Feed aggregator

Rohan Garg: An alternative to Linaro’s HWPacks

Planet Ubuntu - Wed, 08/26/2015 - 08:34

For the past couple of weeks I’ve been playing with a variety of boards, and a single problem kept raising its head over and over again, I needed to build test images quickly in order to be able to checkout whether or not these boards had the features that I wanted.

This lead me to investigating tools around building images for these boards. And the tools I came across for each of these boards were absymal to say the least. All of them were either very board specific or were not versatile enough for my needs. Linaro’s HWPack’s came very very close to what I needed, but still had some of the following limitations :

  • HWPack’s are inflexible in terms of partitioning layout, the entire partitioning layout is internal to the tool, and you could only specify one of three variations of the partition layout, and not control anything else, such as start sectors of the partitions.
  • HWPack’s are inflexible in terms of bootloader flashing, as far as I can tell, there was no way to specify the start sector, the byte size and other options that some of these boards were passing dd to flash the bootloader to the image.
  • HWPacks, as far as I could tell, could not generate config files that would be used by u-boot at boot.
  • HWPack’s only support Apt.

So with those 4 problems to solve, I set out writing my own replacement for Linaro’s HWPack’s , and lo and behold, you can find it here. ( I’m quite terrible at coming up with awesome names for my projects, so I chose the most simple and descriptive name I could think of ;)

Here’s a sample config for the ODROID C1, a neat little board from HardKernel.

The rootfs section

You can specify a rootfs for your board in this section, it will take a url to the rootfs tar and optionally a md5sum for the tar.

The firmware section

We currently have 2 firmware backends for installing the firmware ( things like the kernel, and other board specific packages ). One is the tar backend which, like the rootfs section, takes a url to the firmware tar and optionally a md5sum and the Apt backend. I only have time to maintain these 2 backends, so I’d absolutely love it if someone could write more backends such as yum or pacman and send me a pull request.

The tar backend will copy everything from the boot/* folder inside the tar onto the first partition, and anything inside the firmware/* and modules/* folder into the rootfs’s /lib folder. This is a bit implicit and I’m trying to figure out a way to make this better.

The apt backend can take multiple apt repos to be added to the rootfs and a list of packages to install afterwards.

The bootloader section

The bootloader has a :config section which will take a ERB file to be rendered and installed into both the rootfs and the bootfs ( if you have one ).

Here’s a quote of the sample ERB file for the ODROID C1:

This allows me to dynamically render boot files depending on what kernel was installed on the image and what the UUID of the rootfs is. You can in fact access more variables as described here.

Moving on to the :uboot section of the bootloader, you can specify as many stages as you want to flash onto the image. Each stage will take a :file to flash and optionally :dd_opts, which are options that you might want to pass to dd when writing the bootloader. The stages are flashed in the sequence that is declared in config.yml and the files are searched for in the rootfs first, failing which they’re searched for in the bootfs partition, if you have one.

The login section

The login section is quite self-explanatory and takes a user, a password for the user and a list of groups the user should be added to on the target image.

The login section is optional and can be skipped if your rootfs already has a pre-configured user.

At the moment I have configs for the ODROID C1, Cubox-I ( thanks to Solid Run for sending me a free-extra board! :) and the Raspberry Pi 2.

If you have questions send me an email or leave them in the comments below, and I’ll try to answer them ASAP :).

If you end up writing a config for your board, please send me a PR with the config, that’d be most awesome.

PS: Some of the most awesome people I know are meeting up at Randa next month to work on bringing Touch to KDE. It’d be supremely generous of you if you could donate towards the effort.


Dustin Kirkland: An Open Letter to Google Nest (was: OMG, F*CKING NEST PROTECT AGAIN!)

Planet Ubuntu - Wed, 08/26/2015 - 07:06
[Updates (1) and (2) at the bottom of the post]
It's 01:24am, on Tuesday, August 25, 2015.  I am, again, awake in the the middle of the night, due to another false alarm from Google's spitefully sentient, irascibly ignorant Nest Protect "smart" smoke alarm system.
Exactly how I feel right now.  Except I'm in my pajamas.Warning: You'll find very little profanity on this blog.  However, the filter is off for this post.  Apologies in advance.
ARRRRRRRRRRRRRRRRRGGGGGGGGGHHHHHHHHHHH!!!!!!!!!!!
Oh.
My.
God.
FOR FUCK'S SAKE.

"Heads up, there's smoke in the kids room," she says.  Not once, but 3 times in a 30 minute period, between 12am and 1am, last night.

