getting libleveldb1v5 fixed

Please treat this as a child’s fantasy till the information is not approved or corrected by a DD/DM who obviously have much more info and experience in dealing with below.

It had been quite a few years since I last played Minetest, a voxel-based game similar and yet different to its more famous brethren minecraft .

I wanted to install and play it but found that one of the libraries it needs is libleveldb1v5, a fast key-value storage library which according to #877773 has been marked as grave bug report because of no info. on the soname bump.

I saw that somebody had also reported it upstream and the bug has been fixed and has some more optimizations done to the library as well. From the description of the library it reminded me so much of sqlite which has almost the same feature-set (used by mozilla for bookmarks and pwd management if I’m not mistaken).

I was thinking as to if this has been fixed quite some back then why the maintainer didn’t put the fixed version on sid and then testing. I realized it might be because the new version has a soname bump which means it would need to be transitioned probably with proper breaks and everything.

A quick check via

$ apt-rdepends -r libleveldb1v5 | wc -l
Reading package lists... Done
Building dependency tree
Reading state information... Done
195

revealed that almost 190 packages directly or indirectly will be affected by the transition change. I then tried to find where the VCS is located by doing –

$ apt-cache showsrc libleveldb1v5 | grep Vcs-Git
Vcs-Git: git://anonscm.debian.org/collab-maint/leveldb.git
Vcs-Git: git://anonscm.debian.org/collab-maint/leveldb.git

Then I cloned the repo to my system to see if the maintainer had done any recent changes and saw :-


b$ git log --graph --pretty=format:'%Cred%h%Creset -%C(yellow)%d%Creset %s %Cgreen(%cr)' --abbrev-commit | head -15
* 7465515 - (HEAD -> master, tag: debian/1.20-2, origin/master, origin/HEAD) Packaging cleanup (4 months ago)
* f85b876 - Remove libleveldb-dbg package and use the auto-generated one (4 months ago)
* acac71f - Update Standards-Version to 4.1.2 (4 months ago)
* e281654 - Update debhelper level to 11 (4 months ago)
* df015eb - Don't run self-test parallel (4 months ago)
* ba81cc9 - (tag: debian/1.20-1) Update debhelper level to 10 (7 months ago)
* cb84f26 - Update Standards-Version to 4.1.0 (7 months ago)
* be0ef22 - Convert markdown documentation to HTML (7 months ago)
* ab8faa7 - Start 1.20-1 changelog (7 months ago)
* 03641f7 - Updated version 1.20 from 'upstream/1.20' (7 months ago)
|\
| * 59c75ca - (tag: upstream/1.20, origin/upstream) New upstream version 1.20 (7 months ago)
* | a21bcbc - (tag: debian/1.19-2) Add the missing ReadMemoryBarrier and WriteMemoryBarrier functions for mips* (1 year, 5 months ago)
* | 70c6e38 - Add myself to debian/copyright (1 year, 5 months ago)
* | 1ba7231 - Update source URL (1 year, 5 months ago)

There is probably a much simpler way to get the same output but for now that would have to suffice.

Anyways, there are many variations of the code I used using git log --pretty and git log --decorate etc. Maybe one of those could give the same output, would need the time diff as shared above.

Trivia – I am usually more interested in commit messages and time when the commits are done and know a bit of git to find out the author of a particular commit even if abbreviated commit is there and want to thank her(im) for the work done on that package or a particular commit which address some annoying bug that I had. /Trivia

Although the best I have hankered for is to have some sort of visualization tool about projects that I like

something like Andrews plot or the C-Chart for visualization purposes but till date haven’t found anything which would render it into those visuals straightway. Maybe a feature for a future git version, who knows 🙂

I know that in itself is a Pandora’s box as some people might just like to have visualization of only when releases were made of an upstream project while there will be others like who would enjoy and be fascinated to see amount of time between each commit on a project. I have seen quite a few projects rise, wane and have a rise again but having such visualizations may possibly help out in getting people more involved with a project/library whatever.

