If your computer can’t lie to other computers, then it’s not yours.
This is a fundamental principle of free and open source software. The World Wide Web abides by this principle, although we don’t often think of it that way. The Web is just an agreed-on set of programmatic interfaces: if you send me this, I’ll send you that. Your computer can construct the “this” by whatever means it wants; it’s none of the other side’s business, because your computer is not their computer.
Google’s so-called “Web Environment Integrity” plan would destroy this independence. “Integrity” is exactly the wrong word for it — a better name would be the “Browser Environment Control” plan.
In the normal world, you show up at the store with a five dollar bill, pick up a newspaper, and the store sells you the newspaper (and maybe some change) in exchange for the bill. In Google’s proposed world, five dollar bills aren’t fungible anymore: the store can ask you about the provenance of that bill, and if they don’t like the answer, they don’t sell you the newspaper. No, they’re not worried about the bill being fake or counterfeit or anything like that. It’s a real five dollar bill, they agree, but you can’t prove that you got it from the right bank. Please feel free to come back with the right sort of five dollar bill.
This is not the Open Web that made what’s best about the Internet accessible to the whole world. On that Web, if you send a valid request with the right data, you get a valid response. How you produced the request is your business and your business alone. That’s what software freedom is all about: you decide how your machinery works, just as other people decide how their machinery works. If your machine and their machine want to talk to each other, they just need an agreed-on language (in the case of the Web, that’s HTTP) in which to do so.
Google’s plan, though, steps behind this standard language to demand something no free and open source software can ever deliver: a magical guarantee that the user has not privately configured their own computer in any way that Google disapproves of.
The effrontery is shocking, to those with enough technical background to understand what is being proposed. It’s as though Google were demanding that when you’re talking to them you must somehow guarantee, in a provable way, that you’re not also thinking impure thoughts.
How could anyone ever agree to this nonsense? Must all our computers become North Korea?
The details of your own system’s configuration are irrelevant to — and unnecessary to accurately represent in — your communications with a server, just as your private thoughts are not required to be included, in some side-band channel, along with everything you say in regular language.
If a web site wants to require that you have a username and password, that’s fine. Those are just a standard part of the HTTP request your browser sends. But if a web site wants your browser to promise that it stores that username and password locally in a file named “google-seekritz.txt”, that’s not only weird and creepy, it’s also something that a free software (as in libre) browser can never reliably attest to. Any browser maintenance team worth its salt will just ship the browser with a default configuration in which the software reports that to Google when asked while, behind the scenes, storing usernames and passwords however it damn well pleases.
Indeed, the fundamental issue here is the freedom to have a “behind the scenes” at all. Environments in which people aren’t allowed to have a “behind the scenes” are totalitarian environments. That’s not an exaggeration; it’s simply the definition of the term. Whatever bad connotations the concept of totalitarianism may have for you, they come not from the fancy-sounding multi-syllabic word but from the actual, human-level badness of the scenario itself. That scenario is what Google is asking for.
My web browser (currently Mozilla Firefox running on Debian GNU/Linux, thank you very much) will never cooperate with this bizarre and misguided proposal. And along with the rest of the free software community, I will continue working to ensure we all live in a world where your web browser doesn’t have to either.
After I cross-posted the above in the Fediverse, a friend of mine there asked how Google’s proposal was different from CORS: “i’m sure that i don’t understand the google proposal, but all the browsers enforce CORS, and don’t let you load data in many contexts.” Since Google’s proposal is very different from CORS and similar browser-side protections, I replied to explain why:
This is not about the browser enforcing something by default for the purpose of being able to make security guarantees to its user. After all, if you wanted to modify and recompile your browser to not enforce same-origin policies, you could do so. (It would a bad idea, of course, but that’s not a software freedom issue .)
