apticron: cron-script to mail impending apt updates
on 30.11.2008, 05:00
in packages-news
Debian Project News 2008/15
on 19.11.2008, 00:00
in weekly-news
remind: a text based agenda and todolist manager
on 16.11.2008, 05:00
in packages-news
Apt-P2P: peer-to-peer downloading of Debian packages
on 09.11.2008, 05:00
in packages-news
Debian Project News 2008/14
on 03.11.2008, 00:00
in weekly-news
Synfig: the free software alternative for 2D animation
on 02.11.2008, 05:00
in packages-news

apticron: cron-script to mail impending apt updates

published on Sun Nov 30 05:00:46 2008 in packages-news

Article submitted by Justin Hamade. Guess what? We still need you to submit good articles about software you like!

Always wondering if your debian server needs an update? Apticron is a simple script that will email you when new versions of any package installed are available. This is very helpful for security related issues. The e-mail shows what has changed in the new version, obtained using apt-listchanges. It also tells you the repository where it comes from (ie. etch-security) and the urgency of the release (ie. high).

The configuration files are located in

  • /etc/apticron/apticron.conf
  • /etc/apt/listchanges.conf
  • /etc/apt/apt.conf.d/20listchanges

By default emails are sent to root. If you want root emails sent to yourself you can add your email to root in /etc/aliases and run newaliases.

apticron will run daily and let you know each day if there is any packages that require updating. Here is an example of one of its e-mails:

apticron report [Sun, 08 Jun 2008 06:48:58 -0700]
========================================================================

apticron has detected that some packages need upgrading on:

      myserver.mydomain.com

      [ 192.168.1.1 ]

The following packages are currently pending an upgrade:

      linux-image-2.6.18-6-686 2.6.18.dfsg.1-18etch5

      linux-image-2.6-686 2.6.18+6etch3

========================================================================

Package Details:

Reading changelogs...

--- Changes for linux-latest-2.6 (linux-image-2.6-686) ---

linux-latest-2.6 (6etch3) stable-security; urgency=high

  * Update to 2.6.18-6.

 -- dann frazier   Tue, 22 Jan 2008 22:47:16 -0700

linux-latest-2.6 (6etch2) stable-security; urgency=high

  * The arm build of 6etch1 is missing from 4.0r1.

    Since the latest security update of linux-2.6
(2.6.18.dfsg.1-13etch1)

    requires this new ABI, and an updated linux-latest-2.6 facilitates
the

    migration to the new ABI. Closes: #438617

 — dann frazier   Mon, 20 Aug 2007 17:01:18 -0600

linux-latest-2.6 (6etch1) stable; urgency=high

  * Update to 2.6.18-5.

 — dann frazier   Thu, 24 May 2007 17:05:09 -0600

========================================================================

You can perform the upgrade by issuing the command:

      aptitude dist-upgrade

as root on luxor.mcrt.ca

It is recommended that you simulate the upgrade first to confirm that the
actions that would be taken are reasonable. The upgrade may be simulated by
issuing the command:

      aptitude -s -y dist-upgrade

–

apticron

cron-apt is a similar tool that can perform any action apt-get and aptitude can do. For example, it can automatically perform an upgrade when new packages available. However this is not recommend and can be a security risk.

apticron has been available in Debian since (at least) Etch and in Ubuntu since Dapper.

Debian Project News 2008/15

published on Wed Nov 19 00:00:00 2008 in weekly-news

Welcome to this year's 15th issue of DPN, the newsletter for the Debian community.
Some of the topics covered in this issue include:

First Release Candidate for the new Debian Installer

Otavio Salvador announced the first release candidate for the installer to be shipped with Debian GNU/Linux 5.0 Lenny.

Debian screenshot service started

Christoph Haas announced a new screenshots.debian.net web site that serves as a public repository of screenshots of applications contained in the Debian GNU/Linux distribution. It was created to help users get an impression of what a given piece of software will look like on their desktops before they install it. Anybody can take screenshots and upload them; the site admin team will review the contributions before they become publicly visible. Support for screenshots has already been built into the synaptic package manager, while integration in specialised package browsers like goplay and the general web interface are being discussed.

