Petter Reinholdtsen

On Wednesday I had the pleasure of attending a presentation organized by the Norwegian Unix Users Group on implementing RISC-V using a small FPGA. This project is the result of a university teacher wanting to teach students assembly programming using a real instruction set, while still providing a simple and transparent CPU environment. The CPU in question implements the smallest set of opcodes needed to still call the CPU a RISC-V CPU, the RV32I base set. The author and presenter, Kristoffer Robin Stokke, demonstrated how to build both the FPGA setup and a small startup code providing a "Hello World" message over both serial port and a small LCD display. The FPGA is programmed using VHDL, the entire source code is available from github, but unfortunately the target FPGA setup is compiled using the proprietary tool Quartus. It is such a pity that such a cool little piece of free software should be chained down by non-free software, so my friend Jon Nordby set out to see if we can liberate this small RISC-V CPU. After all, it would be unforgivable sin to force students to use non-free software to study at the University of Oslo.

The VHDL code for the CPU instructions itself is only 1138 lines, if I am to believe wc -l lib/riscv_common/* lib/rv32i/*. On the small FPGA used during the talk, the entire CPU, ROM, display and serial port driver only used up half the capacity. These days, there exists a free software toolchain for FPGA programming not only in Verilog but also in VHDL, and we hope the support in yosys, ghdl, and yosys-plugin-ghdl (sadly and strangely enough, removed from Debian unstable) is complete enough to at least build this small and simple project with some minor portability fixes. Or perhaps there are other approaches that work better? The first patches are already floating on github, to make the VHDL code more portable and to test out the build. If you are interested in running your own little RISC-V CPU on a FPGA chip, please get in touch.

At the moment we sadly have hit a GHDL bug, which we do not quite know how to work around or fix:

******************** GHDL Bug occurred ***************************
Please report this bug on https://github.com/ghdl/ghdl/issues
GHDL release: 5.0.1 (Debian 5.0.1+dfsg-1+b1) [Dunoon edition]
Compiled with unknown compiler version
Target: x86_64-linux-gnu
/scratch/pere/src/fpga/memstick-fpga-riscv-upstream/
Command line:

Exception CONSTRAINT_ERROR raised
Exception information:
raised CONSTRAINT_ERROR : synth-vhdl_expr.adb:1763 discriminant check failed
******************************************************************

Thus more work is needed. For me, this simple project is the first stepping stone for a larger dream I have of converting the MESA machine controller system to build its firmware using a free software toolchain. I just need to learn more FPGA programming first. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

I samarbeid med foreningen NUUG og Free Software Foundation Europe lanseres min siste bok «Ada og Zangemann - En fortelling om programvare, rullebrett og bringebæris» med en slippfest i Oslo førstkommende lørdag. NUUG-arrangementet er del av FSFEs «I Love Free Software Day» og finner sted på Cafe Amsterdam klokken 14:00 førstkommende lørdag 2026-02-14, der en kan møte i hvert fall noen av oversetterne og ta en titt på fysiske eksemplar av boken.

Digital selvråderett blir i disse dager viktigere og viktigere for flere og flere, og boken gir en fin introduksjon til hvordan kontroll over eget utstyr er viktig slik at selv barn og besteforeldre kan forstå det. Ses vi på lørdag?

Jeg tenker ta med mine eksemplarer av de øvrige bøkene jeg har gitt ut, hvis noen vil ta en titt på disse, men har desverre ingen eksemplarer til salgs.

Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner til min adresse 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b. Merk, betaling med bitcoin er ikke anonymt. :)

Tilbake i november 2023 oppdaget jeg boken Ada & Zangemann, skrevet av Matthias Kirschner og illustrert av Sandra Brandstätter, og fikk med en gang lyst til å sikre at den også var tilgjengelig for et norsk publikum.

Barne- og ungdomsboken Ada & Zangemann forsøker å inspirere til digital selvråderett, kontroll over egne dingser og demonstrere hvor viktig det er å ha rett til å reparere og forbedre eget utstyr. Den forteller historien om hvordan Ada og vennene hennes protesterer på at kun en enkelt person skal kunne bestemme hvordan datamaskiner og dingser brukes.

