![[Valid RSS]](images/valid-rss-rogers.png "Valid RSS")
This is a valid RSS feed.
This feed is valid, but interoperability with the widest range of feed readers could be improved by implementing the following recommendations.
<style>
<tr style="background-color: lightgrey; font-weight:bold">
line 485, column 3: (12 occurrences) [help]
]]></content:encoded>
^
line 490, column 22: (2 occurrences) [help]
<title>Grml 2025.05 \x96 codename Nudlaug</title>
^
line 607, column 463: (9 occurrences) [help]
... ha Lobo, Tex Rubinowitz, Klaus Nüchtern,\x85).</li>
^
line 629, column 39: (7 occurrences) [help]
<description><![CDATA[We did it again\x99! Just in time, we\x92re excited to ann ...
^
<?xml version="1.0" encoding="ISO-8859-1"?><rss version="2.0" xmlns:content="http://purl.org/rss/1.0/modules/content/" xmlns:wfw="http://wellformedweb.org/CommentAPI/" xmlns:dc="http://purl.org/dc/elements/1.1/" xmlns:atom="http://www.w3.org/2005/Atom" xmlns:sy="http://purl.org/rss/1.0/modules/syndication/" xmlns:slash="http://purl.org/rss/1.0/modules/slash/" > <channel> <title>mikas blog</title> <atom:link href="https://michael-prokop.at/blog/feed/" rel="self" type="application/rss+xml" /> <link>https://michael-prokop.at/blog</link> <description>... and even if no one reads it</description> <lastBuildDate>Mon, 28 Jul 2025 18:41:12 +0000</lastBuildDate> <language>en-US</language> <sy:updatePeriod>hourly</sy:updatePeriod> <sy:updateFrequency>1</sy:updateFrequency> <generator>https://wordpress.org/?v=5.0.3</generator> <item> <title>What to expect from Debian/trixie #newintrixie</title> <link>https://michael-prokop.at/blog/2025/07/20/what-to-expect-from-debian-trixie-newintrixie/</link> <comments>https://michael-prokop.at/blog/2025/07/20/what-to-expect-from-debian-trixie-newintrixie/#comments</comments> <pubDate>Sun, 20 Jul 2025 16:32:38 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Debian]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=7024</guid> <description><![CDATA[Update on 2025-07-28: added note about Debian 13/trixie support for OpenVox (thanks, Ben Ford!) Debian v13 with codename trixie is scheduled to be published as new stable release on 9th of August 2025. I was the driving force at several of my customers to be well prepared for the upcoming stable release (my efforts for […]]]></description> <content:encoded><![CDATA[<p><a href="https://wiki.debian.org/DebianArt/Themes/Ceratopsian"><img src="/blog/img/debian_trixie_banner.png" alt="Trixie Banner, Copyright 2024 Elise Couper" style="border: 0px; margin-right: 20px" align=left width=200px /></a></p><p><strong>Update on 2025-07-28:</strong> added note about Debian 13/trixie support for OpenVox (thanks, Ben Ford!)</p><p>Debian v13 with <a href="https://wiki.debian.org/DebianTrixie">codename trixie</a> is scheduled to be published as new stable release on <a href="https://lists.debian.org/debian-devel-announce/2025/07/msg00003.html">9th of August 2025</a>.</p><p>I was the driving force at several of my customers to be well prepared for the upcoming stable release (my efforts for trixie started in August 2024). On the one hand, to make sure packages we care about are <em>available</em> and actually make it <em>into</em> the release. On the other hand, to ensure there are no severe issues that make it into the release and to get proper and working upgrades. So far everything is looking pretty well and working fine, the efforts seemed to have payed off. :)</p><p>As usual with major upgrades, there are some things to be aware of, and hereby I’m starting my public notes on trixie that might be worth for other folks. My focus is primarily on server systems and looking at things from a sysadmin perspective.</p><h3>Further readings</h3><p>As usual start at the <a href="https://www.debian.org/releases/trixie/release-notes/index.en.html">official Debian release notes</a>, make sure to especially go through <a href="https://www.debian.org/releases/trixie/release-notes/whats-new.en.html">What’s new in Debian 13</a> + <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html">issues to be aware of for trixie</a> (<strong>strongly recommended read!</strong>).</p><h3>Package versions</h3><p>As a starting point, let’s look at some selected packages and their versions in bookworm vs. trixie as of 2025-07-20 (mainly having amd64 in mind):</p><style> table { border: 1px solid; border-collapse: collapse; empty-cells: show; width: 50%; min-width: 300px; max-width: 500px; table-layout: fixed; } thead th { position: -webkit-sticky; position: sticky; top: 0; } th { background-color: #666; color: #fff; } tr { background-color: #fffbf0; color: #000; } tr:nth-child(odd) { background-color: #e4ebf2; }</style><table><thead><tr style="background-color: lightgrey; font-weight:bold"><th scope="col">Package</th><th scope="col">bookworm/v12</th><th scope="col">trixie/v13</th></tr></thead><tbody style="text-align:center"><tr><td scope="row">ansible</td><td>2.14.3</td><td>2.19.0</td></tr><tr><td scope="row">apache</td><td>2.4.62</td><td>2.4.64</td></tr><tr><td scope="row">apt</td><td>2.6.1</td><td>3.0.3</td></tr><tr><td scope="row">bash</td><td>5.2.15</td><td>5.2.37</td></tr><tr><td scope="row">ceph</td><td>16.2.11</td><td>18.2.7</td></tr><tr><td scope="row">docker</td><td>20.10.24</td><td>26.1.5</td></tr><tr><td scope="row">dovecot</td><td>2.3.19</td><td>2.4.1</td></tr><tr><td scope="row">dpkg</td><td>1.21.22</td><td>1.22.21</td></tr><tr><td scope="row">emacs</td><td>28.2</td><td>30.1</td></tr><tr><td scope="row">gcc</td><td>12.2.0</td><td>14.2.0</td></tr><tr><td scope="row">git</td><td>2.39.5</td><td>2.47.2</td></tr><tr><td scope="row">golang</td><td>1.19</td><td>1.24</td></tr><tr><td scope="row">libc</td><td>2.36</td><td>2.41</td></tr><tr><td scope="row">linux kernel</td><td>6.1</td><td>6.12</td></tr><tr><td scope="row">llvm</td><td>14.0</td><td>19.0</td></tr><tr><td scope="row">lxc</td><td>5.0.2</td><td>6.0.4</td></tr><tr><td scope="row">mariadb</td><td>10.11</td><td>11.8</td></tr><tr><td scope="row">nginx</td><td>1.22.1</td><td>1.26.3</td></tr><tr><td scope="row">nodejs</td><td>18.13</td><td>20.19</td></tr><tr><td scope="row">openjdk</td><td>17.0</td><td>21.0</td></tr><tr><td scope="row">openssh</td><td>9.2p1</td><td>10.0p1</td></tr><tr><td scope="row">openssl</td><td>3.0</td><td>3.5</td></tr><tr><td scope="row">perl</td><td>5.36.0</td><td>5.40.1</td></tr><tr><td scope="row">php</td><td>8.2+93</td><td>8.4+96</td></tr><tr><td scope="row">podman</td><td>4.3.1</td><td>5.4.2</td></tr><tr><td scope="row">postfix</td><td>3.7.11</td><td>3.10.3</td></tr><tr><td scope="row">postgres</td><td>15</td><td>17</td></tr><tr><td scope="row">puppet</td><td>7.23.0</td><td>8.10.0</td></tr><tr><td scope="row">python3</td><td>3.11.2</td><td>3.13.5</td></tr><tr><td scope="row">qemu/kvm</td><td>7.2</td><td>10.0</td></tr><tr><td scope="row">rsync</td><td>3.2.7</td><td>3.4.1</td></tr><tr><td scope="row">ruby</td><td>3.1</td><td>3.3</td></tr><tr><td scope="row">rust</td><td>1.63.0</td><td>1.85.0</td></tr><tr><td scope="row">samba</td><td>4.17.12</td><td>4.22.3</td></tr><tr><td scope="row">systemd</td><td>252.36</td><td>257.7-1</td></tr><tr><td scope="row">unattended-upgrades</td><td>2.9.1</td><td>2.12</td></tr><tr><td scope="row">util-linux</td><td>2.38.1</td><td>2.41</td></tr><tr><td scope="row">vagrant</td><td>2.3.4</td><td>2.3.7</td></tr><tr><td scope="row">vim</td><td>9.0.1378</td><td>9.1.1230</td></tr><tr><td scope="row">zsh</td><td>5.9</td><td>5.9</td></tr></tbody></table><h3>Misc unsorted</h3><ul><li>The <strong>asterisk</strong> package once again didn’t make it into trixie (see <a href="https://bugs.debian.org/1031046">#1031046</a>)</li><li>The new <a href="https://packages.debian.org/trixie/debian-repro-status"><strong>debian-repro-status</strong></a> package provides the identically named command-line tool <em>debian-repro-status</em> to query the <a href="https://wiki.debian.org/ReproducibleBuilds">reproducibility status</a> of your installed Debian packages</li><li>The <a href="https://grml.org/"><strong>Grml</strong></a> live system project provided further of their packages into Debian. Available as of trixie are now also <a href="https://packages.debian.org/trixie/grml-keyring">grml-keyring</a> (OpenPGP certificates used for signing the Grml repositories), <a href="https://packages.debian.org/trixie/grml-hwinfo">grml-hwinfo</a> (a tool which collects information of the hardware ) + <a href="https://packages.debian.org/trixie/grml-paste">grml-paste</a> (command line interface for paste.debian.net)</li><li>If you use <a href="https://packages.debian.org/trixie/pacemaker"><strong>pacemaker</strong></a>, be aware that its fence-agents package is now a transitional package. All the fence-agents got split into separate packages (<em>fence-agents-$whatever</em>). If you want to have <em>all</em> the fence-agents available, make sure to install the <a href="https://packages.debian.org/trixie/fence-agents-all">fence-agents-all</a> package. If you have Recommends disabled, you <em>definitely</em> should be aware of this.