Open Use Logo relicensed

On the occasion of the production of a custom Debian quilt Francesco Poli noted that the license for the Open Use Logo (also known as the swirl) has been changed from a license considered to be non-free to an MIT style license granting more rights to everyone. This fixes a long standing bug.

Tracking GCC 4.4 related build errors

Martin Michlmayr announced the results from an archive rebuild with a snapshot of the upcoming GCC 4.4. About 220 bugs were filed as part of the archive rebuild and a small number of build failures still need to be analyzed. The majority of GCC 4.4 related build failures are trivial, and are often caused because of improved preprocessor checks in GCC 4.4 or missing #include statements.

Call for Help: Debian 5.0 release notes

Martin Borgert asked for help for the release notes of the upcoming release of Debian GNU/Linux 5.0 Lenny. Some noteworthy problems have not yet been documented, so he asks for volunteers who understand some of these issues to write about them.

Custom Debian Distributions renamed to Debian Pure Blends and new services available

Andreas Tille announced that the Custom Debian Distributions (more or less, package sets for specific needs maintained inside Debian) should now be referred to as Debian Pure Blends. The name has been changed, since the old one was misleading. Many people thought Custom Debian Distributions were something maintained outside of Debian and which added new features. After some discussion members of all these teams agreed on the new name, hoping it would clarify their status (though this was not universally seen as a success).

Lenny Release Critical Bugs Ordered by Popularity

Enrico Zini developed a new script that shows Lenny release critical bugs ordered by popularity. For those who are looking to squash the bugs that are causing the most pain, this script lays out exactly where to look. Anyone interested in running the script will need access to people.debian.org where the script can be found at ~enrico/popzimmer.

Survey about the Debian Wiki

Anne Goldenberg, a PhD student in communication and sociology, who is currently studying the Debian Wiki, announced a survey aimed at gaining a better understanding of the uses and conceptions of the Debian Wiki within the Debian community. The results will be put online under a free license and announced via the mailing-lists.

New Developers

3 applicants have been accepted as Debian Maintainers since the previous issue of the Debian Project News. Please welcome Giuseppe Iuculano, Thorsten Glaser and Franck Joncourt to our project!

Other news

Florian Weimer noted that the names of source packages should not be reused, even if the name has not been used for a while. Some parts of Debian's infrastructure (including the package tracking system and the security tracker don't handle this very well.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): mysql, net-snmp and libxml2. Please read them carefully and take the proper measures.

New and noteworthy packages

The following packages were recently added to the unstable Debian archive (among others):

Work-needing packages

Currently 489 packages are orphaned and 118 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

remind: a text based agenda and todolist manager

published on Sun Nov 16 05:00:34 2008 in packages-news

Article submitted by Olivier Schwander. Guess what? We still need you to submit good articles about software you like!

There are lots of different tools for managing your time: Mozilla has a standalone solution: Sunbird and another one based on Thunderbird: Lighting, KDE has Korganizer, and Gnome has the young gnome-agenda and the very popular Evolution, and we must not forget the most famous web based tool: Google Calendar.

All these applications are based on a graphical user interface, and use either iCalendar or the older vCalendar as the data formats.

What about people who prefer console based interfaces and want to edit the data with their favourite text editors? The best solution is remind: it uses an easy but powerful language for describing events. A simple example, this event happens every Tuesday at 13:00 and lasts one hour:

REM Tue AT 13:00 DURATION 1:00 MSG Group meeting

You always forget your appointments? Remind can help you:

REM Tue +1 AT 13:00 +120 *5 DURATION 1:00 MSG Group meeting

It will begin to bother you one day before the date, and will display warnings two hours before, every five minutes. The language is really powerful, and is able to express arbitrary complex date calculations (first Monday of a month, excluding holidays, moon phases). To look at the events of the day, simply run:

$ remind
Reminders for Thursday, 10th July, 2008 (today):

Write Debaday post today at 3:00pm

Remind can import and export iCalendar files, and generate HTML and Postscript from your calendar. You can choose to have reminders sent by email, or showed by a pop-up window but you’ll need to start remind with some special arguments for that, see the Remind FAQ at the 43folders wiki which has a lot of useful tips for remind.

