Feed aggregator

Kees Cook: evolution of seccomp

Planet Ubuntu - Wed, 11/11/2015 - 11:01

I’m excited to see other people thinking about userspace-to-kernel attack surface reduction ideas. Theo de Raadt recently published slides describing Pledge. This uses the same ideas that seccomp implements, but with less granularity. While seccomp works at the individual syscall level and in addition to killing processes, it allows for signaling, tracing, and errno spoofing. As de Raadt mentions, Pledge could be implemented with seccomp very easily: libseccomp would just categorize syscalls.

I don’t really understand the presentation’s mention of “Optional Security”, though. Pledge, like seccomp, is an opt-in feature. Nothing in the kernel refuses to run “unpledged” programs. I assume his point was that when it gets ubiquitously built into programs (like stack protector), it’s effectively not optional (which is alluded to later as “comprehensive applicability ~= mandatory mitigation”). Regardless, this sensible (though optional) design gets me back to his slide on seccomp, which seems to have a number of misunderstandings:

  • A Turing complete eBPF program watches your program Strictly speaking, seccomp is implemented using a subset of BPF, not eBPF. And since BFP (and eBPF) programs are guaranteed to halt, it makes seccomp filters not Turing complete.
  • Who watches the watcher? I don’t even understand this. It’s in the kernel. The kernel watches your program. Just like always. If this is a question of BPF program verification, there is literally a program verifier that checks various properties of the BPF program.
  • seccomp program is stored elsewhere This, with the next statement, is just totally misunderstood. Programs using seccomp define their program in their own code. It’s used the same way as the Pledge examples are shown doing.
  • Easy to get desyncronized either program is updated As above, this just isn’t the case. The only place where this might be true is when using seccomp on programs that were not written natively with seccomp. In that case, yes, desync is possible. But that’s one of the advantages of seccomp’s design: a program launcher (like minijail or systemd) can declare a seccomp filter for a program that hasn’t yet been ported to use one natively.
  • eBPF watcher has no real idea what the program under observation is doing… I don’t understand this statement. I don’t see how Pledge would “have a real idea” either: they’re both doing filtering. If we get AI out of our syscall filters, we’re in serious trouble. :)

OpenBSD has some interesting advantages in the syscall filtering department, especially around sockets. Right now, it’s hard for Linux syscall filtering to understand why a given socket is being used. Something like SOCK_DNS seems like it could be quite handy.

Another nice feature of Pledge is the path whitelist feature. As it’s still under development, I hope they expand this to include more things than just paths. Argument inspection is a weak point for seccomp, but under Linux, most of the arguments are ultimately exposed to the LSM layer. Last year I experimented with creating a “seccomp LSM” for path matching where programs could declare whitelists, similar to standard LSMs.

So, yes, Linux “could match this API on seccomp”. It’d just take some extensions to libseccomp to implement pledge(), as I described at the top. With OpenBSD doing a bunch of analysis work on common programs, it’d be excellent to see this usable on Linux too. So far on Linux, only a few programs (e.g. Chrome, vsftpd) have bothered to do this using seccomp, and it could be argued that this is ultimately due to how fine grained it is.

© 2015, Kees Cook. This work is licensed under a Creative Commons Attribution-ShareAlike 3.0 License.

Colin King: Firmware Test Suite in active development

Planet Ubuntu - Wed, 11/11/2015 - 06:01
Another month passes and another release of the Firmware Test Suite is being prepared.  The tool has been growing in functionality (and size!) over time, so I thought I would look at some statistics to see any trends.

There has been a steady growth of the number of authors sending patches to the Firmware Test Suite.  Community contributions to a project is a sign that we have buy-in from different parties, so I'm pleased to see contributions from Intel, Linaro and Redhat.   Patches are always welcome, send them to fwts-devel@ubuntu.com for review and inclusion into the project.

The number of commits is one metric to see if the project is growing healthily. We're adding about 35 patches a month, about 3/4 of which is added functionality, the rest are fixes and general code maintenance.

One more meaningless but interesting metric is code size. I used sloccount to count the lines of C in the project.  We're seeing ~2200 lines of code being added per month, mainly through added test functionality.
Kudos to the Canonical Hardware Enablement firmware folk for wrangling the patches and preparing each FWTS release.

