that there are no standard specs for that CPU!!!
Somehow I had used a E5-2696 v3 for 3 years without realising that
the same lack of support and specs applies to it [4]
I installed the new CPU in another Z640 which had a E5-1620 v3 CPU and it worked. I was a little surprised to discover that the hole in the corner is in the bottom right (according to the alignment of the printed text on the top) for all my E5-26xx CPUs while it’s in the top left on the E5-1620 v3. Google searches for things like “e5-2600 e5-1600 difference” and “e5-2600 e5-1600 difference hole in corner” didn’t turn up any useful information. The best information I found was from the
Linus Tech Tips forum which says that the hole is to allow gasses to escape when the CPU package is glued together [5]
which implies (but doesn’t state) that the location of the hole has no meaning. I had previously thought that the hole was to indicate the location of “pin 1” and was surprised when the new CPU had the hole in the opposite corner. Hopefully in future when people have such concerns they can find this post and not be worried that they are about to destroy their CPU, PC, or both when upgrading the CPU.
The previous Z640 was one I bought from Facebook marketplace for $50 in “unknown condition” in the expectation that I would get at least $50 of parts but it worked perfectly apart from one DIMM socket. The Z640 I’m using now is one I bought from Facebook marketplace for $200 and it’s working perfectly with 4 DIMMs, 128G of RAM, and the E5-2696 v4 CPU. $300 for a workstation with ECC RAM and a 22 core CPU is good value for money!
There are some accounts of the E5-2696 v4 not working on white-box motherboards including a claim that when it was selling for $4000US someone’s motherboard destroyed one. The best plan for such CPUs is to google for someone who’s already got it working in the same machine, which means a name-brand server. That doesn’t guarantee that it will work (Intel refuses to supply specs and states that different items may work differently) but greatly improves the probability.
This system has the HP BIOS version 2.61, note that the Linux
fwupd
package doesn’t seem to update the BIOS on HP workstations so you need to manually download it and install it. There is a possibility that a Z640 with an older BIOS won’t work with this CPU.
Here is the previous post in my Z640 saga [6]
[1]
[2]
[3]
[4]
[5]
[6]
Related posts:
More About the HP ML110 Gen9 and z640
In May 2021 I bought a ML110 Gen9 to use...
HP z840
Many PCs with DDR4 RAM have started going cheap on...
T320 iDRAC Failure and new HP Z640
The Dell T320 Almost 2 years ago I made a...
09 April, 2026 11:33PM
by etbe
April 08, 2026
Jonathan Dowland
nvim-µwiki
In January 2025,
as a pre-requisite for something else, I published a minimal
neovim
plugin called
nvim-µwiki
. It's essentially just the features from
vimwiki
that I regularly use, which is a small fraction them.
I forgot to blog about it. I recently dusted it off and cleaned it up.
You can find it here, along with a longer list of its features and
how to configure it:
I had a couple of design goals. I didn't want to define a new
filetype
so this is designed to work with the existing markdown one. I'm
using neovim, so I wanted to leverage some of its features: this plugin
is written in
Lua
, rather than vimscript. I use the parse trees
provided by
TreeSitter
to navigate the structure of a document.
I also decided to "plug into" the existing tag stack navigation, rather
than define another dimension of navigation (along with buffers, etc.)
to track: Following a wiki-link pushes onto the tag stack, just as if
you followed a tag.
This was my first serious bit of
Lua
programming, as well as my first
dive into neovim (or even vim) internals.
Lua
is quite reasonable. Most
of the vim and neovim architecture is reasonable. The emerging conventions
about structuring neovim plugins are mostly reasonable. TreeSitter is, well,
interesting, but the devil is very much in the details. Somehow all
together the experience for me was largely just frustrating, and I didn't
really enjoy writing it.
08 April, 2026 08:31PM
April 06, 2026
Thorsten Alteholz
My Debian Activities in March 2026
Debian LTS/ELTS
This was my hundred-forty-first month that I did some work for the Debian LTS initiative, started by Raphael Hertzog at Freexian.
During my allocated time I uploaded or worked on:
DLA 4500-1
] gimp security update to fix four CVEs related to denial of service or execution of arbitrary code.
DLA 4503-1
] evolution-data-server to fix one CVE related to a missing canonicalization of a file path.
DLA 4512-1
] strongswan security update to fix one CVE related to a denial of service.
[ELA-1656-1] gimp security update to fix four CVEs in Buster and Stretch related to denial of service or execution of arbitrary code.
[ELA-1660-1] evolution-data-server security update to fix one CVE in Buster and Stretch related to a missing canonicalization of a file path.
[ELA-1665-1] strongswan security update to fix one CVE in Buster related to a denial of service.
[ELA-1666-1] libvpx security update to fix one CVE in Buster and Stretch related to a denial of service or potentially execution of arbitrary code.
I also worked on the
check-advisories
script and proposed a fix for cases where issues would be assigned to the coordinator instead of the person who forgot doing something.
I also did some work for a kernel update and packages
snapd
and
ldx
on security-master and attended the monthly LTS/ELTS meeting. Last but not least I started to work on
gst-plugins-bad1.0
Debian Printing
This month I uploaded a new upstream versions:
epson-inkjet-printer-escpr
to unstable.
sane-airscan
to unstable.
printer-driver-oki
to unstable.
Several packages take care of group lpadmin in their maintainer scripts. With the upload of version 260.1-1 of
systemd
there is now a central package (
systemd | systemd-standalone-sysusers | systemd-sysusers
) that takes care of this. Other dependencies like
adduser
can now be dropped.
This work is generously funded by
Freexian
Debian Lomiri
This month I continued to work on unifying packaging on Debian and Ubuntu. This makes it easier to work on those packages independent of the used platform. I am also able to upload Debian packages to the corresponding Ubuntu PPA now. A small bug had to be fixed in the python script to allow the initial configuration in Launchpad.
This work is generously funded by
Fre(i)e Software GmbH
Debian Astro
This month I uploaded a new upstream version or a bugfix version of:
libplayerone
to experimental. For a list of other packages please see below.
I also uploaded lots of indi-drivers (
libplayerone, libsbig, libricohcamerasdk, indi-asi, indi-eqmod, indi-fishcamp, indi-inovaplx, indi-pentax, indi-playerone, indi-sbig, indi-mi, libahp-xc, indi-aagcloudwatcher, indi-aok, indi-apogee, libapogee3, indi-nightscape, libasi, libinovasdk, libmicam, indi-avalon, indi-beefocus, indi-bresserexos2, indi-dsi, indi-ffmv, indi-fli, indi-gige, info-gphoto, indi-gpsd, indi-gpsnmea, indi-limesdr, indi-maxdomeii, indi-mgen, indi-rtklib, indi-shelyak, indi-starbook, indi-starbookten, indi-talon6, indi-weewx-json, indi-webcam, indi-orion-ssg3, indi-armadillo-playtypus
) to experimental to make progress with the indi-transition. No problems with those drivers appeared and the next step would be the upload of indi version 2.x to unstable. I hope this will happen soon, as new drivers are already waiting in the pipeline. There have been also four packages, that migrated to the official indi package and are no longer needed as 3rdparty drivers (indi-astrolink4, indi-astromechfoc, indi-dreamfocuser, indi-spectracyber).
While working on these packages, I thought about testing them. Unfortunately I don’t have enough hardware to really check out every package, so I can upload most of them only as is. In case anybody is interested in a better testing coverage and me being able to provide upstream patches, I would be very glad about hardware donations.
Debian IoT
This month I uploaded a new upstream version or a bugfix version of:
pywws
to unstable.
Debian Mobcom
This month I uploaded a new upstream version or a bugfix version of:
osmo-trx
to unstable.
misc
This month I uploaded a new upstream version or a bugfix version of:
cc-tool
to unstable.
mailio
to unstable.
gnupg-pkcs11-scd
to unstable.
odoo
to unstable.
I also sponsored the upload of Matomo. Thanks a lot to William for preparing the package.
06 April, 2026 05:45PM
by alteholz
April 04, 2026
Isoken Ibizugbe
Post Outreachy Activities
It’s been about a month since I wrapped up my Outreachy internship, but my journey with
Debian
is far from over. I planned to keep contributing and exploring the community, and these past few weeks have been busy
Testing Locales and Solving Bug #1111214
For the
openQA
project, we decided to explore how accurate local language installations are and see if we can improve the translations. While exploring this, I started working on automating a test for a specific bug report:
Debian Bug #1111214
This is a test I had started by writing a detailed description of the installation process to confirm that selecting the
Spanish_panama
locale works accurately. I spent time studying previous language installation tests, and I learned that I needed to add a specific tag (LANGUAGE-) to the “needles” (visual test markers).
Since the installation wasn’t in English anymore, taking the correct screenshots and defining the areas took quite some time. I used the following command on the CLI to run the test:
`openqa-cli api -X POST isos ISO=debian-live-testing-amd64-gnome.iso DISTRI=debian-live VERSION=forky FLAVOR=gnome LANGUAGE=spanish_panama ARCH=x86_64 BUILD=1311 CHECKSUM=unknown`
While working on this, I got stuck at the
complete_installation
step. Because the keyboard layout had changed to Spanish, the commands required to confirm a successful install weren’t working as expected. Specifically, we had an issue typing the “greater than” sign (>).
My mentor,
Roland Clobus
, worked on a clever maneuver for the keys (AltGr-Shift-X), which was actually submitted
upstream
to openSUSE.
In this step, I also had to confirm that the locale was correctly set to LANG=”es_PA.UTF-8″. I had to dig into the scripts and Linux commands to make this work. It was a bit intimidating at first, but it turned out to be a great learning experience. You can follow my progress on this
Merge Request here
. I’m currently debugging a small issue where the “home” key seems to click twice in the final step, and after that, the test would be complete
Community & Connections
Beyond the code, I’ve been getting more involved in the social side of Debian:
Debian Women:
I attended the monthly meeting and met
Sruthi Chandran
. I’ve always seen her name as an Outreachy organizer, so it was great to meet her! She is currently running for Debian Project Leader (DPL). We also discussed starting technical sessions to introduce members to
packaging
, which I am very excited to learn.
DebConf Preparation:
I am officially preparing for my first
DebConf
! My mentors, Tassia and Roland, along with my fellow intern Hellen, have been incredibly supportive in guiding me through the application and presentation process.
04 April, 2026 11:24PM
by Isoken Ibizugbe
Dima Kogan
Simple gpx export from ridewithgps
The
Tour de Los Padres
is coming! The race organizer post
the route on
ridewithgps
. This works, but has convoluted interfaces for people not wanting to
use their service. I just wrote a simple script to export their data into a
plain .gpx file,
including
all the waypoints; their exporter omits those.
I've seen two flavors of their data, so here're two flavors of the
gpx-from-ridewithgps.py
script:
!/usr/bin/python3
import
sys
import
json
def
quote_xml
(s):
return
s.replace(
"&"
"&"
).replace(
"<"
"<"
).replace(
">"
">"
"Reading stdin"
file
=sys.stderr)
data
= json.load(sys.stdin)
(r
"""
"""
for
item
in
data[
"extras"
]:
if
item[
"type"
] !=
"point_of_interest"
continue
poi
= item[
"point_of_interest"
(f
' '
(f
' {quote_xml(poi["name"])}'
desc
= poi.get(
"description"
""
if
len
(desc):
(f
' {quote_xml(desc)}'
(f
' '
" "
for
pt
in
data.get(
"route"
, {}).get(
"track_points"
, []):
(f
' {pt["e"]}'
" "
""
!/usr/bin/python3
import
sys
import
json
def
quote_xml
(s):
return
s.replace(
"&"
"&"
).replace(
"<"
"<"
).replace(
">"
">"
"Reading stdin"
file
=sys.stderr)
data
= json.load(sys.stdin)
(r
"""
"""
for
poi
in
data[
"points_of_interest"
]:
(f
' '
(f
' {quote_xml(poi["name"])}'
desc
= poi.get(
"description"
""
if
len
(desc):
(f
' {quote_xml(desc)}'
(f
' '
for
poi
in
data[
"course_points"
]:
(f
' '
(f
' {quote_xml(poi["n"])}'
(f
' '
" "
for
pt
in
data[
'track_points'
]:
(f
' {pt["e"]}'
" "
""
You invoke it by downloading the route and feeding it into the script:
curl -s https://ridewithgps.com/routes/54493422.json | ./ridewithgps-to-gpx.py > out.gpx
Note that the route number 54493422 is in the url above.
04 April, 2026 05:21PM
by Dima Kogan
April 02, 2026
Joerg Jaspert
Building a house - 1 year in
Haven’t written here about it, but last March we finally started on
our journey to get our own house build, so we can move out of the
rented flat here.
That will be a big step, both the actual building, but also the
moving - I am living at this one single place for 36 years now.
If you can read german there is
a dedicated
webpage
where I sometimes write about the
process. Will have much more details (and way more ramblings) than the
following part.
If you can’t read german, a somewhat short summary follows
. Yes,
still a lot of text, but shortened, still.
What? Why now?
Current flat has 83m² - which simply isn’t enough space. And
the number of rooms also doesn’t fit anymore. But it is hard to find a
place that fits our requirements (which do include location).
Moving to a different rented place would also mean changed amount of
rent. And nowadays that would be huge increase (my current rent is
still the price from about 30 years ago!).