That's my alarm clock.  Right now.  I'm serious."Heads up, there's smoke in the guest bedroom," she says again tonight a few minutes ago, at 12:59am.
There was in fact never any smoke to clear.Is it possible for anything wake you up more seriously and violently in a cold panic than a smoke alarm detecting something amiss in your 2 year old's bedroom?
Here's what happens (each time)...
Every Nest Protect unit in the house announces, in unison, "Heads up, there's smoke in the kids' room."  Then both my phone and my wife's phone buzzes on our night stands, with the urgent incoming message from the Nest app.  Another few seconds pass, and a another set of alarms, this time delivered by email, in case you missed the first two.
The first and second time it happens, you jump up immediately.  You run into their room and make sure everyone is okay -- both the infant in the crib and toddler who's into everything.  You walk the whole house, checking the oven, the stove, the toaster, the computer equipment.  You open the door and check around outside.  When everything is okay, you're left with a tingling in the back of your mind, wondering what went wrong.  When you're a computer engineer by trade, you're trying to debug the hardware and/or software bug causing the false positive.  Then you set about trying to calm your family and get them back into bed.  And at some point later, you calm your own nerves and try to get some sleep.  It's a work night after all.
But the third, fourth, and fifth time it happens?  From 3 different units?
Well, it never ceases to scare the ever living shit out of you, waking up out of deep sleep, your mind racing, assessing the threat.
But then, reality kind of sets in.  It's just the stupid Nest Protect fucking it all up again.
Roll over, go back to bed, and pray that the full alarm doesn't sound this time, waking up both kids and setting us up for a really bad night and next few days at school.
It's not over yet, though.  You then wait for the same series of messages announcing the all clear -- first the bitch over the loudspeaker, followed by the Android app notification, then the email -- each with the same message:  "Caution, the smoke is clearing..."
THERE WAS NEVER ANY FUCKING SMOKE, YOU STUPID CYBORG. 
20 years later, and the smartest company in the world
creates a smoke detector that broadcasts the IoT equivalent
of PC LOAD LETTER to your smart home, mobile app, and email.
But not this time.  I'm not rolling over.  I'm here, typing with every ounce of anger this Thinkpad can muster. I'm mashing these keys in the guest bedroom that's supposedly on fire.  I can most assuredly tell you that it's a comfy 72 F, that the air is as clean as a summer breeze.
I'm writing this, hoping that someone, somewhere hears how disturbingly defective, and dangerously disingenuous this product actually is.
It has one job to do.  Detect and report smoke.  And it's unable to do that effectively.  If it can't reliably detect normality, what confidence should I have that it'll actually detect an emergency if that dreaded day ever comes?
The sad, sobering reality is: zero.  I have zero confidence whatsoever in the Nest Protect.
What's worse, is that I'm embarrassed to say that I've been duped into buying 7 (yes, seven) of these broken pieces of shit, at $99 apiece.  I'm a pretty savvy technical buyer, and admittedly a pretty magnanimous early adopter.  But while I'm accepting on beta versions of gadgets and gizmos, I am entirely unforgiving on the safety and livelihood of my family and guests.
Michael Larabel of Phoronix recounts his similar experience here.  He destroyed one with a sledgehammer, which might provide me with some catharsis when (not if, but when) this happens again.

Michael Larabel of Phoronix destroyed his malfunctioning Nest Protect
with a 20 lb sledgehammer, to silence the false alarm in the middle of the night
 There's a sad, long, thread on Nest's customer support forum, calling for a better "silence" feature.  I'm sorry, that's just wrong.  The solution is not a better way to "silence" false positives.  Root out the false positives to begin with.  Or recall the hardware.  Tut, tut, tut.

You can't be serious...This is from me to Google and Nest on behalf of thousands of trusting families out there:  You have the opportunity, and ultimately the obligation.  Please make this right.  Whatever that means, you owe the world that.
  • Ship working firmware.
  • Recall faulty hardware.
  • Refund the product.
Okay, the empassioned rant is over.  Time for data.  Here is the detailed, distressing timeline.
  • January 2015: I installed 5 Nest Protects: one in each of two kids' rooms, the master bedroom, the hallway, and the kitchen/living room
  • February 2015: While on a business trip to, South Africa, I received notification via email and the Nest App that there was a smoke emergency at my home, half a world away, with my family in bed for the night.  My wife called me immediately -- in the middle of the night in Texas.  My heart raced.  She assured me it was a false alarm, and that she had two screaming kids awake from the noise.  I filed a support ticket with Nest (ref:_00D40Mlt9._50040jgU8y:ref) and tried to assure my wife that it was just a glitch and that I'd fix it when I got home.

  • May 23, 2015: We thought it was funny enough to post to Facebook, "When Nest mistakes a diaper change for a fire, that's one impressive poop, kiddo!"  Not so funny now.


  • August 9, 2015: I installed 2 more Nest Protects, in the guest bedroom and my office
  • August 21, 2015, 11:26am: While on a flight home from another business, trip, I receive another set of daytime warnings about smoke in the house.  Another false alarm.
  • August 24, 2015, 12am: While asleep, I receive another 3 false alarms.
  • August 25, 2015, 1am: Again, asleep, another false alarm.  Different room, different unit.  I'm fucking done with these.
I'm counting on you Google/Nest.  Please make it right.
Burning up but not on fire,Dustin

Update #1: I was contacted directly by email and over Twitter, by Nest's "Executive Relations", who offer to replace of all 7 of my "v1" Nest Protects with 7 new "v2" Nest Protects, at no charge.  The new "v2" Protect reportedly has an improved design with better photoelectric detector that reduces false positives.  I was initially inclined to try the new "v2" Protects, however, neither the mounting bracket nor the wiring harness are compatible from v1 to v2.  So I would have to replace all of the brackets and redoing all of the wiring myself.  I asked, but Nest would not cover the cost of a professional (re-)installation.  At this point, as expressed my disappointment in this alternative, and I was offered a full refund, in 4-6 weeks time, after I return the 7 units.  I've accepted this solution and will replace the Nest Protects with a simpler, more reliable traditional smoke detector. Update #2: I suppose I should mention that I generally like my Nest Thermostat and (3) Dropcams.  This blog post is really only complaining about the Titanic disaster that is the Nest Protect.

Pasi Lallinaho: A series of minor improvements for Ubuntu websites

Planet Ubuntu - Wed, 08/26/2015 - 06:41

In addition to using developer documentation (see A compact style for jQuery API documentation), people who work with communities need to use community and communication related websites. The bigger the community, the more tools it needs.

In a large community like Ubuntu, the amount of maintenance is big and the variety of platforms is huge. On top of these, many of the website aren’t directly maintained for the community (which has both good and bad sides). For these reasons, it’s sometimes hard and/or slow to get updates landed for the CSS files for the websites.

While workarounds aren’t ideal, at least we can fight the problematic styles with modern technology. That said, I’ve created a gist for a Stylish style that provides some minor improvements for some ubuntu.com websites.

Currently, the style brings the following improvements:

  • The last line of the chat is completely shown in Ubuntu Etherpad pads
  • Images and code blocks aren’t overlapping the content section in Planet Ubuntu, avoiding horizontal scrollbars
  • In the Ubuntu wiki, list items do not have a large bottom padding, making the lists more readable
  • Also in the wiki, tables are always full width but not too wide, keeping them aligned nicely

If you are constantly hitting other annoying styling issues on the Ubuntu websites, leave me a comment and I’ll see whether I can update the gist with a workaround. However, please report the bugs and issues for concerned maintaining parties as well, so we can stop using these workarounds as soon as possible. Thank you!