Kubuntu Wire: KDE Plasma 5.4.3 is now available for Kubuntu Wily (15.10)

Planet Ubuntu - Tue, 11/10/2015 - 19:04

Packages for the release of KDE’s Plasma 5.4.3, bugfix Release for November, are available for Kubuntu 15.10. You can get them from the Kubuntu Backports PPA.

Please report any bugs you find. Bugs in the packaging should be reported on Launchpad. Bugs in the software should be reported to KDE. Or ping sgclark in #kubuntu-devel.

To update, follow the Software Repository Guide to add the following repository to your software sources list:


Special thanks to sgclark for packaging this update and to testers who hang out on the #kubuntu-devel IRC channel.


Scarlett Clark: Kubuntu: KDE 5.4.3 Bugfix release Available now for Wily in Kubuntu Backports.

Planet Ubuntu - Tue, 11/10/2015 - 17:32

Plasma5.4.3 Bugfix release.

KDE Upstream link to changelog:
Plasma 5.4.3

To install add ppa:kubuntu-ppa/backports by folling the instructions found here:
Adding and using repositories in Kubuntu

If you find any issues please hunt me down in the usual places.
Vivid backports will be done in the next day or two.

If you find any of my work useful, please consider a donation or become a patreon!
I can no longer sustain working without an income. If this works I can continue all of my
(K)ubuntu and KDE contributions ( a full time job in its current state + much overtime!)
Patreon for Scarlett Clark (me)

Svetlana Belkin: New Project: Writing Interactive Fiction

Planet Ubuntu - Tue, 11/10/2015 - 16:56

Over the last six(6) – eight(8) years, I tired to write fiction that could be published.  It’s an off and on thing but it’s something that I want to do.  But today, I had another thought: why not instead of having it just on paper or in e-book format, but why not have it interactive, like a choose your own?  Two reasons why I (now) what to do this: 1) have reason to code in Python and 2) allow users to choose their own paths and interact with the environment of that story.  I know that the text-based games such as Armageddon MUD (the one that I play) or what’s code-based is based off of, DikuMUD.  Before I want to dig deep in coding, I have a question (since I don’t know any):

Does anyone know of a #Python library for interactive fiction that supports DIKU Mud like commands (put, open, look, ect)?

— Svetlana Belkin (@senseopenness) November 10, 2015

Thank you.

Didier Roche: Netbeans and Rust support in Ubuntu Make 15.11

Planet Ubuntu - Tue, 11/10/2015 - 09:00

After some releases bringing updates, bug fixes, refactoring, tests improvements and more minor features and automations, here is time again for a noticeable feature release!

Thanks to Fabio Colella, we now have NetBeans support in Ubuntu Make! Installing it is just a umake ide netbeans away and just relax while Ubuntu Make is doing the hard work so that you can enjoy this IDE.

Another new feature is the Rust support by Jared Ravetch. umake rust will do all the necessary steps so that you get a good rust developing experience on your favorite ubuntu distro!

Eldar Khayrullin (welcome to him for his first contribution!) updated the Unity 3D game engine support to point to the latest beta released version and Sebastian Schuberth fixed an android NDK environment variable to use a more widespread one.

Other noticeable changes, following upstream webstorm IDE, are update to get their latest available icons (thanks to our test granularity level, we were able to detect this small change!), fixes for the version option, global -r working as the new global --remove, some fixes for zsh users, and as well a bunch of new translations thanks to our awesome translator community (new languages: fa, pt_BR and updated de, en_AU, en_CA, en_GB, eu, hr, it, pl, ru, te, zh_CN, zh_HK). There is of course more refactoring and other tests changes. Full glory details are available here.

As usual, all of those modifications and new features are backed up via a number of small, medium and large tests! We are currently running about 850 tests in our jenkins infrastructure (running all the tests). All commits and pull requests are tested for pep8 and small tests using Travis CI and the health status is of course reported in the README.md file.

As usual, you can get this latest version direcly through its ppa for the 14.04 LTS, 15.05 and 15.10 ubuntu releases. Xenial version is available directly in the xenial ubuntu archive. Thanks again to all our awesome contributors community! A lot more is still in the pipe, but that will be for next release!

Our issue tracker is full of ideas and opportunities, and pull requests remain opened for any issues or suggestions! If you want to be the next featured contributor and want to give an hand, you can refer to this post with useful links!