So if we go and pay more - we could adjust and pay for something we
own instead. And both, my wife and I had changes in our jobs that made
it possible for us now, so we started looking.
Market
Brrrr, looking is good, actually finding something that fits - not so.
We never found an offer that fit. Space wise, sure. But then location
was off, or price was idiotically high. Location fit, but then size
was a joke, and guess about the price… Who needs 200 square meters
with 3 rooms? Entirely stupid design choices there. Or how about 40
square meters of hallway - with 50m² of tiny rooms around. What are
they smoking? Oh, there, useful size, good rooms - but now you want
more money than a kidney is worth, or something. Thanks, no.
New place
In February 2025 we finally got lucky and found a (newly opened) area
with a large number of places to build a house on. Had multiple talks
with someone from on of the companies developing that area (there are
two you can select from), then talked with banks and signed a contract
in March 2025. We got promised that actual house construction would be
first quarter of 2026, finished in second quarter.
House type
There are basically 2 ways of building a new house (that matter here).
First is called “Massivhaus”, second is called “Fertighaus” in german,
roughly translating to solid and prefabricated. The latter commonly a
wood based construction, though it doesn’t need to be. The important
part of it is the prefabrication, walls and stuff get assembled in a
factory somewhere and then transported to your place, where they play
“big kid lego” for a day and suddenly a house is there.
A common thought is “prefabricated” is faster, but that is only a half
true. Sure, the actual work on side is way shorter - usually one or
two days and the house is done - while a massive construction usually
takes weeks to build up. But that is only a tiny part of the time
needed, the major part goes of into planning and waiting and in there
it doesn’t matter what material you end up with.
Money fun
Last year already wasn’t the best time to start a huge loan - but
isn’t it always “
a few years ago would have been better
”? So we had
multiple talks with different banks and specialised consultants until
we found something that we thought is good for us.
Thinking about it now - we should have put even more money on top as
“reserve”, but who could have thought that 2026 turns into such a
shitshow? Does not help at all, quite the contrary. And that damn
lotto game always ends up with the wrong numbers, meh.
Plans and plans and more plans - and rules
For whichever reason you can not just go and put something on your
ground and be happy. At least not if you are part of the normal people and not
enormously rich. There is a large set of rules to follow. Usually that
is a good thing, even though some rules are sometimes hard to understand.
In Germany, besides the usual laws, we have something that is called
“Bebauungsplan”, which translates to “development plan” (don’t know if
that carries the right meaning, it’s a plan on what and how may be
build, which can have really detailed specifications in). It basically
tells you every aspect
on top
of the normal law that you have to
keep in mind.
In our case we have the requirement of 2 full floors and CAN have a
third smaller on top, it limits how high the house can be
and
also
how high our ground floor may be compared to the street. It regulates
where on the property we may build and how much ground we may cover
with the house, it gives a set of colors we are allowed to use, it
demands a flat roof that we must have as a green roof and has a number
of things more that aren’t important enough to list here. If you do
want to see the full list,
my german post on it has all the details
that matter to
us
With all that stuff in mind - off to plans. Wouldn’t have believed how
many details there are to take in. Room sizes are simple, but how to
arrange them for ideal usage of the sun, useful ways inside the house,
but also keeping in mind that water needs to flow through and out.
Putting a bath room right atop a living room means a water pipe needs
to go down there. Switch the bath room side in the house, and it
suddenly is above the kitchen - means you can connect the pipes from
it to the ones from kitchen, which is much preferred than going
through the living room. And lots more such things.
It took us until nearly end of October to finalize the plans! And we
learned a whole load from it. We started with a lot of wishes. The
planner tried to make them work. Then we changed our minds. Plans
changed. Minds changed again. Comparing the end result with the first
draft we changed most of the ground floor around, with only the stairs
and the entrance door at the same position. Less changes for the upper
floor, but still enough.
Side quests
The whole year was riddled with something my son named side quests. We
visited a construction exhibition near us, we went to the house
builders factory and took a look on how they work. We went to many
different other companies that do SOME type of work which we need
soon, say inside floors, painters, kitchen and more stuff.
Of course the most important side quest was a visit to the notary to
finalize the contracts, especially for the plot of land (in Germany
you must have a notary for that to get entered into the governments
books). Creates lots of fees, of course, for the notary and also the
government (both fees and taxes here).
Building permit
We had been lucky and only needed a small change to the plans to get
the building permit - and the second part, the wastewater permit (yes,
you need a separate one for this) also got through without trouble.
Choices, so many of them
So in January we finally had an appointment for something that’s
called “Bemusterung” which badly translates to “Sampling”. Basically
two days at the house builders factory to select all of what’s needed
for the house that you don’t do in the plans. Doors, inside and out
and their type and color and handles. Same things for the windows and
the blinds and the protection level you want the windows to have.
Decide about stairs, design for the sanitary installations - and also
the height of the toilet! - and the tiles to put into the bathrooms.
Decisions on all the tech needed (heating system, ventilation and
whatnot.
Two days, busy ones - and you can easily spend a lot of extra money
here if you aren’t careful. We managed to get “out of it” with only
about 4000€ extra, so pretty good.
Electro and automation
Now, here I am special. Back when I was young the job I learned is
electrician. So here I have very detailed wishes. I am also running
lots of automatism in my current flat - obviously the new house should
be better than that. So I have a lot of ideas and thoughts on it, so
this is entirely extra and certainly out of the ordinary the house
builder usually see.
Which means I do all of that on my own. Well, the planning and some of
the work, I must have a company at hand for certain tasks, it is
required by some rules. But they will do what I planned, as long as I
don’t violate regulations.
Which means the whole electrical installation is … different.
Entirely planned for automatisms and using KNX for it. I am so happy
to ditch Homeassistant and the load of Homematic, Zigbee and ZWave
based wireless things.
Ok, Homeassistant is a nice thing - it can do a lot. And it can bridge
between about any system you can find. But it is a central single point of
failure. And it is a system that needs constant maintenance. Not
touched for a while? Plan for a few hours playing update whack-a-mole.
And often enough a component here or there breaks with an update. Can
be fixed, but takes another hour or two.
So I change. Away from wireless based stuff. To wires. To a system
thats a standard for decades already. And works entirely without a
SPOF. (Yes, you can add one here too). And, most important, should I
ever die - can easily be maintained by anyone out there dealing with
KNX, which is a large number of people and companies. Without digging
through dozens of specialised integrations and whatnot.
I may even end up with Homeassistant again - but that will entirely be
as a client. It won’t drive automations. It won’t be the central point
to do anything for the house. It will be a logging and data collecting
thing that enables me to put up easy visualizations. It may be an easy
interface for smartphones or tablets to control parts of the house,
for those parts where one wants this to happen. Not the usual
day-to-day stuff, extras on top.
Actual work happening
Since march there
finally
is action visible. The base of the house
is getting build. Wednesday the 1st April we finally got the base
slab poured on the construction site and in another 10 days the house
is getting delivered and build up. A 40ton mobile crane will be there.
02 April, 2026 09:23PM
Samuel Henrique
Bringing HTTP/3 to curl on Amazon Linux
tl;dr
Starting with
curl 8.17.0-1.amzn2023.0.2
in Amazon Linux 2023, you can now use HTTP/3.
dnf
swap
-y
libcurl-minimal libcurl-full
dnf
swap
-y
curl-minimal curl-full
curl
--http3-only
(HTTP/3 is only enabled in the curl -full builds)
Or, if you would like to try it out in a container:
podman
run amazonlinux:2023 /bin/sh
-c
dnf upgrade -y --releasever=latest && dnf swap -y libcurl-minimal libcurl-full && dnf swap -y curl-minimal curl-full && curl --http3-only https://example.com
For a list of test endpoints, you can refer to
The Upgrade I Didn't Have to Make
My teammate Steve Zarkos, who previously worked on upgrading OpenSSL in Amazon
Linux from 3.0 to 3.2, spent the last few months on the complex task of bumping
OpenSSL again, this time to 3.5. A bump like this only happens after extensive
code analysis and testing, something that I didn't foresee happening when
AL2023 was released but that was a notable request from users.
Having
enabled HTTP/3 on
Debian
, I was
always keeping an eye on when I would get to do the same for Amazon Linux (mind
you, I work at AWS, in the Amazon Linux org). The bump to OpenSSL 3.5 was the
perfect opportunity to do that, for the first time Amazon Linux is shipping an
OpenSSL version that is supported by ngtcp2 for HTTP/3 support.
Non-Intrusive Change
In order to avoid any intrusive changes to existing users of AL2023, I've only
enabled HTTP/3 in the full build of curl, not in the minimal one, this means
there is no change for the minimal images.
The way curl handles HTTP/3 today also does not lead to any behavior changes
for those who have the full variants of curl installed, this is due to the fact
that HTTP/3 is only used if the user explicitly asks for it with the flags
--http3
or
--http3-only
Side Quests
Supporting HTTP/3 on curl also requires building it with ngtcp2 and nghttp3,
two packages which were not shipped in Amazon Linux, besides, my team doesn't
even own the curl package, we are a security team so our packages are the
security related stuff such as OpenSSL and GnuTLS. Our main focus is the
services behind Amazon Linux's vulnerability handling, not package maintenance.
I worked with the owners of the curl package and got approvals on a plan to
introduce the two new dependencies under their ownership and to enable the
feature on curl, I appreciate their responsiveness.
Amazon Linux 2023 is forked from Fedora, so while introducing ngtcp2, I also
sent a couple of Pull Requests upstream to keep things in sync:
[ngtcp2] package latest release 1.21.0
[ngtcp2] do not skip tests
While building the curl package in Amazon Linux, I've noticed the build was
taking 1 hour from start to end, and the culprit was something well known to
me; tests.
The curl test suite is quite extensive, with more than 1600 tests, all of that
running without parallelization, running two times for each build of the
package; once for the minimal build and again for the full build.
I had previously enabled parallel tests in Debian back in 2024 but never got
around to submit the same improvements to Amazon Linux or Fedora, this is now
fixed. The build times for Amazon Linux came down to 10 minutes under the same
host (previously 1 hour), and Fedora promptly merged my PR to do the same
there:
[curl] run tests in parallel
All of this uncovered a test which is timing-dependent, meaning it's not
supposed to be run with high levels of parallelism, so there goes another PR,
this time to curl:
Flag test 766 as timing-dependent#21155
What started as enabling a single feature turned into improvements that landed
in curl, Fedora, and Amazon Linux alike. I did this in a mix of work and
volunteer time, mostly during work hours (work email address used when this was
the case), but I'm glad I put in the extra time for the sake of improving curl
for everyone.
Release Notes
Amazon Linux 2023 release notes for 2023.10.20260330
02 April, 2026 12:00AM
by Unknown
Reproducible Builds (diffoscope)
diffoscope 316 released
The diffoscope maintainers are pleased to announce the release of diffoscope
version
316
. This version includes the following changes:
[ Jelle van der Waa ]
* Fix compatibility with LLVM version 22.

[ Chris Lamb ]
* Add some debugging info for PyPI debugging.
You find out more by
visiting the project homepage
02 April, 2026 12:00AM
April 01, 2026
Joey Hess
banning all Anthropic employees
Per
my policies
I need to ban every employee and contractor of Anthropic Inc from ever
contributing code to any of my projects. Anyone have a list?
Any project that requires a Developer Certificate of Origin or similar should
be doing this, because Anthropic is making tools that explicitly lie about
the origin of patches to free software projects.
UNDERCOVER MODE — CRITICAL
You are operating UNDERCOVER in a PUBLIC/OPEN-SOURCE repository. [...]
Do not blow your cover.
NEVER include in commit messages or PR descriptions:
[...]