Lubuntu Blog: Happy 24th birthday, Linux!

Planet Ubuntu - Wed, 08/26/2015 - 05:48
Can you believe Linux is celebrating 24 years already? It was on this day, August 25, back in 1991 when a young Linus Torvalds made his now-legendary announcement on the comp.os.minix newsgroup:
Hello everybody out there using minix -

I'm doing a (free) operating system (just a hobby, won't be big and professional like gnu) for 386(486) AT clones. This has been brewing since april, and is starting to get ready. I'd like any feedback on things people like/dislike in minix, as my OS resembles it somewhat (same physical layout of the file-system (due to practical reasons) among other things).

I've currently ported bash(1.08) and gcc(1.40), and things seem to work. This implies that I'll get something practical within a few months, and I'd like to know what features most people would want. Any suggestions are welcome, but I won't promise I'll implement them :-)

Linus

PS. Yes – it's free of any minix code, and it has a multi-threaded fs. It is NOT portable (uses 386 task switching etc), and it probably never will support anything other than AT-harddisks, as that's all I have :-(.
Quite an understated beginning if I ever heard one!

There's some debate in the Linux community as to whether we should be celebrating Linux's birthday today or on October 5 when the first public release was made, but Linus says he is O.K. with you celebrating either one, or both! So as we say happy birthday, let's take a quick look back at the years that have passed and how far we have come.

Via OpenSource.

Thomas Ward: Landscape and Gitlab on the same server: Headaches, and thoughts.

Planet Ubuntu - Wed, 08/26/2015 - 05:12

This is a mini case study, or rather a report from me, on how difficult it can be to run multiple services from the same server. Especially when they listen on similar ports for different aspects. In this post, I examine the headaches of making two things work on the same server: GitLab (via their Omnibus .deb packages), and Landscape (Canonical’s systems management tool).

I am not an expert on either of the software I listed, but what I do know I will state here.

The Software Landscape

Many of you have probably heard of Landscape, Canonical’s systems management tool for the Ubuntu operating system. Some of you probably know about how we can deploy Landscape standalone for our own personal use with 10 Virtual and 10 Physical machines managed by Landscape, via Juju, or manually.

Most of my systems/servers are Ubuntu, and I have enough that makes management by one individual a headache. In the workplace, we have an entire infrastructure set up for a specific set of applications, all on an Ubuntu base, and a similar headache in managing them all one at a time. For me, discovering Landscape Dedicated Server, the setup yourself, makes management FAR easier. Landscape has a dependency on Apache

GitLab

GitLab is almost like GitHub in a sense. It provides a web interface for working with code, via the Git Version Control System. Github and GitLab are both very useful, but for those of us wanting the same interface in only one organization, or for personal use, and not trusting the Cloud hosts like GitHub or GitLab’s cloud, we can run it via their Omnibus package, which is Gitlab pre-packaged for different distributions (Ubuntu included!)

It includes its own copy of nginx for serving content, and uses Unicorn for the Ruby components. It listens on both port 80 and 8080, initially, per the gitlab configuration file which rewrites and modifies all the other configurations for Gitlab, which includes both of those servers.

The tricky parts

But then, I ran into a dilemma on my own personal setup of it: What happens if you need Landscape and multiple other sites run from the same server, some parts with SSL, some without? Throw into the mix that I am not an Apache person, and part of the dilemma appears.

1: Port 8080.

There’s a conflict between these two softwares. Part of Landscape (I believe the appserver part) and part of GitLab (it’s Unicorn server, which handles the Ruby-to-nginx interface both try and bind to port 8080.

2: Conflicting Web Servers on Same Web Ports

Landscape relies on Apache. GitLab relies on its own-shipped nginx. Both are set by default to listen on port 80. Landscape’s Apache config also listens on HTTPS.

These configurations, out of the box by default, have a very evil problem: both try to bind to port 80, so they don’t work together on the same server.

My solution

Firstly, some information. The nginx bundled as part of GitLab is not easily configured for additional sites. It’s not very friendly to be a ‘reverse proxy’ handler. Secondly, I am not an Apache person. Sure, you may be able to get Apache to work as the ‘reverse proxy’, but it is unwieldy for me to do that, as I’m an nginx guy.

These steps also needed to be done with Landscape turned off. (That’s as easy as running sudo lsctl stop)

1: Solve the Port 8080 conflict

Given that Landscape is something by Canonical, I chose to not mess with it. Instead, we can mess with GitLab to make it bind Unicorn to a different port.

What we have to do with GitLab is tell its Unicorn to listen on a different IP/Port combination. These two lines in the default configuration file control it (the file is located at /etc/gitlab/gitlab.rb in the Omnibus packages):

# unicorn['listen'] = '127.0.0.1'
# unicorn['port'] = 8080

These are commented out by default. The default binding is to bind to 127.0.0.1:8080. We can easily change GitLab’s configurations though, by editing the file, and uncommenting both lines. We have to uncomment both because otherwise it tries to bind to the specified port, but also *:8080 (which breaks Landscape’s services). After making those changes, we now run sudo gitlab-ctl reconfigure and it redoes its configurations and makes everything adapt to those changes we just made.

2: Solve the web server problem

As I said above, I’m an nginx guy. I also discovered revising the GitLab nginx server to do this is a painful thing, so I did an ingenious thing.

First up: Apache.

I set the Apache bindports to be something else. In this case, I revised /etc/apache2/ports.conf to be the following:

# If you just change the port or add more ports here, you will likely also
# have to change the VirtualHost statement in
# /etc/apache2/sites-enabled/000-default.conf

Listen 10080


Listen 10443


Listen 10443

# vim: syntax=apache ts=4 sw=4 sts=4 sr noet

Now, I went into the sites-enabled configuration for Landscape, and also changed the bindports accordingly – the HTTP listener on Port 80 now listens on 10080, and the SSL listener on Port 443 now listens on 10443 instead.