You can also use it through user-friendly interfaces: tkremind, a Tk based front-end, but it hides some of the power from remind; and wyrd, a curses based interface which eases the editing of events and lets you use all of the power of remind.

tkermind: Tk front-end wyrd: curses front-end

Availability

Remind has been available in Debian since Sarge (perhaps even longer), and in Ubuntu since Dapper.

Apt-P2P: peer-to-peer downloading of Debian packages

published on Sun Nov 9 05:00:15 2008 in packages-news

Article submitted by Cameron Dale. Guess what? We still need you to submit good articles about software you like!

Do you want to help out the Debian (or Ubuntu) project with some mirror bandwidth but don’t know how? Do you want to contribute somehow to Debian’s infrastructure, but you’re not a coder? Tired of getting slow download speeds when the mirrors are overloaded after a new release? Then Apt-P2P is for you.

After installing the apt-p2p package and making some minor changes to apt’s sources, all the files you download with apt (or aptitude, synaptic, gnome-apt, etc…) will be shared with other users, and any files you download will use other users (peers) to download from. However, if no other users have the file you want there’s no need to worry, Apt-P2P will happily fall back to downloading directly from the mirror so your download will not fail.

How it works

Apt-P2P is a daemon that runs in the background, responding to any requests from apt for files to download, and sharing any downloaded files with other users. The sharing is all done using HTTP, so it operates as both a server for the requests from apt and other peers, and as a client to download from other peers and mirrors. Also, if you go to http://localhost:9977/ in your browser on the machine Apt-P2P is running on, you will get a nice statistical display of what it is doing.

The main operation of Apt-P2P is the maintenance of a Distributed Hash Table (DHT) used to find and store peers to download from for each file. Whenever you download a file, apt-2p will first lookup the SHA1 hash of the file in the DHT. If it is found and has peers listed, then the downloading will occur from the peers (if there are only 1 or 2 peers, the mirror is used as well to speed up the download). If it is not found then the file is requested directly from the mirror. Once the download is complete, a new value is added to the DHT using the SHA1 hash of the file as the key, and including your contact info, so that other peers can then find you to download the file from.

That’s just a brief overview, but there are many hidden details that make things go smoother. For example, for larger files the SHA1 hashes of pieces of the file are stored in the DHT as well, which allows downloaders to break up large files among several peers to get better download speeds (similar to BitTorrent). For more information, you can go to the Apt-P2P home page: http://www.camrdale.org/apt-p2p/.

Comparison with other P2P programs

Other than DebTorrent, there aren’t any other peer-to-peer downloaders available for apt. There was apt-torrent, but it was never packaged in Debian, and now seems to be dead (no updates in 18 months). Comparing Apt-P2P with DebTorrent, Apt-P2P:

  • Is faster at downloading from mirrors.
  • Uses much less memory and a little less CPU.
  • Can download almost all files (source files, Packages.bz2, etc…) from peers, not just .deb packages.
  • Works with only the information apt has, no need for other files.
  • Doesn’t require a new apt transport for communicating with apt.
  • Is more modular and easier to understand as it is based on existing technologies (e.g. twisted).

Setup

Apt-P2P is available in testing (lenny) and unstable (sid), and will be available in Intrepid for Ubuntu. It can be installed by aptitude install apt-p2p.

First, it is VERY important to set up port forwarding if your machine is behind a firewall or router/NAT. The default port you need to forward is 9977, both UDP and TCP. More information on how to determine if you are reachable can be found here.