</li><li><a href="https://wiki.debian.org/UsrMerge">usrmerge</a> is finalized (also see <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#dpkg-warning-unable-to-delete-old-directory">dpkg warning issue in release notes</a>)</li><li>For an overview of the <strong>XMPP/Jabber</strong> situation in trixie see <a href="https://xmpp-team.pages.debian.net/blog/2025/05/xmpp-debian-13-trixie-news.html">xmpp-team’s blog post</a></li><li>The <a href="https://packages.debian.org/trixie/curl">curl package</a> now includes the <a href="https://manpages.debian.org/testing/curl/wcurl.1"><strong>wcurl</strong></a> command line tool, being a simple wrapper around curl to easily download files</li></ul><h3>apt</h3><p>The new <a href="https://packages.debian.org/trixie/apt">apt</a> version 3.0 brings <a href="https://lwn.net/Articles/1017315/">several new features</a>, including:</p><ul><li><strong>support for colors</strong> (f.e. green for installs/upgrades, yellow for downgrades, red for removals, can be disabled via <em>‐‐no-color</em>, <em>APT_NO_COLOR=1</em> or <em>NO_COLOR=1</em> and customized via e.g. <em>APT::Color::Action::Install “cyan”</em>) </li><li>organizes output in <strong>more readable</strong> sections and shows removals more prominently</li><li>uses <a href="https://salsa.debian.org/apt-team/apt/-/commit/da9a05e0b0b2150dbb67090e8b0c3922e46bd5cf"><strong>sequoia</strong> to verify signatures</a></li><li>includes a new <a href="https://salsa.debian.org/apt-team/apt/-/commit/89dcc342e17dd2439d97a5d27200cf5c26ba35bc"><strong>solver</strong></a></li><li>the new <em>apt <strong>modernize-sources</strong></em> command converts /etc/apt/sources.list.d/*.list files into the new .sources format (<abbr title="Also Known As">AKA</abbr> <a href="https://manpages.debian.org/testing/apt/sources.list.5.en.html#DEB822-STYLE_FORMAT">DEB822</a>)</li><li>the new <em>apt <strong>distclean</strong></em> command removes all files under $statedir/lists except Release, Release.gpg, and InRelease (it can be used for example, when finalizing images distributed to users)</li><li>new configuration option <em>APT::NeverAutoRemove::<strong>KernelCount</strong></em> for keeping a configurable amount of kernels, f.e. setting <em>APT::NeverAutoRemove::KernelCount 3</em> will keep 3 kernels (including the running, and most recent)</li><li>new command line option <em><strong></strong><strong>‐‐snapshot</strong></em>, and configuration option <em>APT::Snapshot</em>, controlling the snapshot chosen for archives with <em>Snapshot: enable</em></li><li>new command line option <em><strong>‐‐update</strong></em> to run the update command before the specified command, like <em>apt ‐‐update install zsh</em>,<br /><em>apt ‐‐update remove foobar</em> or <em>apt ‐‐update safe-upgrade</em></li><li><strong>apt-key is gone</strong>, and there’s no replacement for it available (if you need an interface for listing present keys)</li></ul><h3>systemd</h3><p>systemd got upgraded from v252.36-1~deb12u1 to 257.7-1 and there are <a href="https://salsa.debian.org/systemd-team/systemd/-/blob/61144ff7a6747bd3cc6340fbac38a8e15e9a239b/NEWS">lots of changes</a>.</p><p>Be aware that systemd v257 has a <a href="https://manpages.debian.org/testing/systemd/systemd.net-naming-scheme.7.en.html#HISTORY">new net.naming_scheme</a>, v257 being <em>PCI slot number is now read from firmware_node/sun sysfs file. The naming scheme based on devicetree aliases was extended to support aliases for individual interfaces of controllers with multiple ports.</em> This <em>might</em> affect you, see e.g. <a href="https://bugs.debian.org/1092176">#1092176</a> and <a href="https://bugs.debian.org/1107187">#1107187</a>, the <a href="https://wiki.debian.org/NetworkInterfaceNames">Debian Wiki provides further useful information</a>.</p><p>There are <strong>new systemd tools</strong> available:</p><ul><li><a href="https://manpages.debian.org/testing/systemd/run0.1">run0</a>: temporarily and interactively acquire elevated or different privileges (serves a similar purpose as sudo)</li><li><a href="https://manpages.debian.org/testing/systemd/systemd-ac-power.1">systemd-ac-power</a>: Report whether we are connected to an external power source</li><li><a href="https://manpages.debian.org/testing/systemd/systemd-confext.8">systemd-confext</a>: Activates System Extension Images</li><li><a href="https://manpages.debian.org/testing/systemd/systemd-vpick.1">systemd-vpick</a>: Resolve paths to ‘.v/’ versioned directories</li><li><a href="https://manpages.debian.org/testing/systemd/varlinkctl.1">varlinkctl</a>: Introspect with and invoke Varlink services</li></ul><p>The tools provided by systemd gained several new options:</p><ul><li>busctl: new option ‐‐limit‐messages=NUMBER (Stop monitoring after receiving the specified number of message)</li><li>hostnamectl: new option ‐j (same as ‐‐json=pretty on tty, ‐‐json=short otherwise)</li><li><strong>journalctl</strong>: new options ‐‐image‐policy=POLICY (Specify disk image dissection policy), ‐‐invocation=ID (Show logs from the matching invocation ID), ‐I (Show logs from the latest invocation of unit), ‐‐exclude-identifier=STRING (Hide entries with the specified syslog identifier),‐‐truncate-newline (Truncate entries by first newline character), ‐‐list-invocations (Show invocation IDs of specified unit), ‐‐list-namespaces (Show list of journal namespaces)</li><li><strong>kernel-install</strong>: new commands add‐all + list and <a href="https://manpages.debian.org/testing/systemd/kernel-install.8">plenty of new command line options</a></li><li>localectl: new option ‐‐full (Do not ellipsize output)</li><li>loginctl: new options ‐‐json=MODE (Generate JSON output for list-sessions/users/seats) + ‐j (Same as ‐‐json=pretty on tty, ‐‐json=short otherwise)</li><li><strong>networkctl</strong>: new commands <em>edit FILES|DEVICES…</em> (Edit network configuration files), <em>cat [FILES|DEVICES…]</em> (Show network configuration files), <em>mask FILES… </em> (Mask network configuration files) + <em>unmask FILES…</em> (Unmask network configuration files) + persistent-storage BOOL (Notify systemd-networkd if persistent storage is ready), and new options ‐‐no-ask-password (Do not prompt for password), ‐‐no-reload (Do not reload systemd-networkd or systemd-udevd after editing network config), ‐‐drop-in=NAME (Edit specified drop-in instead of main config file), ‐‐runtime (Edit runtime config files) + ‐‐stdin (Read new contents of edited file from stdin)</li><li><strong>systemctl</strong>” new commands <em>list-paths [PATTERN]</em> (List path units currently in memory, ordered by path), <em>whoami [PID…]</em> (Return unit caller or specified PIDs are part of), <em>soft-reboot</em> (Shut down and reboot userspace) + <em>sleep</em> (Put the system to sleep), and new options ‐‐capsule=NAME (Connect to service manager of specified capsule), ‐‐before (Show units ordered before with ‘list-dependencies’), ‐‐after (Show units ordered after with ‘list-dependencies’), ‐‐kill-value=INT (Signal value to enqueue), ‐‐no-warn (Suppress several warnings shown by default), ‐‐message=MESSAGE (Specify human readable reason for system shutdown), ‐‐image‐policy=POLICY (Specify disk image dissection policy), ‐‐reboot‐argument=ARG (Specify argument string to pass to reboot()), ‐‐drop-in=NAME (Edit unit files using the specified drop-in file name), ‐‐when=TIME (Schedule halt/power-off/reboot/kexec action after a certain timestamp) + ‐‐stdin (Read<br />new contents of edited file from stdin)</li><li><strong>systemd-analyze</strong>” new commands <em>architectures [NAME…]</em> (List known architectures), <em>smbios11</em> (List strings passed via SMBIOS Type #11), <em>image-policy POLICY…</em> (Analyze image policy string), <em>fdstore SERVICE…</em> (Show file descriptor store contents of service), <em>malloc [D-BUS SERVICE…]</em> (Dump malloc stats of a D-Bus service), <em>has-tpm2</em> (Report whether TPM2 support is available), <em>pcrs [PCR…]</em> (Show TPM2 PCRs and their names) + <em>srk [>FILE]</em> (Write TPM2 SRK (to FILE)) and new options ‐‐no-legend (Disable column headers and hints in plot with either ‐‐table or ‐‐json=), ‐‐instance=NAME (Specify fallback instance name for template units), ‐‐unit=UNIT (Evaluate conditions and asserts of unit), ‐‐table (Output plot’s raw time data as a table), ‐‐scale-svg=FACTOR (Stretch x-axis of plot by FACTOR (default: 1.0)), ‐‐detailed (Add more details to SVG plot), ‐‐tldr (Skip comments and empty lines), ‐‐image<br />-policy=POLICY (Specify disk image dissection policy) + ‐‐mask (Parse parameter as numeric capability mask)</li><li>systemd-ask-password: new options ‐‐user (Ask only our own user’s agents) + ‐‐system (Ask agents of the system and of all users)</li><li>systemd-cat: new option ‐‐namespace=NAMESPACE (Connect to specified journal namespace)</li><li>systemd-creds: new options ‐‐user (Select user-scoped credential encryption), ‐‐uid=UID (Select user for scoped credentials) + ‐‐allow-null (Allow decrypting credentials with empty key)</li><li>systemd-detect-virt: new options ‐‐cvm (Only detect whether we are run in a confidential VM) + ‐‐list-cvm (List all known and detectable types of confidential virtualization)</li><li>systemd-firstboot: new options ‐‐image-policy=POLICY (Specify disk image dissection policy), ‐‐kernel-command-line=CMDLINE (Set kernel command line) + ‐‐reset (Remove existing files)</li><li>systemd-id128: new commands var-partition-uuid (Print the UUID for the /var/ partition) + show [NAME|UUID] (Print one or more UUIDs), and new options ‐‐no-pager (Do not pipe output into a pager), ‐‐no-legend (Do not show the headers and footers), ‐‐json=FORMAT (Output inspection data in JSON), ‐j (Equivalent to ‐‐json=pretty (on TTY) or ‐‐json=short (otherwise)) + ‐P ‐‐value (Only print the value)</li><li>systemd-inhibit: new option ‐‐no-ask-password (Do not attempt interactive authorization)</li><li>systemd-machine-id-setup: new option ‐‐image-policy=POLICY (Specify disk image dissection policy)</li><li>systemd-mount: new options ‐‐json=pretty|short|off (Generate JSON output) + ‐‐tmpfs (Create a new tmpfs on the mount point)</li><li>systemd-notify: new options ‐‐reloading (Inform the service manager about configuration reloading), ‐‐stopping (Inform the service manager about service shutdown), ‐‐exec (Execute command line separated by ‘;’ once done), ‐‐fd=FD (Pass specified file descriptor with along with message) + ‐‐fdname=NAME (Name to assign to passed file descriptor(s))</li><li>systemd-path: new option ‐‐no-pager (Do not pipe output into a pager)</li><li>systemd-run: new options ‐‐expand-environment=BOOL (Control expansion of environment variables), ‐‐json=pretty|short|off (Print unit name and invocation id as JSON), ‐‐ignore-failure (Ignore the exit status of the invoked process) + ‐‐background=COLOR (Set ANSI color for background)</li><li>systemd-sysext: new options ‐‐mutable=yes|no|auto|import|ephemeral|ephemeral-import (Specify a mutability mode of the merged hierarchy), ‐‐no-reload (Do not reload the service manager), ‐‐image-policy=POLICY (Specify disk image dissection policy) + ‐‐noexec=BOOL (Whether to mount extension overlay with noexec)</li><li>systemd-sysusers: new options ‐‐tldr (Show non-comment parts of configuration) + ‐‐image-policy=POLICY (Specify disk image dissection policy)</li><li>systemd-tmpfiles: new command <em>‐‐purge</em>(Delete files and directories marked for creation in specified configuration files (careful!)), and new options ‐‐user (Execute user configuration), ‐‐tldr (Show non-comment parts of configuration files), ‐‐graceful (Quietly ignore unknown users or groups), ‐‐image-policy=POLICY (Specify disk image dissection policy) + ‐‐dry-run (Just print what would be done)</li><li>systemd-umount: new options ‐‐json=pretty|short|off (Generate JSON output) + ‐‐tmpfs (Create a new tmpfs on the mount point)</li><li><strong>timedatectl</strong>: new commands <em>ntp-servers INTERFACE SERVER</em> (Set the interface specific NTP servers) + <em>revert INTERFACE</em> (Revert the interface specific NTP servers) and new option ‐P NAME (Equivalent to ‐‐value ‐‐property=NAME)</li></ul><p>Debian’s systemd ships new binary packages:</p><ul><li>systemd-boot-efi-amd64-signed (Tools to manage UEFI firmware updates (signed))</li><li>systemd-boot-tools (simple UEFI boot manager – tools)</li><li>systemd-cryptsetup (Provides cryptsetup, integritysetup and veritysetup utilities)</li><li>systemd-netlogd (journal message forwarder)</li><li>systemd-repart (Provides the systemd-repart and systemd-sbsign utilities)</li><li>systemd-standalone-shutdown (standalone shutdown binary for use in exitrds)</li><li>systemd-ukify (tool to build Unified Kernel Images)</li></ul><h3>Linux Kernel</h3><p>The trixie release ships a Linux kernel based on latest longterm version <strong>6.12</strong>. As usual there are lots of changes in the kernel area, including better hardware support, and this might warrant a separate blog entry. To highlight some changes with Debian trixie:</p><ul><li>New Debian package <a href="https://packages.debian.org/trixie/linux-bpf-dev">linux-bpf-dev</a>, providing the header file for BPF CO-RE builds</li><li>New Debian package <a href="https://packages.debian.org/trixie/intel-sdsi">intel-sdsi</a>, Intel On Demand (SDSi) provisioning tool</li><li>New Debian package <a href="https://packages.debian.org/trixie/virtme-ng">virtme-ng</a>, providing helper scripts to easily test a Linux kernel on a QEMU VM</li><li>The kernel modules are installed xz compressed</li><li>Several new syscalls, like <a href="https://github.com/torvalds/linux/commit/cf264e1329fb0307e044f7675849f9f38b44c11a">cachestat</a>, <a href="https://github.com/torvalds/linux/commit/78252deb023cf0879256fcfbafe37022c390762b">fchmodat2</a>, <a href="https://github.com/torvalds/linux/commit/9f6c532f59b20580acf8ede9409c9b8dce6e74e1">futex_wake</a>, <a href="https://github.com/torvalds/linux/commit/cb8c4312afca1b2dc64107e7e7cea81911055612">futex_wait</a>, <a href="https://github.com/torvalds/linux/commit/0f4b5f972216782a4acb1ae00dcb55173847c2ff">futex_requeue</a>, <a href="https://github.com/torvalds/linux/commit/b4c2bea8ceaa50cd42a8f73667389d801a3ecf2d">listmount</a>, <a href="https://github.com/torvalds/linux/commit/46eae99ef73302f9fb3dddcd67c374b3dffe8fd6">statmount</a>, <a href="https://github.com/torvalds/linux/commit/063a7ce32ddc2c4f2404b0dfd29e60e3dbcdffac">lsm_get_self_attr/lsm_set_self_attr/lsm_list_modules/</a>, <a href="https://github.com/torvalds/linux/commit/ff388fe5c481d39cc0a5940d1ad46f7920f1d646">mseal</a> + <a href="https://github.com/torvalds/linux/commit/6140be90ec70c39fa844741ca3cc807dd0866394">setxattrat/getxattrat/listxattrat/removexattrat</a></li><li><a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=a430d95c5efa">New Integrity Policy Enforcement (IPE) LSM</a></li><li><a href="https://github.com/axboe/liburing/wiki/What's-new-with-io_uring-in-6.11-and-6.12">Plenty of changes in io_uring, including support for bind/listen</a></li><li><a