05 Jul 2025
Planet Debian
Sergio Cipriano: How I finally tracked my Debian uploads correctly
How I finally tracked my Debian uploads correctly
A long time ago, I became aware of UDD (Ultimate Debian Database), which gathers various Debian data into a single SQL database.
At that time, we were trying to do something simple: list the contributions (package uploads) of our local community, Debian BrasÃlia. We ended up with a script that counted uploads to unstable and experimental.
I was never satisfied with the final result because some uploads were always missing. Here is an example:
debci (3.0) experimental; urgency=medium
...
[ Sergio de almeida cipriano Junior ]
* Fix Style/GlovalVars issue
* Rename blacklist to rejectlist
...
I made changes in debci 3.0, but the upload was done by someone else. This kind of contribution cannot be tracked by that script.
Then, a few years ago, I learned about Minechangelogs, which allows us to search through the changelogs of all Debian packages currently published.
Today, I decided to explore how this was done, since I couldn't find anything useful for that kind of query in UDD's tables.
That's when I came across ProjectB. It was my first time hearing about it. ProjectB is a database that stores all the metadata about the packages in the Debian archive, including the changelogs of those packages.
Now that I'm a Debian Developer, I have access to this database. If you also have access and want to try some queries, you can do this:
$ ssh <username>@mirror.ftp-master.debian.org -N -L 15434:danzi.debian.org:5435
$ psql postgresql://guest@localhost:15434/projectb?sslmode=allow
In the end, it finally solved my problem.
Using the code below, with UDD, I get 38 uploads:
import psycopg2
contributor = 'almeida cipriano'
try:
connection = psycopg2.connect(
user="udd-mirror",
password="udd-mirror",
host="udd-mirror.debian.net",
port="5432",
database="udd"
)
cursor = connection.cursor()
query = f"SELECT source,version,date,distribution,signed_by_name \
FROM public.upload_history \
WHERE changed_by_name ILIKE '%{contributor}%' \
ORDER BY date;"
cursor.execute(query)
records = cursor.fetchall()
print(f"I have {len(records)} uploads.")
cursor.close()
connection.close()
except (Exception, psycopg2.Error) as error:
print("Error while fetching data from PostgreSQL", error)
Using the code bellow, with ProjectB, I get 43 uploads (the correct amount):
import psycopg2
contributor = 'almeida cipriano'
try:
# SSH tunnel is required to access the database:
# ssh <username>@mirror.ftp-master.debian.org -N -L 15434:danzi.debian.org:5435
connection = psycopg2.connect(
user="guest",
host="localhost",
port="15434",
database="projectb",
sslmode="allow"
)
connection.set_client_encoding('UTF8')
cursor = connection.cursor()
query = f"SELECT c.source, c.version, c.changedby \
FROM changes c \
JOIN changelogs ch ON ch.id = c.changelog_id \
WHERE c.source != 'debian-keyring' \
AND (\
ch.changelog ILIKE '%{contributor}%' \
OR c.changedby ILIKE '%{contributor}%' \
)\
ORDER BY c.seen;"
cursor.execute(query)
records = cursor.fetchall()
print(f"I have {len(records)} uploads.")
cursor.close()
connection.close()
except (Exception, psycopg2.Error) as error:
print("Error while fetching data from PostgreSQL", error)
It feels good to finally solve this itch I've had for years.
05 Jul 2025 1:28pm GMT
04 Jul 2025
Planet Debian
Russell Coker: Function Keys
For at least 12 years laptops have been defaulting to not having the traditional PC 101 key keyboard function key functionality and instead have had other functions like controlling the volume and have had a key labelled Fn to toggle the functions. It's been a BIOS option to control whether traditional function keys or controls for volume etc are the default and for at least 12 years I've configured all my laptops to have the traditional function keys as the default.
Recently I've been working in corporate IT and having exposure to many laptops with the default BIOS settings for those keys to change volume etc and no reasonable option for addressing it. This has made me reconsider the options for configuring these things.
Here's a page listing the standard uses of function keys [1]. Here is a summary of the relevant part of that page:
- F1 key launches help doesn't seem to get much use. The main help option in practice is Google (I anticipate controversy about this and welcome comments) and all the software vendors are investigating LLM options for help which probably won't involve F1.
- F2 is for renaming files but doesn't get much use. Probably most people who use graphical file managers use the right mouse button for it. I use it when sorting a selection of photos.
- F3 is for launching a search (which is CTRL-F in most programs).
- ALT-F4 is for closing a window which gets some use, although for me the windows I close are web browsers (via CTRL-W) and terminals (via CTRL-D).