Jeg tok med en gang kontakt med forfatteren og sjekket ut git-depotet med manuskriptet for å se hva som skulle til for å lage bokmålsutgave. Før jeg ville gå igang med å oversette boken så ønsket jeg å endre byggeprosessen for HTML- og PDF-utgavene, for å forenkle oversetterprosessen oversette og gjøre det mulig å holde rede på hvordan oversettelsen stemte med originalen og andre språk. Jeg sendte inn et endringsforslag som tok i bruk gettext PO-filer til å vedlikeholde oversettelser, opprette PO-filer for eksisterende oversettelser som ble godt mottatt. Sammen med Nico Rikken fra Nederland har vi skrevet om hele bokbyggeprosessen som nå bruker Docbook XML som automatisk omformes til Scribus XML og direkte til HTML for typesetting og nettsidepublisering. Dette gjøres enten direkte eller kombinert med oversettelser i PO-format til oversatt utgave.

Med dette på plass kunne så oversetterarbeidet endelig gå i gang på oversetternettstedet Weblate.

Til selve oversetterarbeidet fikk jeg god hjelp av et par andre dugnadsarbeidere, Hagen Echzell og Henrik G. Sundt, som både har hjulpet til med å oversette fra den engelske oversettelsen og samkjørt den norske oversettelsen med den tyske originalen. Uten hjelp fra disse hadde boken ennå ikke vært ferdig.

Oversettelsen og boken var egentlig ferdig i desember, men takket være noen påkrevde tekniske endringer i siste liten for å sikre at manuskriptet var i tråd med kravene fra Lulu for bokhandeldistribusjon er det først nå på nyåret at den er tilgjengelig for et videre publikum. Resultatet er at jeg i dag er veldig glad for å kunne annonsere at bokmålsoversettelsen er klar og tilgjengelig for bestilling på papir via lulu.com. Den kringkastede bokinformasjonen ser slik ut:

Oppfinneren Zangemann er verdenskjent og uhorvelig rik. Både voksne og barn elsker hans fantastiske tekniske oppfinnelser. Men en dag er det et problem: barnas elektroniske rullebrett virker ikke lenger som de skal. Hva er det som skjer? Den nysgjerrige jenta Ada innser hva som foregår. Sammen med sine venner eksperimenterer hun med maskin- og programvare, og barna lager en plan: Zangemann kan ikke lenger være den eneste som kontrollerer dingsene!

En bok som vekker interessen for fikling og oppmuntrer til å forme teknologien.

En ide fra forfatteren, som han forklarte hadde vært brukt med hell i andre land, var å oppfordre folk til å kjøpe et eksemplar og donere til sitt lokale bibliotek. Det høres ut som en god ide, og jeg vil herved oppfordre alle som synes boken er flott og fortjener et større publikum til å bestille et eksemplar ekstra og donere det til et bibliotek som mangler boken i samlingen sin. Hvis du bestemmer deg for å gjøre dette, send meg gjerne en epost (pere-adazangemann (at) hungry.com) om dette med informasjon om hvilket bibliotek du har tenkt å gi boken til, så skal jeg vedlikeholde en liste over biblioteker som har fått boken til sin samling og slik gjøre det enklere å se om ditt bibliotek trenger en bok.

Bokens bruksvilkår er Creative Commons Attribution-ShareAlike 4.0 International, som lar alle dele og endre på både råfiler og det ferdige resultatet, så lenge alle som mottar innholdet kan gjøre det samme. Overskuddet fra salg av boken går til FSF Europe, en forening for å fremme fri programvare der forfatteren er president.

Vi håper å å lansere boken med et sosialt arrangement, for eksempel en høytlesning eller lignende, og å se om vi kan få forfatteren til Norge for å fortelle mer om boken. Foreningen NUUGs leder Thomas Hansen ser på hva som er mulig å få til der. Ta gjerne kontakt på epost hvis du for eksempel er en bokhandler, lærer eller bibliotekar og er interessert i et slikt arrangement for å spre ordet om boken.

Neste steg for min del er å se om vi kan få på plass flere språkutgaver av boken, i første omgang en nynorsk utgave. Første utkastet for nynorsk oversettelse er klar, men det trengs (antagelig en god del) korrekturlesing før den er klar til utgivelse. Jeg har også en kamerat som er interessert i å bidra til en arabisk utgave. Der også gjenstår det mest korrekturlesing, men også endel teknisk arbeide med typesettingsverktøyet Scribus for å håndtere tekst som flyter fra høyre mot venstre. Hvis du er interessert i å bidra til flere språkutgaver, ta en titt på Weblate-prosjektet og ta kontakt på epost. Det er også en animasjonsfilm med norsk tale på trappene, som vi håper lansere i løpet av våren.