Rather, this is about the browser being able to pass back a partially-hardware-based, cryptographically secure token that attests, to a central service, that you (the owner of the computer) have not made certain system modifications that would otherwise be invisible to and undetectable by another computer that you’re interacting with over the network. The central service can then pass that attestation along to relying parties. Those relying parties would then use it for all the expected purposes. For example, if they’re considering sending you a stream of video, they’d only do so if they see a promise from your computer that it has no side-band ability to save the video stream to a file (from which you could view it again later without their knowledge). And this promise would be dependable! Under this proposal, your computer would only be able to say it if it were true.
Of course, by definition the only way such a system can work is if it does not have software freedom on the client side. It requires a cooperative relationship between the hardware manufacturer and the supplier of the software – cross-signed blobs and such – whereby your computer loses the physical ability to make the requested attestation to a third party unless your computer is in fact fully cooperating.
By analogy: right now, you can tell your browser to change its User-Agent
string to anything you want. You might get weird effects from doing that, depending on what value you set it to (and it’s unfortunate that web developers let sites get so sensitized to User-Agent
, but that’s another story, to be told along with a similar complaint about HTTP Referer
– but I digress).
Now imagine a world in which, if you change your User-Agent
string, your browser suddenly starts always sending out an extra header: “User-Agent-String-Modified-By-User: True
” – and you have no choice about this. You can’t stop your browser from doing it, because your computer won’t let you.
Does this help clarify what the problem is?
]]>(defun count-fold-lines (start end)
"Replace lines from START to END with descending counts of unique lines.
It's easiest to just give an example to explain this. These lines...
foo
foo
bar
foo
baz
bar
foo
...would become this:
4 foo
2 bar
1 baz
(modulo some left-padding differences that we don't care about)."
(interactive "r")
(sort-lines nil start end)
(save-mark-and-excursion
;; Hah! You thought I was going to implement this in Elisp, didn't you?
(shell-command-on-region start end "uniq --count" nil t)
(sort-lines t (point) (mark))))
Although the code’s documentation gives a short example, it might be clearer if I give a long example here.
Imagine that you’ve marked a region like this in an Emacs buffer:
This is one of the lines we might see; there are twelve of them.
Meanwhile, other lines look like this (there are five of them).
This is one of the lines we might see; there are twelve of them.
And still others are like this -- there are ten of these.
This is one of the lines we might see; there are twelve of them.
And still others are like this -- there are ten of these.
And still others are like this -- there are ten of these.
Some lines only appear once, so why did I even use the plural?
This is one of the lines we might see; there are twelve of them.
And still others are like this -- there are ten of these.
And still others are like this -- there are ten of these.
Meanwhile, other lines look like this (there are five of them).
There's one line that appears twice.
And still others are like this -- there are ten of these.
And still others are like this -- there are ten of these.
And still others are like this -- there are ten of these.
This is one of the lines we might see; there are twelve of them.
Meanwhile, other lines look like this (there are five of them).
Meanwhile, other lines look like this (there are five of them).
This is one of the lines we might see; there are twelve of them.
This is one of the lines we might see; there are twelve of them.
This is one of the lines we might see; there are twelve of them.
And still others are like this -- there are ten of these.
There's one line that appears twice.
This is one of the lines we might see; there are twelve of them.
Meanwhile, other lines look like this (there are five of them).
This is one of the lines we might see; there are twelve of them.
And still others are like this -- there are ten of these.
This is one of the lines we might see; there are twelve of them.
This is one of the lines we might see; there are twelve of them.
Running `M-x count-fold-lines'
will transform the region into this:
12 This is one of the lines we might see; there are twelve of them.
10 And still others are like this -- there are ten of these.
5 Meanwhile, other lines look like this (there are five of them).
2 There's one line that appears twice.
1 Some lines only appear once, so why did I even use the plural?
Now you can see that there were five unique lines, and how many times each line appeared in the original region.
This code depends on the availability of the standard Unix utility uniq
— I just took the shortest path because I needed this command on the fly for some research I was doing. But it could easily be rewritten in pure Elisp, with no dependency on external uniq
; if someone really wants to use this on a system where uniq
is unavailable, please let me know.
(And if you’re looking for this in my .emacs, it’s under the name kf-count-fold-lines
, because I use that namespace prefix to avoid clobbering symbols from Emacs and from third-party packages.)
