Updating packages with reprepro

There are hundreds of reprepro guides out there, but scant few about how to update a package on a deb repository.

To start, when you add a package you do this:

reprepro -b /repopath includedeb wheezy package_1.0.0_arch.deb

To update, you don’t need to delete the previous, you just add the next version:

reprepro -b /repopath includedeb wheezy package_1.0.1_arch.deb

Assuming its recognised as a new version of a previously included package, you’ll get the following message:

Deleting files no longer referenced...

Lee Kuan Yew 1923–2015

Lee Kuan Yew

Australia’s mandatory data retention scheme

Yesterday, Australia’s surveillance tax has passed the lower house in an arrogant display of opaqueness, both from the Government that proposed it, to our supposed centre left opposition. Thanks, Bill Shorten.

The good news is Labor was listening. From ABC’S PM programme last night:

NAOMI WOODLEY: The Federal Opposition didn’t support the gag motion to bring debate to an end, but it does now support the bill, after days of negotiations over amendments to the original plan.

Labor’s communications spokesman, Jason Clare, explains why they pressed for government agencies to require a warrant

Whew, what a relief. By requiring a warrant to access this surveillance data, the rule of law, and innocence until proven guilty has been maintained.

before accessing the metadata of journalists

Oh for Pete’s sake.

I reckon “protecting journalistic sources” will go down as the Red Herring of 2015 Australian politics. Cynicism about journalists covering themselves aside, why was the safety of journalists paraded above everyone else?

Fortunately, in our increasingly misnamed House of Representatives, independents and Greens asked the obvious.

ANDREW WILKIE: What’s so special about journalists that only they get protection but not lawyers, not doctors, not members of parliament, not priests perhaps?

MALCOLM TURNBULL: That privilege attaches to the content and the content is not dealt with here. We are literally only talking about the metadata which would indicate that person A or telephone A called telephone number B.

For the inventor of Australian internet to not be aware of the implications of this floors me. Or he and his cabinet does know, but they’re not telling us.

What we do know is Labor and the Coalition worked in cahoots to get this passed, with as little time for public scrutiny as possible. Or as one of the other voices of reason in the lower house put it:

ADAM BANDT: On an issue as serious as giving security agencies additional rights and powers over people’s smart phones and internet records – they’re saying just trust us because we did a deal last night. Even though we’ve been talking about that for weeks, even though the reports been out there for weeks, we wouldn’t deign to circulate these amendments to you so that you can form a view on them – just trust us.

In the words of George Carlin, “trust is not automatic. It’s earned, and based on performance”.

Either way, I’m predicting a bonanza for VPN providers. I’ve already spun up a VyOS instance overseas.

Goodbye, @GigaOm

Om Malik mocking John C. Dvorak on Cranky Geeks 162

Much to my dismay, GigaOm has been forced to shut down. Om Malik wrote a beautiful piece on his blog about it, which I encourage you to read.

My comment on the last post:

Like many of you I’m sure, I first heard of GigaOm through Om Malik’s appearances on the Cranky Geeks podcast. It already seems like a different world without it.

I’ve seen plenty of news sites whither and close, but this one hurts. In a sea of sensationalist click-bait, GigaOm was a place of calm reason. As I pointed out here several years ago, this was reflected in the relative civility of comments compared to other news sites (you know the ones of which I refer).

Om Malik, Matthew Ingram, Kevin C. Tofel, Sebastian Rupley, Barb Darrow… and everyone else whom I’ve come to respect through your writing, all the best and thank you for your hard work <3

Among my last memories of living in Singapore were sitting at a now-defunct bakery and cafe near the river, watching Cranky Geeks and reading GigaOm in Google Reader. I rarely bothered with other blog networks, for the reasons I mentioned above. Of all his articles, Slide, Vic Gundotra & The Un-Social Reality of Google is still among my favourites.

As I wrote in 2009, on the 8th anniversary of the site:

Saying Om Malik is the saving grace of tech network blogging that is mostly populated with loud but homogenous material may be overstating the case, but nonetheless it’s been a pleasure to be subscribed to his network of sites over the years.

I also acknowledge though that the media landscape has since changed. More people are going indie again on their own domains, instead of writing for large blog networks, which I think is a good thing. Hopefully I’ll be able to keep following the gang in other places.

Posts about GigaOm on Rubénerd

NetScaler on open source Xen

NetScaler is a commercial “application delivery controller” by Citrix. Official support exists for XenServer, ESXi and HyperV, but I couldn’t find any information on running it on open source Xen.

While not officially supported, it does run. Broadly:

  1. Download the official XenServer image (or any other, really)
  2. Use a tool like xva-img to convert it to a raw image, or qemu-img convert for VMDK and HyperV
  3. dd across to an lvm, or leave as is
  4. Boot Xen, and enjoy

Related post: Build and use xva-img to extract raw images.


If you run this, chances are you’ll get the following page fault.

xenbusb_front0: <Xen Frontend Devices> on xenstore0

Fatal trap 12: page fault while in kernel mode
cpuid = 0; apic id = 00
fault virtual address   = 0xffffff01173678bf
fault code              = supervisor write data, page not present
instruction pointer     = 0x20:0xffffffff80870e68
stack pointer           = 0x28:0xffffffff963768a0
frame pointer           = 0x28:0xffffffff963768e0
code segment            = base 0x0, limit 0xfffff, type 0x1b
                        = DPL 0, pres 1, long 1, def32 0, gran 1
processor eflags        = interrupt enabled, resume, IOPL = 0
current process         = 0 (swapper)
cpu 0 [thread pid 0 tid 100000 ]
Stopped at      split+0x28L     movb    $0,(%rcx,%rdi,1)

Our internal kernel developer pointed to this specific Xen driver patch, but the problem persisted.

