Interesting Links – March 2014

Only a couple of weeks late this time…

  • A longstanding bug was found in GnuTLS
  • Mozilla introduced a “new” JPEG library
  • Libreoffice now has “fresh” and “stable” releases
  • Python-3.4 was released
  • Android games can soon connect with iOS games
  • The Full Disclosure list was shut down, and resurrected
  • BBQLinux – yet another Arch derivative
  • How to add multiple versions of a function optimized for different architectures in GCC
  • Google Drive space became rather cheap
  • Facebook released wrap – a fast C and C++ preprocessor
  • Google is replacing GTK+ in their browser with a new toolkit
  • Musl libc 1.0 was released
  • The quest to compile the Linux kernel with LLVM is ongoing
  • The Linux Foundataion’s Introduction to Linux course is going to be free this “summer”
  • Apple open sourced their AArch64 backend for LLVM, so there is now two…
  • A new debugger allowing you to to replay your code multiple times
  • Why you should not rerelease software without changing the version number (it is really annoying…)
  • Take a browse of old MS-DOS and Work source code
  • Vote for NASA’s new spacesuit look

Anime Guide 2013

Another years has past, so once again it is time for me to provide my (not very) insightful opinions of the anime that finished their run in 2013. As in previous years, I give my opinion without providing an actual review.

This years installment is longer than usual because I got myself a Nexus 7 to use on my train ride to work. I also tend to focus on the short series more because there is less risk with the time investment, so that also bumps the number in the list. And, lets begin!

Anime of the Year

From the New World
(TV Series, 25 episodes)

This was a hotly contested position in that there were several other series I could have equally put in this position.* This series won due to having a very strong and unique storyline that takes risks that many anime will not. From early on you are given the sense of something not quite right underlying the otherwise peaceful world. It is that question that keeps you going during the slower paced episodes that provide the needed background information early in the series. And don’t judge it too early, because there are time skips taking the main characters into adulthood. I think this series could have been improved by not being 25 episodes long. Not because there was filler added to stretch it out that long, but because it fitted exactly 25 episodes and breaks between episodes seemed out of place. I think I would have enjoyed this even more if I had watched all episodes one after the other, or had this been a series of five movies instead.

* The other very strong contenders were Attack on Titan, Psycho-Pass and The Eccentric Family.

Recommended

Attack on Titan
(TV Series, 25 episodes)

I’m sure many people consider this the anime of the year. It does have a very interesting story, with the titans remaining imposing throughout. I also found the animation in the plentiful action sequences to really highlight the “3D maneuver gear”. But I disliked the protagonist and his over-emoting so much that at one point of the anime I was thinking that if he died right now it would great and we could get on with the real story. I continuously had the impression that this was anime that started with a bang was going to fade away, but there was always something that save it.

Kyousougiga
(TV Series, 10 episodes)

This was my bit of crazy for the year and I was entertained by all the pretty colours moving around… It is a bit all over the place, which is made even more difficult when there are sets of characters with the same name across different time points. The episode #0 for this series did not help. It is basically an episode from one of the previous incarnations of this story and contained a lot of information with little context. But don’t worry, there is also an additional episode at the end to explain things for you.

Psycho-Pass
(TV Series, 22 episodes)

This was my Anime of the Year in an early draft of this post, mainly because I had not seen a serious dark science fiction anime in a while. And it definitely had some darkness to it – the episodic first half of the series showed some brutal crimes coming from the criminals deranged point of view. On top of the gore in the committed crimes, the implosion/explosion of the criminals was a highlight (in an “I am not a psychopath” kind of way…). The series avoid greatness mainly by having an overly formulaic character set and probably needing to be a few episodes shorter as there were a couple of nothing episodes.

Silver Spoon
(TV Series, 11 episodes)

Not a series I thought I would like from face value, but I saw a few positive reviews and noted who the author was and decided to try it. Very good decision! There is nothing individually outstanding about it, yet it remains consistently solid throughout. Despite my concerns, the comedy aspect did not go overboard. This is one of those series where you will sit down to start it and all of a sudden have finished watching all the episodes but you will have no real idea why.