- F5 is for reloading a page which is used a lot in web browsers.
- F6 moves the input focus to the URL field of a web browser.
- F8 is for moving a file which in the degenerate case covers the rename functionality of F2.
- F11 is for full-screen mode in browsers which is sometimes handy.
The keys F1, F3, F4, F7, F9, F10, and F12 don't get much use for me and for the people I observe. The F2 and F8 keys aren't useful in most programs, F6 is only really used in web browsers - but the web browser counts as "most programs" nowadays.
Here's the description of Thinkpad Fn keys [2]. I use Thinkpads for fun and Dell laptops for work, so it would be nice if they both worked in similar ways but of course they don't. Dell doesn't document how their Fn keys are laid out, but the relevant bit is that F1 to F4 are the same as on Thinkpads which is convenient as they are the ones that are likely to be commonly used and needed in a hurry.
I have used the KDE settings on my Thinkpad to map the function F1 to F3 keys to the Fn equivalents which are F1 to mute-audio, F2 for vol-down, and F3 for vol-up to allow using them without holding down the Fn key while having other function keys such as F5 and F6 have their usual GUI functionality. Now I have to could train myself to use F8 in situations where I usually use F2, at least when using a laptop.
The only other Fn combinations I use are F5 and F6 for controlling screen brightness, but that's not something I use much.
It's annoying that the laptop manufacturers forced me to this. Having a Fn key to get extra functions and not need 101+ keys on a laptop size device is a reasonable design choice. But they could have done away with the PrintScreen key to make space for something else. Also for Thinkpads a touch pad is something that could obviously be removed to gain some extra space as the Trackpoint does all that's needed in that regard.
04 Jul 2025 11:44am GMT
Sahil Dhiman: Secondary Authoritative Name Server Options for Self-Hosted Domains
In the past few months, I have moved authoritative name servers (NS) of two of my domains (sahilister.net and sahil.rocks) in house using PowerDNS. Subdomains of sahilister.net see roughly 320,000 hits/day across my IN and DE mirror nodes, so adding secondary name servers with good availability (in addition to my own) servers was one of my first priorities.
I explored the following options for my secondary NS, which also didn't cost me anything:
1984 Hosting
- 1984 Hosting Company FreeDNS.
- Hosting provider from Iceland.
- AXFR over IPv4 only.
- Following secondaries are offered:
- Not all of NS support IPv6.
- Personally, I use ns1.1984.is which is hosted by Netnod, one of 13 root name servers and .SE ccTLD operator.
- Same infrastructure serves 1984.hosting as well.
Hurriance Electric
- Hurricane Electric Free DNS Hosting.
- One has to delegate NS towards one or more of ns[1-5]he.net to verify ownership. It does lead to a minor lame server period between NS addition and first zone transfer.
- Supports TSIG and DNSSEC pre-signed zones.
- Following secondaries are offered:
- The service went down when he.net domain was put on hold. NANOG thread and Hurricane Electric's response there. Better not depend on just one external provider.
- Same infrastructure serves he.net as well.
Afraid.org
- FreeDNS at Afraid.org.
- Backup DNS option on left side menu on their website.
- Following secondary offered:
Puck
- PUCK Free Secondary DNS service.
- One person show, been long-standing though there seems to be manual approval of each account, which did take some time.
- Following secondary offered:
NS-Global
- NS-Global DNS Service.
- From FAQ, anycast with 16 POP, including 1 POP in Tokyo.
- Kenneth Finnegan's blog post carries how this came to be. Same person who also pulled off the Fremont Cabal Internet Exchange and MicroMirror CDN project.
- Following secondary is offered:
- ns-global.kjsl.com uses Afraid.org, Puck and their NS for their own zone.
Asking friends
Two of my friends and fellow mirror hosts have their own authoritative name server setup, Shrirang (ie albony) and Luke. Shirang gave me another POP in IN and through Luke (who does have an insane amount of in-house NS, see dig ns jing.rocks +short
), I added a JP POP.
If we know each other, I would be glad to host a secondary NS for you in (IN and/or DE locations).
Some notes
-
Adding a third-party secondary is putting trust that the third party would serve your zone right.
-
Hurricane Electric and 1984 hosting provide multiple NS. One can use some or all of them. Ideally, you can get away with just using your own with full set from any of these two. Play around with adding and removing secondaries, which gives you the best results. . Using everyone is anyhow overkill, unless you have specific reasons for it.