Setting up apt to use Apt-P2P as a proxy is easy, especially if you have used other proxy software (e.g. apt-proxy, apt-cacher, approx) in the past. The configuration change is the same, simply adding a localhost:9977/ to the front of the entries in your /etc/apt/sources.list file. For example, if you previously had this:

# Official
deb http://ftp.us.debian.org/debian etch main contrib non-free
deb-src http://ftp.us.debian.org/debian etch main contrib non-free

# Security Updates
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

# Unofficial
deb http://ftp.debian-unofficial.org/debian etch main contrib non-free restricted
deb-src http://ftp.debian-unofficial.org/debian etch main contrib non-free restricted

# Backports
deb http://www.backports.org/debian etch-backports main contrib non-free
deb-src http://www.backports.org/debian etch-backports main contrib non-free

Then, if you only want to share the official and backported packages, you would change it to this:

# Official
deb http://localhost:9977/ftp.us.debian.org/debian etch main contrib non-free
deb-src http://localhost:9977/ftp.us.debian.org/debian etch main contrib non-free

# Security Updates
deb http://security.debian.org/ etch/updates main contrib non-free
deb-src http://security.debian.org/ etch/updates main contrib non-free

# Unofficial
deb http://ftp.debian-unofficial.org/debian etch main contrib non-free restricted
deb-src http://ftp.debian-unofficial.org/debian etch main contrib non-free restricted

# Backports
deb http://localhost:9977/www.backports.org/debian etch-backports main contrib non-free
deb-src http://localhost:9977/www.backports.org/debian etch-backports main contrib non-free

Then, run an apt-get update and start installing packages.

The apt-p2p package is fairly new, so it’s available only in the testing and unstable distributions of Debian, and in the just released Intrepid Ibex, from Ubuntu.

Debian Project News 2008/14

published on Mon Nov 3 00:00:00 2008 in weekly-news

Welcome to this year's 14th issue of DPN, the newsletter for the Debian community.
Some of the topics covered in this issue include:

Debian GNU/Linux 4.0 updated

The Debian project is pleased to announce the fifth update of its stable distribution Debian GNU/Linux 4.0 (codename Etch). This update mainly corrects security problems in the stable release, along with a few adjustments to serious problems. Those who frequently install updates from security.debian.org won't have to update many packages and most updates from security.debian.org are included in this update. New CD and DVD images containing updated packages are available at the regular locations.

Debian membership

After talking to several of the groups involved, Jörg Jaspert proposed changes in the way Debian membership is handled. The motivation for these changes is to make it possible for people who contribute to Debian without maintaining packages (such as translators or documentation writers) to become members of the project. He later wrote some comments additional to his proposal. However due to the scope of the envisioned changes, several developers proposed to stop these changes until they have been decided upon via a general resolution, while Peter Palfrader asked to be allowed to continue trying to solve this problem.

First Lenny Bug Sprint finished successfully

To help clean up release critical bug reports, especially longstanding ones, Josselin Mouette initiated the first Bug Sprint. In this competition, Debian Developers and other interested people volunteered to try to fix their assigned release-critical bugs in a five day period. The winners in this competition would get cookies.

Firmware in Lenny and how to deal with DFSG-violating packages

Ben Finney wondered about several release-critical bugs getting the lenny-ignore tag, which specifies that these bugs are not considered release critical for the upcoming release of Debian GNU/Linux 5.0 Lenny. Release Manager Marc Brockschmidt explained that In all of the bugs I recently tagged, the DFSG violation is usually a formal problem, something that other distributions and upstream don't consider a problem at all. While fixing these issues is and should be a goal of Debian, it's hardly something that can be done in the last few weeks before releasing. The drawbacks of delaying the release indefinitely for these bugs are much greater than releasing with these minor DFSG violations.

State of NEW queue

Aurelien Jarno wondered whether the NEW queue (where uploaded source packages creating new binary packages are held back awaiting the check and approval of an ftp-master) is currently being processed. Jörg Jaspert answered that the NEW queue has indeed not been processed very often recently. He explained further that changes in the software used to process this queue give precedence to packages that only add new binary components, as distinct from packages that add completely new code to the archive.

Changes to archive.debian.org

Jörg Jaspert announced several changes for archive.debian.org, the most important being that Debian GNU/Linux 3.1 Sarge has been moved from the regular mirrors to archive.debian.org. For the convenience of our mirror network, the deletion is being performed in several chunks, avoiding problems with mirrors refusing to delete too many files at once. He later highlighted that the unofficial port of Debian GNU/Linux 3.1 Sarge to the AMD64 architecture has been moved there, too.