Steins;Gate the Movie: Burdened Domain of Deja Vu
(Movie, 90 minutes)

The follow-up movie to what I considered to be the series of the year in 2011. Part of what I liked about the series was having no idea what was going on, but knowing that I wanted to. This was not captured by the movie – not surprising given it was a sequel – but it was a decent follow-up to a great series.

The Eccentric Family
(TV Series, 13 episodes)

For a 13 episode anime, this show managed to provide a fairly complete mythology without any episodes whose sole purpose was to explain it. Instead the episodes gradually reveal the world and you are required to piece it together bit by bit. This does lead to a reasonably slow build up and also leaves gaps in our understanding of the world, but I often find that much more enjoyable than shows that rush to tie up every loose end.

Wolf Children (The Wolf Children Ame and Yuki)
(Movie, 117 minutes)

This is really a 2012 anime, but it was released onto DVD in 2013 so it still counts… My blog, my rules! Creates a modern day folktale and focuses purely on how the situation is dealt with by the people involved. Charming in its simplicity.

Average

A Certain Scientific Railgun S
(TV Series, 24 episodes)

I really liked the original Railgun, but this was just more of the same. In fact, it really was more of the same – the first half was a retelling of what we saw in A Certain Magical Index from a different perspective. It would now take a very good story line to get me to watch any more of this franchise.

Archenemy and Hero (Maoyuu Maou Yuusha)
(TV Series, 12 episodes)

Follows politics, economics, religion, technology and war and shows how they interact reminding me of a less interesting version of Spice and Wolf. While it is generally fairly seriousness, it switches to the outrageous at the blink of an eye. The setup is very weak, but it all fits together if we assume the Hero trusts the anyone with exceeding large breasts (even by anime standards).

Beyond the Boundary
(TV Series, 12 episodes)

A show that was bad while being good. It managed to combine a vast variety of anime clichés in a single series in a way that was at least interesting.

Blast of Tempest
(TV Series, 24 episodes)

This show started out being quite enjoyable. Once most of the mystery disappeared around half way, pseudo-intelligent conversations became the method for moving the plot along. Quoting Shakespeare everywhere just adds to the pretentiousness.

Blood Lad
(TV Series, 10 episodes)

A series being 10 episodes long is really quite strange, so you would think they had a solid story line planned… But I see not much planning of anything beyond the first episode. The lack of story was hidden by introducing a couple of new characters every episode. Yet the series was somehow not that bad.

Gargantia on the Verdurous Planet
(TV Series, 13 episodes)

Welcome to a mecha anime that spends most of its time not being mecha. The whole middle section of this anime is completely unnecessary, managing a beach episode and one revolving around belly dancing. However, the underlying elements of the story were interesting enough. It is a pity they were used so poorly.

Gingitsune: Messenger Fox of the Gods
(TV Series, 12 episodes)

This series was so laid back it did not even have a plot, which is what I think made it strangely likable. The title character was definitely the strongest and frequently stole the show despite not being the main focus.

Pokemon Origins
(TV Special, 4 episodes)

“Gritty reboot” more closely following the original games. The focus is only on the major aspects of those games at the expense of story telling. Fine, there are four episodes so you can not do too much. But it was disappointing when I realized that this was really an advertisement for Pokemon X and Y.

Servant x Service
(TV Series, 13 episodes)

I chose to watch this because all the characters were adults. It turns out adults taking care of business is not what I would consider great entertainment, but it was oddly refreshing and there was nothing I found too bad about it either.

Sunday Without God
(TV Series, 12 episodes)

Builds a unique world and deals with an interesting situation, but this is almost all that the series has going for it. The lead character is the demise of the series.

The Devil Is a Part-Timer!
(TV Series, 13 episodes)

This series is probably the best of the rest. I just could not justify it being in the “Recommended” section, but it seemed better than “Average”. Some of the comedy becomes tired near the end of the series, which further dragged down a fairly weak finish. I was impressed that this series managed to get a “beach” episode without technically having one.

Tiger and Bunny the Movie: The Beginning
(Movie, 93 episodes)

Another movie that saw theatrical release in 2012 but out on DVD in 2013. I was a bit disappointed in this given its series was one of my favourite animes of 2011. Not because the movie ruined it, but because the first half was essentially the first part of the anime retold. The second half was great! Hopefully the next movie will make it up to me.