Andrews plot example - Wikipedia - CC-0

All the commits for the said library are done by the maintainer Laszlo Boszormenyi so it seems that the maintainer is interested in maintaining it. At least all the last 10-12 messages going almost 1.5 years shows that he is/was active till at least 4 months back, which brings me to another one of my pet issues.

There aren’t any ways to figure out how recently a DD or DM committed on Debian somewhere. People usually try the MIA team (Missing in Action) and many a times you feel you are taking the team’s time especially when it turns out to be a false positive. If users had more tools than probably MIA’s workload would be much lesser than before.

The only the other way is to look at all the packages a particular DD/DM is maintaining and if you are lucky then s(he) has made a release of a package or something that you can look into and know for certain that the person is active.

The other longer way is to download all the VCS repositories of a DD/DM, cycle through all of them using something like above to see when was the last commit done on all her(is) repos. and then come to conclusion one way or the other. If s(he) is really MIA then tell them to MIA team so they can try to connect with the person concerned, and if s(he) doesn’t respond in a reasonable time-frame then orphan the packages.

If a DD/DM has not committed for more than a year or two for any of her(is) projects I guess it’s reasonable to expect that the person concerned is MIA.

Anyways, it would be nice if the present maintainer is able to get the new release out so the other 190 packages which are probably installable could also work. When I was churning this on my head, I thought why couldn’t the DD’s have some sort of CI infrastructure which may automate things a bit and make life somewhat easier.

I have seen the Debian travis ci instance but know that’s limited to upstream projects hosted on github.

For those who might not know Travis CI is one of many such solutions. They are continuous integration software and they are quite a few of them.

What they do is they try to build the project/application/library etc. after each and every commit taking into account any parameters told/programmed into it. There may be times when upstream make an incompatible change or make some mistake while committing, because it’s autobuilds the application or whatever automatically, if it fails to build it forces the developer to see where they messed up. At the end you have a slightly better application at the end as at least obvious bugs are ironed out.

I do remember reading about gitlab-ci somewhere, maybe in the thread where DD’s were discussing about various alternatives to alioth or somewhere else. I dunno if would be just a matter of turning it on or that part is still not open-sourced yet, no idea.

If that happens, it would probably save the DD’s/DM some computational time apart from being able to know if things are going well or not.

I know gitlab had shared (paraphrasing here) they may make some of the things more open-source if Debian were to adopt the product, now that Debian has, I and guess most of the community would be hoping as lot of hard work, tears have gone into getting things ported from alioth to salsa especially in the last one month or so.

I do know that we have the autobuilder network but from what I understand, it’s for a slightly different use-case. This is more to see if the package builds on all the 10-11 official architectures and maybe some of the unofficial architectures.

While I was reading it, I was unable to find if just like people all around the world are doing mirrors (full or partial depending on the resources they have and the kind of pickup they are seeing) can people be part of autobuilder network to give additional computational power to the network. The name does say ‘autobuilder network’ so maybe that possibility exists, maybe it does not.

I did consult the documentation on the topic and it seems it’s a bit of work, see the workflow shared in wiki for transitions.

After reading that, you really wonder the patience of the people who slog through all this.

I did try to connect with him on the bug mentioned but he hasn’t got back, perhaps he’s busy IRL.

https://bugs.debian.org/cgi-bin/pkgreport.cgi?package=release.debian.org#_0_17_4

Till later.

Note – I have not talked about */debian/control or */debian/changelog.Debian, */debian/changelog or any of the files because once those are made, they are probably just need to be fiddled around a bit. The control file will probably list newer version of dependencies and may or may not have newer build dependencies. Changelog.Debian would document the changes the DD/DM had to do in order for the binary to be built successfully and in the archive and changelog will just document the time till where upstream’s work was taken.

Advertisements

cleartext passwords and transparency

I had originally thought of talking about the recent autonomous car project which killed a homeless lady in Tempe but guess that would have to wait for another day. I saw Lars Wirzenius’s blog post which led me to change the direction a bit.