More than a year ago, my friend Jim asked what pieces I would recommend to someone who’s just starting to listen to classical music. I didn’t want to rely solely on my own opinions, so one night I discussed it with Leslie, Fran, and Henry over dinner (you don’t have to know who all these people are to follow the story — the point is, they like classical music too and I knew the list would be better with their input).
While Jim had suggested ten pieces as a round number, I think he knew that we wouldn’t be able to keep it to ten, and we didn’t. We came up with twelve, or fourteen, or fifteen, depending on how you count.
Mozart: Flute and Harp Concerto in C major
Ernst Märzendorfer (conductor), Nicanor Zabaleta (harp), Karlheinz Zöller (flute), and the Berlin Philharmonic Orchestra. (Record label: Deutsche Grammophon.)
Dvořák: Symphony No. 7
István Kertész (conductor), London Symphony Orchestra. (Record label: Decca)
Beethoven: 5th, 6th, and 7th Symphonies
5 & 7 with Carlos Kleiber (conductor) and the Vienna Philharmonic.
Tchaikovsky: Piano Concerto No. 1
Van Cliburn (pianist), Kirill Kondrashin (conductor). Or: Lang Lang (pianist) and Daniel Barenboim (conductor).
Bach: Chorale “Sheep May Safely Graze”
Karl Richter (conductor), Munich Bach Choir.
Chopin: Préludes, opus 28
Ivan Moravec (pianist).
Stravinsky: The Firebird
Leonard Bernstein (conductor), New York Philharmonic.
Shostakovich: Symphony No. 5
Mstislav Rostropovich (conductor), National Symphony Orchestra. (Record label: Deutsche Grammophon)
However, an alternate here was Prokofiev’s “Romeo & Juliet” with either Rostropovich and the National Symphony Orchestra (1982) again, or Osmo Vänskä (conductor) and the Lahti Symphony Orchestra.
Mussorgsky (orchestral arrangement by Ravel): Pictures at an Exhibition
Gustavo Dudamel (conductor), Vienna Philharmonic Orchestra.
(But maybe add Sviatoslav Richter’s towering 1958 live performance of the original piano version of the piece in Sofia, Bulgaria.)
Vaughan-Williams: Serenade to Music
Adrian Boult (conductor), London Philharmonic Orchestra.
Brahms: Symphony No. 1
Wilhelm Furtwängler (conductor), North German Radio Symphony Orchestra (sometimes abbreviated as “NDR” because in German their name is “Norddeutscher Rundfunk Sinfonieorchester”).
An alternate here was Mahler Symphony No. 1, with Klaus Tennstedt (conductor) and the Chicago Symphony Orchestra.
Rimsky-Korsakov: Scheherazade
Daniel Barenboim (conductor), Samuel Magad (violin), Chicago Symphony Orchestra.
And I had listed Puccini‘s opera “La Bohème” off in a corner of the paper where I was taking notes, though I’m not sure the group ever considered it. Well, hey: editorial privilege for the win! I’m mentioning it here. There’s a wonderful recording with Georg Solti (conductor), Placido Domingo (tenor), Montserrat Caballé (soprano), and many other wonderful singers. However, I haven’t listened to many recordings of that opera, so I don’t know what else is out there.
Enjoy, Jim!
]]>There’s a petition circulating that is essentially a public indictment of Richard Stallman.
More than half of the initial signers are people I know and respect, and have for a long time. They care a lot about ethical behavior in general and about free software in particular. Normally, I expect to be able to sign most petitions they would sign, but this one I’m not on board with.
One reason is that it simply doesn’t make a good case for a lot of its charges. In the sources the petition cites, I searched for anything that would support the claims of “bigotry”, “hate”, and “intolerance”, and didn’t see it. The primary sources are there — you can read them yourself and make up your own mind, of course.