The phrase 'Claude Code' or any mention that you are an AI
Co-Authored-By lines or any other attribution
--
via @vedolos
01 April, 2026 04:36PM
Ben Hutchings
FOSS activity in March 2026
Debian packages:
firmware-nonfree
Bugs
closed
#1064620: firmware-nonfree: suggestions for the packaging, gencontrol.py and debian/rules
closed
#1126797: firmware-intel-graphics: Please ship irci_irci_ecr-master_20161208_0213_20170112_1500.bin as ipu3-fw.bin
closed
#1131751: ABI break in amdxdna npu firmware
Merge requests:
opened and merged
!140: Update to 20260309
opened and merged
!141: Clean up packaging (from Nicolas Boulenguez)
opened
!142: Replace copy-firmware.sh; install files and generate metainfo.xml at build time
Uploads
uploaded version 20260110-1~bpo13+1 to trixie-backports
uploaded version 20260221-1 to unstable
uploaded version 20260221-1~bpo13+1 to trixie-backports
uploaded version 20260309-1 to unstable
hexagon-dsp-binaries
Bugs
replied to and reassigned
#1130844: firmware-qcom-soc depends on unavailable package firmware-qcom-dsp
initramfs-tools
Merge requests:
merged
!172: Use 3cpio for unmkinitramfs/lsinitramfs if available
merged
!186: update-initramfs: support loading post-update hooks from /usr/share/ too
merged
!190: autopkgtest: increase timeout to 240s on s390x
libtirpc
Bugs
replied to and reassigned
#1132176: rpc.mountd: symbol lookup error: rpc.mountd: undefined symbol: rpc_gss_getcred, version TIRPC_0.3.0
libvirt
Bugs
replied to and reassigned
#1130974: libvirt: Should use nftables for IP masquerading to work with PREEMPT_RT
linux
Bugs
replied to
#1128861: linux: when serving NFS, client attempts to lock served files fail with “No locks available”
replied to
#1130656: [grub2] wrong kernel version order
closed
#1132224: linux: nouveau regression on GK208B/GT 730 after kernel update: artifacts and X crashes
Merge requests:
reviewed
!1842: Merge kernel-wedge and use directly
reviewed and merged
!1849: Cleanup installer
merged
!1853: [amd64] drivers/platform/x86/uniwill: Enable UNIWILL_LAPTOP as module
opened and merged
!1854: Fix ordering of kernel version strings for multiple Debian revisions
reviewed and closed
!1857: crypto: padlock-sha - Disable for Zhaoxin processor
opened
!1862: Fix regressions in debian/bin/test-patches
opened
!1865: Draft: hyperv-daemons: Build using upstream Makefile; install hv_fcopy_uio_daemon
(LTS) worked on backports to 5.10 and 6.1 of the fixes for
CrackArmor
security flaws
Uploads
(LTS) uploaded version 5.10.251-1 to bullseye-security
uploaded version 6.12.74-2~bpo12+1 to bookworm-backports
uploaded version 6.18.15-1~bpo13+1 to trixie-backports
uploaded version 6.19.6-2~bpo13+1 to trixie-backports
uploaded version 6.19.8-1~bpo13+1 to trixie-backports
(LTS)
linux-6.1
Uploads
uploaded version 6.1.164-1~deb11u1 to bullseye-security
linux-base
Uploads
uploaded version 4.12.1~bpo12+1 to bookworm-backports
sgt-puzzles
Bugs
closed
#363441: It’s too easy to quit
closed
#550311: slant: Please make shading of filled squares configurable
closed
#1079717: sgt-puzzles: [Mozaic] crashes when copying the game
closed
#1116973: sgt-puzzles: Loopy Spectres type
Uploads
uploaded version 20250730.a7c7826-1 to unstable
wireless-regdb
Uploads
(LTS) uploaded version 2026.02.04-1~deb11u1 to bullseye-security
Debian non-packages:
kernel-team
added script to show status of all kernel team backports
pipeline
Issues
opened
#552: piuparts job fails to install dependencies outside of main
Mailing lists:
debian-kernel
posted and replied to
Agenda items for kernel-team meeting on 2026-03-18
replied to
How is “keep two last kernels” policy implemented?
debian-lts-announce
posted
[SECURITY] [DLA 4498-1] linux security update
posted
[SECURITY] [DLA 4499-1] linux-6.1 security update
posted
[SECURITY] [DLA 4501-1] wireless-regdb new upstream version
linux-bluetooth
(LTS) replied to
[PATCH v3] Bluetooth: L2CAP: Fix invalid response to L2CAP_ECRED_RECONF_REQ
netdev
(LTS) replied to
[PATCH net v2] net: consume xmit errors of GSO frames
stable
patches
(LTS) reviewed
5.10.252
and replied to
various
patches
included
in it
01 April, 2026 03:30PM
by Ben Hutchings
Matthew Garrett
Self hosting as much of my online presence as practical
Because I am bad at giving up on things, I’ve been running my own email
server for over 20 years. Some of that time it’s been a PC at the end of a
DSL line, some of that time it’s been a Mac Mini in a data centre, and some
of that time it’s been a hosted VM. Last year I decided to bring it in
house, and since then I’ve been gradually consolidating as much of the rest
of my online presence as possible on it. I mentioned this
on
Mastodon
and a
couple of people asked for more details, so here we are.
First:
my ISP
doesn’t guarantee a static
IPv4 unless I’m on a business plan and that seems like it’d cost a bunch
more, so I’m doing what I
described
here
: running a Wireguard link
between a box that sits in a cupboard in my living room and the smallest
OVH
instance I can, with an additional IP
address allocated to the VM and NATted over the VPN link. The practical
outcome of this is that my home IP address is irrelevant and can change as
much as it wants - my DNS points at the OVH IP, and traffic to that all ends
up hitting my server.
The server itself is pretty uninteresting. It’s a refurbished HP EliteDesk
which idles at 10W or so, along 2TB of NVMe and 32GB of RAM that I found
under a pile of laptops in my office. We’re not talking rackmount Xeon
levels of performance, but it’s entirely adequate for everything I’m doing
here.
So. Let’s talk about the services I’m hosting.
Web
This one’s trivial. I’m not really hosting much of a website right now, but
what there is is served via Apache with a Let’s Encrypt certificate. Nothing
interesting at all here, other than the proxying that’s going to be relevant
later.
Email
Inbound email is easy enough. I’m running Postfix with a pretty stock
configuration, and my MX records point at me. The same Let’s Encrypt
certificate is there for TLS delivery. I’m using Dovecot as an IMAP server
(again with the same cert). You can find plenty of guides on setting this
up.
Outbound email? That’s harder. I’m on a residential IP address, so if I send
email directly nobody’s going to deliver it. Going via my OVH address isn’t
going to be a lot better. I have a Google Workspace, so in the end I just
made use of
Google’s SMTP relay
service
. There’s
various commerical alternatives available, I just chose this one because it
didn’t cost me anything more than I’m already paying.
Blog
My blog is largely static content generated by
Hugo
. Comments are
Remark42
running in a Docker container. If you don’t want to handle even that level
of dynamic content you can use a third party comment provider like
Disqus
Mastodon
I’m deploying Mastodon pretty much along the lines of the
upstream compose
file
. Apache
is proxying /api/v1/streaming to the websocket provided by the streaming
container and / to the actual Mastodon service. The only thing I tripped
over for a while was the need to set the “X-Forwarded-Proto” header since
otherwise you get stuck in a redirect loop of Mastodon receiving a request
over http (because TLS termination is being done by the Apache proxy) and
redirecting to https, except that’s where we just came from.
Mastodon is easily the heaviest part of all of this, using around 5GB of RAM
and 60GB of disk for an instance with 3 users. This is more a point of
principle than an especially good idea.
Bluesky
I’m arguably cheating here. Bluesky’s federation model is quite different to
Mastodon - while running a Mastodon service implies running the webview and
other infrastructure associated with it, Bluesky has split that into
multiple
parts
. User
data is stored on Personal Data Servers, then aggregated from those by
Relays, and then displayed on Appviews. Third parties can run any of these,
but a user’s actual posts are stored on a PDS. There are various reasons to
run the others, for instance to implement alternative moderation policies,
but if all you want is to ensure that you have control over your data,
running a PDS is sufficient. I followed
these
instructions
other than using Apache as the frontend proxy rather than nginx, and it’s
all been working fine since then. In terms of ensuring that my data remains
under my control, it’s sufficient.
Backups
I’m using
borgmatic
, backing up to a local
Synology NAS and also to my parents’ home (where I have another HP EliteDesk
set up with an equivalent OVH IPv4 fronting setup). At some point I’ll check
that I’m actually able to restore them.
Conclusion
Most of what I post is now stored on a system that’s happily living under a
TV, but is available to the rest of the world just as visibly as if I used a
hosted provider. Is this necessary? No. Does it improve my life? In no
practical way. Does it generate additional complexity? Absolutely. Should
you do it? Oh good heavens no. But you can, and once it’s working it largely
just keeps working, and there’s a certain sense of comfort in knowing that
my online presence is carefully contained in a small box making a gentle
whirring noise.
01 April, 2026 02:35AM
March 31, 2026
Junichi Uekawa
April already.
April already. Wondering how bazel update is going in Debian. Seems like a large undertaking.
31 March, 2026 11:27PM
by Junichi Uekawa
Benjamin Mako Hill
Quote #75514
Although I never submitted to it, I made several appearances in the now-defunct quote database on bash.org (QDB). I’m dealing with a broken keyboard now, and went to dig hard to find
this classic in the Wayback machine
. I thought I would put it back on the web:
my letter "eye" stopped worng
k, too?
yeah
sounds like a mountain dew spill
and comma
those three
ths s horrble
tme for a new eyboard
've successfully taen my eyboard apart and fxed t by cleanng t wth alcohol
stop mang fun of me
ths s a laptop!
It was, in fact, horrble.
31 March, 2026 09:13PM
by Benjamin Mako Hill
C.J. Collier
Finding: Promoting SeaBIOS Cloud Images to UEFI Secure Boot (Proxmox)
Discovery
Legacy cloud templates often lack the partitioning and bootloader
binaries required for UEFI Secure Boot. Attempting to switch such a VM
to OVMF in Proxmox results in “not a bootable disk.” We discovered that
a surgical promotion is possible by manipulating the block device and
EFI variables from the hypervisor.
The Problem
Protective MBR Flags:
Legacy installers often set
the
pmbr_boot
flag on the GPT’s protective MBR. Strict UEFI
implementations (OVMF) will ignore the GPT if this flag is present.
Missing ESP:
Cloud images often lack a FAT32 EFI
System Partition (ESP).
Variable Store:
A fresh Proxmox
efidisk0
is empty and lacks both the trust certificates
(PK/KEK/db) and the BootOrder entries required for an automated
boot.
The “Promotion” Rule
To upgrade a SeaBIOS VM to Secure Boot without a full OS reinstall:
1.
Surgical Partitioning:
Map the disk on the host and
add a FAT32 partition (Type
EF00
). Clear the
pmbr_boot
flag from the MBR. 2.
Binary
Preparation:
Boot the VM in SeaBIOS mode to install
shim
and
grub-efi
packages. Use
grub2-mkconfig
to populate the new ESP. 3.
Trust
Injection:
Use the
virt-fw-vars
utility on the
hypervisor to programmatically enroll the Red Hat/Microsoft CA keys and
any custom certificates (e.g., FreeIPA CA) into the VM’s
efidisk
. 4.
Boot Pinning:
Explicitly set
the UEFI
BootOrder
to point to the
shimx64.efi
path via
virt-fw-vars --append-boot-filepath
Solution (Example Command
Sequence)
On the Proxmox Host (
root
):
# Map and Clean MBR
DEV
$(
rbd
map pool/disk
parted
-s
$DEV
disk_set pmbr_boot off
# Inject Trust and Boot Path (VM must be stopped)
virt-fw-vars
--inplace
/dev/rbd/mapped_efidisk
--enroll-redhat
--add-db
GUID
/path/to/ipa-ca.crt
--append-boot-filepath
'\EFI\centos\shimx64.efi'
--sb
This workflow enables high-integrity Secure Boot environments using
existing SeaBIOS infrastructure templates.
Tweet
31 March, 2026 09:03PM
by C.J. Collier
Thomas Lange
FAIme using apt-cacher-ng
The
FAI.me service
has become faster over the past two months.
First, the tool fai-mirror can now download all packages
in one go (with all their dependencies) instead of downloading one by
one. This helped a lot for the Linux Mint ISO because it uses a long
list of packages.
I've also added a local apt cache (using
apt-cacher-ng
),
so the network speed does not matter any more in most cases.
This led to the following improvements:
Linux Mint install ISOs went from around 6-7 min to now only 2min.
Ubuntu install ISO went from average 3min to around 90 seconds.
The average time for a Debian Linux install ISO dropped from 2min
to 40 seconds.
So far we only had once a problem with apt-cacher-ng, because the
underlying partition was full.
Building cloud and live images do not gain that much from the local
package cache, because most time is spend in extracting and installing
the packages.
31 March, 2026 12:56PM
Russ Allbery
Review: Code Blue—Emergency
Review:
Code Blue—Emergency
, by James White
Series:
Sector General #7
Publisher:
Orb
Copyright:
1987
Printing:
May 2003
ISBN:
0-7653-0663-8
Format:
Trade paperback
Pages:
252
Code Blue—Emergency
(annoying em-dash in original title) is the
seventh book of James White's Sector General science fiction series about
a vast multi-species hospital station. While there are some references to
(and spoilers for) earlier books in the series, you don't have to remember
the previous books to read this one. I had no trouble despite a nine-year
gap.
I read this as part of the Orb
General Practice
omnibus, which
collects this novel and
The Genocidal Healer
Cha Thrat is a Sommaradvan warrior-surgeon, member of a newly-discovered
species that is beginning the process of contact with the Federation. She
saved a Monitor corps human after an accident on her world, performing
some some highly competent surgery on a species she had never seen before.
That plus her somewhat outcast status on her own world due to her very
traditional attitude towards medical ethics led Sector General to extend
an offer of medical internship, and led her to leap into the unknown by
accepting. This may have been a mistake; there is a great deal that Sector
General does not understand about Sommaradvan medical ethics.
This series entry is another proper (if somewhat episodic) novel and the
first book of the series that doesn't primarily focus on Conway. He makes
an appearance in his new role as Diagnostician, but only as a supporting
character.
Code Blue—Emergency
is told in the tight third-person
perspective of Cha Thrat, an alien who finds many things about Sector
General baffling, confusing, and ethically troubling (and who therefore
provides a good reader surrogate for reintroducing the basics of how the
hospital works).
Using an alien viewpoint is a more sophisticated narrative technique than
White has used previously. I'm glad he tried it, and it mostly works,
although I have some complaints. Cha Thrat comes from the middle caste of
a strictly hierarchical society of three castes, but is also immensely
stubborn and used to a medical system in which doctors take sole
responsibility for their patients. This creates a lot of cultural
conflicts, and I do enjoy science fiction where the human attitudes are
portrayed as the strange ones, but the cultural analysis offered by this
novel is not very deep.