Sub-par

Galilei Donna
(TV Series, 11 episodes)

This series promised much in the first episode and rapidly proceeded to ignore that any such promises were ever made. It is one of the most spectacular crashes I have ever seen a series take.

Outbreak Company
(TV Series, 12 episodes)

Do you know what a fantasy world full of magic and the traditional fantasy races needs introduced from Japan? Otaku culture. That’s right… Well, I suppose that is one way to try making your audience feel like they are important. Too much self-serving “isn’t anime great” for my liking, even if it was attempted humour.

RDG: Red Data Girl
(TV Series, 12 episodes)

This actually has all the potential to be very good. The story builds and builds… to nothing. I feel like I missed the final few episodes, but I am not drawn in enough to check if there is an OVA or movie to follow.

The Garden of Words
(Movie, 46 minutes)

The highlight of this movie was the animation of rain drops falling in the pond during the opening scenes.

The Unlimited Hyobu Kyosuke
(TV Series, 12 episodes)

The word “unlimited” is what is wrong with this anime. It means there is never any risk that the protagonist is going to be harmed in any way. Imagine, someone saying “this battle is really difficult given I am committing about 1% of my strength to it – I’m in real danger here”. Bah.

Did Not Finish

Flowers of Evil
(TV Series, 13 episodes)

I figure I should not include this in the Sub-Par section as I did not complete watching it and it may have improved substantially. What was quite “novel” about this series was the use of rotoscoping, although it does lose a lot of detail from people even at a short distance from the camera. A bit disappointing given the background art was very well done. I persevered as long as possible watching this telling myself “I have never dropped an anime, it is only 13 episodes, I’m sure I can make it…”. I gave up part way into episode five, read a review saying there was a big reveal a few episodes on, skimmed through to that episode, decided there was no hope and stopped.

Honourable Mention

Hellsing Ultimate
(OVA, 10 episodes)

This missed making it into my 2012 list, because the final episode was released at the very end of the year. Not that speed was essential here given the first episode was released in 2006. The time taken – and I suppose budget – is clearly shown with great animation, particularly in fight scenes. I think it would be a better series as just a dark horror vampire versus Nazi versus Englishmen story without the humour parts.

Space Brothers
(TV Series, 99 episodes)

This did not make my list this year or last year because it had not finished yet. It looks like it is taking a break after episode 99 for a while. I would have said much better things about this series at the end of 2012. Currently I say it is still worth watching the ~100 episodes that have been released, but it can be slow going and a bit predictable at times and the recap at the start of the episode has become too long. Despite that, it is still an anime I watch immediately on release. It is also my constant reminder to find out how many episode a series has before starting to watch it.

And that is the end for 2013. Anything good I missed?

Interesting Links – January/February 2014

Well… I intended to be more organized and get these posted on time each month. Maybe next year.

January:

February:

  • glibc-2.19 was released and here is some of the improvements for developers
  • And apparently glibc is good code!
  • Debian had more votes about the init system, eventually deciding on systemd as the default
  • No decision was made on how strongly packages can depend on an init system
  • This will also result in Ubuntu switching to systemd too
  • gcc-4.9 has moved to release branch mode, looking towards and April release
  • An analysis of compiler hardening in Debian
  • Building the assembler as a shared library
  • Why inline PGP signatures are bad
  • Sometimes making a nice icon set is not enough…
  • Ubuntu is making their own file manager for Unity
  • MINIX can now run on ARM
  • Why you should not to travel back in time to kill Hitler

Who Packaged for Arch Linux in 2013

I was having a look at the current state of the Arch Linux repositories today in terms of the number of packages each person maintains and thought it interesting to see who did the packaging last year. So here are some numbers!

Firstly, the real repos (i.e. the repositories that TUs can not touch!). Note that the y-axis in this plot is the number of commits made to the repos and not the number of packages updated. Updating a package generally takes two commits and additional commits are done every time a package moves between repositories (e.g. moving packages out of [testing])

First, the two most prolific committers are Andrea Scarpino and Sven-Hendrik Haase. They both package KDE, which is in itself a lot of packages, but they get bonus commits for the [kde-unstable] repository where a lot of beta and release candidates are packaged. There is a lot of scripting going on for those rebuilds too, so don’t give them too much credit! Sven also deals with boost lately and the required rebuilds.