Second: GitLab.

This one’s easier, since we simply edit /etc/gitlab/gitlab.rb, and modify the following lines:

#nginx['listen_addresses'] = ['127.0.0.1']
#nginx['listen_port'] = 80

First, we uncomment the lines. And then, we change the 'listen_port' item to be whatever we want. I chose 20080. Then sudo gitlab-ctl reconfigure will apply those changes.

Finally, a reverse proxy server to handle everything.

Behold, we introduce a third web server: nginx, 1.8.0, from the NGINX Stable PPA.

This works by default because we already changed all the important bindhosts for services. Now the headache: we have to configure this nginx to do what we want.

Here’s a caveat: I prefer to run things behind HTTPS, with SSL. To do this, and to achieve it with multiple domains, I have a few wildcard certs. You’ll have to modify the configurations that I specify to set them up to use YOUR SSL certs. Otherwise, though, the configurations will be identical.

I prefer to use different site configuration files for each site, so we’ll do that. Also note that you will need to put in real values where I say DOMAIN.TLD and such, same for SSL certs and keys.

First, the catch-all for catching other domains NOT hosted on the server, placed in /etc/nginx/sites-available/catchall:

server {
listen 80 default_server;

server_name _;

return 406; # HTTP 406 is "Not Acceptable". 404 is "Not Found", 410 is "Gone", I chose 406.
}

Second, a snippet file with the configuration to be imported in all the later configs, with reverse proxy configurations and proxy-related settings and headers, put into /etc/nginx/snippets/proxy.settings.snippet:


proxy_redirect off;
proxy_set_header Host $host;
proxy_set_header X-Real-IP $remote_addr;
proxy_set_header X-Forwarded-For $proxy_add_x_forwarded_for;
proxy_max_temp_file_size 0;

proxy_connect_timeout 90;
proxy_send_timeout 90;
proxy_read_timeout 90;

proxy_buffer_size 4k;
proxy_buffers 4 32k;
proxy_busy_buffers_size 64k;
proxy_temp_file_write_size 64k;

Third, the reverse-proxy configuration for Landscape, which is fairly annoying and took me multiple tries to get working right, placed in /etc/nginx/sites-available/landscape_reverseproxy. Don’t forget that Landscape needs SSL for parts of it, so you can’t skip SSL here:


server {
listen 443 ssl;

server_name landscape.DOMAIN.TLD;

ssl_certificate PATH_TO_SSL_CERTIFICATE; ##### PUT REAL VALUES HERE!
ssl_certificate_key PATH_TO_SSL_CERTIFICATE_KEY; ##### PUT REAL VALUES HERE

# These are courtesy of https://cipherli.st, minus a few things.
ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off;

include /etc/nginx/snippets/proxy.settings.snippet;

location / {
proxy_pass https://127.0.0.1:10443/;
}

location /message-system {
proxy_pass https://127.0.0.1:10443/;
}
}

server {
listen 80;
server_name landscape.DOMAIN.TLD;

include /etc/nginx/snippets/proxy.settings.snippet;

location / {
return 301 https://landscape.DOMAIN.TLD$request_uri;
}

location /ping {
proxy_pass http://127.0.0.1:10080/;
}
}

Forth, the reverse-proxy configuration for GitLab, which was not as hard to make working. Remember, I put this behind SSL, so I have SSL configurations here. I’m including comments for what to put if you want to NOT have SSL:

# If you don't want to have the SSL listener, you don't need this first server block
server {
listen 80;
server_name gitlab.DOMAIN.TLD

# We just send all HTTP traffic over to HTTPS here.
return 302 https://gitlab.DOMAIN.TLD$request_uri;
}

server {
listen 443 ssl;
# If you want to have this listen on HTTP instead of HTTPS,
# uncomment the below line, and comment out the other listen line.
#listen 80;
server_name gitlab.DOMAIN.TLD;

# If you're not using HTTPS, remove from here to the line saying
# "Stop SSL Remove" below
ssl_certificate /etc/ssl/hellnet.io/hellnet.io.chained.pem;
ssl_certificate_key /etc/ssl/hellnet.io/hellnet.io.key;

ssl_ciphers "EECDH+AESGCM:EDH+AESGCM:AES256+EECDH:AES256+EDH";
ssl_protocols TLSv1 TLSv1.1 TLSv1.2;
ssl_prefer_server_ciphers on;
ssl_session_cache shared:SSL:10m;
ssl_session_tickets off; # Requires nginx >= 1.5.9
# Stop SSL Remove

include /etc/nginx/snippets/proxy.settings.snippet;

location / {
proxy_pass http://127.0.0.1:20080/;
}
}

System specifications considerations

Landscape is not light on resources. It takes about a gig of RAM to run safely, from what I’ve observed, but 2GB is more recommended.

GitLab recommends AT LEAST 2GB of RAM. It uses at least that, so you should have 3GB for this at the minimum.

Running both demands just over 3GB of RAM. You can run it on a 4GB box, but it’s better to have double that space just in case, especially if Landscape and Gitlab both get heavy use. I run it on an 8GB converted desktop, which is now a Linux server but used to be a Desktop.

Raphaël Hertzog: Freexian’s report about Debian Long Term Support, July 2015

Planet Ubuntu - Wed, 08/26/2015 - 02:14

Like each month, here comes a report about the work of paid contributors to Debian LTS.

Individual reports

In July, 79.50 work hours have been dispatched among 7 paid contributors. Their reports are available:

Evolution of the situation

August has seen a small decrease in terms of sponsored hours (71.50 hours per month) because two sponsors did not pay their renewal invoice on time. That said they reconfirmed their willingness to support us and things should be fixed after the summer. And we should be able to reach our first milestone of funding the equivalent of a half-time position, in particular since a new platinum sponsor might join the project.