href="https://github.com/torvalds/linux/commit/171754c3808214d4fd8843eab584599a429deb52">support devices with a block size larger than system page sizes in the XFS filesystem + VFS</a></li><li>ntfs driver was replaced by <a href="https://github.com/torvalds/linux/commit/f7464060f7ab9a2424428008f0ee9f1e267e410f">ntfs3</a></li><li><a href="https://github.com/torvalds/linux/commit/e331673ad68e47a926bc34aaeca926a57a779cf0">Device Memory TCP for faster network device transfers</a></li><li><a href="https://github.com/torvalds/linux/commit/0f223813edd051a516ec4b1fc23b1fdc00dd3b6d">Support for ‘perf ftrace profile’</a></li><li><a href="https://lwn.net/Articles/974578/">support for atomic write operations in the block layer</a></li><li><a href="https://lwn.net/Articles/932060/">FUSE pass-through for file I/O</a></li><li><a href="https://github.com/torvalds/linux/commit/ed5cc702d311c14b653323d76062b0294effa66e">ability to prevent writes to block devices containing mounted filesystems</a></li><li><a href="https://lwn.net/Articles/955709/">support for data-type profiling in the perf tool</a></li><li><a href="https://lwn.net/Articles/949277/">Guest-first memory for KVM</a></li><li><a href="https://git.kernel.org/pub/scm/linux/kernel/git/torvalds/linux.git/commit/?id=7fe0e38bb669">TCP Authentication Option Linux implementation</a> [<a href="https://datatracker.ietf.org/doc/rfc5925/">RFC5925</a>]</li><li><a href="https://lwn.net/Articles/934094/">mount beneath support for filesystems</a></li><li><a href="https://github.com/torvalds/linux/commit/2c6efe9cf2d7841b75fe38ed1adbd41a90f51ba0">new noswap mount option for tmpfs filesystems</a></li><li><a href="https://github.com/torvalds/linux/commit/4e1c80ae5cf458792bec9815ee77bc3851046fb8">Linux NFS server gained support for RPC-with-TLS</a> [<a href="https://datatracker.ietf.org/doc/rfc9289/">RFC 9289</a> (Towards Remote Procedure Call Encryption by Default)]</li><li><a href="https://github.com/torvalds/linux/commit/957ed5e7129f2ce85dd76e4cdce749388295467d">PLB (Protective Load Balancing) for IPv6</a> (PLB is a host based mechanism for load balancing across switch links)</li></ul><p>See <a href="https://kernelnewbies.org/LinuxChanges">Kernelnewbies.org</a> for further changes between kernel versions.</p><h3>Configuration management</h3><p>For <strong>puppet</strong> users, Debian provides the puppet-agent (v8.10.0), puppetserver (v8.7.0) and puppetdb (v8.4.1) packages. Puppet’s upstream does <em>not</em> provide packages for trixie, yet. Given <a href="https://github.com/puppetlabs/community/discussions/65">how long it took them for Debian bookworm</a>, and with their recent <a href="https://www.puppet.com/blog/open-source-puppet-updates-2025">Plans for Open Source Puppet in 2025</a>, it’s unclear <em>when</em> (and whether at all) we might get something. As a result of upstream behavior, also the <a href="https://github.com/OpenVoxProject">OpenVox</a> project evolved, and they already provide Debian 13/trixie support (<a href="https://apt.voxpupuli.org/openvox8-release-debian13.deb">https://apt.voxpupuli.org/openvox8-release-debian13.deb</a>). FYI: the <abbr title="All In One">AIO</abbr> puppet-agent package for bookworm (v7.34.0-1bookworm) so far works fine for me on Debian/trixie. Be aware that due to the apt-key removal you need a recent version of the <a href="https://github.com/puppetlabs/puppetlabs-apt">puppetlabs-apt</a> for usage with trixie. The puppetlabs-ntp module <a href="https://github.com/puppetlabs/puppetlabs-ntp/issues/730">isn’t yet ready for trixie</a> (regarding ntp/ntpsec), if you should depend on that.</p><p><strong>ansible</strong> is available and made it with version 2.19 into trixie.</p><h3>Prometheus stack</h3><p><a href="https://prometheus.io/">Prometheus server</a> was updated from v2.42.0 to v2.53, and all the exporters that got shipped with bookworm are still around (in more recent versions of course). Trixie gained some <em>new</em> exporters:</p><ul><li><a href="https://packages.debian.org/trixie/prometheus-dnsmasq-exporter">prometheus-dnsmasq-exporter</a></li><li><a href="https://packages.debian.org/trixie/prometheus-mysqlrouter-exporter">prometheus-mysqlrouter-exporter</a></li><li><a href="https://packages.debian.org/trixie/prometheus-pgbackrest-exporter">prometheus-pgbackrest-exporter</a></li><li><a href="https://packages.debian.org/trixie/prometheus-pgbouncer-exporter">prometheus-pgbouncer-exporter</a></li><li><a href="https://packages.debian.org/trixie/prometheus-phpfpm-exporter">prometheus-phpfpm-exporter</a></li></ul><h3>Virtualization</h3><p>docker (v26.1.5), ganeti (v3.1.0), libvirt (v11.3.0, be aware of <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#significant-changes-to-libvirt-packaging">significant changes to libvirt packaging</a>), lxc (v6.0.4), podman (v5.4.2), openstack (see <a href="https://salsa.debian.org/openstack-team/">openstack-team on Salsa</a>), qemu/kvm (v10.0.2), xen (v4.20.0) are all still around.</p><p><strong>Proxmox</strong> already announced their <a href="https://forum.proxmox.com/threads/proxmox-ve-9-0-beta-released.168619/">PVE 9.0 BETA</a>, being based on trixie and providing 6.14.8-1 kernel, QEMU 10.0.2, LXC 6.0.4, OpenZFS 2.3.3.</p><p><strong>Vagrant</strong> is available in version 2.3.7, but <a href="https://www.vagrantup.com/">Vagrant upstream</a> does not provide packages for trixie yet. Given that <a href="https://www.hashicorp.com/en/blog/hashicorp-adopts-business-source-license">HashiCorp adopted the <abbr title="Business Source License">BSL</abbr></a>, the <a href="https://bugs.debian.org/1049999">future of vagrant in Debian is unclear</a>.</p><p>If you’re relying on <strong>VirtualBox</strong>, be aware that <a href="https://www.virtualbox.org/wiki/Linux_Downloads">upstream doesn’t provide packages for trixie</a>, <em>yet</em>. VirtualBox is available from Debian/unstable (version 7.1.12-dfsg-1 as of 2025-07-20), but not shipped with stable release since quite some time (due to lack of cooperation from upstream on security support for older releases, see <a href="https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=794466">#794466</a>). Be aware that starting with Linux kernel 6.12, KVM initializes virtualization on module loading by default. <a href="https://forums.virtualbox.org/viewtopic.php?t=112580">This prevents VirtualBox VMs from starting</a>. In order to avoid this, either add “kvm.enable_virt_at_load=0” parameter into kernel command line or unload the corresponding kvm_intel / kvm_amd module.</p><p>If you want to use Vagrant with VirtualBox on trixie, be aware that Debian’s vagrant package as present in trixie doesn’t support the VirtualBox package version 7.1 as present in Debian/unstable (manually patching vagrant’s <a href="https://sources.debian.org/src/vagrant/2.3.7+git20230731.5fc64cde+dfsg-4/plugins/providers/virtualbox/driver/meta.rb/#L68">meta.rb</a> and rebuilding the package without <em>Breaks: virtualbox (>= 7.1)</em> is known to be working).