In places 3 and 6 are Jan Steffens and Jan de Groot who do our GNOME packaging. Rounding out the major desktop packagers is Evangelos Foutras in 9th place. In 4th, we have Andreas Radke who packages Xorg among other things including LibreOffice.

Eric Bélanger takes 5th place. I think he needs a specific shout out here because of all the effort he puts into maintaining the packages that officially have no maintainer. He regularly updates these packages and fixes their bugs. He also does far more than his share during rebuilds.

I am in 7th. This appears due to rebuilds for the removal /sbin et al., and the static libraries removal I pushed this year. In 8th is Tobias Powalowski who maintains the kernel package and deals with most of the module rebuilds.

Now a quick look at TU controlled repository commits. This includes the [community] and [multilib] repositories.

Not surprisingly, in first place we have Sergej Pupykin. He maintains about a 1/3 of the packages in the [community], although only has 1/6 of the commits… In 2nd place is Alexander Rødseth, who as far as I can tell does not maintain any specific package groups, so is just working hard! Bartłomiej Piotrowski is in 3rd (and who also rounded out the top 10 for the main repos) and we see Sven-Hendrik Haase again in 4th.

I’d also like to note the importance of all (or at least some!) of the people who have relatively few commits. In fact, I think we need more of them. I’d like to see the [extra] repo be almost exclusively the big package groups (Xorg, KDE, GNOME, XFCE, perl, python, etc) and [community] be all the additional packages with many more packagers each being responsible for a handful of packages that they are really interested in. So if you are thinking of applying for a Trusted User position, look at the tail of the distribution and do not let the big packagers put you off.

Interesting Links – November/December 2013

Joint post as I never got around to doing November’s one… That just means lots of links for you all this time!

November:

  • Non-phoronix benchmarking of various compilers
  • XCFE is being trialled as the default desktop on Debian
  • A discussion about replacing Java from the default languages in GCC (that I can not remember going anywhere…)
  • It looks like LLVM will use some C++11 features in future development
  • A bunch of people from Linux Format started a new project – Linux Voice
  • SELinux is all about cats and dogs
  • Interesting post that details how Gentoo is organized.
  • The Go language has been around for four years
  • A essay on how Debian could improve packaging – I think it applies to many distros
  • Summary of upcoming features of GCC-4.9
  • Lint Mint was accused of being insecure, although countered (saying it is only is by default…)
  • I had never heard of KaOS – its PKGBUILDs make it look an Arch derivative
  • A project to automatically modernize your C++ code
  • openSUSE 13.1 was released
  • Mir is not reaching Ubuntu Desktop in the next release either
  • This is why updates to Android can take a while to reach your Nexus
  • Emacs is not yet a WYSIWYG word processor…
  • An idea for a Fedora Server project
  • Fedora will be adding-Werror=format-security” to their default CFLAGS

December:

  • Binutils 2.24 was released
  • There is continuing talk about how trustworthy various manufacturers random numbers are
  • RHEL 7 Beta was released, apparently without i686 support
  • Ubuntu is forking more software – this time gnome-control-center
  • Steam machines were shipped and SteamOS 1.0 was released
  • A mammoth effort in reducing complier warnings in xorg-server
  • Can C++ error messages get even longer?
  • Fedora 20 and Debian 7.3 were released
  • And awesome way to obtain RSA keys from computer sounds
  • kdbus has passed another milestone
  • The Hawaii 0.2.0 desktop environment based on Qt and Wayland was released
  • The Linux kernel sources will no longer be supplied bzipped
  • The debate on init scripts for Debian is ongoing

And some fun stuff:

  • Creating the Simpsons in CSS
  • Solo from Sultans of Swink on the ukulele
  • The trailer for Kung Fury is so good that the first stage of their Kickstarter is funded!
  • And finally, a skill everyone should have… How to break an apple in half with your bare hands!

Interesting Links – October 2013

A bit late this month… Tough!