So let me just jump in with Lars blog post where he talks about cleartext passwords. While he has actually surmised and shared what a security problem they are, the pity is we come to know of this only because the people in question tacitly admitted to bad practises. How many more such bad actors are there, developers putting user credentials in cleartext god only knows. There was even an April Fool’s joke in 2014 which shared why putting passwords in cleartext is bad.

This is one lesson which web developers are neither taught nor learnt. Most web development courses in India may talk about web frameworks, CSS, front-end and back-end web development and even may talk about UX but security will be something which is supposed to be magically gained while you do the above things. Please note I said most, not all but yes there is needed a whole lot of awakening in terms of safe web development practices but that’s time for another day and another tale. Casual interactions with course publishers has been that most students are looking for buzz words and neither the employers look for ‘security’ as a strong point.

There even have been casual studies which shared that 0.01 of financial crimes are reported in India . I myself am guilty of this when a bank mis-appropriates or does something stupid, my only thing is to get the transaction rectified or get it corrected rather than worry about if some small, medium or large-scale conspiracy is happening in the bank. But that malaise has to many factors to put in this small blog post.

Few years back EFF did a tremendous job of pursuing and getting everyday users and vendors like mozilla, chromium to adopt https globally, but to my knowledge many Indian websites including some of the biggest behemoths in India with whom we have day-to-day activity keep all their user passwords in cleartext. What perhaps may or may not be a shocker to many people that many ATM’s at least in India don’t work on https even today. Is there even a wonder why skinners are still able to cheat honest people and taxpayers .

The reasons for all of the above could be ranging from sheer incompetence to being lazy to not being regulated at all. Rather than sharing anecdotes and also not having INR 100 crores or INR 1 billion rupees ( that statement will become clear in a while) with developers who under casual circumstances have shared they neither do one-way-encryption or salting or any of the methods of securing passwords either because financial companies don’t demand it or know about it even though they should know better.

I can however share an anecdote however which resulted in a suit of law which a media house won sometime back. It isn’t so much about unsafe web practices but more about companies lack of morals for financial web gains and our (the commons) own lack of understanding of such matters.

I had to search on my blog before sharing and turns out I didn’t share this anecdote before, surprise, surprise.

Since 2008, I know of a media house called moneylife which is run by a beautiful, very intelligent woman called Sucheta Dalal and her husband Debasis. I believe Debasis is more into the admin side of things while Sucheta bears both the investigative and editorial responsibilities on her shoulders. While I have never met her whole team, to have the kinds of breath and length of news you often find on moneylife.in you do need to have a strong and competent team which I guess she has.

Sucheta Dalal with the compensation cheque

Copyright – Moneylife.in

I have met her twice, and have been a fan of her work since she started reporting the frauds which were happening in SEBI in Indian Express from where she was consequently fired as she had too many ethics. I have been blessed to meet her couple of times but each time was dumb-founded as you meet someone whom you admired so much. I might have flustered and said thank you for the work you do but couldn’t ever muster the courage to say anything more than that to her face-to-face.

Anyways, fast forward a few years or back couple of years back, Sucheta wrote a column in moneylife that there was unauthorized algorithmic trading happening and some traders were profiting from it in National Stock Exchange. This was apparently done by a whistle-blower (A Singapore-based trader and hedge fund owner) and Sucheta and her team confirmed and then printed the same. Interestingly, SEBI which regulates how finance intermediaries (like brokers, stock analysts, stock exchanges and companies share their expansion plans or any news) didn’t say anything and chose to keep mum although this was happening right below their noses. Please keep this in mind, this happened under the present Government dispensation who had the mottos of ‘being the most transparent’ and ‘we will not eat and will not let corrupt people eat’ to paraphrase their election sloganeering.

Before starting with the story, it would also be interesting to state a bit about NSE. IIRC, BSE for a long-time was a monopoly for share trading, there was Kolkatta Stock Exchange also but due to political winds in Kokatta and many other factors they couldn’t keep up with change in technology and kind of faded on the national scene over the years.