The pattern of this book is for Cha Thrat to stumble into a successful
approach to a problem while being either oblivious to or hostile to the
normal hierarchical structure expected of medical trainees. This is
believable as far as it goes. She is a skilled and intelligent doctor with
some good instincts and a strong commitment to patient care, but is also
culturally inclined to not ask for help. It makes sense for that to be a
serious problem in a hospital. Unfortunately, no one says this directly.
Sector General staff get quite upset in ways that seem more territorial
than oriented towards patient safety, no one directly explains to Cha
Thrat why following a process is important or shows examples of what could
go wrong, and plot armor means that her mistakes usually have positive
outcomes. One can extrapolate the reasons why she is not a good medical
student, but the reader is forced to do the extrapolation.
This is the sort of book where the narration makes clear there are
unresolved cultural clashes that are going to cause problems but hides the
details. To Cha Thrat, her perspective is so obvious she never bothers to
explain it to the reader, so the specifics come as a surprise. As with the
alien perspective, I've seen this technique used with more subtlety and
sophistication in other books, but White's version mostly works. Cha Thrat
is a sympathetic protagonist because she is truly trying to take the most
ethical and empathetic action in every situation and is clearly competent.
Most of my frustration as a reader, ironically, lands on the other Sector
General doctors who seem to make little to no effort to understand her
perspective when she fails to conform to their expectations. This is
believable in the abstract, but the whole point of Sector General is that
they're supposed to be wiser about interspecies difference than this.
Also, sometimes their reactions just seem petty. Cha Thrat has a very
hierarchical concept of medicine that matches the social classes of her
culture. For her, the highest tier of doctor are wizards who treat rulers,
because the work of rulers is mostly mental and intellectual and therefore
the diseases of rulers are treated with magic spells performed with words
to reshape their thinking rather than surgery on their bodies. O'Mara and
the other Sector General psychologists take great offense at this,
muttering about being called witch doctors, which I found completely
absurd. This is a comprehensible, if odd, description of psychology from a
wholly alien species. Surely one's first reaction should be that words
like "wizard" or "magic" are translation errors. Don't get offended; look
to see if the underlying substance matches, which it clearly does.
Apart from cultural and psychological clashes,
Code Blue—Emergency
has the standard episodic Sector General structure of interesting medical
mysteries that require lateral thinking. I find this sort of puzzle story
satisfying, particularly given the firm belief of every character in an
essentially pacifist and empathetic approach to even the most alien of
creatures. This determined non-violence is one of the more interesting
things about this series, and it continues here.
White does tend towards both biological and gender essentialism for
everyone other than the protagonist and main supporting characters, but he
seemed to be walking back some of the more outrageous limitations on women
that appeared in previous books. There is still some nonsense in here
about how females of any species can't be Diagnosticians, but then Cha
Thrat, who is female, seems to violate the justification for that rule
over the course of this novel (sadly without comment). Perhaps he's
setting up for proving Sector General wrong about this prejudice.
I picked this up after reading Elizabeth Bear's
Machine
, which is essentially a (better written) Sector General
novel that got me in the mood for reading more. I wouldn't give
Code
Blue—Emergency
any awards, but it delivered exactly what I was looking
for. This series is not as deep or well-written as some more recent SF,
but it is reliably itself and reliably entertaining. There are worse
things in a series. Recommended if you're in the mood for alien
ER
in space.
The omnibus edition that I read has an introduction to both novels by John
Clute. It does add some interesting insights, but (as is somewhat typical
for Clute) it also spoils parts of both books. You may want to read it
after you read the novels.
Followed by
The Genocidal Healer
Rating: 7 out of 10
31 March, 2026 03:08AM
March 30, 2026
Jamie McClelland
Mailman3 has 2 databases. Whoops.
At
May First
we have been carefully planning our
migration of about 1200 lists from mailman2 to mailman3 for almost six months
now. We did a lot of user communications, had several months of beta testing
with a handful of lists ported over, and everything was looking good. So we
kicked off the migration!
But, about 15% of the way through I started seeing sqlite lock errors. Wait,
what? I carefully re-configured mailman3 to use postgres, not sqlite. Well,
yes, but apparently that was for the database managing the email list
configuration, not the database powering the django web app, which,
incidentally, also includes hundresds of gigabytes of archives. In other words,
the one we
really
need in postgres, not sqlite.
Moving from sqlite to postgres
Well that sucks. We immediately stopped the migration to deal with this.
I noticed that the web is full of useful django instructions on how to migrate
your database from one database to antoher. However, if you read the fine
print, those convenient looking “
dumpdata
loaddata
” workflows are designed
to move the table definitions and a small amount of data. In our case, even
after just 15% of our lists moved, our sqlite database was about 30GB.
I considered some of the hacks to manage memory and try to run this via django,
but eventually decided that
pgloader
was a more robust
option. This option also allowed me to more easily test things out on a copy of
our sqlite database (made while mailman was turned off). This way I could
migrate and re-migrate the sqlite database over and over without impacting our
live installation until I was satisfied it was all working.
My first decision was to opt out of pgloader’s schema creation. I used django’s
schema creation tool by:
Turning off mailman3 and mailman3-web and changing the mailman web
configuration to use the new postgresql database.
Running
mailman-web migrate
Changing the mailman web configuration back to sqlite and starting
everything again.
Note: I tried just adding new database settings in the mailman web
configuration indexed to ’new’ - django has the ability to define different
databases by name, then you can run
mailman-web migrate --database new
. But,
during the migration, I caught django querying the sqlite database for some
migrations that required referencing existing fields (specifically hyperkitty’s
0003_thread_starting_email
). I didn’t want any of these steps to touch the
live database so I opted for the cleaner approach.
Once I had a clean postgres schema, I dumped it so I could easily return to
this spot.
Next I started working on our
pgloader
load file. After a lot of trial and
error, I ended with:
LOAD
DATABASE
FROM
sqlite
///
var
lib
mailman3
sqlite
postgres
migration
mailman3web
clean
backup
db
INTO
postgresql
//
mailmanweb
xxxxxxxxxxx
localhost
5432
mailmanweb
WITH
data
only
reset
sequences
include
no
drop
disable
triggers
create
no
tables
batch
size
MB
batch
rows
500
prefetch
rows
50
workers
concurrency
SET
work_mem
to
'64MB'
maintenance_work_mem
to
'512MB'
CAST
type
datetime
to
timestamptz
drop
default
drop
not
null
type
date
to
date
drop
default
drop
not
null
type
int
when
precision
to
boolean
using
tinyint
to
boolean
type
text
to
varchar
using
remove
null
characters
The batch, prefetch, workers and concurreny settings are all there to ensure
memory doesn’t blow up.
I also discovered that I had to make some changes to the schema before loading
data. Mostly truncating tables that the django migrate command populated to
avoid duplicate key errors:
TRUNCATE
TABLE
django_migrations
CASCADE
TRUNCATE
TABLE
django_content_type
CASCADE
TRUNCATE
TABLE
auth_permission
CASCADE
TRUNCATE
TABLE
django_site
CASCADE
And also, I had to change a column type. Apparently the mailman import process
allowed an attachment file name that exceeds the limit for postgres, but was
allowed into sqlite:
ALTER TABLE hyperkitty_attachment ALTER COLUMN name TYPE text
When
pgloader
runs, we still get a lot of warnings from pgloader, which wants
to cast columns differently than django does. These are harmless (I was able to
import the data without a problem).
And there are still a lot of warnings along the lines of:
2026-03-30T14:08:01.691990Z WARNING PostgreSQL warning: constraint “hyperkitty_vote_email_id_73a50f4d_fk_hyperkitty_email_id” of relation “hyperkitty_vote” does not exist, skipping
These are harmless as well. They appear because
disable triggers
disables
foreign key constraints. Without it, we wouldn’t be able to load tables that
require values in tables that have not yet been populated.
After all the tweaking, the import of our 30GB sqlite database took about 40
minutes.
Final Steps
I think the
reset sequences
from
pgloader
should take care of this, but just in case:
mailman-web sqlsequencereset hyperkitty mailman_django auth | mailman-web dbshell
And, just to ensure postgres is optimized, run this in the psql shell:
ANALYZE VERBOSE;
Last thoughts
I understand very well all the decisions the mailman3 devs made in designing
the next version of mailman, and if I was in the same place I may have made
them the same ones. For example, separating the code running the mailing list
from the code managing the archives and the web interface makes perfectly good
sense - many people might want to run just the mailing list part without a web
interface. And building the web interface in django makes a lot of sense as
well - why re-invent the wheel? I’m sure a lot of time and effort was saved by
simply using the built in features you get for free with django.
But the unfortunate consequence of these decisions is that sys admins have a
much harder time. Almost everyone wants the email lists along with the web
interface and the archives. But nobody wants two different configuration files
with different syntaxes and logic, not to mention two different command lines
to use for maintenance and configuration with completely different APIs. Trying
to understand how to change a default template or set list defaults requires a
lot of research and usually you have to write a python script to do it.
I have finally come to the conclusion that mailman2 is designed for sys admins,
while mailman3 is designed for developers.
Despite these short comings, I am impressed with the community and their quick
and friendly responses to the questions of a confused sys admin. That might be
more valuable than anything else.
30 March, 2026 12:27PM
Utkarsh Gupta
FOSS Activites in March 2026
Here’s my monthly but brief update about the activities I’ve done in the FOSS world.
Debian
Whilst I didn’t get a chance to do much, here are still a few things that I worked on:
A quick exchange with Xavier about node-lodash fixes for stable releases.
Uploaded ruby-rack to CVE-2026-25500 & CVE-2026-22860 to sid, trixie, and bookworm.
Started to work on the DebConf Bursary team along with PEB.
Assited a few folks in getting their patches submitted via Salsa.
Mentoring for newcomers.
Moderation of -project mailing list.
Ubuntu
I joined
Canonical to work on Ubuntu full-time
back in February 2021.
Whilst I can’t give a full, detailed list of things I did, here’s a quick TL;DR of what I did:
Successfully released
26.04 LTS Beta
This one was also done without the ISO tracker and cdimage access.
We also worked very hard to build and promote all the image in due time.
This was the first proper milestone with the Test Observer.
We also did a retrospective:
Worked further on the whole artifact signing story for cdimage.
Assisted a bunch of folks with my Archive Admin and Release team hats to:
Review and grant FFes.
Coordinating weekly syncs.
Promoting/demoting binaries to/from main.
Taking care of package removals and so on.
Was pretty occupied with the new release processs architecture and design.
Preparing for the 26.04 LTS final release.
Debian (E)LTS
This month I have worked 50 hours
on
Debian Long Term Support (LTS)
and on its sister
Extended LTS
project and did the following things:
Released Security Updates
libvirt
: Regression introduced by the linux kernel update via DLA 4404-1.
[LTS]
: Fixed the regression (Debian bug #1124549) via
7.0.0-3+deb11u4
for bullseye. This has been released as
DLA 4504-1
ruby-rack
: Path traversal and stored XSS vulnerabilities in directory handling.
[LTS]
: Fixed
CVE-2026-22860
and
CVE-2026-25500
via
2.1.4-3+deb11u5
for bullseye. This has been released as
DLA 4505-1
[bookworm]
: Fixed
CVE-2026-22860
and
CVE-2026-25500
via
2.2.2-0+deb12u1
for bookworm. This has been uploaded to oldstable-security and announced as
DSA 6180-1
[trixie]
: Fixed
CVE-2026-22860
and
CVE-2026-25500
via
3.1.2-0+deb13u1
for trixie. This has been uploaded to stable-security and announced as
DSA 6180-1
vlc
: Out-of-bounds read and denial of service via a crafted MMS server response.
[LTS]
: Fixed
CVE-2025-51602
via
3.0.23-0+deb11u1
for bullseye. This has been released as
DLA 4507-1
[ELTS]
: The 3.0.23 backport is ready but still in testing. Will be released in April.
nss
: Integer overflow in the AES-GCM implementation.
[LTS]
: Fixed
CVE-2026-2781
via
2:3.61-1+deb11u5
for bullseye. This has been released as
DLA 4508-1
gst-plugins-base1.0
: Integer overflow in the RIFF parser.
[LTS]
: Fixed
CVE-2026-2921
via
1.18.4-2+deb11u5
for bullseye. This has been released as
DLA 4514-1
[ELTS]
: Fixed
CVE-2026-2921
via
1.14.4-2+deb10u6
for buster and
1.10.4-1+deb9u7
for stretch. This has been released as
ELA 1669-1
gst-plugins-ugly1.0
: Heap-based buffer overflow and out-of-bounds write in media demuxers.
[LTS]
: Fixed
CVE-2026-2920
and
CVE-2026-2922
via
1.18.4-2+deb11u2
for bullseye. This has been released as
DLA 4516-1
[ELTS]
: Fixed
CVE-2026-2920
and
CVE-2026-2922
via
1.14.4-1+deb10u3
for buster and
1.10.4-1+deb9u3
for stretch. This has been released as
ELA 1670-1
phpseclib
: Name confusion in X.509 certificate verification and a padding oracle timing attack in AES-CBC.
[LTS]
: Fixed
CVE-2023-52892
and
CVE-2026-32935
via
1.0.19-3+deb11u3
for bullseye. This has been released as
DLA 4518-1
[ELTS]
: Fixed
CVE-2023-52892
and
CVE-2026-32935
via
1.0.19-3~deb10u4
for buster. This has been released as
ELA 1671-1
Work in Progress
knot-resolver
: Affected by CVE-2023-26249, CVE-2023-46317, and CVE-2022-40188, leading to Denial of Service.