</p><h3>util-linux</h3><p>The are plenty of new options available in the tools provided by util-linux:</p><ul><li>blkdiscard: new option ‐‐quiet (suppress warning messages)</li><li><strong>blockdev</strong>: new options ‐‐getdiskseq (get disk sequence number) + ‐‐getzonesz (get zone size)</li><li>dmesg: new option ‐‐kmsg-file … (use the file in kmsg format), new ‐‐time-format … argument ‘raw’</li><li><strong>findmnt</strong>: new options ‐‐list-columns (list the available columns), ‐‐dfi (imitate the output of df(1) with -i option), ‐‐id … (filter by mount node ID), ‐‐filter … (apply display filter) + ‐‐uniq-id … (filter by<br /> mount node 64-bit ID)</li><li>fstrim: new option -types …. (limit the set of filesystem types)</li><li>hardlink: new options ‐‐respect-dir (directory names have to be identical), ‐‐exclude-subtree … (regular expression to exclude directories), ‐‐prioritize-trees (files found in the earliest specified top-level directory have higher priority), ‐‐list-duplicates (print every group of duplicate files), ‐‐mount (stay within the same filesystem) + ‐‐zero (delimit output with NULs instead of newlines)</li><li>ipcmk: new options ‐‐posix-shmem … (create POSIX shared memory segment of size), ‐‐posix-semaphore … (create POSIX semaphore), ‐‐posix-mqueue … (create POSIX message queue) + ‐‐name … (name of the POSIX resource)</li><li>ipcrm: new options ‐‐posix-shmem … (remove POSIX shared memory segment by name), ‐‐posix-mqueue … (remove POSIX message queue by name), ‐‐posix-semaphore (remove POSIX semaphore by name) + ‐‐all=… (remove all in specified category)</li><li><strong>lsblk</strong>: new options ‐‐ct-filter … (restrict the next counter), ‐‐ct … (define a custom counter), ‐‐highlight … (colorize lines matching the expression), ‐‐list-columns (list the available columns), ‐‐nvme (output info about NVMe devices), ‐‐properties-by … (methods used to gather data), ‐‐filter … (print only lines matching the expression), ‐‐virtio (output info about virtio devices)</li><li>lscpu: new options ‐‐raw (use raw output format (for -e, -p and -C)) + ‐‐hierarchic=… (use subsections in summary (auto, never, always))</li><li>lsipc: new options ‐‐posix-shmems (POSIX shared memory segments), ‐‐posix-mqueues (POSIX message queues), ‐‐posix-semaphores (POSIX semaphores), ‐‐name … (POSIX resource identified by name)</li><li>lslocks: new option ‐‐list-columns (list the available columns)</li><li>lslogins: new option ‐‐lastlog2 … (set an alternate path for lastlog2)</li><li>lsns: new options ‐‐persistent (namespaces without processes), ‐‐filter … (apply display filter) + ‐‐list-columns (list the available columns)</li><li><strong>mkswap</strong>: new options ‐‐endianness=… (specify the endianness to use (native, little or big)), ‐‐offset … (specify the offset in the device), ‐‐size … (specify the size of a swap file in bytes) + ‐‐file (create a swap file)</li><li>namei: ‐‐context (print any security context of each file)</li><li><strong>nsenter</strong>: new options ‐‐net-socket … (enter socket’s network namespace), ‐‐user-parent (enter parent user namespace), ‐‐keep-caps (retain capabilities granted in user namespaces), ‐‐env (inherit environment variables from tar get process) + ‐‐join-cgroup (join the cgroup of the target process)</li><li>runuser: new option ‐‐no-pty (do not create a new pseudo-terminal)</li><li>setarch: new option ‐‐show=… (show current or specific personality and exit)</li><li>setpriv: new options ‐‐ptracer … (allow ptracing from the given process), ‐‐landlock-access … (add Landlock access), ‐‐landlock-rule … (add Landlock rule) + ‐‐seccomp-filter … (load seccomp filter from file)</li><li>su: new option ‐‐no-pty (do not create a new pseudo-terminal)</li><li>unshare: new option ‐‐load-interp … ( load binfmt definition in the namespace)</li><li>whereis: new option -g (interpret name as glob (pathnames pattern))</li><li>wipefs: new argument option feature for ‐‐backup=… option to specify directory (instead of default $HOME)</li><li>zramctl: new option ‐‐algorithm-params … (algorithm parameters to use)</li></ul><p>Now no longer present in util-linux as of trixie:</p><ul><li>addpart (tell the kernel about the existence of a specified partition): use partx instead</li><li>delpart (tell the kernel to forget about a specified partition): use partx instead</li><li>last (show a listing of last logged in users, binary got moved to <a href="https://packages.debian.org/trixie/wtmpdb">wtmpdb</a>), lastb (show a listing of last logged in users), mesg (control write access of other users to your terminal), utmpdump (dump UTMP and WTMP files in raw format): see <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#the-last-lastb-and-lastlog-commands-have-been-replaced">Debian release notes</a> for details</li></ul><p>The following binaries got moved from util-linux to the <a href="https://packages.debian.org/trixie/util-linux-extra">util-linux-extra package</a>:</p><ul><li>ctrlaltdel (set the function of the Ctrl-Alt-Del combination)</li><li>mkfs.bfs (make an SCO bfs filesystem)</li><li>fsck.cramfs + mkfs.cramfs (compressed ROM file system)</li><li>fsck.minix + mkfs.minix (Minix filesystem)</li><li>resizepart (tell the kernel about the new size of a partition)</li></ul><p>And the <a href="https://packages.debian.org/trixie/util-linux-extra">util-linux-extra package</a> also provides <em>new tools</em>:</p><ul><li>bits: convert bit masks from/to various formats</li><li>blkpr: manage persistent reservations on a device</li><li>coresched: manage core scheduling cookies for tasks</li><li>enosys: utility to make syscalls fail with ENOSYS </li><li>exch: atomically exchanges paths between two files</li><li>fadvise: utility to use the posix_fadvise system call</li><li>pipesz: set or examine pipe buffer sizes and optionally execute command.</li><li>waitpid: utility to wait for arbitrary processes</li></ul><h3>OpenSSH</h3><p>OpenSSH was updated from v9.2p1 to 10.0p1-5, so if you’re interested in all the changes, check out the release notes between those versions (<a href="https://www.openssh.com/txt/release-9.3">9.3</a>, <a href="https://www.openssh.com/txt/release-9.4">9.4</a>, <a href="https://www.openssh.com/txt/release-9.5">9.5</a>, <a href="https://www.openssh.com/txt/release-9.6">9.6</a>, <a href="https://www.openssh.com/txt/release-9.7">9.7</a>, <a href="https://www.openssh.com/txt/release-9.8">9.8</a>, <a href="https://www.openssh.com/txt/release-9.9">9.9</a> + <a href="https://www.openssh.com/txt/release-10.0">10.0</a>).</p><p>Let’s highlight some notable behavior changes in Debian:</p><ul><li>OpenSSH no longer supports DSA keys: see <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#openssh-no-longer-supports-dsa-keys">Debian’s release notes for further details</a></li><li>openssh-server no longer reads ~/.pam_environment: see <a href="https://www.debian.org/releases/trixie/release-notes/issues.en.html#openssh-server-no-longer-reads-pam-environment">Debian’s release notes for further details</a></li></ul><p>There are some notable new features:</p><ul><li>allow forwarding Unix Domain sockets via <em>ssh -W</em></li><li><em>OpenSSH penalty</em> behavior: visit my <a href="/blog/2025/04/13/openssh-penalty-behavior-in-debian-trixie-newintrixie/">separate blog post</a> for more details</li><li>add support for reading ED25519 private keys in PEM PKCS8 format. Previously only the OpenSSH private key format was supported.</li><li>the new hybrid post-quantum algorithm mlkem768x25519-sha256 (based on the <a href="https://csrc.nist.gov/pubs/fips/203/final">FIPS 203 Module-Lattice Key Encapsulation mechanism</a> (ML-KEM) combined with X25519 ECDH) is now used by default for key agreement. This algorithm is considered to be safe against attack by quantum computers, is guaranteed to be no less strong than the popular curve25519-sha256 algorithm, has been standardised by NIST and is considerably faster than the previous default.</li><li>the ssh-agent will now delete all loaded keys when signaled with SIGUSR1. This allows deletion of keys without having access to $SSH_AUTH_SOCK.</li><li>support systemd-style socket activation in ssh-agent using the LISTEN_PID/LISTEN_FDS mechanism. Activated when these environment variables are set, the agent is started with the -d or -D option and no socket path is set.</li><li>add a <em>sshd -G</em> option that parses and prints the effective configuration without attempting to load private keys and perform other checks. (This allows usage of the option before keys have been generated and for configuration evaluation and verification by unprivileged users.)</li><li>add support for configuration <a href="https://manpages.debian.org/testing/openssh-client/ssh_config.5#Tag">tags</a> to ssh(1). This adds a ssh_config(5) “Tag” directive and corresponding “Match tag” predicate that may be used to select blocks of configuration.</li><li>add a “<a href="https://manpages.debian.org/testing/openssh-client/ssh_config.5#Match">match localnetwork</a>” predicate. This allows matching on the addresses of available network interfaces and may be used to vary the effective client configuration based on network location.