  • The SUSE team developed an AArch64 port for QEMU
  • Using XMir by default was abandoned at the last minute for Ubunutu 13.10, and here is some discussion the issues it has
  • The X.Org foundation is a registered 501(c)(3) again
  • Work has started on an embedded JIT for GCC , and some python bindings appeared.
  • Firefox is getting its own flash player
  • Google is offering rewards for security issue in a range of core free software.
  • The 3.0 linux kernel has had 100 patches released!
  • Debian Jessie has its freeze announced – for a years time…
  • Fedora is doing its usual slip in its release timeframe
  • Android 4.4 (Kit Kat) is out – somebody get the update to my Nexus 7…
  • Debian is choosing its next init system, which of course resulted in some back and forth
  • The beginnings of a rust frontend for gcc
  • Lots of compiler features coming for gcc and llvm
  • Surely automatic wordpress updates can only end in disaster!
  • Fedora are moving towards Python 3 as the default – sort of… (/usr/bin/python will stay python2)
  • Binutils and gdb moved to git
  • How to debug stack protector failures
  • Video of the kernel developer panel at LinuxCon + CloudOpen Europe 2013

And some space stuff I liked this month:

Fitocracy

Tweet

Whoever was in charge of the Fitocracy update is going to be in trouble. An update a 6am on a Saturday going bad… Who would have guessed!

Posted in Tweet on by Allan Comments Off

Comparison of Security Issue Handling

More follow-up from the afore mentioned Frostcast featuring Manjaro developer Philip Müller. Just past the 16 minute mark.

We learn and everyone makes mistakes. And the new server change every package is new synced from Arch Linux so there is no security issues. … We sync daily so if there is any problems with our system it’s ninety percent from Arch itself, so I don’t know why they bash us.

I am not going to claim Arch is the bastion of all things security – in fact I know Arch is far from perfect here – but Manjaro claiming that they are on par with Arch is wrong. Saying “we sync daily” is frankly deceptive. The daily syncs are to the Manjaro unstable branch, so packages can take a while to reach the stable branch where the vast majority of users get the package. As I have pointed out previously, Arch does not separate out security updates from plain upstream updates, so when Manjaro holds back updates on the unstable branch in the name of stability, they are also holding back security fixes. The updates need monitored for security fixes and either 1) pushed more quickly to the users, or 2) have the fixes backported to the “stable” packages.

But, lets use an example, because facts are good. Recently there was an privilege escalation issue found in polkit. This was made public on 2013-09-18. And over the next couple of days there were a lot of distribution updates to fix this issue. So, I have not picked an obscure bug given the number of distros dealing with the issue, and it is a privilege escalation one (potentially with proof-of-concept available, although I have not checked that out). Lets compare the Arch and Manjaro response to this issue by monitoring the location of the polkit-0.112 package:

Date Arch Manjaro
2013-09-18 Testing -
2013-09-19 Stable -
2013-09-20 Stable Unstable
2013-09-21 Stable Unstable
2013-09-22 Stable Unstable
2013-09-23 Stable Unstable
2013-09-24 Stable Unstable
2013-09-25 Stable Unstable
2013-09-26 Stable Unstable
2013-09-27 Stable Unstable
2013-09-28 Stable Testing
2013-09-29 Stable Testing
2013-09-30 Stable Testing
2013-10-01 Stable Stable

I will admit that this is actually better than I thought it would be… I thought packages stayed longer in Manjaro’s testing repositories to catch bugs. Then again, I noticed that there are packages that were pulled into Manjaro from Arch and put into their stable repos within ten minutes, including packages in the [core] repo, so I’ll assume that the testing that occurs in the Unstable and Testing branches is rather limited. (Evidence: pool/ directory with timestamp file was synced from Arch, stable/extra/x86_64/ directory with repo database timestamp.)

In summary, the indiscriminate holding back of all updates in the name of testing(?) is why I “bash” Manjaro security. With this system, Manjaro is always running behind Arch, so claiming the Manjaro security issues are “ninety percent from Arch itself” is full of… optimism. And before the “leave Manjaro alone” comments, I will stop posting about it when I have no need to correct such false statements.

Interesting Links – September 2013

Lets list some links!