[LTS]
: Still in back and forth discussion with maintainers on the best way to proceed for the bullseye upload. Git repository for bullseye:
node-lodash
: Affected by
CVE-2025-13465
, prototype pollution in the
baseUnset
function.
[stable]
: Xavier from the JS team ACK’d the patch. The trixie and bookworm uploads will follow.
[LTS]
: The bullseye test and upload will follow in April once the stable uploads are in and ACK’d by the SRMs.
vlc
: Affected by CVE-2025-51602, an out-of-bounds read and denial of service via a crafted 0x01 response from an MMS server.
[LTS]
: 3.0.23 backport is ready but not tested. I’ll get this over the line in March.
[ELTS]
: 3.0.23 backport is ready but not very clean. Would like to complete LTS and get back to this.
Other Activities
[ELTS]
Continued to review ruby-rack for ELTS – it has since received about 13 new CVEs, making it even more chaotic. Might consider releasing in batches.
[E/LTS]
Monitored discussions on mailing lists, IRC, and all the documentation updates.
[E/LTS]
Attended the monthly LTS meeting on IRC.
Summary here
[Other]
Spent quite some time debugging a bug in debusine. Filed
for the same. Have worked on a preliminary patch but would like to submit something for Colin to review. Will follow up in April.
Until next time.
:wq
for today.
30 March, 2026 05:41AM
Russ Allbery
Review: The Cloak and Its Wizard
Review:
The Cloak and Its Wizard
, by R.Z. Nicolet
Publisher:
UpLit Press
Copyright:
February 2026
ISBN:
1-917849-15-X
Format:
Kindle
Pages:
423
The Cloak and Its Wizard
is a standalone (at least so far) urban
fantasy superhero (sort of) novel. R.Z. Nicolet is the marketing pseudonym
for Rachel Reddick. This is her first novel.
I'm picky about wizards.
The wizards themselves will complain about that, but of course I'm
picky. When I choose a wizard, barring utter abandonment of moral
scruples, it's a till-death-do-us-part situation. (Their death, not
mine. I'm the next best thing to indestructible.)
The Cloak of Sunset and Starlight is a major artifact, meaning that it has
its own preferences and is capable of independent action. It has been
sitting in a glass case in the wizards' library for about a hundred years,
waiting for someone interesting. (Well, mostly sitting. Occasionally it
sneaks out to eavesdrop or move the books around.)
Veronica Noble is interesting. She's older than most initiates,
thoughtful, observant, and clearly had some mundane career before joining
the Order. Her aura is appealing, and her mental shields and resistance to
influence are intriguing. Normally, the Cloak would take its time
investigating a new potential wizard, but the Sword was making thoughtful
rattling sounds, and no way is the Cloak going to let the Sword claim her
first. Time to choose a new wizard!
It was nice, being draped over warm shoulders, and feeling a heartbeat
again.
I could tell she closed her eyes without even looking.
She sighed. "I just got picked by the intransigent one, didn't I?"
The last time I picked a book from the Big Idea feature in Scalzi's
Whatever blog
, it
didn't go that well
, but if you're going to
write a book specifically for me, I'm going to read it. There are very few
tropes of SFF that I love more than intelligent companion objects, and
Nicolet's
introduction to the story
was compelling. So I gave this book discovery
method another chance.
I'm glad I did, because this was exactly what I was in the mood for and a
delight from cover to cover.
Veronica Noble is not a typical wizard. She's a surgeon and was quite
happy to be a surgeon until an unexpected encounter with a magical
creature killed her brother. The forgetting spell cast by the wizards who
came to handle the Cassandra wyrm didn't work on her, so she was dragged
reluctantly into the secret magical world of the Order. This long-lived
society of wizards quietly defends the world against magical intrusions
from other planes of existence. Now she's a wizard with a magical cloak,
which she is not at all sure she wants.
Veronica is not the protagonist, though. The Cloak of Sunset and Starlight
is. As far as it is concerned, its job is to assist its wizard, enjoy
watching interesting feats of magic, and look fabulous doing so. It's
protective, dramatic, rather vain, endlessly curious, easily bored, and
intensely loyal. When it becomes clear that the Order has some serious
problems, the Cloak knows what side it's on.
This sounds a bit like urban fantasy, so I was surprised when the first
superheroes showed up, although given the explicit Doctor Strange
inspiration I probably should have expected them. The Order and the
superheroes do not mix, at least at the start of the novel. The wizards
view the superheroes as a loud and irritating intrusion and hide magical
activities from them the same as they do the rest of the world. Veronica's
opening opinion on superheroes is based on being a trauma surgeon in a
hospital dealing with the aftermath of their fights (which makes me wonder
if the author has read
Hench
, although
the idea is older than that book). As with the Order, the role of
superheroes in this world gets more complicated as the plot develops.
There is a surprising amount of plot and some very nice world-building
here, including multiple twists that I was not expecting. Veronica is the
sort of stubborn and deeply ethical person who will not leave a problem
alone if she has the ability to fix it, which is a good recipe for getting
deeper and deeper into a complex plot. She's believable as a surgeon:
somewhat taciturn, calm in emergencies, detail-oriented, methodical, and
not at all dramatic. This makes the Cloak a perfect foil and complement.
Watching their partnership develop was very satisfying.
This is a sidekick novel, and like the best sidekick novels it makes the
not-protagonist more interesting and more relatable by showing them from
an outside and skewed perspective. Piecing together what Veronica must be
thinking is part of the fun, as is sharing the Cloak's protectiveness
towards her as it becomes clear how much she's been through and how good
of a person she is. The Cloak's personality was a little too much like a
cat for me — I would have preferred a more unique viewpoint, fewer
cat-coded shenanigans, and a bit less of the running laundry machine joke.
But that's a quibble. Its endless curiosity drives the plot forward and
uncovers more of the world-building, and I just love reading stories from
the perspective of this sort of loyal and protective magical creature.
I had so much fun with this book. It's a popcorn sort of book, and I
thought the ending sputtered a little, but overall it was great. Parts of
it could have been designed in a lab to appeal to me specifically, so I'm
not sure if other people will enjoy it as much, but its hit rate with my
friends so far has been good.
Highly recommended, and I will be watching for any further novels from
Nicolet.
The Cloak and Its Wizard
reaches a satisfying conclusion and
doesn't advertise itself as part of a series, but there is room for a
sequel. If Nicolet ever writes one, I'd read it.
Rating: 8 out of 10
30 March, 2026 02:46AM
Sahil Dhiman
MiniDebConf Kanpur 2026
MiniDebConf Kanpur 2026
was held on 14th and 15th March 2026 at the Indian Institute of Technology Kanpur.
Having a Debian conference in the North was something many folks wanted.
Ravi
started the discussion (with local IIT Kanpur folks) almost 7 months before the conference. Lots of folks from Debian India joined in organizing the conference, which was nice. All the meeting notes and discussions were posted on the Debian India mailing list, a first.
Despite all the efforts, the conference start was delayed due to logistical issues. Things went fine post Day 1 lunch. We had two days of almost
full schedule
. disaster’s
Decentralising Indian Communication
was an interesting talk, diving into decentralized communication.
IIT Kanpur is a huge campus with nice footpaths and greenery. We got the opportunity to explore their
HPC
at Computer Center post conference.
Work has been started for MiniDebCamp Kochi. More details can be found on the
wiki
Working to make this conference happen was different with all the challenges involved, but overall, everyone was happy with the outcome.
Group photo.
Click to enlarge
30 March, 2026 02:24AM
by Sahil Dhiman
March 29, 2026
Russell Coker
Ebook Readers in Debian
Laptop
For a while I’ve been using Calibre 8.5.0+ds-1+deb13u1 in Debian/Trixie running KDE for reading ebooks on my laptop, it generally works well and has a large font size. The only downsides of it for that use are taking more RAM than I would prefer (about 780M RSS which seems a lot for a relatively simple task) and having separate windows for the list of books and reading an actual book without any options to just open the last book and not delay me.
I tried Arianna 25.04.0-1 in Debian/Trixie, it has a significantly smaller font size and doesn’t allow high contrast colors as the default is black on gray with the dark theme in KDE. It also only allows left and right arrows for moving through the book while Calibre uses up/down, left/right, or pgup/pgdn so whatever keys seem reasonable to you are going to work. The RSS was 762M which wasn’t great but wasn’t the real problem. Rumours of Arianna using less RAM than Calibre seem exaggerated.
Librem5
On my Librem5 phone with Plasma Mobile Calibre 8.5.0+ds-1+deb13u1 both the initial setup screen and the main screen for selecting a book to read don’t work in the width of portrait view on the phone. After putting it in landscape mode it worked, but I couldn’t touch on a book title to select it I had to touch on the number of the book at the left of the list box. But once it was loaded everything was fine. On the Librem5 Arianna 25.04.0-1 just worked fine, although only using left/right swipes to change pages instead of up/down was annoying.
Furilabs FLX1s
On my Furilabs FLX1s with phosh Arianna 25.04.0-1 and Calibre 8.16.2+ds+~0.10.5-3 both gave the same result of not displaying text or images from the book, I’m not sure if it’s phosh or some other aspect of the FLX1s configuration at fault.
PinePhonePro
On my PinePhonePro running Debian/Testing with Plasma Mobile Arianna 25.12.3-1 worked without any issue and up/down swipes worked. Calibre 9.5.0+ds+~0.10.5-1 had the initial screen work fine in portrait mode but the main screen was too wide and needed landscape. Also the issue of having to touch the number applied.
Laptop running Debian/Unstable
Calibre 9.6.0+ds+~0.10.5-2 and Arianna 25.12.3-1 worked quite nicely on a Thinkpad running Debian/Unstable. One thing I discovered while testing it is that Calibre supports the CTRL-PLUS and CTRL-MINUS key combinations to change font sizes and that also works on the version in Debian/Trixie. Arianna doesn’t support CTRL-PLUS/MINUS.
Conclusion
The problems I had were Arianna on a laptop, everything on the Furilabs FLX1s, and Calibre’s UI not being well adjusted for mobile devices.
Related posts:
encryption speed – Debian vs Fedora
I’m in the process of converting my Fedora/rawhide laptop to...
Phone Charging Speeds With Debian/Trixie
One of the problems I encountered with the PinePhone Pro...
Furilabs FLX1s
The Aim I have just got a Furilabs FLX1s [1]...
29 March, 2026 12:29PM
by etbe
Samuel Henrique
Latest NVIDIA Drivers for Debian (Packaged with AI)
tl;dr
This is not an official package, it's good enough for me and it might be good
enough for you, confirmed as working in Debian Testing but I don't have a
Stable machine to test there.
You can use my custom repo to install the latest NVIDIA drivers on Debian
Stable, Testing or Unstable (install from Sid repository):
The page above contains the APT sources you need, just add the one for your
release to
/etc/apt/sources.list.d/r-samueloph-nvidia-ai.sources
, run
sudo apt update
and install the packages, you might need to disable Secure Boot.
This is not about AI
Discussions about AI are quite divisive in the Free Software communities, and
there's so much to be said about it that I'm not willing to go into in this
blog post. This is rather just me telling people that if they need up-to-date
NVIDIA packages for Debian, they could check if my custom repository gets the
job done.
The AI part is a means to an end, I've been careful to note in the repository
names that the packages were produced with AI to respect people who do not want
to run it for any reason.
RTX 5000 series support
Back in May 2025 I
opened a bug
report
asking for
the NVIDIA drivers on Debian to be updated to support the RTX 5000 series. The
Nouveau drivers might be good enough for some people, but I need the NVIDIA
drivers because I want to play games and do experiments with open weight
models.
Opening a bug report doesn't guarantee anything, at the end of the day Debian
Developers are volunteers, so if I really wanted the newer drivers, I would
have to do something about it, ideally submitting a merge request.
I briefly looked into the NVIDIA packaging, which involves 3 source packages
(and one extra git repo for tarballs), unfortunately this was going to take
more time and effort than what I was willing to spend.
What I Did
After a few weeks of lamenting that I wasn't running the NVIDIA drivers, I
figured I was willing to put in more effort than I originally thought, just
enough to instruct the Claude Code agent to package the latest releases. I'm
skilled enough with agentic tools that I knew how to use it to save time;
providing a clear instruction on how to build the package and explaining the
packaging layout, then letting the agent iterate until it gets a working build.
The agent was running inside a VM that didn't have any of my credentials.
After a little bit of back and forth, where I was reviewing the changes guiding
the agent into how to fix certain issues, I ended up with a working set of
packages.
Once I installed it on my machine and confirmed they worked, I set up a
debusine
repository to make it easier to
install future updates, and let others test it out.
Debusine is analogous to Ubuntu's famous PPA, or Fedora's EPEL, it's a
relatively new project but it has been working fine for this.
Matheus Polkorny helped me test the packages and did spot a few issues which
are fixed now. The Debusine developers were also always quick to respond to my
questions and
bug
reports
How Good Is It?
Short answer: good enough for daily use, but not a substitute for an official Debian package.
The whole point of doing this is because I don't have enough free time to
maintain the package myself. All of this work was done as a volunteer, on my
personal time.