Som vanlig, hvis du bruker Bitcoin og ønsker å vise din støtte til det jeg driver med, setter jeg pris på om du sender Bitcoin-donasjoner til min adresse 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b. Merk, betaling med bitcoin er ikke anonymt. :)

I guess it is about time I posted a new summary of the free software and open culture activites and projects I have been involved in the last year. The days have been so packed the last year that I have failed with my intention to post at least one blog post per month, so this summary became rather long. I am sorry about this.

This year was the year I got tired of the lack of new releases of the multimedia related libraries published via Xiph, and I decided to wrap up the current state and make the releases myself. In a burst of activity early this year, I collected and tested patches, coordinated with other developers and finally made new tarballs and release announcement for theora, and new tarball releases for liboggz, kate and fishsound. This upstreamed several patches accumulated in Debian and other Linux distributions for the last 15 years or so.

To change the world and the future, it is important to start with the kids, and one such avenue of change have been created by the current president of FSF Europe, Matthias Kirschner. He wrote a book for children, Ada & Zangemann, and I have been involved in its translation framework for the entire year. The source code has been transformed to Docbook and I have been conducting and coordinating translations into Norwegian Bokmål and Nynorsk, as well as preparing paper editions of the book and an animation movie with Norwegian voices. The Bokmål edition is very close to ready, and will be available early in 2026, and the movie release will follow shortly after this. I intend announce this on my blog and elsewhere when this happen. Please get in touch if you want to help spread the word about this book in Norwegian. I hope we can get the author to Norway when making the Norwegian releases.

This year I continued a push for the system I made a few years ago to improve hardware dongle handling on Linux. The Isenkram system use hardware mapping information provided by relevant packages using the AppStream system to propose which Linux distribution packages to install on a given machine to support dongles like cameras, finger print readers, smart card readers, LEGO controllers, ECC memory and other hardware. I have followed up on the list of packages providing such mapping, either to get it into Debian or to upstream the necessary metadata. I am not sure if we are at a point where package maintainers on their own add such information to their packages, but there are Debian lintian reports suggesting it and I have send patches to all packages I am aware of that should include such mappings. Most of the patches are included in Debian now, only 27 was left the last time I checked.

As part of my involvement with Debian, I continued my push to get all orphaned packages without a version control repository migrated to git. I am not sure how many packages I went through, but it was in the range of 200-300 packages. In addition to this I updated, sponsored, pushed maintainers for updates upstreamed patches for and fixed RC issues with battery-stats, bs1770gain, isenkram, libonvif, mfiutil, opensnitch, simplescreenrecorder, vlc-plugin-bittorrent and wakeonlan. I've also followed up LEGO related packages, dahdi support for Asterisk, llama.cpp and whisper.cpp in particular for the AMD GPU I was donated by AMD, as well as tried yet again to convince the upstream developers of the photogrammetric workstion e-foto to get their program into a state that could be included in Debian.

As I do not buy into the story that it is great to expose oneself to the whims of and priorities of commercial entities to have access to cultural expressions like films and music, I still maintain a huge collection of movies. For this to work well, I have ended up as part of the people maintaining lsdvd upstream and wrapped up a new release fixing several crash bugs caused by DVDs with intentionally broken metadata, and introduced code to list a DVD ID in the lsdvd output. Related to this, I have also worked some add-ons for my main video and music player, and took over upstream maintenance of the Invidious add-on, which sadly stopped working for non-authenticated users when web scrapers made it impossible for Invidious installations to provide a open API, as well as contributed to the NRK and projector control add-ons.

As part of my involvement in the Norwegian archiving community and standardisation work, we organised a Noark 5 workshop this spring discussing how to decide what to keep and what to delete in digital archives. We finally managed to apply for Noark 5 certification for the free software archive API Nikita, as well as worked to test and improve the performance of Nikita together with people on my day job at the university.

Manufacturing using Free Software is still a focus for me, and I have continued my involved with the LinuxCNC community, organising a developer gathering this summer with the help and sponsoring from the initial start in 2023 from NUUG Foundation and sponsoring from Debian and Redpill-Linpro. We plan to repeat the event also in 2026, but this time NUUG Foundation have told us they do not want a role, so we have found another friendly organisation to handle the money.