It’s true that Stallman has expressed opinions and positions that are widely condemned, and that people feel hurt by them; some of those people are my friends. Had the charges been insensitivity and absence of any serious attempt at empathy, who could deny it? Cherry-picking certain distinctions that are important to him but not to others while ignoring ones that are important to others? Absolutely. But what petition says is different, and it’s a difference of kind, not of degree. Bigotry, hate, and intolerance are not what Stallman exhibits — and yes, I do think that distinction should be important to all of us. (I was talking about this with some friends yesterday, and paraphrased something one of them said this way: “There’s no necessary correlation between being hurt and being right.”)
The second reason is the explicit call for blanket ostracism. Having portrayed Stallman as some kind of monster (which he is not), the petition says:
These sorts of beliefs have no place in the free software, digital rights, and tech communities. …
There has been enough tolerance of RMS’s repugnant ideas and behavior. We cannot continue to let one person ruin the meaning of our work. Our communities have no space for people like Richard M. Stallman, and we will not continue suffering his behavior, giving him a leadership role, or otherwise holding him and his hurtful and dangerous ideology as acceptable.
Free software is a big place. It includes Trump voters and Warren voters; it includes people who believe that women shouldn’t control their own bodies; whoever you are, it includes people you strongly disagree with on multiple important things. Empirically, it’s a kind of fallacy to say that Stallman doesn’t belong anywhere in the movement that he is more responsible than anyone else for creating.
I realize that for the petition’s authors and signers this is a question of their fundamental values, in which case they may find that empirical point irrelevant. But the call for ostracism from free software is still unjustified by what the petition itself presents. Indeed, although the very first sentence calls him a “dangerous force”, and the above-quoted excerpt says he must not “ruin the meaning of our work” (how is he doing that?), the striking thing is that the ideas of his that the petition focuses so intently on have gotten little uptake.
Stallman’s vision of free software succeeded because it was a good idea. His persistent articulation and demonstration of it helped, especially at the beginning, but in the long run it succeeded because others saw it was a good thing and made the cause theirs. Stallman does not own it. Where his other ideas — the ones cited by the petition — have not succeeded, it’s because people have not liked them. (The majority of his ideas are fairly standard progressive positions, by the way; those are starting to get some uptake now, and of course that’s because many people, not just Stallman, favor them.)
I noticed that many long-active people in free software have not signed the petition, and I’ve talked to several of them about it. One common reaction I heard is that it “goes too far”. While that’s true, that’s not the point I’m making here. Rather, the problem is that the petition has category errors of real significance, both about Stallman and about what to do when someone expresses opinions one disagrees with and even feels hurt by.
This petition does not display the values it claims to represent.
Disclaimers and disclosures: This post reflects my personal views only. It does not reflect the position of any company or organization I am affiliated with. I’ve been a member of the Free Software Foundation for a long time, remained one throughout the period following Stallman’s abrupt resignation in late 2019, and have had both personal informal contact and professional contact with the FSF. I have made a few light edits to this post since first publishing it; the edits merely clarify and do not change the substance.
]]>Here’s the compressor site, with most of the input and all of the output showing:
The output looks like a short string mixing Chinese and Korean because the compressed text is represented as a series of Unicode characters (encoding 15 bits of information per character — which makes the compression ratio displayed, 804/49, a bit misleading, since the characters on the bottom are twice as large as the characters on the top: 402/49 would be more more accurate, and still quite impressive).
Anyway, I naturally thought “Hmm! What would happen if I were to paste this presumably random Chinese/Korean output into Google Translate?”
“I am a prisoner, and I am in a state of mind.”
Aren’t we all, Internet? Aren’t we all?
]]>The usual stock phrase ends with the word “disease”. But Trump avoids the stock phrase, probably because he doesn’t want someone quoting it back at him sarcastically at the peak of the COVID-19 death toll. So in order to avoid reminding his listeners that it is, in fact, literally a disease we’re dealing with here, he twists a common saying.