</li><li>add a <a href="https://manpages.debian.org/testing/openssh-client/ssh_config.5#TOKENS#TOKENS">%j token</a> that expands to the configured ProxyJump hostname</li><li>add support for “Match sessiontype” to ssh_config. Allows matching on the type of session initially requested, either “shell” for interactive sessions, “exec” for command execution sessions, “subsystem” for subsystem requests, such as sftp, or “none” for transport/forwarding-only sessions.</li><li>allow <a href="https://manpages.debian.org/testing/manpages-dev/glob.3">glob(3)</a> patterns to be used in sshd_config AuthorizedKeysFile and AuthorizedPrincipalsFile directives.</li></ul><p>Thanks to everyone involved in the release, looking forward to trixie + and happy upgrading!<br />Let’s continue with working towards <a href="https://wiki.debian.org/DebianForky">Debian/forky</a>. :)</p>]]></content:encoded> <wfw:commentRss>https://michael-prokop.at/blog/2025/07/20/what-to-expect-from-debian-trixie-newintrixie/feed/</wfw:commentRss> <slash:comments>3</slash:comments> </item> <item> <title>Grml 2025.05 \x96 codename Nudlaug</title> <link>https://michael-prokop.at/blog/2025/05/16/grml-2025-05-codename-nudlaug/</link> <pubDate>Fri, 16 May 2025 16:42:15 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Debian]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Links]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=7067</guid> <description><![CDATA[Debian hard freeze on 2025-05-15? We bring you a new Grml release on top of that! 2025.05 🚀 – codename Nudlaug. There’s plenty of new stuff, check out our official release announcement for all the details. But I’d like to highlight one feature that I particularly like: SSH service announcement with Avahi. The grml-full flavor […]]]></description> <content:encoded><![CDATA[<p>Debian <a href="https://release.debian.org/testing/freeze_policy.html">hard freeze</a> on 2025-05-15? We bring you a new <a href="https://grml.org/">Grml</a> release on top of that! 2025.05 🚀 – codename <a href="https://grml.org/faq/#releasename">Nudlaug</a>.</p><p>There’s plenty of new stuff, <a href="https://grml.org/changelogs/README-grml-2025.05/">check out our official release announcement</a> for all the details. But I’d like to highlight one feature that I particularly like: <strong>SSH service announcement with Avahi</strong>. The grml-full flavor ships <a href="https://avahi.org/">Avahi</a>, and when you enable SSH, it automatically announces the SSH service on your local network. So when f.e. booting Grml with <a href="https://grml.org/cheatcodes/">boot option</a> `<em>ssh=debian</em>`, you should be able to login on your Grml live system with `<em>ssh grml@grml.local</em>` and password ‘<em>debian</em>‘:</p><pre>% insecssh grml@grml.localWarning: Permanently added 'grml.local' (ED25519) to the list of known hosts.grml@grml.local's password: Linux grml 6.12.27-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.12.27-1 (2025-05-06) x86_64Grml - Linux for geeks grml@grml ~ %</pre><p>Hint: <a href="https://grml.org/zsh/">grml-zshrc</a> provides that useful shell alias `<em>insecssh</em>`, which is aliased to `<em>ssh -o “StrictHostKeyChecking=no” -o “UserKnownHostsFile=/dev/null”</em>`. Using those options, you aren’t storing the SSH host key of the (temporary) Grml live system (permanently) in your <em>UserKnownHostsFile</em>. </p><p><abbr title="By The Way">BTW</abbr>, you can run `<em>avahi-browse -d local _ssh._tcp –resolve -t</em>` to discover the SSH services on your local network. 🤓</p><p>Happy <a href="https://grml.org/">Grml</a>-ing!</p>]]></content:encoded> </item> <item> <title>HTU Bigband Konzert am 05.06.2025</title> <link>https://michael-prokop.at/blog/2025/05/16/htu-bigband-konzert-am-05-06-2025/</link> <pubDate>Fri, 16 May 2025 16:00:19 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Allgemein]]></category> <category><![CDATA[Events]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=7071</guid> <description><![CDATA[Wie letztes Jahr schon, spielen wir auch heuer wieder mit der HTU-Bigband ein Konzert an der TU Graz. Und zwar am Donnerstag, 5. Juni 2025! Das Konzert startet um 19:30 Uhr, bei Schönwetter im Innenhof der TU Graz (Alte Technik, Rechbauerstraße 12, 8010 Graz), und bei Schlechtwetter geht es an der gleichen Adresse in den […]]]></description> <content:encoded><![CDATA[<p><a href="/blog/img/htu-bigband-2025-06-05.jpg"><img src="/blog/img/htu-bigband-2025-06-05-small.jpg" alt="Plakat für das HTU Bigband-Konzert am 05.06.2025" style="border: 0px; margin-right: 20px" align=left /></a></p><p>Wie <a href="/blog/2024/05/28/htu-bigband-konzert-am-04-06-2024/">letztes Jahr</a> schon, spielen wir auch heuer wieder mit der HTU-Bigband ein Konzert an der TU Graz.</p><p>Und zwar am Donnerstag, <strong>5. Juni 2025</strong>! Das Konzert startet um 19:30 Uhr, bei Schönwetter im Innenhof der TU Graz (Alte Technik, Rechbauerstraße 12, 8010 Graz), und bei Schlechtwetter geht es an der gleichen Adresse in den Hörsaal 2. Wir sind über 25 Musikerinnen und Musiker und haben ein anspruchsvolles Programm, von Swing, über Soul, Funk und Latin bis Pop ist alles dabei. Es gibt über 2 Stunden Musik vom Feinsten, die Set-List ist spitze, und das Ganze bei freiem Eintritt.</p><p>Ich freue mich schon tierisch darauf und würde mich wieder über bekannte und gut gelaunte Gesichter freuen. Ich hoffe man sieht und hört sich! :-)</p>]]></content:encoded> </item> <item> <title>Lessons learned from running an open source project for 20 years @ GLT25</title> <link>https://michael-prokop.at/blog/2025/04/23/lessons-learned-from-running-an-open-source-project-for-20-years-glt25/</link> <pubDate>Wed, 23 Apr 2025 06:11:14 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Debian]]></category> <category><![CDATA[Debian-German]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Events]]></category> <category><![CDATA[Links]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=7027</guid> <description><![CDATA[Time flies by so quickly, it’s >20 years since I started the Grml project. I’m giving a (german) talk about the lessons learned from 20 years of running the Grml project this Saturday, 2025-04-26 at the Grazer Linuxtage (Graz/Austria). Would be great to see you there!]]></description> <content:encoded><![CDATA[<p>Time flies by so quickly, it’s >20 years since I started the <a href="https://grml.org/">Grml</a> project.</p><p>I’m giving a (german) <a href="https://pretalx.linuxtage.at/glt25/talk/N7STVM/">talk about the lessons learned from 20 years of running the Grml project</a> this Saturday, 2025-04-26 at the <a href="https://www.linuxtage.at/">Grazer Linuxtage</a> (Graz/Austria). Would be great to see you there!</p>]]></content:encoded> </item> <item> <title>OpenSSH penalty behavior in Debian/trixie #newintrixie</title> <link>https://michael-prokop.at/blog/2025/04/13/openssh-penalty-behavior-in-debian-trixie-newintrixie/</link> <pubDate>Sun, 13 Apr 2025 14:05:22 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Debian]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=7028</guid> <description><![CDATA[This topic came up at a customer of mine in September 2024, when working on Debian/trixie support. Since then I wanted to blog about it to make people aware of this new OpenSSH feature and behavior. I finally found some spare minutes at Debian’s BSP in Vienna, so here we are. :) Some of our […]]]></description> <content:encoded><![CDATA[<p>This topic came up at a customer of mine in September 2024, when working on Debian/trixie support. Since then I wanted to blog about it to make people aware of this new OpenSSH feature and behavior. I finally found some spare minutes at Debian’s BSP in Vienna, so here we are. :)</p><p>Some of our Q/A jobs failed to run against Debian/trixie, in the debug logs we found:</p><pre>debug1: kex_exchange_identification: banner line 0: Not allowed at this time</pre><p>This <em>Not allowed at this time</em> pointed to a new OpenSSH feature. OpenSSH introduced options to penalize undesirable behavior with version 9.8p1, see <a href="https://www.openssh.com/releasenotes.html#9.8p1">OpenSSH Release Notes</a>, and also <a href="https://sources.debian.org/src/openssh/1%3A9.9p2-2/sshd.c/#L573">sshd source code</a>.