A popular machine controller with LinuxCNC is the MESA set of electronics, which is centred around a FPGA which now can be programmed using only Free Software. We discussed during this summers gathering how hard it would be to compile the current FPGA source using a Free Software tool chain, and I started looking into this, locating tools to transform the VHDL source into something the Yosys tool chain can handle. Still lot to do there, and I hope to get further next year.

An important part of Free Software manufacturing is the ability to design parts and create programs that can be passed to machines making parts, also known as CAD/CAM. The most prominent project for this is FreeCAD, and I have been both pushing to get opencamlib integrated with it in Debian as well as fixing bugs in the handling of Fanuc controlled machines, do make it easier to generate instructions for machines I have access to. I expect to also continue this also next year.

This year the UN conference Internet Governance Forum (IGF) was held in Norway, and I tried my best to get a stand for the Norwegian Unix Users Group (NUUG) there. Sadly the effort failed, due to lack of interest with the NUUG Board, but I was happy to see several members at least attend some of the activities related to IGF. Sadly to participate at IGF one need to hand over quite private information, so I decided not to participate in any of the closed forum events myself. Related to NUUG I have been a member of the election board proposing board member candidates to the general assembly, and been part of the program committee of the "Big Tech må vekk" (Big Tech must go away) festival organised by Attac in concert with NUUG and EFN. I've also assisted the Norwegian open TV channel Frikanalen with access to their machines located in a machine room at the university.

Related to the University, I have become involved in a small team of students working to build and program robots for the Robocup@Home competition. For 2026 we also plan to use the new features of FreeCAD to make parts for the open hardware robot arm OpenArm. This is also the group that will handle the money for the LinuxCNC gathering in 2026. Also related to the university I was looking into the Linux security auditing system Falco earlier this year, making improvements to the detection rules. This activity is on hold at the moment, and do not expect to continue with this in 2026.

I will most likely have to cut down a bit on my free software and open culture activities going forward, as NUUG Foundation, who have funded one day a week for such activities for several years no, sadly have decided they do not want to continue doing this. I am very grateful for their contributions over the years, both with freeing up time for me and supporting several events and projects where I have been involved or taken the initiative on. Now they are reorganizing with more focus on paperwork and applications.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

After some days of effort, I am happy to report that the great interactive application firewall OpenSnitch got a new version in Trixie, now with the Linux kernel based ebpf sniffer included for better accuracy. This new version made it possible for me to finally track down the rule required to avoid a deadlock when using it on a machine with the user home directory on NFS. The problematic connection originated from the Linux kernel itself, causing the /proc based version in Debian 12 to fail to properly attribute the connection and cause the OpenSnitch daemon to block while waiting for the Python GUI, which was unable to continue because the home directory was blocked waiting for the OpenSnitch daemon. A classic deadlock reported upstream for a more permanent solution.

I really love the control over all the programs and web pages calling home that OpenSnitch give me. Just today I discovered a strange connection to sb-ssl.google.com when I pulled up a PDF passed on to me via a Mattermost installation. It is some times hard to know which connections to block and which to go through, but after running it for a few months, the default rule set start to handle most regular network traffic and I only have to have a look at the more unusual connections.

If you would like to know more about what your machines programs are doing, install OpenSnitch today. It is only a apt install opensnitch away. :)

I hope to get the 1.6.9 version in experimental into Trixie before the archive enter hard freeze. This new version should have no relevant changes not already in the 1.6.8-11 edition, as it mostly contain Debian patches, but will give it a few days testing to see if there are any surprises. :)

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Sadly, the interactive application firewall OpenSnitch have in practice been unmaintained in Debian for a while. A few days ago I decided to do something about it, and today I am happy with the result. This package monitor network traffic going in and out of a Linux machine, and show a popup dialog to the logged in desktop user, asking to approve or deny any new connections. It has proved very valuable in discovering programs calling home, giving me more control of how information leak out of my Linux machine.

So far the new version is only available in Debian experimental, but I plan to upload it to unstable as soon as I know it is working on a few more machines, and make sure the new version make it into the next stable release of Debian. The package freeze is approaching, and it is not a lot of time left. If you read this blog post, I hope you can be one of the testers.