Daniel Pocock: Aggregating tasks from multiple issue trackers

Planet Ubuntu - Tue, 11/10/2015 - 05:37

After my experiments with the iCalendar format at the beginning of 2015, including Bugzilla feeds from Fedora and reSIProcate, aggregating tasks from the Debian Maintainer Dashboard, Github issue lists and even unresolved Nagios alerts, I decided this was fertile ground for a GSoC student.

In my initial experiments, I tried using the Mozilla Lightning plugin (Iceowl-extension on Debian/Ubuntu) and GNOME Evolution's task manager. Setting up the different feeds in these clients is not hard, but they have some rough edges. For example, Mozilla Lightning doesn't tell you if a feed is not responding, this can be troublesome if the Nagios server goes down, no alerts are visible, so you assume all is fine.

To take things further, Iain Learmonth and I proposed a GSoC project for a student to experiment with the concept. Harsh Daftary from Mumbai, India was selected to work on it. Over the summer, he developed a web application to pull together issue, task and calendar feeds from different sources and render them as a single web page.

Harsh presented his work at DebConf15 in Heidelberg, Germany, the video is available here. The source code is in a Github repository. The code is currently running as a service at horizon.debian.net although it is not specific to Debian and is probably helpful for any developer who works with more than one issue tracker.

Your browser does not support the <video> tag.

Ronnie Tucker: First Beta of antiX MX 15 Linux Distro Is Based on Debian 8.2, Still Uses SysVinit

Planet Ubuntu - Tue, 11/10/2015 - 03:16

On November 8, the antiX development team announced the immediate availability for download and testing of the first Beta build of the upcoming antiX MX 15 GNU/Linux distribution.

Based on the latest Debian GNU/Linux 8.2 (Jessie) operating system and dubbed Fusion, antiX MX 15 Beta 1 is powered by Liquorix Linux 4.2 kernel for the 64-bit edition, as well as two stable Linux 3.16 kernels from Debian on the 32-bit flavor.

The distribution is built around the lightweight Xfce 4.12 desktop environment and features up-to-date software, such as Mozilla Firefox 42.0, Mozilla Thunderbird 38.3, LibreOffice, VLC Media Player 2.2.1, and Clementine 1.2.3.

Additionally, the antiX developers managed to add initial support for UEFI (Unified Extensible Firmware Interface) systems (only for the 64-bit edition), as well as to implement the MX-Tools package, which lets users install codecs, manage user accounts, and much more.

Source: http://news.softpedia.com/news/first-beta-of-antix-mx-15-linux-distro-is-based-on-debian-8-2-still-uses-sysvinit-495876.shtml
Submitted by: Arnfried Walbrecht

Ronnie Tucker: Chakra GNU/Linux 2015.11 Officially Released with KDE Plasma 5, Linux Kernel 4.1 LTS

Planet Ubuntu - Tue, 11/10/2015 - 03:05

On November 8, Neofytos Kolokotronis from the Chakra project had the great pleasure of informing us of the release and immediate availability for download of the Chakra GNU/Linux 2015.11 computer operating system.

Being a rolling release OS, Chakra GNU/Linux 2015.11 is only an installation media that contains all the updated software packages that had been released on the official software repositories of the distribution since the previous ISO image.

Probably the most important new feature of Chakra GNU/Linux 2015.11 is the addition of the KDE Plasma 5 as the default desktop environment, replacing the old KDE 4 Plasma Workspaces interface that has been used until today.

Source: http://news.softpedia.com/news/chakra-gnu-linux-2015-11-officially-released-with-kde-plasma-5-linux-kernel-4-1-lts-495879.shtml
Submitted by: Arnfried Walbrecht

The Fridge: Ubuntu Weekly Newsletter Issue 441

Planet Ubuntu - Mon, 11/09/2015 - 17:46

Welcome to the Ubuntu Weekly Newsletter. This is issue #441 for the week November 2 – 8, 2015, and the full version is available here.