-
Moving NS in-house isn't that hard. Though, be prepared to get it wrong a few times (and some more). I have already faced partial outages because:
- Recursive resolvers (RR) in the wild behave in a weird way and cache the wrong NS response for longer time than in TTL.
- NS expiry took more than time. 2 out of 3 of my Netim's NS (my domain registrar) had stopped serving my domain, while RRs in the wild hadn't picked up my new in-house NS. I couldn't really do anything about it, though.
- Dot is pretty important at the end.
- With HE.net, I forgot to delegate my domain on their panel and just added in my NS set, thinking I've already done so (which I did but for another domain), leading to a lame server situation.
-
In terms of serving traffic, there's no distinction between primary and secondary NS. RR don't really care who they're asking the query to. So one can have hidden primary too.
-
I initially thought of adding periodic RIPE Atlas measurements from the global set but thought against it as I already host a termux mirror, which brings in thousands of queries from around the world leading to a diverse set of RRs querying my domain already.
-
In most cases, query resolution time would increase with out of zone NS servers (which most likely would be in external secondary). 1 query vs. 2 queries. Pay close attention to ADDITIONAL SECTION Shrirang's case followed by mine:
$ dig ns albony.in
; <<>> DiG 9.18.36 <<>> ns albony.in
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 60525
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 9
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;albony.in. IN NS
;; ANSWER SECTION:
albony.in. 1049 IN NS ns3.albony.in.
albony.in. 1049 IN NS ns4.albony.in.
albony.in. 1049 IN NS ns2.albony.in.
albony.in. 1049 IN NS ns1.albony.in.
;; ADDITIONAL SECTION:
ns3.albony.in. 1049 IN AAAA 2a14:3f87:f002:7::a
ns1.albony.in. 1049 IN A 82.180.145.196
ns2.albony.in. 1049 IN AAAA 2403:44c0:1:4::2
ns4.albony.in. 1049 IN A 45.64.190.62
ns2.albony.in. 1049 IN A 103.77.111.150
ns1.albony.in. 1049 IN AAAA 2400:d321:2191:8363::1
ns3.albony.in. 1049 IN A 45.90.187.14
ns4.albony.in. 1049 IN AAAA 2402:c4c0:1:10::2
;; Query time: 29 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jul 04 07:57:01 IST 2025
;; MSG SIZE rcvd: 286
vs mine
$ dig ns sahil.rocks
; <<>> DiG 9.18.36 <<>> ns sahil.rocks
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 64497
;; flags: qr rd ra; QUERY: 1, ANSWER: 11, AUTHORITY: 0, ADDITIONAL: 1
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;sahil.rocks. IN NS
;; ANSWER SECTION:
sahil.rocks. 6385 IN NS ns5.he.net.
sahil.rocks. 6385 IN NS puck.nether.net.
sahil.rocks. 6385 IN NS colin.sahilister.net.
sahil.rocks. 6385 IN NS marvin.sahilister.net.
sahil.rocks. 6385 IN NS ns2.afraid.org.
sahil.rocks. 6385 IN NS ns4.he.net.
sahil.rocks. 6385 IN NS ns2.albony.in.
sahil.rocks. 6385 IN NS ns3.jing.rocks.
sahil.rocks. 6385 IN NS ns0.1984.is.
sahil.rocks. 6385 IN NS ns1.1984.is.
sahil.rocks. 6385 IN NS ns-global.kjsl.com.
;; Query time: 24 msec
;; SERVER: 127.0.0.53#53(127.0.0.53) (UDP)
;; WHEN: Fri Jul 04 07:57:20 IST 2025
;; MSG SIZE rcvd: 313
- Theoretically speaking, a small increase/decrease in resolution would occur based on the chosen TLD and the popularity of the TLD in query originators area (already cached vs. fresh recursion).
- One can get away with having only 3 NS (or be like Google and have 4 anycast NS or like Amazon and have 8 or like Verisign and make it 13 :P).
- Nowhere it's written, your NS needs not to be called dns* or ns1, ns2 etc. Get creative with naming NS; be deceptive with the naming :D.
- A good understanding of RR behavior can help engineer a good authoritative NS system.
Further reading
- RFC 2182: Selection and Operation of Secondary DNS Servers is a good read on what to consider while choosing secondaries.
- RFC 1537: Common DNS Operational and Configuration Errors.
- DNS Nameservers by Geoff Huston gives a good overview of how common RRs behave. Another link from the same article is Recursives in the Wild:Engineering Authoritative DNS Servers.
- DNS Nameservers: Service Platforms and Resilience by Geoff Huston.
- Looking at Centrality in the DNS by Geoff Huston.
04 Jul 2025 2:36am GMT