Due to BSE’s bullish ways or being the only action in town, quite a few private and public institutions came together and formed NSE. The Harshad Mehta stock manipulation scandal probably also accelerated the formation of the institute. The goals at formation were laudable but as it happens in institutes which work and value money over everything else, it’s possible to be corroded as will be seen shortly.

NSE in many terms is a strange beast with having investors from Public and Private Companies who supposedly counsel and come under the finance ministry and SEBI (as most of their investors are Government Institutions including the finance ministry). There were also talks of taking NSE as a publicly listed company but dunno what happened about that.

What has never made been public if NSE filed the suit on its own behalf or was persuaded to do so either by finance ministry, SEBI or the traders who were doing the illegal trading, guess this is something we will ever know. The significance of this why will be known at the last of the blog post. AFAIK these algo traders control 40-50% of the daily trading so have a huge grip on the market.

I believe NSE filed the first case in Bombay small causes court which moneylife won and subsequently they even tried in Bombay High Court

Unfortunately for them, Sucheta and her teams were no cub reporters as she had years of experience working both with Times of India and then Indian Express hence she had hard documentary proof which she was able to show in the court to which as far as I know the Prosecutor had no answers.

To cut the long story short, NSE had to withdraw their suit and even pay damages of INR 50 lakh or INR 5 million rupees.

There are many things which I have not covered about the case, some of which can be understood by Shri Lokeshwarri SK’s excellent article which was posted in the Hindu Business Line years ago. He has framed many a questions which are still an open question even today.

The reason I shared this story is pretty simple, its only a very tiny amount of people who invest in the share market. I would say 1-2% of the population . Almost all of these people are highly literate and somewhat financially literate as well. If they didn’t know such things were happening then how can a common man/person on the road question or know if his data is being kept safe or not. All the contracts, terms of conditions especially those which either come in Population or finance or actually anything can come under ‘National Security’.

The best part, the irony is that algorithmic trading in India is now a legal activity and apparently was also legal in 2015 when the suit was done. AFAIK, that change could only be done by SEBI. The whole affair has also been framed in an article on Indian Legal Live which actually raises a whole host of disquieting questions. There seems to be lot of back-dating happening but as mere spectators we can’t even talk about that.

Even the judgement narrowly focussed on some of the questions raised as can be inferred from the article but in the present dispensation judicial activism is on the wane.

While I can’t help in the above, I can share about a tor meetup which probably may help in some direct or indirect way,

I do hope to go there and gain as well as much share whatever little I can.

meetup.com, summer cleaning and talking about creative writing-Taiwan

As around the week-end, took some time today to cleanup my mail inbox, replied some new and old mails which I had forgotten to and deleted the ones which were long past their expiry date. While doing it, came to know that I had joined meetup.com circa 2009. Almost a decade went by and didn’t even realize where it went.

Looking back, I realized I had forgotten what the early days were like on meetup.com. In those days, the only meetups were dating kind, now of course its much more of a fleshed out and caters from Information Technology, Writing, Cooking and even Salsa dancing. I just saw somebody start a salsa group in my hometown.

Anyways, last week after almost 6 months went to a meetup. I had seen How to start writing a short novel being hosted by my friend Dr. Swati Shome.

Interaction with Novelist Tanushree Podder

Copyright – Arun Paria

I had some other engagements and being a Sunday and knowing most Puneties and the laid back culture came at 11:30 . Meetup had shown me around 20 odd people so was expecting a small group of people but turns out there were few writers in making and many wanna-be hacky writers like yours truly, no offence meant to anyone 🙂

There were lot of interesting questions, anecdotes shared by Mme. Tanushree Poddar.

There were couple of young chaps who went to travels and had magical experiences. I was tempted to ask whether it was in Triund (Himalayas somewhere 😉 ) or Parvati Valley. There are lots of places out there where you feel the magic out there. Also if you are with friends and are safe, you can also try to heighten the experiences using hallucinogens like magic mushrooms. I can’t explain it but you really feel everything is communicating with you and it all makes sense. The best part is you don’t get addicted while understanding what some people who might be attuned to nature might be feeling. It’s a sacred feeling.