  • Linux From Scratch 7.4 is released
  • Fedora was announced ten years ago
  • Looking at binary differences between ScientificLinux and CentOS
  • The is a project trying to get fully reproducible builds in Fedora
  • FreeBSD moved away from GCC
  • The HURD saw some updates to celebrate 30 years of GNU
  • GNOME-3.10 was released
  • And GNOME Shell should do Wayland type stuff
  • An update about Wayland on Fedora
  • OpenZFS was announced
  • Binutils-2.24 has branched
  • SteamOS was announced
  • I found this discussion of using pip vs apt for managing python libraries interesting
  • Speaking of package managers, here is a new one (with poor mans PKGBUILDs)
  • Quickoffice is free for all!
  • Will openSUSE use BTRFS by default?
  • The GTK Broadway backend looks interesting
  • An interview with Manjaro people
  • libc++ has full C++11Y (draft) support
  • Bug trackers are where you file bug reports
  • Make YouTube buffer your videos when paused
  • Linus got grumpy again…
  • This patch caused some controversy

And some fun…

  • Get ~1000 people to play Super Mario Bros and watch the differences
  • I would enjoy some taps running beer

Pacman Translations

I was listening to Frostcast in the background today when I heard my name. That always makes me pay some attention. Then I heard wrong information. I don’t know why I care, but I do… so here goes the clarification.

The quote from Philip Müller at 14:35 into the podcast:

The lastest news was Allan McRae – he is a developer of pacman himself – he sent me an email to send over all the translations of Manjaro distribution does. So I forked pacman, and pacman itself has 20 translations and our branch has 44 translations of the same software so Arch Linux is asking us to be upstream and give them our translations…

OK… This is interesting. Time for some background here. When pacman-4.1 was released, we removed the broken SyncFirst option. This is needed by Manjaro Linux to run their update helper script that “fixes” the update process to remove any manual interventions. So Manjaro reverted our patch and brought back SyncFirst to pacman. That required three additional strings to be translated for their version of pacman so they also forked our translation project on Transifex.

As the Arch and Manjaro versions of these projects had started to diverge, I wrote to Phil noting that people were doing more than just translating those three additional strings, and it would be good if the translators were pointed at the Arch project so we all benefited, given the Arch project is the one the pacman developers set up.

Lets compare the status of the Arch and Manjaro translations as of 2013-09-24. There are 24 languages with complete translations in the Arch projects, and being nice and ignoring the additional three strings in the Manjaro project, they have 23. (Of those 23, only 6 actually have the additional three Manjaro strings translated). What are the differences? Manjaro has a complete Hungarian translation while Arch has complete Korean and Romanian translations. The Arch Hungarian translation is at 99%, while the Manjaro Korean and Romanian are at 21% and 62% respectively. So it is clear these languages have diverged since the split, with most of the work done in Arch.

Of the remaining languages with incomplete translations, Manjaro has 19 languages, while Arch has 15. Clearly not a total difference of 20 to 44 languages as claimed. Looking at these in more detail, 9 languages have not deviated between the two projects. The Arabic, Chinese (Taiwan), Dutch, Galician, Polish, Serbian (Latin) translations have all got additional translations in the Arch project since the split with the Manjaro project. So apart from languages that have been have had translations started in Manjaro but not in Arch, the Arch project is behind in 3 strings for the Hungarian language.

Maybe where the Arch translation project for pacman could gain is from the new languages in the Manjaro translation: Czech (Czech Republic) [99%], Bulgarian (Bulgaria) [62%], Uzbek [14%] and Danish (Denmark) [3%]. Also note that 3/4 of those languages have a sub-name there. Taking “Danish (Denmark)” as an example, there is already a “Danish” translation (language code: da) and this is adding a Denmark specialization (language code: da_DK). I might be entirely wrong here, but are there other variants of Czech, Bulgarian and Danish apart from their primary usage, or are these exactly the same and the work is just being repeated?

In summary, the translation project set up by the pacman developers is, and will remain, the upstream translation. I just approached Manjaro to send their translations our way so we would both benefit. Arch from (potentially) more translations, and it would be easier for Manjaro to merge their string translations without ending up removing several hundred perfectly good translations.