In this issue we cover:

The issue of The Ubuntu Weekly Newsletter is brought to you by:

  • Elizabeth K. Joseph
  • Daniel Beck
  • Paul White
  • Jose Antonio Rey
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, content in this issue is licensed under a Creative Commons Attribution 3.0 License BY SA Creative Commons License

Ubuntu Weekly Newsletter Issue 441

The Fridge - Mon, 11/09/2015 - 17:46

Welcome to the Ubuntu Weekly Newsletter. This is issue #441 for the week November 2 – 8, 2015, and the full version is available here.

In this issue we cover:

The issue of The Ubuntu Weekly Newsletter is brought to you by:

  • Elizabeth K. Joseph
  • Daniel Beck
  • Paul White
  • Jose Antonio Rey
  • And many others

If you have a story idea for the Weekly Newsletter, join the Ubuntu News Team mailing list and submit it. Ideas can also be added to the wiki!

Except where otherwise noted, content in this issue is licensed under a Creative Commons Attribution 3.0 License BY SA Creative Commons License

Jos&eacute; Antonio Rey: Let’s Code-In!

Planet Ubuntu - Mon, 11/09/2015 - 13:11

A while ago I got an email saying that organization registration is now open for the Google Code-In contest. For those of you who don’t know what it is, it consists on a list of tasks provided by different open source organizations, from which high school students can pick any and help the organization. The students whose work outstands, they will be taken to the Googleplex for a tour and some more neat stuff. Why am I telling you all of this, you ask? Because I would like Ubuntu to be a part of the contest this year!

In order to participate as an organization, we need to register by Wednesday (already tomorrow in some parts of the world!) and make sure we can provide between 150 and 500 tasks. However, I can not do this on my own. We need a team of people willing to provide tasks for the students.

Now, think of it this way. We are going to be able to harvest new contributors, help them get involved with open source, and build a new generation of Ubuntu contributors, even Ubuntu Members.

If your team or project inside Ubuntu could use a hand, please do not hesitate on contacting me for more information on how to become a mentor. Or even better, if you want to help organize things for GCI, drop me a line! My email address is jose ubuntu com, or you can find me as jose on freenode. Ah, and if you want to take a look at the discussion we’ve been having, you can check the ubuntu-community-team mailing list thread. Oh, and if you have any questions at all, I’ll be more than happy to answer those too :)

I definitely hope to count with you all in this upcoming project, and that we get accepted as an organization. Can’t see anything but great things coming from the project!

Launchpad News: Launchpad news, October 2015

Planet Ubuntu - Mon, 11/09/2015 - 12:04

Here’s what the Launchpad team did in October.

  • Ensure that enabled and restricted processors are left untouched when submitting Archive:+edit (#1501519)
  • Describe merge proposal listings in the second person (#991945)
  • Increase Git backend communication timeout to 30 seconds (from 5), as detecting merges can be quite slow on large repositories (#1502748)
  • Link directly to the recipe/snap in the one-recipe/snap case, rather than redirecting from +recipes/+snaps views (#891918)
  • Add GitRepository:+subscription traversal (#1503749)
  • Send notification mail when a merge proposal is superseded (#716169)
  • Add Branch:+dependent-merges and GitRef:+dependent-merges views (#496056)
  • Parse extended header lines in git diffs correctly (#1510337)

Additionally, we’ve added webhook support for merge proposals, made a few more UI improvements, and enabled webhooks for beta testers.  Feedback welcome!

Snap packages
  • Allow snap package owners to enable/disable unrestricted processors (matches the change made for PPAs last month)
Soyuz (package building)
  • Launchpad now accepts uploads of binary packages from builders with file modification times up to 24 hours in the future (rather than 8) or as early as 1975 (rather than 1984), to match Debian
  • Notifications are no longer generated for package copy jobs that in fact end up being no-ops

Also, as previously announced, we and our sysadmins have been putting a lot of work into extending ScalingStack to other architectures and making it more reliable, and as a result we can now offer general access to PPAs for the ppc64el architecture.

Launchpad News: Beta test: webhooks

Planet Ubuntu - Mon, 11/09/2015 - 08:41

If you are a member of Launchpad’s beta testers team, you can now try out webhooks for Bazaar branches and Git repositories. These can be used to set up integration with external sites for various purposes, such as running CI jobs or publishing documentation. We expect to open this up to all Launchpad users soon, but in the meantime please do file a bug against Launchpad itself if you encounter any problems.

See our webhooks documentation for more details.