</p><p><abbr title="For The Record">FTR</abbr>, on the SSH server side, you’ll see messages like that:</p><pre>Apr 13 08:57:11 grml sshd-session[2135]: error: maximum authentication attempts exceeded for root from 10.100.15.42 port 55792 ssh2 [preauth]Apr 13 08:57:11 grml sshd-session[2135]: Disconnecting authenticating user root 10.100.15.42 port 55792: Too many authentication failures [preauth]Apr 13 08:57:12 grml sshd-session[2137]: error: maximum authentication attempts exceeded for root from 10.100.15.42 port 55800 ssh2 [preauth]Apr 13 08:57:12 grml sshd-session[2137]: Disconnecting authenticating user root 10.100.15.42 port 55800: Too many authentication failures [preauth]Apr 13 08:57:13 grml sshd-session[2139]: error: maximum authentication attempts exceeded for root from 10.100.15.42 port 55804 ssh2 [preauth]Apr 13 08:57:13 grml sshd-session[2139]: Disconnecting authenticating user root 10.100.15.42 port 55804: Too many authentication failures [preauth]Apr 13 08:57:13 grml sshd-session[2141]: error: maximum authentication attempts exceeded for root from 10.100.15.42 port 55810 ssh2 [preauth]Apr 13 08:57:13 grml sshd-session[2141]: Disconnecting authenticating user root 10.100.15.42 port 55810: Too many authentication failures [preauth]Apr 13 08:57:13 grml sshd[1417]: drop connection #0 from [10.100.15.42]:55818 on [10.100.15.230]:22 penalty: failed authenticationApr 13 08:57:14 grml sshd[1417]: drop connection #0 from [10.100.15.42]:55824 on [10.100.15.230]:22 penalty: failed authenticationApr 13 08:57:14 grml sshd[1417]: drop connection #0 from [10.100.15.42]:55838 on [10.100.15.230]:22 penalty: failed authenticationApr 13 08:57:14 grml sshd[1417]: drop connection #0 from [10.100.15.42]:55854 on [10.100.15.230]:22 penalty: failed authentication</pre><p>This feature certainly is useful and has its use cases. But if you f.e. run automated checks to ensure that specific logins aren’t working, be careful: you might hit the penalty feature, lock yourself out but also consecutive checks then don’t behave as expected. Your login checks might fail, but only because the penalty behavior kicks in. The login you’re verifying still might be working underneath, but you don’t actually check for it exactly. Furthermore legitimate traffic from systems which accept connections from many users or behind shared IP addresses, like NAT and proxies could be denied.</p><p>To disable this new behavior, you can set <em>PerSourcePenalties no</em> in your sshd_config, but there are also further configuration options available, see <a href="https://manpages.debian.org/trixie/openssh-server/sshd_config.5#PerSourcePenalties">PerSourcePenalties</a> and <a href="https://manpages.debian.org/trixie/openssh-server/sshd_config.5#PerSourcePenaltyExemptList">PerSourcePenaltyExemptList</a> settings in <a href="https://manpages.debian.org/trixie/openssh-server/sshd_config.5">sshd_config(5)</a> for further details.</p>]]></content:encoded> </item> <item> <title>Mein Lesejahr 2024</title> <link>https://michael-prokop.at/blog/2024/12/31/mein-lesejahr-2024/</link> <pubDate>Tue, 31 Dec 2024 12:30:06 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Allgemein]]></category> <category><![CDATA[Bücher & CO]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=6949</guid> <description><![CDATA[Mein Lesejahr 2024 war mit durchschnittlich einem Buch pro Woche ähnlich wie 2023. Mein Best-Of der von mir 2024 fertig gelesenen Bücher (jene die ich besonders lesenswert fand bzw. empfehlen möchte, die Reihenfolge entspricht dem Foto und stellt keinerlei Reihung dar): Die Geschichten in uns: Vom Schreiben und vom Leben, Benedict Wells. Schön gemacht und […]]]></description> <content:encoded><![CDATA[<p><img src="/blog/img/buecher_2024.jpg" alt="Foto der hier vorgestellten Bücher" style="border: 0px; margin-right: 20px" align=left /></p><p>Mein Lesejahr 2024 war mit durchschnittlich einem Buch pro Woche ähnlich wie <a href="/blog/mein-lesejahr-2023/">2023</a>. Mein Best-Of der von mir 2024 fertig gelesenen Bücher (jene die ich besonders lesenswert fand bzw. empfehlen möchte, die Reihenfolge entspricht dem Foto und stellt keinerlei Reihung dar):</p><ul><li><a href="https://www.diogenes.ch/leser/titel/benedict-wells/die-geschichten-in-uns-9783257073140.html"><strong>Die Geschichten in uns: Vom Schreiben und vom Leben</strong>, Benedict Wells</a>. Schön gemacht und speziell für jene interessant, die sich für das “was steckt an Schreibarbeit hinter einem Buch” interessieren. Wells ist mit dem Buch die deutsche Version von Stephen Kings “On Writing” gelungen.</li><li><a href="https://www.rowohlt.de/buch/wolfgang-herrndorf-sand-9783499258640"><strong>Sand</strong>, Wolfgang Herrndorf</a>. Ich bin <a href="https://michael-prokop.at/blog/2024/01/03/mein-lesejahr-2023/">bekannterweise</a> Fan von Herrndorfs “Tschick” und “Arbeit und Struktur”, und damit war dieses Buch entsprechend eine Pflichtlektüre für mich, und <em>wow</em>.</li><li><a href="https://www.rowohlt.de/buch/daniel-kehlmann-f-9783499249273"><strong>F</strong>, Daniel Kehlmann.</a> Von einem lieben Nachbarn vor die Tür gelegt bekommen und es war wirklich <em>f</em>antastisch zu lesen, es <em>f</em>lutschte nur so.</li><li><a href="https://www.suhrkamp.de/buch/julia-jost-wo-der-spitzeste-zahn-der-karawanken-in-den-himmel-hinauf-fletscht-t-9783518431672"><strong>Wo der spitzeste Zahn der Karawanken in den Himmel hinauf fletscht</strong>, Julia Jost</a>. Das Buch wurde in der Literaturszene ziemlich gehypt, aber nach nur wenigen Seiten hab ich mich schon auf die Sprache eingegroovt. Viele Schauplätze sind mir bekannt und das Buch hatte dann eine interessante Sog-Wirkung. Die kursiv gesetzten umgangssprachlichen Ausdrücke finde ich sehr gelungen.</li><li><a href="https://www.rowohlt.de/buch/tobias-ruether-herrndorf-9783737100823"><strong>Herrndorf: Eine Biographie</strong>, Tobias Rüther</a>. Ein Buch das für mich zum Verständnis der Texte von Herrndorf beiträgt. Eine schöne und stringente Geschichte, oder um es mit den Worten von Herrndorf zu sagen: “hohe Durchlesbarkeit”. Man findet auch viele bekannte Namen wieder (Kathrin Passig, Daniela Strigl, Sascha Lobo, Tex Rubinowitz, Klaus Nüchtern,\x85).</li><li><a href="https://www.rowohlt.de/buch/stefanie-sargnagel-iowa-9783498003401"><strong>Iowa: Ein Ausflug nach Amerika</strong>, Stefanie Sargnagel</a>. Sehr unterhaltsam und mit der gewohnten Beobachtungsgabe der Autorin, vielen Bonmots sowie super Fußnoten von Christiane Rösinger.</li><li><a href="https://www.hanser-literaturverlage.de/buch/monika-helfer-loewenherz-9783446272699-t-3621"><strong>Löwenherz</strong>, Monika Helfer</a>. Nachdem mir schon ihr “Die Bagage” (siehe <a href="https://michael-prokop.at/blog/2020/06/16/bookdump-03-2020/">Blogeintrag von 2020</a>) und “Vati” (siehe <a href="https://michael-prokop.at/blog/2024/01/03/mein-lesejahr-2023/">Blogeintrag von 2023</a>) so gut gefallen haben, war das Buch über ihren Bruder Richard entsprechend ein Must-Read, und es wird nicht mein letztes Buch von Helfer sein.</li><li><a href="https://www.hanser-literaturverlage.de/buch/barbara-bleisch-mitte-des-lebens-9783446280885-t-5425"><strong>Mitte des Lebens</strong>, Barbara Bleisch</a>. Die Gedichte und Zitate hätte es für mich nicht gebraucht, aber das Buch regt zum Nachdenken rund um die eigene Lebensmitte an, und es hat bei mir zeitlich gut in mein Leben gepasst.</li><li><a href="https://www.hanser-literaturverlage.de/buch/toxische-pommes-ein-schoenes-auslaenderkind-9783552074101-t-5287"><strong>Ein schönes Ausländerkind</strong>, Toxische Pommes</a>. Schön und traurig, aber wunderbar zu lesen – ich hoffe auf weitere Bücher von Toxische Pommes.