DebConf 15 happened this month and Debian LTS was featured in a talk and in a work session. Have a look at the video recordings:

In terms of security updates waiting to be handled, the situation is better than last month: the dla-needed.txt file lists 20 packages awaiting an update (4 less than last month), the list of open vulnerabilities in Squeeze shows about 22 affected packages in total (11 less than last month). The new LTS frontdesk ensures regular triage of CVE reports and the difference between both counts dropped significantly. That’s good!

Thanks to our sponsors

Thanks to Sig-I/O, a new bronze sponsor, which joins our 35 other sponsors.

One comment | Liked this article? Click here. | My blog is Flattr-enabled.

Mattia Migliorini: You Might Need a Pro for These Tech Upgrades

Planet Ubuntu - Tue, 08/25/2015 - 23:27

By now, you are probably more than a little tired of hearing people tell you how easy it is to do things like build a website or add ecommerce to an existing site. But when do you need a professional?

Does It Effect the Customer Experience?

If the thing you want to do will have an adverse effect on the client experience if it goes horribly wrong, then you will want to bring in a licensed professional. The last thing you want to do is inadvertently do something that will increase customer confusion.

Avoid changing major design elements of your site just because you are bored. If you are not a designer, you may be changing something that is crucial to navigation or discoverability. It is like knocking out a wall without determining if it is a load-bearing wall. If your site enjoys high levels of customer experience, leave changes to a pro.

Does It Effect Security?

The only thing more sacrosanct than customer experience is customer security. At this point in time, it is safe to say that no company ought to be left as the sole proprietor of consumer security. At the very least, there needs to be third-party security auditing to be sure things are as secure as you think they are.

That is the type of thing that is outsourced to IT services from Firewall Technical, and other such companies. Not every company is big enough to justify having its own IT department. But if you handle customer data, you are required to perform due diligence. In some instances, that means outsourcing security matters to a professional.

Is It Going to Void Your Warranty?

There are plenty of changes you can make to your tech and web presence that are inward facing. If you have the time and skills to take o those projects, knock yourself out. But even those projects should be shifted to a professional if there is the danger of voiding your warranty if something goes awry. Even if nothing goes wrong, some upgrades will void your warranty just because you did them.

You don’t know how, watch a couple of YouTube videos, and have at it. But when it is time to upgrade those slow, unreliable, spinning hard drives to SSDs, check your nerve, and your warranty. While one may be sufficient, the other may not be.

Some people feel ashamed to call for help when it is something they should be able to do themselves. But the real shame is letting pride be the cause of your downfall when help was only a phone call away.

The post You Might Need a Pro for These Tech Upgrades appeared first on deshack.

Joel Leclerc: Idea: Non-windowing display server

Planet Ubuntu - Tue, 08/25/2015 - 22:42

For the TL;DR folk who are concerned with the title: It’s not an alternative to wayland or X11. It’s layer that wayland compositors (or other) can use.

As a quick foreward: I’m still a newbie at this field. While I try my best to avoid inaccuracies, there might be a few things I state here that are wrong, feel free to correct me!

Wayland is mainly a windowing protocol. It allows clients to draw windows (or, as the wayland documentation puts it, “surfaces”), and receive input from those surfaces. A wayland server (or “compositor”) has the task of drawing these surfaces, and providing the input to the clients. That is the specification.

However, where does a compositor draw these surfaces to? How does the compositor receive input? It has to provide many backends for various methods of drawing the composited surface. For example, the weston compositor has support for drawing the composited surface using 7 different backends (DRM, Linux Framebuffer, Headless [a fake rendering device], RDP, Raspberry Pi, Wayland, and X11). The amount of work put into making these backends work must be incredible, which is exactly where the problem relies in: it’s arguably too much work for a developer to put in if they want to make a new compositor.

That’s not the only issue though. Another big problem is that there is then no standard way to configure the display. Say you wanted a wayland compositor to change the video resolution to 800×600. The only way to do that is to use a compositor-specific extension to the protocol, since the protocol, AFAIK, has no method for changing the video resolution — and rightfully so. Wayland is a windowing protocol, not a display protocol.

My idea is to create a display server that doesn’t handle windowing. It handles display-related things, such as drawing pixels on the screen, changing video mode, etc… Wayland compositors and other programs that require direct access to the screen could then use this server and trust that the server will take care of everything display-related for them.

I believe that this would enable for much simpler code, and add a good deal more power and flexibility.

To give a more graphic description (forgive my horrible diagraming skills):

Current Stack:

Proposed Stack:

 

I didn’t talk about the input server, but it’s the same idea as the display server: Have a server dedicated to providing input. Of course, if the display server uses something like SDL as the backend, it may have to also provide the input server, due to the SDL library, AFAIK, doesn’t allow a program to access the input of another program.

This is an idea I have toyed around with for some time now (ever since I tried writing my own wayland compositor, in fact! XD), so I’m curious as to what people think of it. I would be more than happy to work with others to implement this.


Aaron Honeycutt: My contributions to KDE and Kubuntu since Akademy

Planet Ubuntu - Tue, 08/25/2015 - 16:39
Packaging

During Akademy I had the great advantage of being in the same room of our (Kubuntu) top packagers (Riddell and Scarlett). Who have helped me learn to package and make patches for errors in the CI/QA machine. Since then I’ve also had the help of Philip (yofel) and Clive (clivejo) in the #kubuntu-devel IRC room as well. I’ve packaged digikam and recently kdenlive ( both need testing in my ppa ) as well as getting a new Kubuntu Setting package out there too (ppa) which overlays the slideshow in Muon Discover to highlight some top KDE applications.

Artwork

I also worked with Andrew from the VDG on a Breeze High Contrast color scheme which made it in for Plasma 5.4 before the freeze!

  • commit: https://quickgit.kde.org/?p=breeze.git&a=commit&h=3ebb6ed33fb6522b0f5ca855a9fbd2b79c165e65

 

I can’t thank the Ubuntu Community enough for funding my trip to Akademy this year! THANK YOU!