The new version should be using eBPF on architectures where this is working (amd64 and arm64), and fall back to /proc/ probing where the opensnitch-ebpf-modules package is missing (so far only armhf, a unrelated bug blocks building on riscv64 and s390x). Using eBPF should provide more accurate attribution of packages responsible for network traffic for short lived processes, which some times were unavailable in /proc/ when opensnitch tried to probe for information. I have limited experience with the new version, having used it myself for a day or so. It is easily backportable to Debian 12 Bookworm without code changes, all it need is a simple 'debuild' thanks to the optional build dependencies.

Due to a misfeature of llc on armhf, there is no eBPF support available there. I have not investigated the details, nor reported any bug yet, but for some reason -march=bpf is an unknown option on this architecture, causing the build in the ebpf_prog subdirectory build to fail.

The package is maintained under the umbrella of Debian Go team, and you can meet the current maintainers on the #debian-golang and #opensnitch IRC channels on irc.debian.org.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

A few months ago, I found myself in the unfortunate position that I had to try to recover the password used to encrypt a Linux hard drive. Tonight a few friends of mine asked for details on this effort. I guess it is a good idea to expose the recipe I found to a wider audience, so here are a few relevant links and key findings. I've forgotten a lot, so part of this is taken from memory.

I found a good recipe in a blog post written in 2019 by diverto, titled Cracking LUKS/dm-crypt passphrases. I tried both the john the ripper approach where it generated password candidates and passed it to cryptsetup and the luks2jack.py approach (which did not work for me, if I remember correctly), but believe I had most success with the hashcat approach. I had it running for several days on my Thinkpad X230 laptop from 2012. I do not remember the exact hash rate, but when I tested it again just now on the same machine by running "hashcat -a 0 hashcat.luks longlist --force", I got a hash rate of 7 per second. Testing it on a newer machine with a 32 core AMD CPU, I got a hash rate of 289 per second. Using the ROCM OpenCL approach on the same machine I managed to get a hash rate of 2821 per second.

Session..........: hashcat                                
Status...........: Quit
Hash.Mode........: 14600 (LUKS v1 (legacy))
Hash.Target......: hashcat.luks
Time.Started.....: Tue Apr  8 23:06:08 2025 (1 min, 10 secs)
Time.Estimated...: Tue Apr  8 23:12:49 2025 (5 mins, 31 secs)
Kernel.Feature...: Pure Kernel
Guess.Base.......: File (/usr/share/dict/bokmål)
Guess.Queue......: 1/1 (100.00%)
Speed.#1.........:     2821 H/s (8.18ms) @ Accel:128 Loops:128 Thr:32 Vec:1
Recovered........: 0/1 (0.00%) Digests (total), 0/1 (0.00%) Digests (new)
Progress.........: 0/935405 (0.00%)
Rejected.........: 0/0 (0.00%)
Restore.Point....: 0/935405 (0.00%)
Restore.Sub.#1...: Salt:0 Amplifier:0-1 Iteration:972928-973056
Candidate.Engine.: Device Generator
Candidates.#1....: A-aksje -> fiskebil
Hardware.Mon.#1..: Temp: 73c Fan: 77% Util: 99% Core:2625MHz Mem: 456MHz Bus:16

Note that for this last test I picked the largest word list I had on my machine (dict/bokmål) as a fairly random work list and not because it is useful for cracking my particular use case from a few months ago.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Following the 1.2.0beta1 release two weeks ago, a final 1.2.0 release of theora was wrapped up today. This new release is tagged in the Xiph gitlab theora instance and you can fetch it from the Theora home page as soon as someone with access find time to update the web pages. In the mean time (automatically removed after 14 days) the release tarball is also available as a git build artifact from CI build of the release tag.

The list of changes since The 1.2.0beta release from the CHANGES file in the tarball look like this:

libtheora 1.2.0 (2025 March 29)

• Bumped minor SONAME versions as oc_comment_unpack() implementation changed.
• Added example wrapper script encoder_example_ffmpeg (#1601 #2336).
• Improve comment handling on platforms where malloc(0) return NULL (#2304).
• Added pragma in example code to quiet clang op precedenca warnings.
• Adjusted encoder_example help text.
• Adjusted README, CHANGES, pkg-config and spec files to better reflect current release (#2331 #2328).
• Corrected english typos in source and build system.
• Switched http links to https in doc and comments where relevant. Did not touch RFC drafts.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

When I a few days ago discovered that a security problem reported against the theora library last year was still not fixed, and because I was already up to speed on Xiph development, I decided it was time to wrap up a new theora release. This new release was tagged in the Xiph gitlab theora instance Saturday. You can fetch the new release from the Theora home page.