Turns out, I’d merely starved it of CPU cores. As networking increases in speed, many load balances and orchestration systems dedicate a CPU for the networking stack. Provision with two cores (minimum) and 4GiB of memory minimum, and you shouldn’t have trouble.

Leonard Nimoy

How would a human so express the feelings and behaviour of a vulcan with suppressed emotions? Or even one who has the additional complication of being half human, half vulcan? There was only one human who could have done this, and it was Leonard Nimoy.

I was born too late to have watched the original series or movies as they came out, but that didn’t stop me watching them all on a near infinite loop. There was something supremely comforting to my teenage nerd psyche to see this outsider in a crew of humans so gracefully handle adversity.

He struck a chord with me, and I’m sure most of you, that few actors have. He was absolutely brilliant, and I’ll miss him dearly.

The consensus seems to be the Wrath of Khan was his greatest appearance, but I’ll remember him the most from The Voyage Home. His wanderings around 1980s San Francisco, replete with his headband to disguise his pointy ears, was just so good. I’ll be asking Clara if she’s interested in watching it this weekend.

As that billboard floating around Twitter said: he did.

Using USB 3.0 drives in VirtualBox, kinda

For much of the morning, I’d been battling with a Windows 7 Enterprise guest on a VirtualBox Mac. For some reason, Windows 7 gave this all too familar warning when attaching an external USB notebook hard drive:

USB Device Not Recognized
One of the USB devices attached to your computer has malfunctioned, and Windows does not recognize it. For assistance in solving this problem, click this message.

So much changes, so much stays the same.

At first, I assumed it was because I’d forgot to install the Oracle VM VirtualBox Extension Pack. Alas, installing this, enabling the USB 2.0 controller in the Ports screen, rebooting the VM into safe mode, and reinstalling the Additions didn’t fix it.

Turns out, I was using the USB 3.0 controller with VirtualBox, which is unsupported. The good news is TBFed (up?) offered a workaround on the issue’s bug report:

One of the comments in the thread made me think of my old 4-port USB connector. So I plugged IT in to the mac, and plugged the USB3 drive into IT — anv voila, the VM sees it and can do whatever it wants to with it!

Unfortunately, I only had an unpowered USB 2.0 hub, which didn’t provide sufficient power to the drive, even when it was the sole device. If the point was to expose it as a USB 2.0 device though, would using a USB 2.0 micro connector work?

Sure enough, after doing this the Windows 7 guest could detect the drive, install drivers and mount as normal.

It’s curious that VirtualBox detects and allows USB 3.0 devices to be added to the USB filter, despite not supporting it.

Embeddable OpenStreetMaps

View larger map

OpenStreetMap is among the most valuable and wonderful online collaborative projects. They were available in Singapore and Australia before Google Maps were, and have always had superior walking and bike trails. Apple uses it as a map data source, and in several of their applications.

I hadn’t noticed, but there’s an online render at OpenStreetMap.org. Better still, you can now embed them in your pages. As an example, enclosed is a map of Funan Centre (now the “DigataLife Mall”, and once the “IT Mall”). Welcome to where I spent my entire childhood!

Fixing Fastmail calendars in iOS

Fastmail announced free calendars for most of their customers last year. I’ve hosted my own email, webdav and caldav servers long enough to not want to do either anymore, so this sounded great.

Problem was, their instructions for iOS never worked. I’d set my server as caldav.messagingengine.com, with my Fastmail username+domain and password, but it would result in the equivalent of 404 errors.

On a hunch today, I created a calendar entry in their web UI first. From days of self hosting, I know you need a calendar file to connect to. Sure enough, I can now access the calendar from iOS.

I’ll be in contact with the Fastmail folks about updating their support pages to reflect this.

Lenovo’s response to #Superfish

In response to the Superfish scandal, Lenovo has released a statement.

Superfish was previously included on some consumer notebook products shipped in a short window between September and December to help customers potentially discover interesting products while shopping. However, user feedback was not positive, and we responded quickly and decisively [.]

It reads like that Orwellian Firefox post, where they proclaimed ads were a “Publisher Transformation with Users at the Center”. Lenovo didn’t inject ads, they provided exciting retail opportunities.

At least they acknowledge the response. Here’s where the marketing doublespeak gets into more dangerous territory.

We have thoroughly investigated this technology and do not find any evidence to substantiate security concerns. But we know that users reacted to this issue with concern, and so we have taken direct action to stop shipping any products with this software. We will continue to review what we do and how we do it in order to ensure we put our user needs, experience and priorities first.

No evidence to substantiate security concerns? Do they really not know how SSL/TLS and public key crypto works? Either they genuinely don’t know, or they do know but don’t want to disclose. “Continue to review” also doesn’t instill much confidence; it leaves the door open for further shenanigans.

But for the sake of their users, this is the worst line.

Users are given a choice whether or not to use the product.

This statement wasn’t an apology. It was an obfuscated defence, with a little victim blaming, and a non-legally-binding assurance it won’t happen again.

You are on page 1 of 434. Where to now?