Jonathan Riddell: Muon in Need of a Maintainer

Planet Ubuntu - Mon, 11/09/2015 - 05:04

Muon, the Apt package installer UI is in need of a maintainer.  It has been split out from Discover and Updater which are application focused and to some extent work with multiple backends.  Muon is package focused and covers the surprisingly important use case of technical users who care about libraries and package versions but don’t want to use a command line.  It’ll probably move to unmaintained unless anyone wants to keep an eye on it so speak up now if you want to help out.


Ubuntu Studio: Want to help making Ubuntu Studio a great OS for creative humans?

Planet Ubuntu - Mon, 11/09/2015 - 04:17
Most of the work we do does not require any special skills, so more or less anyone can contribute! To start contributing right away, simply read ubuntustudio.org/contribute and follow instructions. If you’d like to get up to speed on what is happening right now, please read on. In order to survive as a volunteer project, […]

Eric Hammond: Creating An Amazon API Gateway With aws-cli For Domain Redirect

Planet Ubuntu - Mon, 11/09/2015 - 03:10

Ten commands to launch a minimal, functioning API Gateway

As of this publication date, the Amazon API Gateway is pretty new and the aws-cli interface for it is even newer. The documentation at the moment is a bit rough, but this article outlines steps to create a functioning API Gateway with the aws-cli. Hopefully, this can help others who are trying to get it to work.


I regularly have a need to redirect browsers from one domain to another, whether it’s a vanity domain, legacy domain, “www” to base domain, misspelling, or other reasons.

I usually do this with an S3 bucket in website mode with a CloudFront distribution in front to support https. This works, performs well, and costs next to nothing.

Now that the Amazon API Gateway has aws-cli support, I was looking for simple projects to test out so I worked to reproduce the domain redirect. I found I can create an API Gateway that will redirect a hostname to a target URL, without any back end for the API (not even a Lambda function).

I’m not saying the API Gateway method is better than using S3 plus CloudFront for simple hostname redirection. In fact, it costs more (though still cheap), takes more commands to set up, and isn’t quite as flexible in what URL paths get redirected from the source domain. It does, however, work and may be useful as an API Gateway aws-cli example.


The following steps assume that you already own and have set up the source domain (to be redirected). Specifically:

  • You have already created a Route53 Hosted Zone for the source domain in your AWS account.

  • You have the source domain SSL key, certificate, chain certificate in local files.

Now here are the steps for setting up the domain to redirect to another URL using the aws-cli to create an API Gateway.

1. Create an Amazon API Gateway with aws-cli

Set up the parameters for your redirection. Adjust values to suit:

base_domain=erichammond.xyz # Replace with your domain target_url=https://twitter.com/esh # Replace with your URL api_name=$base_domain api_description="Redirect $base_domain to $target_url" resource_path=/ stage_name=prod region=us-east-1 certificate_name=$base_domain certificate_body=$base_domain.crt certificate_private_key=$base_domain.key certificate_chain=$base_domain-chain.crt

Create a new API Gateway:

api_id=$(aws apigateway create-rest-api \ --region "$region" \ --name "$api_name" \ --description "$api_description" \ --output text \ --query 'id') echo api_id=$api_id

Get the resource id of the root path (/):

resource_id=$(aws apigateway get-resources \ --region "$region" \ --rest-api-id "$api_id" \ --output text \ --query 'items[?path==`'$resource_path'`].[id]') echo resource_id=$resource_id

Create a GET method on the root resource:

aws apigateway put-method \ --region "$region" \ --rest-api-id "$api_id" \ --resource-id "$resource_id" \ --http-method GET \ --authorization-type NONE \ --no-api-key-required \ --request-parameters '{}'

Add a Method Response for status 301 with a required Location HTTP header:

aws apigateway put-method-response \ --region "$region" \ --rest-api-id "$api_id" \ --resource-id "$resource_id" \ --http-method "GET" \ --status-code 301 \ --response-models '{"application/json":"Empty"}' \ --response-parameters '{"method.response.header.Location":true}'

Set the GET method integration to MOCK with a default 301 status code. By using a mock integration, we don’t need a back end.

aws apigateway put-integration \ --region "$region" \ --rest-api-id "$api_id" \ --resource-id "$resource_id" \ --http-method GET \ --type MOCK \ --request-templates '{"application/json":"{\"statusCode\": 301}"}'