This means I'm trusting the agent to some degree; I review its commits but I
don't go too deep into it, the quality will be dictated by the fact that I'm
a Debian Developer and so by how easily I can spot issues without double checking
everything.
I only have a single machine with an NVIDIA GPU, this machine runs Debian
Testing and so I don't have a way to test the Stable packages. I can do my best
to address problems but at this point there is a risk that new updates break
something.
Installing NVIDIA drivers has always been a bit risky regardless, if you're
comfortable with reverting updates and handling a system without a graphical
interface (in case you end up in a tty), you will be fine.
You will likely need to disable Secure Boot in order to use them, or set up your
BIOS so that a MOK can be used to sign the DKMS modules.
When choosing the version strings for the packages, I was careful enough to
pick something that would sort lower than an official Debian package, meaning
that whenever that same version is packaged in Debian, your system will see it
as an upgrade.
If you have any other methods of installing the NVIDIA drivers on your Debian
system that is working for you, you should likely stick to that.
I have a strong preference for installing them through .deb packages, making
the package sort out configuration changes and dependency updates, besides
handling the DKMS modules.
Ultimately I'm not happy with the amount of difficulty that Debian users have in
installing up-to-date NVIDIA drivers, and I hope this makes it easier for some.
How To Install
Head over to the Debusine page that contains both repos for Trixie (Debian
Stable) and Sid (for Debian Testing and Unstable):
If you are running Debian Testing, then pick the Sid repository.
That page contains the contents of the apt
.sources
file you need, create the
file
/etc/apt/sources.list.d/r-samueloph-nvidia-ai.sources
with the sources for your release.
Run
sudo apt update
and install the packages you need, if you already have a
previous version installed,
sudo apt upgrade --update
would update them.
If there are no upgrades, meaning you don't have a previous version installed,
then you need to explicitly install them.
sudo
apt install nvidia-open-kernel-dkms nvidia-driver
If you run into issues in Debian Stable, consider using the Linux kernel package
from the backports repository, if you need an up-to-date NVIDIA driver, you
likely should also be running the backports kernel package (if you can't
upgrade to Debian Testing).
Future Plans
I currently have no means of measuring how many people are using the debusine
repositories, so if you do end up using it feel free to let me know somehow.
I don't know for how long I will keep managing this repository, and how much
effort I will spend, but my machine needs it and for now I will keep it
up-to-date with the latest production-grade NVIDIA drivers.
Sources
The sources of the packages are available under a namespace in Salsa (Debian's
GitLab instance):
You can also get the exact sources used in the repositories from debusine:
29 March, 2026 12:00AM
by Unknown
March 28, 2026
Evgeni Golov
Converting Dovecot password schemes on the fly without (too much) cursing
I finally upgraded my mail server to Debian 13 and, as expected, the Dovecot part was quite a ride.
The configuration syntax changed between Dovecot 2.3 (Debian 12) and Dovecot 2.4 (Debian 13),
so I started first with diffing my configuration against a vanilla Debian 12 one (this setup is slightly old) and then applied the same (logical) changes to a vanilla Debian 13 one.
This mostly went well.
Mostly because my user database is stored in SQL and while the
Dovecot Configuration Upgrader
says it can convert old
dovecot-auth-sql.conf.ext
files to the new syntax,
it only does so for the structure, not the SQL queries themselves.
While I don't expect it to be able to parse the queries and adopt them correctly,
at least a hint that the field names in
userdb
changed and might require adjustment would've been cool.
Once I got that all sorted, Dovecot would still refuse to let me in:
Error: sql: Invalid password in passdb: Weak password scheme 'MD5-CRYPT' used and refused
Yeah, right.
Did I mention that this setup is old?
The quick cure against this is a
auth_allow_weak_schemes = yes
in
/etc/dovecot/conf.d/10-auth.conf
but long term I really should upgrade the password hashes in the database to something more modern.
And this is what this post is about.
My database only contains hashed (and salted) passwords,
so I can't just update them without changing the password.
And while there are only 9 users in total,
I wanted to play nice and professional.
(LOL)
There is a
Converting Password Schemes
howto in the Dovecot documentation,
but it uses a rather odd looking PHP script, wrapped in a shell script which leaks the plaintext password to the process list,
and I really didn't want to remember how to write PHP to complete this task.
Luckily,
I know Python
The general idea is:
As we're using plaintext authentication (
auth_mechanisms = plain login
),
the plaintext password is available during login.
After Dovecot's
imap-login
has verified the password against the old (insecure) hash in the database,
we can
execute a post-login script
which will connect to the database and update it with a new hash of the plaintext password.
To make the plaintext password available to the post-login script,
we add
'%{password}' as userdb_plain_pass
to the
SELECT
statement of our
passdb
query.
The original howto also says to add a
prefetch
userdb
, which we do.
The
sql
userdb
remains, as otherwise Postfix can't use Dovecot to deliver mail.
Now comes the interesting part.
We need to write a script that is executed by Dovecot's
script-login
and that will update the database for us.
Thanks to Python's
passlib
and
mysqlclient
the database and hashing parts are relatively straight forward:
#!/usr/bin/env python3
import
os
import
MySQLdb
import
passlib.hash
DB_SETTINGS
"host"
"127.0.0.1"
"user"
"user"
"password"
"password"
"database"
"mail"
SELECT_QUERY
"SELECT password_enc FROM mail_users WHERE username=
%(username)s
UPDATE_QUERY
"UPDATE mail_users SET password_enc=
%(pwhash)s
WHERE username=
%(username)s
SCHEME
"bcrypt"
EXPECTED_PREFIX
"$2b$"
def
main
():
# https://doc.dovecot.org/2.4.3/core/config/post_login_scripting.html
# https://doc.dovecot.org/2.4.3/howto/convert_password_schemes.html
user
os
environ
get
"USER"
plain_pass
os
environ
get
"PLAIN_PASS"
if
plain_pass
is
not
None
db
MySQLdb
connect
**
DB_SETTINGS
cursor
db
cursor
()
cursor
execute
SELECT_QUERY
"username"
user
})
result
cursor
fetchone
()
current_pwhash
result
if
not
current_pwhash
startswith
EXPECTED_PREFIX
):
hash_module
getattr
passlib
hash
SCHEME
pwhash
hash_module
hash
plain_pass
data
"pwhash"
pwhash
"username"
user
cursor
execute
UPDATE_QUERY
data
cursor
close
()
db
close
()
if
__name__
==
"__main__"
main
()
But if we add that as
executable = script-login /etc/dovecot/dpsu.py
to our
imap-postlogin
service
as the howto suggests, the users won't be able to login anymore:
Error: Post-login script denied access to user
WAT?
Remember that shell script I wanted to avoid?
It ends with
exec "$@"
Turns out the
script-login
"API" is rather interesting.
It's not "pass in a list of scripts to call and I'll call all of them".
It's "pass a list of scripts, I'll
execv
the first item and pass the rest as args, and every item is expected to
execv
the next one again". 🤯
With that (cursed) knowledge, the script becomes:
#!/usr/bin/env python3
import
os
import
sys
import
MySQLdb
import
passlib.hash
DB_SETTINGS
"host"
"127.0.0.1"
"user"
"user"
"password"
"password"
"database"
"mail"
SELECT_QUERY
"SELECT password_enc FROM mail_users WHERE username=
%(username)s
UPDATE_QUERY
"UPDATE mail_users SET password_enc=
%(pwhash)s
WHERE username=
%(username)s
SCHEME
"bcrypt"
EXPECTED_PREFIX
"$2b$"
def
main
():
# https://doc.dovecot.org/2.4.3/core/config/post_login_scripting.html
# https://doc.dovecot.org/2.4.3/howto/convert_password_schemes.html
user
os
environ
get
"USER"
plain_pass
os
environ
get
"PLAIN_PASS"
if
plain_pass
is
not
None
db
MySQLdb
connect
**
DB_SETTINGS
cursor
db
cursor
()
cursor
execute
SELECT_QUERY
"username"
user
})
result
cursor
fetchone
()
current_pwhash
result
if
not
current_pwhash
startswith
EXPECTED_PREFIX
):
hash_module
getattr
passlib
hash
SCHEME
pwhash
hash_module
hash
plain_pass
data
"pwhash"
pwhash
"username"
user
cursor
execute
UPDATE_QUERY
data
cursor
close
()
db
close
()
os
execv
sys
argv
],
sys
argv
:])
if
__name__
==
"__main__"
main
()
And the passwords are getting gradually updated as the users log in.
Once all are updated, we can remove the post-login script and drop the
auth_allow_weak_schemes = yes
28 March, 2026 10:11PM
by evgeni
James Valleroy
Stagger v0.1.0
I’ve decided it’s time to tag a v0.1.0 release on my roguelike game project, Stagger. It’s more of a small demo than a full game at this point. It is turn-based, and has purely text-based “graphics”, like the original Rogue.
Here’s a “screenshot”:
####################
#..................#
#.@................#
#....|.............#
#..................#
#.........>........#
#..................#
#..................#
#..................#
####################
HP: 10/10
You can find the repository at either of these locations:
The game is developed in Python, using ncurses. It is dual-licensed under AGPL and MPL.
28 March, 2026 10:54AM
by James Valleroy
Valhalla's Things
Ink Lightfastness Tests 2026
Posted on March 28, 2026
Tags:
madeof:atoms
topic:inks
Note
This post will be updated in the next weeks with the test results as
they become available.
Note
Most of the images in this post have no real alt-text: they are all
scans of the test sheet at various stages through the test, and the
results visible on them are described in detail at the end of the
post.
Most of the time, what people write by hand will either end up inside a
notebook in a drawer or cupboard where it’s well protected, or thrown in
the recycling where it doesn’t matter.
There are times, however, when things will be exposed to light: it
doesn’t matter whether it’s a work of artistic calligraphy that you want
to frame or a passive-aggressive notice left in the atrium of a
building; it is useful to know whether the work will remain legible or
it will fade into nothing in a short time.
A few inks are tested by the producers for lightfastness according to
some established standard, a few others are declared lightfast in a
generic way, but a lot come with no indication at all.
Proper testing according to the
standard scales
requires significant
equipment to precisely control the exposure, but it’s significantly
easier — and fun — to do a simple test to divide the inks into three
categories:
suitable for framed calligraphy, i.e. it looks the same after 3 months
of direct sun exposure;
suitable for complaining about the way your neighbours deal with the
trash, i.e. still readable after 3 months of exposure;
not suitable for either, i.e. has faded significantly in the same time.
In the past I’ve done some such tests by taping some sheets to a
south-east facing window, and I’ve noticed that most of the results were
already apparent after a month, and there was basically no difference
between two and three months of exposure, but spring equinox to summer
solstice is a nice timeframe to use for such a test (and it leaves time
for a second test of different materials from summer solstice to autumn
equinox), so this is what I’ve chosen to do this year.
Rather than a window, now I have access to a south-facing covered
balcony that is protected from rain but receives quite a bit of direct
sun, so instead of taping sheets to the windows
I’ve prepared a
sturdy cardboard panel that I can leave on a table on the balcony,
hopefully safe from the rain, but well exposed to the sun.
And then made a quick test, and realized that without the window glass
in front, the black strip used to cover the unexposed half of the sample
doesn’t lay flat and lets some sun in, so I used an old cheap
glass frame instead of the panel.
The next step, already in January, was mentioning in a fountain-pen
enthusiasts forum that I planned such a test, and asking if people were
interested in having me buy a few samples of more inks when I was
buying my next pen.
The word “enthusiasts” is probably a hint of the reason why soon
afterwards I received a package with the pen I had planned to buy, its
converter, and a
couple dozens
ink samples.
And then a couple envelopes with additional samples of inks that weren’t
available on the shops, from said enthusiasts.
Added to the inks I already had acquired since the last lightfastness
test, it meant that they couldn’t all fit in one single page, and thus I
had some room to add some inks I had already tested: some were requests,
and for others I tried to select ones that felt relevant.
Since I’m changing the test setup, I’ve decided I should probably keep
doing this until I’ve tested again all of the inks I still have
available.
For the paper, I’ve used A4 sheets of
Clairefontaine Dessin Croquis
160 g/m²
one of my staples that I’m sure I will have available in the next years,
printed with a dot pattern with a laser printer, using
this pdf
And as for the pen I’ve used a fresh Brause n°361 nib: loading a fountain pen
with all of these inks wouldn’t be a reasonable effort, and the 361 is
one of the writing implements I use most anyway. I also used a glass pen
to fill a couple of squares on the paper with more ink.
One side of each sheet was then covered with a strip of 300 g/m² black
paper (also from Clairefontaine), kept in place with three dots of
non-permanent two sided tape, put in the frame and set out in the sun on
the morning of 2026-03-20, the day of the spring equinox.
While I was filling the sheet for the lightfastness tests, I decided to
also prepare a second set of sheet, for a liquid resistance drop test.
On each line, beside the name of the ink, I added five sets of crossing
parallel lines, and let everything dry for a few days.
Then I used a syringe to put a drop of a liquid on each set of lines,
waited for it to be absorbed into the paper and to dry, at least
overnight, but sometimes also for a day or two (life happened), and then
looked at the results and did the next test.
The first liquid was water, with the usual wild difference between
washable and permanent inks, and all of the intermediate possibilities.
The second liquid was isopropyl alcohol, and I was surprised to see
that, with very few exceptions, most inks didn’t change at all. I
wonder whether that’s related to the fact that instead of forming a drop
it was absorbed almost immediately into the paper, and dried in a very
short time.