Ubuntu Kernel Team: Kernel Team Meeting Minutes – August 25, 2015

Planet Ubuntu - Tue, 08/25/2015 - 12:53
Meeting Minutes

IRC Log of the meeting.

Meeting minutes.

Agenda

20150825 Meeting Agenda


Release Metrics and Incoming Bugs

Release metrics and incoming bug data can be reviewed at the following link:

  • http://kernel.ubuntu.com/reports/kt-meeting.txt


Status: CVE’s

The current CVE status can be reviewed at the following link:

  • http://kernel.ubuntu.com/reports/kernel-cves.html


Status: Wily Development Kernel

We have rebased our Wily master-next branch to the latest upstream
v4.2-rc8 and uploaded to our ~canonical-kernel-team PPA. The fglrx DKMS
package is still failing to build with this latest kernel. We are
actively investigating to get this resolved.
—–
Important upcoming dates:

  • https://wiki.ubuntu.com/WilyWerewolf/ReleaseSchedule
    Thurs Aug 27 – Beta 1 (~2 days away)
    Thurs Sep 24 – Final Beta (~4 weeks away)
    Thurs Oct 8 – Kernel Freeze (~6 weeks away)
    Thurs Oct 15 – Final Freeze (~7 weeks away)
    Thurs Oct 22 – 15.10 Release (~8 weeks away)


Status: Stable, Security, and Bugfix Kernel Updates – Precise/Trusty/Utopic/Vivid

Status for the main kernels, until today:

  • Precise – Verification & Testing
  • Trusty – Verification & Testing
  • lts-Utopic – Verification & Testing
  • Vivid – Verification & Testing

    Current opened tracking bugs details:

  • http://kernel.ubuntu.com/sru/kernel-sru-workflow.html
    For SRUs, SRU report is a good source of information:
  • http://kernel.ubuntu.com/sru/sru-report.html

    Schedule:

    cycle: 16-Aug through 05-Sep
    ====================================================================
    14-Aug Last day for kernel commits for this cycle
    15-Aug – 22-Aug Kernel prep week.
    23-Aug – 29-Aug Bug verification & Regression testing.
    30-Aug – 05-Sep Regression testing & Release to -updates.


Open Discussion or Questions? Raise your hand to be recognized

No open discussion.

Sujeevan Vijayakumaran: Visiting FrOSCon …

Planet Ubuntu - Tue, 08/25/2015 - 11:50

Last weekend, on the 22nd and 23rd August, the FrOSCon took place in St. Augustin (next to Bonn) in Germany. It is one of the bigger Open Source Conferences and my first visit. Short summary: It was great! There were many talks, too bad there were many on talks on the same time, but luckily all talks were recorded.

Personally I gave to talks: about Snappy Ubuntu Core and about Ubuntu Phone. You can watch both talks here and here, both talks are in German. Both talks had many attendees. (Here is a small photo!)

On Saturday I didn't visit more talks - on the evening, after the talks, there was a free barbecue for everybody! Also, the entrance to the conference was completely free in this year, which I strongly support.

On Sunday I went to the Talk of Benjamin Mako Hill about „Access Without Empowerment“, which was the only English talk which I visited. I also visited a few more talks, if you are interested to watch the other talks, you can have a look here.

The rest of the time was I mostly talking to people at the Ubuntu Booth, mostly showing and presenting my Ubuntu Phones. Besides that we had a small Taskwarrior-Meetup with Dirk Deimeke, Wim Schürmann and Lynoure Braakman which was quite funny and interesting ;).

I really like to visit different Open Source Conferences, mostly to learn new stuff and talk to old and new friends. This time I've met many „old“ friends and also met new guys. Surprisingly, I had the chance to meet and talk to Niklas Wenzel from the Ubuntu-Community, who is involved in the development of different apps and features of Ubuntu Phone (and he's way younger than I would have expected) and also Christian Dywan from Canonical.

I'm really looking forward to the next conferences, which will be Ubucon in Berlin and OpenRheinRuhr in Oberhausen later this year!

Lubuntu Blog: Lubuntu 15.10 beta 1

Planet Ubuntu - Tue, 08/25/2015 - 10:07
Beta 1 is now available for testing, please help test it. New to testing? Head over to the wiki for all the information and background you need, along with contact points.


Also, there's a new Facebook group named LubuntuQA for testing new Lubuntu ISOs, as well as bug triage. You can find it here.

And at last, but not least, a new ISO made by Julien Lavergne with the LXQt desktop integrated, just for testing Lubuntu Next evolution, is available here.

The Fridge: Ubuntu Weekly Newsletter Issue 431

Planet Ubuntu - Mon, 08/24/2015 - 17:53

Welcome to the Ubuntu Weekly Newsletter. This is issue #431 for the week August 17 – 23, 2015, and the full version is available here.

In this issue we cover:

The issue of The Ubuntu Weekly Newsletter is brought to you by:

  • Paul White
  • Elizabeth K. Joseph
  • Chris Guiver
  • Jim Connett
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, content in this issue is licensed under a Creative Commons Attribution 3.0 License BY SA Creative Commons License

Ubuntu Weekly Newsletter Issue 431

The Fridge - Mon, 08/24/2015 - 17:53

Welcome to the Ubuntu Weekly Newsletter. This is issue #431 for the week August 17 – 23, 2015, and the full version is available here.

In this issue we cover:

The issue of The Ubuntu Weekly Newsletter is brought to you by:

  • Paul White
  • Elizabeth K. Joseph
  • Chris Guiver
  • Jim Connett
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, content in this issue is licensed under a Creative Commons Attribution 3.0 License BY SA Creative Commons License

Luis de Bethencourt: Notes from the GStreamer Summer Hackfest 2015

Planet Ubuntu - Mon, 08/24/2015 - 09:03


A week ago a dozen cool guys, who happen to be GStreamer developers, met at Montpellier for the GStreamer Summer Hackfest 2015. We got together to work for 3 days, over the weekend, without a fixed agenda. The hacking venue coworkin' Montpellier was provided by Edward Hervey (bilboed) and most meals were provided by GStreamer.