Add an Integration Response for GET method status 301. Set the Location header to the redirect target URL.

aws apigateway put-integration-response \ --region "$region" \ --rest-api-id "$api_id" \ --resource-id "$resource_id" \ --http-method GET \ --status-code 301 \ --response-templates '{"application/json":"redirect"}' \ --response-parameters \ '{"method.response.header.Location":"'"'$target_url'"'"}' 2. Create API Gateway Deployment and Stage using aws-cli

The deployment and its first stage are created with one command:

deployment_id=$(aws apigateway create-deployment \ --region "$region" \ --rest-api-id "$api_id" \ --description "$api_name deployment" \ --stage-name "$stage_name" \ --stage-description "$api_name $stage_name" \ --no-cache-cluster-enabled \ --output text \ --query 'id') echo deployment_id=$deployment_id

If you want to add more stages for the deployment, you can do it with the create-stage sub-command.

At this point, we can actually test the redirect using the endpoint URL that is printed by this command:

echo "https://$api_id.execute-api.$region.amazonaws.com/$stage_name$resource_path" 3. Create API Gateway Domain Name using aws-cli

The API Gateway Domain Name seems to be a CloudFront distribution with an SSL Certificate, though it won’t show up in your normal CloudFront queries in the AWS account.

distribution_domain=$(aws apigateway create-domain-name \ --region "$region" \ --domain-name "$base_domain" \ --certificate-name "$certificate_name" \ --certificate-body "file://$certificate_body" \ --certificate-private-key "file://$certificate_private_key" \ --certificate-chain "file://$certificate_chain" \ --output text \ --query distributionDomainName) echo distribution_domain=$distribution_domain aws apigateway create-base-path-mapping \ --region "$region" \ --rest-api-id "$api_id" \ --domain-name "$base_domain" \ --stage "$stage_name" 4. Set up DNS

All that’s left is to update Route53 so that we can use our preferred hostname for the CloudFront distribution in front of the API Gateway. You can do this with your own DNS if you aren’t managing the domain’s DNS in Route53.

Get the hosted zone id for the source domain:

hosted_zone_id=$( aws route53 list-hosted-zones \ --region "$region" \ --output text \ --query 'HostedZones[?Name==`'$base_domain'.`].Id' ) hosted_zone_id=${hosted_zone_id#/hostedzone/} echo hosted_zone_id=$hosted_zone_id

Add an Alias record for the source domain, pointing to the CloudFront distribution associated with the API Gateway Domain Name.

cloudfront_hosted_zone_id=Z2FDTNDATAQYW2 change_id=$(aws route53 change-resource-record-sets \ --region "$region" \ --hosted-zone-id $hosted_zone_id \ --change-batch '{ "Changes": [{ "Action": "CREATE", "ResourceRecordSet": { "Name": "'$base_domain'", "Type": "A", "AliasTarget": { "HostedZoneId": "'$cloudfront_hosted_zone_id'", "DNSName": "'$distribution_domain'", "EvaluateTargetHealth": false }}}]}' \ --output text \ --query 'ChangeInfo.Id') echo change_id=$change_id

This could be a CNAME if you are setting up a hostname that is not a bare apex domain, but the Alias approach works in all Route53 cases.

Once this is all done, you may still need to wait 10-20 minutes while the CloudFront distribution is deployed to all edge nodes, and for the Route53 updates to complete.

Eventually, however, hitting the source domain in your browser should automatically redirect to the target URL. Here is my example in action:


Using the above as a starting point, we can now expand into more advance setups with the API Gateway and the aws-cli.

Original article and comments: https://alestic.com/2015/11/amazon-api-gateway-aws-cli-redirect/

Ronnie Tucker: Steam for Linux Passes 1600 Games Exactly Three Years After Launch

Planet Ubuntu - Mon, 11/09/2015 - 01:49

The launch of Steam for Linux back in November 2012 has done much more than just convince a lot of developers to port their games to the open source OS. It sent a clear signal to the entire community, not just gaming, that it’s time to look at Linux more carefully and start building products for it.

Let’s just take the example of Nvidia and AMD. Both companies had drivers for Linux users, but they were in a really poor state, and they didn’t seem to care. The advent of gaming changed all that and we now have much more frequent driver releases, and it’s clear that the developers from these companies have a lot more work to do. Also, Nvidia is working to port the available middleware as well.

