Tollef Fog Heen's blog

As 3.0 format packages are now allowed into the archive, I am thinking about what I would like the workflow to look like and hoping one of them fits me.

For new upstream releases, I am imaginging something like:

1. New upstream version is released.
2. git fetch + merge into upstream branch.
3. Import tarballs, preferably in their original format (bz2/gzip), using pristine-tar.
4. Merge upstream to debian branch. Do necessary fixups and adjustments. At this point, the upstream..debian branch delta is what I want to apply to the upstream release. The reason I need to apply this delta is so I get all generated files into the package that's built and uploaded.

5. The source package has two functions at this point: Be a starting point for further hacking; and be the source that buildds use to build the binary Debian packages.

   For the former, I need the git repository itself. It is increasingly my preferred form of modification and so I consider it part of the source.

   For the latter, it might be easiest just to ship the orig.tar.{gz,bz2} and the upstream..debian delta. This does require the upstream..debian delta not to change any generated files, which I think is a fair requirement.

I'm not actually sure which source format can give me this. I think maybe the 3.0 (git) format can, but I haven't played around with it enough to see. I also don't know if any tools actually support this workflow.

Daniel Burrows writes about the feature of some call centres whereas if all operators are busy, it gives the caller the option of being called back. He'd like the nice twist of being able to enter his phone number on a web page and then be called back so he doesn't actually have to call, then wait.

I'm not sure where Daniel lives, but I'm happy to report that this practice is quite common here in Norway, so it might well be on its way to whatever companies are local to Daniel.

Also, why does bloglines link to the completely wrong place on dburrow's posts? It links to http://planet.debian.org/tag:blogger.com,1999:blog-$blah rather than the real URL.

Just like an infinite number of monkeys, given infinite time are likely to produce infinite copies of Hamlet, I knew that given an infinite number of blog postings by Clint, I had to find one which both made sense to me and which I agreed with.

Somebody please write a free syndicate (or syndicate wars) clone.

Some people on Planet Debian seem to think that using oil for pancakes is a good idea. They really taste so much better if you use real butter (and preferably an iron pan, not a non-stick one).

Oh, and a nice receipe, which almost matches another one is:

• 1l milk
• 4 eggs
• 5dl flour (I use a mix of coarser and finer flour, but you can use anything you want)

Mix milk and flour, then add eggs last (blends better that way).

Yves-Alexis Perez writes a bit about Debian and crypto-containers, comparing cryptsetup and encfs. The comparison is decent enough, except that it's fairly trivial to get cryptsetup to integrate into the whole gnome-volume-manager stack and have a dialogue pop up when you insert an encrypted USB stick or similar. Sure, it's mounted by a root process, but I wouldn't claim it's any kind of insecure because of that.

What did really catch my eye was the line near the end:

[...] but this is a bruteforce attack against master password (1024 bits RSA key), not against 128bits aes key of the container.

Well, according to conventional research, a 1024 bit RSA key is about as strong as an 80 bit symmetric key. A semi-recent RSA paper confirms this too. And to the best of my knowledge, there has not been found weaknesses in AES which lower the effective key size.

Since I'm impatient and Robot101 didn't respond within ten minutes of me pinging him on IRC, I'm just posting the result of his request for a hackergotchi.

Above is JPEG, but there's an XCF available too, with full transparency goodness, etc.

Next time, it'd be useful to have a starting image where the head is bit more than 180x230 pixels since doing cropping and resizes and such tend to end with the image not being great.

Also, my space bar is failing and I'll have to call IBM when I get home. I'm actually quite disappointed that I seem to have worn out the space bar in about a year and a half.

-*- zone -*- in one of the first two lines of the file.

Eric Dorland wonders how to enable the Compose key just using XKB. Personally, I use my caps lock key for that, and using

        Option          "XkbOptions"    "compose:caps"

in /etc/X11/xorg.conf, that's easy enough.

Other options are compose:ralt, compose:rwin, compose:menu and compose:rctrl.

Adam Rosi-Kessel writes about humans failing Turing tests. Apart from speculating why this is happening, a workaround could be to use CSS (or javascript) to hide the input box, or possibly the same for disabling it. I imagine most spambots don't parse the CSS or run the javascript. Of course, the text saying "please don't write anything here" should be kept.

Philipp Kern asks about mail-based tracking systems. Even though he specifically says "no" to RT, I would recommend it. The source is very hackable and making up commands for changing ticket properties is easy.