</li><li><a href="https://www.kiwi-verlag.de/buch/joachim-meyerhoff-man-kann-auch-in-die-hoehe-fallen-9783462006995"><strong>Man kann auch in die Höhe fallen</strong>, Joachim Meyerhoff</a>. Wer mich kennt, weiß, dass ich Fan von Meyerhoffs <a href="https://www.kiwi-verlag.de/buch/reihe/alle-toten-fliegen-hoch">“Alle Toten fliegen hoch”-Serie</a> bin. Auch der neue Band ist wieder wunderbar geworden. (Ich bin nach wie vor auf der Suche nach ähnlich unterhaltsamen Büchern!)</li></ul><p>Mein SuB bzw. Lesestapel für 2025 ist bereits gut gefüllt, ich freue mich aber trotzdem über etwaige Leseempfehlungen. Ebenso freue ich mich über Feedback, wenn jemand ein Buch aufgrund dieses Beitrags hier gelesen hat.</p>]]></content:encoded> </item> <item> <title>Grml 2024.12 – codename Adventgrenze</title> <link>https://michael-prokop.at/blog/2024/12/20/grml-2024-12-codename-adventgrenze/</link> <pubDate>Fri, 20 Dec 2024 18:05:45 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Debian]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Links]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=6947</guid> <description><![CDATA[We did it again\x99! Just in time, we\x92re excited to announce the release of Grml stable version 2024.12, code-named \x91Adventgrenze\x92! (If you\x92re not familiar with Grml, it\x92s a Debian-based live system tailored for system administrators.) This new release is built on Debian trixie, and for the first time, we\x92re introducing support for 64-bit ARM CPUs […]]]></description> <content:encoded><![CDATA[<p><a href="/blog/img/grml-work-2024.png"><img src="/blog/img/grml-work-2024.jpg" alt="Picture with metrics of three user profiles on GitHub.com, with many contributions especially in the last quarter of the year" style="border: 0px; margin-right: 20px" align=left /></a></p><p>We did it again\x99! Just in time, we\x92re excited to announce the release of <a href="https://grml.org/">Grml</a> stable version 2024.12, code-named \x91<a href="https://grml.org/faq/#releasename">Adventgrenze</a>\x92! (If you\x92re not familiar with Grml, it\x92s a Debian-based live system tailored for system administrators.)</p><p>This new release is built on Debian trixie, and for the first time, we\x92re introducing support for 64-bit ARM CPUs (arm64 architecture)!</p><p>I\x92m incredibly proud of the hard work that went into this release. A significant amount of behind-the-scenes effort went into reworking our infrastructure and redesigning the build process. Special thanks to Chris and Darsha – our Grml developer days in November and December were a blast!</p><p>For a detailed overview of the changes between releases 2024.02 and 2024.12, check out our <a href="https://grml.org/changelogs/README-grml-2024.12/">official release announcement</a>. And, as always, after a release comes the next one – exciting improvements are already in the works!</p><p>BTW: recently we also celebrated 20(!) years of Grml Releases. If you’re a Grml and or grml-zsh user, please join us in celebrating and <a href="https://blog.grml.org/archives/417-20-years-grml-releases.html">send us a postcard</a>!</p>]]></content:encoded> </item> <item> <title>HTU Bigband Konzert am 04.06.2024</title> <link>https://michael-prokop.at/blog/2024/05/28/htu-bigband-konzert-am-04-06-2024/</link> <pubDate>Tue, 28 May 2024 14:32:20 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Allgemein]]></category> <category><![CDATA[Events]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=6909</guid> <description><![CDATA[Am Dienstag den 4. Juni spielen wir ab 19:30 Uhr unser nächstes HTU-Bigband-Konzert. Das Konzert findet im Innenhof der TU Graz (Alte Technik, Rechbauerstraße 12, 8010 Graz) statt, bei Schlechtwetter geht es an der gleichen Adresse in den wunderbaren Hörsaal 2. Wir sind über 25 Musikerinnen und Musiker und haben ein anspruchsvolles Programm – von […]]]></description> <content:encoded><![CDATA[<p><a href="/blog/img/htu-bigband-2024-06-04.jpg"><img src="/blog/img/htu-bigband-2024-06-04-small.jpg" alt="Plakat für das HTU Bigband-Konzert am 04.06.2024" style="border: 0px; margin-right: 20px" align=left /></a></p><p>Am Dienstag den 4. Juni spielen wir ab 19:30 Uhr unser nächstes <a href="https://htugraz.at/deine-htu/htu-big-band">HTU-Bigband</a>-Konzert. Das Konzert findet im Innenhof der TU Graz (<a href="https://www.openstreetmap.org/#map=19/47.06894/15.44980">Alte Technik, Rechbauerstraße 12, 8010 Graz</a>) statt, bei Schlechtwetter geht es an der gleichen Adresse in den wunderbaren Hörsaal 2. Wir sind über 25 Musikerinnen und Musiker und haben ein anspruchsvolles Programm – von Swing, über Soul, Funk und Latin bis Pop ist alles dabei. Es gibt über 2 Stunden Musik vom Feinsten, und das Ganze bei freiem Eintritt.</p><p>Das Event gibt es auch auf <a href="https://www.facebook.com/HTUGraz/posts/pfbid02FdAKWch5Rb2B1kxexhNBQywmeziXYEXuTd2XRAtHLDb45pdBYXBu7c7Fxfd8xWbWl">Facebook</a> und <a href="https://www.instagram.com/htugraz/p/C6yFjaVozaS/">Instagram</a> zum “Liken” und Weiterverteilen.</p><p>Ich freue mich schon tierisch darauf und würde mich über bekannte Gesichter freuen. Ich hoffe man sieht und hört sich! :-)</p>]]></content:encoded> </item> <item> <title>Being a Debian Developer since 15 years</title> <link>https://michael-prokop.at/blog/2024/05/28/being-a-debian-developer-since-15-years/</link> <pubDate>Tue, 28 May 2024 11:37:59 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[English]]></category> <category><![CDATA[Open Source]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=6905</guid> <description><![CDATA[15 years ago I became an official Debian Developer. Incredible how time flies.]]></description> <content:encoded><![CDATA[<p><a href="/blog/2009/05/28/debiandeveloper-add_membermika/">15 years ago</a> I became an official Debian Developer. Incredible how time flies.</p>]]></content:encoded> </item> <item> <title>Vortrag: We got hacked: Lektionen aus realen Security-Vorfällen @ GLT24</title> <link>https://michael-prokop.at/blog/2024/04/07/vortrag-we-got-hacked-lektionen-aus-realen-security-vorfallen-glt24/</link> <pubDate>Sun, 07 Apr 2024 10:22:35 +0000</pubDate> <dc:creator><![CDATA[mika]]></dc:creator> <category><![CDATA[Computer]]></category> <category><![CDATA[Events]]></category> <guid isPermaLink="false">https://michael-prokop.at/blog/?p=6897</guid> <description><![CDATA[Auf den Grazer Linuxtagen 2024 (GLT24) war ich als Referent mit einem Vortrag zum Thema “We got hacked: Lektionen aus realen Security-Vorfällen” vertreten. In meinem Vortrag gibt es einen Einblick in reale Security-Incidents und welche Lektionen sich aus solchen Vorfällen mitnehmen lassen. Es gibt den Vortrag dank des fantastischen c3voc-Teams bereits als Videomitschnitt online. Meine […]]]></description> <content:encoded><![CDATA[<p>Auf den <a href="https://www.linuxtage.at/">Grazer Linuxtagen 2024</a> (GLT24) war ich als Referent mit einem Vortrag zum Thema “<a href="https://pretalx.linuxtage.at/glt24/talk/3MMQBF/">We got hacked: Lektionen aus realen Security-Vorfällen</a>” vertreten. In meinem Vortrag gibt es einen Einblick in reale Security-Incidents und welche Lektionen sich aus solchen Vorfällen mitnehmen lassen.</p><p>Es gibt den Vortrag dank des fantastischen c3voc-Teams bereits als <a href="https://media.ccc.de/v/glt24-418-we-got-hacked-lektionen-aus-realen-security-vorfllen">Videomitschnitt online</a>. Meine <a href="https://michael-prokop.at/slides/glt24_we-got-hacked.pdf">Vortragsfolien (2.1MB, PDF)</a> stehen ebenfalls online zur Verfügung. Viel Spaß beim Anschauen!</p>]]></content:encoded> </item> </channel></rss> If you would like to create a banner that links to this page (i.e. this validation result), do the following:
Download the "valid RSS" banner.
Upload the image to your own server. (This step is important. Please do not link directly to the image on this server.)
Add this HTML to your page (change the image src attribute if necessary):
If you would like to create a text link instead, here is the URL you can use:
http://www.feedvalidator.org/check.cgi?url=http%3A//www.michael-prokop.at/blog/wp-rss2.php