The third liquid was hydrogen peroxide: beside the individual results I
noticed that its column yellowed visibly; I wonder whether that means
that the paper I used has optical brighteners, and it will also yellow
under the sun: that wouldn’t be ideal, but it would also be a surprise,
for paper that is acid free and sold for arts.
The fourth liquid was citric acid, by mixing a bit less than a teaspoon
of citric acid granules in just enough very warm water (heated to 70°C,
i.e. the lowest temperature available on my kettle) to dissolve most of
the acid. I forgot that I had some old PH strips until one hour after
I’ve put the drop on the paper, and I don’t know whether something had
changed, but when I did remember about them it showed a deep red between
1 and 2. I don’t think I can
trust
those strips too much, however.
This backfired badly: the drop of citric acid never dried out, but
formed a sticky paste that prevented me from scanning the results,
and I’m not sure whether I’ll do the last test, which was supposed to be
household bleach.
Luckily I had scanned the partial results, and they are shown here.
After one full day with plenty of sun, nothing really had changed,
except possibly for a vague hint that the Herbin Bleu Myosotis may have
have been a bit lighter than it started, but it may also have been a
suggestion.
After three days, however, some results started to show, with the most
fugitive inks starting to be visibly changed, becoming either paler or
in some case duller.
And the full week showed more of that, with a few more inks starting to
show visible change.
After two weeks the paper had significantly yellowed, something I did
not expect from drawing paper (and which means that I will probably use
a different paper when making similar tests in the future).
As for the inks, there were a couple more inks with visible changes, but
mostly it was more of the same as seen in the previous week.
Three weeks started to show changes in the black and most irongall inks, and of course more changes in the even less resistant inks.
Week four saw a bit more clouds and rain than the first few weeks, and
there weren’t big changes, but mostly more of what had already started
to happen earlier.
A month didn’t change much compared to the four weeks, but I did the
scans for completeness, and from now on I’m going to update monthly.
These are the inks I’ve tested, and here I’ll add notes on the results,
as soon as they will be available, keeping this section updated.
When nothing is mentioned, it means that there were no changes, either
under the light or under the various liquids.
Lamy Sepia
Not resistant to water, the drop becomes an uniform colour spot.
After one week it started to be just slightly paler, more so after
three weeks.
Sheaffer Skrip Red
Not resistant to water, the drop becomes an uniform colour spot.
After one week it started to be just slightly paler, more so after
three weeks.
Waterman Audacious Red
Not resistant to water, the drop becomes an uniform colour spot.
After three days it started to be just slightly paler, after a week
visibly so. After four weeks it was very pale.
Waterman Harmonious Green
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop looks a bit lighter than the one with just
water.
After one week it started to be just slightly paler, more so after
three weeks. After four weeks it was very pale.
Waterman Mysterious Blue
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop is significantly lighter and tends towards
green.
After two weeks it started to be just slightly paler, after three
weeks it was more gray. After four weeks it was very pale.
Waterman Serenity Blue
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop is almost completely bleached to a light yellow.
After one week it started to be a bit duller. After four weeks it was
paler and duller.
Visconti Blue
Not resistant to water, the drop becomes an uniform colour spot.
After one week it was visibly duller, looking darker than the
original. After three weeks it was duller, and lighter. After a month
it was just a pale gray.
Montblanc Royal Blue
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop is almost completely bleached to a light
yellow.
After one week it started to be just slightly duller, more so after
two weeks. After three weeks it was also paler. After a month it was
just a pale gray.
Montblanc Mystery Black
Not resistant to water, the drop becomes an uniform colour spot.
After three weeks it started to be a bit paler.
Aurora Nero
Not resistant to water, the drop becomes an uniform colour spot.
After three weeks it started to be a bit more brown.
Online Duft Blueberry
Not resistant to water, the drop looks very washed out, although a
hint of the original shape can be guessed; the hydrogen peroxide drop
is almost completely bleached to a light yellow.
After one week it was visibly paler and duller. After three weeks
significantly so. After a month it was a pale grey.
Diamine Forever Ink - Smoky Mauve
After a month it looked a bit more purple.
Diamine Forever Ink - Honey Pot
Diamine Forever Ink - Coral Blaze
Diamine Forever Ink - Red Ochre
Diamine Graphite
Not resistant to water, the drop becomes an uniform colour spot.
Diamine Rustic Brown
Not resistant to water, the drop becomes an uniform colour spot.
After three weeks it started to be very slightely paler.
Diamine China Blue
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop is almost completely bleached to a light
yellow.
After three weeks it started to be paler and duller.
Diamine Inkvent Purple Edition - Glacier
Not resistant to water, there is a drop of uniform colour, but it
maintains a somewhat recognisable shade of the original shape.
After three weeks it started to be lighter.
Fountainfeder STEVE
Not resistant to water, there is a drop of uniform colour, but it
maintains a somewhat recognisable shade of the original shape.
After two weeks the base colour had changed to a pink rather than
purple.
Pilot Iroshizuku Syo Ro
Not resistant to water, there is a drop of uniform colour, but it
maintains a somewhat recognisable shade of the original shape.
After four weeks it was very slightely paler.
Pilot Iroshizuku Shin-Kai
Not resistant to water, there is a drop of uniform colour, but it
maintains a somewhat recognisable shade of the original shape.
After two weeks it had become lighter and more purple. After four
weeks it was a purple gray.
Rohrer & Klingner IG Ebony
Not resistant to water, there is a drop of uniform colour, but it
maintains a recognisable shade of the original shape; under
hydrogen peroxide the shade is significantly lighter.
After four weeks it was a bit lighter
KWZ IG Orange
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide drop is significantly bleached to a light orange.
Kallipos.de Schwarze Eisengallus-Tinte
Water stains the paper, leaving however the original shape quite
visible; is it almost completely bleached by hydrogen peroxide.
After three weeks it started to be very slightely lighter.
Kallipos.de Blaue Eisengallus-Tinte
Water stains the paper, leaving however the original shape quite
visible; is it almost completely bleached by hydrogen peroxide.
After two weeks it had started to become lighter and more gray.
Rohrer & Klingner IG Salix
Water stains the paper, leaving however the original shape quite
visible; is it almost completely bleached by hydrogen peroxide.
After two weeks it had become lighter and significantly more gray.
After a month it was a yellowish gray.
Rohrer & Klingner IG Scabiosa
Water stains the paper with a significant purple spot, leaving
however the original shape quite visible; is is a bit bleached by
hydrogen peroxide, but still quite readable.
Pelikan Edelstein Tanzanite
Not resistant to water, the drop becomes an uniform colour spot, but
there is a visible trace of the original shape.
After three weeks it started to be slightly paler.
Montblanc Burgundy Red
Not resistant to water, the drop becomes an uniform colour spot, with
just a hint of the original shape; slightly bleached by hydrogen
peroxide.
After three weeks it started to be paler.
Cifra inchiostro finissimo verde alla lavanda
Not resistant to water, the drop becomes an uniform colour spot;
quite bleached to a light yellowish green by hydrogen peroxide.
After one week it was visibly paler. After a month it was a still
readable pale trace.
Sennelier Abstract acrylic ink 917 purple
The Feather Pen Ink
Eloquentia Inchiostro nero
DeAtramentis Document Blue
DeAtramentis Document BlueGrey
DeAtramentis Document Brown
DeAtramentis Document Fuchsia
DeAtramentis Document Grau
DeAtramentis Document Green Grey
DeAtramentis Document Light Grey
DeAtramentis Document Moosgrün
DeAtramentis Document Orange
DeAtramentis Document Purpurviolett
DeAtramentis Document Urban Sienna
KWZ Sheen Machine
Not resistant to water, the drop becomes an uniform colour spot; the
hydrogen peroxide bleached away the red sheen. This was one of the
only two inks to react to isopropyl alcohol, which caused a pale cyan
halo around the lines.
After three days it was still perfectly readable, but had visibly
lost some red sheen, after one week the red had completely gone and
it looked very dark blue (but still shiny)
KWZ Walk over Vistula
Not resistant to water, the drop becomes an uniform colour spot.
After four weeks it looked a bit
darker
and duller.
KWZ Warsaw Dreaming
Not resistant to water, the drop becomes an uniform colour spot.
After a month it started to be a bit lighter.
Octopus Neon Violett
Water very lightly stains the paper, leaving however the original
shape quite visible. The other ink that reacted to isopropyl alcohol,
with a pale purple halo around the lines.
After two weeks it was paler, more pink.
Octopus Write & Draw Elephant Black
Platinum blue black
Water stains the paper, leaving however the original shape quite
visible; it is significantly bleached by hydrogen peroxide.
After three weeks it started to become gray.
Pelikan 4001 Brillant-Schwarz
Not resistant to water, the drop becomes an uniform colour spot.
After three weeks it was a bit more brown than black, after a month
noticeably so.
Pelikan 4001 Blau-Schwarz
Water stains the paper, leaving however the original shape quite
visible; it is significantly bleached by hydrogen peroxide.
After three weeks it started to become gray.
Pelikan 4001 Königsblau
Not resistant to water, the drop becomes an uniform colour spot, with
just a hint of the original shape; significantly bleached by hydrogen
peroxide.
After three days it had started to be slightly paler.
After three weeks it was significantly desaturated.
Herbin Bleu Myosotis
Not resistant to water, the drop becomes an uniform pink spot,
significantly bleached by hydrogen peroxide.
After three days it was already visibly paler, after one week it was
a pale grey. After a month it was still somehow readable, but as a
trace.
Faber Castell Royal Blue
Not resistant to water, the drop becomes an uniform colour spot, with
just a hint of the original shape; significantly bleached by hydrogen
peroxide.
After three days it was slightly duller, after two weeks definitely
so. After a month it was also quite paler.
Koh-I-Noor Fountain pen ink blue
Not resistant to water, the drop becomes an uniform colour spot, with
just a hint of the original shape; significantly bleached by hydrogen
peroxide.
After three days it had started to be slightly paler, more so after
one week when it had also turned grey. After four weeks it was very
pale.
Koh-I-Noor Document Ink Blue
Koh-I-Noor Document Ink Black
Water leaves a very light stain, but the original shape doesn’t look
changed.
DeAtramentis Document Black
Waterman Intense Black
Not resistant to water, the drop becomes an uniform colour spot, with
a trace of the original shape still visible; very lightly bleached by
hydrogen peroxide.
After three weeks it started to look a bit more brown, noticeably so
after a month.
Herbin Perle Noir
Not resistant to water, the drop becomes an uniform colour spot, with
a trace of the original shape still visible.
After three weeks it started to look a bit more brown, noticeably so
after a month.
Parker Quink black
Not resistant to water, the drop becomes an uniform colour spot.
Platinum Carbon black
Rohrer & Klingner Documentus Black
Sailor Pigment Kiwaguro
Platinum Dyestuff Red
Not resistant to water, the drop becomes an uniform colour spot; very
lightly bleached by hydrogen peroxide.
After three weeks it was a bit paler.
Noodler’s Eternal Polar Blue
which would be spend the day covered by mostly closed
shutters anyway, because they receive quite a bit of direct sun, and
we don’t want that to enter the house during the summer.
↩︎
and thus, I hope, not especially UV-filtering.
↩︎
28 March, 2026 12:00AM
March 27, 2026
Jonathan Dowland
Digital gardening
I was reading
a post
on
Alex Chan's
website
that referenced the concept of
digital gardens
a concept/analogy for organising information which dates back to the 90s.
This old concept is getting new traction today by contrasting the approach
with "endless stream" as used and abused by social media, but also how blogs
are typically presented.
This site
, my homepage, has a blog, and that's the bit that most people who
interact with the site will experience. Partly, because it's the bit that gets
syndicated out: via
feeds
; on
Planet
Debian
and downstream from it; once upon a time on
Twitter; nowadays on
the Fediverse
However there's more to my homepage than that. The rest of it may be of little
interest to anyone beside me, but it's useful to me, at least. So I may switch
focus a little bit from mainly writing blog posts, and tend to the rest of the
garden a bit more.
Some recent seeding and pruning:
Recently my guest status at Newcastle University came up for renewal, so I
wrote down my goals in the Historic Computing Committee for the next year or
so, and put them here:
nuhcc
. I've also been pondering what I'm up to in
Debian
at the moment, so took some time to add my current projects to
that page.
I'm reminded that I should really publish a "blog roll" of cool
blogs I'm following at the moment, of which Alex Chan's is one.
27 March, 2026 10:05PM
A complete feed is available in any of your favourite syndication formats linked by the buttons below.
All times are UTC.
Contact:
Debian Planet Maintainers
Planetarium
Planet Debian
Planet Debian Derivatives
Planet Debian Spanish
Planet Debian French
Hidden Feeds
You currently have hidden entries.
Show all
Subscriptions
(feed)
Abhijith PA
(feed)
Abiola Ajadi
(feed)
Adam Rosi-Kessel
(feed)
Adnan Hodzic
(feed)
Agathe Porte
(feed)
Ahmed Siam
(feed)
Aigars Mahinovs
(feed)
Alberto García
(feed)
Albiona Hoti
(feed)
Alejandro Rios P.