With the opportunity to work in the same room and enjoy the lovely city of Montpellier, developers speed up the patch reviews and fixes by being able to easily discuss them with colleagues through the high-bandwith low-latency face-to-face protocol. They also took the chance to discuss major features and try to settle on problems that have been waiting for design decisions for a long time in the community. This is a non-exhaustive list of work done in the event:

  • Performance improvement for Caps negotiations: Caps negotiation is part of the GStreamer applications startup and was vastly optimized. Initial tests show it is taking 49.6% less time to happen.


  • nvenc element: A new nvenc element for recent NVIDIA GPU's was made released. It currently implements h264.


  • 1.6 release: At the hackfest a few blocker issues were revisited to get the project ready for releasing version 1.6. This will be a stable release. The release candidate just took place right after the hackfest, the 1.5.90 version.


  • decodebin3 design proposal/discussion: A new version of the playback stack was proposed and discussed. It should maintain the same features of the current version but cover use cases needed by targets with restricted resources, such as embedded devices (TV, mobile, for example), and providing a stream selection API for applications to use. This is a very important feature for Tizen to support more hardware-enabled scenarios in its devices.


  • Moving to Phabricator: The community started experimenting with the recently created Phabricator instance for GSteamer's bug and code tracking. Tweaking of settings and scripts, before a full transition from Bugzilla can be made.


  • Improvements on GtkGLSink: The sink had flickering and scaling noise among some other problems. Most are now fixed.


  • libav decoders direct rendering: Direct rendering allows decoders to write their output directly on screen, increasing performance by reducing the number of memory copies done. The libav video decoders had their direct rendering redone for the new libav API as is now enabled again.


  • Others: improvements to RTP payloaders and depayloadres of different formats, discussions about how to provide more documentation, bug fixes and more.
    Without any major core design decision pending, this hackfest allowed the attendees to work on different areas they wanted to focus on and it was very productive in many fronts. With the GStreamer Conference being around the corner, people in the organizing committee discussed which talks should be accepted and other organizational details.


A huge gratitude note to our host, Edward Hervey (shown below). The venue was very comfortable, the fridge always stocked and the city a lot of fun!


Lively discussion about GST Streams and decodebin3

If you missed the notes from the previous Hackfest. Read them here

Canonical Design Team: Publishing Vanilla

Planet Ubuntu - Mon, 08/24/2015 - 06:35

We’ve got a new CSS framework at Canonical, named Vanilla. My colleague Ant has a great write-up introducing Vanilla. Essentially it’s a CSS microframework powered by Sass. The build process consists of two steps, an open source build, and a private build.

Open Source Build

While there are inevitably componants that need to be kept private (keys, tokens, etc.) being Canonical, we want to keep much of the build in the open, in addition to the code. We wanted the build to be as automated and close to CI/CD principles as possible. Here’s what happens:

Committing to our github repository kicks off a travis build that runs gulp tests, which include sass-lint. And we also use david-dm.org to make sure our npm dependencies are up to date. All of these have nice badges we can link to right from our github page, so the first thing people see is the heath of our project. I really like this, it keeps us honest, and informs the community.

Not everything can be done with travis, however, as publishing Vanilla to npm, updating our project page and demo site require some private credentials. For the confidential build, we use Jenkins. (formally Hudson, a java-based build management system.).

Private Build with Jenkins

Our Jenkins build does a few things:

  1. Increment the package.json version number
  2. npm publish (package)
  3. Build Sass with npm install
  4. Upload css to our assets server
  5. Update Sassdoc
  6. Update demo site with new CSS

Robin put this functionality together in a neat bash script: publish.sh.

We use this script in a Jenkins build that we kick off with a few parameters, point, minor and major to indicate the version to be updated in package.json. This allows our devs push-button releases on the fly, with the same build, from bugfixes all the way up to stable releases (1.0.0)

After less than 30 seconds, our demo site, which showcases framework elements and their usage, is updated. This demo is styled with the latest version of Vanilla, and also serves as documentation and a test of the CSS. We take advantage of github’s html publishing feature, Github Pages. Anyone can grab – or even hotlink – the files on our release page.

The Future

It’d be nice for the regression test (which we currently just eyeball) to be automated, perhaps with a visual diff tool such as PhantomCSS or a bespoke solution with Selenium.

Wrap-up

Vanilla is ready to hack on, go get it here and tell us what you think! (And yes, you can get it in colours other than Ubuntu Orange)

Nathan Haines: Ubuntu Free Culture Showcase submissions are now open!

Planet Ubuntu - Sun, 08/23/2015 - 20:40
Ubuntu 15.10 is coming up soon, and what better way to celebrate a new release with beautiful new content to go with the release? The Ubuntu Free Culture Showcase is a way to celebrate the Free Culture movement, where talented artists across the globe create media and release it under licenses that encourage sharing and adaptation. We're looking for content which shows off the skill and talent of these amazing artists and will great Ubuntu 15.10 users. We announced the showcase last week, and now we are accepting submissions at the following groups: For more information, please visit the Ubuntu Free Culture Showcase page on the Ubuntu wiki.

Nathan Haines: Making Hulu videos play in Ubuntu

Planet Ubuntu - Sun, 08/23/2015 - 19:13

A couple of weeks ago, Hulu made some changes to their video playback system to incorporate Adobe Flash DRM technology. Unfortunately, this meant that Hulu no longer functioned on Ubuntu because Adobe stopped supporting Flash on Linux several year ago, and therefore Adobe’s DRM requires HAL which was likewise obsoleted about 4 years ago and was dropped from Ubuntu in 13.10. The net result is that Hulu no longer functions on Ubuntu.