Right now, there are over 1600 games (1606) on the Steam for Linux, and the number of releases increases all the time. More developers choose to port the titles for Linux users, developers change their engines to export for Linux, and feature parity between Windows and Linux graphics will be a fact once the new Vulkan (OpenGL spiritual successor) is released.

Source: http://news.softpedia.com/news/steam-for-linux-passes-1600-games-exactly-three-years-after-launch-495867.shtml
Submitted by: Arnfried Walbrecht

Daniel Pocock: debian.org RTC: announcing XMPP, SIP presence and more

Planet Ubuntu - Mon, 11/09/2015 - 00:57

Announced 7 November 2015 on the debian-devel-announce mailing list.

The Debian Project now has an XMPP service available to all Debian Developers. Your Debian.org email identity can be used as your XMPP address.

The SIP service has also been upgraded and now supports presence. SIP and XMPP presence, rosters and messaging are not currently integrated.

The Lumicall app has been improved to enable rapid setup for Debian.org SIP users.

This announcement concludes the maintenance window on the RTC services. All services are now running on jessie (using packages from jessie-backports).

XMPP and SIP enable a whole new world of real-time multimedia communications possibilities: video/webcam, VoIP, chat messaging, desktop sharing and distributed, federated communication are the most common use cases.

Details about how to get started and get support are explained in the User Guide in the Debian wiki. As it is a wiki, you are completely welcome to help it evolve.

Several of the people involved in the RTC team were also at the Cambridge mini-DebConf (7-8 November).

The password for all these real time communication services can be set via the LDAP control panel. Please note that this password needs to be different to any of your other existing debian.org passwords. Please use a strong password and please keep it secure.

Some of the infrastructure, like the TURN server, is shared by clients of both SIP and XMPP. Please configure your XMPP and SIP clients to use the TURN server for audio or video streaming to work most reliably through NAT.

A key feature of both our XMPP and SIP services is that they support federated inter-connectivity with other domains. Please try it. The FedRTC service for Fedora developers is one example of another SIP service that supports federation. For details of how it works and how we establish trust between domains, please see the RTC Quick Start Guide. Please reach out to other communities you are involved with and help them consider enabling SIP and XMPP federation of their own communities/domains: as Metcalfe's law suggests, each extra person or community who embraces open standards like SIP and XMPP has far more than just an incremental impact on the value of these standards and makes them more pervasive.

If you are keen to support and collaborate on the wider use of Free RTC technology, please consider joining the Free RTC mailing list sponsored by FSF Europe. There will also be a dedicated debian-rtc list for discussion of these technologies within Debian and derivatives.

This service has been made possible by the efforts of the DSA team in the original SIP+WebRTC project and the more recent jessie upgrades and XMPP project. Real-time communications systems have specific expectations for network latency, connectivity, authentication schemes and various other things. Therefore, it is a great endorsement of the caliber of the team and the quality of the systems they have in place that they have been able to host this largely within their existing framework for Debian services. Feedback from the DSA team has also been helpful in improving the upstream software and packaging to make them convenient for system administrators everywhere.

Special thanks to Peter Palfrader and Luca Filipozzi from the DSA team, Matthew Wild from the Prosody XMPP server project, Scott Godin from the reSIProcate project, Juliana Louback for her contributions to JSCommunicator during GSoC 2014, Iain Learmonth for helping get the RTC team up and running, Enrico Tassi, Sergei Golovan and Victor Seva for the Prosody and prosody-modules packaging and also the Debian backports team, especially Alexander Wirt, helping us ensure that rapidly evolving packages like those used in RTC are available on a stable Debian system.

Jonathan Riddell: KDE at FOSDEM 2016

Planet Ubuntu - Sun, 11/08/2015 - 06:40

FOSDEM is the biggest free software conference and KDE will have a stall and help organise the Desktop devroom for talks.  If you have something interesting to talk about the call for talks in the devroom is open now.  We should have a stall to promote KDE, the world best free and open source community.  I’m organising the KDE party on the Saturday.  And there are thousands of talks going on.  Sign up on the wiki page now if you’re coming and want to hang around or help with KDE stuff.



Subscribe to Ubuntu Arizona LoCo Team aggregator