(feed)
Alex Muntada
(feed)
Alexander Wirt
(feed)
Alexandre Viau
(feed)
Aloïs Micard
(feed)
Ana Beatriz Guerrero Lopez
(feed)
Anastasia Tsikoza
(feed)
Andreas Bombe
(feed)
Andreas Metzler
(feed)
Andreas Rönnquist
(feed)
Andreas Schuldei
(feed)
Andree Leidenfrost
(feed)
Andrej Belym
(feed)
Andrej Shadura
(feed)
Andrew Cater
(feed)
Andrew Pollock
(feed)
Andy Simpkins
(feed)
Anisa Kuci
(feed)
Antoine Beaupré
(feed)
Anton Gladky
(feed)
Antonio Terceiro
(feed)
Antti-Juhani Kaijanaho
(feed)
Anuradha Weeraman
(feed)
Arianit Dobroshi
(feed)
Arnaud Rebillout
(feed)
Aron Xu
(feed)
Arthur Diniz
(feed)
Arturo Borrero González
(feed)
Athos Ribeiro
(feed)
Aurelien Jarno
(feed)
Axel Beckert
(feed)
Ayoyimika Ajibade
(feed)
Balasankar 'Balu' C
(feed)
Bastian Blank
(feed)
Bastian Venthur
(feed)
Bdale Garbee
(feed)
Ben Hutchings
(feed)
Benjamin Drung
(feed)
Benjamin Kerensa
(feed)
Benjamin Mako Hill
(feed)
Bernd Zeimetz
(feed)
Bernhard R. Link
(feed)
Biella Coleman
(feed)
Billy Warren
(feed)
Birger Schacht
(feed)
Bits from Debian
(feed)
Brett Parker
(feed)
Brice Goglin
(feed)
Bálint Réczey
(feed)
C.J. Collier
(feed)
Caleb Adepitan
(feed)
Candy Tsai
(feed)
Carl Chenet
(feed)
Carlos Villegas
(feed)
Charles
(feed)
Charles Plessy
(feed)
Chris Butler
(feed)
Chris Lamb
(feed)
Chris Lawrence
(feed)
Christian Kastner
(feed)
Christine Spang
(feed)
Christoph Berg
(feed)
Christoph Berg
(feed)
Christoph Egger
(feed)
Clint Adams
(feed)
Colin Watson
(feed)
Craig Sanders
(feed)
Cyril Brulebois
(feed)
Dan Weber
(feed)
Daniel Baumann
(feed)
Daniel Kahn Gillmor
(feed)
Daniel Lange
(feed)
Daniel Leidert
(feed)
Dariusz Dwornikowski
(feed)
Dave Hibberd
(feed)
David Bremner
(feed)
David Kalnischkies
(feed)
David Moreno
(feed)
David Nusinow
(feed)
David Paleino
(feed)
David Watson
(feed)
David Wendt Jr.
(feed)
Davide Viti
(feed)
DebConf team
(feed)
Debian Brasil
(feed)
Debian GSoC Kotlin project blog
(feed)
Debian Java Packaging Team
(feed)
Debian Med
(feed)
Debian Outreach Team
(feed)
Debian Project Leader
(feed)
Debian Social Team
(feed)
Debian Sysadmin Team
(feed)
Debian XMPP Team
(feed)
Debichem Team
(feed)
Deepanshu Gajbhiye
(feed)
Didier Raboud
(feed)
Dima Kogan
(feed)
Dimitri John Ledkov
(feed)
Dirk Eddelbuettel
(feed)
Divine Attah-Ohiemi
(feed)
Dmitry Shachnev
(feed)
Dogukan Celik
(feed)
Dominique Dumont
(feed)
Don Armstrong
(feed)
Eddy Petrișor
(feed)
Eduard Sanou
(feed)
Eduardo Marcel Macan
(feed)
Edward Betts
(feed)
Elana Hashman
(feed)
Emanuele Rocca
(feed)
Emilio Pozuelo Monfort
(feed)
Emmanuel Kasper
(feed)
Enrico Zini
(feed)
Eriberto Mota
(feed)
Eric Dorland
(feed)
Erich Schubert
(feed)
Eugen Stan
(feed)
Eugene V. Lyubimkin
(feed)
Evgeni Golov
(feed)
Floris Stoica-Marcu
(feed)
Foteini Tsiami
(feed)
Francesco Paolo Lovergine
(feed)
François Marier
(feed)
Freexian Collaborators
(feed)
Giacomo Catenazzi
(feed)
Giovanni Mascellani
(feed)
Giuseppe Iuculano
(feed)
Gregor Herrmann
(feed)
Gregory Colpart
(feed)
Guido Günther
(feed)
Guido Günther
(feed)
Guilherme Puida Moreira
(feed)
Gunnar Wolf
(feed)
Gustavo Franco
(feed)
Gustavo R. Montesino
(feed)
Hellen Chemtai
(feed)
Hideki Yamane
(feed)
Héctor Orón Martínez
(feed)
Iain R. Learmonth
(feed)
Ian Jackson
(feed)
Ian Wienand
(feed)
Igor Genibel
(feed)
Ingo Juergensmann
(feed)
Isoken Ibizugbe
(feed)
Iustin Pop
(feed)
Jacob Adams
(feed)
James Bromberger
(feed)
James McCoy
(feed)
James Morrison
(feed)
James Valleroy
(feed)
Jamie McClelland
(feed)
Jaminy Prabaharan
(feed)
Jan Dittberner
(feed)
Jan Wagner
(feed)
Jeff Bailey
(feed)
Jeff Licquia
(feed)
Jelmer Vernooij
(feed)
Jeremy Bicha
(feed)
Jingjie Jiang
(feed)
Jo Shields
(feed)
Joachim Breitner
(feed)
Joerg Jaspert
(feed)
Joey Hess
(feed)
Johannes Schauer Marin Rodrigues
(feed)
John Goerzen
(feed)
Jonas Meurer
(feed)
Jonas Smedegaard
(feed)
Jonathan Carter
(feed)
Jonathan Dowland
(feed)
Jonathan McDowell
(feed)
Jonathan Wiltshire
(feed)
Jonathan Yu
(feed)
Jonny Lamb
(feed)
Jordi Mallach
(feed)
Joseph Bisch
(feed)
Josselin Mouette
(feed)
Juan Luis Belmonte
(feed)
Julian Andres Klode
(feed)
Julien Viard de Galbert
(feed)
Junichi Uekawa
(feed)
Jurij Smakov
(feed)
Justus Winter
(feed)
Kai Wasserbäch
(feed)
Kalyani Kenekar
(feed)
Kartik Mistry
(feed)
Kathara Sasikumar
(feed)
Kees Cook
(feed)
Keith Packard
(feed)
Kentaro Hayashi
(feed)
Kunal Mehta
(feed)
Kurt Kremitzki
(feed)
Kurt Roeckx
(feed)
Laura Arjona Reina
(feed)
Leandro Doctors
(feed)
Leandro Gómez
(feed)
Leo 'costela' Antunes
(feed)
Lior Kaplan
(feed)
Lisandro Damián Nicanor Pérez Meyer
(feed)
Louis-Philippe Véronneau
(feed)
Luca Bruno
(feed)
Luca Falavigna
(feed)
Luca Favatella
(feed)
Lucas Nussbaum
(feed)
Luciano Prestes Cavalcanti
(feed)
Lukas Märdian
(feed)
Luke Faraone
(feed)
MJ Ray
(feed)
Manuel A. Fernandez Montecelo
(feed)
Marc 'HE' Brockschmidt
(feed)
Marcela Tiznado
(feed)
Marco d'Itri
(feed)
Maria Glukhova
(feed)
Mark Brown
(feed)
Marko Lalic
(feed)
Markus Koschany
(feed)
Martin Michlmayr
(feed)
Martin Zobel-Helas
(feed)
Martin-Éric Racine
(feed)
Masayuki Hatta
(feed)
Mateus Bellomo
(feed)
Mathieu Parent
(feed)
Matrix on Debian blog
(feed)
Matthew Garrett
(feed)
Matthew Palmer
(feed)
Matthias Geiger
(feed)
Matthias Klumpp
(feed)
Matthias Urlichs
(feed)
Matthieu Caneill
(feed)
Mehdi Dogguy
(feed)
Meike Reichle
(feed)
Melissa Wen
(feed)
Mesutcan Kurt
(feed)
Michael Ablassmeier
(feed)
Michael Casadevall
(feed)
Michael Meskes
(feed)
Michael Prokop
(feed)
Michael Stapelberg
(feed)
Michael Vogt
(feed)
Michal Čihař
(feed)
Miguel Gea
(feed)
Mike Beattie
(feed)
Mike Gabriel
(feed)
Mike Hommey
(feed)
Mirco Bauer
(feed)
Moray Allan
(feed)
NOKUBI Takatsugu
(feed)
Neil McGovern
(feed)
NeuroDebian
(feed)
Nico Golde
(feed)
Nicolas Dandrimont
(feed)
Niels Thykier
(feed)
Noah Meyerhans
(feed)
Norman García
(feed)
Obey Arthur Liu
(feed)
Olivier Grégoire
(feed)
Olly Betts
(feed)
Ondřej Čertík
(feed)
Osamu Aoki
(feed)
Otto Kekäläinen
(feed)
Pablo S. Torralba
(feed)
Patrick Matthäi
(feed)
Patryk Cisek
(feed)
Pau Garcia i Quiles
(feed)
Paul Tagliamonte
(feed)
Paul Tagliamonte
(feed)
Paul Tagliamonte
(feed)
Paul Wise
(feed)
Paul van Tilburg
(feed)
Paulo Henrique de Lima Santana
(feed)
Pavit Kaur
(feed)
Pete Nuttall
(feed)
Peter Palfrader
(feed)
Peter Pentchev
(feed)
Petter Reinholdtsen
(feed)
Phil Hands
(feed)
Philipp Kern
(feed)
Qendresa Hoti
(feed)
Rémi Vanicat
(feed)
Raju Devidas
(feed)
Raphaël Hertzog
(feed)
Raphael Geissert
(feed)
Ravi Dwivedi
(feed)
Reinhard Tartler
(feed)
Renata D'Avila
(feed)
Reproducible Builds
(feed)
Reproducible Builds (diffoscope)
(feed)
Rhonda D'Vine
(feed)
Ricardo Mones
(feed)
Riku Voipio
(feed)
Ritesh Raj Sarraf
(feed)
Rob Taylor
(feed)
Robert Edmonds
(feed)
Robert McQueen
(feed)
Robert Millan
(feed)
Rodrigo Siqueira
(feed)
Rogério Brito
(feed)
Roland Mas
(feed)
Romain Perier
(feed)
Ross Gammon
(feed)
Ruby Team
(feed)
Rudy Godoy
(feed)
Russ Allbery
(feed)
Russell Coker
(feed)
Ryan Kavanagh
(feed)
Sahil Dhiman
(feed)
Sam Hartman
(feed)
Samuel Henrique
(feed)
Sandro Knauß
(feed)
Sandro Tosi
(feed)
Santiago García Mantiñán
(feed)
Satyam Zode
(feed)
Scarlett Gately Moore
(feed)
Scott Kitterman
(feed)
Sean Whitton
(feed)
Sergey Davidoff
(feed)
Sergio Cipriano
(feed)
Sergio Durigan Junior
(feed)
Sergio Talens-Oliag
(feed)
Sha Liu
(feed)
Shashank Kumar
(feed)
Siegfried Gevatter
(feed)
Simon Désaulniers
(feed)
Simon Huggins
(feed)
Simon Josefsson
(feed)
Simon Law
(feed)
Simon McVittie
(feed)
Sjoerd Simons
(feed)
Soeren Sonnenburg
(feed)
Sorina Sandu
(feed)
Stefano Rivera
(feed)
Stefano Zacchiroli
(feed)
Stein Magnus Jodal
(feed)
Steinar H. Gunderson
(feed)
Stephan Lachnit
(feed)
Steve Kemp
(feed)
Steve Langasek
(feed)
Steve McIntyre
(feed)
Sune Vuorela
(feed)
Sven Hoexter
(feed)
Sylvain Beucler
(feed)
Sylvain Le Gall
(feed)
Sylvestre Ledru
(feed)
Taavi Väänänen
(feed)
Tanguy Ortolo
(feed)
Taowa
(feed)
Thadeu Lima de Souza Cascardo
(feed)
Theppitak Karoonboonyanan
(feed)
Thibaut Girka
(feed)
Thomas Girard
(feed)
Thomas Goirand
(feed)
Thomas Lange
(feed)
Thorsten Alteholz
(feed)
Tiago Bortoletto Vaz
(feed)
Tianon Gravi
(feed)
Tim Retout
(feed)
Timo Jyrinki
(feed)
Todd Troxell
(feed)
Tollef Fog Heen
(feed)
Ulrich Dangel
(feed)
Ulrike Uhlig
(feed)
Urvika Gola
(feed)
Utkarsh Gupta
(feed)
Uwe Kleine-König
(feed)
Valerie Young
(feed)
Valhalla's Things
(feed)
Vasudev Kamath
(feed)
Vincent Bernat
(feed)
Vincent Fourmond
(feed)
Vincent Sanders
(feed)
William (Bill) Blough
(feed)
Wouter Verhelst
(feed)
Y Giridhar Appaji Nag
(feed)
Yifei Zhan
(feed)
Yves-Alexis Perez
(feed)
Zlatan Todorić
(feed)
intrigeri
(feed)
kpcyrd
(feed)
loldebian - Can I has a RC bug?
(feed)
puer-robustus
(feed)