The list of changes since The 1.2.0alpha1 release from the CHANGES file in the tarball look like this:

libteora 1.2.0beta1 (2025 March 15)

• Bumped minor SONAME versions as methods changed constness of arguments.
• Updated libogg dependency to version 1.3.4 for ogg_uint64_t.
• Updated doxygen setup.
• Updated autotools setup and support scripts (#1467 #1800 #1987 #2318 #2320).
• Added support for RISC OS.
• Fixed mingw build (#2141).
• Improved ARM support.
• Converted SCons setup to work with Python 3.
• Introduced new configure options --enable-mem-constraint and --enable-gcc-sanitizers.
• Fixed all known compiler warnings and errors from gcc and clang.
• Improved examples for stability and correctness.
• Variuos speed, bug fixes and code quality improvements.
• Fixed build problem with Visual Studio (#2317).
• Avoids undefined bit shift of signed numbers (#2321, #2322).
• Avoids example encoder crash on bogus audio input (#2305).
• Fixed musl linking issue with asm enabled (#2287).
• Fixed some broken clamping in rate control (#2229).
• Added NULL check _tc and _setup even for data packets (#2279).
• Fixed mismatched oc_mb_fill_cmapping11 signature (#2068).
• Updated the documentation for theora_encode_comment() (#726).
• Adjusted build to Only link libcompat with dump_video (#1587).
• Corrected an operator precedence error in the visualization code (#1751).
• Fixed two spelling errors in the comments (#1804).
• Avoid negative bit shift operation in huffdec.c (CVE-2024-56431).
• Improved library documentation and specification text.
• Adjusted library dependencies so libtheoraenc do not depend on libtheoradec.
• Handle fallout from CVE-2017-14633 in libvorbis, check return value in encoder_example and transcoder_example.

There are a few bugs still being investigated, and my plan is to wrap up a final 1.2.0 release two weekends from now.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.

Since my motivation boost in the beginning of the month caused me to wrap up a new release of liboggz, I have used the same boost to wrap up new editions of libfishsound, liboggplay and libkate too. These have been tagged in upstream git, but not yet published on the Xiph download location. I am waiting for someone with access to have time to move the tarballs there, I hope it will happen in a few days. The same is the case for a minor update of liboggz too.

As I was looking at Xiph packages lacking updates, it occurred to me that there are packages in Debian that have not received a new upload in a long time. Looking for a way to identify them, I came across the ltnu script from the devscripts package. It can sort by last update, packages maintained by a single user/group, and is useful to figure out which packages a single maintainer should have a look at. But I wanted a archive wide summary. Based on the UDD SQL query used by ltnu, I ended up with the following command:

#!/bin/sh
env PGPASSWORD=udd-mirror psql --host=udd-mirror.debian.net --user=udd-mirror udd --command="
select source,
       max(version) as ver,
       max(date) as uploaded
from upload_history
where distribution='unstable' and
      source in (select source
                 from sources
                 where release='sid')
group by source
order by max(date) asc
limit 50;"

This will sort all source packages in Debian by upload date, and list the 50 oldest ones. The end result is a list of packages I suspect could use some attention:

           source            |           ver           |        uploaded        
-----------------------------+-------------------------+------------------------
 xserver-xorg-video-ivtvdev  | 1.1.2-1                 | 2011-02-09 22:26:27+00
 dynamite                    | 0.1.1-2                 | 2011-04-30 16:47:20+00
 xkbind                      | 2010.05.20-1            | 2011-05-02 22:48:05+00
 libspctag                   | 0.2-1                   | 2011-09-22 18:47:07+00
 gromit                      | 20041213-9              | 2011-11-13 21:02:56+00
 s3switch                    | 0.1-1                   | 2011-11-22 15:47:40+00
 cd5                         | 0.1-3                   | 2011-12-07 21:19:05+00
 xserver-xorg-video-glide    | 1.2.0-1                 | 2011-12-30 16:50:48+00
 blahtexml                   | 0.9-1.1                 | 2012-04-25 11:32:11+00
 aggregate                   | 1.6-7                   | 2012-05-01 00:47:11+00
 rtfilter                    | 1.1-4                   | 2012-05-11 12:50:00+00
 sic                         | 1.1-5                   | 2012-05-11 19:10:31+00
 kbdd                        | 0.6-4                   | 2012-05-12 07:33:32+00
 logtop                      | 0.4.3-1                 | 2012-06-05 23:04:20+00
 gbemol                      | 0.3.2-2                 | 2012-06-26 17:03:11+00
 pidgin-mra                  | 20100304-1              | 2012-06-29 23:07:41+00
 mumudvb                     | 1.7.1-1                 | 2012-06-30 09:12:14+00
 libdr-sundown-perl          | 0.02-1                  | 2012-08-18 10:00:07+00
 ztex-bmp                    | 20120314-2              | 2012-08-18 19:47:55+00
 display-dhammapada          | 1.0-0.1                 | 2012-12-19 12:02:32+00
 eot-utils                   | 1.1-1                   | 2013-02-19 17:02:28+00
 multiwatch                  | 1.0.0-rc1+really1.0.0-1 | 2013-02-19 17:02:35+00
 pidgin-latex                | 1.5.0-1                 | 2013-04-04 15:03:43+00
 libkeepalive                | 0.2-1                   | 2013-04-08 22:00:07+00
 dfu-programmer              | 0.6.1-1                 | 2013-04-23 13:32:32+00
 libb64                      | 1.2-3                   | 2013-05-05 21:04:51+00
 i810switch                  | 0.6.5-7.1               | 2013-05-10 13:03:18+00
 premake4                    | 4.3+repack1-2           | 2013-05-31 12:48:51+00
 unagi                       | 0.3.4-1                 | 2013-06-05 11:19:32+00
 mod-vhost-ldap              | 2.4.0-1                 | 2013-07-12 07:19:00+00
 libapache2-mod-ldap-userdir | 1.1.19-2.1              | 2013-07-12 21:22:48+00
 w9wm                        | 0.4.2-8                 | 2013-07-18 11:49:10+00
 vish                        | 0.0.20130812-1          | 2013-08-12 21:10:37+00
 xfishtank                   | 2.5-1                   | 2013-08-20 17:34:06+00
 wap-wml-tools               | 0.0.4-7                 | 2013-08-21 16:19:10+00
 ttysnoop                    | 0.12d-6                 | 2013-08-24 17:33:09+00
 libkaz                      | 1.21-2                  | 2013-09-02 16:00:10+00
 rarpd                       | 0.981107-9              | 2013-09-02 19:48:24+00
 libimager-qrcode-perl       | 0.033-1.2               | 2013-09-04 21:06:31+00
 dov4l                       | 0.9+repack-1            | 2013-09-22 19:33:25+00
 textdraw                    | 0.2+ds-0+nmu1           | 2013-10-07 21:25:03+00
 gzrt                        | 0.8-1                   | 2013-10-08 06:33:13+00
 away                        | 0.9.5+ds-0+nmu2         | 2013-10-25 01:18:18+00
 jshon                       | 20131010-1              | 2013-11-30 00:00:11+00
 libstar-parser-perl         | 0.59-4                  | 2013-12-23 21:50:43+00
 gcal                        | 3.6.3-3                 | 2013-12-29 18:33:29+00
 fonts-larabie               | 1:20011216-5            | 2014-01-02 21:20:49+00
 ccd2iso                     | 0.3-4                   | 2014-01-28 06:33:35+00
 kerneltop                   | 0.91-1                  | 2014-02-04 12:03:30+00
 vera++                      | 1.2.1-2                 | 2014-02-04 21:21:37+00
(50 rows)

So there are 8 packages last uploaded to unstable in 2011, 12 packages in 2012 and 26 packages in 2013. I suspect their maintainers need help and we should all offer our assistance. I already contacted two of them and hope the rest of the Debian community will chip in to help too. We should ensure any Debian specific patches are passed upstream if they still exist, that the package is brought up to speed with the latest Debian policy, as well as ensure the source can built with the current compiler set in Debian.

As usual, if you use Bitcoin and want to show your support of my activities, please send Bitcoin donations to my address 15oWEoG9dUPovwmUL9KWAnYRtNJEkP1u1b.