Since Trump’s use of language is so frequently odd anyway, journalists rarely call out his misdirections or try to explain them. But even worse, they often cover for him. There was a particularly dramatic example of this recently:
On The Daily podcast with Michael Barbaro, New York Times journalist Maggie Haberman played audio of Trump saying “I don’t want the cure to be worse than the problem itself” (he always phrases it this way — he never says “disease” in that phrase) and then she did a really interesting thing. She repeated it back for the audience, but with the phrase corrected to its standard form:
“— in his words, the cure can’t be worse than the disease.”
(Here’s a transcript.)
Haberman wasn’t adding any information by rephrasing the President. She wasn’t summarizing a longer or more complex thing Trump said. She wasn’t providing needed context that the listener might not have. She just repeated Trump, with one important fix — and called her fixed version “his words”.
What is going on? It’s not a simple accident. The day before, Michael Barbaro himself did the same thing. He played audio of Trump using the same odd phrasing on a different occasion, and then Barbaro followed it up by similarly fixing the President’s words, albeit with “illness” instead of “disease”. (transcript here)
It’s as though the journalists know something is wrong, and instinctively want to fix it, so they generously clean up after the President, instead of simply pointing out how the President consistently mis-phrases a traditional saying. (Foreign journalists have noticed this tendency of American reporters to edit the President and thus mask what he’s actually saying.)
I’m not suggesting that reporters should indulge in speculation about the President’s motivations in behaving like this, even when those motivations are pretty clear. Instead, I’m suggesting that journalists should point out when something odd is going on — help the audience see patterns. As reporters, they’ve heard Trump use this strange phrasing multiple times; they know full well what is going on. But any given audience member might not have heard all those instances, and thus might not spot the pattern.
Instead of unconsciously correcting Trump, and thus normalizing him, just report on him and help people be aware of patterns. Listeners can come to their own conclusions about what the patterns mean, but no one is in a better position than journalists who cover Trump professionally to point out the patterns in the first place.
Don’t cover for.
Just cover.
]]>(Instead of cross-posting it here, I’d rather just refer you there, so that there’s one canonical URL.)
]]>Update (2019-10-23): Christie Koehler has written a great piece on this same topic: Open Source Licenses and the Ethical Use of Software. It’s much more in-depth than my treatment below; I highly recommend Christie’s post if you’re looking for a thorough examination of this trend.
I just wrote this in an email, and then realized it was basically already a blog post, so here it is. (Disclaimer: in this post, as on this blog generally, I’m speaking only for myself and not for my company or our clients.)
There’s been a lot of talk recently about creating software licenses that include an ethical-use-only clause. Here’s one example among many. There has even been talk about modifying some existing free software / open source software licenses to include such clauses. If I stopped to dig up source links for everything I’d never get this post done, but if you’re active in this field you’ve probably been seeing these conversations too. Feel free to supply links in the comments.
According to the current definition of free and open source software, such licenses would no longer be FOSS. Some people react to that by saying that maybe we need to update the definition of FOSS then, but that’s backwards — you can’t change a thing by changing what labels you call it by. The current definition of FOSS would still exist, and would still mean exactly what it means, whether one calls it “FOSS” or “broccoli” or “gezornenplatz”.
But even ignoring the nominalist arguments, I think these ethics-scoped licenses are, sadly, an unworkable idea on substantive grounds.
Aditya Mukerjee explained why very eloquently in this tweet thread, and you might want to read that first. I would add:
In practice, these kinds of clauses are time bombs that people either don’t hear ticking, in which case they get an unpleasant surprise later, or do hear ticking, in which case they avoid using any software under that license.
The conversations I’ve seen around these licenses seem to start from the position that all (ahem) reasonable people agree about what is ethical. But in fact there are serious and deep disagreements about what is ethical — even among people who would never have expected that they might disagree with each other, there are usually latent disagreements lurking. Here are a couple of examples, just to show how easy it is for this to happen:
1) Some people believe that copyright infringement is immoral. They think that copying without authorization, or at least doing so at scale, harms artists and other creators, and is thus unethical. Other people believe that putting restrictions on copying is inherently immoral — that no one should have a monopoly on the distribution of culture and information. (Note that this is wholly independent of attribution, of course — that’s a separate concern, and both sides here generally agree that misattribution is unethical because it is simply a type of fraud.)