BTS-link in need of new maintainer

Pierre Habouzit announced that he won't be able to maintain and run the BTS-link service any more. This service is used to track activity in upstream bug tracking systems and update the corresponding bug reports in Debian's BTS in a semi-automated way. Currently this service needs to be run manually. Don Armstrong, one of the maintainers of Debian's BTS, highlighted the importance of the bts-link service, but won't be able to maintain it himself. Christoph Berg suggested maintainership under the mantle of Debian's Quality Assurance group if someone would volunteer to act as the main responsible maintainer.

New Developers

Since the previous issue of the Debian Project News, 2 applicants have been accepted as Debian Maintainers.

Important Debian Security Advisories

Debian's Security Team recently released advisories for these packages (among others): linux-2.6.24, cupsys, qemu, dbus, clamav and openoffice.org. Please read them carefully and take the proper measures.

New and noteworthy packages

The following packages were added to the unstable Debian archive recently (among others):

Work-needing packages

Currently 498 packages are orphaned and 118 packages are up for adoption. Please take a look at the recent reports to see if there are packages you are interested in or view the complete list of packages which need your help.

Want to continue reading DPN?

Please help us create this newsletter. We still need more volunteer writers to watch the Debian community and report about what is going on. Please see the contributing page to find out how to help. We're looking forward to receiving your mail at debian-publicity@lists.debian.org.

Synfig: the free software alternative for 2D animation

published on Sun Nov 2 05:00:24 2008 in packages-news

Article submitted by Carlos López González. Guess what? We still need you to submit good articles about software you like!

Synfig logoFor a long time 2D animation software has been dominated by proprietary software. Other common multimedia tasks such as video playing, editing, raster and vector 2D graphics and 3D graphics or animation are currently being covered properly by free software / open source (FOSS) but there wasn’t enough FOSS alternatives for computer aided 2D animation.

Synfig increases the 2D animation software available with a brilliant and professional piece of software.

Synfig was primary developed by Voria, an animation company founded by Robert Quattlebaum who was also the lead software engineer of the software. In 2004 Voria shut down and was discontinued. Fortunately Robert decided to license Synfig under the GNU GPL and turned it over the free software community to develop and use.

Synfig has no comparable alternative software in the FOSS world. Unlike other FOSS that can be used to produce 2D animation (ktoon, pencil) in the “traditional” frame to frame animation, the Synfig workflow is based on vector primitives and their interpolation in time. This drastically reduces the amount of work to produce professional animations because the manual tweening from pose to pose is eliminated, without the need to draw each frame individually.

But this is not the only feature of Synfig…

In Synfig, every primitive or transformation is parametrically generated, which gives extreme flexibility during animation and doesn’t restrict artistic expression. Also, those parameters are calculated on a float point basis obtaining smooth results at any size and any frame rate. Additionally it is possible to link any compatible parameter between any two or more different layers, even placed in different canvases or even convert most of the parameters into a mathematically calculated formula, this allows Synfig to produce particle effects, path based brushes, vectors dynamically linked to any place of a curve and other interesting stuff.

In Synfig there are an extensive set of primitives and transformation layers: Blurs (3), Distortions (6), Colour Filters (5), Fractals (2), Geometry Primitives (8), Gradients (6), Transform (3), Stylize (2) Text, Plant, Duplicate, etc. which provide a complete set of tools in the artist’s hand.

Finally in Synfig is easy to reuse libraries, group scattered layers to manage them like a single one, there are 22 different blend methods… If you want to dig synfig visit its web page. You can find there more info about the usage, the features and its development. Behind it, there is a small but friendly community.

Synfig UI

All those features make Synfig a great application but it has also some weak points: there are some missing features not completely developed like the support of sound or saving and loading colour palettes.

On the other hand although the interface of Synfig-Studio can be strange for the first contact (most of the actions are found in the right click context menu), once you understand how it works it is very efficient. I’ve been working with it during last year and I’m completely in love with it. I only miss a quick render engine for editing animation because the current one is quite slow for a normal workflow.

Although it is relatively young it has definitely turned into a program that any 2D artist must have on their GNU/Linux box. It’s been available in Debian since Lenny and in Ubuntu since Feisty.