While Hulu began detecting Linux systems and displaying a link to Adobe’s support page when playback failed, and the Adobe site correctly identifies the lack of HAL support as the problem, the instructions given no longer function because HAL is no longer provided by Ubuntu.

Fortunately, Michael Blennerhassett has maintained a Personal Package Archive which rebuilds HAL so that it can be installed on Ubuntu. Adding this PPA and then installing the “hal” package will allow you to play Hulu content once again.

To do this, first open a Terminal window by searching for it in the Dash or by pressing Ctrl+Alt+T.

Next, type the following command at the command line and press Enter:

sudo add-apt-repository ppa:mjblenner/ppa-hal

You will be prompted for your password and then you will see a message from the PPA maintainer. Press Enter, and the PPA will be added to Ubuntu’s list of software sources. Next, have Ubuntu refresh its list of available software, which will now include this PPA, by typing the following and pressing Enter:

sudo apt update

Once this update finishes, you can then install HAL support on your computer by searching for “hal” in the Ubuntu Software Center and installing the “Hardware Abstraction Layer” software, or by typing the following command and pressing Enter:

sudo apt install hal

and confirming the installation when prompted by pressing Enter.

I explain more about how to install software on the command line in Chapter 5 and how to use PPAs in Chapter 6 of my upcoming book, Beginning Ubuntu for Windows and Mac Users, coming this October from Apress. This book was designed to help Windows and Mac users quickly and easily become productive on Ubuntu so they can get work done immediately, while providing a foundation for further learning and exploring once they are comfortable.

John Baer: Never buy internet viagra

Planet Ubuntu - Sun, 08/23/2015 - 06:00

Viagra is a very specialized drug, and it use should not be taken lightly. Not taking Viagra in a responsible way can seriously damage your health, especially if you have problems such as a heart condition, or suffer from high blood pressure. The problem with Viagra is that it is now being sold under many different names on the Internet. This is called generic medication and is often produced in places like India or China. Is it safe? No, it isn’t always safe. Maria who works for London escorts, says that her father bought some. He was about embarrassed about his medical condition, and did not want to speak to his doctor. But like so many London escorts know, this is not a drug to be played around with at all.

Maria has worked for charlotte action escorts services for about two years. During that time she has always known that her father has suffered from a heart condition. The condition reduces his circulation quite severely, and makes it difficult for him to maintain a good erection. Most London escorts know that this can happen to men who have circulatory problems, and Viagra is one of the many solutions available. But, you should never take any drug without having spoken to your doctor first.

Maria’s dad took Viagra which he had bought of the Internet and ended up having a heart attack. She says it is complicated, but the Viagra contraindicated with the medication that he was already on. That means that it caused a problem and the two drugs mixed together caused her father to have a heart attack. Maria had to take two weeks off from London escorts services, and go to look after her mom whilst her dad was in hospital. It was a worrying time for my mom, she says, so I simply had to take time off from London escorts. It was the only way to cope.

In the end, Maria’s dad recovered and Maria was able to return to her job at London escorts services. It was scary, she says, and taught be a valuable lesson. You should never take drugs without knowing what they can do, and I am sure that many London escorts appreciate that Viagra should not be played around with just like other medications. The fact is, says Maria, my father could have died. Of course, my mom and I would both have been devastated.

The Internet is full of sexual performance enhancing drugs and you should at all times be careful.

There are some safe alternatives out there such as the amino acids, and herbal alternatives. However, London escorts would like you all to know that the herb Ginseng can be dangerous as well. It can “knock out” some heart medications and raise your blood pressure. This is another online sexual enhancement drug which London escorts warn you to stay away from at all times. If, you do have a concern about your performance, it is always best to see your local GP.

Nekhelesh Ramananthan: Clock App Update: August 2015

Planet Ubuntu - Fri, 08/21/2015 - 15:39

We have been working on a new clock app update with lots of goodies :-) I thought I would summarize the release briefly. Huge props to Bartosz Kosiorek for helping out with this release and coordinating with the canonical designers for the stopwatch & timer designs.

General Improvements

We focused on many parts of the clock app for this release ranging from the world-clock feature, to the alarms and stopwatch.

  • Transitioned to the new 15.04 SDK ListItems which effectively results in a lot of custom code being removed and maintaining consistency with other apps. LP: #1426550
  • User added world cities previously were not translated if the user changed the phone language. This has been fixed. LP: #1477492
  • New navigation structure due to the introduction of Stopwatch
  • Replaced a few hard coded icons with system icons. LP: #1476580
  • Fixed not being able to add world cities with apostrophe in their names (database limitation). LP: #1473074
Stopwatch

This along with Timer is the single most requested feature since the clock app reboot. And I am thrilled to see it finally land in this update. It sports a couple of usability tweaks like prevent screen-dim while stopwatch is running and keep the stopwatch running in the background regardless of if the clock app is closed or the phone is switched off. The UI is clean and simple. Expect some more changes to this in the future. We reused a lot of code from Michael Zanetti's Stopwatch App.

Alarms

In this area, we have fixed a good number of small bugs that overall improve the alarms experience. The highlight of course is the support for custom alarm sounds. Yes! You can now import music using content hub and set that as your alarm sound to wake you in the morning.

Other bugs fixed include,

  • Changed default alarm sound to something a bit more strong. LP: #1354370
  • Fixed confirmation behaviour being confusing in the alarm page header. LP: #1408015
  • Made the alarm times shown in the alarm page more bigger and bolder. LP: #1365428
  • Adding/Deleting alarms will move the alarm list items up/down using a nice smooth animation
  • Alternate between alarm frequency and alarm ETA every 5 seconds using a fade animation. LP: #1466000
  • Fixed alarm time being incorrectly set if it the current time is a multiple of 5. LP: #1484926

This pretty much sums up the upcoming release. We will wait a few days to ensure it is fully translated and then tested by QA before releasing the update next week.

Pages

Subscribe to Ubuntu Arizona LoCo Team aggregator