So what happens when someone puts out a license with a clause saying that one may not use this software as part of a system that performs unauthorized copying? Sure, the license will mean it means and will be variably enforceable depending on the jurisdiction. But what I’m getting at is that there is no consensus at all, especially among the kinds of people likely to be pondering these questions in the first place, about whether the restriction would be ethical.
This example, far from being contrived, actually touches the proposed license referred to earlier. That license bases its “do no harm” clause on the Universal Declaration of Human Rights, in which see clause 27(2) — a clause that I do not agree is ethical and that, depending on how it is interpreted, may be in fundamental contradiction with free software licensing.
Next example…
2) Many vegetarians and vegans feel that killing animals for meat — and doing medical testing on animals, etc — is immoral. Most of those people live surrounded by meat-eaters, so they often don’t bring this up in conversation unless asked about it. But it’s only a matter of time before someone releases a license that prohibits the software from being used for any purpose that harms animals.
Oh wait, that already happened.
(To be fair, it looks like maybe that was really a click-through download EULA rather than the underlying software license, at least based on this archived page. It’s a little hard to tell — this was all around 2008, and the license is no longer easy to find on the Net. Which I think is likely to be the fate of most ethics-scoped licenses in the long run.)
Formally speaking, these kinds of ethical-use-only clauses violate both the Free Software Definition and the Open Source Definition. In the FSD, they prevent the software from being used “for any purpose”. In the OSD, they constitute a “field of use” restriction.
Now, you can make any license you want, and if you hire a good lawyer to do the drafting it may even be enforceable in some circumstances. But there is much less consensus around the world about what is “ethical” than many people wish. If this practice were normalized, we would quickly have software licenses that prohibit the software from being used in a system that encourages people to change or abandon their religion, or from being used to educate women, etc.
“Fine”, I hear you say. “I don’t have to use their software, then. But people who agree with my ethics will be free to use the software I release under licenses that enforce those ethics.” Except that no one will: the software won’t be adopted, except maybe by your friends. Anyone seriously thinking of using that software in production will run away as fast as they can from a license clause that opens them up to liability based on some judge’s interpretation of what constitutes a violation of someone else’s ethical guidelines. These licenses may look great on the runway, but they’ll never fly.
I think the FSD and the OSD (which are essentially the same idea expressed in different words) got it right the first time. Free software licenses accomplish some wonderful things, both for individual freedom and for non-monopolistic collaboration built around free-to-fork code. However, FOSS licenses can never provide a generally enforceable framework for ethical behavior. Attempts to make them do the latter not only fail (because the software won’t be widely adopted with non-FOSS license terms anyway) but also reduce the licenses’ effectiveness at doing what they were originally designed to do.
]]>Here’s what the problem looks like — full transcript, out of consideration for search engine indexes:
root# apt-get dist-upgrade Reading package lists... Done Building dependency tree Reading state information... Done You might want to run 'apt --fix-broken install' to correct these. The following packages have unmet dependencies: guile-2.2-libs : Depends: libtinfo6 (>= 6) but it is not installed libedit2 : Depends: libtinfo6 (>= 6) but it is not installed libllvm7 : Depends: libtinfo6 (>= 6) but it is not installed libncurses6 : Depends: libtinfo6 (= 6.1+20181013-2) but it is not installed libreadline7 : Depends: libtinfo6 (>= 6) but it is not installed E: Unmet dependencies. Try 'apt --fix-broken install' with no packages (or specify a solution). root#
Hmmm, that doesn’t look good. I tried following the advice given there, but it didn’t work:
root# apt --fix-broken install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following packages were automatically installed and are no longer required: guile-2.2-libs libncurses6 libpython3.7-minimal libsasl2-modules libzstd1 mariadb-common python3.7-minimal Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: libtinfo6 The following NEW packages will be installed: libtinfo6 0 upgraded, 1 newly installed, 0 to remove and 1326 not upgraded. 47 not fully installed or removed. Need to get 0 B/325 kB of archives. After this operation, 534 kB of additional disk space will be used. Do you want to continue? [Y/n] y apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct! perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). locale: Cannot set LC_ALL to default locale: No such file or directory Setting up libpam0g:amd64 (1.3.1-5) ... locale: Cannot set LC_ALL to default locale: No such file or directory Checking for services that may need to be restarted...awk: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory Checking init scripts... awk: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory dpkg: error processing package libpam0g:amd64 (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: libpam0g:amd64 E: Sub-process /usr/bin/dpkg returned an error code (1) root#
Okay, hmmm, what about trying the same but with apt-get instead of apt? Let’s see:
root# apt-get --fix-broken install Reading package lists... Done Building dependency tree Reading state information... Done Correcting dependencies... Done The following packages were automatically installed and are no longer required: guile-2.2-libs libncurses6 libpython3.7-minimal libsasl2-modules libzstd1 mariadb-common python3.7-minimal Use 'sudo apt autoremove' to remove them. The following additional packages will be installed: libtinfo6 The following NEW packages will be installed: libtinfo6 0 upgraded, 1 newly installed, 0 to remove and 1326 not upgraded. 47 not fully installed or removed. Need to get 0 B/325 kB of archives. After this operation, 534 kB of additional disk space will be used. Do you want to continue? [Y/n] y apt-listchanges: Can't set locale; make sure $LC_* and $LANG are correct! perl: warning: Setting locale failed. perl: warning: Please check that your locale settings: LANGUAGE = (unset), LC_ALL = (unset), LANG = "en_US.UTF-8" are supported and installed on your system. perl: warning: Falling back to the standard locale ("C"). locale: Cannot set LC_ALL to default locale: No such file or directory Setting up libpam0g:amd64 (1.3.1-5) ... locale: Cannot set LC_ALL to default locale: No such file or directory Checking for services that may need to be restarted...awk: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory Checking init scripts... awk: error while loading shared libraries: libtinfo.so.6: cannot open shared object file: No such file or directory dpkg: error processing package libpam0g:amd64 (--configure): subprocess installed post-installation script returned error exit status 127 Errors were encountered while processing: libpam0g:amd64 E: Sub-process /usr/bin/dpkg returned an error code (1)
Nope.
All right, then. Let’s do it manually:
I’m not sure it was necessary, but at this point I ensured the locale by checking that the uncommented line “en_US.UTF-8 UTF-8” was present in /etc/locale.gen, running the command locale-gen as root, logging out and logging back in, and confirming the locale with locale -a.
Again, that locale dance may not have been necessary. What was necessary were the next steps:
Visit the Debian package pages for libtinfo6 and libpam0g, download the amd64 versions (using the sha256sum command to check the downloaded files against the SHA256 fingerprint listed at the bottoms of the Debian package pages), then install them manually:
root# dpkg -i libtinfo6_6.1+20181013-2_amd64.deb root# dpkg -i libpam0g_1.3.1-5_amd64.deb
Those commands succeeded, and I confirmed that the packages were now installed:
root# apt-get install libtinfo6 Reading package lists... Done Building dependency tree Reading state information... Done libtinfo6 is already the newest version (6.1+20181013-2). libtinfo6 set to manually installed. 0 upgraded, 0 newly installed, 0 to remove and 1325 not upgraded. root# apt-get install libpam0g Reading package lists... Done Building dependency tree Reading state information... Done libpam0g is already the newest version (1.3.1-5). 0 upgraded, 0 newly installed, 0 to remove and 1325 not upgraded. root#
Now the box was in working order again, and I could finish the dist-upgrade:
root# apt-get dist-upgrade [...zillions of lines of package names omitted...] 1325 upgraded, 390 newly installed, 19 to remove and 0 not upgraded. Need to get 41.7 MB/1,155 MB of archives. After this operation, 1,054 MB of additional disk space will be used. Do you want to continue? [Y/n] y [...zillions of lines of success omitted...]]]>