Coming to the meeting, I realized how much I missed talking and chatting with fellow writers, bloggers etc. I and probably few others helped Swati with reviewing and plugging holes in her non-fiction book on sexuality for teenagers. She showed me an initial print copy the publisher had shared with her, I guess it still has to go with few iterations as the final thing would be available in June.

While I love hardbacks, in this case I would make an exception. I do hope the publisher prices it properly and more and more children and their parents use the book to be able to talk about sex without shame etc. While in some spheres we, the Indian society have become bolder, talk between children and parents are still within the old boundaries while technology has marched on. I am talking here about the middle class only. Kids as small as 6-8 years know about sex which we didn’t know even after reaching majority (i.e. 18) but that’s Swati’s book will talk about.

Incidentally Swati chided me about sharing something like 8 A4 pages of feedback with her, what she didn’t know I probably shared less than half as sex is more a mental thing than anything else.

Anyways, during the interaction and talking with others, I re-realized again that there are so many people like me who feel the need to write. While everybody does pay homage to success, most of us driven by a need to explore ourselves through our characters. In a fictional setting, we could explore any character that we want, the only things that stops us from doing that is our own judgemental self.

Having access to a larger vocabulary also helps so I/we/you don’t become repetitive which is easy to happen as we are easily habituated to words, something like ‘comfort words’ which we use over and over.

At the interaction, I was also transported back to the South African wharf/dock which I had visited during Debconf 2016 as part of Day trip. I had read so many books where the dock and the people were described in great detail especially the late 19th century and the early 20th century. Going to the dock I could feel I was transported to that earlier era.

There was even a bar just next to the wharf and entering there did see quite a few people with tattoos. The only thing missing was perhaps a black eye patch, a peg leg and a talking parrot and I would have been left wondering whether I am in a Peter Pan movie 🙂 Even the shingle on top of the bar was something I had read in dozen of books, rusted, sea birds sitting on top of it as if was they were the rightful owners of the shingle and so many things. It was one of those times where you are perplexed whether you should take a photo or leave it because your mind captures it in so much essence, vitality that the photo or even a video would be pale copies at the best.

I don’t think any experience is going to top that. Of course never say never but still 🙂

Isn’t it fascinating how words, associations, ideas and images relate with each other and take you on a journey.

Talking of journeys, in a couple of months from now, I may or may not travel to Taiwan for a technical conference. While whatever happens is in the future, I have been having a ball of time exploring Taiwan on the web.

One of the things which puzzled me when starting to read about Taiwan I heard the term ‘formosa’ over and over again. Sometime later I opened the wikipedia page and learned that Formosa means ‘beautiful island‘. What has been interesting to read and find how Taiwan sees itself, some people feel it’s part of China and while many don’t. Of course the name ROC or Republic of China doesn’t make it any less confusing. Also the two countries share the same language (Mandarin) and it does fall into the Chinese sphere of influence.

What has made it more fascinating that if China thinks of Taiwan as being part of China, then why don’t any of the Chinese travel books mention Taiwan. I have had more luck finding books of English counties like Chesterfield and many other English counties then finding books about Taiwan. I usually look in seconds sale as nowadays you have lot of seconds sale in my hometown.

Two of the books I would like to read is ‘Forbidden Nation

Forbidden Nation: A History of Taiwan - Jonathan Manthorpe

and From Far Farmosa.

FROM FAR FORMOSA: The Island, its People and Missions - George Leslie. Mackay 1895

Apparently both these books supposedly give an idea to a lay reader how Taiwan came about.

For practical matters, did come to know that Taiwan has an embassy in New Delhi and perhaps one in Chennai if one needs to pursue Visa matters.

As somebody shared long time, we are indeed living in some interesting times 🙂

At the very end, somebody had asked me to share a hindi rock song. So if you want to impress your girlfriend or boyfriend with an Indian rock song here goes nothing

For p.d.o. people https://www.youtube.com/watch?v=6SncLwWFrJ0